2981 avsnitt • Längd: 75 min • Veckovis: Tisdag
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul’s Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you’re a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape.
Tune in for in-depth panel discussions, expert guest interviews, and breaking news on the latest hacking techniques, vulnerabilities, and industry trends. Stay informed and secure with the most trusted voices in cybersecurity!
The podcast Security Weekly Podcast Network (Audio) is created by Security Weekly Productions. The podcast and the artwork on this page are embedded on this page using the public podcast feed (RSS).
Josh Marpet and Doug talk about Compliance and Privacy for about 30 minutes but it could have been a lot more.
Show Notes: https://securityweekly.com/vault-swn-23
Check out this episode from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on January 3, 2023.
With the current macro economic head winds, 2023 budgets are either frozen or are flat. Where should CISOs focus these limited budgets to maximize the most out of their security program? In this segment, we invite Jon Fredrickson, Chief Risk Officer at Blue Cross Blue Shield of Rhode Island, to debate what should be in your minimum viable security program. This segment is part 1 of 2 parts and focuses on the minimum viable security capabilities.
Show Notes: https://securityweekly.com/vault-bsw-15
Dysentery, TP-Link, Piracy, Calendar Scams, Tencent, TikTok, Aaran Leyland, and More, on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-439
Since D3FEND was founded to fill a gap created by the MITRE ATT&CK Matrix, it has come a long way. We discuss the details of the 1.0 release of D3FEND with Peter in this episode, along with some of the new tools they've built to go along with this milestone.
To use MITRE's own words to describe the gap this project fills:
"it is necessary that practitioners know not only what threats a capability claims to address, but specifically how those threats are addressed from an engineering perspective, and under what circumstances the solution would work"
Segment Resources:
In the enterprise security news,
All that and more, on this episode of Enterprise Security Weekly
As we wrap up the year, we have an honest discussion about how important security really is to the business. We discuss some of Katie's predictions for AppSec in 2025, as well as "what sucks" in security!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-388
If you've ever wondered how attackers could go after payphones that are "smart" we got you covered! Inbar has done some amazing research and is here to tell us all about it!
XSS is the number one threat?, fix your bugs faster, hacking VoIP systems, AI and how it may help fuzzing, hacker gift guides, new DMA attacks, hacking InTune, Rhode Island gets hacked, OpenWrt supply chain issues, we are being spied on, Germans take down botnet, Bill and Larry are speaking at Shmoocon!, and TP-Link bans.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-855
The local network is no more. Neither is the corporate firewall. Users are not only working from the office but also remotely, meaning the network we utilize has quickly become the internet, leaving devices and data vulnerable to cyber threats. But how do we monitor this new, expanded network?
Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss how the dissolution of the business perimeter makes network access controls essential to protect your devices and, by extension, your data. Network Access Control helps protect business assets whether employees are in the office or remote. ThreatLocker Network Control provides a direct connection between the client and server, as opposed to a VPN that goes through a central point.
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!
In the leadership and communications segment, CISOs need to consider the personal risks associated with their role, CISOs: Don’t rely solely on technical defences in 2025, The Questions Leaders Need to Be Asking Themselve, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-376
Vogons, Task Scams, HiatusRat, Cellebrite, Deloitte, Quantum, WordPress, Aaran Leyland, and more on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-438
Practices around identity and managing credentials have improved greatly since the days of infosec mandating 90-day password rotations. But those improvements didn't arise from a narrow security view. Hannah Sutor talks about the importance of balancing security with usability, the importance of engaging with users when determining defaults, and setting an example for transparency in security disclosures.
Segment resources
Curl's oldest bug yet, RCPs (and more!) from AWS re:Invent, possible controls for NPM's malware proliferation, insights and next steps on protecting top 500 packages from the Census III report, the flawed design choice that made Microsoft's OTP (successfully) brute-forceable, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
00:00 Welcome to Application Security Weekly! 01:49 Meet the Experts 03:28 What Are Non-Human Identities? 06:17 Balancing Security & Usability 08:24 MFA Challenges & Admin Security 12:09 Navigating Breaking Changes 16:05 Security by Design in Action 18:42 Identity Management for Startups 20:18 Secure by Design: Real Impact 24:03 Transparency After a Critical Vulnerability 31:39 Looking Ahead to 2025 32:45 Application Security in Three Words 34:10 - Intro & Cyber Resilience Insights 35:30 - The 25-Year-Old Curl Bug Story 38:27 - Fuzzing for Security: A Missed Opportunity? 42:56 - AWS re:Invent Security Highlights 46:04 - NPM Malware Surge 50:43 - Small Packages, Big Risks in NPM 54:05 - Open Source Security Trends 58:37 - Microsoft MFA Vulnerability Explained 62:38 - Hardware Hacking & DMA Exploits 65:05 - Auditing Ruby’s Package Ecosystem 68:12 - Looking Ahead to 2025
Show Notes: https://securityweekly.com/asw-311
Nudity, Krispy Kreme, Cleo, AIAPIs, non-human identities, North Korea, Jersey Drones, Josh Marpet, and More, on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-437
For our second year now, Mike Privette, from Return on Security and the Security, Funded newsletter joins us to discuss the year's highlights and what's to come in the next 12 months.
In some ways, it has been a return to form for funding, though some casualties of a tough market likely had to seek acquisition when they might have otherwise raised another round and stayed independent a while longer. We'll cover some stats, talk 2025 IPO market, and discuss the likelihood of (already) being in another bubble, particularly with regards to the already saturated AI security market.
It won't be all financial trends though, we'll discuss some of the technical market trends, whether they're finding market fit, and how ~50ish AI SOC startups could possibly survive in such a crowded space.
In this segment, we discuss two new FIDO Alliance standards focused on credential portability. Specifically, if passwordless is going to catch on, we need to minimize friction and maximize usability. In practice, this means that passkeys must be portable!
Rew Islam of Dashlane joins us to discuss the new standards and how they'll help us enter a new age of secure authentication, both for consumers and the enterprise.
Segment Resources:
This week, in the enterprise security news,
NOTE: We didn't get to 2, 3, 5, or 7 due to some technical difficulties and time constraints, but we'll hit them next week! The show notes have been updated to reflect what we actually discussed this week: https://www.scworld.com/podcast-segment/13370-enterprise-security-weekly-387
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-387
Join us for this segment as we discuss government regulations and certifications as they apply to supply chain security and vulnerability management, and how understanding the mumbo jumbo can enable organizations to improve their cyber security.
In the security news, the crew, (minus Paul) get to gather to discus hacks causing disruptions, in healthcare, donuts and vodka, router and OpenWRT hacks (and the two are not related), Salt/Volt Typhoon means no more texting and 10 year old vulnerabilities and more!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-854
For over 15 years, Okta has led the charge in securing digital identities through more sophisticated sign-in solutions. Our latest 2024 Secure Sign-In Trends Report offers insights into the rapidly evolving world of identity security, specifically on how organizations across industries are embracing modern, phishing-resistant methods like Multi-Factor Authentication (MFA) and passwordless sign-ins.
In this year's report, we explore: - The surge in MFA adoption across industries, and what it means for the future of secure authentication. - Phishing-resistant authentication methods gaining traction, signaling that the passwordless future is possible. - Why a seamless user experience and strong security are no longer in opposition. - How industries compare in their adoption of modern authentication, and who's setting the pace.
Segment Resources: Secure Sign-In Trends Full Report: https://www.okta.com/resources/whitepaper-the-secure-sign-in-trends-report/
Todd McKinnon Blog on the Secure Sign-In Trends Report: https://www.okta.com/blog/2024/10/phishing-resistant-mfa-shows-great-momentum/
This segment is sponsored by Okta. Visit https://www.securityweekly.com/okta to learn more about them!
In the leadership and communications segment, How Good Leaders Become Great By Never Leading Alone, How Leaders Can Prepare Their Teams For 2025, Nervous About Public Speaking? Here’s How to Use Notes Like a Pro, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-375
Evil ISPs, Deloitte, YOLO11, Microsoft, Gift Cards, Navix, Horror, Telegram, Josh Marpet and more on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-436
We do our usual end of year look back on the topics, news, and trends that caught our attention. We covered some OWASP projects, the ongoing attention and promises of generative AI, and big events from the XZ Utils backdoor to Microsoft's Recall to Crowdstrike's outage.
Segment resources
Curl and Python (and others) deal with bad vuln reports generated by LLMs, supply chain attack on Solana, comparing 5 genAI mistakes to OWASP's Top Ten for LLM Applications, a Rust survey, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-310
Deloitte, e-Tattoos, Web 3.0, Cp3o, Chemonics, IPv6, the Number 6, Chinese Emperors, Aaran Leyland, and More, on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-435
In this final installment of a trio of discussions with Theresa Lanowitz about Cyber Resilience, we put it all together and attempt to figure out what the road to cyber resilience looks like, and what barriers security leaders will have to tackle along the way. We'll discuss:
Also, be sure to check out the first two installments of this series!
This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelblue to learn more about them!
When focused on cybersecurity through a vulnerability management lens, it's tempting to see the problem as a race between exploit development and patching speed. This is a false narrative, however. While there are hundreds of thousands of vulnerabilities, each requiring unique exploits, the number of post-exploit actions is finite. Small, even.
Although Log4j was seemingly ubiquitous and easy to exploit, we discovered the Log4Shell attack wasn't particularly useful when organizations had strong outbound filters in place.
Today, we'll discuss an often overlooked advantage defenders have: mitigating controls like traffic filtering and application control that can prevent a wide range of attack techniques.
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!
This week, in the enterprise security news,
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-386
The hosts discuss hacker gadgets! We'll cover what we've been hacking on lately and discuss gadgets we want to work on in the future and other gadgets we want to get our hands on.
Larry's List: Cheap Yellow Display - https://github.com/witnessmenow/ESP32-Cheap-Yellow-Display KV4P HT - https://www.kv4p.com/ Lilygo T-Deck - https://lilygo.cc/products/t-deck Helltec LoRa32 https://heltec.org/project/wifi-lora-32-v3/ NRF52840-DK - https://www.mouser.com/ProductDetail/Nordic-Semiconductor/nRF52840-DK?qs=F5EMLAvA7IA76ZLjlwrwMw%3D%3D NRF52840 Dongle - https://www.mouser.com/ProductDetail/Nordic-Semiconductor/nRF52840-Dongle?qs=gTYE2QTfZfTbdrOaMHWEZg%3D%3D&mgh=1 MakerDialry NRF52840 - https://wiki.makerdiary.com/nrf52840-mdk-usb-dongle/ Radioberry - https://www.amazon.com/dp/B0CKN1PW4J
Bootkitties and Linux bootkits, Canada realizes banning Flippers is silly, null bytes matter, CVE samples, how dark web marketplaces do security, Perl code from 2014 and vulnerabilities in needrestart, malware in gaming engines, the nearby neighbor attack, this week in security appliances featuring Sonicwall and Fortinet, footguns, and get it off the freakin public Internet!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-853
This week, it's time for Security Money. Of course Okta should be in the Security Weekly 25 Index, Duh!
Here are all the companies that now comprise the index:
SCWX Secureworks Corp PANW Palo Alto Networks Inc CHKP Check Point Software Technologies Ltd. RBRK Rubrik Inc GEN Gen Digital Inc FTNT Fortinet Inc AKAM Akamai Technologies, Inc. FFIV F5 Inc ZS Zscaler Inc OSPN Onespan Inc LDOS Leidos Holdings Inc QLYS Qualys Inc VRNT Verint Systems Inc. CYBR Cyberark Software Ltd TENB Tenable Holdings Inc OKTA Okta Inc S SentinelOne Inc NET Cloudflare Inc CRWD Crowdstrike Holdings Inc NTCT NetScout Systems, Inc. VRNS Varonis Systems Inc RPD Rapid7 Inc FSLY Fastly Inc RDWR Radware Ltd ATEN A10 Networks Inc
In the leadership and communications segment, Should the CISO Role Be Split?, CISO's tips for building a culture of cybersecurity, Personal Leadership and Cyber Risk — Top 3 Traits that Deliver Enterprise Level Results, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-374
ISIS, Enron, Tor, Scams, Wintermute, Zabbix, Josh Marpet and more on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-434
Observability is a lot more than just sprinkling printf statements throughout a code base. Adriana Villela explains principles behind logging, traceability, and metrics and how the OpenTelemetry project helps developers gather this useful information. She also provides suggestions on starting logging from scratch, how to avoid information overload, and how engaging users about their experience with solutions like OpenTelemetry makes for better software -- a lesson that appsec teams can apply to paved roads and security guardrails.
Segment Resources:
Fuzzing barcodes and getting projects onboarded with fuzzers, using AI to guide fuzzers, using AI to combat scammers, using CWEs for something, using malicious comments to ban repos, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-309
Check out this episode from the ESW Vault, hand picked by main host Adrian Sanabria! This segment was originally published on December 22, 2023.
We're excited to give an end-of-year readout on the performance of the cybersecurity industry with Mike Privette, founder of Return on Security and author of the weekly Security, Funded newsletter. This year, this podcast has leaned heavily on the Security, Funded newsletter to prep for our news segment, as it provides a great summary of all the funding and M&A events going on each week.
In this segment, we look back at 2023, statistics for the year, comparisons to 2022, interesting insights, predictions, and more!
Segment Resources:
Mike's blog; Return on Security: https://www.returnonsecurity.com/ Mike's newsletter; Security, Funded: https://www.returnonsecurity.com/subscribe
Show Notes: https://securityweekly.com/vault-esw-17
Check out this episode from the SWN Vault, originally published on February 13, 2019! This Secure Digital Life episode was hand-picked by main host Doug White.
Well, there are a lot of terms that are around in Cyber these days. I think we could do shows every week for a while and never get through them all. From AI to Zero Day Exploits, there are a plethora of terms that everyone uses all the time but maybe you don't know them yet. So, I thought we would grab some of the more common ones and try to explain.
Show Notes: https://securityweekly.com/vault-swn-21
Check out this episode from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on Jan 24, 2023.
Richard Seiersen and our guest, Doug Hubbard, are finishing the second edition of How to Measure Anything in Cybersecurity Risk. Doug is here to share the success of the first edition and preview the second edition. With more insights, the second edition will share more more research data, free tools, and new concepts like FrankenSME. If you're a risk management professional or want to learn more about risk management, don't miss this interview.
Show Notes: https://securityweekly.com/vault-bsw-14
This is a topic our hosts are very passionate about, and we're excited to discuss with Mariana Padilla, co-founder and CEO of Hackerverse. She wants to change how cybersecurity sales works, with a focus on making the process more transparent and ideally demonstrating a product's efficacy before buyers even need to talk to a sales team.
We'll discuss why existing sales processes are broken, how VC funding impacts vendor sales/marketing, and why community-led growth is so important.
Why a special segment on Microsoft Ignite announcements?
In the enterprise security news,
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-385
Tesla, Druids, Salt Typhoon, North Korea, Amazon, Microsoft, Google, Joshua Marpet, and More, on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-433
Black Hats & White Collars: We know criminal hacking is big business because we've spied on them! Ken comes on the show to talk about chasing and stalking criminals, even if it means sacrificing some of your own personal safety.
Fast cars kill people, Apple 0-Days, memory safety, poisoning the well, babble babble and malware that tries really hard to be stealthy, Palto Alto and Fortinet have some serious new vulnerabilities, open-source isn't free, but neither is commercial software, get on the TPM bus, find URLs with stealth, stealing credentials with more Palto Alto and Fortinet, the first zoom call, and one person's trash is another person's gaming PC!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-852
This week's interview dives deep into the state of biometrics with two Forrester Research analysts!
This discussion compares and contrasts regional approaches to biometrics; examine the security challenges and benefits of their implementation; and reveal how biometrics holds the keys to a range of engagement models of the future.
Andras Cser dives into the technical end of things and explains how biometrics can be resilient to attack. We can't replace our fingerprints or faces, but as Andras explains, there's no need to, thanks to how biometrics actually work. Then, Enza takes us through the latest on privacy in biometrics - a concern for both consumers, and businesses tasked with complying with privacy regulations and avoiding costly fines.
Finally, get a sneak peek into the upcoming Forrester Security & Risk Summit. Whether you're an industry professional or just curious about the implications of biometrics, this episode delivers insights you won't want to miss!
This week, in the Application Security News, we dismiss magical thinking and discuss what generative AI will actually be able to do for us.
We also discuss whether Secure by Design's goals are practical or not.
OSC&R releases a report on software supply chain that should be interesting, though neither of us had time to read it yet.
Also, Watchtowr has some fun with Citrix VDI!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-308
Google DeGoogled, Hammerbarn, Blofeld, VMWare, DeepData, SafePay, Josh Marpet and more on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-432
The Sarbanes-Oxley (SOX) Act was a watershed moment in corporate governance, fundamentally altering how companies approached financial reporting and internal operational controls. By holding executives personally accountable for the accuracy of financial reports, SOX restored investor confidence in the wake of corporate malfeasance. The SEC's new cybersecurity rule represents a similar pursuit to restore investor confidence — this time for the digital age, centered on integrating cybersecurity into overall risk management.
Padraic O'Reilly, Founder and Chief Innovation Officer at CyberSaint, joins Business Security Weekly to discuss the similarities between SOX and SEC's Cyber Rule. The SEC's cybersecurity rule introduced several vital requirements that build on the principles established by SOX, including:
This segment is sponsored by CyberSaint . Visit https://securityweekly.com/cybersaint to learn more about them!
In the leadership and communications segment, Insurance Firm Introduces Liability Coverage for CISOs, How to Navigate a Leadership Transition, Has the Cybersecurity Workforce Peaked? and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-373
Granny Bots, Microsoft, Shrinklocker, SlugResin, BlueSky, Aaran Leyland, and More, on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-431
There have been a lot of bold claims about how generative AI and machine learning will transform the SOC. Ironically, the SOC was (arguably) invented only because security products failed to make good on bold claims. The cybersecurity market is full of products that exist only to solve the problems created by other security products (Security Analytics, SOC Automation, Risk-Based Vulnerability Management).
Other products are natural evolutions and pick up where others leave off. In this interview, we'll explore what AI can and can't do, particularly when it comes to alert triage and other common SOC tasks.
Segment Resources:
Naturally, the next approach to try is a federated one. How do we break down cybersecurity into more bite-sized components? How do we alleviate all this CISO stress we've heard about, and make their job seem less impossible than it does today?
This will be a more standards and GRC focused discussion, covering:
This week in the enterprise security news,
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-384
Alright, so we dove deep into some pretty wild stuff this week. We started off talking about zip files inside zip files. This is a variation of old-school zip file tricks, and the latest method described here is still causing headaches for antivirus software. Then we geeked out about infrared signals and the Flipper Zero, which brought back memories of the TV-B-Gone. But the real kicker was our discussion on end-of-life software and the whole CVE numbering authority mess. Avanti's refusal to issue a CVE for their end-of-life product sparked a heated debate about cybersecurity accountability and conflicts of interest.
Ed Skoudis joins us to announce this year's Holiday Hack Challenge!
Segment Resources:
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-851
In this week's interview, Melinda Marks' joins us to discuss her latest research. Her recent report Modernizing Application Security to Scale for Cloud-Native Development delves into many aspects and trends affecting AppSec as it matures, particularly in cloud-first organizations.
We also discuss the fuzzy line between "cloud-native" AppSec and everything else that refuses to disappear, particularly for organizations that weren't born cloud-native and still have legacy workloads to worry about.
Integrating security into the SDLC and CI/CD pipelines, infrastructure as code (IaC) trends, best of breed vs platform, and other aspects of AppSec get discussed as well!
This week, in the Application Security News, we spend a lot of time on some recent vulnerabilities. We take this opportunity to talk about how to determine whether or not a vulnerability is worth a critical response.
Can AI fully automate DevSecOps Governance? Adrian has his reservations, but JLK is bullish.
Is it bad that 70% of DevSecOps professionals don't know if code is AI generated or not?
All that and more on this week's news segment.
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-307
Struwwelpeter, Krampus, Flutter, Apple, DLink, C++, Josh Marpet and more on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-430
Stress in cybersecurity is an industrywide problem. The CISO role is one of the most stressful in any organization. And the stress levels are at an all time high, leading to a mental health crisis. How should CISOs cope with this stress and improve their mental health?
Ram Movva, CEO & Founder at Securin, joins Business Security Weekly to discuss the CISO challenges leading to this increased stress and how to cope. Ram will discuss how networking, peer groups, and trusted partners can help CISOs deal with stress and improve their overall mental health.
In the leadership and communications segment, Managing Cybersecurity Stress: A Deep Dive into the 93% CISO Burnout Rate, How to Win at Cyber by Influencing People, Boost Your Team’s Productivity by Hiring Force Multiplier, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-372
Robo-Turing, BlueNoroff, Palo Alto, German Law, Fabric, Cisco, Banning Things, Aaran Leyland, and More, on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-429
CISOs struggle more with reactive budgets than CIOs or CTOs. It's not that part of the CISO's budget shouldn't be reactive, it's certainly necessary to an extent. The problem is when proactive measures suffer as a result. In this interview, we'll discuss some of the causes behind this and some strategies for breaking out of this loop.
This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelblue to learn more about them!
Is it a product or a feature? Is it DLP 4.0, or something legitimately new? Buy now, or wait for further consolidation?
There are SO many questions about this market. It's undeniably important - data hygiene and governance continues to be a frustrating mess in many organizations, but is this the solution? We'll discuss with Todd to find out.
In the enterprise security news,
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-383
We chatted with Kayne about education systems security, funding for cyber tools and services, and what the future of education might look like to fill more cyber roles.
In the news: Pacific Rim, Linux on Windows for attackers, one of the worst cases of a former employee's retaliation, Zery-Day FOMO, we predicted that, hacking for fun, working hard for no PoC, an LLM that discovers software vulnerabilities, absurd fines, long usernames and Okta, and paying a ransom with dough!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-850
Tariffs, Pygmy Goat, Schneider, SQLite and Dixie Flatline, Deepfakes, Military AI, Josh Marpet, and more on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-428
After spending a decade working for appsec vendors, Grant McKracken wanted to give something back. He saw a gap in the market for free or low-cost services for smaller organizations that have real appsec needs, but not a lot of means to pay for it. He founded DarkHorse, who offers VDPs and bug bounties to organizations of all sizes for free, or for as low of cost as possible.
While not a non-profit, the company's goal is to make these services as cheap as possible to increase accessibility for smaller or more budget-constrained organizations. The company has also introduced the concept of "fractional pentesting", access to cyber talent when and how you need it, based on what you can afford. This implies services beyond just offensive security, something we'll dive deeper into in the interview.
We don't see DarkHorse ever competing with the larger Bug Bounty platforms, but rather providing services to the organizations too small for the larger platforms to sell to.
Microsoft delays Recall AGAIN, Project Zero uses an LLM to find a bugger underflow in SQLite, the scourge of infostealer malware, zero standing privileges is easy if you have unlimited time (but no one does), reverse engineering Nintendo's Alarmo and RedBox's... boxes.
Bonus: the book series mentioned in this episode The Lost Fleet by Jack Campbell.
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-306
Merger and acquisition (M&A) activity in finally starting to pick up. Although the allure of financial gains and market expansion drives these deals, the digital age demands a rigorous assessment of cybersecurity risks accompanying such mergers. Unanticipated cyber issues, like dormant malware or inconsistent access controls, can transform an ideal transaction into a costly headache for the acquiring company post-merger.
So how do you assess the potential cyber risks of the transaction? Craig Davies, Chief Information Security Officer at Gathid, joins Business Security Weekly to review the five crucial cyber questions to ask before finalizing any deal. If you're in a merger or acquisition, or plan to merge or acquire another company, don't miss this episode.
In the leadership and communications segment, How to Find the Right CISO, New Security Leadership Style Needed for Stressed Workers, Combatting Human Error: How To Safeguard Your Business Against Costly Data Breaches, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-371
Recall III: the Re-Re-Recalling, Russia, Win 10, Phish n Ships, Midnight Blizzard, Emerald Whale, Rob Allen, and More, on this edition of the Security Weekly News.
Segment Resources: https://www.bleepingcomputer.com/news/security/unitedhealth-says-data-of-100-million-stolen-in-change-healthcare-breach/
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-427
The future is here! Imagine if you could get into the office, a datacenter, or even an apartment building as easily as you unlock your smartphone. Alcatraz AI is doing exactly that with technology that works similarly to how smartphones unlock using your face. It works in the dark, if you shave off your beard, and so quickly you don't even need to slow down for the scan - you can just keep on walking.
We don't often cover physical security, so this interview is going to be a treat for us. There are SO many questions to ask here, particularly for our hosts who have done physical penetration tests, social engineering, and tailgating in the past to get past physical security measures.
This week, in the enterprise security news:
All that and more, on this episode of Enterprise Security Weekly.
Segment description coming soon!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-382
We had the pleasure of finally having Dave Lewis on the show to discuss shadow IT and security debt. Dave shared some fascinating insights from his long career in cybersecurity, emphasizing the importance of addressing fundamental security issues and the human aspect of security. We delved into the challenges of managing shadow IT, the complexities of security debt, and the need for organizations to prioritize security practices. Overall, it was a great conversation that highlighted the ongoing struggles in our industry and the importance of learning from past mistakes to build a more secure future.
Google's cookie encryption drama, Microsoft accusing Google of shady antitrust tactics, AI shenanigans, the rejected Defcon talk and hacking traffic lights, vulnerabilities in Realtek SD card readers, the never-ending debate on quantum computing vs. cryptography, backdoors are not secrets and where we are pushing attackers, firmware leakage, more on Windows Downgrade (and UEFI locks), super nerdy Linux things, EDR is dead, well not really but more on how to make it not phone home, bypassing memory scanners, couple of Bluetooth hacking things, and a really awesome article about an IoT 0-Day that is no longer on the Internet.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-849
Halloween, TikTok Rip Off, Telcos, Win 11, Five Eyes, AWS, France, ChatGPT, and more on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-426
In the leadership and communications segment, The CISO Mindset: A Strategic Guide for Aspiring CEOs and The Board Members, The Top Strategy to Earn More Respect at Work: A Leadership Expert’s Proven Method, The Problem with Mandating Office Presence Without Purpose, and more!
Identity continues to be one of the most used attack vectors by cybercriminals. From phishing to credential stuffing to password spraying – threat actors are finding new ways to infiltrate systems and cause costly problems to companies. David Bradbury, Chief Security Officer at Okta, joins Security Weekly's Mandy Logan to discuss today's threat landscape, what he’s seeing across Okta and our customers and what security leaders need to know about identity threats to stay one step ahead of threat actors today.
Segment Resources: https://www.okta.com/oktane/ https://www.okta.com/press-room/press-releases/okta-openid-foundation-tech-firms-tackle-todays-biggest-cybersecurity/
Though 75% of cybersecurity professionals say the threat landscape today is the most challenging they’ve seen in the last five years, cutbacks on the cybersecurity workforce and widening skills gaps are creating challenges for the industry. It is becoming harder to find people with the right skills to meet growing and evolving needs. Erin Baudo Felter, Vice President, Social Impact & Sustainability at Okta, joins Security Weekly's Mandy Logan to discuss the widening cybersecurity skills gap and the initiatives Okta has in place to help companies develop, recruit and retain talent within the cybersecurity workforce.
Segment Resources: https://www.okta.com/oktane/
This segment is sponsored by Oktane, to view all of the CyberRisk TV coverage from Oktane visit https://securityweekly.com/oktane.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-370
Better TLS implementations with Rust, fuzzing, and managing certs, appsec lessons from the everlasting transition to IPv6, LLMs for finding vulns (and whether fuzzing is better), and more!
Also check out this presentation from BSides Knoxville that we talked about briefly, https://youtu.be/DLn7Noex_fc?feature=shared
Generative AI has been the talk of the technology industry for the past 18+ months. Companies are seeing its value, so generative AI budgets are growing. With more and more AI agents expected in the coming years, it’s essential that we are securing how consumers interact with generative AI agents and how developers build AI agents into their apps. This is where identity comes in. Shiven Ramji, President of Customer Identity Cloud at Okta, will dive into the importance of protecting the identity of AI agents and Okta’s new security tools revealed at Oktane that address some of the largest issues consumers and businesses have with generative AI right now.
Segment Resources: https://www.okta.com/oktane/ https://www.okta.com/press-room/press-releases/okta-helps-builders-easily-implement-auth-for-genai-apps-secure-how/
Today, there isn’t an identity security standard for enterprise applications that ensures interoperability across all SaaS and IDPs. There also isn’t an easy way for an app, resource, workload, API or any other enterprise technology to make itself discoverable, governable, support SSO and SCIM and continuous authentication. This lack of standardization is one of the biggest barriers to cybersecurity today. Arnab Bose, Chief Product Officer, Workforce Identity Cloud at Okta, joins Security Weekly's Mandy Logan to discuss the need for a new, comprehensive identity security standard for enterprise applications, and the work Okta is doing alongside other industry players to institute a framework for SaaS companies to enhance the end-to-end security of their products across every touchpoint of their technology stack.
Segment Resources: https://www.okta.com/oktane/ https://www.okta.com/press-room/press-releases/okta-openid-foundation-tech-firms-tackle-todays-biggest-cybersecurity/ https://www.okta.com/press-room/press-releases/okta-is-reducing-the-risk-of-unmanaged-identities-social-engineering/
This segment is sponsored by Oktane, to view all of the CyberRisk TV coverage from Oktane visit https://securityweekly.com/oktane.
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-305
Tourist Abuse, Fortis, apps, TLP, AWS, Google, Chatbots, Aaran Leyland, and More, on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-425
Ever heard someone say, "the attacker only has to be right once, but the defender has to get it right every time"? On this episode, we'll dispel that myth. There is some truth to the saying, but only with regards to initial access to the target's environment. Once on the inside, the attacker's advantage flips to the defender. Call it the 'Home Alone' effect. Or the Goonies effect? Die Hard? So many movie metaphors work here!
The conversation isn't just about setting traps for attackers, however, there's also a conversation to have about fundamentals and ensuring practitioners are prepared for whatever attackers might throw at them. This segment is inspired by the essay from Lenny by the same name: Transform the Defender’s Dilemma into the Defender’s Advantage
The vast majority of the folks working polls and elections are volunteers. This creates a significant training challenge. Not only do they have to learn how to perform a complex and potentially stressful job in a short amount of time (most training is one day or less), cybersecurity-related concerns are usually not included for individual poll location and election workers.
Kirsten Davies has a passion project that attempts to solve this, with some concise, accessible, and straightforward training material. It is made available through two PDFs on her new organization's website, instituteforcybercivics.org.
Customer Identity is everywhere. It's powering secure experiences for billions - enabling people to check their luggage at the airport, watch their favorite Major League Soccer games, or take their favorite Peloton class. Because it’s everywhere, threat actors now see customer identity as a path to financial gain. Bots now make up nearly 50% of all internet traffic and are being used to steal sign-up bonuses or breach accounts. And cybercriminals are bypassing the login box completely, stealing authenticated session cookies at record rates. Bhawna Singh. Chief Technology Officer of Customer Identity Cloud at Okta joins host Mandy Logan, from Security Weekly, to discuss the current state of customer identity, what developers need to know about securing their applications and what Okta is doing to help developers build applications that decipher a human from a bot.
Segment Resources: https://www.okta.com/oktane/ https://www.okta.com/press-room/press-releases/okta-helps-builders-easily-implement-auth-for-genai-apps-secure-how/
Whether it’s phishing techniques, password spraying, or social engineering, security leaders today are constantly needing to see past blindspots, educate their workforces, and rethink the enterprise security checklist. Many companies, like Okta, are finding ways to incorporate security within their company culture, as every employee has a role to play in keeping a company secure. Charlotte Wylie, Deputy CSO at Okta, joins Security Weekly's Mandy Logan to discuss what security leaders are being challenged with today when it comes to securing their workforce and from experience with implementing Okta’s Secure Identity Commitment how companies can be prioritizing security within their culture to help prevent threat actors from taking advantage of the weakest link.
Segment Resources: https://www.okta.com/blog/2024/08/how-okta-fosters-a-security-culture/ https://www.okta.com/press-room/press-releases/okta-openid-foundation-tech-firms-tackle-todays-biggest-cybersecurity/
This segment is sponsored by Oktane. Visit https://securityweekly.com/oktane2024 and use discount code OKTNSC24 to pay only $100 for your full conference pass!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-381
Andy drops some Microsoft Windows and 365 knowledge as we discuss the details on how we get to secure by default in our Windows and cloud environments.
This week: The USB Army Knife that won't break the budget, I don't want to say EDR is useless (but there I said it), Paul's list of excellent hacking tips, FortiJump - an RCE that took a while to become public, do malware care if it's on a hypervisor?, MicroPython for fun and not for hacking?, an unspecified vulnerability, can you exploit speculative execution bugs?, scanning the Internet and creating a botnet by accident.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-848
Doom on a Human Brain, E2EE, OT, Adload, Cisco, VMware, Internet Archive, Josh Marpet, and more on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-424
Getting C-Suite execs aligned on cyber resilience and cybersecurity can be a challenge. LevelBlue's recent Futures™️ report sought to uncover the barriers that prevent companies from achieving cyber resilience in the enterprise today. The report not only surveyed C-Suite execs (CIOs, CTOs, and CISOs), but non-C-Suite leaders from engineering and architecture roles as well.
Segment Resources:
This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelblue to learn more about them!
In the leadership and communications section, Joe Sullivan: CEOs must be held accountable for security too, More tech chiefs have success measured by profitability, cost management, Is Your Career Heading in the Right Direction?, and more.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-369
Building cloud native apps doesn't mean you're immune to dealing with legacy systems. Cloud services have changed significantly over the last decade, both in the security controls available to them and the sheer volume of services that CSPs provide. Scott Piper shares some history of cloud security, the benefits of account separation, and how ratcheting security helps orgs stay on a paved path.
Segment resources:
Flaws that arise from inconsistent parsing of JSON and email addresses, CISA's guide to bad software practices, abusing a security disclosure process to take over a WordPress plugin, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-304
Stealing Pencils, Kubernetes, Passkeys, SolarWinds, Intel, North Koreans, Sextortion, and More, on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-423
Secure by design is more than just AppSec - it addresses how the whole business designs systems and processes to be effective and resilient. The latest report from LevelBlue on Cyber Resilience reveals security programs that are reactive, ill-equipped, and disconnected from IT and business leaders.
Most security problems are out of security teams' hands. Addressing them requires input, buy-in, and action from business leaders and IT. Security cannot afford to be separate from the rest of the organization.
In this interview, we'll discuss how we could potentially solve some of these issues with Theresa Lanowitz from LevelBlue.
Segment Resources:
This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelblue to learn more about them!
Implementing SASE can be tricky and onerous, but it doesn't have to be. Today, we discuss Unified SASE as a Service with Renuka Nadkarni, Chief Product Officer at Aryaka. Particularly, how can Unified SASE make both networking and security more flexible and agile?
IT and security professionals need to ensure secure and performant applications and data access to all users across their distributed global network without escalating cost, risk or complexity, or sacrificing user experience.
This segment is sponsored by Aryaka. Visit https://securityweekly.com/aryaka to learn more about them!
Finally, in the enterprise security news,
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-380
New security and vulnerability research is published every day. How can security teams get ahead of the curve and build architecture to combat modern threats and threat actors? Tune-in to a lively discussion about the threat landscape and tips on how to stay ahead of the curve.
Segment Resources: https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server
Air gaps are still not air gapped, making old exploits new again, chaining exploits for full compromise, patching is overrated, SBOMs are overrated, VPNs are overrated, getting root with a cigarette lighter, you can be any user you want to be, in-memory Linux malware, the Internet Archive is back, we still don't know who created Bitcoin, unhackable phones, and There's No Security Backdoor That's Only For The "Good Guys" !
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-847
Looking at vulnerable code in Ivanti (Perl) and Magento (PHP), fuzzing is perfect for parsers, handling tenant isolation when training LLMs, Microsoft's small steps towards secure design, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-303
AI Stego, uBlock, PPTP, Log4J rises again, Command Jacking, Windows 10, Principal Skinner's Feet, Josh Marpet, and more on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-422
In today’s uncertain macroeconomic environment, security and risk leaders need practical guidance on managing existing spending and new budgetary requests. Jeff Pollard, Vice-President, Principal Analyst on the Security and Risk Team at Forrester Research, joins Business Security Weekly to review Forrester's Budget Planning Guide 2025: Security And Risk. This data-driven report provides spending benchmarks, insights, and recommendations that will keep you on budget while still mitigating the most critical risks facing your organization. Jeff will cover which areas to invest, divest, and experiment, but you'll have to listen to get the details.
In the leadership and communications segment, The CEO’s Role in Setting Tone at the Top, CISOs, C-suite remain at odds over corporate cyber resilience, Warren Buffett's Secret To Success? Run It 'Like A Small Family Business,' Says One Of His CEOs, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-368
Cybercab, Golden Jackal, Mamba 2FA, Multi Microsoft, iPhone thieves, esims, Aaran Leyland, and More, on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-421
For this interview, Ben from CyberNest joins us to talk about one of my favorite subjects: information sharing in infosec. There are so many amazing skills, tips, techniques, and intel that security professionals have to share. Sadly, a natural corporate reluctance to share information viewed as privileged and private has historically had a chilling effect on information sharing.
We'll discuss how to build such a community, how to clear the historical hurdles with information sharing, and how to monetize it without introducing bias and compromising the integrity of the information shared.
Aaron was already a skilled bug hunter and working at HackerOne as a triage analyst at the time. What he discovered can't even be described as a software bug or a vulnerability. This type of finding has probably resulted in more security incidents and breaches than any other category: the unintentional misconfiguration.
There's a lot of conversation right now about the grey space around 'shared responsibility'. In our news segment later, we'll also be discussing the difference between secure design and secure defaults. The recent incidents revolving around Snowflake customers getting compromised via credential stuffing attacks is a great example of this. Open AWS S3 buckets are probably the best known example of this problem. At what point is the service provider responsible for customer mistakes? When 80% of customers are making expensive, critical mistakes? Doesn't the service provider have a responsibility to protect its customers (even if it's from themselves)?
These are the kinds of issues that led to Aaron getting his current job as Chief of SaaS Security Research at AppOmni, and also led to him recently finding another common misconfiguration - this time in ServiceNow's products. Finally, we'll discuss the value of a good bug report, and how it can be a killer addition to your resume if you're interested in this kind of work!
Segment Resources:
In the enterprise security news,
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-379
"Code of Honor: Embracing Ethics in Cybersecurity" by Ed Skoudis is a book that explores the ethical challenges faced by cybersecurity professionals in today's digital landscape. The book delves into the complex moral dilemmas that arise in the field of cybersecurity, offering guidance on how to navigate these issues while maintaining integrity. The authors provide practical advice and real-world examples to help readers develop a strong ethical framework for decision-making in their cybersecurity careers.
Segment Resources:
Get ready for a wild ride in this week's podcast episode, where we dive into the latest security shenanigans!
Tune in for all this and more as we navigate the wild world of security news with a wink and a nudge!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-846
Zed Attack Proxy has been a crucial web app testing tool for decades. It's also had a struggle throughout 2024 to obtain funding that would enable the tool to add more features while remaining true to its open source history. Simon Bennetts, founder of ZAP, and Ori Bendet from Checkmarx update us on that journey, share some exploration of LLM fuzzing that ZAP has been working on, and what the future looks like for this well-loved project.
Segment Resources:
The many lessons to take away from a 24-year old flaw in glibc and the mastery in crafting an exploit in PHP, changing a fuzzer's configuration to find more flaws, fuzzing LLMs for prompt injection and jailbreaks, security hardening of baseband code, revisiting the threat models in Microsoft's Recall, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-302
AI Fest, American Water, Broadband, Claroty, Okta, Meta, Phishing, Robocop, Josh Marpet, and more on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-420
Does the CISO need to act like a politician? Negotiating budgets, communicating risks, and selling your strategy across the organization does sound a little like a politician. And if that's the case, are you hiring the right campaign staff?
Kush Sharma, former CISO for CPR, City of Toronto, and Saputo, joins Business Security Weekly to discuss why you should run your security program like an election campaign. Kush will discuss the other positions you need to hire, not just the technical positions, to help you budget, communicate, and sell your strategy. A politician can't do it all by themself, so why should a CISO?
In the leadership and communications segment, PwC Urges Boards to Give CISOs a Seat at the Table, CISO Salary Surge: Fewer Job Changes, Bigger Paychecks for Experienced Cybersecurity Leaders, Fostering a cybersecurity-first culture: Key leadership insights for building resilient businesses, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-367
Perfctl, Warm Cookie, Pig Butchering, Ivanti, Zimbra, BabyLockerKZ, AI gone Wild, Aaran Leyland, and More, on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-419
Our latest in a series of interviews discussing cybersecurity career paths, today we talk to Jayson Grace his path into cybersecurity and his experience building red teams at national labs and purple teams at Meta. We also talk about his community impact, giving talks and building open source tools. Jayson just left Meta for an AI safety startup named Dreadnode, which we'll discuss as well.
