All Episodes
Displaying episodes 1 - 30 of 34 in total
Droning on about Cyber
The U.S. FBI and CISA recently released guidance concerning a growing hobby. What are the concerns, and how does it relate to SASE and cybersecurity?Join Bill Carter a...
Shells and Flipper Hells: SSH Problems and Pocket Hacking
In the first episode of 2024, Bill and Robin dive into a vulnerability impacting SSH across the world, as well as explore how something in your pocket may get you unwa...
Reporting and Alerting: Gootloader and the NCSC
Join Bill and Robin as they dive into the latest and greatest cybersecurity news.In this week's episode, Bill covers the ever-present threat of Gootloader, and Robin d...
Solarwinds and Cisco 10.0: Big Problems for Big Companies
In this week's episode, Robin and Bill explore the recent SEC charges against Solarwinds (and their Chief Information Security Officer) with fraud, as well as a CVE wi...
Phishing and Curling: Vulnerabilities, not Winter Sports
In this week's episode, Bill and Robin dive into the dangers of EvilProxy, as well as discuss a hot new vulnerability in the curl framework (CVE-2023-38545)Should you ...
Scattered Spiders and Black Cats: MGM and Caesars Hacked?
In this week's episode, Bill and Robin dive deep into the techniques and tricks used by the masterminds behind the recent attacks on MGM and the Caesars Entertainment ...
Pythons and Birds: Duolingo and Telegram Hacked?
In this week's episode, Bill and Robin explore the dangers of programmatic interfaces! The language-learning website, Duolingo, has fallen victim to an API exploit whi...
Imparting Trust: Paws for Reflection
In this week's episode, Bill and Robin delve once again into the world of Zero Trust as they discuss how end-to-end encrypted messaging services have fallen victim to ...
The NIST CSF 2.0: Framework Governance?
In this week's episode, Bill and Robin discuss the brand-new cybersecurity framework from the National Institute of Standards and Technology. Dubbed the NIST CSF 2.0, ...
No Ethical Boundaries: WormGPT
In this week's episode, Bill and Robin discover the dangerous world of an AI tool without guardrails: WormGPT. This AI tool is allowing people with limited technical e...
Keeping your SLED Secure: Should you pay a ransom?
In this week's episode, Bill and Robin respond to a viewer request, and delive into the world of State, Local Government and Education, and how they can stay protected...
LockBit hits TSMC: A $70M Ransom?
TSMC, the world’s largest semiconductor manufacturer, has been listed on LockBit’s dark web blog, with the gang demanding $70 million for the stolen data. TSMC states ...
Reddit and Extorted It: OpenAI Leaks and Paying for Ransomware?
In this episode, we take a look at how Reddit has dealt with a recent data breach leading to personal information theft, and a hefty $4.5m demand to not leak the infor...
MOVEit and Lose it: Exploitation and Patching Hell
In this episode we explore how the BBC, British Airways, Aer Lingus and other organisations have become victim to a 'mass hack' due to an alleged vulnerability in the ...
Security Obscurity: DNS Tunnelling and CensysGPT
In this episode we dive into the concepts and attack vectors of DNS Tunnelling, as well as start exploring the dangerous OSINT tools of Shodan and Censys. Security thr...
Remote Browser Isolation and You.
Cato Networks offers web-security protection using 'Remote Browser Isolation' (RBI), but do you know what it is, how it works, or why you should use it?Join Robin in t...
What even is a DGA anyway?
Domain Generating Algorithms (DGA): - Threat actors often rely on domain-generating algorithms to circumvent traditional URL filtering to establish a malicious connect...
The 2023 RSA Recap
Last week Bill was at the RSA Conference, where there were over 50,000 attendees and multiple security vendors present. But what topics were on the hears and minds of ...
The Seventh Branch - Why Convergence is key
* The Seventh Branch - Why Convergence is key-- The US Military Cyber Professional Association urged lawmakers this week to establish a U.S Cyber Force in this year's ...
The Recipe of Ransomware
In this episode, Bill Carter discusses the 'recipe of ransomware' and discusses how the business of ransomware actually works, aligned with the 6-E's:Establishing - se...
Holding Dole to Ransom
XMRig – APPetite for CryptoXMRig, a legitimate program for cryptocurrency mining, is being added to systems via illegally downloaded applications as a trojan payload. ...
Envoy: There's a FatalRAT among us
Envoy: Is Three A Crowd?Employee data and company info has been stolen from Atlassian allegedly via Envoy, a third-party app, and the data was posted on the chat app T...
Bottling up your feelings - Is Pepsi Okay?
Screentime – Somebody’s Watching MeA new threat actor, dubbed TA866, is targeting U.S. and German companies with an information-stealing campaign. The Initial vector s...
VMWare: It's not just the new kids you need to be worried about
Nevada - RAMPing up the ransomThe"Nevada" ransomware operation has recently grown its capabilities, improving locking functionality on Windows and ESXi. Are you protec...
GoTo Breach? Is this the lastpass?
GoTo Breach - A lastpass loop?GoTo, parent company of LastPass, suffered a data breach resulting in theft of customer backups in November 2022. The breach impacted Cen...
The Tools of the Trade: Penetration Testing for Dummies
NMAP - Footprints and FingerprintsA standard tool in any cybersecurity toolbox. Nmap is used to discover hosts and services on a computer network by sending packets an...
RATPhishing and Ransoming Children: Is it ethical?
Netgear Routers - When Edges Go BadA pre-authentication buffer overflow exploit allows threat actors to get control of many NetGear routers, opening the door for malwa...
The Meta-Model: A new framework?
1- Meta's New Framework - Chain, chain, chain…Meta has proposed a new 10-step kill chain model that they feel more adequately addresses online threats. What are the ga...
Mirai, LockerGoga, XMRig and MFA Hell
Mirai, LockerGoga, XMRig and MFA Hell