🔐 Do Your Configurations Keep You Safe? 🔐

How does a major financial institution like Capital One suffer a data breach that exposes over 100 million credit applications?
In August 2019, a former Amazon employee was arrested for orchestrating a data breach that exposed over 100 million consumer credit applications at Capital One. How was AWS left vulnerable to a Server-Side Request Forgery (SSRF) attack, and how were their internal security measures misled and circumvented?
In our latest Deep Dive, host Lieuwe Jan Koning is joined by Tim Timmermans (CISO ON2IT) and Luca Cipriano (Threat Intel Specialist ON2IT) as they go through all the steps the hacker took, and what could’ve been done to prevent this data breach from happening.

Curious who was behind the hack, and how they managed to pull it off despite Capital One being compliant with numerous regulations and frameworks? Tune in to learn more and make sure you don’t fall victim to a similar attack!

🚨 When Cybersecurity Experts Get Hacked 🚨 How does a company specializing in Identity and Access Management like OKTA suffer a data breach? In this case, a service account password was inadvertently saved by an OKTA employee to their personal Google account, which led to the credentials being leaked. This incident exposed a significant gap in compliance and highlighted how human error can result in even the most well-respected cybersecurity companies being compromised. In this Deep Dive, Tim Timmermans (CISO at ON2IT) and Rob Maas (Field CTO at ON2IT) join host Lieuwe Jan Koning to unpack how this breach occurred, and what lessons we can all learn from it. If even cybersecurity companies are vulnerable, how can you ensure your organization stays protected? === 📈 Download your infographic and receive your own 👕 Threat Talks T-shirt: https://threat-talks.com 🕵️ Threat Talks is a collaboration between ON2IT and AMS-IX

⁠#1password⁠ ⁠#cyberattack⁠ ⁠#cybersecurityexperts⁠ ⁠#threattalks⁠

Have you ever wondered how a simple game app could lead to your bank account being emptied?

In this deep dive of Threat Talks, Lieuwe Jan Koning dives into the sinister world of Vultur Android malware. Joined by experts Rob Maas and Luca Cipriano, they unravel the mechanics of this malicious threat and discuss practical steps to safeguard your devices.

Tune in to learn how to protect yourself from these covert cyber threats and stay one step ahead of hackers.

👕 Request your own Threat Talks T-shirt: https://threat-talks.com/breaking-the-bank/ 🕵️ Threat Talks is a collaboration between ON2IT and AMS-IX

Let's uncover how cybercriminals almost stole a billion dollars through sophisticated spear phishing and malware tactics.

Dive into the Bangladesh Bank SWIFT attack with Lieuwe Jan Koning, Rob Maas and Luca Cipriano. Learn about the vulnerabilities they exploited, the steps of the attack, and the cybersecurity measures that could have thwarted it.

Enhance your understanding with our downloadable infographic, available alongside the podcast. Tune in now to stay ahead of cyber threats and protect your digital assets!

Want to know more about breaking the bank? Then our main episode will be very interesting for you. Listen to it here, pay close attention, and win a T-shirt by providing the code for the treasure hunt!

Cybersecurity expert Jayson E. Street shares insights on how he legally "robs" banks to expose vulnerabilities.

By exploiting human vulnerabilities rather than advanced technology, Jayson demonstrates how simple tools and social engineering can bypass even the most secure systems.

Jayson, along with host Lieuwe Jan Koning and Threat Intel Specialist Luca Cipriano, discusses real-life incidents like the SWIFT Gateway vulnerability, the Vulture Android banking malware, and the Binance crypto hack.

Heard the code of the Treasure Hunt? Fill it in and get your Threat Talks T-shirt here: https://threat-talks.com/breaking-the-bank/

This episode of Threat Talks delves into the world of DDoS attacks with special guests Remco Poortinga from SURF and Martijn Peijer from the Dutch Tax Office.

Discover how easy it is to launch these attacks and learn about the strategies to counter them. We'll explore different types of DDoS attacks, the importance of collaboration, and how regular exercises can strengthen defenses.

Plus, don't miss our special treasure hunt for a chance to win a T-shirt! Tune in for insightful discussions on cybersecurity and the ever-evolving threats in the digital landscape.

Get your Threat Talks T-shirt here: https://threat-talks.com/threat-talks-on-tour-cyber-guardians-anti-ddos-coalition

Discover how Zero Trust can effectively protect against cyber threats and hear firsthand experiences from industry leaders!

Lieuwe Jan Koning and cybersecurity expert John Kindervag dive into the concept of Zero Trust at the RSA Conference in San Francisco.

