Look for any podcast host, guest or anyone
Showing episodes and shows of

Jay LaCroix

Shows

Enterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 113 – Black Basta Exposed What’s it like within a hacking group? After 190,000 chat messages from the Black Basta group leak, we get an inside look at operations within such a group. In this episode, Jay and Joao discuss this recent development. Also, breaking news regarding CVE’s literally almost becoming a thing of the past! Thanks to TuxCare for sponsoring the Enterprise Linux Security podcast. Check out their awesome services to see how they can simplify Linux administration! Relevant Articles That groan you hear is users’ reaction to Recall going back into Windows Leak exposes Black Basta’s influence...2025-04-1647 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 112 – Oh Data, Where Art Thou? This time around, Jay and Joao cover several interesting stories, including an alleged Oracle breach, privacy concerns around 23andme, and more! Thanks to TuxCare for sponsoring the Enterprise Linux Security podcast. Check out their awesome services to see how they can simplify Linux administration! Relevant Articles ‘Have I Been Pwned’ creator falls victim to scam Opt out: what to do with your 23andMe account after company filed bankruptcy Researchers back claim of Oracle Cloud breach despite company’s denials Download Links MP3 version Ogg version 2025-03-2639 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 111 – Bugs in the Wild In this episode, Jay and Joao discuss some recent bugs in the wild, including a supply-chain attack that exposes enterprise secrets. Thanks to TuxCare for sponsoring the Enterprise Linux Security podcast. Check out their awesome services to see how they can simplify Linux administration! Relevant Articles Large enterprises scramble after supply-chain attack spills their secrets Critical Vulnerability CVE-2024-4577: Understanding the Threat and Its Exploitation in the Wild Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure Check out Jay’s “Switching to Linux” PDF with tips to help you migrate Download Links...2025-03-1940 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 110 – AI Wars In this episode, Jay and Joao will discuss a couple of recent vulnerabilities, with one of them showing how unskilled threat actors can bolster their abilities with Artificial Intelligence, a trend that’s sure to become very popular in the future. Thanks to TuxCare for sponsoring the Enterprise Linux Security podcast. Check out their awesome services to see how they can simplify Linux administration! Relevant Articles FunkSec: A New Ransomware Group Buoyed by AI New Auto-Color Linux Malware Targets Universities, Government Organizations Auto-Color: An Emerging and Evasive Linux Backdoor Download Links MP3 versio...2025-03-0536 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 109 – TuxCare’s Industry Report 2025 The 2025 Enterprise Linux & Open-Source Landscape Report from TuxCare is here, and with it comes some surprising facts about the state of Linux security today. In this episode, Jay and Joao will discuss some of its most noteworthy findings. Thanks to TuxCare for sponsoring the Enterprise Linux Security podcast. Check out their awesome services to see how they can simplify Linux administration! Relevant Articles The 2025 Enterprise Linux & Open-Source Landscape Report Recent OpenSSH vulnerabilities Download Links MP3 version Ogg version 2025-02-2648 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 108 – 10 Tips for Effective Automation Implementing an effective automation system can be an overwhelming task, one that can often fail – causing some organizations to abandon automation completely. In this video, Jay and Joao will discuss some effective strategies for implementing automation. Thanks to TuxCare for sponsoring the Enterprise Linux Security podcast. Check out their awesome services to see how they can simplify Linux administration! Relevant Articles Check out Jay’s Ansible course on Udemy Download Links MP3 version Ogg version 2025-02-191h 07Enterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 107 – The Plan is there is no Plan How does perception vs reality tie into protecting our infrastructure from threat actors? In this episode, Jay and Joao discuss how pre-concieved notions and misinformation impacts threat response (and more). Thanks to TuxCare for sponsoring the Enterprise Linux Security podcast. Check out their awesome services to see how they can simplify Linux administration! Relevant Articles FBI Deletes PlugX Malware From Computers Infected by China Group Download Links MP3 version Ogg version 2025-02-0642 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 106 – FIDO Implementation Facepalm We all hate passwords, just about as much as we hate Printers and DNS. They’re a nuisance – they’re difficult to manage and are a major attack vector. Thankfully, technologies such as FIDO (Passkeys) have come around to make this easier for everyone. However, Jay and Joao will discuss how tech companies are ruining this for everyone. Thanks to TuxCare for sponsoring the Enterprise Linux Security podcast. Check out their awesome services to see how they can simplify Linux administration! Relevant Articles Passkey technology is elegant, but it’s most definitely not usable security 2025-01-1539 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 105 – Buckets of Fun In this video, Jay and Joao some recently security news, some of which exposes some of the dangers of misconfigured S3 buckets. Also, Volkswagen ended up in a bit of trouble, a