Ransomware is bad enough, but when it impacts healthcare it's even worse! In this episode, Jay and Joao will discuss recent developments at Change Healthcare and their ransomware fiasco, news updates, and more!

On this podcast, Jay and Joao have discussed multiple times a situation where a threat actor submits a pull request that's more than the project bargained for. And now, we have a situation where OpenSSH was (almost) backdoored by a commit by a maintainer of the xz project. Don't miss this episode for all the details!

What goes on behind the scenes when it comes to managing a project as large as a Linux distribution? In this episode, Jay and Joao has a chat with benny Vasquez who is not only a wealth of knowledge on that very subject, she’s also the Chair of the Board of Directors for AlmaLinux OS. ... Read more

You may have heard of "technical debt", but have you heard of "security debt"? In this episode, Jay and Joao will tell you all about it and why it's a major issue for organizations.

Through a joint effort, the FBI as well as NCA struck a major blow to the Lockbit ransomware group. In this episode, Jay and Joao will discuss this story as well as the state of Linux in the enterprise/open-source landscape.

When a threat actor breaks into a router and adds firewall rules that the owner didn't approve of, that's considered hacking. But when the FBI does it... ...it isn't?! In this episode Jay and Joao discuss a recent story where the FBI did exactly that, and they'll also discuss how Microsoft has become the biggest "face palm" discussed on the podcast so far.

Here we are, yet again, with an industry problem caused by the decision of just one software vendor. This time it's VMware that's causing a ruckus. In recent news, it's been reported that VMware will be killing off 56 (yes, 56) of their stand-alone products, and that's on top of the news that broke late last year regarding changes in their licensing model. In this episode, Jay and Joao discuss these recent VMware-related shenanigans.

In this episode, Jay and Joao will discuss an update on the GTA source code theft, how much threat actors are making from ransomware, and more!

In this episode, Jay and Joao will discuss a report earlier this year that reveals the "top 10 cybersecurity misconfigurations". These ten common mistakes can make it trivial for a threat actor to gain access to your infrastructure, so it's definitely a list everyone should pay close attention to.

The Mirai botnet brought the entirety of the internet to its breaking point back in 2016, taking down many prominent web sites. Now, an article from Wired has emerged that reveals the full story behind the scenes - how the threat actors got started, how the events played out, as well as what they're up to these days. Join Jay and Joao as they discuss this very interesting story!

In this episode, Jay and Joao catch up on recent stories. Among the topics they'll discuss another version of CentOS going end of life (and why upgrading isn't so straight-forward), the recent curl vulnerability, and more!

In this episode, Jay and Joao discuss the recent Exim news, which consists of several CVE's. Also, they'll discuss why it's a good idea to make sure you audit the services that are running on your Linux server, and remove the ones you're not using.

We've talked about Supply Chain Attacks on this podcast before, and in this episode Jay and Joao discuss another form of this popular attack vector - RepoJacking! RepoJacking occurs when a repository (such as one hosted on Github) changes information, and due to a link between the old repository info and the new - threat actors can take advantage of this. Join Jay and Joao for a discussion on this attack vector.

There's a multitude of ways you can lose money in Las Vegas, but this time it's not from gambling. In this episode, Jay and Joao will discuss a recent and still developing story where MGM was the target of what appears to be a ransomware attack.

In this episode, Jay and Joao will discuss a recent discovery by Truffle Security that has found 4,500 websites that have exposed a very critical directory. In addition, the upcoming Common Vulnerability Scoring System (CVSS) update, which will bring to version 4.0 - along with some important changes you'll need to understand.

Imagine needing to ask your government permission in order to perform tasks such as installing a security patch, implementing an Intrusion Detection System, updating firmware or upgrading your operating system? If this sounds too ridiculous to be true, then you're right - it is ridiculous, but unfortunately it's a real proposal. In the U.K., Investigatory Powers Act 2016 (IPA) has had an adjustment proposed that could potentially make securing your systems more difficult than it's ever been....

In this episode, Jay and Joao talk about two recent news developments that may have important implications on the overall industry. First, In response to Microsoft's recent Azure debacle, a US Senator calls for a probe to look into the matter. Second, our main story is yet another facepalm worthy idea from Google that aims to add "integrity" to our browsers, but it's oddly lacking in said integrity and almost completely devoid of common sense. Google's "Web Integrity Protection" seems to...

The ongoing saga with Red Hat continues, and now that some time has passed since their controversial announcement, we now have statements from other distributions, including (but not limited to) Oracle and SUSE. In this episode, Jay and Joao talk about the recent developments on this story, and also touch on some trouble that Fortigate has been having nowadays.

When it comes to Linux in the Enterprise, we have quite a few challenges we have to overcome on a day to day basis to ensure we can depend on our technology. We never thought Red Hat themselves would some day become our opponent, but here we are. In this episode, Jay and Joao will discuss discuss the latest impulsive and irresponsible decision Red Hat has made - as well as how that decision results in the company undermining their own customer base, while alienating the Linux Community at the...

Don't you just love e-mail? It's the gift that keeps on giving, and this time managing e-mail is even more annoying for Barracuda's customers, with CVE-2023-2868. This isn't just any CVE, this is a complete system own by the threat actors. In fact, it's so bad that the situation isn't as simple as installing a patch. In this episode, Jay and Joao discuss this vulnerability and just how big of a deal it is.

We've all heard the cloud referred to as "Someone Else's Computer", but what do you do if you find your data is on No One Else's Computer? In this example, there was a happy ending (data was restored) but it's still an important consideration all the same. What do you do if your cloud provider all of a sudden doesn't have your data? In this episode, Jay and Joao discuss a recent situation in which Azure customers found themselves in a bit of a bad situation.

In this episode, Jay and Joao discuss another form of security, job security! Throughout the series, we've advised and educated on enhancing the security of your enterprise network, but in this episode the focus is on YOU. Specifically, how to safeguard yourself from turnover, raise awareness of your importance to your organization, and how to navigate potential "awkward" conversations that System Administrators may find themselves having with their boss. Don't miss this episode!

Open Source Intelligence is a very interesting topic - it's all about the things that might get unknowingly leaked, and this leaked information is perfectly legal to know and possess! The IP address that points to a domain, vacation photos on twitter, or even what you had for lunch can be used against you in order to build a profile. In this episode, Jay and Joao discuss OSINT and some tools that are commonly used to find it.

There are many security certifications that an organization can utilize to prove compliance with one or more standards, and being in compliance can bring additional benefits and opportunities. Federal Information Processing Standard (FIPS) is one of these certifications, and in this episode, Jay and Joao are joined by Nikos from Tuxcare to discuss FIPS and why your organization might consider it.