Segment Resources:
This week in the enterprise security news, we've got:
All that and more, on this episode of Enterprise Security Weekly!
The way we use browsers has changed, so has the way we need to secure them. Using a secure enterprise browser to execute content away from the endpoint, inside a secure cloud browser is a dramatically more effective and cost-effective approach to protect users and secure access.
This segment is sponsored by Menlo Security. Visit https://securityweekly.com/menloisw to learn more about them!
Sevco is a cloud-native vulnerability and exposure management platform built atop asset intelligence to enable rapid risk prioritization, mitigation, validation, and metrics.
Segment Resources: Customer Testimonials: https://www.sevcosecurity.com/testimonials/ Product Videos: https://www.sevcosecurity.com/sevcoshorts/
This segment is sponsored by Sevco Security. Visit https://securityweekly.com/sevcoisw to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-378
This episode of Paul Security Weekly features John Hammond, a senior security researcher from Huntress, discussing malware analysis. Hammond dives into the analysis of Ocean Lotus attacks, highlighting the use of stealthy techniques like alternate data streams and DLL side-loading. The conversation also touches on the challenges of combating attackers who leverage ‘bring your own vulnerable driver’ techniques to gain kernel-level privileges. The hosts discuss the need for secure-by-default configurations and the ongoing struggle to combat attackers who exploit vulnerabilities. The episode concludes with a discussion on how to improve the security of the industry.
Segment Resources:
Automated tank gauges are leaking more than just fuel, while CUPS is serving up a steaming hot brew of vulnerabilities. Meanwhile, Supermicro's BMC firmware is giving away root access like it's going out of style. If you thought your Kia was safe, think again - all it takes is a license plate and 30 seconds to turn your car into a hacker's joyride. China's been busy building a massive IoT botnet called Raptor Train. It's been chugging along undetected for four years. NIST has decided that your password doesn't need to be a cryptographic masterpiece anymore. No more special characters or arbitrary changes - just make it long and don't use "password123". A Texas hospital is playing a game of "hot potato" with ambulances thanks to a ransomware attack. More thoughts on known exploited vulnerabilities, firmware unpacking tools lowdown, Aruba, Bahama, come-on command injection, and kids changing the name of their school!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-845
More remote car control via web interfaces, an RCE in CUPS, Microsoft reduces attack surface, migrating to memory safety, dealing with dependency confusion, getting rid of password strength calculators, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-301
Death Stars are not real or are they?, Recall, Microsoft, Brocade, AI and More and More AI, Josh Marpet, and more on the Cyber Security News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-418
The zero-trust security model has been billed as an ultra-safe defense against emerging, unrecognized and well-known threats. Unlike perimeter security, it doesn't assume people inside an organization are automatically safe. Instead, it requires every user and device -- inside and out -- to be authorized before any access is granted. Sounds enticing, but deployments require major architectural, hardware, and software changes to be successful.
Rob Allen, Chief Performance Officer at ThreatLocker, joins Business Security Weekly to discuss how their Zero Trust Endpoint Protection Platform can start to help you attain Zero Trust from your endpoints by:
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!
In the leadership and communications segment, Underfunding And Leadership Gaps Weaken Cybersecurity Defenses, A Self-Care Checklist for Leaders, Senate bill eyes minimum cybersecurity standards for health care industry, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-366
Passwords, CUPS, KIA, Gilbert Gottfried, Salt Typhoon, Rob Allen from ThreatLocker, and More on the Security Weekly News.
Segment Resources: https://www.bleepingcomputer.com/news/security/hackers-deploy-ai-written-malware-in-targeted-attacks/
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-417
The SIEM market has undergone some significant changes this summer. This is a great opportunity to talk about the current state of SIEM! In this conversation, we'll discuss:
Both Seth and Adrian have a long history when it comes to SIEMs, so this conversation will be packed with anecdotes, stories, and lessons learned!
This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about them!
We've been hearing a lot lately about how the talent gap in cybersecurity is much more complex than some folks have been making it out to be. While making six figures after going through a six week boot camp might be overselling the cybersecurity job market a bit, it is definitely a complex space with lots of opportunities.
Fortunately, we have folks building passion projects like My Cyber Path. When Jason transitioned into cyber from the military, he took note of the path he took. He also noticed how different the path was for many of his peers. Inspired by NIST NICE and other programs designed to help folks get a start in cyber, he created My Cyber Path.
My Cyber Path has a very organized approach. There are 12 paths outlined, which fall into 4 main areas. After taking a personality test, this tool suggests the best paths for you. Hmmm, this sounds a lot like the sorting hat in Harry Potter, and there are 4 "houses" you could get put into... coincidence?
Segment Resources: My Cyber Path has a free account where people can get matched to a cybersecurity work role based on their interests and personality traits and get access to free areas in the platform without having to save a credit card.
In the Enterprise News, the hosts discuss various trends and challenges in the cybersecurity landscape, including the evolution of terminology, funding trends, the emergence of new startups, and the impact of AI on security practices. They also explore the challenges faced by CISOs, the importance of humor in the industry, and the future of quantum readiness. The conversation highlights the need for clarity in cybersecurity messaging and the potential for consolidation in the market.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-377
This week in the security news, Dr. Doug and Larry explore various technological advancements and their implications with a healthy dose of nostalgia, particularly focusing on health monitoring through Wi-Fi signals, the misconceptions surrounding 5G connectivity, the importance of understanding internet speed needs, and the cybersecurity threats facing water systems. They also discuss the potential chaos that could arise from infrastructure failures and the vulnerabilities present in automated tank gauges, emphasizing the need for better asset management and security measures.
Kayla Williams, Chief Security Information Officer at Devo, discussed the role of AI in cybersecurity and the ongoing issue of burnout for SOC analysts. Working with Wakefield Research, Devo discovered that 83% of IT professionals feel burnt out due to stress, lack of sleep, and anxiety. Many also report that their burnout leads to breaches.
This segment is sponsored by Devo . Visit https://securityweekly.com/devo to learn more about them!
Segment Resources: SOC Analyst Appreciation Day: https://www.socanalystday.com/ Kayla's LinkedIn: https://www.linkedin.com/in/kaylamwilliams1/
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-844
C3pbot, Kaspersky, Octo2 Electric Boogaloo, Honkai: Star Rail, ServiceNow, LinkedIn, IoT, Josh Marpet, and more on the Cyber Security News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-416
APIs are essential to modern application architectures, driving rapid development, seamless integration, and improved user experiences. However, their widespread use has made them prime targets for attackers, especially those deploying sophisticated bots. When these bots exploit business logic, they can cause considerable financial and reputational damage. In this discussion, David Holmes offers insights into the latest trends in API and bot attacks and provides strategies to defend against these threats.
Segment Resources:
This segment is sponsored by Imperva. Visit https://www.securityweekly.com/imperva to learn more about them!
In the news, fuzzing network traffic in OpenWRT, parsing problems lead to GitLab auth bypass, more fuzzing finds vulns in a JPEG parser, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-300
In the leadership and communications segment, CISA Releases Cyber Defense Alignment Plan for Federal Agencies, UnitedHealth Group CISO: We had to ‘start over’ after Change Healthcare attack, 20 Essential Strategies for Leadership Development Success, and more!
AI is bringing productivity gains like we’ve never seen before -- with users, security teams and developers already reaping the benefits. However, AI is also bolstering existing threats to application security and user identity -- even enabling new, personalized attacks to emerge.
Shiven Ramji, President of Customer Identity at Okta, joins Business Security Weekly to discuss how AI is changing app authentication and authorization for developers and security teams. With traditional and AI-powered applications facing more complex security challenges, companies need to explore new ways to protect their end users while also creating seamless customer experiences – and that starts with Identity.
Segment Resources: https://developerday.com/ https://www.okta.com/customer-identity/
This segment is sponsored by Okta. Visit https://www.securityweekly.com/okta to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-365
Shroombots, pagers, Tor, Raptor Train, GRU, Blue Light, Aaran Leyland, and More on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-415
A month ago, my friend Wolfgang Goerlich posted a hot take on LinkedIn that is less and less of a hot take these days.
He posted, "our industry needs to kill the phish test",and I knew we needed to have a chat, ideally captured here on the podcast.
I've been on the fence when it comes to phishing simulation, partly because I used to phish people as a penetration tester. It always succeeded, and always would succeed, as long as it's part of someone's job to open emails and read them. Did that make phishing simulation a Sisyphean task? Was there any value in making some of the employees more 'phishing resistant'?
And who is in charge of these simulations? Who looks at a fake end-of-quarter bonus email and says, "yeah, that's cool, send that out."
Segment Resources:
In this episode, we explore some compelling reasons for transitioning from traditional SOAR tools to next-generation SOAR platforms. Discover how workflow automation and orchestration offers unparalleled speed and flexibility, allowing organizations to stay ahead of evolving security threats. We also delve into how advancements in AI are driving this shift, making new platforms more adaptable and responsive to current market demands.
Segment Resources:
This segment is sponsored by Tines. Visit https://securityweekly.com/tines to learn more about them!
This week, the cybersecurity industry's most basic assumptions under scrutiny. Following up our conversation with Wolfgang Goerlich, where he questions the value of phishing simulations, we discuss essays that call into question:
Also some whoopsies:
Fortinet has a breach, but is it really accurate to call it that?
Some Coalfire pentesters that were arrested in Iowa 5 years ago share some unheard details about the event, and how it is still impacting their lives on a daily basis five years later.
The news this week isn't all negative though! We discuss an insightful essay on detection engineering for managers from Ryan McGeehan is a must read for secops managers.
Finally, we discuss a fun and excellent writeup on what happens when you ignore the integrity of your data at the beginning of a 20 year research project that resulted in several bestselling books and a Netflix series!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-376
Apple drops a lawsuit to avoid exposing secrets, what does it mean for the security industry if MS locks down the kernel?, exploding pagers, more things from the past: Adobe Flash exploits, robots get rid of your data, PKFail is still a thing, Android TV malware is back: now with conspiracy theories, DMA attacks, gamers are not nation-state attackers, the story of a .MOBI Whois server, a better bettercap, and when not to trust video baby monitors.
Gain insights into the CISA KEV straight from one of the folks at CISA, Tod Beardsley, in this episode of Below the Surface. Learn how KEV was created, where the data comes from, and how you should use it in your environment.
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-843
When a conference positioned as a day of security for developers has to be canceled due to lack of interest from developers, it's important to understand why there was so little interest and why appsec should reconsider its approach to awareness. Dustin Lehr discusses how appsec can better engage and better deliver security concepts in a way that makes developers not only feel like their time is well used, but that the content appeals to them.
Segment Resources: - The Security Champion Program Success Guide -- A free guide that includes all steps necessary to build a successful security champion program, with real-world recommendations and examples: https://securitychampionsuccessguide.org/ - Let's Talk Software Security -- A free global virtual community where we host monthly open discussions on appsec topics: https://www.meetup.com/lets-talk-software-security/
In the news, a takeover of the MOBI TLD for $20, configuring an LLM for a CTF, firmware flaw in an SSD, Microsoft talks kernel resilience, six truths of cyber risk quantification, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-299
Back to the office serfs, Void Banshee, ServiceNow, Taiwan, Dlink, C++, Aaran Leyland, and more on this Edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-414
Cybersecurity is complex. We have threats, vulnerabilities, incidents, controls, risks, etc. But how do they all connect together to drive a cyber risk program? As an industry, we've struggled for 20+ years trying to boil this ocean. Maybe we've been going about it the wrong way.
Padraic O'Reilly, Founder and Chief Innovation Officer at CyberSaint, joins Business Security Weekly to discuss how AI can help us solve the cybersecurity data problem. Starting with simple mappings from risks to controls, CyberSaint is flipping the cyber risk management problem on it's head. Instead of working from the bottom up, CyberSaint is tackling the problem from the top down. Padraic will discuss how CyberSaint is using AI, practical AI, to address the complexities of cybersecurity data, including:
This segment is sponsored by CyberSaint . Visit https://securityweekly.com/cybersaint to learn more about them!
In the leadership and communications segment, Why Companies Should Consolidate Tech Roles in the C-Suite, End of an era: Security budget growth slows down, Global cybersecurity workforce growth flatlines, stalling at 5.5M pros, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-364
Through the Fire and Li-On Flames, Lazarus, Whatsup, Scattered Spider, Hadooken, Dead People, Aaran Leyland, and More on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-413
This week, in the enterprise security news,
We are a month away from Oktane -- the biggest identity event of the year. Okta is bringing thousands of identity industry thought leaders, IT and security executives, and other tech leaders together on October 15-17 to discuss the changing landscape for security and identity, how organizations are putting identity first, new Okta products, and more. Harish Peri, Senior Vice President of Product Marketing, joins Enterprise Security Weekly to discuss what people should expect from Oktane this year, the conversations that will take place at the event and why it’s important for security professionals to attend/tune in.
This segment is sponsored by Oktane. Visit https://securityweekly.com/oktane2024 and use discount code OKTNSC24 to pay only $100 for your full conference pass!
Ever wondered what it's like to be responsible for the cybersecurity of a sports team? How about when that sports team is one of the world's most successful Formula One teams? I can't describe how excited we are to share this interview. This interview is basically two huge F1 nerds who happen to also be cybersecurity veterans asking everything they've always wanted to know about what it takes to secure an F1 team.
For the folks out there that aren't familiar with this sport, Formula One is arguably the fastest, most watched, and most international automotive racing sport today. In the 2024 season, the racing series will feature ten teams traveling to 24 race tracks located in 21 different countries. Also, did you know that only two countries get more than one race? Italy gets to host two Grand Prix, and the United States gets to host three.
A HUGE thanks to Keeper Security and Darren Guccione for making this interview possible. This isn't a sponsored interview, but it was Keeper's PR team that pitched the idea for this interview to us, and as F1 fans, we're super grateful they did!
Segment Resources:
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-375
Lee comes on the show to discuss:
Don't tell the FCC there is a new Flipper firmware release, unpatchable?, argv[0] and sneaking past defenses, protect your registries, someone solved my UART RX problem, PKFail update, legal threats against security researchers documented, EDR bypass whack-a-mole continues, emulating PIs, VScode moonlights as a spy, Want to clone a YubiKey? All you need is $11,000, some fancy gear, and awkwardly close proximity to your victim, and Telegram’s encryption: it’s kinda like putting a 'Keep Out' sign but leaving the door unlocked.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-842
AI Trucks, Solid Concrete, Sonicwall, Progress, Rust, Apple, and more, on this Edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-412
Considerations in paying down tech debt, make Rust work on bare metal, ECDSA side-channel in Yubikeys, trade-offs in deploying SSO quickly, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-298
Cybersecurity resilience, different from cyber resilience, is critical as threats grow in frequency and complexity. With digital innovation driving business, cybersecurity resilience is essential for maintaining stakeholder trust and compliance. But where do you start?
Theresa Lanowitz, Chief Evangelist at LevelBlue, joins Business Security Weekly to discuss how to align cybersecurity and the business, including the need to:
This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelblue to learn more about them!
In the leadership and communications segment, Blind Spots in the C-Suite & Boardroom, Evolving Cybersecurity: Aligning Strategy with Business Growth, How to Lead Like a Coach, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-363
Check out this episode from the SWN Vault, hand picked by main host Doug White! This SDL episode was initially published on August 9, 2017.
Doug explains the basics of how IP Addresses work, with help from Doug in an alternate dimension. Beware of the terminator!
Show Notes: https://securityweekly.com/vault-swn-20
Check out this episode from the ESW Vault, hand picked by main host Adrian Sanabria! This episode was initially published on April 21 2023.
Quantum computers are scaling rapidly. Soon, they will be powerful enough to solve previously unsolvable problems. But they come with a global challenge: fully-realized quantum computers will be able to break some of the most widely-used security protocols in the world. Dr. Vadim Lyubashevsky will discuss how quantum-safe cryptography protects against this potential future.
Segment Resources:
IBM Quantum Safe: https://www.ibm.com/quantum/quantum-safe IBM scientists help develop NIST’s quantum-safe standards: https://research.ibm.com/blog/nist-quantum-safe-protocols Government and industry experts recommend moving to quantum-safe cryptography: https://research.ibm.com/blog/economist-quantum-safe-replay
Show Notes: https://securityweekly.com/vault-esw-16
Exploring the Hacking Landscape with Mark Loveless, AKA SimpleNomad
Dive into the intricate world of cybersecurity with our featured guest, Mark Loveless, widely known by his handle SimpleNomad. With a rich history in the realm of information security, Mark is a seasoned professional, researcher, and thought leader.
Mark's journey spans decades, marked by a commitment to uncovering vulnerabilities and understanding the ever-changing threat landscape. As a prominent figure in the cybersecurity community, he has contributed significantly to the field, sharing insights, research findings, and expertise.
Join us in this podcast interview as Mark reflects on his experiences, discusses the evolution of cybersecurity challenges, and shares his perspectives on emerging trends. With a deep understanding of both offensive and defensive security, Mark brings a unique perspective to the conversation, offering valuable insights into the strategies and tactics employed by cybersecurity professionals.
As a respected voice in the industry, Mark Loveless has not only witnessed the evolution of cybersecurity but has actively shaped its trajectory through his contributions to research, writing, and speaking engagements. This episode provides a rare opportunity to gain knowledge from a cybersecurity veteran and explore the nuances of an ever-expanding digital landscape.
Tune in to discover the wisdom and experiences that have defined Mark Loveless's career and gain a deeper understanding of the complexities and challenges inherent in the world of cybersecurity.
Show Notes: https://securityweekly.com/vault-psw-12
Check out this episode from the SWN Vault, hand picked by main host Doug White! This SDL episode was initially published on November 8, 2017.
What is encryption anyway? Doug and Russel explain symmetric encryption, asymmetric encryption, and how crypto gets broken!
Show Notes: https://securityweekly.com/vault-swn-19
Check out this episode from the BSW Vault, hand picked by main host Matt Alderman! This episode was initially published on November 29, 2022.
Todd Fitzgerald, author of CISO Compass and host of CISO Stories, joins BSW to share his top leadership lessons from the first 100 episodes of CISO Stories. Todd interviews CISOs and gains insights into their challenges and how they are solving them. Don't miss this recap!
View CISO Stories podcast episodes here: https://www.scmagazine.com/podcast-show/the-ciso-stories-podcast
Show Notes: https://securityweekly.com/vault-bsw-13
Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on May 9, 2023.
What does software resilience mean? Why is status quo application security unfit for the modern era of software? How can we move from security theater to security chaos engineering? This segment answers these questions and more.
Segment Resources:
Book -- https://securitychaoseng.com
Blog -- https://kellyshortridge.com/blog/posts/
Show Notes: https://securityweekly.com/vault-asw-13
Larry and Helen walk us through the AI supply chain landscape. Learn what goes into building and using AI models and the dangers that could lurk within.
Segment Resources:
This week: I want all the firmware, its not just TP-Link, CVEs for malware, BLE and your health, faking your own death, serial ports, stealthy Linux malware, call this number, finding all the Wordpress plugin vulnerabilities!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-841
Daleks, AVTECH, Palo Alto, VMWARE, Travel, California AI Dreamin', Aaran Leyland, and More on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-411
The top priority on the CIS Critical Security Controls list has never changed: inventory and control of enterprise assets. Yet it remains one of the most challenging controls to implement, much less master. The refrain, "you can't secure what you don't know about" is as old as information security itself.
Complicating this task is the fact that improving asset management isn't an aspiration unique to the security team. IT, finance, facilities, and other groups within large enterprises are concerned with this as well. This often leads to challenges: should all these groups attempt to standardize on one common asset database or CMDB? Or should security go their own way, and purchase their own asset management tool?
Answering these questions would be a lot easier if we had someone with an IT asset management (ITAM) perspective, and fortunately, we do! Jeremy Boerger of Boerger Consulting joins us to help us understand the IT perspective, so we can understand if there are opportunities for security and IT to help each other out, or at least find some common ground!
Boerger Consulting Resources:
I often say that it isn't the concepts or ideas in cybersecurity that are bad, but the implementations of them. Sometimes the market timing is just wrong and the industry isn't ready for a particular technology (e.g. enterprise browsers). Other times, the technology just isn't ready yet (e.g. SIEMs needed better database technology and faster storage). Since the ideas are solid, we see these concepts return after a few years.
Application allowlisting is one of these product categories. Threatlocker has been around since 2017 and is now a late stage startup that has achieved market fit. We chat with the company's CEO and founder, Danny Jenkins to find out how they learned from the mistakes made before them, and differentiate from the technology some of us remember from the late 2000s and early 2010s.
Segment Resources:
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!
In this interview, Maor Bin, CEO and Co-Founder of Adaptive Shield, discusses the evolving landscape of SaaS Security. He highlights the challenges posed by the security gap resulting from the rapid adoption of SaaS applications and why SaaS security is beyond just misconfiguration management.
Segment Resources: https://www.adaptive-shield.com/landing-page/the-annual-saas-security-survey-report-2025-ciso-plans-and-priorities/
This segment is sponsored by Adaptive Shield. Visit https://securityweekly.com/adaptiveshieldbh to download the Annual SaaS Security Survey Report!
Cybersecurity professionals are often confronted with ethical dilemmas that need to be carefully navigated. In 25 years of teaching incident handling and penetration testing, Ed has often been asked by his students for help in ethical decision-making. Ed will share some of their questions and his recommended approaches for addressing them. Ed also has a new book out, The Code of Honor, about cybersecurity ethics. All proceeds go to scholarships for college students.
Segment Resources: 1) Ed's book, published June 18, 2024: https://www.amazon.com/Code-Honor-Embracing-Ethics-Cybersecurity/dp/1394275862/ref=sr11?crid=1DSHPCXDIQ1VT&dib=eyJ2IjoiMSJ9.rmZX2-3mj1nI74iKkjbKkQSNKCuRjjn-QQ8qrzVy21tMRAXuKu5Qr5rPgtszkVd7zJMV7oVTuImUZIxMQfecnaRlNRfAVI5G7azyWi8lY.WHOujvlsQXPTJaHuEafwRC2WVKZe474eVXHn46kLiEY&dib_tag=se&keywords=skoudis&qid=1722767581&sprefix=skoudis%2Caps%2C90&sr=8-1
2) Holiday Hack Challenge - sans.org/holidayhack
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-374
MGs, Free Speech, sedexp, Cthulhu, SeaTac, GrimResource, ServiceBridge, the FBI, Josh Marpet, and more, on this Edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-410
IoT devices are notorious for weak designs, insecure implementations, and a lifecycle that mostly ignores patching. We look at external factors that might lead to change, like the FCC's cybersecurity labeling for IoT. We explore the constraints that often influence poor security on these devices, whether those constraints are as consequential given modern appsec practices, and what the opportunities are to make these devices more secure for everyone.
Segment resources:
Research by Orange Tsai into Apache HTTPD's architecture reveals several vulns, NCC Group shows techniques for hacking IoT devices with Sonos speakers, finding use cases for WebAssembly, Slack's AI leaks data, DARPA wants a future of Rust, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-297
How are personal liability and indemnification impacting the CISO role? Darren Shou, Chief Strategy Officer from RSA Conference, describes the current landscape of CISO liability and the challenges facing CISOs today. He discusses the implications of the SEC's recent actions, including the charges against SolarWinds' CISO, and the growing trend of personal liability for security leaders. Darren will also highlight comparisons between the roles of CISOs and CFOs, highlighting what security professionals can learn from their financial counterparts in handling risks and responsibilities. Finally, he explores how to build an effective coalition, both internally with company executives and externally with peers. In this ever changing risk landscape, it takes a village, and Darren shares his vision for how to build that village.
This week we talk a lot about the CISO's relationship with the business and the challenges of being aligned and keeping up. We also talk about budget priorities, the challenge of doing security in small businesses, and the ever-present challenge of burnout. Finally, we discuss what servant leadership actually means.
On this last topic, Ben makes a book recommendation, which you can find here: https://www.amazon.com/Seat-Table-Leadership-Age-Agility/dp/1942788118
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-362
Faking your death, Fake Reviews, Solar Winds, AWS, Recall, Winux, Kubernetes, and More on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-409
This week, in the enterprise security news,
All that and more, in the news this week on Enterprise Security Weekly!
SquareXWith employees spending most of their working hours on the browser, web attacks are one of the biggest attack vectors today. Yet, both enterprises and security vendors today aren’t focused on securing the browser – a huge risk given that attackers can easily bypass Secure Web Gateways, SASE and SSE solutions.
This segment will demonstrate the importance of a browser-native solution, discuss the limitations of current solutions and how enterprises can better protect their employees from web attacks.
Segment Resources:
This segment is sponsored by Square X. Visit https://securityweekly.com/squarexbh to learn how SquareX can protect your employees from web attacks!
TaniumThe recent CrowdStrike outage and subsequent disruption tested organizations' resiliency and confidence as the world went offline. It served as a reminder that in an increasingly technology-dependent world, things will go wrong – but security leaders can plan accordingly and leverage emerging technologies to help minimize the damage.
In this interview, Tanium’s Vice President of Product Marketing Vivek Bhandari explains how AI and automation can help with remediation and even prevent similar outages from happening in the future, and breaks down the future of Autonomous Endpoint Management (AEM) as the solution for continuous cyber resilience in the face of disruption.
Segment Resources:
This segment is sponsored by Tanium. Visit https://securityweekly.com/taniumbh to learn more about them!
Swimlane and GenAIJoin Swimlane CISO, Mike Lyborg and Security Weekly’s Mandy Logan as they cut through the AI peanut butter! While Generative AI is the not-so-new hot topic, it's also not the first time the cybersecurity industry has embraced emerging technology that can mimic human actions. Security automation and its ability to take action on behalf of humans have paved the way for generative AI to be trusted (within reason). The convergence and maturity of these technologies now have the potential to revolutionize how SecOps functions while force-multiplying SOC teams.
This segment is sponsored by Swimlane. Visit https://securityweekly.com/swimlanebh to learn more about them!
Swimlane and ProCircularProCircular, is a security automaton power-user and AI early adopter. Hear from Swimlane customer, Brandon Potter, CTO at ProCircular, about how use of Swimlane, has helped his organization increase efficiency, improve security metrics and ultimately grow their customer base without increasing headcount.
Segment Resources:
This segment is sponsored by Swimlane. Visit https://securityweekly.com/swimlanebh to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-373
Every week here on the show we talk about vulnerabilities and exploits. Typically we recommend that organizations remediate these vulnerabilities in some way. But how? And more importantly, which ones? Some tools we have to help us are actually not all that helpful at time, such as:
This week: YAVD: Yet Another Vulnerable Driver, why bring your own when one already exists, backdoors in MIFARE Classic, wireless hacking tips, AMD sinkclose vulnerability will keep running, you down with SLDP yea you know me, Phrack!, IoTGoats, Pixel vulnerabilities, leaking variables, a DEF CON talk that was not cancelled, Telnet is still a thing, More CNAs, and the last thing Flint Michigan needed was a ransomware attack!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-840
This week, Jeff Pollard and Allie Mellen join us to discuss the fallout and lessons learned from the CrowdStrike fiasco. They explore the reasons behind running in the kernel, the challenges of software quality, and the distinction between a security incident and an IT incident. They also touch on the need to reduce the attack surface and the importance of clear definitions in the cybersecurity industry. The conversation explores the need for a product security revolution and the importance of transparency and trust in security vendors.
As development cycles shorten and more responsibilities shift to developers, application security (AppSec) is rapidly evolving. Organizations are increasingly building mature programs that automate and enhance AppSec, moving beyond manual processes. In this discussion, we explore how organizations are adapting their AppSec practices, highlighting the challenges and milestones encountered along the way.
Key topics include the integration of security into the development lifecycle, the impact of emerging technologies, and strategies for fostering a security-first culture. Boaz Barzel shares his experiences and offers practical advice on overcoming common obstacles, ensuring that security measures keep pace with rapid technological advancements. This segment serves as a comprehensive guide for organizations striving to enhance their AppSec practices and continuously optimize their posture.
This segment is sponsored by OX Security. Visit https://securityweekly.com/oxbh to learn more about them!
Given the rapid rise of threat actors utilizing AI for cyber-attacks, security teams need advanced AI capabilities more than ever.
Shimon will discuss how Dataminr’s Pulse for Cyber Risk uses Dataminr’s leading multi-modal AI platform to provide the speed and scale required to build enterprise resilience in the modern cyber threat environment. Dataminr's world-leading AI platform helps companies stay informed - performing trillions of daily computations across billions of public data inputs from more than one million unique public data sources encompassing text, image, video, audio and sensor signals to provide real-time information when you need it most.
https://www.dataminr.com/resources/on-demand-webinar/why-cyber-physical-convergence-really-matters
This segment is sponsored by Dataminr. Visit https://securityweekly.com/dataminrbh to learn more about their world-leading AI platform perform!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-296
Dangerous books, Microsoft Plus, NPD, Solar Winds, Jenkins, and more, on this Edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-408
What are the barriers to cyber resilience today? Why is it so difficult? And what is coming next, that will generate resilience challenges further down the line?
After five years of focusing on the short- and medium-term future of cybersecurity and edge, this year, LevelBlue wanted to understand what is preventing cyber resilience—and what business leaders are doing about it. Theresa Lanowitz, Chief Evangelist at LevelBlue, joins us to discuss the results of their research.
Segment Resources: LevelBlue.com/futuresreport
This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelblue to learn more about them!
While CISOs are often responsible for technology implementation, they are not getting the support they need at a strategic level. The Accelerator found that 73% of CISOs expressed concern over cybersecurity becoming unwieldy, requiring risk-laden tradeoffs, compared to only 58% of both CIOs and CTOs.
Understanding the C-suite’s business priorities is critical for shaping effective cybersecurity strategies. Identifying how these essential roles look at the business helps to ensure alignment among CIOs, CTOs, and CISOs, as well as the teams that report into them. It’s a key first step towards bolstering cyber defenses, especially with the CEO and Board support.
This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelbluebh to learn more about cyber resilience and how to start the conversation in your organization!
Employees spend up to 80% of their working hours in a web browser, and threat actors are increasingly leveraging browsers to target users and initiate attacks. Disrupting the tool employees use for 80% of their job would have massive impact on productivity. Rather than ripping and replacing, enterprises can turn any browser into a secure enterprise browser.
Segment Resources: Menlo homepage: https://resources.menlosecurity.com/videos/browser-security
Menlo research on three new nation state campaigns: https://www.menlosecurity.com/press-releases/menlo-security-exposes-three-new-nation-state-campaigns
Every browser should be a secure enterprise browser: https://www.menlosecurity.com/blog/every-browser-should-be-a-secure-enterprise-browser
Defending against zero-hour phishing attacks: https://www.menlosecurity.com/blog/state-of-browser-security-defending-browsers-against-ever-evolving-zero-hour-phishing-attacks
This segment is sponsored by Menlo Security. Visit https://securityweekly.com/menlobh or schedule a demo to learn more about the role of browser security in eliminating the risk of highly evasive threats!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-361
Quantum AI Drones, Ransomhub, Pixel, Mad Liberator, the return of Russ Beauchemin, and More on the Security Weekly News
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-407
Early on in his career Spaf was working with microcode and continued to work on technical projects. As time went on he realized that focusing on the non-technical work, such as policies and shaping our thinking, would help move the needle. Borrowing concepts from his book on the subject, we will delve into some cybersecurity myths such as: Are users really the weakest link? Are cybersecurity vendors truly incentivized to provide better security? Do we agree on what cybersecurity really means? - Do not miss this segment!
This week: Option ROMS are a novel way to compromise a system at the lowest level, Sinkclose opens AMD processors up to attacks, at home in your firmware exploiting SMM complete with examples, Sonos speakers get hacked and enable attackers to listen in on your conversations, DEF CON badges use new chips and are not without controversy, lasers that can steal your passwords, it was a regex, Larry updates us on some IoT research, attackers have your SSN, and more updates from last week's hacker summer camp!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-839
In this conversation, the hosts discuss patchless patching, vulnerabilities in the Windows TCP/IP stack, and the trustworthiness of Microsoft. They highlight the challenges of marketing in the cybersecurity industry and the importance of building trust with customers. The conversation also touches on the need for vendors to prioritize security and code quality over rushing products to market. Overall, the hosts express concerns about the frequency of security vulnerabilities and the potential impact on customer trust. Other topics of discussion include the Innovators and Investors Summit at Black Hat, the potential sale of Trend Micro, layoffs in the industry, and the controversy surrounding room searches at DEF CON. They also touch on the concept of time on the moon and its implications for future lunar missions.
Devo, the security analytics company, recently launched data orchestration, a data analytics cloud, and security operations center (SOC) workflow enhancements. Enterprise security teams are struggling with growing data volumes—and they’re also up against headcount and budget constraints. These solutions offer security teams data control, cost optimizations, and efficient automation for better security outcomes.
Segment Resources: https://www.devo.com/defend-everything/
This segment is sponsored by Devo. Visit https://securityweekly.com/devobh to learn more about how Devo's new solutions can streamline your security operations.
As security monitoring has gotten more mature over the years, remediating security vulnerabilities is still stuck in the dark ages requiring mountains of CVE reports and thousands of manual tasks to be done by network engineers at the wee hours of the nights and weekends. Cyber resilience requires a more continuous approach to remediation, one that does not depend on manual work but also one that can be trusted not to cause outages.
This segment is sponsored by BackBox. Visit https://securityweekly.com/backboxbh to learn more about them!
Many cybersecurity experts are calling recent attacks on healthcare more sophisticated than ever. One attack disrupted prescription drug orders for over a third of the U.S. and has cost $1.5 billion in incident response and recovery services. Separately, an operator of over 140 hospitals and senior care facilities in the U.S. was also victimized. These attacks are becoming all too common. Disruptions can lead to life-and-death situations with massive impacts on patient care. All industries, especially healthcare, have to better prepare for ransomware attacks. Are you ready to turn the tables on threat actors? Marty Momdjian, Semperis EVP and General Manager provides advice on how hospitals can regain the upper hand.
This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to learn more about them!
The annual report details the latest ransomware attack trends and targets, ransomware families, and effective defense strategies. Findings in the report uncovered an 18% overall increase in ransomware attacks year-over-year, as well as a record-breaking ransom payment of US$75 million – nearly double the highest publicly known ransomware payout – to the Dark Angels ransomware group.
Segment Resources: For a deeper dive into best practices for protecting your organization and the full findings, download the Zscaler ThreatLabz 2024 Ransomware Report Link below - https://zscaler.com/campaign/threatlabz-ransomware-report
This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscalerbh to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-372
Startups and small orgs don't have the luxury of massive budgets and large teams. How do you choose an appsec approach that complements a startup's needs while keeping it secure. Kalyani Pawar shares her experience at different ends of an appsec maturity spectrum.
In complex software ecosystems, individual application risks are compounded. When it comes to mitigating supply chain risk, identifying backdoors or unintended vulnerabilities that can be exploited in your environment is just as critical as staying current with the latest hacking intel. Understand how to spot and reduce the risk to your environment and prevent disruption to your operation.
This segment is sponsored by Threatlocker. Visit https://securityweekly.com/threatlockerbh for a free trial!
Every mobile device connecting to enterprise assets hosts a unique blend of work and personal apps, creating a complex landscape of innumerable vulnerabilities. Thankfully, methods exist to provide security teams with the real-world insights necessary to proactively address threats and shield against attacks targeting mobile apps and device endpoints. Nikos Kiourtis, CTO at Quokka, shares the latest findings in mobile security, outlining emerging threats and effective measures to reduce your mobile app attack surface – and safeguarding against potential attacks and data breaches.
Segment Resources: - Panelcast with SC Magazine: 8 ways attackers target mobile apps to steal your data (and how to stop them) https://www.scmagazine.com/cybercast/8-ways-attackers-target-mobile-apps-to-steal-your-data-and-how-to-stop-them - Ryan Johnson’s talk at DEF CON 32, “Android App Usage and Cell Tower Location: Private. Sensitive. Available to Anyone?” https://defcon.org/html/defcon-32/dc-32-speakers.html
This segment is sponsored by Quokka. Visit https://securityweekly.com/quokkabh to learn more about their intelligence app solutions!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-295
DEFCON Hijinx, AMD, Ukraine, FreeBSD, OpenVPN, the Pwnie Awards, Josh Marpet, and more, on this Edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-406
This week, it’s time for security money, our quarterly review of the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter. This quarter, Crowdstrike crashes the index, as Thoma Bravo acquires another index company. The index is currently made up of the following 25 pure play cybersecurity public companies:
A10 Networks Inc
In the leadership and communications segment, The Cybersecurity Leadership Crisis Dooming America’s Companies, Judge Rejects SEC’s Aggressive Approach to Cybersecurity Enforcement, Is It Time to Pivot Your Strategy?, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-360
0.0.0.0, Blacksuit, OpenAI, AWS, Cisco Phones, Win 10, Aaran Leyland, and More on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-405
In this interview we explore the new and sometimes strange world of redteaming AI. I have SO many questions, like what is AI safety?
We'll discuss her presence at Black Hat, where she delivered two days of training and participated on an AI safety panel.
We'll also discuss the process of pentesting an AI. Will pentesters just have giant cheatsheets or text files full of adversarial prompts? How can we automate this? Will an AI generate adversarial prompts you can use against another AI? And finally, what do we do with the results?
Resources:
We chat with Sounil Yu, co-founder of LLM access control startup, Knostic. We discuss both the experience of participating in Black Hat's startup competition, and what his company, Knostic, is all about. Knostic was one of four finalists for Black Hat's Startup Spotlight competition and was announced as the winner on August 6th.
References
, in the enterprise security news,
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-371
This week, Downgrade attacks, bootloader fun, check your firmware before you wreck your firmware, you've got mail server issues, Ivanti is the new Rhianna, you should update your BIOS, Openwrt dominates, and attacking the security tools for fun and profit!
Learn what is most interesting at hacker summer camp this year!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-838
Fake IDS, Storm Bamboo, uBlock, Rhysida, Snake, Delta, TikTok, Josh Marpet, and more, on this Edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-404
Even though Security Champions programs look very different across organizations and maturity levels, they share core principles for becoming successful. Marisa shares her experience in building these programs to foster a positive security culture within companies. She explains the incentives and rewards that lead to more engagement from champions and the benefits that come from so many people being engaged with security.
Segment Resources:
The code curation considerations of removing abandoned protocols in OpenSSL, kernel driver lessons from CrowdStrike's crash, choosing isolation primitives, cross-cache attacks made possible by SLUBStick, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-294
Inspired by my co-host Jason Albuquerque, this quarter's Say Easy, Do Hard segment is Job Search Strategies for CISOs. In part 1, we discuss the challenges facing the CISO role and it's hiring. As CISOs leave the role, the position is not necessarily being refilled. How will this impact future CISO hiring?
Inspired by my co-host Jason Albuquerque, this quarter's Say Easy, Do Hard segment is Job Search Strategies for CISOs. In part 2, Jason proposes we blow it all up, while Ben recommends a certification board for CISOs. We have no shortage of suggestions for how to fix the CISO hiring problem.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-359
Remember 20 years ago? When we were certain SIEMs would grant our cybersecurity teams superpowers? Or 10 years ago, when we were sure that NGAV would put an end to malware as we knew it? Or 15 years ago, when we were sure that application control would put an end to malware as we knew it? Or 18 years ago, when NAC would put an end to unauthorized network access?
Why do we keep thinking that the next vendor offering is going to solve all our problems? In this interview, we talk with Fred Wilmot about the hard work of building effective processes and resilient architectures that will actually yield reductions in risk and detection/response capabilities that actually work.
We'll discuss shifts in thinking that can move us past the latest distractions, and keep security teams focused on work that moves the needle. Fred may also mention his past transgressions against the industry and what he's doing to "wipe out the red from his ledger".
There's plenty of content out there detailing how vendors fall short:
So what should they doing? In this episode, we chat with Dani Wolff, about how marketers can adopt the skills and mindsets of security researchers to improve GTM strategies, without resorting to awful tactics. Drawing from extensive experience in qualitative interviews and collaborations with enterprise security executives and researchers, Dani will uncover how the innate curiosity and analytical prowess of researchers can dismantle unhealthy habits within vendor organizations.
We'll also discuss Dani's various projects, including the WTF Did I Just Read podcast, CyberNest, and CyberSynapse. Dani will explain how these are all designed to address the gap between vendors and buyers in the cybersecurity industry.