Microsoft-related flaw in unicode poses problems, and other security shenanigans are to be expected. Thanks to TuxCare for sponsoring the Enterprise Linux Security podcast. Check out their awesome services to see how they can simplify Linux administration! Relevant Articles RegreSSHion exploit, CVE-2024-6387: A Write-Up WorstFit: Unveiling Hidden Transformers in Windows ANSI! VW Cars Leak Private Data of 800,000 — ‘Volksdaten’ Introduction to the Attack Vec...2025-01-1041 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 104 – Artificial Insanity In this episode, Jay and Joao discuss some unexpected consequences of AI. Also, they’ll give you a “year in review”, going over the most substantial security stories of 2024. Thanks to TuxCare for sponsoring the Enterprise Linux Security podcast. Check out their awesome services to see how they can simplify Linux administration! Relevant Articles AI Slop is Hurting Security – LLMs are Dumb and People are Dim Chinese hackers still lurk in US telecommunications systems Will Europe keep your encrypted messages secret? Log4j Still Being Exploited Download Links MP3 version Ogg version 2024-12-1843 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 103 – Pretty Sly for a WiFiIn this episode, Jay and Joao discuss a recent story where one company's WiFi was used to hack another - and other security shenanigans.2024-12-0633 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 102 – The Cybersecurity Resilience ActIn this episode, Jay and Joao discuss recent goverment policy that will have far reaching effects - and this time it isn't coming from the USA. Also, is C and C++ too "unsafe" to use? Those stories and more during this episode!2024-11-2052 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 101 – Ransomware Health RisksIn this episode, Jay and Joao discuss a recent decision made by VMWare, CISA security requirements, and more about how ransomware can be especially problematic in health care.2024-11-1344 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 100 – Eavesdropping as a ServiceIn the 100th episode, Jay and Joao discuss some stories that literally come full circle from earlier stories in the podcast - encryption back doors, the largest migration cost we've ever covered, and more!2024-10-3145 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 99 – Overwhelming InfrastructureIn this day and age, we can spin up servers and entire networks in seconds. But should we? It's easy to throw resources at problems, but we'll just end up creating more work for ourselves. In this episode, Jay and Joao will discuss provisioning resources more reasonably - and the health of your entire company's network might depend on that!2024-09-1846 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 98 – Old Habits, New ThreatsIn this episode, Jay and Joao discuss the "EUCREAK" vulnerability, as well as a recent story that outlines one of the many ways the industry is vulnerable to the same old tricks with outdated perimeter protection. Don't miss it!2024-09-1139 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 97 – The 0.0.0.0-Day VulnerabilityRecently, an 18-year old bug is making new waves across the Internet, dubbed the "0.0.0.0-Day Vulnerability". What is it? Should you be concerned? Jay and Joao will discuss this and a few other stories in this episode of Enterprise Linux Security.2024-08-2346 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 95 – PolyfillIn this episode, Jay and Joao discuss several recent cybersecurity news stories, including Polyfill - which is another example of why supply chain attacks are something everyone should be paying attention to.2024-07-1040 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 94 – regreSSHionIn this episode, Jay and Joao will discuss the recent regreSSHion vulnerability, which claims to be a path to root - although it might take a while. Also, recent developments with Teamviewer are also discussed.2024-07-0335 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 93 – Ticketmaster’s Weakest LinkIn this episode, Jay and Joao discuss the recent breach suffered by Ticketmaster. Also, several new or updated news stories will be discussed.2024-06-2646 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 91 – The Shared Responsibility ModelIn the last episode, we discussed a story where a company literally lost their cloud - at no fault of their own. But what is truly your responsibility when working with a cloud provider? What is their responsibility? In this episode, Jay and Joao discuss where the line is drawn between you and your cloud provider.2024-06-0500 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 90 – Dude, Where’s My Cloud?In this episode, Jay and Joao talk about a story that's every cloud administrator's worst nightmare - your entire environment, backups, everything - gone. That's exactly what happened to UniSuper, a customer of Google Cloud. In this cautionary tale, we'll explore the case of the missing cloud.2024-05-2236 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 89 – Debunking Security MythsThere's a lot for sysadmins to keep track of when it comes to security, so naturally there's going to be some misconceptions every now and then. In this episode, Jay and Joao discuss some common misconceptions when it comes to security.2024-05-1538 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 88 – The 2024 Verizon DBIRIn this episode, Jay and Joao discuss the 2024 Verizon Data Breach Investigations Report (DBIR), which includes some interesting finds regarding threat actor motives, how user error impacts business, and