YusufOnSecurity.com

YusufOnSecurity.Com

This is a weekly podcast on cyber security domains. We discuss, dissect and demystify the world of security by providing an in-depth coverage on the cybersecurity topics that matter most. All these in plain easy to understand language. Like it, share it, and most importantly enjoy it!

  1. ٢ مايو

    274 - Ransomware Hit a Water Plant - Why Your Tap Water Is a Cybersecurity Problem

    Enjoying the content? Let us know your feedback! Today's episode is one of those stories that really does hit home. Not a bank breach. Not some government leak. I want to talk about the water coming out of your tap. On March 14th, 2026, hackers dropped ransomware on a water treatment plant in Minot, North Dakota. Staff walked in that morning, saw a ransom note sitting on a server screen, and had to unplug the whole thing. For the next sixteen hours, plant operators were physically walking through the facility, reading gauges by hand — old school, the way it was done decades ago — while the FBI got the call. The city says the water stayed safe. Nobody got sick. But this incident ripped the cover off a problem the cybersecurity community has been warning about for years: water infrastructure is dangerously exposed. And most people have no idea. Today I want to unpack what happened in Minot, why water utilities are such soft targets, what SCADA systems actually are and why they are so difficult to defend, and what defenders and regulators are doing — and should be doing — about all of this. - https://therecord.media: North Dakota Ransomware Water Plant - https://www.cisa.gov: CISA — Adapting Zero Trust Principles to Operational Technology Be sure to subscribe!  You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.

    ٣٦ د

  2. ٢٥ أبريل

    273 - Project Glasswing (Mythos) - Anthropic Watershed Moment for Cybersecurity - Part 2

    Enjoying the content? Let us know your feedback! This is Part 2 of our deep dive into Anthropic's Claude Mythos Preview and Project Glasswing. In Part 1, we covered what Mythos is, how it fits into the Claude model family, and why Anthropic is pushing the boundaries of extended thinking and complex reasoning. Today, we are picking up right where we left off and turning our attention to Project Glasswing — what it is, what it means for security professionals, and why this convergence of advanced AI reasoning and autonomous capability should be on every defender's radar. If you have not listened to Part 1 yet, I would recommend going back and starting there, but if you are already caught up, let us get right into it. https://www.forrester.com: Project Glasswing The 10 Consequences Nobody Writing About Yet - https://www.anthropic.com: Project Glasswing - https://blogs.cisco.com: Rising To the Era of AI Powered Cyber Defense - https://www.wired.com: Mozilla Used Anthropics Mythos To Find 271 Bugs In Firefox Be sure to subscribe!  You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.

    ٢٨ د

  3. ١٨ أبريل

    272 - Project Glasswing (Mythos) - Anthropic Watershed Moment for Cybersecurity - Part 1

    Enjoying the content? Let us know your feedback! About three weeks ago, on the 7th of April, Anthropic — the company behind the Claude family of AI models — announced something called Claude Mythos Preview. They paired the announcement with a coordinated industry effort they're calling Project Glasswing. And the headlines that followed have been, frankly, alarming. Fortune ran a piece headlined that Mythos can hack nearly anything, and we aren't ready. Coindesk reported that banks like JP Morgan, and crypto exchanges like Coinbase and Binance, are already approaching Anthropic to test it. And Anthropic's own researchers described this as a watershed moment — meaning, a before-and-after divide in how we think about software security. So let's break this down. What is Mythos? What can it actually do? And — most importantly — what should you and I, as defenders, be doing about it starting today? - https://www.anthropic.com: Project Glasswing - https://blogs.cisco.com: Rising To the Era of AI Powered Cyber Defense - https://www.wired.com: Mozilla Used Anthropics Mythos To Find 271 Bugs In Firefox Be sure to subscribe!  You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.

    ٢٨ د

  4. ١١ أبريل

    271 - $21 Billion Lost to Cybercrime — FBI's 2025 Report and Microsoft's Massive April Patch Tuesday

    Enjoying the content? Let us know your feedback! We have got two big stories to get through today. First, the FBI just released its 2025 Internet Crime Report — and the numbers are not just record-breaking, they are genuinely alarming. We are talking about over twenty billion dollars in reported losses in a single year. And for the first time ever, the report includes a dedicated section on how criminals are using artificial intelligence to supercharge their scams. Then, we are going to pivot to Microsoft's April 2026 Patch Tuesday — one of the largest patch cycles we have seen in a long time. A hundred and sixty-seven vulnerabilities fixed, including an actively exploited zero-day in SharePoint Server. If your organisation runs SharePoint, and most do, you are going to want to hear this. Be sure to subscribe!  You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.

