What Is AWS Secrets Manager?
The video introduces AWS Secrets Manager, a fully managed service that centralizes the storage of sensitive configuration data such as database passwords, API keys, and tokens. By moving secrets out of code repositories and environment files, the service eliminates the traditional risk of accidental exposure and simplifies operational workflows. Key features highlighted include automatic encryption using AWS Key Management Service (KMS), which handles key creation, rotation, and protection without user intervention. Secrets are fetched at runtime via API calls, allowing applications to retrieve the latest values without redeployment. The service also supports automated secret rotation, reducing the attack surface associated with long‑lived credentials. A concrete example is presented through a photo‑sharing application where database credentials are stored in Secrets Manager rather than hard‑coded. The backend service queries the secret at launch, leveraging IAM policies to ensure only authorized roles can access it. This demonstrates how encryption, access control, and rotation work together to improve security and operational agility. For enterprises, adopting Secrets Manager translates into tighter security posture, lower compliance risk, and faster credential updates. By decoupling secret management from application code, teams can accelerate development cycles while maintaining rigorous access controls, making the service a strategic component of modern cloud‑native architectures.
The Frontlines of Cybersecurity at Tech Field Day Extra at RSAC 2026 #TFDx #RSAC2026 #TFDLive
Tom Hollingsworth, event lead for security at Tech Field Day, announced the debut of Tech Field Day Extra at RSA Conference 2026, a supplemental on‑site series designed to deepen data‑protection dialogue among security professionals. The two‑day lineup features BEH’s morning session...
AWS IAM Explained in 60 Seconds
The video delivers a rapid overview of AWS Identity and Access Management (IAM), positioning it as the foundational security layer that must be configured before any compute or storage services are launched. It explains that IAM creates user accounts for humans,...
The Enterprise Security Blind Spot in Agentic AI | Token Security’s Itamar Apelblat
The video features Itamar Apelblat, CEO and co‑founder of Token Security, discussing the emerging security blind spot created by agentic AI at RSA’s Innovation Sandbox. He frames AI agents as a new, non‑human identity class that traditional IAM solutions don’t...
Black Hat USA 2025 | ECS-Cape – Hijacking IAM Privileges in Amazon ECS
The Black Hat talk unveiled a critical flaw dubbed “EC escape” that lets a single container running on an Amazon ECS‑EC2 instance hijack IAM credentials of every other container on the same host. By abusing the internal Agent Communication Service...
Ditch the Security Snapshots. Why TripleKey Says Point-in-Time Audits Must End.
The discussion centers on abandoning point‑in‑time security audits in favor of continuous, real‑time monitoring for health‑care organizations. Patrick McIll of Community Health Network and John Brown of TripleKey argue that static snapshots are akin to a clean house that quickly...
🔴 Mar 18's Top Cyber News NOW! - Ep 1091
The episode of Simply Cyber’s Daily Cyber Threat Brief aired March 18, 2026, hosted by Dr. Gerald Ogier, delivering eight top cyber stories, with a spotlight on the U.S. Department of Energy’s upcoming cyber strategy for the energy sector. The DOE...
Security a Moving Target CIO Talk Network
The CIO Talk Radio episode frames security as a moving target, emphasizing that organizations must constantly balance the cost of protection against the inevitability of threats. Guest Bethar draws on three decades of experience, comparing modern cyber‑risk to the retail...
Black Hat USA 2025 | Shade BIOS: Unleashing the Full Stealth of UEFI Malware
At Black Hat USA 2025, Kazuk Kimatsu of FFR Security presented “Shade BIOS,” a method for extending UEFI firmware functionality into runtime to create fully stealthy BIOS‑level malware. He explained that today’s UEFI bootkits and SMM backdoors are limited by either...
Black Hat USA 2025 | Ransomware, Tracking, DoS, and Data Leaks on Xiaomi Electric Scooters
At Black Hat USA 2025, researchers from KTH, URIM and the ITROANS project presented a deep‑dive into the security flaws of Xiaomi’s flagship electric scooters, the M365 and Mi 3. The talk detailed how proprietary Bluetooth‑Low‑Energy protocols and over‑the‑air firmware updates...