This week, in the enterprise security news,
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-370
Taco Bell AI, Azure, Scams, AI Emails, IBM, Crowdstrike, I try to be more succinct, Aaran Leyland, and More on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-403
John is one of the foremost experts in UEFI and joins us to talk about PK Fail! What happens when a vendor in the supply chain accidentally loses a key? It's one of the things that keeps me up at night. Well, now my nightmare scenario has come true as a key has been leaked. Learn how and why and what you can do about it in this segment!
Hacking traffic lights (for real this time), the Docker API strikes again, access Github deleted data, using EDR to elevate privileges on Windows, computers I need in my life, failed experiments and Raspberry PI access points, sitting ducks and TuDoor - its always DNS times 2, null sessions and a blast from the past, chaining UEFI vulnerabilities, pirates exposed, revoking SSL certificates, and using AI to analyze your brain: Multimodal Automated Interpretability Agent!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-837
Forever Mouse, RPC, WhatsApp, NIST, PKFail, 0Auth, Josh Marpet, and More, on this Edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-402
Modern appsec isn't modern because security tools got shifted in one direction or another, or because teams are finding and fixing more vulns. It's modern because appsec is meeting developer needs and supporting the business. Paul Davis talks about how AI is (and isn't) changing appsec, the KPIs that reflect outcomes rather than being busy, and the importance of communication for security teams.
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-293
Identity, the security threat that keeps on giving. For the 17th year in a row, identity is one of the top threats identified in the Verizon DBIR. Why?
Dor Fledel, Senior Director of Product Management at Okta and Co-Founder of Spera, joins Business Security Weekly to discuss the challenges of identity and how to solve them. From numerous disparate identity systems to a proliferation is SaaS application usage, Dor explains why Identity SecurityPosture Management is critical component to identify vulnerabilities, prioritize risks, and streamline remediation. If you're struggling with securing your identities, don't miss this interview.
Segment Resources: https://www.okta.com/products/identity-security-posture-management/ https://www.okta.com/secure-identity-commitment/
This segment is sponsored by Okta. Visit https://www.securityweekly.com/okta to learn more about them!
The CISO role has been evolving for 20 years, but the last 2 years have accelerated that evolution. Some might say it's evolving into extinction. What are the factors driving this evolution?
Allan Alford, CEO at Alford and Adams Consulting and host of The Cyber Ranch Podcast, joins Business Security Weekly to discuss this evolution and some of the factors driving these trends. In this interview, Allan will share his insights:
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-358
The emergence of generative AI has caused us to rethink things on two fronts:
But wait - is GenAI even useful for defenders or attackers? We'll dive deep into the state of AI as it pertains to security operations, just as Gartner announces that AI is hitting the trough of disillusionment. What better time to dispel the hype and focus on where real progress can be made?
Edward Wu thinks so! Understandably so, as his startup, Dropzone.ai is making a big bet on generative AI to change the face (and pace) of security operations.
We'll talk about what has changed here, and I have so many questions:
Finally, we'll wrap by talking about where this tech goes next, and can we get there with current technology, or are we dependent on more breakthroughs from companies like OpenAI, Anthropic, and Meta?
This week, on Enterprise Security Weekly, we've got:
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-369
Twitter Opt-In, the DOJ, DarkSeoul, Fake Employees, PlugX, Stargazer Ghost, Aaran Leyland, and More on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-401
Doug and the Security Weekly crew talk about vulnerabilities, are we patching the right things? This is the burning question. We will try to answer it.
Segment Resources: https://blog.sonicwall.com/en-us/2024/04/patch-tuesday-which-vulnerabilities-really-need-prioritizing/
Segment description coming soon!The Crowdstrike incident: what happened and what we can do better, people forget what 0-Day really means, shutting off the heat in January, honeypot evasion and non-functional exploits, what not to use to read eMMC, what if we don't patch DoS related vulnerabilities, a CVSS 10 deserves its own category, port shadow attacks, IPC and DBUS and a very informative and entertaining article, container breakouts, when you are bored on an airplane, Linksys security violations, fake IT workers, Telegram 0-day, and how to be more resilient on the same technology stack!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-836
Elon's Killer Robots, Crowdstrike and More Crowdstrike, Southwest, Play, FrostyGoop, Josh Marpet, and more, on this Edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-400
Generative AI has produced impressive chatbots and content generation, but however fun or impressive those might be, they don't always translate to value for appsec. Allie brings some realistic expectations to how genAI is used by attackers and can be useful to defenders.
Segment resources:
SAPwned demonstrates tenets of tenant isolation, a weak login flow puts Squarespace domains at risk, how AIs might (or might not) be useful for fixing code, getting buy-in for infosec investments, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-292
Back in April, we covered a story on episode #348 titled "CISO-CEO communication gaps continue to undermine cybersecurity". In that article, Sumedh Thakar, the CEO at Qualys, stated "CISOs must translate technical risks into business impact for CEOs." But he didn't say how. So, we invited him on the show to explain. In this episode, Sumedh walks us through real life interactions with his CISO and Board and explains why security needs to be communicated in business terms.
Security is a risk management discipline. No one understand that more than Jeff Recor. Jeff has built risk management practices for Deloitte, Grant Thornton, and Accenture and has recently formed his own risk consulting practice. In this unscripted interview, Jeff will share his insights on the evolution of security as a risk management discipline, what CEOs and Boards really need, and how CISOs can be successful as a business leader.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-357
In this episode of Security Weekly News, Dr. Doug White and Josh Marpet delve into the widespread impact of the recent CrowdStrike and Microsoft technical issue, which disrupted various industries, including airlines, DMVs, and hospitals. They discuss the interconnectedness of modern systems, the reliance on automatic updates, and the critical need for thorough testing and third-party risk management. Emphasizing the importance of understanding and planning for system failures, the hosts highlight the necessity for comprehensive inventories, continuous monitoring, and robust backup plans to ensure business continuity and resilience. Tune in for expert insights into mitigating the significant consequences of system failures.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-399
In this episode of Enterprise Security Weekly, we revisit the insightful book "Jump-start Your SOC Analyst Career" with authors Jarrett Rodrick and Tyler Wall, exploring updates on career paths, opportunities, and the industry's reality. We delve into the myths versus the truths about cybersecurity careers, discussing the viability of high salaries and the best entry points into the field. Next, we tackle the critical issues plaguing the cybersecurity industry despite its rapid growth and increased influence at the board level. We ask why, despite ample resources, are failures more prevalent than ever? Lastly, we cover significant news in enterprise security, including the rumored historic acquisition of Wiz by Google, recent company acquisitions, and the evolving concept of shared responsibility in cybersecurity. Join us for a comprehensive discussion that spans career guidance, industry analysis, and the latest news in enterprise security.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-368
Thinking about getting a 3D printer or have one and need a good primer? Check out this segment, we live 3D print a Captain Crunch whistle and talk all about 3D printing for hackers!
Segment Resources:
Major 3D Printer Websites:
Major 3D File libraries:
Youtube Channels:
Find new flaws in UEFI using STASE, combining vulnerabilities to exploit Sonicwall Devices, remote BMC exploits, Netgear patches, and not a lot of information, 22 minutes before exploited, if the secrets were lost, we'd all be in screwed, Exim has not been replaced by something better and its vulnerable, CISA's red team reports, and attackers use drivers to attack EDR, the saga continues!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-835
Floppy Disks, Exim, Kaspersky, Darkgate, AT&T, Josh Marpet, and more are on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-398
How can LLMs be valuable to developers as an assistant in finding and fixing insecure code? There are a lot of implications in trusting AI or LLMs to not only find vulns, but in producing code that fixes an underlying problem without changing an app's intended behavior. Stuart McClure explains how combining LLMs with agents and RAGs helps make AI-influenced tools more effective and useful in the context that developers need -- writing secure code.
Cloudflare's 2024 appsec report, reasoning about the Cyber Reasoning Systems for the upcoming AIxCC semifinals at DEF CON, lessons in secure design from post-quantum cryptography, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-291
Cyber insurance underwriting is all over the map. With such a variation in application requirements, how should small and medium businesses prepare to receive the best policy for the price? Brian Fritton joins Business Security Weekly to discuss a systematic approach to preparing for cyber insurance. By working with the underwriters, this approach provides implementation guidance on the controls required to maximize your coverage, including premium discounts, higher ransomware supplements, and a reduction is deductibles. If you're struggling with cyber insurance, don't miss this interview.
In the leadership and communications section, The Board’s understanding of cybersecurity, What does your CEO need to know about cybersecurity?, As CISOs grapple with the C-suite, job satisfaction takes a hit, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-356
Wir fahren auf der AutoBahn, APT 40, Meliorator, RADIUS, AT&T, Apple, Josh Marpet, and More on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-397
I'm always thrilled to chat with ex-analysts, and Henrique Teixeira can cover a lot of ground with us on the topic of identity management and governance. The more I talk to folks about IAM/IGA, the more I'm shocked at how little has changed. If anything, it seems like we've gone backwards a bit, with the addition of cloud SaaS, mobile devices, and shadow IT. Identity is one of the most common entry points for attacks, so we've got to do better as an industry here.
We'll cover a variety of topics in this interview, including:
This segment is sponsored by Saviynt. Visit https://securityweekly.com/saviynt to learn more about them!
In this week's enterprise security news,
All that and more, on this episode of Enterprise Security Weekly!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-367
Bats in your headset, Windows Wifi driver vulnerabilities, Logitech's dongles, lighthttpd is heavy with vulnerabilities, node-ip's not vulnerability, New Intel CPU non-attacks, Blast Radius, Flipper Zero alternatives, will OpenSSH be exploited, emergency Juniper patches, and the D-Link botnet grows.
Iceman comes on the show to talk about RFID and NFC hacking including the tools, techniques, and hardware. We'll also talk about the ethics behind the disclosure of vulnerabilities and weaknesses in these systems that are used in everything from building access to cars.
Segment Resources:
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-834
Sandy Carielli and Janet Worthington, authors of the State Of Application Security 2024 report, join us to discuss their findings on trends this year! Old vulns, more bots, and more targeted supply chain attacks -- we should be better at this by now. We talk about where secure design fits into all this why appsec needs to accelerate to ludicrous speed.
Segment resources
Polyfill loses trust after CDN misuse, an OpenSSH flaw reappears, how to talk about secure design from some old CocoaPods vulns, using LLMs to find bugs, Burp Proxy gets more investment, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-290
Zotac, Eldorado, Donex, Qlins, Ticketmaster, AI, Physical Security, Aaran Leyland, and more, are on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-396
On average, CISOs manage 50-75 security products. Many of these products have either not been deployed or only partially deployed, while others overlap of products. How do CISOs effectively consolidate their products to a manageable size?
Max Shier, Chief Information Security Officer at Optiv Security, joins Business Security Weekly to discuss technology rationalization within cybersecurity. Max will discuss how to inventory your security products, identify overlap, and pick the right products for your organization.
In the leadership and communications section, Bringing the boardroom to the cyber battlefield, Navigating the CISO Role: Common Pitfalls for New Leaders, Ask Better Questions to be a Better Leader, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-355
Check out this interview from the SWN Vault, hand picked by main host Doug White! This segment was originally published on July 20, 2017.
Doug talks about how to count from zero to one!
Show Notes: https://securityweekly.com/vault-swn-18
Exploring the Hardware Hacking Realm with Joe Grand, AKA Kingpin
Joe Grand, also known by his hacker pseudonym "Kingpin," stands as a prominent figure in the cybersecurity landscape. With an extensive background in hardware hacking, reverse engineering, and embedded systems, Joe has carved a niche for himself as a respected authority in the field.
As a seasoned security professional, Joe has contributed significantly to the cybersecurity community through his expertise and innovation. With a career spanning decades, he has become a go-to resource for insights into the intricacies of hardware security, emphasizing the critical intersection between hardware and software vulnerabilities.
In our podcast interview, we delve into Joe's journey – from his early forays into hacking to his current role as a thought leader in cybersecurity. Gain a unique perspective on the evolving challenges faced by security professionals, especially in the context of hardware-based threats.
Joe's expertise extends beyond theoretical knowledge, as he has been actively involved in hands-on research and development. As a co-founder of Grand Idea Studio, he has played a pivotal role in developing cutting-edge hardware security tools, contributing to the arsenal of cybersecurity professionals worldwide.
Join us as we explore the world of hardware hacking, reverse engineering, and the broader cybersecurity landscape with Joe Grand. Whether you're an aspiring hacker, a seasoned security professional, or simply curious about the intricacies of cybersecurity, this podcast episode promises deep insights into the mind of a true cybersecurity luminary.
Show Notes: https://securityweekly.com/vault-psw-11
Check out this interview from the SWN Vault, hand picked by main host Doug White! This Secure Digital Life segment was originally published on March 6, 2017.
Have you ever wondered what phishing is? Do you know what spear phishing attacks are? Doug and Russ explain how to protect yourself from phishing scams in the inaugural episode of Secure Digital Life!
Show Notes: https://securityweekly.com/vault-swn-17
Check out this interview from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on October 11, 2022.
As 2023 approaches, security leaders are hard at work preparing their budgets, identifying their projects, and setting their priorities for the next twelve months. At the same time, the growth mode days of cybersecurity spending appear to be over as budgets receive more scrutiny than ever. Join us as we discuss the pressures and problems that CISOs will encounter in 2023, and how they can best defend their cybersecurity budgets while the economy slips into a downturn.
Show Notes: https://securityweekly.com/vault-bsw-12
Healthcare and malware, MoveIT, Chrome won't trust Entrust, the discovery of Volt Typhoon, & more on this episode of the Security Weekly News!
Segment Resources: https://therecord.media/volt-typhoon-targets-underestimated-cisa-says
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-395
We all might be a little worn out on this topic, but there's no escaping it. Executives want to adopt GenAI and it is being embedded into nearly every software product we use in both our professional and personal lives. In this interview, Anurag joins us to discuss how his company evaluated and ultimately integrated AI-based technologies into their products. We discuss:
For decades, security teams have been focused on preventing and detecting threats, only to find themselves buried so deep in alerts, they can't detect anything at all! We clearly need a different approach, which will be the topic of our conversation today with Marty. We'll be discussing a shift in philosophy and tactics. We'll discuss whether SecOps has a hoarding problem, and possible paths out of the current situation preventing today's teams from successfully detecting attacks. Finally, we'll discuss the impact AI has on all this (if any).
Segment Resources:
We've made a slight tweak to the news format, only focusing on the most interesting funding and acquisition stories. As always, you can go check out Mike Privette's Return on Security newsletter for the full list of funded and acquired companies every week.
This week, we discuss two $100M+ rounds, from Huntress and Semperis. We also discuss NetSPI's acquisition of Hubble, and the future of the CAASM market.
We focus on the important of detection engineering, echoing some of Martin Roesch's thoughts from our interview with him just before the news. One story is from the excellent DFIR report, a website and newsletter you should absolutely be subscribed to if detection engineering is important to you. The other story is from Thinkst, and showcases their ability to create file share honeypots with file listings that can now be tailored to specific industries.
We discuss the results of some polls that RSnake ran on Twitter, to get feedback from folks on what they think about these models where CISOs are reportedly getting kickbacks for buying products from companies they advise.
We also discuss the latest whistleblower insights about Microsoft and the state of security there, and the recent Polyfill.io incident that targeted over 100k websites with malware.
Finally, we spend the rest of the news segment discussing the current state of Generative AI, from our own perspectives, but also through the lens of Bruce Schneier's latest blog post, a year old post from Marc Andreesen, and a rage-fueled rant from an angry Aussie.
Don't miss the squirrel story - we highly recommend sending it to all your PhD friends (or not, if they're easily insulted and/or likely to hold a grudge).
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-366
This may be controversial, however, we've been privately discussing how organizations benefit from penetration testing and vulnerability scanning. Do you still need these services as a critical part of your security program? Can't you just patch stuff that is missing patches? Tune in for a lively debate!
Zyxl NAS devices are under attack and the exploit is pretty simple, A new UEFI vulnerability with a name that some people don't like, that time you setup a load balancer and forgot about it, I love it when there is a vulnerability in a Wifi driver, Polyfill is filling the Internet with supply chain vulnerabilities, open source doesn't mean more secure, what happens when there is a vulnerability in your bootload, The Red Hat Linux kernel model is broken, when disclosure goes wrong, and more IoT router vulnerabilities.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-833
Baltimore, GPS Jammed, US bans, ARM, YouTube, Kraken and Joshua Marpet, and More, on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-394
With 71% of web traffic coming from API calls last year and the average organization maintaining 613 API endpoints, a robust strategy is needed to protect APIs against automated threats and business logic attacks. Tune in as Luke Babarinde, Global Solution Architect, shares the key steps to building a successful API security strategy.
This segment is sponsored by Imperva. Visit https://www.securityweekly.com/imperva to learn more about them!
In the age of AI, driving a business forward requires balancing three very significant considerations: growth through innovation, productivity through operational efficiency, and trust through security. To better understand how AI impacts the intersection of security, innovation, and operational efficiency, Okta commissioned an AlphaSights survey of 125 executives across three regions, targeting the decision-makers typically tasked with helming those efforts at companies:
Bhawna Singh, Chief Technology Officer at Okta, is here to discuss the results.
Segment Resources: www.okta.com/resources/whitepaper-ai-at-work-report/
www.okta.com/blog/2024/06/ai-at-work-2024-a-view-from-the-c-suite/
This segment is sponsored by Okta. Visit https://www.securityweekly.com/okta to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-354
OAuth 2.0 is more than just a single spec and it's used to protect more than just APIs. We talk about challenges in maintaining a spec over a decade of changing technologies and new threat models. Not only can OAuth be challenging to secure by default, but it's not even always inter-operable.
Segment Resources:
Thoughts on shared responsibility models after the Snowflake credential attacks, looking at AI's current and future role in offensive security, secure by design lessons from Apple's Private Cloud Computer, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-289
Traditional approaches to access management are no longer sufficient to safeguard enterprise security. Tim will explain why the most effective approach to modern enterprise security requires a Zero Trust model that extends beyond just access to encompass every action, no matter how minor.
Tim will describe the importance of implementing a Zero Trust framework that evaluates each command, query, and configuration change in real-time, and how that delivers the most effective and complete security solution. Doing so involves the application of fine-grained authorization policies that adapt to the context of the user, the sensitivity of the action, and the prevailing threat landscape.
Segment Resources: https://www.strongdm.com/blog/pam-was-dead-strongdm-just-brought-it-back-to-life https://www.strongdm.com/whitepaper/technical-overview
This segment is sponsored by StrongDM. Visit https://securityweekly.com/strongdmidv to learn more about them!
Traditional IGA solutions are not risk-focused by design, and as audit and compliance focus continues to expand beyond core ERP systems and into line of business apps and point solutions, organizations must plan holistically how to address risk across their application landscape. It’s never too late to start kicking off your risk reduction journey, and utilizing an innovative, unified platform for both identity and access risk governance has significant, compounding benefits and helps organizations realize faster time to value, lower TCO and longer term consistent risk exposure reduction. Ensuring access to all of your business-critical applications is provisioned seamlessly, efficiently, and cost-effectively while meeting risk, audit and compliance requirements should be the primary goal of any identity and access risk governance solution implementation.
Segment Resources: https://get.pathlock.com/demo-sem-kuppingercole-access-control-tools-multi-vendor-lob https://pathlock.com/learn/access-provisioning/ https://pathlock.com/compliant-provisioning-copy/ https://pathlock.com/learn/what-is-identity-governance-and-administration/ https://pathlock.com/distressed-iga-deployments/
This segment is sponsored by Pathlock. Visit https://securityweekly.com/pathlockidv to learn more about them!
Remote identity verification is one of the biggest challenges in the digital age, especially with the use of AI-generated deepfakes which are now impossible to distinguish from real imagery with the human eye. AI-powered biometrics have emerged as the most robust defense against deepfakes - and therefore, the only reliable method for remote identity verification.
Segment Resources: iProov.com https://www.iproov.com/ iProov Threat Intelligence Report 2024: The Impact of AI on Remote Identity Verification - https://www.iproov.com/reports/iproov-threat-intelligence-report-2024
This segment is sponsored by iProov. Visit https://securityweekly.com/iproovidv to learn more about them!
The criminal opportunity shaping the landscape today and how authoritative, accurate and automated processes are helping others increase their conversion rates by 20% while preventing 99% of all fraudulent attempts. What is the Criminal Opportunity facing us all right now? Data breaches and mail theft have resulted in a record level of available compromised Identity Information, payment information, and login information and even stolen checks. It has been said that ’At this point, all of our information is out on the dark web and it's now just a matter of when is it going to be used against us.’ Combined with inadequate fraud strategies, fraudsters have the key to the castle, it’s a perfect scenario of having the answers to the quiz ahead of time.
This segment is sponsored by Intellicheck. Visit https://securityweekly.com/intellicheckidv to learn more about them!
Show Notes: https://securityweekly.com/vault-esw-14
Check out this interview from the SWN Vault, hand picked by main host Doug White! This Secure Digital Life segment was originally published on June 19, 2018.
This week, Doug and Russ interview Matthew Silva, President and Founder of the Cybersecurity and Intel Club at Roger Williams University! They talk about majoring in Cybersecurity vs. Computer Science, gaining experience vs. book learning, and more on this episode of Secure Digital Life!
Show Notes: https://securityweekly.com/vault-swn-16
FIDO security keys are not new in the authentication workflow. They have been around now for 10 years. What is new is the combination of the most secure multi-factor authentication method not only for logical but also for physical access control with the highest FIPS140-3 security certification in the market.
Segment Resources: Video "Swissbit iShield Key Pro: Protecting Digital Identities" https://www.youtube.com/watch?v=kxtqOyZ6e80
This segment is sponsored by Swissbit. Visit https://securityweekly.com/swissbitidv to learn more about them!
While AI artificial intelligence is up-and-coming, automating your organization's PKI infrastructure is very much a reality, and can help save your IT team on hardware costs and employee costs in the long term. Additionally, a powerful PKI-as-a-Service solution provides the cryptoagility your organization can rely on as artificial intelligence, post-quantum computing, and shortened certificate validity periods become reality.
This segment is sponsored by HID. Visit https://securityweekly.com/hididv to learn more about them!
Cyberattacks, fraud and breaches, we’ve all studied them, and we are all aware that identity is under attack. And if we thought it was bad up until now, we haven't fully seen the impact of GenAI based identity attacks. Going beyond just Deepfakes, GenAI-powered malicious services such as FraudGPT, lets novices craft targeted and sophisticated attacks that bypass common IAM and security controls. Identity and security leaders must brace themselves for an increase in the volume, velocity and variety of attacks ("the three V's:). In this talk, former Gartner analyst David Mahdi and CIO of Transmit Security cover what you need to know about GenAI these attacks, and what you can do about it. Specifically, the types of attacks fraudsters are conducting across the identity lifecycle, insight into their tactics and services, and finally recommendations for a path forward.
This segment is sponsored by Transmit Security. Visit https://securityweekly.com/transmitidv to learn more about them!
Show Notes: https://securityweekly.com/vault-esw-13
Log4j, solar winds, tesla hacks, and the wave of high profile appsec problems aren’t going to go away with current approaches like SAST and SCA. Why? They are:
-40 years old, with little innovation
-Haven’t solved the problem.
In this segment, we talk about fully autonomous application security. Vetted by DARPA in the Cyber Grand Challenge, the approach is different:
-Prove bugs, rather than trying to list all of them.
-Zero false positives, which leads to better autonomy.
Segment Resources:
Article on competition: https://www.darpa.mil/about-us/timeline/cyber-grand-challenge
Technical article on approach: https://spectrum.ieee.org/mayhem-the-machine-that-finds-software-vulnerabilities-then-patches-them
Example vulns discovered:
https://forallsecure.com/blog/forallsecure-uncovers-critical-vulnerabilities-in-das-u-boot
https://github.com/forallsecure/vulnerabilitieslab
Show Notes: https://securityweekly.com/vault-esw-12
Exploring the Strategic Minds in Cybersecurity: A Conversation with Dave Aitel
Welcome to an enlightening episode of our podcast, where we sit down with Dave Aitel, a prominent figure in the cybersecurity landscape. With a robust background in offensive security and an extensive career spanning various facets of the industry, Dave brings a wealth of knowledge and strategic insights to our discussion.
As the Founder and CEO of Immunity Inc., a leading cybersecurity company, Dave has played a pivotal role in shaping the cybersecurity landscape. Join us as we delve into his journey, from his early experiences in cybersecurity to the strategic decisions that have defined his role as a thought leader in the field.
In this episode, we explore Dave's perspectives on the ever-evolving threat landscape, offensive security strategies, and the intricate balance between security and privacy. Gain valuable insights into the methodologies and philosophies that underpin his approach to addressing the challenges posed by cyber threats.
Dave Aitel's expertise extends beyond technical domains; he is also recognized for his contributions to policy discussions on cybersecurity. Discover how his experiences and viewpoints contribute to the broader discourse on cybersecurity policy, technology, and the future of digital defense.
Whether you're a cybersecurity professional, an industry enthusiast, or someone keen on understanding the strategic dimensions of cybersecurity, this podcast episode with Dave Aitel is bound to offer thought-provoking perspectives and strategic insights.
Tune in to explore the intersection of technology, security, and strategy with one of the industry's strategic minds, Dave Aitel.
Show Notes: https://securityweekly.com/vault-psw-10
Check out this interview from the SWN Vault, hand picked by main host Doug White! This Secure Digital Life segment was originally published on September 25, 2018.
This week, Russ takes the reigns in the absence of Dr. Doug to talk about Networking 101! We are going to go back to school to examine how networking and the internet actually work. Russ looks at MAC addresses, IP Addressing (Private/Public), DHCP, routing, and DNS.
Show Notes: https://securityweekly.com/vault-swn-15
Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on April 4, 2023.
Following on from her successful title "Container Security", Liz has recently authored "Learning eBPF", published by O'Reilly. eBPF is a revolutionary kernel technology that is enabling a whole new generation of infrastructure tools for networking, observability, and security. Let's explore eBPF and understand its value for security, and how it's used to secure network connectivity in the Cilium project, and for runtime security observability and enforcement in Cilium's sub-project, Tetragon.
Segment Resources:
Download "Learning eBPF": https://isovalent.com/learning-ebpf Buy "Learning eBPF" from Amazon: https://www.amazon.com/Learning-eBPF-Programming-Observability-Networking/dp/1098135121 Cilium project: https://cilium.io Tetragon project: https://tetragon.cilium.io/
Show Notes: https://securityweekly.com/vault-asw-11
Check out this interview from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on August 9, 2022.
Zero Trust is the security buzzword of the moment, and while it is a very powerful approach, nearly every enterprise security product on the market – and some that aren’t even security products — are saying they enable Zero Trust. The problem is this: you can’t buy zero trust. It’s an approach, an architecture, and a journey, not software, hardware, or a service to deploy. Zero Trust also provides a rare opportunity in security - to reduce cost, improve security AND enhance end-user and customer experience.
Show Notes: https://securityweekly.com/vault-bsw-11
This week, we've got data security being both funded AND acquired. We discuss Lacework's fall from unicorn status and why rumors that it went to Fortinet for considerably more than Wiz was willing to pay make sense.
Microsoft Recall and Apple Intelligence are the perfect bookends for a conversation about the importance of handling consumer privacy concerns at launch.
How can the Snowflake breach both be one of the biggest breaches ever, but also not a breach at all (for Snowflake, at least). It's time to have a conversation about shared responsibilities, and when the line between CSP and customer needs to shift.
The CSA's AI Resilience Benchmark leaves much to be desired (like, an actual usable benchmark) and Greg Linares tells a wild story about how the first Microsoft Office 2007 vulnerability was discovered.
Finally, the Light Phone III was announced. Do we finally have a usable minimalist, social media detox-friendly phone option? Will Adrian have to buy one to find out?
Several recent trends underscore the increasing importance of Know Your Business (KYB) practices in today's business landscape. One significant trend is the rise in financial crimes, including money laundering, fraud, and terrorist financing. Technological advancements have transformed the way businesses operate, leading to increased digitization, online transactions, and remote customer interactions. While these developments offer numerous benefits, they also create opportunities for criminals to exploit vulnerabilities. Higher value remote transactions are performed at higher volumes. In addition, government programs such as the PPP program created a need for onboarding business quickly. This created a influx of fraudulent entities and claim who are now exploiting other channels. The convergence of these trends highlights the critical role of KYB in safeguarding businesses, ensuring regulatory compliance, and fostering trust among stakeholders in today's dynamic and interconnected business environment.
Segment Resources: https://files.scmagazine.com/wp-content/uploads/2024/05/idi-Identiverse-Brochure_05-2024-KYB-PRINT.pdf
This segment is sponsored by IDI. Visit https://securityweekly.com/idiidv to learn more about them!
From wrestling with integration complexities to managing unexpected glitches, the realities of SSO implementation can produce very different results than what you want. Are users actually using SSO to login or are they still using the direct logins they gained before enabling SSO? We explore the reasons behind why SSO efficacy isn't always what it seems and what you can do about it.
This segment is sponsored by Savvy. Visit https://securityweekly.com/savvyidv for a no cost SaaS-Identity checkup!
With identity being the new security perimeter, identity platforms are now an integral part of the core security stack. Inherently these platforms are complex and it takes months and years for organizations to realize the business value. And this is going to get worse. The sheer volume and velocity with which new identity types are being added, as well the sophistication of attacks on identity platforms, requires a transformational shift to Identity security and governance. 50% operational efficiency and delivering security at scale are the two big initiatives which organizations have embarked on. In this session, Vibhuti Sinha, Chief Product Officer of Saviynt will share his insights and discuss how Saviynt is at the forefront of this transformation.
This segment is sponsored by Saviynt. Visit https://securityweekly.com/saviyntidv to learn more about them!
Enterprises often struggle with achieving business value in identity programs. This is typically the result of technology choices that require a disproportionately greater amount of effort and focus and underestimating the workforce required for organizational change management. With 30 years in the industry and a depth of accumulated knowledge working with large, global customers and vendors, we share how to identify and realize the business value in your organization’s identity program.
Segment Resources: https://files.scmagazine.com/wp-content/uploads/2024/05/SDG-IAM-Brief-1.pdf https://files.scmagazine.com/wp-content/uploads/2024/05/SDG-IAM-Modernization-Service-Brief-1-1.pdf
This segment is sponsored by SDG. Visit https://securityweekly.com/sdgidv to learn more about them!
In today’s increasingly complex cloud environments, ensuring continuous access to identity services is critical for maintaining business operations and security. Gerry Gebel, VP of Product and Standards at Strata Identity, will discuss the recently announced Identity Continuity product, designed to provide uninterrupted identity services even during outages. Unlike traditional disaster recovery solutions, Identity Continuity autonomously fails over to alternate identity providers, ensuring seamless access management. Join us to explore how Strata Identity is enhancing resilience in the identity management space.
Segment Resources: Strata Identity Continuity Product page: https://www.strata.io/maverics-platform/identity-continuity/ State of Multi-Cloud Identity report: https://strata.io/wp-content/uploads/2023/08/State-of-multi-cloud-identity-2023_Strata-Identity.pdf Parametrix Survey = https://www.reinsurancene.ws/leading-cloud-service-providers-faced-1000-disruptions-in-2022-parametrix/
This segment is sponsored by Strata. Visit https://securityweekly.com/strataidv to learn more about them!
Digital businesses are under attack from account and platform fraud, including Account Takeover (ATO), account opening fraud, and many variations of fraudulent account scams, impersonations, transactions and collusions. Learn best practices to stop fraud with better detection and prevention that can also improve customer satisfaction and operating efficiencies.
This segment is sponsored by Verosint. Visit https://securityweekly.com/verosintidv to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-365
Trust in Microsoft, Apple, and the Holy AI, Amen, Moonstone Sleet, Cheating, Joshua Marpet, and More, on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-393
We will discuss LLM security in general and some of the issues covered in the OWASP Top 10 for LLMs!
Segment Resources:
Skyrocketing IoT vulnerabilities, bricked computers?, MACBORG!, raw dogging source code, PHP strikes again and again, if you have a Netgear WNR614 replace it now, Arm Mali, new OpenSSH feature, weird headphones, decrypting firmware, and VPNs are still being hacked!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-832
Buzz Aldrin, the Gray Lady, Veeam, Microsoft squared, Nvidia, Hardware, Pentests, Josh Marpet, and more on this Edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-392
Looking at use cases and abuse cases of Microsoft's Recall feature, examples of hacking web APIs, CISA's secure design pledge, what we look for in CVEs, a nod to PHP's history, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-288
Did you miss Gartner Security & Risk Management last week in National Harbor, MD? Don't worry, Padraic O'Reilly, Founder and Chief Innovation Officer at CyberSaint, joins us to discuss the hot topics that were presented at the conference last week, including:
Padraic will also discuss the changing role of the CISO, at least in the eyes of Gartner. Don't miss this recap.
This segment is sponsored by CyberSaint . Visit https://securityweekly.com/cybersaint to learn more about them!
The recent rise in adversarial AI has made it clear: organizations must fight AI with better AI. Gone are the days of relying on legacy, antiquated endpoint detection and response offerings, or cybersecurity tools that are based on ineffective machine learning models. In this interview, Deep Instinct CIO Carl Froggett will explain why Deep Learning is the most superior form of AI, and the technology’s role in powering predictive prevention.
This segment is sponsored by Deep Instinct. Visit https://securityweekly.com/deepinstinctrsac to learn more about them!
Attackers are targeting enterprise users when they are online via attacks like spear phishing, malicious docs infected with malware/ransomware.
Today SASE/SSE’s Secure Web Gateway (SWG) component is touted as the solution to this problem. These SWGs look at traffic between the enterprise users and websites and try to infer attacks.
Unfortunately, attackers are subverting these SWGs and breaking into enterprises. There is an urgent need to stop this and the solution seems to be to have a browser native security agent which can detect-mitigate attacks happening on the users browser and allow enterprises to threat hunt web attacks company wide.
Segment Resources: Why Browser Native Solutions are better than Cloud Based Proxies: https://drive.google.com/file/d/1cItXj1KEm45ZNklASFmcvprbPqZChcMn/view?usp=sharing
Data Sheet: https://drive.google.com/file/d/1tv3q2iTFROJPceq2b9SJtzkdHD9J6mvC/view?usp=sharing
Blog on the Many Failures of Secure Web Gateways: https://labs.sqrx.com/the-unspoken-challenges-of-secure-web-gateways-c516bc287a6d
Latest Press Release: Forbes: Critical Security Flaws Found In Email Top 4—Apple, Gmail, Outlook & Yahoo: https://www.forbes.com/sites/daveywinder/2024/04/04/critical-security-flaw-in-apple-icloud-google-gmail-microsoft-outlook-yahoo-mail-aol-mail-email/
This segment is sponsored by Square X. Visit https://securityweekly.com/squarexrsac to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-353
Burning AI, Lockbit, Veeam, Club Penguin, Kali, Commando Cat, HugeGraph, Aaran Leyland, and More, on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-391
"Identity security has been around forever though", you might be thinking. Allow me to clarify. Identity is the largest cybersecurity product category, but most of it is focused on identity governance, authentication, multi-factor, etc. Very little of it is focused on operational identity security. It's this trend, where we recently (within the last 2 years) started seeing the ITDR (Identity Threat Detection and Response) acronym that we'll be focused on today. Particularly:
And it's difficult to do better for this conversation than Will Lin. He spent the last half decade as a VC. On a daily basis, he was looking at the big picture of cybersecurity markets and trends. He discussed security challenges with CISOs and other security buyers on a regular basis, both directly and through the Security Tinkerers community he founded. All this led to a decision to quit the VC world to become a founder himself. Of all the categories he could have chosen, he chose identity security, and that's why we're happy to have him for this conversation.
Segment Resources:
We start off discussing the latest round of fundings, centered largely around data security and securing LLM use. This dovetails into a discussion about marketing language and how difficult it can be for buyers to work out what the latest round of early stage startups are doing.
Next, we discuss Cloudflare and Bugcrowd's acquisitions, as well as Synopsys's divestiture of its appsec portfolio.
From here, we dive into a raft of new features across both IT and cybersecurity products, like Azure, Dashlane, LastPass, and PagerDuty. Discussing Huntress's active remediation feature triggers a conversation about this latest product trend: vendors seem to think buyers are ready for fully automated remediation actions. We're not so sure they are.
To wrap up the cybersecurity coverage, Brandon Dixon has an interesting tutorial regarding a Security Copilot use case that looks a LOT like the default phishing enrichment use case that has been used for every SOAR POC ever. To clarify, this is a great piece in that it is all practical, has no marketing fluff, and shows you how to do something useful with Security Copilot. Where it pulls up short is managing to live up to the hype we've been hearing about Security Copilot from day one.
We agree to table the discussion on Microsoft Recall until we know more about what GA of the feature will look like, and then dig into a VERY interesting squirrel story about an audio-based hacking puzzle created by a rock band.
The interview will delve into the healthcare industry's tumultuous year in 2023, marked by 124 million breached health records across 725 hacking incidents (according to The HIPAA Journal). This interview will explore the critical role that MSSPs play in safeguarding health data and systems against potential security incidents, such as ransomware and business email compromise attacks. Jim Broome will share how to proactively prepare for an incident - including establishing a comprehensive incident response plan, outlining strategies for containment, restoration, and ongoing security operations, and how an MSSP can help.
Segment Resources: Tales from the Road Blog: An External Pen Test at a Healthcare Organization Reveals the Dangers of the Dark Web - https://www.directdefense.com/tales-from-the-road-an-external-pen-test-reveals-the-dangers-of-the-dark-web/
2023 Security Operations Threat Report: https://go.directdefense.com/2023-Security-Operations-Threat-Report
This segment is sponsored by DirectDefense. Visit https://securityweekly.com/directdefensersac to learn more about them!
In the dynamic landscape of cybersecurity, the urgency to eliminate passwords as a security vulnerability has never been more critical. Organizations are continuing to face a surge in the variety and complexity of cyber threats at historical rates, often fueled by compromised employee login credentials – resulting from attacks such as phishing which has been exacerbated by the rise in use of Artificial Intelligence (AI). The 2023 Verizon Data Breach Investigations Report underscores the staggering impact of breaches caused by stolen credentials, accounting for a staggering 74% of incidents. Christopher Harrell, Yubico’s Chief Technology Officer, shares how organizations can achieve passwordless authentication at scale with high assurance phishing-resistant multi-factor authentication (MFA) to elevate their security posture against phishing attacks while creating phishing-resistant users.
Segment Resources: https://www.yubico.com/blog/empowering-enterprise-security-at-scale-with-new-product-innovations-yubikey-5-7-and-yubico-authenticator-7/
This segment is sponsored by Yubico. Visit https://securityweekly.com/yubicorsac to learn more about them!
In this podcast segment, we delve into Sophos' fifth annual State of Ransomware report, exploring significant findings and trends in the evolving ransomware landscape. We'll discuss the sharp increase in recovery costs, the strategic targeting of backups by hackers, and the evolving role of cyber insurance in ransom payments. Our discussion will provide insights into how organizations can adapt their cybersecurity measures to mitigate these heightened threats and recover more effectively from attacks.
Segment Resources: Blog: The State of Ransomware 2024 Report: https://assets.sophos.com/X24WTUEQ/at/9brgj5n44hqvgsp5f5bqcps/sophos-state-of-ransomware-2024-wp.pdf Press release: Ransomware Payments Increase 500% In the Last Year, Finds Sophos State of Ransomware Report
This segment is sponsored by Sophos. Visit https://www.securityweekly.com/sophosrsac to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-364
Josh comes on the show to discuss all things related to vulnerability tracking and scoring, including the current issues with various systems and organizations including NIST, CVE, Mitre, CVSS, NVD, and more!
Segment Resources:
Josh's podcasts:
This week: Take on the upstream, how hard is it to patch end-of-life software, hack millions of routers, take over millions of routers, 0-days, and no responses, hack Taylor Swift wristbands, can you detect that covert channel?, and breach reports from Ticketmaster, Snowflake, Santander, and TikTok, and top it all of with C-level DNS servers dropping off the Internet!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-831
Gold Pressed Latinum, VBScript, ORBS, Rockwell, Chrome, SKY, Aaran Leyland, and More on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-389
Boyce Codd Normal Form, Azure, Roaring Kitty, Hugging Face, Okta, Linux, Oracle, Josh Marpet and more, are on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-390
Open source has been a part of the software supply chain for decades, yet many projects and their maintainers remain undersupported by the companies that consume them. The security responsibilities for project owners has increased not only in dealing with security disclosures, but in maintaining secure processes backed by strong authentication and trust.
