Search a title or topic

Over 20 million podcasts, powered by 

Player FM logo

Breach Analysis Podcasts

show episodes
 
The CISO Signal is a true cybercrime podcast investigating the most consequential breaches, insider threats, takedowns, and nation-state hacks shaping today’s digital world. Each episode combines gripping, cinematic storytelling with exclusive interviews from top CISOs and cybersecurity leaders. Together, we break down how the world’s most dangerous cyberattacks unfolded and what today’s security professionals must learn from them. Whether you’re a Chief Information Security Officer, a secur ...
  continue reading
 
Artwork

1
Kitecast

Tim Freestone and Patrick Spencer

icon
Unsubscribe
icon
icon
Unsubscribe
icon
Monthly
 
Kitecast features interviews with security, IT, compliance, and risk management leaders and influencers, highlighting best practices, trends, and strategic analysis and insights.
  continue reading
 
A podcast about the dark and grim universe of the Five Nights at Freddy's franchise. Detailed storytelling of the world, monsters, and events that make up the lore of this indie cult-classic horror game series. Symbolism, theories, science and paranormal magic adventures await. Will you choose to take a trip Into the Night?
  continue reading
 
Artwork

1
Clique Bait

a twenty one pilots podcast

icon
Unsubscribe
icon
icon
Unsubscribe
icon
Weekly
 
Welcome to Clique Bait—the podcast where we stay Fairly Local, dig into the Lore, and ask the big questions like… What’s the story behind the antlers? Why is there duct tape on everything? And how many layers deep is this metaphor, Tyler? If you’ve ever cried in the car to Oldies Station, screamed Heavydirtysoul at a concert, or blacked out your hands for a Blurryface show—you’re in the right place! Every week, we’ll bring you The News—from tour announcements to easter eggs hiding in social ...
  continue reading
 
Loading …
show series
 
Please use discretion when you're listening to our message, MAN! That's right, we're back with another action-packed episode, Clikkie Nation! This week we get into the first three Breach Tour stops; Cincinnati and Toronto nights 1 and 1 and a half. Unfortunate weather events, stealing fun wristbands, and all the fan line drama, plus THE SETLIST!!! …
  continue reading
 
Exploring Uploads in a Dshield Honeypot Environment This guest diary by one of our SANS.edu undergraduate interns shows how to analyze files uploaded to Cowrie https://isc.sans.edu/diary/Exploring%20Uploads%20in%20a%20Dshield%20Honeypot%20Environment%20%5BGuest%20Diary%5D/32296 Sonicwall Breach SonicWall MySonicWall accounts were breached via crede…
  continue reading
 
FreePBX Exploit Attempts (CVE-2025-57819) A FreePBX SQL injection vulnerability disclosed in August is being used to execute code on affected systems. https://isc.sans.edu/diary/Exploit%20Against%20FreePBX%20%28CVE-2025-57819%29%20with%20code%20execution./32350 Disrupting Threats Targeting Microsoft Teams Microsoft published a blog post outlining h…
  continue reading
 
More Details About Oracle 0-Day The exploit is now widely distributed and has been analyzed to show the nature of the underlying vulnerabilities. https://isc.sans.edu/diary/Quick%20and%20Dirty%20Analysis%20of%20Possible%20Oracle%20E-Business%20Suite%20Exploit%20Script%20%28CVE-2025-61882%29%20%5BUPDATED%5B/32346 https://labs.watchtowr.com/well-well…
  continue reading
 
Oracle E-Business Suite 0-Day CVE-2025-61882 Last week, the Cl0p ransomware gang sent messages to many businesses stating that an Oracle E-Business Suite vulnerability was used to exfiltrate data. Initially, Oracle believed the root cause to be a vulnerability patched in June, but now Oracle released a patch for a new vulnerability. https://www.ora…
  continue reading
 
More .well-known scans Attackers are using API documentation automatically published in the .well-known directory for reconnaissance. https://isc.sans.edu/diary/More%20.well-known%20Scans/32340 RedHat Patches Openshift AI Services A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, fo…
  continue reading
 
