Podd: Security Weekly Podcast Network (Audio)

Mrtentacle, Morphing Meerkat, Tor, VMWare, Waymo, Oracle, Aaran Leyland, and more... - SWN #463

28 mars 2025 | 29 min

SignalGate and How Not To Protect Secrets - PSW #867

27 mars 2025 | 127 min

The Pace of Investments Requires Better Risk Management, Boards Challenged, & More - BSW #388

26 mars 2025 | 67 min

Curdled Miscreant, VanHelsing, MFA, Room 237, MFA, Velora, 23nMe, Josh Marpet... - SWN #462

25 mars 2025 | 33 min

Finding a Use for GenAI in AppSec - Keith Hoodlet - ASW #323

25 mars 2025 | 54 min

Building the SOC of the Future - JP Bourget, Michael Mumcuoglu - ESW #399

24 mars 2025 | 111 min

What does a mature SecOps team look like? There is pressure to do more with less staff, increase efficiency and reduce costs. JP Bourget's experience has led him to believe that the answer isn't a tool upgrade, it's better planning, architecture, and process.

In this interview, we'll discuss some of the common mistakes SecOps teams make, and where to start when building the SOC of the future.

It feels like forever ago, but in the mid-2010s, we collectively realized, as an industry, that prevention was never going to be enough. Some attacks were always going to make their way through. Then ransomware got popular and really drove this point home. Detection engineering is a tough challenge, however.

Where do we start? Which attacks should we build detections for? How much of the MITRE ATT&CK matrix do we need to cover? How often do these detections need to be reviewed and updated? Wait, are any of our detections even working?

In this interview with Michael Mumcuoglu, we'll discuss where SecOps teams get it wrong. We'll discuss common pitfalls, and strategies for building more resilient and effective detections.

Again, as an industry, we need to understand why ransomware attacks keep going unnoticed, despite attackers using routine techniques and tools that we see over and over and over again.

Session Resources:

Rethinking Threat Exposure Management: A Unified Approach to Reducing Risk

This week, JP Bourget from Blue Cycle is with us to discuss Building the SOC of the Future

Then, Michael Mumcuoglu (Moom-cuoglu) from CardinalOps joins us to talk about improving detection engineering.

In the enterprise security news,

Google bets $32B on a Wiz Kid Cybereason is down a CEO, but $120M richer EPSS version 4 is out Github supply chain attacks all over A brief history of supply chain attacks Why you might want to wait out the Agentic AI trend Zyxel wants you to throw away their (old) products HP printers are quantum resilient (and no one cares) A giant rat is my hero All that and more, on this episode of Enterprise Security Weekly.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-399

Orange Drop Caps, apps, Veeam, jobs, Heathrow, vpentest, Aaran Leyland, and More... - SWN #461

21 mars 2025 | 33 min

Its Not Really A 0-Day - PSW #866

20 mars 2025 | 135 min

Breaking Down Human-Element Breaches To Improve Cybersecurity - Jinan Budge - BSW #387

19 mars 2025 | 66 min

Angry Iguana, Squid Bot, Bruted, 0Auth, Dragon Medical, Clippy 2.0, CISA, Josh Marpet - SWN #460

18 mars 2025 | 35 min

Redlining the Smart Contract Top 10 - Shashank . - ASW #322

18 mars 2025 | 53 min

Penetration Tests: useful, pointless, harmful, required, ineffective? - Phillip Wylie, Marina Segal - ESW #398

17 mars 2025 | 101 min

Penetration tests are probably the most common and recognized cybersecurity consulting services. Nearly every business above a certain size has had at least one pentest by an external firm.

Here's the thing, though - the average ransomware attack looks an awful lot like the bog standard pentest we've all been purchasing or delivering for years. Yet thousands of orgs every year fall victim to these attacks. What's going on here? Why are we so bad at stopping the very thing we've been training against for so long?

This Interview with Phillip Wylie will provide some insight into this! Spoiler: a lot of the issues we had 10, even 15 years ago remain today.

Segment resources:

Phillip's talk, Optimal Offensive Security Programs from Dia de los Hackers last fall

It takes months to get approvals and remediate cloud issues. It can take months to fix even critical vulnerabilities! How could this be? I thought the cloud was the birthplace of agile/DevOps, and everything speedy and scalable in IT? How could cloud security be struggling so much?

In this interview we chat with Marina Segal, the founder and CEO of Tamnoon - a company she founded specifically to address these problems.

Segment Resources:

Gartner prediction: By 2025, 75% of new CSPM purchases will be part of an integrated CNAPP offering. This highlights the growing importance of CNAPP solutions. https://www.wiz.io/academy/cnapp-vs-cspm
Cloud security skills gap: Even well-intentioned teams may inadvertently leave their systems vulnerable due to the cybersecurity skills shortage. https://eviden.com/publications/digital-security-magazine/cybersecurity-predictions-2025/top-cloud-security-trends/
CNAPP market growth: The CNAPP market is expected to grow from $10.74 billion in 2025 to $59.88 billion by 2034, indicating a significant increase in demand for these solutions. https://eviden.com/publications/digital-security-magazine/cybersecurity-predictions-2025/top-cloud-security-trends/
Challenges in Kubernetes security: CSPMs and CNAPPs may have gaps in addressing Kubernetes-specific security issues, which could be relevant to the skills gap discussion. https://www.armosec.io/blog/kubernetes-security-gap-cspm-cnapp/
Addressing the skills gap: Investing in training to bridge the cybersecurity skills gap and leveraging CNAPP platforms that combine advanced tools are recommended strategies. https://www.fortinet.com/blog/business-and-technology/navigating-todays-cloud-security-challenges
Tamnoon's State of Remediation 2025 report

In this week's enterprise security news,

Knostic raises funding
The real barriers to AI adoption for security folks
What AI is really getting used for in the wild
Early stage startup code bases are almost entirely AI generated
Hacking your employer never seems to go well
should the CISO be the chief resiliency officer?
proof we still need more women in tech

All that and more, on this episode of Enterprise Security Weekly.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-398

AI Bad, PHP, RDP, SuperBlack, VT, Deepseek, MassJacker, Roblox, Aaran Leyland... - SWN #459

14 mars 2025 | 29 min

AI Is Oversharing and Leaking Data - Sounil Yu - PSW #865

13 mars 2025 | 128 min

The Counterfeit Problem: How Blockchain Is Revolutionizing Brand Protection - Noam Krasniansky - BSW #386

12 mars 2025 | 63 min

Brains, kill switch, parking fees, CobaltStrike, Minja, Allstate, GitHub, Josh Marpet - SWN #458

11 mars 2025 | 33 min

CISA's Secure by Design Principles, Pledge, and Progress - Jack Cable - ASW #321

11 mars 2025 | 74 min

Ransomware Attacks a Decade In: What Changed? What Didn't? - benny Vasquez, Mike Mitchell - ESW #397

10 mars 2025 | 119 min

2025 brings us close to an interesting milestone - ransomware attacks, in their current, enterprise-focused form, are almost a decade old. These attacks are so common today, it's impossible to report on all of them. There are signs of hope, however - ransomware payments are significantly down. There are also signs defenders are getting more resilient, and are recovering more quickly from these attacks.

Today, with Intel471's Mike Mitchell, we'll discuss what defenders need to know to protect against today's ransomware attacks. He'll share some stories and anecdotes from his experiences with customers. He'll also share some tips, and tricks for successful hunts, and how to catch attacks before even your tools trigger alerts.

Segment Resources:

https://intel471.com/blog/how-ransomware-may-trend-in-2025

And now, for something completely different!

I've always urged the importance for practitioners to understand the underlying technology that they're challenged with defending. When we're yelling at the Linux admins and DevOps folks to "just patch it", what does that process entail? How do those patches get applied? When and how are they released in the first place?

This is often one of the sticking points when security folks get nervous about "going open source", as if 90% of the code in their environments doesn't already come from some open source project. It's a legitimate concern however - without a legal contract, and some comfort level that a paid support team is actually going to fix critical vulnerabilities, how do we develop trust or a relationship with an open source project?

In this interview, benny Vasquez, the Chair of the board of directors for AlmaLinux, will fill in some of the gaps for us, and help us understand how an open source project can not only be trusted, but in many cases may be more responsive to security teams' needs than a commercial vendor.

Segment Resources:

benny's 'highly scientific' survey on cloud vs on-prem usage across AlmaLinux users

In the enterprise security news,

Why is a consulting firm raising a $75M Series B?
A TON of Cybereason drama just dropped
Skybox Security shuts down after 23 years
The chilling effect on security leaders is HERE, and what that means
IT interest in on-prem, does NOT mean they’re quitting the cloud
Updates on the crazy Bybit heist
the state of MacOS malware
Skype is shutting down
Mice with CRISPR’ed woolly mammoth fur is NOT the real life Jurassic Park anyone was expecting

All that and more, on this episode of Enterprise Security Weekly.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-397

Secret YouTube Videos, Thunderforge, ByBit, 365, Chrome, VMWARE, Aaran Leyland... - SWN #457

7 mars 2025 | 32 min

Don't Hack Russia - PSW #864

6 mars 2025 | 125 min

Security Money: Sailpoint's IPO Saves the Index - BSW #385

5 mars 2025 | 60 min

Tastovision, Trufflepig, Cisco, Windows, VSCode, OT, SQL Server, Android, Josh Marpet - SWN #456

4 mars 2025 | 36 min

Keeping Curl Successful and Secure Over the Decades - Daniel Stenberg - ASW #320

4 mars 2025 | 69 min

First Do No Harm - Security Challenges in Healthcare - Ed Gaudet, Tanya Janca - ESW #396

3 mars 2025 | 123 min

Mr. Kurtzmann, Boffins gone Wild, Grasscall, Vo1d, CE, Shadowpad, Aaran Leyland... - SWN #455

28 februari 2025 | 30 min

Zero Days Are Not Just Fiction - PSW #863

27 februari 2025 | 109 min

CISOs Struggling, Culture Hurting, But Cybersecurity Salaries Stay Competitive - BSW #384

26 februari 2025 | 43 min

Cronenbergs, Dangling Twitchbots, Crypto, Kaspersky, SMS, OT, Josh Marpet... - SWN #454

25 februari 2025 | 26 min

Developer Environments, Developer Experience, and Security - Dan Moore - ASW #319

25 februari 2025 | 70 min

The Future of Cyber Regulation in the New Administration - Ilona Cohen, Jenn Gile - ESW #395

24 februari 2025 | 119 min

In this interview, we're excited to have Ilona Cohen to help us understand what changes this new US administration might bring, in terms of cybersecurity regulation. Ilona's insights come partially from her own experiences working from within the White House. Before she was the Chief Legal Officer of HackerOne, she was a senior lawyer to President Obama and served as General Counsel of the White House Office of Management and Budget (OMB).

In this hyper-partisan environment, it's easy to get hung up on particular events. Do many of us lack cross-administration historical perspective? Probably. Should we be outraged by the disillusion of the CSRB, or was this a fairly ordinary occurrence when a new administration comes in? These are the kinds of questions I'll be posing to Ilona in this conversation.

How the Change Healthcare breach can prompt real cybersecurity change

'Shift Left' feels like a cliché at this point, but it's often difficult to track tech and security movements if you aren't interacting with practitioners on a regular basis. Some areas of tech have a longer tail when it comes to late adopters and laggards, and application security appears to be one of these areas. In this interview, Jenn Gile catches us up on AppSec trends.

Segment Resources:

In the enterprise security news,

Change Healthcare’s HIPAA fine is vanishingly small
How worried should we be about the threat of AI models?
What about the threat of DeepSeek?
And the threat of employees entering sensitive data into GenAI prompts?
The myth of trillion-dollar cybercrime losses are alive and well!
Kagi Privacy Pass gives you the best of both worlds: high quality web searches AND privacy/anonymity
Thanks to the UK for letting everyone know about end-to-end encryption for iCloud!
What is the most UNHINGED thing you've ever seen a security team push on employees?

All that and more, on this episode of Enterprise Security Weekly.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-395

False Claims Act, Google Cloud PQC, Salt Typhoon, AI in SOC, Ivanti Flaws, ICS, DeFi - SWN #453

21 februari 2025 | 31 min

Live from ZTW - PSW #862

20 februari 2025 | 63 min

Say Easy, Do Hard - Data Inventory and Classification, Part 1 - BSW #383

19 februari 2025 | 54 min

AI Threat Intelligence, AI Hacking, Data Breaches, Zhong, DOGE, and more - SWN #452

18 februari 2025 | 25 min

Top 10 Web Hacking Techniques of 2024 - James Kettle - ASW #318

18 februari 2025 | 45 min

Evolving the SOC: Automating Manual Work while Maintaining Quality at Scale - Allie Mellen, Tim MalcomVetter - ESW #394

17 februari 2025 | 115 min

We've got a few compelling topics to discuss within SecOps today. First, Tim insists it's possible to automate a large amount of SecOps work, without the use of generative AI. Not only that, but he intends to back it up by tracking the quality of this automated work with an ISO standard unknown to cybersecurity.

I've often found useful lessons and wisdom outside security, so I get excited when someone borrows from another, more mature industry to help solve problems in cyber. In this case, we'll be talking about Acceptable Quality Limits (AQL), an ISO standard quality assurance framework that's never been used in cyber.

Segment Resources:

We couldn't decide what to talk to Allie about, so we're going with a bit of everything. Don't worry - it's all related and ties together nicely.

First, we'll discuss AI and automation in the SOC - Allie is covering this trend closely, and we want to know if she's seeing any results yet here.
Next, we'll discover SecOps data management - the blood that delivers oxygen to the SOC muscles.
Finally, we'll discuss MITRE's recent EDR evaluations - there was some contention around some vendors claiming to ace the test and we're going to get the tea on what's really going on here!

For each of these three topics, these are the blog posts they correspond with if you want to learn more:

In this week's enterprise security news, we've got

5 acquisitions
Tines gets funding
new tools and DFIR reports to check out
A legal precedent that could hurt AI companies
AI garbage is in your code repos
the dark side of security leadership
HIPAA fines are broken
Salt Typhoon is having a great time
Don't use ChatGPT for legal advice!!!!!

All that and more, on this episode of Enterprise Security Weekly.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-394

Bad Romance, Kimsuky, Red Mike, Ivanti, Nvidia, C code, Postgre, Aaran Leyland... - SWN #451

14 februari 2025 | 33 min

Prompt Injection, CISA, Patch Tuesday - PSW #861

13 februari 2025 | 125 min

Speak the Same Language, as Cybersecurity is Everyone's Responsibility - BSW #382

12 februari 2025 | 54 min

PlayStation, KerioControl, SEC SimSWAP, 8base, Copilot, AI, Bird, Josh Marpet... - SWN #450

11 februari 2025 | 30 min

Code Scanning That Works With Your Code - Scott Norberg - ASW #317

11 februari 2025 | 73 min

The groundbreaking technology addressing employment scams and deepfakes - John Dwyer, Aaron Painter - ESW #393

10 februari 2025 | 110 min

AI Cheese, CISA, Scaryware, Kimsuky Returns, Backups, Encryption, Jason Wood... - SWN #449

7 februari 2025 | 35 min

Deepseek, AMD, and Forgotten Buckets - PSW #860

6 februari 2025 | 127 min

Enforcement of the Digital Operational Resilience Act (DORA) - Madelein van der Hout - BSW #381

5 februari 2025 | 62 min

DeepSeek, Nicolas Cage, OpenAI, Hackers, Ransomware, Canada, Joshua Marpet and More - SWN #448

4 februari 2025 | 30 min

Threat Modeling That Helps the Business - Akira Brand, Sandy Carielli - ASW #316

4 februari 2025 | 72 min

The Growth of Women in Cybersecurity Has Slowed - Why, and What Can We Do About It? - Lynn Dohm - ESW #392

3 februari 2025 | 132 min

Celebrating and Elevating Women in Cyber: Recently, International Women in Cyber Day (September 1) highlighted the ongoing challenges women face in the cybersecurity field, as well as the progress made in recent years. Women bring exceptional skills and knowledge to cybersecurity; however, it is estimated that they make up only 20% to 25% of the cybersecurity workforce—a percentage that has remained stagnant for years. Even more concerning, women often hit a glass ceiling just six to ten years into their cybersecurity careers. Lynn Dohm sheds light on these issues and emphasizes what the industry needs to focus on to continue celebrating and elevating women in cyber.

Segment Resources:

2023 State of Inclusion Benchmark in Cybersecurity
2024 Cyber Talent Study by N2K and WiCyS
WiCyS Programs

This week, we've added an extra news segment just on AI. Not because we wanted to, but because the news cycle has bludgeoned us into it. My mom is asking about Chinese AI, my neighbor wants to know why his stocks tanked, my clients want to know how to prevent their employees from using DeepSeek, it's a mess.

First, a DeepSeek primer, so we can make sure all Enterprise Security Weekly listeners know what they need to know. Then we get into some other AI news stories.

DeepSeek Primer

I think the most interesting aspect of the DeepSeek announcements is the business/market impact, which isn't really security-related, but could have some impact on security teams. By introducing models that are cheaper to train, sell access to, and less demanding to run on systems, DeepSeek has opened up more market opportunities. That means we'll see generative AI used in markets and ways that didn't make sense before, because it was too expensive.

Another aspect that's really confusing is what DeepSeek is or does. For the most part, when someone says "DeepSeek", they could be referring to:

the company
the open source models released by the company
the SaaS service (https://chat.deepseek.com)
the mobile app (which is effectively just a front end for #3)
the API (which is what the mobile app and SaaS service are built on top of)

From a security perspective, there's little to no operational risk around downloading and using the models, though they're likely to get banned, so companies could get in trouble for using them. As for the app, API, or SaaS service, assume everything you type into them is getting collected by China (so, significantly less safe, probably no US companies should do this).

But because these services are crazy cheap right now, I wouldn't be surprised if some suppliers and third parties will start using DeepSeek - if your third party service provider is using DeepSeek behind the scenes with your data, you still have problem #2, so best to ensure they're not doing this through updated contract language and call to confirm that they're not currently doing it (can take a while to get a new contract in place).

This week in the enterprise security weekly news, we discuss

funding and acquisitions
Understanding the Semgrep license drama
Ridiculous vulnerabilities everywhere:
vulns to take down your entire city’s cell service
vulns to mess with your Subarus
vulns in Microsoft 365 authentication
cybersecurity regulations are worthless
Facebook is banning people for mentioning Linux
Vigilantes on Github
Mastercard DNS error
Qubes OS
Turning a "No" into a conversation

All that and more, on this episode of Enterprise Security Weekly!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-392

.ASS, Deepseek, AI Time Travel, Google, HeartBlocker, TikTok, Aaran Leyland, and More - SWN #447

31 januari 2025 | 33 min

Cred Vaults, Cheap AI, and Hacking Devices - Matt Bishop - PSW #859

30 januari 2025 | 126 min

AI in 2025: The Shifting Regulatory Landscape For Artificial Intelligence - BSW #380

29 januari 2025 | 45 min

DeepSeek, AIDs, Sex Crime, Microsoft, PayPal, GitHub, Joshua Marpet and More - SWN #446

28 januari 2025 | 30 min

Security the AI SDLC - Niv Braun - ASW #315

28 januari 2025 | 69 min

AI Red Teaming Comes to Bug Bounties - Francis Dinha, Michiel Prins - ESW #391

27 januari 2025 | 127 min

Cursive Funk, Microsoft, Ivanti, Sonic Wall, Exchange, PowerSchool, Aaran Leyland... - SWN #445

24 januari 2025 | 32 min

Vulnerability Prioritization In The Real World - Andy Jaquith - PSW #858

23 januari 2025 | 139 min

The Future Of The CISO - Jeff Pollard, Jess Burn - BSW #379

22 januari 2025 | 60 min

Smishing, Microsoft, Star Blizzard, Sneaky Log, VMARE, Josh Marpet, and more... - SWN #444

21 januari 2025 | 35 min

Appsec Predictions for 2025 - Cody Scott - ASW #314

21 januari 2025 | 52 min

The Next Era of Data Security: AI, Cloud, & Compliance - Jeff Smith, Dimitri Sirota, Kiran Chinnagangannagari - ESW #390

20 januari 2025 | 124 min

AIs in Love, UEFI, Fortinet, Godaddy, Juggalos, Aaran Leyland, and More. - SWN #443

17 januari 2025 | 39 min

Stopping The Bad Things - Rob Allen - PSW #857

16 januari 2025 | 154 min

Boards Stepping Up, as CISOs Build Stronger Bonds with Legal and Safeguard Leadership - BSW #378

15 januari 2025 | 36 min

Smishing, Beyond Trust, CryptoReligion, Aviatrix, Azure, Josh Marpet, and more... - SWN #442

14 januari 2025 | 39 min

Discussing Useful Security Requirements with Developers - Ixchel Ruiz - ASW #313

14 januari 2025 | 68 min

How threat-informed defense benefits each security team member - Frank Duff, Nathan Sportsman - ESW #389

13 januari 2025 | 121 min

We're thrilled to have Frank Duff on to discuss threat-informed defense. As one of the MITRE folks that helped create MITRE ATT&CK and ATT&CK evaluations, Frank has been working on how best to define and communicate attack language for many years now. The company he founded, Tidal Cyber is in a unique position to both leverage what MITRE has built with ATT&CK and help enterprises operationalize it.

Segment Resources:

Tidal Cyber website
Tidal Cyber Community Edition

We're a fan of hacker lore and history here at Security Weekly. In fact, Paul's Security Weekly has interviewed some of the most notable (and notorious) personalities from both the business side of the industry and the hacker community.

We're very excited to share this new effort to document hacker history through in-person interviews. The series is called "Where Warlocks Stay Up Late", and is the creation of Nathan Sportsman and other folks at Praetorian. The timing is crucial, as a lot of the original hackers and tech innovators are getting older, and we've already lost a few.

References:

Check out the Where the Warlocks Stay Up Late website and subscribe to get notified of each episode as it is released
Check out the anthropological hacker map and relive your misspent youth!

In this latest Enterprise Security Weekly episode, we explored some significant cybersecurity developments, starting with Veracode’s acquisition of Phylum, a company specializing in detecting malicious code in open-source libraries. The acquisition sparked speculation that it might be more about Veracode staying relevant in a rapidly evolving market rather than a strategic growth move, especially given the rising influence of AI-driven code analysis tools. We also covered One Password's acquisition of a UK-based shadow IT detection firm, raising interesting questions about their expansion into access management. Notably, the deal involved celebrity investors like Matthew McConaughey and Ashton Kutcher, suggesting a trend where Hollywood influence intersects with cybersecurity branding.

A major highlight was the Cyber Haven breach, where a compromised Chrome extension update led to stolen credentials. The attack was executed through a phishing campaign disguised as a Google policy violation warning. To their credit, Cyber Haven responded swiftly, pulling the extension within two hours and maintaining transparency throughout. This incident underscored broader concerns around the poor security of browser extensions, an issue that continues to be exploited due to lax marketplace oversight.

We also reflected on Corey Doctorow's concept of "Enshittification," critiquing platforms that prioritize profit and engagement metrics over genuine user experiences. His decision to disable vanity metrics resonated, especially considering how often engagement numbers are inflated in corporate settings. The episode wrapped with a thoughtful discussion on how CISOs can say "no" more effectively, emphasizing "yes, but" strategies and the importance of consistency. We also debated the usability frustrations of "magic links" for authentication, arguing that simpler alternatives like passkeys or multi-factor codes could offer a better balance between security and convenience.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-389

Robot Dogs, Ivanti, SonicWall, Banshee, Telegram, Motorola, Aaran Leyland, and more. - SWN #441

10 januari 2025 | 39 min

Threat Actors With A Thousand Names - PSW #856

9 januari 2025 | 127 min

Organizations Must Adapt To Safeguard Data In Evolving Environments - Lamont Orange - BSW #377

8 januari 2025 | 58 min

Ättestupa, Moxa, Typhoons, WordPress, Likert Scales, Algol, Josh Marpet, and more... - SWN #440

8 januari 2025 | 29 min

DefectDojo and Bringing Quality Appsec Tools to Small Appsec Teams - Greg Anderson - ASW #312

7 januari 2025 | 67 min

Endpoint Security - Rob Allen - SWN Vault

3 januari 2025 | 47 min

The Future in the Age of AI - SWN Vault

31 december 2024 | 39 min

Say Easy, Do Hard, Minimum Viable Security - Part 2 - Jon Fredrickson - BSW Vault

30 december 2024 | 48 min

The Impact of Tariffs - SWN Vault

27 december 2024 | 34 min

Hacker Heroes - Haroon Meer - PSW Vault

25 december 2024 | 77 min

Compliance & Privacy - SWN Vault

24 december 2024 | 31 min

Say Easy, Do Hard, Minimum Viable Security - Part 1 - Jon Fredrickson - BSW Vault

23 december 2024 | 27 min

Dysentery, TP-Link, Piracy, Calendar Scams, Tencent, TikTok, Aaran Leyland and More.. - SWN #439

20 december 2024 | 36 min

D3FEND 1.0: A Milestone in Cyber Ontology - Peter Kaloroumakis - ESW #388

20 december 2024 | 103 min

When Public Payphones Become Smart Phones - Inbar Raz - PSW #855

19 december 2024 | 167 min

NAC is Back - How Network Access Control Can Protect Your Remote Devices and Data - Rob Allen - BSW #376

18 december 2024 | 56 min

Vogons, Task Scams, HiatusRat, Cellebrite, Deloitte, Quantum, Aaran Leyland, and More - SWN #438

17 december 2024 | 40 min

Applying Usability and Transparency to Security - Hannah Sutor - ASW #311

16 december 2024 | 70 min

Nudity, Krispy Kreme, Cleo, AIAPIs, NHI, North Korea, Jersey Drones, Josh Marpet - SWN #437

13 december 2024 | 31 min

The 2024 Cybersecurity Market Review - Mike Privette, Rew Islam - ESW #387

13 december 2024 | 107 min

For our second year now, Mike Privette, from Return on Security and the Security, Funded newsletter joins us to discuss the year's highlights and what's to come in the next 12 months.

In some ways, it has been a return to form for funding, though some casualties of a tough market likely had to seek acquisition when they might have otherwise raised another round and stayed independent a while longer. We'll cover some stats, talk 2025 IPO market, and discuss the likelihood of (already) being in another bubble, particularly with regards to the already saturated AI security market.

It won't be all financial trends though, we'll discuss some of the technical market trends, whether they're finding market fit, and how ~50ish AI SOC startups could possibly survive in such a crowded space.

In this segment, we discuss two new FIDO Alliance standards focused on credential portability. Specifically, if passwordless is going to catch on, we need to minimize friction and maximize usability. In practice, this means that passkeys must be portable!

Rew Islam of Dashlane joins us to discuss the new standards and how they'll help us enter a new age of secure authentication, both for consumers and the enterprise.

Segment Resources:

This week, in the enterprise security news,

NOTE: We didn't get to 2, 3, 5, or 7 due to some technical difficulties and time constraints, but we'll hit them next week! The show notes have been updated to reflect what we actually discussed this week: https://www.scworld.com/podcast-segment/13370-enterprise-security-weekly-387

Snowflake takes security more seriously
Microsoft takes security more seriously
US Government takes telecom security more seriously
Cleo Capital takes security more seriously
EU’s DORA takes effect soon
Is phishing and security awareness training worthless?
CISOs need financial literacy
Supply chain firewall is basic but useful

All that and more, on this episode of Enterprise Security Weekly.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-387

Navigating Regulations in Supply Chain Security - Eric Greenwald - PSW #854

12 december 2024 | 163 min

Okta Secure Sign-In Trends Report Shows Companies are Getting Smarter about MFA - Chris Niggel - BSW #375

10 december 2024 | 60 min

Evil ISPs, Deloitte, YOLO11, Microsoft, Gift Cards, Navix, Telegram, Josh Marpet... - SWN #436

10 december 2024 | 35 min

Looking Back on 2024 - ASW #310

10 december 2024 | 59 min

Deloitte, e-Tattoos, Cp3o, Chemonics, IPv6, 6, Chinese Emperors, Aaran Leyland... - SWN #435

6 december 2024 | 34 min

Tackling Barriers on the Road To Cyber Resilience - Rob Allen, Theresa Lanowitz - ESW #386

6 december 2024 | 119 min

In this final installment of a trio of discussions with Theresa Lanowitz about Cyber Resilience, we put it all together and attempt to figure out what the road to cyber resilience looks like, and what barriers security leaders will have to tackle along the way. We'll discuss:

How to identify these barriers to cyber resilience
Be secure by design
Align cybersecurity investments with the business

Also, be sure to check out the first two installments of this series!

Episode 380: Cybersecurity Success is Business Success
Episode 383: Cybersecurity Budgets: The Journey from Reactive to Proactive

This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelblue to learn more about them!

When focused on cybersecurity through a vulnerability management lens, it's tempting to see the problem as a race between exploit development and patching speed. This is a false narrative, however. While there are hundreds of thousands of vulnerabilities, each requiring unique exploits, the number of post-exploit actions is finite. Small, even.

Although Log4j was seemingly ubiquitous and easy to exploit, we discovered the Log4Shell attack wasn't particularly useful when organizations had strong outbound filters in place.

Today, we'll discuss an often overlooked advantage defenders have: mitigating controls like traffic filtering and application control that can prevent a wide range of attack techniques.

This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!

This week, in the enterprise security news,

Funding and acquisition news slows down as we get into the “I’m more focused on holiday shopping season”
North Pole Security picked an appropriate time to raise some seed funding
Breaking news, it’s still super easy to exfiltrate data
The Nearest Neighbor Attack
Agentic Security is the next buzzword you’re going to be tired of soon
Frustrations with separating work from personal in the Apple device ecosystem
We check in on the AI SOC and see how it’s going
Office surveillance technology gives us the creeps

All that and more, on this episode of Enterprise Security Weekly.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-386

Hacker Gadgets - PSW #853

4 december 2024 | 162 min

Security Money: Of Course Okta Should Be In The Index - BSW #374

3 december 2024 | 52 min

ISIS, Enron, Tor, Scams, Wintermute, Zabbix, Josh Marpet and more... - SWN #434

3 december 2024 | 35 min

Adding Observability with OpenTelemetry - Adriana Villela - ASW #309

3 december 2024 | 71 min

2023 Funding and Acquisition Summary with Return on Security - Mike Privette - ESW Vault

28 november 2024 | 44 min

Terms & Acronyms - SWN Vault

26 november 2024 | 35 min

2nd Edition: How to Measure Anything in Cybersecurity Risk - Doug Hubbard - BSW Vault

25 november 2024 | 38 min

Fixing how cybersecurity products are bought and sold - Mariana Padilla - ESW #385

22 november 2024 | 112 min

Tesla, Druids, Salt Typhoon, North Korea, Amazon, Microsoft, Google, Joshua Marpet... - SWN #433

22 november 2024 | 33 min

Confessions of a Cyber Criminal Stalker - Ken Westin - PSW #852

21 november 2024 | 176 min

Biometric Frontiers: Unlocking The Future Of Engagement - Andras Cser, Enza Iannopollo - ASW #308

19 november 2024 | 71 min

Google DeGoogled, Hammerbarn, Blofeld, VMWare, DeepData, SafePay, Josh Marpet and... - SWN #432

19 november 2024 | 32 min

Similarities Between SOX And SEC's Cyber Rule - Padraic O'Reilly - BSW #373

19 november 2024 | 47 min

Granny Bots, Microsoft, Shrinklocker, SlugResin, BlueSky, Aaran Leyland, and More... - SWN #431

15 november 2024 | 32 min

AI and the Autonomous SOC - Separating Hype from Reality - Justin Beals, Itai Tevet - ESW #384

15 november 2024 | 116 min

No CVE and No Accountability - Ed Skoudis - PSW #851

14 november 2024 | 164 min

Modernizing AppSec - Melinda Marks - ASW #307

12 november 2024 | 69 min

Struwwelpeter, Krampus, Flutter, Apple, DLink, C++, Josh Marpet and more... - SWN #430

12 november 2024 | 33 min

How to Combat the CISO Mental Health Crisis - Ram Movva - BSW #372

12 november 2024 | 58 min

Robo-Turing, BlueNoroff, Palo Alto, German Law, Fabric, Cisco, Bans, Aaran Leyland... - SWN #429

8 november 2024 | 33 min

Cybersecurity Budgets: the Journey from Reactive to Proactive - Todd Thiemann, Theresa Lanowitz - ESW #383

8 november 2024 | 121 min

Cybersecurity For Schools - Kayne McGladrey - PSW #850

7 november 2024 | 168 min

Tariffs, Pygmy Goat, Schneider, SQLite, Deepfakes, Military AI, Josh Marpet... - SWN #428

6 november 2024 | 33 min

Bug bounties, vulnerability disclosure, PTaaS, fractional pentesting - Grant McCracken - ASW #306

5 november 2024 | 66 min

Planning A Merger Or Acquisition? Ask These Five Cyber Questions First - Craig Davies - BSW #371

5 november 2024 | 65 min

Recall, Russia, Win 10, Phish n Ships, Midnight Blizzard, Rob Allen, and More... - Rob Allen - SWN #427

4 november 2024 | 37 min

What if securing buildings was as easy as your smartphone? - Damon McDougald, Blaine Frederick, Punit Minocha - ESW #382

4 november 2024 | 126 min

Shadow IT and Security Debt - Dave Lewis - PSW #849

31 oktober 2024 | 170 min

Halloween, TikTok, Telcos, Win 11, Five Eyes, AWS, France, ChatGPT, and more... - SWN #426

30 oktober 2024 | 37 min

The CISO Mindset, Top Strategies, and Mandating Office Presence Without Purpose - David Bradbury, Erin Baudo Felter - BSW #370

29 oktober 2024 | 64 min

Making TLS More Secure, Lessons from IPv6, LLMs Finding Vulns - Arnab Bose, Shiven Ramji - ASW #305

29 oktober 2024 | 83 min

Better TLS implementations with Rust, fuzzing, and managing certs, appsec lessons from the everlasting transition to IPv6, LLMs for finding vulns (and whether fuzzing is better), and more!

Also check out this presentation from BSides Knoxville that we talked about briefly, https://youtu.be/DLn7Noex_fc?feature=shared

Generative AI has been the talk of the technology industry for the past 18+ months. Companies are seeing its value, so generative AI budgets are growing. With more and more AI agents expected in the coming years, it’s essential that we are securing how consumers interact with generative AI agents and how developers build AI agents into their apps. This is where identity comes in. Shiven Ramji, President of Customer Identity Cloud at Okta, will dive into the importance of protecting the identity of AI agents and Okta’s new security tools revealed at Oktane that address some of the largest issues consumers and businesses have with generative AI right now.

Segment Resources: https://www.okta.com/oktane/ https://www.okta.com/press-room/press-releases/okta-helps-builders-easily-implement-auth-for-genai-apps-secure-how/

Today, there isn’t an identity security standard for enterprise applications that ensures interoperability across all SaaS and IDPs. There also isn’t an easy way for an app, resource, workload, API or any other enterprise technology to make itself discoverable, governable, support SSO and SCIM and continuous authentication. This lack of standardization is one of the biggest barriers to cybersecurity today. Arnab Bose, Chief Product Officer, Workforce Identity Cloud at Okta, joins Security Weekly's Mandy Logan to discuss the need for a new, comprehensive identity security standard for enterprise applications, and the work Okta is doing alongside other industry players to institute a framework for SaaS companies to enhance the end-to-end security of their products across every touchpoint of their technology stack.

Segment Resources: https://www.okta.com/oktane/ https://www.okta.com/press-room/press-releases/okta-openid-foundation-tech-firms-tackle-todays-biggest-cybersecurity/ https://www.okta.com/press-room/press-releases/okta-is-reducing-the-risk-of-unmanaged-identities-social-engineering/

This segment is sponsored by Oktane, to view all of the CyberRisk TV coverage from Oktane visit https://securityweekly.com/oktane.

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw-305

Tourists, Fortis, apps, TLP, AWS, Google, Chatbots, Aaran Leyland, and More... - SWN #425

25 oktober 2024 | 35 min

Transforming the Defender's Dilemma into the Defender's Advantage - Charlotte Wylie, Bhawna Singh, Lenny Zeltser - ESW #381

25 oktober 2024 | 110 min

Ever heard someone say, "the attacker only has to be right once, but the defender has to get it right every time"? On this episode, we'll dispel that myth. There is some truth to the saying, but only with regards to initial access to the target's environment. Once on the inside, the attacker's advantage flips to the defender. Call it the 'Home Alone' effect. Or the Goonies effect? Die Hard? So many movie metaphors work here!

The conversation isn't just about setting traps for attackers, however, there's also a conversation to have about fundamentals and ensuring practitioners are prepared for whatever attackers might throw at them. This segment is inspired by the essay from Lenny by the same name: Transform the Defender’s Dilemma into the Defender’s Advantage

The vast majority of the folks working polls and elections are volunteers. This creates a significant training challenge. Not only do they have to learn how to perform a complex and potentially stressful job in a short amount of time (most training is one day or less), cybersecurity-related concerns are usually not included for individual poll location and election workers.

Kirsten Davies has a passion project that attempts to solve this, with some concise, accessible, and straightforward training material. It is made available through two PDFs on her new organization's website, instituteforcybercivics.org.

Customer Identity is everywhere. It's powering secure experiences for billions - enabling people to check their luggage at the airport, watch their favorite Major League Soccer games, or take their favorite Peloton class. Because it’s everywhere, threat actors now see customer identity as a path to financial gain. Bots now make up nearly 50% of all internet traffic and are being used to steal sign-up bonuses or breach accounts. And cybercriminals are bypassing the login box completely, stealing authenticated session cookies at record rates. Bhawna Singh. Chief Technology Officer of Customer Identity Cloud at Okta joins host Mandy Logan, from Security Weekly, to discuss the current state of customer identity, what developers need to know about securing their applications and what Okta is doing to help developers build applications that decipher a human from a bot.

Segment Resources: https://www.okta.com/oktane/ https://www.okta.com/press-room/press-releases/okta-helps-builders-easily-implement-auth-for-genai-apps-secure-how/

Whether it’s phishing techniques, password spraying, or social engineering, security leaders today are constantly needing to see past blindspots, educate their workforces, and rethink the enterprise security checklist. Many companies, like Okta, are finding ways to incorporate security within their company culture, as every employee has a role to play in keeping a company secure. Charlotte Wylie, Deputy CSO at Okta, joins Security Weekly's Mandy Logan to discuss what security leaders are being challenged with today when it comes to securing their workforce and from experience with implementing Okta’s Secure Identity Commitment how companies can be prioritizing security within their culture to help prevent threat actors from taking advantage of the weakest link.

Segment Resources: https://www.okta.com/blog/2024/08/how-okta-fosters-a-security-culture/ https://www.okta.com/press-room/press-releases/okta-openid-foundation-tech-firms-tackle-todays-biggest-cybersecurity/

This segment is sponsored by Oktane. Visit https://securityweekly.com/oktane2024 and use discount code OKTNSC24 to pay only $100 for your full conference pass!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-381

Secure By Default - How do we get there? - Andy Syrewicze - PSW #848

24 oktober 2024 | 187 min

Doom Brain, E2EE, OT, Adload, Cisco, VMware, internet archive, Josh Marpet ... - SWN #424

22 oktober 2024 | 30 min

Aligning Tech Execs on Cyber Resilience - Theresa Lanowitz - BSW #369

22 oktober 2024 | 61 min

The Complexities, Configurations, and Challenges in Cloud Security - Scott Piper - ASW #304

21 oktober 2024 | 77 min

Stealing, Kubernetes, Passkeys, SolarWinds, Intel, Sextortion, and... - SWN #423

18 oktober 2024 | 33 min

Cybersecurity Success is Business Success - Renuka Nadkarni, Theresa Lanowitz - ESW #380

18 oktober 2024 | 107 min

Secure by design is more than just AppSec - it addresses how the whole business designs systems and processes to be effective and resilient. The latest report from LevelBlue on Cyber Resilience reveals security programs that are reactive, ill-equipped, and disconnected from IT and business leaders.

Most security problems are out of security teams' hands. Addressing them requires input, buy-in, and action from business leaders and IT. Security cannot afford to be separate from the rest of the organization.

In this interview, we'll discuss how we could potentially solve some of these issues with Theresa Lanowitz from LevelBlue.

Segment Resources:

Grab your copy of the LevelBlue Futures Report on Cyber Resilience

This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelblue to learn more about them!

Implementing SASE can be tricky and onerous, but it doesn't have to be. Today, we discuss Unified SASE as a Service with Renuka Nadkarni, Chief Product Officer at Aryaka. Particularly, how can Unified SASE make both networking and security more flexible and agile?

IT and security professionals need to ensure secure and performant applications and data access to all users across their distributed global network without escalating cost, risk or complexity, or sacrificing user experience.

This segment is sponsored by Aryaka. Visit https://securityweekly.com/aryaka to learn more about them!

Finally, in the enterprise security news,

HUMAN, Relyance AI, and watchTowr raise funding this week
Alternative paths to becoming a CISO
Vendor booths don’t have to suck (for vendors or conference attendees!)
Budget planning guidance for 2025
CISOs might not be that great at predicting their own future needs
Use this one easy trick to bypass EDR!
Analyzing the latest breaches and malware
You probably shouldn’t buy a Fisker Ocean, no matter how cheap they get

All that and more, on this episode of Enterprise Security Weekly.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-380

Effective Operational Outcomes - Ken Dunham - PSW #847

17 oktober 2024 | 178 min

Perl & PHP Vulns, Fuzzing & Parsers, Protecting Multi-Hosted Tenants, Secure Design - ASW #303

15 oktober 2024 | 42 min

Stego, uBlock, PPTP, Log4J, Command Jacking, Windows 10, Feet, Josh Marpet, and More. - SWN #422

15 oktober 2024 | 30 min

Budget Planning Guide 2025: Security And Risk - Jeff Pollard - BSW #368

15 oktober 2024 | 60 min

Cybercab, Golden Jackal, Mamba 2FA, Microsoft, iPhone thieves, esims, Aaran Leyland.. - SWN #421

11 oktober 2024 | 30 min

Community Knowledge Sharing with CyberNest - Ben Siegel, Aaron Costello - ESW #379

11 oktober 2024 | 113 min

For this interview, Ben from CyberNest joins us to talk about one of my favorite subjects: information sharing in infosec. There are so many amazing skills, tips, techniques, and intel that security professionals have to share. Sadly, a natural corporate reluctance to share information viewed as privileged and private has historically had a chilling effect on information sharing.

We'll discuss how to build such a community, how to clear the historical hurdles with information sharing, and how to monetize it without introducing bias and compromising the integrity of the information shared.

Aaron was already a skilled bug hunter and working at HackerOne as a triage analyst at the time. What he discovered can't even be described as a software bug or a vulnerability. This type of finding has probably resulted in more security incidents and breaches than any other category: the unintentional misconfiguration.

There's a lot of conversation right now about the grey space around 'shared responsibility'. In our news segment later, we'll also be discussing the difference between secure design and secure defaults. The recent incidents revolving around Snowflake customers getting compromised via credential stuffing attacks is a great example of this. Open AWS S3 buckets are probably the best known example of this problem. At what point is the service provider responsible for customer mistakes? When 80% of customers are making expensive, critical mistakes? Doesn't the service provider have a responsibility to protect its customers (even if it's from themselves)?

These are the kinds of issues that led to Aaron getting his current job as Chief of SaaS Security Research at AppOmni, and also led to him recently finding another common misconfiguration - this time in ServiceNow's products. Finally, we'll discuss the value of a good bug report, and how it can be a killer addition to your resume if you're interested in this kind of work!

Segment Resources:

Aaron's blog about the ServiceNow data exposure.
The ServiceNow blog, thanking AppOmni for its support in uncovering the issue.

In the enterprise security news,

Eon, Resolve AI, Harmonic and more raise funding
Dragos acquires Network Perception
Prevalent acquires Miratech
The latest DFIR reports
A spicy security product review
Secure by Whatever
New threats
Hot takes

All that and more, on this episode of Enterprise Security Weekly.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-379

The Code of Honor: Embracing Ethics in Cybersecurity - Ed Skoudis - PSW #846

10 oktober 2024 | 135 min

"Code of Honor: Embracing Ethics in Cybersecurity" by Ed Skoudis is a book that explores the ethical challenges faced by cybersecurity professionals in today's digital landscape. The book delves into the complex moral dilemmas that arise in the field of cybersecurity, offering guidance on how to navigate these issues while maintaining integrity. The authors provide practical advice and real-world examples to help readers develop a strong ethical framework for decision-making in their cybersecurity careers.

Segment Resources:

Code of Honor: https://www.montreat.edu/cybersecurity-code/
Purchase Ed's book here: https://a.co/d/gb3yRxU

Get ready for a wild ride in this week's podcast episode, where we dive into the latest security shenanigans!

Default Credentials Gone Wild: We’ll kick things off with a look at how default credential scanners are like that friend who shows up to the party but never brings snacks. They're everywhere, but good luck finding one that actually works!
Critical Vulnerabilities in Tank Gauges: Next, we’ll discuss how automated tank gauges are now the new playground for hackers. With vulnerabilities that could lead to environmental disasters, it’s like giving a toddler a box of matches—what could possibly go wrong?
Cisco Routers: The Forgotten Gear: Cisco's small business routers are like that old car in your driveway—still running but definitely not roadworthy. We’ll explore why you should check your network before it becomes a digital junkyard.
Firmware Updates: A Love Story: Richard Hughes has dropped some juicy updates on fwupd 2.0.0, making firmware updates as easy as ordering takeout. But let’s be real, how many of us actually do it?
Stealthy Linux Malware: We’ll also uncover Perfctl, the stealthy malware that’s been creeping around Linux systems since 2021. It’s like that one relative who overstays their welcome—hard to get rid of and always looking to borrow money!
PrintNightmare Continues: And yes, the PrintNightmare saga is still haunting Windows users. It’s like a horror movie that just won’t end—grab your popcorn!
Cyber Shenanigans at Comcast and Truist: We'll wrap up with a juicy breach involving Comcast and Truist Bank that compromised data for millions. Spoiler alert: they didn’t have a great plan for cleaning up the mess.

Tune in for all this and more as we navigate the wild world of security news with a wink and a nudge!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw-846

The Future of Zed Attack Proxy - Simon Bennetts, Ori Bendet - ASW #302

8 oktober 2024 | 73 min

AI, American Water, Broadband, Claroty, Okta, Meta, Phishing, Robocop, Josh Marpet... - SWN #420

8 oktober 2024 | 30 min

Run Your Security Program Like an Election Campaign - Kush Sharma - BSW #367

8 oktober 2024 | 65 min

Perfctl, Pig Butchering, Ivanti, Zimbra, BabyLockerKZ, AI gone Wild, Aaran Leyland... - SWN #419

4 oktober 2024 | 33 min

Cybersecurity Career Paths: from touring musician to purple teaming at Meta - Neko Papez, Brian Contos, Jayson Grace - ESW #378

3 oktober 2024 | 134 min

Our latest in a series of interviews discussing cybersecurity career paths, today we talk to Jayson Grace his path into cybersecurity and his experience building red teams at national labs and purple teams at Meta. We also talk about his community impact, giving talks and building open source tools. Jayson just left Meta for an AI safety startup named Dreadnode, which we'll discuss as well.

Segment Resources:

CyberSecEval 3: Advancing the Evaluation of Cybersecurity Risks and Capabilities in Large Language Models
The [TTPForge] (https://github.com/facebookincubator/TTPForge) is a Cybersecurity Framework for developing, automating, and executing attacker Tactics, Techniques, and Procedures (TTPs).
ForgeArmory provides TTPs that can be used with the TTPForge
Wired, by Lily Hay Newman: Facebook's ‘Red Team X’ Hunts Bugs Beyond the Social Network's Walls
MOSE (Master Of SErvers) is a post exploitation tool for configuration management servers.
BSides SF 2024 - Beyond Quick Cash: Rethinking Bug Bounties for Greater Impact
BSides LV 2023 - [GF - Enemy Within: Leveraging Purple Teams for Advanced Threat Detection & Prevention - https://www.youtube.com/watch?v=-MT0tNi2vvc

This week in the enterprise security news, we've got:

Torq, Tamnoon, and Defect Dojo raise funding
Checkmarx acquires ZAP
Commvault acquires Clumio
Would you believe San Francisco is NOT the most funded metro area for cybersecurity?
Auto-doxxing Smart glasses are now possible
Meta gets fined $100M for storing plaintext passwords
AI coding assistants might not be living up to expectations
Worst Practices
Dumpster fires and truth bombs

All that and more, on this episode of Enterprise Security Weekly!

The way we use browsers has changed, so has the way we need to secure them. Using a secure enterprise browser to execute content away from the endpoint, inside a secure cloud browser is a dramatically more effective and cost-effective approach to protect users and secure access.

This segment is sponsored by Menlo Security. Visit https://securityweekly.com/menloisw to learn more about them!

Sevco is a cloud-native vulnerability and exposure management platform built atop asset intelligence to enable rapid risk prioritization, mitigation, validation, and metrics.

Segment Resources: Customer Testimonials: https://www.sevcosecurity.com/testimonials/ Product Videos: https://www.sevcosecurity.com/sevcoshorts/

This segment is sponsored by Sevco Security. Visit https://securityweekly.com/sevcoisw to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-378

Analyzing Malware at Scale - John Hammond - PSW #845

2 oktober 2024 | 187 min

More Car Hacks, CUPS Vulns, Microsoft's SFI, Memory Safety, Password Complexity - Farshad Abasi - ASW #301

2 oktober 2024 | 46 min

Death Stars, Recall, Microsoft, Brocade, AI, Josh Marpet, and more... - SWN #418

1 oktober 2024 | 29 min

How to Attain Zero Trust - Rob Allen - BSW #366

1 oktober 2024 | 58 min

Passwords, CUPS, KIA, Gilbert Gottfried, Salt Typhoon, Rob Allen from ThreatLocker... - Rob Allen - SWN #417

27 september 2024 | 33 min

SIEM: Shakeup in Event Management - What's Happening in the SIEM market today? - Jason Shockey, Seth Goldhammer - ESW #377

27 september 2024 | 120 min

The SIEM market has undergone some significant changes this summer. This is a great opportunity to talk about the current state of SIEM! In this conversation, we'll discuss:

market changes and terminology: security analytics, data lakes, SIEM
what is SOAR's role in the current SIEM market?
machine learning and generative AI's role
strategies for implementing a SIEM
common mistakes that still lead to SIEMs becoming shelfware
and much more!

Both Seth and Adrian have a long history when it comes to SIEMs, so this conversation will be packed with anecdotes, stories, and lessons learned!

This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about them!

We've been hearing a lot lately about how the talent gap in cybersecurity is much more complex than some folks have been making it out to be. While making six figures after going through a six week boot camp might be overselling the cybersecurity job market a bit, it is definitely a complex space with lots of opportunities.

Fortunately, we have folks building passion projects like My Cyber Path. When Jason transitioned into cyber from the military, he took note of the path he took. He also noticed how different the path was for many of his peers. Inspired by NIST NICE and other programs designed to help folks get a start in cyber, he created My Cyber Path.

My Cyber Path has a very organized approach. There are 12 paths outlined, which fall into 4 main areas. After taking a personality test, this tool suggests the best paths for you. Hmmm, this sounds a lot like the sorting hat in Harry Potter, and there are 4 "houses" you could get put into... coincidence?

Segment Resources: My Cyber Path has a free account where people can get matched to a cybersecurity work role based on their interests and personality traits and get access to free areas in the platform without having to save a credit card.

In the Enterprise News, the hosts discuss various trends and challenges in the cybersecurity landscape, including the evolution of terminology, funding trends, the emergence of new startups, and the impact of AI on security practices. They also explore the challenges faced by CISOs, the importance of humor in the industry, and the future of quantum readiness. The conversation highlights the need for clarity in cybersecurity messaging and the potential for consolidation in the market.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-377

AI in Cyber & Addressing Analyst Burnout - Kayla Williams - PSW #844

26 september 2024 | 179 min

C3pbot, Kaspersky, Octo2 , Honkai: Star Rail, ServiceNow, LinkedIn... - SWN #416

24 september 2024 | 30 min

Vulnerable APIs and Bot Attacks: Two Interconnected, Growing Security Threats - David Holmes - ASW #300

24 september 2024 | 68 min

Authentication and Authorization in the AI Era - Shiven Ramji - BSW #365

23 september 2024 | 67 min

Shroombots, pagers, Tor, Raptor Train, GRU, Blue Light, Aaran Leyland, and More... - SWN #415

20 september 2024 | 35 min

Do phishing tests do more harm than good? & Speed, Flexibility, and AI - Wolfgang Goerlich, Whitney Young - ESW #376

20 september 2024 | 113 min

A month ago, my friend Wolfgang Goerlich posted a hot take on LinkedIn that is less and less of a hot take these days.

He posted, "our industry needs to kill the phish test",and I knew we needed to have a chat, ideally captured here on the podcast.

I've been on the fence when it comes to phishing simulation, partly because I used to phish people as a penetration tester. It always succeeded, and always would succeed, as long as it's part of someone's job to open emails and read them. Did that make phishing simulation a Sisyphean task? Was there any value in making some of the employees more 'phishing resistant'?

And who is in charge of these simulations? Who looks at a fake end-of-quarter bonus email and says, "yeah, that's cool, send that out."

Segment Resources:

Phishing in Organizations: Findings from a Large-Scale and Long-Term Study
The GoDaddy Phishing Awareness Test
The Chicago Tribune - How a Phishing Awareness Test Went Very Wrong
University of California Santa Cruz - This uni thought it would be a good idea to do a phishing test with a fake Ebola scare

In this episode, we explore some compelling reasons for transitioning from traditional SOAR tools to next-generation SOAR platforms. Discover how workflow automation and orchestration offers unparalleled speed and flexibility, allowing organizations to stay ahead of evolving security threats. We also delve into how advancements in AI are driving this shift, making new platforms more adaptable and responsive to current market demands.

Segment Resources:

This segment is sponsored by Tines. Visit https://securityweekly.com/tines to learn more about them!

This week, the cybersecurity industry's most basic assumptions under scrutiny. Following up our conversation with Wolfgang Goerlich, where he questions the value of phishing simulations, we discuss essays that call into question:

the maturity of the industry
the supposed "talent gap" with millions of open jobs despite complaints that this industry is difficult to break into
cybersecurity's 'delusion' problem

Also some whoopsies:

researchers accidentally take over a TLD
When nearly all your customers make the same insecure configuration mistakes, maybe it's not all their fault, ServiceNow finds out

Fortinet has a breach, but is it really accurate to call it that?

Some Coalfire pentesters that were arrested in Iowa 5 years ago share some unheard details about the event, and how it is still impacting their lives on a daily basis five years later.

The news this week isn't all negative though! We discuss an insightful essay on detection engineering for managers from Ryan McGeehan is a must read for secops managers.

Finally, we discuss a fun and excellent writeup on what happens when you ignore the integrity of your data at the beginning of a 20 year research project that resulted in several bestselling books and a Netflix series!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-376

Exploding Pagers - Tod Beardsley - PSW #843

19 september 2024 | 174 min

Bringing Secure Coding Concepts to Developers - Dustin Lehr - ASW #299

17 september 2024 | 62 min

Back to the office, Void Banshee, ServiceNow, Taiwan, Dlink, C++, Aaran Leyland... - SWN #414

17 september 2024 | 35 min

Solving the Cybersecurity Data Problem - Padraic O'Reilly - BSW #364

17 september 2024 | 61 min

Li-On, Lazarus, Whatsup, Scattered Spider, Hadooken, Dead People, Aaran Leyland... - SWN #413

13 september 2024 | 31 min

Cybersecurity has too many distractions and can the White House fix BGP? - Harish Peri, Harry Wilson, Darren Guccione - ESW #375

13 september 2024 | 150 min

This week, in the enterprise security news,

Cribl, Zafran, and US states raise funding
Cisco, Check Point, Salesforce, and Absolute Software acquire cybersecurity startups
AI Security products are picking up steam
You probably shouldn’t be too worried about Yubikey cloning
Instead, you should be more worried about malicious npm packages!
The White House wants to fix BGP
SolarWinds has shady stuff in its source code, AGAIN
The challenge of bringing security to small business
Scams are getting quicker and more effective
how not to run a phishing test
and AI assistants rickroll paying customers!

We are a month away from Oktane -- the biggest identity event of the year. Okta is bringing thousands of identity industry thought leaders, IT and security executives, and other tech leaders together on October 15-17 to discuss the changing landscape for security and identity, how organizations are putting identity first, new Okta products, and more. Harish Peri, Senior Vice President of Product Marketing, joins Enterprise Security Weekly to discuss what people should expect from Oktane this year, the conversations that will take place at the event and why it’s important for security professionals to attend/tune in.

This segment is sponsored by Oktane. Visit https://securityweekly.com/oktane2024 and use discount code OKTNSC24 to pay only $100 for your full conference pass!

Ever wondered what it's like to be responsible for the cybersecurity of a sports team? How about when that sports team is one of the world's most successful Formula One teams? I can't describe how excited we are to share this interview. This interview is basically two huge F1 nerds who happen to also be cybersecurity veterans asking everything they've always wanted to know about what it takes to secure an F1 team.

For the folks out there that aren't familiar with this sport, Formula One is arguably the fastest, most watched, and most international automotive racing sport today. In the 2024 season, the racing series will feature ten teams traveling to 24 race tracks located in 21 different countries. Also, did you know that only two countries get more than one race? Italy gets to host two Grand Prix, and the United States gets to host three.

A HUGE thanks to Keeper Security and Darren Guccione for making this interview possible. This isn't a sponsored interview, but it was Keeper's PR team that pitched the idea for this interview to us, and as F1 fans, we're super grateful they did!

Segment Resources:

Keeper Press Release on the Partnership
Williams Press Release on the Partnership
Some more details from Keeper on why they chose to sponsor automotive racing

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-375

Recent Cyber Security Laws & Regulations - Lee Kim - PSW #842

12 september 2024 | 185 min

AI Trucks, Solid Concrete, Sonicwall, Progress, Rust, Apple, and more... - SWN #412

10 september 2024 | 30 min

Paying Down Tech Debt, Rust in Firmware, EUCLEAK, Deploying SSO - ASW #298

10 september 2024 | 56 min

Cybersecurity and the Business - Theresa Lanowitz - BSW #363

10 september 2024 | 57 min

IP Addresses - SWN Vault

6 september 2024 | 26 min

How to Make the World Quantum Safe - Vadim Lyubashevsky - ESW Vault

5 september 2024 | 46 min

Hacker Heroes - Mark Loveless - PSW Vault

4 september 2024 | 93 min

Encryption - SWN Vault

3 september 2024 | 24 min

Leadership Lessons from the First 100 Episodes of CISO Stories - Todd Fitzgerald - BSW Vault

2 september 2024 | 29 min

Close the Security Theater: Enter Resilience - Kelly Shortridge - ASW Vault

2 september 2024 | 38 min

Building AI BOMs - Helen Oakley - PSW #841

30 augusti 2024 | 182 min

Daleks, AVTECH, Palo Alto, VMWARE, Travel, California AI Dreamin', Aaran Leyland... - SWN #411

30 augusti 2024 | 34 min

What asset management (ITAM) looks like outside cybersecurity - Danny Jenkins, Ed Skoudis, Jeremy Boerger, Maor Bin - ESW #374

30 augusti 2024 | 104 min

The top priority on the CIS Critical Security Controls list has never changed: inventory and control of enterprise assets. Yet it remains one of the most challenging controls to implement, much less master. The refrain, "you can't secure what you don't know about" is as old as information security itself.

Complicating this task is the fact that improving asset management isn't an aspiration unique to the security team. IT, finance, facilities, and other groups within large enterprises are concerned with this as well. This often leads to challenges: should all these groups attempt to standardize on one common asset database or CMDB? Or should security go their own way, and purchase their own asset management tool?

Answering these questions would be a lot easier if we had someone with an IT asset management (ITAM) perspective, and fortunately, we do! Jeremy Boerger of Boerger Consulting joins us to help us understand the IT perspective, so we can understand if there are opportunities for security and IT to help each other out, or at least find some common ground!

Boerger Consulting Resources:

I often say that it isn't the concepts or ideas in cybersecurity that are bad, but the implementations of them. Sometimes the market timing is just wrong and the industry isn't ready for a particular technology (e.g. enterprise browsers). Other times, the technology just isn't ready yet (e.g. SIEMs needed better database technology and faster storage). Since the ideas are solid, we see these concepts return after a few years.

Application allowlisting is one of these product categories. Threatlocker has been around since 2017 and is now a late stage startup that has achieved market fit. We chat with the company's CEO and founder, Danny Jenkins to find out how they learned from the mistakes made before them, and differentiate from the technology some of us remember from the late 2000s and early 2010s.

Segment Resources:

ThreatLocker Solutions

This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!

In this interview, Maor Bin, CEO and Co-Founder of Adaptive Shield, discusses the evolving landscape of SaaS Security. He highlights the challenges posed by the security gap resulting from the rapid adoption of SaaS applications and why SaaS security is beyond just misconfiguration management.

Segment Resources: https://www.adaptive-shield.com/landing-page/the-annual-saas-security-survey-report-2025-ciso-plans-and-priorities/

This segment is sponsored by Adaptive Shield. Visit https://securityweekly.com/adaptiveshieldbh to download the Annual SaaS Security Survey Report!

Cybersecurity professionals are often confronted with ethical dilemmas that need to be carefully navigated. In 25 years of teaching incident handling and penetration testing, Ed has often been asked by his students for help in ethical decision-making. Ed will share some of their questions and his recommended approaches for addressing them. Ed also has a new book out, The Code of Honor, about cybersecurity ethics. All proceeds go to scholarships for college students.

Segment Resources: 1) Ed's book, published June 18, 2024: https://www.amazon.com/Code-Honor-Embracing-Ethics-Cybersecurity/dp/1394275862/ref=sr11?crid=1DSHPCXDIQ1VT&dib=eyJ2IjoiMSJ9.rmZX2-3mj1nI74iKkjbKkQSNKCuRjjn-QQ8qrzVy21tMRAXuKu5Qr5rPgtszkVd7zJMV7oVTuImUZIxMQfecnaRlNRfAVI5G7azyWi8lY.WHOujvlsQXPTJaHuEafwRC2WVKZe474eVXHn46kLiEY&dib_tag=se&keywords=skoudis&qid=1722767581&sprefix=skoudis%2Caps%2C90&sr=8-1

2) Holiday Hack Challenge - sans.org/holidayhack

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-374

MGs, Free Speech, sedexp, Cthulhu, SeaTac, GrimResource, ServiceBridge, Josh Marpet.. - SWN #410

27 augusti 2024 | 35 min

Changing the Course of IoT's Future from Its Insecure Past - Paddy Harrington - ASW #297

27 augusti 2024 | 64 min

The Changing Risk Landscape: CISO Liability - Darren Shou - BSW #362

26 augusti 2024 | 68 min

Faking your own death, Fake Reviews, Solar Winds, Recall, Winux, Kubernetes, and More - SWN #409

23 augusti 2024 | 31 min

The end of the road for some cyber startups & making detection actually work! - Vivek Bhandari, Vivek Ramachandran, Mike Lyborg, Brandon Potter - ESW #373

23 augusti 2024 | 147 min

This week, in the enterprise security news,

A funding that looks like an acquisition
And two for-sure acquisitions
Rumors that there are funding problems for early stage cyber startups, and we’ll see a lot more acquisitions before the end of the year
Speaking of rumors, Crowdstrike did NOT like last week’s Action1 acquisition rumor!
Shortening detection engineering feedback loops
HoneyAgents
More reflections on Black Hat 2024
The attacker does NOT just have to get it right once
and the defender does NOT have to get it right every time
Remember BEC scams? Yeah, they’re still enterprise enemy #1

All that and more, in the news this week on Enterprise Security Weekly!

SquareX

With employees spending most of their working hours on the browser, web attacks are one of the biggest attack vectors today. Yet, both enterprises and security vendors today aren’t focused on securing the browser – a huge risk given that attackers can easily bypass Secure Web Gateways, SASE and SSE solutions.

This segment will demonstrate the importance of a browser-native solution, discuss the limitations of current solutions and how enterprises can better protect their employees from web attacks.

Segment Resources:

DEF CON talk abstract
Enterprise use cases for SquareX
Data Sheet
Why Browser Native Solutions are better than Cloud Based Proxies
Blog on the Many Failures of Secure Web Gateways

This segment is sponsored by Square X. Visit https://securityweekly.com/squarexbh to learn how SquareX can protect your employees from web attacks!

Tanium

The recent CrowdStrike outage and subsequent disruption tested organizations' resiliency and confidence as the world went offline. It served as a reminder that in an increasingly technology-dependent world, things will go wrong – but security leaders can plan accordingly and leverage emerging technologies to help minimize the damage.

In this interview, Tanium’s Vice President of Product Marketing Vivek Bhandari explains how AI and automation can help with remediation and even prevent similar outages from happening in the future, and breaks down the future of Autonomous Endpoint Management (AEM) as the solution for continuous cyber resilience in the face of disruption.

Segment Resources:

The Future of Converged Endpoint Management is Autonomous Endpoint Management (AEM)

This segment is sponsored by Tanium. Visit https://securityweekly.com/taniumbh to learn more about them!

Swimlane and GenAI

Join Swimlane CISO, Mike Lyborg and Security Weekly’s Mandy Logan as they cut through the AI peanut butter! While Generative AI is the not-so-new hot topic, it's also not the first time the cybersecurity industry has embraced emerging technology that can mimic human actions. Security automation and its ability to take action on behalf of humans have paved the way for generative AI to be trusted (within reason). The convergence and maturity of these technologies now have the potential to revolutionize how SecOps functions while force-multiplying SOC teams.

This segment is sponsored by Swimlane. Visit https://securityweekly.com/swimlanebh to learn more about them!

Swimlane and ProCircular

ProCircular, is a security automaton power-user and AI early adopter. Hear from Swimlane customer, Brandon Potter, CTO at ProCircular, about how use of Swimlane, has helped his organization increase efficiency, improve security metrics and ultimately grow their customer base without increasing headcount.

Segment Resources:

This segment is sponsored by Swimlane. Visit https://securityweekly.com/swimlanebh to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-373

How do we patch the right things? - Josh Bressers - PSW #840

22 augusti 2024 | 179 min

Every week here on the show we talk about vulnerabilities and exploits. Typically we recommend that organizations remediate these vulnerabilities in some way. But how? And more importantly, which ones? Some tools we have to help us are actually not all that helpful at time, such as:

Mitre Att&ck - Don't get me wrong, this is a great project and Adam and team is doing a great job. However, its not a complete picture as we can't possibly know about every attack vector (or can we?). People seem to think if they cover everything in the framework they will be secure. You can't cover everything in the framework because each technique can be utilized by an attack in a hundred different ways.
CVSS - Anyone can apply a score, but who is correct? Good that we have a way to score things, but then people will just use this as a basis for what they patch and what they do not. Also, chaining vulnerabilities is a thing, but we seem to lack any way to assign a score to multiple vulnerabilities at once (different from a technique). Also, some things don't get a CVE, how are you tracking, assessing risk, and patching these?
CISA KEV - Again, love the project and Tod is doing amazing work. However, what about things that do not get a CVE? Also, how do you track every incident of an attacker doing something in the wild? Also, there is frequency, just because something got exploited once, does that mean you need to patch it right away? How are we tracking how often something is exploited as it is not just a binary "yes, its exploited" or "no, it is not".
EPSS - I do like the concept and Wade and Jay are doing amazing work. However, there seems to be a "gut reaction" thing going on where we do see things being exploited, but the EPSS score is low. How can we get better at predicting? We certainly have enough data, but are we collecting the right data to support a model that can tell us what the attackers will do next?

This week: YAVD: Yet Another Vulnerable Driver, why bring your own when one already exists, backdoors in MIFARE Classic, wireless hacking tips, AMD sinkclose vulnerability will keep running, you down with SLDP yea you know me, Phrack!, IoTGoats, Pixel vulnerabilities, leaking variables, a DEF CON talk that was not cancelled, Telnet is still a thing, More CNAs, and the last thing Flint Michigan needed was a ransomware attack!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw-840

The Fallout and Lessons Learned from the CrowdStrike Fiasco - Shimon Modi, Jeff Pollard, Allie Mellen, Boaz Barzel - ASW #296

20 augusti 2024 | 82 min

This week, Jeff Pollard and Allie Mellen join us to discuss the fallout and lessons learned from the CrowdStrike fiasco. They explore the reasons behind running in the kernel, the challenges of software quality, and the distinction between a security incident and an IT incident. They also touch on the need to reduce the attack surface and the importance of clear definitions in the cybersecurity industry. The conversation explores the need for a product security revolution and the importance of transparency and trust in security vendors.

As development cycles shorten and more responsibilities shift to developers, application security (AppSec) is rapidly evolving. Organizations are increasingly building mature programs that automate and enhance AppSec, moving beyond manual processes. In this discussion, we explore how organizations are adapting their AppSec practices, highlighting the challenges and milestones encountered along the way.

