159 episodes

This is a weekly podcast on cyber security domains. We discuss, dissect and demystify the world of security by providing an in-depth coverage on the cybersecurity topics that matter most. All these in plain easy to understand language. Like it, share it, and most importantly enjoy it!

YusufOnSecurity.com YusufOnSecurity.Com

    • Technology

This is a weekly podcast on cyber security domains. We discuss, dissect and demystify the world of security by providing an in-depth coverage on the cybersecurity topics that matter most. All these in plain easy to understand language. Like it, share it, and most importantly enjoy it!

    159 - The Hidden Risks of Default Configurations - Part 1

    159 - The Hidden Risks of Default Configurations - Part 1

    In today's interconnected world, default configurations are ubiquitous across various systems and devices, from routers to software applications. While convenient for initial setup, these default settings often harbor significant security risks that can leave systems vulnerable to exploitation by malicious actors. In this episode, we delve into the hidden dangers posed by default configurations, exploring real-world examples and discussing strategies to mitigate these risks effectively. Join us as we uncover the critical importance of securing systems against the perils of default settings.

    Before that, lets recap on what is  top of mind on the news front.


    The toothbrush DDOS that never wasYour favorite browser might have a feature that defends your home network- https://www.forbes.com: Surprising 3 million hacked toothbrushes story goes viral is it true?
    - https://chromestatus.com: Private Network Access
    - https://owasp.org: Security Misconfiguration/
    Be sure to subscribe!
    If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
    You will find a list of all previous episodes in there too.

    • 37 min
    158 - Is quantum computing a threat to cryptography, really? - Part 2

    158 - Is quantum computing a threat to cryptography, really? - Part 2

    This is the second episode of our two part episode on whether quantum computing is a threat to cryptography really. Make sure you listen to episode 1 first as we laid the foundation on what is coming up in this episode.

    As always lets review this week's top trending security news first.
    CISA and the FBI release Living of the land technique guidancesGoogle's AI assisted with detection- https://www.computer.org: Quantum Computing
    - https://thequantuminsider.com: Quantum Research
    - https://cqn-erc.org/about: The Center for Quantum Networks
    - https://www.cisa.gov: Joint Guidance Identifying and Mitigating LOTL
    - http://security.googleblog.com: Scaling security with AI from detection
    - https://safety.google: Cybersecurity Advancements



    Be sure to subscribe!
    If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
    You will find a list of all previous episodes in there too.

    • 37 min
    157 - Is quantum computing a threat to cryptography, really? - Part 1

    157 - Is quantum computing a threat to cryptography, really? - Part 1

    Cryptography are the backbone of privacy since time immemorial. Toda is THE foundational block of the connected world without which the Internet will crumble as we know it.
    There is a feverish discussions happening and fast improving of a new era in computing - Quantum computing, and it is improving year after year taking us ever closer to question the strength of the existing cryptography. So we asked "Is quantum computing a threat to cryptography, really?"

    - https://blog.cloudflare.com: Thanks-Giving 2023 security incident
    - https://www.justice.gov: US government disrupts botnet
    - https://www.computer.org: Quantum Computing
    - https://thequantuminsider.com: Quantum Research
    - https://cqn-erc.org/about: The Center for Quantum Networks
    Be sure to subscribe!
    If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
    You will find a list of all previous episodes in there too.

    • 39 min
    156 - The risks of exposing Web UI

    156 - The risks of exposing Web UI

    Welcome and thank you for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english.

    Accessing and managing various applications and services remotely is a daily occurrence for a typical administrator. It is often the fastest way to accomplish a quick task while you are on the move or say something urgent is needed while you are still on your way to your desk. While that is nothing new, we see an uptick on the number of successful attack taking advantage on these exposed administrative interfaces. What is causing the recent increase in Web UI initial access? Well, that is the topic our episode this week.

    I am your host Ibrahim Yusuf

    Just before we hit the main topic, lets review a couple top of mind recent news:


    Not long ago, Microsoft's exchange online was breached. They now revealed how this happened.UK and US Water Utilities Hit with Cyberattacks- https://www.microsoft.com: Midnight Blizzard guidance for responders on nation state-attack
    - https://www.securityweek.com: Major UK and US  water companies hit by ransomware
    https://www.cisa.gov: Water and wastewater sector incident response guide 
    Be sure to subscribe!
    If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
    You will find a list of all previous episodes in there too.

    • 46 min
    155 - iVanti's widespread exploitation

    155 - iVanti's widespread exploitation

    When things go wrong, they go wrong fast. This week will dive into the widespread exploitation on iVanti VPN solution that attracted a lot of attention from both the security community as well as from the bad guys. What went wrong? Stay tuned.
    Just before we get into iVanti, lets review the other top security news this week.
    Millions of passwords of top brands such as facebook and others were found for sale.SonicWall API attracts attacks that can impacts over 170 thousand firewalls.- https://psirt.global.sonicwall.com: CVE-2022-22274
    - https://psirt.global.sonicwall.com: CVE-2023-0656
    - https://forums.ivanti.com: CVE-2023-46805 Authentication Bypass and CVE-2024-21887 Command Injection for Ivanti Connect Secure and Ivanti Policy Secure Gateways
    - https://forums.ivanti.com: Pulse Connect Secure (PCS) Integrity Assurance
    - https://www.mandiant.com:  Suspected APT targets Ivanti zeroday



    Be sure to subscribe!
    If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
    You will find a list of all previous episodes in there too.

    • 42 min
    154 - Exfil or DLP - Part 2

    154 - Exfil or DLP - Part 2

    We are continuing demystifying a couple of terms that folks new to the realm of cyber security often mix up. Those are the  terms Exfil or DLP.  So by the end of the session you will surely understand where you stand the next time you will hear an Exfil has happened to so and so org or a DLP is require here.
    Make sure you listen to part 1 beforehand.

    And as alware before we get into the weeds, lets review the recent top trending news this week. These are
    Babuk variant decryption key made availableMandiant X account hacked - https://www.bleepingcomputer.com:  Decryptor for Babuk ransomware variant released after hacker arrested
    - https://grahamcluley.com:   Security firm Mandiant says it did not have 2FA enabled on its hacked Twitter account
    - https://www.nomoreransom.org: No-More-Ransom site
    Be sure to subscribe!
    If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
    You will find a list of all previous episodes in there too.

    • 37 min

Top Podcasts In Technology

Khaled Alimi
TMN Media
Hamza Belloumi
اســـلام
Lex Fridman
Ayman Hamed