Best NCSC Podcasts (2024)

1
Droning on about Cyber 12:19

5M ago12:19

12:19

The U.S. FBI and CISA recently released guidance concerning a growing hobby. What are the concerns, and how does it relate to SASE and cybersecurity? Join Bill Carter as he demysifies governmental guidance, and provides you clear steps so you're ready for whatever's next.By Robin Johns and Bill Carter

1
Shells and Flipper Hells: SSH Problems and Pocket Hacking 22:02

6M ago22:02

22:02

In the first episode of 2024, Bill and Robin dive into a vulnerability impacting SSH across the world, as well as explore how something in your pocket may get you unwarranted attention. What is the Terrapin attack, and why should you leave your FlipperZero in check-in luggage? Learn all this and more on the latest episode of the Ring of Defense!…

1
Reporting and Alerting: Gootloader and the NCSC 27:25

7M ago27:25

27:25

Join Bill and Robin as they dive into the latest and greatest cybersecurity news. In this week's episode, Bill covers the ever-present threat of Gootloader, and Robin dives into a recent 70+ page report published by the UK's National Cyber Security Center (NCSC.) What is Gootloader? What threats/trends have the NCSC identified, and what are their r…

1
Solarwinds and Cisco 10.0: Big Problems for Big Companies 26:02

8M ago26:02

26:02

In this week's episode, Robin and Bill explore the recent SEC charges against Solarwinds (and their Chief Information Security Officer) with fraud, as well as a CVE with a perfect CVSS rating of 10.0 against Cisco! Why is a CISO getting charged with fraud? What does a a CVSS rating of 10 mean, and why should you be worried if you use Cisco IOS or I…

1
Phishing and Curling: Vulnerabilities, not Winter Sports 21:53

9M ago21:53

21:53

In this week's episode, Bill and Robin dive into the dangers of EvilProxy, as well as discuss a hot new vulnerability in the curl framework (CVE-2023-38545) Should you be concerned about this CVE? How can you tell if personal parameters are being sent to threat actors? and how can you help mitigate against these security challenges? Learn all this …

1
Scattered Spiders and Black Cats: MGM and Caesars Hacked? 57:18

9M ago57:18

57:18

In this week's episode, Bill and Robin dive deep into the techniques and tricks used by the masterminds behind the recent attacks on MGM and the Caesars Entertainment group, Scattered Spider and ALPHV. Why was MGM's business down for 10 days? Why did Caesars pay an alleged $15M ransom? What is BlackCat? How can this have been prevented, and how wou…

1
Pythons and Birds: Duolingo and Telegram Hacked? 23:26

10M ago23:26

23:26

In this week's episode, Bill and Robin explore the dangers of programmatic interfaces! The language-learning website, Duolingo, has fallen victim to an API exploit which has exposed 2.6 million user accounts, and there's threat actors on the dark web who are using Python to subversively change messages in Telegram threads. What's happening in the w…

1
Imparting Trust: Paws for Reflection 28:50

10M ago28:50

28:50

In this week's episode, Bill and Robin delve once again into the world of Zero Trust as they discuss how end-to-end encrypted messaging services have fallen victim to the BadBazaar trojan, as well as asking the question "Should you trust URLs on your children's snacks?" Learn all this and more on the latest episode of The Ring of Defense!…

1
The NIST CSF 2.0: Framework Governance? 21:34

10M ago21:34

21:34

In this week's episode, Bill and Robin discuss the brand-new cybersecurity framework from the National Institute of Standards and Technology. Dubbed the NIST CSF 2.0, this expands on their first iteration by adding a new pillar of 'Governance.' What is the CSF, how is 2.0 different from 1.0, and why should you care? Learn all this and more on the l…

1
No Ethical Boundaries: WormGPT 17:30

11M ago17:30

17:30

In this week's episode, Bill and Robin discover the dangerous world of an AI tool without guardrails: WormGPT. This AI tool is allowing people with limited technical experience to create potential chaos. When coupled with the rise in popularity of tools like the Wi-Fi pineapple, and Flipper Zero, do you need to be more worried about the next genera…