    ٢٢ د

  5. ٤ أبريل

    270 - Securing AI - The 3 Frameworks Every Defender Must Know

    Enjoying the content? Let us know your feedback! If you've been watching the cybersecurity space for the last two years, you've noticed something. Almost every breach report, every vendor pitch, every board meeting — AI is in the conversation. Sometimes as the hero, sometimes as the villain, and very often as both at the same time. But here's the uncomfortable truth. Most organisations are racing to deploy AI far faster than they are learning how to secure it. We're plugging large language models into customer service, into code pipelines, into decision-making workflows — and we're often doing it without a framework to guide us. So in today's episode, I want to fix that. I want to walk you through the three frameworks that have become the gold standards for AI security. They are NIST AI RMF, MITRE ATLAS, and the OWASP Top 10 for LLM Applications. Hopefully by the end of the next fifteen minutes, you will know what each one is, what each acronym actually stands for, what problem each one solves, and — most importantly — how they fit together so you can use them in the real world. - https://www.nist.gov: AI Risk Management Framework - https://atlas.mitre.org: MITRE ATLAS - https://owasp.org: OWASP Top 10 for Large Language Model Applications Be sure to subscribe!  You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.

    ٢٧ د

  6. ٢٨ مارس

    269 - Cyber Resilience in 2026 - The Skills Gap, Team Readiness, and What Security Leaders Must Do Now

    Enjoying the content? Let us know your feedback! In this week's episode, I am joined by my good old friend Shakel Ahmed, a cybersecurity practitioner with over 20 years of experience across some of the most demanding environments in the industry. We are covering the importance of skills and cyber resilience — and this is particularly important for those of you who are responsible for building and maintaining security teams, managing risk at a strategic level, or simply trying to figure out where to focus your energy in an industry that never sits still. Whether you are an analyst wondering which skills will keep you relevant in the age of AI, or a CISO trying to ensure your organisation can absorb a hit and keep operating, this conversation is for you. Shakel brings a practitioner's perspective — not theory, not vendor talk — just hard-won insight on what it actually takes to build resilient people, resilient processes, and resilient organisations. So grab a coffee, settle in, and let's get into it. Be sure to subscribe!  You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.

    ٤٣ د

  7. ٢١ مارس

    268 - The Stryker Attack: How State Sponsored Hackers Weaponised a Microsoft Tool to Wipe 80K Devices

    Enjoying the content? Let us know your feedback! Just over a week ago, on 11 March 2026, a cyberattack brought one of the world's largest medical device makers to its knees. Stryker - a $25 billion company that manufactures surgical robots, joint implants and emergency equipment - woke up to find thousands of employee devices wiped clean, its ordering systems offline, and surgeries being rescheduled around the world. This was not ransomware. This was something more deliberate and destructive - a wiper attack carried out by a state sponsored-linked hacking group called Handala, who exploited a trusted Microsoft device management tool to erase data from up to 80,000 employee phones and laptops in one move. In this episode, we break down exactly what happened, how it happened, and what it means for every organisation that relies on cloud-based device management tools. We also look at the governance lessons - from business continuity planning to privileged access controls - that this attack makes impossible to ignore. - https://csrc.nist.gov: NIST SP 800-34 Rev. 1  - https://www.cybersecuritydive.com: Stryker attack raises concerns about role of Microsoft Intune Be sure to subscribe!  You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.

    ٣١ د

  8. ١٤ مارس

    267 - SMB Protocol Explained-Why It Keeps Getting Hacked and Why We Can't Remove it?

    Enjoying the content? Let us know your feedback! Today we are talking about a protocol that is older than most of the people working in IT security right now, a protocol that has powered some of the most catastrophic cyberattacks in history, a protocol that security professionals have been trying to retire for years — and a protocol that is still quietly running in the background of almost every Windows environment on the planet. I am talking about SMB — the Server Message Block protocol. By the end of this episode, you will understand what it does, why it has been so dangerous, how it connects to something we have touched on before called Kerberos and NTLM authentication, and most importantly, what you should actually be doing about it in your organisation today.  So, lots to talk about today. Lets go! - https://learn.microsoft.com: SMB Security Hardening  - https://blog.barracuda.com: Majority of Attacks Against SMB Protocol Attempt to Exploit EternalBlue - https://securelist.com: NTLM Is Being Abused In 2025 Be sure to subscribe!  You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.

    ٣٠ د
مشاهدة الكل (٢٧٤)

حول

This is a weekly podcast on cyber security domains. We discuss, dissect and demystify the world of security by providing an in-depth coverage on the cybersecurity topics that matter most. All these in plain easy to understand language. Like it, share it, and most importantly enjoy it!

المعلومات

  • صناع العمل
    YusufOnSecurity.Com
  • سنوات النشاط
    ٢٠٢١ - ٢٠٢٦
  • الحلقات
    ٢٧٤
  • التقييم
    ملائم
  • حقوق النشر
    © 2026 YusufOnSecurity.com
  • موقع البرنامج على الويب
    YusufOnSecurity.com