IDENTIFIED AS FAILED PERIMETER ESCAPE BY DEMA COUNCIL VIOLATION OF SECTION 15398642_14 OF VIALIST CODE OF CONDUCT welcome back To clique bait! tHis week we hAve another actioN pacKed episode for YOU! more breach tour theories FOR you to stew over, breach song thoughts, and how much we absoLutely love just about all of them. It's juST so hard to pic…
  continue reading
 
Comparing Honeypot Passwords with HIBP Most passwords used against our honeypots are also found in the Have I been pwn3d list. However, the few percent that are not found tend to be variations of known passwords, extending them to find likely mutations. https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Comparing%20Honeypot%20Passwords%20with%20HIBP/…
  continue reading
 
Sometimes you don t even need to log in Applications using simple, predictable cookies to verify a user s identity are still exploited, and relatively recent vulnerabilities are still due to this very basic mistake. https://isc.sans.edu/diary/%22user%3Dadmin%22.%20Sometimes%20you%20don%27t%20even%20need%20to%20log%20in./32334 Western Digital My Clo…
  continue reading
 
Apple Patches Apple released patches for iOS, macOS, and visionOS, fixing a single font parsing vulnerability https://isc.sans.edu/diary/Apple%20Patches%20Single%20Vulnerability%20CVE-2025-43400/32330 Increase in Scans for Palo Alto Global Protect Vulnerability (CVE-2024-3400). Our honeypots detected an increase in scans for a Palo Alto Global Prot…
  continue reading
 
Converting Timestamps in .bash_history Unix shells offer the ability to add timestamps to commands in the .bash_history file. This is often done in the form of Unix timestamps. This new tool converts these timestamps into a more readable format. https://isc.sans.edu/diary/New%20tool%3A%20convert-ts-bash-history.py/32324 Cisco ASA/FRD Compromises Ex…
  continue reading
 
Webshells Hiding in .well-known Places Our honeypots registered an increase in scans for URLs in the .well-known directory, which appears to be looking for webshells. https://isc.sans.edu/diary/Webshells%20Hiding%20in%20.well-known%20Places/32320 Cisco Patches Critical Exploited Vulnerabilities Cisco released updates addressing already-exploited vu…
  continue reading
 
Exploit Attempts Against Older Hikvision Camera Vulnerability Out honeypots observed an increase in attacks against some older Hikvision issues. A big part of the problem is weak passwords, and the ability to send credentials as part of the URL. https://isc.sans.edu/diary/Exploit%20Attempts%20Against%20Older%20Hikvision%20Camera%20Vulnerability/323…
  continue reading
 
Why does indie-mascot horror keep returning to the trope of the underground laboratory—a subterranean factory of nightmares that stretches endlessly downward? From Five Nights at Freddy’s to Poppy Playtime to Bendy and The Ink Machine, this setting has become a hallmark of the genre. But why is it so hauntingly effective, so widespread, and what do…
  continue reading
 
Distracting the Analyst for Fun and Profit Our undergraduate intern, Tyler House analyzed what may have been a small DoS attack that was likely more meant to distract than to actually cause a denial of service https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Distracting%20the%20Analyst%20for%20Fun%20and%20Profit/32308 GitHub s plan for a more secur…
  continue reading
 
CISA Reports Ivanti EPMM Exploit Sightings Two different organizations submitted backdoors to CISA, which are believed to have been installed using Ivanti vulnerabilities patched in May. https://www.cisa.gov/news-events/analysis-reports/ar25-261a Lastpass Observes Impersonation on GitHub Lastpass noted a number of companies being impersonated via f…
  continue reading
 
Help Wanted: What are these odd requests about? An odd request is hitting a number of our honeypots with a somewhat unusual HTTP request header. Please let me know if you no what the request is about. https://isc.sans.edu/forums/diary/Help+Wanted+What+are+these+odd+reuqests+about/32302/ Forta GoAnywhere MFT Vulnerability Forta s GoAnywhere MFT prod…
  continue reading
 