🔴 Mar 17's Top Cyber News NOW! - Ep 1090
The March 19, 2026 episode of Simply Cyber’s Daily Cyber Threat Brief highlighted a major cyber‑incident affecting Striker, a medical‑device maker, where an Iranian‑aligned threat group leveraged Microsoft Intune’s mobile‑device‑management (MDM) capabilities to remotely wipe thousands of devices, halting electronic ordering and...
Black Hat USA 2025 | No Hoodies Here: Organized Crime in AdTech
The Black Hat USA 2025 talk unveiled how the advertising ecosystem has become a lucrative conduit for organized crime. Speakers Dave Mitchell and Renee Burton detailed the rise of malicious ad‑tech networks—most notably VEX Trio—showing how they infiltrate legitimate ad...
AI Hallucinations Become Security’s Problem
The video highlights growing concern that AI hallucinations are no longer just a model‑performance issue but a security risk that falls on security teams. Security leaders are pushing back, refusing to take ownership of model reliability, while red‑team exercises now routinely...
Black Hat USA 2025 | Weaponization of Cellular Based IoT Technology
At Black Hat USA 2025, Daryl Highland (Rapid7) and Carla Bidner (Thermo Fisher) presented research on weaponizing cellular‑based IoT devices, focusing on the often‑overlooked inter‑chip communication between the main processor and the cellular modem. They discovered that most devices transmit UART...
🔴 Mar 16's Top Cyber News NOW! - Ep 1089
Episode 1089 of "Top Cyber News NOW!" delivers a concise roundup of the day’s most critical cybersecurity headlines for analysts, CISOs, and business leaders. The show highlights emerging threats, policy shifts, and major breach developments while promoting practical tools such...
Why Cyber Attribution Gets Complicated
The video examines why attributing cyber attacks to nation‑states, particularly the United States, has become a tangled problem. The author, writing a book on cyber threats, treats the U.S. as a distinct adversary alongside China and Russia, but notes that...
After 12 Years, The Xbox One Has Finally Been Hacked
The video announces that after twelve years of being deemed unhackable, the Xbox One has finally been compromised by Marcus Castellan’s “Bliss” exploit. By applying a precise voltage glitch to the console’s north‑bridge rail, Castellan forces the processor into an...
Veriff Warns Deepfakes Are Distracting Firms From the Real Identity Problem
Veriff warns that the industry’s fixation on deepfakes is diverting attention from more pervasive identity risks—chiefly weak login credentials and reused passwords. Data harvested from breaches fuels targeted deepfakes, but the root problem remains insecure authentication practices and fragmented identity...
IETF 125: Transport Layer Security (TLS) 2026-03-16 03:30
The TLS Working Group convened at IETF125 to review progress, set expectations for conduct, and manage session logistics. Chairs provided a brief update on agenda items, including recent RFC publications and pending drafts, while reminding participants of intellectual‑property and anti‑harassment...
'My Identity Was Stolen to Catfish Men'. #IdentityTheft #Catfish #BBCNews
A young woman says her identity was stolen and used to create viral fake social-media accounts that have been catfishing men and impersonating her to friends, boyfriend and strangers. The impostors have circulated sexualized images and messaged people daily, leading...
HackTheBox - Gavel
The video walks through the Hack The Box “Gavel” machine, focusing on a rare SQL injection that abuses a prepared statement by injecting the column name. After enumerating the host with nmap, the presenter discovers an exposed .git directory, clones the...
Musk’s Macrohard Project | AI Narrows the Coding Gap | Identity Crisis in the Cloud
The Techstrong panel dissected Elon Musk’s newly announced “Macrohard” (also dubbed Digital Optimus), a software‑engineering platform that claims AI can autonomously build the same applications traditionally bought from Microsoft, SAP or other enterprise vendors. The discussion framed the project...
HackTheBox - Principal
The HackTheBox "Principal" machine centers on a freshly disclosed CVE 2024‑XXXX in the JJWT Java library, which mistakenly skips signature verification when a JWT’s signature field is null. Combined with an SSH daemon that trusts keys signed by an unprotected Certificate...
Officials Warn of Possible Lone-Wolf Cyber Attacks. #Cybersecurity #GovTech #Shorts
Federal cybersecurity officials warned that lone‑wolf actors, motivated by the escalating Iran conflict, could launch low‑level attacks such as website defacements and distributed denial‑of‑service disruptions against U.S. government networks. While large‑scale intrusions are deemed unlikely, the overall threat environment for...