Key topics include the integration of security into the development lifecycle, the impact of emerging technologies, and strategies for fostering a security-first culture. Boaz Barzel shares his experiences and offers practical advice on overcoming common obstacles, ensuring that security measures keep pace with rapid technological advancements. This segment serves as a comprehensive guide for organizations striving to enhance their AppSec practices and continuously optimize their posture.

This segment is sponsored by OX Security. Visit https://securityweekly.com/oxbh to learn more about them!

Given the rapid rise of threat actors utilizing AI for cyber-attacks, security teams need advanced AI capabilities more than ever.

Shimon will discuss how Dataminr’s Pulse for Cyber Risk uses Dataminr’s leading multi-modal AI platform to provide the speed and scale required to build enterprise resilience in the modern cyber threat environment. Dataminr's world-leading AI platform helps companies stay informed - performing trillions of daily computations across billions of public data inputs from more than one million unique public data sources encompassing text, image, video, audio and sensor signals to provide real-time information when you need it most.

Segment Resources: https://www.dataminr.com/pulse/cyber-risk/?utmsource=google&utmmedium=paidsearch&utmterm=dataminr%20company&utmcampaign=NORAMDIGIBRG-SearchHDRSMajEntDemo&utmsource=google&utmmedium=paidsearch&hsaacc=8657480186&hsacam=958164645&hsagrp=125093879176&hsaad=654125003504&hsasrc=g&hsatgt=kwd-338332441603&hsakw=dataminr%20company&hsamt=p&hsanet=adwords&hsaver=3&gadsource=1&gclid=CjwKCAjwnqK1BhBvEiwAi7o0XxetJ1k8xcqlYk1Pk5Jsr6Adr2yP-9yhNM7oxISq2-Rbz-UunCxSmhoCYfgQAvD_BwE

https://www.dataminr.com/resources/on-demand-webinar/why-cyber-physical-convergence-really-matters

This segment is sponsored by Dataminr. Visit https://securityweekly.com/dataminrbh to learn more about their world-leading AI platform perform!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw-296

Dangerous books, Microsoft plus, NPD, Solar Winds, Jenkins, and more... - SWN #408

20 augusti 2024 | 28 min

Why Cyber Resilience Matters - Andrew Harding, Theresa Lanowitz - BSW #361

19 augusti 2024 | 63 min

What are the barriers to cyber resilience today? Why is it so difficult? And what is coming next, that will generate resilience challenges further down the line?

After five years of focusing on the short- and medium-term future of cybersecurity and edge, this year, LevelBlue wanted to understand what is preventing cyber resilience—and what business leaders are doing about it. Theresa Lanowitz, Chief Evangelist at LevelBlue, joins us to discuss the results of their research.

Segment Resources: LevelBlue.com/futuresreport

This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelblue to learn more about them!

While CISOs are often responsible for technology implementation, they are not getting the support they need at a strategic level. The Accelerator found that 73% of CISOs expressed concern over cybersecurity becoming unwieldy, requiring risk-laden tradeoffs, compared to only 58% of both CIOs and CTOs.

Understanding the C-suite’s business priorities is critical for shaping effective cybersecurity strategies. Identifying how these essential roles look at the business helps to ensure alignment among CIOs, CTOs, and CISOs, as well as the teams that report into them. It’s a key first step towards bolstering cyber defenses, especially with the CEO and Board support.

This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelbluebh to learn more about cyber resilience and how to start the conversation in your organization!

Employees spend up to 80% of their working hours in a web browser, and threat actors are increasingly leveraging browsers to target users and initiate attacks. Disrupting the tool employees use for 80% of their job would have massive impact on productivity. Rather than ripping and replacing, enterprises can turn any browser into a secure enterprise browser.

Segment Resources: Menlo homepage: https://resources.menlosecurity.com/videos/browser-security

Menlo research on three new nation state campaigns: https://www.menlosecurity.com/press-releases/menlo-security-exposes-three-new-nation-state-campaigns

Every browser should be a secure enterprise browser: https://www.menlosecurity.com/blog/every-browser-should-be-a-secure-enterprise-browser

Defending against zero-hour phishing attacks: https://www.menlosecurity.com/blog/state-of-browser-security-defending-browsers-against-ever-evolving-zero-hour-phishing-attacks

This segment is sponsored by Menlo Security. Visit https://securityweekly.com/menlobh or schedule a demo to learn more about the role of browser security in eliminating the risk of highly evasive threats!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-361

Quantum AI Drones, Ransomhub, Pixel, Mad Liberator, the return of Russ Beauchemin... - SWN #407

16 augusti 2024 | 40 min

Cybersecurity Myths - Eugene Spafford - PSW #839

15 augusti 2024 | 189 min

Highlights from BlackHat/DefCon, Vulnerabilities, and Cyber Marketing Challenges - Brett Stone-Gross, Rakesh Nair, Rekha Shenoy, Marty Momdjian - ESW #372

15 augusti 2024 | 129 min

In this conversation, the hosts discuss patchless patching, vulnerabilities in the Windows TCP/IP stack, and the trustworthiness of Microsoft. They highlight the challenges of marketing in the cybersecurity industry and the importance of building trust with customers. The conversation also touches on the need for vendors to prioritize security and code quality over rushing products to market. Overall, the hosts express concerns about the frequency of security vulnerabilities and the potential impact on customer trust. Other topics of discussion include the Innovators and Investors Summit at Black Hat, the potential sale of Trend Micro, layoffs in the industry, and the controversy surrounding room searches at DEF CON. They also touch on the concept of time on the moon and its implications for future lunar missions.

Devo, the security analytics company, recently launched data orchestration, a data analytics cloud, and security operations center (SOC) workflow enhancements. Enterprise security teams are struggling with growing data volumes—and they’re also up against headcount and budget constraints. These solutions offer security teams data control, cost optimizations, and efficient automation for better security outcomes.

Segment Resources: https://www.devo.com/defend-everything/

This segment is sponsored by Devo. Visit https://securityweekly.com/devobh to learn more about how Devo's new solutions can streamline your security operations.

As security monitoring has gotten more mature over the years, remediating security vulnerabilities is still stuck in the dark ages requiring mountains of CVE reports and thousands of manual tasks to be done by network engineers at the wee hours of the nights and weekends. Cyber resilience requires a more continuous approach to remediation, one that does not depend on manual work but also one that can be trusted not to cause outages.

This segment is sponsored by BackBox. Visit https://securityweekly.com/backboxbh to learn more about them!

Many cybersecurity experts are calling recent attacks on healthcare more sophisticated than ever. One attack disrupted prescription drug orders for over a third of the U.S. and has cost $1.5 billion in incident response and recovery services. Separately, an operator of over 140 hospitals and senior care facilities in the U.S. was also victimized. These attacks are becoming all too common. Disruptions can lead to life-and-death situations with massive impacts on patient care. All industries, especially healthcare, have to better prepare for ransomware attacks. Are you ready to turn the tables on threat actors? Marty Momdjian, Semperis EVP and General Manager provides advice on how hospitals can regain the upper hand.

This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to learn more about them!

The annual report details the latest ransomware attack trends and targets, ransomware families, and effective defense strategies. Findings in the report uncovered an 18% overall increase in ransomware attacks year-over-year, as well as a record-breaking ransom payment of US$75 million – nearly double the highest publicly known ransomware payout – to the Dark Angels ransomware group.

Segment Resources: For a deeper dive into best practices for protecting your organization and the full findings, download the Zscaler ThreatLabz 2024 Ransomware Report Link below - https://zscaler.com/campaign/threatlabz-ransomware-report

This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscalerbh to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-372

When Appsec Needs to Start Small - Kalyani Pawar, Danny Jenkins, Nikos Kiourtis - ASW #295

13 augusti 2024 | 69 min

Startups and small orgs don't have the luxury of massive budgets and large teams. How do you choose an appsec approach that complements a startup's needs while keeping it secure. Kalyani Pawar shares her experience at different ends of an appsec maturity spectrum.

In complex software ecosystems, individual application risks are compounded. When it comes to mitigating supply chain risk, identifying backdoors or unintended vulnerabilities that can be exploited in your environment is just as critical as staying current with the latest hacking intel. Understand how to spot and reduce the risk to your environment and prevent disruption to your operation.

This segment is sponsored by Threatlocker. Visit https://securityweekly.com/threatlockerbh for a free trial!

Every mobile device connecting to enterprise assets hosts a unique blend of work and personal apps, creating a complex landscape of innumerable vulnerabilities. Thankfully, methods exist to provide security teams with the real-world insights necessary to proactively address threats and shield against attacks targeting mobile apps and device endpoints. Nikos Kiourtis, CTO at Quokka, shares the latest findings in mobile security, outlining emerging threats and effective measures to reduce your mobile app attack surface – and safeguarding against potential attacks and data breaches.

Segment Resources: - Panelcast with SC Magazine: 8 ways attackers target mobile apps to steal your data (and how to stop them) https://www.scmagazine.com/cybercast/8-ways-attackers-target-mobile-apps-to-steal-your-data-and-how-to-stop-them - Ryan Johnson’s talk at DEF CON 32, “Android App Usage and Cell Tower Location: Private. Sensitive. Available to Anyone?” https://defcon.org/html/defcon-32/dc-32-speakers.html

This segment is sponsored by Quokka. Visit https://securityweekly.com/quokkabh to learn more about their intelligence app solutions!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw-295

DEFCON Hijinx, AMD, Ukraine, FreeBSD, OpenVPN, the Pwnie Awards, Josh Marpet... - SWN #406

13 augusti 2024 | 29 min

Security Money: Crowdstrike Crashes the Index - BSW #360

12 augusti 2024 | 63 min

0.0.0.0, Blacksuit, OpenAI, AWS, Cisco Phones, Win 10, Aaran Leyland, and More... - SWN #405

9 augusti 2024 | 31 min

AI Red Teaming and AI Safety - Sounil Yu, Amanda Minnich - ESW #371

9 augusti 2024 | 138 min

Downgrades and Attacking Security Things & Things Not to Miss at BH/DC - Trent Lo - PSW #838

8 augusti 2024 | 188 min

Fake IDS, Storm Bamboo, uBlock, Rhysida, Snake, Delta, TikTok, Josh Marpet... - SWN #404

6 augusti 2024 | 33 min

Building Successful Security Champions Programs - Marisa Fagan - ASW #294

6 augusti 2024 | 70 min

Say Easy, Do Hard - Job Search Strategies for CISOs - Part 1 - Merlin Namuth, Brad Rager - BSW #359

5 augusti 2024 | 57 min

Cybersecurity's Love Affair with Distractions - Fred Wilmot, Dani Woolf - ESW #370

2 augusti 2024 | 138 min

Remember 20 years ago? When we were certain SIEMs would grant our cybersecurity teams superpowers? Or 10 years ago, when we were sure that NGAV would put an end to malware as we knew it? Or 15 years ago, when we were sure that application control would put an end to malware as we knew it? Or 18 years ago, when NAC would put an end to unauthorized network access?

Why do we keep thinking that the next vendor offering is going to solve all our problems? In this interview, we talk with Fred Wilmot about the hard work of building effective processes and resilient architectures that will actually yield reductions in risk and detection/response capabilities that actually work.

We'll discuss shifts in thinking that can move us past the latest distractions, and keep security teams focused on work that moves the needle. Fred may also mention his past transgressions against the industry and what he's doing to "wipe out the red from his ledger".

There's plenty of content out there detailing how vendors fall short:

scummy, aggressive sales tactics
overuse of jargon and buzzwords
sneaky sales tactics
dumping on competitors
products that fall far short of claims
ambulance chasing

So what should they doing? In this episode, we chat with Dani Wolff, about how marketers can adopt the skills and mindsets of security researchers to improve GTM strategies, without resorting to awful tactics. Drawing from extensive experience in qualitative interviews and collaborations with enterprise security executives and researchers, Dani will uncover how the innate curiosity and analytical prowess of researchers can dismantle unhealthy habits within vendor organizations.

We'll also discuss Dani's various projects, including the WTF Did I Just Read podcast, CyberNest, and CyberSynapse. Dani will explain how these are all designed to address the gap between vendors and buyers in the cybersecurity industry.

This week, in the enterprise security news,

over half a billion in funding, as everyone gets their pre-Blackhat announcements out!
Mimecast picks up Code42
Will Cato Networks IPO?
Canarytokens update
We still have some crowdstrike fallout to discuss
CISO responses to SEC rules
Making things secure without security tools
tips for going SOCLess
denial of service robots

All that and more, on this episode of Enterprise Security Weekly.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-370

Taco Bell AI, Azure, Scams, AI Emails, IBM, Crowdstrike, Aaran Leyland, and More... - SWN #403

2 augusti 2024 | 31 min

PK Fail - John Loucaides - PSW #837

1 augusti 2024 | 202 min

Forever mouse, RPC, WhatsApp, NIST, PKFail, 0Auth, Josh Marpet, and More... - SWN #402

30 juli 2024 | 32 min

A CISO's Perspective on AI, Appsec, and Changing Behaviors - ASW #293

30 juli 2024 | 45 min

Identity Security Posture Management - Allan Alford, Dor Fledel - BSW #358

29 juli 2024 | 63 min

Generative AI (as used by defenders AND attackers) will Drive SOC Evolution - Greg Notch, Edward Wu - ESW #369

26 juli 2024 | 119 min

Twitter, the DOJ, DarkSeoul, Fake Employees, PlugX, Stargazer Ghost, Aaran Leyland... - SWN #401

26 juli 2024 | 32 min

MS Patch Tuesday: Which Vulnerabilities Really Need Prioritizing. - Douglas McKee - PSW #836

25 juli 2024 | 185 min

Killer Robots, Crowdstrike, Southwest, Play, FrostyGoop, Josh Marpet and More - SWN #400

23 juli 2024 | 34 min

Where Generative AI Can Actually Help Security (And Where It Doesn't) - Farshad Abasi, Allie Mellen - ASW #292

23 juli 2024 | 65 min

Closing CISO-CEO Communication Gap Requires a Common Business Language - Sumedh Thakar, Jeff Recor - BSW #357

23 juli 2024 | 71 min

Analyzing the CrowdStrike Incident and Its Ripple Effects - SWN #399

19 juli 2024 | 42 min

Jump-starting SOC Analyst Careers, Addressing Cybersecurity Industry Challenges, and Historic Rumors in Enterprise Security - ESW #368

19 juli 2024 | 126 min

3D Printing For Hackers - David Johnson - PSW #835

18 juli 2024 | 182 min

Floppy Disks, Exim, Kaspersky, Darkgate, AT&T, Josh Marpet and more... - SWN #398

16 juli 2024 | 29 min

Producing Secure Code by Leveraging AI - Stuart McClure - ASW #291

16 juli 2024 | 69 min

Solving the Complexities of Cyber Insurance for SMBs - Brian Fritton - BSW #356

15 juli 2024 | 66 min

Autobahn, APT 40, Meliorator, RADIUS, AT&T, Apple, Josh Marpet, and More... - SWN #397

12 juli 2024 | 34 min

Joiners, Movers, Leavers, and Failures: Why is Identity Management Still Struggling? - Henrique Teixeira - ESW #367

12 juli 2024 | 91 min

RFID hacking & More Vulnerability Shenanigans - Iceman - PSW #834

11 juli 2024 | 211 min

State Of Application Security 2024 - Sandy Carielli, Janet Worthington - ASW #290

9 juli 2024 | 73 min

Zotac, Eldorado, Donex, Qlins, Ticketmaster, AI, Physical Security, Aaran Leyland... - SWN #396

9 juli 2024 | 34 min

Technology Rationalization in Cybersecurity - Max Shier - BSW #355

9 juli 2024 | 61 min

Binary - SWN Vault

5 juli 2024 | 26 min

Hacker Heroes - Joe Grand - PSW Vault

3 juli 2024 | 104 min

How To Avoid Being Phished - SWN Vault

2 juli 2024 | 46 min

CISOs 2023 Planning Guide: Forecast The Recession's Impact On Your Program - Jeff Pollard - BSW Vault

1 juli 2024 | 33 min

MoveIT, Entrust, Fed Reserve, ISPs, Volt Typhoon & More - Chris Wolski - SWN #395

28 juni 2024 | 29 min

The risks and best practices of deploying AI to an enterprise - Martin Roesch, Anurag Lal - ESW #366

28 juni 2024 | 136 min

We all might be a little worn out on this topic, but there's no escaping it. Executives want to adopt GenAI and it is being embedded into nearly every software product we use in both our professional and personal lives. In this interview, Anurag joins us to discuss how his company evaluated and ultimately integrated AI-based technologies into their products. We discuss:

What to be aware of when deploying GenAI
Key use cases and successes organizations are having with GenAI
Some of the risks to be aware of
How to prepare employees for GenAI
Best practices to prepare for evolving threats

For decades, security teams have been focused on preventing and detecting threats, only to find themselves buried so deep in alerts, they can't detect anything at all! We clearly need a different approach, which will be the topic of our conversation today with Marty. We'll be discussing a shift in philosophy and tactics. We'll discuss whether SecOps has a hoarding problem, and possible paths out of the current situation preventing today's teams from successfully detecting attacks. Finally, we'll discuss the impact AI has on all this (if any).

Segment Resources:

We've made a slight tweak to the news format, only focusing on the most interesting funding and acquisition stories. As always, you can go check out Mike Privette's Return on Security newsletter for the full list of funded and acquired companies every week.

This week, we discuss two $100M+ rounds, from Huntress and Semperis. We also discuss NetSPI's acquisition of Hubble, and the future of the CAASM market.

We focus on the important of detection engineering, echoing some of Martin Roesch's thoughts from our interview with him just before the news. One story is from the excellent DFIR report, a website and newsletter you should absolutely be subscribed to if detection engineering is important to you. The other story is from Thinkst, and showcases their ability to create file share honeypots with file listings that can now be tailored to specific industries.

We discuss the results of some polls that RSnake ran on Twitter, to get feedback from folks on what they think about these models where CISOs are reportedly getting kickbacks for buying products from companies they advise.

We also discuss the latest whistleblower insights about Microsoft and the state of security there, and the recent Polyfill.io incident that targeted over 100k websites with malware.

Finally, we spend the rest of the news segment discussing the current state of Generative AI, from our own perspectives, but also through the lens of Bruce Schneier's latest blog post, a year old post from Marc Andreesen, and a rage-fueled rant from an angry Aussie.

Don't miss the squirrel story - we highly recommend sending it to all your PhD friends (or not, if they're easily insulted and/or likely to hold a grudge).

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-366

Do We Need Penetration Testing and Vulnerability Scanning? - Josh Bressers, Adrian Sanabria - PSW #833

27 juni 2024 | 172 min

Baltimore, GPS Jammed, US bans, ARM, YouTube, Kraken and Joshua Marpet - SWN #394

25 juni 2024 | 30 min

Building a Successful API Security Strategy - Luke Babarinde, Bhawna Singh - BSW #354

25 juni 2024 | 65 min

OAuth 2.0 from Protecting APIs to Supporting Authorization & Authentication - Aaron Parecki - ASW #289

24 juni 2024 | 61 min

Access vs Actions, Beyond Traditional IGA, Remote Identity Verification, & Fraud - Tim Prendergast, Damon Tompkins, Andrew Bud, Chris Meyer - ESW Vault

21 juni 2024 | 59 min

Traditional approaches to access management are no longer sufficient to safeguard enterprise security. Tim will explain why the most effective approach to modern enterprise security requires a Zero Trust model that extends beyond just access to encompass every action, no matter how minor.

Tim will describe the importance of implementing a Zero Trust framework that evaluates each command, query, and configuration change in real-time, and how that delivers the most effective and complete security solution. Doing so involves the application of fine-grained authorization policies that adapt to the context of the user, the sensitivity of the action, and the prevailing threat landscape.

Segment Resources: https://www.strongdm.com/blog/pam-was-dead-strongdm-just-brought-it-back-to-life https://www.strongdm.com/whitepaper/technical-overview

This segment is sponsored by StrongDM. Visit https://securityweekly.com/strongdmidv to learn more about them!

Traditional IGA solutions are not risk-focused by design, and as audit and compliance focus continues to expand beyond core ERP systems and into line of business apps and point solutions, organizations must plan holistically how to address risk across their application landscape. It’s never too late to start kicking off your risk reduction journey, and utilizing an innovative, unified platform for both identity and access risk governance has significant, compounding benefits and helps organizations realize faster time to value, lower TCO and longer term consistent risk exposure reduction. Ensuring access to all of your business-critical applications is provisioned seamlessly, efficiently, and cost-effectively while meeting risk, audit and compliance requirements should be the primary goal of any identity and access risk governance solution implementation.

Segment Resources: https://get.pathlock.com/demo-sem-kuppingercole-access-control-tools-multi-vendor-lob https://pathlock.com/learn/access-provisioning/ https://pathlock.com/compliant-provisioning-copy/ https://pathlock.com/learn/what-is-identity-governance-and-administration/ https://pathlock.com/distressed-iga-deployments/

This segment is sponsored by Pathlock. Visit https://securityweekly.com/pathlockidv to learn more about them!

Remote identity verification is one of the biggest challenges in the digital age, especially with the use of AI-generated deepfakes which are now impossible to distinguish from real imagery with the human eye. AI-powered biometrics have emerged as the most robust defense against deepfakes - and therefore, the only reliable method for remote identity verification.

Segment Resources: iProov.com https://www.iproov.com/ iProov Threat Intelligence Report 2024: The Impact of AI on Remote Identity Verification - https://www.iproov.com/reports/iproov-threat-intelligence-report-2024

This segment is sponsored by iProov. Visit https://securityweekly.com/iproovidv to learn more about them!

The criminal opportunity shaping the landscape today and how authoritative, accurate and automated processes are helping others increase their conversion rates by 20% while preventing 99% of all fraudulent attempts. What is the Criminal Opportunity facing us all right now? Data breaches and mail theft have resulted in a record level of available compromised Identity Information, payment information, and login information and even stolen checks. It has been said that ’At this point, all of our information is out on the dark web and it's now just a matter of when is it going to be used against us.’ Combined with inadequate fraud strategies, fraudsters have the key to the castle, it’s a perfect scenario of having the answers to the quiz ahead of time.

This segment is sponsored by Intellicheck. Visit https://securityweekly.com/intellicheckidv to learn more about them!

Show Notes: https://securityweekly.com/vault-esw-14

Cybersecurity In College - SWN Vault

21 juni 2024 | 38 min

iShield Key Experience, Automated (PKI) Infrastructure, & GenAI Identity Attacks - Kevin Fadaie, Roni Bliss, David Mahdi - ESW Vault

21 juni 2024 | 45 min

FIDO security keys are not new in the authentication workflow. They have been around now for 10 years. What is new is the combination of the most secure multi-factor authentication method not only for logical but also for physical access control with the highest FIPS140-3 security certification in the market.

Segment Resources: Video "Swissbit iShield Key Pro: Protecting Digital Identities" https://www.youtube.com/watch?v=kxtqOyZ6e80

This segment is sponsored by Swissbit. Visit https://securityweekly.com/swissbitidv to learn more about them!

While AI artificial intelligence is up-and-coming, automating your organization's PKI infrastructure is very much a reality, and can help save your IT team on hardware costs and employee costs in the long term. Additionally, a powerful PKI-as-a-Service solution provides the cryptoagility your organization can rely on as artificial intelligence, post-quantum computing, and shortened certificate validity periods become reality.

This segment is sponsored by HID. Visit https://securityweekly.com/hididv to learn more about them!

Cyberattacks, fraud and breaches, we’ve all studied them, and we are all aware that identity is under attack. And if we thought it was bad up until now, we haven't fully seen the impact of GenAI based identity attacks. Going beyond just Deepfakes, GenAI-powered malicious services such as FraudGPT, lets novices craft targeted and sophisticated attacks that bypass common IAM and security controls. Identity and security leaders must brace themselves for an increase in the volume, velocity and variety of attacks ("the three V's:). In this talk, former Gartner analyst David Mahdi and CIO of Transmit Security cover what you need to know about GenAI these attacks, and what you can do about it. Specifically, the types of attacks fraudsters are conducting across the identity lifecycle, insight into their tactics and services, and finally recommendations for a path forward.

This segment is sponsored by Transmit Security. Visit https://securityweekly.com/transmitidv to learn more about them!

Show Notes: https://securityweekly.com/vault-esw-13

Bringing Autonomy to AppSec - Dr. David Brumley - ESW Vault

20 juni 2024 | 32 min

Hacker Heroes - Dave Aitel - PSW Vault

19 juni 2024 | 89 min

Back To School: Networking 101 - SWN Vault

18 juni 2024 | 26 min

Learning EBPF - Liz Rice - ASW Vault

18 juni 2024 | 37 min

Zero Trust Is Not A SKU - Saša Zdjelar - BSW Vault

17 juni 2024 | 33 min

Shared irresponsibilities and the importance of product privacy: Apple vs Microsoft - Mark Batchelor, Vibhuti Sinha, Chris Simmons, Gerry Gebel, Ajay Gupta, Tarvinder Sembhi - ESW #365

14 juni 2024 | 161 min

This week, we've got data security being both funded AND acquired. We discuss Lacework's fall from unicorn status and why rumors that it went to Fortinet for considerably more than Wiz was willing to pay make sense.

Microsoft Recall and Apple Intelligence are the perfect bookends for a conversation about the importance of handling consumer privacy concerns at launch.

How can the Snowflake breach both be one of the biggest breaches ever, but also not a breach at all (for Snowflake, at least). It's time to have a conversation about shared responsibilities, and when the line between CSP and customer needs to shift.

The CSA's AI Resilience Benchmark leaves much to be desired (like, an actual usable benchmark) and Greg Linares tells a wild story about how the first Microsoft Office 2007 vulnerability was discovered.

Finally, the Light Phone III was announced. Do we finally have a usable minimalist, social media detox-friendly phone option? Will Adrian have to buy one to find out?

Several recent trends underscore the increasing importance of Know Your Business (KYB) practices in today's business landscape. One significant trend is the rise in financial crimes, including money laundering, fraud, and terrorist financing. Technological advancements have transformed the way businesses operate, leading to increased digitization, online transactions, and remote customer interactions. While these developments offer numerous benefits, they also create opportunities for criminals to exploit vulnerabilities. Higher value remote transactions are performed at higher volumes. In addition, government programs such as the PPP program created a need for onboarding business quickly. This created a influx of fraudulent entities and claim who are now exploiting other channels. The convergence of these trends highlights the critical role of KYB in safeguarding businesses, ensuring regulatory compliance, and fostering trust among stakeholders in today's dynamic and interconnected business environment.

Segment Resources: https://files.scmagazine.com/wp-content/uploads/2024/05/idi-Identiverse-Brochure_05-2024-KYB-PRINT.pdf

This segment is sponsored by IDI. Visit https://securityweekly.com/idiidv to learn more about them!

From wrestling with integration complexities to managing unexpected glitches, the realities of SSO implementation can produce very different results than what you want. Are users actually using SSO to login or are they still using the direct logins they gained before enabling SSO? We explore the reasons behind why SSO efficacy isn't always what it seems and what you can do about it.

This segment is sponsored by Savvy. Visit https://securityweekly.com/savvyidv for a no cost SaaS-Identity checkup!

With identity being the new security perimeter, identity platforms are now an integral part of the core security stack. Inherently these platforms are complex and it takes months and years for organizations to realize the business value. And this is going to get worse. The sheer volume and velocity with which new identity types are being added, as well the sophistication of attacks on identity platforms, requires a transformational shift to Identity security and governance. 50% operational efficiency and delivering security at scale are the two big initiatives which organizations have embarked on. In this session, Vibhuti Sinha, Chief Product Officer of Saviynt will share his insights and discuss how Saviynt is at the forefront of this transformation.

This segment is sponsored by Saviynt. Visit https://securityweekly.com/saviyntidv to learn more about them!

Enterprises often struggle with achieving business value in identity programs. This is typically the result of technology choices that require a disproportionately greater amount of effort and focus and underestimating the workforce required for organizational change management. With 30 years in the industry and a depth of accumulated knowledge working with large, global customers and vendors, we share how to identify and realize the business value in your organization’s identity program.

Segment Resources: https://files.scmagazine.com/wp-content/uploads/2024/05/SDG-IAM-Brief-1.pdf https://files.scmagazine.com/wp-content/uploads/2024/05/SDG-IAM-Modernization-Service-Brief-1-1.pdf

This segment is sponsored by SDG. Visit https://securityweekly.com/sdgidv to learn more about them!

In today’s increasingly complex cloud environments, ensuring continuous access to identity services is critical for maintaining business operations and security. Gerry Gebel, VP of Product and Standards at Strata Identity, will discuss the recently announced Identity Continuity product, designed to provide uninterrupted identity services even during outages. Unlike traditional disaster recovery solutions, Identity Continuity autonomously fails over to alternate identity providers, ensuring seamless access management. Join us to explore how Strata Identity is enhancing resilience in the identity management space.

Segment Resources: Strata Identity Continuity Product page: https://www.strata.io/maverics-platform/identity-continuity/ State of Multi-Cloud Identity report: https://strata.io/wp-content/uploads/2023/08/State-of-multi-cloud-identity-2023_Strata-Identity.pdf Parametrix Survey = https://www.reinsurancene.ws/leading-cloud-service-providers-faced-1000-disruptions-in-2022-parametrix/

This segment is sponsored by Strata. Visit https://securityweekly.com/strataidv to learn more about them!

Digital businesses are under attack from account and platform fraud, including Account Takeover (ATO), account opening fraud, and many variations of fraudulent account scams, impersonations, transactions and collusions. Learn best practices to stop fraud with better detection and prevention that can also improve customer satisfaction and operating efficiencies.

This segment is sponsored by Verosint. Visit https://securityweekly.com/verosintidv to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-365

Trust in Microsoft, Apple, and the Holy AI, Moonstone Sleet, Cheating, Joshua Marpet - SWN #393

14 juni 2024 | 34 min

GenAI, Security, and More Lies - Aubrey King - PSW #832

14 juni 2024 | 174 min

Buzz Aldrin, the Gray Lady, Veeam, Microsoft squared, Nvidia, Josh Marpet... - SWN #392

11 juni 2024 | 32 min

Microsoft Recall's Security & Privacy, Hacking Web APIs, Secure Design Pledge - ASW #288

11 juni 2024 | 39 min

The State of the Cybersecurity Market, At Least According to Gartner - Vivek Ramachandran, Carl Froggett, Padraic O'Reilly - BSW #353

10 juni 2024 | 64 min

Did you miss Gartner Security & Risk Management last week in National Harbor, MD? Don't worry, Padraic O'Reilly, Founder and Chief Innovation Officer at CyberSaint, joins us to discuss the hot topics that were presented at the conference last week, including:

Artificial Intelligence(AI)
Continuous Threat Exposure Management(CTEM)
Identity & Access Management (IAM)
Cyber Risk

Padraic will also discuss the changing role of the CISO, at least in the eyes of Gartner. Don't miss this recap.

This segment is sponsored by CyberSaint . Visit https://securityweekly.com/cybersaint to learn more about them!

The recent rise in adversarial AI has made it clear: organizations must fight AI with better AI. Gone are the days of relying on legacy, antiquated endpoint detection and response offerings, or cybersecurity tools that are based on ineffective machine learning models. In this interview, Deep Instinct CIO Carl Froggett will explain why Deep Learning is the most superior form of AI, and the technology’s role in powering predictive prevention.

This segment is sponsored by Deep Instinct. Visit https://securityweekly.com/deepinstinctrsac to learn more about them!

Attackers are targeting enterprise users when they are online via attacks like spear phishing, malicious docs infected with malware/ransomware.

Today SASE/SSE’s Secure Web Gateway (SWG) component is touted as the solution to this problem. These SWGs look at traffic between the enterprise users and websites and try to infer attacks.

Unfortunately, attackers are subverting these SWGs and breaking into enterprises. There is an urgent need to stop this and the solution seems to be to have a browser native security agent which can detect-mitigate attacks happening on the users browser and allow enterprises to threat hunt web attacks company wide.

Segment Resources: Why Browser Native Solutions are better than Cloud Based Proxies: https://drive.google.com/file/d/1cItXj1KEm45ZNklASFmcvprbPqZChcMn/view?usp=sharing

Data Sheet: https://drive.google.com/file/d/1tv3q2iTFROJPceq2b9SJtzkdHD9J6mvC/view?usp=sharing

Blog on the Many Failures of Secure Web Gateways: https://labs.sqrx.com/the-unspoken-challenges-of-secure-web-gateways-c516bc287a6d

Latest Press Release: Forbes: Critical Security Flaws Found In Email Top 4—Apple, Gmail, Outlook & Yahoo: https://www.forbes.com/sites/daveywinder/2024/04/04/critical-security-flaw-in-apple-icloud-google-gmail-microsoft-outlook-yahoo-mail-aol-mail-email/

This segment is sponsored by Square X. Visit https://securityweekly.com/squarexrsac to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-353

AI, Lockbit, Veeam, Club Penguin, Kali, Commando Cat, HugeGraph, Aaran Leyland... - SWN #391

7 juni 2024 | 35 min

Interest in Identity Security is Spiking - John Shier, Will Lin, Christopher Harrell, Jim Broome - ESW #364

7 juni 2024 | 151 min

"Identity security has been around forever though", you might be thinking. Allow me to clarify. Identity is the largest cybersecurity product category, but most of it is focused on identity governance, authentication, multi-factor, etc. Very little of it is focused on operational identity security. It's this trend, where we recently (within the last 2 years) started seeing the ITDR (Identity Threat Detection and Response) acronym that we'll be focused on today. Particularly:

Why is this trend/spike occurring now?
What was or is missing to do identity security properly?
What does the future of securing identity look like?

And it's difficult to do better for this conversation than Will Lin. He spent the last half decade as a VC. On a daily basis, he was looking at the big picture of cybersecurity markets and trends. He discussed security challenges with CISOs and other security buyers on a regular basis, both directly and through the Security Tinkerers community he founded. All this led to a decision to quit the VC world to become a founder himself. Of all the categories he could have chosen, he chose identity security, and that's why we're happy to have him for this conversation.

Segment Resources:

The Future of Identity AKA Identity promo video focused on the future of Identity

We start off discussing the latest round of fundings, centered largely around data security and securing LLM use. This dovetails into a discussion about marketing language and how difficult it can be for buyers to work out what the latest round of early stage startups are doing.

Next, we discuss Cloudflare and Bugcrowd's acquisitions, as well as Synopsys's divestiture of its appsec portfolio.

From here, we dive into a raft of new features across both IT and cybersecurity products, like Azure, Dashlane, LastPass, and PagerDuty. Discussing Huntress's active remediation feature triggers a conversation about this latest product trend: vendors seem to think buyers are ready for fully automated remediation actions. We're not so sure they are.

To wrap up the cybersecurity coverage, Brandon Dixon has an interesting tutorial regarding a Security Copilot use case that looks a LOT like the default phishing enrichment use case that has been used for every SOAR POC ever. To clarify, this is a great piece in that it is all practical, has no marketing fluff, and shows you how to do something useful with Security Copilot. Where it pulls up short is managing to live up to the hype we've been hearing about Security Copilot from day one.

We agree to table the discussion on Microsoft Recall until we know more about what GA of the feature will look like, and then dig into a VERY interesting squirrel story about an audio-based hacking puzzle created by a rock band.

The interview will delve into the healthcare industry's tumultuous year in 2023, marked by 124 million breached health records across 725 hacking incidents (according to The HIPAA Journal). This interview will explore the critical role that MSSPs play in safeguarding health data and systems against potential security incidents, such as ransomware and business email compromise attacks. Jim Broome will share how to proactively prepare for an incident - including establishing a comprehensive incident response plan, outlining strategies for containment, restoration, and ongoing security operations, and how an MSSP can help.

Segment Resources: Tales from the Road Blog: An External Pen Test at a Healthcare Organization Reveals the Dangers of the Dark Web - https://www.directdefense.com/tales-from-the-road-an-external-pen-test-reveals-the-dangers-of-the-dark-web/

2023 Security Operations Threat Report: https://go.directdefense.com/2023-Security-Operations-Threat-Report

This segment is sponsored by DirectDefense. Visit https://securityweekly.com/directdefensersac to learn more about them!

In the dynamic landscape of cybersecurity, the urgency to eliminate passwords as a security vulnerability has never been more critical. Organizations are continuing to face a surge in the variety and complexity of cyber threats at historical rates, often fueled by compromised employee login credentials – resulting from attacks such as phishing which has been exacerbated by the rise in use of Artificial Intelligence (AI). The 2023 Verizon Data Breach Investigations Report underscores the staggering impact of breaches caused by stolen credentials, accounting for a staggering 74% of incidents. Christopher Harrell, Yubico’s Chief Technology Officer, shares how organizations can achieve passwordless authentication at scale with high assurance phishing-resistant multi-factor authentication (MFA) to elevate their security posture against phishing attacks while creating phishing-resistant users.

Segment Resources: https://www.yubico.com/blog/empowering-enterprise-security-at-scale-with-new-product-innovations-yubikey-5-7-and-yubico-authenticator-7/

https://www.yubico.com/press-releases/yubicos-key-product-innovations-empower-enterprise-security-and-phishing-resistant-passwordless-authentication-at-scale/

This segment is sponsored by Yubico. Visit https://securityweekly.com/yubicorsac to learn more about them!

In this podcast segment, we delve into Sophos' fifth annual State of Ransomware report, exploring significant findings and trends in the evolving ransomware landscape. We'll discuss the sharp increase in recovery costs, the strategic targeting of backups by hackers, and the evolving role of cyber insurance in ransom payments. Our discussion will provide insights into how organizations can adapt their cybersecurity measures to mitigate these heightened threats and recover more effectively from attacks.

Segment Resources: Blog: The State of Ransomware 2024 Report: https://assets.sophos.com/X24WTUEQ/at/9brgj5n44hqvgsp5f5bqcps/sophos-state-of-ransomware-2024-wp.pdf Press release: Ransomware Payments Increase 500% In the Last Year, Finds Sophos State of Ransomware Report

This segment is sponsored by Sophos. Visit https://www.securityweekly.com/sophosrsac to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-364

Whose Vulnerability Is It Anyway? - Josh Bressers - PSW #831

6 juni 2024 | 164 min

Gold Pressed Latinum, VBScript, ORBS, Rockwell, Chrome, SKY, Aaran Leyland, and More - SWN #389

4 juni 2024 | 36 min

BCNF, Azure, Roaring Kitty, Hugging Face, Okta, Linux, Oracle, Josh Marpet... - SWN #390

4 juni 2024 | 35 min

Open Source Software Supply Chain Security & The Real Crisis Behind XZ Utils - Idan Plotnik, Luis Villa, Erez Hasson - ASW #287

4 juni 2024 | 72 min

Emotional Intelligence for Cyber Leaders - James Doggett, Jessica Hoffman, Sivan Tehila - BSW #352

3 juni 2024 | 61 min

Since the 1995 publication of Daniel Goleman’s international bestseller Emotional Intelligence, Why It Can Matter More Than IQ, a global movement has developed to bring “EQ” into practice in businesses, schools, and communities around the globe. But what is its impact on Cybersecurity?

In this interview, we welcome Jessica Hoffman, Deputy CISO for the City of Philadelphia, to discuss how Emotional Intelligence can be applied by CyberSecurity leadership to create a better culture and better leaders. Jessica will discuss the five skills that encompass Emotional Intelligence, including:

Self Awareness
Self Regulation
Motivation
Empathy
Social Skills

and examples of how to use them. If you want to be a better cyber leader, then don't miss this episode.

Semperis CISO Jim Doggett shares insights into the evolving role of the CISO. The daily onslaught of cyberattacks not only increases business risk, but also puts a company’s most important data at risk – data on the company, its employees, customers, and partners. Now, more than ever, the CISO is being asked to understand the business of cyber without being given much time to implement plans for protecting an organization’s infrastructure. There is a balance needed between being a technical and business leader, and Jim can share stories from his successful career to enlighten listeners.

Segment Resources:

Read: https://www.semperis.com/blog/5-itdr-steps-for-cisos/

Watch: https://www.semperis.com/resources/the-key-to-cyber-resilience-identity-system-defense/

This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisrsac to learn more about them!

With new industry regulations, like the SEC’s Cybersecurity Disclosure Rules, there is an increasing demand on CISOs and security leaders to be able to quantify, communicate, and demonstrate how their cybersecurity programs and strategies are impacting the business. In this interview, Sivan Tehila, CEO and Founder of Onyxia Cyber, will discuss new advances in Cybersecurity Management and how CISOs and security leaders can harness the power of data intelligence, automation, and AI to proactively improve risk management, ensure organizational compliance, and align their security initiatives with business goals.

Segment Resources: https://rsac.vporoom.com/2024-04-30-Onyxia-Introduces-AI-to-Cybersecurity-Management-Platform-to-Power-Predictive-Security-Program-Management

https://www.forbes.com/sites/forbestechcouncil/2023/06/21/three-ways-to-best-communicate-the-value-of-your-security-program-to-business-stakeholders/?sh=18f0f6892e6f

This segment is sponsored by Onyxia. Visit https://securityweekly.com/onyxiarsac to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-352

A CISO’s Perspective, Defending Against AI & Ransomware Evolution - Kris Lahiri, Jim Broome, Mike Lyborg - ESW Vault

31 maj 2024 | 47 min

In this interview, join Swimlane Chief Information Security Officer, Mike Lyborg, and host Akira Brand as we discuss the value of cybersecurity marketplaces from a CISO perspective. Through insightful discussions, unpack the connection between outcomes-driven solutions and tangible business KPIs.

This segment is sponsored by Swimlane. Visit https://securityweekly.com/swimlanersac to learn more about them!

The past two years have witnessed an unprecedented surge in the adoption of generative artificial intelligence (AI) across various industries. And while this presents new efficiencies, with these benefits come significant security concerns. The widespread integration of AI applications increases the risk of data breaches and intellectual property theft, while also expanding organizations' vulnerability to malicious data injection and other AI-driven cyberattacks. During this interview Jim will explore why it’s imperative to implement robust security measures to mitigate these evolving risks effectively, and how working alongside an MSSP can benefit your overall security posture.

Segment Resources: https://go.directdefense.com/2023-Security-Operations-Threat-Report

This segment is sponsored by DirectDefense. Visit https://securityweekly.com/directdefensersac to learn more about them!

In recent years, ransomware attacks have undergone a transformative evolution, shifting from indiscriminate, mass-distributed assaults to highly targeted, sophisticated campaigns. Kris Lahiri is able to discuss the dynamic landscape of ransomware and dive into the techniques he has seen cybercriminals employ, the motivations behind these attacks, and the escalating impact on individuals, businesses, and critical infrastructure.

Segment Resources: https://www.egnyte.com/solutions/ransomware-detection https://www.egnyte.com/guides/governance/ransomware

This segment is sponsored by Egnyte. Visit https://securityweekly.com/egnytersac to learn more about them!

Show Notes: https://securityweekly.com/vault-esw-11

Securing Backups - SWN Vault

31 maj 2024 | 20 min

Achieving Cyber Resilience, External Cybersecurity & Risk Reduction - Margarita Barrero, Andy Grolnick, Alexandre Sieira - ESW Vault

31 maj 2024 | 48 min

Organizations today are overwhelmed with the sheer magnitude of potential cybersecurity threats and there is plenty of vendor buzz around AI in Security products, but what is the reality? Threat detection and incident response (TDIR) strategy and execution have never been more critical and are essential in maintaining cyber resilience and strengthening the security posture of every organization. TDIR aims to identify potential threats and respond before they can impact a business. A layered defense focuses on identifying threat activity, prioritizing investigations, and measuring risk. As a result, organizations can take the appropriate threat mitigation steps. These security strategies and protocols signify a step forward with a TDIR strategy where everyone from the CISO to the security analyst wins.

This segment is sponsored by Graylog. Visit https://securityweekly.com/graylogrsac to learn more about them!

Axur is a cost-effective external cybersecurity solution that empowers security teams to handle threats beyond the perimeter. Our platform detects, inspects, and responds to brand impersonation, phishing scams, dark web mentions, threat intel vulnerabilities, and more.

This segment is sponsored by Axur. Visit https://securityweekly.com/axurrsac to learn more about them!

Segment Resources: https://www.axur.com/en-us/partners https://www.axur.com/en-us/outsourced-takedown https://www.axur.com/polaris/home

Vendors, sales channels, partners and other kinds of third parties are essential to most businesses. Ensuring that the information security risks of those other companies don't impact your own is the remit of Third Party Cyber Risk Management (TPCRM) teams. It is increasingly evident, however, that the existing practices and tools are not up to the challenge. They make the process even more adversarial than it needs to be, are focused on risk transfer and/or acceptance rather than reduction; are based on limited and low quality signals; and are often excruciatingly manual. We can do better as an industry, and in this conversation we are going to explore a new paradigm for TPCRM and its advantages for third and first parties.

Segment Resources: Alice in Supply Chains is a monthly marketing-free newsletter with curated news and commentary on TPCRM: https://www.linkedin.com/newsletters/alice-in-supply-chains-6976104448523677696/

This segment is sponsored by Tenchi Security. Visit https://securityweekly.com/tenchirsac to learn more about them!

Show Notes: https://securityweekly.com/vault-esw-10

Exploring the latest FortiGuard Labs Threat Report - Derek Manky - ESW Vault

30 maj 2024 | 41 min

Hacker Heroes - Josh Corman - PSW Vault

29 maj 2024 | 71 min

Securing Shadow Apps & Protecting Data - Guy Guzner, Pranava Adduri - ASW Vault

28 maj 2024 | 31 min

Collecting Bounties and Building Communities - Ben Sadeghipour - ASW Vault

28 maj 2024 | 36 min

College Degrees - SWN Vault

28 maj 2024 | 24 min

The VC Perspective: Embracing Uncertainty & Staying the Course - Alberto Yépez - BSW Vault

27 maj 2024 | 36 min

Shifting Third Party Risk & What You Need to Know About PCI DSS 4.0 - Lynn Marks, Paul Valente - BSW Vault

27 maj 2024 | 29 min

This Week: short on funding, long on research and analysis & RSAC Interviews - ESW #363

24 maj 2024 | 159 min

Pen Testing As A Service - Seemant Sehgal - PSW #830

23 maj 2024 | 172 min

SWN #388- Big Tech, Fighting a Junta, Keylogger in Microsoft , APT Hackers, Free Laundry, Joshua Marpet & more

21 maj 2024 | 24 min

Node.js Secure Coding - Oliver Tavakoli, Chris Thomas, Liran Tal - ASW #286

21 maj 2024 | 69 min

Security Money: Rubrick Saves The Index As It Continues To Climb - Jim Simpson, Theresa Lanowitz - BSW #351

20 maj 2024 | 56 min

Microsoft, North Korea, Santander, CISA, Deepfakes, Aaran Leyland & More - SWN #387

17 maj 2024 | 32 min

Post-RSAC, Our Heads Are Spinning, and Big News Keeps on Coming! Plus On-Site Interviews from RSAC - ESW #362

16 maj 2024 | 148 min

The Impacts Of Cryptocurrency - Nicholas Weaver - PSW #829

16 maj 2024 | 193 min

3000 Years Ago, Dell, Robocalls, PyPI, Cinterion, Cacti, Chat-GPT, Josh Marpet... - SWN #386

14 maj 2024 | 37 min

Inside the OWASP Top 10 for LLM Applications - Sandy Dunn, Mike Fey, Josh Lemos - ASW #285

14 maj 2024 | 67 min

Identity Resilience: The Next Frontier in Security - Hed Kovetz, Ray Zadjmool, Jeff Margolies - BSW #350

13 maj 2024 | 61 min

Easy Passwords, BIG-IP, Ascension, Lockbit, Google, Poland, ZScaler, Aaran Leyland... - SWN #385

10 maj 2024 | 37 min

Executive Interviews from RSAC! - ESW #361

9 maj 2024 | 129 min

Corporate Ransomware Deep Dive - Jeremiah Grossman, Mikko Hypponen - PSW #828

8 maj 2024 | 116 min

Tetris, APT42, Kimsuky, Android, ChatRTX, MITRE, Computer Dating, Josh Marpet, More - SWN #384

7 maj 2024 | 38 min

AI & Hype & Security (Oh My!) & Hacking AI Bias - Caleb Sima, Keith Hoodlet - ASW #284

7 maj 2024 | 65 min

Say Easy, Do Hard - Train How You Fight, Part 1 - Malcolm Harkins - BSW #349

6 maj 2024 | 60 min

Weird Al, Docker, OT, Gitlab, Credit Monitoring, Dropbox, Cisco, AI, Aaran Leyland... - SWN #383

3 maj 2024 | 35 min

Preparation: The Less Shiny Side of Incident Response - Joe Gross - ESW #360

3 maj 2024 | 117 min

Kicking Off With Crypto - PSW #827

2 maj 2024 | 184 min

AI, Okta, Chrome, Quantum, Kaiser Permanente, FTC, FCC, NCSC, Josh Marpet, and more. - SWN #382

30 april 2024 | 37 min

Why Companies Continue to Struggle with Supply Chain Security - Melinda Marks - ASW #283

30 april 2024 | 80 min

Meet Silver SAML: Golden SAML in the Cloud - Eric Woodruff - BSW #348

29 april 2024 | 60 min

TikTok, Flowmon, Cisco, Brokewell, RuggedCom, Deepfakes, Non-Competes, Aaran Leyland - SWN #381

26 april 2024 | 38 min

Advising The President On Cyber-Physical Resilience - Philip Venables - PSW #826

25 april 2024 | 171 min

Autonomous - I don't think that word means what you think it means - Adam Shostack, Ely Kahn - ESW #359

25 april 2024 | 118 min

A clear pattern with startups getting funding this week are "autonomous" products and features.

Automated detection engineering
Autonomously map and predict malicious infrastructure
..."helps your workforce resolve their own security issues autonomously"
automated remediation
automated compliance management & reporting

I'll believe it when I see it. Don't get me wrong, I think we're in desperate need of more automation when it comes to patching and security decision-making. I just don't think the majority of the market has the level of confidence necessary to trust security products to automate things without a human in the loop.

The way LimaCharlie is going about it, with their new bi-directional functionality they're talking up right now, might work, as detections can be VERY specific and fine-grained.

We've already seen a round of fully automated guardrail approaches (particularly in the Cloud) fail, however. My prediction? Either what we're seeing isn't truly automated, or it will become a part of the product that no one uses - like Metasploit Pro licenses.

We've talked about generative AI in a general sense on our podcast for years, but we haven't done many deep dives into specific security use cases. That ends with this interview, as we discuss how generative AI can improve SecOps with Ely Kahn. Some of the use cases are obvious, while others were a complete surprise to me. Check out this episode if you're looking for some ideas!

This segment is sponsored by SentinelOne. Visit https://securityweekly.com/sentinelone to learn more about them!

This is a great interview with Adam Shostack on all things threat modeling. He's often the first name that pops into people's heads when threat modeling comes up, and has created or been involved with much of the foundational material around the subject. Adam recently released a whitepaper that focuses on and defines inherent threats.

Resources:

Here's the Inherent Threats Whitepaper
Adam's book, Threat Modeling: Designing for Security
Adam's latest book, Threats: What Every Engineer Should Learn from Star Wars
We mention the Okta Breach - here's my writeup on it
We mention the CSRB report on the Microsoft/Storm breach, here's Adam's blog post on it
And finally, Adam mentions the British Library incident report, which is here, and Adam's blog post is here

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-359

Robofly, CRUSHFTP, Github, Palo Alto, MITRE, Fancy Bear, Deepfakes, Aaran Leyland... - SWN #380

23 april 2024 | 37 min

Sustainable Funding of Open Source Tools - Mark Curphey, Simon Bennetts - ASW #282

23 april 2024 | 78 min

What does DoD’s CMMC Requirement Mean for American Businesses - Edward Tuorinsky, Mike Lyborg - BSW #347

22 april 2024 | 65 min

Win 95, LastPass, Kubernetes, Sandworm, Bloomtech, Frontier, 911, Aaran Leyland... - SWN #379

19 april 2024 | 35 min

From Hackers to Streakers - How Counterintelligence Teams are Protecting the NFL - Joe McMann - ESW #358

18 april 2024 | 107 min

Protecting a normal enterprise environment is already difficult. What must it be like protecting a sports team? From the stadium to merch sales to protecting team strategies and even the players - securing an professional sports team and its brand is a cybersecurity challenge on a whole different level.

In this interview, we'll talk to Joe McMann about how Binary Defense helps to protect the Cleveland Browns and other professional sports teams.

This week, Adrian and Tyler discuss some crazy rumors - is it really possible that a cloud security startup valued at over $8 billion in November 2021 just got bought for $200 million???

Some healthy funding for Cyera and Cohesity ($300m and $150m, respectively)

Onum, Alethea, Sprinto, Andesite AI, StrikeReady, YL-Backed Miggo, Nymiz, Salvador Technologies, and Simbian all raise smaller seed, A, or B rounds.

Akamai picks up API security startup, Noname Security, Zscaler picks up Airgap networks, and it's rumored that Armis will acquire Silk Security for $150M.

LimaCharlie seems to be doing some vertical growth, adding its own response and automation capabilities (what they call "bi-directional" capabilities). CISA releases a malware analysis system to the general public. Boostsecurity.io releases "poutine", an open source CI/CD pipeline vulnerability scanner.

Some great essays this week, with Phil Venables' Letter from the Future, Ben Hawkes' Robots Dream of Root Shells, and Aileen Lee's 10 year Unicorn anniversary piece.

We briefly discuss the 3rd party breach that affected Cisco Duo customers, and the financial impact of Change Healthcare's highly disruptive ransomware incident.

Finally, we talk about the latest research on the security of LLMs and the apps using them. It's not looking great.

For more details, check out the show notes here: https://www.scmagazine.com/podcast-episode/3188-enterprise-security-weekly-358

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-358

PCI 4.0 - Winn Schwartau - PSW #825

17 april 2024 | 128 min

Version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS) puts greater emphasis on application security than did previous versions of the standard. It also adds a new “customized approach” option that allows merchants and other entities to come up with their own ways to comply with requirements, and which also has implications for application security. Specifically, PCI DSS 4.0 requires that by March 31, 2025, more testing of public-facing applications related to payment processing or other activities be considered “in scope” for compliance. Generally, any system that touches payment-card data is in scope for PCI DSS compliance, whether or not the system or function is public-facing. We'll talk through what organizations should have gotten done by March 31, 2024, and what needs to happen by March 31, 2025.

Segment Resources: https://info.obsglobal.com/pci-4.0-resources

Pioneering the Cyber Battlefield: A Deep Dive with Winn Schwartau, Cybersecurity Luminary

Get ready for an extraordinary episode as we sit down with Winn Schwartau, a true pioneer and luminary in the world of cybersecurity. Winn's impact on the field is nothing short of legendary, and in this podcast interview, we uncover the profound insights and experiences that have shaped his unparalleled career.

Winn Schwartau's journey began long before the mainstream recognition of cybersecurity as a critical discipline. As a thought leader and visionary, he foresaw the digital threats that would come to define our interconnected age. Join us as we delve into the early days of cybersecurity and explore the foresight that led Winn to become a trailblazer in the industry.

An accomplished author, speaker, and strategist, Winn Schwartau has been at the forefront of shaping cybersecurity policies and practices. From his groundbreaking book "Information Warfare" to his influential work on the concept of the "Electronic Pearl Harbor," Winn has consistently pushed the boundaries of conventional thinking in cybersecurity.

In this podcast episode, Winn shares his unique perspective on the evolution of cyber threats, the challenges faced by individuals and organizations, and the urgent need for a paradigm shift in cybersecurity strategy. Prepare to be captivated by the stories and experiences that have fueled Winn's advocacy for a more resilient and secure digital world.

Whether you're a cybersecurity professional, an enthusiast, or simply intrigued by the profound impact of technology on our lives, this conversation with Winn Schwartau promises to be a journey through the past, present, and future of cybersecurity.

Don't miss the chance to gain unparalleled insights from a true cybersecurity luminary. Tune in and discover the wisdom that only Winn Schwartau can bring to the table in this illuminating podcast interview.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw-825

Duo, Steganography, Roku, Palo Alto, Putty, Cerebral, IPOs, SanDisk, & Josh Marpet - SWN #378

16 april 2024 | 34 min

Demystifying Security Engineering Career Tracks - Karan Dwivedi - ASW #281

16 april 2024 | 63 min

From Idea to Success: How to Operationalize a Startup from Zero to Exit - Seth Spergel - BSW #346

15 april 2024 | 56 min

Combadges, SISENSE, Microsoft, CISA, Lastpass, Palo Alto, Broadband, Aaran and More - SWN #377

12 april 2024 | 31 min

Understanding KillNet and Recent Waves of DDoS Attacks - Michael Smith - ESW #357

11 april 2024 | 102 min

In the days when Mirai emerged and took down DynDNS, along with what seemed like half the Internet, DDoS was as active a topic in the headlines as it was behind the scenes (check out Andy Greenberg's amazing story on Mirai on Wired). We don't hear about DDoS attacks as much anymore. What happened?

Well, they didn't go away. DDoS attacks are a more common and varied tool of cybercriminals than ever. Today, Michael Smith is going to catch us up on the state of DDoS attacks in 2024, and we'll focus particularly on one cybercrime actor, KillNet.

Segment Resources:

Understanding DDoS Attacks: What is a DDoS Attack and How Does it Work? - I know the title makes this blog post sound rather basic, but it will get you up to speed on all the latest DDoS types, actors, and terminology pretty quickly!
What is An Application-Layer DDoS Attack, and How Do I Defend Against Them?
2023 DDoS Statistics and Trends
https://en.wikipedia.org/wiki/Killnet

This week, Tyler and Adrian discuss Cyera's $300M Series C, which lands them a $1.4B valuation! But is that still a unicorn? Aileen Lee of Cowboy Ventures, who coined the term back in 2013, recently wrote a piece celebrating the 10th anniversary of the term, and revisiting what it means. We HIGHLY recommend checking it out: https://www.cowboy.vc/news/welcome-back-to-the-unicorn-club-10-years-later

They discuss a few other companies that have raised funding or just come out of stealth, including Scrut Automation, Allure Security, TrojAI, Knostic, Prompt Armor.

They discuss Eclipsium's binary analysis tooling, and what the future of fully automated security analysis could look like.

Wiz acquired Gem, and Veracode acquired Longbow. Adrian LOVES Longbow's website, BTW.

They discuss a number of essays, some of which are a must read:

Daniel Miessler's Efficient Security Principle
Subsalt's series on data privacy challenges
Lucky vs Repeatable, a must-read from Morgan Housel
AI has Flown the Coop, the latest from our absent co-host, Katie Teitler-Santullo
Customer love by Ross Haleliuk and Rami McCarthy

We briefly cover some other fun - reverse typosquatting, AI models with built-in RCE, and Microsoft having YET ANOTHER breach.

We wrap up discussing Air Canada's short-lived AI-powered support chatbot.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-357

Digging Into Supply Chain Security - James McMurry - PSW #824

11 april 2024 | 180 min

Dronepocalypse, Microsoft, DLINK, Home Depot, Phishing, NIST, VenomRat, Josh Marpet - SWN #376

9 april 2024 | 36 min

Lessons That The XZ Utils Backdoor Spells Out - Farshad Abasi - ASW #280

9 april 2024 | 60 min

Understanding the Cybersecurity Ecosystem - Ross Haleliuk - BSW #345

8 april 2024 | 61 min

SEXi, Powerhost, Acuity, Layerslider, JSOutProx, Byakugan, Josh Marpet, and More - SWN #375

5 april 2024 | 33 min

XZ - Backdoors and The Fragile Supply Chain - PSW #823

4 april 2024 | 172 min

Getting Vulnerability Management Back on the Rails - Patrick Garrity - ESW #356

4 april 2024 | 117 min

NVD checked out, then they came back? Maybe?

Should the xz backdoor be treated as a vulnerability?

Is scan-driven vulnerability management obsolete when it comes to alerting on emerging threats?

What were some of the takeaways from the first-ever VulnCon?

EPSS is featured in over 100 security products, but is it properly supported by those that benefit from it?

How long do defenders have from the moment a vulnerability is disclosed to patch or mitigate it before working exploits are ready and in the wild?

There's SO much going on in the vulnerability management space, but we'll try to get to the bottom of some of in in this episode. In this interview, we talk to Patrick Garrity about the messy state of vulnerability management and how to get it back on the rails.

Segment Resources:

As we near RSA conference season, tons of security startups are coming out of stealth! The RSA Innovation Sandbox has also announced the top 10 finalists, also highlighting early stage startups that will be at the show.

In this week's news segment,

We discuss the highlights of the Cyber Safety Review Board's detailed and scathing report on Microsoft's 2023 breach
We spend a bit of time on the xz backdoor, but not too much, as it has been covered comprehensively elsewhere
We discover half a dozen of the latest startups to receive funding or come out of stealth: Coro, Skyflow, Zafran, Permiso, Bedrock Security, Abstract Security, and Sandfly
Apple is reportedly going to have some big AI announcements this summer, and we discuss how overdue voice assistants are for an LLM makeover.
Finally, we discuss the amazing innovation that is the Volkswagen RooBadge!

By the way, the thumbnail is a reference to the xz backdoor link we include in the show notes: https://lcamtuf.substack.com/p/technologist-vs-spy-the-xz-backdoor

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-356

Lena, XZ, WallEscape, AT&T, OWASP, Google, Microsoft, AI, Josh Marpet, and More - SWN #374

2 april 2024 | 33 min

Infosec Myths, Mistakes, and Misconceptions - Adrian Sanabria - ASW #279

2 april 2024 | 61 min

CISO Soul Searching: Navigating the Evolving Role of the CISO - Harold Rivas - BSW #344

2 april 2024 | 57 min

Why cyber hygiene requires curious talent - Clea Ostendorf - ESW #355

29 mars 2024 | 106 min

Many years ago, I fielded a survey focused on the culture of cybersecurity. One of the questions asked what initially drew folks to cybersecurity as a career. The most common response was a deep sense of curiosity. Throughout my career, I noticed another major factor in folks that brought a lot of value to security teams: diversity.

Diversity of people, diversity of background, and diversity of experience. I've seen auto mechanics, biologists, and finance experts bring the most interesting insights and forehead-slapping observations to the table. I think part of the reason diversity is so necessary is that security itself is incredibly broad. It covers everything that technology, processes, and people touch. As such, cybersecurity workers need to have a similarly broad skillsets and background.

Today, we talk to someone that embodies both this non-typical cybersecurity background and sense of curiosity - Clea Ostendorf. We'll discuss:

The importance for organizations to actively seek and welcome curious newcomers in the security field who may not conform to traditional cybersecurity norms.
Strategies for organizations to foster an environment that encourages individuals with curiosity, motivation, and a willingness to challenge conventional norms, thereby promoting innovative thinking in addressing security risks.

Segment Resources:

Evolving Threats from Within - Insights from the 2024 Code42 Data Exposure Report

This week, in the enterprise security news:

Early stage funding is all the rage
AI startups continue to pop out of stealth
The buyer's market continues with more interesting acquisitions
Purpose-built large language models for security
Benchmarking LLMs for security
GoFetch? More like... Get outta here (I couldn't think of anything clever)
Crowdstrike and NVIDIA team up
Why do people trust AI?
What do Google Sheets and Carlos Sainz Jr. have in common?

All that and more, on this episode of Enterprise Security Weekly!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-355

Electric Sheep, Exchange, Darcula, NuGet, Rockwell, FTX, Aaran Leyland, and More - SWN #373

29 mars 2024 | 37 min

Are we winning? - Jason Healey - PSW #822

28 mars 2024 | 181 min

Patrick Stewart, Colorama, Strelastealer, CVSS scores, CHUDS, Josh Marpet, and more - SWN #372

26 mars 2024 | 30 min

Apps Gone Wild: Re-thinking App and Identity Security for SaaS - Guy Guzner - BSW #343

26 mars 2024 | 63 min

Successful Security Needs a Streamlined UX - Benedek Gagyi - ASW #278

25 mars 2024 | 69 min

Top 5 Myths About API Security and What to Do Instead - Robert Dickinson - ESW #354

22 mars 2024 | 106 min

Robots, UDP, GoFetch, DCs, Pwn2Own, Verner Vinge, Reddit, Aaran Leyland, and More - SWN #371

22 mars 2024 | 29 min

Securing All The Things - Josh Corman - PSW #821

21 mars 2024 | 188 min

Sick Jokes, WEBGPU, Fortra, Azorult, Fujitsu, Phishing, Josh Marpet, and More - SWN #370

19 mars 2024 | 32 min

Figuring Out Where Appsec Fits When Starting a Cybersecurity Program - Tyler VonMoll - ASW #277

19 mars 2024 | 73 min

How The Evolving Threat Landscape Drives Innovation In Cybersecurity - Tom Parker, Dave Dewalt - BSW #342

18 mars 2024 | 62 min

Addressing Identity-Related Threats in 2024 - Rod Simmons - ESW #353

15 mars 2024 | 117 min

Cynicism, TikTok, Redline, Securam, Ghostrace, eSim Swaps, Aaran Leyland, and More - SWN #369

15 mars 2024 | 32 min

Memory Safety, Re-Writing Software, and OSS Supply Chains - Omkhar Arasaratnam - PSW #820

14 mars 2024 | 169 min

Dem Bones, Leather, QNAP, CISA, Microsoft, PyPI, France, AirBnB, Josh Marpet and More - SWN #368

12 mars 2024 | 32 min

Protecting Executives: Why The Home Is The New Battle Ground - Chris Pierson - BSW #341

12 mars 2024 | 59 min

More API Calls, More Problems: The State of API Security in 2024 - Lebin Cheng - ASW #276

12 mars 2024 | 72 min

Star Trek, JetBrains, Facebook, Chrome, FBI, USBs, TikTok, Aaran Leyland, and More - SWN #367

8 mars 2024 | 32 min

What can we do today to prevent tomorrow's breach? - Michael Mumcuoglu - ESW #352

7 mars 2024 | 107 min

Facing the Reality of Risk Prioritization - Bianca Lewis (BiaSciLab), Dan DeCloss - PSW #819

6 mars 2024 | 185 min

ToddleShark, Zeek, Stuxnet revisited, ICS, AMEX, Apple, Change, Josh Marpet, and More - SWN #366

5 mars 2024 | 32 min

The Simple Mistakes and Complex Seeds of a Vulnerability Management Program - Emily Fox - ASW #275

5 mars 2024 | 79 min

The Convergence of Security, Compliance, and Risk - Igor Volovich - BSW #340

4 mars 2024 | 59 min

Clueless pols, Lazarus, Ubiquity, UAMPQP, BlackCat, Airlines, Aaran Leyland and More - SWN #365

1 mars 2024 | 32 min

Hacktivism Unveiled: Insights into the Footprints of Hacktivists - Pascal Geenens - ESW #351

1 mars 2024 | 119 min

Social Engineering: AI & Living Off The Land - Jayson E. Street - PSW #818

1 mars 2024 | 174 min

Avast, Hadoop & Druid Servers, HackerGPT, Apple, Crowdstrike, EFF Lockbit, & More - SWN #364

27 februari 2024 | 28 min

Creating the Secure Pipeline Verification Standard - Farshad Abasi - ASW #274

27 februari 2024 | 57 min

AI Risks, Application Performance - Padraic O'Reilly, Shibu George - BSW #339

26 februari 2024 | 66 min

Two-Factor Authentication - SWN Vault

23 februari 2024 | 32 min

Threat Intelligence & Threat Hunting - Chris Cochran - ESW Vault

22 februari 2024 | 22 min

Illuminating Cybersecurity Wisdom: Insights from a Thought Leader - Wendy Nather - PSW Vault

21 februari 2024 | 66 min

Back to School: Networking 101 - SWN Vault

20 februari 2024 | 27 min

Redefining Threat Modeling - Security Team Goes on Vacation - Jeevan Singh - ASW Vault

20 februari 2024 | 38 min

The New BISO Role – A Career Path to CISO? - BSW Vault

19 februari 2024 | 24 min

Batman, Microsoft, War Driving, OpenAI, DevDrive, The Dead, Aaran Leyland, and More - SWN #363

16 februari 2024 | 34 min

Material: cybersecurity word of the year, thanks to the SEC - Amer Deeba - ESW #350

15 februari 2024 | 113 min

Physical Security and Social Engineering - Hacker Heroes: Toby Miller - PSW #817

15 februari 2024 | 123 min

In this segment, we discuss topics related to physical security and social engineering. We also touch on the challenges and strategies for implementing effective security measures. The discussion highlights the importance of understanding the relationship between physical security and social engineering. The panel emphasizes the need for a comprehensive approach to security, acknowledging that social engineering and physical security often go hand in hand. We stress the significance of testing physical security measures and conducting threat assessments to ensure robust protection against potential threats. The conversation touches on the concept of usability versus security, acknowledging that security measures should provide a balance between effective protection and practical usability. We explore the vulnerabilities of certain security technologies, such as biometrics, and underscore the need for continuous evaluation and adaptation of security measures to mitigate emerging threats.

Welcome to a riveting episode of Hacker Heroes, where we sit down with Toby Miller, a distinguished figure in the realm of cybersecurity. Toby brings a wealth of experience and a passion for fortifying digital landscapes against ever-evolving threats.

