Enjoying the content? Let us know your feedback! Today, we’re tackling a fundamental yet often misunderstood tool in every cybersecurity professional's arsenal—vulnerability scanners. What role do they play in protecting our organizations? Where do they shine, and where do they fall short? As always, we’ll cut through the jargon and break things do…

Enjoying the content? Let us know your feedback! This final episode of 2024, we recap the best the most listened to episodes of the year. And this year we have a great four back to back of the greatest of them all. Lets start with the first eisode 191 - Is The Browser The New Operating System? released on the 28th of September. Next is episode 172 …

Enjoying the content? Let us know your feedback! It is a topical episode we’re diving into a high-stakes challenge every organization faces: It is holiday season, how do you manage threats when most of the security team is off duty. Imagine a holiday season, a long weekend, or even an unexpected emergency. With key team members unavailable, how do …

Enjoying the content? Let us know your feedback! In this week's episode, we’re diving into a concerning and highly consequential topic: the Volt Typhoon espionage campaign—an advanced persistent threat that has sent shockwaves through the cybersecurity and telecommunications industries. Volt Typhoon, a state-backed APT group, has been making headli…

Enjoying the content? Let us know your feedback! This week episode, we dive into one of the most fascinating aspects of digital investigations: Windows forensic artifacts. It does not matter who you are: a security professional, an aspiring investigator, or simply curious about how experts uncover the digital breadcrumbs left on your computer, this…

Enjoying the content? Let us know your feedback! Today, we’re tackling a topic that every organization, big or small, absolutely must take seriously: Incident Response Playbook Imagine this: It’s 3 a.m., and your phone buzzes with an alert. A possible ransomware attack has been detected in your network. Do you panic, or do you execute a clear, stru…

Enjoying the content? Let us know your feedback! This week, we’re diving into a hot-off-the-presses report from the FBI, CISA, and NSA —a breakdown of the most exploited vulnerabilities of 2023. Think of this as the hackers' “most wanted” list: the weaknesses in software and systems that bad actors love to exploit because they’re effective and wide…

Enjoying the content? Let us know your feedback! Today, we’ll dive into what browser engines are, how they power your online experiences, and the security efforts shaping the modern web. We’ll also unpack extension security, with a spotlight on Google’s Manifest v3, and see how Safari and Firefox approach these challenges. Whether you’re a casual b…

Enjoying the content? Let us know your feedback! It is another week and another podcast shaw on YusufOnSecurity where we deep dive into the complex world of cybersecurity that concerns both professionals and anyone interested in how attackers continue to evolve their methods. This week we will be covering advanced malware evasion techniques—strateg…

Enjoying the content? Let us know your feedback! In this week's episode I will unpack the complexities of the cybersecurity world and help you stay informed and secure. Today, we’re going to dig into some intriguing concepts shaping the cybersecurity landscape: the Shared Fate Model and Trust Anchors. Some say these concepts are becoming so vital i…

Enjoying the content? Let us know your feedback! Lets face it, the cyber crooks are always lurking aroud waiting for an opportunity to come in. They choose the path of least resistant and password is often their way in. Unfortunately password is still with us and for sometime to come too. In today episode, we’re digging deep into top common types o…

Enjoying the content? Let us know your feedback! This week's episode is an interview with Nadim Lahoud from Red Sift at GITEX the Global IT Expo that is held yearly in Dubai. It is the largest tech startup gathering in the world. Redsift is a company that provides a cloud-based DMARC, DKIM and SPF configuration and management platform called OnDMAR…

Enjoying the content? Let us know your feedback! Today we’re going to peel back the layers of Microsoft Windows architecture. For many of us, Windows has been a part of our computing lives for decades, whether at work or at home. But how much do we really know about how it works under the hood? In this episode, we’ll take a closer look at what make…

Enjoying the content? Let us know your feedback! In today's episode, we’re diving into the world of APIs and Webhooks—two key technologies that power much of the automation and interaction between services online. Whether you’re a developer, security expert, or someone just curious about how data flows through the internet, this episode will give y…

Enjoying the content? Let us know your feedback! Today we’re discussing an exciting trend in the world of technology—the browser is no longer just a window to the web. So we asked is it becoming the operating system itself? From the early days of Mosaic and Netscape Navigator to today’s cloud-powered Chromebooks, the browser has evolved dramaticall…

Enjoying the content? Let us know your feedback! In this episode lets look at the world of DevSecOps—a vital practice in modern software development that has implication on security. We’ll trace the history of software development, discuss the evolution of methodologies, and examine the challenges that have led to the emergence of DevSecOps. So, wh…