Black Hat USA 2025 | China's 5+ Year Campaign to Penetrate Perimeter Network Defenses
The Black Hat talk detailed a multi-year, state-linked campaign by Chinese threat actors aimed at compromising perimeter firewalls and the networks they protect. Presenter Andrew Brandt, a principal threat researcher formerly at Sophos, walked through the evolution of the operation,...
Implementing a U.S. Cyber Force: A Conversation with Representative Pat Fallon
Representative Pat Fallon used a CSIS event to argue that the United States must create a dedicated cyber force, drawing a parallel to the Trump‑initiated Space Force and noting that cyber capabilities are now central to conflicts in Iran, Venezuela...
This Device Captures TRUE Randomness
The video introduces a hardware‑based true random number generator designed for enterprise environments, claiming quantum‑secure entropy by capturing physical randomness rather than relying on algorithmic pseudo‑randomness. Current software RNGs produce deterministic sequences that could be broken by future quantum computers. The...
Sovereign AI & Data Privacy - with Chloé Maurel
In a Startup Grind interview, Chloé Maurel, CEO and co‑founder of Mates, explains the company’s mission to deliver on‑premise AI agents that keep corporate data private. Mates combines a proprietary automation engine with open‑source large language models, allowing midsize and...
How An Iranian Cyberattack Erased Thousand's Of Employee Devices
The video details a recent Iranian cyber operation that infiltrated the mobile device management (MDM) platform of medical‑equipment maker Striker, remotely erasing thousands of employee laptops and phones. The breach highlights how a nation‑state can weaponize corporate MDM tools, turning...
Companies Need to Be on High Alert for Cyber Threats Amid Iran Conflict: TrustedSec's David Kennedy
Former NSA and Marine Corps cyber specialist David Kennedy joined The Exchange to warn companies about escalating cyber threats linked to the ongoing war with Iran. He highlighted that Iranian state actors are likely to intensify espionage and disruptive campaigns...
2 Minute Drill: How a Cybersecurity Researcher Took Down a Hacker with Drex DeFord
The two‑minute drill spotlights security researcher Allison Nixon, who has spent years infiltrating private Discord, Telegram, and dark‑web forums to map the loosely organized cyber‑crime collective known as the “comm.” By cataloguing minute details—city hints, gaming handles, and other digital...
MWC26: ETSI’s Role in AI Security, 6G and the Quantum Era
ETSI Director‑General Jan Ellsberger outlined how standardisation will underpin the rollout of 6G, AI‑driven security and the quantum computing era. He highlighted ETSI’s coordinated effort to bring together telecom operators, chipmakers and AI experts to draft a unified cybersecurity framework...
States Can't Handle Nation-State Cyber Attacks
Organizations increasingly rely on federal threat intelligence to spot emerging nation‑state cyber campaigns. Without coordinated intel from national agencies, state and local entities often lack the visibility needed to defend against sophisticated ransomware and targeted attacks. Early warnings enable hardening...
Chrome Is Thinking Quantum - Threat Wire
Google Chrome is rolling out quantum‑resistant HTTPS certificates, leveraging lattice‑based cryptography to safeguard web traffic against future quantum attacks. A self‑propagating JavaScript worm briefly compromised Wikipedia, altering pages before being contained. OpenAI unveiled its "Aardvark" initiative, a suite of tools...
Generate SSH Keys in 10 Seconds (Windows, Mac & Linux)
The video demonstrates how to generate SSH key pairs in under ten seconds on Windows, macOS, and Linux, positioning key‑based authentication as a faster, more secure alternative to password‑based logins. It explains that an SSH key consists of a public component,...
Black Hat USA 2025 | How to Secure Unique Ecosystem Shipping 1 Billion+ Cores?
At Black Hat USA 2025, Nvidia’s offensive security director Adam Zabrai and system software manager Marco Midik outlined how the company secures a sprawling ecosystem that now ships more than one billion processor cores across data‑center GPUs, consumer graphics, Jetson...
The Invisible Threat: Secure & Sovereign Digital Backbone
The video examines the hidden, supply‑chain‑driven threats that jeopardize a nation’s digital backbone, especially as critical infrastructure becomes increasingly software‑centric. It argues that traditional security models focused on human error are insufficient when state‑backed actors infiltrate telecom, finance, transportation and...