They discuss the prevalence and importance of Zero Trust in the cybersecurity landscape, sharing insights from the conference and Kindervag's extensive experience.

Learn about the fundamentals of Zero Trust, its evolution since 2010, and why it remains a critical strategy in combating modern cyber threats.

Whether you're an IT professional, cybersecurity enthusiast, or just curious about the latest in cyber defense, this episode offers actionable insights and expert perspectives on a vital security strategy.

👉🏻👉🏻 https://threat-talks.com/threat-talks-on-tour-john-kindervag-2/

Join host Lieuwe Jan Koning as he interviews John Kindervag, creator of Zero Trust, at the RSA conference.

Explore the origins, principles, and impact of Zero Trust on modern cybersecurity.

Download the NSTAC report discussed in the episode here.

Get your Threat Talks T-shirt on https://threat-talks.com/!

CVE-2024-1709 is a critical vulnerability in ScreenConnect that has been exploited in multiple healthcare-related breaches, highlighting significant security risks.

Explore the Change Healthcare attack caused by compromised Citrix credentials and learn about critical cybersecurity measures like network segmentation and EDR tools.

Explore the infographic for an in-depth look at the ScreenConnect vulnerability: https://threat-talks.com/deep-dive-screenconnect/

How did Ireland's largest healthcare network, HSE, fall victim to a crippling ransomware attack?

What security flaws were exploited, and how can you prevent similar threats?

Join us in this Deep Dive of Threat Talks as we uncover the details of the attack, the tactics used by cybercriminals, and essential strategies to protect your organization.

Can your defenses withstand a ransomware attack? Tune in to find out!

Download the infographic here: https://threat-talks.com/deep-dive-hse-ransomware/

Discover the vulnerabilities of the DICOM protocol in healthcare and the significant risks it poses, including data breaches and manipulation.

This deep dive covers practical solutions for protecting sensitive patient information and enhancing cybersecurity measures in medical systems.

Join host Lieuwe Jan Koning with guests Jan van Boesschoten and Sina Yazdanmehr as they explore these critical issues and provide actionable advice for healthcare providers.

Download the infographic here: https://threat-talks.com/deep-dive-dicom/

In this episode of Threat Talks, we examine major cybersecurity risks in healthcare.

We discuss how old systems like DICOM, still widely used, can lead to serious cyberattacks. How do recent breaches and outdated protocols threaten patient privacy and disrupt healthcare services?

Guided by Lieuwe Jan Koning, CTO of ON2IT, alongside cybersecurity experts Sina Yazdanmehr and Rob Maas, we explore the dangerous terrain of legacy systems, highlighting breaches involving HSE hospitals and vulnerabilities in ScreenConnect, and explaining how outdated protocols and software threaten patient privacy and disrupt healthcare services.

Here is the link to Sina's DICOM talk: https://www.youtube.com/watch?v=CgJIxTP8ydQ&t=0s

Download the infographic here: https://threat-talks.com/healthcare-responsibilities-regulations-and-legacies/

🔐 Is Your "Secure" File Transfer Tool Really Secure? 🔐

If you’re depending on certifications alone to keep your data safe (spoiler: you shouldn’t be!), this episode is a must-watch.

In this Deep Dive, Lieuwe Jan Koning is joined by Threat Intel Specialist Luca Cipriano and CISO Tim Timmermans to explore a prevalent case study; the Accellion File Transfer Appliance hack.

Over 300 companies, including major players like Shell and the Reserve Bank of New Zealand, relied upon this trusted secure file transfer solution. But when an attack hit its legacy version, these organizations found out the hard way that compliance doesn’t always equal security.

Donning the red team hat of a hacker, Luca walks us through all the steps the attackers took, whilst blue team representative Tim offers insights and an answer to the ever-pressing question: could this have been prevented and if so, what could (or should) have been done?

#filetransfer #cybersecurity #hacked #threattalks

==== 📈 Find our infographics and receive your own 👕 Threat Talks T-shirt: https://threat-talks.com 🕵️ Threat Talks is a collaboration between ON2IT and AMS-IX

Tune into this special episode of Threat Talks, as we dissect the critical CVE 2024 3400 vulnerability in Palo Alto Networks' GlobalProtect servers.

Join our cybersecurity experts for a deep dive into the vulnerability's implications, our response strategies, and practical tips to bolster your defenses against similar threats.