Segment Resources:
Application security posture management has quickly become a hot commodity in the world of AppSec, but questions remain around what is defined by ASPM. Vendors have cropped up from different corners of the AppSec space to help security teams make their programs more effective, improve their security postures, and connect the dots between developers and security. Apiiro is setting the diamond standard for ASPM, combining deep code analysis, runtime context, and native risk detection with a 100% open platform approach, providing more valuable prioritization and a more powerful policy engine.
This segment is sponsored by Apiiro. Visit https://securityweekly.com/apiirorsac to learn more about them!
Bots accounted for nearly half of all internet traffic in 2023, with bad bot traffic rising for a fifth consecutive year. Malicious bot activity is a significant risk for businesses as it can result in account compromise, higher infrastructure and support costs, customer churn, and more. Tune in to learn about the security risks of these automated threats and what trends Imperva has monitored.
This segment is sponsored by Imperva. Visit https://securityweekly.com/impervarsac to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-287
Since the 1995 publication of Daniel Goleman’s international bestseller Emotional Intelligence, Why It Can Matter More Than IQ, a global movement has developed to bring “EQ” into practice in businesses, schools, and communities around the globe. But what is its impact on Cybersecurity?
In this interview, we welcome Jessica Hoffman, Deputy CISO for the City of Philadelphia, to discuss how Emotional Intelligence can be applied by CyberSecurity leadership to create a better culture and better leaders. Jessica will discuss the five skills that encompass Emotional Intelligence, including:
and examples of how to use them. If you want to be a better cyber leader, then don't miss this episode.
Semperis CISO Jim Doggett shares insights into the evolving role of the CISO. The daily onslaught of cyberattacks not only increases business risk, but also puts a company’s most important data at risk – data on the company, its employees, customers, and partners. Now, more than ever, the CISO is being asked to understand the business of cyber without being given much time to implement plans for protecting an organization’s infrastructure. There is a balance needed between being a technical and business leader, and Jim can share stories from his successful career to enlighten listeners.
Segment Resources:
Read: https://www.semperis.com/blog/5-itdr-steps-for-cisos/
Watch: https://www.semperis.com/resources/the-key-to-cyber-resilience-identity-system-defense/
This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisrsac to learn more about them!
With new industry regulations, like the SEC’s Cybersecurity Disclosure Rules, there is an increasing demand on CISOs and security leaders to be able to quantify, communicate, and demonstrate how their cybersecurity programs and strategies are impacting the business. In this interview, Sivan Tehila, CEO and Founder of Onyxia Cyber, will discuss new advances in Cybersecurity Management and how CISOs and security leaders can harness the power of data intelligence, automation, and AI to proactively improve risk management, ensure organizational compliance, and align their security initiatives with business goals.
Segment Resources: https://rsac.vporoom.com/2024-04-30-Onyxia-Introduces-AI-to-Cybersecurity-Management-Platform-to-Power-Predictive-Security-Program-Management
This segment is sponsored by Onyxia. Visit https://securityweekly.com/onyxiarsac to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-352
In this interview, join Swimlane Chief Information Security Officer, Mike Lyborg, and host Akira Brand as we discuss the value of cybersecurity marketplaces from a CISO perspective. Through insightful discussions, unpack the connection between outcomes-driven solutions and tangible business KPIs.
This segment is sponsored by Swimlane. Visit https://securityweekly.com/swimlanersac to learn more about them!
The past two years have witnessed an unprecedented surge in the adoption of generative artificial intelligence (AI) across various industries. And while this presents new efficiencies, with these benefits come significant security concerns. The widespread integration of AI applications increases the risk of data breaches and intellectual property theft, while also expanding organizations' vulnerability to malicious data injection and other AI-driven cyberattacks. During this interview Jim will explore why it’s imperative to implement robust security measures to mitigate these evolving risks effectively, and how working alongside an MSSP can benefit your overall security posture.
Segment Resources: https://go.directdefense.com/2023-Security-Operations-Threat-Report
This segment is sponsored by DirectDefense. Visit https://securityweekly.com/directdefensersac to learn more about them!
In recent years, ransomware attacks have undergone a transformative evolution, shifting from indiscriminate, mass-distributed assaults to highly targeted, sophisticated campaigns. Kris Lahiri is able to discuss the dynamic landscape of ransomware and dive into the techniques he has seen cybercriminals employ, the motivations behind these attacks, and the escalating impact on individuals, businesses, and critical infrastructure.
Segment Resources: https://www.egnyte.com/solutions/ransomware-detection https://www.egnyte.com/guides/governance/ransomware
This segment is sponsored by Egnyte. Visit https://securityweekly.com/egnytersac to learn more about them!
Show Notes: https://securityweekly.com/vault-esw-11
Check out this episode from the Secure Digital Life Vault, hand picked by main host Doug White! This segment was originally published on June 14, 2017.
Doug and Russ talk about different types of backups, how they work and out-of-band strategies.
Show Notes: https://securityweekly.com/vault-swn-14
Organizations today are overwhelmed with the sheer magnitude of potential cybersecurity threats and there is plenty of vendor buzz around AI in Security products, but what is the reality? Threat detection and incident response (TDIR) strategy and execution have never been more critical and are essential in maintaining cyber resilience and strengthening the security posture of every organization. TDIR aims to identify potential threats and respond before they can impact a business. A layered defense focuses on identifying threat activity, prioritizing investigations, and measuring risk. As a result, organizations can take the appropriate threat mitigation steps. These security strategies and protocols signify a step forward with a TDIR strategy where everyone from the CISO to the security analyst wins.
This segment is sponsored by Graylog. Visit https://securityweekly.com/graylogrsac to learn more about them!
Axur is a cost-effective external cybersecurity solution that empowers security teams to handle threats beyond the perimeter. Our platform detects, inspects, and responds to brand impersonation, phishing scams, dark web mentions, threat intel vulnerabilities, and more.
This segment is sponsored by Axur. Visit https://securityweekly.com/axurrsac to learn more about them!
Segment Resources: https://www.axur.com/en-us/partners https://www.axur.com/en-us/outsourced-takedown https://www.axur.com/polaris/home
Vendors, sales channels, partners and other kinds of third parties are essential to most businesses. Ensuring that the information security risks of those other companies don't impact your own is the remit of Third Party Cyber Risk Management (TPCRM) teams. It is increasingly evident, however, that the existing practices and tools are not up to the challenge. They make the process even more adversarial than it needs to be, are focused on risk transfer and/or acceptance rather than reduction; are based on limited and low quality signals; and are often excruciatingly manual. We can do better as an industry, and in this conversation we are going to explore a new paradigm for TPCRM and its advantages for third and first parties.
Segment Resources: Alice in Supply Chains is a monthly marketing-free newsletter with curated news and commentary on TPCRM: https://www.linkedin.com/newsletters/alice-in-supply-chains-6976104448523677696/
This segment is sponsored by Tenchi Security. Visit https://securityweekly.com/tenchirsac to learn more about them!
Show Notes: https://securityweekly.com/vault-esw-10
As a special treat for this week's vault episode, we set up a conversation with Derek Manky to discuss Fortinet's FortiGuard Labs Threat Report. This is a bi-annual report put out by FortiGuard Labs, and in my opinion, it just keeps getting better and better. The report is chock full of actionable information and insights. It answered all my questions about the current state of threats and attacks, like:
There's not a dull moment in this conversation - I hope you enjoy listening to or watching it as much as I did making it!
Segment Resources:
Show Notes: https://securityweekly.com/vault-esw-9
Making The World A More Secure Place: Joshua Corman's Journey and Insights
Welcome to an insightful podcast episode featuring Joshua Corman, a prominent figure in the realm of cybersecurity. With a wealth of experience and a keen understanding of the evolving threat landscape, Joshua has established himself as a thought leader and influencer in the cybersecurity community.
In this episode, we explore Joshua's professional journey, from his early days in the industry to his current position as a respected cybersecurity leader. With a focus on practical strategies and real-world challenges, Joshua shares valuable insights into the complexities of modern cybersecurity and the strategies organizations can employ to navigate this dynamic landscape.
As a recognized authority on security, Joshua Corman's expertise spans a range of topics, including risk management, threat intelligence, and the intersection of security with technology and business. Join us as we delve into his experiences, lessons learned, and the principles that guide his approach to addressing the ever-present challenges of cybersecurity.
Whether you are a cybersecurity professional, technology enthusiast, or someone keen on understanding the intricacies of safeguarding digital assets, this podcast offers a unique opportunity to gain perspective from one of the industry's thought leaders. Tune in to discover the wisdom and practical advice Joshua Corman brings to the table, shedding light on the current state of cybersecurity and its future trajectory.
Show Notes: https://securityweekly.com/vault-psw-9
With hundreds or thousands of SaaS apps to secure with no traditional perimeter, Identity becomes the focal point for SaaS Security in the modern enterprise. Yet with Shadow IT, now recast as Business-Led IT, quickly becoming normal practice, it’s more complicated than trying to centralize all identities with an Identity Provider (IdP) for Single Sign-On (SSO). So the question becomes, “How do you enable the business while still providing security oversight and governance?”
This segment is sponsored by Savvy. Visit https://securityweekly.com/savvy to learn more about them!
CISOs encounter challenges in securing data amidst the rapid growth driven by Cloud and GenAI applications. In this segment, we will delve into how Bedrock Security powers frictionless data security, empowering CISOs to securely manage data sprawl, allowing their businesses to operate at optimal speed, without compromising security.
Segment Resources:
Bedrock Security: https://www.bedrock.security/
Bedrock Security X/Twitter: https://twitter.com/bedrocksec
Bedrock Security LinkedIn: https://www.linkedin.com/company/bedrocksec/
House Rx (customer) Case Study: https://tinyurl.com/35v48wx7
Introductory Whitepaper: https://tinyurl.com/5yjeu92b
Innovation Sandbox 2024: https://www.businesswire.com/news/home/20240402284910/en/Bedrock-Security-Named-RSA-Conference-2024-Innovation-Sandbox-Finalist
This segment is sponsored by Bedrock Security. Visit https://securityweekly.com/bedrockrsac to learn more about them!
Show Notes: https://securityweekly.com/vault-asw-10
Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on April 18, 2023.
We talk with Ben about the rewards, hazards, and fun of bug bounty programs. Then we find out different ways to build successful and welcoming communities.
Show Notes: https://securityweekly.com/vault-asw-9
Check out this episode from the Secure Digital Life Vault, hand picked by main host Doug White! This segment was originally published on June 8, 2017.
Doug and Russ swim the warm waters of academia, college degrees, types of degrees, and whether or not you need one.
Show Notes: https://securityweekly.com/vault-swn-13
Check out this interview from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on June 27, 2022.
Forgepoint Capital’s Co-Founder and Managing Director, Alberto Yépez, explains what the current economic challenges mean for innovation and the future of the cybersecurity market. Hear his perspective on what security investments, as well as mergers and acquisitions, will look like throughout the next 12-18 months, and how responsible companies are staying the course amidst layoffs and budget cuts in order to turn uncertainty into a strategic path forward.
Segment Resources:
Forgepoint’s new CISO security priorities model: https://forgepointcap.com/news/forgepoint-capital-builds-first-ever-ciso-security-priorities-model/
Recent exits that Forgepoint supported: - Forescout acquires Cysiv on June 6, 2022(release: https://www.cysiv.com/news/forescout-announces-intent-to-acquire-cysiv and Forgepoint’s blog: https://forgepointcap.com/news/executive-spotlight-an-interview-with-partha-panda-ceo-of-cysiv/)
SentinelOne acquires Attivo Networks on May 4, 2022 (release: https://www.sentinelone.com/press/sentinelone-completes-acquisition-of-attivo-networks/ and Forgepoint’s “why we invested” blog: https://forgepointcap.com/news/attivo-networks-why-we-invested/)
LexisNexis Risk Solutions Acquires BehavioSec on May 3, 2022 (release: https://risk.lexisnexis.com/about-us/press-room/press-release/20220503-behaviosec and Forgepoint’s blog: https://forgepointcap.com/news/executive-spotlight-an-interview-with-neil-costigan-of-behaviosec/ )
Cloudflare acquires Area 1 Security on April 1, 2022 (release: https://www.cloudflare.com/press-releases/2022/cloudflare-completes-acquisition-of-area-1-security/ and Forgepoint’s “why we invested” blog: https://forgepointcap.com/news/area-1-security-why-we-invested/ )
Show Notes: https://securityweekly.com/vault-bsw-9
Explore how to transform your third party risk program from a business bottleneck to a business driver. Discover how evidence-based security documentation and AI can streamline risk assessments, completing them in days not months. This data-driven approach will reduce TPRM backlog and allow your security team to move faster, identify risk proactively, and become a business driver for your organization.
This segment is sponsored by VISO TRUST. Visit https://www.securityweekly.com/visotrustrsac to learn more about them!
While client-side resources enable web applications to provide a rich user experience, security teams struggle to gain visibility, insight, and enforcement over them. In this interview, Lynn Marks discusses the latest client-side attack trends observed by Imperva and the pivotal role of client-side protection within PCI DSS 4.0.
This segment is sponsored by Imperva. Visit https://securityweekly.com/impervarsac to learn more about them!
Show Notes: https://securityweekly.com/vault-bsw-10
Only one funding announcement this week, so we dive deep into Thoma Bravo's past and present portfolio. They recently announced a sale of Venafi to Cyberark and no one is quite sure how much of a hand they had in the LogRhythm/Exabeam merger, and whether or not they sold their stake in the process.
We also have a crazy stat Ross Haleliuk spotted in Bessemer's analysis: "13 out of 14 cybersecurity companies acquired in the past year for over $100M were from Israel". Is this an anomaly? Does it just mean that Israel wasn't shy about selling when the market was down? We discuss.
A number of new product announcements continue to trickle out post-RSA.
We'll also discuss Sam Altman and OpenAI's decision to use Scarlett Johansson's voice against her will and what it could mean for deepfakes, advanced social engineering techniques, and general big tech sliminess.
Do you know what a "product glorifier" is? How about a glowstacker? You will if you check out the second-to-last story in the show notes!
See the show notes for individual descriptions on each RSAC interview. This week, we feature speakers from Sailpoint, Okta, Ping Identity, LimaCharlie, QwietAI, and Picus!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-363
The Security Weekly crew and special guest Seemant Sehgal explore what PTaaS involves, how it differs from traditional penetration testing, and why it's becoming a crucial service for companies of all sizes to protect their digital assets. We'll discuss the how PTaaS is using the latest technologies (e.g machine learning), the benefits of having a third-party service, and real-world scenarios where PTaaS has successfully thwarted potential security breaches. PTaaS can be a game-changer in enhancing your organization’s security posture!
This segment is sponsored by Breachlock. Visit https://securityweekly.com/breachlock to learn more about them!
An exploit that makes you more secure, pardon the interruption, water heater company in hot water, IoT devices are vulnerable, Squeege and RDP scraping, free laundry for everyone!, Wifi routers and Apple Air tags, North Koreans fill US IT positions, taking out drones, the NVD backlog, IBM is no longer a security company?, and DNSBombs!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-830
Big Tech, Fighting a Junta, Keylogger in Microsoft , APT Hackers, Free Laundry, Joshua Marpet & more on this edition of the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-388
Secure coding education should be more than a list of issues or repeating generic advice. Liran Tal explains his approach to teaching developers through examples that start with exploiting known vulns and end with discussions on possible fixes. Not only does this create a more engaging experience, but it also relies on code that looks familiar to developers rather than contrived or overly simplistic examples.
Segment resources:
The challenge of evaluating threat alerts in aggregate – what a collection and sequence of threat signals tell us about an attacker’s sophistication and motives – has bedeviled SOC teams since the dawn of the Iron Age. Vectra AI CTO Oliver Tavakoli will discuss how the design principles of our XDR platform deal with this challenge and how GenAI impacts this perspective.
Segment Resources:
Vectra AI Platform Video: https://vimeo.com/916801622
Blog: https://www.vectra.ai/blog/what-is-xdr-the-promise-of-xdr-capabilities-explained
Blog: https://www.vectra.ai/blog/xdr-explored-the-evolution-and-impact-of-extended-detection-and-response
MXDR Calculator: https://www.vectra.ai/calculators/mxdr-value-calculator
This segment is sponsored by Vectra AI. Visit https://securityweekly.com/vectrarsac to learn more about them!
In this interview, we will discuss the network security challenges of business applications and how they can also be the solution. AlgoSec has spent over two decades tackling tough security issues in some of the world’s most complex networks. Now, they’re applying their expertise to hybrid networks—where customers are combining their on-premise resources along with multiple cloud providers.
Segment Resources: https://www.algosec.com/resources/
This segment is sponsored by AlgoSec. Visit https://securityweekly.com/algosecrsac to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-286
This week, it’s time for security money, our quarterly review of the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter. This quarter, Rubrick's IPO saves the index, as Cisco finishes the acquisition of Splunk. The index is now made up of the following 25 pure play cybersecurity public companies:
Secureworks Corp Palo Alto Networks Inc Check Point Software Technologies Ltd. Rubrik Inc Gen Digital Inc Fortinet Inc Akamai Technologies, Inc. F5 Inc Zscaler Inc Onespan Inc Leidos Holdings Inc Qualys Inc Verint Systems Inc. Cyberark Software Ltd Tenable Holdings Inc Darktrace PLC SentinelOne Inc Cloudflare Inc Crowdstrike Holdings Inc NetScout Systems, Inc. Varonis Systems Inc Rapid7 Inc Fastly Inc Radware Ltd A10 Networks Inc
In this segment, Theresa will unpack the complexities of cyber resilience, and dive into new research that examines dynamic computing. She’ll discuss how it merges IT and business operations, taps into data-driven decision-making, and redefines computing for the modern era.
This segment is sponsored by LevelBlue. Visit https://www.Securityweekly.com/levelbluersac to learn more about them!
In this segment, Jim can discuss how organizations can enhance their cybersecurity posture with Blumira’s automated threat monitoring, detection and response solutions. Jim can talk about the exciting plans Blumira has in store for the next 3 years, emphasizing how the company is lowering the barrier to entry in cybersecurity for SMBs.
Segment Resources: https://www.blumira.com/customer-stories/ https://www.blumira.com/why-blumira/
This segment is sponsored by Blumira. Visit https://securityweekly.com/blumirarsac to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-351
Microsoft, North Korea, Santander, CISA, Deepfakes, Aaran Leyland & more on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-387
Suddenly SIEMs are all over the news! In a keynote presentation, Crowdstrike CEO George Kurtz talked about the company's "next-gen" SIEM. Meanwhile, Palo Alto, who was taken to task by some for not having an active presence on the RSAC expo floor, hits the headlines for acquiring IBM's SIEM product, just to shut it down!
Meanwhile, LogRhythm and Exabeam merge, likely with the hopes of weathering the coming storm. The situation seems clear - there's no such thing as "best of breed" SIEM anymore. It's a commodity to be attached to the existing dominant security platforms. Are the days numbered for the older pure-play SIEM/SOAR vendors out there? Crowdstrike and Palo Alto alone could displace a lot of incumbents, even with a less than stellar product.
Visit the show notes for full descriptions on each RSAC executive interview!
Show Notes: https://securityweekly.com/esw-362
Has cryptocurrency done more harm than good? Our guest for this segment has some interesting views on its impacts!
Vulnrichment (I just like saying that word), Trustworthy Computing Memo V2, SSID confusion, the Flipper Zero accessory for Dads, the state of exploitation, Hackbat, Raspberry PI Connect, leaking VPNs, exploiting faster?, a new Outlook 0-Day?, updating Linux, and a 16-year-old vulnerability.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-829
3000 Years Ago, Dell, Robocalls, PyPI, Cinterion, Cacti, Chat-GPT, Windows, Josh Marpet, and more, on this Edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-386
Everyone is interested in generative AIs and LLMs, and everyone is looking for use cases and apps to apply them to. Just as the early days of the web inspired the original OWASP Top 10 over 20 years ago, the experimentation and adoption of LLMs has inspired a Top 10 list of their own. Sandy Dunn talks about why the list looks so familiar in many ways -- after all, LLMs are still software. But the list captures some new concepts that anyone looking to use LLMs or generative AIs should be aware of.
How companies are benefiting from the enterprise browser. It's not just security when talking about the enterprise browser. It's the marriage between security AND productivity. In this interview, Mike will provide real live case studies on how different enterprises are benefitting.
Segment Resources:
This segment is sponsored by Island. Visit https://www.securityweekly.com/islandrsac to learn more about them!
The cybersecurity landscape continues to transform, with a growing focus on mitigating supply chain vulnerabilities, enforcing data governance, and incorporating AI into security measures. This transformation promises to steer DevSecOps teams toward software development processes with efficiency and security at the forefront. Josh Lemos, Chief Information Security Officer at GitLab will discuss the role of AI in securing software and data supply chains and helping developers work more efficiently while creating more secure code.
This segment is sponsored by GitLab. Visit https://securityweekly.com/gitlabrsac to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-285
In today's enterprises, the Identity Access Management (IAM) System is the key to a business' critical operations. But that IAM environment is more vulnerable than most security executives realize.
Segment Resources: https://www.mightyid.com/articles/the-r-in-itdr-the-missing-piece-in-identity-threat-detection-and-response
https://www.mightyid.com/download-am-i-covered
https://www.mightyid.com/articles/vegas-under-cyber-attack-what-went-wrong
This segment is sponsored by MightyID. Visit https://securityweekly.com/mightyid to learn more about them!
AI is more than just a buzzword. Done right, AI can improve decision making and scale your identity security platform to manage every identity, human and machine, physical and digital. Learn about how Saviynt’s #1 Identity Security platform is leveraging a variety of AI capabilities to enhance the user experience and improve identity security and compliance, bringing AI to life in a practical, market leading way to drive value for our customers.
Segment Resources: https://saviynt.com/blog/analytics-ai-automation-and-abstraction-pioneering-the-next-chapter-in-identity-security/
This segment is sponsored by Saviynt. Visit https://www.securityweekly.com/saviyntrsac to learn more about them!
The common misperception that identity infrastructure and IAMs like Active Directory, Okta, or Ping can adequately secure the entire identity infrastructure is to blame for the continued barrage of cyber and ransomware attacks. Yes, each of these vendors has security controls baked into their solution, however they cannot extend those controls outside their environments to provide visibility, context, and protection beyond their walls. Hackers use the gaps between these tools to move throughout a company and evade detection. We don't expect Dell or Lenovo to protect our entire suite of endpoints. Nor do expect a single cloud provider to protect all your clouds; we rely on Wiz for that. Identity infrastructure remains the most unprotected part of the technology stack and needs dedicated protection, as organizations already apply for cloud, endpoints, or networks. Watch this conversation with Hed Kovetz as he takes us through why identity security remains the most unprotected part of the security stack, and what needs to change to advance the state of cybersecurity.
Segment Resources: https://www.silverfort.com/the-identity-underground-report/
This segment is sponsored by Silverfort. Visit https://securityweekly.com/silverfortrsac to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-350
Easy Passwords, BIG-IP, Ascension, Lockbit, Google, Poland, ZScaler, Aaran Leyland, and More, on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-385
Tune in to hear 9 executive interviews from RSA Conference 2024, featuring speakers from Zscaler, Open Systems, Aryaka, OpenText, Hive Pro, Critical Start, Anomali, Cyware, and Pentera!
Find individual descriptions for each interview on the show notes.
Show Notes: https://securityweekly.com/esw-361
In this RSAC 2024 South Stage Keynote, Mikko Hyppönen will look back at the past decade of ransomware evolution and explore how newer innovations, like AI, are shaping its future.
Illuminating the Cybersecurity Path: A Conversation with Jeremiah Grossman
Join us for a compelling episode featuring Jeremiah Grossman, a prominent figure in the cybersecurity landscape. As a recognized expert, Jeremiah has played a pivotal role in shaping the discourse around web security and risk management.
Jeremiah's journey in cybersecurity is marked by a series of influential roles, including Chief of Security Strategy at SentinelOne and Founder of WhiteHat Security. With a focus on web application security, he has been a driving force in advocating for innovative approaches to protect organizations from cyber threats.
In this episode, we explore Jeremiah's vast experience and delve into his insights on the ever-evolving cybersecurity challenges. From his early days as a hacker to his current position as a sought-after industry thought leader, Jeremiah shares valuable perspectives on the strategies and philosophies that underpin effective cybersecurity practices.
As a pioneer in the field, Jeremiah has contributed significantly to the development of best practices for identifying and mitigating web-related vulnerabilities. Tune in to gain a deeper understanding of the evolving threat landscape and the proactive measures organizations can take to secure their digital assets.
Whether you're a cybersecurity professional, tech enthusiast, or someone eager to comprehend the complexities of online security, this podcast with Jeremiah Grossman promises to be an illuminating exploration of the past, present, and future of cybersecurity.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-828
Tetris, APT42, Kimsuky, Android, ChatRTX, MITRE, Computer Dating, Josh Marpet, and more, on this Edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-384
A lot of AI security has nothing to do with AI -- things like data privacy, access controls, and identity are concerns for any new software and in many cases AI concerns look more like old-school API concerns. But...there are still important aspects to AI safety and security, from prompt injection to jailbreaking to authenticity. Caleb Sima explains why it's important to understand the different types of AI and the practical tasks necessary to secure how it's used.
Segment resources:
We already have bug bounties for web apps so it was only a matter of time before we would have bounties for AI-related bugs. Keith Hoodlet shares his experience winning first place in the DOD's inaugural AI bias bounty program. He explains how his education in psychology helped fill in the lack of resources in testing an AI's bias. Then we discuss how organizations should approach the very different concepts of AI security and AI safety.
Segment Resources:
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-284
Inspired by my co-host Jason Albuquerque, this quarter's Say Easy, Do Hard segment is Train How You Fight. In part 1, we discuss the importance of training for a cyber incident. However, lots of organizations do not take it seriously, causing mistakes during an actual cyber incident. How will the lack of preparation impact your organization during an incident?
Inspired by my co-host Jason Albuquerque, we dig into the hard part of our Say Easy, Do Hard segment. In part 2, we discuss how to train for a cyber instance. We'll cover the elements of a training program that will prepare you for responding to a cyber incident, including:
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-349
Weird Al, Docker, OT, Gitlab, Credit Monitoring, Dropbox, Cisco, AI, Aaran Leyland, and More, on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-383
It's the most boring part of incident response. Skip it at your peril, however. In this interview, we'll talk to Joe Gross about why preparing for incident response is so important. There's SO MUCH to do, we'll spend some time breaking down the different tasks you need to complete long before an incident occurs.
Resources
This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about them!
It's the week before RSA and the news is PACKED. Everyone is trying to get their RSA announcements out all at once. We've got announcements about funding, acquisitions, partnerships, new companies, new products, new features...
To make things MORE challenging, everyone is also putting out their big annual reports, like Verizon's DBIR and Mandiant's M-Trends!
Finally, we've got some great essays that are worth putting on your reading list, including a particularly fun take on the Verizon DBIR by Kelly Shortridge.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-360
The Security Weekly crew discusses some of the latest articles and research in cryptography and some background relevant subtopics including the race against quantum computing, key management, creating your own crypto, selecting the right crypto and more!
ChatGPT writes exploits, banning default and weak passwords, forget vulnerabilities just get rid of malware, IR blasting for fun and not profit, creating fake people, shattered dreams and passkey, and removing chips.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-827
AI, Okta, Chrome, Quantum, Kaiser Permanente, FTC, FCC, NCSC, Josh Marpet, and more, are on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-382
Companies deploy tools (usually lots of tools) to address different threats to supply chain security. Melinda Marks shares some of the chaos those companies still face when trying to prioritize investments, measure risk, and scale their solutions to keep pace with their development. Not only are companies still figuring out supply chain, but now they're bracing for the coming of genAI and how that will just further highlight the current struggles they're having with data security and data privacy.
Segment Resources: Complete Survey Results: The Growing Complexity of Securing the Software Supply Chain https://research.esg-global.com/reportaction/515201781/Toc
Misusing random numbers, protecting platforms for code repos and package repos, vulns that teach us about designs and defaults, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-283
A hybrid workforce requires hybrid identity protection. But what are the threats facing a hybrid workforce? As identity becomes the new perimeter, we need to understand the attacks that can allow attackers access to our applications. Eric Woodruff, Product Technical Specialist at Semperis, joins Business Security Weekly to discuss those attacks, including a new attack technique, dubbed Silver SAML. Join this segment to learn how to protect your hybrid workforce.
Segment Resources: https://www.semperis.com/blog/meet-silver-saml/&utmsource=cra&utmcampaign=bsw-podcast
This segment is sponsored by Semperis. Visit https://securityweekly.com/semperis to learn more about them!
In the leadership and communications section, The Board's Pivotal Role in Steering Cybersecurity, CISO-CEO communication gaps continue to undermine cybersecurity, The Essence of Integrity in Leadership: A Pillar of Trust and Excellence, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-348
TikTok, Flowmon, Arcane Door, Brokewell, RuggedCom, Deepfakes, Non-Competes, Aaran Leyland, and More, on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-381
On February 27, 2024, PCAST (President’s Council of Advisors on Science and Technology) sent a report to the President with recommendations to bolster the resilience and adaptability of the nation’s cyber-physical infrastructure resources. Phil was part of the team that worked on the report and comes on the show to talk about what was recommended and how we implement the suggestions.
This week the crew discusses: When TVs scan your network, bad things can happen, PuTTY is vulnerable, Crush FTP, vulnerabilities that will never be fixed, CVEs are for vulnerabilities silly, you can test for easily guessable passwords too, FlipperZero can steal all your passwords, more XZ style attacks, more reasons why you shouldn't use a smart lock, and your keystrokes are showing!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-826
A clear pattern with startups getting funding this week are "autonomous" products and features.
I'll believe it when I see it. Don't get me wrong, I think we're in desperate need of more automation when it comes to patching and security decision-making. I just don't think the majority of the market has the level of confidence necessary to trust security products to automate things without a human in the loop.
The way LimaCharlie is going about it, with their new bi-directional functionality they're talking up right now, might work, as detections can be VERY specific and fine-grained.
We've already seen a round of fully automated guardrail approaches (particularly in the Cloud) fail, however. My prediction? Either what we're seeing isn't truly automated, or it will become a part of the product that no one uses - like Metasploit Pro licenses.
We've talked about generative AI in a general sense on our podcast for years, but we haven't done many deep dives into specific security use cases. That ends with this interview, as we discuss how generative AI can improve SecOps with Ely Kahn. Some of the use cases are obvious, while others were a complete surprise to me. Check out this episode if you're looking for some ideas!
This segment is sponsored by SentinelOne. Visit https://securityweekly.com/sentinelone to learn more about them!
This is a great interview with Adam Shostack on all things threat modeling. He's often the first name that pops into people's heads when threat modeling comes up, and has created or been involved with much of the foundational material around the subject. Adam recently released a whitepaper that focuses on and defines inherent threats.
Resources:
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-359
Robofly, CRUSHFTP, Github, Palo Alto, MITRE, Fancy Bear, Deepfakes, Aaran Leyland, and more, on this Edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-380
How can open source projects find a funding model that works for them? What are the implications with different sources of funding? Simon Bennetts talks about his stewardship of Zed Attack Proxy and its journey from OWASP to OpenSSF to an Open Source Fellowship with Crash Override. Mark Curphy adds how his experience with OWASP and the appsec community motivated him to create Crash Override and help projects like ZAP gain the support they deserve.
Segment resources:
CISA chimes in on the XZ Utils backdoor, PuTTY's private keys and maintaining a secure design, LeakyCLI and maintaining secure secrets in CSPs, LLMs and exploit generation, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-282
Since 2016, we been hearing about the impending impact of CMMC. But so far, it's only been words. That looks to be changing. Edward Tourinsky, Founder & Managing Principal at DTS, joins Business Security Weekly to discuss the coming impact of CMMC v3. Edward will cover:
Segment Resources: https://www.federalregister.gov/documents/2023/12/26/2023-27280/cybersecurity-maturity-model-certification-cmmc-program
https://consultdts.com/demystifying-the-cmmc-rule-a-breakdown-of-proposed-regulation/
The new SEC Cyber Security Rules require organizations to be ready to report cyber incidents. But what do you actually need to do? Mike Lyborg, Chief Information Security Officer at Swimlane, joins Business Security Weekly to discuss how to prepare. In this interview he'll discuss the key element of your preparation, including:
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-347
Win 95, Cheat Lab, LastPass, Kubernetes, Sandworm, Bloomtech, Frontier, 911, Aaran Leyland, and More, on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-379
Protecting a normal enterprise environment is already difficult. What must it be like protecting a sports team? From the stadium to merch sales to protecting team strategies and even the players - securing an professional sports team and its brand is a cybersecurity challenge on a whole different level.
In this interview, we'll talk to Joe McMann about how Binary Defense helps to protect the Cleveland Browns and other professional sports teams.
This week, Adrian and Tyler discuss some crazy rumors - is it really possible that a cloud security startup valued at over $8 billion in November 2021 just got bought for $200 million???
Some healthy funding for Cyera and Cohesity ($300m and $150m, respectively)
Onum, Alethea, Sprinto, Andesite AI, StrikeReady, YL-Backed Miggo, Nymiz, Salvador Technologies, and Simbian all raise smaller seed, A, or B rounds.
Akamai picks up API security startup, Noname Security, Zscaler picks up Airgap networks, and it's rumored that Armis will acquire Silk Security for $150M.
LimaCharlie seems to be doing some vertical growth, adding its own response and automation capabilities (what they call "bi-directional" capabilities). CISA releases a malware analysis system to the general public. Boostsecurity.io releases "poutine", an open source CI/CD pipeline vulnerability scanner.
Some great essays this week, with Phil Venables' Letter from the Future, Ben Hawkes' Robots Dream of Root Shells, and Aileen Lee's 10 year Unicorn anniversary piece.
We briefly discuss the 3rd party breach that affected Cisco Duo customers, and the financial impact of Change Healthcare's highly disruptive ransomware incident.
Finally, we talk about the latest research on the security of LLMs and the apps using them. It's not looking great.
For more details, check out the show notes here: https://www.scmagazine.com/podcast-episode/3188-enterprise-security-weekly-358
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-358
Version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS) puts greater emphasis on application security than did previous versions of the standard. It also adds a new “customized approach” option that allows merchants and other entities to come up with their own ways to comply with requirements, and which also has implications for application security. Specifically, PCI DSS 4.0 requires that by March 31, 2025, more testing of public-facing applications related to payment processing or other activities be considered “in scope” for compliance. Generally, any system that touches payment-card data is in scope for PCI DSS compliance, whether or not the system or function is public-facing. We'll talk through what organizations should have gotten done by March 31, 2024, and what needs to happen by March 31, 2025.
Segment Resources: https://info.obsglobal.com/pci-4.0-resources
Pioneering the Cyber Battlefield: A Deep Dive with Winn Schwartau, Cybersecurity Luminary
Get ready for an extraordinary episode as we sit down with Winn Schwartau, a true pioneer and luminary in the world of cybersecurity. Winn's impact on the field is nothing short of legendary, and in this podcast interview, we uncover the profound insights and experiences that have shaped his unparalleled career.
Winn Schwartau's journey began long before the mainstream recognition of cybersecurity as a critical discipline. As a thought leader and visionary, he foresaw the digital threats that would come to define our interconnected age. Join us as we delve into the early days of cybersecurity and explore the foresight that led Winn to become a trailblazer in the industry.
An accomplished author, speaker, and strategist, Winn Schwartau has been at the forefront of shaping cybersecurity policies and practices. From his groundbreaking book "Information Warfare" to his influential work on the concept of the "Electronic Pearl Harbor," Winn has consistently pushed the boundaries of conventional thinking in cybersecurity.
In this podcast episode, Winn shares his unique perspective on the evolution of cyber threats, the challenges faced by individuals and organizations, and the urgent need for a paradigm shift in cybersecurity strategy. Prepare to be captivated by the stories and experiences that have fueled Winn's advocacy for a more resilient and secure digital world.
Whether you're a cybersecurity professional, an enthusiast, or simply intrigued by the profound impact of technology on our lives, this conversation with Winn Schwartau promises to be a journey through the past, present, and future of cybersecurity.
Don't miss the chance to gain unparalleled insights from a true cybersecurity luminary. Tune in and discover the wisdom that only Winn Schwartau can bring to the table in this illuminating podcast interview.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-825
Duo, Steganography, Roku, Palo Alto, Putty, Cerebral, IPOs, SanDisk, Josh Marpet, and more, on this Edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-378
There are as many paths into infosec as there are disciplines within infosec to specialize in. Karan Dwivedi talks about the recent book he and co-author Raaghav Srinivasan wrote about security engineering. There's an appealing future to security taking on engineering roles and creating solutions to problems that orgs face. We talk about the breadth and depth of security engineering and ways to build the skills that will help you in your appsec career.
Segment resources:
A Rust advisory highlights the perils of parsing and problems of inconsistent approaches, D-Link (sort of) deals with end of life hardware, CSRB recommends practices and processes for Microsoft, Chrome’s V8 Sandbox increases defense, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-281
Startup founders dream of success, but it's much harder than it looks. As a former founder, I know the challenges of cultivating an idea, establishing product market fit, growing revenue, and finding the right exit. Trust me, it doesn't always end well.
In this interview, we welcome Seth Spergel, Managing Partner at Merlin Ventures, to discuss how to accelerate that journey to lead to a successful outcome. Seth will share Merlin Venture's approach to helping startups tackle the largest markets in the world, including US enterprises and federal. He will also share what success looks like.
Segment Resources:
https://merlin.vc/we-have-liftoff/
https://merlin.vc/dig-security-talon-cyber-security-acquired-by-palo-alto-networks/
https://innovationisrael.org.il/en/digital-reports/
In the leadership and communications section, Navigating Legal Challenges of Generative AI for the Board, Winds of Warning? SEC Charges Threaten to Disrupt Role of CISO, 6 Common Leadership Styles — and How to Decide Which to Use When, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-346
Combadges, SISENSE, Microsoft, Malware Next-Gen, Lastpass, Palo Alto, Broadband, Aaran Leyland, and More, on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-377
In the days when Mirai emerged and took down DynDNS, along with what seemed like half the Internet, DDoS was as active a topic in the headlines as it was behind the scenes (check out Andy Greenberg's amazing story on Mirai on Wired). We don't hear about DDoS attacks as much anymore. What happened?
Well, they didn't go away. DDoS attacks are a more common and varied tool of cybercriminals than ever. Today, Michael Smith is going to catch us up on the state of DDoS attacks in 2024, and we'll focus particularly on one cybercrime actor, KillNet.
Segment Resources:
This week, Tyler and Adrian discuss Cyera's $300M Series C, which lands them a $1.4B valuation! But is that still a unicorn? Aileen Lee of Cowboy Ventures, who coined the term back in 2013, recently wrote a piece celebrating the 10th anniversary of the term, and revisiting what it means. We HIGHLY recommend checking it out: https://www.cowboy.vc/news/welcome-back-to-the-unicorn-club-10-years-later
They discuss a few other companies that have raised funding or just come out of stealth, including Scrut Automation, Allure Security, TrojAI, Knostic, Prompt Armor.
They discuss Eclipsium's binary analysis tooling, and what the future of fully automated security analysis could look like.
Wiz acquired Gem, and Veracode acquired Longbow. Adrian LOVES Longbow's website, BTW.
They discuss a number of essays, some of which are a must read:
We briefly cover some other fun - reverse typosquatting, AI models with built-in RCE, and Microsoft having YET ANOTHER breach.
We wrap up discussing Air Canada's short-lived AI-powered support chatbot.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-357
Jim joins the Security Weekly crew to discuss all things supply chain! Given the recent events with XZ we still have many topics to explore, especially when it comes to practical advice surrounding supply chain threats.
Ahoi new VM attacks ahead! HTTP/2 floods, USB Hid and run, forwarded email tricks, attackers be scanning, a bunch of nerds write software and give it away for free, your TV is on the Internet, Rust library issue, D-Link strikes again, EV charging station vulnerabilities, and rendering all cybersecurity useless.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-824
Dronepocalypse, Privacy, Microsoft, DLINK, Home Depot, Phishing, NIST, VenomRat, Josh Marpet, and more, are on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-376
We look into the supply chain saga of the XZ Utils backdoor. It's a wild story of a carefully planned long con to add malicious code to a commonly used package that many SSH connections rely on. It hits themes from social engineering and abuse of trust to obscuring the changes and suppressing warnings. It also has a few lessons about software development, the social and economic dynamics of open source, and strategies for patching software.
It's an exciting topic partially because so much other appsec is boring. And that boring stuff is important to get right first. We also talk about what parts of this that orgs should be worried about and what types of threats they should be prioritizing instead.
