YusufOnSecurity.com

Enjoying the content? Let us know your feedback!

In today's interconnected world, default configurations are ubiquitous across various systems and devices, from routers to software applications. While convenient for initial setup, these default settings often harbor significant security risks that can leave systems vulnerable to exploitation by malicious actors. In this episode, we delve into the hidden dangers posed by default configurations, exploring real-world examples and discussing strategies to mitigate these risks effectively. Join us as we uncover the critical importance of securing systems against the perils of default settings.
Before that, lets recap on what is top of mind on the news front.

• The toothbrush DDOS that never was
• Your favorite browser might have a feature that defends your home network

https://www.forbes.com: Surprising 3 million hacked toothbrushes story goes viral is it true?
- https://chromestatus.com: Private Network Access
- https://owasp.org: Security Misconfiguration/

Be sure to subscribe!
You can also stream from https://yusufonsecurity.com
In there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!

Today, we’ve got something really exciting for you. If you’ve been following the world of artificial intelligence lately, you’ve probably heard a lot about a new player in town: DeepSeek.
Now, let me tell you, DeepSeek is shaking things up. They’re doing something completely different that’s not only disrupting the AI space but could also be a game-changer in how we approach cost, performance, and security in the future of AI technology. So, grab a seat on a solid ground and buckle up—this week, we’re diving into how **DeepSeek** is leveling the playing field for AI vendors everywhere, cutting costs, and leveraging some really smart techniques that are turning heads in the industry.
And, of course, at the end of today’s episode, we’ll be busting a big cybersecurity myth that might surprise you. But first, let’s talk all things DeepSeek.
Before we dive into the main, we will also bring you update todate on the news front:
- Deepseek date breach. Yes they were hit already!

https://www.technologyreview.com: How DeepSeek
ripped up the AI playbook—and why everyone’s going to follow its lead

https://www.digitaltrends.com: Microsoft is letting anyone use ChatGPT’s $200 reasoning model for free

https://www.wiz.io: Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History

Be sure to subscribe!
You can also stream from https://yusufonsecurity.com
In there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!

Today, we’re tackling a fundamental yet often misunderstood tool in every cybersecurity professional's arsenal—vulnerability scanners. What role do they play in protecting our organizations? Where do they shine, and where do they fall short?
As always, we’ll cut through the jargon and break things down for everyone—from seasoned professionals to those just beginning their journey in cybersecurity. And stick around until the end for this week’s myth-busting segment, where we debunk a misconception about cyber security in general that many people still believe.
So grab your favorite beverage, get set, and let’s dive right in!

• Tenable Scanner Agent went offline globally

All that coming up next, in this week episode.
- https://docs.tenable.com: Tenable Nessus Agent 2025 Release Notes
- https://www.splunk.com: Vulnerability Scanners Primer

Be sure to subscribe!
You can also stream from https://yusufonsecurity.com
In there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!

Welcome back and thank you for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english.
I'm your your host Ibrahim Yusuf
In today's episode, we're shedding light on a critical yet often overlooked aspect of cybersecurity - Indications of Compromise, also known as IOCs. These vital pieces of forensic data can be the canary in the coal mine, alerting us to potential network intrusions before they wreak havoc on our systems.
We'll discuss what IOCs are, why they are essential, and how you can use them proactively to enhance your cybersecurity strategy.
But first, a quick look on what is top of mind in the security news this week.

• NCSC releases more details designed to help organisations how to migrate to post-quantum crypto
• The source of Okta breach....no price for guessing

https://www.ncsc.gov.uk: Next steps preparing for post quantum cryptography
- https://www.linkedin.com: Okta data breach lesson browser security
- https://www.scmagazine.com: Okta breach linked to workers personal google account
- https://www.attackiq.com: Pyramid of pain
- https://github.com/Cisco-Talos: IOCs
- https://sec.cloudapps.cisco.com: Indication Of Compromise Reference Guide

Be sure to subscribe!
You can also stream from https://yusufonsecurity.com
In there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!

Thanks for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english.
This is another exciting episode of our cybersecurity podcast! Today, we've got a topic that's hot off the press—the newly released Payment Card Industry Data Security Standard version 4, or PCI DSS v4. If you're in the world of payments, data security, or simply curious about the latest in safeguarding your customers' sensitive information, this episode is a must-listen.
In this edition, we'll explore the key updates and changes in PCI DSS v4, the reasons behind its release, and what it means for businesses processing credit card transactions. From enhanced authentication measures to the latest encryption protocols, the new standard promises to fortify data protection and combat emerging cyber threats.
So, get ready to dive into the cutting-edge world of PCI DSS v4 as we unravel the advancements that'll shape the future of secure payment processing. Let's jump right in with the start of this week's top trending news.

• Accidental VirusTotal upload is a valuable reminder to double check what you share
• Microsoft allows logging access to all their license tiers like E3

https://support.virustotal.com:How it works
https://www.virustotal.com: Upload
https://www.bleepingcomputer.com: Stolen Microsoft key offered widespread access to Microsoft cloud services
https://www.bleepingcomputer.com: Microsoft expands access to cloud logging data for free after Exchange hacks
https://listings.pcisecuritystandards.org: PCI-DSS-v3-2-1 to v4-0 Summary of Changes

Be sure to subscribe!
You can also stream from https://yusufonsecurity.com
In there, you will find a list of all previous episodes in there too.