For those who crave even more detailed insights, be sure to check out our comprehensive information page on this topic: https://on2it.net/nl/cve-2024-3400-pan-os-os-command-injection-vulnerability-in-globalprotect/

And read our blog posts for a deeper dive into the technical aspects and implications of CVE-2024-3400:

☞ https://on2it.net/palo-alto-networks-cve-2024-3400-alert/ ☞ https://on2it.net/vpn-firewall-integration-a-strategic-analysis/

Download the infographic here: https://threat-talks.com/unraveling-cve-2024-3400/

Understanding Reflection Attacks: A Simple Yet Powerful DOS Method.

👕 Request your own Threat Talks T'shirt: https://threat-talks.com/cant-deny-ddos-in-2024/ Distributed Denial of Service (DDoS) Attacks Explained Picture this: a DDOS attack, but turbocharged by the clever use of network request reflections. This discussion sheds light on how attackers harness the normal functions of protocols to unleash powerful assaults on unprepared targets. Interestingly, these attacks don't rely on exploiting software flaws; instead, they use the basic architecture of protocols like DNS and NTP to increase their destructive power. Here's a breakdown of what you need to know about reflection attacks, from their conception to how they're combatted: The Basics: What exactly is a reflection attack? We delve into the fundamental components of these attacks, detailing the roles of the attacker, the servers, and the victims caught in the digital crossfire. Why UDP?: Discover why UDP is the preferred protocol for reflection attacks. What makes it uniquely vulnerable, and how does it help the attacker? Defense Strategies: What strategies can organizations employ against the relentless flood of unwanted network responses? We explore practical steps for mitigation, helping you fortify your defenses against such insidious attacks. Join us as we dive into the strategic approach to a cyber attack, where knowing how to anticipate and counter the adversary's tactics is critical to protecting your digital assets. Let's explore together and strengthen our defenses! ✅ All our Threat Talks can be found on https://threat-talks.com 👕 Request your own Threat Talks T'shirt: https://threat-talks.com/cant-deny-ddos-in-2024/ 🕵️ Threat Talks is a collaboration between on2IT and AMS-IX

Dive into the largest data breach of 2023, a devastating supply chain attack involving the MOVEit software, which impacted over 60 million individuals.

Learn how the Klo Ransomware Group exploited a zero-day vulnerability through SQL injection to carry out their attack, and the challenges this presents for cybersecurity measures today.

Interested in the full technical info of the discussed threats? For more detailed information or to access the infographic, please visit https://threat-talks.com/deep-dive-moveit/

Join us for a deep dive episode of Threat Talks, focusing on Log4j, the critical logging library at the heart of Java development.

Discover Log4j's flexibility in message configuration and how it enhances Java programming. Perfect for those looking to deepen their Java and Log4j knowledge.

Interested in the full technical info of the discussed threats? For more detailed information or to access the infographic, please visit https://threat-talks.com/deep-dive-log4j-the-danger-of-software-dependencies/.

The SolarWinds incident, affecting 18,000 high-profile environments, including the US government and Fortune 500 companies, was attributed to the state-sponsored group Fancy Bear.

This breach demonstrated the complexity and reach of supply chain attacks, emphasizing the challenge of defending against state-backed adversaries.

Interested in the full technical info of the discussed threats? For more detailed information or to access the infographic, please visit https://threat-talks.com/deep-dive-solarwinds-the-danger-of-third-party-software/.

In this episode of Threat Talks, we explore the covert perils of supply chain attacks. Matthijs Zwart, CIO and CISO at Vitens, acknowledges the risk landscape surrounding supply chain attacks, but also suggests that the occasional incident can offer unforeseen advantages.

Featuring Matthijs as the special guest, this episode brings together host Lieuwe Jan Koning and Threat Intel Specialist Luca Cipriano for a comprehensive examination of supply chain attacks. They delve into the characteristics of these threats, defensive tactics, and how Vitens has successfully managed previous episodes involving SolarWinds, Log4j, and MOVEit.

Interested in the full technical info of the discussed threats? For more detailed information or to access the infographic, please visit https://threat-talks.com/supply-chain-business-as-usual/.

This Threat Talks - deep dive - focuses on a recent SQL injection attack targeting Ivanti EPM software, a powerful endpoint management solution.

Lieuwe Jan Koning, Luca Cipriano and Rob Maas explore the attack's mechanics, its implications for network security, and compare it to historical incidents like the SolarWinds supply chain attack. The episode offers a thorough analysis of how organizations can defend against such vulnerabilities, emphasizing the importance of secure management software in protecting endpoints.

Through expert insights and practical advice, the talk highlights the critical need for robust cybersecurity measures in today's digital landscape.

Interested in the full technical info of the discussed threats? For more detailed information or to access the infographic, please visit https://threat-talks.com/deep-dive-ivanti-epm/

In this deep dive of Threat Talks, we delve into the intricate realm of cybersecurity, spotlighting a newly uncovered vulnerability within Google's OAuth authentication system.