Armed with a profound understanding of cybersecurity intricacies, Toby has spent years honing his skills in the field. As a seasoned professional, he has not only weathered the storms of the digital frontier but has emerged as a beacon of knowledge and resilience in the face of cyber challenges.

Join us as we delve into Toby's journey, from the early days of his career to his current role as a cybersecurity expert. Gain valuable insights into the dynamic nature of cyber threats, the evolving tactics employed by malicious actors, and the strategies Toby employs to stay one step ahead in the ever-changing cybersecurity landscape.

Toby's expertise extends across a spectrum of cybersecurity domains, including risk management, threat intelligence, and incident response. Discover the mindset that propels him forward in the pursuit of securing digital infrastructures and safeguarding sensitive information.

In this podcast episode, Toby Miller shares anecdotes from the front lines of cybersecurity, offering our listeners a firsthand account of the challenges faced by professionals in the industry. Whether you're a cybersecurity enthusiast, a fellow professional, or someone navigating the digital landscape, Toby's insights are sure to enlighten and inspire.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw-817

Proactive Compliance, Improving Cybersecurity Culture, and Hiring The Right Skills - BSW #338

14 februari 2024 | 34 min

Creating Code Security Through Better Visibility - Christien Rioux - ASW #273

13 februari 2024 | 84 min

Angry mobs, Azure, Avanti, Rhysida, Warzone, Flipper Zero, Josh Marpet, and More - SWN #362

13 februari 2024 | 27 min

RoboJoe, SHIM, Fortinet, FaceOff, Simswap, sudo in Windows, Aaran Leyland, and More - SWN #361

9 februari 2024 | 35 min

Zero-Trust is Meaningless if Your Cryptography is Flakey - Vincent Berk - ESW #349

9 februari 2024 | 99 min

Legacy systems are riddled with outdated and unreliable cryptographic standards. So much so that recent proprietary research found 61 percent of the traffic was unencrypted, and up to 80% of encrypted network traffic has some defeatable flaw in its encryption

No longer can enterprises take their cryptography for granted, rarely evaluated or checked.

Knowing when, where and what type of cryptography is used throughout the enterprise and by which applications is critical to your overall security policy, zero-trust approach, and risk management strategy. After all, zero-trust is meaningless if your cryptography isn't working.

Segment Resources: https://www.businesswire.com/news/home/20231030166159/en/Proprietary-Research-from-Quantum-Xchange-Shows-the-Dreadful-State-of-Enterprise-Cryptography

https://www.forbes.com/sites/forbestechcouncil/people/vincentberk/?sh=3d88055852c1

This segment is sponsored by Quantum Xchange. Visit https://securityweekly.com/quantumxchange to learn more about them!

This week, we discussed how a quick (minutes) and cheap ($15 a pop) fake ID service creates VERY convincing IDs that are possibly good enough to fool ID verification services, HR, and a load of other scenarios where it's common to share images of an ID. Kudos to 404Media's work there.

In the security market, we discuss who might be the first cybersecurity unicorn to go public in 2024, Oasis Security and Tenchi's funding rounds, Protect AI's acquisition of Laiyer AI and their FOSS project, LLM Guard. We discussed the seemingly inevitable M&A activity as unfunded security startups NEED to find a sale. Ross Haleliuk had an interesting LinkedIn post that goes deeper on this topic. Finally, we discussed Tyler's observation that Palo Alto Networks did the seemingly impossible - increased their valuation from $19B to over $100B in 5 years, despite having to weather a pandemic and market downturn along the way! Ryan pointed out that PANW joined the S&P 500 somewhere along the way - a watershed moment for them.

We discussed Bluesky and how it's likely too little too late when it comes to building back the community we lost when much of the InfoSec community left Twitter.

We also discussed a cybersecurity training scammer, Daniel Miessler's new Fabric tool, AnyDesk getting hacked, The Real Shim Shady vuln, new (voluntary) cybersecurity goals for healthcare, and the lack of toothbrush-enabled DDoS attacks!

Full show notes here: https://www.scmagazine.com/podcast-episode/3061-enterprise-security-weekly-349

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-349

You Can’t Defend What You Can’t Define - Sergey Bratus - PSW #816

8 februari 2024 | 182 min

Teens Gone Wild, Nintendo, Anydesk, RUST, Google, Deepfakes, Jason Wood, and more - SWN #360

6 februari 2024 | 34 min

Starting an OWASP Project (That's Not a List!) - Grant Ongers - ASW #272

6 februari 2024 | 74 min

Security Money/Pick Your Battles To Avoid Overconsolidation - Jess Burn, Jeff Pollard - BSW #337

5 februari 2024 | 58 min

E-Coli, Mercedes, Cloudflare, Ivanti, VT, GIGO, AI, Congress, Aaran Leyland and more - SWN #359

2 februari 2024 | 33 min

The Elephant in the Pipeline: Securing the Wild, Untamed Software Supply Chain - Pete Morgan - ESW #348

2 februari 2024 | 106 min

Identifying Bad By Defining Good - Danny Jenkins - PSW #815

1 februari 2024 | 177 min

Getting Your First Conference Presentation - Sarah Harvey - ASW #271

30 januari 2024 | 79 min

Google, WhiteSnake, Outlook, NSA, Juniper, Jason Wood, and More - SWN #358

30 januari 2024 | 27 min

Cyber Readiness: Train As You Fight - William Hutchison - BSW #336

29 januari 2024 | 55 min

Veolia, FeverWarn, SystemK, Fortra, GitLab, Ring, Trickbot, Aaran Leyland, and More - SWN #357

26 januari 2024 | 32 min

What Smart CISOs and Mature Orgs Get That Others Don’t About Cyber Compliance - Matt Coose - PSW #814

25 januari 2024 | 196 min

Matt Coose is the founder and CEO of cybersecurity compliance firm Qmulos, previously the director of Federal Network Security for the National Cyber Security Division of the (DHS).

CISOs carry the ultimate burden and weight of compliance and reporting and are often the last buck. Says Coose, best-of-breed is better described as best-to-bleed-the-budget: it’s a bottom-up, tech-first, reactive approach for acquiring technology as opposed to managing risk. Coose shares his top considerations below for how CISOs can navigate the crowded market of cybersecurity tools when cost is highly scrutinized, but regulations keep growing.

Platforms are what every vendor dreams of being called, but no platform does it all, says Coose.

Coose shares what smart CISOs and mature organizations understand, that others don’t:

• There’s no “buying their way out of security issues or into a better risk posture.” They understand the need to evolve to a top-down, risk-driven, inherently business-aligned, dynamically adaptable, and evidence-based security management strategy.

• That looking at technology choices through the lens of risk controls (and the related data provided by technology that implements those controls) enables credible and transparent strategic tech portfolio management decisions that are immune to vendor preferences or the latest market(ing) fads.

• The need for meaningful security and risk measurement and the difference between leading and lagging indicators.

• The original intent of security and regulatory compliance as a model for proactive and consistent risk management (leading indicator), not just a historical reporting and audit function (lagging indicator).

• That managing risk, compliance, and security as distinct and separate functions is not only wasteful and inefficient, but denies the enterprise the ability to cross-leverage significant people, process, and technology investments

In the Security News: Don’t expose your supercomputer, auth bypass and command injection FTW, just patch it, using OSQuery against you, massive credential stuffing, backdoors in Harmony, looking at Android, so basically I am licensing my printer, hacking Tesla, injecting keystrokes over Bluetooth, and remembering the work of David L. Mills.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw-814

2024: The Year Cross-Platform Endpoint Management Finally Gets Good? - Zach Wasserman - ESW #347

25 januari 2024 | 100 min

RoboJoe, Apple, VMWARE, AI, Confluence, Scarcruft, Microsoft, Jason Wood, and More - SWN #356

23 januari 2024 | 31 min

Dealing with the Burden of Bad Bots - Sandy Carielli - ASW #270

23 januari 2024 | 69 min

Say Easy, Do Hard, Hiring a CISO, Part 2 - BSW #335

22 januari 2024 | 30 min

Google, Pax, LeftOverlocals, Mint Sandstorm, DJI, Colossus, Aaran Leyland, and More - SWN #355

19 januari 2024 | 34 min

Creating Trust in Biometric Authentication for Identity Verification - Sabrina Gross - ESW #346

19 januari 2024 | 105 min

K-12 Cybersecurity - Brian Stephens - PSW #813

18 januari 2024 | 171 min

With a recent increase in government attention on K–12 cybersecurity, there is a pressing need to shed light on the challenges school districts face in implementing necessary security measures. Why? Budgeting constraints pose significant obstacles in meeting recommended cybersecurity standards. Brian Stephens of Funds For Learning will discuss:

The financial constraints K–12 schools face and the critical role of funding from federal and state governments in addressing cybersecurity concerns.
Efforts by Funds For Learning to petition the FCC to expand E-rate funding to support next-generation firewalls and other cybersecurity services.
By expanding the technologies and solutions eligible for E-rate funding, schools can obtain the necessary resources to protect against the growing threat of third-party data breaches.

Here are links to the most current blog posts about Cybersecurity Notice of Proposed Rulemaking https://www.fundsforlearning.com/news/2023/11/dont-miss-your-chance-to-impact-e-rate-cybersecurity/, Wi-Fi hotspots https://www.fundsforlearning.com/news/2023/11/wi-fi-hotspots-proposed-for-e-rate-program/ and school bus Wi-Fi https://www.k12dive.com/news/fcc-approves-school-bus-wifi-e-rate/697337/. Funds For Learning also facilitated an informational webinar on the Cyberserucrity Notice for Proposed Rulemaking https://fundsforlearning.app.box.com/s/5gp9qr938qtgs0ug92nkgfvrjvtil4sf. Funds For Learning also conducts an annual survey for E-rate applicants to provide their feedback on the E-rate program. The responses are shared with the FCC through the Funds For Learnings annual E-rate Trends Report. https://www.fundsforlearning.com/e-rate-data/trendsreport/. Lastly, here is an article from Brian about cybersecurity and why it should be funded through E-rate https://www.eschoolnews.com/it-leadership/2023/09/29/will-cybersecurity-receive-e-rate-funding/

In the Security News: Bricked Xmas, If you can hack a wrench, PixieFail and disclosure woes, exposing Bigpanzi (more Android supply chain issues, 20 years of OpenWRT, Jamming, traffic lights, and batteries don’t work that well in the extreme cold. All that and more on this episode of Paul’s Security Weekly!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw-813

Atari 400, Gitlab, Sonicwall, Juniper, Stats, Ivanti, Sharepoint, Jason Wood and More - SWN #354

16 januari 2024 | 32 min

Smart Cars, Microsoft, Layoffs, PyTorch, Mandiant, SEC, Aaran Leyland, and More News - SWN #353

16 januari 2024 | 31 min

Communicating Technical Topics Without Being Boring - Eve Maler - ASW #269

16 januari 2024 | 36 min

Say Easy, Do Hard, Hiring a CISO, Part 1 - BSW #334

15 januari 2024 | 28 min

GenAI Threats and Concerns, Building a Security Business Around Open Source - Ev Kontsevoy, Greg Notch - ESW #345

11 januari 2024 | 160 min

The Evolution of Purple Teaming - Jared Atkinson - PSW #812

11 januari 2024 | 173 min

Jobs, QNAP, NIST, Spectral Blur, Stuxnet, Swatting, Volkswagen, Jason Wood - SWN #352

9 januari 2024 | 32 min

What's in Store for 2024? - ASW #268

9 januari 2024 | 71 min

Best Practices for Moving Sensitive Data into the Cloud - Mike Scott - BSW #333

8 januari 2024 | 52 min

Former US Congressman talks about Cybersecurity and Emerging Technologies - Jim Langevin - SWN Vault

5 januari 2024 | 39 min

2023 End-of-Year Wrapup - ESW Vault

4 januari 2024 | 50 min

Hacker Heroes - Casey Ellis - PSW Vault

3 januari 2024 | 76 min

Unleashing the Power of Crowdsourced Cybersecurity: A Conversation with Casey Ellis, Founder of Bugcrowd

️Meet Casey Ellis, the visionary entrepreneur who has redefined the landscape of cybersecurity through the groundbreaking platform he built – Bugcrowd. As the Founder and Chief Technology Officer of Bugcrowd, Casey Ellis has not only revolutionized the way organizations approach cybersecurity but has also championed the concept of crowdsourced security testing.

With an innate passion for hacking and a deep understanding of the evolving threat landscape, Casey embarked on a mission to democratize cybersecurity. In our upcoming podcast interview, delve into the dynamic journey of a self-proclaimed hacker turned cybersecurity pioneer.

Casey's brainchild, Bugcrowd, serves as a global community of ethical hackers and security professionals who collaborate to uncover and address vulnerabilities in digital systems. Learn how this innovative approach has empowered organizations across industries to proactively secure their digital assets, embracing the power of the collective in the fight against cyber threats.

A trailblazer in the cybersecurity space, Casey Ellis brings a unique perspective to the podcast as he shares insights on the challenges and triumphs of building Bugcrowd from the ground up. Explore the intersections of technology, security, and community-driven solutions with a leader who has not only disrupted the status quo but has also fostered a culture of continuous improvement and collaboration.

Join us for a riveting conversation as we uncover the secrets behind Bugcrowd's success, the evolving role of ethical hacking in today's digital landscape, and Casey's vision for a more secure and interconnected future. Whether you're a cybersecurity enthusiast, a tech aficionado, or simply curious about the forces shaping our digital world, this podcast episode with Casey Ellis is a must-listen.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/vault-psw-7

New Year's Resolution - SWN Vault

2 januari 2024 | 36 min

The Booming Business of Cybersecurity - Robert Herjavec - BSW Vault

1 januari 2024 | 36 min

HTTP RFCs Have Evolved, Breaking Into Cloud, Scaling AppSec at Netflix, & Confluence - Keith Hoodlet - ASW Vault

1 januari 2024 | 34 min

Doug and Russ together again, one night only. - SWN Vault

29 december 2023 | 43 min

MegatronAL on Kicking in the Door to Cybersecurity - Angela Marafino - ESW Vault

28 december 2023 | 29 min

Interview with Dr. Whitfield Diffie - PSW Vault

27 december 2023 | 44 min

Crypto Identity - SWN Vault

26 december 2023 | 25 min

Security Maturity: From Hostage Negotiator to Business Leader - Sandy Dunn - BSW Vault

25 december 2023 | 24 min

OWASP SAMM - Software Assurance Maturity Model - Sebastian Deleersnyder - ASW Vault

25 december 2023 | 34 min

Deepfakes, China, Strangest Scams, NordVPN, Russia, Aaran Leyland & More - SWN #351

22 december 2023 | 25 min

2023 Funding, SASE Certification - Mike Privette, Pascal Menezes - ESW #344

22 december 2023 | 144 min

We're excited to give an end-of-year readout on the performance of the cybersecurity industry with Mike Privette, founder of Return on Security and author of the weekly Security, Funded newsletter. This year, this podcast has leaned heavily on the Security, Funded newsletter to prep for our news segment, as it provides a great summary of all the funding and M&A events going on each week.

In this segment, we look back at 2023, statistics for the year, comparisons to 2022, interesting insights, predictions, and more!

Segment Resources:

Mike's blog; Return on Security: https://www.returnonsecurity.com/
Mike's newsletter; Security, Funded: https://www.returnonsecurity.com/subscribe

Understanding how CyberRatings, NaaS, and SASE combine to make network security easier to buy and deploy. MEF is an industry association, providing standards, certifications, and facilitating community discussions. MEF has teamed up with CyberRatings.org to establish a certification program for SASE services, making it easier for buyers to understand what's included in SASE-related products and services.

Segment Resources:

https://www.mef.net/news/16-leading-technology-and-service-providers-launch-industrys-first-sase-product-and-services-certification/

This week, in the security market, we talk about next NEXT gen anti-virus, how Okta can (apparently) do no wrong, and a VC firm imploding.

Then we discuss how smartphones and speakers are allegedly being used to spy on us, and the future of privacy and consumer tech products.

The latest SSH vuln is much less concerning than media outlets and academic researchers would have you believe. The Citrixbleed vuln, however is about as bad as vulns can get, and has led to one of the biggest US consumer breaches in a while, with Comcast/XFinity losing all customer records.

The SEC backpedals (again!) on requiring breached companies to provide details about how they got breached.

And finally, we have some fun with some squirrel stories that you should absolutely check out by going to our show notes, here: https://securityweekly.com/esw344

Show Notes: https://securityweekly.com/esw-344

Supply Chain & Firmware Security - Xeno Kovah - PSW #811

20 december 2023 | 112 min

Cyber Risk Management Starts with Risk Quantification - Padraic O'Reilly - BSW #332

19 december 2023 | 57 min

Santa, SEC, Google, Qakbot, VMWARE, AI, Turing, Voight-Kampff, Jason Wood, and more - SWN #350

19 december 2023 | 33 min

Making Service Meshes Work for People - Idit Levine - ASW #267

19 december 2023 | 78 min

Identity Verification, Telemetry Data, Pickleball Chaos - Tucker Callaway, Rob O'Farrell - ESW #343

15 december 2023 | 151 min

Tesla, TikTok, Karakurt, VISS, Cozy Bear, GambleForce, Aaran Leyland, and More - SWN #349

15 december 2023 | 36 min

Embracing AI - Alex Sharpe - PSW #810

14 december 2023 | 177 min

Cybertruck, Viagra, Struts, Atlassian, Log4Shell, Pharmacies, Jason Wood, and More - SWN #348

12 december 2023 | 37 min

The ABCs of RFCs - Heather Flanagan - ASW #266

12 december 2023 | 78 min

The Impact of the New SEC Regulations on Cybersecurity - BSW #331

12 december 2023 | 54 min

Q*, Unitronics, SLAM, Bluetooth, Cold Fusion, Google Drive, Aaran Leyland, and More - SWN #347

8 december 2023 | 37 min

Surprise Cam Nudes, Staples, Turtle, Apple, 23andme, P2Pinfect, Gmail, Jason Woods - SWN #346

8 december 2023 | 32 min

Lessons from 10 years running the first cyber-exclusive investment firm - Bob Ackerman - ESW #342

8 december 2023 | 107 min

Holiday Extravaganza - Supply Chain, Hardware Hacking, Vulnerabilities, News - PSW #809

6 december 2023 | 187 min

All the News - Just Six Months Later - ASW #265

5 december 2023 | 70 min

Real Edge Computing Use Cases from the AT&T Cybersecurity Insights Report - Theresa Lanowitz, Mark Freifeld - BSW #330

4 december 2023 | 68 min

Cybertruck, Okta, Google, Black Basta, Zoom, Unitronics, Aaran Leyland, and More - SWN #345

1 december 2023 | 29 min

Non-profits need security too & Cybercrime is booming - Keith Jarvis, Kelley Misata - ESW #341

1 december 2023 | 128 min

AI & LLMs - Josh More, Matthew Carpenter - PSW #808

30 november 2023 | 179 min

What will the future bring with respect to AI and LLMs? Josh has spent some time thinking about this and brings us some great resources. We'll discuss how to get students involved with AI in a safe and ethical manner. How can we use AI to teach people about cybersecurity? What tools are available and where do they fit into our educational systems that must change and adapt to the times? Join us for a fun discussion on what the future looks like with AI and the youth of today.

Segment Resources: https://docs.google.com/document/d/103FLvNRSwBhq-WgCbuykMvweT6lKf2lAASuP8OuuKIw/edit#heading=h.3inodmot2b77

Our good friend Matt Carpenter joins us to share his thoughts on what's going on in the world of AI and LLMs. Matt is also a hacker specializing in hardware and the crew has some amazing hardware hacking topics to discuss (as usual).

Segment Resources: https://garymarcus.substack.com/p/has-sam-altman-gone-full-gary-marcus

We navigate through dangerous cyber terrain, examining real-world examples like the WebP library and the Curl vulnerability. Critical issues in Zyxel firewalls will also be unmasked as we shed light on the urgency of improving vulnerability reporting and cataloging and addressing the often-overlooked problem of overclassifying harmless software bugs.

We then shifted gears to tackle the tricky subject of software vulnerability identification, focusing on a specific CVE that sparked intriguing debates. Learn why pinpointing the source of the vulnerability is vital to effective SBOMs. The journey doesn't end there - we'll uncover a newly discovered Bluetooth vulnerability, aptly named 'BLUFFS', and discuss its potential for exploitation, along with the ingenious solutions proposed by the researchers who unearthed it.

Brace yourself for a riveting finale as we delve into Akamai's recent research on DVR and router attacks, explore the risks of GPS spoofing, and discuss the importance of detection mechanisms. We'll also scrutinize the stereotype of hackers in pop culture, address the importance of handling vulnerabilities in software, and highlight the pressing issue of ransomware targeting healthcare. So buckle up and join us for this critical exploration into the world of software vulnerabilities as we decode the complexities and debunk some security myths.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/psw-808

Starting with Appsec -- Is It More of a Position or a Process? - ASW #264

30 november 2023 | 74 min

Chimera, Aliquippa, FNF, Lazarus, DARPA, Namedrop, Google, Aaran Leyland, and More - SWN #344

28 november 2023 | 36 min

1% Leadership - Andy Ellis - BSW #329

28 november 2023 | 60 min

Spying & Cyber Warfare - SDL - SWN Vault

24 november 2023 | 40 min

Breaking into Cyber – Perspective from a High School - Tim Cathcart - ESW Vault

23 november 2023 | 32 min

Interview with Brian Snow - PSW Vault

22 november 2023 | 61 min

Travel Security - SDL - SWN Vault

21 november 2023 | 29 min

Building Security from Scratch: One Year as CISO at a Start-up - Guillaume Ross - BSW Vault

20 november 2023 | 30 min

Platform Firmware Security - Maggie Jauregui - ASW Vault

20 november 2023 | 34 min

Cashwarp vs. Reptar, Rackspace, BlackCat, Bots, Aaran Leyland and More - SWN #343

17 november 2023 | 30 min

Exploring the Intersection of Security for Edge Computing and Endpoint - Theresa Lanowitz, Mani Keerthi Nagothu - ESW #340

16 november 2023 | 130 min

Once again, Theresa Lanowitz joins us to discuss Edge Computing, but with a twist this time, as Mani Keerthi Nagotu from SentinelOne joins us as well! As a field CISO, Mani knows all too well the struggles security leaders are going through, given the current market and threat landscape:

Maybe not less budget, but more pressure to produce results and justify spending
Security leaders being held personally accountable for performance
Potential layoffs, and the need to achieve the same goals with less labor and tool overhead

Segment Resources

https://cybersecurity.att.com/insights-report

This segment is sponsored by AT&T Cybersecurity. Visit https://securityweekly.com/attcybersecurity to learn more about them!

We regularly cover significant breaches on this podcast, but it is rare that we have enough information about a major breach to cover in enough detail to devote an entire segment to. Today, we dive into lessons learned from the breach of Okta's customer support system that targeted some other major security vendors.

This is part of a troubling trend, where the target of an attack only serves as a jumping off point to other organizations. China's 2023 attack of Microsoft is an example of this. It was easier to attack Microsoft 365, one of the world's largest business SaaS platforms, than to go after each of the 25 individual targets these Chinese actors needed access to.

Traditionally, we've thought of lateral movement as something that happens within a network segment, or even within a single organization. Now, we're seeing lateral movement between SaaS platforms, between clouds, from third party vendors to customer, and even from open source project to open source adopters.

In this segment, we'll cover five key lessons learned from Okta's breach, from information shared by Okta and three of its customers: 1Password, Cloudflare, and BeyondTrust.

Protect Your Session Tokens
Monitor for Unusual Behavior
SaaS Vendors Are Common Targets
Zero Trust Principles Work
MFA Isn't a Binary (on or off) Control

Segment Resources

https://www.valencesecurity.com/resources/blogs/five-lessons-learned-from-oktas-support-site-breach

Finally, in the enterprise security news,

Lots of new security startups with early stage funding
SentinelOne picks up Chris Krebs and Alex Stamos’s consulting firm
PE firm picks up ActiveState - a company I haven’t thought about since I last downloaded ActiveState Perl 1000 years ago
Microsoft announces the limited release of Security Copilot
Semgrep releases a secrets scanner
AGI predicted to come much sooner than you might expect
NY State doubles down on cybersecurity regulations to protect its hospitals
the young hackers behind Mirai, one of the biggest botnets ever
Ransomware groups snitch on businesses to the SEC

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/esw-340

3 Layers of App Security to Keep Hackers Out, Let Customers In - Aviad Mizrachi - PSW #807

16 november 2023 | 171 min

How 2023 Changed Application Security and What’s to Come in 2024 - Karl Triebes - ASW #263

14 november 2023 | 75 min

Cybertruck, Solarwinds, Bitcoin, Docker, Ducktail, Experian, More News and Jason Wood - SWN #342

14 november 2023 | 33 min

Say Easy, Do Hard - Cyber Risk Management - BSW #328

14 november 2023 | 55 min

Aidan Holland, Kelly Shortridge - ESW #339

10 november 2023 | 160 min

Fakes, SysAid, Sumo, farnetwork, CPU-Z, Google, Chat-GPT, Aaran Leyland, and More - SWN #341

10 november 2023 | 32 min

Testing AI Before It Comes To Get You - Austin Carson - PSW #806

9 november 2023 | 177 min

Security from a Developer's Perspective - Josh Goldberg - ASW #262

7 november 2023 | 71 min

Grok, Okta, Looney Tunables, HelloKitty, Gootbot, Veeam, More News and Jason Wood - SWN #340

7 november 2023 | 30 min

Security Money: The Index is Rebounding - Business Security Weekly #327

7 november 2023 | 54 min

Jackie McGuire, Hank Thomas - ESW #338

3 november 2023 | 160 min

In this segment, we discuss the current state of the market recovery with Hank Thomas, founder of Strategic Cyber Ventures.

We've got market questions, like:

What has changed in the last year?
Are IPOs coming back any time soon?
How large is the cybersecurity death pool?
What do early and mid-sized startups need to do to survive in the current market?

There is little to no organization of data within companies in 2023. We're all guilty of this at some level. The download folders and desktops on our personal machines are a mess. File servers, and cloud storage services are a mess. In Microsoft's recent data leak, AI researchers even had PC backups stored along side machine learning models for whatever reason.

Data is hard to classify, organize, and monitor. By designing for convenience, we've created convenience debt that now has to be paid down. In this segment we talk to Jackie McGuire about what needs to happen to accomplish this, at the enterprise level, and at scale.

Even if we can one day address the challenge of tracking and labeling data, we'll still have the challenge of addressing data integrity and resilience, which we'll also discuss if we have time!

Segment Resources: https://www.darkreading.com/risk/it-s-time-to-assess-the-potential-dangers-of-an-increasingly-connected-world-

Oh, the HARror! Sanitizing HAR files is not as easy as some might lead you to believe. CISA funds Cyber.org for K-12 cyber education and ORNL creates a Center for AI Security Research (CAISER). Cloudflare creates a tool out of spite, and CISA creates a tool you shouldn't use in production? Biden's EO on "Safe, Secure, and Trustworthy AI" and the Top Five Things you need to know about how GenAI is used in Security Tools.

Five lessons learned form Okta's latest breach, should ransom payments be illegal, and why ransomware victims can't stop paying ransoms. We discuss the impact of the charges made against Solarwinds and its CISO by the SEC, the 2023 ISC2 Cybersecurity Workforce Survey, and Microsoft's latest open letter on security.

Finally we wrap up discussing a delicious $8M Series A for better bagels!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/esw-338

Bots, Citrix, Mitre, Solarwinds, Naked Nudes, Scarlett, Aaran Leyland, and More News - SWN #339

3 november 2023 | 35 min

Trustworthy AI for National Security - Kathleen Fisher - PSW #805

2 november 2023 | 186 min

How Security Tools Must Evolve - Dan Kuykendall - ASW #261

1 november 2023 | 87 min

Dr. Who, iLeakage, Canada, AI, Killnet, NuGet, More News and Jason Wood - SWN #338

31 oktober 2023 | 32 min

The Enterprise Browser for the Modern Workforce - Robert Shield - BSW #326

31 oktober 2023 | 56 min

Pumpkin Spice, VMWARE, RoundCube, Apple, Big-IP, Oktapus, Aaran Leyland and More - SWN #337

27 oktober 2023 | 29 min

Marco Genovese, Noriko Bouffard, Chad Cardenas - ESW #337

27 oktober 2023 | 141 min

In the age of remote and hybrid work, employees are now spending most of their time in the browser or virtual meetings, making the browser an increasingly important part of an enterprise's security strategy. According to Gartner, “By 2030, enterprise browsers will be the core platform for delivering workforce productivity and security software on managed and unmanaged devices for a seamless hybrid work experience.”

Learn more about:

The browser's role in a business's security strategy
How an enterprise browser can support your workforce
Zero Trust Architecture and how businesses can enforce context-aware access controls and add customizable data loss prevention

Segment Resources:

Complimentary Gartner Emerging Tech: Security – The Future of Enterprise Browsers Report
Get started with Chrome Enterprise for free
Learn about Google's Zero Trust solution, BeyondCorp Enterprise
Customer spotlight: Check out the Google Cloud Next recording to hear how Snap is leveraging our secure enterprise browsing solution to protect their workforce
How to contact us This segment was sponsored by Google Chrome Enterprise. Visit https://securityweekly.com/chromeenterprise to learn more!

In this interview, we talk to Chad Cardenas about why he created The Syndicate Group, which operates very differently from the typical VC firm with LPs and a collective fund to draw from. We'll discuss how the investor/startup relationship differs, and what the advantages of this model are.

This week, we discuss Island's raise, unicorn status, and what that means for both the enterprise browser market and the cybersecurity market in general. We discuss Censys and the state of the external attack surface management market, or what they're trying to call, "exposure management". We discuss the details of the Okta breach in depth, and why we're worried about the larger impact it could have on the industry and vendor trust in general. Finally, we wrap up with some fun squirrel stories.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/esw-337

VSCode Vulnerabilities - Thomas Chauchefoin, Paul Gerste - PSW #804

26 oktober 2023 | 178 min

OAuth, WebAuthn, & The Impact of Design Choices - Dan Moore - ASW #260

24 oktober 2023 | 78 min

Goatse, Okta, Cisco, Ducktail, 0Auth, China, Spain, More News and Aaran Leyland. - SWN #336

24 oktober 2023 | 32 min

Securing Edge Computing Use Cases by Aligning to Business Outcomes - Theresa Lanowitz, Scott Stout - BSW #325

24 oktober 2023 | 58 min

Shane Sims, Philippe Humeau - ESW #336

20 oktober 2023 | 160 min

Today we interview Shane Sims, CEO of Kivu Consulting. We'll be talking about the current state of cybercrime and insights from incidents his consulting firm has recently worked. We'll discuss some of the latest stats and trends related to ransomware, as well as thoughts on future cybercrime trends. Shane will also share some stories from his time as an FBI agent, working undercover as a cybercriminal.

Segment Resources: Report - Mitigating Ransomware Risk: Determining Optimal Strategies for Business

One of the biggest challenges in security today is organizations' reluctance to share attack information. Perhaps legal teams are worried about liability, or maybe execs are just embarrassed about security failures. Whatever the reason, this trend makes it difficult for organizations to help each other. CrowdSec's mission is to make this process automated, anonymized, and seamless for security teams.

We talk to Phillip Humeau, one of CrowdSec's founders, about what it's like to build a such an unconventional cybersecurity business - one based around crowdsourcing and open source software.

This week, in the enterprise security news,

AI dominates new funding rounds (I’m shocked. This is my shocked face.)
The buyer’s market continues, with lots of small acquisitions
SingTel sells off Trustwave at a significant loss
Yubico goes public (actually, a month ago, sorry we missed it)
Yubico can also now ship pre-registered security keys
New cybersecurity tools for board and exec-level folks
Lessons learned from recent ransomware attacks
Healthcare is increasingly under attack
A study on CISO tenure - longer than you might think!
Don’t miss today’s squirrel stories at the end!

All that and more, on this episode of Enterprise Security Weekly.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/esw-336

Skynet, India, North Korea, China, passwords, KeePass, Cisco, AI, Aaran Leyland, More - SWN #335

20 oktober 2023 | 36 min

Meet the Cyber Mercenary Who Can Overthrow a Government - Chris Rock - PSW #803

20 oktober 2023 | 168 min

OT Security - Huxley Barbee - ASW #259

17 oktober 2023 | 79 min

Cisco, Juniper, AVOSLocker, NoEscape,Valve, FreedomGPT, More News, & Aaran Leyland - SWN #334

17 oktober 2023 | 30 min

Companies should be hiring CISOs for their leadership talent - Jason Loomis - BSW #324

17 oktober 2023 | 56 min

Trustworthy AI, ISW Interviews - Pamela Gupta - ESW #335

13 oktober 2023 | 118 min

The world of AI is exploding, as excitement about generative AI creates a gold rush. We've already seen a huge number of new GenAI-based startups, products, and features flooding the market and we'll see a lot more emerge over the next few years. Generative AI will transform how we do business and how we interact with businesses, so right now is an excellent time to consider how to adopt AI safely.

Pamela Gupta's company literally has "trust" and "AI" in the name (Trusted.ai), so we couldn't think of anyone better to come on and have this conversation with.

Interview Resources:

There's a lot of talk about AI, especially with the rise of apps like ChatGPT. Despite there being a huge amount of hype, there are legitimately practical applications for leveraging AI concepts in meaningful ways to improve the efficiency and effectiveness of your cybersecurity program. We'll discuss a few examples and show you some ways to bring AI out of the hype and into a proper tool to empower your security and risk program.

This segment is sponsored by Tenable. Visit https://www.securityweekly.com/tenableisw to learn more about them!

Threat actors don’t think in silos and neither should cybersecurity solutions. In this fireside chat with Uptycs’ newly appointed CRO, Mike Campfield, learn why organizations need to adopt a consolidation approach to win in cyber security, why it’s important to “shift up,” and what Mike is most excited about in his new role.

This segment is sponsored by Uptycs. Visit https://www.securityweekly.com/uptycsisw to learn more about them!

Deidre Diamond, founder & CEO of CyberSN, talks about her efforts to address InfoSec burnout and the skills shortage impacting the industry.

As long as there are profits to be made, cybercriminals will continue to monetize enterprise assets—whether they be devices, applications, data, or users. It only takes one weak or unknown asset to compromise an entire organization. Brian will discuss why enterprises need to move away from assumption-based approaches to asset data and decision making to evidence-based asset intelligence to secure their environments quickly, easily, and at scale.

This segment is sponsored by Sevco Security. Visit https://www.securityweekly.com/sevcoisw to learn more about them!

In this ISW interview, CRA's Bill Brenner catches up with Kevin Johnson of Secure Ideas for a chat about application security.

In this segment from ISW, Dakota State COO and General Counsel Stacy Kooistra talks to Bill Brenner about the university's effort create more cyber warriors.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Visit https://www.securityweekly.com/esw for all the latest episodes!

Microsoft, SeroxenRAT, Smart Links, ToddyCAT, ShellBot, More News & Aaran Leyland - SWN #333

13 oktober 2023 | 36 min

Getting Started With Reverse Engineering Hardware - PSW #802

12 oktober 2023 | 189 min

In our first segment: the PSW hosts drop valuable insight on how to start your own journey into reverse engineering hardware!

Resources we mentioned:

The Hardware Hackers Handbook is a great start
Do a badge challenge: https://www.cyberark.com/resources/threat-research-blog/an-introduction-to-hardware-hacking
Take some classes
Do some Arduino stuff: https://www.arduino.cc/
Take free courses on electrical engineering: https://ocw.mit.edu/courses/6-01sc-introduction-to-electrical-engineering-and-computer-science-i-spring-2011/ (And here: https://www.tinkerforge.com/en/doc/ and here: https://www.youtube.com/watch?v=LSQf3iuluYo&list=PLoFdAHrZtKkhcd9k8ZcR4th8Q8PNOx7iU)

Building a lab - The list:

Soldering iron (and tools and parts such as Solder, Flux, Tweezer, Soldering wick, Cutter, Wire stripper)
Hot air rework station (can be bundled with soldering iron)
Multi-meter (and lots of associated cables)
Jumper and pinout wires
Breadboard
USB microscope
Bench power supply
Specific lighting (e.g. my document camera has an LED light that works great)
Magnification - magnifying lenses and a headset (esp. if you are old, like us)
USB serial devices (or Bus Pirate if you fancy)

Then, in the Security News: Windows 11 tries to fix legacy authentication, Rapid resets and the world’s largest DDoS attack, we finally get to see the cURL vulnerability, and its pretty ugly, turns out Android TV boxes with pre-installed malware are a hot topic, patch your Netscaler, root for everyone with emergency responder software, learn THIS hacking Tools First, long live Wayland, how to actually hack a WiFi device with a Flipper Zero, scanning open source packages, GNOME bugs and a bonus, security is a great idea until there is a bypass in apparmor,a tool that everyone should have in their kit, and we could talk for hours about 25 hard hitting lessons from Cybersecurity! All that and more on this episode of Paul’s Security Weekly!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/psw-802

Shifting Focus to Make DevSecOps Successful - Janet Worthington - ASW #258

11 oktober 2023 | 77 min

23andMe, Facebook, GitHub's Secret Scanning, MGM Resorts, Grindr, & Jason Wood - SWN #332

10 oktober 2023 | 24 min

Digital Transformation Breaks Risk Management - Chris Morales - BSW #323

10 oktober 2023 | 62 min

Feet, Google, Apple, Predator, r77, Qualcomm, qakbot, Deepfakes, & Aaran Leyland - SWN #331

6 oktober 2023 | 35 min

Lessons From the Last Year's Breaches, ISW Interviews - ESW #334

6 oktober 2023 | 157 min

In this segment, we'll explore some of the most useful lessons and interesting insights to come out of the last year's worth of breaches and data leaks! We'll explain why we will NOT be covering MGM in this segment. The breaches we will be covering include:

- Microsoft AI Research Data Leak - Microsoft/Storm-0558 - CommutAir - Riot Games - Lastpass - CircleCI - RackSpace - Drizly (yes, this breach is older, but the full story just wrapped a year ago!)

On this week's news segment, we go down a bit of a rabbit hole on data lakes and have a GREAT conversation about where security data wrangling might or might not go in the future. We also discuss Nord Security's funding and $3B valuation, try to figure out what Synqly is doing, and discuss IronNet's demise.

We also find out which email solution is more secure (at least, according to insurance claim data), Google or Microsoft!

We wrap up, learning that forms of CAPTCHAs are apparently broken now, $3800 gets you a gaming PC in the shape of a sneaker, and someone has created the DevOps equivalent of dieselgate!

Each employee serves as a potential gateway to their organization, and the personal information of your workforce is readily accessible and exposed on the internet, making the organization susceptible to threats. DeleteMe is the solution that locates and eliminates personal data from the open web, safeguarding your organization.

This segment is sponsored by DeleteMe.

Visit https://www.securityweekly.com/deletemeisw to learn more about them!

With all of the fancy tools, equipment, and logos most organizations are unable to understand where their data is and how it can be accessed. In the world of work from wherever and whenever orgs need a better handle on what this means. Ridge has worked to curate a set of solutions to meet and implement this need!

This segment is sponsored by Ridge IT Cyber.

Visit https://www.securityweekly.com/ridgeitisw to learn more about them!

Why are we seeing a re-emergence of the demand for packet and flow-based forensic data in cloud environments? In this session, we’ll discuss three reasons why IT leaders still need the same if not even better visibility in the cloud than they have in their data centers.

We’ll also discuss the growing demand for Threat Exposure Management (TEM). Why does a leading analyst describe this as a transformation technology and how can you quickly visualize your environment the way the attackers do?

Segment Resources: https://www.viavisolutions.com/en-us/ptv/solutions/threat-exposure-management

https://www.viavisolutions.com/en-us/ptv/solutions/high-fidelity-threat-forensics-remediation

This segment is sponsored by VIAVI Solutions.

Visit https://www.securityweekly.com/viaviisw to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Malware Trends - Anuj Soni - PSW #801

5 oktober 2023 | 178 min

Creating Presentations and Training That Engage an Audience - Lina Lau - ASW #257

3 oktober 2023 | 86 min

PKD, NSA, WS_FTP, Exim, Sextortion, BunnyLoader, CISA, More News, and Jason Wood - SWN #330

3 oktober 2023 | 30 min

Risk Management in the Cloud Starts with Identities - Eric Kedrosky - BSW #322

3 oktober 2023 | 54 min

Golden SaaS Age, Edge Computing, Cisco/Splunk - Allie Mellen, Theresa Lanowitz, Yoni Shohet, Chris Goettl - ESW #333

29 september 2023 | 129 min

NarcBots, Blacktech, ZenRat, Chrome, CISOs, Privacy, More News & Aaran Leyland - SWN #329

29 september 2023 | 35 min

The Right Skills For The Job - Kayla Williams - PSW #800

28 september 2023 | 170 min

Supply Chain Security Security with Containers and CI/CD Systems - Kirsten Newcomer - #ASW 256

26 september 2023 | 87 min

Y3000, Sandman, ShadowSyndicate, MoveIt, Apple, Predator, More News, and Jason Wood - SWN #328

26 september 2023 | 33 min

Human Risk Management at Western Governors University - Jake Wilson - BSW #321

26 september 2023 | 70 min

2024 Security Planning, Better Tabletop Exercises - Merritt Maxim, Ryan Fried - ESW #332

22 september 2023 | 139 min

Passkeys, bots, hotels, conning the con, TrendMicro, Pizza & Aaran Leyland - SWN #327

22 september 2023 | 32 min

AI Attacks and LLM Security Matters - Nathan Hamiel - PSW #799

21 september 2023 | 196 min

Stopping Business Logic Attacks: Why a WAF is no Longer Enough - Karl Triebes - ASW #255

19 september 2023 | 76 min

SprySocks, Lazarus, Fortinet, Juniper, CISA, AI Art, More News, & Jason Wood - SWN #326

19 september 2023 | 29 min

Cyberdog, Pegasus, Webex, Peach Sandstorm, SAP, Caesar, Penn, Aaran Leyland, and More - SWN #325

19 september 2023 | 32 min

2023 AT&T Cybersecurity Insights Report: Edge Ecosystem - Theresa Lanowitz, Steve Winterfeld - BSW #320

18 september 2023 | 59 min

MDR & Self Sabotage, Detection Difficulty - Jason Lassourreille, Chris Sanders - ESW #331

15 september 2023 | 154 min

Discussing ways to ensure client success with MDR and discuss the ways organizations hurt MDR efficacy with overly broad global exclusions, poor deployment practices, and poor policy hygiene. This segment is sponsored by Sophos. Visit https://securityweekly.com/sophos to learn more about them! We talk to Chris Sanders today, who has been steeped in the world of SecOps and detection/response for many years. After many years of writing books and training folks in the cybersecurity industry, he started delving into cognitive psychology and educational effectiveness. He leverages this knowledge in the training classes he builds and delivers. Today we'll discuss why it seems like defenders are still failing, despite the security industry largely (and arguably) receiving the resources it has been requesting. In this news segment, we start off by discussing funding, acquisitions, and Ironnet's unfortunate demise. We discuss Gmail's new, extra verifications for sensitive actions and Lockheed Martin's Hoppr SBOM and software supply-chain utility kit. We get into CISA's roadmap to help secure open source software, and their offer to run free vulnerability scans for the United States' 150,000+ water utilities. Then, discussion turns back to some more negative items with Brazil's self-inflicted $11 billion dollar data leak, and the MGM/Caesar's ransomware attacks, which seem like they could have a common attacker and initial attack vector (a shared IT support company, perhaps). We also discuss Microsoft's post mortem on the Storm-0558 attack. Kelly Shortridge wants to know, "why are you logging into production hosts", someone is submitting garbage CVEs, and Mozilla finds that privacy policies from auto manufacturers are a privacy TRAIN WRECK. Finally, we wrap up discussing tools that can detect deepfake audio, as well as the likelihood that this will be the start of a game of leapfrog, as deepfakes get increasingly better over time. And we discuss Delphi's offer to create a 'digital clone' of you that could live on forever, haunting your descendants.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/esw-331

Ransomware Infection Vectors - Ryan Chapman - PSW #798

14 september 2023 | 186 min

Building a Scanner and a Community with Zed Attack Proxy - Simon Bennetts - ASW #254

12 september 2023 | 73 min

Mopria, Cisco, Seimens , Word, DarkGate, AP Stylebook, More News, & Jason Wood - SWN #324

12 september 2023 | 32 min

Identity is the Perimeter, The Secrets of Top Performing CISOs - Jeff Reich - BSW #319

11 september 2023 | 53 min

The one in which Doug interviews Chat GPT - SWN Vault

8 september 2023 | 41 min

Why Data Privacy is Being Overhauled in 2023 - Dan Frechtling - ESW Vault

7 september 2023 | 45 min

Interview with Dr. Gene Spafford - Eugene Spafford - PSW Vault

6 september 2023 | 57 min

Quantum Computing - SWN Vault

5 september 2023 | 33 min

Broadening What We Call AppSec - Christien Rioux - ASW Vault

5 september 2023 | 36 min

The Nine Cybersecurity Habits - George Finney - BSW Vault

4 september 2023 | 34 min

Simplify Your Audit Process, News, BlackHat Interviews - Tomer Bar, Raghu Nandakumara, Erik Huckle - ESW #330

1 september 2023 | 154 min

Having direct visibility into your access data is crucial for two reasons: 1. Simplifying audit preparation and 2. Managing progress of your identity program to ensure peak performance. Internal auditors and compliance managers need easy access to granular data points to understand and demonstrate compliance to external agencies. Gaining access to real time data creates a great deal of autonomy for audit and identity teams to be able to delve deep into their identity programs and prove compliance. However, making the data available even internally can put organizations at risk for data leaks and data policy violations. Erik will outline how companies can gain access to their current identity search and dashboard data and be able to query in their preferred BI tool based on their own data privacy policies and business needs, significantly reducing risk.

This segment is sponsored by SailPoint. Visit https://securityweekly.com/sailpoint to learn more about them!

There's still serious, late stage funding for compelling tech in cybersecurity, SpyCloud proves with it's $110M Series D. We discuss the SentinelOne/Wiz merger rumors. Sadly layoffs and even company failures are still occurring, thought Tyler thinks the market downturn is close to bottoming out. NordVPN spins off an AI skunkworks called NordLabs. The Browser Company has a great company vision page that's worth checking out. Two interesting LLM prompt-related tools to check out are PIPE and promptmap (both on github). Brazilian phone spyware WebDetetive (sic) gets hacked and all victim data deleted. US takes down QakBot and *removes* it from infected systems! Finally, a homing pigeon proves that birds are faster than gigabit Internet :D In this interview, Raghu discusses the specific challenges in securing the cloud and how to overcome them. He shares how to make your life easier by making security a team sport, how to gain the visibility you need across clouds, data centers, and endpoints, and how to get a return on your cloud security investments.

This segment is sponsored by Illumio.

Visit https://securityweekly.com/illumiobh to learn more about them!

It’s no secret that the attack surface is increasing and the best defense is one that’s matched to the most relevant risks. Through proactive and reactive research, The SafeBreach Labs team helps customers discover their most critical threats and security gaps by building the industry’s most current and complete playbook of attacks. In this session, SafeBreach Director of Research Tomer Bar will share how attacks are conducted, which APT group have been the most active, and how breach and attack simulation can help teams think like an adversary and leverage recent vulnerabilities to gain accurate insights.

Segment Resources: https://www.safebreach.com/safebreach-labs/

This segment is sponsored by SafeBreach.

Visit https://securityweekly.com/safebreachbh to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/esw-330

AI cars, Sandstorm, BGP, Earth Estries, DOE, Aria, Aaran Leyland and More - SWN #323

1 september 2023 | 32 min

Incident Response: Clouds, SMBs, & More! - Amanda Berlin - PSW #797

31 augusti 2023 | 203 min

How Can Security Be Smart About Using AI? - Jeff Pollard - ASW #253

29 augusti 2023 | 74 min

Mystery, Qakbot, Crates.io, VDP, NetScaler, Entra ID, SynthID, FreeBSD, Jason Wood - SWN #322

29 augusti 2023 | 35 min

The Art & Science of Metawar - Winn Schwartau - BSW #318

29 augusti 2023 | 55 min

Tackling the Perennial Problem of Device Management, News, BlackHat Interviews - Jason Meller - ESW #329

25 augusti 2023 | 152 min

Incredibly, the seemingly simple task of managing corporate-owned devices is still a struggle for most organizations in 2023. Maybe best MDM for Mac doesn't work with Windows, or the best MDM for Windows doesn't work with Mac. Maybe neither have Linux support. Perhaps they don't provide enough insight into the endpoint, or control over it. Whatever the case, security leaders never seem satisfied with their MDM solution and are always investigating new ones. Now, Kolide has stepped in with a unique approach to device management, combining the flexibility and industry support for OSQuery and built to integrate with IdP giant Okta. We discuss Kolide's entrance into the device management space and the current state of MDM - what's wrong with it, and how does Kolide propose to fix it?

This segment is sponsored by Kolide.

Visit https://securityweekly.com/kolide to learn more about them! Segment description coming soon!

Record funding levels over the last two weeks top 2023 and the same time last year. We discuss Palo Alto's plans for the future, CISA's analysis of the LAPSUS$ hacking group, and the uselessness of Quantum Security pitches. Chrome adds the ability to alert users about malicious extensions. A great post from Thinkst has us talking about why vendors (and buyers) need to be careful about default behaviors and documentation.

You won't want to miss the excellent squirrel story - a front end for Reddit that looks like Microsoft Outlook.

During this segment, Jon will explore today’s ransomware economy players from IABS to RaaS affiliates, to money launders and now C2Ps. For the discussion, Jon will leverage Halcyon’s latest research, which demonstrates a new technique to uncover how C2Ps, like Cloudzy, are used to identify upcoming ransomware campaigns and other advanced attacks. The research revealed that Cloudzy, knowingly or not, provided services to attackers while assuming a legitimate business profile. Threat actors that leveraged Cloudzy include APT groups tied to the Chinese, Iranian, North Korean, Russian, Indian, Pakistani, and Vietnamese governments; a sanctioned Israeli spyware vendor whose tools are known to target civilians; several criminal syndicates and ransomware affiliates whose campaigns have spurred international headlines.

This segment is sponsored by Halcyon. Visit https://securityweekly.com/halcyonbh

to learn more about them! In this session, Snehal will discuss several real-world examples of what autonomous pentesting discovered in networks just like yours. You’ll hear more about how fast and easy it was to safely compromise some of the biggest (and smallest) networks in the world - with full domain takeover in a little more than a few hours. Learn how you can safely do the same in your own network today!

This segment is sponsored by Horizon3.ai.

Visit https://securityweekly.com/horizon3aibh to learn more about them!

In this Black Hat 2023 interview, CRA’s Bill Brenner and Sophos’ John Shier discuss the company’s latest research on the Royal ransomware gang. Though Royal is a notoriously closed off group that doesn’t openly solicit affiliates from underground forums, granular similarities in the forensics of the attacks suggest all three groups are sharing either affiliates or highly specific technical details of their activities.

This segment is sponsored by Sophos.

Visit https://securityweekly.com/sophosbh to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/esw-329

Openfire, Firepower, Barracuda, CosmicBeetle, Encryption, Aaran Leyland, & More - SWN #321

25 augusti 2023 | 34 min

Managing Bug Bounty Programs At Scale - Dr. Jared DeMott - PSW #796

24 augusti 2023 | 203 min

Security in a Cloud Native World & Mobile App Attacks - ASW #252

22 augusti 2023 | 38 min

Cold Fusion, EncroChat, Apple Device Spoofing, Tesla Breach, Jason Wood & More - SWN #320

22 augusti 2023 | 26 min

Security Money & BlackHat Interviews - BSW #317

22 augusti 2023 | 58 min

The Security Weekly 25 Index is still trying to recover. Inflation fears have tampered the recovery and the NASDAQ is outperforming the Index. Fastly replaces Sumo Logic in the Index and Thoma Bravo has not acquired anyone, so hoping the index stays stable for more than a quarter :). Here's the latest list of companies in the index: Secureworks Corp Palo Alto Networks Inc Check Point Software Technologies Ltd. Splunk Inc Gen Digital Inc Fortinet Inc Akamai Technologies, Inc. F5 Inc Zscaler Inc Onespan Inc Leidos Holdings Inc Qualys Inc Verint Systems Inc. Cyberark Software Ltd Tenable Holdings Inc Darktrace PLC SentinelOne Inc Cloudflare Inc Crowdstrike Holdings Inc NetScout Systems, Inc. Varonis Systems Inc Rapid7 Inc Fastly Inc Radware Ltd A10 Networks Inc

Ransomware-as-a-Service has contributed to a steady rise in sophisticated ransomware attacks. Ransomware authors are increasingly staying under the radar by launching encryption-less attacks which involve large volumes of data exfiltration. Organizations must move away from using legacy point products and instead migrate to a fully integrated zero trust platform that minimizes their attack surface, prevents compromise, reduces the blast radius in the event of a successful attack, and prevents data exfiltration.

Segment Resources: https://www.zscaler.com/press/zscaler-2023-ransomware-report-shows-nearly-40-increase-global-ransomware-attacks

https://www.zscaler.com/blogs/security-research/2023-phishing-report-reveals-472-surge-phishing-attacks-last-year

This segment is sponsored by Zscaler.

Visit https://securityweekly.com/zscalerbh to learn more about them!

The security mediascape is buzzing with discussions around the growing threat of generative AI. But, how can we use this powerful new weapon for good? In this executive interview, IRONSCALES CEO Eyal Benishti walks us through the ways in which generative AI can be used to significantly harden organizations’ cyber defenses, and even unveils the latest, cutting-edge tools to be added to IRONSCALES’ growing AI suite of capabilities. Meet IRONSCALES’ Themis Co-Pilot for Outlook and learn how your team can use artificial intelligence to tip the scales back in your favor.

Segment Resources: https://ironscales.com/company/news-awards/news/ironscales-announces-themis-copilot

Video: https://youtu.be/ayn8ecsNgKY This segment is sponsored by IRONSCALES.

Visit https://securityweekly.com/ironscalesbh to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw-317

News and Interviews from BlackHat 2023 - ESW #328

18 augusti 2023 | 136 min

In the Enterprise Security News, 1. Check Point buys Perimeter 81 to augment its cybersecurity 2. 2023 Layoff Tracker: SecureWorks Cuts 300 Jobs 3. Hackers Rig Casino Card-Shuffling Machines for ‘Full Control’ Cheating 4. ‘DoubleDrive’ attack turns Microsoft OneDrive into ransomware 5. NYC bans TikTok on city-owned devices

As more organizations explore edge computing, understanding the entire ecosystem is paramount for bolstering security and resiliency, especially within a critical industry like healthcare. In this segment, Theresa Lanowitz, Head of Cybersecurity Evangelism at AT&T Business, will provide a deep dive into the state of edge computing—specifically, how it is revolutionizing healthcare. She will discuss key findings from the “2023 AT&T Cybersecurity Insights™ Report: Focus on Healthcare” and provide insight into how to prepare for securing the healthcare edge ecosystem.

This segment is sponsored by AT&T Cybersecurity.

Visit https://securityweekly.com/attcybersecuritybh to learn more about them!

With Active Directory (AD) exploited in 9 out of 10 cyberattacks, delaying AD modernization—especially after a merger or acquisition—can compound security risks. Security is the most compelling reason to migrate to a pristine AD forest or perform an AD forest or domain consolidation, but many organizations delay such projects due to the effort and planning they require. Security Weekly talks with Semperis CEO Mickey Bresman about the keys to a smooth and secure AD modernization strategy.

This segment is sponsored by Semperis.

Visit https://securityweekly.com/semperisbh to learn more about them!

Security organizations are increasingly adopting data lakes and cloud services as additions or alternatives to traditional SIEMs, but face challenges like scarcity of data engineering expertise and high data ingestion and cloud compute costs. To overcome these, a new security data stack is emerging, guided by models like SecDataOps and supported by solutions like Tenzir, purpose-built for security data use cases. In this segment, we will be talking about what is driving the heavy use of data in security operations, why that is stressing traditional security operations tools and processes, and what some early-adopter organizations are doing to meet these challenges.

This segment is sponsored by Tenzir.

Visit https://securityweekly.com/tenzirbh to learn more about them!

The rapid growth of APIs used to build microservices in cloud-native architecture has left many enterprises in the dark when it comes to knowing where, how many, and what types of APIs they have. With multiple teams creating their own API endpoints without shared visibility or governance, exposed APIs can become a critical threat vector for hackers to exploit. Edgio's new advanced API security capabilities give customers integrated and unparalleled protection at the edge, protecting APIs that are critical to modern businesses. Edgio delivers these services as part of its fully integrated holistic Web Application and API protection solutions giving customers the ability to respond to threats quicker. An edge-enabled holistic security platform can effectively reduce the attack surface, and improve the effectiveness of the defense while reducing the latency of critical web applications via its multi-layered defense approach. Edgio's security platform “shrinks the haystacks” so that organizations can better focus on delivering key business outcomes.

This segment is sponsored by Edgio.

Visit https://securityweekly.com/edgiobh to learn more about them!

Offensive security is a proactive approach that identifies weaknesses using the same exploitation techniques as threat actors. It combines vulnerability management with pen testing and red team operations to “expose and close” vulnerabilities before they are exploited.

This segment is sponsored by Fortra.

Visit https://securityweekly.com/fortrabh to learn more about them!

Join us at Black Hat as we delve into the world of Managed Detection and Response (MDR) providers. In this podcast, we'll explore the critical factors to consider when selecting an MDR provider, uncover the common shortcomings in their services, and discuss the necessary evolution required to ensure ongoing effectiveness and enhanced value for customers. Get ready to unravel the complexities of MDR and gain insights into the future of this vital cybersecurity solution.

This segment is sponsored by Critical Start.

Visit https://securityweekly.com/criticalstartbh to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-328

Dilithium, Africa, Suse, Citrix, QR, AI, & More News - SWN #319

18 augusti 2023 | 27 min

Defending Public Infrastructure While At War - Antranig Vartanian - PSW #795

18 augusti 2023 | 211 min

DEFCON, ScrutisWeb, DoubleDrive, GitHub, npms, AI Cheating, More news, and Jason Wood - SWN #318

15 augusti 2023 | 30 min

CISO in Crisis, but Will the SEC Regulations Make a Difference and New NIST CSF Draft - BSW #316

15 augusti 2023 | 56 min

Pointers and Perils for Presentations - Josh Goldberg - ASW #251

15 augusti 2023 | 85 min

Black Hat Startup Spotlight Finalists - Alex Matrosov, Ian Amit - ESW #327

11 augusti 2023 | 156 min

Creepy AI, Codesys, Kyber768, .Net, Gootloader, DARPA, EvilProxy, Aaran Leyland - SWN #317

11 augusti 2023 | 34 min

Incident Response Readiness - Gerard Johansen - PSW #794

10 augusti 2023 | 207 min

You've Got Appsec, But Do You Have ArchSec? - Merritt Baer - ASW #250

8 augusti 2023 | 75 min

BilDad, points.com, Papercut, Prospect , SMS, Microsoft, DAAS, Jason Wood, and More - SWN #316

8 augusti 2023 | 32 min

Deciphering The National Cyber Workforce and Education Strategy - Dr. José-Marie Griffiths - BSW #315

8 augusti 2023 | 56 min

Surging Email Impersonation Threats, Creating Online Kids' Safety Community - Fareedah Shaheed, John Wilson - ESW #326

4 augusti 2023 | 142 min

Midnight Blizzard, Cult of the Dead Cow, Five Eyes, Aaran Leyland, and More News - SWN #315

4 augusti 2023 | 28 min

Incident Response Stories - Bill Swearingen - PSW #793

3 augusti 2023 | 194 min

Identity and Verifiable Credentials in Cars - Eve Maler - ASW #249

1 augusti 2023 | 74 min

Throbbing Elon, China, Dragos, Ransomware, Tomcat, Ivanti, Jason Wood and More - SWN #314

1 augusti 2023 | 32 min

How to Effectively Embrace and Protect Generative AI Tools, Models, & Data - Randy Lariar - BSW #314

1 augusti 2023 | 53 min

Post-Breach: The Hardening Continues - Sean Metcalf - PSW #792

1 augusti 2023 | 228 min

Rethinking the CISO Model, Edge Ecosystem Insights - Nathan Case, Theresa Lanowitz - ESW #325

28 juli 2023 | 154 min

GameOver(lay), ZenBleed, Maximus, Redline, the SEC, More News & Aaran Leyland - SWN #313

28 juli 2023 | 31 min

Navigating the Complexities of Development to Create Secure APIs - Kristen Bell - ASW #248

25 juli 2023 | 78 min

Improving Diversity and Accessibility in Cybersecurity - Laurie Salvail - BSW #313

25 juli 2023 | 70 min

Citrix, Ivanti, DOJ changes, Elon X, TETRA Radio, Google WEI, Jason Wood, and More - SWN #312

25 juli 2023 | 30 min

Enhancing Enterprise Security UX: Embracing Zero-ish Trust - Ryan Fried, Juliet Okafor - ESW #324

21 juli 2023 | 148 min

AirGaps, Slackware, Mitnick, Awareness, Microsoft, Bad API, Aaran Leyland and More - SWN #311

21 juli 2023 | 31 min

Security Certification - Rohit Misuriya, Sumit Siddharth - PSW #791

20 juli 2023 | 198 min

Brian Glas - ASW #247

18 juli 2023 | 81 min

Scotty in Hell, CISA, S3, White House,Microsoft, Mali, Jason Wood and More - SWN #310

18 juli 2023 | 29 min

Say Easy, Do Hard - BSW #312

18 juli 2023 | 60 min

SIEM Rules - Eric Capuano, Tim MalcomVetter - ESW #323

14 juli 2023 | 144 min

Microsoft, Zimbra, Rockwell, Joe Biden, Tax Software, Black Mirror, and Aaran Leyland - SWN #309

14 juli 2023 | 30 min

Getting Control Of Your Security Data Pipeline - JP Bourget - PSW #790

13 juli 2023 | 165 min

Software Trust & Adversaries, Developer-Focused Security - Shannon Lietz, Melinda Marks - ASW #246

11 juli 2023 | 77 min

Hairy Tongue, MoveIt redux, HCA, Apple, Threads, Jason Wood, and More on SWN - SWN #308

11 juli 2023 | 30 min

The Golden Age of Email Security - Jess Burn - BSW #311

11 juli 2023 | 54 min

AI Bots - SWN Vault

7 juli 2023 | 38 min

Zero to Full Domain Admin: The Real-World Story of a Ransomware Attack - Joseph Carson - ESW Vault

6 juli 2023 | 35 min

The Psychology of Training - Matias Madou - ASW Vault

5 juli 2023 | 35 min

Thoughts From A Security Legend - Dan Geer - PSW Vault

5 juli 2023 | 40 min

Killer Robots - SDL - SWN Vault

4 juli 2023 | 24 min

Russian Satellites, Cl0p, CISA, YouTube, ArcServ, EarlyRat, Aaran Leyland, & More - SWN #307

3 juli 2023 | 29 min

The Fifth Domain - Richard Clarke - BSW Vault

3 juli 2023 | 29 min

Unveiling DSPM & the Future of Cloud Data Security: State of IoT in 2023 - Dan Benjamin, Paddy Harrington - ESW #322

30 juni 2023 | 152 min

Adversary Emulation w/ Carlos Perez - PSW #789

29 juni 2023 | 172 min

Latest Web Vulnerability Trends & Best Practices - Patrick Vandenberg - ASW #245

28 juni 2023 | 75 min

Win 3.1, Fortinet, Women in Cyber, Teams, IOS, Mockingjay, Jason Wood and More - SWN #306

28 juni 2023 | 33 min

Vendor Consolidation, CISO Burnout Prevention & Maximizing Leadership Potential - Shawn Surber - BSW #310

27 juni 2023 | 55 min

Penetration Testing Stories w/ Emilie St-Pierre - PSW #788

22 juni 2023 | 197 min

How Good CISOs Build Bad Security Programs - Juliet Okafor - ESW Vault

22 juni 2023 | 34 min

Policy Momentum in Coordinated Vulnerability Disclosure - Amit Elazari - ASW Vault

20 juni 2023 | 38 min

The 4 C's of Leadership with Michael Santarcangelo - BSW Vault

19 juni 2023 | 31 min

Downer News Week - Andrew Mundell, Daniel Corbett - ESW #321

16 juni 2023 | 128 min

Killer Robots, ESXI, Lockbit, MoveIt, CISA, SEC, Texas, Aaran Leyland, & More - SWN #305

16 juni 2023 | 31 min

Enhancing Security: App Modernization, Identity Orchestration, & Big IAM Challenge - Eric Olden - ASW #244

14 juni 2023 | 80 min

Interview with Bill Cheswick - PSW VAULT

14 juni 2023 | 47 min

Mad Dogs & Paper Clips, Fortinet, MoveIt, BatCloak, More News, & Jason Wood - SWN #304

13 juni 2023 | 34 min

Where is the Human in Your Risk Management Program? - Ashley Rose - BSW #309

12 juni 2023 | 63 min

Phrenology, Barracuda, MoveIt, Lazarus, Minecraft, ChatGPT, Adrian Sanabria, & More - SWN #303

9 juni 2023 | 37 min

Daniel Miessler, Alex Babin - ESW #320

8 juni 2023 | 153 min

This is the first interview in a two-part AI special! First up, we talk with Daniel Miessler, who has been following the generative AI trend very closely and is one of the most prolific writers and thought leaders on the topic. It's a massively divisive topic with the most successful product ever launched (ChatGPT). Some folks think it's overhyped, some think it's going to replace all the worst parts of the worst jobs, and others think it could be the beginning of the end for humanity. While other interviews on GenAI get deep into conversations on the future of humanity, we're going to stay closer to home on this one. It seems clear that GenAI will transform the enterprise more quickly than any other technology trend we've seen. We'll discuss what security needs to do to prepare for this shift, and why security teams should begin exploring GenAI themselves as soon as possible. Generative AI is taking the world by storm. Naturally, enterprises are looking for ways to integrate the innovative technology into their techstack, boost productivity of the knowledge workers and overall increase their ROI. The question is, how to do it without compromising data privacy and security standards of the enterprises. Segment Resources: https://zerosystems.com/ In this episode we briefly cover funding, and discuss Snyk's acquisition of Enso Security and Cisco's Armorblox buy. We discuss some new open source AI tools: privateGPT, llm, ttok, and strip-tags. We discuss the death of Meta's massive Metaverse movement and go DEEP down the rabbithole on the new Stop Silly Security Awards website. Artifact's AI rewrites clickbaity headlines and we wrap up by exploring a very entertaining Map of GitHub communities: https://anvaka.github.io/map-of-github/

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/esw-320

L0pht Heavy Industries Panel - PSW Vault

7 juni 2023 | 62 min

AI, Kimsuky, SMBs, MoveIt, Gigabyte, Splunk, Chrome, more news, & Jason Wood - SWN #302

6 juni 2023 | 31 min

New AI Algorithm Regulations Coming: Will Yours Pass Government Scrutiny? - Mike O'Malley - BSW #308

6 juni 2023 | 61 min

What's the Deal with API Security? - Sandy Carielli - ASW #243

6 juni 2023 | 77 min

Crazy Chronicles: Hilarious Penetration Tester Stories & Unbelievable Security News - PSW #787

2 juni 2023 | 194 min

What We've Learned From Interviewing Cybercriminals - Adam Janofsky - ESW Vault

1 juni 2023 | 40 min

Career Ladders In Information Security - Marc French - BSW Vault

31 maj 2023 | 38 min

Doing Application Security Right - Farshad Abasi - ASW VAULT

29 maj 2023 | 36 min

SWN #301 - Brain Implants, Volt Typhoon, CosmicEnergy, OAuth, ILoveYou , Aaran Leyland, and More

26 maj 2023 | 30 min

ESW #319 - Amitai Ratzon, Steve Ragan, Deepika Chauhan, Thomas Kinsella, Jon Check

26 maj 2023 | 145 min

On this edition of the ESW news, we're all over the place! Funding and acquisitions are a little sad right now, but AI and TikTok bans raise our spirits. The hosts are split on feelings about the new .zip gTLD, there's a new standard for scoring an "AI Influence Level" (AIL), and lessons learned from Joe Sullivan's case and other Uber breaches. Also, don't miss the new AI tool DragGAN, which enables near magical levels of ease when manipulating photos.

What's even real anymore? We might not be able to tell for long... The reality is no organization is insusceptible to a breach – and security teams, alongside the C-suite, should prepare now to make the response more seamless once a crisis does happen. Based on his experience working 1:1 with security leaders in the private and public sectors, Jon Check, executive director of Cyber Protection Solutions at Raytheon Intelligence & Space, will share the critical steps organizations must take to best prepare for a security breach.

This segment is sponsored by Raytheon. Visit https://securityweekly.com/raytheonrsac to learn more about them!

While companies utilize dozens of security solutions, they continue to be compromised and are continually searching for their real cybersecurity gaps amongst the overload of vulnerability data. A primary issue security teams face is that they lack a way to continuously validate the effectiveness of the different security solutions they have in place. Automated Security Validation is revolutionizing cybersecurity by applying software validation algorithms, for what was once manual penetration testing jobs. It takes the attacker's perspective to challenge the integrity and resilience of security defenses by continuously emulating cyber attacks against them.