Welcome back Clikkies, Frens, and twenty one pilots junkies! This week is jam-packed with plenty of new lore implications, thoughts, theories, and more! We get into our Breach Tour setlist predictions, Breach bingo card final results, poster giveaway recipients, and announce a fun new contest! Breach is SO great that we just can't stop talking abou…
  continue reading
 
CTRL-Z DLL Hooking Attackers may use a simple reload trick to overwrite breakpoints left by analysts to reverse malicious binaries. https://isc.sans.edu/diary/CTRL-Z%20DLL%20Hooking/32294 Global Admin in every Entra ID tenant via Actor tokens As part of September s patch Tuesday, Microsoft patched CVE-2025-55241. The discoverer of the vulnerability…
  continue reading
 
Why You Need Phishing-Resistant Authentication NOW. The recent compromise of a number of high-profile npmjs.com accounts has yet again shown how dangerous a simple phishing email can be. https://isc.sans.edu/diary/Why%20You%20Need%20Phishing%20Resistant%20Authentication%20NOW./32290 S1ngularity/nx Attackers Strike Again A second wave of attacks has…
  continue reading
 
Apple Updates Apple released major updates for all of its operating systems. In addition to new features, these updates patch 33 different vulnerabilities. https://isc.sans.edu/diary/Apple%20Updates%20Everything%20-%20iOS%20macOS%2026%20Edition/32286 Microsoft End of Life October 14th, support for Windows 10, Exchange 2016, and Exchange 2019 will e…
  continue reading
 
Web Searches For Archives Didier observed additional file types being searched for as attackers continue to focus on archive files as they spider web pages https://isc.sans.edu/diary/Web%20Searches%20For%20Archives/32282 FBI Flash Alert: Salesforce Attacks The FBI is alerting users of Salesforce of two different threat actors targeting Salesforce. …
  continue reading
 
Move it up, move it up, it's a BREACH bonus episode! That's right, Frens, Breach is here and we have an early analysis of every single track for you. We give our initial thoughts on potential meanings, our early favorites, and how dreadfully wrong our predictions were a few weeks ago! Intentions are everything... While we intended to make this a sh…
  continue reading
 
DShield SIEM Docker Updates Guy updated the DShield SIEM which graphically summarizes what is happening inside your honeypot. https://isc.sans.edu/diary/DShield%20SIEM%20Docker%20Updates/32276 Again: Sonicwall SSL VPN Compromises The Australian Government s Signals Directorate noted an increase in compromised Sonicwall devices. https://www.cyber.go…
  continue reading
 
No spoilers here...your favorite podcasters went to the Breach listening parties and let's just say, our high expectations were definitely exceeded! Frens, rest assured, this album SLAPS and everyone is gonna love it! We get into so much twenty one pilots info in this episode, we promise you'll be more than ready for the Breach release tomorrow! Li…
  continue reading
 
BASE64 Over DNS The base64 character set exceeds what is allowable in DNS. However, some implementations will work even with these invalid characters. https://isc.sans.edu/diary/BASE64%20Over%20DNS/32274 Google Chrome Update Google released an update for Google Chrome, addressing two vulnerabilities. One of the vulnerabilities is rated critical and…
  continue reading
 
Microsoft Patch Tuesday As part of its September patch Tuesday, Microsoft addressed 177 different vulnerabilities, 86 of which affect Microsoft products. None of the vulnerabilities has been exploited before today. Two of the vulnerabilities were already made public. Microsoft rates 13 of the vulnerabilities are critical. https://isc.sans.edu/diary…
  continue reading
 
Major npm compromise A number of high-profile npm libraries were compromised after developers fell for a phishing email. This compromise affected libraries with a total of hundreds of millions of downloads a week. https://bsky.app/profile/bad-at-computer.bsky.social/post/3lydioq5swk2y https://github.com/orgs/community/discussions/172738 https://git…
  continue reading
 
From YARA Offsets to Virtual Addresses Xavier explains how to convert offsets reported by YARA into offsets suitable for the use with debuggers. https://isc.sans.edu/diary/From%20YARA%20Offsets%20to%20Virtual%20Addresses/32262 Phishing via JavaScript in SVG Files Virustotal uncovered a Colombian phishing campaign that takes advantage of JavaScript …
  continue reading
 