Uncover a hidden feature in the Google multi-login API causing significant disruptions. Intended to streamline the authentication process for Google services like Gmail, Calendar, and Maps, this API harbors an undocumented functionality that enables nefarious actors to circumvent authentication measures, even following a password reset.

Join us as we navigate through the complexities of this security flaw and its implications on digital safety.

Interested in the full technical info of the discussed threats? For more detailed information or to access the infographic, please visit https://threat-talks.com/deep-dive-google-oauth-bypass/

Fancy Bear, also known by the Russian actor designation APT28, has been implicated in cyber attacks targeting Microsoft Outlook and other platforms, utilizing CVEs to exploit systems.

This group, associated with Russian military intelligence, is known for attempting to influence democratic processes in France and the US, supporting pro-Russian actions in Europe and the US.

Interested in the full technical info of the discussed threat? For more detailed information or to access the infographic, please visit https://threat-talks.com/outlook-vulnerability-deep-dive/

Learn about AI-generated phishing attacks, the strengths and weaknesses of multi-factor authentication (MFA), and real-world cyber attack cases.

Discover the balance between security and usability, the importance of user education, and the future of authentication technologies.

Join us for an insightful exploration into the evolving landscape of cybersecurity and how to protect against the ever-present threats online.

Interested in the full technical info of the discussed threats? For more detailed information or to access the infographic, please visit https://threat-talks.com/the-authentication-apocalypse/

Compliance doesn't always mean security. In this episode of Threat Talks, we dive deep into the critical operational gap between being compliant and being secure. Host Lieuwe Jan Koning, along with ON2IT's CISO Tim Timmermans and Pieter de Lange, CISO at Transdev, discuss how organizations can bridge this gap to not just tick boxes but to truly protect themselves from cyber threats. Learn the essential strategies that go beyond compliance and ensure robust security measures. Don't miss this insightful discussion that could redefine your approach to cybersecurity!

#compliancemanagement #cybersecurityexperts #threattalks === 📈 Download your infographic and receive your own 👕 Threat Talks T-shirt: https://threat-talks.com 🕵️ Threat Talks is a collaboration between ON2IT and AMS-IX

Step into the digital fortress with our latest podcast episode on the FortiOS SSLVPN buffer overflow vulnerability. Our cybersecurity experts break down the complexities of this critical threat and guide you through robust protection strategies.

This episode is a must-listen for anyone looking to safeguard their digital landscape against sophisticated cyber threats. Tune in to fortify your knowledge and ensure your organization's resilience in the face of potential cyber attacks.

Interested in the full technical info of the discussed threats? For more detailed information or to access the infographic, please visit https://threat-talks.com/fortios-sslvpn-buffer-overflow/

We take a deep dive into TunnelCrack Cybersecurity Risk, an advanced attack that exploits VPN vulnerabilities. Discover the strategies attackers use, from evil twin attacks at your favorite café to sophisticated DNS manipulations.

More importantly, learn how to protect yourself and your organization from such vulnerabilities. Tune in for an enlightening session filled with invaluable insights and preventive measures.

Interested in the full technical info of the discussed threats? For more detailed information or to access the infographic, please visit https://threat-talks.com/tunnelcrack-vpn-deep-dive/

Delve deeper into cybersecurity's critical aspects with our thorough examination of the Citrix Netscaler Zero Day vulnerability.

This analysis covers the vulnerability's technical nuances, highlighting its capacity for remote code execution and the severe risks it poses to network security.

Understand the sophisticated mechanisms attackers use to exploit this vulnerability, leading to unauthorized access and potential data breaches.

Interested in the full technical info of the discussed threat? For more detailed information or to access the infographic, please visit https://threat-talks.com/citrix-netscaler-deep-dive/

Navigating the complexities of remote work and its security challenges? In this episode of Threat Talks, we delve deep into the pressing issues surrounding remote access and the vulnerabilities that come with it.

Deep Dive into Citrix Netscaler ADC, Tunnelcrack, and Fortinet/FortiGate. Vulnerabilities: Understand the risks and how they impact your business.

Do we really need to reboot our routers weekly? Is avoiding remote access a viable option in today's world? Discover these answers and more!

Interested in the full technical info of the discussed threats? For more detailed information or to access the infographic, please visit https://threat-talks.com/does-remote-work/

This episode features Lieuwe Jan Koning and Luca Cipriano discussing the Mirai botnet, which has infected over 600,000 devices and disrupted major services worldwide. They explain its operations, impact, and the role of IoT devices, also covering malware types and propagation methods.

