Who Is Winning the Scam Game?
In this episode of Hacking Humans, hosts Dave Bittner, Joe Kerrigan, and Maria Vermazis dissect two major scam narratives: an international gold‑scam ring that lured U.S. victims into buying $800,000 worth of physical gold, culminating in the arrest of a New Jersey‑based conspirator, and a newly identified threat group targeting Business Process Outsourcing (BPO) firms with sophisticated social‑engineering attacks that spoof live‑chat and Okta login pages. The discussion highlights how scammers exploit multi‑factor authentication weaknesses, emphasizing the superiority of hardware‑based FIDO2 keys over SMS or software tokens. Guest insights from Polera CISO Sean Colicchio underscore the psychological angle of social engineering and the need for AI‑aware training programs.
SANS Stormcast Thursday, April 16th, 2026: AI Credential Scans; Microsoft Update Issues; RDP Warnings; GitHub Action Vulns;
In this 7‑minute Stormcast episode, Johannes Ulrich warns that attackers are increasingly scanning web servers for AI‑related configuration files such as .env files containing OpenAI, Claude, or OpenClaw credentials, emphasizing the need for proper secret management and billing alerts. He...
MSP 1337 | Cybersecurity Education & Security Guidance
In this brief episode, the hosts explore the intertwined nature of cybersecurity and compliance, emphasizing that both are part of an ongoing journey for organizations. They discuss core topics such as incident response, penetration testing, and the evolving tactics of...
Why DHS No Longer Has a Compliance Mindset for Cybersecurity
In this episode of Ask the CIO, former DHS Chief Information Security Officer Hemant Badewin discusses his 15‑year federal career, why he chose to leave at this pivotal moment, and his new role as Executive CISO at Knox Systems. He...
ONC’s Keane Says Government Will Strengthen TEFCA Onboarding to Address Provider Privacy Concerns
In this episode, ONC National Coordinator Tom Keen discusses recent organizational changes at ONC, the dual‑lane approach of TEFCA and CMS‑aligned networks, and how the government is strengthening TEFCA onboarding to address provider privacy concerns. He explains that ONC will...
How to Design Bullet-Proof Conditional Access Policies in Microsoft Entra ID
In this episode, Microsoft MVP Per Torben‑Sansson discusses the fundamentals of building resilient Conditional Access (CA) policies in Microsoft Entra ID, starting with the critical role of break‑glass (emergency) accounts. He explains how to properly configure these accounts—using cloud‑only identities,...
EP271 Can AI-Native MDR Actually Fix Your Broken SOC Workflows or Just Automate the Mess?
In this live Cloud Security Podcast episode, host Tim Peacock and co‑host Anton Chewbacca interview Eric Foster and Bashar Abu Abusido, CEOs of 10X, about AI‑native Managed Detection and Response (MDR) and its impact on SOC modernization. They discuss why...
Mobile App Security with Ryan Lloyd
In this episode, Ryan Lloyd, Chief Product Officer at GuardSquare, explains how mobile app security differs from desktop and web security, emphasizing that critical logic and IP reside on users' devices, making them prime targets for reverse engineering, tampering, and...
When “Opportunity” Knocks, Don’t Answer.
In this episode of Hacking Humans, Dave, Joe, and Maria dissect two major social‑engineering threats: a LinkedIn‑based phishing campaign that uses urgent “business opportunity” emails and look‑alike login pages to harvest credentials, and a $20 million Everest‑guide scam where climbers are...
SANS Stormcast Thursday, April 9th, 2026: Honeypot Fingerprinting; Microsoft Locks Developer Accounts; ActiveMQ Vuln;
In this 7‑minute Stormcast episode, Johannes Ulrich discusses three security topics: attackers fingerprinting medium‑interaction honeypots by using obvious usernames like "honeypot" to confirm they’re not real systems; Microsoft’s recent suspension of developer accounts for privacy‑focused projects such as WireGuard, Veracrypt,...
512,000 Lines of Leaked Code Reveal the Lock-In Strategy Coming for Your AI Stack
The episode dives into the recent Anthropic Claude code leak, emphasizing that the most consequential element is the hidden "Conway" always‑on agent and its companion environment, Funway, rather than the raw source code. These components form a standalone agent platform...
Who’s Logging In? [OMITB]
In this episode of Only Malware in the Building, host Selina Larson and guests Keith Malarski and Dave discuss the rapid rise of identity‑based attacks, noting that identity‑related root causes now outpace traditional malware. They cite recent reports from Sophos,...
Defeating the Single Point of Failure W/ Mike Belshe of BitGo | BFC Show Ep. 33
In this episode, BitGo co‑founder Mike Belshe discusses the origins of BitGo, its pioneering use of multi‑signature (multi‑sig) technology to eliminate single points of failure, and how the company evolved from a self‑custody solution into a regulated global custodian with...
How Kevin Mandia Built the Most Trusted Name in Cybersecurity
In this episode, Kevin Mandia, founder of Mandiant and CEO of Armadillo, discusses the imminent shift to AI-driven cyber attacks and the need for autonomous defense. He explains how Armadillo is building nation‑state‑grade offensive capabilities to train and certify defenses,...
Houston, We Have a Protocol.
The episode dives into space cybersecurity, featuring Brandon Bailey of the Aerospace Corporation and Cass (Kaz) Vogel, Blue Origin’s Director of Cybersecurity Governance, Risk, and Compliance. They discuss the evolving threat landscape as humanity expands beyond Earth, emphasizing the need...