This segment is sponsored by Pentera. Visit https://securityweekly.com/penterarsac to learn more about them!

Security teams are always on the lookout for external threats that can harm our organizations. However, an internal threat can derail productivity and lead to human error and burnout: repetitive, mundane tasks. To effectively defend against evolving threats, organizations must leverage no-code automation and free analysts to focus on higher-level projects that can improve their organization’s security posture.

This segment is sponsored by Tines. Visit https://securityweekly.com/tinesrsac to learn more about them!

In today’s hyper-connected world, devices are everywhere, people are online constantly and sensitive data has moved to the cloud. Given these trends, organizations are making digital trust a strategic imperative. More than ever, companies need a unified platform, modern architecture and flexible deployment options in order to put digital trust to work.

This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them!

Bill Brenner, VP of content strategy at CyberRisk Alliance, and Cisco storyteller/team leader/editor Steve Ragan discuss the issues security professionals are sinking their teeth into at RSA Conference 2023, including:

Threats organizations face amid geopolitical strife (Russia/Ukraine, China, North Korea)
What SOCs need to respond to a world on fire (training for cloud-based ops, XDR)
Challenges of identity and access management (zero trust, MFA, hybrid work environments)
Challenges of vulnerability management (finding the most critical flaws in the cloud, key attack vectors in 2023, ransomware)

This segment is sponsored by Cisco. Visit https://securityweekly.com/ciscorsac to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/esw319

Generative AI Security Implications - Liam Mayron - PSW #786

25 maj 2023 | 188 min

SWN #300 - Space, Naughty Cell Phones, HP, ASUS, Meta, Google, Gil Kirkpatrick and more

23 maj 2023 | 31 min

ASW #242 - Ten Things I Hate About Lists

23 maj 2023 | 77 min

BSW #307 - Matt Radolec

22 maj 2023 | 68 min

SWN #299 - Wemo Vulnerability, EXSI Threats, Critical Cisco Flaws, IAM, Malware, and More

19 maj 2023 | 27 min

ESW #318 - Mickey Bresman, Dave Merkel, Michaël Lakhal, Ashley Leonard, Jason Rolleston, Eve Maler

18 maj 2023 | 145 min

This week, we discuss fundings, acquisitions (TWO DSPM exits!), the ongoing market downturn/weirdness, and surprise - LLM-based AIs! We spend a fair amount of time talking about the importance of breach transparency - we need to be able to learn from others' failures to improve our own defenses. We also discuss the inevitable 'One App To Rule them All' that will serve as an all-knowing personal assistant. It will integrate with all our comms, calendars, and notes, which will be scary and fraught with privacy and security issues. But Tyler and Adrian still yearn for it, as their pre-frontal cortexes become increasingly dulled by scotch and beer.

Enterprises are struggling to manage and reduce their organizational attack surface, especially with a shortage of skilled staff. Find out how some security executives are tackling this challenge by automating their IT and vulnerability management.

This segment is sponsored by Syxsense. Visit https://securityweekly.com/syxsensersac to learn more about them!

Cars have evolved from a physical mode of transportation to a digitized experience, bringing with it new risks and challenges in security, privacy and user experience. Putting identity at the center of the connected world solves simplicity and safety challenges, including physical safety, digital security and data privacy. Furthermore, decentralized identity plays a major role in a better, more secure seamless experience – not just for vehicles, but for society at large.

This segment is sponsored by ForgeRock. Visit https://securityweekly.com/forgerockrsac to learn more about them!

There is a war on trust in the digital world, and people are caught in the crosshairs. Everywhere we look, there are identity risks with crippling repercussions for businesses, whether fake people, fake content, or insecure web links. With the rise of generative AI tools in business, threat actors are utilizing these technologies to create more sophisticated phishing emails – mimicking brands and tone or more easily translating copy into several languages making them more difficult to identify and easily connecting hackers with global audiences. Now is the time to implement solutions that empower a connected thread of trust between businesses and users – before all trust is lost.

This segment is sponsored by OneSpan. Visit https://securityweekly.com/onespanrsac to learn more about them!

Semperis CEO Mickey Bresman sits down with SC Magazine to share practical steps for improving Active Directory resilience in the face of escalating cyberattacks, using real-world examples. With cybercrime costs projected to reach $8 trillion in 2023 and AD being the top target for attackers, organizations must prepare to detect, respond, and recover from AD-based attacks. Learn how InfoSec and IAM teams can operationalize the Gartner "top trending" topic of identity threat detection and response (ITDR) to ward off attackers and take back the advantage.

This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisrsac to learn more about them!

Today’s CISOs are laser focused on three imperatives: reducing risk; reducing operational costs, and attracting or retaining top talent. All three priorities are driven by creating a better SOC analyst experience which translates to less time to detect and respond to an attack. In this discussion, we’ll uncover how Extended Detection & Response (XDR) can drastically improve the SOC analyst experience and alleviate CISOs’ top challenges.

This segment is sponsored by VMware. Visit https://securityweekly.com/vmwarecarbonblackrsac to learn more about them!

While emerging cyber threats and vulnerabilities tend to dominate headlines, criminals often exploit known vulnerabilities to gain access to critical systems and data for nefarious purposes. And with the number of vulnerabilities rising constantly, they can pose significant risk to organizations, especially if defenders don’t know which ones are critical. Learn how Expel is helping to pull back the curtain on how organizations can more effectively prioritize their most critical vulnerabilities.

This segment is sponsored by Expel. Visit https://securityweekly.com/expelrsac to learn more about them!

Visit https://www.securityweekly.com/esw\ for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/esw318

PSW #785 - Kevin Johnson

18 maj 2023 | 177 min

SWN #298 - ChatGPT, PentestGPT, BurpGPT, Cyber Resilience Act's Poison Pill & Malicious Actors

16 maj 2023 | 29 min

ASW #241 - Asaf Ashkenazi, Chris Eng, Jeff Martin

16 maj 2023 | 68 min

What happens to an app's security after six months? What about a year or two years? A Secure SDLC needs to maintain security throughout an app's lifetime, but too often the rate of new flaws can outpace the rate of new code within an app. Appsec teams need strategies and processes to keep software secure for as long as possible.

Segment Resources:

https://www.veracode.com/state-of-software-security-report

Learn how hackers are exploiting the trust that mobile app owners place in their customers. Hackers are increasingly modifying app code, posing as trusted customers, and infiltrating IT infrastructure.

This segment is sponsored by Verimatrix. Visit https://securityweekly.com/verimatrixrsac to learn more about them!

Unlike vulnerabilities, which can and do often exist for months or years in application code without being exploited, a malicious package represents an immediate threat to an organization, intentionally designed to do harm. In the war for cybersecurity, attackers are innovating faster than companies can keep up with the threats coming their way. A new approach is needed to stay ahead of the impacts of malicious packages within applications. Findings from our latest report "Malicious Packages Special Report: Attacks Move Beyond Vulnerabilities" illustrate the growing threat of malicious packages. From 2021 to 2022, the number of malicious packages published to npm and rubygems alone grew 315 percent. Mend.io technology detected thousands of malicious packages in existing code bases. The top four malicious package risk vectors were exfiltration, developer sabotage, protestware, and spam. Nearly 85 percent of malicious packages discovered in existing applications were capable of exfiltration – causing an unauthorized transmission of information. Threat actors leveraging this type of package can easily collect protected information before the package is discovered and removed. We’ll share why as long as open source means open, the door will be left open to bad actors, so it’s especially critical to know when things are being brought into your code. Malicious packages represent an immediate threat, unlike vulnerabilities, and can not be taken lightly.

This segment is sponsored by Mend.io. Visit https://securityweekly.com/mendrsac to learn more about them!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/secweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/asw241

BSW #306 - Mayeuresh Ektare, Molly McLain Sterling, Lenny Zeltser

15 maj 2023 | 63 min

SWN #297 - Terminators, Joe Sullivan, Dragos, ESXi, Microsoft, Greatness, Jessica Davis and More

12 maj 2023 | 35 min

ESW #317 - Brian Kenyon, Rhett Dillingham, Antonio Sanchez, Deepen Desai

12 maj 2023 | 142 min

We are nearly half way through 2023, and we're seeing some new trends surface in the cyber landscape. These include generative artificial intelligence, which was everywhere at RSA Conference this year, as well as automation across security operations and the continued need for skilled expertise. Join Matt Alderman from CyberRisk Alliance and Antonio Sanchez, Principal Evangelist at Fortra, as they dive into 2023 cybersecurity trends and observations.

Segment Resources: https://www.fortra.com/resources/cybersecurity-education?code=cmp-0000011812&ls=717710002&utm_source=cyberrisk-alliance&utm_medium=contsynd&utm_campaign=ft-brand-awareness https://www.fortra.com/products/bundles?code=cmp-0000011812&ls=717710002&utm_source=cyberrisk-alliance&utm_medium=contsynd&utm_campaign=ft-brand-awareness

This segment is sponsored by Fortra. Visit https://securityweekly.com/fortra to learn more about them!

In the enterprise security news, A slow week for funding, but, as always, a busy week for AI news! Databricks acquires Okera, CrowdStrike, Fortinet and other cybersecurity shares rise, Merck might finally see that $1.4 billion dollar NotPetya payout, Ex-Uber CISO Joe Sullivan won’t go to jail, Google rolls out passkey support, Do Bartenders make good pen testers?, ICS using steganography to hide data, DEF CON will unleash hackers on Large Language Models, and Security’s eternal prioritization problem!

The browser is the most used application, but was never built with the needs of the enterprise in mind. The Enterprise Browser delivers a whole new level of visibility, security and governance. This conversation will explore the benefits of the Enterprise Browser and the gaps it is filling for enterprises around the world.

This segment is sponsored by Island. Visit https://securityweekly.com/islandrsac to learn more about them!

Resilience and the capacity for reinvention have never been more important. In a world evolving at the speed of tech and roiled by the pandemic, enterprises that have security innovation woven into their DNA enjoy a distinct advantage. Learn more.

This segment is sponsored by Sumo Logic. Visit https://securityweekly.com/sumologicrsac to learn more about them!

The increased prevalence of phishing kits sourced from black markets and chatbot AI tools like ChatGPT has seen attackers quickly develop more targeted phishing campaigns. This improved targeting has simplified the process of manipulating users into taking actions that compromise their security credentials, leaving them and their organizations vulnerable.

This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscalerrsac to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/esw317

PSW #784 - Paula Januszkiewicz

11 maj 2023 | 177 min

SWN #296 - Chat GPT, QR codes, Boot Guard, Akira, SuperCare, Jason Wood, and More News

9 maj 2023 | 37 min

ASW #240 - Kelly Shortridge, Eric Fourrier, Richard Yew

9 maj 2023 | 71 min

What does software resilience mean? Why is status quo application security unfit for the modern era of software? How can we move from security theater to security chaos engineering? This segment answers these questions and more.

Segment Resources:

Book -- https://securitychaoseng.com

Blog -- https://kellyshortridge.com/blog/posts/

In the ever-evolving world of cybersecurity, attackers are constantly finding new ways to infiltrate your software supply chains. But with GitGuardian's Honeytoken, you can stay ahead of the game. Deploy honeytokens at scale, monitor for unauthorized use, and detect intrusions before they can wreak havoc on your system. With Honeytoken, you'll have the insight you need to protect your confidential data and know where, who, and how attackers are trying to access it.

This segment is sponsored by GitGuardian. Visit https://securityweekly.com/gitguardianrsac to learn more about them!

In light of the constant change in the threat landscape, how does an organization keep up with the attackers who're always innovating? New specialized security solutions are regularly being introduced to address new threats, increasing complexities and the non-functional requirement(NFRs) associated with integration of these systems to already complicated enterprise web applications. How does an organization implement holistic defense without increasing cost, complexity and impacting user experience? Edgio will address how an edge-enabled holistic security platform can effectively reduce the attack surface, improve the effectiveness of the defense while reducing the latency of critical web applications via it’s multi-layered defense approach. It also offers the ability to integrate with an enterprises' DevSecOps workflow to achieve better security practices. Edio will discuss how its security platform “shrinks the haystacks” so that organizations can better focus on delivering key business outcomes.

This segment is sponsored by Edgio. Visit https://securityweekly.com/edgiorsac to learn more about them!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/secweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/asw240

BSW #305 - Alla Valente, Joe Payne, Jim Broome, Cody Scott

8 maj 2023 | 65 min

Each year, Forrester tracks the top systemic risks — external events that impact your firm and customers but are out of your control — facing organizations. The impacts of climate change are both short-term, in the form of severe weather, drought, and heat waves, and long-term, in the form of biodiversity loss, sea-level rise, and rising temperatures. Want to see where climate risk ranked on the list? Read The Top Systemic Risks, 2023 (https://www.forrester.com/report/the-top-systemic-risks-2023/RES179156) or listen to this segment on Business Security Weekly.

A resilient cybersecurity strategy is essential to running your business while protecting against security threats and preventing data breaches. For CISOs, partnering with a managed service security provider (MSSP) means you can be in control of your organization’s information and infrastructure security without placing a strain on internal personnel or resources which is critical in today’s uncertain economy. With an MSSP on board, CISOs are better equipped to meet strategic and business goals, while improving operations and reducing expenses. This interview will discuss not only why to consider an MSSP but how to choose the right one for the job.

This segment is sponsored by Direct Defense. Visit https://securityweekly.com/directdefensersac to learn more about them!

Insider Risk is a problem that continues to grow - and that companies are still struggling to solve. CISOs state that it is the number one most difficult threat to detect, placing it over malware and ransomware. Code42 President and CEO Joe Payne will explain why the Insider Risk problem is so challenging and will offer guidance on how to solve it.

This segment is sponsored by Code42. Visit https://securityweekly.com/code42rsac to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw305

SWN #295 - Kimsuky, WinRAR, Microsoft, AI, Siemens, Apple, Aaran Leyland and more

5 maj 2023 | 30 min

ESW #316 - Theresa Lanowitz, Vinay Anand, Christopher Kruegel, Geoff Bibby, Randy Watkins, Nick Biasini

5 maj 2023 | 148 min

This week, we start with the news: 2 weeks of news to catch up on! 16 funding stories, 4 M&A stories, Cybereason prunes its valuation… a lot, First Republic Bank seized by FDIC, Ransomware is irrelevant Sun Tzu hates infosec, AI Trends, Kevin Mandia’s 7 tips for defense, & How much time should we spend automating tasks?

Christopher will delve into what lateral security/lateral movement are and identify key lateral security tools (network segmentation, micro-segmentation, advanced threat prevention systems, network sandboxes, and network traffic analysis/network detection and response). He will also touch on why automation is important when it comes to consistent security and the current threat landscape.

This segment is sponsored by VMware. Visit https://securityweekly.com/vmwarenetsecrsac to learn more about them!

AT&T Cybersecurity released its 12th annual Cybersecurity Insights Report, “Edge Ecosystem,” which highlights the dramatic shift in computing underpinned by 5G, the edge, and the convergence of networking and security. The report found that business and technology leaders are finally coming together not just to understand the new edge computing ecosystem, but to make more predictable, data-informed business decisions. Collaboration among these leaders, as well as external partners in the ecosystem, will be critical for the edge journey ahead – but more progress must be made to better leverage the edge and transform the business.

This segment is sponsored by AT&T Cybersecurity. Visit https://securityweekly.com/attrsac to learn more about them!

EASM is a critical component of continuous threat exposure management and a necessary step in improving validation and vulnerability management processes. Gartner recently published a report describing the evolution of EASM and where it's headed in the market. We're excited to see the market move in this direction because, at NetSPI, we're already committed to investing in our team and technology to stay ahead of these trends. We already have a head start.

This segment is sponsored by NetSpi. Visit https://securityweekly.com/netspirsac to learn more about them!

“Man plans, the Universe laughs” - unfortunately, that’s been the saying for far too long when it comes to cybersecurity. Security leaders know it's only a matter of time before their organization gets breached, but instead of being ready for it, they rely on fixing the problem after it happens. In Cisco’s newest report, the first ever Cybersecurity Readiness Index, it was found that a small minority of businesses globally (15%) consider themselves to be ready and able to defend against the expanding array of cybersecurity risks and threats of today. Organizations need to get ready and stay ready with solutions they can trust.

This segment is sponsored by Cisco. Visit https://securityweekly.com/ciscorsac to learn more about them!

OpenText Cybersecurity is on a mission to simplify security by delivering smarter, innovative solutions. Geoff Bibby, the SVP of OpenText Cybersecurity Marketing & Strategy, will offer insight into the company’s purpose-built approach to create a powerhouse cybersecurity portfolio that scales to meet the security needs of large enterprises down to individual consumers.

This segment is sponsored by OpenText. Visit https://securityweekly.com/opentextrsac to learn more about them!

The continued headcount shortage facing cybersecurity teams is driving many organizations to embrace Managed Detection and Response (MDR) as a way to combat cyber threats. With this demand, dozens of MDR companies have emerged over the past two years. Critical Start’s CTO, Randy Watkins, will discuss the origin of MDR, share evaluation tips, and reveal some of the potential pitfalls.

This segment is sponsored by Critical Start. Visit https://securityweekly.com/criticalstartrsac to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/esw316

PSW #783 - Rob Fuller

4 maj 2023 | 167 min

SWN #294 - Pornhub, LobShot, TMobile, lawsuits, CISA, CERN, AI, Jason Wood, and More

2 maj 2023 | 36 min

ASW #239 - Patrick Vandenberg, Karl Triebes, Francesco Cipollone

2 maj 2023 | 81 min

Application security is messy and is getting messier. Modern application security teams are struggling to identify what's more important to fix. Cloud security and application security is getting squeezed all together. Modern vulnerability maturity needs a new approach and guidance. Vulnerability management framework and mature defect management is often overlooked as organizations tend to identify issues and stop there. The devil is usually in the details and time gets burned down in identifying who needs to solve what where. Vulnerability Management Maturity Framework has been created to address that.

Segment Resources:

Framework: https://phoenix.security/vulnerability-management-framework/

Books on metrics: https://phoenix.security/whitepapers-resources/data-driven-application-security-vulnerability-management-are-sla-slo-dead/

Vulnerability aggregation and prioritization https://phoenix.security/whitepapers-resources/whitepaper-vulnerability-management-in-application-cloud-security/

Shift left: https://phoenix.security/shift-everywhere/

Vulnerability management talk: https://phoenix.security/web-vuln-management/

Vulnerability management framework playlist (explained) https://www.youtube.com/playlist?list=PLVlvQpDxsvqHWQfqej5Gs7bOd-cq8JO24

How to act on risk: https://phoenix.security/phoenix-security-act-on-risk-calculation/

Without visibility into your entire web application attack surface and a continuous find and fix strategy, dangerous threats can expose your organization's blind spots and create risk. Invicti analyzes common web application vulnerabilities across thousands of assets yearly and releases the Invicti AppSec Indicator for a holistic view of application vulnerability trends from automated scan results across regions. In this interview, Invicti's Patrick Vandenberg zooms in on the vulnerabilities plaguing organizations, providing insight into this year's report trends, and guidance on how CISOs and AppSec program leaders can create an environment for their teams that mitigates risk.

Segment Resources: https://www.invicti.com/clp/appsec-indicator/?utm_medium=contentsyn&utm_source=sc_media&utm_campaign=i-syn_RSA-CRA-interview-2023&utm_content=230424-ga_spring-appsec-indicator&utm_term=brand T

his segment is sponsored by Invicti. Visit https://securityweekly.com/invictirsac to learn more about them!

Flaws in the design and implementation of an application can create business logic vulnerabilities that allow attackers to manipulate legitimate functionality to achieve a malicious goal. What’s more, API-related security incidents exploit business logic, the programming that manages communication between the application and the database. In this discussion, Karl Triebes shares what you need to know about business logic attacks to effectively protect against them.

This segment is sponsored by Imperva. Visit https://securityweekly.com/impervarsac to learn more about them!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/secweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/asw239

BSW #304 - Kunal Anand, John Grancarich

1 maj 2023 | 58 min

SWN #293 - Github, FIN7, Banks, Minecraft, Qualcomm, TenCent, BlueSky, Derek Johnson, and More

28 april 2023 | 35 min

PSW #782 - Kaitlyn Handelman

27 april 2023 | 175 min

STM32 boards, soldering, decapping chips, RTOS development, lasers, multiple flippers and for what you ask? So I can be alerted about a device I already know is there. The Flipper Zero attracted the attention of news outlets and hackers alike as people have used it to gain access to restricted resources. Is the Flipper Zero that powerful that it needs to be banned? This is a journey of recursion and not taking “no” for an answer. Kailtyn Hendelman joins the PSW crew to discuss the Flipper Zero and using it to hack all the things. In the Security News: SSDs use AI/ML to prevent ransomware (And more buzzword bingo), zombie servers that just won't die, spectral chickens, side-channel attacks, malware-free cyberattacks!, your secret key should be a secret, hacking smart TVs with IR, getting papercuts, people still have AIX, ghosttokens, build back better SBOMs, Salsa for your software, Intel let Google hack things, and they found vulnerabilities, and flase positives on your drug test, & more!

Flipper resources: * [Changing Boot Screen Image on ThinkPad's UEFI](https://www.youtube.com/watch?v=kvqZRTMAlMA -Flipper Zero) * [A collection of Awesome resources for the Flipper Zero device.](https://github.com/djsime1/awesome-flipperzero) * [Flipper Zero Unleashed Firmware](https://github.com/DarkFlippers/unleashed-firmware) - This is what Paul is using currently. * [A maintained collective of different IR files for the Flipper!](https://github.com/UberGuidoZ/Flipper-IRDB) - Paul uses these as well. * [Alternative Infrared Remote for Flipperzero](https://github.com/Hong5489/ir_remote)

Visit https://www.securityweekly.com/psw for all the latest episodes!

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw782

SWN #292 - Mark Twain, TP Link, Intel, Papercut, Rustbucket, SolarWinds, Jason Wood, and More

25 april 2023 | 32 min

ASW #238 - Jeff Moss

25 april 2023 | 80 min

BSW #303 - Say Easy, Do Hard - Closing the Skills Gap

24 april 2023 | 66 min

SWN #291 - Clop, EvalPhP, VMWare, Google, Fancy Bear, Routers, 3CX, Aaran Leyland, and More

21 april 2023 | 35 min

ESW #314 - Ernie Bio, Sandy Carielli

21 april 2023 | 157 min

ESW #315 - Matt Johansen, Kayla Lee, Vadim Lyubashevsky

21 april 2023 | 142 min

PSW #781 - Ivan Arce

20 april 2023 | 179 min

BSW #302 - Aviv Grafi

19 april 2023 | 66 min

ASW #237 - Ben Sadeghipour

18 april 2023 | 71 min

SWN #290 - Sisyphus and Elon, Action1, CyberInsurance, CISA, LockBit, AI, more News & Jason Wood

18 april 2023 | 34 min

SWN #289 - MSMQ, CLFS, Fortinet, Spectre redux, Google Pay, BingBots, Aaran Leyland, and More

14 april 2023 | 36 min

ESW #313 - Pablo Zurro, Travis Howerton

14 april 2023 | 148 min

Fortra's Core Security has conducted it's fourth annual survey of cybersecurity professionals on the usage and perception of pen testing. The data collected provides visibility into the full spectrum of pen testing’s role, helping to determine how these services, tools, and skills must evolve.

Segment Resources:

https://www.fortra.com/resources/guides/2023-pen-testing-report

This segment is sponsored by Fortra's Core Security. Visit https://securityweekly.com/fortracoresecurity to learn more about them!

Compliance with cyber security frameworks such as NIST, PCI, HIPAA, etc. have largely been driven by paper-based processes in Word and Excel. With the rise of cloud computing, containers, and ephemeral systems, paper-based processes can no longer keep up with the speed of business and compliance has become the new bottleneck to progress for highly regulated industries such as government, finance, and energy sector. This session will cover how RegScale is leading a RegOps movement to bring the principles of DevOps to compliance with the world’s first real-time GRC system that enables compliance as code via NIST OSCAL. RegOps seeks to shift compliance left to make it real-time, continuous, and complete so that paperwork is always up to date, self-updating, and takes less manual resources to manage.

Segment Resources:

Website – https://www.regscale.com

Documentation/Learn More – https://regscale.readme.io

In this news segment, we discuss the art of branding/naming security companies, some new cars just out of stealth, 5 startups just out of Y Combinator, and Cybereason's $100M round from Softbank. We also talk new features (Semgrep's new GPT-4 use case), new newsletters, and new reports. We break down Nexx's broken vulnerability disclosure program and its broken products. We also discuss the FDA's new ability to block device certification for security reasons. Android announces rules to make it easier for consumers to delete accounts and remove data when they uninstall apps. IT and Security professionals everywhere are asked not to report breaches, but in some countries more than others. CISOs are more prone to drinking problems, and finally, for our squirrel stories, we discuss a crazy app called Newnew and new ideas in prosthetics.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/esw313

PSW #780 - Billy Boatright

13 april 2023 | 157 min

ASW #236 - Vandana Verma Sehgal

11 april 2023 | 71 min

SWN #288 - FTX, CISA, Apple, RPKI, Circle, NEXX, MSI, & Jason Wood

11 april 2023 | 31 min

BSW #301 - Fleming Shi

11 april 2023 | 68 min

SWN #287 - Naughty Tesla, Flipper Zero, Rilide, Styx, Genesis, Sophos, Cisco, Meta, and More

10 april 2023 | 30 min

PSW #779 - Sin Ming Loo

7 april 2023 | 190 min

ESW #312 - Tom Kellermann, Donald Fischer

7 april 2023 | 157 min

ASW #235 - Liz Rice

5 april 2023 | 72 min

BSW #300 - The Journey to Episode 300

4 april 2023 | 67 min

SWN #286 - ProtoCell Phones, KEV, Efile, 3CX, Western Digital , NATO, More News & Jason Wood

4 april 2023 | 32 min

SWN #285 - TREXes, WooCommerce, 3CX, Zimbra, OneNote, ChatGPT, ProPump, & Aaran Leyland

31 mars 2023 | 36 min

ESW #311 - Josh Corman, Nick Means

30 mars 2023 | 153 min

PSW #778 - Philippe Laulheret

30 mars 2023 | 177 min

ASW #234 - Frank Catucci

28 mars 2023 | 75 min

SWN #284 - Twitter, Tax Scams, Microsoft, Executive Orders, Pwn2Own, more News & Jason Wood

28 mars 2023 | 33 min

BSW #299 - Melissa Bischoping

28 mars 2023 | 56 min

ESW #310 - Shamim Naqvi, Grace Burkard

24 mars 2023 | 149 min

SWN #283 - TikTok, GitHub, CISA, More CISA, a Little More CISA, Netgear, & DoKwon

24 mars 2023 | 33 min

PSW #777 - Nico Waisman

23 mars 2023 | 196 min

BSW #298 - Jeff Pollard

21 mars 2023 | 67 min

ASW #233 - Josh Goldberg

21 mars 2023 | 77 min

SWN #282 - ZippyShare, NuGet, PinDuoDuo, ERNIE, Lantern, HDDs, & Jason Wood

21 mars 2023 | 36 min

SWN #281 - Financial Scams, Microsoft, BianLian, Leihigh Medical, CISA, & Vile Hackers

17 mars 2023 | 36 min

ESW #309 - Tal Morgenstern, Casey Smith

16 mars 2023 | 145 min

The CI/CD pipeline is the backbone of the software development process, so it's critical to ensure you are meeting and exceeding the most critical security measures. Throughout this podcast, Tal Morgenstern, Co-founder and CSO of Vulcan Cyber, will break down the process of how organizations can properly secure a CI/CD pipeline into a checklist of four key steps, as well as offer a handful of tools and tactics security leadership can use to bake risk-based vulnerability management into their CI/CD pipelines. He will explain how securing your CI/CD pipelines alone is not enough to reduce the chances of cyber attacks and the importance for organizations to not only maintain security at speed and scale, but quality at speed and scale. Finally, Tal will dive into how Vulcan Cyber helps organizations to streamline security tasks in every stage of the cyber-risk management process, integrating with their existing tools for true end-to-end risk management.

Segment Resources:

https://vulcan.io/

https://vulcan.io/platform/

https://vulcan.io/blog/ci-cd-security-5-best-practices/

https://www.youtube.com/watch?v=nosAxWc-4dc

Tap, tap - is this thing on? Why do defenders still struggle to detect attacks and attacker activities? Why do so many tools struggle to detect attacks? Today, we've got an expert on detection engineering to help us answer these questions. Thinkst's Canary and Canarytokens make in catching penetration testers and attackers stupidly simple. Thinkst Labs aims to push these tools even further. Casey will share some of the latest research coming out of labs, and we'll ponder why using deception for detection isn't yet a de facto best practice.

Segment Resources:

https://canary.tools

https://canarytokens.org

https://blog.thinkst.com

Finally, in the enterprise security news, We quickly explain the SVB collapse, A few interesting fundings, Rapid7 acquires Minerva who? We’ll explain. GPT-4 - what’s new? Detect text written by an AI! Then, produce text that can’t be detected as written by an AI! The K-Shaped recovery of the cybersecurity industry, Software Security is More than Vulnerabilities, Microsoft Outlook hacks itself, Robert Downey Jr. gets into teh cyberz, & Reversing intoxication!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/esw309

PSW #776 - Santiago Torres Arias

16 mars 2023 | 171 min

ASW #232 - Josh Grossman

15 mars 2023 | 86 min

BSW #297 - Dr. Kiri Addison

14 mars 2023 | 62 min

SWN #280 - Casper, Flipper, NordVPN, Ring, SVBk, GoBruteforcer, Aaran Leyland, and more

14 mars 2023 | 34 min

ESW #308 - Roland Diaz, Ross Haleliuk

10 mars 2023 | 142 min

SWN #279 - Snailbrook, Xenomorph, SonicWALL, Github, Veeam, TSA, Ring, Aaran Leylan, and more

10 mars 2023 | 36 min

PSW #775 - Ask Our PSW Hosts Anything!

9 mars 2023 | 180 min

ASW #231 - Neatsun Ziv

7 mars 2023 | 80 min

SWN #278 - AI and More AI, Word, OneNote, FiXS, Wago, Water, More News & Aaran Leyland

7 mars 2023 | 38 min

BSW #296 - Terry Ray

7 mars 2023 | 57 min

SWN #277 - Organoids, Decider, BlackLotus, Mustang Panda, Ex22, Dish, Aaran, and more

3 mars 2023 | 55 min

ESW #307 - Raffael Marty, Jim Routh

3 mars 2023 | 150 min

PSW #774 - Asaf Cidon

2 mars 2023 | 176 min

SWN #276 - ClippyNator, NewsCorp, Lastpass, US Marshals, Housez, more News & Jason Wood

1 mars 2023 | 28 min

ASW #230 - Lina Lau

1 mars 2023 | 71 min

BSW #295 - ChatGPT: Cybersecurity's Savior or Devil?

28 februari 2023 | 68 min

Throwback Episode - ESW #293

23 februari 2023 | 45 min

Throwback Episode - PSW #480

23 februari 2023 | 58 min

Throwback Episode - BSW #172

22 februari 2023 | 53 min

Throwback Episode - ASW #178

21 februari 2023 | 33 min

SWN #275 - Liquid Robots, Korean Cars, Fortinet, Atlassian, BingBots, & Derek Johnson

17 februari 2023 | 31 min

ESW #306 - Space Rogue, Pablo Zurro, Dr. Inka Karppinen

16 februari 2023 | 139 min

PSW #773 - Ron Woerner

16 februari 2023 | 187 min

ASW #229 - Nick Selby

14 februari 2023 | 81 min

SWN #274 - Clipper Malware, Chinese Hackers, Record Ddos Attack, Apple Patch & Josh Marpet

14 februari 2023 | 48 min

BSW #294 - Drew Rose

14 februari 2023 | 60 min

SWN #273 - Dysentery, Privacy , Gootloader, Bing Ai, Vela, Reddit, and Bradley Barth

10 februari 2023 | 30 min

ESW #305 - Tom Goings, Ashley Leonard

10 februari 2023 | 147 min

Tanium has recently released a new capability called Tanium Software Bill of Materials (SBOM) to help customers identify third-party libraries associated with software packages.

• What is Tanium SBOM

• Why is it different and why do you need it

• How to configure SBOM

• How to query for the details about every software application in your environment

• Where your vulnerable packages exist

• Ways that Tanium can remediate vulnerabilities from OpenSSL to Struts to Log4j today as well as new supply-chain vulnerabilities in the future

No one knows what the next supply chain vulnerability is going to be, but with Tanium, you will have access to data about how your applications are affected before it happens so that when it does, you're ready to take action to remediate the issue from within the Tanium XEM platform.

Segment Resources:

https://www.tanium.com/products/tanium-sbom/

https://www.tanium.com/press-releases/tanium-launches-software-bill-of-materials-for-unprecedented-visibility-to-combat-supply-chain-threats/

https://www.tanium.com/blog/software-bill-of-materials-openssl/

This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them!

Syxsense and Enterprise Management Associates (EMA) recently teamed up to publish a survey around the current state of Zero Trust within enterprises as well as where it’s going. This interview will discuss the key findings and insights into the challenges many organizations face around Zero Trust, as well as endpoint security and network access.

Segment Resources:

https://www.syxsense.com/advancing-zero-trust-priorities

In the Enterprise News: Whether you want insurtechs or not, they’re here and you’re getting them! Don't worry - we’ll explain what insurtechs are. Two potential deals to take security companies private: Sumo Logic and Rapid 7! Looks like 32 year old security company Cyren is shutting down, hoping for an asset sale. They've already laid off all their employees. Big drama: a firm shorts Darktrace and releases a scathing report. We've got yet more more layoffs this week, but don't fret - the NSA is hiring!

For our squirrel stories, we'll be deciding between three stories: codebreakers solve 500 year old ciphers, the real cost of meetings visualized, and sushi terrorists!

All that and more, on this episode of Enterprise Security Weekly.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/esw305

PSW #772 - Hal Pomeranz

9 februari 2023 | 157 min

PSW #772 - Hal Pomeranz

9 februari 2023 | min

SWN #272 - Chinese Androids, ERNIE, Bard, Fortra, Sunlogin, Dingo, Google, Jason Wood, and More

7 februari 2023 | 34 min

ASW #228 - Adrian Sanabria

7 februari 2023 | 79 min

BSW #293 - Security Money

7 februari 2023 | 63 min

SWN #271 - Chat-Gpt Seinfeld, Qnap, Google Fi, Headcrab, Banner, Goodrx, Oracle, & Goanywhere

3 februari 2023 | 32 min

ESW #304 - Alla Valente, Heidi Shey, Joseph Blankenship

3 februari 2023 | 148 min

PSW #771 - Dan DeCloss

2 februari 2023 | 192 min

ASW #227 - Dr. David Movshovitz

31 januari 2023 | 72 min

SWN #270 - Swiftslicer, Vrealize, Google Play, Keepass, Huawei, & Github

31 januari 2023 | 28 min

BSW #292 - Neil Clauson

31 januari 2023 | 56 min

SWN #269 - Empathy, Bitwarden, Lexmark, Exchange, Dragonbridge, & Derek Johnson Talks About Hive

27 januari 2023 | 31 min

ESW #303 - What Makes A Good Breach Response?

27 januari 2023 | 128 min

PSW #770 - Brian Behlendorf

26 januari 2023 | 168 min

ASW #226 - Marudhamaran Gunasekaran

25 januari 2023 | 78 min

BSW #291 - Doug Hubbard

24 januari 2023 | 76 min

SWN #268 - Chick-Fil-A, Onenote, Xlls, Vastflux, Tmobile, Chatgpt, Ukraine, Lots Of Microsoft

24 januari 2023 | 30 min

Throwback Episode - Andrew Morris - ESW 264

20 januari 2023 | 60 min

Throwback Episode - Gary McGraw - PSW 366

19 januari 2023 | 35 min

Throwback Episode - The 3 Mistakes All First Time CISOs Make That No One Tells You - BSW 227

18 januari 2023 | 38 min

Throwback Episode - Dev(Sec)Ops Scanning Challenges & Tips - ASW 170

17 januari 2023 | 70 min

SWN #267 - Frozen, Fortinet, Scattered Spider, Routers, Apf, Telegram, & Cwp

13 januari 2023 | 30 min

ESW #302 - Brian Contos, Isabelle Roccia

13 januari 2023 | 148 min

Europe is a global driver for privacy rules and digital legislation. Which means it is also a force to be reckoned with when it comes to enforcement. With privacy and security being so intertwined, this conversation will focus on the current mindset in Europe and discuss recent regulators’ decision e.g. on Microsoft 365.

Segment Resources:

The International Association of Privacy Professionals (IAPP) is the world’s largest global information privacy community. IAPP website https://iapp.org/

About membership: https://iapp.org/join/

IAPP training is a path to professional advancement and ANSI/ISO-accredited certification. Developed with leading privacy and data protection experts, our in-depth courses span legal, regulatory, governance, and operational issues. Choose the subjects and training modalities that fit your career goals. More info about all IAPP trainings: https://iapp.org/train/

For example:

• IAPP Foundations of Privacy and Data Protection (Your Starting Point in Privacy Education): https://iapp.org/train/foundations/

• IAPP Privacy in Technology training – CIPT (for Software developers, information security professionals, data architects…): https://iapp.org/train/cipt-training/

Check out IAPP news and resources: https://iapp.org/news/ and https://iapp.org/resources/

Military-grade xIoT hacking tools are in use, cybercrime for hire that’s predicated on compromised xIoT devices has been monetized, and organizations worldwide are already “pwned” without even knowing it. Bad actors are counting on you being passive when it comes to xIoT security. Disappoint them!

Segment Resources:

xIoT Threat & Trend Report https://phosphorus.io/xiot-threat-and-trend-report-2022/

xIoT Security Podcast https://phosphorus.io/podcast/ Phosphorus Labs https://phosphorus.io/labs/

Finally, in the enterprise security news, Not much funding this week, but Netskope raises $400M, and Hack the Box raises $55M! Also, what went wrong with IronNet? The Open Source Index highlights popular security projects, Windows 7 and Windows 8.1 have been put out to pasture, Predictions about personal cybersecurity, Cloud security trends, The ongoing impact of ChatGPT on the security industry, Password hygiene revealed to be terrible in the US Government, All that and more, on this episode of Enterprise Security Weekly.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/esw302

PSW #769 - Kate Stewart

12 januari 2023 | 175 min

ASW #225 - Dan Moore

10 januari 2023 | 80 min

SWN #266 - Codeql, Kinsing, Bit Buckets, Win 7 Is Dead, Spynote, Vall-E, & Aaran Leyland

10 januari 2023 | 43 min

BSW #290 - Tim Brown

10 januari 2023 | 67 min

SWN #265 - Virtual Smells, Werfault, 2012, ChatGPT, Captcha, Rust Hyper, & Qualcomm

6 januari 2023 | 27 min

ESW #301 - David Hunt, Jerry Bell

6 januari 2023 | 138 min

PSW #768 - Robert Martin

5 januari 2023 | 188 min

ASW #224 - Keith Hoodlet

3 januari 2023 | 77 min

SWN #264 - Office Space, Lockbit, 380 volts in Manilla, PyTorch, & Non-Binary RAM

3 januari 2023 | 31 min

BSW #289 - Jon Fredrickson

3 januari 2023 | 79 min

ESW #300 - Parag Bajaria, Terry Barber

17 december 2022 | 149 min

PSW #767 - Holiday Extravaganza

16 december 2022 | 314 min

SWN #263 - Ai, Infragard, Microsoft, Hipaa, Github, Nist, & End Of Year

16 december 2022 | 30 min

BSW #288 - Mike Flouton

14 december 2022 | 58 min

SWN #262 - Chaos, Uberleaks, Esxi, Fortinet, Cloudflare, Praetorian, More News, & Jason Wood

13 december 2022 | 29 min

ASW #223 - Jeevan Singh

13 december 2022 | 81 min

PSW #766 - Sinan Eren, Nate Warfield

12 december 2022 | 225 min

SWN #261 - Ban This, Rackspace, Agrius, Antwerp, New Zealand , Royal, Lensa, & Chat-Gpt

9 december 2022 | 28 min

ESW #299 - Joseph Carson, Lisa Plaggemier

9 december 2022 | 148 min

Announcing Drata’s Series C, Milton Security announces new name, Threathunter.ai, Germany Forces a Microsoft 365 Ban Due to Privacy Concerns – Best of Privacy, New Communication Protocol “Ibex” and Extended Protocol Suite, Gepetto uses OpenAI models to provide meaning to functions decompiled by IDA Pro, Stack Overflow bans ChatGPT, French man wins compensation as judge awards him the right to refuse to be fun at work.

Let’s be honest: people can frustrate us. They don’t always do the things we’d like, and they often do some things we’d rather they didn’t. New research from the National Cybersecurity Alliance reveals insights about the public’s attitudes and beliefs about security. We’ll explore the 2022 Oh Behave! Cybersecurity Attitudes and Behaviors Report and some of the findings may surprise you! We’ll also give you practical, actionable advice on how you can better communicate to influence the behavior change you want to see.

Segment Resources:

https://staysafeonline.org

https://staysafeonline.org/programs/cybersecurity-awareness-month/teach-others-how-to-stay-safe-online/

https://staysafeonline.org/programs/hbcu-see-yourself-in-cyber/

https://staysafeonline.org/programs/events/convene-clearwater-2023/

Estonia is a small country in the Baltics; however, it has been at the forefront of technology for many years. This session traces Estonia’s journey from independence in 1991 to its current use of digital identities for the systems that allow citizens to vote, check online banking, e-residency, and tax returns. I’ll share lessons learned and key takeaways from incidents that happened along the way, examine what the future holds, and discuss the impact of incorporating AI into a digital society.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/esw299

SWN #260 - Where Baby Chips Come From, Proot, Magecart, Lockbit, Scattered Spider, & Philtel

6 december 2022 | 29 min

ASW #222 - Aviv Grafi

6 december 2022 | 81 min

BSW #287 - Kelly Rozumalski

6 december 2022 | 55 min

SWN #259 - Elon's Brain Control, Schoolyard Bullies, Redigo, Ducklogs, DOD, & The TSA

2 december 2022 | 31 min

ESW #298 - Ron Reiter, Ryan Pullen

2 december 2022 | 136 min

Despite certain economic indicators warning that a recession is on the horizon, investment remains healthy within the security market amid thirst for cloud security, in particular. One such emerging field is data security posture management (DSPM), which aims to bridge the gap between business goals and a comprehensive security mechanism that leaves no data behind as organizations scale in the cloud.

A deep-rooted cyber security culture is crucial, and it goes as far back as the hiring process… 10 years ago, a typical hiring process consisted of working your way through a checklist, hiring individuals based solely on a CV. Today, the ‘Simon Sinek’ culture is gaining more prevalence, with employers realizing that hiring the right person, rather than the CV, can have immeasurable benefits for business. Ryan will talk about why this is particularly true within the cyber security sphere, and why business leaders should follow this particular ‘Simon Sinek’ strategy to build a successful security operation, and secure business, starting directly with the human’s that run it. You will walk away from this session knowing why it is important to employ the right individual rather than the CV, and how adopting this approach can drastically improve how a business responds to and manages security threats, company wide.

Segment Resources:

Github: https://github.com/stripesoc

TEDx Talk, How clicking a link can cost millions: https://www.youtube.com/watch?v=OI9n2tLf0Tg&list=PLcR8SW0W6hdAQvxYI9XJUEe50zFln6QMY&index=1 I

n the enterprise security news, Funding announcements take a bit of a break, We explore a few new vendors and organizations that have come to our attention recently, Wiz researchers annoy yet another cloud service by pointing out ridiculous vulnerabilities - IBM Cloud, this time, Docker Hub has tons of shady stuffs going on, EU strengthens cybersecurity with new legislation, The US Department of Defense releases Zero Trust strategy (no more Five E

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/esw301

PSW #765 - Josh Bressers, Kurt Seifried

1 december 2022 | 196 min

SWN #258 - Nudity, Tik Tok, Twitter, Festo, Iab's, Meta, Acer, & Jason Wood

30 november 2022 | 26 min

BSW #286 - Todd Fitzgerald

29 november 2022 | 65 min

ASW #221 - Kenn White

29 november 2022 | 81 min

Crossing tenants with AWS AppSync, more zeros in C++ to defeat vulns, HTTP/3 connection contamination, Thinkst Quarterly review of research, building a research team

MongoDB recently announced the industry’s first encrypted search scheme using breakthrough cryptography engineering called Queryable Encryption. This technology gives developers the ability to query encrypted sensitive data in a simple and intuitive way without impacting performance, with zero cryptography experience required. Data remains encrypted at all times on the database, including in memory and in the CPU; keys never leave the application and cannot be accessed by the database server. While adoption of cloud computing continues to increase, many organizations across healthcare, financial services, and government are still risk-averse. They don’t want to entrust another provider with sensitive workloads. This encryption capability removes the need to ever trust an outside party with your data. This end-to-end client-side encryption uses novel encrypted index data structures in such a way that for the first time, developers can run expressive queries on fully encrypted confidential workloads. Queryable Encryption is based on well-tested and established standard NIST cryptographic primitives to provide strong protection from attacks against the database, including insider threats, highly privileged administrators and cloud infrastructure staff. So even another Capital One type breach is not possible.

Segment Resources:

- https://www.mongodb.com/products/queryable-encryption

- https://www.wired.com/story/mongodb-queryable-encryption-databases/

- https://www.youtube.com/watch?v=mDKfZlQJO3k

- https://thenewstack.io/mongodb-6-0-offers-client-side-end-to-end-encryption/

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/secweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/asw221

SWN #257 - Pirate Booty, Phishing Kits, CSC, Hive, HHS, Z-library, Iran, & FTX Failure

18 november 2022 | 28 min

ESW #297 - Tony Karam, Dan Frechtling

18 november 2022 | 146 min

PSW #764 - Jesse Michael

17 november 2022 | 215 min

ASW #220 - Daniel Krivelevich

15 november 2022 | 88 min

SWN #256 - Billbug, Pushwoosh, Github, FTX, Eli Lilly, & Peter Klimek

15 november 2022 | 31 min

BSW #285 - John Grancarich, Mike Devine

15 november 2022 | 66 min

SWN #255 - Twitlegit, Liability, Venus, Stego , C++ Death Knell, & Cisa - Wrap Up

11 november 2022 | 30 min

ESW #296 - Travis Spencer, Sounil Yu, Brian Markham, Robert Graham, Rich Friedberg

11 november 2022 | 130 min

PSW #763 - Dan DeCloss

10 november 2022 | 207 min

BSW #284 - Meritt Maxim, Rafal Los

8 november 2022 | 65 min

SWN #254 - Exploding Heads, Mastodon, Azov Wiper, Zlibrary, & Nervegear Irl

8 november 2022 | 29 min

ASW #219 - Karl Triebes

8 november 2022 | 81 min

ESW #295 - John Grancarich, Alan Radford

4 november 2022 | 145 min

SWN #253 - Android Apps, Dropbox Hacked, OpenSSL, UK Spies, Show Wrap Ups

4 november 2022 | 19 min

PSW #762 - Ben Hibben

3 november 2022 | 163 min

SWN #252 - Elon Tweets, Microsoft, Kela, Chegg, Overclocking, Connectwise, & Aaran Leyland

1 november 2022 | 32 min

BSW #283 - James Turgal

1 november 2022 | 62 min

PSW #760 - Michael Meis, Christopher Crowley

1 november 2022 | 221 min

ASW #218 - Sandy Carielli, Martha Bennett

1 november 2022 | 81 min

SWN #251 - Fleming Shi, Fodcha, Cranefly, LinkedIn, CISA, Really High Speeds, & Elon - Wrap Up

28 oktober 2022 | 30 min

ESW #294 - Gary Orenstein, Jason Oeltjen

28 oktober 2022 | 122 min

PSW #761 - Charles Shirer

27 oktober 2022 | 210 min

SWN #250 - Fibonacci, MOTW, TypoSquatting, 486, CompSci AI, Ventura Bugfixes, & CISA Warnings

26 oktober 2022 | 32 min

ASW #217 - Kong Yew Chan

26 oktober 2022 | 78 min

BSW #282 - Robert Herjavec

25 oktober 2022 | 74 min

ESW #293 - Martin Roesch, Edward Wu

21 oktober 2022 | 130 min

SWN #249 - SBOMs, Elon's Big Prank, Cut Cabling, Biometric Lawsuits, Sim Swapping - Wrap Up

21 oktober 2022 | 29 min

BSW #281 - Security Money

19 oktober 2022 | 56 min

ASW #216 - Jason Recla

18 oktober 2022 | 79 min

SWN #248 - YeBots in Space, BlackLotus, Venus, ESXI, Act4shell, Zoom, & ICS

18 oktober 2022 | 28 min

SWN #247 - Fleming Shi, VMWare, Office, CommonSpiritHealth, Election assault, Thermal Attacks

14 oktober 2022 | 32 min

ESW #292 - Dan Neault, Eric Tice

14 oktober 2022 | 136 min

PSW #759 - Ismael Valenzuela

13 oktober 2022 | 197 min

SWN #246 - iPhone Trauma to Doug’s Eye Bones, Sexy Photos, Killnet, & Lufthansa Bans Airtags

11 oktober 2022 | 29 min

BSW #280 - Jeff Pollard

11 oktober 2022 | 65 min

ASW #215 - Akira Brand

11 oktober 2022 | 78 min

SWN #245 - DeepFake, SQL Server, Blackbyte, China, Mafiaware666, Linux, & IT Repair

7 oktober 2022 | 29 min

ESW #291 - Ryan Fried, Tim Morris

7 oktober 2022 | 124 min

PSW #758 - Ang Cui

7 oktober 2022 | 168 min

SWN #244 - Bruce Willis, Comm100, Cyber month, Chromium, ProxyNotShell, & Cobalt Strike

4 oktober 2022 | 30 min

BSW #279 - Dr. Chuck Gardner

4 oktober 2022 | 64 min

ASW #214 - Dean Agron

4 oktober 2022 | 78 min

ESW #290 - Will Lin, James Norrie

30 september 2022 | 135 min

Cybersecurity is now battling a human problem just as much, if not more, than a technical one. According to Verizon’s 2021 Data Breach Security Report, 85% of successful cyberattacks now involve a human element. Combine that with the fact that even the very best technology can only thwart about 93% of attacks and that leaves a large hole in an organization’s basic security hygiene. This has led to a growing demand for ongoing educational programs that rely on behavioral science to measure and manage cybersecurity risk as a distinctly different solution from generic, one-size-fits-all training programs.

In the enterprise security news, SentinelOne and Crowdstrike reinvest in the security market, Malwarebytes raises $100M, Ox Security raises a $34M Seed round??? Jamf acquires ZecOps, New startups looking to improve Code Reviews…Outsource questionnaires…provide consumer privacy awareness…Federal security funding for state and local governments, New software supply chain attacks, Microsoft Windows slaps your hand when you try to update passwords.txt, and stick around until the end, when we talk about a New Jersey Deli with a $100M market cap!

This is a recurring segment, in which we bring on a VC to provide an investor’s point-of-view on all this activity. It’s hard to imagine a better investor to join us than Will Lin, co-founder of Forgepoint, one of the few VC firms that exclusively invests in cybersecurity startups.

We'll discuss:

- How, the last time we had Will on (20 episodes ago, ESW 270), we were asking about huge valuations and potential market resets/corrections. Well, it seems that day arrived. What now?

- Crowdstrike and SentinelOne are active investors with their own funds now. Is this a new trend, or are we just now noticing it? What does it mean for the larger market and for founders looking to raise?

- We've had guests on to discuss enterprise browsers, and DSPM - what hot markets should we target next?

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/esw290

SWN #243 - Optimus Prime, Hard Drives, Exchange, Witchetty, TLP, DOD, Wrap Up

30 september 2022 | 29 min

PSW #757 - Ev Kontsevoy, Casey Ellis

30 september 2022 | 195 min

BSW #278 - Fleming Shi

28 september 2022 | 61 min

ASW #213 - Janet Worthington

27 september 2022 | 83 min

SWN #242 - SmartScreen, Erbium, Graphite, Russian Cyber War, Metador, WhatsApp, & RSOCKS

27 september 2022 | 31 min

PSW #756 - Sinan Eren

27 september 2022 | 207 min

SWN #241 - Credential Stuffing, Bionic Cockroaches, ICS, Magento, & SIM Swap Mobsters - Wrap Up

23 september 2022 | 26 min

ESW #289 - Jonathan Roizin

23 september 2022 | 138 min

BSW #277 - Paul Baird

20 september 2022 | 58 min

SWN #240 - Hot planets, Chromeloader, MFA Fatigue, Lapsus$, Lastpass, & LockerGoga

20 september 2022 | 28 min

ASW #212 - Sam Placette

20 september 2022 | 82 min

ESW #288 - Paddy Harrington, Sean Metcalf

16 september 2022 | 129 min

SWN #239 - Meat Men, History, Putty, Crypto, Edge, YouTube, EU Laws, & Privacy – Wrap Up

16 september 2022 | 25 min

PSW #755 - Thomas Kinsella

15 september 2022 | 175 min

BSW #276 - Karl Triebes

13 september 2022 | 67 min

SWN #238 - Steam, VMWare, Intel,HP, Apple, Craiglist killing, Meta, & Tiktok

13 september 2022 | 27 min

ASW #211 - Sonali Shah

13 september 2022 | 78 min

SWN #237 - AI Art, CA Online Safety, Floppy Disks, Chile, Bad Apps, Instagram, and Wrap Up

8 september 2022 | 30 min

ESW #287 - Jeff Orloff, Paul Roberts

2 september 2022 | 83 min

In the Enterprise Security News This week: more layoff announcements than funding announcements! Krit acquired by GreyNoise, Incident Response in AWS is different, Awesome open source projects for SecOps folks, Tyler Shields can’t wait to talk about Product Led Growth, Forcing open source maintainers to use MFA, Twilio - the breach that keeps on pwning, The US Governments earmarks $15.6 BILLION for cybersecurity and we hear vendors salivating already, & more!

Security training isn't just about anti-phishing and security awareness for employees. When reading through breach details, a similar picture often emerges: the people were there, the tools were in place, but the people didn't know how to use the tools effectively. Every day, security tools catch attacks, but it doesn't matter if a human doesn't notice and tools are in 'monitor only' modes.

This segment is sponsored by RangeForce. Visit https://securityweekly.com/rangeforce to learn more about them!

From its origins a decade ago, the grassroots movement to enshrine in law the right to repair our stuff (read: cell phones, laptops, home appliances, cars, machinery) has morphed into a potent, global movement. Today, much of the debate over right to repair laws has focused on issues like concentrations of market power by large corporations and anti-competitive behavior with regard to service and repair of "smart," connected products. However, there is a less-discussed but equally potent argument in favor of repair: cybersecurity and data privacy. In this conversation, Paul Roberts, the founder of SecuRepairs.org (pron: Secure Repairs), talks about the dire state of device security on the Internet of Things and how efforts by manufacturers to limit access to software updates, diagnostic tools and parts exacerbates IoT cyber risk, even as it burdens consumers and the environment.

Segment Resources:

Securepairs.org: https://securepairs.org

Fight to Repair Newsletter: https://figh

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/esw287

PSW #754 - John Hammond

1 september 2022 | 155 min

SWN #236 - PS5 Prices, Twilio, Quantum, Bug Bounties, A New Date Bomb, & Sephora Pays $1.2 Mil

30 augusti 2022 | 31 min

ASW #210 - Doug Dooley

30 augusti 2022 | 82 min

BSW #275 - Brad Thies

30 augusti 2022 | 63 min

SWN #235 - Toxic Tats, Deep-Fakery, MagicWeb, Sliver, Twilio, OSPFv3, & Mudge – Wrap Up

26 augusti 2022 | 29 min

ESW #286 - Ragnar Sigurdsson, Roey Yaacovi

26 augusti 2022 | 124 min

The new category of Data Security Posture Management, what is it and why it's important. Discussing real customer stories where DSPM products played a critical role in helping companies secure their data.

Since the dawn of the internet, companies have been fighting cyber vulnerabilities with a myriad of traditional technologies. And assigning cybersecurity training to people without really knowing its effectiveness or being able to tell the difference between knowledge and behavior. This is why AwareGO created the Human Risk Assessment. Designed by behavioral and cybersecurity experts, it allows organizations to measure human risk and resilience across a number of critical cybersecurity threat vectors. It measures cyber risks connected to social media that are not only personal but can affect the workplace as well. It helps assess awareness of secure password handling with multiple interactive experiences and situations. And it allows you to discover how employees would deal with tricky situations around the workplace, such as tailgating and shouldersurfing …. and issues related to remote work. All in a safe and friendly environment. After completing the assessment employees get individualized results with an explanation of what they did right and what they could have done better. This offers guidance and a chance to learn. The overall results help organizations gather actionable insights and make informed decisions about their security strategy. The Human Risk Assessment works as a stand alone product but its flexibility allows integration into existing platforms. When combined with AwareGO’s live action training content it can bring your organization’s cyber resilience to the next level.

Segment Resources:

https://awarego.com/human-risk-assessment/

https://www.securityweekly.com/awaregoresource

https://awarego.com/how-to-measure-human-cyber-risk-finally/

https://awarego.com/materials/the-human-side-of-cybersecurity/

This segment is sponsored by AwareGO. Visit https://securityweekly.com/awarego to learn more about them!

In the Enterprise Security News: We discuss Twitterpocalypse 2022! The Biggest Winner? Security startup Wiz reaches $100M ARR in 18 months??? Tons of funding we probably won’t get to, sorry in advance, we’ve got 2 weeks of news to catch up on! Awesome free tools, free training and DIY tips! Third party attacks and supply chain attacks continue to ramp up, John Deere’s security deficiencies get exposed again, Cyber insurers reduce coverage… again, ESPN8 the Ocho, explained, and more, on this episode of Enterprise Security Weekly!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/esw286

PSW #753 - Davi Ottenheimer, Daniel Niefeld, Zachary Stashis

25 augusti 2022 | 192 min

SWN #234 - PyPi, WordPress, Hikvision, Zimbra, Palo Alto, & LED Morse Code

23 augusti 2022 | 30 min

BSW #274 - Chase Snyder

23 augusti 2022 | 66 min

ASW #209 - Kiran Kamity

23 augusti 2022 | 79 min

ESW #285 - Scott Giordano, Jennifer Sosa, Zain Malik

19 augusti 2022 | 93 min

SWN #233 - Janet Jackson, Legit British hacking, CS:GO, PyPi, & Swiss Voting – Wrap Up

19 augusti 2022 | 31 min

PSW #752 - Greg Conti & Chris Blask

18 augusti 2022 | 145 min

BSW #273 - Jess Burn

17 augusti 2022 | 73 min

ASW #208 - Tanya Janca

17 augusti 2022 | 76 min

SWN #232 - UEFI, PyPI, Vishing, VNC, Sova, DOOM Deere, Mailchimp, & Hiding Photos

16 augusti 2022 | 32 min

SWN #231 - OnlyFans, Paul, Windows vs. Linux, Conti, CISA, Zeppelin, & NHS - Wrap Up

12 augusti 2022 | 30 min

ESW #284 - Ryan Fried & Joseph Carson

12 augusti 2022 | 125 min

PSW #751 - Jesse Michael & Mickey Shkatov

11 augusti 2022 | 179 min

SWN #230 - TA428, Microsoft, Lazarus, GwisinLocker, Burger King, & Gaming Fraud

9 augusti 2022 | 30 min

BSW #272 - Saša Zdjelar

9 augusti 2022 | 68 min

ASW #207 - Chen Gour Arie

9 augusti 2022 | 78 min

SWN #229 - Lemons, Logic Errors, CISA, DuckDuckGo, Dark Utilities, CCTV, & Sharpext – Wrap Up

5 augusti 2022 | 29 min

ESW #283 - Anthony James, Evgeniy Kharam

5 augusti 2022 | 120 min

BSW #271 - Neal Bridges

4 augusti 2022 | 62 min

PSW #750 - Guy Bruneau

4 augusti 2022 | 172 min

ASW #206 - Manish Gupta

4 augusti 2022 | 75 min

SWN #228 - Encryption, Microsoft, Lockbit 3.0, Twitter keys, Outlook News & Russ Beauchemin

3 augusti 2022 | 28 min

SWN #227 - Necrobots, Class Action, Paul, Github, Robin Banks, & Net Neutrality - Wrap-Up

29 juli 2022 | 31 min

ESW #282 - Jamie Moles, Dixon Styres, Tim Morris, Paul Kelly

29 juli 2022 | 105 min

In the Enterprise Security News: Blockchain security startups are still raising tons of money, but not in crypto, since it’s now worthless. Ha! just kidding. Maybe. Am I? Anvilogic, AppViewX, Sotero, Resourcely, and Push Security all raise rounds JUICY RUMORS! Is Crowdstrike buying Orca? Is Akamai getting bought out by a PE shop? HUMAN and PerimeterX join in a rare cybersecurity merger, Are Azure’s vulnerabilities out of control? Zoom brings end-to-end encryption to its cloud phone service, npm says FINE, we’ll add some security, Kaseya’s CEO is just, telling it like it is, man. The problem must be with you. A robot attacks a child, time to add EMP grenades to your EDC! All that and more!

In order to run a successful SOC, security leaders rely on tools with different strengths to create layers of defense. This has led to a highly siloed industry with over 2,000 vendors, each with their own specific function and who very seldom work together. To gain an advantage on attackers, we need to start seeing cybersecurity as a team sport––united for a shared mission. In this session, ExtraHop's Jamie Moles and CrowdStrike's Dixon Styres discuss why and how vendors should work together to enable better integrated security for their customers. They'll share their joint philosophy toward an ecosystem approach to security and will show off some of the specific capabilities of the integration between ExtraHop Reveal(x) 360 and CrowdStrike Falcon in a live demo.

This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them!

Heightened emotions, demands for updates, not knowing how bad things might be...

Incident response isn’t easy, but practice and the right tools can make it a whole lot less stressful. Some regulations like PCI require annual IR tests, but is that enough? Imagine playing a sport where the team meets for one half-hearted practice once a year. How would that team perform under pressure? How would they communicate?

Say this sports analogy has convinced you – the IR team should practice more and should practice effectively. Questions still remain – how often? Are tabletops enough, or are live exercises and simulations necessary? We’ll aim to answer these questions and more during this interview with Tim and Paul from Tanium.

This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/esw282

ESW #275 - Bill Bernard, Paul Lanzi

29 juli 2022 | 115 min

PSW #749 - Larry Pesce

28 juli 2022 | 184 min

ASW #199 - Nikhil Gupta

28 juli 2022 | 77 min

BSW #264 - Dan Neault

27 juli 2022 | 64 min

BSW #263 - Jerry Layden, Kevin Powers

27 juli 2022 | 58 min

SWN #226 - Costa Rica, UEFI, LinkedIn, Ducktail, Tmobile, Prestashop, aNews & David Monnier

27 juli 2022 | 32 min

BSW #270 - Doug Landoll

25 juli 2022 | 52 min

ASW #205 - Ferruh Mavituna

25 juli 2022 | 77 min

ESW #281 - Aubrey Turner

22 juli 2022 | 132 min

Passwordless authentication is all the rage. And rightly so, given its promise of driving engagement and boosting productivity via more secure and frictionless user experiences. However, the path to passwordless often leads to more questions than answers. Don’t fret! We’ll offer a passwordless journey roadmap that delves into leveraging different risk signals like user behavior and device characteristics to make smarter authentication decisions.

Segment Resources: https://www.pingidentity.com/en/solutions/business-priority/passwordless.html

https://download.pingidentity.com/public/assets/misc/en/3637-workforce-survey-passwordless-future.pdf

This segment is sponsored by Ping. Visit https://securityweekly.com/ping to learn more about them!

Sick Codes hacked all four John Deere Telematics Gateway's, and the John Deere Gen4 Series Display. Without those, it's "just a tractor." However, this is Critical Infrastructure. In fact, without Tractors, Combines & Implements: farmers cannot plant, spray or harvest. No raw materials == no food & alcohol. You will see how long I persisted over multiple months, to gain access and was able to hack these devices to the absolute binary core, warts & all. What was the bounty? Source Code, Root File Systems, FPGA compiled binaries, the works. Agricultural Security is a serious issue. Multiple ransomware attacks last year showed exactly how destructive attacks on Food & Agriculture are, and how fragile the supply chain is.

Segment Resources:

https://sick.codes

https://github.com/sickcodes

https://www.youtube.com/watch?v=zpouLO-GXLo

https://hardwear.io/usa-2022/speakers/sick-codes.php

Finally, in the Enterprise Security News: HiveWatch raises $20M to protect the office, FORT Robotics raises $13M to protect the office from robots, Emproof raises €2M to secure embedded devices, Dutch startup OneWelcome acquired by Thales, Dutch startup Hatching acquired by Recorded Future, Pwnednomore aims to protect Web3, Cybersecurity!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/esw281

SWN #225 - C++, 8220, Microsoft, Okta Passwords, Candiru, Intel Microcode, & Heat – Wrap Up

22 juli 2022 | 26 min

PSW #748 - Lesley Carhart

22 juli 2022 | 184 min

SWN #224 - Rich Mogull

20 juli 2022 | 31 min

BSW #269 - Mike Goldgof

20 juli 2022 | 60 min

ASW #204 - Larry Maccherone

20 juli 2022 | 74 min

BSW #268 - Security Money

16 juli 2022 | 65 min

SWN #223 - Naivety, Microsoft, UEFI, Mantis, Celsius, Ring, & Minority Report

15 juli 2022 | 26 min

PSW #747 - Andy Robbins

15 juli 2022 | 188 min

ESW #280 - Fleming Shi, Kevin L. Jackson, Meritt Maxim

15 juli 2022 | 148 min

ASW #203 - Farshad Abasi

15 juli 2022 | 70 min

BSW #267 - Malcolm Harkins, Paul McKay, Alberto Yepéz

15 juli 2022 | 71 min

There was a time when the perceived wisdom was to buy best of breed security technologies and that would do for your security program. Trouble of is, none of it integrates with each other or your wider IT. With budgets getting tighter, security pros are being asked to look again at big portfolio security providers and work out whether they can use their offerings to slim down. In this session I'll discuss what I'm hearing from our customers, and some of the things we are starting to see people do to balance the need to optimize cost and efficiency without compromising security protection.

Speed, Velocity, and Acceleration. The physics of motion are well documented, and we understand how these scalar and vector quantities differ. In information security and cyber risk management the dynamics are not as well understood which has confused our ability to distinguish between motion and progress. This confusion intensifies our escalating risk cycle by causing a mirage of control that continues to lead us to down a path of compromise and catastrophe, adding to our growing labor and skill deficit. This segment is meant to explore the existing physics and gravitational forces of how we have approached cyber risk management to date, discuss where we are stuck today as well as ideas for a path forward - a reorientation of security operations function so that it is optimized to handle the volume as well as reposition it from an anchor point of continual reaction to one where it can take proactive action in front of the cycle of risk. The heart of these changes is a redefinition of the risk equation we have been using for decades Risk = F (Threat, Vulnerability, Consequence) which while useful initially has created a spray and pray model across most of our organizations. I will explain how to redefine the equation to be Risk = F (Threat, Exploitability, Consequence).

Segment Resources: https://www.uscybersecurity.net/csmag/going-beyond-the-motions-of-cybersecurity/

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw267

ESW #279 - Mark St. John, Branden Williams, Jeff Man, Len Noe

15 juli 2022 | 119 min

Over the past year, we’ve seen more buzz develop around attack surface management. In fact, major analyst firms Forrester and Gartner recently released research about this topic. But what exactly is it? In this segment, join Mark St. John, LookingGlass’s SVP of Product, to learn more about how to define your attack surface, how to manage it, and how it can help your organization improve its cybersecurity.

This segment is sponsored by LookingGlass Cyber. Visit https://securityweekly.com/lookingglass to learn more about them!

As the push toward digital transformation continues, every organization is having to choose: Security or experience first? We are entering an era where Security and Identity professionals work together to eliminate tradeoffs and rapidly evolve from technical experts to experience artists. Using solutions that customize, code, and integrate for you while boosting security through MFA, passwordless logins, and risk modernizes your identity experience.

This segment is sponsored by Ping. Visit https://securityweekly.com/ping to learn more about them!

PCI DSS v4.0 was released on March 31st, 2022 and we've got Jeff Man joining us today to discuss some of the more notable changes that folks should be aware of.

Some great resources from Jeff and his employer on PCI 4.0:

https://info.obsglobal.com/pci-4.0-resources

And the PCI Council's own summary of changes between PCI 3.2.1 and 4.0: https://securityweekly.com/wp-content/uploads/2022/06/PCI-DSS-Summary-of-Changes-v3_2_1-to-v4_0.pdf

Extortion, business disruption, and monumental payouts. We’ll cover trends in attacker “innovation” and role of identities and credentials.