Enjoying the content? Let us know your feedback! Today’s topic is one that mixes the marvel of modern technology with some very real concerns. We’re talking about the rise of Large Language Models, or LLMs, how they’re rapidly being adopted across industries, and the potential for sensitive data leakage on the open web. It’s a thrilling time for AI…

Enjoying the content? Let us know your feedback! In this episode we’re diving into an important topic that concerns one of the most trusted hardware security tokens on the market—the YubiKey 5 series. We’ll discuss a recently discovered vulnerability affecting YubiKeys and go over what it means for the broader world of authentication and cryptograp…

Enjoying the content? Let us know your feedback! Today, we will look into two essential cybersecurity solutions: File Integrity Monitoring or FIM and Endpoint Detection and Response, commonly known as EDR. Both of these technologies are crucial for protecting systems, but they work in very different ways. We’ll be comparing and contrasting their ca…

Enjoying the content? Let us know your feedback! In today episode we’re diving into something that’s been making waves in the cybersecurity community—NIST Cybersecurity Framework 2.0. The NIST Cybersecurity Framework has long been a cornerstone for building robust security practices, and with the release of version 2.0, there are some exciting new …

Enjoying the content? Let us know your feedback! In this week's episode we will dig in exploring a critical framework that’s reshaping how organizations approach cybersecurity—especially in the energy sector—known as the Cybersecurity Capability Maturity Model. This is also refer to C2M2. We’ll unpack what C2M2 is, why it’s so important, and how it…

Enjoying the content? Let us know your feedback! In this week's episode, we’re unpacking a topic that’s crucial for anyone connected to the digital world: _Why Hackers Target Stolen Credentials_. From understanding the value behind those stolen usernames and passwords to exploring the dark web marketplaces where they’re traded, we’ll break it all d…

Enjoying the content? Let us know your feedback! In this week's episode, we're diving into the Malware Information Sharing Platform, or MISP. We'll explore how MISP helps organizations share and leverage threat intelligence, enhancing their defense against cyber threats. Stay tuned as we unpack its features, benefits, challenges, and practical tips…

Enjoying the content? Let us know your feedback! In this week's episode, we will dig into the risk benefit analysis of allowing kernel level access to third party application. We will look into the inherent risks this brings into the operating system and the benefit thereof. We will also compare the approach the two major operatic system makers too…

Enjoying the content? Let us know your feedback! This week's episode needs very little introduction: The CrowdStrike IT Outage. We will delve into the unprecedented IT outage caused by a corrupt update from CrowdStrike, which led to widespread Blue Screen of Death (BSOD) errors on Windows systems across globe. Join us as we explore how this inciden…

Enjoying the content? Let us know your feedback! As I said in part of this two part series episode, It's easy to feel like nothing is secure these days, with constant reports of data breaches and exploits occurring everywhere you look. From major corporations to small businesses, no one seems immune to these pervasive cyber threats. The frequency a…

Enjoying the content? Let us know your feedback! It's easy to feel like nothing is secure these days, with constant reports of data breaches and exploits occurring everywhere you look. From major corporations to small businesses, no one seems immune to these pervasive cyber threats. The frequency and scale of these incidents can make it seem like o…

Enjoying the content? Let us know your feedback! In this episode, we’re focusing on the rising trend of IT outsourcing and its implications for cybersecurity. As more businesses delegate non-core tasks to third-party providers, they inadvertently open doors to trust relationship attacks. We'll explore how attackers exploit the trust between compani…

Enjoying the content? Let us know your feedback! This week's episode will continue with part 2 of "The Importance of Automation and Orchestration in Cyber Security." As I said in the episode one, the need for efficient and effective security measures has never been more critical. I suggest you listen to E1, before you dive into this one. Without fu…

Enjoying the content? Let us know your feedback! In this week's episode of the podcast we dissect "The Importance of Automation and Orchestration in Cyber Security." As you are well aware cyber threats are becoming increasingly sophisticated and frequent. The need for efficient and effective security measures has never been more critical. Equally, …

Enjoying the content? Let us know your feedback! In this week's episode, we're tackling a topic that has become increasingly relevant in our post-pandemic world: the hidden dangers posed by remote work. As more companies embrace flexible work arrangements, the convenience and efficiency of working from home bring new set of challenges. From cyberse…

Enjoying the content? Let us know your feedback! In this week's episode we're exploring an exciting and transformative innovation: Digital Twins technology and its groundbreaking application in cybersecurity. Imagine having a virtual replica of your entire digital infrastructure—a detailed, dynamic model that mirrors every aspect of your environmen…