The episode offers practical cybersecurity tips like strong passwords and regular updates, providing crucial insights for both experts and enthusiasts in today’s evolving cyber threat landscape.

Interested in the full technical info of the discussed threat? For more detailed information or to access the infographic, please visit https://threat-talks.com/miria-botnet-deep-drive/

DDoS attacks are becoming increasingly more frequent, and there doesn’t appear to be any signs of slowing down.

If you’re looking for insights into the types of DDoS attacks that are being used, expert opinions on the best prevention and remediation and much more, tune in for this episode of Threat Talks. Lieuwe Jan Koning, Peter van Burgel and Luca Cipriano discuss the following hacks:

• Mirai botnet
• HTTP/2 rapid reset
• Reflection and Amplification DDoS attacks

Interested in the full technical info of the discussed threats? For more detailed information or to access the infographic, please visit https://threat-talks.com/cant-deny-ddos-in-2024/

Threat Talks was born from a collaboration between ON2IT, a global leader in Zero Trust cybersecurity, and AMS-IX, one of the world’s largest internet exchange providers.

Leveraging our combined expertise and extensive networks, we offer a unique platform where the brightest minds in cybersecurity converge to share their stories, insights, and predictions.

Presenting

- Lieuwe Jan Koning - Co-Founder and CTO, ON2IT

- Peter van Burgel - CEO, AMS-IX

- Luca Cipriano - Threat Intel Specialist, ON2IT

𝐈𝐬 𝐭𝐡𝐞 𝐒𝐚𝐧𝐝 𝐄𝐚𝐠𝐥𝐞 𝐀𝐏𝐓 𝐭𝐡𝐞 𝐉𝐚𝐬𝐨𝐧 𝐁𝐨𝐮𝐫𝐧𝐞 𝐨𝐟 𝐜𝐲𝐛𝐞𝐫-𝐚𝐭𝐭𝐚𝐜𝐤𝐬? 🕶️

Just as Bourne eluded the most advanced surveillance and security systems in the world, the Sand Eagle APT made headlines 📰 for its ability to infiltrate and bypass layers of digital defense on supposedly the most secure devices on the market – iPhones. 📱

From exploiting legacy system vulnerabilities to the use of advanced return-oriented programming, this APT made use of not one, not two, but four zero-days to reach its goal – cyber espionage.Host Lieuwe Jan Koning is joined by Martijn Peijer (Cybersecurity Expert SOC at the Dutch Tax Office) and Rob Maas (Field CTO at ON2IT) for this break down on how this threat operated undetected for so long, what the goal was and the immense resources likely involved in its development.

🎧 𝐓𝐮𝐧𝐞 𝐢𝐧 𝐭𝐨 𝐞𝐩𝐢𝐬𝐨𝐝𝐞 32 𝐨𝐟 𝐓𝐡𝐫𝐞𝐚𝐭 𝐓𝐚𝐥𝐤𝐬! 🎧

📈 Find our infographics and receive your own 👕 Threat Talks T-shirt: threat-talks.com  

🕵️ Threat Talks is a collaboration between ON2IT and AMS-IX

#cybersecurityexperts #threatintelligence #zeroday #threattalks

Ethan Hunt is known for doing the impossible. 😎 What if he and his team spoke Russian 🇷🇺 and on the onset of the invasion of Ukraine, they brought down control of 5.800 wind turbines in Germany 🇩🇪? Does this sound impossible? 🧐 Join ON2IT experts Lieuwe Jan Koning, Rob Maas and Luca Cipriano in this Deep Dive into the Russia GRU Viasat Hack, and find out what strategies were used to hack Viasat and how you can best prepare for and counter this kind of 🦾 attack. SHOW NOTES ===== 📈 Download the infographic on: https://threat-talks.com 🕵️ Threat Talks is a collaboration between ON2IT and AMS-IX

Threat Talks episode #31 #cybersecurityexperts #threatintelligence #cyberwarfare #ThreatTalks

How do James Bond’s spy skills compare to modern cyber espionage?

The Nexus Barracuda Hack was performed by highly skilled, Chinese cyber attackers, who exploited a zero-day vulnerability in Barracuda’s Email Security Gateway (ESG). 🚨

Join Lieuwe Jan Koning, Rob Maas and Luca Cipriano to find out about the strategies the attackers used, how their tactics could’ve been countered, and whether or not stopping James Bond-level spies is an achievable goal for cybersecurity experts.