This segment is sponsored by CyberArk. Visit https://securityweekly.com/cyberark to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/esw279

PSW #746 - Joseph Menn

15 juli 2022 | 192 min

ASW #202 - Mike Benjamin

14 juli 2022 | 75 min

ESW #278 - Tim Morris, Chris Cleveland, and Mehul Revankar

14 juli 2022 | 113 min

Introducing the concept of Tanium Data as a Service. When you've got a product like Tanium, that collects so much useful data - why would you want to keep it within Tanium? The 'Data-as-a-Service' model aims to increase the value of the Tanium product by safely sharing its data with other teams, tools, and groups within a customer's organization.

This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them!

Then, in the enterprise security news, CyberInt raises $28M for attack surface detection, RapidFort raises $8.5M for… pre-attack surface detection? Managing and monitoring your quantum devices? Making sure you don’t lose access to your crypto wallets, IBM acquires Randori, Contrast Security makes some of their tools free, Rumble adds more interesting new features, Microsoft Defender for everyone, and more! PIXM stops phishing attacks at point of click with computer vision in the browser, protecting users from phishing beyond the mailbox in any application. With the launch of PIXM Mobile, PIXM is now delivering this capability on iPhones as well as desktop devices.

Segment Resources:

https://pixmsecurity.com/mobile/

This segment is sponsored by Pixm. Visit https://securityweekly.com/pixm to learn more about them!

The rise in disclosed vulnerabilities, the speed they are weaponized, and the cyber talent shortage have left teams struggling to wade through a mountain of vulnerabilities. In this discussion, Mehul will discuss the need for a new way to cut through the noise to focus teams on prioritizing and fixing those critical vulnerabilities that will most reduce risk in each organization's environment. He'll also cover how Qualys is redefining risk and vulnerability management in the latest version of VMDR and share stories of how customers have leveraged this solution to dramatically reduce risk.

Segment Resources:

www.qualys.com/trurisk

www.qualys.com/vmdr

This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/esw278

PSW #745 - Sam Bowne

13 juli 2022 | 183 min

SWN #222 - Microsoft, Ransomware, Fake Cisco, Rogers Outage, SEC, & ZettaByts

12 juli 2022 | 31 min

ESW #277 - Chris Cleveland, Matt Mosely, Gianna Whitver, and Joe Payne

12 juli 2022 | 134 min

This week, in the Enterprise News: Vanta raises a $110M Series B to automate SOC 2, ISO, PCI and other compliance efforts Immuta raises a $100M Series E for secure data access (an everything-old-is-new-again market that’s exploding) Perimeter 81 raises $100M Series C and becomes a unicorn - You get a VPN! I get a VPN! Everyone gets a VPN! Over a dozen other vendors raise funding! IBM acquires EASM vendor, Randori Another Azure vulnerability allowing tenancy escapes Microsoft’s Purview goes beyond DLP and gets into the pre-crime business Half a dozen cybersecurity vendor layoff announcements! We discuss the controversy around Rob Lee’s involvement with developing federal standards for critical infrastructure protection and we say farewell (and good riddance) to Internet Explorer… but not really Then, after the news, we’re going to air some segments recorded at the RSA conference last week.

We will cover high level winning strategies in cybersecurity marketing. The do's and don'ts for our specific industry and key factors of success in a go to market strategy.

Segment Resources: https://cybersecuritymarketingsociety.com/podcast/

https://insight.cybersecuritymarketingsociety.com/survey2021?_gl=1*1wcqhp6*_ga*MTg4ODExOTY2Ny4xNjU0MTc1NDM3*_ga_GS9X0J5FZC*MTY1NDE3NTQzNi4xLjEuMTY1NDE3NTU3MC4w&_ga=2.81844830.933834121.1654175437-1888119667.1654175437

Two important shifts over the last two years transformed what we once knew as an on-premise ecosystem into a global system accessible from anywhere. One is remote work, which began as a temporary measure to get us through the early days of the pandemic and has since become the norm. The other is cloud adoption, which was mainstream even before the pandemic, but has seen another bump in the last two years. As a result, the internet has become the new corporate network. Where do we go from here? This segment is sponsored by Perimeter 81. Visit https://securityweekly.com/perimeter81 to learn more about them!

Phishing attacks are increasingly focused on new vectors such as social media, business collaboration apps, and text messages. These vectors generally lack any protection for the end user. How can we protect against these attacks that are increasingly leading to costly breaches? This segment is sponsored by Pixm. Visit https://securityweekly.com/pixm to learn more about them!

Employee turnover is the biggest threat to any organization's IP. Nearly 60% of employees move to a new company within similar fields (think: competitors) and are using collaboration technology to take sensitive data at an alarming rate. Code42's Joe Payne will discuss how Insider Risk Management addresses data loss in a volatile job market while still enabling collaboration. This segment is sponsored by Code42. Visit https://securityweekly.com/code42 to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/esw277

ASW #201 - IE11 Goes to Zero

12 juli 2022 | 64 min

BSW #266 - John Bruggeman & Brandon Dunlap

11 juli 2022 | 56 min

BSW #265 - Bryan Ware and Victor Gamra

11 juli 2022 | 63 min

In the Leadership and Communications section, Being concerned is not enough – What boards should know and do about cybersecurity, In the Case of Cybersecurity, the Best Defense is Education, Reskilling workers can help meet the cybersecurity staffing challenge, and more!

Defining Cyber Risk With Bryan Ware This year, RSAC is happening amidst the backdrop of major geopolitical tensions with cyber impacts; a continued, lingering pandemic and a potential economic downturn that cyber adversaries can and have leveraged to their benefit; and increasing technological innovation. All of this points toward ever-evolving cyber risk. What are some of the key considerations that executives – both ones with cyber expertise and ones without – should keep in mind as they look to not only define cyber risk but also reduce it and ensure operational resiliency? In this segment, we’ll hear thoughts from Bryan Ware, the new CEO of LookingGlass Cyber Solutions, former CEO of Next5, a business intelligence and advisory firm, and the first presidentially appointed Assistant Director of Cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security (DHS).

This segment is sponsored by LookingGlass Cyber. Visit https://securityweekly.com/lookingglass to learn more about them!

Is the Market Ready for Integrated Cyber Risk Management? Cyber risk management is now a dynamic practice for security teams and leadership. It requires up-to-date risk intelligence across many factors – external, internal, third parties, cloud posture – to inform the right decisions and enable cyber risk quantification and risk modeling to be more dynamic. Victor will discuss what drove him to leave security leadership and start a company to solve the problems he experienced with cyber risk management and how the market is responding.

Segment Resources: https://fortifydata.com/request-an-assessment

This segment is sponsored by Fortify Data! Visit https://securityweekly.com/fortifydata to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw265

PSW #744 - Ray Davidson

8 juli 2022 | 162 min

PSW #743 - Matt McGuirk

8 juli 2022 | 170 min

SWN #221 - Ant-Man, IOT APTs, Open Sea, Microsoft, Jenkins, SFC, & Zuo Rat – Wrap Up

8 juli 2022 | 29 min

ASW #200 - Keith Hoodlet

8 juli 2022 | 68 min

SWN #220 - AI, Kubernetes, Skimming, US Law, OpenSSL, & Alexa

7 juli 2022 | 29 min

SWN #219 - CISA/NSA on PowerShell, Fancy Bear Nukes, & More Crime - Wrap Up

7 juli 2022 | 25 min

SWN #218 - Android Malware, Linux Botnets, AWS Buckets, & 24.6 Billion Credentials For Sale

7 juli 2022 | 27 min

SWN #217 - Notorious RBG, Hertzbleed, Microsoft, QNAP, Black Folders, & Angry AI - Wrap Up

7 juli 2022 | 29 min

SWN #216 - Symbiote, Vytal, SeaFlower, Metasploit, CoinBase, End of Explorer, & Floppotron 3.0

7 juli 2022 | 29 min

SWN #215 - Atlassian, Shocking Alarms, Windows, Karakurt, Clipminer, & Meeting Owl - Wrap Up

7 juli 2022 | 33 min

PSW #742 - John Pescatore

7 juli 2022 | 175 min

ESW #276 - Matt McGuirk & Ian Glazer

5 juli 2022 | 120 min

ASW #198 - Matias Madou

22 juni 2022 | 72 min

SWN #214 - Twitter, Office, VMWARE, Zyxel, Vandal Pastries, Verizon, & DDL

31 maj 2022 | 32 min

PSW #741 - Robert Lee & Saumil Shah

26 maj 2022 | 194 min

ESW #274 - Michael Ehrlich, Jackie Comp & Rolf Lindermann

25 maj 2022 | 114 min

ASW #197 - Brian Glas

20 maj 2022 | 80 min

SWN #213 - "Brushing", CISA, Nebuchadnezzar, Lianjia, iPhone, Leaky Sites, & Elon Balks

18 maj 2022 | 32 min

ESW #273 - Yasser Rasheed & Omer Taran

13 maj 2022 | 101 min

SWN #212 - DEA Hacked, Memory Bugs, Sidewinder, US Bioeconomy, & Russian Cyber-Threat - Wrap Up

13 maj 2022 | 21 min

PSW #740 - Fleming Shi

13 maj 2022 | 160 min

ASW #196 - Christoph Nagy

11 maj 2022 | 73 min

SWN #211 - Renting Rats, Event Logs, Ransomware, Big IP, Clearview, & Cybercrime Law

11 maj 2022 | 33 min

BSW #262 - Mike Ernst

10 maj 2022 | 57 min

ESW #272 - Prashasth Baliga & Ryan Fried

6 maj 2022 | 108 min

PSW #739 - Fatih Karayumak

6 maj 2022 | 193 min

SWN #210 - Cuckoo Bees, Dental Bots, Sheetjs, Password Day, F5, & Vodka - Wrap Up

6 maj 2022 | 28 min

BSW #261 - Dave Klein

6 maj 2022 | 54 min

ASW #195 - Lynn Marks

3 maj 2022 | 74 min

SWN #209 - Aruba/Avaya, DoD, Apple Obsolescence, Google, GitHub, & Cyber Forced Labor

3 maj 2022 | 35 min

ESW #271 - Rich Mogull & Andrew Hindle

3 maj 2022 | 117 min

PSW #738 - Michael Aminov & Marcus Sachs

29 april 2022 | 199 min

NPM, Docker, Nimbuspwn, Edge, Emotet, & Owl Grease - Wrap Up - SWN #208

29 april 2022 | 29 min

BSW #260 - Jess Burn

28 april 2022 | 58 min

SWN #207 - Hare, Quantum, VMWARE, APT 34, Brakes, Elon Buys Twitter, Lapsus, & BlackCat

26 april 2022 | 29 min

ASW #194 - Dr. Chenxi Wang

26 april 2022 | 71 min

ESW #270 - Dan Allen & Will Lin

22 april 2022 | 126 min

SWN #206 - Lemon Duck, Crypto Theft, Pwn2Own, Sinclair, Microsoft, & Google - Wrap Up

22 april 2022 | 31 min

PSW #737 - Capt. John Alfred & Thomas Lonardo

21 april 2022 | 190 min

BSW #259 - Tim Woods

20 april 2022 | 65 min

SWN #205 - Win 11, iPhone Zero Clicks, LinkedIn, Scraping, Conti Lies, & Webex Mics

19 april 2022 | 31 min

ASW #193 - AppSec (& adjacent) Metrics

19 april 2022 | 77 min

ESW #269 - Bob Erdman & Justin Tolman

15 april 2022 | 118 min

SWN #204 - Struts, Management Networks, Elon Spits in My Soup, & Zero-Days - Wrap Up

15 april 2022 | 26 min

PSW #736 - Mike Wilkes & Amanda Berlin

15 april 2022 | 205 min

BSW #258 - Derek Manky

13 april 2022 | 57 min

SWN #203 - Sandworm, Protestware, FancyBear, Spring4Shell, & PacketStreamer

12 april 2022 | 39 min

ASW #192 - William Morgan

12 april 2022 | 77 min

ESW #268 - Josh Snow & Catherine Ullman

8 april 2022 | 115 min

SWN #202 - Microsoft, VMWare, Burnout, Android, HIMEM.SYS, Parrot, & Rants - Wrap Up

8 april 2022 | 29 min

PSW #735 - Sean Metcalf & Jay Beale

7 april 2022 | 206 min

BSW #257 - Jonathan Gohstand

7 april 2022 | 59 min

SWN #201 - VMware, Hydra, MailChimp, Cisco, PEAR PHP, Red Hat, GitLab, & Digital Diplomacy

5 april 2022 | 29 min

ASW #191 - Eric Allard

5 april 2022 | 79 min

ESW #267 - Tim Cathcart, & Steven Turner

1 april 2022 | 125 min

SWN #200 - Apple, Spring4shell, Zlib, Honda, Rockwell, & Backup Day - Wrap Up

1 april 2022 | 27 min

PSW #734 - Mark Boltz-Robinson, Hanine Salem

31 mars 2022 | 208 min

BSW #256 - Charlene Deaver-Vazquez

30 mars 2022 | 55 min

SWN #199 - WordPress, CISA Alerts, VerbleCon, Rapid Attacks, Sophos, & Fleming Shi

29 mars 2022 | 31 min

ASW #190 - Harshil Parikh

29 mars 2022 | 78 min

SWN #198 - North Korea, Supply Chain, Lapsus$, Russian Indictments, & Deepfakes - Wrap Up

25 mars 2022 | 28 min

ESW #266 - Zane Bond, & Erin Kenneally

25 mars 2022 | 130 min

PSW #733 - Stephen Ward, & David Kennedy

24 mars 2022 | 207 min

BSW #255 - Olesia Klevchuk

24 mars 2022 | 54 min

SWN #197 - Conti Ransomware, BitRAT Malware, HP Printer RCE, & Browser Phishing

22 mars 2022 | 31 min

ASW #189 - Alvaro Muñoz

22 mars 2022 | 76 min

ESW #265 - Johanna Ydergard & Pablo Zurro

21 mars 2022 | 117 min

SWN #196 - Sat-Com, Node-IPC, Counterfeit Chips, Go, AI, & Shortwave Radio - Wrap Up

18 mars 2022 | 30 min

PSW #732 - G Mark Hardy, Lawrence Nunn, & Ricky Tan

18 mars 2022 | 186 min

BSW #254 - Jody Brazil

17 mars 2022 | 58 min

ASW #188 - Farshad Abasi

16 mars 2022 | 76 min

SWN #195 - The Ukraine, Conti, Pandora, BYOD, Crypto ATMS, & Pirate Hunting

15 mars 2022 | 33 min

ESW #264 - Jeff Styles & Andrew Morris

14 mars 2022 | 133 min

PSW #731 - Daniel Trauner, Antranig Vartanian, & David Marble

11 mars 2022 | 202 min

SWN #194 - Russians, IT Armies, Supply Chains, BazarBackdoor, & Scary Studies - Wrap Up

11 mars 2022 | 32 min

BSW #253 - Michael McPherson

9 mars 2022 | 59 min

SWN #193 - Ragnar Locker, Linux Vulns, Samsung Code, Nvidia Certs, Adafruit Data Breach, & ICS

8 mars 2022 | 30 min

ASW #187 - Lebin Cheng

8 mars 2022 | 67 min

ESW #263 - Chad Skipper, Karen Worstell, & Sharon Goldberg

4 mars 2022 | 113 min

DynamicWeb, Toyota, War, Google, & Zero-Trust - Wrap Up - SWN #192

4 mars 2022 | 24 min

PSW #730 - Alissa Torres & Rich Mogull

3 mars 2022 | 196 min

Good Human Nature - BSW #252

2 mars 2022 | 63 min

Daxin Backdoor, Ukraine IT, Judyrecords, Insta-Scammers, & Crypto Scams - SWN #191

1 mars 2022 | 29 min

Good People - ASW #186

1 mars 2022 | 78 min

A "Blessing" of Unicorns - ESW #262

25 februari 2022 | 104 min

Cyber Attacks, Airtags, CyclopsBlink, Armageddon, ElectronBot, & Sandworms - Wrap Up - SWN #190

25 februari 2022 | 32 min

Sous Vide Your Spam - PSW #729

25 februari 2022 | 195 min

Accurate Assessment - BSW #251

24 februari 2022 | 66 min

Coinbase Bounty, Clearview Expansion, Stone Panda, Xenomorphs, & Teams Malware - SWN #189

22 februari 2022 | 31 min

The DIY Lab - ASW #185

22 februari 2022 | 64 min

MFA Fatigue, WordPress Vuln, Iranian Code, & Free Crypto! (Scams) - Wrap Up - SWN #188

18 februari 2022 | 25 min

Flying Really High - ESW #261

18 februari 2022 | 117 min

Burn It All Down - PSW #728

17 februari 2022 | 172 min

Top Notch - BSW #250

16 februari 2022 | 59 min

Blackbyte V. The 49ers, Ukraine, Malicious Mods, Adobe 0-Day, & Teams Bugs - SWN #187

15 februari 2022 | 27 min

Tasty Beverage - ASW #184

15 februari 2022 | 81 min

Buying a CISO - ESW #260

11 februari 2022 | 107 min

Maze Decryption, Sim Swaps, Crypto Megaheists, & Infected Win 11 Installers - Wrap Up - SWN #186

11 februari 2022 | 32 min

Mood Lighting - PSW #727

11 februari 2022 | 177 min

Sharpen Our Tools - BSW #249

9 februari 2022 | 64 min

Google MFA, Avast Decrypts, QBOT, QuaDream Spyware, & Slackware 15.0 - SWN #185

8 februari 2022 | 28 min

Internal Jokes - ASW #183

8 februari 2022 | 77 min

The 1000th Unicorn - ESW #259

4 februari 2022 | 111 min

Getting Zucked, LinkedIn, Elementor RCE, & Underused MFA - Wrap Up - SWN #184

4 februari 2022 | 28 min

Life Changing Bag of Cash - PSW #726

3 februari 2022 | 203 min

Speed & Quality - BSW #248

2 februari 2022 | 57 min

CISA Lists, UPnP, Samba, SMS Trickery, Secret Pixels, & Lazarus Returns - SWN #183

2 februari 2022 | 30 min

Perfect Direction - ASW #182

1 februari 2022 | 76 min

Vultur, Overreach, Trickbot, QNAP, Apple, pkexec, & Space Force - SWN #182

28 januari 2022 | 32 min

Skipping Around - ESW #258

28 januari 2022 | 132 min

Software Flea Market - PSW #725

27 januari 2022 | 176 min

Changing Trends - BSW #247

25 januari 2022 | 61 min

Russia, Control Web Panel, Belarus, Office Macros, Trickbot, & Molerats - SWN #181

25 januari 2022 | 28 min

Cheesy Tomato Dreams - ASW #181

25 januari 2022 | 70 min

Quality of Ingredients - ESW #257

21 januari 2022 | 122 min

UEFI, 2-Factor Failure, McAfee, Whispergate, Oracle Patches & More! - Wrap Up - SWN #180

21 januari 2022 | 30 min

Really Good Brownies - PSW #724

21 januari 2022 | 176 min

Something For Everybody - ASW #180

20 januari 2022 | 63 min

Firefox Relay, WordPress, Microsoft, Russia, & VPNLab - SWN #179

18 januari 2022 | 39 min

The Index Has Cooled Off - BSW #246

14 januari 2022 | 56 min

Gootloader, Apple, Microsoft Servers, Taco Tuesday, & Remote Desktops - Wrap Up - SWN #178

14 januari 2022 | 25 min

Peach Melba Day - ESW #256

14 januari 2022 | 112 min

It’s a new year and a time when we make resolutions…which often drop off by the start of February. To keep your security resolutions for 2022, today’s show will be about enterprise security pitfalls and the areas corporations should focus on when planning their cybersecurity strategy for the year. Topics will include proper data hygiene; ransomware prevention and recovery techniques; challenges in securing a distributed workforce and the changing role of IT and containing data sprawl. We’re looking forward to keeping you informed throughout 2022! 2021 was the most active year in federal cybersecurity policy. Ever. The Biden administration used executive orders, new regulations, public/private partnerships and novel law enforcement strategies to shore up federal systems and engage with industry. Meanwhile, an otherwise active year in Congress took a hit when several major pieces of legislation like incident reporting mandates and federal cybersecurity reform were left of the NDAA. SC Media government reporter Derek B. Johnson will discuss what came out last year's flurry and what we can expect Congress to prioritize in 2022. In the Enterprise Security News for this week: Pentera announces a $150m Series C - YAU (Yet Another Unicorn), Herjavec Group merges with Fishtech, Google acquires SOAR vendor SIEMplify, A European grocery store buys BAS vendor XM Cyber, Flashpoint acquires vuln intel vendor Risk Based Security, Recorded Future acquires SecurityTrails, Drama in the Israeli cybersecurity news, Security, Analyst is the #1 best job of 2022, Microsoft to start rolling out its own hardware security chip, & Some annoying words get banned!

Show Notes: https://securityweekly.com/esw256

Segment Resources: https://www.scmagazine.com/feature/policy/every-month-has-been-cybersecurity-awareness-month-for-the-biden-administration

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Toddler Scientists - PSW #723

13 januari 2022 | 170 min

Dust It Off - BSW #245

13 januari 2022 | 59 min

QNAP, CISA, KCodes, Supply Chain Hijinx, Chuds, & CES 2022 - SWN #177

11 januari 2022 | 28 min

Big Smiles - ASW #179

11 januari 2022 | 74 min

Happy Holidays! - ESW #255

24 december 2021 | 117 min

Singing Elephant - PSW #722

23 december 2021 | 207 min

hmi/scada, log4j, Apache, Office, Scams, & FBI Bitcoins - Wrap Up - SWN #176

23 december 2021 | 24 min

Becoming the Avengers - SCW #99

23 december 2021 | 69 min

The Art of Negotiation - BSW #244

22 december 2021 | 58 min

haveibeenpwned Passwords, log4j2, log4shell, Joker App, Zoho 0-Day, & Conti Group - SWN #175

21 december 2021 | 29 min

Fuzzing Like It's 1999 - ASW #178

21 december 2021 | 74 min

Facebook Bans, SimSwaps, DarkWatchman, Pseudomanuscrypt, & Log4Shell - Wrap Up - SWN #174

17 december 2021 | 30 min

The Worst Metaphor - ESW #254

17 december 2021 | 126 min

Have a Couple Beers on the Lawnmower - PSW #721

16 december 2021 | 168 min

Under the Bus - SCW #98

16 december 2021 | 76 min

Against the Law - BSW #243

15 december 2021 | 65 min

Irish Healthcare Scam, Malicious PyPl, Bad Bluetooth, Satoshi Nakamoto, & Log4Shell - SWN #173

14 december 2021 | 30 min

Vulnerability Phone - ASW #177

14 december 2021 | 70 min

Treacherous Devs, Selling Text Messages, Spicy Takes, & Unicorns Galore - ESW #253

10 december 2021 | 126 min

IoT Standards, NginRAT, AT&T Botnet, & Bad Wifi Routers - Wrap Up - SWN #172

3 december 2021 | 30 min

The Human Element - ESW #252

3 december 2021 | 113 min

Bud's Budtender - PSW #720

3 december 2021 | 212 min

Too Authentic - SCW #97

2 december 2021 | 91 min

Completely Off the Rails - BSW #242

1 december 2021 | 62 min

Reaper Chinotto, Tardigrade, Cannazon DDoS, IKEA, Webcam Hijinks, & Seoul's Metaverse - SWN #171

30 november 2021 | 33 min

Cyber Monday - ASW #176

30 november 2021 | 76 min

A Good Mission - SCW #96

24 november 2021 | 78 min

SquirrelWaffel, Scams, Exchange Flaws, Honeypots, & Hoodies - Wrap Up - SWN #170

24 november 2021 | 29 min

Invest Properly - BSW #241

24 november 2021 | 50 min

GoDaddy Breached, Imunify360, Holiday Scams, Bug Bounties Surge, & Bryon Hundley - SWN #169

23 november 2021 | 27 min

Max Headroom - ASW #175

23 november 2021 | 70 min

Kinky VR, FatPipe, Win11, Glitch, Perswaysion, & Satoshi Nakamoto - Wrap Up - SWN #168

19 november 2021 | 30 min

Crystal Ball Gazing - ESW #251

19 november 2021 | 109 min

Hackers Be Hackin' - PSW #719

18 november 2021 | 194 min

Massive Damage - SCW #95

18 november 2021 | 74 min

Cyber Money Ball - BSW #240

17 november 2021 | 55 min

FBI, Eyeball Lies, Intel, Microsoft, & Smishing - SWN #167

16 november 2021 | 37 min

Eyes Open - ASW #174

16 november 2021 | 71 min

Attack & Defense - ESW #250

12 november 2021 | 106 min

Lyceum, Elon, Buzz Words, PS5, PunyCode, Palo Alto, & Small Business - Wrap Up - SWN #166

12 november 2021 | 25 min

Snowed In - PSW #718

11 november 2021 | 217 min

A Good Crisis - SCW #94

11 november 2021 | 64 min

Getting Involved - BSW #239

10 november 2021 | 53 min

You Browser, MediaMarkt Hack, RobinHood Breach, Zoho, & Elon's Twitter Poll - SWN #165

9 november 2021 | 29 min

Schools of Magic - ASW #173

9 november 2021 | 74 min

Linux CVE, War Driving, Pegasus Blacklisted, Darkside Bounty, & Braktooth - Wrap Up - SWN #164

5 november 2021 | 28 min

The Big Ol' Nothing Burger - ESW #249

5 november 2021 | 103 min

Funny Stories - PSW #717

4 november 2021 | 216 min

Diversity & Equality - SCW #93

4 november 2021 | 72 min

Fail Fast - BSW #238

3 november 2021 | 54 min

Ransomware Busts, Dancing Holograms, HTTP Headers, FreeSwitch, & Trojan Source - SWN #163

2 november 2021 | 28 min

Actual Secrets - ASW #172

2 november 2021 | 77 min

Virtual Crime, SEO Poisoning, QR Code Phishing, Meta, & War-Driving - Wrap Up - SWN #162

29 oktober 2021 | 27 min

World Chocolate Day - ESW #248

29 oktober 2021 | 123 min

The Supreme Counsel - PSW #716

28 oktober 2021 | 196 min

Overly Prescriptive - SCW #92

28 oktober 2021 | 71 min

The Sky Is Falling! - BSW #237

27 oktober 2021 | 58 min

Horror Stories - ASW #171

26 oktober 2021 | 74 min

SMS Fraud, REvil Revenge, XP Users, Nobelium Returns, & Polygon Bug Bounty - SWN #161

26 oktober 2021 | 30 min

Truth Social, GPS Chaos, Quickfox, FIN7, Cyber-Training, & Bye-Bye FTP - Wrap Up - SWN #160

22 oktober 2021 | 29 min

Holy Guacamole - PSW #715

22 oktober 2021 | 192 min

Dancing In the Pool - ESW #247

22 oktober 2021 | 90 min

Different Directions - SCW #91

22 oktober 2021 | 80 min

Just Crazy - BSW #236

20 oktober 2021 | 53 min

Faux FBI Sites, Sinclair Outage, ISC Squared, TianFu Winnings, & Phishing For 0-Days - SWN #159

19 oktober 2021 | 27 min

Highly Technical - ASW #170

19 oktober 2021 | 76 min

Wastewater Ransoms, Juniper Networks, South Korea, & Acer Hack - Wrap Up - SWN #158

15 oktober 2021 | 40 min

Space Force - PSW #714

15 oktober 2021 | 197 min

Beautiful Sites - ESW #246

15 oktober 2021 | 96 min

This Is Fascinating - SCW #90

14 oktober 2021 | 82 min

Shiny Toys - BSW #235

13 oktober 2021 | 61 min

NSA Warnings, SnapMC, Olympus Hacked, Brother Printers, & Android Lists Malware - SWN #157

12 oktober 2021 | 34 min

Halloween Horror - ASW #169

12 oktober 2021 | 74 min

Excel Macros, Twitch Leaks, Canopy Unpatched XSS, LANtenna, & Apache - Wrap Up - SWN #156

8 oktober 2021 | 34 min

Feeling Really Lame - PSW #713

8 oktober 2021 | 184 min

Complete Nightmare - ESW #245

7 oktober 2021 | 102 min

Providing the Assurance - SCW #89

7 oktober 2021 | 79 min

Getting Better - BSW #234

6 oktober 2021 | 55 min

Python Ransomware, Facebook BGP, Coinbase MFA, & Windows 11 Release - SWN #155

5 oktober 2021 | 36 min

Opposite Direction - ASW #168

5 oktober 2021 | 70 min

GiantPay, Google 0-Days, CISOs in Organizations, & CISA Tools - Wrap Up - SWN #154

1 oktober 2021 | 27 min

Blinky Boxes - PSW #712

1 oktober 2021 | 152 min

Nice & Slow - ESW #244

30 september 2021 | 107 min

Little Bugs - SCW #88

30 september 2021 | 85 min

Shiny Thing - BSW #233

29 september 2021 | 59 min

Zix Phishing, Side Eye Toddler NFT, VCenter Redux, Auntie M, & Safepal Fraud - SWN #153

28 september 2021 | 34 min

Skills & Knowledge - ASW #167

28 september 2021 | 72 min

Everything's All Blurry - PSW #711

24 september 2021 | 200 min

NanoMQ 0-Day, iOS Patches, GeoFencing, & FamousSparrow APT- Wrap Up - SWN #152

24 september 2021 | 31 min

Break All Your Stuff - ESW #243

24 september 2021 | 100 min

Blinky Lights - SCW #87

23 september 2021 | 76 min

Turning the Battleship - BSW #232

22 september 2021 | 58 min

Healthcare Policy, Amazon AI, Google OSTIF, OMIGOD Vuln, iOS 15, & Time Crystals - SWN #151

21 september 2021 | 30 min

Don't Hate the Player, Hate the Game - ASW #166

21 september 2021 | 70 min

Playing Hanky Panky - PSW #710

17 september 2021 | 198 min

Infosec Training Advice & Soft Skills From Offensive Security - Wrap Up - SWN #150

17 september 2021 | 32 min

Not That Mysterious - ESW #242

17 september 2021 | 105 min

Chocolate Bar Bounty - SCW #86

16 september 2021 | 78 min

Dead End - BSW #231

15 september 2021 | 57 min

REvil Redux, Pegasus Patch, Meris Botnet, Litecoin's Fraudulent Gains, & Sinan Eren - SWN #149

14 september 2021 | 28 min

Drive - ASW #165

14 september 2021 | 74 min

The Magic Fix - PSW #709

3 september 2021 | 174 min

Large Stacks - ESW #241

2 september 2021 | 119 min

CREAM, IoT Hacks, DDoS, McFlurries, & iDriver's Licenses - Wrap Up - SWN #148

2 september 2021 | 31 min

We Love Your Dog - SCW #85

1 september 2021 | 71 min

Who Do You Trust? - BSW #230

31 augusti 2021 | 54 min

ChaosDB, China Limits Games, CISA MFA, Sudo Warnings, Samedit, & Jason Wood - SWN #147

31 augusti 2021 | 32 min

Magical Forest - ASW #164

31 augusti 2021 | 67 min

Yard Sale - PSW #708

27 augusti 2021 | 199 min

Ragnarok Decryptor, Cost of Hacking, OnlyFans, & IoT Camera Flaws - Wrap Up - SWN #146

27 augusti 2021 | 33 min

Eliminating the Variants - ESW #240

26 augusti 2021 | 98 min

Homework - SCW #84

25 augusti 2021 | 84 min

Controls & Conditions - BSW #229

24 augusti 2021 | 70 min

ProxyShell Attacks, Liquid Robbed, Realtek SDK, & 3D Printing Peril - SWN #145

24 augusti 2021 | 31 min

Strange New Clouds - ASW #163

24 augusti 2021 | 71 min

Win 11 ISOs, OnlyFans, Cisco Critical Flaw, Kalay, & Fortinet vs. Rapid7 - Wrap Up - SWN #144

20 augusti 2021 | 34 min

Burning Hard Drive - PSW #707

20 augusti 2021 | 207 min

Crushing It - ESW #239

19 augusti 2021 | 110 min

Exception to the Rule - SCW #83

19 augusti 2021 | 59 min

Recipe for Disaster - BSW #228

18 augusti 2021 | 65 min

DeepBlueMagic, T-Mobile, Shell Code, Colonial Returns, & Fake CAPTCHA - SWN #143

17 augusti 2021 | 29 min

Time Traveling - ASW #162

17 augusti 2021 | 68 min

Turn That JIT Off! - PSW #706

13 augusti 2021 | 209 min

Zoom Payout, PrintNightmare 0-Day, Chaos Malware, Aggah, & INFRA:HALT Bugs - Wrap Up - SWN #142

13 augusti 2021 | 31 min

Zombie Security Control - ESW #238

12 augusti 2021 | 101 min

Time Lord - SCW #82

12 augusti 2021 | 69 min

The Road Map - BSW #227

11 augusti 2021 | 67 min

Thinking Alike - ASW #161

10 augusti 2021 | 66 min

GPT-3, SOHO Routers Redux, Proxy Shell, & Jason Wood - SWN #141

10 augusti 2021 | 30 min

Cisco Patches, CISA Task Force, Black Hat Recap, & LockBit 2.0 - Wrap Up - SWN #140

6 augusti 2021 | 32 min

Backhanded Softball - PSW #705

6 augusti 2021 | 191 min

Monolithic Approach - ESW #237

6 augusti 2021 | 148 min

Blurred Lines - BSW #226

4 augusti 2021 | 65 min

NSA Warning, NSO Spyware, Pneumatic Tubes Vulns, & Hidden Crypto Regulations - SWN #139

3 augusti 2021 | 27 min

Shrug & Move On - ASW #160

3 augusti 2021 | 72 min

The Dr. Strange Moment - PSW #704

30 juli 2021 | 204 min

PetitPotam Attack, PyPI Malware, NSA Device Guidance, & Meteor Wiper - Wrap Up - SWN #138

30 juli 2021 | 29 min

Bad Example - ESW #236

30 juli 2021 | 99 min

Ancient Court - SCW #81

29 juli 2021 | 71 min

Coffee & Cocktails - BSW #225

28 juli 2021 | 63 min

Babuk Forum Hack, Exotic Programming, Kaseya Decryption, & "Petitpotam" Attack - SWN #137

27 juli 2021 | 28 min

Policy of Truth - ASW #159

27 juli 2021 | 74 min

Nefarious Drivers - PSW #703

23 juli 2021 | 205 min

SeriousSam, Kaseya Decrypts REvil, Hacker Bounties, SonicWall, & Pegasus - Wrap Up - SWN #136

23 juli 2021 | 27 min

Everyone Works Everywhere - ESW #235

23 juli 2021 | 101 min

Constantly Frustrated - SCW #80

23 juli 2021 | 69 min

Use Your Network - BSW #224

21 juli 2021 | 58 min

iOS RCE, Pegasus Spyware Leak, Florida Victims Targeted, & Debugging MosaicLoader - SWN #135

20 juli 2021 | 28 min

Fall On Our Sword - ASW #158

20 juli 2021 | 75 min

Glorious Purpose - PSW #702

16 juli 2021 | 200 min

Kaseya, Luminous Moth, Amazon, Microsoft, REvil, & Luminous Moth - Wrap Up - SWN #134

16 juli 2021 | 27 min

Following the Dollar - ESW #234

16 juli 2021 | 106 min

Tell the Truth - SCW #79

15 juli 2021 | 74 min

Stop the Bleeding - BSW #223

14 juli 2021 | 62 min

Drink Our Own Champagne - ASW #157

13 juli 2021 | 73 min

SolarWinds, Kaseya, Cisco, Schneider, & Jason Wood - SWN #133

13 juli 2021 | 24 min

Meat Scented Candles - PSW #701

2 juli 2021 | 174 min

LinkedIn Leaks, PrintNightmare, Cyber Legislation, & Beer Bots - Wrap Up - SWN #132

2 juli 2021 | 28 min

Hope & Pray - ESW #233

30 juni 2021 | 113 min

Greased Lightning - SCW #78

30 juni 2021 | 77 min

The Behemoth - BSW #222

30 juni 2021 | 64 min

GitHub Bounties, Returning Guest Host, CISCO, Binance Banned, & WD Hacks - SWN #131

29 juni 2021 | 31 min

Everything Looks Crazy - ASW #156

29 juni 2021 | 77 min

The Godfather - PSW #700

25 juni 2021 | 196 min

Dark Radiation, John McAfee, Dell UEFI, Zyxel, Windows 11, & NYC Advisory - Wrap Up - SWN #130

25 juni 2021 | 33 min

Figure It Out - ESW #232

24 juni 2021 | 97 min

Hesitation About the Test - SCW #77

24 juni 2021 | 72 min

'Oddball' Malware, iPhone WIFI Hacks, Russian VPN Bans, & A Special Guest Host - SWN #129

23 juni 2021 | 22 min

Rip That Non-Value Add Out - BSW #221

23 juni 2021 | 61 min

Crawling Like a Human - ASW #155

22 juni 2021 | 74 min

Adrian Overlord - PSW #699

18 juni 2021 | 203 min

Cyber Insurance, Akamai Outages, Win 10 EOL, & Pinchy Spider - SWN #128

18 juni 2021 | 29 min

Sassy & Thoughtful - ESW #231

18 juni 2021 | 94 min

Help Heal - SCW #76

17 juni 2021 | 67 min

Frustratingly Effective - BSW #220

16 juni 2021 | 72 min

Instagram Bugs, Nuclear RDP, Cyber Games, Risk in Utilities, & Crypto-Astrology - SWN #127

15 juni 2021 | 27 min

Dead Simple - ASW #154

15 juni 2021 | 70 min

PCI Security Deathmatch - PSW #698

11 juni 2021 | 210 min

RCE Bug in VMWare, Steam Malware, TikTok Biometrics, & Kubernetes Backdoors - Wrap Up - SWN #126

11 juni 2021 | 28 min

Multiple Soups - ESW #230

10 juni 2021 | 108 min

That's Nonsense - SCW #75

9 juni 2021 | 65 min

Brain Cycles - BSW #219

9 juni 2021 | 62 min

DarkSide Crypto Repo, New Siloscape Malware, Amazon Sidewalk, & Internet Outages - SWN #125

8 juni 2021 | 27 min

Something's Out There - ASW #153

8 juni 2021 | 73 min

The Wrong Lawyer - PSW #697

7 juni 2021 | 204 min

Jingle the Keys - PSW #696

28 maj 2021 | 183 min

Bezos, Nobelium, Apple Vulns, SonicWall Patches, & VMware RCM - Wrap Up - SWN #124

28 maj 2021 | 25 min

Increased Complexity - ESW #229

28 maj 2021 | 105 min

Birthday Wishes - SCW #74

27 maj 2021 | 76 min

TrendMicro, DarkSide "Court", & Lessons Learned From Supply Chain Attacks - SWN #123

26 maj 2021 | 28 min

Stop the Bleeding - BSW #218

26 maj 2021 | 54 min

Everybody's Looking For Something - ASW #152

25 maj 2021 | 71 min

Jerry the Hedgehog - PSW #695

21 maj 2021 | 190 min

Through the Noise - ESW #228

20 maj 2021 | 143 min

Manual Swivel Chairing - BSW #217

19 maj 2021 | 60 min

Hot Potato - ASW #151

18 maj 2021 | 75 min

Very Exciting & Very Scary - PSW #694

17 maj 2021 | 198 min

The Dogefather, Frags Return, Horse Ridge, Ransomware, & Fightin' Joe - Wrap Up - SWN #122

14 maj 2021 | 27 min

Negative Reinforcement - ESW #227

14 maj 2021 | 104 min

Digital Bread Crumbs - SCW #73

12 maj 2021 | 79 min

What Was Old Is New Again - BSW #216

12 maj 2021 | 60 min

Net Neutrality Redux, Elon Musk, Colonial Pipeline, & Lemon Duck Botnet - SWN #121

11 maj 2021 | 25 min

Talking Heads - ASW #150

11 maj 2021 | 75 min

Dusty Corners - PSW #693

7 maj 2021 | 192 min

Bad Pings, Yahoo Answer Babbies, Python Bugs, & Spectre Attacks - Wrap Up - SWN #120

7 maj 2021 | 26 min

Tyler Has Visitors - ESW #226

7 maj 2021 | 104 min

Enforcement Body - SCW #72

6 maj 2021 | 29 min

Limitless - BSW #215

5 maj 2021 | 57 min

Alert Your Star Destroyers - ASW #149

4 maj 2021 | 71 min

Dan Kaminsky, 'BadAlloc' Flaws, Apple 0-Days, & Spectre Defenses Shattered - SWN #119

4 maj 2021 | 28 min

Passwordstate Backdoor, Gov't Tackles Ransomware, & BinD Updates - Wrap Up - SWN #118

30 april 2021 | 25 min

Vulcan Mind Meld - PSW #692

30 april 2021 | 205 min

Between the Two Tylers - ESW #225

30 april 2021 | 109 min

Boil the Ocean - SCW #71

28 april 2021 | 88 min

Skin in the Game - BSW #214

28 april 2021 | 63 min

Emotet Nukes Itself, Nvidia 0-Days, Babuk D.C Attack, & iOS 14.5 - SWN #117

27 april 2021 | 25 min

Minimum Safe Distance - ASW #148

27 april 2021 | 73 min

Curmudgeon Pills - PSW #691

26 april 2021 | 164 min

Lots of Zero Days, SonicWall Vulns, The FBI, The Professor, & The Rest - Wrap Up - SWN #116

23 april 2021 | 24 min

Hall of Shame - ESW #224

23 april 2021 | 97 min

The Other Guy - SCW #70

22 april 2021 | 72 min

Go Back To Work! - BSW #213

21 april 2021 | 54 min

Codecov Attack, Major BGP Leak, Lazarus APT, Discord Ransomware, & GEICO Breach - SWN #115

20 april 2021 | 24 min

That Will Bite Ya - ASW #147

20 april 2021 | 68 min

When Things Go Sour - SCW #69

13 april 2021 | 71 min

The Hunt for Red October - PSW #690

9 april 2021 | 199 min

Virtual Audio Bars, Accellion Breach, & Discord/Slack Malware - Wrap Up - SWN #114

9 april 2021 | 27 min

Love Your Energy - ESW #223

9 april 2021 | 97 min

A Little Hot - SCW #68

8 april 2021 | 67 min

Culture of Innovation - BSW #212

7 april 2021 | 51 min

Microsoft Edge Grows, IRS “Operation Hidden Treasure”, & 'more_eggs' Malware - SWN #113

6 april 2021 | 25 min

Contortions - ASW #146

6 april 2021 | 73 min

Short Term Memory Issues - PSW #689

2 april 2021 | 223 min

Ubiquiti Breach, North Korean APT, PHP Compromised, & QNAP NAS 0-Day - Wrap Up - SWN #112

2 april 2021 | 25 min

Escape Room - ESW #222

31 mars 2021 | 107 min

Two Yellow Cards - SCW #67

31 mars 2021 | 80 min

Tighten Our Belts - BSW #211

30 mars 2021 | 58 min

Apple Store, Microsoft, PhP, & Video Game Cheats - SWN #111

30 mars 2021 | 26 min

Grab A Sword - ASW #145

30 mars 2021 | 72 min

Tesla Banned, SolarWinds Patch, Jack Dorsey BlockClock, 11 0-Days, Turing - Wrap-Up - SWN #110

26 mars 2021 | 29 min

You Want More Budweiser? - PSW #688

26 mars 2021 | 199 min

Wet Your Beak - ESW #221

25 mars 2021 | 100 min

Wish List - SCW #66

24 mars 2021 | 65 min

We Like Puppies - BSW #210

23 mars 2021 | 59 min

DTLS Servers, F5, Black Kingdom Ransomware, GE Devices, & Gigamon - SWN #109

23 mars 2021 | 30 min

The Cure - ASW #144

23 mars 2021 | 68 min

Don't Waste Bourbon - PSW #687

19 mars 2021 | 200 min

Need More Cowbell - ESW #220

19 mars 2021 | 131 min

Schneider Electric, Tinder, Chrome, Ulysses, Mirai, & Zero Days - Wrap Up - SWN #108

19 mars 2021 | 29 min

Free Flowing - SCW #65

18 mars 2021 | 73 min

Blind Spots - BSW #209

17 mars 2021 | 63 min

Schneider Electric Meters, Chrome Zero Days, Exchange Redux, & Signal - SWN #107

16 mars 2021 | 29 min

Always Interesting - ASW #143

16 mars 2021 | 62 min

We're A Lot Happier - PSW #686

12 mars 2021 | 195 min

Exchange Escalation, "Studmaster", John McAfee, z0Miner, & Bad Cameras - Wrap Up - SWN #106

12 mars 2021 | 27 min

Due Diligence - ESW #219

11 mars 2021 | 106 min

Another Flavor - SCW #64

10 mars 2021 | 75 min

DoD, Microsoft, Alexa, Intel, Aaran Leyland, & Side Channel Attacks - SWN #105

9 mars 2021 | 30 min

Flow Master - BSW #208

9 mars 2021 | 58 min

Check Your Alibis - ASW #142

9 mars 2021 | 64 min

As Long As You're Happy - PSW #685

5 mars 2021 | 210 min

Talon Cameras, Non-Fungible Tokens, OSINT, & Rockwell - Wrap Up - SWN #104

5 mars 2021 | 28 min

Half Listening - ESW #218

5 mars 2021 | 99 min

Stumbled Upon A Problem - SCW #63

4 mars 2021 | 94 min

Prepare & Practice - BSW #207

3 mars 2021 | 55 min

The Darker & Lighter Web, Gootloader, Deep Fakes, & Aaran Leyland - SWN #103

2 mars 2021 | 31 min

New Wave Post Punk Security Hour - ASW #141

2 mars 2021 | 68 min

Coming To A Theatre Near You - PSW #684

26 februari 2021 | 176 min

Sandstorm Returns, Supply Chain, Flying Cars, & Net Neutrality - Wrap Up - SWN #102

26 februari 2021 | 26 min

Old School - ESW #217

26 februari 2021 | 100 min

Hacking & Hip Hop - SCW #62

24 februari 2021 | 83 min

Trust Factor - BSW #206

24 februari 2021 | 53 min

TDoS, Crippled Video Drivers, APT31, Typing Inference, & "Shadow Attacks" - SWN #101

23 februari 2021 | 27 min

Goose Egg - ASW #140

23 februari 2021 | 68 min

Party Time! - PSW #683

12 februari 2021 | 169 min

Adobe Overflow, Microsoft Patches 3 and Skips 1, & Apple Sudo Fix - Wrap Up - SWN #100

12 februari 2021 | 10 min

Taking Selfies - ESW #216

11 februari 2021 | 82 min

Dirty Hands - SCW #61

10 februari 2021 | 63 min

Bits & Bytes - BSW #205

9 februari 2021 | 51 min

Spotify Accounts Leaked, SonicWall Zero-Day, & Multiple Google Attacks! - SWN #99

9 februari 2021 | 20 min

Total Recall - ASW #139

9 februari 2021 | 69 min

Annual Checkup - PSW #682

9 februari 2021 | 200 min

Cisco, NIST 800-172, Fake News, Azure Functions, & Clearview - Wrap Up - SWN #98

5 februari 2021 | 27 min

Truly Special - ESW #215

5 februari 2021 | 93 min

Peeling the Onion - SCW #60

4 februari 2021 | 86 min

Diamond Hands - BSW #204

3 februari 2021 | 52 min

Sonic Wall, TikTok, NSA, BigNox, Slipstreaming, ESET & Jason Wood - SWN #97

2 februari 2021 | 25 min

The Sound of Silence - ASW #138

2 februari 2021 | 68 min

Get Out of My House - PSW #681

29 januari 2021 | 192 min

GameStop, Sudo Flaws, NAT Slipstreaming & Show Wrap Ups - Wrap Up - SWN #96

29 januari 2021 | 26 min

Losing Control - ESW #214

29 januari 2021 | 75 min

Alert Overlords - SCW #59

29 januari 2021 | 72 min

A Big Hot Mess - BSW #203

27 januari 2021 | 62 min

SonicWall, Cisco, Rich Guys in Space, TikTok, & Jason Wood - SWN #95

26 januari 2021 | 28 min

A Tree of Woe - ASW #137

26 januari 2021 | 71 min

Big Government, FBI, Mimecast, Ubquiti, Cisco, & the German Police - Wrap Up - SWN #94

19 januari 2021 | 24 min

There Was Definitely Harm Done - PSW #680

15 januari 2021 | 206 min

Shut You Down - ESW #213

15 januari 2021 | 94 min

Massive Problems - SCW #58

13 januari 2021 | 76 min

Venomous Bear, Parler, Section 230, SolarWinds, UFOs, & Jason Wood - SWN #93

13 januari 2021 | 28 min

Basic Hygiene - BSW #202

13 januari 2021 | 59 min

Breaking John - ASW #136

12 januari 2021 | 67 min

The Floppy Tangent - PSW #679

11 januari 2021 | 181 min

The Easy Button - ESW #212

8 januari 2021 | 89 min

SolarWinds, FBI Warnings, JetBrains, Government News, & 5G - Wrap Up - SWN #92

8 januari 2021 | 24 min

Dumpster Fire - SCW #57

7 januari 2021 | 80 min

Not Even Close - BSW #201

6 januari 2021 | 52 min

Ticketmaster, ElectroRAT, Zyxel Vulnerability, & Section 230 - SWN #91

5 januari 2021 | 28 min

Pokémon & Synthwave & Hair & Hats - ASW #135

5 januari 2021 | 68 min

The Breath of the Targets - PSW #678

18 december 2020 | 212 min

The Wheels Keep Spinning - ESW #211

17 december 2020 | 95 min

Gitpaste-12, SolarWinds, G-Suite Attack, & Show Summaries - Wrap Up - SWN #90

17 december 2020 | 23 min

Black Hole - SCW #56

17 december 2020 | 91 min

Helping People - BSW #200

16 december 2020 | 60 min

PyMicropsia Trojan, SolarWinds, Alphabet Outages, & Jason Wood - SWN #89

16 december 2020 | 29 min

Dark & Scary - ASW #134

16 december 2020 | 74 min

This Is How You Get Skynet - PSW #677

14 december 2020 | 222 min

Kerberos Exploit, Steam Flaws, Facebook Lawsuit, & Black Mirror - Wrap Up - SWN #88

14 december 2020 | 24 min

Wu-Tang Christmas - ESW #210

11 december 2020 | 90 min

Cyber Chainsaw - SCW #55

11 december 2020 | 76 min

Amnesia:33, IoT, NSA, Trickbot, & Tim Mackey - SWN #87

9 december 2020 | 27 min

The Shining Example - BSW #199

8 december 2020 | 63 min

A Cesspool of Images - ASW #133

8 december 2020 | 65 min

The Whole Crew's Awesome - PSW #676

4 december 2020 | 209 min

Krebs, UEFI Trickboot, Slack, & Docker Vulns - Wrap Up - SWN #86

4 december 2020 | 26 min

The Headache - ESW #209

4 december 2020 | 102 min

Poking the Bear - SCW #54

2 december 2020 | 82 min

A Plan Over Time - BSW #198

1 december 2020 | 63 min

GoDaddy DNS Attacks, New Magecart Attacks, & Ryan Corey - SWN #85

1 december 2020 | 24 min

Talking Cookies - ASW #132

1 december 2020 | 68 min

Just Reboot Your Stuff - ESW #208

26 november 2020 | 89 min

The Magician Hat - SCW #53

25 november 2020 | 82 min

Better Plays - BSW #197

25 november 2020 | 66 min

Thunderdome Technique - ASW #131

24 november 2020 | 64 min

Sometimes, Computers Just Freak Out - PSW #675

20 november 2020 | 197 min

Krebs Fired at CISA, 'Stone Panda', & DNS Is Not Your Friend - Wrap Up - SWN #84

20 november 2020 | 25 min

Some Serious Coin - ESW #207

20 november 2020 | 98 min

The Sledgehammer - SCW #52

18 november 2020 | 85 min

The Flow - BSW #196

17 november 2020 | 52 min

CISA, Facebook Scams, Mudge, & Hidden Cobra - SWN #83

17 november 2020 | 25 min

Black Friday - ASW #130

17 november 2020 | 66 min

Junior High Geometry - PSW #674

13 november 2020 | 192 min

Ghimob, Tianfu, Scalper Bots, Animal Jam, & Pay2Key - Wrap Up - SWN #82

13 november 2020 | 26 min

Bang on the WAF - ESW #206

13 november 2020 | 102 min

Take Ownership - SCW #51

12 november 2020 | 83 min

The Gatekeeper - BSW #195

11 november 2020 | 66 min

GhiMod, Virgin Hyperloops, Torisma, & Joshua Harr, Rapid7 - SWN #81

11 november 2020 | 34 min

Snowy Clouds - ASW #129

10 november 2020 | 76 min

We Don't Give A Font - PSW #673

6 november 2020 | 192 min

Billions of Bitcoins, Zoom Snooping, & Doxing Russian Bears - Wrap Up - SWN #80

6 november 2020 | 27 min

Work & Burn - ESW #205

6 november 2020 | 82 min

All That Stuff - SCW #50

4 november 2020 | 65 min

Be Authentic - BSW #194

4 november 2020 | 53 min

Kimsuky, Election Day, Maze, & Microsoft 0-Day - SWN #79

3 november 2020 | 26 min

Exploding Decompression - ASW #128

3 november 2020 | 69 min

Paranoid Security Professionals - PSW #672

30 oktober 2020 | 206 min

We're All Ears - ESW #204

30 oktober 2020 | 82 min

'KashmirBlack', Social Media Bias, NSA, & Healthcare Attacks - Wrap Up - SWN #78

30 oktober 2020 | 26 min

The Deeper Question - SCW #49

29 oktober 2020 | 68 min

The Reality - BSW #193

28 oktober 2020 | 53 min

Winston Privacy Vulns, 'KashmirBlack' Botnet, IoT, & Roger Hale - SWN #77

27 oktober 2020 | 31 min

The Spookiest Month - ASW #127

27 oktober 2020 | 71 min

Not Very Moist - PSW #671

23 oktober 2020 | 201 min

Make Your Brain Hurt - ESW #203

23 oktober 2020 | 77 min

Oracle Patches, Cisco Firepower Threats, & July Twitter Hack - Wrap Up - SWN #76

22 oktober 2020 | 28 min

Black Swan - SCW #48

21 oktober 2020 | 82 min

Fight Over It - BSW #192

21 oktober 2020 | 50 min

GRU Hackers Indicted, Trickbot Rises, & Danny Akacki - SWN #75

20 oktober 2020 | 31 min

Way Over My Head - ASW #126

20 oktober 2020 | 67 min

Larry's 10 Second Delay - PSW #670

16 oktober 2020 | 198 min

Gamer Scams, 'ZeroLogon' Attacks, & 'BleedingTooth' Flaw - Wrap Up - SWN #74

16 oktober 2020 | 29 min

Nuke That System - ESW #202

15 oktober 2020 | 101 min

You Must Be This Tall - SCW #47

14 oktober 2020 | 65 min

Fitbit Spyware, Facebook Bug Bounty Club, & FAA Gets Airline Warning - SWN #73

13 oktober 2020 | 25 min

Made In the Shade - BSW #191

13 oktober 2020 | 72 min

Still Raging - ASW #125

12 oktober 2020 | 71 min

Taco Thursday - PSW #669

9 oktober 2020 | 180 min

Stuxnet Redux, UEFI Bootkits, & Fancy Bear - Wrap Up - SWN #72

9 oktober 2020 | 28 min

One Bug Away - ESW #201

8 oktober 2020 | 71 min

They Can't Do Pizza - SCW #46

7 oktober 2020 | 79 min

Qualified Opinions - BSW #190

6 oktober 2020 | 54 min

Static Kitten, Targeting Trickbot, & 'Raccine' Ransomware - SWN #71

6 oktober 2020 | 29 min

The Laughing Isn't Helping - ASW #124

6 oktober 2020 | 72 min

A 55 Gallon Drum Cut In Half - PSW #668

2 oktober 2020 | 185 min

Pinchy Spider, Microsoft 365 Outage, & Emotet Strikes DNC - Wrap Up - SWN #70

2 oktober 2020 | 24 min

That's Where the Lemons Go - SCW #45

30 september 2020 | 73 min

Joker Trojan, Microsoft Outage, & Alien Android Trojan - SWN #69

29 september 2020 | 26 min

Necessary Evil - BSW #189

29 september 2020 | 58 min

Hot Off the Press - ASW #123

28 september 2020 | 63 min

Lokibot Returns, Tesla Outage, & Maze Ransomware in VMs - Wrap Up - SWN #68

24 september 2020 | 28 min

My Head's Spinning - ESW #200

24 september 2020 | 81 min

You Can't Handle the Truth! - SCW #44

23 september 2020 | 92 min

Blood, Sweat, & Beers - BSW #188

22 september 2020 | 80 min

German Ransomware, Wicked Panda, & Dark Overlord Sentenced - SWN #67

22 september 2020 | 26 min

One Love, One Fuzz - ASW #122

22 september 2020 | 73 min

11 Tons of Typewriters - PSW #667

18 september 2020 | 203 min

QAnon Shut Down, Mozi Botnet, & Trump Bans TikTok - Wrap Up - SWN #66

18 september 2020 | 27 min

Pointing Fingers - ESW #199

17 september 2020 | 91 min

Wrong Movie - SCW #43

16 september 2020 | 68 min

Zoom Rolls Out 2FA, Fancy Bear Returns, & Massive Mailfire Leak - SWN #65

15 september 2020 | 25 min

Deep Cover - BSW #187

15 september 2020 | 62 min

The Wire Stripper - ASW #121

14 september 2020 | 73 min

One Hell of a Show - PSW #666

11 september 2020 | 197 min

Insider Threats, BLURtooth Flaw, & More 0-Days - Wrap Up - SWN #64

11 september 2020 | 28 min

The Impossible Traveler - ESW #198

9 september 2020 | 94 min

The Dark Side - SCW #42

8 september 2020 | 62 min

WhatsApp Bugs, Argentina Ransomware, & Cisco Jabber RCE - SWN #63

8 september 2020 | 24 min

The Squeegee Guy - PSW #665

4 september 2020 | 188 min

Tesla Dodges Attack, 'Sepulcher' Malware, & Snowden Vindicated? - Wrap Up - SWN #62

4 september 2020 | 24 min

Absolute Nightmare - ESW #197

3 september 2020 | 103 min

Pound Sand - SCW #41

2 september 2020 | 83 min

Across State Lines - BSW #186

2 september 2020 | 60 min

Charming Kitten, Slack RCE, & KryptoCibule Malware - SWN #61

1 september 2020 | 28 min

Little Bit Too High - ASW #120

1 september 2020 | 71 min

Floppies Are Burning In The Driveway - PSW #664

29 augusti 2020 | 184 min

Let That Sink In - ESW #196

28 augusti 2020 | 97 min

MITRE Shield Matrix, Zoom Outages, & 'SourMint' - Wrap Up - SWN #60

28 augusti 2020 | 24 min

The Memes Are Killing Me - SCW #40

26 augusti 2020 | 63 min

Dharma Ransomware, Zoom Crash, & Elon Musk's Neuralink - SWN #59

25 augusti 2020 | 23 min

Set It & Forget It - BSW #185

25 augusti 2020 | 54 min

Heavy Pressure - ASW #119

24 augusti 2020 | 68 min

Hacking Naked & Not Afraid - PSW #663

21 augusti 2020 | 165 min

Locate X, FritzFrog Botnet, & 'Spear Vishing' - Wrap Up - SWN #58

21 augusti 2020 | 25 min

Snake Oil - ESW #195

20 augusti 2020 | 106 min

Keys to the Castle - SCW #39

19 augusti 2020 | 63 min

'EmoCrash' Exploit, IcedID, & TeamTNT - SWN #57

18 augusti 2020 | 20 min

The Juicy Secrets - BSW #184

18 augusti 2020 | 55 min

Positive Drift - ASW #118

17 augusti 2020 | 68 min

Tyler's Dieting Tips - PSW #662

14 augusti 2020 | 219 min

ReVoLTE, Tor Exit Nodes, & Drovorub Malware - Wrap Up - SWN #56

14 augusti 2020 | 25 min

The Only Player - ESW #194

13 augusti 2020 | 97 min

Jeff's PCI Disciples - SCW #38

13 augusti 2020 | 70 min

Banning TikTok, Kr00k Vuln, & Mercedes-Benz Vulns - SWN #55

13 augusti 2020 | 23 min

A Manual Transmission With No Clutch - PSW #661

7 augusti 2020 | 176 min

It's A Trap! - ESW #193

7 augusti 2020 | 160 min

Expert Instinct - BSW #183

6 augusti 2020 | 70 min

Maximum Isolation - ASW #117

4 augusti 2020 | 63 min

Sweaty Internet Rooms - PSW #660

4 augusti 2020 | 187 min

GRU Fancy Bear, Garmin Ransomware, & Doki Docker Backdoor Attacks - Wrap Up - SWN #54

31 juli 2020 | 26 min

Rainbow Hands - ESW #192

29 juli 2020 | 87 min

Get Off My Discord Server! - SCW #37

28 juli 2020 | 63 min

ShinyHunters, QSnatch Malware, & DEF CON Safe Mode - SWN #53

28 juli 2020 | 25 min

A Seat at the Table - BSW #182

28 juli 2020 | 57 min

It Makes No Sense - ASW #116

27 juli 2020 | 67 min

Gouge My Eyes Out With Forks - PSW #659

25 juli 2020 | 189 min

Crown Jewels - ESW #191

24 juli 2020 | 88 min

BadPower Attacks, Emotet Returns, & Twitter Hack Follow Up - Wrap Up - SWN #52

24 juli 2020 | 26 min

Naughty People - SCW #36

22 juli 2020 | 75 min

Crypto Trojans, GoldenSpy, & BadPower Attacks - SWN #51

21 juli 2020 | 25 min

The Internet Genie - BSW #181

21 juli 2020 | 59 min

Back in the 90's - ASW #115

20 juli 2020 | 76 min

Delving Into the Juiciness - PSW #658

17 juli 2020 | 164 min

Cozy Bear, Twitter Hacked, & Huawei Threats - Wrap Up - SWN #50

17 juli 2020 | 24 min

Hacker Karaoke - SCW #35

15 juli 2020 | 63 min

Outside Your Swim Lane - BSW #180

14 juli 2020 | 53 min

More TikTok Wars, SAP NetWeaver Vuln, & TrickBot - SWN #49

14 juli 2020 | 21 min

Absolutely Useless - ASW #114

14 juli 2020 | 66 min

Don't Touch My XP Dongle - PSW #657

10 juli 2020 | 188 min

Zoom 0-Day, F5-BIGIP RCE, & Apache Guacamole RCE - Wrap Up - SWN #48

10 juli 2020 | 26 min

Take the Power Back - ESW #190

9 juli 2020 | 91 min

Knock-Knock Jokes - SCW #34

8 juli 2020 | 79 min

So Precious - BSW #179

7 juli 2020 | 51 min

TikTok Bans Pt. 2, Try2Cry, & Facebook Under Fire - SWN #47

7 juli 2020 | 26 min

Crunchy Crunchy! - ASW #113

6 juli 2020 | 70 min

The Dangerous Realm - PSW #656

3 juli 2020 | 167 min

Netgear Soho Vulns, Lucifer Botnet, & Failed Facial Recognition - Wrap Up - SWN #46