Segment Resources:
OWASP leaks resumes, defining different types of prompt injection, a secure design example in device-bound sessions, turning an ASVS requirement into practice, Ivanti has its 2000s-era Microsoft moment, HTTP/2 CONTINUATION flood, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-280
In this discussion, we focus on vendor/tool challenges in infosec, from a security leader's perspective. To quote our guest, Ross, "running a security program is often confused with shopping". You can't buy an effective security program any more than you can buy respect, or a black belt in kung fu (there might be holes in these examples, but you hopefully get the point). In fact, buying too much can often create more problems than it solves, especially if you're struggling to fill your staffing needs.
In this 2-part episode, we'll discuss:
- The current state of vendor offerings in cybersecurity - The difficulties of measuring value and efficacy in a product - How to avoid building a security program that centers around managing products - Shelfware - Minimizing product overhead - The pros and cons of buying from different types of companies - Who to look to for product recommendations - Is making a plan to "ditch before you hitch" a good or bad idea? - What to do when you inherit a mess
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-345
SEXi, AI Dreams, Powerhost, Acuity, Layerslider, JSOutProx, Byakugan, Josh Marpet, and More, on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-375
As most of you have probably heard there was a scary supply chain attack against the open source compression software called "xz". The security weekly hosts will break down all the details and provide valuable insights.
pfSense switches to Linux (April Fools?), Flipper panic in Oz, Tales from the Krypt, Funding to secure the Internet, Abusing SSH on Windows, Blinding EDR, more hotel hacking, Quantum Bleed, and more!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-823
NVD checked out, then they came back? Maybe?
Should the xz backdoor be treated as a vulnerability?
Is scan-driven vulnerability management obsolete when it comes to alerting on emerging threats?
What were some of the takeaways from the first-ever VulnCon?
EPSS is featured in over 100 security products, but is it properly supported by those that benefit from it?
How long do defenders have from the moment a vulnerability is disclosed to patch or mitigate it before working exploits are ready and in the wild?
There's SO much going on in the vulnerability management space, but we'll try to get to the bottom of some of in in this episode. In this interview, we talk to Patrick Garrity about the messy state of vulnerability management and how to get it back on the rails.
Segment Resources:
As we near RSA conference season, tons of security startups are coming out of stealth! The RSA Innovation Sandbox has also announced the top 10 finalists, also highlighting early stage startups that will be at the show.
In this week's news segment,
By the way, the thumbnail is a reference to the xz backdoor link we include in the show notes: https://lcamtuf.substack.com/p/technologist-vs-spy-the-xz-backdoor
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-356
Lena, XZ, WallEscape, AT&T, OWASP, Google, Microsoft, AI, Josh Marpet, and more, on this Edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-374
Sometimes infosec problems can be summarized succinctly, like "patching is hard". Sometimes a succinct summary sounds convincing, but is based on old data, irrelevant data, or made up data. Adrian Sanabria walks through some of the archeological work he's done to dig up the source of some myths. We talk about some of our favorite (as in most disliked) myths to point out how oversimplified slogans and oversimplified threat models lead to bad advice -- and why bad advice can make users less secure.
Segment resources:
The OWASP Top 10 gets its first update after a year, Metasploit gets its first rewrite (but it's still in Perl), PHP adds support for prepared statements, RSA Conference puts passwords on notice while patching remains hard, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-279
Harold Rivas has held multiple CISO roles. In his current CISO role, he's championing Trellix's overall mission to address the issues CISOs face every day, encouraging information sharing and collaborative discussions among the CISO community to help address challenges and solve real problems together - part of this is through Trellix's Mind of the CISO Initiative and the Trellix CISO Council. In this interview, we do a little CISO soul-searching. Harold will bring insights from the initiative to cover some of the top challenges CISOs face in this ever-evolving role, including:
and more! If you're a CISO or want to be a CISO, don't miss this episode.
Segment Resources: https://www.trellix.com/blogs/perspectives/introducing-trellixs-mind-of-the-ciso-initiative/ https://www.trellix.com/solutions/mind-of-the-ciso-report/ https://www.trellix.com/solutions/mind-of-the-ciso-behind-the-breach/
In the leadership and communications section, The Strategic Implications of Cybersecurity: A C-Level Perspective, Leadership Misconceptions That Hinder Your Success , "Mastering Communication: Lessons from Two Years of Learning", and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-344
Many years ago, I fielded a survey focused on the culture of cybersecurity. One of the questions asked what initially drew folks to cybersecurity as a career. The most common response was a deep sense of curiosity. Throughout my career, I noticed another major factor in folks that brought a lot of value to security teams: diversity.
Diversity of people, diversity of background, and diversity of experience. I've seen auto mechanics, biologists, and finance experts bring the most interesting insights and forehead-slapping observations to the table. I think part of the reason diversity is so necessary is that security itself is incredibly broad. It covers everything that technology, processes, and people touch. As such, cybersecurity workers need to have a similarly broad skillsets and background.
Today, we talk to someone that embodies both this non-typical cybersecurity background and sense of curiosity - Clea Ostendorf. We'll discuss:
Segment Resources:
Evolving Threats from Within - Insights from the 2024 Code42 Data Exposure Report
This week, in the enterprise security news:
All that and more, on this episode of Enterprise Security Weekly!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-355
AI Dreams of Electric Sheep, Exchange, Darcula, NuGet, Rockwell, FTX, Aaran Leyland, and More, on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-373
Jason Healey comes on the show to discuss new ideas on whether the new national cybersecurity strategy is working.
Segment Resources:
The PSW crew discusses some crypto topics, such as post-quantum and GoFetch, new Flipper Zero projects, RFID hacking and hotel locks, BlueDucky, side channel attacks and more!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-822
Patrick Stewart, Colorama, Strelastealer, CVSS scores, CHUDS, Josh Marpet, and more, on this Edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-372
With hundreds or thousands of SaaS apps to secure with no traditional perimeter, Identity becomes the focal point for SaaS Security in the modern enterprise. Yet with Shadow IT, now recast as Business-Led IT, quickly becoming normal practice, it’s more complicated than trying to centralize all identities with an Identity Provider (IdP) for Single Sign-On (SSO). So the question becomes, “How do you enable the business while still providing security oversight and governance?”
This segment is sponsored by Savvy. Visit https://securityweekly.com/savvy to learn more about them!
In the leadership and communications section, The CISO Role Is Changing. Can CISOs Themselves Keep Up? , Why do 60% of SEC Cybersecurity Filings Omit CSO, CISO Info?, How Co-Leaders Succeed, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-343
One of the biggest failures in appsec is an attitude that blames users for security problems. A lot of processes and workflows break down because of an insecure design or insecure defaults. Benedek Gagyi chats with us about the impact of the user experience (UX) on security and why it's not only important to understand how to make a user's life easier, but in defining who that user is in the first place.
Segment resources:
The GoFetch side channel in Apple CPUs, OpenSSF's plan for secure software developer education, fuzzing vs. formal verification as a security strategy, hard problems in InfoSec (and AppSec), and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-278
While awareness and attention towards cybersecurity are on the rise, some popular and persistent myths about cybersecurity have almost become threats themselves. API security requires a modern understanding of the threat landscape, with the context that most API providers desire to be more open and accessible to all. We will debunk the 5 worst myths about protecting your APIs.
Segment Resources:
This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about API security!
In the enterprise security news,
Lots of funding news, including: - Nozomi Networks Raises $100 Million to Expand Industrial Cybersecurity Business - BigID Raises $60 Million at $1 Billion Valuation - J.P. Morgan Growth Leads $39 Million Investment in Eye Security - CyberSaint raises $21 million to accelerate market expansion Zscaler Acquires Avalor for $350 Million Cisco completes $28 bn acquisition of cybersecurity firm Splunk Airbus Calls Off Planned Acquisition of Atos Cybersecurity Group Cybersecurity firm Cato Networks hires banks for 2025 IPO, sources say
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-354
Robots gone wild, UDP, GoFetch, Domain Controllers, Pwn2Own, Verner Vinge, Reddit, Aaran Leyland, and More on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-371
Josh Corman joins us to explore how we can make things more secure, making companies make things more secure, and making regulations that make us make things more secure! We will also touch on supply chain security and the state of vulnerability tracking and scoring.
We discuss the always controversial Flipper Zero devices the hidden risks in the undersea cables, and the landscape of government oversight, revealing the intricacies of CVE, KEV, and NVD systems that are the linchpins of our digital safety. The conversation takes a turn to the practicalities of risk management and the impact of individuals on the industry, like Daniel from the curl project, striking a chord with the significance of cybersecurity vulnerabilities compared to environmental pollution. We tackle the challenges of vulnerability prioritization and the importance of a comprehensive approach to managing the ever-evolving threats that target our digital infrastructure.
(00:01) Security Practices and Flipper Zero (07:01) Technology and Privacy Concerns in Cars (17:33) Undersea Cables and NVD Issues (27:45) Government Oversight and Funding for Cybersecurity (33:33) Improving Vulnerability Prioritization in Cybersecurity (45:37) Risk Management and CVE Implementation (58:06) Cybersecurity Budget and Risk Management (01:10:48) Unique Challenges in Cybersecurity Industry (01:16:41) Discussion on Open Source and CNAs (01:26:44) Bluetooth Vulnerabilities and Exploits Discussed (01:39:46) Email Security and Compromised Accounts (01:46:23) Cybersecurity Threats and Vulnerabilities (01:52:06) GPU Security Vulnerabilities Explained
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-821
Sick Jokes, WEBGPU, Fortra, Azorult, Fujitsu, Conversation Overflow, Phishing, Josh Marpet, and more on this Edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-370
Lots of companies need cybersecurity programs, as do non-profits. Tyler Von Moll talks about how to get small organizations started on security and how to prioritize initial investments. While an appsec program likely isn't going to be one of the first steps, it's going to be an early one. What decisions can you make at the start that will benefit the program in the years that follow? What does an appsec program look like at a small scale?
Segment Resources:
Insecure defaults and insecure design in smart locks, FCC adopts Cyber Trust Mark labels for IoT devices, the ZAP project gets a new home, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-277
Dave DeWalt needs no introduction. A four-time CEO and currently the Founder and CEO of NightDragon, Dave collects, analyses, and disseminates more intelligence on the cybersecurity industry in a year than most of us ever will in a lifetime. We've invited Dave to Business Security Weekly to share some of that intelligence with our audience. Specifically, we'll hear about:
Tune in for this insightful discussion before you make your next strategic cybersecurity decisions.
Piggybacking off of our interview with Dave DeWalt, Tom Parker from Hubble joins Business Security Weekly to discuss a few of the key trends CISOs should be paying attention to. Yes, we'll cover Artificial Intelligence, but more from a business risk and governance perspective. We'll also cover quantum computing, technical debt, and how budgets will impact how organizations can or cannot prepare for these emerging trends. Buckle up and hang on for part two of our jam packed episode.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-342
In this interview, we talk to Rod Simmons, the VP of Product Strategy at Omada. We'll discuss the complex topic of securing identities against ever growing threats. We'll discuss challenges like unnecessary access, accounts with too many permissions, and a threat landscape that is increasingly finding success from targeting identities. Finally, we'll discuss where the Identity Governance and Administration (IGA) market is going.
Segment Resources:
We don't cover a lot of stories in this week's episode, but we go deep on a few important ones. I'm biased, but I think it's a good one, especially having Darwin's input and encyclopedic knowledge available to us.
Also in this week's news:
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-353
Cynicism, TikTok, Redline, Securam, Ghostrace, MicroOrange, eSim Swaps, Aaran Leyland, and More on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-369
Omkhar Arasaratnam is the General Manager of the Open Source Software Foundation (OpenSSF) and appears on the show to discuss memory safety, why re-writing software isn't always the best option, open-source software supply chains, and more!
Segment Resources:
In the security News end of life routers and exploits, SCCM mis-configurations lead to compromise, apparently you can hack anything with a Flipper Zero, do source code leaks matter?, visibility is important, printer vulnerabilities that no one cares about, friendship gets you firmware, lock hacking continues, VM escapes and risk, and multiple really cool Bluetooth hacking stories.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-820
Dem Bones, Leather, QNAP, CISA, Microsoft, PyPI, France, AirBnB, Josh Marpet, and More are on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-368
When you think of executive protection, you think of work related activities such as security details, travel planning, and other physical security protections. But in the world of Artificial Intelligence and DeepFakes, the risk landscape for executives goes far beyond work and into their personal lives. The home is now the new battle field and family life will never be the same.
Chris Pierson, CEO at BlackCloak, joins Business Security Weekly to discuss the changes in the risk landscape for executives, including Generative AI, and its impacts on social engineering, personal attacks, and family threats. Executive protection must now include digital protection, both at work and at home.
This segment is sponsored by BlackCloak. Visit https://securityweekly.com/blackcloak to learn more about them!
In the leadership and communications section, Cybersecurity in the C-Suite: A CISO’s Guide to Engaging the Board, The CISO's Guide to AI: Embracing Innovation While Mitigating Risk, Cyber Insurance Strategy Requires CISO-CFO Collaboration, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-341
A majority of internet traffic now originates from APIs, and cybercriminals are taking advantage. Increasingly, APIs are used as a common attack vector because they’re a direct pathway to access sensitive data. In this discussion, Lebin Cheng shares what API attack trends Imperva, a Thales Company has observed over the past year, and what steps organizations can take to protect their APIs.
This segment is sponsored by Imperva. Visit https://www.securityweekly.com/imperva to learn more about them!
The trivial tweaks to bypass authentication in TeamCity, ArtPrompt attacks use ASCII art against LLMs, annoying developers with low quality vuln reports, removing dependencies as part of secure by design, removing overhead with secure by design, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-276
Star Trek, JetBrains, Facebook, Chrome, FBI, USBs, TikTok, Aaran Leyland, and More on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-367
Defenders spend a lot of time and money procuring and implementing security controls. At the heart of SecOps and the SOC are technologies like XDR, SIEM, and SOAR. How do we know these technologies are going to detect or prevent attacks?
Wait for the annual pen test? Probably not a good idea.
In this segment, we'll talk with Michael Mumcuoglu about how MITRE's ATT&CK framework can help defenders better prepare for inevitable attack TTPs they'll have knocking on their doors.
Segment Resources:
In the enterprise security news,
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-352
Public information about exploits and vulnerabilities alone is not enough to inform prioritization, especially with the growing rate and variety of CVEs. Dan DeCloss, founder and CTO of PlexTrac, joins the show to discuss solving the challenges of risk prioritization to drive faster, more strategic assessment cycles. Spoiler: The key is adding context and prioritization to risk-scoring equations.
Segment Resources: https://plextrac.com/get-ready-to-prioritize-risk-with-our-new-contextual-scoring-engine/?utm_medium=tech_ptr&utm_source=security_weekly
https://plextrac.com/video/priorities/?utm_medium=tech_ptr&utm_source=security_weekly
This segment is sponsored by PlexTrac. Visit https://securityweekly.com/plextrac to learn more about them!
BiaSciLab from DEF CON joins us to discuss DCNextGen! In the security News: MouseJacking still works, CISA recommends a complete rebuild, memory safety and re-writing code, not all doorbells are created equal, putting a firewall in front of your LLM, rugged gear and vulnerabilities, PLCs are not safe, neither are Windows kernels..
Segment Resources: https://www.defcon.kids https://www.BiaSciLab.com https://www.GirlsWhoHack.com https://www.SecureOpenVote.com
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-819
ToddleShark, Zeek, Stuxnet revisited, ICS, AMEX, Apple, Change, Josh Marpet, and More on this Edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-366
The need for vuln management programs has been around since the first bugs -- but lots of programs remain stuck in the past. We talk about the traps to avoid in VM programs, the easy-to-say yet hard-to-do foundations that VM programs need, and smarter ways to approach vulns based in modern app development. We also explore the ecosystem of acronyms around vulns and figure out what's useful (if anything) in CVSS, SSVC, EPSS, and more.
Segment resources:
A SilverSAML example similar to the GoldenSAML attack technique, more about serializing AI models for Hugging Face, OWASP releases 1.0 of the IoT Security Testing Guide, the White House releases more encouragement to move to memory-safe languages, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-275
The SEC's new cyber reporting requirements are forcing organizations to rethink their compliance and risk programs. No longer can compliance and risk be static, point in time assessments. Instead they need to match the speed of security which is dynamic and real-time. Couple the difference in speeds with whistleblowers and attack groups reporting non-compliance with the new SEC rules and organizations find themselves in a regulatory nightmare.
Igor Volovich, VP of Compliance Strategy for Cyber Compliance at Qmulos, joins BSW to share his "Notes from the battlefield" on how automation is the only way to effectively converge security, risk, and compliance into a dynamic, real-time discipline.
In the leadership and communications section, Effective cyber security starts at the top, CISOs Struggling to Balance Regulation and Security Demands With Rising Cybersecurity Pressures, Unlocking Leadership Excellence: Data-Driven Practices That Set Elite Leaders Apart, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-340
Clueless pols, Lazarus, Ubiquity, UAMPQP, BlackCat, CryptoChameleon, Airlines, Aaran Leyland, and More on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-365
Pascal Geenens from Radware joins us to discuss the latest research findings relating to hacktivists an other actors using volumetric and other network-based attacks. We'll discuss everything from the current state of DDoS attacks to use in the military and even the impact of cyberattacks on popular culture!
You can find the report Pascal mentions here, on Radware's website: https://www.radware.com/threat-analysis-report/
In this week's news segment, we discuss the lack of funding announcements, and the potential effect RSA could have on the timing of all sorts of press releases. We also discuss 1Password's potential future with its sizable customer base and the $620M it raised a few years back.
Some other topics we discuss:
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-351
Jayson joins us to discuss how he is using, and social engineering, AI to help with his security engagements. We also talk about the low-tech tools he employs to get the job done, some tech tools that are in play, and the most important part of any security testing: Talking to people, creating awareness, and great reporting.
The latest attacks against WiFi, its illegal to break encryption, BLE Padlocks are as secure as you think, when command not found attacks, how did your vibrator get infected...with malware, the OT jackpot, the backdoor in a random CSRF library, it’s a vulnerability but there is no CVE, car theft and Canada, Glubteba, and settings things on fire!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-818
This week in the Security Weekly News: Avast fines, HackerGPT innovations, DDoS threats, encryption updates, Josh Marpet, and more!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-364
Farshad Abasi joins us again to talk about creating a new OWASP project, the Secure Pipeline Verification Standard. (Bonus points for not being a top ten list!) We talk about what it takes to pitch a new project and the problems that this new project is trying to solve. For this kind of project to be successful -- as in making a positive impact to how software is built -- it's important to not only identify the right audience, but craft guidance in a way that's understandable and achievable for that audience. This is also a chance to learn more about a project in its early days and the opportunities for participating in its development!
Segment resources
PrintListener recreates fingerprints, iMessage updates key handling for a PQ3 rating, Silent Sabotage shows supply chain subterfuge against AI models, 2023 Rust survey results, the ways genAI might help developers, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-274
Released on January 26, 2023, the NIST AI RMF Framework was developed through a consensus-driven, open, transparent, and collaborative process that included a Request for Information, several draft versions for public comments, multiple workshops, and other opportunities to provide input. It is intended to build on, align with, and support AI risk management efforts by others.
Padraic O'Reilly, Founder and Chief Innovation Officer at CyberSaint, joins BSW to discuss why AI risks are a unique challenge and how they can impact both organizations and society. Without proper controls, AI systems can amplify, perpetuate, or exacerbate inequitable or undesirable outcomes for individuals and communities. With proper controls, AI systems can mitigate and manage inequitable outcomes.
This segment is sponsored by CyberSaint . Visit https://securityweekly.com/cybersaint to learn more about them!
Panoptica, Cisco’s cloud application security solution, was born out of Outshift, Cisco's incubation engine. Shibu George, Engineering Product Manager at Outshift, joins Business Security Weekly to discuss his transition from application performance monitoring to application security and how Panoptica was born.
This segment is sponsored by Panoptica. Visit https://securityweekly.com/panoptica to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-339
Check out this interview from the SWN Vault, hand picked by main host Doug White! This segment was originally published on November 2, 2018.
This week, Dr. Doug and Russ talk about the mysterious world of Two-Factor Authentication. This is something you hear all the time, and more and more sites are requiring and supporting it. The real question is, should you be using it?
Show Notes: https://securityweekly.com/vault-swn-12
Check out this interview from the ESW Vault, hand picked by main host Adrian Sanabria! This segment was originally published on September 22, 2021.
Chris will discuss the relevance of intelligence and threat hunting today and how they work together. He will also talk about his EASY framework for creating impactful intelligence and its relation to hunting!
Show Notes: https://securityweekly.com/vault-esw-8
Join us in this illuminating podcast episode as we sit down with Wendy Nather, a distinguished thought leader and cybersecurity strategist, who has left an indelible mark on the ever-evolving landscape of digital security.
Wendy's journey in cybersecurity is a narrative woven with expertise, innovation, and a deep understanding of the intersection between technology and risk. With a career that spans strategic roles in both the public and private sectors, Wendy has become a trusted voice in the industry, offering insights that resonate with cybersecurity professionals and enthusiasts alike.
As the Head of Advisory CISOs at Cisco, Wendy Nather brings a unique perspective to our conversation. Explore with us as she shares her experiences navigating the complex cybersecurity challenges faced by organizations today. Wendy's strategic vision has helped shape cybersecurity policies, risk management frameworks, and resilient strategies for a myriad of enterprises.
Dive into Wendy's wealth of knowledge as she discusses the dynamic nature of cyber threats, the importance of proactive cybersecurity measures, and the evolving role of technology in safeguarding our digital future. Her commitment to demystifying complex security concepts and fostering a culture of resilience makes this podcast episode a must-listen for anyone passionate about cybersecurity.
Beyond her corporate role, Wendy is a prolific writer, speaker, and educator, contributing to the collective cybersecurity knowledge base. Join us as we explore her insights on emerging trends, best practices, and the human element in cybersecurity—a facet often overlooked but crucial in building robust defense strategies.
Don't miss this opportunity to gain valuable perspectives from one of the industry's leading minds. Tune in to our podcast and discover the wisdom and foresight that Wendy Nather brings to the world of cybersecurity.
Show Notes: https://securityweekly.com/vault-psw-8
Check out this interview from the SWN Vault, hand picked by main host Doug White! This segment was originally published on October 4, 2018.
This week, Russ takes the reigns in the absence of Dr. Doug to talk about Networking 101! We are going to go back to school to examine how networking and the internet actually work. Russ looks at MAC addresses, IP Addressing (Private/Public), DHCP, routing, and DNS.
Show Notes: https://securityweekly.com/vault-swn-11
Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on Dec 13, 2022.
Threat modeling is an important part of a security program, but as companies grow you will choose which features you want to threat model or become a bottleneck. What if I told you, you can have your cake and eat it too. It is possible to scale your program and deliver higher quality threat models.
Segment Resources: - Original blog: https://segment.com/blog/redefining-threat-modeling/ - Open Sourced slides: https://github.com/segmentio/threat-modeling-training
Show Notes: https://securityweekly.com/vault-asw-8
Check out this interview from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on February 22, 2022.
The Business Information Security Officer, or BISO, is relatively new and somewhat controversial role. Does this role act as the CISO's non-technical liaison to the business units or as the CISO's deputy to oversee strategy implementation at a granular level? Is this new role a necessary career path for future CISOs or an entry point into security? The BSW hosts debate!
Show Notes: https://securityweekly.com/vault-bsw-8
Batman, Microsoft, War Driving, OpenAI, DevDrive, Scams, The Dead, Aaran Leyland, and more are on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-363
In this segment, featuring guest Amer Deeba, we'll explore how the SEC's new breach reporting rules will affect companies. We've got a ton of questions: What behavior has to change? What additional preparation needs to take place? How does this rule affect data security? How does it affect crisis communications?
And most importantly, when is an incident "material"?
This is almost a special episode on crazy new products. For the first half of the show, we discuss startup funding, market forces, acquisitions - stuff we usually discuss.
Then we get into all the crazy new AI and non-AI products being announced and coming out. Have some disposable cash to pre-order crazy gadgets? This is the episode for you!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-350
In this segment, we discuss topics related to physical security and social engineering. We also touch on the challenges and strategies for implementing effective security measures. The discussion highlights the importance of understanding the relationship between physical security and social engineering. The panel emphasizes the need for a comprehensive approach to security, acknowledging that social engineering and physical security often go hand in hand. We stress the significance of testing physical security measures and conducting threat assessments to ensure robust protection against potential threats. The conversation touches on the concept of usability versus security, acknowledging that security measures should provide a balance between effective protection and practical usability. We explore the vulnerabilities of certain security technologies, such as biometrics, and underscore the need for continuous evaluation and adaptation of security measures to mitigate emerging threats.
Welcome to a riveting episode of Hacker Heroes, where we sit down with Toby Miller, a distinguished figure in the realm of cybersecurity. Toby brings a wealth of experience and a passion for fortifying digital landscapes against ever-evolving threats.
Armed with a profound understanding of cybersecurity intricacies, Toby has spent years honing his skills in the field. As a seasoned professional, he has not only weathered the storms of the digital frontier but has emerged as a beacon of knowledge and resilience in the face of cyber challenges.
Join us as we delve into Toby's journey, from the early days of his career to his current role as a cybersecurity expert. Gain valuable insights into the dynamic nature of cyber threats, the evolving tactics employed by malicious actors, and the strategies Toby employs to stay one step ahead in the ever-changing cybersecurity landscape.
Toby's expertise extends across a spectrum of cybersecurity domains, including risk management, threat intelligence, and incident response. Discover the mindset that propels him forward in the pursuit of securing digital infrastructures and safeguarding sensitive information.
In this podcast episode, Toby Miller shares anecdotes from the front lines of cybersecurity, offering our listeners a firsthand account of the challenges faced by professionals in the industry. Whether you're a cybersecurity enthusiast, a fellow professional, or someone navigating the digital landscape, Toby's insights are sure to enlighten and inspire.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-817
In the leadership and communications section, SEC’s Enforcement Head: It’s Time for ‘Proactive Compliance’, Improving cybersecurity culture: A priority in the year of the CISO, Breaking Down Barriers: 6 Simple Measures to Overcome Communication Barriers, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-338
We've been scanning code for decades. Sometimes scanning works well -- it finds meaningful flaws to fix. Sometimes it distracts us with false positives. Sometimes it burdens us with too many issues. We talk about finding a scanning strategy that works well and what the definition of "works well" should even be.
Segment Resources:
LLMs improve fuzzing coverage, the Shim vuln threatens Linux secure boot, considering AI application threat models, a new language for a configuration file format, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-273
Angry mobs, Azure, Avanti, Rhysida, Warzone, Flipper Zero, Bitlocker, Josh Marpet, and more are on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-362
RoboJoe, SHIM, Fortinet, FaceOff, Simswap, sudo in Windows, Aaran Leyland, and More on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-361
Legacy systems are riddled with outdated and unreliable cryptographic standards. So much so that recent proprietary research found 61 percent of the traffic was unencrypted, and up to 80% of encrypted network traffic has some defeatable flaw in its encryption
No longer can enterprises take their cryptography for granted, rarely evaluated or checked.
Knowing when, where and what type of cryptography is used throughout the enterprise and by which applications is critical to your overall security policy, zero-trust approach, and risk management strategy. After all, zero-trust is meaningless if your cryptography isn't working.
Segment Resources: https://www.businesswire.com/news/home/20231030166159/en/Proprietary-Research-from-Quantum-Xchange-Shows-the-Dreadful-State-of-Enterprise-Cryptography
https://www.forbes.com/sites/forbestechcouncil/people/vincentberk/?sh=3d88055852c1
This segment is sponsored by Quantum Xchange. Visit https://securityweekly.com/quantumxchange to learn more about them!
This week, we discussed how a quick (minutes) and cheap ($15 a pop) fake ID service creates VERY convincing IDs that are possibly good enough to fool ID verification services, HR, and a load of other scenarios where it's common to share images of an ID. Kudos to 404Media's work there.
In the security market, we discuss who might be the first cybersecurity unicorn to go public in 2024, Oasis Security and Tenchi's funding rounds, Protect AI's acquisition of Laiyer AI and their FOSS project, LLM Guard. We discussed the seemingly inevitable M&A activity as unfunded security startups NEED to find a sale. Ross Haleliuk had an interesting LinkedIn post that goes deeper on this topic. Finally, we discussed Tyler's observation that Palo Alto Networks did the seemingly impossible - increased their valuation from $19B to over $100B in 5 years, despite having to weather a pandemic and market downturn along the way! Ryan pointed out that PANW joined the S&P 500 somewhere along the way - a watershed moment for them.
We discussed Bluesky and how it's likely too little too late when it comes to building back the community we lost when much of the InfoSec community left Twitter.
We also discussed a cybersecurity training scammer, Daniel Miessler's new Fabric tool, AnyDesk getting hacked, The Real Shim Shady vuln, new (voluntary) cybersecurity goals for healthcare, and the lack of toothbrush-enabled DDoS attacks!
Full show notes here: https://www.scmagazine.com/podcast-episode/3061-enterprise-security-weekly-349
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-349
As a computer-smitten middle-schooler in the former Soviet Union in the 1970s, to his current and prominent role in the cybersecurity research community, Bratus aims to render the increasingly prevalent and perilous software, hardware, and networks in our lives much safer to use. His fascination with computer security started for real in the 1990s as a mathematics graduate student when a computer he was programming and responsible for at Northeastern University in Boston was taken over by a hacker. That experience set him on his life’s mission to learn as much as he can about the vulnerabilities of software and hardware with the goal of learning how to best minimize or eliminate those vulnerabilities. Noting his embrace of the hacker community for its deep and innovative expertise in this context, Bratus’s portfolio at DARPA could help reduce or entirely remove even some of the most stealthy and unexpected vulnerabilities that reside in software and its logical, computational, and mathematical foundations.
Segment Resources:
• Overall Portfolio: https://www.darpa.mil/staff/dr-sergey-bratus
• Safe Documents: https://www.darpa.mil/news-events/2023-06-14
• Enhanced SBOM for Optimized Software Sustainment: https://sam.gov/opp/d0af3e325a594a8191b94e3f80b6bdcd/view
• V-SPELLS program: https://www.theregister.com/2023/08/18/darpalegacybinary_patching/
• Digital Corpora Project: https://www.jpl.nasa.gov/news/jpl-creates-worlds-largest-pdf-archive-to-aid-malware-research
• SocialCyber: https://www.technologyreview.com/2022/07/14/1055894/us-military-sofware-linux-kernel-open-source/
• Weird Machines: https://www.darpa.mil/program/hardening-development-toolchains-against-emergent-execution-engines
• Safe Docs: https://www.darpa.mil/news-events/2023-06-14
• Exploit programming: https://www.usenix.org/publications/login/december-2011-volume-36-number-6/exploit-programming-buffer-ove
In the Security News: - Shim Shady, Up Shims Creek, whatever you want to call it, there’s a vulnerability affecting pretty much all Linux distributions (and other operating systems as well), when your toothbrush attacks the Internet, or some claim, glibc has some vulnerabilities, not all got a CVE, and one is for the algorithm lovers, Google shows some love for Rust, beating Bitlocker in 43 seconds, DEF CON was canceled, then uncancelled, and I’m not even joking this time, and the Government is here to "unhack" your router,
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-816
Teens Gone Wild, Nintendo, Anydesk, RUST, Google, Deepfakes, Jason Wood, and more are on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-360
We can't talk about OWASP without talking about lists, but we go beyond the lists to talk about a product security framework. Grant shares his insights on what makes lists work (and not work). More importantly, he shares the work he's doing to spearhead a new OWASP project to help scale the creation of appsec programs, whether you're on your own or part of a global org.
Segment Resources:
Qualys discloses syslog and qsort vulns in glibc, Apple's jailbroken iPhone for security researchers, moving away from OpenSSL, what an ancient vuln in image parsing can teach us today, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-272
It's time to review the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter. We also update you on the Security Weekly 25 index. The index came roaring back last quarter. Here are the stocks currently in the index:
SCWX Secureworks Corp PANW Palo Alto Networks Inc CHKP Check Point Software Technologies Ltd. SPLK Splunk Inc GEN Gen Digital Inc FTNT Fortinet Inc AKAM Akamai Technologies, Inc. FFIV F5 Inc ZS Zscaler Inc OSPN Onespan Inc LDOS Leidos Holdings Inc QLYS Qualys Inc VRNT Verint Systems Inc. CYBR Cyberark Software Ltd TENB Tenable Holdings Inc DARK Darktrace PLC S SentinelOne Inc NET Cloudflare Inc CRWD Crowdstrike Holdings Inc NTCT NetScout Systems, Inc. VRNS Varonis Systems Inc RPD Rapid7 Inc FSLY Fastly Inc RDWR Radware Ltd ATEN A10 Networks Inc
Large security vendors and hyperscalers, including Microsoft, continue to expand their cybersecurity product and service portfolios. Microsoft’s extensive enterprise reach, massive partner network, and enormous influence in the C-suite puts pressure on CIOs and CISOs to consolidate on it as much as possible for cybersecurity. This report helps security leaders understand Microsoft’s cybersecurity portfolio, the tactics it uses, and how to manage peer and executive pressure to single-source security technology.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-337
E-Coli, Mercedes, Cloudflare, Ivanti, Volt Typhoon, GIGO, AI, Congress, Aaran Leyland, and more are on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-359
We've seen general users targeted with phishing, financial employees targeted for BEC scams, and engineers targeted for access to infrastructure. The truly scary attacks, however, are the indirect ones that are automated. The threats that come in via software updates, or trusted connections with third parties.
The software supply chain is both absolutely essential, and fragile. A single developer pulling a tiny library out of NPM can cause chaos. A popular open source project changing hands could instantly give access to millions of systems. Every day, a new app store or component repository pops up and becomes critical to maintaining infrastructure.
In this interview, we'll chat with Pete Morgan about how these risks can be managed and mitigated.
Segment Resources:
Segment description coming soon!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-348
When an RCE really isn’t, your kernel is vulnerable, calling all Windows 3.11 experts, back to Ebay, Turkish websites and credentials, 10 public exploits for the same vulnerability, hacking Bitcoin ATMs, another vulnerability disclosure timeline gone wrong, Flipper Zero tips and how you should not use it to change traffic lights, Windows 11 S mode, and you’re dead (but like in the movie Hackers dead), and more!
Danny Jenkins, CEO & Co-Founder of ThreatLocker, a cybersecurity firm providing Zero Trust endpoint security, is a leading cybersecurity expert with over two decades of experience building and securing corporate networks, including roles on red and blue teams. He is dedicated to educating industry professionals about the latest cyber threats and frequently speaks on the topics of ransomware and Zero Trust.
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-815
We return to the practice of presentations, this time with a perspective from a conference organizer. And we have tons of questions! What makes a topic stand out? How can an old, boring topic be given new life? How do you prepare as a first-time presenter? What can conferences do to foster better presentations and new voices?
Segment resources:
Vulns in Jenkins code and Cisco devices that make us think about secure designs, MiraclePtr pulls off a relatively quick miracle, code lasts while domains expire, an "Artificial Intelligence chip" from the 90s, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-271
This week in the Security Weekly News: the NSA admits to secretly buying your internet browsing data, malicious Google ads target Chinese users, Juniper releases update for Junos OS flaws, Outlook could be leaking your NTLM passwords, WhiteSnake malware on Windows, Jason Wood discusses new guidance on the Microsoft "Midnight Blizzard" attack, and more!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-358
How do you prepare for a cyber incident? You train as you fight, but in what environment? William "Hutch" Hutchinson, CEO and co-founder of SimSpace, joins BSW to share cyber best practices and why testing in your operational environment not a good idea. Learn what it takes to be Cyber Ready.
In the leadership and communications section, A tougher balancing act in 2024, the year of the CISO, CISOs Struggle for C-Suite Status Even as Expectations Skyrocket, Want to Be a Better Leader? Stop Thinking About Work After Hours, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-336
Visa RB Cash AP Formula 1 Team, Veolia, FeverWarn, SystemK, Fortra, GitLab, Ring, Trickbot, Aaran Leyland, and More News on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-357
Matt Coose is the founder and CEO of cybersecurity compliance firm Qmulos, previously the director of Federal Network Security for the National Cyber Security Division of the (DHS).
CISOs carry the ultimate burden and weight of compliance and reporting and are often the last buck. Says Coose, best-of-breed is better described as best-to-bleed-the-budget: it’s a bottom-up, tech-first, reactive approach for acquiring technology as opposed to managing risk. Coose shares his top considerations below for how CISOs can navigate the crowded market of cybersecurity tools when cost is highly scrutinized, but regulations keep growing.
Platforms are what every vendor dreams of being called, but no platform does it all, says Coose.
Coose shares what smart CISOs and mature organizations understand, that others don’t:
• There’s no “buying their way out of security issues or into a better risk posture.” They understand the need to evolve to a top-down, risk-driven, inherently business-aligned, dynamically adaptable, and evidence-based security management strategy.
• That looking at technology choices through the lens of risk controls (and the related data provided by technology that implements those controls) enables credible and transparent strategic tech portfolio management decisions that are immune to vendor preferences or the latest market(ing) fads.
• The need for meaningful security and risk measurement and the difference between leading and lagging indicators.
• The original intent of security and regulatory compliance as a model for proactive and consistent risk management (leading indicator), not just a historical reporting and audit function (lagging indicator).
• That managing risk, compliance, and security as distinct and separate functions is not only wasteful and inefficient, but denies the enterprise the ability to cross-leverage significant people, process, and technology investments
In the Security News: Don’t expose your supercomputer, auth bypass and command injection FTW, just patch it, using OSQuery against you, massive credential stuffing, backdoors in Harmony, looking at Android, so basically I am licensing my printer, hacking Tesla, injecting keystrokes over Bluetooth, and remembering the work of David L. Mills.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-814
We interview the co-founder and CTO of Fleet to understand why good, cross platform MDM/EMM has been such a challenge for so many years. Want good Windows device management? You're probably going to compromise on MacOS management. Ditto for Windows if you prioritize your Macs. Want good Linux device management? It doesn't exist.
Hopefully, Fleet can change all that in 2024, as they aim to complete their support for all major platforms, using the open source OSQuery project as their base.
Segment Resources:
Oleria, Vicarius, and Secret Double Octopus raise funding (NOTE: Secret Double Octopus is a real company that chose Secret Double Octopus as their name, I’m making none of this up). Rumors about Zscaler’s next 9-digit acquisition, 2 new security vendors and demystifying public cybersecurity companies.
Chrome gets AI features, security teams have TOO much data, and a new threat intel database from Wiz. Is bootstrapping a cybersecurity startup a realistic option? Finally, remember Furbies? NSA’s furby docs just dropped, and they are HILARIOUS. Thanks to Jason Koebler from 404Media for that.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-347
RoboJoe, Apple, VMWARE, AI Vision, Confluence, Scarcruft, Microsoft, Jason Wood, and more on this Edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-356
Where apps provide something of value, bots are sure to follow. Modern threat models need to include scenarios for bad bots that not only target user credentials, but that will also hoard inventory and increase fraud. Sandy shares her recent research as we talk about bots, API security, and what developers can do to deal with these.
Segment resources
In the news, vulns throw a wrench in a wrench, more vulns drench Atlassian, vulns send GitLab back to the design bench, voting for the top web hacking techniques of 2023, and more!
Visit https://securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw-270
Inspired by my co-host, Jason Albuquerque, we get our hands dirty and discuss the challenges of hiring a CISO. How will the new SEC regulations impact the role for both organizations and individuals?
In part 2, we get our hands dirty by addressing CISO hiring from the individual CISO. What should you look for in a CISO role? What questions should you be asking during the interview process? What are the non-negotiable items that must be part of the offer?
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-335
Google, Pax, LeftOverlocals, Mint Sandstorm, DJI, Colossus, JelloRain, Aaran Leyland, and More News on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-355
The general public has varied opinions of biometric authentication, and an increasingly reluctant relationship with it, as more and more facial recognition is forced upon us (especially those of us that travel frequently). Facial recognition doesn't work for everyone, so what other options do we have?
In this interview, we'll explore accessibility in identity verification and the viability of voice-based authentication. How big an issue are AI-powered voice imposters? How will companies like Veridas combat these threats? We'll ask all these questions and more in this ESW interview.