=======

👕 Find our infographics and request your own Threat Talks T-shirt on threat-talks.com 🕵️ Threat Talks is a collaboration between ON2IT and AMS-IX

=======

Threat TalksEpisode #30

#CyberSecurity #ThreatIntelligence #ON2IT #CyberEspionage #ThreatTalks #Infosec

Explore the hidden world of cyber warfare and advanced persistent threats (APTs) in this episode of Threat Talks.

Join cybersecurity experts Lieuwe Jan Koning, Luca Cipriano and special guest Martijn Peijer as they discuss real-life cyber espionage cases and the latest cybersecurity strategies.

Show notes

• Summary of I-S00N leaks | Github
• Anxun and Chinese APT Activity | VX-underground
• Github summary | VX-underground

Find all episodes and request your own Threat Talks T-shirt on https://threat-talks.com.

Explore the rising threat of DDoS attacks on European elections in this special episode of Threat Talks.

Join Lieuwe Jan Koning and cybersecurity experts Octavia de Weerdt and Frank Dupker as they discuss the motivations behind these attacks, the role of the Anti-DDoS Coalition, and strategies to safeguard our digital democracy.

Find all our episodes and request your own Threat Talks T-shirt on https://threat-talks.com/.

Join Lieuwe Jan Koning on this special Threat Talks as he explores the evolving landscape of DDoS attacks with Junior Corazza and Miguel Regalado Querol.

Discover if these cyber threats are truly diminishing or if we're just getting better at defending against them. Tune in to understand the current state of DDoS mitigations and the importance of cybersecurity collaboration.

Find all our episodes and request your own Threat Talks T-shirt on https://threat-talks.com/

Imagine creating millions in cryptocurrency…without spending a cent. 💸

🔍 Explore the Binance BNB Chain Attack, where attackers used cross-chain bridges to create crypto assets out of thin air.

👾 Dive into the exploit’s details, from blockchain’s cryptographic structures to vulnerabilities in cross-chain transfers. With breakdowns of Merkle trees and validation flaws, this discussion reveals how even minor misconfigurations can lead to massive security gaps.

🔍 Curious about blockchain risks and crypto asset security? Want to gain insight into safeguarding assets in a digital-first world? >> Check this episode!

=== 📈 Download the infographic

https://on2it.s3.amazonaws.com/Infographic-breaking-the-bank.pdf

👕 Request your own Threat Talks T-shirt

⁠https://threat-talks.com/breaking-the-bank/

🕵️ Threat Talks is a collaboration between ON2IT and AMS-IX.

𝐄𝐯𝐞𝐫 𝐛𝐞𝐞𝐧 𝐚𝐬𝐤𝐞𝐝 𝐭𝐨 𝐡𝐚𝐜𝐤 𝐚 𝐛𝐨𝐚𝐭? When Luca Cipriano and Jeroen Scheerder were given the challenge, they took an unexpected approach—step one: build the boat themselves. It was a scale model, but they made sure it closely mirrored a real boat’s systems. With help from Damen Shipyards engineers, they even included a working ballast system. Of course the next step was to hack said ballast system. In this Threat Talks episode, Lieuwe Jan Koning chats with Luca and Jeroen about building the boat, why they did it, the fun they had along the way and whether or not their plan worked. They also dive into how they hacked the ballast system and how such an attack could’ve been prevented. 𝐃𝐨𝐧’𝐭 𝐦𝐢𝐬𝐬 𝐨𝐮𝐭! 🔔 𝘚𝘶𝘣𝘴𝘤𝘳𝘪𝘣𝘦 🔔 and stay tuned for fascinating deep dives into the world of cybersecurity. === -- 🌎 -- threat-talks.com -- 📈 -- Threat Talks infographics -- 👕 -- Receive your own Threat Talks T-shirt 🕵️ Threat Talks is a collaboration between ON2IT and AMS-IX

AIS (Advanced Identification System) is a key tool in maritime navigation.

It helps ships transmit their location and data to other vessels and satellites, preventing collisions and supporting rescue operations. 🛟 It’s a crucial technology for navigating 🗺️ the unpredictable oceans 🌊 —but it’s not without its vulnerabilities. 🏴‍☠️ Pirates can use AIS to track high-value ships, and hackers can manipulate the system. Picture this: your ship is safely docked, but hackers make it appear as if it’s entering dangerous, hostile waters. This tactic, known as spoofing, doesn’t just mess with a ship’s navigation—it can send out false reports to military or civilian observers, creating chaos and confusion. Just imagine the stakes in a situation with rising military tension – if it suddenly seems like your warships are showing up in enemy harbors, the risk of conflict skyrockets, to say the least. 🔥 In this Deep Dive, host Lieuwe Jan Koning, along with guests Rob Maas and Jeroen Scheerder, explore the potential dangers of AIS hacking and what steps can be taken to make this vital system more secure and trustworthy for the future. === 📈 Find our infographics and 👕 receive your own Threat Talks T-shirt: https://threat-talks.com