Turning Threat Intelligence Into Real-World Action | 2 Cyber Chicks S8 E1
On Two Cyber Chicks S8 E1, host Jax interviews Carla Ruff, chief insight officer at Surefire Cyber, about turning raw threat data into actionable intelligence for incident response and product design. Ruff argues that threat intel is foundational to choosing...
Undetected Discord Malware
The video warns that a new strain of malware is being spread on Discord through seemingly innocuous messages from friends offering a closed‑beta game. The attacker shares a trailer link and a download page that appears legitimate, prompting recipients to...
FBI Detroit PSA on Operation Winter SHIELD
The FBI Detroit field office released a public service announcement introducing Operation Winter Shield, a nationwide campaign urging American businesses, organizations, and corporations to fortify their cyber‑security defenses. Special Agent Jennifer Renan emphasized that cyber threats are evolving, with nation‑state...
🔴 Mar 11's Top Cyber News NOW! - Ep 1086
Simply Cyber’s March 11, 2026 episode of the Daily Cyber Threat Brief, hosted by Dr. Gerald Oer, delivered its routine roundup of cyber headlines, community updates and sponsor spotlights. The show promoted a noon workshop by James McQuigan on detecting...
Balancing LLMs and SLMs for Data Security
Large language models (LLMs) provide powerful data enrichment but suffer from imprecise predictions and hallucinations. Small language models (SLMs), fine‑tuned for specific tasks, offer higher reliability and lower risk of data leakage. Combining LLMs and SLMs lets enterprises harness broad...
Ultimate End to End DevSecOps Project Implementation | 3 Hours Tutorial
The video walks viewers through an end‑to‑end DevSecOps implementation using a publicly available three‑tier blogging application called "journey." Abhishek explains the app’s architecture—React front‑end behind an Nginx reverse‑proxy, a Node.js/Express back‑end, and a PostgreSQL database—and shows how a DevSecOps engineer...
3 New Actively Exploited Flaws to Patch
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced on Monday that three new vulnerabilities have been added to its Known Exploited Vulnerabilities (KEV) catalog, confirming that threat actors are actively exploiting these flaws in the wild. The inclusion in...
Black Hat USA 2025 | Breaking Control Flow Integrity by Abusing Modern C++
The Black Hat talk explains how modern C++ coroutines undermine traditional control‑flow‑integrity (CFI) defenses. While CFI has become standard in operating systems and compilers, the presenter shows that coroutine‑generated frames and indirect resume calls open a novel attack surface. CFI works...
Black Hat USA 2025 | Vulnerability Haruspicy: Picking Out Risk Signals From Scoring System Entrails
The talk at Black Hat USA 2025 explored the limits of traditional vulnerability scoring, focusing on CVSS, the emerging EPSS exploit‑prediction model, and newer frameworks such as Pipeline VSS and AI‑VSS. Todd used the ancient haruspex analogy to illustrate how...
Your FBI: Cyber - Business Defense
Operation Winter SHIELD is the FBI Cyber Division’s 60‑day nationwide campaign aimed at translating law‑enforcement lessons into ten concrete steps that businesses can use to harden their networks. Agents highlighted three core controls: comprehensive inventory of internet‑facing assets, timely retirement of...
🔴 Mar 10's Top Cyber News NOW! - Ep 1085
The March 10, 2026 episode of Simply Cyber’s Daily Cyber Threat Brief delivers a fast‑paced rundown of eight top stories while emphasizing community learning, CPE credits, and sponsor‑driven resources. Host Dr. Gerald Oer highlights that each hour‑long show awards half a CPE, and...
What Turns a Good Hacker Into a Great Hunter
The video examines why a proficient hacker does not automatically become a great threat hunter, stressing that hunting requires a broader, systems‑level perspective beyond isolated exploit skills. The speaker argues that deep knowledge of the entire application—from the underlying technology stack...
FIDO Webinar: How BankID Norway Unifies Passkeys & Biometric Liveness
The FIDO webinar focused on how BankID Norway has merged passkey technology with biometric liveness detection to create a seamless, fraud‑resistant authentication ecosystem. Hosted by the Phyto Alliance’s CMO, the session featured product manager O Morton and CIO Joe Palmer, who...
