Yusuf On Security

In Part 1 of this series, we explored why Microsoft is finally saying goodbye to NTLM authentication after more than 25 years of service. We discussed NTLM’s security weaknesses, from relay attacks to weak cryptography, and touched on Kerberos...

Today, we’re diving into a significant announcement from Microsoft that will fundamentally change how Windows handles authentication. In this two-part series, we’ll explore Microsoft’s plan to phase out the NT LAN Manager protocol...

It has been a while since we’ve done a news update episode. So today, we’re diving into two major stories that have been dominating cybersecurity headlines this past week. First, we’ll unpack React2Shell, a critical vulnerability...

Today, we’re focusing on the critical lessons from one of the most disruptive IT failures in recent memory: the global outage triggered by a CrowdStrike software update on July 19, 2024. While the headlines focused on grounded flights and downed...

This week on YusufOnSecurity, we’re diving into a topic that’s become increasingly critical as our world grows more connected: the security of the Internet of Things, or IoT. From smart thermostats and wearable fitness trackers to industrial sensors...

In today’s interconnected world, the security of our digital infrastructure relies heavily on cryptography—the science of protecting information by transforming it into unreadable formats for unauthorized users. But how do we know the cryptographic...

In today’s episode is about a seismic shift in the world of cyber threats. The emergence of AI-powered malware. We’ll unpack how this new breed of malware works, the science behind it, real-world incidents, and what the latest academic research...

Today, we’ll answer a pressing question in cybersecurity: Is UTM still relevant in 2025? We’ll trace the origins of UTM, explain why it was created, break down its core features, compare it to newer technologies, and finish by busting a common...

In this week’s episode, we get into some detailed exploration of an up and coming  malware. Looking at it closer, it is one of the most advanced post-exploitation code families shaping the cybersecurity landscape in 2025. Over the time we...

This week we are exploring what Content Delivery Networks —commonly known as CDNs— are and whether they protect modern businesses. We’ll dive deep into the mechanics of how CDNs work, the technologies behind them, and whether they defend...

224 – Cisco Talos Year 2024 In Review In this week’s episode, we are looking at the latest Cisco Talos’ 2024 report.  In this comprehensive report, we will delve into the major cybersecurity trends and threats observed over the past...

This is the part 2 of RSAC 2025 episode. If you have not listened to episode 1 (that episode 222), I would suggest you listen to episode 1 before you listen this episode.Before you we get into part 2, lets review what has been happening last week on...

It was RSAC week and it would be remiss of me if I did not give you a highlight on what went on this year, 2025. After all, RSAC has a critical role in security.  We will be reviewing the top key announcements from this year’s event, including...

This week’s episode is continuation of Troy Hunt’s cautionary tale , the creator of HaveIBeenPwned. Despite being a renowned security expert, Troy recently fell victim to a sophisticated phishing attack through Mailchimp. We’ll...

In this week’s episode we have a fascinating and cautionary tale about none other than Troy Hunt, the creator of HaveIBeenPwned. Despite being a renowned security expert, Troy recently fell victim to a sophisticated phishing attack through...

In this episode, we’ll look into a cybersecurity assessment method that mimics real-world attacks to test an organization’s security defenses and response capabilities: Threat emulation. It is one of the strategies to keep you ahead of the...