On this segment, we talk a lot about AI, new technologies, and the future from a personal and consumer standpoint. Not a lot of enterprise-relevant stuff in the news today, but consumer products and AI will have a HUGE long-term impact, so that's how we're justifying today's topical focus ;)
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-346
With a recent increase in government attention on K–12 cybersecurity, there is a pressing need to shed light on the challenges school districts face in implementing necessary security measures. Why? Budgeting constraints pose significant obstacles in meeting recommended cybersecurity standards. Brian Stephens of Funds For Learning will discuss:
Here are links to the most current blog posts about Cybersecurity Notice of Proposed Rulemaking https://www.fundsforlearning.com/news/2023/11/dont-miss-your-chance-to-impact-e-rate-cybersecurity/, Wi-Fi hotspots https://www.fundsforlearning.com/news/2023/11/wi-fi-hotspots-proposed-for-e-rate-program/ and school bus Wi-Fi https://www.k12dive.com/news/fcc-approves-school-bus-wifi-e-rate/697337/. Funds For Learning also facilitated an informational webinar on the Cyberserucrity Notice for Proposed Rulemaking https://fundsforlearning.app.box.com/s/5gp9qr938qtgs0ug92nkgfvrjvtil4sf. Funds For Learning also conducts an annual survey for E-rate applicants to provide their feedback on the E-rate program. The responses are shared with the FCC through the Funds For Learnings annual E-rate Trends Report. https://www.fundsforlearning.com/e-rate-data/trendsreport/. Lastly, here is an article from Brian about cybersecurity and why it should be funded through E-rate https://www.eschoolnews.com/it-leadership/2023/09/29/will-cybersecurity-receive-e-rate-funding/
In the Security News: Bricked Xmas, If you can hack a wrench, PixieFail and disclosure woes, exposing Bigpanzi (more Android supply chain issues, 20 years of OpenWRT, Jamming, traffic lights, and batteries don’t work that well in the extreme cold. All that and more on this episode of Paul’s Security Weekly!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-813
Atari 400, Gitlab, Sonicwall, Juniper, Ransomware stats, Ivanti, Sharepoint, Jason Wood, and more are on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-354
Smart Cars, Microsoft, Layoffs, PyTorch, Mandiant, SEC, Aaran Leyland, and More News on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-353
It's time to start thinking about CFPs and presentations for 2024! Eve shares advice on delivering technical topics so that an audience can understand the points you want to make. Then we show how developing these presentation skills for conferences helps with presentations within orgs and why these are useful skills to build for your career.
Visit https://securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw-269
Inspired by my co-host, Jason Albuquerque, we get our hands dirty and discuss the challenges of hiring a CISO. How will the new SEC regulations impact the role for both organizations and individuals?
In part 1, we discuss the challenges of hiring a CISO from the organization's perspective. Do I need a CISO? What are the responsibilities of a CISO? Who should the CISO report to?
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-334
GenAI hype is still at peak levels, but clearly some of the hopes and dreams pinned on it will fail, while other use cases we haven't even imagined will become commonplace. Greg Notch joins us to share his thoughts on what security leaders and the general public should be more or less worried about when it comes to GenAI.
Many founders and early stage startups closely guard product details and information about their roadmap and go-to-market plan. Is it a bad idea then to build a company based around an open source project? Not at all, according to Ev Kontsevoy, whose company Teleport has done just that. Building a security vendor around open source isn't a magic formula for success, however, so we'll discuss the pros and cons of this approach.
We'll also discuss best practices for securing infrastructure at scale and Teleport's journey in enabling a different and more secure approach to managing remote infrastructure.
The year kicks off with TWELVE funding announcements and NINE acquisitions! Several new companies have merged, we already have a few dumpster fires burning and there is plenty of AI news to kick off the year.
The annual Consumer Electronics Show gives us previews of the invasive and insecure horrors that will be unleashed upon us this year, New Yorkers get right to repair, and Polish trains don’t. (see the show notes for more)
Finally, we talk Apple Vision Pro, Tetris, and skydiving iPhones.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-345
Jared would like to discuss the evolution of purple teaming. Put bluntly, he believes traditional purple team approaches don’t test enough variations of attack techniques, delivering a false sense of detection coverage. He would like to talk about: The shortcomings of red team assessments and why most purple team assessments are too limited. How the testing landscape and requirements have changed (especially as organizations now look to validate vendor tools defense claims). How purple team assessments are evolving with the use of new frameworks like Atomic Testing. And the importance of building and selecting good test cases that cover the many ways attack techniques can be modified.
The Exploit Prediction Scoring System is Awesome, or so some say, Reflections on InfoSec, Why some people don’t trust science, SSH-Snake, Back in the Driver’s seat, I Hacked My Internet Service Provider, States & Congress wrestle with cybersecurity, Combining AI with human brain cells, analyzing linux-firmware, detecting BLE SPAM, and The I in LLM.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-812
Jobs and Money, QNAP, NIST, Spectral Blur, Stuxnet, Swatting, Volkswagen, Jason Wood, and more on this Edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-352
We kick off the new year with a discussion of what we're looking forward to and what we're not looking forward to. Then we pick our favorite responses to "appsec in three words" and set our sights on a new theme for 2024.
In the news, 23andMe shifts blame to users for poor password practices, abusing Google's OAuth2 through a MultiLogin endpoint, Rustls is memory safe and fast, AI enters OSINT, and more!
Visit https://securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw-268
Research shows that 26% of US workers currently work remotely, and there are expected to be 32.3 million American employees working remotely by 2025. To support these workers, organizations are adopting cloud solutions and migrating data to these cloud solutions. However, many businesses lack visibility into who has access to what data and when, especially in these cloud solutions. How should organizations reconcile the disconnect between data access and data security?
Mike Scott, CISO at Immuta, joins Business Security Weekly to discuss best practices for moving sensitive data into the cloud, including data access and data security. If you're moving data into the cloud, listen in to learn how best to protect that data.
In the leadership and communications section, Advice to Aspiring CISOs, New risk management framework helps with SEC mandate compliance, A Simple Hack to Help You Communicate More Effectively, and more!
Show Notes: https://securityweekly.com/bsw-333
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Jim Langevin served as a US congressman for many years and retired to become the executive director of the Institute for Cybersecurity and Emerging Technologies at Rhode Island College. Jim has been on quite a number of times and today we talk about State funded institutes and well, Cybersecurity issues.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/vault-swn-10
This is a special episode of ESW: our year-end wrapup for 2023. Want to make sure you didn't miss any big stories in 2023? This is the episode to check out! In under an hour, we'll summarize 2023, covering things like:
Enjoy!
Show Notes: https://securityweekly.com/vault-esw-7
Unleashing the Power of Crowdsourced Cybersecurity: A Conversation with Casey Ellis, Founder of Bugcrowd
️Meet Casey Ellis, the visionary entrepreneur who has redefined the landscape of cybersecurity through the groundbreaking platform he built – Bugcrowd. As the Founder and Chief Technology Officer of Bugcrowd, Casey Ellis has not only revolutionized the way organizations approach cybersecurity but has also championed the concept of crowdsourced security testing.
With an innate passion for hacking and a deep understanding of the evolving threat landscape, Casey embarked on a mission to democratize cybersecurity. In our upcoming podcast interview, delve into the dynamic journey of a self-proclaimed hacker turned cybersecurity pioneer.
Casey's brainchild, Bugcrowd, serves as a global community of ethical hackers and security professionals who collaborate to uncover and address vulnerabilities in digital systems. Learn how this innovative approach has empowered organizations across industries to proactively secure their digital assets, embracing the power of the collective in the fight against cyber threats.
A trailblazer in the cybersecurity space, Casey Ellis brings a unique perspective to the podcast as he shares insights on the challenges and triumphs of building Bugcrowd from the ground up. Explore the intersections of technology, security, and community-driven solutions with a leader who has not only disrupted the status quo but has also fostered a culture of continuous improvement and collaboration.
Join us for a riveting conversation as we uncover the secrets behind Bugcrowd's success, the evolving role of ethical hacking in today's digital landscape, and Casey's vision for a more secure and interconnected future. Whether you're a cybersecurity enthusiast, a tech aficionado, or simply curious about the forces shaping our digital world, this podcast episode with Casey Ellis is a must-listen.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/vault-psw-7
I know, you thought we were going to renounce cigars, bourbon, and overeating, but wrong. This show is all about security. So, while we join the thousands who are walking off the pounds during their soon-to-be last visit to our new gym, join us as we provide you with something that (hopefully!) has a little more lasting power. This week, we get our year off to a secure start with our 2019 list of new security resolutions on SDL.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/vault-swn-9
Robert Herjavec, CEO of Cyderes, was the keynote speaker at InfoSec World 2022, where he discussed the momentum we continue to see in the cybersecurity industry. Topics included mergers & acquisitions, Robert's outlook on the cyber market, staffing shortages, and nation state threats. Robert joins BSW to expand on his ISW keynote presentation.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/vault-bsw-7
HTTP RFCs have evolved: A Cloudflare view of HTTP usage trends, Career Advice and Professional Development, Active Exploitation of Confluence CVE-2022-26134
Visit https://securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/vault-asw-7
Doug and Russ return to the stage to talk about Living with AI in the coming years and some of the impacts. Russ is always interested in modern problems and AI is probably going to be one.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/vault-swn-8
I once told my college advisor that I wanted to double major in computer science and jazz performance. She laughed at me. Instead, I jumped into a career in IT and played jazz - without a degree in either. Turns out, that was fine - the industry valued experience and results over academic achievement. Today's guest has two degrees, one in fine arts, one in pre-law, and that's also fine. If there's anything I've learned in InfoSec, it's the mind that matters most, less so the degrees or certs on your wall. Angela Marafino gets cybersecurity and understands what makes it tick. Using this knowledge, she has built a personal brand, network, and career in an impressively short time. She is simultaneously mentor and mentee. Today, we'll explore Angela's path into the industry as well as some of her views on challenges, like imposter syndrome.
https://hbr.org/2021/02/stop-telling-women-they-have-imposter-syndrome
https://www.itspmagazine.com/focal-point-podcast
https://twitter.com/hackerbookclub1
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/vault-esw-6
Dr. Diffie is a pioneer of public-key cryptography and was VP of Information Security and Cryptography at ICANN. He is author of "Privacy on the Line: The Politics of Wiretapping and Encryption".
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/vault-psw-6
Doug and Russ talk about digital fingerprints, hashing, digital DNA, and passwords.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/vault-swn-7
Throughout her career, Sandy Dunn has continued to mature and refine her skills. In the early days, she describes her job as a "hostage negotiator", constantly negotiating between the business teams and the security team. But as you mature, so does your approach to security. Now, Sandy talks about simplifying "knowledge management" to make it easy to understand security and becoming a "business listener" to make the right decisions.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/vault-bsw-6
We will provide a short introduction to OWASP SAMM, which is a flagship OWASP project allowing organizations to bootstrap and iteratively improve their secure software practice in a measurable way. Seba will explain the SAMM model, consisting of 15 security practices. Every security practice contains a set of activities, structured into 3 maturity levels. The activities on a lower maturity level are typically easier to execute and require less formalization than the ones on a higher maturity level. A the end we will cover how you can engage with the SAMM community and provide an overview of what happened at our latest SAMM User Day which happened on May 27th.
Segment Resources:
-https://www.youtube.com/channel/UCEZDbvQrj5APg5cEET49A_g
Visit https://securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/vault-asw-6
Join us for our last live episode of the year as we navigate the 2023 cybersecurity landscape, covering global initiatives, deepfake concerns in the UK, NordVPN's cyber insurance expansion, China's major cyber attack on US infrastructure, successful ransomware takedowns, and the year's most bizarre scams according to Which Consumer Magazine. It's a rapid-fire exploration of the top stories shaping the digital defense narrative.
Show Notes: https://securityweekly.com/swn-351
We're excited to give an end-of-year readout on the performance of the cybersecurity industry with Mike Privette, founder of Return on Security and author of the weekly Security, Funded newsletter. This year, this podcast has leaned heavily on the Security, Funded newsletter to prep for our news segment, as it provides a great summary of all the funding and M&A events going on each week.
In this segment, we look back at 2023, statistics for the year, comparisons to 2022, interesting insights, predictions, and more!
Segment Resources:
Understanding how CyberRatings, NaaS, and SASE combine to make network security easier to buy and deploy. MEF is an industry association, providing standards, certifications, and facilitating community discussions. MEF has teamed up with CyberRatings.org to establish a certification program for SASE services, making it easier for buyers to understand what's included in SASE-related products and services.
Segment Resources:
This week, in the security market, we talk about next NEXT gen anti-virus, how Okta can (apparently) do no wrong, and a VC firm imploding.
Then we discuss how smartphones and speakers are allegedly being used to spy on us, and the future of privacy and consumer tech products.
The latest SSH vuln is much less concerning than media outlets and academic researchers would have you believe. The Citrixbleed vuln, however is about as bad as vulns can get, and has led to one of the biggest US consumer breaches in a while, with Comcast/XFinity losing all customer records.
The SEC backpedals (again!) on requiring breached companies to provide details about how they got breached.
And finally, we have some fun with some squirrel stories that you should absolutely check out by going to our show notes, here: https://securityweekly.com/esw344
Show Notes: https://securityweekly.com/esw-344
AI generated description fun: "As the glasses are filled and the mood lightens, our veteran guests, each with a legendary tale or two tucked under their virtual belts, embark on a journey through the complex landscape of supply chain security. These old dogs share war stories, anecdotes, and hard-earned wisdom about the evolving challenges and threats that have shaped their illustrious careers. From the early days of computing to the present era of interconnected systems, our panelists delve into the intricacies of securing the supply chain. Expect insights on the timeless art of social engineering, the ever-expanding attack surface, and the unforeseen vulnerabilities that emerge when least expected."
Talking points:
Firmware security is a deeply technical topic that's hard to get started in. In this episode of Below the Surface, Xeno will discuss some past work in firmware security, and how he has organized resources such as a low level timeline (with over 300 talks), and free MOOC classes, to help teach people about firmware security.
Segment Resources: https://ost2.fyi https://darkmentor.com/timeline.html
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!
Show Notes: https://securityweekly.com/psw-811
Cyber has been an historically hermetic practice. A dark art. Full of mysteries and presided over by magicians both good and bad. This is a bit of an exaggeration, yet there is some truth to it. Many in our industry knew that the SEC was evaluating the role that cyber risk management and incident disclosure plays in the pricing mechanism for an equity. Many of the participants in GRC, IRM, and Cyber Risk anticipated this before the SEC had even proposed such rules. Boards, C-Suites, and Information security teams within publicly traded companies brought it up occasionally in the year preceding its adoption. Lawyers on K Street actively advocated in the press against enacting such rules, and there is still a hearty back and forth concerning the merits of SEC involvement in cyber risk. But more transparency is a very welcome development. For investors, it’s essential.
Industry veterans say that this development hearkens back to Sarbanes Oxley, which had very big implications for Governance, Risk, and Compliance. This is likely cyber risk’s SOX moment, and the drop date is December 15th of this year on all 10-K filings. The SEC will not look kindly upon boilerplate disclosures, particularly if a cyber attack with significant losses occurs. So where do you start?
This segment is sponsored by CyberSaint . Visit https://securityweekly.com/cybersaint to learn more about them!
In the leadership and communications section, Building an Effective Information Security Strategy, What Makes a Company Great at Producing Leaders?, 80 Fun Meeting Icebreakers Your Team Will Love, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw-332
Santa, SEC, Google, Qakbot, VMWARE, AI, Turing, Voight-Kampff, Jason Wood, and more are on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn-350
Service meshes create the opportunity to make security a team sport. They can improve observability and service identity. Turning monoliths into micro services sounds appealing, but maybe not every monolith needs to be broken up. We'll also talk about the maturity and design choices that go into service meshes and when a monolith should just remain a monolith.
Segment Resources:
In the news, Nagios gets a review from NCC Group, hackers hack some anti-fixing code to fix trains in Poland, abusing OAuth post-compromise, 5Ghoul flaws in 5G networks, MITRE teases a new threat model for embedded systems, a conversation on vuln scoring systems, and more!
Visit https://securityweekly.com/asw for all the latest episodes!
Follow us on Instagram: https://www.instagram.com/secweekly/
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw-267
On this podcast, we've often struggled with whether or not to include stories and discussion on identity verification. Is identity verification cybersecurity proper, or cybersecurity adjacent as part of fraud prevention? As always, when we're unsure, we find folks to talk to and learn more.
Today, we'll be learning about weak points in the identity verification chain from Rob O'Farrell. He'll also be helping us to understand what identity verification is, and why it's important to cybersecurity overall. As more and more of the world is digitized (especially the lagging healthcare industry in the US), reliable identity verification seems more important every day.
Segment Resources:
What is telemetry data and why is it important to cybersecurity? Why is it such a pain to collect, store and use? How do we improve our ability to gather and benefit from this data? Today, Tucker Callaway, the CEO of Mezmo joins us to answer all these questions and help us understand the future of the SIEM and other cybersecurity data tools.
On this week's news segment, we pick up where we left off with Doug running the show last week. We discuss current early stage categories, AD canarytokens, and low hanging vulns. We talk about why cybersecurity is important, but not nearly as unique or special as some might have you think. The goal of patching faster than exploits can be used - is it a fool's errand?
Also, pickleball - the country's fastest growing sport, is causing chaos across the nation.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw-343
Tesla, TikTok, Karakurt, VISS, Volt Typhoon, Cozy Bear, GambleForce, Aaran Leyland, and More News on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn-349
Mr. Sharpe is a long-time (+30 years) Cybersecurity, Governance, and Digital Transformation expert with real-world operational experience. Mr. Sharpe has run business units and has influenced national policy. He has spent much of his career helping corporations and government agencies create value while mitigating cyber risk. This gives him a pragmatic understanding of the delicate balance between Business realities, Cybersecurity, and Operational Effectiveness. He began his career at NSA, moving into the Management Consulting ranks building practices at Booz Allen and KPMG. He subsequently co-founded two firms with successful exits, including the Hackett Group (NASDAQ HCKT). He has participated in over 20 M&A transactions. He has delivered to clients in over 20 countries on 6 continents.
Analyzing firmware with EMBA, TinyXML, and the ugly supply chain, ignoring vulnerabilities that allow attackers to turn off your vehicle, Android lock screen bypass and running water, LogoFAIL updates, and the confusing severity, you still haven’t patched Log4Shell, the password is 123456, and an amazing Bluetooth hack that affects you!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw-810
Cybertruck, Viagra, Struts, Atlassian, Log4Shell, Pharmacies, Security Clearances, Naughty Bots, Jason Wood, and more on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn-348
We have a lot of questions about standards. How do standards emerge? How do standards encourage adoption? How do they stay relevant as development patterns change and security threats evolve?
We have standards for web appsec (HTML, HTTP), all sorts of protocols, and all sorts of authentication (OAuth, OpenID). Learning how these standards come about can also inform how your own org documents designs and decisions.
Segment resources
In the news, benchmarking prompt injection scanners, using generative AI to jailbreak generative AI, Meta's benchmark for LLM risks, tapping a protocol to hack Magic the Gathering, and more!
Visit https://securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw-266
Materiality, Disclosure, and Evidence... New terms for cybersecurity professionals to understand under the new SEC Regulations for Cybersecurity. And the Solarwinds indictment is just the beginning.
Join the BSW crew as they tackle each of these new terms in preparation for SEC enforcement which starts this week.
In the leadership and communications section, Steve Katz, World's First CISO, Dies in Hospice Care, Top CISO Communities to Join in 2024, Workplace Culture 101: How to Create Positivity at Work, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw-331
Q*, Water Wars, Unitronics, SLAM, Bluetooth, Cold Fusion, Google Drive, Push notifications, Aaran Leyland, and More News on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn-347
Surprise Cam Nudes, Staples, Turtle, Apple, 23andme, P2Pinfect, Sellafield, Gmail, Jason Wood, and more on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn-346
Bob Ackerman argues that, from an investment perspective, cybersecurity is like life sciences - a complex, nuanced field that is difficult field to invest in part-time. So his firm, Allegis Cyber, became one of the first to focus exclusively on investing in cyber startups. In this segment, we'll discuss one of Allegis's recent investments, SixMap, and Bob's other investment/accelerator vehicle, Data Tribe. Data Tribe sources investments from national intelligence, with examples like Dragos that came through this program.
This week in the enterprise news, we explore the harsh realities of the startup world with a look at recent failures and shutdowns, investigating the factors leading to these setbacks. Meanwhile, Carbon Black makes headlines by breaking away from VMware in what seems like a divestiture within an acquisition, raising questions about the future of the company. We'll also discuss the European Space Agency's venture into cybersecurity for the space industry, revealing that even the vastness of outer space isn't immune to digital threats. Tune in for all this and more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw-342
Join the Security Weekly crew in a riveting podcast episode where they delve into the fascinating realm of hardware hacking. Picture a dimly lit room resonating with the nostalgic hum of vintage computers, as our hosts explore the latest techniques using hardware, software, and firmware. Whether you're attempting to hack a specific device or crafting a custom creation to achieve a particular goal, this episode covers it all. Discover the intricacies of hardware hacking, including discussions on the tools and devices, such as the Flipper Zero. Uncover the reasons why alternatives might be superior in certain cases, yet explore the nuances of why the Flipper Zero has garnered a mixed reputation. In the midst of the Security News segment, the hosts tackle pressing topics, from the challenges of changing default passwords to the Flipper Zero, the absence of CVEs, deceptive "new" tools, the BIOS logo attack vector, secrets in a $15 router, the quirks of AI, and the intriguing Spectre based on linear address masking. With a blend of humor, mischief, and expert insights, this episode takes you on a journey through the evolving landscape of cybersecurity, reflecting on ethics, vulnerability disclosure practices, and the importance of collaboration in securing the digital frontier.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw-809
We cover appsec news on a weekly basis, but sometimes that news is merely about the start of a new project, sometimes it's yet another example of a vuln class, and sometimes it's a topic we hope doesn't become a trend.
So, what themes have we seen and where do we see them going? Here are a few headline topics that have alternately generated yays and yawns.
In the news, repetition extracts data from ChatGPT, more vulns in the software that surrounds AI, guidelines for secure AI, LogoFAIL trips a boot, BLUFFS attack on Bluetooth, CISA's first secure by design alert, Okta's updated breach disclosure, and more!
Visit https://securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw-265
Theresa Lanowitz joins Business Security Weekly to review real edge computing use cases from the AT&T Cybersecurity Insights Report. Specifically, we'll cover the following industry sector reports, including:
Research for the AT&T Cybersecurity Insights Report was conducted during July and August 2022. AT&T surveyed 1,418 security practitioners from the United States, Canada, the United Kingdom, France, Germany, Ireland, Mexico, Brazil, Argentina, Australia, India, Singapore, and South Korea. Respondents come from organizations with 1,000+ employees except for US SLED and energy and utilities verticals. Respondents were limited to those whose organizations have implemented edge use cases that use newer technologies such as 5G, robotics, virtual reality, and/or IoT devices. Respondents are involved in decision-making for edge use cases, including cybersecurity, that involves new technologies such as 5G and IoT devices.
This segment is sponsored by AT&T Cybersecurity. Visit https://securityweekly.com/attcybersecurity to learn more about them!
In the leadership and communications section, A Letter from the CISO to the CEO, The High Cost Of Ignoring Cybersecurity: Why Your Business Needs Protection, The Art of Speaking Cadence: Unleashing a Powerful Leadership Tool, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw-330
Cybertruck, Okta, Google and More Google, Black Basta, Zoom, Unitronics, Aaran Leyland, and More News on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn-345
While non-profit doesn't mean "no budget" when it comes to cybersecurity, a lot of smaller to mid-sized non-profits operate on a shoestring, with little to no money for cybersecurity talent or spending. This is where Sightline Security steps in. Sightline's founder and CEO, Kelley Misata joins us today to explain how her own non-profit helps other non-profits improve their cybersecurity posture.
As with any category of trends, the success rate of cybercrime ebbs and flows. As Russia seems be a safe haven for cybercriminals, it seemed for a while that the war in Ukraine might disrupt this activity. It did, but only for a short while.
Keith Jarvis walks us through the latest types, tactics, and trends in cybercrime. Secureworks' latest State of the Threat report reveals a disturbing dichotomy: how is it we understand our adversaries' so well, but continue to fail to stop them? In this interview, we aim to understand what needs to happen to tilt the odds a bit back in our favor.
Segment Resources:
Segment description coming soon!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw-341
What will the future bring with respect to AI and LLMs? Josh has spent some time thinking about this and brings us some great resources. We'll discuss how to get students involved with AI in a safe and ethical manner. How can we use AI to teach people about cybersecurity? What tools are available and where do they fit into our educational systems that must change and adapt to the times? Join us for a fun discussion on what the future looks like with AI and the youth of today.
Segment Resources: https://docs.google.com/document/d/103FLvNRSwBhq-WgCbuykMvweT6lKf2lAASuP8OuuKIw/edit#heading=h.3inodmot2b77
Our good friend Matt Carpenter joins us to share his thoughts on what's going on in the world of AI and LLMs. Matt is also a hacker specializing in hardware and the crew has some amazing hardware hacking topics to discuss (as usual).
Segment Resources: https://garymarcus.substack.com/p/has-sam-altman-gone-full-gary-marcus
We navigate through dangerous cyber terrain, examining real-world examples like the WebP library and the Curl vulnerability. Critical issues in Zyxel firewalls will also be unmasked as we shed light on the urgency of improving vulnerability reporting and cataloging and addressing the often-overlooked problem of overclassifying harmless software bugs.
We then shifted gears to tackle the tricky subject of software vulnerability identification, focusing on a specific CVE that sparked intriguing debates. Learn why pinpointing the source of the vulnerability is vital to effective SBOMs. The journey doesn't end there - we'll uncover a newly discovered Bluetooth vulnerability, aptly named 'BLUFFS', and discuss its potential for exploitation, along with the ingenious solutions proposed by the researchers who unearthed it.
Brace yourself for a riveting finale as we delve into Akamai's recent research on DVR and router attacks, explore the risks of GPS spoofing, and discuss the importance of detection mechanisms. We'll also scrutinize the stereotype of hackers in pop culture, address the importance of handling vulnerabilities in software, and highlight the pressing issue of ransomware targeting healthcare. So buckle up and join us for this critical exploration into the world of software vulnerabilities as we decode the complexities and debunk some security myths.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw-808
This year we've talked about vulns, clouds, breaches, presentations, and all the variations of Dev, Sec, and Ops. As we end the year, let's talk about starting things -- like starting an appsec program or an appsec career. But is there still a need for an appsec team? Or has it turned into specializations for areas like cloud security and bug bounty programs? We'll cover careers and coding, with an eye towards figuring out what modern software development looks like and where application (or product!) security fits in that model.
Segment resources
Weak randomness in old JavaScript crypto, lack of encryption in purported end-to-end encryption, a platform engineering maturity model, PyPI's first security audit, vision for a Rust specification, and more!
Visit https://securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw-264
Chimera, Aliquippa, FNF, Lazarus, DARPA, Ransom Payments, Namedrop, Google, Aaran Leyland, and more are on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn-344
Most leadership books suffer from one of two critical failures (and sometimes both). The book might be a hagiography: telling you the biography of some amazing leaders, pretending there is one secret trick that will let you emulate that leader. Or the lesson of book should have been written as a tweet: in 280 characters you could have learned one lesson, but instead you have to fight through 300 pages of obfuscation to decipher the lesson.
1% Leadership is the antidote to these approaches. There is no secret. Instead, 1% Leadership provides 54 distinct lessons on leadership, that apply to individuals, teams, and organizations. Each lesson is presented in a self-contained chapter, averaging under 800 words. The lessons are summarized in a tweet-length pithy summary, which is also the chapter title. The table of contents thus serves as a quick reference guide for leaders.
Segment Resources: csoandy.com/book/
In the leadership and communications section, Clorox Scapegoats Cyber Chief, Rewards Board After Crisis, The SEC To CISOs: Welcome To The Big Leagues, SolarWinds: SEC lacks 'competence' to regulate cybersecurity, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
From Russia With Love, come Doug and Russ, doing a segment on spying! Not the 007 spying, but spying when it comes to cyber warfare.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/vault-swn-6
High School students represent the very beginning of the pipeline for the Cyber industry. What are the attitudes and perspectives of these young people? How can we attract the best and brightest into our industry?
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/vault-esw-5
Brian Snow spent his first 20 years at NSA doing and directing research that developed cryptographic components and secure systems. Many cryptographic systems serving the U.S. government and military use his algorithms; they provide capabilities not previously available and span a range from nuclear command and control to tactical radios for the battlefield. He created and managed NSA's Secure Systems Design division in the 1980s. He has many patents, awards, and honors attesting to his creativity.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/vault-psw-5
Russ runs the show solo with the absence of Dr. Doug to talk about Travel Security! He explains different aspects such as Personal Security, Asset Security, and Digital Security! Traveling is a lot of fun, but also requires a lot of responsibility. Don't be intimidated, use common sense, adhere to all of the points we mentioned above, stay away from problem areas, and we ensure you’ll have a great time!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/vault-swn-5
We often think "this would be so much better if done properly from the beginning", but the reality is, doing things from scratch comes with different challenges. Managing priorities, deciding what you tackle on from the absolute beginnings of a company in terms of security is a fun challenge.
Segment Resources:
Full session at the upcoming GoSec Conference: https://www.gosec.net/sessions/
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/vault-bsw-5
Firmware security is complex and continues to be an industry challenge. In this podcast we'll talk about the reasons firmware security remains a challenge and some best practices around platform security.
Segment Resources:
https://www.helpnetsecurity.com/2020/04/27/firmware-blind-spots/
https://www.helpnetsecurity.com/2020/09/28/hardware-security-challenges/
https://darkreading.com/application-security/4-open-source-tools-to-add-to-your-security-arsenal
Hardware Hacking created by Maggie: https://securityweekly.com/wp-content/uploads/2021/08/eArt-2.png
Visit https://securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/vault-asw-5
Cashwarp vs. Reptar, Rackspace, BlackCat, Intel, AMD, Bots and more bots, Aaran Leyland, and More News on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn-343
Once again, Theresa Lanowitz joins us to discuss Edge Computing, but with a twist this time, as Mani Keerthi Nagotu from SentinelOne joins us as well! As a field CISO, Mani knows all too well the struggles security leaders are going through, given the current market and threat landscape:
Segment Resources
This segment is sponsored by AT&T Cybersecurity. Visit https://securityweekly.com/attcybersecurity to learn more about them!
We regularly cover significant breaches on this podcast, but it is rare that we have enough information about a major breach to cover in enough detail to devote an entire segment to. Today, we dive into lessons learned from the breach of Okta's customer support system that targeted some other major security vendors.
This is part of a troubling trend, where the target of an attack only serves as a jumping off point to other organizations. China's 2023 attack of Microsoft is an example of this. It was easier to attack Microsoft 365, one of the world's largest business SaaS platforms, than to go after each of the 25 individual targets these Chinese actors needed access to.
Traditionally, we've thought of lateral movement as something that happens within a network segment, or even within a single organization. Now, we're seeing lateral movement between SaaS platforms, between clouds, from third party vendors to customer, and even from open source project to open source adopters.
In this segment, we'll cover five key lessons learned from Okta's breach, from information shared by Okta and three of its customers: 1Password, Cloudflare, and BeyondTrust.
Segment Resources
Finally, in the enterprise security news,
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw-340
Attackers pursue the shortest path to achieve their goals in your app. With a tri-layered security architecture, you can force hackers to crawl through a triathlon in your app. What’s in the three layers, to detect attacks sooner, slow attackers down, and stop them fast? Let’s take a journey across the three layers and discuss how to gain control of user permissions, secure your cloud computing, and keep your customers and their users safe.
Segment description coming soon!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw-807
In the rapidly evolving landscape of application security, 2023 brought significant changes with the rise of generative AI tools and an increase in automated threats. In this discussion, Karl Triebes takes a deep dive into the major trends of the past year, examining their impact on the industry and shedding light on what security professionals can anticipate moving forward into 2024.
This segment is sponsored by Imperva. Visit https://securityweekly.com/imperva to learn more about them!
CNCF's releases a handbook on fuzzing, OpenSSF and OWASP respond to CISA's Open Source Software Security RFI, 14 years of Go, lessons for today from an internet worm from 35 years ago, and more!
Visit https://securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw-263
This week Dr. Doug quacks: Cybertruck, Solarwinds, Bitcoin, Docker, Ducktail, Experian, More News and Jason Wood, on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn-342
Inspired by my co-host, Jason Albuquerque, we get our hands dirty and discuss the challenges of cyber risk management. Why is cyber risk management so elusive and what can we do to solve it?
In part 1, we discuss the challenges of cyber risk management and quantification. Do risk scores really work? What do CEOs and Boards really need to understand cyber risks?
Inspired by my co-host, Jason Albuquerque, we get our hands dirty and discuss the challenges of cyber risk management. Why is cyber risk management so elusive and what can we do to solve it?
In part 2, we get our hands dirty by walking through ways to quantify cyber risks in business terms. What risks are truly worth mitigating vs. accepting or transferring? And if we do mitigate them, how do we track progress and impact?
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw-328
Today, we discuss the state of attack surface across the Internet. We've known for decades now that putting an insecure service on the public Internet is a recipe for disaster, often within minutes. How has this knowledge changed the publicly accessible Internet? We find out when we talk to Censys's Aidan Holland today.
We've reached an inflection point in security. There are a handful of organizations regularly and successfully stopping cyber attacks. Most companies haven't gotten there, however. What separates these two groups? Why does it seem like we're still failing as an industry, despite seeming to collectively have all the tools, intel, and budget we've asked for?
Kelly Shortridge has studied this problem in depth. She has created tools (https://www.deciduous.app/), and written books (https://www.securitychaoseng.com/) to help the community approach security challenges in a more logical and structured way. We'll discuss what hasn't worked for infosec in the past, and what Kelly thinks might work as we go into the future.
During the news today, we went deep down the rabbithole of discussing security product efficacy. Adrian still doesn't believe in enterprise browsers beyond Google Chrome, but can't deny that Talon got a pretty favorable exit considering the state of the market. We see the first major exit for cybersecurity insuretechs, and discuss a few notable funding rounds.
We discuss Kelly Shortridge's essay on the origins and nature of the term "security" and what it means. Stephen Schmidt suggests 6 questions every board should ask their CISO, we explore Cyentia Labs' meta analysis of MITRE ATT&CK techniques, and Phil Venables shares some hilarious takes on infosec stereotypes.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw-339
This week Dr. Doug discusses: Fakes, Sysaid, Sumo, farnetwork, CPU-Z, Google, Chat-GPT, Aaran Leyland, and More News on the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn-341
Austin spends the majority of his time thinking about ways to abuse LLMs, the impact of the attacks, and the effects on society. He brings a truly unique perspective to the way to use, attack, and verify output from AI LLM models. Whether you are just learning the ins and outs of LLMs or you were an early adopter, this segment is for you!
In the security news: do people still use mainframes? IoT and firmware security, Apple Find my, Bluetooth is the gift that keeps on giving, to hackers that is, and more!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw-806
A lot of appsec conferences have presentations for appsec audiences -- but that's not often the group that's building apps. What if more developer conferences had appsec content? We talk with Josh about security from the developer's point of view, both as an audience hearing about it and as a presenter talking about it. We discuss the importance of knowing your audience and finding the hooks in security tools and topics that can resonate with developers.
Segment resources:
Details of the Citrix Bleed vuln, exploitation of the Atlassian improper authorization vuln, so many jQuery installations to upgrade, the price of bounties and the cost of fixes, Microsoft's Secure Future Initiative, and more!
Visit https://securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw-262
This week Dr. Doug expounds: Grok, Okta, Looney Tunables, HelloKitty, Gootbot, Veeam, More News and Jason Wood, on this edition of the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn-340
It's time to review the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter. We also update you on the Security Weekly 25 index. The index is rebounding, but there's a long way to go to get back to the top.
In the leadership and communications segment, SolarWinds Is A Game Changer - You Cannot Sugarcoat Cybersecurity, Rethinking CISO Accountability: A Call for Balance in Cybersecurity Leadership, How to improve communication in the workplace: Strategies for enhanced productivity, and more.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw-327
In this segment, we discuss the current state of the market recovery with Hank Thomas, founder of Strategic Cyber Ventures.
We've got market questions, like:
There is little to no organization of data within companies in 2023. We're all guilty of this at some level. The download folders and desktops on our personal machines are a mess. File servers, and cloud storage services are a mess. In Microsoft's recent data leak, AI researchers even had PC backups stored along side machine learning models for whatever reason.
Data is hard to classify, organize, and monitor. By designing for convenience, we've created convenience debt that now has to be paid down. In this segment we talk to Jackie McGuire about what needs to happen to accomplish this, at the enterprise level, and at scale.
Even if we can one day address the challenge of tracking and labeling data, we'll still have the challenge of addressing data integrity and resilience, which we'll also discuss if we have time!
Segment Resources: https://www.darkreading.com/risk/it-s-time-to-assess-the-potential-dangers-of-an-increasingly-connected-world-
Oh, the HARror! Sanitizing HAR files is not as easy as some might lead you to believe. CISA funds Cyber.org for K-12 cyber education and ORNL creates a Center for AI Security Research (CAISER). Cloudflare creates a tool out of spite, and CISA creates a tool you shouldn't use in production? Biden's EO on "Safe, Secure, and Trustworthy AI" and the Top Five Things you need to know about how GenAI is used in Security Tools.
Five lessons learned form Okta's latest breach, should ransom payments be illegal, and why ransomware victims can't stop paying ransoms. We discuss the impact of the charges made against Solarwinds and its CISO by the SEC, the 2023 ISC2 Cybersecurity Workforce Survey, and Microsoft's latest open letter on security.
Finally we wrap up discussing a delicious $8M Series A for better bagels!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw-338
This week Dr. Doug talks: Bots, Citrix, Mitre, Solarwinds, Naked Nudes, Scarlett, and is joined by Aaran Leyland, on the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn-339
AI/ML is providing significant benefits in a wide range of application domains but also provides adversaries with a new attack surface. Learn about DARPA's efforts to help evaluate AI/ML and work towards a trust model that will allow us to use these valuable tools safely.
Segment Resources:
In the Security News: If an exploit falls in the forest do I still need to patch?, Reflections on trusting trust: the source code revealed, prompt injection in your resume, iPhones be updating, a deep dive into vulnerable kernel drivers and wiping SPI flash, cheap to exploit software, to ransom or steal?, oh OAuth, Florida man, door bell shenanigans, don’t pay the ransom, the White House and AI, and quantum teleportation via measurement-induced entanglement. All that and more on this episode of Paul’s Security Weekly!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw-805
The categories of security tools that we're most familiar with have struggled to keep up with how modern apps are designed and what modern devs need. What if instead of being beholden to categories, we created tools that solved problems devs have today in the types of apps they build today? And what if we had more dev leadership to influence security tools as well as secure by design? What would that leadership look like?
Segment Resources:
In the news, OAuth implementation failures, the State of DevOps report, data poisoning generative AIs with Nightshade, implementing spectre attacks with JavaScript and WebAssembly against WebKit, sandboxing apps
Visit https://securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw-261
This week our own Dr. Doug talks: Dr. Who, iLeakage, Canada, AI, Killnet, NuGet, You might be a North Korean, Jason Wood, and more Spooky News on this Halloween edition of the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn-338
As the workforce increasingly relies on the cloud, the browser has become a critical aspect of enterprise security. Employees now use browsers to access data and applications from various devices and locations, making browsers the primary target for cyber attackers.
Enterprise browsers are specifically designed to address the security challenges of the modern and complex workforce. According to Gartner, "By 2030, enterprise browsers will be the core platform for delivering workforce productivity and security software on managed and unmanaged devices, ensuring a seamless hybrid work experience." Tune in to a discussion with Chrome Enterprise's Robert Shield, where he discusses the importance of an enterprise browser for modern businesses and shares insights on how to improve browser security.
Segment Resources: 1. Here’s how you can get started with Chrome Enterprise for free: https://chromeenterprise.google/browser/security/?utmsource=cra&utmmedium=podcast&utmcampaign=2023-H2-chromebrowser-brand-ispcon&utmterm=isp-chrome-browser-download&utm_content=GCEC&brand=GCEC 2. Chrome Enterprise Landing Page: https://chromeenterprise.google/browser/security 3. Complimentary Gartner report (Gartner® Emerging Tech: Security – The Future of Enterprise Browsers Report): https://chromeenterprise.google/gartner-report-enterprise-browsers/
This segment is sponsored by Google Chrome Enterprise.
Visit https://securityweekly.com/chromeenterprise to learn more about them!
In the leadership and communications section, Proactive Boards Enable More Reliable Cyber Governance, CISO Best Practices for Managing Cyber Risk, The Evolution of Work: How Can Companies Prepare for What’s to Come?, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw-326
This week Dr. Doug talks: Pumpkin Spice, VMWARE, Winter Vivern, RoundCube, Apple, Big-IP, Oktapus, is joined by an eight-armed Aaran Leyland, and More on the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn-337
In the age of remote and hybrid work, employees are now spending most of their time in the browser or virtual meetings, making the browser an increasingly important part of an enterprise's security strategy. According to Gartner, “By 2030, enterprise browsers will be the core platform for delivering workforce productivity and security software on managed and unmanaged devices for a seamless hybrid work experience.”