1
Keeping your SLED Secure: Should you pay a ransom? 18:43

12M ago18:43

18:43

In this week's episode, Bill and Robin respond to a viewer request, and delive into the world of State, Local Government and Education, and how they can stay protected and secured with limited budgets. We cover documents issued by the FBI regarding how to stay safe, and also discuss how some OEM vendors are advocating that SLED organisations should…

1
LockBit hits TSMC: A $70M Ransom? 31:14

12M ago31:14

31:14

TSMC, the world’s largest semiconductor manufacturer, has been listed on LockBit’s dark web blog, with the gang demanding $70 million for the stolen data. TSMC states that it was due to their IT hardware suppliers; yet another reason to pay attention to the supply chain. So, who are LockBit, how do they operate, and how can you prevent this from ha…

1
Reddit and Extorted It: OpenAI Leaks and Paying for Ransomware? 23:52

1y ago23:52

23:52

In this episode, we take a look at how Reddit has dealt with a recent data breach leading to personal information theft, and a hefty $4.5m demand to not leak the information, as well as how the OpenAI foundation has 100,000 ChatGPT user credentials available for sale on the dark web. Raccoon, Vidar, RedLine, and other information stealers ahoy! Why…

1
MOVEit and Lose it: Exploitation and Patching Hell 28:58

1y ago28:58

28:58

In this episode we explore how the BBC, British Airways, Aer Lingus and other organisations have become victim to a 'mass hack' due to an alleged vulnerability in the MOVEit secure file transfer system, as well as explore how an old iPhone vulnerability could give threat actors full access to your device, without you even opening a file or clicking…

1
Security Obscurity: DNS Tunnelling and CensysGPT 25:55

1y ago25:55

25:55

In this episode we dive into the concepts and attack vectors of DNS Tunnelling, as well as start exploring the dangerous OSINT tools of Shodan and Censys. Security through obscurity used to be acceptable, but with GPTs and Adversarial GANs appearing - is this still a valid approach? Explore the podcast…

1
Remote Browser Isolation and You. 23:42

1y ago23:42

23:42

Cato Networks offers web-security protection using 'Remote Browser Isolation' (RBI), but do you know what it is, how it works, or why you should use it? Join Robin in this audio-only podcast monologue to learn more! Never heard about RBI before? No worries, we all have to start somewhere....By Robin Johns and Bill Carter

1
What even is a DGA anyway? 25:31

1y ago25:31

25:31

Domain Generating Algorithms (DGA): - Threat actors often rely on domain-generating algorithms to circumvent traditional URL filtering to establish a malicious connection with a deployed payload. But do you know what DGAs are, or how to protect against them? The 3CX Supply Chain Attack - On March 29th, a new supply chain attack was identified targe…

1
The 2023 RSA Recap 33:01

1y ago33:01

33:01

Last week Bill was at the RSA Conference, where there were over 50,000 attendees and multiple security vendors present. But what topics were on the hears and minds of those who visited? Learn about the 'top 5' items which are currently concerning, and exciting, security practitioners in this latest episode.…

1
The Seventh Branch - Why Convergence is key 24:53

1y ago24:53

24:53

* The Seventh Branch - Why Convergence is key- - The US Military Cyber Professional Association urged lawmakers this week to establish a U.S Cyber Force in this year's annual defence policy bill. It has been alleged that the current approach to Cybersecurity across the current 6 military branches has been divided, inconsistent, and inefficient, and…

1
Hold your horses: Ferrari extorted by RansomEXX 20:53

1y ago20:53

20:53

By Robin Johns and Bill Carter

1
The Recipe of Ransomware 15:10

1y ago15:10

15:10

In this episode, Bill Carter discusses the 'recipe of ransomware' and discusses how the business of ransomware actually works, aligned with the 6-E's: Establishing - setting up the framework Embedding - gaining access and foothold Evading - ensuring that all monitoring tools are blind to activity Encrypting - hiding the data from the data owner/cus…