more!2024-05-0838 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 87 – Ransomware is UnhealthyRansomware is bad enough, but when it impacts healthcare it's even worse! In this episode, Jay and Joao will discuss recent developments at Change Healthcare and their ransomware fiasco, news updates, and more!2024-04-1743 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 86 – The ‘xz’ FiascoOn this podcast, Jay and Joao have discussed multiple times a situation where a threat actor submits a pull request that's more than the project bargained for. And now, we have a situation where OpenSSH was (almost) backdoored by a commit by a maintainer of the xz project. Don't miss this episode for all the details!2024-04-1151 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 85 – Managing a Distro (featuring benny Vasquez from AlmaLinux OS)What goes on behind the scenes when it comes to managing a project as large as a Linux distribution? In this episode, Jay and Joao has a chat with benny Vasquez who is not only a wealth of knowledge on that very subject, she’s also the Chair of the Board of Directors for AlmaLinux OS. ... Read more2024-03-0654 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 84 – Security DebtYou may have heard of "technical debt", but have you heard of "security debt"? In this episode, Jay and Joao will tell you all about it and why it's a major issue for organizations.2024-02-2835 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 83 – FBI/NCA vs LockbitThrough a joint effort, the FBI as well as NCA struck a major blow to the Lockbit ransomware group. In this episode, Jay and Joao will discuss this story as well as the state of Linux in the enterprise/open-source landscape.2024-02-2136 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 82 – In the Name of the LawWhen a threat actor breaks into a router and adds firewall rules that the owner didn't approve of, that's considered hacking. But when the FBI does it... ...it isn't?! In this episode Jay and Joao discuss a recent story where the FBI did exactly that, and they'll also discuss how Microsoft has become the biggest "face palm" discussed on the podcast so far.2024-02-0745 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 81 – The VMware GraveyardHere we are, yet again, with an industry problem caused by the decision of just one software vendor. This time it's VMware that's causing a ruckus. In recent news, it's been reported that VMware will be killing off 56 (yes, 56) of their stand-alone products, and that's on top of the news that broke late last year regarding changes in their licensing model. In this episode, Jay and Joao discuss these recent VMware-related shenanigans.2024-01-3149 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 80 – Stop Paying Threat Actors!In this episode, Jay and Joao will discuss an update on the GTA source code theft, how much threat actors are making from ransomware, and more!2024-01-1041 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 79 – Top Ten Security MisconfigurationsIn this episode, Jay and Joao will discuss a report earlier this year that reveals the "top 10 cybersecurity misconfigurations". These ten common mistakes can make it trivial for a threat actor to gain access to your infrastructure, so it's definitely a list everyone should pay close attention to.2023-11-2944 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 78 – Mirai: The Untold StoryThe Mirai botnet brought the entirety of the internet to its breaking point back in 2016, taking down many prominent web sites. Now, an article from Wired has emerged that reveals the full story behind the scenes - how the threat actors got started, how the events played out, as well as what they're up to these days. Join Jay and Joao as they discuss this very interesting story!2023-11-1544 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 77 – Security News SyncIn this episode, Jay and Joao catch up on recent stories. Among the topics they'll discuss another version of CentOS going end of life (and why upgrading isn't so straight-forward), the recent curl vulnerability, and more!2023-11-0842 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 76 – You Got MalwareIn this episode, Jay and Joao discuss the recent Exim news, which consists of several CVE's. Also, they'll discuss why it's a good idea to make sure you audit the services that are running on your Linux server, and remove the ones you're not using.2023-10-0535 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 75 – RepoJackingWe've talked about Supply Chain Attacks on this podcast before, and in this episode Jay and Joao discuss another form of this popular attack vector - RepoJacking! RepoJacking occurs when a repository (such as one hosted on Github) changes information, and due to a link between the old repository info and the new - threat actors can take advantage of this. Join Jay and Joao for a discussion on this attack vector.2023-09-2736 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 74 – Unlucky in VegasThere's a multitude of ways you can lose money in Las Vegas, but this time it's not from gambling. In this episode, Jay and Joao will discuss a recent and still developing story where MGM was the target of what appears to be a ransomware attack.2023-09-1341 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 73 – TruffleHog and CVSS version 4.0In this episode, Jay and Joao will discuss a recent discovery by Truffle Security that has found 4,500 websites that have exposed a very critical directory. In addition, the upcoming Common Vulnerability Scoring System (CVSS) update, which will