The long-awaited adaptation and prequel to Security Breach: Secret of the Mimic takes us back to Freddy and Fredbear's heyday in 1979. A down-on-his-luck Fazbear Engineer, Arnold, has been tasked by Dispatch to make one final job at Edwin Murray's Costume Manor; a large warehouse and workshop where fantasy and fun and ferile fear come to life! Insi…
  continue reading
 
Cybersecurity experts Heather Noggle and Dr. Arun DeSouza discussed Kiteworks' Data Security and Compliance Risk: 2025 Annual Survey Report, which introduces the industry's first quantitative risk scoring algorithm. The comprehensive study of 461 organizations reveals that 46% now operate in high- to critical-risk territory, with the median enterpr…
  continue reading
 
Unauthorized Issuance of Certificate for 1.1.1.1 Cloudflare published a blog post with more details regarding the bad 1.1.1.1 certificate that was issued by Fina. https://blog.cloudflare.com/unauthorized-issuance-of-certificates-for-1-1-1-1/ AI Model Namespace Reuse Deleted accounts on Huggingface can be taken over by other entities unrelated to th…
  continue reading
 
Exploit Attempts for Dassault DELMIA Apriso. CVE-2025-5086 Our honeypots detected attacks against the manufacturing management system DELMIA Apriso. The deserialization vulnerability was patched in June and is one of a few critical vulnerabilities patched in recent months. https://isc.sans.edu/diary/Exploit%20Attempts%20for%20Dassault%20DELMIA%20Ap…
  continue reading
 
In this episode of Clique Bait, we break down the latest twenty one pilots news and dive deep into the lore and more! The Clancy Tour - Breach & Bandito Camp: What the new lawn fan activation means, what fans can expect, and why it matters for this era. Rock Sound’s Special Edition “Breach” CDs: We dissect the unique fonts and artwork on the CD jac…
  continue reading
 
A Quick Look at Sextortion at Scale Jan analyzed 1900 different sextortion messages using 205 different Bitcoin addresses to look at the success rate, lifetime, and other metrics defining these campaigns. https://isc.sans.edu/diary/A%20quick%20look%20at%20sextortion%20at%20scale%3A%201%2C900%20messages%20and%20205%20Bitcoin%20addresses%20spanning%2…
  continue reading
 
pdf-parser: All Streams Didier released a new version of pdf-parser.py. This version fixes a problem with dumping all filtered streams. https://isc.sans.edu/diary/pdf-parser%3A%20All%20Streams/32248 Salesloft Drift Putting OAuth Tokens at Risk OAuth tokens used by Salesloft Drift users to provide access to integrations with Salesforce, Google Works…
  continue reading
 
THE SONY HACK: HOLLYWOOD, NORTH KOREA & THE CYBER WAR THAT CHANGED EVERYTHING In 2014, Sony Pictures became ground zero for the first major nation-state cyberattack on a global corporation. The “Guardians of Peace,” linked to North Korea, crippled Sony’s networks, leaked unreleased films, and exposed troves of executive emails that forced high-leve…
  continue reading
 
Increasing Searches for ZIP Files Attackers are scanning our honeypots more and more for .zip files. They are looking for backups of credential files and the like left behind by careless administrators and developers. https://isc.sans.edu/diary/Increasing%20Searches%20for%20ZIP%20Files/32242 FreePBX Vulnerability An upatched vulnerability in FreePB…
  continue reading
 
Welcome back to Clique Bait! This week, we cover everything happening in the TØP universe right now, from the Breach album listening parties to Reel Bear Media’s behind-the-scenes livestream on the making of the “Drum Show” music video. Plus, some well-deserved fan shoutouts! In our lore Deep Dive, we rewind to the mysterious Ned’s Cozy Fireplace l…
  continue reading
 