1
Holding Dole to Ransom 19:00

1y ago19:00

19:00

XMRig – APPetite for Crypto XMRig, a legitimate program for cryptocurrency mining, is being added to systems via illegally downloaded applications as a trojan payload. Victims are observed to be downloading the modified application from The Pirate Bay, with a focus on Final Cut Pro. This comparison has revealed this is the third generation of the c…

1
Envoy: There's a FatalRAT among us 20:53

1y ago20:53

20:53

Envoy: Is Three A Crowd? Employee data and company info has been stolen from Atlassian allegedly via Envoy, a third-party app, and the data was posted on the chat app Telegram. Threat actor SiegedSec claimed responsibility and Atlassian’s response seemed to indicate physical access concerns. The Attack vector is still being investigated by the thir…

1
Bottling up your feelings - Is Pepsi Okay? 23:11

1y ago23:11

23:11

Screentime – Somebody’s Watching Me A new threat actor, dubbed TA866, is targeting U.S. and German companies with an information-stealing campaign. The Initial vector seems to be emailed with URLs or attachments (PDF, PUB) linking to JavaScript malware that installs WasabiSeed (malicious downloader) that pulls down Screenshotter. How can you be sur…

1
VMWare: It's not just the new kids you need to be worried about 21:08

1y ago21:08

21:08

Nevada - RAMPing up the ransom The"Nevada" ransomware operation has recently grown its capabilities, improving locking functionality on Windows and ESXi. Are you protected? IceBreaker - Help Desk Hysteria Online Gaming and Gambling companies have been targeted by backdoor malware recently, as Customer Service agents were tricked into opening screen…

1
GoTo Breach? Is this the lastpass? 27:38

1y ago27:38

27:38

GoTo Breach - A lastpass loop? GoTo, parent company of LastPass, suffered a data breach resulting in theft of customer backups in November 2022. The breach impacted Central, Pro, join.me, Hamachi, and RemotelyAnywhere products. How did this happen, and how could you have prevented this from happening? GDPR's Price - WhatsApp with you? The Irish Dat…

1
The Tools of the Trade: Penetration Testing for Dummies 27:39

1y ago27:39

27:39

NMAP - Footprints and Fingerprints A standard tool in any cybersecurity toolbox. Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses. Nmap provides a number of features for probing computer networks, including host discovery and service and operating system detection. Is anyone scanning y…

1
RATPhishing and Ransoming Children: Is it ethical? 29:14

1y ago29:14

29:14

Netgear Routers - When Edges Go Bad A pre-authentication buffer overflow exploit allows threat actors to get control of many NetGear routers, opening the door for malware installs and identity theft. While Netgear has released a patch, how do you protect your edge and IoT estate before patches can be installed? RATphishing - Columbia's Cooperative …

1
The Meta-Model: A new framework? 27:24

1y ago27:24

27:24

1- Meta's New Framework - Chain, chain, chain… Meta has proposed a new 10-step kill chain model that they feel more adequately addresses online threats. What are the gaps in your current security stack, and how does Cato keep you secured? 2. FIFA 2022 - Phishing for the Cup Phishing attempts targeting middle eastern countries have more than doubled…

1
Mirai, LockerGoga, XMRig and MFA Hell 33:36

1y ago33:36

33:36

Mirai, LockerGoga, XMRig and MFA HellBy Robin Johns and Bill Carter

1
My coffee tastes Phishy: the service industry goes dark 24:49

1y ago24:49

24:49

SQL: Wake Up Maggie! The Maggie malware creates a backdoor in Microsoft SQL servers, leaving companies potentially vulnerable. Are you? ProxyNotShell: You've Got Bugs Microsoft Exchange Servers were found to have 2 zero-day vulnerabilities being exploited, allowing access to privesc and RCE. Do you trust emails from inside your organisation? The Ve…