bring to version 4.0 - along with some important changes you'll need to understand.2023-09-0643 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 72 – Surveillance FacepalmImagine needing to ask your government permission in order to perform tasks such as installing a security patch, implementing an Intrusion Detection System, updating firmware or upgrading your operating system? If this sounds too ridiculous to be true, then you're right - it is ridiculous, but unfortunately it's a real proposal. In the U.K., Investigatory Powers Act 2016 (IPA) has had an adjustment proposed that could potentially make securing your systems more difficult than it's ever been. In this episode, Jay and Joao discuss how these potential changes will complicate pretty much everything.2023-08-2339 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 71 – Internet DRMIn this episode, Jay and Joao talk about two recent news developments that may have important implications on the overall industry. First, In response to Microsoft's recent Azure debacle, a US Senator calls for a probe to look into the matter. Second, our main story is yet another facepalm worthy idea from Google that aims to add "integrity" to our browsers, but it's oddly lacking in said integrity and almost completely devoid of common sense. Google's "Web Integrity Protection" seems to protect only their ad dollars while making browsing more tedious for the end-user. Will it pass? What is it...2023-08-0951 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 70 – The Red Hat Saga ContinuesThe ongoing saga with Red Hat continues, and now that some time has passed since their controversial announcement, we now have statements from other distributions, including (but not limited to) Oracle and SUSE. In this episode, Jay and Joao talk about the recent developments on this story, and also touch on some trouble that Fortigate has been having nowadays.2023-07-1250 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 69 – Red Hat vs Enterprise ITWhen it comes to Linux in the Enterprise, we have quite a few challenges we have to overcome on a day to day basis to ensure we can depend on our technology. We never thought Red Hat themselves would some day become our opponent, but here we are. In this episode, Jay and Joao will discuss discuss the latest impulsive and irresponsible decision Red Hat has made - as well as how that decision results in the company undermining their own customer base, while alienating the Linux Community at the same time.2023-06-281h 03Enterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 68 – The Barracuda VulnerabilityDon't you just love e-mail? It's the gift that keeps on giving, and this time managing e-mail is even more annoying for Barracuda's customers, with CVE-2023-2868. This isn't just any CVE, this is a complete system own by the threat actors. In fact, it's so bad that the situation isn't as simple as installing a patch. In this episode, Jay and Joao discuss this vulnerability and just how big of a deal it is.2023-06-2143 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 67 – No One Else’s ComputerWe've all heard the cloud referred to as "Someone Else's Computer", but what do you do if you find your data is on No One Else's Computer? In this example, there was a happy ending (data was restored) but it's still an important consideration all the same. What do you do if your cloud provider all of a sudden doesn't have your data? In this episode, Jay and Joao discuss a recent situation in which Azure customers found themselves in a bit of a bad situation.2023-06-1438 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 66 – Job SecurityIn this episode, Jay and Joao discuss another form of security, job security! Throughout the series, we've advised and educated on enhancing the security of your enterprise network, but in this episode the focus is on YOU. Specifically, how to safeguard yourself from turnover, raise awareness of your importance to your organization, and how to navigate potential "awkward" conversations that System Administrators may find themselves having with their boss. Don't miss this episode!2023-05-1051 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 65 – Open Source Intelligence Tools (OSINT)Open Source Intelligence is a very interesting topic - it's all about the things that might get unknowingly leaked, and this leaked information is perfectly legal to know and possess! The IP address that points to a domain, vacation photos on twitter, or even what you had for lunch can be used against you in order to build a profile. In this episode, Jay and Joao discuss OSINT and some tools that are commonly used to find it.2023-05-0343 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 64 – FIPSThere are many security certifications that an organization can utilize to prove compliance with one or more standards, and being in compliance can bring additional benefits and opportunities. Federal Information Processing Standard (FIPS) is one of these certifications, and in this episode, Jay and Joao are joined by Nikos from Tuxcare to discuss FIPS and why your organization might consider it.2023-04-2645 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 63 – Their CloudAccording to several sources, and confirmed by Western Digital themselves, there's been a breach regarding the company's cloud related offerings, such as "My Cloud" and various cloud-enabled storage products. Many of the details have yet to be revealed, but considering that Western Digital filed a 10-K form with the SEC, it's very possible that it could be serious. In this episode, Jay