YusufOnSecurity.com

Enjoying the content? Let us know your feedback!

Lets face it, the cyber crooks are always lurking aroud waiting for an opportunity to come in. They choose the path of least resistant and password is often their way in. Unfortunately password is still with us and for sometime to come too.
In today episode, we’re digging deep into top common types of password attacks—and, most importantly, I’ll walk you through effective ways to stop them. Passwords are often the first line of defense, but they’re also a favorite target for hackers. Understanding these attack methods can empower you to protect your data better, avoid common pitfalls, and even educate those around you. So, let’s get into it!

• A newly discovered ransomware serves a wake up all for Mac Users.

- https://xkcd.com: How To Create A Strong Password
- https://haveibeenpwned.com: Have I Been Pawned
- https://pages.nist.gov: Password
- https://www.infosecurity-magazine.com: NIST Scraps Passwords Complexity and Mandatory Changes in New Guidelines

Be sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!

This week's episode is an interview with Nadim Lahoud from Red Sift at GITEX the Global IT Expo that is held yearly in Dubai. It is the largest tech startup gathering in the world. 

Redsift is a company that provides a cloud-based DMARC, DKIM and SPF configuration and management platform called OnDMARC. They also provide:
-Continuous certificate discovery and monitoring as well as 
-Brand Trust through AI-driven brand impersonation discovery and monitoring.

Before we get into that we will recap the top trending security this week. That is:

• FIDO Alliance Drafts New Protocol to Simplify Passkey Transfers Across Different Platforms

- https://fidoalliance.org: Specifications Credential Exchange Specifications
- https://redsift.com: About Red Sift

Be sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!

Today we’re going to peel back the layers of Microsoft Windows architecture. For many of us, Windows has been a part of our computing lives for decades, whether at work or at home. But how much do we really know about how it works under the hood? In this episode, we’ll take a closer look at what makes Windows tick, compare it with Unix/Linux systems, and explore how it has evolved over the years.

Before we get into the topic, lets review this week's top trending security news:

• Criminals Are Testing Their Ransomware Campaigns in Africa

- https://www.performanta.com: Africa A testing Ground
- https://en.wikipedia.org: Architecture Of Windows NT
- https://techcommunity.microsoft.com: Windows Architecture The Basics
- https://learn.microsoft.com: Explore Windows Architecture/

Be sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!

In today's episode, we’re diving into the world of APIs and Webhooks—two key technologies that power much of the automation and interaction between services online. Whether you’re a developer, security expert, or someone just curious about how data flows through the internet, this episode will give you valuable insights into how these tools work, their history, and, most importantly, how to keep them secure.

We’ll also look at real-world examples of API-based attacks on major brands and break down what went wrong. By the end of this episode, you’ll have a full understanding of both APIs and Webhooks, and you’ll be armed with the must-know security measures for each. So, stick around and by keep listening!

Having said that, lets have a look at the top trending news this week.

• Mitre launches AI Incident Sharing Initiative. Awsome move!

- https://owasp.org: OWASP API Security Top 10
- https://ai-incidents.mitre.org: Mitre ATLAS

Be sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!

Today we’re discussing an exciting trend in the world of technology—the browser is no longer just a window to the web. So we asked is it becoming the operating system itself?

From the early days of Mosaic and Netscape Navigator to today’s cloud-powered Chromebooks, the browser has evolved dramatically. In this episode, we’ll explore the security implication, the history of browsers, the famous browser wars, and how today’s browsers are blurring the lines between web interfaces and operating systems.
Having said that, lets recap a top trending security news shall we?

• Exploiting CUPS: How Recent Vulnerabilities Could Compromise Linux Security

- https://www.evilsocket.net: Attacking On UNIX Systems Via CUPS Part I
-https://en.wikipedia.org: History of The Web Browsers
- https://en.wikipedia.org: Browser Wars

Be sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!

In this episode lets look at the world of DevSecOps—a vital practice in modern software development that has implication on security. We’ll trace the history of software development, discuss the evolution of methodologies, and examine the challenges that have led to the emergence of DevSecOps. So, whether you’re a seasoned developer who is curious about the cyber security world, or a veteran security practitioner, this is an episode you would not want to miss..

As always, lets review what is trending in the news front first.

• Microsoft officially deprecates Windows Server Update Service aka WSUS.

- https://techcommunity.microsoft.com: Windows Server Update Services WSUS Deprecation
- https://www.cisco.com: Addressing Security Challenges in a Fast Evolving Landscape White Paper

Be sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!

Today’s topic is one that mixes the marvel of modern technology with some very real concerns. We’re talking about the rise of Large Language Models, or LLMs, how they’re rapidly being adopted across industries, and the potential for sensitive data leakage on the open web. It’s a thrilling time for AI technologies, but as with all new frontiers, there are risks if we're not careful.

• News: MSHTML platform spoofing vulnerability. And yes, It is a big one.

- https://blogs.cisco.com: Securing The LLM Stack
- https://msrc.microsoft.com: CVE-2024-43461
- https://msrc.microsoft.com: CVE-2024-38112
- https://www.trendmicro.com: CVE-2024-38112 Void-Banshee 

Be sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!

In this episode we’re diving into an important topic that concerns one of the most trusted hardware security tokens on the market—the YubiKey 5 series.

We’ll discuss a recently discovered vulnerability affecting YubiKeys and go over what it means for the broader world of authentication and cryptographic security. To help you fully understand the issue, I’ll also provide a quick primer on key concepts like digital signatures, elliptic curves, and the cryptographic algorithm known as ECDSA.
With that said, this episode is an update as well as a main topic  and all in all it will give you the tools you need to stay informed and protected.

- https://www.yubico.com: Yubico Advisories
- https://ninjalab.io: The research 

Be sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!

Today, we will look into two essential cybersecurity solutions: File Integrity Monitoring or FIM and Endpoint Detection and Response, commonly known as EDR.

Both of these technologies are crucial for protecting systems, but they work in very different ways. We’ll be comparing and contrasting their capabilities, benefits, and use cases.

Before we get into the main topic, lets review a top trending piece of security news:

• SANS Institute released a Critical Infrastructure Strategy Guide

- https://www.sans.org: SANS Institute released a Critical Infrastructure Strategy Guide
- https://en.wikipedia.org: File Integrity Monitoring
- https://www.cisco.com: What is an EDR?

Be sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!

In today episode we’re diving into something that’s been making waves in the cybersecurity community—NIST Cybersecurity Framework 2.0.

The NIST Cybersecurity Framework has long been a cornerstone for building robust security practices, and with the release of version 2.0, there are some exciting new developments that are relevant given todays threat landscape. 

As always, lets review what is trending in the news front.

• CCTV Zero-Day Exposes Critical Infrastructure to Mirai Botnet

- https://www.akamai.com: Mirai Botnet Infects CCTV Used in Critical Infrastructures
- https://www.nist.gov: IST Cybersecurity Framework 2.0.
- https://nvlpubs.nist.gov: NIST Cybersecurity Framework 2.0.

Be sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too.