Interesting Technique to Launch a Shellcode Xavier came across malware that PowerShell and the CallWindowProcA() API to launch code. https://isc.sans.edu/diary/Interesting%20Technique%20to%20Launch%20a%20Shellcode/32238 NX Compromised to Steal Wallets and Credentials The popular open source NX build package was compromised. Code was added that uses…
  continue reading
 
Getting a Better Handle on International Domain Names and Punycode International Domain names can be used for phishing and other attacks. One way to identify suspect names is to look for mixed script use. https://isc.sans.edu/diary/Getting%20a%20Better%20Handle%20on%20International%20Domain%20Names%20and%20Punycode/32234 Citrix Netscaler Vulnerabil…
  continue reading
 
Reading Location Position Value in Microsoft Word Documents Jessy investigated how Word documents store the last visited document location in the registry. https://isc.sans.edu/diary/Reading%20Location%20Position%20Value%20in%20Microsoft%20Word%20Documents/32224 Weaponizing image scaling against production AI systems AI systems often downscale imag…
  continue reading
 
Dr. Rick Goud brings a unique perspective to the data sovereignty conversation, combining medical informatics expertise with entrepreneurial technology innovation. As co-founder and Chief Innovation Officer of Zivver, a secure digital communications platform acquired by Kiteworks in 2025, Goud's journey began with an unexpected twist – missing out …
  continue reading
 
The end of an era: Properly formatted IP addresses in all of our data. When initiall designing DShield, addresses were zero padded , an unfortunate choice. As of this week, datafeeds should no longer be zero padded . https://isc.sans.edu/diary/The%20end%20of%20an%20era%3A%20Properly%20formated%20IP%20addresses%20in%20all%20of%20our%20data./32228 .d…
  continue reading
 
SIN CITY CYBERATTACK: INSIDE THE MGM & CAESARS CASINO BREACHES In September 2023, Las Vegas turned into ground zero for one of the most disruptive cyberattacks in U.S. history. MGM Resorts, owner of iconic casinos on the Strip, saw slot machines go dark, hotel check-ins grind to a halt, and operations paralyzed for days. At the same time, Caesars E…
  continue reading
 
Don't Forget The "-n" Command Line Switch Disabling reverse DNS lookups for IP addresses is important not just for performance, but also for opsec. Xavier is explaining some of the risks. https://isc.sans.edu/diary/Don%27t%20Forget%20The%20%22-n%22%20Command%20Line%20Switch/32220 watchTowr releases details about recent Commvault flaws Users of the …
  continue reading
 
We're putting on a podcast! Welcome back and welcome to SO many new listeners this week! In this episode, we break down twenty one pilots’ new track 'Drum Show' from the upcoming Breach album, plus the band’s wild week of news! Tyler’s emotional letter, the latest crazy teaser videos, and new DEMA letters in the mail...this week was a TIME! And we …
  continue reading
 
Airtel Router Scans and Mislabeled Usernames A quick summary of some odd usernames that show up in our honeypot logs https://isc.sans.edu/diary/Airtel%20Router%20Scans%2C%20and%20Mislabeled%20usernames/32216 Apple Patches 0-Day CVE-2025-43300 Apple released an update for iOS, iPadOS and MacOS today patching a single, already exploited, vulnerabilit…
  continue reading
 
Increased Elasticsearch Recognizance Scans Our honeypots noted an increase in reconnaissance scans for Elasticsearch. In particular, the endpoint /_cluster/settings is hit hard. https://isc.sans.edu/diary/Increased%20Elasticsearch%20Recognizance%20Scans/32212 Microsoft Patch Tuesday Issues Microsoft noted some issues deploying the most recent patch…
  continue reading
 
Keeping an Eye on MFA Bombing Attacks Attackers will attempt to use authentication fatigue by bombing users with MFA authentication requests. Rob is talking in this diary about how to investigate these attacks in a Microsoft ecosystem. https://isc.sans.edu/diary/Keeping+an+Eye+on+MFABombing+Attacks/32208 Critical Cisco Secure Firewall Management Ce…
  continue reading
 
Loading …
Copyright 2025 | Privacy Policy | Terms of Service | | Copyright
Listen to this show while you explore
Play