and Joao discuss this story so far, with more specific details sure to come.2023-04-1946 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 62 – Operation: Cookie MonsterA multi-national effort took down a leading market for ill-gotten credentials, resulting in well over 100 arrests. This initiative was dubbed "Operation: Cookie Monster", and while that certainly sounds like satire - it's totally not. Genesis, the marketplace in question, was seized by a law enforcement team consisting of personnel from multiple countries. In this episode, Jay and Joao discuss this story. But not only that, what are some of the ramifications of this? Could this have lasting impacts on the industry in general? Definitely don't miss this episode!2023-04-1248 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 61 – The Principle of Least PrivilegeWith the recent takeover of the "Linus Tech Tips" YouTube channel, what can we learn? In this episode, Jay and Joao will discuss some of the ways you can prevent such an event from happening to you (and it's not just YouTube that's a target).2023-03-2943 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 60 – AI Enhanced SecurityWhen it comes to Enterprise IT (and especially the security sector) we have our work cut out for us. As the workload increases, we look for tools and utilities to help us keep up with the demand. But what about artificial intelligence? As we discussed in a previous episode, AI is here to stay and will be making waves in security. In this episode, Jay and Joao dive in to just a few of the ways this tech might transform the security field and those that work within it (directly or indirectly).2023-03-2240 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 59 – AlmaLinux OSAlmaLinux OS was created around the time of "that big CentOS" announcement, and has been a worthy solution for enterprises that wish to continue with Enterprise Linux, but without the fear of the distribution being changed into something else entirely. As a drop-in replacement for Red Hat, AlmaLinux OS continues to tackle new ground and builds a strong community. In this video, Jay and Joao are joined by Atalay Kelestemur who works on the project to discuss this distribution - and there may even be some surprises in store.2023-03-1551 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 58 – Tales from the Red TeamTasks that penetration testers and security analysis perform in order to expose security weaknesses may seem like a mysterious and complicated art. Most of the time, these tasks are considered "secret sauce" and unless you work for a red team, you may not be aware of what it may look like while someone attempts to gain access from the outside. In this episode, Jay and Joao discuss a report released by CISA, that provides a very detailed account at what goes into this type of work. This report is definitely a must-read, and this episode is a must-listen!2023-03-0844 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 57 – Record Breaking DDoS AttacksDDoS (Denial of Service) attacks are incredibly common, and apparently, are breaking records. In this episode, Jay and Joao discuss a recent blog post from Cloudflare regarding how popular this attack vector is becoming nowadays, as well as a quick refresher on Denial of Service attacks in general.2023-02-1641 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 55 – Should You Trust Password Managers?Passwords - for better or worse, they're a reality and something we have to deal with. With the average person having many accounts, it's gotten to the point where we just can't manage these by ourselves. Password managers help us securely store these confidential secrets, but recently Lastpass (one of the most popular password managers) has suffered a breach. Although no actual passwords within vaults were cracked, recent events do raise a red flag. In this episode, Jay and Joao discuss whether or not you should trust password managers.2023-02-0247 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 54 – Recovering from RansomwareRansomware - an extremely frustrating security threat that can cause business disruption, data loss, as well as long work days during the recovery process. But how do you recover from such an event? In this foundational episode, Jay and Joao discuss some tips on how to deal with this, tips you'll hopefully never need but are good to have nonetheless.2023-01-2749 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 53 – Digital TwinsBy using clever infrastructure engineering strategies to increase reliability, you can minimize disruption and downtime for your organization. Another technique to consider is the concept of Digital Twin - having a full system clone/mirror you can use to test enhancements, perform a root-cause analysis, or more. In this episode, Jay and Joao discuss Digital Twins and how the concept can potentially help your organization.2023-01-1937 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 52 – AISecOpsArtificial intelligence seems to be all the rage nowadays, and not just in SciFi movies. Organizations can utilize AI to assist with difficult or time-consuming tasks. Now, AI has made its way into the security industry - and AI tools to check for security concerns are already starting to pop up. In this episode, Jay and Joao discuss AISecOps.2023-01-1239 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 51 – Samba in the Kernel, What Could Possibly Go Wrong?!Adding unnecessary components to the Kernel is generally a bad idea, as it increases its threat surface. In this episode, Jay and Joao discuss a recent