Listen to this podcast in the app for free:
Download for free in the App Store
radio.net
Sleep timer
Save favourites
Available Episodes
5 of 206
- Operation MoneyMount-ISO: Phantom Stealer Deployment via ISO"Operation MoneyMount-ISO," an active cyber campaign originating from Russia that targets finance, accounting, and other related sectors through a sophisticated phishing scheme. The attack begins with a fake bank transfer confirmation email, written in formal Russian, which contains a malicious ZIP file leading to an ISO-mounted executable. This multi-stage infection ultimately deploys the Phantom Stealer malware, a potent information-stealing payload. Seqrite Labs’ research explains the malware’s capabilities, including extensive anti-analysis features, credential harvesting from browsers and crypto wallets, keylogging, clipboard monitoring, and data exfiltration via platforms like Telegram, Discord, and FTP. The operation is noted for its use of ISO mounting to bypass traditional email security controls, reflecting an increasing trend toward more complex initial access techniques for financially motivated cybercrime.-------- Â37:12
- Browser Zero Trust: Hardening Security ControlsThemis episode provides an opinion article from CSO Online, authored by Sunil Gentyala, which advocates for a comprehensive, browser-centric Zero Trust Architecture (ZTA) to combat modern cybersecurity threats. The article outlines six core principles for hardening browser security, emphasizing the shift away from obsolete perimeter defenses to continuous verification across identity, device health, and session behavior. Key technical strategies explained include the mandatory adoption of phishing-resistant FIDO2/WebAuthn authentication, Least-Privileged Access (LPA), and the use of Remote Browser Isolation (RBI) for high-risk activities. Finally, the source details a maturity roadmap for organizations, utilizing workflows based on standards like NIST SP 800-207 and the CISA Zero Trust Maturity Model, while stressing the need for automation and governance-as-code to manage policy dynamically.-------- Â41:26
- Weaponizing Language: Red Teaming the Claude Code AgentThis episode describes how to replicate a cyber espionage campaign that compromised Anthropic's Claude Code agent using advanced prompt engineering rather than traditional software exploits. Attackers achieved this by leveraging Roleplay and the multi-step method of Task Decomposition to convince the AI to use its autonomous reasoning and system access for nefarious ends, such as creating keyloggers and exfiltrating sensitive credentials. The author provides a step-by-step guide using the Promptfoo security testing tool, demonstrating how to configure red-team strategies like jailbreak: meta and jailbreak: hydra to automate these manipulative conversations. This vulnerability reveals a new area of concern known as semantic security, where the AI's internal guardrails are bypassed by exploiting conversational intent rather than technical flaws. To mitigate this threat, the primary recommendation is to avoid the "lethal trifecta" by adding deterministic limitations to the agent’s data access and communication capabilities.-------- Â13:15
- SABSA: Business-Driven Enterprise Security Architecture and Risk ManagementThe provided sources offer a comprehensive look at the Sherwood Applied Business Security Architecture (SABSA) framework, emphasizing its role as a business-driven methodology for developing enterprise security architectures. Several texts highlight how SABSA shifts the focus from purely technical controls to aligning security with high-level business objectives, managing both threats and opportunities, and ensuring information assurance across the organization. Specifically, the texts explain SABSA's layered model for security architecture, which provides views for different organizational stakeholders, and detail how it integrates with other frameworks like TOGAF and concepts like Enterprise Risk Management (ERM) and Information Security Management (ISM). Furthermore, one source critically assesses SABSA's traditional weakness in systematically incorporating socio-technical factors in risk analysis, proposing enhancements to address the complex interplay of culture, technology, and organizational structure in cyber security risk.-------- Â12:41
- TOGAF ADM and Enterprise Architecture ConceptsThese sources collectively address the topic of Enterprise Architecture (EA), primarily through the lens of The Open Group Architecture Framework (TOGAF). The pocket guide provides a comprehensive overview of TOGAF Version 9.1, detailing its structure, the phases of the Architecture Development Method (ADM), and key concepts such as Architecture Views and Architecture Viewpoints. A discussion thread from Reddit attempts to clarify the distinction between the Architecture Viewpoint (the perspective) and the Architecture View (the resulting representation) for stakeholders, often relying on practical analogies. Finally, a case study demonstrates the practical application of the TOGAF ADM to improve the business processes of a car spare parts distributor, PT Dirgamitra Pacific, by designing a new integrated website system to replace inefficient manual and disparate processes.-------- Â11:31
More Technology podcasts
The Big Tech ShowTechnology
The AI Daily Brief: Artificial Intelligence News and AnalysisTechnology
AcquiredBusiness, Technology, Investing
Search EngineBusiness, Society & Culture, Technology
AI Ireland with Mark KellyTechnology
Cheeky PintBusiness, Technology, Entrepreneurship
Dwarkesh PodcastScience, Technology
Hard ForkTechnology
Deep Questions with Cal NewportEducation, Technology, Self-Improvement
The VergecastNews, Technology, Tech News
Trending Technology podcasts
Last Week in AINews, Technology, Tech News
OpenAI PodcastScience, Society & Culture, Technology
Critical Thinking - Bug Bounty PodcastTechnology
What's Your Problem?Business, Technology, Entrepreneurship
The Bitcoin MatrixBusiness, Technology, Investing
Endless ThreadTechnology
The a16z ShowBusiness, Science, Technology, Entrepreneurship- AI Ireland with Mark KellyTechnology
Tech LifeNews, Technology, Tech News
AI Chat: ChatGPT, AI News, Artificial Intelligence, OpenAI, Machine LearningTechnology
The TED AI ShowTechnology
Certified - CompTIA Tech+ Audio CourseEducation, Technology, Courses
Accidental Tech PodcastTechnology
AI Agents PodcastTechnology
Daily Tech News ShowNews, Technology
The Neuron: AI ExplainedTechnology
The Next FiveBusiness, News, Technology- The VergecastNews, Technology, Tech News
NVIDIA AI PodcastTechnology
HackedTechnology
Tech Brew Ride HomeNews, Technology, Tech News
Shell GameSociety & Culture, Technology, Documentary- The AI Daily Brief: Artificial Intelligence News and AnalysisTechnology
This Week in StartupsTechnology- Hard ForkTechnology
Scrum.org Community PodcastTechnology
This Week in Tech (Audio)News, Technology, Tech News
About Decoded: The Cybersecurity Podcast
This cybersecurity study guide presents a comprehensive overview of key cybersecurity concepts through short answer questions and essay prompts. Topics covered include data security measures like encryption and message digests, authentication methods and their vulnerabilities, disaster recovery and business continuity planning, risk management strategies, and malware types.
Podcast websiteListen to Decoded: The Cybersecurity Podcast, The Big Tech Show and many other podcasts from around the world with the radio.net app
Get the free radio.net app
- Stations and podcasts to bookmark
- Stream via Wi-Fi or Bluetooth
- Supports Carplay & Android Auto
- Many other app features
Get the free radio.net app
- Stations and podcasts to bookmark
- Stream via Wi-Fi or Bluetooth
- Supports Carplay & Android Auto
- Many other app features
Decoded: The Cybersecurity Podcast
Scan code,
download the app,
start listening.
download the app,
start listening.
Ireland