Learn more about:
Segment Resources:
In this interview, we talk to Chad Cardenas about why he created The Syndicate Group, which operates very differently from the typical VC firm with LPs and a collective fund to draw from. We'll discuss how the investor/startup relationship differs, and what the advantages of this model are.
This week, we discuss Island's raise, unicorn status, and what that means for both the enterprise browser market and the cybersecurity market in general. We discuss Censys and the state of the external attack surface management market, or what they're trying to call, "exposure management". We discuss the details of the Okta breach in depth, and why we're worried about the larger impact it could have on the industry and vendor trust in general. Finally, we wrap up with some fun squirrel stories.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw-337
For the Security News, we officially welcome Bill Swearingen to our expert panel of PSW hosts, and discuss the news including hacking shenanigans, QNAP, recovering crypto currency, Android malware, and more!
Then in a pre-recorded segment: Sonar Vulnerability Researchers Thomas Chauchefoin and Paul Gerste conducted research on the security of Visual Studio Code — the most popular code editor out there — which was presented at DEF CON 31 in August. The pair uncovered a few ways for attackers to gain code execution on a victim's computer if they clicked on a specially crafted link or opened a malicious folder in Visual Studio Code, bypassing existing mitigations like Workspace Trust. Developers tend to trust their IDEs and do not expect such security issues to exist. As developers have access to source code and production systems, they make for very interesting targets for threat actors. Important to note is that the security concepts that the two are able to demonstrate apply not just to Visual Studio Code, but to most other code editors. This is also the story of how the researchers got an unexpected $30,000 bounty from Microsoft for these bugs, by mistake!
Segment Resources:
BLOG POSTS Securing Developer Tools: Argument Injection in Visual Studio Code (https://www.sonarsource.com/blog/securing-developer-tools-argument-injection-in-vscode/) Securing Developer Tools: Git Integrations (https://www.sonarsource.com/blog/securing-developer-tools-git-integrations/)
CVEs CVE-2023-36742 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36742) CVE-2022-30129 (https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2022-30129) CVE-2021-43891 (https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2021-43891)
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw-804
We return to discussions of OAuth and all sorts of authentication. This time around we're looking at the design of authentication protocols, the kinds of trade-offs they weigh for adoption and security, and how a standard evolves over time to keep pace with new attacks and put to rest old mistakes.
Segment resources:
In the news, appsec lessons from the Okta breach, directory traversal (and appsec) lessons from SolarWinds, how CISOs and Boards rank factors around vulns and patching, revisiting cryptocurrency attacks for lessons in business logic and threat modeling, CISA and friends update guidance on Secure Design, and more!
Visit https://securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw-260
This week Dr. Doug bleats: Goatse, Okta, Cisco, Ducktail, 0Auth, China, Spain, More News and is joined by the woolly Aaran Leyland!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn-336
As the CISO role continues to transform from a technician to a risk manager, how do you secure emerging technologies, such as edge computing? By aligning to business objectives. In this segment, Theresa Lanowitz from AT&T Cybersecurity and Scott Stout From Cisco help us break down the challenges of the CISO and how to align security requirements to business outcomes to solve the emerging edge computing use cases. During the interview, we will tackle the Hospital at Home and Manufacturing edge computing uses cases. Tune in for this collaborative session from two of the leading cybersecurity giants.
This segment is sponsored by AT&T Cybersecurity.
Visit https://securityweekly.com/attcybersecurity to learn more about them!
In the leadership and communications section, Cybersecurity should be a business priority for CEOs, What CISOs Should Exclude From SEC Cybersecurity Filings, Effective Communication: The Key to Workplace Success, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw-325
Today we interview Shane Sims, CEO of Kivu Consulting. We'll be talking about the current state of cybercrime and insights from incidents his consulting firm has recently worked. We'll discuss some of the latest stats and trends related to ransomware, as well as thoughts on future cybercrime trends. Shane will also share some stories from his time as an FBI agent, working undercover as a cybercriminal.
Segment Resources: Report - Mitigating Ransomware Risk: Determining Optimal Strategies for Business
One of the biggest challenges in security today is organizations' reluctance to share attack information. Perhaps legal teams are worried about liability, or maybe execs are just embarrassed about security failures. Whatever the reason, this trend makes it difficult for organizations to help each other. CrowdSec's mission is to make this process automated, anonymized, and seamless for security teams.
We talk to Phillip Humeau, one of CrowdSec's founders, about what it's like to build a such an unconventional cybersecurity business - one based around crowdsourcing and open source software.
This week, in the enterprise security news,
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw-336
This week Dr. Doug talks: Skynet, India, North Korea, China, passwords, KeePass, Cisco, AI, expert commentary from suspected Chicken Man accomplice Aaran Leyland, and More on the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn-335
Chris Rock is a Cyber Mercenary who has worked in the Middle East, US and Asia for the last 30 years working for both government and private organizations. ˇHe is the Chief Information Security Officer and co-founder of SIEMonster. Chris has presented three times at the largest hacking conference in the world, DEFCON in Las Vegas on controversial vulnerabilities. Chris is also the author of the Baby Harvest, a book based on criminals and terrorists using virtual babies and fake deaths for financing. He has also been invited to speak at TED global. In the Security News: Fried squid is tasty, but the squid proxy is vulnerable, Flipper zero and other tools can now BLE Spam more than just Apple devices, Cisco IOS vulnerability in the web interface, again, is Signal vulnerable?, WinRAR being exploit, still, Math.Random is not really all that random, get your malware samples, and my inside look into Android TV devices, malware, and the horrors of the supply chain! All that and more on this episode of Paul’s Security Weekly!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw-803
It's no surprise that OT security has fared poorly over the last 30+ years. To many appsec folks, these systems have uncommon programming languages, unfamiliar hardware, and brittle networking stacks. They also tend to have different threat scenarios. Many of these systems are designed, successfully, to maintain availability. But when a port scan can freeze or crash a device, that availability seems like it hasn't put enough consideration into adversarial environments. We chat about the common failures of OT design and discuss a few ways that systems designed today might still be secure 30 years from now.
In the news, how HTTP/2's rapid reset is abused for DDoS, a look at the fix for Curl's recent high severity bug, OWASP moves to make CycloneDX a standard, Microsoft deprecates NTLM, VBScript, and old TLS -- while also introducing an AI bug bounty program.
Visit https://securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw-259
This week in the Security News Dr. Doug talks: Cisco, Juniper, AVOSLocker, NoEscape, Valve, FreedomGPT, More News and Aaran Leyland.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn-334
Do we sound like a broken record? Leadership, communication, and risk management skills are key traits of the Chief Information Security Officer. But don't just take our word for it, Jason Loomis, CISO at Freshworks, joins Business Security Weekly to discuss why companies should be hiring CISOs for their leadership talent, not their technical talent.
Segment Resources: Switch
In the leadership and communications section, Is Your Board Cyber-Ready?, Chief security officers' salary growth slowing, The Secret to Making Difficult Decisions, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw-324
The world of AI is exploding, as excitement about generative AI creates a gold rush. We've already seen a huge number of new GenAI-based startups, products, and features flooding the market and we'll see a lot more emerge over the next few years. Generative AI will transform how we do business and how we interact with businesses, so right now is an excellent time to consider how to adopt AI safely.
Pamela Gupta's company literally has "trust" and "AI" in the name (Trusted.ai), so we couldn't think of anyone better to come on and have this conversation with.
Interview Resources:
There's a lot of talk about AI, especially with the rise of apps like ChatGPT. Despite there being a huge amount of hype, there are legitimately practical applications for leveraging AI concepts in meaningful ways to improve the efficiency and effectiveness of your cybersecurity program. We'll discuss a few examples and show you some ways to bring AI out of the hype and into a proper tool to empower your security and risk program.
This segment is sponsored by Tenable. Visit https://www.securityweekly.com/tenableisw to learn more about them!
Threat actors don’t think in silos and neither should cybersecurity solutions. In this fireside chat with Uptycs’ newly appointed CRO, Mike Campfield, learn why organizations need to adopt a consolidation approach to win in cyber security, why it’s important to “shift up,” and what Mike is most excited about in his new role.
This segment is sponsored by Uptycs. Visit https://www.securityweekly.com/uptycsisw to learn more about them!
Deidre Diamond, founder & CEO of CyberSN, talks about her efforts to address InfoSec burnout and the skills shortage impacting the industry.
As long as there are profits to be made, cybercriminals will continue to monetize enterprise assets—whether they be devices, applications, data, or users. It only takes one weak or unknown asset to compromise an entire organization. Brian will discuss why enterprises need to move away from assumption-based approaches to asset data and decision making to evidence-based asset intelligence to secure their environments quickly, easily, and at scale.
This segment is sponsored by Sevco Security. Visit https://www.securityweekly.com/sevcoisw to learn more about them!
In this ISW interview, CRA's Bill Brenner catches up with Kevin Johnson of Secure Ideas for a chat about application security.
In this segment from ISW, Dakota State COO and General Counsel Stacy Kooistra talks to Bill Brenner about the university's effort create more cyber warriors.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/esw for all the latest episodes!
This week Dr. Doug talks: Microsoft, SeroxenRAT, Smart Links, Vogons, ToddyCAT, ShellBot, Hidden servers, Aaran Leyland, and More on the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn-333
In our first segment: the PSW hosts drop valuable insight on how to start your own journey into reverse engineering hardware!
Resources we mentioned:
Building a lab - The list:
Then, in the Security News: Windows 11 tries to fix legacy authentication, Rapid resets and the world’s largest DDoS attack, we finally get to see the cURL vulnerability, and its pretty ugly, turns out Android TV boxes with pre-installed malware are a hot topic, patch your Netscaler, root for everyone with emergency responder software, learn THIS hacking Tools First, long live Wayland, how to actually hack a WiFi device with a Flipper Zero, scanning open source packages, GNOME bugs and a bonus, security is a great idea until there is a bypass in apparmor,a tool that everyone should have in their kit, and we could talk for hours about 25 hard hitting lessons from Cybersecurity! All that and more on this episode of Paul’s Security Weekly!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw-802
What if all these recommendations to shift left were more about shifting focus? It's all too easy to become preoccupied with vulns, whether figuring out how to find them earlier in the SDLC or spending time fixing them within specific number of days. Successful DevSecOps approaches can be so much more than just vulns and so much more than just tools. Sure, tools are useful for identifying known vulns in dependencies and new vulns in code, but teams that emphasize people and culture will find it easier to shift their attention to the security of their product and creating secure designs.
In the news, anticipating Curl's upcoming patch for a high severity flaw, the Looney Tunables flaw in Glibc, ShellTorch flaw hits PyTorch and lots of AI, lessons from some X.Org security patches, and more!
Visit https://securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw-258
This week Aaran Leyland rants: about Google, 23andMe, Facebook, GitHub's Secret Scanning, MGM Resorts, Grindr, More News, and is joined by the notorious Jason Wood on the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn-332
CEOs and boards struggle with their digital transformation process. Does their operations hinder or align with business initiatives? Has their security operations scaled to meet the data and digital demands to protect against business risk? In today’s episode, we’re talking to Chris Morales, CISO at Netenrich, who’ll provide compelling insights towards security transformation. Security organizations all face similar security challenges of too much data, siloed teams, underperforming legacy tools, and time-consuming and laborious threat investigation work. We’ll discuss the approach enterprises need to consider in advancing their security maturity. It’s one that’s data-driven, adaptive, and predictive.
In the leadership and communications section, The Data Your Board Actually Wants to Hear About When Valuing Cybersecurity Investments, Cybersecurity is a CFO issue, Must-know insights when navigating the CISO career path, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw-323
This week Dr. Doug talks: Feet, Google, Apple, Predator vs. Lemurs, r77, Qualcomm, qakbot, deepfakes, More News and with the exotic Aaran Leyland!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn-331
In this segment, we'll explore some of the most useful lessons and interesting insights to come out of the last year's worth of breaches and data leaks! We'll explain why we will NOT be covering MGM in this segment. The breaches we will be covering include:
- Microsoft AI Research Data Leak - Microsoft/Storm-0558 - CommutAir - Riot Games - Lastpass - CircleCI - RackSpace - Drizly (yes, this breach is older, but the full story just wrapped a year ago!)
On this week's news segment, we go down a bit of a rabbit hole on data lakes and have a GREAT conversation about where security data wrangling might or might not go in the future. We also discuss Nord Security's funding and $3B valuation, try to figure out what Synqly is doing, and discuss IronNet's demise.
We also find out which email solution is more secure (at least, according to insurance claim data), Google or Microsoft!
We wrap up, learning that forms of CAPTCHAs are apparently broken now, $3800 gets you a gaming PC in the shape of a sneaker, and someone has created the DevOps equivalent of dieselgate!
Each employee serves as a potential gateway to their organization, and the personal information of your workforce is readily accessible and exposed on the internet, making the organization susceptible to threats. DeleteMe is the solution that locates and eliminates personal data from the open web, safeguarding your organization.
This segment is sponsored by DeleteMe.
Visit https://www.securityweekly.com/deletemeisw to learn more about them!
With all of the fancy tools, equipment, and logos most organizations are unable to understand where their data is and how it can be accessed. In the world of work from wherever and whenever orgs need a better handle on what this means. Ridge has worked to curate a set of solutions to meet and implement this need!
This segment is sponsored by Ridge IT Cyber.
Visit https://www.securityweekly.com/ridgeitisw to learn more about them!
Why are we seeing a re-emergence of the demand for packet and flow-based forensic data in cloud environments? In this session, we’ll discuss three reasons why IT leaders still need the same if not even better visibility in the cloud than they have in their data centers.
We’ll also discuss the growing demand for Threat Exposure Management (TEM). Why does a leading analyst describe this as a transformation technology and how can you quickly visualize your environment the way the attackers do?
Segment Resources: https://www.viavisolutions.com/en-us/ptv/solutions/threat-exposure-management
https://www.viavisolutions.com/en-us/ptv/solutions/high-fidelity-threat-forensics-remediation
This segment is sponsored by VIAVI Solutions.
Visit https://www.securityweekly.com/viaviisw to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Anuj joins us to discuss recent trends in malware. What are the malware authors up to lately? What are the latest techniques for reverse engineering malware? Learn about the latest tools and techniques from Anuj! Anuj is a Principal Threat Researcher at Blackberry, where he performs malware research and reverse engineering. He has more than 15 years of experience in malware analysis and incident response. Anuj also brings his problem-solving abilities to his position as a SANS Certified Instructor and author, which gives him the opportunity to impart his deep technical knowledge and practical skills to students.
Segment Resources: https://www.youtube.com/@sonianuj
In the Security News: No Flipper Zero for you!, your glibc is hanging out and other Looney Tunables, and it vulnerable, for no reasons, other than the obvious ones, a Russian firm will pay $20m for Android or iPhone 0days, you do what you do and other Exim vulnerability stories, yet another way to become root on Linux, if you ever wanted to read the source code for Sub7, well, now you can, more people want to trash bug bounties (and they are wrong), Curl has something coming, and its not good, tricking AI with your dead grandma’s locket, GPU driver vulnerabilities could lead to something, and the path to the cloud is filled with holes. All that and more on this episode of Paul’s Security Weekly!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw-801
Communication is a skill that doesn't appear on top 10 lists, rarely appears as a conference topic, and doesn't appear enough on job requirements. Yet communication is one of the critical ways that security teams influence developers, convey risk, and share knowledge with others. Even our own Security Weekly site falls a little short with only a podcast category for "Training" instead of more options around communication and collaboration.
Lina shares her experience presenting to executives and boards in high-stress situations, as well as training incident responders on real-world scenarios.
Segment resources
In the news segment, attackers impersonate Dependabot commits, an alg of "none" plagues a JWT, CISA calls for hardware bills of materials, OpenSSF lists its critical projects, Exim (finally! maybe?) has some patches, bug bounties and open source projects, and more!
Visit https://securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw-257
This week Dr. Doug talks: Minority Report, NSA, WS_FTP, Exim, Sextortion, BunnyLoader, CISA, More News, and is joined by the illustrious Jason Wood!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn-330
As we move more infrastructure into the cloud, the traditional concepts of risk start to change. It's no longer just about networks and servers, but also needs to address identities and not just human identities. Cloud infrastructure introduces additional identity types that need to be addressed as part of your risk management program. Eric Kedrosky, CISO at Sonrai Security, joins us to discuss how to think differently about risk in the cloud.
In the leadership and communications section, The CISO Carousel and its Effect on Enterprise Cybersecurity, CISOs are struggling to get cybersecurity budgets, Respectfully, I Disagree, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw-322
We ALL use SaaS. It has become ubiquitous in both our personal and professional lives. Somehow, the SaaS Security market has only recently began to emerge. Today's interview with Yoni Shohet, co-founder and CEO of Valence Security, aims to understand why it has taken so long for SaaS Security products to come to market, what that market currently looks like, and what a SaaS Security product actually does.
The concept of Edge computing has evolved over the years and now has a distinct role alongside public cloud. Theresa Lanowitz, from AT&T Cybersecurity, and Chris Goettl from Ivanti join us to discuss what edge computing means for the market and for cybersecurity. Specifically, we'll discuss how:
This segment is sponsored by AT&T Cybersecurity. Visit https://securityweekly.com/attcybersecurity to learn more about them!
This week, we changed things up a bit for the news segment and Allie Mellen joins us as a surprise guest host! We discuss Cisco's Splunk acquisition and what it means for Splunk customers, and "The Blob" - Allie's term describing the negative forces responsible for much of the overhyped marketing, silly trends, and substandard products we see in the industry.
Segment Resources: Allie's blog on Cisco/Splunk: https://www.forrester.com/blogs/splunk-is-good-for-cisco-but-cisco-needs-to-convince-splunk-customers-that-cisco-is-good-for-them/ Allie's blog on The Blob: https://www.forrester.com/blogs/the-blob-is-poisoning-the-security-industry/
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw-333
This week Dr. Doug talks: NarcBots, Blacktech, ZenRat, Chrome, CISO Churn, lots of privacy issues, Aaran Leyland, will Dr. Doug drink the Y3K Special Edition Coke? And more on this edition of the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn-329
This week, First up its the Security News: libwebp or die: we unravel some of the details behind the webp vulnerability first fixed by Apple and Google, then, hopefully by everyone else, attackers can steal your pixels using your GPU, someone cough China cough has been hacking Cisco routers, Kia boys are still a problem, How the Cult of the Dead Cow plans to save the internet, how iOS updates could break glucose monitors, spamming the CVE database, and when a medium is really a high!
Just what are the right skills to have or acquire to work in cybersecurity today? Kayla and the Security Weekly crew talk about it in this segment. We also touch on why we get burnt out and how to avoid it, all in anticipation for SOC Analyst Appreciation Day!
This segment is sponsored by Devo . Visit https://securityweekly.com/devo to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw-800
Supply chain has been a hot topic for a few years now, but so many things we need to do for a secure supply chain aren't new at all. We'll cover SBOMs, vuln management, and putting together a secure pipeline.
Segment resources:
In the news, a stroll back through the Apache Struts breach of Equifax, CISA's list of Known Exploited Vulnerabilities, Rust's replacement for OpenSSL, Go no longer throws programmers for a loop, complexity vs. design (that leads to better security), and more!
Visit https://securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw-256
This week Dr. Doug talks: The Year 3000, Sandman, ShadowSyndicate, National Student Clearing House, Apple, Predator, Xenomorph, Mixin, More News, and Jason Wood on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn-328
In this episode, we interview Jake Wilson, Western Governor University's Security Awareness Evangelist. We'll learn about how he built up and matured WGU's security awareness program, eliminating blind spots, and improving efficacy through data analysis and better reporting.
This segment is sponsored by Living Security. Visit https://securityweekly.com/livingsecurity to learn more about them!
This week in the leadership and communications section: building a feedback-driven culture, letting go of the reins, 25 hard-hitting lessons from 17 years in cybersecurity, and more!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw-321
Forrester Research releases a few annual reoccurring cybersecurity reports, but one of the biggest that covers the most ground is the Security Risk Planning Guide, which was recently released for 2024. One of the report's 17 authors, and research director, Merritt Maxim, will walk us through the report's most interesting insights and highlights. This is going to be considerably interesting considering some of this year's trends impacting security teams:
If you've ever played Dungeons & Dragons, you probably know that the quality of the experience depends on how prepared, experienced, and talented the Dungeon Master is.
Today, we'll talk to InfoSec DM and practitioner extraordinaire Ryan Fried about some of the key elements that separate a good cybersecurity tabletop exercise from a bad one! This is literally his day job at Mandiant, and it doesn't hurt to have one of the world's largest libraries of attacker TTPs and the collective lessons learned from thousands of actual incident response experiences.
This week we talk about finding, acquisitions and the state of the market. If you're interested in cybersecurity market discussion, this is the episode for you.
We also discuss what makes a cybersecurity influencer.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw-332
This week on the Security Weekly News: Passkeys, bots, hotels, conning the con, TrendMicro, Pizza, Aaran Leyland, & more!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn-327
Nathan comes on the show to discuss LLMs, such as ChatGPT, the issues we face today and in the future. Learn about prompt injection attacks, jailbreaking, LLMs for threat actors, and more!
In the Security News: LVFS is not a backdoor, attackers are in physical proximity, when you need to re-cast risk, oh Fortinet, pre-installed backdoors again, deep down the rabbit hole, the buffer overflow is in your BIOS!, what is 345gs5662d34?, a cone is all you need, we are compliant because we said so but we lied, 10 years of updates, Microsoft looks at ncurses and finds bad things, they also lost 38TB of data (Microsoft that is), when MFA isn’t really MFA, China and Russia are cyber attacking things, and MGM and Caesars are in hot water, All that and more on this episode of Paul’s Security Weekly!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw-799
The majority of attacks are now automated, with a growing number of attacks targeting business logic via APIs, which is unique to every organization. This shift makes traditional signature-based defenses insufficient to stop targeted business logic attacks on their own. In this discussion, Karl Triebes shares how flaws in business logic design can leave applications and APIs open to attack and what tools organizations need to effectively mitigate these threats.
This segment is sponsored by Imperva. Visit https://securityweekly.com/imperva to learn more about them!
In the news segment, a slew of XSS in Azure's HDInsights, CNCF releases fuzzing and security audits on Kyverno and Dragonfly2, CISA shares a roadmap for security open source software, race conditions and repojacking in GitHub, and more!
Visit https://securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw-255
This week Dr. Doug talks: SprySocks, Lazarus, Fortinet, Juniper, CISA, Transparent Tribe, AI Art, More News, and Jason Wood on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn-326
This week Dr. Doug talks: Cyberdog, Pegasus, Webex, Peach Sandstorm, SAP, Caesar, Penn State, Aaran Leyland, and More News on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-325
Organizations still struggle with DDoS, ransomware, and personal information exfiltration. In order the prevent these attacks, we first need to understand the ‘types’ of DDoS and emerging threat techniques used by the adversary. In this interview, we explore these attacks in the context of edge computing. As edge computing use cases evolve, organizations need to understand the intersection of edge computing, networking, and cybersecurity. We discuss the risks associated with edge computing, the controls that can mitigate these risks, and how to plan for implementation, including security budgeting.
Segment Resources: https://www.akamai.com/blog/security/defeating-triple-extortion-ransomware
This segment is sponsored by AT&T Cybersecurity. Visit https://securityweekly.com/attcybersecurity to learn more about them!
In the leadership and communications section, Board Members Struggling to Understand Cyber Risks, Cybersecurity Goals Conflict With Business Aims, Navigating Change: The Essence of Agile Leadership, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw-320
Discussing ways to ensure client success with MDR and discuss the ways organizations hurt MDR efficacy with overly broad global exclusions, poor deployment practices, and poor policy hygiene. This segment is sponsored by Sophos. Visit https://securityweekly.com/sophos to learn more about them! We talk to Chris Sanders today, who has been steeped in the world of SecOps and detection/response for many years. After many years of writing books and training folks in the cybersecurity industry, he started delving into cognitive psychology and educational effectiveness. He leverages this knowledge in the training classes he builds and delivers. Today we'll discuss why it seems like defenders are still failing, despite the security industry largely (and arguably) receiving the resources it has been requesting. In this news segment, we start off by discussing funding, acquisitions, and Ironnet's unfortunate demise. We discuss Gmail's new, extra verifications for sensitive actions and Lockheed Martin's Hoppr SBOM and software supply-chain utility kit. We get into CISA's roadmap to help secure open source software, and their offer to run free vulnerability scans for the United States' 150,000+ water utilities. Then, discussion turns back to some more negative items with Brazil's self-inflicted $11 billion dollar data leak, and the MGM/Caesar's ransomware attacks, which seem like they could have a common attacker and initial attack vector (a shared IT support company, perhaps). We also discuss Microsoft's post mortem on the Storm-0558 attack. Kelly Shortridge wants to know, "why are you logging into production hosts", someone is submitting garbage CVEs, and Mozilla finds that privacy policies from auto manufacturers are a privacy TRAIN WRECK. Finally, we wrap up discussing tools that can detect deepfake audio, as well as the likelihood that this will be the start of a game of leapfrog, as deepfakes get increasingly better over time. And we discuss Delphi's offer to create a 'digital clone' of you that could live on forever, haunting your descendants.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw-331
Ryan has his finger on the pulse of ransomware and response. We discuss how the initial infections are occurring, how they've changed over time, and where they are going in the future!
Segment Resources: For folks to see my recent presentations: for528.com/playlist
For folks to see the recordings of our recent Ransomware Summit: https://for528.com/summit23
For folks to watch my recent (free) ransomware workshop: https://for528.com/workshop23
Materials: https://for528.com/workshop
Lots in the Security News this week. Stay tuned! Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/psw
Show Notes: https://securityweekly.com/psw-798
Zed Attack Proxy is an essential tool for web app pentesting. The project just recently moved from OWASP to the Secure Software Project. Hear about the challenges of running an OSS security project, why Simon got involved in the first place, and why successful projects are about more than just code.
Segment Resources: - https://www.zaproxy.org/
- https://softwaresecurityproject.org/blog/welcoming-zap-to-the-software-security-project/
- https://owasp.org/www-project-vulnerable-web-applications-directory/
In the news segment, a key compromised from a crash dump (and the many, many lessons that followed), more examples of mishandling secrets, URL parsing mismatches show path traversal works well in Rust, an old Linux kernel bug shows how brittle code can be (even when it's heavily audited), an example of keeping OSS projects alive, a quick note on BLASTPASS, and a look at privacy in cars, and more!
Visit https://securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw-254
This week Dr. Doug talks: Mopria, Cisco, Seimens and Schneider, Word, AP Stylebook, DarkGate, GitHub, Chrome, More News, and Jason Wood on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn-324
Managing identities continues to add complexity for granting access to enterprise resources. Between the increasing number and expanding types of identities, including carbon-based, silicon-based, and artificial identities, and the evolution of cloud computing and remote work, managing the perimeter is now an identity problem. What risks do each of these identity types pose and how do you mitigate them? Jeff Reich, Executive Director at Identity Defined Security Alliance (IDSA), joins us to discuss the challenges of digital identities, how to discover risk with digital identities, and how best to mitigate those risks.
Segment Resources:
IDSA's 2023 Trends in Security Digital Identities: https://www.idsalliance.org/white-paper/2023-trends-in-securing-digital-identities/
Securing Your Remote Workforce Through Identity-Centric Security: https://www.idsalliance.org/white-paper/securing-your-remote-workforce-through-identity-centric-security/
In the leadership and communications section, The importance of CISOs is not recognised by senior leadership, The secret habits of top-performing CISOs, Get *Free* copies of two of our favorite leadership books, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw-319
Doug talks with Chat GPT in an interview format just to see what having a conversation with the AI is like. It even gets around to asking Chat GPT the famous six questions from Paul's Security Weekly.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
\Show Notes: https://securityweekly.com/vault-swn-4
Check out this interview from the ESW Vault, hand picked by main host Adrian Sanabria! This segment was originally published on November 18, 2022. This segment will focus on (1) Why Did Sephora Get Fined $1.2M and Why Are They on Probation? (2) Why Data Privacy is Being Overhauled in 2023 (and How You Can Be Ready)
Segment Resources:
Show Notes: https://securityweekly.com/vault-esw-4
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Check out this interview from the PSW Vault, hand picked by main host Paul Asadoorian! This segment was originally published on February 4, 2013. Dr. Spafford is one of the senior, most recognized leaders in the field of computing. He has an on-going record of accomplishment as a senior advisor and consultant on issues of security and intelligence, education, cybercrime and computing policy to a number of major companies, law enforcement organizations, academic and government agencies... [With] over three decades of experience as a researcher and instructor, Professor Spafford has worked in software engineering, reliable distributed computing, host and network security, digital forensics, computing policy, and computing curriculum design. Dr. Spafford is a professor with an appointment in Computer Science at Purdue University, where he has been a member of the faculty since 1987.
Spaf's new book, Cybersecurity Myths and Misperceptions, is available at https://informit.com/cybermyths
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/vault-psw-4
Check out this interview from the SDL Vault, hand picked by main host Doug White! This segment was originally published on January 22, 2019. Today, we begin the journey to the quantum realm on SDL. Marketing is telling us, everything is quantum now, don't be fooled, let us tell you how it works on SDL.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/vault-swn-3
Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on January 10, 2022. There's an understandable focus on "shift left" in modern DevOps and appsec discussions. So what does it take to broaden what we call appsec into something effective for modern apps, whether they're on the web, mobile, or cloud? We'll talk about moving on from niche offerings into successful appsec programs.
Show Notes: https://securityweekly.com/vault-asw-4
Check out this interview from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on March 15, 2021. In 1989, Stephen Covey first published "The 7 Habits of Highly Effective People," empowering and inspiring leaders for over 25 years. Is there an equivalent or new set of habits for CISOs? George Finney, Chief Security Officer at Southern Methodist University, joins Business Security Weekly to discuss the Nine Cybersecurity Habits.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/vault-bsw-4
Having direct visibility into your access data is crucial for two reasons: 1. Simplifying audit preparation and 2. Managing progress of your identity program to ensure peak performance. Internal auditors and compliance managers need easy access to granular data points to understand and demonstrate compliance to external agencies. Gaining access to real time data creates a great deal of autonomy for audit and identity teams to be able to delve deep into their identity programs and prove compliance. However, making the data available even internally can put organizations at risk for data leaks and data policy violations. Erik will outline how companies can gain access to their current identity search and dashboard data and be able to query in their preferred BI tool based on their own data privacy policies and business needs, significantly reducing risk.
This segment is sponsored by SailPoint. Visit https://securityweekly.com/sailpoint to learn more about them!
There's still serious, late stage funding for compelling tech in cybersecurity, SpyCloud proves with it's $110M Series D. We discuss the SentinelOne/Wiz merger rumors. Sadly layoffs and even company failures are still occurring, thought Tyler thinks the market downturn is close to bottoming out. NordVPN spins off an AI skunkworks called NordLabs. The Browser Company has a great company vision page that's worth checking out. Two interesting LLM prompt-related tools to check out are PIPE and promptmap (both on github). Brazilian phone spyware WebDetetive (sic) gets hacked and all victim data deleted. US takes down QakBot and *removes* it from infected systems! Finally, a homing pigeon proves that birds are faster than gigabit Internet :D In this interview, Raghu discusses the specific challenges in securing the cloud and how to overcome them. He shares how to make your life easier by making security a team sport, how to gain the visibility you need across clouds, data centers, and endpoints, and how to get a return on your cloud security investments.
This segment is sponsored by Illumio.
Visit https://securityweekly.com/illumiobh to learn more about them!
It’s no secret that the attack surface is increasing and the best defense is one that’s matched to the most relevant risks. Through proactive and reactive research, The SafeBreach Labs team helps customers discover their most critical threats and security gaps by building the industry’s most current and complete playbook of attacks. In this session, SafeBreach Director of Research Tomer Bar will share how attacks are conducted, which APT group have been the most active, and how breach and attack simulation can help teams think like an adversary and leverage recent vulnerabilities to gain accurate insights.
Segment Resources: https://www.safebreach.com/safebreach-labs/
This segment is sponsored by SafeBreach.
Visit https://securityweekly.com/safebreachbh to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw-330
This week Dr. Doug talks: AI vs. Hunter Thompson, Sandstorm, BGP, Earth Estries, DOE, VMWare Aria, Key Group, DSA, Aaran Leyland, and More on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn-323
Amanda joins us to discuss aspects of incident response, including how to get the right data to support findings related to an incident, SMB challenges, cloud event logging, and more! Amanda works for Blumira and is the co-author of "Defensive Security Handbook: Best Practices for Securing Infrastructure." In the Security News: How not to send all your browser data to Google, apparently Microsoft needs pressure to apply certain fixes, the mutli-hundred-billion-dollar-a-year industry that tries to secure everything above the firmware, security through obscrurity doesn’t work, should you hire cybersecurity consultants, pen testing is key for compliance, defense contractor leaks, inside a McFlurry machine, Barracuda is still chasing hackers, why Linux is more secure than windows, more details on WinRar and middle-out compression, a Wifi worm?, CVE-2020-19909 is almost everything that is wrong with CVE, Tacos, and hacking through a Fire stick!
All that and more on this episode of Paul’s Security Weekly!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw-797
We go deep on LLMs and generative AIs to shine a light on areas that security leaders should focus on. There are technical concerns like prompt injection and access controls, and privacy concerns in training and usage. But there are also areas where security tools are starting to address these concerns as well as areas where security tools are adopting AI themselves. We'll share where we see AI showing promise, as well as where we suspect it's still premature. In the news, a Go Crypto presentation from Real World Crypto, Excel releases support for Python, protecting users from malware like the Luna Grabber and WinRAR RCE, DARPA's V-SPELLS project, and more!
Visit https://securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-253
This week Dr. Doug rants: Mystery, Qakbot, Crates.io, VDP, NetScaler, Entra ID, SynthID, FreeBSD, More News, and Jason Wood on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-322
The metaverse is an evolving storytelling environment in which humans have congregated for millennia to experience alternate, immersive, and simulated realities, with or without technology. Storytelling is designed to influence mental and physical perceptions suiting the purposes of the content creators. Metawar is the art of applying science to create and defend against the influence of alternate realities in the metaverse. What if we can longer rely on our senses to determine what is real and what is fiction? Winn's research into Metawar initially focused on metaversal technologies. Unexpectedly, it morphed into an intensely personal experience, triggering Winn's own Metanoia, which had a profound impact on the entire Metawar Thesis. Winn joins Business Security Weekly to share his Metanoia. In the leadership and communications section, A CISO's Actionable Strategy for Success, Security basics aren’t so basic — they’re hard, Building a Culture Where Employees Feel Free to Speak Up, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw-318
Incredibly, the seemingly simple task of managing corporate-owned devices is still a struggle for most organizations in 2023. Maybe best MDM for Mac doesn't work with Windows, or the best MDM for Windows doesn't work with Mac. Maybe neither have Linux support. Perhaps they don't provide enough insight into the endpoint, or control over it. Whatever the case, security leaders never seem satisfied with their MDM solution and are always investigating new ones. Now, Kolide has stepped in with a unique approach to device management, combining the flexibility and industry support for OSQuery and built to integrate with IdP giant Okta. We discuss Kolide's entrance into the device management space and the current state of MDM - what's wrong with it, and how does Kolide propose to fix it?
This segment is sponsored by Kolide.
Visit https://securityweekly.com/kolide to learn more about them! Segment description coming soon!
Record funding levels over the last two weeks top 2023 and the same time last year. We discuss Palo Alto's plans for the future, CISA's analysis of the LAPSUS$ hacking group, and the uselessness of Quantum Security pitches. Chrome adds the ability to alert users about malicious extensions. A great post from Thinkst has us talking about why vendors (and buyers) need to be careful about default behaviors and documentation.
You won't want to miss the excellent squirrel story - a front end for Reddit that looks like Microsoft Outlook.
During this segment, Jon will explore today’s ransomware economy players from IABS to RaaS affiliates, to money launders and now C2Ps. For the discussion, Jon will leverage Halcyon’s latest research, which demonstrates a new technique to uncover how C2Ps, like Cloudzy, are used to identify upcoming ransomware campaigns and other advanced attacks. The research revealed that Cloudzy, knowingly or not, provided services to attackers while assuming a legitimate business profile. Threat actors that leveraged Cloudzy include APT groups tied to the Chinese, Iranian, North Korean, Russian, Indian, Pakistani, and Vietnamese governments; a sanctioned Israeli spyware vendor whose tools are known to target civilians; several criminal syndicates and ransomware affiliates whose campaigns have spurred international headlines.
This segment is sponsored by Halcyon. Visit https://securityweekly.com/halcyonbh
to learn more about them! In this session, Snehal will discuss several real-world examples of what autonomous pentesting discovered in networks just like yours. You’ll hear more about how fast and easy it was to safely compromise some of the biggest (and smallest) networks in the world - with full domain takeover in a little more than a few hours. Learn how you can safely do the same in your own network today!
This segment is sponsored by Horizon3.ai.
Visit https://securityweekly.com/horizon3aibh to learn more about them!
In this Black Hat 2023 interview, CRA’s Bill Brenner and Sophos’ John Shier discuss the company’s latest research on the Royal ransomware gang. Though Royal is a notoriously closed off group that doesn’t openly solicit affiliates from underground forums, granular similarities in the forensics of the attacks suggest all three groups are sharing either affiliates or highly specific technical details of their activities.
This segment is sponsored by Sophos.
Visit https://securityweekly.com/sophosbh to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw-329
This week in the Security News Dr. Doug talks: Openfire, Firepower, Barracuda, CosmicBeetle, Lazarus, Encryption, Network Tourism, India's on the Moon, Aaran Leyland, and More on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn-321
Jared has a long, and outstanding, history in cybersecurity. Today, he works for Microsoft helping them run and respond to bug bounty reports. The scale is massive and I think we can all learn a thing or two about vulnerability management and bug bounties!
Segment Resources: https://www.microsoft.com/en-us/msrc/bounty?rtc=1
https://www.microsoft.com/en-us/msrc
https://msrc.microsoft.com/report/vulnerability/new
https://www.microsoft.com/en-us/msrc/bounty
https://msrc.microsoft.com/blog/
https://jobs.careers.microsoft.com/global/en/search?q=msrc&l=en_us&pg=1&pgSz=20&o=Relevance&flt=true
https://www.microsoft.com/bluehat/
In the Security News: Lora projects are popular, simple checksums are not enough, WinRAR: shareware or native OS?, ATM software is vulnerable, attackers could learn from security researchers (but lets hope they don’t), NoFilter and behavior by design, Apple vs. A security researcher: there are no winners, sneaky npm packages, faster Nmap scans, kali on more phones, more LOl drivers, comparing security benchmarks to the real world, tunnelcrack and why VPNs are over-hyped, Ubuntu has lost its mind, and there’s a Python in the sheets! All that and more on this episode of Paul’s Security Weekly!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw-796
Two featured interviews from this year's Black Hat. In the news, Discord.io ceases to be, Azure AD breach to get scrutiny from the CSRB, Zoom's AI stumbles show security concerns, model confusion attacks, a look at how far we have -- and haven't -- come with XSS flaws, an approachable article on AI, and more!
Visit https://securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw-252
This week Aaran Leyland subs in to discuss: Cold Fusion Flaw, EncroChat, sneaky Amazon and Google, Spoofing Apple devices, Telsa data breach, Space and Jason Wood on this episode of the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn-320
The Security Weekly 25 Index is still trying to recover. Inflation fears have tampered the recovery and the NASDAQ is outperforming the Index. Fastly replaces Sumo Logic in the Index and Thoma Bravo has not acquired anyone, so hoping the index stays stable for more than a quarter :). Here's the latest list of companies in the index: Secureworks Corp Palo Alto Networks Inc Check Point Software Technologies Ltd. Splunk Inc Gen Digital Inc Fortinet Inc Akamai Technologies, Inc. F5 Inc Zscaler Inc Onespan Inc Leidos Holdings Inc Qualys Inc Verint Systems Inc. Cyberark Software Ltd Tenable Holdings Inc Darktrace PLC SentinelOne Inc Cloudflare Inc Crowdstrike Holdings Inc NetScout Systems, Inc. Varonis Systems Inc Rapid7 Inc Fastly Inc Radware Ltd A10 Networks Inc
Ransomware-as-a-Service has contributed to a steady rise in sophisticated ransomware attacks. Ransomware authors are increasingly staying under the radar by launching encryption-less attacks which involve large volumes of data exfiltration. Organizations must move away from using legacy point products and instead migrate to a fully integrated zero trust platform that minimizes their attack surface, prevents compromise, reduces the blast radius in the event of a successful attack, and prevents data exfiltration.