story that's a perfect example of why it's important to keep this under control. A vulnerability was recently discovered in the Linux kernel that scored the highest possible rating, and it all started when ksmbd was added.2023-01-0542 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 50 – The Many Faces of PatchingWhen it comes to patching, were you aware that there's more than one type of patch? In this episode of Enterprise Linux Security, Jay and Joao discuss the various types of patching that's performed today.2022-12-2935 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 48 – New Malware, Old VulnerabilitiesWhile it's certainly never a good thing to become the victim of a cyber-attack, it can be even more embarrassing if the CVE the threat actor used to get a foothold into your systems was patched a long time ago. In this episode, Jay and Joao discuss malware that's currently taking advantage of vulnerabilities that were patched over a year ago! As important as software updates happen to be, why are so many organizations unable to keep up with them?2022-12-1535 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 47 – Legislating Open SourceSupply chain attacks in open source software projects are a real possibility. In fact, we've covered actual incidents in previous episodes of this podcast. In this episode, Jay and Joao discuss developing legislation that will require the components within open source projects to be a part of a bill of materials (among other requirements). This is definitely something you'll want to be aware of if your organization produces open-source software, but even non-developers should be aware of it as well.2022-11-2532 minChangelog InterviewsChangelog InterviewsLinux mythbusting & retro gamingThis week we’re doing some Linux mythbusting and talking retro gaming with Jay LaCroix from Learn Linux TV. This is a preview of what’s to come from our trip to All Things Open next week. By the way, make sure you come and check us out at booth 60. We’ll be recording podcasts, shaking hands, giving out t-shirts and stickers…and speaking of gaming, you can go head-to-head with us on Mario Kart or Rocket League on the Nintendo Switch. We’re giving that Switch away to a lucky winner at the conference, but you have to play to wi...2022-10-281h 39Changelog Master FeedChangelog Master FeedLinux mythbusting & retro gaming (The Changelog #512)This week we’re doing some Linux mythbusting and talking retro gaming with Jay LaCroix from Learn Linux TV. This is a preview of what’s to come from our trip to All Things Open next week. By the way, make sure you come and check us out at booth 60. We’ll be recording podcasts, shaking hands, giving out t-shirts and stickers…and speaking of gaming, you can go head-to-head with us on Mario Kart or Rocket League on the Nintendo Switch. We’re giving that Switch away to a lucky winner at the conference, but you have to play to wi...2022-10-281h 39The Changelog: Software Development, Open SourceThe Changelog: Software Development, Open SourceLinux mythbusting & retro gaming (Interview)This week we’re doing some Linux mythbusting and talking retro gaming with Jay LaCroix from Learn Linux TV. This is a preview of what’s to come from our trip to All Things Open next week. By the way, make sure you come and check us out at booth 60. We’ll be recording podcasts, shaking hands, giving out t-shirts and stickers…and speaking of gaming, you can go head-to-head with us on Mario Kart or Rocket League on the Nintendo Switch. We’re giving that Switch away to a lucky winner at the conference, but you have to play to wi...2022-10-281h 39Enterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 46 – MonitoringIf you're in charge of maintaining servers and related equipment, what should you monitor? While monitoring is something that will grow and expand over time, Jay and Joao will give you some tips in this episode. Check out this episode for some tips on some of the baseline checks you should implement with your monitoring solution of choice.2022-10-2845 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 44 – Is Linux less of a Target?In this episode, Jay and Joao discuss how much of a target Linux is, as well as some myths surrounding Linux and security. Also, there will be some news updates as well.2022-09-2952 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 43 – Grand Theft DataIn this episode, Jay and Joao discuss a handful of cybersecurity events in the news. While none of these stories are super exciting from a technical standpoint, there's definitely some lessons to be learned. As part of this discussion, Jay and Joao will talk about topics related to the recent Grand Theft Auto leak, as breaches that targeted Uber, 2k games, and more.2022-09-2247 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 42 – Do NOT Fire Your Security Team!Recent news of Patreon firing their security team is making the rounds online, and in this episode, Jay and Joao will talk about this very strange story and some takeaways from it.2022-09-151h 07Enterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 41 – Important CISO Focus AreasWhat are some of the important areas that a Chief Information Security Officer should focus on? In this episode, Jay and Joao discuss a recent article where Aman Sood (a CISO for Jimdo) discusses important aspects of the job to pay attention to. This information from the perspective of an actual CISO offers a unique ... Read more2022-09-1344 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 40 – Continuous Integration / Continuous DeliveryContinuous Integration/Continuous