🕵️ Threat Talks is a collaboration between ON2IT and AMS-IX

𝐇𝐚𝐜𝐤 𝐭𝐡𝐞 𝐁𝐨𝐚𝐭: 𝐂𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐨𝐧 𝐭𝐡𝐞 𝐇𝐢𝐠𝐡 𝐒𝐞𝐚𝐬 🌊 Imagine you're the captain of a massive ship, cruising through open waters at full speed. Suddenly, something feels off... Are you veering off course? But your monitors show everything is fine... Is it a malfunction or could this be a cyber-attack? Live from the Tugboat bridge simulator at Damen Shipyards, this episode of Threat Talks dives into the cyber threats that modern vessels face. Whilst maritime vessels used to have limited connection to the internet, these days, modern shipping operations rely heavily on both information technology (IT) and operational technology (OT) to stay afloat. Which means that these days, boats are as likely a target of cyber-attacks as banks and retail. With marine cybercrime steeply on the rise, what can maritime companies do to bring their IT and OT in line with today’s cybersecurity standards? And how exactly would one hack a boat? Host Lieuwe Jan Koning is joined by special guest Hans Quivooij (CISO Damen Shipyards) and Threat Intel Specialist Luca Cipriano as they discuss: • The growing threat of cyber-attacks in the maritime industry • Real-world scenarios of ship hacking • How shipbuilders like Damen are staying ahead of cyber threats Don’t miss out! Hit that subscribe button and stay tuned for more fascinating deep dives into the world of cybersecurity. 🔔 ===== 👕 Find our infographics and request your own Threat Talks T-shirt: https://threat-talks.com/ 🕵️ Threat Talks is a collaboration between ON2IT and AMS-IX #cybersecurityexperts #maritimesecurity #ThreatTalks #techsafety

🌊 Don’t drown in HTTP/2 Rapid Reset attacks! 🌊

The HTTP/2 Rapid Reset attack is a powerful new DDoS method that exploits weaknesses in the HTTP/2 protocol. By overwhelming web servers with rapid reset frames, attackers can disrupt services and cause significant downtime, making it a serious threat to organizations.

In our latest Deep Dive, host Lieuwe Jan Koning is joined by Rob Maas (Field CTO ON2IT) and Luca Cipriano (Threat Intel Specialist ON2IT) as they walk through the attack mechanism, what the impact on organizations can be, and how you can keep your head above water when facing this deluge of requests.

This attack method has been making waves for its ability to disrupt web servers quickly and efficiently. How exactly does it work? What makes it so effective?

Tune in for this Deep Dive to find out! ======== 👕 Find our infographics and request your own Threat Talks T-shirt: https://threat-talks.com/ 🕵️ Threat Talks is a collaboration between ON2IT and AMS-IX

Windows Recall is a new feature in Windows 11 that captures screenshots every few seconds and stores them in a local database. It’s designed to help users find what they’ve seen or done: but that convenience may come at a high cost.

In this episode of Threat Talks, ON2IT Field CTO Rob Maas speaks with security expert Jeroen Scheerder about the real risks of Recall. They break down how the tool works, what data it captures, and why the built-in protections may not be enough.

In this episode of Threat Talks:

🧠 How Recall works and what makes it so controversial

🔍 Why bolted-on security measures leave gaps

🎯 Which users and organizations are most exposed

Tune in to hear why Windows Recall is raising red flags and what you need to know to protect your organization.

Andy Grotto (founder and director of the Program on Geopolitics, Technology and Governance at Stanford University) puts it plainly: there's a 5% chance that within the next 10 years, AI could rule over humans. That number might sound small, but it's enough to take seriously.

He joins host Lieuwe Jan Koning and guest Davis Hake (Senior Director for Cybersecurity at Venable) as they dive into the technology, governance, and risks behind autonomous AI. From system trustworthiness to liability, and market incentives to regulation, they break down what’s already happening and what needs to happen next.
They also discuss how humans will struggle to validate AI outcomes in areas where AI excels, why thoughtful deployment is key, and what it means to be “quick, but not in a hurry.” 

Key topics:
✅ How to adopt your security and governance to the use of AI
🧠 Why applying existing IT risk frameworks is a smart starting point
⚖️ How to balance regulation, trust, and innovation
Can your organization keep up with AI that moves faster than human oversight?

Zero Trust is about more than just IP addresses and firewalls: it’s about understanding what truly matters to your business.