1
Killnet, NSCS, PyPI, the Digital Red Cross and OpenSSL Patching Hell 34:21

1y ago34:21

34:21

1- Killnet - Access Denied Killnet is a Russia-aligned hacker group well known for issuing DDoS attacks, believed to be formed just prior to the Russia/Ukraine conflict. Originally a hack-for-hire vendor of DDoS, they rapidly evolved into a patriotic collective. Attacks have been characterized as "primitive", typically relying on brute-force on sta…

1
Impacket, SIMATIC, Alchemist and Mirai - oh my! 32:44

1y ago32:44

32:44

1) Impacket - All your Bases The Impacket tool was used by APTs to target the US Defense Industrial Base sector. The initial vector was unknown, but how do you identify reconnaissance and exfiltration in your organization? 2) PLCs - Patching is Logical A critical vulnerability with a 9.3 CVSS score was found in the Siemens SIMATIC programmable logi…

1
Black Basta and the dangers of the .ZIP TLD 18:52

1y ago18:52

18:52

In this week's episode, Bill and Robin cover the expanding scope of Ransomware with threat actors such as Black Basta running rampant, as well as the new 'suspicious' TLD of .zip! How do these threat actors keep getting away with their attacks, and why should you be concerned about these new top-level-domains? Learn all this and more on the latest …

1
NCSC 2022 Cuddalore District Inter im Workshop 31:42

1+ y ago31:42

31:42

கடலூர் மாவட்ட இடைநிலை அறிக்கை கூட்டம் - 2.ஆசிரியர் வழிகாட்டி ஆலோசனை மற்றும் கருத்துகள்.

1
மாவட்ட NCSC செயல்பாடுகள் செய்ய ஆட்கள் தேவை!வருவீர்களா 18:47

1+ y ago18:47

18:47

கடலூர் மாவட்ட NCSC 22-23 இதுவரை நடந்த செயல்பாடுகள்.இனி நடக்க இருக்கும் வேலைகள்.ஒருங்கிணைப்பாளர் உரை .

1
NCSC Project Registration After Guidance 39:38

1+ y ago39:38

39:38

Cuddalore District NCSC Project Guidance .What after the Project Registration ? How to present and what to present ?Talk by S.T.Balagurunathan ,Tamilnadu Science Forum.

1
A compelling Rescue story of a Puppy .Recorded on November 24th,2017. 15:43

5y ago15:43

15:43

I feel satisfied and happy,when i moved a bike parked at side of road which paved the way for a school van to go and certainly cleared the small traffic block occured at minutes before.So small moments like this ,we feel happy to do something selfless and enjoy the satisfication that gives at the end. So ,here we have Siddharth, who took an action …

1
How is japan is keeping pace with aging population and workforce ? 20:53

5y ago20:53

20:53

In today's episode ,We gonna to see "what's really happening in Japan ?Analysis and perspective.*And why japan seeking talents and young people from other countries?

1
Learning new words from "Budget and Economic Survey". 26:33

5y ago26:33

26:33

Dated 8th july 2019.A podcast episode of learning "Budget 2019 and Economic Survey "?Welcome.Indian Finance minister presented her "Maiden Budget 2019" and we also have our recent Economic Survey report here.Don't worry ,we are not into economics and things.As usual we look on words that catchy in Budget and Economic survey and learn from them.…

1
An accident overnight turned to planned killing.What we do to avert and alert in the situation? 26:35

5y ago26:35

26:35

On April 23rd 2019,On the madurai to thiruparankundram Bye pass Road ,an accident happens.On the investigation after the day,it reveals as planned killing.CCTV footage along with police analyses video been viral on social media.We discuss the issue.

1
Fake news and Fact check. 23:24

5y ago23:24

23:24

Karthik speaks about the Fake news and Facts check in context of election in india.

1
Thoughts abt election,Summer and E vehicle , unemployment . 38:52

5y ago38:52

38:52

Hi there Iam karthik from india .This time I whispered my thoughts on the podcast to you.I talk about upcoming General Election in india and why my Mom and I can't go together to cast vote ? And also I jump into sea to beat the summer and i found many things in water .And i talks about Electric vehicles and Unemployment in india. Welcome to the Lar…