Delivery is huge concept when it comes to application deployment nowadays, and with good reason. Automating the compilation, testing, and other aspects of the development process increases efficiency and reliability. Security is another layer of a good CI/CD system, and in this episode, Jay and Joao discuss CI/CD and the security aspects of the popular deployment style.2022-09-0459 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 39 – Publicly Available RDP, What Could Go Wrong?!What happens when you open up the Remote Desktop Protocol (RDP) to the public Internet? Definitely some shenanigans, that's what. In this episode, Jay and Joao discuss some recent news, which includes a company that made the mistake of making RDP available to everyone, multiple crypto-malwares at the same time, and other news.2022-08-2745 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 38 – De-anonymizing Ransomware DomainsWhen Ransomware attacks begin spreading, how would officials go about finding the source? Most of the time, finding the culprit(s) behind cyber-attacks is a very challenging task. In this episode of Enterprise Linux Security, Joao and Jay discuss some methods that were recently used to de-anonymize ransomware domains.2022-08-0622 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 36 – First Live Episode!In episode 36 of the Enterprise Linux Security podcast, Jay and Joao record an episode live for the first time.2022-07-2340 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 35 – Top 25 Dangerous Software WeaknessesIn this episode, Jay and Joao discuss a recent report that identifies the "Top 25 most dangerous software weaknesses." This list includes the usual suspects, as well as some very interesting findings as well. In addition, the descriptions of the common weaknesses serves as a good jumping in point if you're new to this podcast.2022-07-1157 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 34 – How one business lost EverythingWhat would it be like to suffer a cyberattack event, that literally closes down an entire business? That's exactly what happened to United Structures of America, a steel manufacturing company. In this episode, Jay and Joao discuss what happened, and some of the lessons learned that should cause other organizations to take a hard look at how insecure their own systems are.2022-06-3047 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 33 – Patch your Confluence Server!Atlassian software is constantly under attack, and often the source of many lost weekends for IT admins. Recently, a brand-new vulnerability has been discovered - CVE-2022-26134. This particular vulnerability is remotely exploitable, and has been listed as critical. In this episode, Jay and Joao discuss this vulnerability, as well as some of the struggles around Atlassian software in general.2022-06-2440 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 32 – MySQL for Everyone!Are you a fan of MySQL? What if we told you that there's an infinite supply of it online, right out in the open?! It's literally as bad as it sounds! In this episode, Jay and Joao discuss how over 3.6 million MySQL instances are publicly available, as well as other forms of unintended public access.2022-06-1645 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 31 – How NOT to Research SecurityA "researcher" with a screen name of "Sockpuppets" decides to demonstrate how insecure some specific online resources are, in the worst way possible. You can't make this stuff up! In this episode, Jay and Joao discuss what this individual wanted to accomplish (and what happened instead).2022-06-1353 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 30 – Tools & UtilitiesThere are many tools and utilities around security and network management, and in this episode of Enterprise Linux Security, Jay and Joao discuss some of their favorites.2022-06-0953 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 29 – High Level ThreatsIn this episode, Jay and Joao unpack some recent news around the BVP47 vulnerability, and some very interesting details around it and how it came to be. This is one of those "spy thriller" type episodes, so don't miss it!2022-06-0236 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 28 – Second Factor AuthenticationThrough the course of the podcast so far, Jay and Joao have discussed foundational topics, as well as news and current trends. In this episode, second factor authentication is discussed. This foundational episode will go over what it is, why you should use it, and also some of the things that can potentially weaken its benefit.2022-05-1747 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 27 – People ProblemsIn the industry, we spend a great deal of time hardening our security, doing our due diligence when it comes to patching, implementing firewalls, avoiding EOL software, as well as many other aspects of our security focus. But unfortunately, even a well thought out implementation of common security controls can be rendered useless if we miss the low hanging fruit - such as training our employees and making sure they understand how serious security is, and how they can help. In this episode, Jay and Joao will discuss that and more.2022-05-1245 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 26 – The State of Enterprise Linux Security managementWe talk a lot about patching on this podcast, and the reason for that is because a lot of organizations don't seem to handle this important aspect of security very well. A recent patching report from the Ponemon institute seems to reflect this, and the stats regarding patching