2 juli 2020 | 23 min

The Good Side - ESW #189

2 juli 2020 | 69 min

The Major One - SCW #33

30 juni 2020 | 70 min

The Greatest Challenges - BSW #178

30 juni 2020 | 60 min

TikTok Bans, BlueLeaks, & Top 10 Bug Bounties - SWN #45

30 juni 2020 | 26 min

Completely Forgotten - ASW #112

29 juni 2020 | 66 min

Akamai DDoS, Ripple 20, & CallStranger - Wrap Up - SWN #44

18 juni 2020 | 24 min

Raiding the Humidor - ESW #188

18 juni 2020 | 99 min

Break On Through - SCW #32

17 juni 2020 | 61 min

DARPA Bug Bounties, T-Mobile Outage, & Bob Erdman - SWN #43

17 juni 2020 | 31 min

Bug Bounties, Show News, & REvil - Wrap Up - SWN #42

16 juni 2020 | 22 min

Happy Hour - BSW #177

16 juni 2020 | 54 min

The Boy Who Cried Wolf - ASW #111

15 juni 2020 | 68 min

Thunderstruck - PSW #655

12 juni 2020 | 202 min

The Other Side - ESW #187

11 juni 2020 | 83 min

The Shiny Object - SCW #31

10 juni 2020 | 68 min

CallStranger, Tycoon Ransomware, & Matt Allen - SWN #41

9 juni 2020 | 38 min

The Purple Squirrel - BSW #176

9 juni 2020 | 57 min

Full of Ideas - ASW #110

9 juni 2020 | 67 min

Crazy Johnny's Discount All You Can Eat - PSW #654

5 juni 2020 | 169 min

IP in IP Vulns, Anonymous Returns, & Deep Fakes - Wrap Up - SWN #40

5 juni 2020 | 25 min

Pyramid of Pain - ESW #186

4 juni 2020 | 103 min

Cognitive Dissonance - SCW #30

2 juni 2020 | 87 min

SpaceX Docks, Anonymous Returns, & Zephyr Vulns - SWN #39

2 juni 2020 | 24 min

Balance of Power - BSW #175

2 juni 2020 | 71 min

Prohibitively Expensive - ASW #109

1 juni 2020 | 68 min

Don't Hate the Player, Hate the Game - PSW #653

29 maj 2020 | 197 min

Windows Hello, Ragnar Locker, & OpenSSH - Wrap Up - SWN #38

29 maj 2020 | 28 min

Bang Your Head - ESW #185

28 maj 2020 | 81 min

Sarwent Malware, Rogue Drones, & Microsoft MFA Attack - SWN #37

26 maj 2020 | 26 min

Heavily Loaded - PSW #652

22 maj 2020 | 201 min

Animal Crossing, Danny Trejo, Contact Tracing, & SaltStack - Wrap Up - SWN #36

22 maj 2020 | 24 min

Take This Engine - ESW #184

21 maj 2020 | 97 min

Can We Delete That? - SCW #29

19 maj 2020 | 64 min

Ransomware Gangs, DEFCON Safe Mode, & SpaceX To ISS - SWN #35

19 maj 2020 | 24 min

The Bike Path - BSW #174

19 maj 2020 | 62 min

Shake My Head - ASW #108

18 maj 2020 | 72 min

Juicy Targets - PSW #651

15 maj 2020 | 201 min

RAMSAY, STAMINA, & US-Cert Vulnerabilities - Wrap Up - SWN #34

15 maj 2020 | 23 min

The Real Meat - ESW #183

14 maj 2020 | 80 min

Double Decker - SCW #28

13 maj 2020 | 62 min

Stay Vigilant & Educate - BSW #173

12 maj 2020 | 60 min

Hacking COVID Research, ThunderSpy, & GDPR Fines - SWN #33

12 maj 2020 | 24 min

A Perfect Ten - ASW #107

11 maj 2020 | 70 min

ILoveYou, PerSwaysion, & POWER-SUPPLaY - Wrap Up - SWN #32

8 maj 2020 | 25 min

It's Not Complicated, It's Syntax! - PSW #650

8 maj 2020 | 171 min

Doom & Gloom - ESW #182

7 maj 2020 | 102 min

We Are Sloshed - SCW #27

6 maj 2020 | 71 min

I Love You Returns, Trojans, VBScripts, and Corey Thuen - SWN #31

5 maj 2020 | 26 min

Hair On Fire - BSW #172

5 maj 2020 | 53 min

Swiss Cheese - ASW #106

4 maj 2020 | 73 min

Drones, Brute Forcing, Zero Days, & Tracking Apps - SWN #30

2 maj 2020 | 23 min

Nude Sunbathing In Your Backyard - PSW #649

2 maj 2020 | 203 min

Stir Crazy - ESW #181

30 april 2020 | 87 min

Old Dogs & New Tricks - SCW #26

29 april 2020 | 57 min

SCADA Attacks, Shade Ransomware, & FBI Warnings - SWN #29

28 april 2020 | 22 min

Vitriolic Responses - BSW #171

28 april 2020 | 55 min

Blinky Lights - ASW #105

27 april 2020 | 66 min

Lube, Fire, & Hand Sanitizer - PSW #648

24 april 2020 | 186 min

Zoom Can't Win, 0 Day Extravaganza, & Starbleed - Wrap Up - SWN #28

24 april 2020 | 23 min

All Systems Go - ESW #180

23 april 2020 | 81 min

Brick & Mortar - SCW #25

22 april 2020 | 71 min

The Warriors - BSW #170

21 april 2020 | 61 min

FPGA Chip Flaws, Hacking Dropbox, & Starbleed - SWN #27

21 april 2020 | 27 min

Crabby Code - ASW #104

20 april 2020 | 71 min

Secure Your Nipples - PSW #647

17 april 2020 | 158 min

Hospital Hacks, Masking Face ID, & Attacking 5G - Wrap Up - SWN #26

17 april 2020 | 25 min

Irons in the Fire - ESW #179

16 april 2020 | 62 min

The Red Lions - SCW #24

15 april 2020 | 67 min

Higher Priority - BSW #169

15 april 2020 | 43 min

Some Good Meatiness - ASW #103

14 april 2020 | 72 min

5G Conspiracies, Zombieware, & C-Suite Targets - SWN #25

14 april 2020 | 31 min

Exploitable By Design - PSW #646

10 april 2020 | 215 min

COBOL, Grace Hopper, & AI Toilets - Wrap Up - SWN #24

10 april 2020 | 25 min

Down That Road - ESW #178

9 april 2020 | 80 min

Warming Jeff's Heart - SCW #23

8 april 2020 | 69 min

The Fifth Domain - BSW #168

8 april 2020 | 65 min

Zoombombers, CyberHeroes, & Bad Bots - SWN #23

7 april 2020 | 26 min

The Sky Is Falling - ASW #102

6 april 2020 | 72 min

Mad Skillz - PSW #645

3 april 2020 | 192 min

Wash Your Hands! - ESW #177

27 mars 2020 | 72 min

Maze Ransomware, DEER.IO, & Unacast - Wrap Up - SWN #22

27 mars 2020 | 20 min

Plausible Deniability - SCW #22

25 mars 2020 | 67 min

A Craving for Hummus - BSW #167

24 mars 2020 | 56 min

Zoombombing, Signal Sciences, & Zero Days - SWN #21

24 mars 2020 | 23 min

Syncing of the Minds - ASW #101

23 mars 2020 | 72 min

The Idaho Experience - PSW #644

20 mars 2020 | 194 min

SMBv3.11, COVID-19, & Drobo Exploit - Wrap Up - SWN #20

20 mars 2020 | 23 min

Pulling Pieces Together - ESW #176

19 mars 2020 | 90 min

More Comfy Clothes - BSW #166

18 mars 2020 | 56 min

The Artifacts - SCW #21

18 mars 2020 | 67 min

COVIDLock, HHS, & Android Stalkerware - SWN #19

17 mars 2020 | 22 min

100 Years - ASW #100

17 mars 2020 | 72 min

COVID-19, ShmooCon, & FIDO - Wrap Up - SWN #18

16 mars 2020 | 22 min

A Bunch of Old Farts - PSW #643

15 mars 2020 | 147 min

Drink All the Booze, Log All the Things - ESW #175

12 mars 2020 | 83 min

Hysteria Abound - BSW #165

12 mars 2020 | 52 min

Beer & Napkins - SCW #20

11 mars 2020 | 64 min

FIDO, PwnedLocker, & Crex24 - SWN #17

11 mars 2020 | 31 min

Party Like It's '99 - ASW #99

11 mars 2020 | 74 min

SE Scams, Hackers, & WPA2 Attacks - Wrap Up - SWN #16

9 mars 2020 | 22 min

Balance of Power - PSW #642

8 mars 2020 | 212 min

Make the Travel Stop - ESW #174

5 mars 2020 | 99 min

Price Your Risk - SCW #19

4 mars 2020 | 66 min

Fabric of Confidence - ASW #98

3 mars 2020 | 70 min

Spotify Hack, Crypto AG, & Tesla Leak - SWN #15

3 mars 2020 | 24 min

The Pit - PSW #641

3 mars 2020 | 110 min

Black Magic - BSW #164

27 februari 2020 | 49 min

Really Windy - ASW #97

26 februari 2020 | 63 min

ThemeGrill, Citrix Hacks, & ATT&CK for ICS - Wrap Up - SWN #14

21 februari 2020 | 22 min

Hacking Back - PSW #640

21 februari 2020 | 194 min

The Golden Circle - ESW #173

20 februari 2020 | 90 min

Pixie Dust - SCW #18

19 februari 2020 | 61 min

Crypto Chaos, Assange Trial, & Turkish RATs - SWN #13

19 februari 2020 | 25 min

Things Change - BSW #163

19 februari 2020 | 60 min

Over the Edge - ASW #96

18 februari 2020 | 73 min

Docker Repos, SweynTooth, & Emotet - Wrap Up - SWN #12

17 februari 2020 | 21 min

Leaky Secrets - PSW #639

17 februari 2020 | 206 min

Super Stoked - ESW #172

14 februari 2020 | 106 min

Mission, Goals, & Objectives - BSW #162

12 februari 2020 | 59 min

Big Pet Peeves - SCW #17

11 februari 2020 | 57 min

CIA, Equifax, ATT&CK for ICS - SWN #11

11 februari 2020 | 23 min

The Toothbrush of Trust - ASW #95

11 februari 2020 | 68 min

Hacking Philips, Iowa Caucus, & Kryptos Key - Wrap Up - SWN #10

10 februari 2020 | 26 min

Come Hang Out! - PSW #638

10 februari 2020 | 191 min

The Greatest Exposures - ESW #171

9 februari 2020 | 91 min

Double-Edged Swords - BSW #161

5 februari 2020 | 58 min

Squished & Vaporized - SCW #16

4 februari 2020 | 72 min

Iowa Wins, Zero Hedge, & Dark Web Breaches - SWN #9

4 februari 2020 | 35 min

Totally Thrilled - ASW #94

4 februari 2020 | 55 min

What Could Go Wrong - PSW #637

31 januari 2020 | 221 min

Corona Virus, Ragnarok Ransomware, Coalfire Outcome - Wrap Up - SWN #8

31 januari 2020 | 28 min

The Insider Threat - ESW #170

30 januari 2020 | 107 min

Get the Mop - SCW #15

30 januari 2020 | 58 min

Own Your Voice - BSW #160

29 januari 2020 | 54 min

NFL Hacked, Ransomware Spikes, & Clearview - SWN #7

28 januari 2020 | 29 min

Running Out of Fingers - ASW #93

28 januari 2020 | 68 min

Something Sanitary - PSW #636

27 januari 2020 | 198 min

Bezos Hack, Microsoft Exposed, AI Threats - Wrap Up - SWN #6

27 januari 2020 | 27 min

Lots of Shenanigans - ESW #169

23 januari 2020 | 97 min

Election Season - BSW #159

22 januari 2020 | 53 min

The Dirty Number - SCW #14

21 januari 2020 | 64 min

AI, Telnet, & Travelex - SWN #5

21 januari 2020 | 29 min

Warm & Fuzzy - ASW #92

21 januari 2020 | 69 min

Lots of Smoke - PSW #635

20 januari 2020 | 304 min

Tik Tok, Win 10, Ransomware - Wrap Up - SWN #4

20 januari 2020 | 24 min

Infinity Stones - ESW #168

16 januari 2020 | 82 min

Clean Slate - BSW #158

15 januari 2020 | 57 min

Fantastically Useful - SCW #13

14 januari 2020 | 56 min

SWN #3 - January 14, 2020

14 januari 2020 | 31 min

Carrot in the Cliff - ASW #91

14 januari 2020 | 69 min

Wrap-Up - January 10, 2020 - SWN #2

10 januari 2020 | 28 min

The Knuckle Busters - PSW #634

10 januari 2020 | 174 min

The Roaring Twenties - ESW #167

9 januari 2020 | 85 min

All Stressed Out - SCW #12

8 januari 2020 | 58 min

Great Leaders - BSW #157

8 januari 2020 | 57 min

SWN #1 - January 8, 2020

8 januari 2020 | 36 min

Learn & Improve - ASW #90

7 januari 2020 | 57 min

Sexy Knowledge - PSW #633

3 januari 2020 | 168 min

Scientific Hooligans - PSW #632

31 december 2019 | 200 min

Twerking Santa - PSW #631

30 december 2019 | 192 min

Down That Rabbit Hole - ESW #166

24 december 2019 | 104 min

The Shrinking Starts - SCW #11

23 december 2019 | 70 min

HNN #246 - December 17, 2019

18 december 2019 | 27 min

Pacing Yourself - BSW #156

18 december 2019 | 69 min

Backup & Restore - ASW #89

17 december 2019 | 72 min

A Christmas Miracle - PSW #630

13 december 2019 | 179 min

Diversity & Culture - SCW #10

13 december 2019 | 49 min

Life Is Wonderful - ESW #165

12 december 2019 | 93 min

Keys to the Kingdom - BSW #155

11 december 2019 | 62 min

HNN #245 - December 10, 2019

10 december 2019 | 23 min

Dad Jokes - ASW #88

10 december 2019 | 68 min

The Casting Couch - PSW #629

6 december 2019 | 192 min

Just Magic - ESW #164

5 december 2019 | 90 min

Frozen Orange Juice - SCW #9

4 december 2019 | 67 min

All You Need Is Flow - BSW #154

4 december 2019 | 58 min

HNN #244 - December 3, 2019

3 december 2019 | 33 min

Low Hanging Fruit - ASW #87

3 december 2019 | 64 min

The Response Line - ESW #163

28 november 2019 | 82 min

The Magical Formula - SCW #8

27 november 2019 | 69 min

Level of Separation - BSW #153

27 november 2019 | 63 min

HNN #243 - November 26, 2019

26 november 2019 | 21 min

Snarky Ways - ASW #86

26 november 2019 | 66 min

Drinking Brake Fluid - PSW #628

22 november 2019 | 182 min

Hot Mess - ESW #162

21 november 2019 | 94 min

We Don't Do PCI - SCW #7

20 november 2019 | 62 min

Shady Things - BSW #152

20 november 2019 | 65 min

HNN #242 - November 19, 2019

19 november 2019 | 31 min

Notoriously Targeted - ASW #85

19 november 2019 | 66 min

Sound Medical Advice - PSW #627

18 november 2019 | 179 min

Passwords Are Dead - SCW #6

16 november 2019 | 62 min

Well Done - SCW #5

15 november 2019 | 56 min

Easily Defeated - ESW #161

15 november 2019 | 83 min

Untangling the Spaghetti - SCW #4

13 november 2019 | 63 min

Personally Impacted - SCW #3

13 november 2019 | 70 min

Destroying Your Tree - ASW #84

13 november 2019 | 66 min

HNN #241 - November 12, 2019

12 november 2019 | 24 min

Service & Dedication - BSW #151

12 november 2019 | 64 min

Ninja Lawyers - PSW #626

11 november 2019 | 211 min

Blue Screen - SCW #2

7 november 2019 | 72 min

Through the Roof - SCW #1

7 november 2019 | 72 min

Extremely Valuable Secrets - ESW #160

7 november 2019 | 87 min

The Weakest Link - BSW #150

6 november 2019 | 61 min

HNN #240 - November 5, 2019

5 november 2019 | 23 min

Disrupting the Office - ASW #83

5 november 2019 | 67 min

Monday Morning Blues - PSW #625

1 november 2019 | 147 min

We're On Fire! - ESW #159

31 oktober 2019 | 86 min

A Better Outcome - BSW #149

30 oktober 2019 | 59 min

HNN #239 - October 29, 2019

29 oktober 2019 | 23 min

The Scary World - ASW #82

29 oktober 2019 | 66 min

Felines & Flamethrowers - PSW #624

26 oktober 2019 | 177 min

No Place to Go - ESW #158

25 oktober 2019 | 81 min

Total Curmudgeon - BSW #148

25 oktober 2019 | 68 min

HNN #238 - October 22, 2019

22 oktober 2019 | 23 min

Exceedingly Happy - ASW #81

22 oktober 2019 | 70 min

Flush the Cache - PSW #623

19 oktober 2019 | 164 min

Container Flow - ESW #157

18 oktober 2019 | 85 min

The Nirvana Case - BSW #147

16 oktober 2019 | 44 min

Spaghetti Code - ASW #80

15 oktober 2019 | 65 min

Wonderful Monday's - BSW #146

9 oktober 2019 | 63 min

HNN #237 - October 8, 2019

8 oktober 2019 | 26 min

A Sea of Orange - ASW #79

8 oktober 2019 | 76 min

The Last Cigar - PSW #622

7 oktober 2019 | 184 min

Please Don't Go - ESW #156

3 oktober 2019 | 98 min

Keep the Lights On - BSW #145

2 oktober 2019 | 60 min

HNN #236 - October 1, 2019

1 oktober 2019 | 26 min

The Notorious Bucket - ASW #78

1 oktober 2019 | 63 min

That's What Larry Said - PSW #621

30 september 2019 | 115 min

False Negative - ESW #155

27 september 2019 | 110 min

HNN #235 - September 24, 2019

24 september 2019 | 23 min

Converging Together - BSW #144

24 september 2019 | 58 min

Something Should Exist - ASW #77

23 september 2019 | 69 min

Special Treats - PSW #620

21 september 2019 | 164 min

The Gang's Here - ESW #154

18 september 2019 | 81 min

HNN #234 - September 17, 2019

17 september 2019 | 31 min

The Feedback Loop - BSW #143

17 september 2019 | 68 min

The Struggle Is Real - PSW #619

16 september 2019 | 150 min

Pick Your Example - ASW #76

16 september 2019 | 73 min

Drop Down Low - ESW #153

12 september 2019 | 112 min

HNN #233 - September 10, 2019

10 september 2019 | 21 min

The Matrix - BSW #142

10 september 2019 | 59 min

The Man With A Plan - ASW #75

10 september 2019 | 72 min

Glass Houses - ESW #152

5 september 2019 | 96 min

HNN #232 - September 3, 2019

3 september 2019 | 25 min

So Many Jokes, So Little Time - PSW #618

30 augusti 2019 | 160 min

Holding People Back - ESW #151

29 augusti 2019 | 122 min

Ulterior Motive - BSW #141

28 augusti 2019 | 62 min

HNN #231 - August 27, 2019

27 augusti 2019 | 23 min

Still Alive - ASW #74

27 augusti 2019 | 67 min

Save the World - PSW #617

26 augusti 2019 | 156 min

Wither on the Vine - ESW #150

22 augusti 2019 | 111 min

No Spoilers - BSW #140

21 augusti 2019 | 53 min

HNN #230 - August 20, 2019

20 augusti 2019 | 26 min

The Dark Data - ASW #73

20 augusti 2019 | 81 min

It Gets Really Hot! - PSW #616

19 augusti 2019 | 175 min

The Shady Stuff - ESW #149

15 augusti 2019 | 94 min

Highly Rated Leaders - BSW #139

14 augusti 2019 | 58 min

Highly Distributed - ASW #72

14 augusti 2019 | 64 min

That's An Illusion - ESW #148

13 augusti 2019 | 109 min

Nobody Move! - PSW #615

12 augusti 2019 | 139 min

Let's Unzip the Fly - PSW #614

5 augusti 2019 | 161 min

Let It Go - ESW #147

1 augusti 2019 | 83 min

Earn Your Stripes - Business Security Weekly #138

31 juli 2019 | 68 min

Hack Naked News #229 - July 30, 2019

30 juli 2019 | 22 min

Off Guard - Application Security Weekly #71

30 juli 2019 | 74 min

Well Lubricated - Paul's Security Weekly #613

29 juli 2019 | 182 min

We're Not Investment Bankers - Enterprise Security Weekly #146

26 juli 2019 | 87 min

Dropping Conspiracy Theories - Business Security Weekly #137

24 juli 2019 | 67 min

Hack Naked News #228 - July 23, 2019

23 juli 2019 | 24 min

Help Us! - Application Security Weekly #70

23 juli 2019 | 65 min

Dirty Looks - Paul's Security Weekly #612

20 juli 2019 | 169 min

Heavily Focused - Enterprise Security Weekly #145

19 juli 2019 | 75 min

The End Result - Business Security Weekly #136

17 juli 2019 | 65 min

Hack Naked News #227 - July 16, 2019

16 juli 2019 | 19 min

Paving the Road - Application Security Weekly #69

16 juli 2019 | 75 min

Blow Stuff Up! - Paul's Security Weekly #611

15 juli 2019 | 155 min

Homegrown - Enterprise Security Weekly #144

12 juli 2019 | 89 min

Practical Intelligence - Business Security Weekly #135

10 juli 2019 | 53 min

Hack Naked News #226 - July 9, 2019

9 juli 2019 | 20 min

Wise Words - Application Security Weekly #68

9 juli 2019 | 64 min

Simple Man - Business Security Weekly #134

3 juli 2019 | 61 min

Hack Naked News #225 - July 2, 2019

2 juli 2019 | 20 min

Everybody Learns Differently - Application Security Weekly #67

2 juli 2019 | 64 min

Man Purse of Dongles - Paul's Security Weekly #610

29 juni 2019 | 200 min

Cash Cows - Enterprise Security Weekly #143

27 juni 2019 | 81 min

How Low Can You Go - Business Security Weekly #133

26 juni 2019 | 68 min

Hack Naked News #224 - June 25, 2019

25 juni 2019 | 22 min

Breaking Down the Walls - Application Security Weekly #66

25 juni 2019 | 66 min

Mass Appeal - Paul's Security Weekly #609

22 juni 2019 | 181 min

Political Clout - Enterprise Security Weekly #142

21 juni 2019 | 87 min

Coding Father's Day - Business Security Weekly #132

19 juni 2019 | 56 min

Hack Naked News #223 - June 18, 2019

19 juni 2019 | 30 min

Buzzword Bingo - Application Security Weekly #65

18 juni 2019 | 70 min

Nerdy Love Fest - Paul's Security Weekly #608

17 juni 2019 | 179 min

The New Perimeter - Enterprise Security Weekly #141

15 juni 2019 | 94 min

Hack Naked News #222 - June 11, 2019

12 juni 2019 | 27 min

Chase That Rabbit - Business Security Weekly #131

12 juni 2019 | 68 min

Everyone Looks Smart - Application Security Weekly #64

11 juni 2019 | 70 min

Don't Give Amanda Your Passwords - Paul's Security Weekly #607

8 juni 2019 | 165 min

Full Fidelity - Enterprise Security Weekly #140

6 juni 2019 | 96 min

The Same Problem - Business Security Weekly #130

5 juni 2019 | 65 min

Hack Naked News #221 - June 4, 2019

4 juni 2019 | 23 min

Rainbows - Application Security Weekly #63

4 juni 2019 | 58 min

Off the Bridge - Paul's Security Weekly #606

1 juni 2019 | 180 min

Absolute Insanity - Enterprise Security Weekly #139

30 maj 2019 | 99 min

Hack Naked News #220 - May 28, 2019

28 maj 2019 | 25 min

Paul's Kidneys - Paul's Security Weekly #605

28 maj 2019 | 141 min

Warm & Fuzzies - Enterprise Security Weekly #138

24 maj 2019 | 75 min

Don't Walk Here - Business Security Weekly #129

22 maj 2019 | 55 min

Hack Naked News #219 - May 21, 2019

21 maj 2019 | 24 min

Third Degree Sunburns - Application Security Weekly #62

21 maj 2019 | 63 min

Two Strokes - Paul's Security Weekly #604

18 maj 2019 | 178 min

The Networking Side - Enterprise Security Weekly #137

17 maj 2019 | 90 min

Rhode Island Things - Business Security Weekly #128

15 maj 2019 | 77 min

Hack Naked News #218 - May 14, 2019

14 maj 2019 | 27 min

The Right Direction - Application Security Weekly #61

14 maj 2019 | 71 min

Billy Ray Built a Meth Lab - Paul's Security Weekly #603

10 maj 2019 | 175 min

Break Stuff - Enterprise Security Weekly #136

9 maj 2019 | 73 min

Drive the Bus - Business Security Weekly #127

8 maj 2019 | 68 min

Hack Naked News #217 - May 7, 2019

7 maj 2019 | 17 min

Defense In Depth - Application Security Weekly #60

7 maj 2019 | 70 min

It's Gonna' Be Heavy! - Paul's Security Weekly #602

6 maj 2019 | 162 min

Cognitive Dissonance - Enterprise Security Weekly #135

2 maj 2019 | 100 min

Wide Open - Business Security Weekly #126

1 maj 2019 | 65 min

Hack Naked News #216 - April 30, 2019

30 april 2019 | 24 min

The Other Side - Application Security Weekly #59

30 april 2019 | 65 min

Shake It! - Paul's Security Weekly #601

27 april 2019 | 199 min

Creativity Points - Enterprise Security Weekly #134

25 april 2019 | 81 min

Emotional Intelligence - Business Security Weekly #125

24 april 2019 | 59 min

Hacking for Lazy People - Application Security Weekly #58

23 april 2019 | 71 min

Hack Naked News #215 - April 23, 2019

23 april 2019 | 28 min

Send Me Proof - Enterprise Security Weekly #133

18 april 2019 | 51 min

April 16, 2019 - Hack Naked News #214

16 april 2019 | 23 min

Where Did The Bad Man Touch Your Data? - Paul's Security Weekly #600

16 april 2019 | 164 min

How To Think Like An Investor - Business Security Weekly #124

16 april 2019 | 58 min

Containers and Kubernetes - ASW#57

16 april 2019 | 62 min

Coalfire ASV Scanning - Enterprise Security Weekly #132

12 april 2019 | 117 min

Underlying Capabilities - Application Security Weekly #56

10 april 2019 | 80 min

Hack Naked News #213 - April 9, 2019

9 april 2019 | 33 min

Prescribing Solutions - Business Security Weekly #123

9 april 2019 | 64 min

The Dust Settles - Paul's Security Weekly #599

5 april 2019 | 151 min

Bang for the Buck - Enterprise Security Weekly #131

29 mars 2019 | 51 min

Until Next Time - Application Security Weekly #55

28 mars 2019 | 69 min

Hack Naked News #212 - March 26, 2019

28 mars 2019 | 21 min

The Magic Question - Business Security Weekly #122

26 mars 2019 | 64 min

I Need Another Pour - Paul's Security Weekly #598

25 mars 2019 | 112 min

Incredibly Noisy - Enterprise Security Weekly #130

21 mars 2019 | 80 min

A Bittersweet Ending - Application Security Weekly #54

20 mars 2019 | 63 min

Super Geniuses - Business Security Weekly #121

19 mars 2019 | 68 min

Hack Naked News #211 - March 19, 2019

19 mars 2019 | 29 min

You're Killing Me Smalls - Paul's Security Weekly #597

18 mars 2019 | 183 min

The Evil Empire - Enterprise Security Weekly #129

16 mars 2019 | 143 min

Spot On - Application Security Weekly #53

15 mars 2019 | 57 min

Hack Naked News #210 - March 12, 2019

12 mars 2019 | 21 min

Pick Your Brain - Business Security Weekly #120

12 mars 2019 | 63 min

We All Was In High School - Paul's Security Weekly #596

2 mars 2019 | 189 min

Getting In & Getting Out - Enterprise Security Weekly #128

28 februari 2019 | 59 min

Lose Weight - Application Security Weekly #52

27 februari 2019 | 61 min

Hack Naked News #209 - February 26, 2019

26 februari 2019 | 27 min

Tea & Crumpets - Business Security Weekly #119

26 februari 2019 | 59 min

It Compiled & It Ran - Paul's Security Weekly #595

23 februari 2019 | 169 min

Up In The Sky - Enterprise Security Weekly #127

22 februari 2019 | 71 min

Level of Trust - Application Security Weekly #51

20 februari 2019 | 52 min

Hack Naked News #208 - February 19, 2019

19 februari 2019 | 18 min

Perception Becomes Reality - Business Security Weekly #118

19 februari 2019 | 61 min

Flat Earth - Paul's Security Weekly #594

16 februari 2019 | 155 min

Resilient & Robust - Enterprise Security Weekly #126

14 februari 2019 | 53 min

The World Traveler - Application Security Weekly #50

13 februari 2019 | 57 min

Hack Naked News #207 - February 12, 2019

12 februari 2019 | 20 min

Golden Nuggets - Business Security Weekly #117

12 februari 2019 | 58 min

Unraveled Networks - Paul's Security Weekly #593

9 februari 2019 | 143 min

Type of Insanity - Enterprise Security Weekly #125

8 februari 2019 | 52 min

Hack Naked News #206 - February 5, 2019

6 februari 2019 | 28 min

The Golden Generation - Application Security Weekly #49

6 februari 2019 | 61 min

Always Interesting - Business Security Weekly #116

5 februari 2019 | 62 min

Brazilian Killer Bees - Paul's Security Weekly #592

2 februari 2019 | 162 min

Techniques & Capabilities - Business Security Weekly #115

1 februari 2019 | 48 min

We're Getting Old - Enterprise Security Weekly #124

31 januari 2019 | 74 min

The Human Brain - Application Security Weekly #48

30 januari 2019 | 70 min

Hack Naked News #205 - January 29, 2019

29 januari 2019 | 19 min

Grim In Your Weep Hole - Paul's Security Weekly #591

26 januari 2019 | 153 min

Core Dump - Enterprise Security Weekly #123

25 januari 2019 | 76 min

Different Checkpoints - Application Security Weekly #47

23 januari 2019 | 52 min

Hack Naked News #204 - January 22, 2019

23 januari 2019 | 22 min

Become An Expert - Business Security Weekly #114

22 januari 2019 | 52 min

Hellfire Dong Slinger - Paul's Security Weekly #590

19 januari 2019 | 167 min

Too Many Logins - Enterprise Security Weekly #122

17 januari 2019 | 40 min

The Wind Beneath My Wings - Application Security Weekly #46

16 januari 2019 | 56 min

Hack Naked News #203 - January 15, 2019

15 januari 2019 | 21 min

The Big Storm - Business Security Weekly #113

15 januari 2019 | 55 min

Pure Speculation - Paul's Security Weekly #589

12 januari 2019 | 141 min

Absolutely Massive - Enterprise Security Weekly #121

10 januari 2019 | 54 min

The Iceberg Problem - Application Security Weekly #45

9 januari 2019 | 60 min

Hack Naked News #202 - January 8, 2019

8 januari 2019 | 21 min

Lift It & Shift It - Business Security Weekly #112

8 januari 2019 | 67 min

Only the Gin Knows - Paul's Security Weekly #588

5 januari 2019 | 167 min

Know Where You're Putting Your Tool - Paul's Security Weekly #587

22 december 2018 | 201 min

My Comfort Blanket - Enterprise Security Weekly #120

21 december 2018 | 50 min

In Flames - Application Security Weekly #44

19 december 2018 | 61 min

Hack Naked News #201 - December 18, 2018

18 december 2018 | 31 min

The Mistake People Make - Business Security Weekly #111

18 december 2018 | 69 min

Nuggets of Learning - Paul's Security Weekly #586

17 december 2018 | 123 min

Cigarettes & Malleable Toothbrushes - Enterprise Security Weekly #119

14 december 2018 | 57 min

Top Secret - Application Security Weekly #43

12 december 2018 | 51 min

Hack Naked News #200 - December 11, 2018

11 december 2018 | 24 min

Coming Together - Business Security Weekly #110

11 december 2018 | 68 min

The Bleeding Edge - Paul's Security Weekly #585

8 december 2018 | 141 min

Light Years - Enterprise Security Weekly #118

6 december 2018 | 63 min

Stuck In My Teeth - Application Security Weekly #42

5 december 2018 | 61 min

Hack Naked News #199 - December 4, 2018

4 december 2018 | 25 min

That's Success - Business Security Weekly #109

4 december 2018 | 59 min

Donut Jokes - Paul's Security Weekly #584

1 december 2018 | 169 min

Back on the Saddle - Enterprise Security Weekly #117

29 november 2018 | 62 min

Good Ol' Days - Application Security Weekly #41

28 november 2018 | 71 min

Hack Naked News #198 - November 27, 2018

27 november 2018 | 21 min

Evidence of Absence - Business Security Weekly #108

27 november 2018 | 72 min

Shutting the Brain Off - Enterprise Security Weekly #116

22 november 2018 | 107 min

Buffet Overflow - Application Security Weekly #40

21 november 2018 | 65 min

Hack Naked News #197 - November 20, 2018

20 november 2018 | 21 min

Better Connected - Business Security Weekly #107

20 november 2018 | 57 min

PCI Piñata - Paul's Security Weekly #583

17 november 2018 | 165 min

A Picture of the World - Enterprise Security Weekly #115

15 november 2018 | 65 min

Boston Accent - Application Security Weekly #39

14 november 2018 | 62 min

Hack Naked News #196 - November 13, 2018

13 november 2018 | 20 min

Crawl to the Office - Business Security Weekly #106

13 november 2018 | 57 min

A Million Voices - Paul's Security Weekly #582

10 november 2018 | 122 min

Locked Up - Enterprise Security Weekly #114

8 november 2018 | 51 min

Ultimate Nirvana - Application Security Weekly #38

7 november 2018 | 52 min

Cookin' Some Stuff Up - Business Security Weekly #105

6 november 2018 | 69 min

Buckle Up! - Paul's Security Weekly #581

3 november 2018 | 150 min

Halloween City - Enterprise Security Weekly #113

2 november 2018 | 71 min

Eggplant Volcanoes - Application Security Weekly #37

31 oktober 2018 | 70 min

Hack Naked News #195 - October 30, 2018

30 oktober 2018 | 22 min

The Whole Genesis - Business Security Weekly #104

30 oktober 2018 | 52 min

There's Always Scotch - Paul's Security Weekly #580

26 oktober 2018 | 178 min

You're Mind Will Explode - Enterprise Security Weekly #112

25 oktober 2018 | 63 min

Two Phones - Application Security Weekly #36

24 oktober 2018 | 57 min

Hack Naked News #194 - October 23, 2018

24 oktober 2018 | 25 min

Do Your Job - Business Security Weekly #103

23 oktober 2018 | 65 min

48 Hours - Paul's Security Weekly #579

20 oktober 2018 | 135 min

Competitive Horse Racing - Enterprise Security Weekly #111

18 oktober 2018 | 49 min

Hack Naked News #193 - October 16, 2018

17 oktober 2018 | 26 min

Git On That - Application Security Weekly #35

17 oktober 2018 | 61 min

Keep It Tight - Business Security Weekly #102

16 oktober 2018 | 40 min

Get the Wagyu - Paul's Security Weekly #578

13 oktober 2018 | 121 min

The Land Down Under - Enterprise Security Weekly #110

12 oktober 2018 | 65 min

Hack Naked News #192 - October 9, 2018

9 oktober 2018 | 25 min

Back Together - Business Security Weekly #101

8 oktober 2018 | 56 min

Super Evil - Enterprise Security Weekly #109

4 oktober 2018 | 51 min

Hack Naked News #191 - October 2, 2018

3 oktober 2018 | 19 min

Bring Yoga Pants - Application Security Weekly #34

3 oktober 2018 | 63 min

Smash The Van - Paul's Security Weekly #577

2 oktober 2018 | 114 min

Extreme Ownership - Enterprise Security Weekly #108

27 september 2018 | 73 min

Don't Hit Me Up - Application Security Weekly #33

26 september 2018 | 76 min

Hack Naked News #190 - September 25, 2018

25 september 2018 | 22 min

Double Shot - Business Security Weekly #100

25 september 2018 | 59 min

An Infinite Door - Paul's Security Weekly #576

22 september 2018 | 137 min

Tick That Box - Enterprise Security Weekly #107

20 september 2018 | 66 min

Sharks With Laser Beams - Application Security Weekly #32

19 september 2018 | 72 min

Drone Assassins, Security Shaming, and Zero-Day - Hack Naked News #189

18 september 2018 | 23 min

Michael Is Back - Business Security Weekly #99

18 september 2018 | 65 min

Technical Heavy Lifting - Paul's Security Weekly #575

14 september 2018 | 157 min

Different Strokes for Different Folks - Enterprise Security Weekly #106

13 september 2018 | 75 min

Around the World - Application Security Weekly #31

12 september 2018 | 76 min

Hack Naked News #188 - September 11, 2018

11 september 2018 | 23 min

The Internal Network - Business Security Weekly #98

11 september 2018 | 72 min

Angry Floppy Birds - Paul's Security Weekly #574

8 september 2018 | 129 min

That's What Hackers Do - Enterprise Security Weekly #105

7 september 2018 | 72 min

Hack Naked News #187 - September 4, 2018

4 september 2018 | 20 min

The Word You're Looking for Is Sodomized - Paul's Security Weekly #573

1 september 2018 | 138 min

Sprinkler System Twinkies - Enterprise Security Weekly #104

30 augusti 2018 | 75 min

A Mixture of Spices - Application Security Weekly #30

29 augusti 2018 | 59 min

An Interesting Journey - Business Security Weekly #97

28 augusti 2018 | 69 min

Hack Naked News #186 - August 28, 2018

28 augusti 2018 | 22 min

The Infinite Window - Paul's Security Weekly #572

25 augusti 2018 | 158 min

Seems So Rare - Enterprise Security Weekly #103

23 augusti 2018 | 80 min

Always More to Learn - Application Security Weekly #29

22 augusti 2018 | 61 min

Hack Naked News #185 - August 21, 2018

21 augusti 2018 | 23 min

This Magical Thing - Business Security Weekly #96

21 augusti 2018 | 65 min

Release the Edge - Paul's Security Weekly #571

18 augusti 2018 | 193 min

Understanding the ICS Security & Attack Simulation Market - Enterprise Security Weekly #102

16 augusti 2018 | 78 min

Don't Trust Them - Application Security Weekly #28

15 augusti 2018 | 65 min

Hack Naked News #184 - August 14, 2018

14 augusti 2018 | 23 min

We Do Not Discriminate - Application Security Weekly #27

8 augusti 2018 | 62 min

We Know You're From Boston - Business Security Weekly #95

7 augusti 2018 | 72 min

Still Incarcerated - Paul's Security Weekly #570

4 augusti 2018 | 170 min

Rusty Programmer - Enterprise Security Weekly #101

2 augusti 2018 | 68 min

Wu-Tang for Life - Application Security Weekly #26

1 augusti 2018 | 61 min

Hack Naked News #183 - July 31, 2018

31 juli 2018 | 27 min

This Is Exciting - Business Security Weekly #94

31 juli 2018 | 58 min

High Alcohol Content - Paul's Security Weekly #569

28 juli 2018 | 175 min

Something Went Wrong - Enterprise Security Weekly #100

26 juli 2018 | 60 min

A Friendly Tip - Application Security Weekly #25

25 juli 2018 | 70 min

Hack Naked News #182 - July 24, 2018

24 juli 2018 | 14 min

Better for Everyone - Business Security Weekly #93

24 juli 2018 | 66 min

Here Comes the Louisville Slugger - Paul's Security Weekly #568

21 juli 2018 | 150 min

Shorts, Crocs, & Dress Socks - Enterprise Security Weekly #99

19 juli 2018 | 66 min

The World of History - Application Security Weekly #24

18 juli 2018 | 65 min

Clean and Comfortable - Business Security Weekly #92

17 juli 2018 | 57 min

Balls On Fire - Paul's Security Weekly #567

13 juli 2018 | 136 min

Hakuna Matata - Enterprise Security Weekly #98

12 juli 2018 | 89 min

Uncle Teeth - Application Security Weekly #23

11 juli 2018 | 58 min

The Paradox - Business Security Weekly #91

10 juli 2018 | 61 min

A Bunch Of Robots - Application Security Weekly #22

6 juli 2018 | 68 min

Versace On The Floor - Paul's Security Weekly #566

30 juni 2018 | 137 min

Impending Doom - Enterprise Security Weekly #97

28 juni 2018 | 54 min

Close The Pod Bay Doors - Application Security Weekly #21

27 juni 2018 | 65 min

Filling In The Blanks - Business Security Weekly #90

26 juni 2018 | 59 min

The Dark Helmet - Paul's Security Weekly #565

23 juni 2018 | 142 min

Chocolate Covered Nuts - Enterprise Security Weekly #96

21 juni 2018 | 55 min

Kicking Down Doors - Business Security Weekly #89

20 juni 2018 | 68 min

It''s All Working - Application Security Weekly #20

20 juni 2018 | 98 min

Ribbed Or Not Ribbed - Paul's Security Weekly #564

15 juni 2018 | 148 min

Sounds Provocative - Enterprise Security Weekly #95

14 juni 2018 | 52 min

Off The Cuff - Application Security Weekly #19

13 juni 2018 | 67 min

It Happens Naturally - Business Security Weekly #88

12 juni 2018 | 73 min

Tainted Evidence - Paul's Security Weekly #563

11 juni 2018 | 129 min

Renew Our Vows - Enterprise Security Weekly #94

7 juni 2018 | 80 min

Eyeballs Everywhere - Application Security Weekly #18

6 juni 2018 | 61 min

Welcome To The Club - Business Security Weekly #87

5 juni 2018 | 95 min

Fill Those Slots - Paul's Security Weekly #562

2 juni 2018 | 119 min

Existence Is Meaningless - Enterprise Security Weekly #93

31 maj 2018 | 54 min

Jazz Hands - Paul's Security Weekly #561

26 maj 2018 | 121 min

I've Taken Over - Enterprise Security Weekly #92

24 maj 2018 | 52 min

Just Go With It - Application Security Weekly #17

23 maj 2018 | 64 min

Rainbows and Skittles - Business Security Weekly #86

22 maj 2018 | 80 min

Sandy Lube - Paul's Security Weekly #560

19 maj 2018 | 140 min

Very Special Friend - Enterprise Security Weekly #91

17 maj 2018 | 58 min

Live at SOURCE Boston - Enterprise Security Weekly #90

16 maj 2018 | 57 min

Happy Dances - Application Security Weekly #16

16 maj 2018 | 58 min

Tickling My Fancy - Business Security Weekly #85

15 maj 2018 | 83 min

Dropping Knowledge Bombs - Paul's Security Weekly #559

12 maj 2018 | 146 min

Creating An Awesome Dish - Application Security Weekly #15

9 maj 2018 | 65 min

Interruptions Are Bad - Business Security Weekly #84

8 maj 2018 | 77 min

WAF Out Loud - Paul's Security Weekly #558

4 maj 2018 | 114 min

On The Road - Enterprise Security Weekly #89

3 maj 2018 | 114 min

Save The Developers Time - Application Security Weekly #14

2 maj 2018 | 58 min

That's What Keeps Me Going - Business Security Weekly #83

2 maj 2018 | 91 min

Bigger Than My Home - Application Security Weekly #13

1 maj 2018 | 70 min

It Was An Honor - Paul's Security Weekly #557

28 april 2018 | 154 min

That Seems Political - Enterprise Security Weekly #88

26 april 2018 | 83 min

Set Your Intentions - Business Security Weekly #82

24 april 2018 | 102 min

Long Live Penetration Testing - Paul's Security Weekly #556

21 april 2018 | 158 min

Exceeded The Limit - Business Security Weekly #81

18 april 2018 | 86 min

Classy and Illustrious - Application Security Weekly #12

17 april 2018 | 60 min

Better In Half Speed - Paul's Security Weekly #555

14 april 2018 | 149 min

This Is What We Do - Enterprise Security Weekly #87

12 april 2018 | 50 min

Awesome Technology - Business Security Weekly #80

10 april 2018 | 63 min

Don't Pull My Nerd Card - Application Security Weekly #11

9 april 2018 | 58 min

That's My Own Medicine - Paul's Security Weekly #554

7 april 2018 | 147 min

It's Comfy In Here - Enterprise Security Weekly #86

5 april 2018 | 58 min

Coming Up 7's - Application Security Weekly #10

3 april 2018 | 53 min

High Quality Problems - Paul's Security Weekly #553

31 mars 2018 | 183 min

High Level Lessons - Enterprise Security Weekly #85

29 mars 2018 | 67 min

We Like Straight Talk - Business Security Weekly #79

28 mars 2018 | 78 min

You Stole My Sweater - Paul's Security Weekly #552

23 mars 2018 | 99 min

Totally Overwhelmed - Business Security Weekly #78

22 mars 2018 | 77 min

I'm A Tiger - Enterprise Security Weekly #84

22 mars 2018 | 54 min

More Crypto, More Problems - Application Security Weekly #09

20 mars 2018 | 57 min

Good To Be Back - Paul's Security Weekly #551

17 mars 2018 | 128 min

The Wizard of Value - Enterprise Security Weekly #83

16 mars 2018 | 54 min

Work On It Together - Business Security Weekly #77

14 mars 2018 | 91 min

Early Bird Gets The Worm - Application Security Weekly #08

12 mars 2018 | 54 min

Happy Anniversary - Paul's Security Weekly #550

10 mars 2018 | 123 min

Once Upon A Time In Shaolin - Enterprise Security Weekly #82

8 mars 2018 | 71 min

Room To Walk - Business Security Weekly #76

6 mars 2018 | 80 min

Everything Old Is New Again - Application Security Weekly #07

5 mars 2018 | 57 min

It's All Uphill From Here - Paul's Security Weekly #549

3 mars 2018 | 134 min

Differentiating the Differentiators - Enterprise Security Weekly #81

1 mars 2018 | 62 min

Wizards of Entrepreneurship - Business Security Weekly #75

27 februari 2018 | 90 min

It's Five O'Clock Somewhere - Business Security Weekly #74

20 februari 2018 | 96 min

It's Just Beautiful - Application Security Weekly #06

17 februari 2018 | 59 min

They Stole My Shoes - Paul's Security Weekly #548

16 februari 2018 | 138 min

Happy Valentine's Day - Enterprise Security Weekly #80

15 februari 2018 | 70 min

This Is An Emergency - Business Security Weekly #73

13 februari 2018 | 70 min

Jim Carrey Hacked My Facebook - Application Security Weekly #05

12 februari 2018 | 51 min

Walk The Plank - Paul's Security Weekly #547

9 februari 2018 | 121 min

Heinous Noises - Enterprise Security Weekly #79

8 februari 2018 | 65 min

Put Your Dockers On - Business Security Weekly #72

6 februari 2018 | 77 min

Stay Classy - Application Security Weekly #04

5 februari 2018 | 59 min

It Was Wide Open - Paul's Security Weekly #546

3 februari 2018 | 139 min

Tactical Sweaters - Enterprise Security Weekly #78

1 februari 2018 | 82 min

Don't Touch The Mic - Business Security Weekly #71

28 januari 2018 | 63 min

The Doctor's Here - Application Security Weekly #03

27 januari 2018 | 59 min

Tom Brady with Six Fingers - Paul's Security Weekly #545

26 januari 2018 | 141 min

The Eternal Optimist - Enterprise Security Weekly #77

25 januari 2018 | 59 min

Armed & Ready - Business Security Weekly #70

21 januari 2018 | 69 min

Punishing Trojan Horses - Application Security Weekly #02

20 januari 2018 | 58 min

Voices In My Head - Paul's Security Weekly #544

20 januari 2018 | 137 min

Studio on the Beach - Enterprise Security Weekly #76

18 januari 2018 | 72 min

They Like My Voice - Business Security Weekly #69

16 januari 2018 | 60 min

Pushing To Master - Application Security Weekly #01

15 januari 2018 | 61 min

Happy Streams - Paul's Security Weekly #543

14 januari 2018 | 140 min

We Rock This Thing - Enterprise Security Weekly #75

11 januari 2018 | 75 min

I'm The Hammer - Startup Security Weekly #68

9 januari 2018 | 71 min

Where's My Starbucks - Application Security Weekly #00

8 januari 2018 | 53 min

Snowmageddon - Paul's Security Weekly #542

7 januari 2018 | 142 min

Doctors Make The Best Rappers - Enterprise Security Weekly #74

5 januari 2018 | 42 min

Happy New Year - Startup Security Weekly #67

29 december 2017 | 77 min

Merry Christmas - Paul's Security Weekly #541

27 december 2017 | 167 min

Christmas Directories - Enterprise Security Weekly #73

20 december 2017 | 52 min

Hack Naked News #154 - December 19, 2017

19 december 2017 | 22 min

Check the Soundstage - Startup Security Weekly #66

18 december 2017 | 82 min

Spread Your Vegemite - Paul's Security Weekly #540

15 december 2017 | 138 min

In the Clouds - Enterprise Security Weekly #72

13 december 2017 | 59 min

Hack Naked News #153 - December 12, 2017

12 december 2017 | 22 min

Channeling Back - Startup Security Weekly #65

8 december 2017 | 81 min

Paul's Security Weekly #539 - Dental Security Weekly

8 december 2017 | 116 min

Hack Naked News #152 - December 5, 2017

5 december 2017 | 23 min

Startup Security Weekly #64 - Legal in Some States

5 december 2017 | 90 min

Paul's Security Weekly #538 - Enjoy the Taste

2 december 2017 | 127 min

Enterprise Security Weekly #71 - Call Me!

30 november 2017 | 76 min

Hack Naked News #151 - November 28, 2017

29 november 2017 | 20 min

Enterprise Security Weekly #70 - We Have Foreigners Here

24 november 2017 | 53 min

Startup Security Weekly #63 - In the Books

22 november 2017 | 89 min

Hack Naked News #150 - November 21, 2017

21 november 2017 | 19 min

Paul's Security Weekly #537 - Bacon Grease Volkswagen

18 november 2017 | 170 min

Enterprise Security Weekly #69 - Next Next-Generation

17 november 2017 | 57 min

Hack Naked News #149 - November 15, 2017

16 november 2017 | 30 min

Startup Security Weekly #62 - It's Been Good

14 november 2017 | 78 min

Paul's Security Weekly #536 - Cult of Good Wi-Fi

11 november 2017 | 146 min

Enterprise Security Weekly #68 - Wrong Show

9 november 2017 | 86 min

Hack Naked News #148 - November 7, 2017

7 november 2017 | 27 min

Startup Security Weekly #61 - Nice Ring

6 november 2017 | 74 min

Paul's Security Weekly #535 - Naughty Bits

4 november 2017 | 161 min

Enterprise Security Weekly #67 - Extra Dessert

2 november 2017 | 53 min

Hack Naked News #147 - October 31, 2017

31 oktober 2017 | 28 min

Hack Naked News #146 - October 24, 2017

24 oktober 2017 | 19 min

Startup Security Weekly #60 - It's An Exit

23 oktober 2017 | 80 min

Paul's Security Weekly #534 - Pizza the Hut

21 oktober 2017 | 152 min

Enterprise Security Weekly #66 - Forget I Said That

18 oktober 2017 | 51 min

Hack Naked News #145 - October 17, 2017

18 oktober 2017 | 25 min

Enterprise Security Weekly #65 - Fire Sale

17 oktober 2017 | 48 min

Startup Security Weekly #59 - Spooky Scary Startups

16 oktober 2017 | 101 min

Paul's Security Weekly #533 - The Next Room

14 oktober 2017 | 132 min

Hack Naked News #144 - October 10, 2017

12 oktober 2017 | 27 min

Startup Security Weekly #58 - Put On Your Business Hat

11 oktober 2017 | 94 min

Paul's Security Weekly #532 - That's Australian

7 oktober 2017 | 150 min

Enterprise Security Weekly #64 - Saved By Hello Kitty

5 oktober 2017 | 48 min

Hack Naked News #143 - October 3, 2017

3 oktober 2017 | 27 min

Startup Security Weekly #57 - The Sand Hobo Himself

2 oktober 2017 | 87 min

Paul's Security Weekly #531 - Trevor Forget

30 september 2017 | 179 min

Enterprise Security Weekly #63 - Temporal Tempura

28 september 2017 | 41 min

Hack Naked News #142 - September 26, 2017

27 september 2017 | 20 min

Startup Security Weekly #56 - A Huge Week

25 september 2017 | 103 min

Enterprise Security Weekly #62 - Heat Death of the Universe

21 september 2017 | 46 min

Hack Naked News #141 - September 18, 2017

19 september 2017 | 22 min

Startup Security Weekly #55 - Bald, Beautiful Men

18 september 2017 | 90 min

Paul’s Security Weekly #530 - That’s a Grand Slam

16 september 2017 | 151 min

Enterprise Security Weekly #61 - Crying Uncle

14 september 2017 | 64 min

Hack Naked News #140 - September 12, 2017

12 september 2017 | 20 min

Startup Security Weekly #54 - Here We Go with Witness Protection

11 september 2017 | 87 min

Paul's Security Weekly #529 - Security is a Religion

9 september 2017 | 151 min

Enterprise Security Weekly #60 - Live From Gainesville

7 september 2017 | 56 min

Hack Naked News #139 - September 5, 2017

5 september 2017 | 22 min

Startup Security Weekly #53 - Pulling Your G-String

4 september 2017 | 88 min

Paul's Security Weekly #528 - DDos Campaign for Memes

2 september 2017 | 108 min

Enterprise Security Weekly #59 - Protect the Data

31 augusti 2017 | 67 min

Hack Naked News #138 - August 29, 2017

29 augusti 2017 | 22 min

Startup Security Weekly #52 - Security Startups Taste So Good

28 augusti 2017 | 78 min

Paul’s Security Weekly #527 - The Dirty Secret

26 augusti 2017 | 133 min

Enterprise Security Weekly #58 - A Game Changer

24 augusti 2017 | 53 min

Hack Naked News #137 - August 22, 2017

22 augusti 2017 | 21 min

Startup Security Weekly #51 - Whiskey For Gold Diggers

21 augusti 2017 | 73 min

Paul’s Security Weekly #526 - Lemonade and Salad Dressing

19 augusti 2017 | 168 min

Enterprise Security Weekly #57 - They're Talking About Us!

18 augusti 2017 | 61 min

Hack Naked News #136 - August 15, 2017

16 augusti 2017 | 21 min

Startup Security Weekly #50 - Bootstrapped

14 augusti 2017 | 59 min

Paul’s Security Weekly #525 - Baked-In Security

12 augusti 2017 | 135 min

Enterprise Security Weekly #56 - Tunable Discriminator

10 augusti 2017 | 41 min

Hack Naked News #135 - August 8, 2017

8 augusti 2017 | 24 min

Startup Security Weekly #49 - Speak Your Truth

7 augusti 2017 | 77 min

Paul’s Security Weekly #524 - The Secret Sauce

5 augusti 2017 | 142 min

Enterprise Security Weekly #55 - Wheatland, Wyoming

4 augusti 2017 | 80 min

Hack Naked News #134 - August 2, 2017

2 augusti 2017 | 25 min

Startup Security Weekly #48 - Exiting Stealth

24 juli 2017 | 58 min

Startup Security Weekly #47 - Cupcakes For Breakfast

24 juli 2017 | 79 min

Pauls Security Weekly 523 - Hack My NAS

22 juli 2017 | 145 min

Enterprise Security Weekly #54 - Complete Gibberish

21 juli 2017 | 79 min

Hack Naked News #133 - July 18, 2017

18 juli 2017 | 25 min

Paul's Security Weekly #522 - It's a Nerdgasm!

15 juli 2017 | 129 min

Enterprise Security Weekly #53 - Look At the Beards

13 juli 2017 | 64 min

Hack Naked News #132 - July 11, 2017

11 juli 2017 | 24 min

Startup Security Weekly #46 - All Black Everything

10 juli 2017 | 86 min

Paul's Security Weekly #521 - Bad Guy Walmart

8 juli 2017 | 150 min

Enterprise Security Weekly #52 - Sweaty Lawyers

7 juli 2017 | 66 min

Paul's Security Weekly #520 - Pickle Your Python

1 juli 2017 | 132 min

Enterprise Security Weekly #51 - Idempotency

30 juni 2017 | 82 min

Hack Naked News #131 - June 28, 2017

28 juni 2017 | 24 min

Startup Security Weekly #45 - Walking In Pajamas

26 juni 2017 | 84 min

Paul's Security Weekly #519 - Whiskey Tango Foxtrot

24 juni 2017 | 154 min

Enterprise Security Weekly #50 - Losing More Hair

23 juni 2017 | 51 min

Hack Naked News #130 - June 20, 2017

20 juni 2017 | 24 min

Paul's Security Weekly #518 - Floppy Lemons

17 juni 2017 | 124 min

Enterprise Security Weekly #49 - 7 Layers

16 juni 2017 | 45 min

Hack Naked News #129 - June 13, 2017

13 juni 2017 | 19 min

Startup Security Weekly #43 - Never Stop Believing

12 juni 2017 | 70 min

Startup Security Weekly #44 - Selling Ice to an Eskimo

12 juni 2017 | 78 min

Paul's Security Weekly #517 - Welcome To Reality

10 juni 2017 | 133 min

Enterprise Security Weekly #48 - Making Everybody Mad

9 juni 2017 | 45 min

Hack Naked News #128 - June 6, 2017

7 juni 2017 | 20 min

Startup Security Weekly #42 - A Holistic Startup Approach

5 juni 2017 | 76 min

Paul's Security Weekly #516 - What's The Deal With Backups?

3 juni 2017 | 149 min

Enterprise Security Weekly #47 - You Burn, You Learn

2 juni 2017 | 62 min

Hack Naked News #127 - May 30, 2017

30 maj 2017 | 24 min

Startup Security Weekly #41 - From a Startup Perspective

29 maj 2017 | 67 min

Paul’s Security Weekly #515 - Crankin’ Out the Dubs

27 maj 2017 | 125 min

Enterprise Security Weekly #46 - Sexy Cryptography

26 maj 2017 | 60 min

Hack Naked News #126 - May 23, 2017

23 maj 2017 | 22 min

Startup Security Weekly #40 - I’m On a Roll

22 maj 2017 | 62 min

Paul’s Security Weekly #514 - Sausage Asadoorian

20 maj 2017 | 124 min

Enterprise Security Weekly #45 - The Memes Were Great

19 maj 2017 | 68 min

Hack Naked News #125 - May 16, 2017

17 maj 2017 | 19 min

Hack Naked News #124 - The Ransomware Special

16 maj 2017 | 22 min

Startup Security Weekly #39 - Listen With Intent

15 maj 2017 | 73 min

Paul’s Security Weekly #513 - Two iPhones & A Pocket Full of Dongles

13 maj 2017 | 122 min

Enterprise Security Weekly #44 - What Are We Bethesing Today

12 maj 2017 | 57 min

Hack Naked News #123 - May 9, 2017

9 maj 2017 | 20 min

Startup Security Weekly #38 - We Need To Pivot!

8 maj 2017 | 79 min

Paul’s Security Weekly #512 - It’s All About Length

6 maj 2017 | 153 min

Enterprise Security Weekly #43 - There’s Always Time For Lube

5 maj 2017 | 54 min

Hack Naked News #122 - May 2, 2017

3 maj 2017 | 20 min

Enterprise Security Weekly #42 - Patents Like Candy

2 maj 2017 | 62 min

Startup Security Weekly #37 - Speaking the Startup Language

1 maj 2017 | 66 min

Paul’s Security Weekly #511 - HACKER PANTS!!1

29 april 2017 | 161 min

Hack Naked News #121 - April 27, 2017

27 april 2017 | 19 min

Startup Security Weekly #36 - A Mousetrap Will Do

24 april 2017 | 66 min

Paul’s Security Weekly #510 - Interrupting Myself

22 april 2017 | 139 min

Enterprise Security Weekly #41 - Solving Problems

21 april 2017 | 54 min

Hack Naked News #120 - April 18, 2017

18 april 2017 | 26 min

Startup Security Weekly #35 - Miracle on Startup Street

17 april 2017 | 92 min

Paul’s Security Weekly #509 - Oh So Nefarious

15 april 2017 | 127 min

Enterprise Security Weekly #40 - Huge, Gaping Hole

14 april 2017 | 58 min

Hack Naked News #119 - April 11, 2017

11 april 2017 | 22 min

Enterprise Security Weekly #39 - Aware of the Breach

11 april 2017 | 55 min

Startup Security Weekly #34 - The Anti-Drone

10 april 2017 | 70 min

Paul’s Security Weekly #508 - I’ve Been Overseas Pt. 2

8 april 2017 | 115 min

Hack Naked News #118 - April 4, 2017

4 april 2017 | 30 min

Startup Security Weekly #33 - Throwing Spaghetti at the Fridge

3 april 2017 | 80 min

Paul’s Security Weekly #507 - Who’s Your Daddy?

1 april 2017 | 136 min

Enterprise Security Weekly #38 - It’s a Virtual Thing

31 mars 2017 | 39 min

Hack Naked News #117 - March 28, 2017

28 mars 2017 | 22 min

Startup Security Weekly #32 - The Greatest Horn of All

27 mars 2017 | 70 min

Paul’s Security Weekly #506 - Cut That Thing Free

25 mars 2017 | 79 min

Hack Naked News #116 - March 21, 2017

22 mars 2017 | 25 min

Startup Security Weekly #31 - Low Pressure

20 mars 2017 | 82 min

Paul’s Security Weekly #505 - No Special Flowers

18 mars 2017 | 148 min

Enterprise Security Weekly #37 - You’ve Been Hacked!

17 mars 2017 | 53 min

Hack Naked News #115 - March 15, 2017

15 mars 2017 | 26 min

Startup Security Weekly #30 - It’s All Good

13 mars 2017 | 62 min

Paul’s Security Weekly #504 - Math is Dead Sexy

11 mars 2017 | 135 min

Enterprise Security Weekly #36 - The Programmer’s Workout

10 mars 2017 | 61 min

Hack Naked News #114 - March 7, 2017

8 mars 2017 | 20 min

Startup Security Weekly #29 - Kickass Folklore

6 mars 2017 | 91 min

Paul's Security Weekly #503 - Intense, Passionate, Grindr

4 mars 2017 | 130 min

Enterprise Security Weekly #35 - Here’s Johnny!

3 mars 2017 | 57 min

Hack Naked News #113 - February 28, 2017

28 februari 2017 | 20 min

Startup Security Weekly #28 - Buzzword Compliant

27 februari 2017 | 68 min

Paul’s Security Weekly #502 - Get Off My Virtual Lawn

25 februari 2017 | 146 min

Enterprise Security Weekly #34 - Routh Like South

24 februari 2017 | 70 min

Hack Naked News #112 - February 21, 2017

22 februari 2017 | 22 min

Startup Security Weekly #27 - The Brown Liquor Edition

20 februari 2017 | 91 min

Paul’s Security Weekly #501 - The Christian Slater Hacking Edition

18 februari 2017 | 133 min

Enterprise Security Weekly #33 - I’ve Seen Things

17 februari 2017 | 39 min

Hack Naked News #111 - February 14, 2017

16 februari 2017 | 21 min

Enterprise Security Weekly #32 - Sell It on eBay

14 februari 2017 | 100 min

Startup Security Weekly #26 - Investing is a Marriage

13 februari 2017 | 85 min

Paul’s Security Weekly #500 - NUMBER 500!

11 februari 2017 | 119 min

Hack Naked News #110 - February 7, 2017

8 februari 2017 | 18 min

Startup Security Weekly #25 - Bald is Beautiful

6 februari 2017 | 76 min

Paul’s Security Weekly #499 - 126,253 Somersaults

4 februari 2017 | 138 min

Enterprise Security Weekly #31 - It’s For the Screams

3 februari 2017 | 66 min

Hack Naked News #109 - January 31, 2017

31 januari 2017 | 24 min

Startup Security Weekly #24 - Keep It Simple

30 januari 2017 | 77 min

Paul’s Security Weekly #498 - Cable Management 101

28 januari 2017 | 149 min

Enterprise Security Weekly 30 - The Bringer of Bad News

27 januari 2017 | 61 min

Hack Naked News #108 - January 25, 2017

25 januari 2017 | 17 min

Startup Security Weekly #23 - Watching Neurons Pop

24 januari 2017 | 74 min

Paul’s Security Weekly #497 - This One Time at ShmooCon

21 januari 2017 | 138 min

Enterprise Security Weekly #29 - Tell Us How You Really Feel!

20 januari 2017 | 57 min

Hack Naked News #107 - January 17, 2017

17 januari 2017 | 27 min

Startup Security Weekly #22 - Happy Friday the 13th!

16 januari 2017 | 85 min

Paul’s Security Weekly #496 - Hacking Pancakes

14 januari 2017 | 113 min

Hack Naked News #106 - January 11, 2017

11 januari 2017 | 32 min

Startup Security Weekly #21 - Foster Your Thinking

9 januari 2017 | 75 min

Paul’s Security Weekly #495 - Two Drops

7 januari 2017 | 146 min

Enterprise Security Weekly #28 - Cyber Insurance

6 januari 2017 | 56 min

Hack Naked News #105 - January 3, 2017

4 januari 2017 | 11 min

Hack Naked News #104 - December 28, 2016

28 december 2016 | 7 min

Paul's Security Weekly #494 - Three-Part Staffs and Self-Heating Toilets

24 december 2016 | 140 min

Enterprise Security Weekly #27 - Using Ubuntu With Windows 10

23 december 2016 | 13 min

Startup Security Weekly #20 - Pivot or Adjustment?

19 december 2016 | 83 min

Paul’s Security Weekly #493 - The Dishwasher Analogy

17 december 2016 | 114 min

Enterprise Security Weekly #26 - The Art of the Scrum

16 december 2016 | 53 min

Startup Security Weekly #19 - Burning Ten Million Dollars

12 december 2016 | 74 min

Paul’s Security Weekly #492 - I Agree

10 december 2016 | 111 min

Enterprise Security Weekly #25 - Bridging The Gap

9 december 2016 | 49 min

Hack Naked News #103 - December 6, 2016

7 december 2016 | 10 min

Startup Security Weekly #18 - Crime In Meatspace

5 december 2016 | 79 min

Paul's Security Weekly #491 - Embrace Change

3 december 2016 | 132 min

Enterprise Security Weekly #24 - Goatse Authentication

1 december 2016 | 51 min

Hack Naked News #102 - November 29, 2016

29 november 2016 | 11 min

Hack Naked News #101 - November 23, 2016

23 november 2016 | 6 min

Startup Security Weekly #17 - Not Afraid To Make A Mistake

21 november 2016 | 77 min

Paul's Security Weekly #490 - Lobotomized Cocktails

19 november 2016 | 142 min

Enterprise Security Weekly #23 - An Open Source Enterprise Security Program?

18 november 2016 | 51 min

Hack Naked News #100 - November 16, 2016

16 november 2016 | 12 min

Startup Security Weekly #16 - I'm Not Paul

15 november 2016 | 75 min

Paul's Security Weekly #489 - Crotches On Fire

12 november 2016 | 120 min

Enterprise Security Weekly #22 - Magical Unicorns

11 november 2016 | 46 min

Paul's Security Weekly #488 - Thank God I Dont Have A Soul

5 november 2016 | 111 min

Enterprise Security Weekly #21 - Using Bro In The Enterprise

4 november 2016 | 48 min

Startup Security Weekly #15 - Efflux Capacitor

4 november 2016 | 55 min

Hack Naked News #99 - November 3, 2016

3 november 2016 | 7 min

Startup Security Weekly #14 - Relocating For Gigabit Networks

31 oktober 2016 | 55 min

Paul's Security Weekly #487 - Jack's Security Weekly

29 oktober 2016 | 116 min

Enterprise Security Weekly #20 - Multi-Factor Authentication

28 oktober 2016 | 51 min

Hack Naked News #98 - Don Pezet, ITPro.TV

26 oktober 2016 | 18 min

Startup Security Weekly #13 - Gimme Some Moore

23 oktober 2016 | 72 min

Paul's Security Weekly #486 - Gimme Some Wood

21 oktober 2016 | 102 min

Hack Naked News #97 - October 18, 2016

19 oktober 2016 | 7 min

Startup Security Weekly #12 - A Handwritten Thank You

18 oktober 2016 | 61 min

Paul's Security Weekly #485 - Thank You, Greenland

17 oktober 2016 | 134 min

Enterprise Security Weekly #19 - Defending IoT Devices

14 oktober 2016 | 44 min

Hack Naked News #96 - October 11, 2016

11 oktober 2016 | 7 min

Startup Security Weekly #11 - The Magic of Momentum

10 oktober 2016 | 62 min

Paul's Security Weekly #484 - SECOND LIFE

8 oktober 2016 | 99 min

Enterprise Security Weekly #18 - Darkweb Monitoring

7 oktober 2016 | 43 min

Hack Naked News #95 - October 4, 2016

5 oktober 2016 | 6 min

Paul's Security Weekly #483 - Jack Hacks Back

1 oktober 2016 | 114 min

Enterprise Security Weekly #17 - Security Training For Enterprises

30 september 2016 | 49 min

Hack Naked News #94 - September 27, 2016

28 september 2016 | 7 min

Startup Security Weekly #10 - Technical Debt

27 september 2016 | 73 min

Enterprise Security Weekly #15 - "Documentation"

27 september 2016 | 67 min

Security Weekly #482 - Shell Yeah

23 september 2016 | 90 min

Enterprise Security Weekly #16 - Privileged Alphabet Soup

23 september 2016 | 58 min

Security Weekly #467 - It's Not About the Gin

23 september 2016 | 119 min

Hack Naked News #93- September 22, 2016

22 september 2016 | 9 min

Security Weekly #481 - "I've Been Overseas! I've Been To Canada!"

16 september 2016 | 126 min

Hack Naked News #92 - September 15, 2016

15 september 2016 | 7 min

Hack Naked News #91 - September 13, 2016

13 september 2016 | 7 min

Enterprise Security Weekly #14 - Super Cyberman

9 september 2016 | 55 min

Security Weekly #480 - "Cyber Hygiene Is Bullsh*t"

9 september 2016 | 128 min

Hack Naked News #90 - September 8, 2016

8 september 2016 | 5 min

Security Weekly #479 - "Encryption Decreases Security"

2 september 2016 | 128 min

Hack Naked News #89 - September 1, 2016

1 september 2016 | 12 min

Hack Naked News #88 - August 30, 2016

30 augusti 2016 | 6 min

Enterprise Security Weekly #13 - To MSSP or not to MSSP

28 augusti 2016 | 44 min

Security Weekly #478 - "Making Love With Kangaroos"

27 augusti 2016 | 117 min

Hack Naked News #87 - August 25, 2016

26 augusti 2016 | 6 min

Hack Naked News #86 - August 24, 2016

24 augusti 2016 | 7 min

Hack Naked TV - August 22, 2016

22 augusti 2016 | 16 min

Security Weekly #477 - "Learning Kung Fu By Getting Your Ass Kicked"

19 augusti 2016 | 123 min

Enterprise Security Weekly #12 - Detecting Rogue In The Enterprise

19 augusti 2016 | 42 min

Hack Naked TV - August 18, 2016

18 augusti 2016 | 7 min

Hack Naked TV - August 16, 2016

16 augusti 2016 | 6 min

Security Weekly #476 - "Why Am I So Sticky?"