Enjoying the content? Let us know your feedback! In this episode we continue with part 2 on comparing SSL VPN and IPsec VPN, two popular technologies used for secure remote access. As I said last week, understanding the nuances of these technologies is therefore crucial. We'll explore how each VPN works, their security features, performance differe…

Enjoying the content? Let us know your feedback! In this week's episode we're diving into the world of VPNs, Specifically we will compare SSL VPN and IPsec VPN, two popular technologies used for secure remote access. In the post pandemic area, remote work become part of the new normal post. Understanding the nuances of these technologies is therefo…

Enjoying the content? Let us know your feedback! In this week's episode, we will be exploring the fascinating world of remote browser isolation technology or RBI as it appreciated. We will delve into what remote browser isolation is, how it works, and the limitations it faces. Join us as we uncover the complexities of this innovative cybersecurity …

Enjoying the content? Let us know your feedback! In part 2 on eBPF we continue demystifying this promising new technology that is strengthening the cyber space. Please listen to the previous episode i.e. Episode 169 before you to listen to this one. Having said that, lets recap a top trending security news, shall we? New UK Law: No Default Password…

Enjoying the content? Let us know your feedback! In this episode, we're diving deep to demystif a groundbreaking technology that's gathering pace on the security front. It is not something most people are aware of. This technology is bringing enhanced visibility, increased performance to enabling powerful security measures. Hang around as we unrave…

Enjoying the content? Let us know your feedback! In this week's episode, we will continue with part 2 on "Preparing for and responding to ransomeware attack" As I said last week, ransomware is a threat that will be around us for the foreseeable future. Do listen to part 1 before you listen to this episode. With that out of the way, lets have a look…

Enjoying the content? Let us know your feedback! Ransomware is a threat that will be around us for the foreseeable future. In this week's episode we will look at the history of ransomware, the common TTPs in use by threat actors such as Turla, how to align our incident response to that threat and others, and finally how to contain, eradicate, and r…

Enjoying the content? Let us know your feedback! This week we will dive into a collection of powerful system utilities and tools designed to help users diagnose, troubleshoot, and monitor Windows operating system. These utilities provide advanced functionality beyond what is typically available in Windows, as they offer insights into system interna…

Enjoying the content? Let us know your feedback! AI is getting into all sorts of places but no less than in cybersecurity in both a good way and bad ways. In a good way with bolstering Incident response live cycle but unfortunately in a bad way with generating convincing phishing email or assisting with script and coding etc. In this week's episode…

Enjoying the content? Let us know your feedback! In our second episode, we continue exploring the concept of adopting a platform security. In this second part we will continue where we left off from last week and will encourage you to listed to the first episode if you have not done so. Before we get into the main topic, lets touch one important to…

Enjoying the content? Let us know your feedback! Welcome and thank you for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english. In this episode, we explore the recently much talked about concept of adopting a platform security. As technology advances, cyber criminals continua…

Enjoying the content? Let us know your feedback! It was the LEAP event this past week. LEAP is a technology event in Saudi Arabia, Riyadh and it attracts every technology company imaginable especially in the cyber security domain. This is year was no different. At LEAP, I met with Port53, a firm that helps from SMB to enterprise businesses with the…

Enjoying the content? Let us know your feedback! This week I attended Qatar Web Summit. This is a technology and start-up summit held yearly in Doha, Qatar. There were a lot going on and I am lucky to have spent time with the Ken Fee, the CEO of Business Technology Architect shorten as BTA where we talked about security, network optimisation and au…

Enjoying the content? Let us know your feedback! In this episode, we are continuing with part 2 of the risks paused by default configuration. As I said last week, while default config is convenient for initial setup, these settings are may introduce significant security risks that can leave systems vulnerable to exploitation by malicious actors. Pl…

Enjoying the content? Let us know your feedback! In today's interconnected world, default configurations are ubiquitous across various systems and devices, from routers to software applications. While convenient for initial setup, these default settings often harbor significant security risks that can leave systems vulnerable to exploitation by mal…

Enjoying the content? Let us know your feedback! This is the second episode of our two part episode on whether quantum computing is a threat to cryptography really. Make sure you listen to episode 1 first as we laid the foundation on what is coming up in this episode. As always lets review this week's top trending security news first. CISA and the …

Enjoying the content? Let us know your feedback! Cryptography are the backbone of privacy since time immemorial. Toda is THE foundational block of the connected world without which the Internet will crumble as we know it. There is a feverish discussions happening and fast improving of a new era in computing - Quantum computing, and it is improving …

Enjoying the content? Let us know your feedback! Welcome and thank you for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english. Accessing and managing various applications and services remotely is a daily occurrence for a typical administrator. It is often the fastest way to …