definitely don't look good. In this episode of Enterprise Linux Security, Jay and Joao discuss some of the findings within this report.2022-04-2548 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 25 – News RoundupIn the 25th episode of Enterprise Linux Security, Jay and Joao catch up on a few things in the news, including the results of a recent Internet Crime Report, and more!2022-04-1254 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 24 – The Latest on Lapsus$The situation surrounding Lapsus$ is becoming more and more interesting, and in this episode of Enterprise Linux Security Jay and Joao discuss the latest developments regarding the group that has caused quite a ruckus recently.2022-04-0442 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 23 – Busting 5 IT Security MythsCyber security is a huge topic, and through the years the industry changes rapidly to keep up with current threats and related challenges. As a result, some of the beliefs and mindsets we've adopted in the industry have changed as well. In this episode, Jay and Joao discuss 5 myths in the security industry that either need to be adjusted, or downright debunked.2022-03-2845 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 22 – CertificatesEncryption is a great benefit to take advantage of, especially when it comes to hosting web sites. But how exactly do TLS certificates work? In this episode, Jay and Joao discuss foundational concepts surrounding certificates, as well as some advice and recommended practices.2022-03-2156 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 21 – Dirty Pipe & Nvidia’s BreachIn the 21st episode of Enterprise Linux Security, Jay and Joao discuss the recent "Dirty Pipe" vulnerability, as well as Nvidia's recent breach.2022-03-1646 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 20 – Cloud GovernanceCloud Computing is all the rage these days - but what happens when a company moves to the cloud to quickly? While cloud computing can be a very rewarding technology, it can also get out of hand quite quickly. In this video, Joao and Jay discuss the concept of Cloud Governance, something that any organization that utilizes the cloud can (and should) take advantage of.2022-03-0455 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 19 – The 2021 RBS Year-End Vulnerability Report2021 is now in the past, but there's some very interesting details in the year-end vulnerability report produced by RBS. These details give us a look at some of the trends that will impact 2022 and beyond. In this episode, Joao and Jay discuss the report and some of its findings.2022-02-2743 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 17 – Polkit & LUKS CVE’sThe New Year is just beginning, and we already have a few important CVE's to discuss, this time around Polkit and LUKS. The CVE numbers for these vulnerabilities are CVE-2021-4034 and CVE-2021-4122 respectively. In this episode, Jay and Joao discuss these vulnerabilities.2022-01-3034 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 16 – Library PoisoningWe've discussed supply-chain attacks in the past, and now it's time to see an actual example that happened recently. However, this particular incident is especially unique as the libraries in question were allegedly poisoned by the actual developer. In this episode, Joao and Jay discuss the recent sabotage regarding two very popular NPM libraries.2022-01-2753 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 15 – High AvailabilityIt's frustrating when critical infrastructure encounters an issue that results in a disruption of service. High Availability is a concept that aims to help alleviate (or hopefully eliminate) such downtime, and is a very attractive goal for system administrators. In this episode, Jay and Joao discuss high availability, as well as its pros and cons.2022-01-1154 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 14 – Recovering from DisastersDisasters in the world of tech are frustrating for everyone, not just the company that experienced the incident. In this episode, Jay and Joao discuss thoughts around what it actually means to recovery from a disaster, and why it's typically n2021-12-2854 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 11 – CrowdSecurity. CrowdSec aims to prevent intrusions and other forms of malicious activity, but it does it in a different way - it utilizes intelligence gathered from other users in order to enhance its protection. In this episode, Jay and Joao discuss CrowdSec with Philippe Humeau, the CEO of the project.2021-12-1355 minEnterprise Linux SecurityEnterprise Linux SecurityEnterprise Linux Security Episode 10 – The worst healthcare breaches of 2021Joao and Jay talk about the worst healthcare breaches of 2021, and some lessons that can be learned from these events.2021-12-0647 minThe Mike Dominick ShowThe Mike Dominick ShowEpisode 34: Jay LaCroix of LearnLinux.tvMike sits down with Jay LaCroix of LearnLinux.tv to talk all things Linux and community. LearnLinux.tv Jay on Twitter Mike on Twitter Mike's Blog The Mad Botter 2020-08-2734 minShow-mp3 – Sunday Morning Linux ReviewShow-mp3 – Sunday Morning Linux ReviewSMLR Episode 287 Fresh Looks: Jay LaCroix Mastering Ubuntu Server 2nd Editionhttp://smlr.us Downloads: Show 287 Jays Web Site https://jaylacroix.com/ You can get Mastering Ubuntu Server & Jays other books here https://www.packtpub.com/books/info/authors/jay-lacroix The Learn Linux TV YouTube channel https://www.youtube.com/c/LearnLinuxtv Recording from the Lawrence Technology Studios Contact Us: show (at) smlr.us or the Contact us page2018-09-2350 min