12 augusti 2016 | 138 min

Enterprise Security Weekly #11 - Documentation and Quotes

12 augusti 2016 | 45 min

Hack Naked TV - August 11, 2016

11 augusti 2016 | 6 min

Security Weekly #475 - "An Unbalanced Balance"

29 juli 2016 | 114 min

Enterprise Security Weekly #10 - It's For Stupid People

29 juli 2016 | 41 min

Hack Naked TV - July 28, 2016

28 juli 2016 | 6 min

Hack Naked TV - July 26, 2016

26 juli 2016 | 5 min

Security Weekly #474 - "Segway Segue"

22 juli 2016 | 117 min

Hack Naked TV - July 21, 2016

22 juli 2016 | 5 min

Hack Naked TV - July 19, 2016

20 juli 2016 | 11 min

Security Weekly #473 - "Blackholing Your Python"

19 juli 2016 | 125 min

Enterprise Security Weekly #9 - Sniffing Each Others' Farts

15 juli 2016 | 27 min

Hack Naked TV - July 14, 2016

14 juli 2016 | 6 min

Hack Naked TV - July 12, 2016

12 juli 2016 | 7 min

Security Weekly #472 - "Ten Points to Gryffindor"

8 juli 2016 | 114 min

Hack Naked TV - July 7, 2016

8 juli 2016 | 6 min

Hack Naked TV - July 5, 2016

5 juli 2016 | 6 min

Security Weekly #471 - "Bash vs Python"

1 juli 2016 | 125 min

Hack Naked TV - June 30, 2016

30 juni 2016 | 5 min

Enterprise Security Weekly #8 - Securing "Air Gapped" Networks

30 juni 2016 | 39 min

Security Weekly #470 - "Fsck Cancer"

24 juni 2016 | 137 min

Hack Naked TV - Interview with Don Pezet

23 juni 2016 | 21 min

Enterprise Security Weekly #7 - Web Application Scanning

23 juni 2016 | 37 min

Hack Naked TV - June 21, 2016

22 juni 2016 | 10 min

Security Weekly #469 - "I Thought It Was Beer"

17 juni 2016 | 133 min

Hack Naked TV - June 16, 2016

17 juni 2016 | 7 min

Hack Naked TV - June 14, 2016

14 juni 2016 | 6 min

Security Weekly #468 - Chris Poulin, X-Force

13 juni 2016 | 107 min

Hack Naked TV - June 9, 2016

9 juni 2016 | 6 min

Hack Naked TV - June 2, 2016

5 juni 2016 | 7 min

Enterprise Security Weekly #6 - IDS/IPS

4 juni 2016 | 39 min

Hack Naked TV - May 31, 2016

2 juni 2016 | 7 min

Security Weekly #466 - "8-Inch Floppy"

1 juni 2016 | 117 min

Hack Naked TV - May 26, 2016

1 juni 2016 | 6 min

Enterprise Security Weekly #5 - "SEIM"

31 maj 2016 | 40 min

Enterprise Security Weekly #2 - Threat Intelligence

29 maj 2016 | 44 min

Enterprise Security Weekly #3 - Vulnerability Management

27 maj 2016 | 39 min

Hack Naked TV - May 24, 2016

26 maj 2016 | 7 min

Security Weekly #465 - "Make Me A Drink"

25 maj 2016 | 128 min

Enterprise Security Weekly #1 - Threat Hunting

24 maj 2016 | 43 min

Hack Naked TV - May 19, 2016

23 maj 2016 | 8 min

Hack Naked TV - Beau Bullock

22 maj 2016 | 12 min

Hack Naked TV - May 12, 2016

21 maj 2016 | 7 min

Hack Naked TV - May 5, 2016

20 maj 2016 | 7 min

Hack Naked TV - May 3, 2016

19 maj 2016 | 8 min

Hack Naked TV - April 28, 2016

18 maj 2016 | 6 min

Security Weekly 464 - Dr. Douglas White, Ph.D

13 maj 2016 | 111 min

Security Weekly #463 - Interview with Ferruh Mavituna, CEO of Netsparker

6 maj 2016 | 110 min

Security Weekly #462 - Interview with Sean Metcalf, Microsoft Certified Master

29 april 2016 | 104 min

Security Weekly #461 - Jeff's Round Table

22 april 2016 | 102 min

Hack Naked TV - April 21, 2016

21 april 2016 | 8 min

Security Weekly #460 - Interview with Lee Holmes, Lead Security Architect of Microsoft's Enterprise Cloud Group

16 april 2016 | 85 min

Hack Naked TV - Beau Bullock

15 april 2016 | 12 min

Hack Naked TV - April 14, 2016

14 april 2016 | 6 min

Hack Naked TV - April 8, 2016

12 april 2016 | 7 min

Security Weekly #459 - Interview with James Lyne, Instructor at SANS Institute

8 april 2016 | 94 min

Hack Naked TV - April 7, 2016

7 april 2016 | 5 min

Security Weekly #458 - Interview with Alex Horan, Product Manager at Onapsis

2 april 2016 | 86 min

Hack Naked TV - March 31, 2016

1 april 2016 | 8 min

Security Weekly #457 - Interview with Ferruh Mavituna, CEO of Netsparker

25 mars 2016 | 104 min

Hack Naked TV - March 24, 2016

25 mars 2016 | 7 min

Hack Naked TV - March 24, 2016

24 mars 2016 | 10 min

Security Weekly #456 - Interview with Jared Atkinson, Hunt Capability Lead of Adaptive

19 mars 2016 | 102 min

Security Weekly #443 - Interview with Micah Zenko, Council on Foreign Relations

18 mars 2016 | 103 min

Hack Naked TV - March 17, 2016

17 mars 2016 | 10 min

Security Weekly #455 - Interview with Dennis Fisher, Security Evangelist at Kaspersky Lab

11 mars 2016 | 112 min

Hack Naked TV - March 10, 2016

10 mars 2016 | 7 min

Hack Naked TV - 3/3/2016

7 mars 2016 | 8 min

Security Weekly #454 - Paul's Big News, Perimeter Protection w/ InGuardians

4 mars 2016 | 100 min

Security Weekly #453 - Jeff Frisk & Jeff Pike, Global Information Assurance Certification

26 februari 2016 | 112 min

Hack Naked TV - February 18, 2016

23 februari 2016 | 9 min

Security Weekly #452 - Joff Thyer, Security Consultant at Black Hills Information Security

20 februari 2016 | 88 min

Security Weekly #451 - Mike Strouse, CEO of ProXPN

15 februari 2016 | 84 min

Hack Naked TV: February 12, 2016

13 februari 2016 | 7 min

Hack Naked TV: February 4, 2016

12 februari 2016 | 5 min

Hack Naked TV: January 22, 2016

12 februari 2016 | 13 min

Security Weekly #450 - Interview with Patrick Heim

8 februari 2016 | 101 min

Security Weekly #449 - Interview with Essobi

3 februari 2016 | 89 min

Security Weekly #448 - The Vulnerability Management Maturity Curve

29 januari 2016 | 104 min

Security Weekly #447 - Interview with Chris Domas

28 januari 2016 | 90 min

Security Weekly #446 - Interview with Adrien DeBeuapre

13 januari 2016 | 93 min

Hack Naked TV: Januray 8, 2016

12 januari 2016 | 10 min

Security Weekly #445 - Sharon Goldberg and Security News

4 januari 2016 | 95 min

Hack Naked TV: OSCP Review

1 januari 2016 | 8 min

Hack Naked TV: December 10, 2015

31 december 2015 | min

Hack Naked TV December 17, 2015

21 december 2015 | 6 min

Security Weekly #444 - Ed Skoudis, John Strand, Security News

17 december 2015 | 122 min

Hack Naked TV - December 4, 2015 - The Banned Episode

16 december 2015 | 9 min

Hack Naked TV December 10, 2015

11 december 2015 | 9 min

Hack Naked TV: December 2, 2015

10 december 2015 | 12 min

Security Weekly #442 - Interview with Ferruh Mavituna

24 november 2015 | 99 min

Hack Naked TV - November 20, 2015

21 november 2015 | 8 min

Hack Naked TV - November 19, 2015

21 november 2015 | 6 min

Security Weekly #441 - Interview with Marton Linvy & Barton Miller from SWAMP

14 november 2015 | 101 min

Hack Naked TV - November 9, 2015

9 november 2015 | 7 min

Security Weekly #438 - 10 Year Anniversary Part 2

26 oktober 2015 | min

Security Weekly #439 - Making The Most Of Threat Intelligence

24 oktober 2015 | min

Hack Naked TV - October 23, 2015

24 oktober 2015 | 8 min

Hack Naked TV - October 20, 2015

23 oktober 2015 | 5 min

Security Weekly #438 - 10 Year Anniversary Part 3

23 oktober 2015 | min

Security Weekly #438 - 10 Year Anniversary Part 1

22 oktober 2015 | min

Hack Naked TV - October 13, 2015

21 oktober 2015 | 5 min

Hack Naked TV - October 8, 2015

13 oktober 2015 | 6 min

Security Weekly #437 - Interview with Dafydd Stuttard

12 oktober 2015 | 102 min

Security Weekly #436 - Password Cracking with Larry

7 oktober 2015 | min

Hack Naked TV - October 1, 2015

2 oktober 2015 | 7 min

Hack Naked TV - September 23, 2015

24 september 2015 | 8 min

Security Weekly #435 - Interview with Josh Pyorre and Exploding Chips

18 september 2015 | min

Hack Naked TV - September 15, 2015

15 september 2015 | 6 min

Security Weekly #434 - Interview with Micah Hoffman

13 september 2015 | min

Hack Naked TV - September 11, 2015

11 september 2015 | 14 min

Hack Naked TV - September 8, 2015

9 september 2015 | 5 min

Security Weekly #433 - Outside The Echo Chamber

7 september 2015 | min

Hack Naked TV - September 1, 2015

3 september 2015 | 5 min

Hack Naked TV - Favorite Hacking Tools

2 september 2015 | 12 min

Paul's Security Weekly #432

28 augusti 2015 | 90 min

Security Weekly #431 - Interview with Phil Young and Chad Rikansrud

22 augusti 2015 | 100 min

Security Weekly #430 - Interview with Daniel Miessler

15 augusti 2015 | 81 min

Security Weekly #429 - Defcon is Coming!

1 augusti 2015 | 83 min

Hack Naked TV July 28th 2015

28 juli 2015 | 3 min

Security Weekly #428 - Interview with Samy Kamkar

28 juli 2015 | 110 min

Security Weekly #427 - Interview with Matt Duren

18 juli 2015 | 103 min

HNTV-20150714

14 juli 2015 | 3 min

Security Weekly #426 - Interview with Andrew Hay

12 juli 2015 | 93 min

Security Weekly #425 - Interview with Shay Chen

4 juli 2015 | 120 min

Security Weekly #424 - Interview with Rick Farina

28 juni 2015 | 100 min

Security Weekly #423 - Interview with Patrick Wardle

20 juni 2015 | 109 min

Security Weekly #422 - Interview with Ferruh Mavituna

13 juni 2015 | 117 min

Security Weekly #421 - Interview with Stephen Sims

10 juni 2015 | 93 min

Security Weekly #420 - Interview with Byron Cleary

31 maj 2015 | 91 min

Security Weekly #419 - Interview with Gavin Millard

24 maj 2015 | 103 min

Security Weekly #418 - Security Deathmatch

16 maj 2015 | 95 min

Security Weekly #417 - Interview with Chris Roberts

16 maj 2015 | 87 min

Security Weekly #415 - Tech Segment with Dan McInerney

3 maj 2015 | 86 min

Security Weekly #415 - Interview with Apollo Clark

27 april 2015 | 113 min

Security Weekly #414 - Interview with Jon Callas and Israel Barak

19 april 2015 | 123 min

Security Weekly #413 - Interview with Steve Crocker

13 april 2015 | 140 min

Security Weekly #412 - Interview with John McAfee

6 april 2015 | 117 min

Security Weekly #411 - Interview with Russ McRee

27 mars 2015 | 96 min

Pablos Holman, Seth Geftic, Matt Alderman, Stories of the Week - Episode 410 - March 19, 2015

24 mars 2015 | 130 min

Security Weekly #409 - Interview with Keren Elazari

16 mars 2015 | 102 min

Security Weekly #408 - Interview with Jayson Street

9 mars 2015 | 87 min

Security Weekly #407 - Security Deathmatch

23 februari 2015 | 91 min

Security Weekly #406 - Interview with Deviant Ollam

15 februari 2015 | 110 min

Security Weekly #405 - Sniffing GSM with RTL-SDR & GNU Radio

8 februari 2015 | 71 min

Security Weekly #404 - Interview with Michael Santarcangelo

1 februari 2015 | 92 min

Security Weekly #403 - Interview with Paul Henry

26 januari 2015 | 106 min

Security Weekly #402 - Interview with Kimberly Crawley

19 januari 2015 | 86 min

Security Weekly #401 - Interview with Reuben Paul

10 januari 2015 | 86 min

Security Weekly #400 - Security News Gone Wild

23 december 2014 | 73 min

Security Weekly #400 - Interview with Mike Poor and DEF CON SECTF

23 december 2014 | 66 min

Security Weekly #400 - Electronc Frontier Foundation, Vulnerability Panel

23 december 2014 | 89 min

Security Weekly #400 - Interview with Marcus Ranum and Billy Rios

23 december 2014 | 75 min

Security Weekly #399 - Interview with Valerie Thomas & Bill Gardner

15 december 2014 | 99 min

Security Weekly #398 - Security News

7 december 2014 | 53 min

Security Weekly #397 - Interview with Paul Coggin

27 november 2014 | 106 min

Security Weekly #396 - Interview with Adrian Wade

24 november 2014 | 92 min

Security Weekly #395 - Tech Segment with Elliott Brink

18 november 2014 | 83 min

Security Weekly #394 - Interview with Ming Chow

10 november 2014 | 92 min

Security Weekly #393 - Interview with Chris Crowley

3 november 2014 | 83 min

Security Weekly #392 - Interview with Russell Butturini

27 oktober 2014 | 89 min

Security Weekly #391 - Security News

20 oktober 2014 | 59 min

Security Weekly #390 - Interview with Joe Vest and Ben Clark

15 oktober 2014 | 74 min

Security Weekly #389 - Interview with Don Murdoch

6 oktober 2014 | 115 min

Security Weekly #388 - Interview with Michael Gough

20 september 2014 | 112 min

Security Weekly #387 - Interview with Women’s Society of Cyberjutsu

14 september 2014 | 70 min

Security Weekly #386 - Interview with Mike Murray, Powercat Demonstration, News

6 september 2014 | 91 min

Interview with Corey Thuen and Ken Shaw, Stories of the Week - Episode 385 - August 28, 2014

4 september 2014 | 83 min

Interview with Sarah Edwards, Guest Appearance by Dave Kennedy, Stories of the Week - Episode 384 - August 21, 2014

22 augusti 2014 | 102 min

Adrien de Beaupre on Multi-Post XSRF Attacks, Daniel Ayoub Introduces iGuardian, Stories of the Week - Episode 383 - August 14, 2014

18 augusti 2014 | 100 min

Interview with Dan King, Stories of the Week - Episode 382 - August 3, 2014

4 augusti 2014 | 84 min

Art of Memory Forensics, Stories of the Week - Episode 381 - July 24, 2014

28 juli 2014 | 92 min

Stories of the Week - Episode 380, Part 2 of 2 - July 10, 2014

12 juli 2014 | 59 min

Bill Swearingen's Meat - Episode 380, Part 1 of 2 - July 10, 2014

12 juli 2014 | 31 min

Stories of the Week - Episode 379, Part 2 of 2 - July 3, 2014

9 juli 2014 | 41 min

Disrupting Opprotunistic SSH Scanners - Episode 379, Part 1 of 2 - July 3, 2014

9 juli 2014 | 31 min

Stories of the Week - Episode 378, Part 3 of 3 - June 26, 2014

30 juni 2014 | 40 min

Chris John Riley Demos Android Hacking - Episode 378, Part 2 of 3 - June 26, 2014

30 juni 2014 | 17 min

Interview with Onapsis - Episode 378, Part 1 of 3 - June 26, 2014

30 juni 2014 | 35 min

Stories of the Week - Episode 377, Part 3 of 3 - June 19, 2014

23 juni 2014 | 36 min

Interview with Steve Christy - Episode 377, Part 2 of 3 - June 19, 2014

23 juni 2014 | 42 min

Interview with Chris Hadnagy - Episode 377, Part 1 of 3 - June 19, 2014

23 juni 2014 | 51 min

Stories of the Week - Episode 376, Part 3 of 3 - June 5, 2014

9 juni 2014 | 40 min

Scanning DNS with Nmap - Episode 376, Part 2 of 3 - June 5, 2014

9 juni 2014 | 20 min

Interview with Michael Ossman - Episode 376, Part 1 of 3 - June 5, 2014

9 juni 2014 | 60 min

Stories of the Week - Episode 375, Part 2of 2 - May 29, 2014

2 juni 2014 | 49 min

Interview with Pwnie Expresss - Episode 375, Part 1 of 2 - May 29, 2014

2 juni 2014 | 63 min

Stories of the Week - Episode 374, Part 3 of 3 - May 22, 2014

26 maj 2014 | 39 min

Embedded Security - Episode 374, Part 2 of 3 - May 22, 2014

26 maj 2014 | 31 min

Interview with OJ Reeves - Episode 374, Part 1 of 3 - May 22, 2014

26 maj 2014 | 34 min

Stories of the Week - Episode 373, Part 3 of 3 - May 15, 2014

19 maj 2014 | 39 min

Writing Shell Code with Ty Miller - Episode 373, Part 2 of 3 - May 15, 2014

19 maj 2014 | 26 min

Interview with James Jardine - Episode 373, Part 1 of 3 - May 15, 2014

19 maj 2014 | 39 min

Stories of the Week - Episode 372, Part 3 of 3 - May 8, 2014

12 maj 2014 | 40 min

Larry Rocks the Vote with Burp - Episode 372, Part 2 of 3 - May 8, 2014

12 maj 2014 | 15 min

Interview with Eddie Mize - Episode 372, Part 1 of 3 - May 8, 2014

12 maj 2014 | 40 min

Stories of the Week - Episode 371, Part 3 of 3 - May 1, 2014

5 maj 2014 | 26 min

Interview with Ed Skoudis - Episode 371, Part 2 of 3 - May 1, 2014

5 maj 2014 | 33 min

Interview with Adam Shostack - Episode 371, Part 1 of 3 - May 1, 2014

5 maj 2014 | 54 min

Interview with Rob Fuller - Episode 370, Part 1 - April 17, 2014

20 april 2014 | 25 min

Stories of the Week - Episode 370, Part 1 - April 17, 2014

20 april 2014 | 54 min

Drunken Security News - Episode 369, Part 2 - April 10, 2014

14 april 2014 | 51 min

Interview with Michael Santarcangelo - Episode 369, Part 1 - April 10, 2014

14 april 2014 | 50 min

Drunken Security News - Episode 368, Part 2 - April 3, 2014

5 april 2014 | 50 min

Interview with Josh Abraham - Episode 368, Part 1 - April 3, 2014

5 april 2014 | 36 min

Live from Mid-Atlantic Collegiate Cyber Defense Competition - Episode 367 - March 27, 2014

1 april 2014 | 93 min

Drunken Security News - Episode 366 - March 20, 2014

24 mars 2014 | 38 min

Wordpress Defacement: Lessons Learned - Episode 366 - March 20, 2014

24 mars 2014 | 22 min

Interview with Gary McGraw - Episode 366 - March 20, 2014

24 mars 2014 | 39 min

Live from SANS ICS - Episode 365 - March 16, 2014

24 mars 2014 | 61 min

Drunken Security News - Episode 364, Part 3 - March, 6, 2014

9 mars 2014 | 46 min

Perl Compatible Regular Expressions - Episode 364, Part 2 - March, 6, 2014

9 mars 2014 | 14 min

Interview with Eve Adams - Episode 364, Part 1 - March, 6, 2014

9 mars 2014 | 47 min

Hack Naked TV 14-15

25 februari 2014 | 8 min

Drunken Security News - Episode 363, Part 2 - Febuary 20, 2014

23 februari 2014 | 50 min

Interview with Kat Sweet - Episode 363, Part 1 - Febuary 20, 2014

23 februari 2014 | 26 min

Drunken Security News - Episode 362, Part 3 - February 13, 2014

17 februari 2014 | 38 min

Joff Thyer on Django Static Code Analysis - Episode 362, Part 2 - February 13, 2014

17 februari 2014 | 16 min

Interview with Paul Paget from Pwnie Express - Episode 362, Part 1 - February 13, 2014

17 februari 2014 | 32 min

Interview with Brian Richardson, Interview with Chris Taylor, Drunken Security News - Episode 361 - February 6, 2014

11 februari 2014 | 85 min

Drunken Security News - Episode 360, Part 2 - January 30, 2014

3 februari 2014 | 55 min

Interview with Jared DeMott, Windows Meterpreter's Extended API - Episode 360, Part 1 - January 30, 2014

3 februari 2014 | 46 min

802.11 Packet Injection with Scapy, Drunken Security News - Episode 358, Part 2 - January 16, 2014

27 januari 2014 | 62 min

Drunken Security News - Episode 359, Part 2 - January 23, 2014

27 januari 2014 | 40 min

Interview with James Arlen, Kristian Hermansen on Healthcare.gov - Episode 359, Part 1 - January 23, 2014

27 januari 2014 | 60 min

Interview with Peter Van Eeckhoutte, Special Guest Joel Yonts - Episode 358, Part 1 - January 16, 2014

18 januari 2014 | 59 min

Drunken Security News - Episode 357, Part 2 - January 9, 2014

12 januari 2014 | 59 min

Interview with Ian Iamit, SANS SIFT with Rob Lee - Episode 357, Part 1 - January 9, 2014

12 januari 2014 | 68 min

Drunken Security News - Episode 356, Part 2 - December 12, 2013

14 december 2013 | 48 min

Interview with Champ Clark - Episode 356, Part 1 - December 12, 2013

14 december 2013 | 54 min

Drunken Security News - Episode 355, Part 2 - December 5, 2013

12 december 2013 | 48 min

Interview with Jens 'Atom' Steube, ScriptAlert1 with Thomas KacKenzie & Ryan Dewhurst - Episode 355, Part 1 - December 5, 2013

11 december 2013 | 65 min

Interview with Martin Roesch, Drunken Security News - Episode 354 - November 21, 2013

24 november 2013 | 81 min

Drunken Security News - Episode 353, Part 2 - November 14, 2013

16 november 2013 | 53 min

Interview with Kyle "esSOBI" Stone, Deciphering Episode 350's Crypto Challenge - Episode 353, Part 1 - November 14, 2013

16 november 2013 | 46 min

Interview with Dan Philpot, Stealing Tokens for Privilege Escalation, Exploit Development with Mona.py - Episode 351 - October 28, 2013

16 november 2013 | 82 min

Interview with Winn Schwartau, Preserving Security Research w/ The Calvary - Episode 352 - November 7, 2013

10 november 2013 | 84 min

Somebody's Watching: The Future of Privacy - Episode 350, Part 6 - October 25, 2013

4 november 2013 | 59 min

Military Veterans in Information Security - Episode 350, Part 5 - October 25, 2013

3 november 2013 | 41 min

Interview with Jayson Street, Interview with Kevin Finisterre - Episode 350, Part 4 - October 25, 2013

2 november 2013 | 56 min

Java Whitelisting, Honeynet Project, HTTP Comments Displayer - Episode 350, Part 3 - October 25, 2013

2 november 2013 | 42 min

SCADA: Attack & Defense: Securing Critical Infrastructure - Episode 350, Part 2 - October 25, 2013

31 oktober 2013 | 53 min

Support Wounded Warriors, Active Defense: Taking The Fight To Attackers: Should We? - Episode 350, Part 1 - October 25, 2013

31 oktober 2013 | 77 min

Welcome to our very special episode 350! We have a very special episode, all in support of wounded veterans in our armed services. Please take the time to donate using the links above. We've got an epic day in store for you, including contests, panel discussions, technical segments and more!

Active Defense: Taking The Fight To Attackers: Should We?

We've all heard the term "Hacking Back". We all have mixed feelings about this term. Lets be clear, its not about feelings! The revenge-based "hacking back" was doomed for failure from the beginning. On the flip side, we're losing the battle against attackers on many fronts. What can we do? Setting traps, tracking attackers, luring them into areas of the network and systems deemed "honeypots" is on the table, or is it? What are the legal ramifications to this activity?

Benjamin Wright is the author of several technology law books, including Business Law and Computer Security, published by the SANS Institute. With over 25 years in private law practice, he has advised many organizations, large and small, private sector and public sector, on privacy, computer security, e-mail discovery, outsourcing contracts and records management. Nothing Mr. Wright says in public is legal advice for your particular situation. If you need legal advice or a legal opinion, you should retain a lawyer.

Joshua Corman is the Director of Security Intelligence for Akamai. Mr. Corman’s cross-domain research highlights adversaries, game theory and motivational structures. His analysis cuts across sectors to the core security challenges plaguing the IT industry, and helps to drive evolutionary strategies toward emerging technologies and shifting incentives.

Dave Dittrich is an Affiliated Research Scientist with the Office of the Chief Information Security Officer at the University of Washington. He is also a member of the Honeynet Project and Seattle's "Agora" computer security group.

Robert Graham is the co-founder and CTO of Errata Security, a firm specializing in cybersecurity consulting and product verification. Mr. Graham learned hacking as a toddler from his grandfather, a WW-II codebreaker. His first IDS was written more than 10 years ago designed to catch Morris-worm copycats.

HP Protect Interviews - Episode 349 - October 17, 2013

21 oktober 2013 | 50 min

Heather Mahalik on Smartphone Forensics Course, Drunken Security News - Episode 348 - October 10, 2013

16 oktober 2013 | 62 min

This segment was broken in two parts as the technical segment with Heather Mahalik happened in the middle of it. Heather is a senior digital forensics analyst at Basis Technology. As the on-site project manager, she uses her experience to manage the cell phone exploitation team and supports media and cell phone forensics efforts in the U.S. government. Heather is a certified SANS instructor and teaching the upcoming course Advanced Smartphone and Mobile Device Forensics.

Ok, on to the stories of the week with Paul, Larry, Allison and Jack. What'd you do this summer? Disney? Six Flags? Big Data Land? After much chatter in the Twittersphere (logged here by Space Rogue) last week, Jack brings up the "Popping Penguins" article from Forbes. The article talks about this super vulnerable program that is going to be the downfall of Linux. It's called bash. Would you believe you can use bash to start a listener on your machine and then send some commands over telnet to have someone else's machine connect back to you? Uh oh. Also, beware of another application, one that runs from the desktop that lets you connect to other computers and pull down files from a machine you don't own. Yeah, that one's called a browser. Sounds equally dangerous, no? Should we uninstall bash as a security measure?

Larry threw out there an article on 5 WiFi security myths to abandon. But Larry mentioned that some of these might not actually be very new. Things like don't hide SSID as some newer systems will see them anyway and digging deeper to find the SSID isn't that hard. Plus, if its owner took the steps to hide it, wouldn't that pique your interest that there may be something good running there? Sending out a weak signal may sound like a good idea as if someone can't reach it, they can't connect to it, right? But all that does is annoys its intended users and if someone really wants to get on the network, they'll simply use an antenna. The article ends with the non-myth that if you truly want WiFi security, make sure you use good encryption and a strong password. Simple, eh?

Jack was looking forward to going on a good patch rant. He and Paul have done webinars about really stretching things and getting your patch cycle down to five days from the day of release. Jack said during the good old days, he'd challenge himself to getting his systems patched within 72 hours. Patch Tuesday was to be completed by Friday. In this article by Dr. Anton Chuvakin, he does indicate how it would be good for some big corporations to get their patch cycle down from 90 days to 30 days, but then argues if the bad guys only need 3, then what's the point of all that effort? Jack's feeling is that even the 30 days should be enough in many cases, but it's often politics and other "can't do" attitudes that prevent it from happening. Why is that? Get those patches in place people!

One quick note on a tangent the team went off on. In their experience as pentesters, Larry and Paul mention that all to often the way they end up pwning a system is through some machine that no one knew was running, with services that no one knew were running, with an account that no one knows why it still exists. Do you have a good inventory of where your data is? What machines are in your data center? What services and accounts are on each? If those are gold to a pentester, who has to respect a customer's defined scope, guess what a malicious user is going to do to your network.

Paul's looking for advice on what new phone he should get? Android? iPhone? What say you? Tweet him up with your suggestion at @securityweekly.

Remember that Yahoo bug bounty program? $12.50 credit toward the Yahoo store? A little update from the rants and ridicule from last week, it was actually one guy , Ramses Martinez, Director, Yahoo Paranoids, who was very appreciative of people reporting bugs and was paying them out of pocket. He would send researchers a Yahoo tshirt but would then find out the recipient already had multiple Yahoo shirts. Martinez's idea then was to give the reporter a credit in the Yahoo store matching the value of the shirt, our of his own pocket. Since the uproar, Yahoo has installed its own bug bounty program and Martinez is no longer paying for the reports himself. Good on ya, Yahoo and even better, thank you Ramses Martinez for caring about security.

Speaking of bug bounties, Google has started a bug bounty program for open source software. Repeat that, it's not just Google software that they're paying bounties for, it's software that there really is no organization behind and normally count on volunteers to fix things. Now Google is putting their money behind that effort. As Allison mentions, there hasn't ever been any motivation for anyone to report bugs and now there is.

estrada-sm.jpgPaunch, the alleged author of the Blackhole exploit kit was arrested in Russia last week. Or at least we think so. Some unconfirmed reports have indicated this and Blackhole has not been updated since this time. Or maybe the guy just decided to take an extended vacation and threw the story out there himself. Either way, it might be time for Evil Bob to find a new exploit kit. (Note: Erik Estrada is not "Paunch", he's Ponch, as in Frank Poncharello)

Microsoft has a new disk cleanup where it removes all the old and outdated updates. Jack gained more than 6 GB of space after running the cleanup but a word of caution, it take a concerning long time for the next reboot. You might think you killed your computer but no, it really does take that long.

Check out "Tails" a security and privacy distribution and let us know what you think. Is it good? What makes it a better choice than some others? Though the number of security updates in recent versions is a little concerning. Yeah, I get it that it's good that security holes are fixed and that it's to software that the distro is including. But it's just a little concerning when you pitch it as being for security and privacy yet there are piles of security updates. It makes me wonder just how secure it is and whether it's any better than a secure version of your favorite distribution anyway. But you can certainly let me know and I'll post some comments from you in upcoming week. Tweet me at @plaverty9

There was also some discussion on iOS7 image identification, Larry has a colleague at Inguardians who wrote up an intro to using rfcat and Jack suggests taking a deeper look for yourself before jumping into the patch for MS13-81 and whether your system needs it. If it does, test thoroughly. It's got some deep stuff on it.

Interview with Thierry Zoller - Episode 348 - October 10, 2013

16 oktober 2013 | 45 min

Drunken Security "News" - Episode 347 - October 3, 2013

6 oktober 2013 | 44 min

Jamie Filson on gitDigger, Jared DeMott on C/C++ Auditing - Episode 347 - October 3, 2013

6 oktober 2013 | 49 min

Drunken Security News - Episode 346 - September 19, 2013

24 september 2013 | 39 min

Interview w/ Vivek Ramachandran - Episode 346 - September 19, 2013

24 september 2013 | 51 min

PFCLObfuscate, DerbyCon, Drunken Security News - Episode 345 - September 12, 2013

15 september 2013 | 49 min

Pete Finnigan works as an independant Oracle security consultant for his own company PeteFinnigan.com Limited . Pete specialises in performing detailed Oracle security IT Health checks against Oracle databases using a detailed methodology developed by Pete from many years of experience in securing databases.

We've got a good one for you this week. Paul and Jack were in studio we were treated with a visit from the DerbyCon organizers. Dave "Rel1k" Kennedy, Adrian "Irongeek" Crenshaw, Martin "PureHate_" Bos and Nick "Nick8ch" Hitchcock. Derby is one of those cons that that sells out within minutes or less, so they're surely not here to sell tickets for the September 25-29th even in Louisville, Kentucky. Listen to find out all the great things they have in store for this year's event. They've expanded with six tracks this year, two nights of big events and will have The Crystal Method playing on Saturday night! Dave also mentioned that his choice of Weird Al Yankovic got vetoed, but if I had any kind of vote, I'd love to see Al. In addition to some of the best talks on the planet, you'll see some games such as "Are You Smarter Than a CISSP?" and "Whose Slide Is It Anyway?" One of the other great things about DerbyCon is they make many, if not all of the videos available for people to view, in near real time, thanks to the kickass video guy Adrian.

Then on to the stories. Talking with the Derby guys is always so much fun, and with the weekly Stogie Geeks podcast immediately after, there wasn't much time left for stories. Paul and Jack got into Marissa Mayer not locking her iPhone and people trying to board commercial aircraft with hand grenades. Yeah. According to the article, TSA found 83 people with hand grenades in either their carry-on or checked luggage. But when we dig a little deeper in the article, we see those 83 also included "The majority of these grenades were inert, replica, or novelty items". The basically took away toys. I guess that sounds silly at first until you figure the hassle someone could cause by pulling out a toy but real-looking grenade mid-flight. Who's going to confirm that it's just a toy? It'd make for one heckuva stressful flight. So leave your grenades at home.

The only other story the guys talked about was Yahoo! CEO Marissa Mayer and how she avoids the hassle of locking her iPhone with a passcode. The article is an interesting one where one side wonders why she takes mobile security so casually? If hers fell into the wrong hands, first imagine the phishing that someone could pull off. But also what kind of trove of data is available on there from upcoming plans at Yahoo! (a publicly traded company) to private email conversations with other executives at the company. But then the other side wonders if the security advice for Mayer has the same level of appropriateness as for an average user. Maybe Mayer takes better physical precautions with her iPhone than a typical 16 year old high school student. Is her point valid that the extra step of entering a passcode isn't worth the ease of getting into her device many times a day to conduct business? Seems like an interesting question at least.

Interview with Rich Mogull - Episode 345 - September 12, 2013

15 september 2013 | 51 min

Active Defense with Honey Badger, Drunken Security News - Episode 344 - September 5, 2013

8 september 2013 | 51 min

Have you heard of those scam phone calls from "Windows" where the person on the other end of the phone claims to know there's a problem with your computer ("Is it running more slowly lately?") and they even have you test it out by running some commands and referring to common files as viruses. Then they're so friendly that if you simply go to their web site and download a couple files, they'll clean it all up for you. Maybe one of the worst people they could possibly call would be the head guy at Black Hills Information Security, John Strand. Yep, and John was only too happy to give them just enough rope to hang themselves. Listen along for how John was also able to irritate the scammers.

Then we tried to get going on the stories of the week and were off to a great start but very quickly got derailed with a story from Australia. Apparently the Australian government is looking to put a filter on the internet in their country that would completely block all perceived porn sites. If someone wants to be able to access porn web sites from inside Australia, they'd need to "opt out" of the filter by simply contacting the government. What could possibly go wrong with this idea? I'm certain that there wouldn't be any privacy issues whatsoever. Additionally, wasn't the internet basically invented for the purpose of porn consumption? Ok, back to the rest of the stories discussed.

Remember a few weeks ago when we talked about a scumbag who intruded upon a family through their baby monitor and was able to shout at the baby and parents through the monitor. Well, the Federal Trade Commission (FTC) has slapped down a manufacturer of different brand of baby monitor and said they may no longer market their product as being "secure" until they fix these flaws. The flaws being that they say the feeds are private while anyone can view them on the internet at least in part because the authentication from the internet is clear-text and needs to be encrypted. Here we are already seeing where it seems like a great idea for manufacturers to internetify their product but don't completely understand all aspects of that or at least don't understand basic security needs. I don't know which is the chicken and which is the egg yet, but with the promise of IPv6, we're going to eventually see just about everything we own trying to have some sort of presence on the internet and these basic security precautions will need to be met.

Allison alerted us to the fact that Burp Suite got an upgrade this week. I'm constantly amazed at how much Burp can do especially when you consider the $300 price. Sure, there's also ZAP available from OWASP for even cheaper (free) but I think Burp is one of those tools that just about everyone uses because of its awesomeness. If I had to pick out just one of the new features, I'd mention the "Plug 'n Hack". According to Portswigger: "This enables faster configuration of the browser to work with Burp, by automatically configuring the browser to use Burp as its proxy, and installing Burp's CA certificate in the browser."

We also found out more details this week about another trojan called FinFisher by Gamma. The existence of FinFisher had been previously revealed but in a presentation by Mikko Hypponen, he talked about some of the things that the tool can do, including cracking WPA1 and WPA2, decrypting common email sites and even copying over a whole drive encrypted with TrueCrypt via a USB stick. Reportedly, the tool had only been available to governments in order to conduct their own national intelligence, but by now there's no way of knowing whether this has slipped out into the wild and in the hands of just anyone.

At Black Hat this year, Mike Shema from Qualys talked about a new way to possibly prevent CSRF. As we've seen in the past, the only way to reliably prevent the attack is to place a token in the action and have the server validate that token. This requires that the developer of the application understand CSRF and understand an API for creating the token, and to also implement it properly. If you're in the training or penetration testing business, this sounds like a great thing for job security. However there are millions of developers worldwide and training all of them may take a while. Heck, look at how prevalent much simpler attacks like SQL injection and Cross Site Scripting are. Do we really think that we'll be able to "train away" CSRF? This is where Shema has the idea of "Session Origin Security" and put the token in the browser. Now instead of training millions of developers, we simply get about five browser developers to jump on board. But the gang was a little skeptical about other plugins to work around this as well as breaking valid sessions and backward compatibility. We also wondered whether it may make more sense to allow the browser to choose whether it wants the CSRF protection and turn it on by default and let the user turn it off if there's a good reason to. These all seem to be questions that Shema and his team are looking into.

Jack told us about a post from Gunnar Peterson and the "Five Guys Burgers Method of Security". I don't think it means where it's so good for the first ten minutes and then you feel like crap about it for the next few hours. It's the idea that when you go to a Five Guys (and if you haven't yet, you should) they have two things, burgers and fries. They do these two things exceptionally well. They haven't morphed into also being a chicken place, and a fish place and a milkshake place and a coffee place and then letting the overall quality slip. They are focused on doing their two things and doing them extremely well. And I wondered if this is where so many in the security industry get frustrated and eventually burned out. As John brought up, the frustration often comes when there is so much compliance and documentation required, which yeah, I can see that as well. Who likes checking boxes and meeting with guys in ties to explain how you meet the PII, PCI, SOX and whatever other acronyms? I also wonder if there's also frustration in that we're hired to be "the security person" and we have areas that we're good at and enjoy. Whether that's network security, mobile security, web security or whichever. But due to budgets and many other reasons, we are expected to be experts in all areas, much unlike Five Guys. The Five Guys philosophy is if you want a great chicken sandwich, go to a chicken place. If you want a great milkshake, go to a milkshake joint. However in our jobs, we are the burgers and fries and chicken and fish and milkshakes and we're expected to be perfect at all of them. Anyway, it's an interesting take.

Do you have a Web site? No? Ok, then you're probably safe. Robert "Rsnake" Hansen put together an infographic about all the different things that you need to worry about today when securing your web site. It started out as a joke but then got a bit too close to reality and finally just got head-shakingly scary.

Finally, if you haven't already, check to see if your web site is "locked." Simply do a whois on your site and see if you have at a minimum a status of "ClientTransferProhibited." Some have said the recent NY Times hack was able to happen because the domain was not locked and the Syrian Electronic Army (SEA) was able to get the DNS credentials from someone and then change the DNS records to their own server. But if your DNS is locked, it'll take a bit more work to make the updates. Your registrar will go through additional validation steps before the DNS records are updated. This is likely enough that if someone is looking to hijack web sites, they'll realize yours isn't worth the both and move on to an easier target. With Congress possibly authorizing an attack on Syria and with the twelfth anniversary of the September 11, 2001 attacks upcoming, it would not be surprising to see another round of attacks on web infrastructure. So take this very easy step and protect your site.

Interview with Richard Stiennon - Episode 344 - September 5, 2013

8 september 2013 | 46 min

Enumerating a Domain Using ASDI in PowerShell, Drunken Security News - Episode 343 - August 29, 2013

6 september 2013 | 56 min

Carlos Perez is also known as @DarkOperator, He spends his time reverse engineering, and practicing PowerShell Kung-Fu. Known by his motto "Shell is only the Beginning".

The show was missing its usual sunshine and unicorns as Jack was unable to attend the show but fear not, Paul and Larry took us all through the stories of the week!

First, Larry found an article telling us why we should never trust geolocation values. The article talks about how the major geolocators (Google and Apple) will keep a database of where wifi hotspots exist and their mapping systems use these known values. But what if one of those "known values" moves? What if a hotspot that was in downtown Providence gets moved to Paris? We'd probably have another person drive their car into the ocean! But the part that Larry is talking about that he'd like to get is actually the reverse. Rather than knowing where the hotspots are and get an address back, have a way to submit the address and get a list of known hotspots in the area.

Stop us if you've heard this one before...there's a Java 0-day in the wild. Well, at least this one was for Java 6. Worried about how to remedy this? Wondering when the patch will be released? Well, it kind of has, it's called "upgrade to Java 7" which then throws a gray area into the whole "it's a 0-day" thing.

Ok, so here is the reason that we listen to the stories of the week. The experience that Paul and Larry have in the business is priceless in itself so when a story can spin off into an interesting story from the field, it's worth *at least* what you pay for the show. Paul tells us about WebAntix, a shell script that someone wrote that uses a Nessus NBE to take a list of URLs and go take a screenshot of each site and create a web site with those screenshots. Really useful on a pentest, right? Paul also mentions how Tim (@LaNMaSteR53) had written something similar called Peeping Tom. But what got spurred on here is Larry's story about a pentest that he was on. He was using a tool to spider through the client's site and realizing it was going to take a while, he went to lunch. In the meantime, the tool hit a page that it couldn't authenticate into. The tool didn't know when to quit and it would continue to try the page, failing each time. With each failure, a new log entry was created. However the company had a log watcher that would send an email to many people on each individual failed auth. 1.2 million emails later, the Exchange server was dead.

There's also this BYOD thing. Employers are wrestling with this problem in how they deal with employees bringing in their own laptops, mobile devices, tablets and who knows what else. Paul talks about how back in the days when Jack was probably only middle-aged, you could go to work at a place like IBM and they'd supply you with a far more expensive, far more powerful machine than you could probably afford on your own. So you almost looked forward to going to work just to use this souped up computer. Here lies the BYOD problem for businesses. On one hand, they can save money knowing that people have all this stuff on their own and they're going to use it so there's no longer a need to buy them the latest and greatest super strong computer. But, can that also be used in the reverse? What if a business wants to fight the whole BYOD thing by putting people back on super strong machines to where they won't even want to bring their own in anymore? It may be an interesting thought, but it really isn't going to keep the leakiest of machines out of the office, also known as the mobile phone.

How about if you ever need to get sudo on a Mac OSX machine and don't have the password? As long as someone has ever successfully done a sudo on the machine, you can simply do a sudo -k in the Terminal window, set the date back to the epoch and voila, you now have sudo on that machine. Or simply use Dave Kennedy's python script to do it all for you. Ok, this is one where I have to tell a story of my own. One time in a job, someone emailed me about how to get elevated privileges on a machine and I wrote back in email that he should go ask the system admin team for sudo access. Well, apparently he thought I was an idiot or didn't know how to spell or something because he promptly wrote to the unix administrator and said that I suggested he ask for some kind of "pseudo-access" to the box. Much laughter ensued.

What good would it be if I simply recap the whole show for you. Of course we want you to listen, so let's go quick with a few more. You can use an unauthenticated API to access some functions and interact with a Tesla automobile. The Register is telling us that the Poison Ivy RAT is the AK-47 of attacks. Learn to break Android apps with tutorials and sample sites for learning! An ISP was caught tracking mouse clicks! The horrors! Well, they were tracking where users were clicking on their support page. I can at least see the defense here. They wanted to know how effective their support page was and whether people were able to quickly and easily find the right answers, and where they were clicking around on the screen, hopefully in an attempt to make it more efficient. At least that's the story I'd believe.

Interview with Matt from BruCON, Inerview with Ira Winkler - Episode 343 - August 29, 2013

6 september 2013 | 47 min

Exploiting Embedded Systems, Drunken Security News - Episode 342 - August 22, 2013

25 augusti 2013 | 62 min

Interview with Phil "Soldier of Fortran" Young - Episode 342 - August 22, 2013

25 augusti 2013 | 47 min

Denying Service to DDoS Protection Services, Drunken Security News - Episode 341 - August 16, 2013

20 augusti 2013 | 60 min

After her presentation at Black Hat 2013, Allison is back in studio and will do a tech segment titled "Denying Service to DDOS Protection Services"

Are you not keeping your firmware up to date? Any chance that you're setting yourself up to be hit by the HP Integrated Lights-Out authentication bypass? If you're not going to be diligent about updating firmware and must have these things on the internet, then as Paul says, firewall the hell out of it and keep it away from the rest of your network.

Using a new scanning interface from Paul and Jack's employer, Tenable, you're able to see if your desktop software is out of date. Everyone's browser seemed to need updates and as we learned with some help from Carlos, you even need to update your pooty (PuTTY).

One of the many good lessons that can be gained from watching Security Weekly is "Don't screw with people's kids." Let's go one step further and say it's probably in poor form to call some random stranger's two year old a "slut". Larry and Paul tell us about a story where one of those baby monitor camera systems was "hacked" because it was on the internet and using the default (ie. no password) password. So someone was able to log in to the camera and shout expletives through the speakers, at the sleeping child and eventually at the parents. Ok, first as Jack already mentioned, don't screw with people's kids. Second, as Larry mentioned, why put this thing on the internet? Third, if you are going to put it on the internet, make it easier or more obvious that a default password needs to be changed. Or finally, as Jack mentions, it might be a little harder to support, but go with a handful of default passwords and put a sticker on the system to let people know what it is. That's a whole lot better than no password when this thing goes on the internet.

Leave it to Expert Steve to start a fire right in the Security Weekly studios.

Rob Graham over at Erratasec gives a nice behind-the-scenes account of the Blaster worm as it was already 10 years ago that the outbreak first happened. Rob talks about how he found out about the possibility, was soundly mocked even in his own company about the upcoming outbreak and even how he launched his own bloodless coup in his company. He simply told the CEO that a major problem was coming, that he knew how to fix it and he was taking over immediately. In spite of much preparation for a big fight, the CEO simply said "ok" and Rob was off and running. While it only took his in-house developers to create an exploit for the vulnerability, it took much longer than expected for it to be seen in the wild. It was eventually first seen on August 11, 2003. And Rob was vindicated.

So the Transcend SD WiFi Card is completely vulnerable to all kinds of bad things. The tiny little card runs Linux and even has netcat installed! There's a web server on there where you can upload more fun scripts that let you do all kinds of things you shouldn't be able to. Things like see the user's password in the web page source code or remote file includes. But to leave netcat installed and leave open the ability to get a shell on an SD card? As Larry asks "The smaller the device, the less attention that is paid to security??"

While out at Black Hat, Allison got to play with the Hot Plug. No no, in spite of the name this is not some kind of sex toy. Instead, it's a great device that allows you to remove the power plug from a wall socket but still leave the device powered on. According to Allison, it's a male-to-male plug where you just slightly remove the plug from the socket, connect the Hot Plug and then remove the plug from the socket.

There are more discussions and articles but finally, Paul brought up this Dark Reading article by Maxim Weinstein called The More Things Change. This article goes into how many millions of malware variants we've seen through the years, but in the end, all of these hacks require at least one of three things: "exploiting a vulnerability, compromising user credentials, and/or tricking the user." The real question is how we fix these?

Ok, one more. There's an add-on to the Leap Motion device where you can simply use hand (or other) gestures to log in to your Windows machine. Oh so many ways that we could log in...

There are all these stories and more this week on the Security Weekly Drunken Security News!

Interview with Dr. Whitfield Diffie - Episode 341 - August 16, 2013

20 augusti 2013 | 50 min

Drunken Security News - Episode 340 - August 8, 2013

10 augusti 2013 | 66 min

HoneyPorts Automated Blocking, Threat Analytics w/ Ty Miller - Episode 340 - August 8, 2013

10 augusti 2013 | 51 min

OSWAP Top 10 with Dave Wichers, Drunken Security News - Episode 339 - July 18, 2013

20 juli 2013 | 65 min

Interview with Troy Hunt - Episode 339 - July 18, 2013

20 juli 2013 | 61 min

Interview with Team Onapsis, Schuyler Towne on X-Locks Project, Drunken Security News - Episode 338 - July 11, 2013

15 juli 2013 | 110 min

Interview with Matt Bergin, Kati Rodzon & Mike Murray's Social Engineering War Stories, Drunken Security News - Episode 337 - July 4, 2013

13 juli 2013 | 83 min

Liam Randall & Seth Hall on Bro IDS, Drunken Security News - Episode 336 - June 20, 2013

22 juni 2013 | 62 min

Interview with Pete Lindstrom from Spire Security - Episode 336 - June 20, 2013

22 juni 2013 | 46 min

Interview with Bill Stearns, Phil Hagen on logstash - Episode 335 - June 13, 2013

18 juni 2013 | 60 min

Dave Kennedy on Bypassing AV, CycleOverride with JP Bourget & Bruce Potter - Episode 335 - June 13, 2013

18 juni 2013 | 43 min

Andy Ellis, Software Restriction Policies, Drunken Security News - Episode 334 - June 6, 2013

11 juni 2013 | 88 min

Chris Tuncer on Veil, Drunken Security News - Episode 333 - May 30, 2013

4 juni 2013 | min

Interview with Gunnar Peterson - Episode 333 - May 30, 2013

4 juni 2013 | 57 min

333 Part 2

4 juni 2013 | 51 min

Tim Conway, Drunken Security News - Episode 332 - May 16, 2013

20 maj 2013 | 60 min

Interview with Brian Snow - Episode 332 - May 16, 2013

20 maj 2013 | 66 min

Kurt Baumgartner, Drunken Security News - Episode 331 - May 9, 2013

13 maj 2013 | 59 min

Kurt Baumgartner of Kaspersky Labs joins us to talk about Red October, a research paper that he co-authored, along with the other areas that he works on at Kaspersky.

It's time for another Drunken Security News. Much of the gang was on the road this week so Patrick Laverty sat in with Paul and Engineer Steve for the show, plus Jack's epic beard called in via Skype from lovely Maryland.

First, Paul admitted it was a stretch to bring this into a security context but he wanted to talk about an article that he found in The Economist (via Bruce Schneier) about one theory that if the US would simply be nicer to terrorists, release them from Guantanamo Bay, Cuba and stop hunting them down around the world, that they would in turn be nicer to us. Also, fewer would pop up around the world. The thinking is that jailing and killing them turns others into terrorists. So here's the leap. Can the same be said for black hat hackers? If law enforcement agencies stop prosecuting the hackers, will they be nicer and will there be fewer of them? I think we all came to the same conclusion. "Nah."

Paul also found an Adam Shostack article about how attention to the tiniest details can be important to the largest degree. The example given was the vulnerability to the Death Star in the original Star Wars movie was so small and the chances of it being exploited were so remote that the Empire overlooked it, Grand Moff Tarkin even showing his arrogance shortly before his own demise. The same can be said for our systems. It might be a tiny hole and maybe you think that no one would look for it and even if they do, what are the chances they both find it and exploit it? In some cases, it can have quite dire consequences. The Empire overlooked a small vulnerability that they shouldn't have. Are you doing the same with your systems?

Did we happen to mention that Security BSides Boston is May 18 at Microsoft NERD in Cambridge, MA and Security BSides Rhode Island is June 14th and 15th in Providence, RI. Good seats and good conference swag are still available. We all hope to see you there!

The Onion's Twitter account was breached by the Syrian Electronic Army and they handled it a way that only The Onion can, making light of both themselves and the SEA. Additionally, possibly for the first time ever, The Onion published a non-parody post about exactly how the breach occurred.

Additionally, the National Republican Congressional Committee (NRCC) web site got spam hacked/defaced with Viagra ads. The only thing we were wondering is, are we sure it was hacked and not just a convenient online pharmacy for their members?

A new whitepaper was released from MIT talking about "Honeywords". The problem being solved here is creating a way for server admins to know sooner when a passwords file has been breached on a server. In addition to the correct password, this new system would add a bunch of fake passwords as well. When the attacker starts trying usernames and passwords, if they use one of the fake passwords, the server admin would be notified that someone is doing that and it is very likely that the passwords file has been breached. It's an interesting concept to ponder.

Jack had an article from Dennis Fisher at Threatpost, asking the question about what's the point of blaming various people for cyberespionage if we don't have a plan to do something about it.

The NSA also has its own 643 page document telling its members how to use Google to find things like Excel documents in Russian that contain the word "login". Wait, I feel like I've heard of this somewhere before. Oh yeah, that's right. Johnny Long was talking about Google Hacking at least as far back as 2007. It's just interesting some times to see things that the media gets wind of and without the slightest bit of checking, thinks something is "new".

Interview with Rob Cheyne - Episode 331 - May 9, 2013

13 maj 2013 | 49 min

Andrew Righter, Banasidhe on BSidesLV, Drunken Security News - Episode 330 - May 2, 2012

7 maj 2013 | 88 min

Sumit Siddharth, Free Amazon Socks Proxy, Drunken Security News - Episode 329 - April 25, 2013

29 april 2013 | 55 min

Interview with Brad Bowers - Episode 329 - April 25, 2013

29 april 2013 | 50 min

Drunken Security News, Jeremy Zerechak - Episode 328 - March 18, 2013

20 april 2013 | 83 min

Drunken Security News - Episode 327 - March 11, 2013

15 april 2013 | 42 min

Interview with Richard Bejtlich - Episode 327 - March 11, 2013

15 april 2013 | 62 min

Python for Penetration Testers, Drunken Security News - Episode 326 - April 4, 2013

9 april 2013 | 60 min

Mark Baggett is the owner of Indepth Defense, an independent consulting firm that offers incident response and penetration testing services. Mark is the author of SANS Python for Penetration testers course (SEC573) and the pyWars gaming environment. In January 2011, Mark assumed a new role as the Technical Advisor to the DoD for SANS.

Yet another Paul's Security Weekly Drunken Security News! Can I Stop Typing In Caps Yet?

Please follow along at home and check out the show notes to see the stories that Paul, Larry, Jack and Allison have decided to talk about this week! Additionally, have you heard yet that Paul is putting on BSides Rhode Island? Got your ticket yet? Plus, Larry is teaching SEC616 for SANS in May in sunny San Diego. Don't miss that!

And did you check out the latest HackNaked TV by John Strand? It's an introduction to getting started with Recon-NG the new tool by Tim Tomes. If you've ever wanted a great reconnaissance tool that feels a bit like Metasploit, then give Recon-NG a try.

What are the guys busting Steve the Engineers chops about at the beginning? They thought that Steve had deleted the just-completed interview with Bill Cheswick. Much to Paul's pleasant surprise, the raw video survived and we have the interview available for you.

Paul found a story about upgrading a router by removing chips and resoldering new ones and additional ones back on. Want an overview of how this works? Larry educates us on the necessary tools and techniques. Remember, it's all about the tip size and always practice on hardware you don't care about as it's likely you'll screw it up the first time you try.

Larry also discovered the "Dave" video. Dave is a Belgian mindreader that brings people in off the street, into his New Age-y looking tent, invokes various dances, chants and feels people's energy. In the end, he is able to determine what seems like way too much personal information about these strangers. How does Dave do it? I won't reveal the trick here, but you can see the two and half minute video on YouTube for yourself. Be careful out there.

Jack gives a shoutout to Rackspace for taking on the patent trolls and Allison finds an ISP in Texas that is injecting ads in their customers' traffic. She also wonders what would happen if a customers, seeing these ads, were to simply click on them incessantly, driving up the cost to the advertisers, defeating the purpose of the advertising budget.

Hey, you know that whole "hacking back", offensive countermeasures thing? Yeah, so a guy in Russia actually tried it as we know everything's legal in Russia, right? He set up a honeypot on one of his machines that loaded malware on your machine if you went to it. Ok, maybe that doesn't sound very nice, but the only way you could get into it is if you did some SQL injection on the box. So it's not like the people affected had innocent intentions.

If you're reading this far, you're probably a security practitioner to some degree and you're aware of ATM skimmers and give an extra look for them. But do you look anywhere else other than ATMs? Skimmers are starting to pop up in all kinds of credit card terminals from the local grocery store to taxis. So be aware and maybe just pay cash.

Other stories include farting on servers, dressing like a cyberwarrior, the return of Archer and Arrested Development, sniffing, scapy and getting the government to hire security professionals who may not exactly have a pristine past.

See you next week with Mandiant's CSO Richard Bejtlich!

Interview with Bill Cheswick - Episode 326 - April 4, 2013

9 april 2013 | 52 min

Simon Bennetts, Drunken Security News - Episode 325 - March 28, 2013

31 mars 2013 | 73 min

Drunken Security News - Episode 324 - March 21, 2013

25 mars 2013 | 59 min

Are you here to learn something about infosec? Well, you're in luck because this week you get even more. You even get Paul and Larry's beer trivia and find out who has the oldest trademark anywhere!

Can you guess the password on your first try? Of course you'd simply try the default password for the device, right? So would that be illegal to log in to that device and install software/malware? Of course it would be illegal, but it's still pretty neat that they were able to find approximately 1.2 million unprotected devices and turn about 420,000 of those into their botnet, which allowed them to scan the entire IPv4 address space in one hour. Also interestingly, this scan estimated that only about one-third of the IPv4 addresses are actually in use.

Along the same lines, Allison and Paul chatted about an article explaining how the botnet business is booming. One group is paying as much as $500 for 1,000 infections. Also discussed are the costs of a DDOS or 20,000 spam emails. Larry also pulls out $9 and some pocket lint wondering how many people he can spam with his resume.

Allison also brought up the Brian Krebs SWATing story and explains her own forays into this underground black-market subculture. Very interesting explanations of how easy it is to get enough personal information about someone in order to trick various businesses or services into helping the impersonator access their target's account.

NATO decided and published a report that they are justified in killing hackers. John offered his opinion on this that it makes sense. As war moves into new grounds and countries are using hackers to attack other countries, it makes sense that country is going to defend itself against this type of attacker.

Did you finally get your own 3D printer? Can you legally print out your own guns? Would that be legal? I would guess as long as you're the Vice-President and simply creating a double-barrel shotgun to scare people away, then it's all good. Maybe.

How's this for bottom-up economics? Larry tells us about a couple guys who owned a Subway sandwich shop and decided to get into the PIN pad business and eventually become a distributor to the parent Subway company. Except that these guys pre-installed remote admin access, and you can guess the rest.

Stick around 'til the end of the show for even more of Paul's beer trivia!

Interview with Jason Fossen - Episode 324 - March 21, 2013

25 mars 2013 | 45 min

Drunken Security News - Episode 323 - March 7, 2013

11 mars 2013 | 39 min

Jonathan Ness, Michael Farnum - Episode 323 - March 7, 2013

11 mars 2013 | 60 min

Joe McCray, Building a Security Lab, Drunken Security News - Episode 322 - February 28, 2013

3 mars 2013 | 104 min

Adrian "IronGeek" Crenshaw, Joey Peloquin - Episode 321 - February 21, 2013

25 februari 2013 | 82 min

Craig Heffner, Josh Wright, Drunken Security News - Episode 320 - February 12, 2013

13 februari 2013 | 82 min

Craig Heffner is a Vulnerability Researcher with Tactical Network Solutions in Columbia, MD. He has 6 years experience analyzing wireless and embedded systems and operates the devttys0 blog which is dedicated to embedded hacking topics. He has presented at events such as Blackhat and DEF CON and teaches embedded device exploitation courses.

Have you ever jumped on a random WiFi connection and you didn't know where it was coming from? Probably. Most people have. But if you're one of Josh Wright's neighbors, or even if he's sipping coffee at the local shop, you might want to be careful about which wireless connection you're jumping on. But if you start seeing images that are out of focus or getting a page that seems about five years out of date or even end up on kittenwars.com, Josh might be the one responsible. Or at least his VM. You can get it on his site http://neighbor.willhackforsushi.com/

Josh is also working on something great for BSides Rhode Island. Check out the video below and he'll explain it. But if you hate the long lines at places like Cheesecake Factory and those stupid little buzzers that notify you when your table is ready, Josh might have some help for that. But you'll need to be at BSides RI to hear about it.

As for the stories of the week, we had a little bit of a lean week. However jokes about Jack's balls, I mean bells, were frequent and fun. After all, it was Mardi Gras and Jack brought beads for the whole crew with the one stipulation that we had to keep out clothes on.

Did you know that on Monday, February 18 at 2 pm, Paul and John will hold a free webinar with SANS. Titled "Active Defense Harbinger Distribution - Defense is Cool Again" the guys will be talking about the new offensive security distro that was built by Black Hills Infosec's Ethan Robish and John Strand. It's free, so sign up at the link above.

As for some of the stories, we knew it was going to be a rough week when Paul showed us the 10 ways to reduce security headaches in a BYOD world and #1 was to secure your data. Ohhhhkayyy. Moving on.

Paul also played the audio from a news broadcast from out west where the zombie apocalypse has begun. It's like a modern day War of the Worlds where people were actually calling the police to see if the story was true.

Jack explained how Mega's KimDotCom (isn't it quite egotistical to just take your first name and stick "dotcom" after it? I mean, seriously) continues to show his brilliance. Where else can you get a solid, top to bottom pentest for only about 10,000 euros. He challenged anyone to hack his site and after a few bugs, he began paying up. Pretty smart.

One story that actually didn't get mentioned on the show but is in the show notes is a quote from Bit9 after their hack this week: "There is no easy answer to a world where there are sophisticated actors continuously targeting every company and individual and whose primary goal is to steal information, whether for profit, power or glory. This is not fear-mongering or hype--everyone in the security business knows this fact. This is the state of cybersecurity today, and we are all frustrated and angered by it." Isn't this exactly why security firms get paid? Because there are bad people out there looking to steal information? If those people didn't exist, then would Bit9 need to exist? That's biting the hand that feeds you.

That's it for this week. We'll be back next week on the usual day, Thursday, February 21 at 6 pm EST! Until then, stay calm and hack naked!

ADHD with Ethan Robish, Drunken Security News - Episode 319 - February 7, 2013

10 februari 2013 | 52 min

Ethan Robish is a researcher with Black Hills Information Security and is here to give us some of the background on a suite of tools for the Offensive Countermeasures class - Active Defense Harbinger Distribution. The Active Defense Harbinger Distribution (ADHD) is a Linux distro based on Ubuntu 12.04 LTS. It comes with many tools aimed at active defense preinstalled and configured. The purpose of this distribution is to aid defenders by giving them tools to "strike back" at the bad guys.

A lean week in episode 319's Drunken security news, but at least the house was full with PDC staff. With Paul, Larry, Allison and Jack in-studio and John and Carlos via Skype to fill us in on all the fun.

But first, make sure to not miss the other two segments from episode 319. First was 451 Research's Wendy Nather to talk with the team, and then Ethan Robish and John Strand came on to talk about a brand new distribution. If you like distributions like Samurai, Backtrack and others, you might be interested in this one. Titled ADHD (Active Defense Harbinger Distribution) this has been three years in the making and takes on offensive security with many of the tools you love.

As for the stories of the week, Paul started off with a couple quick hits, including a joke about the Federal Reserve hack and bugs in hospital embedded devices. Then follow along as Jack goes a long way to make a joke about prime numbers, after one of the largest only-divisible-by-one-and-itselfs was discovered.

The first story they dig into is one that Larry brought along, about SSL/TLS being broken. After some explanation on the Oracle padding issue and the use of the same key, John and Larry bring up Wright's Law (to be discussed in episode 320 on Tuesday). Larry wonders, who is working on fixing SSL and if there is someone with a fix today, it could take five years until it is fully implemented.

Do you need anything more than six seconds? Apparently if you use Vine for Twitter, that's all you'll need. It's a new video sharing service, but all you get is six seconds of video. And what happens on Vine stays on Vine, right? Umm, no.

What would you do if you were Adobe's CISO? Take the staff out to lunch? Quit? Or actually get things cleaned up. I guess at least they're not Sony.

Congratulations to Allison who is Gold GCIA certified after her paper on digital watermarking to help prevent leaks. You can read the entire thing in the SANS Reading Room.

Lastly, Larry drops an "I told you so" with regard to Universal Plug and Play (uPnP). As Larry wrote, now there is a single Packet UDP exploit for it, for almost every device - of which there are millions of devices connected to the internet based on HD Moore's scanning.

Oh and if your company is looking for their next great employee (or if you get a referral bonus) contact Larry with the opportunity.

Interview with Wendy Nather - Episode 319 - February 7, 2013

10 februari 2013 | 47 min

Interview with Dr. Gene Spafford - Episode 318 - January 31, 2013

4 februari 2013 | 57 min

Thug with Ben Jackson, Drunken Security News - Episode 318 - January 31, 2013

4 februari 2013 | 69 min

Thug is a Python low-interaction honeyclient. All too often in Incident Response you have logs that indicate a client was exploited by an exploit kit and compromised, but retrieving a copy of the the applicable piece of malware is difficult. Thug is designed to mimic a vulnerable web browser and follow the exploit kit back to its malware.

But with all that in the books, the conversation quickly turn to porn, smut and "sextortion." Yup, this was the first time that word had ever been uttered on the Paul's Security Weekly, which required a visit to Urban Dictionary. As Allison noted, you can now get your very own sextortion coffee mugs, bumper stickers and magnets. The article described talks about how someone hacks into girls' computers (password guessing?), finds risqué photos and then uses those to get the girls to either send more pictures or go on video. Another man was recently charged with a similar crime where he'd talk to boys in IRC, get them to reveal themselves in a video chat where he'd then grab screenshots and use that against the victims. Lessons learned? If you are going to take a nude picture of yourself, DON'T INCLUDE YOUR FACE! But if push comes to shove, profit off it. As Paul said, it worked for the Kardashians and the Hiltons.

Did you know you're 182 times more likely to get malware on a news site than on a porn site?

China hacked the New York Times! Or did they? Wait, China did it? How in the world did a country of one billion people hack the NY Times. Isn't that the same thing as my blog getting hacked by the kid down the street and saying "The United States did it!" Maybe it was someone in China, maybe it was someone hired by Chinese government officials maybe it was someone who does things the same way that Chinese hackers have done it in the past. But as Allison and Jack noted, it's good that the Times is being so public with the situation.

As we begin adding more technology to embedded devices like televisions, we're not paying any additional attention to the security on them. Researchers are reporting having seen televisions and CCTV cameras pop up in their honeypots.

Paul talked about fifty million Universal Plug and Play network devices being open to packet attack. As he noted: "This is not a shock to me at all. UPnP is horrible, there just had to be a flaw in there somewhere. HD Moore found some, and turns out there are millions of vulnerable devices on the Internet. I am so happy to see this research come to light, it needs to happen. Free tools exist to check for the vulnerabilities, and details are forthcoming."

Speaking of forthcoming, the new version of Backtrack Linux is coming...

Oracle now cares about fixing the flaws in Java. Really? What could have possibly spurred this on? Maybe when the US Department of Homeland Security is telling everyone to stop using it? Maybe when they say they're patching the flaws and then a few minutes later, someone already has a new vulnerability for it? Good to know that this is what it takes for Oracle to finally care about security. Now imagine if such a company were involved in things like databases? Oh wait.

Wrapping this up with just a few more things. Paul talks about an XSS vulnerability in the VMware Management Interface. Free environment snapshots? Yes please!

Allison brings up the new law making it more illegal to jailbreak your mobile device if the carrier says you can not. But what about if you buy an unlocked phone for full price? That's ok, right?

Oh yeah, that grad student who was expelled from a Canadian university for telling them about their bad security practices? Well, it's actually a little worse. According to his expulsion letter, he was twice caught and admitted to using SQL injection to break into their informational systems. Yeah, that's a little more than just informing the school about their bad security practices, that's rubbing their nose in it. So lesson for the day, if you're paying someone thousands of dollars for a graduate degree, don't rub their nose in their bad security practices and expect to stick around.

Did you hear that Security BSides Rhode Island tickets are now on sale? Get them at http://bsidesri.eventbrite.com

Alissa Torres, Drunken Security News - Episode 317 - January 24, 2013

29 januari 2013 | 60 min

Alissa Torres is a certified SANS Instructor and Incident Handler at Mandiant, finding evil on a daily basis. Alissa began her career in information security as a Communications Officer in the United States Marine Corps and is a graduate of University of Virginia and University of Maryland. She's on tonight to talk to us about Bulk Extractor.

Cisco responds to the WRT54GL Linksys router hack. They're working on a fix for people being able to remotely get a root shell, but their recommendation in the meantime? Only let friends use your router. Oh yeah, with friends like these...

Have you signed up for the SANS webinar titled "Uninstall Java? Realistic Recommendation? No. Insanity? Yes!" with John Strand, Paul Asadoorian and Eric Conrad? It's coming up, this Tuesday at 2 pm EST.

Do you have all the HTTP response codes memorized? Someone is proposing a new range of 700-level codes Some that might be helpful: HTTP 725: It Works On My Machine. And I fear how often the Security Weekly web server will return an HTTP 767. It simply reads "Drunk".

Former Dawson College graduate student, Ahmed Al-Khabaz, who was expelled for allegedly hacking the university's infrastructure, has received multiple job offers. The guys talks about the situation with a little more detail than is often reported. He found a vulnerability and reported it. So far, so good. But then a little while later, he pointed a scanner at the vulnerability that he found, presumably setting off alarms. Even worse, the noise from the scanner pointed back to him. Once he reported the vulnerability, what's he doing going back to it, and as "evil" Jack mentions, why didn't Al-Khabaz cover his tracks better when he switched his hat color? Nonetheless, lots of weirdness abounds in this story. The university overreacted (what?!? a university overreacted? never!) instead of using this as a learning opportunity. Plus, the student may have made some mistakes along the way, yet he comes out better for it. So is the lesson here to hack your way to a job? Is that what the universities are for? Umm, no. Never go after something that you don't have explicit, written permission to hack. Plus there's Paul's suggestion of punishment here, the student should have been required to work the help desk for three months. That's enough to teach anyone a good lesson.

Drunken Security News - Episode 316 - January 17, 2013

21 januari 2013 | 46 min

Gene Kim & Josh Corman - Episode 316 - January 17, 2013

21 januari 2013 | 63 min

Drunken Security News - Episode 315 - January 10, 2013

14 januari 2013 | 45 min

Kati Rodzon & Mike Murray, CSRF Primer - Episode 315 - January 10, 2013

14 januari 2013 | 57 min

BSidesRI, Drunken News - Episode 314 - January 3, 2013

7 januari 2013 | 89 min

BSidesRI, Drunken News - Episode 313 - December 20, 2012

7 januari 2013 | 58 min

BSidesRI, Drunken News - Episode 312 - December 13, 2012

17 december 2012 | 62 min

GISKismet, Drunken News - Episode 311 - December 6, 2012

10 december 2012 | 68 min

Minipwner, Drunken News - Episode 310 - November 29, 2012

3 december 2012 | 68 min

Database Security, Drunken News - Episode 309 - November 20, 2012

26 november 2012 | 87 min

Firmware Hacking, Drunken - Episode 308 - November 15, 2012

19 november 2012 | 62 min

Mobile Hacking, Drunken - Episode 307 - November 1, 2012

7 november 2012 | 76 min

Drunken Security News - Episode 306 - October 25, 2012

7 november 2012 | 91 min

Drunken Security News - Episode 305 - October 18, 2012

23 oktober 2012 | 63 min

Incident Response in 3.08 MB - Always nice to see folks, like our good friend and Stogie Geeks co-host Tim Mugherini, writing about tools that work. This product just sounds useful: The idea behind Carbon Black (CB) is to monitor code execution. A small Windows agent is deployed to each host throughout the enterprise. This agent hashes each process, monitors the sub processes, module loads, registry edits, file writes, and network connections. Digital signatures and the activity of each binary is stored on the CB server.