In step one of Zero Trust: define your protect surface, we focus on how to prioritize what you want to protect, how to avoid common pitfalls, and how to kick off your Zero Trust journey from a solid, business-aligned foundation.

In this episode of Threat Talks, host Lieuwe Jan Koning and Field CTO Rob Maas get down to the basics of step one of Zero Trust: defining the protect surface.

They explore:

✅ Methods for defining protect surfaces

⛨ Establishing the relevance of each protect surface

📈 How to align your cybersecurity with business needs and goals

In this second episode of a multi-part deep dive on Zero Trust, Lieuwe Jan and Rob clarify where to start with Zero Trust implementation, discuss the importance of business and board involvement and explain why starting small is key.

Zero Trust is everywhere – but what does this actually mean? Is it a cybersecurity strategy, a set of tactics, a product you can buy, or just clever marketing?

In this kickoff episode of this Zero Trust series, Lieuwe Jan Koning and Rob Maas explore what Zero Trust actually is, how to think about it strategically, and why it’s not just about identity or buying new tools.

They discuss:

✅ Why Zero Trust isn’t a product, and what it actually is

🗺️ The five steps and four core principles of Zero Trust

🚧 Why business alignment – and not anything technical – is the hardest part of Zero Trust implementation

They debunk the most common myths, from “Zero Trust is identity” to “just buy a firewall,” and explain what it takes to embed Zero Trust into business operations. A must-watch, whether you’re just curious, are just starting your Zero Trust journey or are already well underway.

What happens when a cyber threat actor doesn’t want to make headlines? Volt Typhoon, a state-sponsored group tied to the People’s Republic of China, has been quietly infiltrating Western critical infrastructure, staying under the radar by avoiding malware, using native tools, and taking things slow.

In this episode of Threat Talks, Lieuwe Jan Koning is joined by Rob Maas and Luca Cipriano to break down how these attackers operate and what their endgame might be.

💨 What makes “low and slow” attacks so hard to detect?

🔧 How do living-off-the-land tactics help attackers blend in?

📉 What motivations do threat actors like Volt Typhoon have?

Volt Typhoon isn’t just another cyber threat: it’s a sign that the game has changed. If you’re focused on national security, infrastructure, or advanced threat defense, you won’t want to miss this episode.

Dark Markets are making cybercrime more accessible than ever. Malware, remote access tools, phishing kits, credit cards information: all of it is readily available, and oftentimes available as a service, if you just know where to look. Subscribing to these illicit services is now as easy as signing up for Disney+.

In this Deep Dive, host Rob Maas and special guest, cybersecurity researcher Michele Campobasso, discuss dark markets, and the rise of cybercrime-as-a-service.

Key questions answered in this Deep Dive:

🕶️ What are dark markets, and how do they work?

🔑        How do cybercriminals (or intrepid researchers) access these dark markets?

🎬        How is cybercrime becoming as accessible as a streaming service?

⚠️  What risks do businesses face from dark markets?

🔎        What role does threat intelligence plays in monitoring these markets?

With cybercrime as easy to access as a Netflix subscription, Rob and Michele explore how these underground marketplaces operate, how they’re changing the threat landscape, and what organizations can do to protect themselves.

The Dark Web Economy: Hacks for $10?

Would you pay $10 for access to a corporate system? Because someone on the dark web already has. In this episode of Threat Talks, host Lieuwe Jan Koning talks to cybersecurity researcher Michele Campobasso about the business of cybercrime. From ransomware services to stolen credentials, the dark web is thriving.

💰 How much is YOUR data worth on the dark web?
🚨What’s for sale—and who’s buying?
🛒 How is hacking becoming a subscription-based service?

Cybercriminals operate like well-run businesses, offering hacking tools, stolen credentials, and even customer support. But if cybercrime is getting more sophisticated, what can individuals and businesses do to fight back?

⏳ What happens when time goeswrong?

Time synchronizationis an overlooked but essential part of cybersecurity. A few microseconds ofdrift can lead to failed transactions, inaccurate forensic logs, or evensecurity breaches.

In this episode of ThreatTalks, host Rob Maas (Field CTO, ON2IT) and guest Jan van Boesschoten(Innovation Manager, AMS-IX) discuss:

·      How does time impact cybersecurity, and whathappens when it drifts?

·      Why is NTP no longer sufficient for high-speeddigital transactions?

·      How does Precision Time Protocol (PTP) providemicrosecond accuracy (and why does that matter)?

·      Could time manipulation be an attack vector,and how do organizations mitigate this risk?

From financialtransactions to forensic log analysis, knowing exactly when an eventoccurs can make or break an organization’s security posture.