National Weather Service Hacked - In other news, snow storms are reported in Miami, earthquakes in the mid-west, and its been raining in San Diego for 3 weeks straight, but sunny and 75 in Seattle. CSRF and XSS strike again! The Importance of Security Awareness - User awareness is still kicking around, and everyone seems to have a different take. One thing we all agree on is that it leaves gaps, which is why you need other stuff to protect your organization. After exploring this topic, I am of the opinion that you need an awareness program. There are several companies providing this type of service, go seek them out, get a solution to educate your users that fits you, and your budget/ROI, and run with it. I firmly believe this is something everyone needs to have, just like a firewall or IDS (as lame as that sounds). Know how much return each defensive measure provides and use it accordingly.

Zero-day attacks last much longer than most would believe - This speaks to the huge problem we have with software security. On average, its takes 10 months to uncover a 0day vulnerability. Yikes, 10 months is a long time and a lotof damage will occur.

Pacemaker hacker says worm could possibly 'commit mass murder' | Computerworld Blogs - Barnaby Jack strikes again, in what could be a huge problem. This is something that has always bothered me, what happens when criminals take advantage of technology to damage people? Sure, many evil hacking groups launch DoS attacks and break into places like Sony. Thats the least of our worries, as when attacks can affect people's health and well-being on a mass scale, its a game changer. We've seen some car hacking stuff, but pacemakers hit the "heart" of the matter. The response seems to be as much diluted as it always has been, lots of finger pointing and disbelief.

Dan Kuykendall - Episode 305 - October 18, 2012

23 oktober 2012 | 53 min

Wordpress Insecurity, Drunken Security News - Episode 304 - October 11, 2012

16 oktober 2012 | 79 min

Guest Tech Segment: Charlie Eriksen on Wordpress plugin security

In this technical segment, we will look at Charlie Eriksens research into Wordpress plugin security. By searching large amounts of code for code that is often insecurely written, it is possible to find a large amount of vulnerabilities in plugins running on thousands of Wordpress sites across the internet.

Stories

How Your #Naked Pictures Ended Up on the Internet The Security-Conscious Uncle - Yea, I'm talking about ATM card security. After reading this, and hearing my thoughts and views on Debit cards, I want to keep my money in my own safe. Banks make it so hard to keep your money secure. I don't want a Debit card, its a ridiculous concept that only benefits the bank. I want more than a 4-digit pin number too. My best advice is to only tie your ATM card to an account with a small amount of cash to limit damages, if your bank even allows you to do that. No homecoming queen vote if you don't wear RFID tag? - I'm sorry, I don't want to wear an RFID tag. Tracking students has gotten way out of control. I proved how you can clone RFID tags in a MA CCDC compition. So, students, if you want a lesson on how to become any one of your classmates, please come find me. Hacker wins $60 - Don't get me wrong, I think this is a good thing. The more we encourage legit folks to find vulnerabilities, the better. Firefox 16 pulled offline following security flaw find - Firefox is becoming the new IE! Mobile Brings a New Dimension to the Enterprise Risk Equation - I think I've solved the BYOD problem, just buy all employees brand new iPhone 5s, manage them with an MDM (like Apple Profile Manager) and everyone is happy. I think this comes down to giving the people what they want. Reporting Mistakes - I agree that we need to be forthcoming about where security has failed. I don't get First, talking about the exact way to exploit an 0day makes it easier for more people to exploit it. Learning of a 0Day exploit, and the details, gives us a fighting chance to defend ourselves. I think there has to be some quiet time if you want to involved the vendor, then you gotta tell people. It also depends on the nature of the 0day, maybe the vendor won't listen, or maybe its 0Day in the DNS protocol. James Bond's Dry Erase Marker: The Hotel PenTest Pen - SpiderLabs Anterior - This is just way too super cool, best usage of Arduino and Dry Erase marker EVER (maybe the only usage of the two together). HP Communities - CISO Concerns - Security vs. Usability - CISOs love to bat around terms like security, usability, compliance, affordability, ROI, etc... These are fine, in the right context, but lets not forget, you have the word security in your title, and at some level you have to prevent people from getting pwned. Sometimes I think we lose site of that.

Daniel Suarez - Episode 304 - October 11, 2012

16 oktober 2012 | 54 min

Drunken Security News - Episode 303 - October 4, 2012

11 oktober 2012 | 63 min

Mark Russinovich - Episode 303 - October 4, 2012

11 oktober 2012 | 45 min

Drunken Security News - Episode 302 - September 13, 2012

18 september 2012 | 50 min

Paul's Stories

A Guide To Network Vulnerability Management - Dark Reading - If you want the "training wheels" approach to vulnerability management, then you should read this article. However, the problem goes so much deeper, and this article doesn't even know what tool to use in order to scratch the surface. Sure, you gotta know what services are running on your systems, but it goes so much deeper than that. Environments, threats, systems and people all change, so howdo you keep up? How do you really find, and more importantly fix, the vulnerabilities in your environment?

Old Operating Systems Die Harder - Dark Reading - Okay, here is where you could make a lot of money. Create a company that can actually provide some real security to legacy operating systems. So many of our defenses fail if there is a vulnerability that doesn't have a patch. You can implement some security, but it doesn't really solve the true problem. Once an attacker is able to access the system, its game over. Unless, there is something that can really solve the problem, even thwart the exploit and/or shellcode. Technologies exist, but back-porting to legacy systems is not often done. And this is where we need the help.

Microsoft Disrupts ‘Nitol’ Botnet in Piracy Sweep - Microsoft takes down another botnet. Why is this news? Not-so-sure, as this should be the rule rather than the exception.

Blackhole Exploit Kit updates to 2.0 - Check this out, attackers are implementing security! Check this out, this exploit kit now sports: Dynamic URL generation, so there is no longer a standard URL pattern that could be used to identify the kit.IP blocking at the executable URL, so that AV companies can't just download your binary. This is meant to slow down AV detection. Use of Captcha in the admin panel login page, to prevent brute forcing unauthorized access. If legit defendersonly did all that, well, except for the CAPTCHA, which is useless.

Domino's Pizza says website hacked - One of the most useful things the Internet has ever given birth to, aside from access to free porn, is the ability to order pizza online. So back off! Oh, then there is this: "This is a very unfortunate event which has happened despite the security ecosystem that we have created around our online assets. Some security "ecosystem" you got there.

More SSL trouble - SSL is broken, again, Drink!

Apple unveils redesigned iPhone 5 with 4-inch display - I did not see any mention of improved security, but what a sexy device. Wireless now supports dual band n, which is awesome.

Google helps close 163 security vulnerabilities in iTunes - iTunes is a beast, I use it all the time and well at the end of the day its kind of a resource pig, but gets the job done. However, its pretty crappy software, tons of vulnerabilities, and new ones found by Google! Webkit was to blame for many...#Antivirus programs often poorly configured - New study finds AV is not configured correctly. No huge surprises there... Do weneed to make it easier to configure or are people just lazy or both?

Larry's stories

Who's your GoDaddy - [Larry] - Yup, GoDaddy dns was down for the count. This included their own authoritative DNS as well as for those for the hosted stuff. Of course, now folks are talking about DoS against root name servers, and OMG the sky is falling. Of course, a single Anonymous member took credit, and GoDaddy, said along the lines of "Ooops, we tripped on a cable and corrupted our routing tables". Who do you believe… In other notes, a leaf fell from a tree and an individual member from anonymous took credit.

What happens when your encryption is EOL-ed - [Larry] - Victorinox (the Swiss Army folks) are offering full refunds if you return the secure usb thumb drives. Why? As of September 15th the certificate will expire, and they have no intent on renewing and are stopping support for the software. If you don't get your data out of the encrypted volume before then, you'll allegedly lose it. So, what happens when we have something else like this that is significantly more mission critical, we have significant investment and no upgrade path. Choose wisely.

Judge rules WiFi Sniffing Legal - [Larry] - Basically it boils down that is you have an open network and the data is in the clear, you should be able to sniff it. Don't want someone to sniff it? Encrypt it - and yes, WEP would be sufficient for word of law here. So, why did the judge rule this way? Wireless is a shared medium. If you are not allowed to sniff traffic that is not destined to you, then how are you able to determine that the traffic on said network is destined for you? Ruling against it would make all WiFi networks illegal, just by nature of the technology.

ACTUAL Stego in the wild for "legitimate purpose" - [Larry] - I just put this story in for Darren to bust John's stones. But, it appears that Blizzard has been embedding information about the user via stegonaography into screenshots taken by the WoW clients.

Jack's Ruminations

Half of all Androids have Vulns? Also, water is wet. I'm surprised at this, I would have expected much higher. Android phones are at the mercy of their carriers for updates. And carriers are not noted for their mercy.

Chip and Pin, er, PWN Chip and pin research shows that this bandage for the fundamentally obsolete and insecure payment card systems. The EMV protocol has crypto issues, as in "programmers may not be using cryptographic random number generator algorithms to create UNs, and instead may be using counters, timestamps or homegrown algorithms that are not so random."

New FBI Facial Recognition program what could possibly go wrong? From the article "nabbing crooks after a crime is only part of the appeal. The technology also foreshadows upcoming security enhancements that will stop many offenses before they start". That "before they start" bit sounds pretty damned scary to me.

Jason Lam Interview - Episode 302 - September 13, 2012

18 september 2012 | 44 min

Drunken Security News - Episode 301 - September 6, 2012

18 september 2012 | 66 min

Show Notes: http://securityweekly.com/wiki/index.php/Episode301

Answers to Allison's Puzzle Contest, Paul's Stories:

100,000 Vulnerabilities - Security vulnerabilities measured in numbers is sometimes a scary thing. At some level there you can prove strength or weakness in numbers. If you count vulnerabilities, for better or worse, how are you qualifying them? Severity? Exploitability? Ubiquity? All those things, and more, can impact your view on the matter, in fact it can make it matter, or not. The point being, try not to play the numbers game. There is a "shit ton" of vulnerabilities out there, and what we do to prevent them from happening in the first place and how we deal with them in the real world is what matters.

Schneier on Security: CSOs/CISOs Wanted: Cloud Security Questions - This is one topic which we did not debate, that is the cloud. I think, like security vs. obscurity, its a simple solution on the surface. For example, if you care about your data, don't store it in the cloud. Similarly, if you care about the security of anything, don't just obscure it, secure it. Wow, that sounds even cheesier than I thought. Secret account in mission-critical router opens power plants to tampering | Ars Technica - This speaks to the continued lack of awareness in device manufacturers when it comes to security. I'm baffled that they have not solved the problem. The common problems they have, such as easily exploitable vulnerabilities, are easy to fix. It requires two things: Awarenesss training for developers and QA (ala Rugged/DevOps) and regular security assessments. In the grand scheme of things, it doesn't cost all that much. In the end, you produce a better product. Hopefully the market has changed, and customers value security as one component of a great product. Or maybe I live in a dream world...

The Social-Engineer Toolkit (SET) v3.7 Street Cred has been released. « - Java 0-Day is in SET. Coupled with the other Java payloads, this ensures your phishing success. On the defense side, I disagree with everyone saying "Disable Java" or "Disable Flash". There is going to be users that require this technology. Those are the users we will target. Sure, it reduces your attack surface, and that does help. But I believe what people miss the boat is just how deep "security" needs to go. Its more than layers. Its more than awareness and technology. Its about doing all sorts of things to keep your organization resilient to attacks, and having a plan to deal with successful attacks and minimize damage.

Cracking Story – How I Cracked Over 122 Million SHA1 and MD5 Hashed Passwords « Thireus' Bl0g - Nice crack...ing.

BYOD creates generation of workaholics - Saying that BYOD adds 20 hours to your work week is ridiculous. How much work can you really get done on your smartphone? If your spending that much time in email or some such thing, you need to re-evaluate your strategy. Devices and technology should make you more productive or your doing it wrong. However, it does increase the threat landscape.

3 security mistakes your management is making now - I have to say, and this usually never happens, I agree with Roger, at least on the first point of testing vendor products. I think a lot of people get this wrong. It goes deeper than what Roger stated. Sure, you should test out products before you buy them, and even use them on real production networks. Also, you have to understand your problems, develop requirements, and research the right way to test, install and configure the said products. Many don't do this and end up with the wrong products for the wrong reasons. Along these lines, products that work for others may not work for you, so don't put too much stake in what works for others. I also agree that priorities couldn't be more wrong. Attacker are successfully phishing you, so lets buy an IPS and firewall. WTF? The whole thing about "drift" is bit puzzling, but I think it just needs better clarification. Configuration management is important. The first thing most do wrong is never define a secure configuration. If you've made it that far, most don't do much to keep the systems in a secure state. The toughest organizations to break into are ones that have a secure config and work to keep systems that way.

[papers - How to Use PyDbg as a Powerful Multitasking Debugger] - Love the Python debugger, just sayin'.

Marc Maiffret - Episode 301 - September 6, 2012

18 september 2012 | 42 min

Hack Your Car! - Episode 300 Pt.8 - August 31, 2012

18 september 2012 | 17 min

Is PenTesting Worth It? - Episode 300 Pt.7 - August 31, 2012

18 september 2012 | 37 min

Guests: Ed Skoudis, Alex Horan, Ron Gula, Weasel

Once upon a time a big bad pen tester gets a contract with 3 little pigs, Inc. On the first test, he huffs, and he puffs and blows down the network made of straw. On the next test, you build it out of sticks, and you get the same result (everyone now, he huffs and he puffs and he…). On the next test, you build your network out of bricks, and the big bad pen tester shows up with a wrecking ball, knocks down the house and presents you with an invoice.

(strange sci-fi sound)

In a parallel universe, the big bad pen tester contracts with 3 little pigs inc. The first test the straw house gets knocked down rather fast. But 3 little pigs Inc. gets a report outlining the weaknesses in construction along with recommendations for improvement. The knocking down of the house was a mere simulation, and they are given an opportunity to add a layer to the network, of sticks. The next test the big pad pen tester has to huff and puff, and huff and puff again, simulating another network destruction. No harm is really done, so the process repeats, until a wall of bricks is built. Now the only big bad person able to get through has to really work at it, too much huffing and puffing, and decides to go rob the three little bears instead, using their APT, and eating their IP. First question for the group, 3-5 minutes each, is penetration testing worth it, why or why not?

What benefits to you receive from a "good" penetration test and what are the qualities of a "good" penetration test? If someone were to give you a "penetration test", then run a couple of automated tools and provide the stock report, is this a bad thing in all cases? If we don't test our defenses in a controlled experiment, how do we really know they work? Lets say a penetration tester is conducting an internal penetration test, and finds out quickly that more than 50 servers have missing patches for vulnerabilities that lead to a reliable shell. What is the benefit of the penetration test from this point?

Automate Wifi, pfSense for Pentesting - Episode 300 Pt.6 - August 31, 2012

18 september 2012 | 25 min

Defending Your Network - What really works? - Episode 300 Pt.5 - August 31, 2012

18 september 2012 | 40 min

Dual Core Interview - Episode 300 Pt.4 - August 31, 2012

18 september 2012 | 22 min

Data Mining ETW, AWSIEM - Episode 300 Pt.3 - August 31, 2012

18 september 2012 | 35 min

End User Security Awareness Panel - Episode 300 Pt.2 - August 31, 2012

10 september 2012 | 49 min

Donate to Breast Cancer Research - Episode 300 Pt.1 - August 31, 2012

7 september 2012 | 64 min

Drunken Security News - Episode 299 Pt.2 - August 9, 2012

16 augusti 2012 | 61 min

Interview with Wade Alcorn - Episode 299 Pt.1 - August 9, 2012

16 augusti 2012 | 46 min

Interview with Kevin Finisterre - Episode 298 - August 3, 2012

16 augusti 2012 | 29 min

Metasploit Pivoting, Blackhat, BSides & Defcon - Episode 297 - August 2, 2012

6 augusti 2012 | 69 min

Pentesticles, Wireless Honeypots - Episode 296 - July 12, 2012

17 juli 2012 | 91 min

Drunken Security News - Episode 295 - July 5, 2012

12 juli 2012 | 56 min

Randy Marchany - Episode 295 - July 5, 2012

12 juli 2012 | 51 min

Kon-Boot, Drunken Security - Episode 294 - June 28, 2012

2 juli 2012 | 77 min

Marcus Sachs Interview - Episode 294 - June 28, 2012

2 juli 2012 | 56 min

Drunken Security News - Episode 293 - June 21, 2012

26 juni 2012 | 58 min

Jonathan Cran, Fiddler2 - Episode 293 - June 21, 2012

26 juni 2012 | 50 min

Drunken Security News - Episode 292 - June 14, 2012

18 juni 2012 | 62 min

Thomas Ptacek - Episode 292 - June 14, 2012

18 juni 2012 | 59 min

Cheap Wireless Pen Testing, Web Server Enum - Episode 291 - June 8, 2012

12 juni 2012 | 56 min

Metasploit RFI exploits, Drunken Security News - Episode 290 - May 31, 2012

5 juni 2012 | 64 min

Anti-Forensics, SQL Injection - Episode 290 - May 31, 2012

5 juni 2012 | 55 min

Zach Lanier, Playbook Hacking - Episode 289 - May 24, 2012

30 maj 2012 | 68 min

RF Detector, Skipfish & Drunken Security News - Episode 289 - May 17, 2012

21 maj 2012 | 51 min

Cedric Blancher, Social Engineering Using Product Packaging - Episode 288 - May 17, 2012

21 maj 2012 | 63 min

Dradis & Drunken Security News - Episode 287 - May 10, 2012

17 maj 2012 | 53 min

Dr. Anton Chuvakin - Episode 287 - May 10, 2012

17 maj 2012 | 43 min

Pen Testing, Exploits & Vulnerabilities Oh My! - Episode 286 - May 3, 2012

7 maj 2012 | 61 min

Drunken Security News - Episode 286 - May 3, 2012

7 maj 2012 | 59 min

Drunken Security News - Episode 285 - April 26, 2012

1 maj 2012 | 86 min

Drunken Security News - Episode 284 - April 19, 2012

24 april 2012 | 84 min

Drunken Security News - Episode 283 - April 12, 2012

16 april 2012 | 63 min

Gene Kim - Episode 283 - April 12, 2012

16 april 2012 | 42 min

Alan Paller - Episode 282 - April 5, 2012

10 april 2012 | 86 min

Dan Geer - Episode 282 - April 5, 2012

10 april 2012 | 49 min

Live from SANS Orlando - Episode 281 - March 23, 2012

3 april 2012 | 46 min

Live from CCDC - Episode 280 - March 16, 2012

20 mars 2012 | 54 min

Drunken Security News - Episode 279 - March 8, 2012

14 mars 2012 | 60 min

Tonya Bacam, Security Onion - Episode 279 - March 8, 2012

14 mars 2012 | 64 min

Jeremiah Grossman, Security News - Episode 278 - February 16, 2012

23 februari 2012 | 93 min

Adam Shostack, Security News - Episode 277 - February 9, 2012

14 februari 2012 | 89 min

Drunken Security News - Episode 276 - February 2, 2012

10 februari 2012 | 61 min

Joe Stewart on Malware Analysis - Episode 276 - February 2, 2012

10 februari 2012 | 56 min

Jon "maddog" Hall - Paul's Security Weekly #275

30 januari 2012 | 77 min

SET and Drunken Security - Episode 274 Part 2 - January 19, 2012

24 januari 2012 | 53 min

HD Moore on Metasploit - Episode 274 Part 1 - January 19, 2012

24 januari 2012 | 70 min

Building a pfSense Access Point - Episode 273 Part 2 - January 12, 2012

18 januari 2012 | 44 min

Social Engineering Framing - Episode 273 Part 1 - January 12, 2012

18 januari 2012 | 50 min

Bruce Schneier - Episode 272 Part 1 - January 5, 2012

10 januari 2012 | 52 min

Robin Wood & Drunken Security News - Episode 272 Part 2 - January 5, 2012

10 januari 2012 | 56 min

Drunken Security News - Episode 271 Part 2 - December 22, 2011

3 januari 2012 | 36 min

Jason Fossen - Episode 271 Part 1 - December 22, 2011

3 januari 2012 | 56 min

Drunken Security News - Episode 270 - December 15, 2011

19 december 2011 | 78 min

Drunken Security News - Episode 269 - December 8, 2011

13 december 2011 | 59 min

Katie Moussouris Interview, CSRF How-To - December 8, 2011

13 december 2011 | 51 min

Drunken Security News - Episode 268 - December 1, 2011

6 december 2011 | 49 min

Hard Drive Forensics with Scott Mouton - Episode 268 - December 1, 2011

6 december 2011 | 66 min

Simple Nomad - Episode 267 - November 17, 2011

21 november 2011 | 72 min

Drunken Security Horror - Episode 265 - October 28, 2011

7 november 2011 | 68 min

ESX passwords, brute forcing, Metasploit - Episode 265 - October 28, 2011

7 november 2011 | 61 min

Pushpin & Hacking Smartphones - Episode 265 - October 28, 2011

7 november 2011 | 33 min

Robert Graham - Episode 265 - October 28, 2011

7 november 2011 | 44 min

Volume Shadow Copies - Episode 265 - October 28, 2011

7 november 2011 | 32 min

Jeff Moss - Episode 266 - November 3, 2011

7 november 2011 | 65 min

266-Part2

7 november 2011 | 52 min

Kevin Mitnick - Episode 265 - October 28, 2011

3 november 2011 | 65 min

Ron Gula - Episode 265 - October 28, 2011

1 november 2011 | 31 min

Marcus Ranum - Episode 265 - October 28, 2011

1 november 2011 | 41 min

Johnny Long - Episode 265 - October 28, 2011

1 november 2011 | 23 min

Paul's Security Weekly - Episode 264 Part 2 - October 20, 2011

25 oktober 2011 | 56 min

Paul's Security Weekly - Episode 264 Part 1 - October 20, 2011

25 oktober 2011 | 47 min

Paul's Security Weekly - Episode 263 Part 3 - October 13, 2011

18 oktober 2011 | 43 min

Paul's Security Weekly - Episode 263 Part 2 - October 13, 2011

18 oktober 2011 | 52 min

Paul's Security Weekly - Episode 263 Part 1 - October 13, 2011

18 oktober 2011 | 53 min

Paul's Security Weekly - Episode 262 Part 2 - October 6, 2011

12 oktober 2011 | 72 min

Paul's Security Weekly - Episode 262 Part 1 - October 6, 2011

12 oktober 2011 | 67 min

Paul's Security Weekly - Episode 261 - September 29, 2011

12 oktober 2011 | 46 min

Paul's Security Weekly - Episode 260 Part 2 - September 22nd 2011

27 september 2011 | 56 min

Paul's Security Weekly - Episode 260 Part 1 - September 22nd 2011

27 september 2011 | 59 min

Paul's Security Weekly - Episode 259 Part 2 - September 15th 2011

21 september 2011 | 47 min

Paul's Security Weekly - Episode 259 Part 1 - September 15th 2011

21 september 2011 | 68 min

Paul's Security Weekly - Episode 258 Part 2 - September 8th 2011

13 september 2011 | 59 min

Paul's Security Weekly - Episode 258 Part 1 - September 8th 2011

13 september 2011 | 67 min

Paul's Security Weekly - Episode 257 Part 2 - September 1st 2011

13 september 2011 | 42 min

Paul's Security Weekly - Episode 257 Part 1 - September 1st 2011

9 september 2011 | 78 min

Paul's Security Weekly - Episode 256 Part 2 - August 26th 2011

6 september 2011 | 59 min

Paul's Security Weekly - Episode 256 Part 1 - August 26th 2011

1 september 2011 | 70 min

Paul's Security Weekly - Episode 255 Part 2 - August 18th 2011

25 augusti 2011 | 56 min

Paul's Security Weekly - Episode 255 Part 1 - August 18th 2011

22 augusti 2011 | 57 min

Paul's Security Weekly - Episode 254 Part 2 - August 11th 2011

16 augusti 2011 | 56 min

Paul's Security Weekly - Episode 254 Part 1 - August 11th 2011

16 augusti 2011 | 66 min

Paul's Security Weekly - Episode 253 Part 2 - July 28th 2011

9 augusti 2011 | 55 min

Paul's Security Weekly - Episode 253 Part 1 - July 28th 2011

31 juli 2011 | 53 min

Paul's Security Weekly - Episode 252 - July 21st 2011

26 juli 2011 | 67 min

Paul's Security Weekly - Episode 251 part 2 - July 14th 2011

22 juli 2011 | 75 min

Paul's Security Weekly - Episode 251 part 1 - July 14th 2011

22 juli 2011 | 49 min

Paul's Security Weekly - Episode 250 part 2 - July 7th 2011

20 juli 2011 | 87 min

Paul's Security Weekly - Episode 250 part 1 - July 7th 2011

18 juli 2011 | 63 min

Paul's Security Weekly - Episode 249 part 2 - June 23rd 2011

5 juli 2011 | 71 min

Paul's Security Weekly - Episode 249 part 1 - June 23rd 2011

28 juni 2011 | 36 min

Paul's Security Weekly - Episode 248 part 2 - June 16th 2011

23 juni 2011 | 79 min

Paul's Security Weekly - Episode 248 part 1 - June 16th 2011

21 juni 2011 | 77 min

Paul's Security Weekly - Episode 247 - June 9th 2011

13 juni 2011 | 111 min

Paul's Security Weekly - Episode 246 - June4th 2011

4 juni 2011 | 78 min

Paul's Security Weekly - Episode 245 part 2 - May 26th 2011

2 juni 2011 | 92 min

Paul's Security Weekly - Episode 245 part 1 - May 26th 2011

1 juni 2011 | 39 min

Paul's Security Weekly - Episode 244 part 2 - May 19th 2011

25 maj 2011 | 82 min

Paul's Security Weekly - Episode 244 - May 19th 2011

24 maj 2011 | 46 min

Paul's Security Weekly - Episode 243 - May 12th 2011

16 maj 2011 | 92 min

Paul's Security Weekly - Episode 242 - May 6th 2011

9 maj 2011 | 72 min

Security Weekly #241 - April 28th 2011

1 maj 2011 | 92 min

Security Weekly - Security Weekly - Episode 240 - April 21th 2011

26 april 2011 | 86 min

Security Weekly - Security Weekly - Episode 239 part 2 - April 14th 2011

20 april 2011 | 90 min

Security Weekly - Security Weekly - Episode 239 part 1 - April 7th 2011

18 april 2011 | 46 min

Security Weekly - Security Weekly - Episode 238 - April 7th 2011

10 april 2011 | 102 min

Security Weekly - Security Weekly - Episode 237 part 2 - March 31st 2011

7 april 2011 | 96 min

Security Weekly - Security Weekly - Episode 237 Part 1 - March 31st 2011

5 april 2011 | 33 min

Security Weekly - Security Weekly - Episode 236 - March 24th 2011

28 mars 2011 | 134 min

Security Weekly - Security Weekly - Episode 235 Part 2 - March 17th 2011

22 mars 2011 | 97 min

Security Weekly - Security Weekly - Episode 235 Part 1 - March 17th 2011

21 mars 2011 | 47 min

Security Weekly - Security Weekly - Episode 234 - March 10th 2011

14 mars 2011 | min

Security Weekly - Security Weekly - Episode 233 part 2 - March 3rd 2011

9 mars 2011 | 79 min

Security Weekly - Security Weekly - Episode 233 part 1 - March 3rd 2011

6 mars 2011 | 38 min

Security Weekly - Security Weekly - Episode 232 - Feburary 24th 2011

26 februari 2011 | 98 min

Security Weekly - Security Weekly - Episode 231 part 2- Feburary 17th 2011

23 februari 2011 | 91 min

Security Weekly - Security Weekly - Episode 231 - Feburary 10th 2011

21 februari 2011 | 39 min

Security Weekly - Security Weekly - Episode 230 - Feburary 10th 2011

12 februari 2011 | 89 min

Security Weekly - Security Weekly - Episode 229 - Feburary 3rd 2011

8 februari 2011 | 85 min

Security Weekly - Security Weekly - Episode 228 - January 29th 2011

2 februari 2011 | 46 min

Security Weekly - Security Weekly - Episode 227 part 2 - January 20th 2011

26 januari 2011 | 64 min

Security Weekly - Security Weekly - Episode 227 part 1 - January 20th 2011

24 januari 2011 | 52 min

Security Weekly - Security Weekly - Episode 226 part 2 - January 13th 2011

20 januari 2011 | 86 min

Security Weekly - Security Weekly - Episode 226 part 1 - January 13th 2011

19 januari 2011 | 50 min

Security Weekly - Security Weekly - Episode 225 part 2 - January 6th 2011

12 januari 2011 | 58 min

Security Weekly - Security Weekly - Episode 225 part 1 - January 6th 2011

12 januari 2011 | 56 min

Security Weekly - Security Weekly - Episode 224 part 2 - December 16, 2010

24 december 2010 | 39 min

Security Weekly - Security Weekly - Episode 224 part 1 - December 16, 2010

24 december 2010 | 55 min

Security Weekly - Security Weekly - Episode 223 - December 9, 2010

12 december 2010 | 98 min

Security Weekly - Security Weekly - Episode 222 - December 2, 2010

7 december 2010 | 61 min

Security Weekly - Security Weekly - Episode 221 - November 23, 2010

24 november 2010 | 77 min

Security Weekly - Security Weekly - Episode 220 Part 2 - November 18, 2010

23 november 2010 | 114 min

Security Weekly - Security Weekly - Episode 220 Part 1 - November 18, 2010

22 november 2010 | 49 min

Security Weekly - Security Weekly - Episode 219 Part 2 - November 11, 2010

14 november 2010 | 74 min

Security Weekly - Security Weekly - Episode 219 Part 1 - November 11, 2010

14 november 2010 | 77 min

Security Weekly - Security Weekly - Episode 218 Part 2 - November 4, 2010

10 november 2010 | 93 min

Security Weekly - Security Weekly - Episode 218 Part 1 - November 4, 2010

9 november 2010 | 30 min

Security Weekly - Security Weekly - Episode 217 Part 2 - October 28, 2010

1 november 2010 | 92 min

Security Weekly - Security Weekly - Episode 217 part 1 - October 28, 2010

1 november 2010 | 75 min

Security Weekly - Security Weekly - Episode 216 part 2 - October 21, 2010

27 oktober 2010 | 73 min

Security Weekly - Security Weekly - Episode 216 part 1 - October 21, 2010

26 oktober 2010 | 66 min

Security Weekly - Security Weekly - Episode 215 - October 14, 2010

18 oktober 2010 | 104 min

Security Weekly - Security Weekly - Episode 214 part 2 - September 30th

14 oktober 2010 | 77 min

Security Weekly - Security Weekly - Episode 214 part 1 - September 30th

13 oktober 2010 | 47 min

Security Weekly - Security Weekly - Episode 213 - September 30th

5 oktober 2010 | 112 min

Podcaster Meetup - BruCon 2010

30 september 2010 | 72 min

Security Weekly - Security Weekly - Episode 212 Part 2 - September 23rd 2010

28 september 2010 | 81 min

Security Weekly - Security Weekly - Episode 212 Part 1 - September 23rd 2010

26 september 2010 | 42 min

Security Weekly - Security Weekly - Episode 211 Part 2 - September 16th 2010

21 september 2010 | 54 min

Security Weekly - Security Weekly - Episode 211 Part 1 - September 16th 2010

20 september 2010 | 47 min

Security Weekly - Security Weekly - Episode 210 Part 2 - September 9th 2010

14 september 2010 | 92 min

Security Weekly - Security Weekly - Episode 210 Part 1 - September 9th 2010

13 september 2010 | 33 min

Security Weekly - Security Weekely - Episode 209 Part 2 - September 2nd, 2010

8 september 2010 | 84 min

Security Weekly - Security Weekely - Episode 209 Part 1 - September 2nd, 2010

6 september 2010 | 41 min

Paul's Security Weekly - Episode 208 Part 2 - August 26, 2010

2 september 2010 | 73 min

Security Weekly - Security Weekly - Episode 208 Part 1 - August 26, 2010

30 augusti 2010 | 53 min

Security Weekly - Security Weekly - Episode 207 part 1 - August 19, 2010

25 augusti 2010 | 44 min

Security Weekly - Security Weekly - Episode 207 part 1 - August 19, 2010

23 augusti 2010 | 85 min

Security Weekly - Security Weekely - Episode 206 Part 2 - August 12th, 2010

22 augusti 2010 | 36 min

Paul's Security Weekly - Episode 206 -August 12, 2010

12 augusti 2010 | 69 min

Paul's Security Weekly - Episode 205 - Special Edition - Mathew Shoemaker

11 augusti 2010 | 3 min

Paul's Security Weekly - Episode 204 -August 2, 2010

2 augusti 2010 | 63 min

Paul's Security Weekly - Episode 203- July 21, 2010

31 juli 2010 | 83 min

Paul's Security Weekly - Episode 202 Part 2- July 15th, 2010

23 juli 2010 | 69 min

Paul's Security Weekly - Episode 202 - July 15th, 2010

15 juli 2010 | 49 min

Paul's Security Weekly - Episode 201 - July 1st, 2010

8 juli 2010 | 96 min

Paul's Security Weekly - Episode 200 FINAL - June 4th, 2010

1 juli 2010 | 80 min

Paul's Security Weekly - Episode 200 part 5 - June 4th, 2010

26 juni 2010 | 48 min

Paul's Security Weekly - Episode 200 part 5 - June 4th, 2010

24 juni 2010 | 43 min

Paul's Security Weekly - Episode 200 part 4 - June 4th, 2010

23 juni 2010 | 28 min

Paul's Security Weekly - Episode 200 part 3 - June 4th, 2010

17 juni 2010 | 54 min

Paul's Security Weekly - Episode 200 part 2 - June 4th, 2010

14 juni 2010 | 58 min

Paul's Security Weekly - Episode 200 - June 4th, 2010

11 juni 2010 | 54 min

Paul's Security Weekly - Episode 199 - May 13, 2010

17 maj 2010 | 80 min

Paul's Security Weekly - Episode 198 - May 6, 2010

10 maj 2010 | 72 min

Paul's Security Weekly - Episode 197 Part 1 - April 29, 2010

3 maj 2010 | 48 min

Paul's Security Weekly - Episode 197 Part 2 - April 29, 2010

3 maj 2010 | 42 min

Paul's Security Weekly - Episode 196 - April 23, 2010

26 april 2010 | 85 min

Paul's Security Weekly - Episode 195 Part 2 - April 15, 2010

17 april 2010 | 41 min

Paul's Security Weekly - Episode 195 Part 1 - April 15, 2010

17 april 2010 | 63 min

Paul's Security Weekly - Episode 194 Part 2 - April 8, 2010

12 april 2010 | 46 min

Paul's Security Weekly - Episode 194 Part 1 - April 8, 2010

12 april 2010 | 52 min

Paul's Security Weekly - Episode 193 Part 2 - April 1, 2010

6 april 2010 | 44 min

Paul's Security Weekly - Episode 193 Part 1 - April 1, 2010

6 april 2010 | 52 min

Paul's Security Weekly - Episode 192 Part 1 - March 25, 2010

1 april 2010 | 35 min

Paul's Security Weekly - Episode 192 Part 2 - March 25, 2010

1 april 2010 | 46 min

Paul's Security Weekly - Episode 191 Part 2 - March 18, 2010

24 mars 2010 | 42 min

Paul's Security Weekly - Episode 191 Part 1 - March 18, 2010

24 mars 2010 | 54 min

Paul's Security Weekly - Episode 190 - March 12, 2010

17 mars 2010 | 30 min

Paul's Security Weekly - Episode 189 - March 5, 2010

9 mars 2010 | 64 min

Paul's Security Weekly - Episode 188 Part 2 - February 25, 2010

1 mars 2010 | 60 min

Paul's Security Weekly - Episode 188 Part 1 - February 25, 2010

1 mars 2010 | 54 min

Paul's Security Weekly - Episode 187 Part 2 - February 18, 2010

21 februari 2010 | 64 min

Paul's Security Weekly - Episode 187 Part 1 - February 18, 2010

21 februari 2010 | 34 min

Paul's Security Weekly - Episode 186 Part 2 - February 11, 2010

19 februari 2010 | 61 min

Shmoocon 2010 Podcaster Meetup

15 februari 2010 | 57 min

Paul's Security Weekly - Episode 186 Part 1 - February 11, 2010

15 februari 2010 | 45 min

Paul's Security Weekly - Episode 185 Part 2 - January 28, 2010

4 februari 2010 | 50 min

Paul's Security Weekly - Episode 185 Part 1 - January 28, 2010

4 februari 2010 | 51 min

Paul's Security Weekly - Episode 184 Part 2 - January 21, 2010

1 februari 2010 | 60 min

Paul's Security Weekly - Episode 184 Part 1 - January 21, 2010

27 januari 2010 | 52 min

Paul's Security Weekly - Episode 183 Part 2 - January 14, 2010

26 januari 2010 | 62 min

Paul's Security Weekly - Episode 183 Part 1 (for real) - January 14, 2010

23 januari 2010 | 55 min

Paul's Security Weekly - Episode 182 Part 2 - January 7, 2010

19 januari 2010 | 55 min

Paul's Security Weekly - Episode 182 Part 1 - January 7, 2010

12 januari 2010 | 59 min

Paul's Security Weekly - Episode 181 - December 23, 2009

3 januari 2010 | 60 min

Paul's Security Weekly - Episode 180 Part 2 - December 17, 2009

2 januari 2010 | 62 min

Paul's Security Weekly - Episode 180 Part 1 - December 17, 2009

30 december 2009 | 93 min

Paul's Security Weekly - Episode 179 Part 2 - December 11, 2009

23 december 2009 | 51 min

Paul's Security Weekly - Episode 179 Part 1 - December 11, 2009

20 december 2009 | 59 min

Paul's Security Weekly - Episode 178 Part 2 - December 4, 2009

14 december 2009 | 59 min

Paul's Security Weekly - Episode 178 Part 1 - December 4, 2009

9 december 2009 | 61 min

Paul's Security Weekly - Episode 177 Part 2 - November 27, 2009

7 december 2009 | 55 min

Paul's Security Weekly - Episode 177 Part 1 - November 27, 2009

1 december 2009 | 63 min

Paul's Security Weekly - Episode 176 Part 2 - November 19, 2009

29 november 2009 | 69 min

Paul's Security Weekly - Episode 176 Part 1 - November 19, 2009

23 november 2009 | 62 min

Paul's Security Weekly - Episode 175 - November 12, 2009

16 november 2009 | 110 min

Paul's Security Weekly - Episode 174 Part 2 - November 5, 2009

13 november 2009 | 65 min

Paul's Security Weekly - Episode 174 Part 1 - November 5, 2009

9 november 2009 | 58 min

Paul's Security Weekly - Episode 173 Part 2 - October 29, 2009

6 november 2009 | 70 min

Paul's Security Weekly - Episode 173 Part 1 - October 29, 2009

2 november 2009 | 56 min

Paul's Security Weekly - Episode 172 Part 2 - October 22, 2009

30 oktober 2009 | 77 min

Paul's Security Weekly - Episode 172 Part 1 - October 22, 2009

26 oktober 2009 | 54 min

Paul's Security Weekly - Episode 171 - October 15, 2009

16 oktober 2009 | 71 min

Paul's Security Weekly - Episode 170 - October 9, 2009

13 oktober 2009 | 68 min

Paul's Security Weekly - Episode 169 Part 2 - September 25, 2009

2 oktober 2009 | 47 min

Paul's Security Weekly - Episode 169 Part 1 - September 25, 2009

28 september 2009 | 134 min

Paul's Security Weekly - Episode 168 - September 17, 2009

21 september 2009 | 98 min

Paul's Security Weekly - Episode 167 - September 11, 2009

15 september 2009 | 114 min

Paul's Security Weekly - Episode 166 - September 4, 2009

8 september 2009 | 107 min

Paul's Security Weekly - Episode 165 - August 27, 2009

31 augusti 2009 | 130 min

Paul's Security Weekly - Episode 164 - August 20, 2009

21 augusti 2009 | 102 min

Paul's Security Weekly - Episode 163 - August 13, 2009

17 augusti 2009 | 116 min

Paul's Security Weekly - Episode 162 - August 6, 2009

13 augusti 2009 | 127 min

Paul's Security Weekly - Special Edition - Defcon 17 Podcasters Meetup

10 augusti 2009 | 93 min

Paul's Security Weekly - Episode 161 - July 24, 2009

24 juli 2009 | 128 min

Paul's Security Weekly - Episode 160 - July 16, 2009

23 juli 2009 | 122 min

Paul's Security Weekly - Episode 159 - July 9, 2009

14 juli 2009 | 121 min

Paul's Security Weekly - Episode 158 - July 2, 2009

6 juli 2009 | 129 min

Paul's Security Weekly - Episode 157 - June 25, 2009

28 juni 2009 | 130 min

Paul's Security Weekly - Special Edition - PCI Round Table- June 24, 2009

28 juni 2009 | 52 min

Paul's Security Weekly - Web Application Interviews - June 2009

24 juni 2009 | 80 min

Paul's Security Weekly - Episode 156 - June 18, 2009

22 juni 2009 | 126 min

Paul's Security Weekly - Episode 155 - June 11, 2009

16 juni 2009 | 102 min

Paul's Security Weekly - Episode 154 - June 1, 2009

8 juni 2009 | 95 min

Paul's Security Weekly - Episode 153 Part 2 - May 21, 2009

28 maj 2009 | 71 min

Paul's Security Weekly - Episode 153 Part I - May 21, 2009

26 maj 2009 | 44 min

Paul's Security Weekly - Episode 150 - PCI Roundtable - April 30, 2009

21 maj 2009 | 52 min

Paul's Security Weekly - Episode 152 - May 14, 2009

18 maj 2009 | 95 min

Paul's Security Weekly - Episode 151 - May 7, 2009

11 maj 2009 | 113 min

Paul's Security Weekly - Episode 150 - Intro & Interview with Lenny Zeltser- April 30, 2009

8 maj 2009 | 56 min

Paul's Security Weekly - Episode 150 - April 30, 2009

4 maj 2009 | 149 min

Paul's Security Weekly - Episode 149 - April 16, 2009

19 april 2009 | 122 min

Paul's Security Weekly - Episode 148 - April 9, 2009

14 april 2009 | 113 min

Paul's Security Weekly - Episode 147 - April 2, 2009

6 april 2009 | 110 min

Paul's Security Weekly - Episode 146 - March 26, 2009

29 mars 2009 | 99 min

Paul's Security Weekly - Episode 145 - March 19, 2009

23 mars 2009 | 119 min

Paul's Security Weekly - Episode 144 - March 12, 2009

15 mars 2009 | 102 min

Paul's Security Weekly - Episode 143 - March 3, 2009

4 mars 2009 | 75 min

Paul's Security Weekly - Episode 142 - February 26, 2009

27 februari 2009 | 106 min

Paul's Security Weekly - Episode 141 - February 21, 2009

23 februari 2009 | 84 min

Paul's Security Weekly - Episode 140 - February 12, 2009

16 februari 2009 | 95 min

Paul's Security Weekly - Episode 139 - February 7, 2009

10 februari 2009 | 54 min

Paul's Security Weekly - Episode 138 - January 30, 2009

2 februari 2009 | 67 min

Paul's Security Weekly - Episode 137 Part 2 - January 22, 2008

29 januari 2009 | 60 min

Paul's Security Weekly - Episode 137 Part 1 - January 22, 2008

23 januari 2009 | 69 min

Paul's Security Weekly - Episode 136 Part 2 - January 15, 2008

20 januari 2009 | 73 min

Paul's Security Weekly - Episode 136 Part 1 - January 15, 2008

19 januari 2009 | 78 min

Paul's Security Weekly - Episode 135 Part 2 - January 9, 2008

16 januari 2009 | 72 min

Paul's Security Weekly - Episode 135 Part 1 - January 9, 2008

11 januari 2009 | 53 min

Paul's Security Weekly - Episode 134 - December 18, 2008

19 december 2008 | 101 min

Paul's Security Weekly - Episode 133 - Part 2 - December 11, 2008

19 december 2008 | 60 min

Paul's Security Weekly - Episode 133 - Part 1 - December 11, 2008

12 december 2008 | 69 min

Paul's Security Weekly - Episode 132 - December 4, 2008

7 december 2008 | 110 min

Paul's Security Weekly - Episode 69 - May 10, 2007

6 december 2008 | 89 min

Paul's Security Weekly - Episode 131 - November 20, 2008

24 november 2008 | 98 min

Paul's Security Weekly - Episode 130 - November 13, 2008

18 november 2008 | 69 min

Paul's Security Weekly - Episode 129 Part II - November 6, 2008

11 november 2008 | 81 min

Paul's Security Weekly - Episode 129 Part I - November 6, 2008

8 november 2008 | 55 min

Paul's Security Weekly - Episode 128 Part II - October 31, 2008

6 november 2008 | 75 min

Paul's Security Weekly - Episode 128 Part I - October 31, 2008

2 november 2008 | 44 min

Paul's Security Weekly - Episode 127 Part II - October 23, 2008

25 oktober 2008 | 64 min

Paul's Security Weekly - Episode 127 Part I - October 23, 2008

25 oktober 2008 | 80 min

Paul's Security Weekly - Episode 126 Part II - October 9, 2008

15 oktober 2008 | 79 min

Paul's Security Weekly - Episode 126 Part I - October 9, 2008

14 oktober 2008 | 72 min

Paul's Security Weekly - Episode 125 - September 30, 2008

7 oktober 2008 | 61 min

Paul's Security Weekly - Episode 124 Part II - September 25, 2008

6 oktober 2008 | 61 min

Paul's Security Weekly - Episode 124 Part 1 - September 25, 2008

3 oktober 2008 | 52 min

Paul's Security Weekly - Episode 123 Part II - September 18, 2008

24 september 2008 | 90 min

Paul's Security Weekly - Episode 123 Part I - September 18, 2008

21 september 2008 | 84 min

Paul's Security Weekly - Episode 122 Part II - September 11, 2008

14 september 2008 | 75 min

Paul's Security Weekly - Episode 122 Part I - September 11, 2008

14 september 2008 | 90 min

Paul's Security Weekly - Episode 121 Part II - September 4, 2008

9 september 2008 | 72 min

Paul's Security Weekly - Episode 121 Part I - September 4, 2008

6 september 2008 | 54 min

Paul's Security Weekly - August 2008 Monthly Summary

31 augusti 2008 | 49 min

Paul's Security Weekly - Episode 120 - August 28, 2008

31 augusti 2008 | 82 min

Paul's Security Weekly - Episode 119 - August 21, 2008

22 augusti 2008 | 83 min

Paul's Security Weekly - Episode 118 - August 17, 2008

19 augusti 2008 | 87 min

Paul's Security Weekly - Episode 117 - August 10, 2008

12 augusti 2008 | 50 min

Paul's Security Weekly - Episode 116 - July 31, 2008

2 augusti 2008 | min

Paul's Security Weekly - Episode 115 - July 18, 2008

18 juli 2008 | 102 min

Paul's Security Weekly - Episode 114 - July , 2008

11 juli 2008 | 92 min

Paul's Security Weekly - [The Real] Episode 113 - June 26, 2008

27 juni 2008 | 71 min

Paul's Security Weekly - Episode 112 - June 19, 2008

20 juni 2008 | 71 min

Paul's Security Weekly - Episode 111 - June 15, 2008

17 juni 2008 | 87 min

Paul's Security Weekly - Episode 110 - June 5, 2008

10 juni 2008 | 90 min

Paul's Security Weekly - Episode 109 - May 22, 2008

29 maj 2008 | 92 min

Paul's Security Weekly - Episode 108 Part II - May 15, 2008

23 maj 2008 | 342 min

Paul's Security Weekly - Episode 108 Part I - May 15, 2008

20 maj 2008 | 70 min

Paul's Security Weekly - Episode 107 - May 9, 2008

13 maj 2008 | 73 min

Paul's Security Weekly - Episode 106 - May 1, 2008

6 maj 2008 | 85 min

Paul's Security Weekly - Episode 105 - April 25, 2008

28 april 2008 | 100 min

Paul's Security Weekly - Episode 104 - April 11, 2008

14 april 2008 | 107 min

Paul's Security Weekly - Episode 103 Part II - April 3, 2008

13 april 2008 | 75 min

Paul's Security Weekly - Episode 103 Part 1 - April 3, 2008

6 april 2008 | 70 min

Paul's Security Weekly - Episode 102 - March 20, 2008

21 mars 2008 | 88 min

Paul's Security Weekly - Episode 101 - March 13, 2008

19 mars 2008 | 89 min

Paul's Security Weekly - Special Edition - Interview with GNUCITIZEN Part II - March 7th, 2008

14 mars 2008 | 58 min

Paul's Security Weekly - Special Edition - Interview with GNUCITIZEN Part I - March 7th, 2008

10 mars 2008 | 64 min

Paul's Security Weekly - Episode 100 Part II - February 28, 2008

3 mars 2008 | 79 min

Paul's Security Weekly - Episode 100 Part I - February 28, 2008

3 mars 2008 | 68 min

Paul's Security Weekly - Episode 99 - February 16, 2008

19 februari 2008 | 91 min

Paul's Security Weekly - Episode 98 Part II - January 31, 2008

8 februari 2008 | 66 min

Paul's Security Weekly - Episode 98 Part I - January 31, 2008

3 februari 2008 | 59 min

Paul's Security Weekly - Episode 97 - January 24, 2008

27 januari 2008 | 94 min

Paul's Security Weekly - Special Edition - Things That Go Bump In The Network: Embedded Device (In)Security

27 januari 2008 | min

Paul's Security Weekly - Episode 96 - January 17, 2008

22 januari 2008 | 98 min

Paul's Security Weekly - Episode 95 - January 11, 2008

14 januari 2008 | 98 min

Paul's Security Weekly - Episode 94 - January 4, 2008

8 januari 2008 | 76 min

Paul's Security Weekly - Episode 93 -December 28, 2007

1 januari 2008 | 95 min

Welcome to Liberated Syndication

1 januari 2008 | min

Paul's Security Weekly - Episode 92 - Part II -December 14, 2007

22 december 2007 | 55 min

Paul's Security Weekly - Episode 92 - Part I -December 14, 2007

16 december 2007 | 64 min

Paul's Security Weekly - Episode 91 - December 6, 2007

10 december 2007 | 99 min

Paul's Security Weekly - Episode 90 - November 29, 2007

2 december 2007 | 88 min

Paul's Security Weekly - Episode 89 - November 23, 2007

26 november 2007 | 68 min

Paul's Security Weekly - Episode 88 - November 15, 2007

17 november 2007 | 78 min

Paul's Security Weekly - Episode 87 - November 8, 2007

9 november 2007 | 65 min

Paul's Security Weekly - Episode 86 - November 1, 2007

2 november 2007 | 109 min

Paul's Security Weekly - Special Edition - Interview with Sensepost - Part II

31 oktober 2007 | 55 min

Paul's Security Weekly - Special Edition - Interview with Sensepost - Part I

22 oktober 2007 | 55 min

Paul's Security Weekly - ICE Games Coverage - NS2007

9 oktober 2007 | 37 min

Paul's Security Weekly - Episode 85 - October 4, 2007

9 oktober 2007 | 91 min

Paul's Security Weekly - Episode 84 - September 27, 2007

30 september 2007 | 69 min

Paul's Security Weekly - Episode 83 - September 13, 2007

17 september 2007 | 83 min

Paul's Security Weekly - Episode 82 - September 6, 2007

10 september 2007 | 81 min

Paul's Security Weekly - Episode 81 - August 31, 2007

4 september 2007 | 78 min

Paul's Security Weekly - Interview with Intelguardians - Escaping The Virtual Cave - August 23, 2007

27 augusti 2007 | 92 min

Paul's Security Weekly - Episode 80 - August 16, 2007

21 augusti 2007 | 98 min

Paul's Security Weekly - Episode 79 - August 3, 2007

7 augusti 2007 | 56 min

Paul's Security Weekly - Episode 78 - July 27, 2007

27 juli 2007 | 69 min

Paul's Security Weekly - Episode 77 - July 20, 2007

24 juli 2007 | 53 min

Paul's Security Weekly - Episode 76 - July 13, 2007

16 juli 2007 | 88 min

Paul's Security Weekly - Episode 75 - July 5, 2007

9 juli 2007 | 83 min

Paul's Security Weekly - Episode 74 - June 28, 2007

2 juli 2007 | 85 min

Paul's Security Weekly - Episode 73 - June 21, 2007

24 juni 2007 | 62 min

Paul's Security Weekly - Episode 72 - June 14, 2007

17 juni 2007 | 94 min

Paul's Security Weekly - Episode 71 - June 7, 2007

11 juni 2007 | 94 min

Paul's Security Weekly - Episode 70 - May 31, 2007

4 juni 2007 | 97 min

Paul's Security Weekly - Special Edition - Interview with "Futo" & Ivan Arce

14 maj 2007 | 56 min

Paul's Security Weekly - Special Edition - Interview with "Renderman"

28 april 2007 | 87 min

Paul's Security Weekly - Episode 68 - April 19, 2007

23 april 2007 | 89 min

Paul's Security Weekly - Episode 67 - April 12, 2007

15 april 2007 | 81 min

Paul's Security Weekly - Episode 66 - April 7, 2007

8 april 2007 | 81 min

Paul's Security Weekly - Episode 65 - Mar 29, 2007

1 april 2007 | 72 min

Paul's Security Weekly - Special Edition - Interview with Seth Fogie

31 mars 2007 | 42 min

Paul's Security Weekly - Episode 64 - Mar 24, 2007

28 mars 2007 | 74 min

Paul's Security Weekly - Episode 63 - Mar 15, 2007

18 mars 2007 | 93 min

Paul's Security Weekly - Episode 62 - Mar 8, 2007

11 mars 2007 | 91 min

Paul's Security Weekly - Episode 61 - Mar 1, 2007

3 mars 2007 | 85 min

Paul's Security Weekly - Listener Feedback - Episode 5 Part 2

23 februari 2007 | 80 min

Paul's Security Weekly - Listener Feedback - Episode 5 Part 1

18 februari 2007 | 75 min

Paul's Security Weekly - Episode 60 - Feb 8, 2007

10 februari 2007 | 86 min

Paul's Security Weekly - Special Edition - Interview with Ron Gula

4 februari 2007 | 64 min

Paul's Security Weekly - Episode 59 - Jan 25, 2007

29 januari 2007 | 88 min

Paul's Security Weekly - Episode 58 - Jan 18, 2007

21 januari 2007 | 91 min

Paul's Security Weekly - Episode 57 - Jan 11, 2007

14 januari 2007 | 96 min

Paul's Security Weekly - Episode 56 - Jan 4, 2007

8 januari 2007 | 72 min

Paul's Security Weekly - Episode 55 - Dec 21, 2006

23 december 2006 | 79 min

Paul's Security Weekly - Listener Feedback - Episode 4

16 december 2006 | 85 min

Paul's Security Weekly - Episode 54 - Dec 7, 2006

8 december 2006 | 92 min

Paul's Security Weekly - Episode 53 - Nov 30, 2006

2 december 2006 | 85 min

Paul's Security Weekly - Episode 52- Nov 25, 2006

26 november 2006 | 85 min

Paul's Security Weekly - Episode 51 Part II - Nov 9, 2006

19 november 2006 | 65 min

Paul's Security Weekly - Episode 51 Part I - Nov 9, 2006

14 november 2006 | 63 min

Paul's Security Weekly - Episode 50 - Nov 2, 2006

5 november 2006 | 81 min

Paul's Security Weekly - Episode 49 - Oct 19, 2006

21 oktober 2006 | 65 min

Paul's Security Weekly - Listener Feedback - Episode 3

16 oktober 2006 | 62 min

Paul's Security Weekly - Episode 48 - Oct 12, 2006

13 oktober 2006 | 74 min

Paul's Security Weekly - Episode 47 - Oct 3, 2006

5 oktober 2006 | 68 min

Paul's Security Weekly - Episode 46 - Sept 28, 2006

29 september 2006 | 76 min

Paul's Security Weekly - Episode 45 - Sept 21, 2006

23 september 2006 | 96 min

Paul's Security Weekly - Episode 44 - Sept 15, 2006

18 september 2006 | 69 min

Paul's Security Weekly - Special Edition - Interview with Chris "Roamer" Hurley

12 september 2006 | 64 min

Paul's Security Weekly - Listener Feedback - Episode 2

9 september 2006 | 40 min

Paul's Security Weekly - Episode 43 - Sept 8, 2006

9 september 2006 | 63 min

Paul's Security Weekly - Episode 42 - August 31, 2006

1 september 2006 | 64 min

Paul's Security Weekly - Episode 41 - August 24, 2006

25 augusti 2006 | 68 min

Paul's Security Weekly - Episode 40 - August 18, 2006

21 augusti 2006 | 66 min

Paul's Security Weekly - Episode 39 - August 11, 2006

14 augusti 2006 | 67 min

Paul's Security Weekly - Episode 38 - August 3, 2006

4 augusti 2006 | 53 min

Paul's Security Weekly - Special Edition - Interview with Ivan Arce

31 juli 2006 | 68 min

Paul's Security Weekly - Listener Feedback - Episode 1

30 juli 2006 | 30 min

Paul's Security Weekly - Episode 37 - July 27, 2006

29 juli 2006 | 66 min

Paul's Security Weekly - Episode 36 - July 14, 2006

16 juli 2006 | 67 min

Paul's Security Weekly - Episode 35 - July 6, 2006

7 juli 2006 | 67 min

Paul's Security Weekly - Episode 34 - June 29, 2006

30 juni 2006 | 65 min

Paul's Security Weekly - Episode 32 - June 14, 2006

14 juni 2006 | 60 min

Paul's Security Weekly - Episode 33 - June 22, 2006

14 juni 2006 | 64 min

Paul's Security Weekly - Episode 31 - June 8, 2006

9 juni 2006 | 71 min

Paul's Security Weekly - Episode 30 - June 1, 2006

2 juni 2006 | 61 min

Paul's Security Weekly - Episode 29 - May 26, 2006

29 maj 2006 | 59 min

Paul's Security Weekly - Episode 28 - May 18, 2006

19 maj 2006 | 63 min

Paul's Security Weekly - Episode 27 - May 11, 2006

12 maj 2006 | 67 min

Paul's Security Weekly - Episode 26 - May 4, 2006

5 maj 2006 | 68 min

Paul's Security Weekly - Episode 25 - April 27, 2006

28 april 2006 | 60 min

Paul's Security Weekly - Episode 24 - April 20, 2006

21 april 2006 | 66 min

Paul's Security Weekly - Episode 23 - April 13, 2006

14 april 2006 | 64 min

Paul's Security Weekly - SE - Interview with Johnny Long

12 april 2006 | 53 min

Paul's Security Weekly - Episode 22 - April 6, 2006

7 april 2006 | 62 min

Paul's Security Weekly - Open Show - Wifi Piggybacking - Part II

3 april 2006 | 52 min

Paul's Security Weekly - Open Show - Wifi Piggybacking - Part I

2 april 2006 | 52 min

Paul's Security Weekly - Episode 21 - March 30, 2006

1 april 2006 | 60 min

Paul's Security Weekly - SE - Interview with Josh Wright - Part II

31 mars 2006 | 40 min

Paul's Security Weekly - SE - Interview with Josh Wright - Part I

27 mars 2006 | 39 min

Paul's Security Weekly - Episode 20 - March 23, 2006

24 mars 2006 | 59 min

Paul's Security Weekly - Episode 19 - March 16, 2006

18 mars 2006 | 54 min

Paul's Security Weekly - Episode 18 - March 9, 2006

10 mars 2006 | 43 min

Paul's Security Weekly - Episode 17 - March 3, 2006

4 mars 2006 | 60 min

Paul's Security Weekly - Episode 16 - Feb 24, 2006

26 februari 2006 | 51 min

Paul's Security Weekly - Special Edition - Mike Poor & Ed Skoudis Interview - Part II

20 februari 2006 | 33 min

Paul's Security Weekly - Episode 15 - Feb 17, 2006

19 februari 2006 | 44 min

Paul's Security Weekly - Special Edition - Mike Poor & Ed Skoudis Interview - Part I

17 februari 2006 | 34 min

Paul's Security Weekly - Episode 14 - Feb 12, 2006

13 februari 2006 | 39 min

Paul's Security Weekly - Episode 13 - Feb 3, 2006

6 februari 2006 | 36 min

Paul's Security Weekly - Episode 12 - Jan 27, 2006

29 januari 2006 | 46 min

Paul's Security Weekly - Episode 11 - Jan 20, 2006

23 januari 2006 | 29 min

Paul's Security Weekly - Special Edition - Richard Bejtlich Interview - Jan 19 2006

20 januari 2006 | 43 min

Paul's Security Weekly - Episode 10 - Jan 13, 2006

15 januari 2006 | 39 min

Paul's Security Weekly - Special Edition - Schmoocon Update - Jan 15 2006

15 januari 2006 | 13 min

Paul's Security Weekly - Episode 9 - Jan 5, 2006

6 januari 2006 | 25 min

Paul's Security Weekly - WMF Summary - Jan 5, 2006

6 januari 2006 | 21 min

Paul's Security Weekly - Episode 8 - Dec 16, 2005

23 december 2005 | 33 min

Paul's Security Weekly - Episode 7 - Dec 16, 2005

18 december 2005 | 47 min

Paul's Security Weekly - Episode 6 - Dec 9, 2005

11 december 2005 | 53 min

Paul's Security Weekly - Episode 5 - Dec 2, 2005

4 december 2005 | 46 min

Paul's Security Weekly - Episode 4 - Nov 25, 2005

4 december 2005 | 51 min

PaulotDotCom Security Weekly - Episode 3 - Nov 18, 2005

4 december 2005 | 37 min

PaulotDotCom Security Weekly - Episode 2 - Nov 11, 2005

11 november 2005 | 31 min

Paul's Security Weekly - Special Edition - Marty Roesch Interview

4 november 2005 | 51 min

Paul's Security Weekly - Episode 1

27 oktober 2005 | 29 min

Security Weekly Podcast Network (Audio)

Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Se...

Om podden

Avsnitt

Mrtentacle, Morphing Meerkat, Tor, VMWare, Waymo, Oracle, Aaran Leyland, and more... - SWN #463

SignalGate and How Not To Protect Secrets - PSW #867

The Pace of Investments Requires Better Risk Management, Boards Challenged, & More - BSW #388

Curdled Miscreant, VanHelsing, MFA, Room 237, MFA, Velora, 23nMe, Josh Marpet... - SWN #462

Finding a Use for GenAI in AppSec - Keith Hoodlet - ASW #323

Building the SOC of the Future - JP Bourget, Michael Mumcuoglu - ESW #399

Orange Drop Caps, apps, Veeam, jobs, Heathrow, vpentest, Aaran Leyland, and More... - SWN #461

Its Not Really A 0-Day - PSW #866

Breaking Down Human-Element Breaches To Improve Cybersecurity - Jinan Budge - BSW #387

Angry Iguana, Squid Bot, Bruted, 0Auth, Dragon Medical, Clippy 2.0, CISA, Josh Marpet - SWN #460

Redlining the Smart Contract Top 10 - Shashank . - ASW #322

Penetration Tests: useful, pointless, harmful, required, ineffective? - Phillip Wylie, Marina Segal - ESW #398

AI Bad, PHP, RDP, SuperBlack, VT, Deepseek, MassJacker, Roblox, Aaran Leyland... - SWN #459

AI Is Oversharing and Leaking Data - Sounil Yu - PSW #865

The Counterfeit Problem: How Blockchain Is Revolutionizing Brand Protection - Noam Krasniansky - BSW #386

Brains, kill switch, parking fees, CobaltStrike, Minja, Allstate, GitHub, Josh Marpet - SWN #458

CISA's Secure by Design Principles, Pledge, and Progress - Jack Cable - ASW #321

Ransomware Attacks a Decade In: What Changed? What Didn't? - benny Vasquez, Mike Mitchell - ESW #397

Secret YouTube Videos, Thunderforge, ByBit, 365, Chrome, VMWARE, Aaran Leyland... - SWN #457

Don't Hack Russia - PSW #864

Security Money: Sailpoint's IPO Saves the Index - BSW #385

Tastovision, Trufflepig, Cisco, Windows, VSCode, OT, SQL Server, Android, Josh Marpet - SWN #456

Keeping Curl Successful and Secure Over the Decades - Daniel Stenberg - ASW #320

First Do No Harm - Security Challenges in Healthcare - Ed Gaudet, Tanya Janca - ESW #396

Mr. Kurtzmann, Boffins gone Wild, Grasscall, Vo1d, CE, Shadowpad, Aaran Leyland... - SWN #455

Zero Days Are Not Just Fiction - PSW #863

CISOs Struggling, Culture Hurting, But Cybersecurity Salaries Stay Competitive - BSW #384

Cronenbergs, Dangling Twitchbots, Crypto, Kaspersky, SMS, OT, Josh Marpet... - SWN #454

Developer Environments, Developer Experience, and Security - Dan Moore - ASW #319

The Future of Cyber Regulation in the New Administration - Ilona Cohen, Jenn Gile - ESW #395

False Claims Act, Google Cloud PQC, Salt Typhoon, AI in SOC, Ivanti Flaws, ICS, DeFi - SWN #453

Live from ZTW - PSW #862

Say Easy, Do Hard - Data Inventory and Classification, Part 1 - BSW #383

AI Threat Intelligence, AI Hacking, Data Breaches, Zhong, DOGE, and more - SWN #452

Top 10 Web Hacking Techniques of 2024 - James Kettle - ASW #318

Evolving the SOC: Automating Manual Work while Maintaining Quality at Scale - Allie Mellen, Tim MalcomVetter - ESW #394

Bad Romance, Kimsuky, Red Mike, Ivanti, Nvidia, C code, Postgre, Aaran Leyland... - SWN #451

Prompt Injection, CISA, Patch Tuesday - PSW #861

Speak the Same Language, as Cybersecurity is Everyone's Responsibility - BSW #382

PlayStation, KerioControl, SEC SimSWAP, 8base, Copilot, AI, Bird, Josh Marpet... - SWN #450

Code Scanning That Works With Your Code - Scott Norberg - ASW #317

The groundbreaking technology addressing employment scams and deepfakes - John Dwyer, Aaron Painter - ESW #393

AI Cheese, CISA, Scaryware, Kimsuky Returns, Backups, Encryption, Jason Wood... - SWN #449

Deepseek, AMD, and Forgotten Buckets - PSW #860

Enforcement of the Digital Operational Resilience Act (DORA) - Madelein van der Hout - BSW #381

DeepSeek, Nicolas Cage, OpenAI, Hackers, Ransomware, Canada, Joshua Marpet and More - SWN #448

Threat Modeling That Helps the Business - Akira Brand, Sandy Carielli - ASW #316

The Growth of Women in Cybersecurity Has Slowed - Why, and What Can We Do About It? - Lynn Dohm - ESW #392

.ASS, Deepseek, AI Time Travel, Google, HeartBlocker, TikTok, Aaran Leyland, and More - SWN #447

Cred Vaults, Cheap AI, and Hacking Devices - Matt Bishop - PSW #859

AI in 2025: The Shifting Regulatory Landscape For Artificial Intelligence - BSW #380

DeepSeek, AIDs, Sex Crime, Microsoft, PayPal, GitHub, Joshua Marpet and More - SWN #446

Security the AI SDLC - Niv Braun - ASW #315

AI Red Teaming Comes to Bug Bounties - Francis Dinha, Michiel Prins - ESW #391

Cursive Funk, Microsoft, Ivanti, Sonic Wall, Exchange, PowerSchool, Aaran Leyland... - SWN #445

Vulnerability Prioritization In The Real World - Andy Jaquith - PSW #858

The Future Of The CISO - Jeff Pollard, Jess Burn - BSW #379

Smishing, Microsoft, Star Blizzard, Sneaky Log, VMARE, Josh Marpet, and more... - SWN #444

Appsec Predictions for 2025 - Cody Scott - ASW #314

The Next Era of Data Security: AI, Cloud, & Compliance - Jeff Smith, Dimitri Sirota, Kiran Chinnagangannagari - ESW #390

AIs in Love, UEFI, Fortinet, Godaddy, Juggalos, Aaran Leyland, and More. - SWN #443

Stopping The Bad Things - Rob Allen - PSW #857

Boards Stepping Up, as CISOs Build Stronger Bonds with Legal and Safeguard Leadership - BSW #378

Smishing, Beyond Trust, CryptoReligion, Aviatrix, Azure, Josh Marpet, and more... - SWN #442

Discussing Useful Security Requirements with Developers - Ixchel Ruiz - ASW #313

How threat-informed defense benefits each security team member - Frank Duff, Nathan Sportsman - ESW #389

Robot Dogs, Ivanti, SonicWall, Banshee, Telegram, Motorola, Aaran Leyland, and more. - SWN #441

Threat Actors With A Thousand Names - PSW #856

Organizations Must Adapt To Safeguard Data In Evolving Environments - Lamont Orange - BSW #377

Ättestupa, Moxa, Typhoons, WordPress, Likert Scales, Algol, Josh Marpet, and more... - SWN #440

DefectDojo and Bringing Quality Appsec Tools to Small Appsec Teams - Greg Anderson - ASW #312

Endpoint Security - Rob Allen - SWN Vault

The Future in the Age of AI - SWN Vault

Say Easy, Do Hard, Minimum Viable Security - Part 2 - Jon Fredrickson - BSW Vault

The Impact of Tariffs - SWN Vault

Hacker Heroes - Haroon Meer - PSW Vault