Segment Resources: https://www.zscaler.com/press/zscaler-2023-ransomware-report-shows-nearly-40-increase-global-ransomware-attacks
This segment is sponsored by Zscaler.
Visit https://securityweekly.com/zscalerbh to learn more about them!
The security mediascape is buzzing with discussions around the growing threat of generative AI. But, how can we use this powerful new weapon for good? In this executive interview, IRONSCALES CEO Eyal Benishti walks us through the ways in which generative AI can be used to significantly harden organizations’ cyber defenses, and even unveils the latest, cutting-edge tools to be added to IRONSCALES’ growing AI suite of capabilities. Meet IRONSCALES’ Themis Co-Pilot for Outlook and learn how your team can use artificial intelligence to tip the scales back in your favor.
Segment Resources: https://ironscales.com/company/news-awards/news/ironscales-announces-themis-copilot
Video: https://youtu.be/ayn8ecsNgKY This segment is sponsored by IRONSCALES.
Visit https://securityweekly.com/ironscalesbh to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw-317
In the Enterprise Security News, 1. Check Point buys Perimeter 81 to augment its cybersecurity 2. 2023 Layoff Tracker: SecureWorks Cuts 300 Jobs 3. Hackers Rig Casino Card-Shuffling Machines for ‘Full Control’ Cheating 4. ‘DoubleDrive’ attack turns Microsoft OneDrive into ransomware 5. NYC bans TikTok on city-owned devices
As more organizations explore edge computing, understanding the entire ecosystem is paramount for bolstering security and resiliency, especially within a critical industry like healthcare. In this segment, Theresa Lanowitz, Head of Cybersecurity Evangelism at AT&T Business, will provide a deep dive into the state of edge computing—specifically, how it is revolutionizing healthcare. She will discuss key findings from the “2023 AT&T Cybersecurity Insights™ Report: Focus on Healthcare” and provide insight into how to prepare for securing the healthcare edge ecosystem.
This segment is sponsored by AT&T Cybersecurity.
Visit https://securityweekly.com/attcybersecuritybh to learn more about them!
With Active Directory (AD) exploited in 9 out of 10 cyberattacks, delaying AD modernization—especially after a merger or acquisition—can compound security risks. Security is the most compelling reason to migrate to a pristine AD forest or perform an AD forest or domain consolidation, but many organizations delay such projects due to the effort and planning they require. Security Weekly talks with Semperis CEO Mickey Bresman about the keys to a smooth and secure AD modernization strategy.
This segment is sponsored by Semperis.
Visit https://securityweekly.com/semperisbh to learn more about them!
Security organizations are increasingly adopting data lakes and cloud services as additions or alternatives to traditional SIEMs, but face challenges like scarcity of data engineering expertise and high data ingestion and cloud compute costs. To overcome these, a new security data stack is emerging, guided by models like SecDataOps and supported by solutions like Tenzir, purpose-built for security data use cases. In this segment, we will be talking about what is driving the heavy use of data in security operations, why that is stressing traditional security operations tools and processes, and what some early-adopter organizations are doing to meet these challenges.
This segment is sponsored by Tenzir.
Visit https://securityweekly.com/tenzirbh to learn more about them!
The rapid growth of APIs used to build microservices in cloud-native architecture has left many enterprises in the dark when it comes to knowing where, how many, and what types of APIs they have. With multiple teams creating their own API endpoints without shared visibility or governance, exposed APIs can become a critical threat vector for hackers to exploit. Edgio's new advanced API security capabilities give customers integrated and unparalleled protection at the edge, protecting APIs that are critical to modern businesses. Edgio delivers these services as part of its fully integrated holistic Web Application and API protection solutions giving customers the ability to respond to threats quicker. An edge-enabled holistic security platform can effectively reduce the attack surface, and improve the effectiveness of the defense while reducing the latency of critical web applications via its multi-layered defense approach. Edgio's security platform “shrinks the haystacks” so that organizations can better focus on delivering key business outcomes.
This segment is sponsored by Edgio.
Visit https://securityweekly.com/edgiobh to learn more about them!
Offensive security is a proactive approach that identifies weaknesses using the same exploitation techniques as threat actors. It combines vulnerability management with pen testing and red team operations to “expose and close” vulnerabilities before they are exploited.
This segment is sponsored by Fortra.
Visit https://securityweekly.com/fortrabh to learn more about them!
Join us at Black Hat as we delve into the world of Managed Detection and Response (MDR) providers. In this podcast, we'll explore the critical factors to consider when selecting an MDR provider, uncover the common shortcomings in their services, and discuss the necessary evolution required to ensure ongoing effectiveness and enhanced value for customers. Get ready to unravel the complexities of MDR and gain insights into the future of this vital cybersecurity solution.
This segment is sponsored by Critical Start.
Visit https://securityweekly.com/criticalstartbh to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-328
This week Dr. Doug talks: Elon Throttling, Dilithium, Africa, Suse, Citrix, QR Codes, AI Meetings, and More on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-319
The 2020 Armenian war with Azerbaijan called into action over 100 volunteer incident responders from across the country (and the globe) into action. Our guest for this segment was one of the leads during the 40-day conflict and helped organize teams that responded to everything from websites being attacked and country-wide Internet outages. In the Security News: You should read the NIST CSF, JTAG hacking the original Xbox, tricked into sharing your password, attacking power management software, the vulnerability is in the SDK, tearing apart printers to find vulnerabilities, a pain in the NAS, urllib.parse is vulnerable, hacking the subway, again, how not to implement encryption from OSDP, Intel does a good job with security, and hacking card shuffling machines! All that and more on this episode of Paul’s Security Weekly!
Visit https://www.securityweekly.com/psw for all the latest episodes! Follow us on
Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw-795
This week in the Security News, Dr. Doug talks: DEFCON, ScrutisWeb, DoubleDrive, GitHub, npms, AI Cheating advice, More news and Jason Wood
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn-318
In the leadership and communications section, CISO is Crisis, Will SEC Cybersecurity Regulations Make a Difference?, NIST Drafts Major Update to Its Widely Used Cybersecurity Framework, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw-316
A key part of modern appsec is communication. From interpersonal skills for fostering collaborations to presentation skills for delivering a message, the ability to tell a story and engage an audience is a skill that doesn't appear on top ten lists and that doesn't come up in secure coding checklists. Josh shares his path to becoming a presenter on technical topics, including stumbles he's made along the way and how he helps others develop their skills for slides.
Resources: - https://www.joshuakgoldberg.com/blog/how-i-apply-to-conferences
https://www.joshuakgoldberg.com/blog/how-i-apply-to-conferences-faqs
https://www.youtube.com/watch?v=mPPZ-NUnR-4&t=25743s&ab_channel=JSWORLDConference
Then in the news segment, DARPA unleashes an AI Cyber Challenge to find flaws, CISA asks for input on securing open source software and memory safety, what five years of vuln research shows for vuln management programs, siphoning security tokens from VS Code, and more!
Follow us on Mastodon: https://infosec.exchange/@AppSecWeekly
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-251
Binarly is one of only a few startups focused on highlighting security issues in firmware. The company has discovered a remarkable number of vulnerabilities in firmware in a very short time. Its' founder, Alex Matrosov, joins us to discuss insights discovered along his company's journey to convince vendors that firmware is worth securing. This week in the Enterprise News, we discuss Kubernetes attacks and CPU attacks. We also have a better idea of what valuation losses might be for security startups, thanks to the Check Point/Perimeter 81 acquisition. MITRE releases, ATLAS, an ATT&CK-style framework for machine learning models. Bloodhound's new rearchitected Community Edition is out, and Las Vegas's Sphere hasn't been hacked... yet. We discuss Ian Amit's background and what led him to want to leave the CISO life to create a startup! It's one thing for a security product to report problems to a security team. Everyone has these tools, but the problem is that someone has to analyze and triage all those findings, leading to alert fatigue and not a lot getting fixed. Gomboc is proposing to address this gap by auto-generating the fix.
https://www.blackhat.com/us-23/spotlight.html
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw-327
This week: Dr. Doug talks Creepy AI, Codesys, Kyber768, .net, Gootloader, DARPA, EvilProxy, Aaran Leyland, and More on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn-317
Just how prepared are you for the next cybersecurity incident? Depending on the definition, security incidents likely happen daily at most enterprises. Because we can't prevent everything, the key to success is to be in a constant state of readiness. This means regular training with a focus on preparation. Gerard will walk us through tips and tricks to keep our incident response teams in tip-top condition. In the Security News: Hacking your Tesla to enable heated seats (and so much more), The Downfall of Intel CPUs, The Inception of AMD CPUs, that’s right we’re talking about 3 different hardware attacks in this episode! Intel issues patches and fixes stuff even though its hard to exploit, Rubber Ducky you’re the one, history of Wii hacking, don’t try this at home Linux updates, we are no longer calling about your vehicle warranty, cool hardware hacking stuff including building your own lightsaber, you Wifi keys are leaking again, the evil FlipperZero, Buskill, complaining publicly works sometimes, these are not the CVSS 10.0 flaws you are looking for, when side channel attacks, dumpster diving for plane ticks, and go ahead, try and hack a robo-taxi! All that and more on this episode of Paul’s Security Weekly!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-794
Mature shops should be looking to a security architecture process to help scale their systems and embrace security by design. We talk about what it means to create a security architecture process, why it's not just another security review, and why it requires security to dig into engineering.
Segment Resources: - https://www.lacework.com/ciso-boardbook/ciso/merritt-baer
Zap gets a jolt of new support, using Clang for security research, LLM attacks learn models, Rust visualizes dependencies, a National Cyber Workforce and Education Strategy, and more!
Visit https://securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw-250
This week in the Security News, Dr. Doug talks: BilDad the Shuhite, Points.com, Papercut, Prospect Medical, SMS, Microsoft, DAAS, Chatbots, More News, and Jason Wood.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn-316
On July 31st, 2023, the Biden administration released a national strategy addressing cyber workforce shortages, calling long-standing vacancies a national security imperative. The National Cyber Workforce and Education Strategy focuses on four major pillars: equipping every American with cyber skills, transforming cyber education, expanding and enhancing the national cyber workforce and strengthening the federal cyber workforce. The strategy relies heavily on non-governmental and private sector entities to provide funding, internship and apprenticeship programs to increase the number of workers with cybersecurity skills. One of those entities referenced in the strategy is Dakota State University. Dr. José-Marie Griffiths joins us to discuss education's role in the strategy, but offers other insights, including: - immigration policies and how it limits the current cyber workforce, - diversity, equity, and inclusion initiatives and the reduction of women in the cyber workforce, and - what can the cyber community do to help.
Segment Resources: https://www.dsucyber27.com/
https://dsu.edu/programs/artificial-intelligence-bs.html
https://dsu.edu/programs/computer-science-artificial-intelligence.html
In the leadership and communications section, How CISOs can engage the C-suite and Board to manage and address cyber risk, CISOs Need Backing to Take Charge of Security, It’s OK to Fail, but You Have to Do It Right, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-315
While malware and ransomware tend to dominate cybersecurity headlines, Fortra’s research shows that nearly 99% of email threats reaching corporate inboxes utilize impersonation rather than malware. Email impersonation is a key component of credential phishing, advance fee fraud, hybrid vishing, and business email compromise schemes. Because email impersonation scams rely on social engineering rather than technology, the barrier to entry for an aspiring cybercriminal is almost non-existent. In this segment, we’ll explore strategies for defending against email impersonation. Segment Resources: [Fortra Cybersecurity Learning Resources](https://www.fortra.com/resources/cybersecurity-education?code=cmp-0000012210&ls=717710002&utm_source=cyberrisk-alliance&utm_medium=contsynd&utm_campaign=ft-brand-awareness) [2023 BEC Trends, Targets, and Changes in Techniques](https://static.fortra.com/agari/pdfs/report/fta-ag-2023-bec-trends-targets-changes-in-techniques-rp.pdf) This segment is sponsored by Fortra. Visit https://securityweekly.com/fortra to learn more about them! Fareedah Shaheed, aka CyberFareedah, has dedicated herself to educating the public on online safety. Today, we'll talk about the challenges she has faced in building a training company from scratch, targeting both consumers, and private business. Her journey is interesting from multiple perspectives: as a business owner, an immigrant, becoming an influencer, and establishing herself as a cybersecurity thought leader - all within less than half a decade! This week in the Enterprise Security News: we discuss securing open source, Cyberinsurance, Hackerone Layoffs, and whether or not Sharks have noses!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw-326
Midnight Blizzard, Citrix, Bloodhound, Five Eyes, Canon, Cult of the Dead Cow, AI Shopping, Aaran Leyland, and More on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn-315
Our good friend Bill Swearingen joins us to talk about some of the incident response work he's been doing lately. Many people have it wrong, you don't need to be a cybersecurity ninja to respond to a security incident. Its about knowing who does what in your organization and executing a plan. Bill has put together a a set of free resources to help the community with incident response as well! Vistit the Awesome Incident Response project here: https://github.com/hevnsnt/Awesome_Incident_Response/ In the Security News: Canon shoots out your Wifi password, I want to be Super Admin, you don’t need fancy hacks to bypass air gaps, U.S. Senator attacks Microsoft, Tenable CEO attacks Microsoft, we should all be hopeful despite the challenges in infosec, SEC requires reporting Cyberattacks within 4 days, Mirai attacks Tomcat, scanning a car before stealing it, a little offensive appliance, no Internet access for you and that will solve the problem, Ubuntu blunders, it’s so secure no one can actually use it, and yet another CPU data leak! All that and more on this episode of Paul’s Security Weekly!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw-793
Identity isn't new, but we do have new ways of presenting and protecting identity with things like payment wallets and verifiable credentials. But we also have identity in surprising places -- like cars. We'll answer some questions like: - Why do we even have identities in cars? - What else is your car connected to? - How should devs be thinking about security in this space? In the news segment, Zenbleed in AMD, Google's TAG sees a drop in zero-days, new security testing handbook from Trail of Bits, Phil Venables' advice on public speaking, car battery monitor that monitors location(!?), more news on TETRA,
Visit https://securityweekly.com/asw for all the latest episodes!
Follow us on Mastodon: https://infosec.exchange/@AppSecWeekly
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw-249
This week in the Security News: Throbbing Gristle, China, Dragos, Ransomware, Tomcat, Ivanti, Radio Radio, My Mother the Car, Jason Wood, and More!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn-314
Some organizations are banning ChatGPT and other generative AI models out of fear of the risks they could introduce. While this is understandable, the reality is generative AI is accelerating so fast that, very soon, banning it in the workplace will be like blocking employee access to their web browser. Randy Lariar, Practice Director of Big Data, AI and Analytics at Optiv, will discuss how to embrace the new technology and shift the focus from preventing it in the workplace to adopting it safely and securely. We will discuss the challenges and benefits of generative AI, including: - How to detect AI tools and usage - How to develop policies and procedures for using AI tools - How the protect the models, data, and infrastructure to support AI tools - What are the regulatory requirements that may impact AI tools and usage - What are the benefits of using AI tools
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw-314
Once an incident has occurred and you've responded, then what? Join us for a chat with Sean Metcalf on what we can do to ensure our infrastructure remains resilient after a security incident. Segment description coming soon!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw-792
The traditional concept of the CISO may literally be 'too much', according to Nathan Case. It's based on systems of control and unrealistic assumptions that don't survive contact with real life. In this conversation, we'll discuss what the top security leadership role should be, and how it differs from the current/old school concept.
The concept of Edge computing has evolved over the years and now has a distinct role alongside the public cloud. AT&T Cybersecurity just released their 12th report on this market, which explores insights from a massive, 1400 respondent survey. Theresa Lanowitz joins us to discuss the findings of the report, and the future of this market.
https://cybersecurity.att.com/insights-report
This segment is sponsored by AT&T Cybersecurity. Visit https://securityweekly.com/attcybersecurity to learn more about them!
This week, we discuss the state of the market as OneTrust announces a round, one year after they laid off nearly 1000 employees. We also note that we continue to see more and more non-US cybersecurity vendor activity - France and India specifically this week. An IBM report tries to tie security spending to breach costs, but we disagree. We discuss the impact of InfoSec leaving Twitter, and the odds of whether or not the Las Vegas Sphere will get hacked during DEF CON.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw-325
GameOver(lay), ZenBleed, Maximus, Redline and others, the SEC, SiegedSec, Microsoft, Aaran Leyland, and More on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Appsec teams and developers must both understand the consequences of what they're doing when building APIs. Appsec teams need to push for collaboration and help implement tools that augment the development process. Dev teams need to wrangle complex architectures and work on addressing classes of vulns rather than just playing BugOps with scanner outputs. In the news, there's a (non-critical, but cool) RCE in ssh-agent forwarding, Node's vm2 bids adieu, zero-day from a CTF eventually makes it to a bug bounty program, Bad.Build, and more!
This segment is sponsored by GuidePoint.
Visit https://securityweekly.com/guidepoint to learn more about them!
Visit https://securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw-248
CYBER.ORG, in partnership with CISA, is helping create a diverse cyber workforce by breaking down the barriers to cybersecurity education by improving access for all K-12 students nationwide. CYBER.ORG’s HBCU feeder program Project REACH was recently highlighted in CISA’s 2022 Year in Review as part of the agency’s commitment to improving diversity and accessibility in the field. Laurie Salvail, Director of CYBER.ORG, joins BSW to discuss: - Why the expansion of K-12 cybersecurity education is the first step toward building a diverse talent pipeline. - How CYBER.ORG has implemented initiatives to drive diversity in cybersecurity including: - Project REACH, the HBCU feeder program launched across the country to build the next-gen workforce, and its plans to expand kickoff events in 2023. - Project Access, a program for the blind and visually impaired who are in pre-employment transition (Pre-ETS), and the summer camps on the horizon. - CYBER.ORG’s plans to expand diversity and inclusion efforts in the coming year to Hispanic-serving institutions. Segment Resources: To learn more about CYBER.ORG or to get involved, visit: https://www.cyber.org This week in the leadership and communications section: the SEC is asking for comments on Cybersecurity on Wednesday, July 26, 2023 at 10:00 a.m - Be there and tell them what you think of their cybersecurity regulations! Google has a new AI tool for journalism, Sergey Brin is back at Google, paving the path for "Blue-Collar AI" professionals, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw-313
Citrix, Ivanti, DOJ changes, Elon X, TETRA Radio, Google WEI, Jason Wood, and More on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-312
Today, we talk to Juliet about what's wrong with security programs today and what security leaders should be doing to fix them. We'll discuss how security programs can look rosy... until the incident hits, and the true posture of the organization is laid bare. How can CISOs still look good and maintain the org's trust under the worst of circumstances? In this interview, Jules will tell us how. Zero Trust is an imperfect concept and is often impractical to deploy comprehensively at scale, but that doesn't mean it can't do any good. In this interview, we talk with practitioner Ryan Fried about his experiences implementing Zero Trust in real life. We'll also discuss his new role at Mandiant, and why the glue that holds together people, process, and tools is so important. Finally, in the enterprise security news, Secure Code Warrior raises $50M to continue educating developers on best security practices, Jamf acquires dataJAR, IronNet’s public run ends soon, Microsoft puts pressure on other cybersecurity stocks, We discuss the Microsoft Storm breach, How to make engineers not hate you, Securely build features using AI APIs WormGPT, National Cybersecurity Strategy Implementation Plan, Cybersecurity labels Google plans to scrape everything you post for AI, & the Year of the Linux Desktop!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw-324
AirGaps, Slackware, Kevin Mitnick, Awareness, Microsoft, Bad API, JumpCloud, Megarac, Aaran Leyland, and More on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn-311
This week, up first is the Security News: Microsoft lost its keys, LOL drivers, If you were the CSO, try to keep employees happy but remove their accounts when they leave, gaming device finds a missing child, $3 brute forcing, undocumented instructions are sometimes the best instructions, remote code on your Oscilloscope, fuzzing satellites, routers are great places to hide, typos lead to information leaks of US military emails, pwning yourself, pwning security researchers, getting pwned by a movie, and WormGPT!
Sumit comes on the show to teach us a little about PHP type-juggling, introduce a free online security lab, and discuss the new certifications being offered in collaboration with Blackhat.
Segment Resources: Our SecOps exams: https://secops.group/cyber-security-certifications/
Black Hat's Certified Pentester exam: https://www.blackhat.com/us-23/certified-pentester.html
Vulnmachines platform: https://www.vulnmachines.com/
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw-791
While much has been written and argued about the security of election systems - the things that do the actual ballot counting - there's other systems that have to be in place and secured before the vote can occur - voter registration databases, ballot delivery systems, etc. Might it be possible to use modern appsec concepts OWASP SAMM to secure them in a more efficient, targeted, cost-effective manner? Brian Glas joins us to talk about this and his ongoing work around providing students with a modern application security education. It's a busy news week - We explore what happens when people trust plugging cables into their EVs in public, how an APT is leveraging docker and kubernetes to build a botnet, why you should be careful running code from "researchers," and much more
Visit https://securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-247
Scotty in Hell, CISA, S3, the White House, Risky Devices, Microsoft, Mali, Virus Total, Jason Wood, and More on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-310
Less than 50% of the Fortune 500 have a Chief Information Security Officer (CISO) or Chief Security Officer (CSO) listed on their executive team. Why is that? Is this role not considered an executive position? In part 1, we debate the role of the CISO/CSO and whether it is or is NOT and executive position. We've made a lot of progress over the last 20+ years, but has the role peaked? Will the role continue to get a seat at the table as a C-level executive or will it atrophy back to a VP or Director role? If the CISO/CSO is still an executive position, then what are the requirements of this role? In part 2, we debate the requirements of the CISO/CSO role and expectations of the organization. To be a true executive role, the CISO/CSO needs to have the decision making authority with the same protections of other officers. Will they get it? We debate.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw-312
InfoSec might have a hoarding problem, but it’s easy to understand why. It’s almost impossible to know what logs you’re doing to need, when you’re going to need them, or for what reason. SIEM vendors have taken advantage of these InfoSec data FOMO tendencies, however, and are making a killing charging a premium for storage - even when the storage in question is your own on-prem hardware. There ARE alternatives, however, but it seems most folks aren’t aware of this. In this interview with Eric Capuano, we’ll discuss both the practical and economic shortcomings of the traditional SIEM model. We’ll discuss the challenges of various SIEM use cases. Most importantly, we’ll discuss the new models actively replacing them. (No, they’re not branded as next-gen SIEMs) Tim MalcolmVetter has been alternating between blue team and red team roles for years. Moving between the two has had its advantages, giving Tim a better understanding of what works, what doesn’t and why. We’ll discuss a variety of topics, including the pros and cons of industry talent pipelines, Kerberoasting, and AI trends.
2023 Cybersecurity Conversations Report: https://eb1x.co/NWn0RHK Segment description coming soon!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-323
Microsoft, Zimbra, Rockwell, Joe Biden, Tax Software, Black Mirror, Aaran Leyland, and More on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn-309
Getting the correct data in the right place for incident response is challenging. JP comes on the show to talk about how he is helping companies with these challenges, getting control of the security data pipeline while helping save costs! In the security news: Someone is going to get hurt, slow migrations, hiding on the Internet is hard, more Fortinet vulnerabilities, BLackLotus source code, the difficulties with roots of trust, stealthy rootkits, patching made easy?, rowhammer and gaslighting, signing with time machines, memory is complicated, and it’s alive!!! It's alive!!!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Show Notes: https://securityweekly.com/psw-790
Infosec is still figuring out useful metrics, how to talk about risk, and how to make resilience more relevant. Shannon talks about a new community effort to measure software trust. She also covers threat modeling and adversary management as steps towards determining an org's resiliency and security.
Segment Resources: https://community.ravemetrics.com
Melinda will share results from her study last year on developer-focused security, "Walking the Line: Shift Left and GitOps Security" and discuss trends to help security keep up with modern software development. Segment Resources: ESG Complete Survey Results: Walking the Line: GitOps and Shift Left Security: https://research.esg-global.com/reportaction/515201532/Toc
Addressing the confusion around shift-left cloud security | TechTarget: https://www.techtarget.com/searchsecurity/opinion/Addressing-the-confusion-around-shift-left-cloud-security
Melinda Marks’s Most Recent Content: https://www.techtarget.com/contributor/Melinda-Marks
Visit [securityweekly.com/asw](https://securityweekly.com/asw) for all the latest episodes!
Follow us on Twitter: [@SecWeekly](https://www.twitter.com/secweekly)
Like us on Facebook: [facebook.com/secweekly](https://www.facebook.com/secweekly)
Visit https://securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-246
Green, Hairy Tongue, MoveIt redux, HCA, Apple, Threads, Jason Wood, and More on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-308
A golden age is a time of great achievement in a society or industry — a time of innovation and the furthering of new ideas via new mediums or technological advancements. Email security is now entering a golden age after stagnating for the better part of a decade. Is it time to celebrate? Customers have more choice than ever when it comes to protecting how employees, customers, and partners communicate and collaborate. Often, those customers are choosing more than one email security partner in a layered or multilayer approach to protection, as it provides greater efficacy — and peace of mind. But is that sustainable in a consolidating market? Jess Burn, Senior Analyst from Forrester Research, joins us to discuss the results of The Forrester Wave on Enterprise Email Security for Q2 2023. Segment Resources: https://www.forrester.com/blogs/announcing-the-forrester-wave-enterprise-email-security-q2-2023/?ref_search=604835_1688574622533 In the leadership and communications section, CISO as a Business Executive: 5 areas to focus on and 5 actions you can take to run cybersecurity…, How to win the battle for cybersecurity budgets, Mastering Effective Communication Skills with the Dale Carnegie Method, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-311
Robots have always had a kind of scaling from very mechanical to autonomous devices that are self aware. On this episode of SDL, Russ and Doug discuss AI, how bots work, and botnets in general.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/vault-swn-2
Check out this interview from the ESW Vault, hand picked by main host Adrian Sanabria! This segment was originally published on August 11, 2022.
Following in the footsteps of an attacker and uncovering their digital footprints, this episode will uncover an attacker’s techniques used and how they went from zero to full domain admin compromise, which resulted in a nasty ransomware incident. It will also cover general lessons learned from Ransomware Incident Response.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/vault-esw-3
Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on May 23, 2022.
Developers want bug-free code -- it frees up their time and is easier to maintain. They want secure code for the same reasons. We'll talk about how the definition of secure coding varies among developers and appsec teams, why it's important to understand those perspectives, and how training is just one step towards building a security culture.
Visit https://securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/vault-asw-3
Welcome to another edition of a Paul's Security Weekly Vault episode! This episode was previously recorded on April 5, 2012 and features an interview with none other than Dan Geer. Unfortunately there is no video for this episode, but the content is still relevant today.
Dan Geer is a renowned cybersecurity expert and visionary. With a wealth of knowledge and experience in the field, Dan has made significant contributions to our understanding of information security and its implications. In this interview, we'll explore his background, education, and delve into some of his most influential works, such as his paper on the security implications of mono-culture. My co-hosts for this interview included Jack Daniel and John Strand.
At the very end of the interview we talk about Dan giving the keynote at the Source Boston 2012 event. I've included a link to the video of that talk in the show notes for historical reference. ChatGPT summarized this keynote as follows stating: "Dan Geer discusses the claim that the internet is critical infrastructure and explores the potential hypocrisy involved in this assertion."
So, without further ado, enjoy our interview with Dan Geer!
Link to Dan Geer's 2012 Source Boston Keynote: https://www.youtube.com/watch?v=Qb8r0XoNd60
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/vault-psw-3
AI, machines, and killer robots, oh my! Elon Musk and 116 people sent a letter to the UN asking that Autonomous Weapons be banned.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/vault-swn-1
This week in the Security News, Dr. Doug talks: Russian Satellites, Cl0p, CISA, YouTube, ArcServ, EarlyRat, Aaran Leyland, and More on this edition of the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-307
This week, we welcome Dick Clarke to discuss his new book, The Fifth Domain, and the need for cyber resilience, especially these days! In the Leadership and Communications segment, 4 Behaviors That Help Leaders Manage a Crisis, The Right Way to Keep Your Remote Team Accountable, 15 Steps to Take Before Your Next Video Call, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/vault-bsw-3
Securing data is hard. Business stops when data flows are hindered, stopped, sometimes even slowed. Placing controls around data traditionally leads to more friction and less productivity. Can it be a different story in the cloud? Today, we find out when we talk to Dan Benjamin about why he founded Dig and the space they're trying to fill in public cloud services. Paddy Harrington joins us from Forrester research to discuss his findings in this year's state of IoT security report. Computers have been shoved into anything and everything, both in the home and in the workplace. Paddy will share some interesting insights from the report, and we'll discuss why some of the results seem to conflict.
Segment description coming soon!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw-322
In this segment we welcome Carlos Perez back to the show! Carlos will discuss the different types of penetration testing, including adversary emulation, and a cool method we can use to cover our tracks on Windows systems. In the security news: You got so many CVEs you need your own, dedicated, vulnerability scanner, melting your neighbors with hacking, The FDA’s SBOM and OSS, when the vulnerability scanner has a vulnerability, violating CISA directives at scale, make 2FA a little easier with this device, NSA’s BlackLotus mitigation guide: who needs those certificates anyhow?
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Show Notes: https://securityweekly.com/psw-789
Without visibility and continuous monitoring, dangerous threats expose our blind spots and create risk. Invicti, who brought together Acunetix and Netsparker, analyzes common web application vulns across thousands of assets yearly and releases the Invicti AppSec Indicator for a holistic view of vulnerability trends from automated scan results. In this talk, Invicti Director of Product Patrick Vandenberg shares a deep dive into the trends currently impacting AppSec programs and discusses some of the best practices that will help organizations achieve efficiencies in their programs.
Segment Resources: - [AppSec Indicator Spring 2023 edition | Invicti](https://www.invicti.com/clp/appsec-indicator/?utm_medium=contentsyn&utm_source=sc_media&utm_campaign=i-syn_CRA-ASW-Jun2023&utm_content=230424-ga_spring-appsec-indicator&utm_term=brand)
This segment is sponsored by Invicti.
Visit [securityweekly.com/invicti](https://securityweekly.com/invicti) to learn more about them!
In the news, two XSS vulns via postMessage methods in Azure, how to choose (and move on from) a web research topic, OpenSSF finances a security developer-in-residence for Python, more infosec myths, free cybersecurity training resources.
Visit [securityweekly.com/asw](https://securityweekly.com/asw) for all the latest episodes!
Follow us on Twitter: [@SecWeekly](https://www.twitter.com/secweekly)
Like us on Facebook: [facebook.com/secweekly](https://www.facebook.com/secweekly)
Visit https://securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-245
This week in the Security News, Dr. Doug talks: Win 3.1, Fortinet, Women in Cyber nominations, Teams, IOS, Mockingjay, Jason Wood and More!
Visit https://www.securityweeky.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-306
In a tight economy, security budgets have been under scrutiny. Vendor consolidation strategies are real, but what are the pros and cons of this strategy? Shawn Surber from Tanium joins us to discuss how vendor consolidation is playing out and what to look for. It's not just an expense exercise, it's also a strategic alignment exercise. This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them! In the Leadership and Communications section, CISO Burnout Prevention: Tips for Work-Life Balance, Maximizing Leadership Potential, The Essence of Effective Management: Commitment, Foresight, and Leadership, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw-310
Emilie comes on the show to talk about penetration testing and share her knowledge and stories! In the Security News: There is no national cyber director, time to move away from MoveIT, update Microsoft IIS at least every 6 years, your security system is not secure, for that matter neither is your smart pet feeder, identity management is hard, at least for some, spies using spy gadgets to spy on spies, go ahead and just replace your hardware, secure boot is hard, bypassing the BIOS password (but don’t try this at home, or work for that matter), Rob shaved his beard, what’s new in PCI (drink, are we still drinking on PCI? If so, drink again), if your firmware isn’t patched, no cloud updates for you, and Gigabyte has a backdoor!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
FShow Notes: https://securityweekly.com/psw-788
Check out this interview from the ESW Vault, hand picked by main host Adrian Sanabria! This segment was originally published on September 29, 2021.
No Man is an Island. Neither can a security program exist without interconnections and strong relationships to the rest of the business. Yet, over and over again I meet Security Leaders that thrive on designing security fiefdoms with large moats, and one bridge that they roll down only when they intend to roll out a new technology, initiative or need budget authority. There is no amount of authority or power that can provided to a CISO that makes he or she immunized against the need for communication, collaboration and diplomacy with peers, users and Senior Executives.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/vault-esw-2
Security is one of the most evolving and impactful landscapes in the regulatory sphere. Proposed initiatives in the areas of Incident Response, Software and Product Assurance, Coordinated Vulnerability Disclosure (CVD), and IoT or Connected Products Regulations are among the most active and developing areas of security policy around the world. This evolving landscape also serves as an opportunity for innovation and research collaboration. Elazari will walk us through some of the most recent trends in policy proposals shaping the future of security. We will also talk about bug bounties and vulnerability disclosure, what are some of the industry's best practices in this area, how to implement these programs to foster security, collaboration and transparency, and how this connects to the policy momentum and its impact on security researchers.
Segment Resources:
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/vault-asw-2
Check out this interview from the BSW VAULT, hand picked by main host Matt Alderman! This segment was originally published on October 12, 2020.
We go off script. Michael Santarcangelo joins me for a discussion on leadership. We review the 4 C's of Leadership: 1. Culture 2. Collaboration 3. Communication 4. Cultivation - and Michael shares some of his leadership approaches and ideas.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/vault-bsw-2
The WAF has a relatively long history with InfoSec. A few years back, we saw the traditional architecture separated by new technologies and philosophies on the best way to detect and stop web-borne attacks. In this episode with Daniel Corbett, we'll take a deep dive into the latest on WAF capabilities, what it means to be 'next-gen' in the WAF world, and how LLM AI like ChatGPT could influence the attacks we see (and have to defend against) in the near future. Explore the rapidly-evolving landscape of Managed Detection and Response (MDR) with insights from Sophos, a pioneering MDR provider. Understand how businesses can gain superior security outcomes and better value from their investments by integrating 3rd party products natively into an adaptive ecosystem backed up by 24/7/365 threat detection, incident response and proactive threat hunting from one of the largest global providers of MDR services. Finally in the Enterprise News segment, we discuss the user-facing security trend, bad ideas in company naming/branding, and why you might not want to be on a list of the top 200 most secure companies. We also discuss the right way to treat employees when doing layoffs, and the future for companies that probably shouldn't have received funding before the market downturn. Finally, France uses AI to discover untaxed pools!
This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them!
Segment Resources:
https://www.sophos.com/en-us/x-ops
This segment is sponsored by Sophos.
Visit https://securityweekly.com/sophos to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw-321
This week Dr. Doug talks: Killer Robots, ESXI, Lockbit, MoveIt, CISA, SEC, Texas, Aaran Leyland, and More on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn-305
Eric Olden, CEO and Co-Founder of Strata Identity, discusses the concept of Identity Orchestration. He covers the evolving identity landscape and how it has evolved to keep pace with modern apps, the challenges encountered during an identity modernization project, how Identity Orchestration helps those modernization projects, and best practices for implementing secure identity.
Segment Resources: - [Identity Orchestration Use Cases](https://www.strata.io/use-cases/) - [What is Identity Orchestration WhitePaper](https://www.strata.io/resources/whitepapers/what-is-identity-orchestration-and-why-you-need-it-to-succeed-with-multi-cloud/) This segment is sponsored by Strata.
Visit https://securityweekly.com/strata to learn more about them!
This year's Verizon DBIR is out, CVSS is updating its methodology, poor password reset design, SQL injection in MOVEit, a CTF for AWS IAM Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-244
Check out this interview from the PSW VAULT, hand picked by main host Paul Asadoorian! This segment was originally published on April 9, 2013.
Bill Cheswick logged into his first computer in 1968. Seven years later, he was graduated from Lehigh University in 1975 with a degree resembling Computer Science. Ches has worked on (and against) operating system security for over 35 years. He is probably best known for "Firewalls and Internet Security; Repelling the Wily Hacker", co-authored with Steve Bellovin, which help train the first generation of Internet security experts.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/vault-psw-2
This week Dr. Doug talks: Mad dogs and paper clips, Fortinet, MoveIt, BatCloak, China, More News, and Jason Wood on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-304
The Gartner definition of integrated risk management is a set of practices and processes supported by a risk-aware culture and enabling technologies, that improves decision making and performance through an integrated view of how well an organization manages its unique set of risks. Enterprises typically have a broad coverage of the risks that face the business including cybersecurity risk, however, its 2023 and after more than a decade of requiring training compliance for our people, the Verizon DBIR reports this year that 74% of breaches involved human error. It's clear that compliance is not the answer for where to include the human in an IRM strategy, so what's next? In the leadership and communications section, Only one in 10 CISOs today are board-ready, study says, Why Conflicting Ideas Can Make Your Strategy Stronger, How to Overcome Communication Barriers in Your Teamwork, and more!
This segment is sponsored by Living Security.
Visit https://securityweekly.com/livingsecurity to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw-309
Phrenology, Barracuda, MoveIt, Lazarus, Minecraft, ChatGPT, Adrian Sanabria, and More on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-303
This is the first interview in a two-part AI special! First up, we talk with Daniel Miessler, who has been following the generative AI trend very closely and is one of the most prolific writers and thought leaders on the topic. It's a massively divisive topic with the most successful product ever launched (ChatGPT). Some folks think it's overhyped, some think it's going to replace all the worst parts of the worst jobs, and others think it could be the beginning of the end for humanity. While other interviews on GenAI get deep into conversations on the future of humanity, we're going to stay closer to home on this one. It seems clear that GenAI will transform the enterprise more quickly than any other technology trend we've seen. We'll discuss what security needs to do to prepare for this shift, and why security teams should begin exploring GenAI themselves as soon as possible. Generative AI is taking the world by storm. Naturally, enterprises are looking for ways to integrate the innovative technology into their techstack, boost productivity of the knowledge workers and overall increase their ROI. The question is, how to do it without compromising data privacy and security standards of the enterprises. Segment Resources: https://zerosystems.com/ In this episode we briefly cover funding, and discuss Snyk's acquisition of Enso Security and Cisco's Armorblox buy. We discuss some new open source AI tools: privateGPT, llm, ttok, and strip-tags. We discuss the death of Meta's massive Metaverse movement and go DEEP down the rabbithole on the new Stop Silly Security Awards website. Artifact's AI rewrites clickbaity headlines and we wrap up by exploring a very entertaining Map of GitHub communities: https://anvaka.github.io/map-of-github/
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw-320
Check out this interview from the PSW VAULT, hand picked by main host Paul Asadoorian! This segment was originally published on October 18, 2015. L0pht Heavy Industries was a hacker collective active between 1992 and 2000 and located in the Boston, Massachusetts area. We learn about the history of the L0pht and the future.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/vault-psw-1
Ducking AI, Kimsuky redux, SMB signing, MoveIt, Gigabyte, Splunk, Chrome Extensions, AI, Jason Wood and more on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn-302
The American Data Privacy and Protection Act introduces oversight of how companies handle the data they collect and process from U.S. citizens, including AI algorithms used to uncover insights that can be monetized. Security professionals should prepare now for the legislation by understanding how to audit algorithms and implement compliance processes. Even if this version of privacy legislation doesn’t pass, similar legislation will likely pass soon.
Segment Resources:
Forbes Tech Council article: Why You Need to Prepare Now for Privacy Legislation That May Not Pass https://www.senecaglobal.com/media-mentions/ftc-why-you-need-to-prepare-now-for-privacy-legislation-that-may-not-pass/
Enterprise Security Tech - American Data Privacy Protection Act: What, Who, How https://www.enterprisesecuritytech.com/post/american-data-privacy-protection-act-what-who-how
Security Info Watch - What the American Data and Privacy Act means for businesses https://www.securityinfowatch.com/security-executives/article/21295869/what-the-american-data-and-privacy-act-means-for-businesses
In the leadership and communications section, Cybersecurity Starts with the Board and C-Suite, How CISOs can achieve more with less during uncertain economic times, Why Authentic Leadership Is So Hard, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw-308
Walking the show floor at RSA Conference, you couldn't trip without falling into an application security vendor booth ... and API security specialists were especially plentiful. Join Forrester Principal Analyst Sandy Carielli for her thoughts on RSA Conference and a deep dive into the challenges of API security.
Segment Resources:
OWASP has a draft for the LLM Top 10, simple vulns in a modern SaaS app, ancient vuln in a Wordpress plugin, PyPI moves to secure its package manager accounts, ThinkstScape Quarterly research report, having fun with memory variables, DNS, and logins.
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw-243
Penetration Tester stories, dumb and funny stuff that's crazier than movies.
Segment Resources: https://www.cyberpointllc.com/index.php https://www.cyberpointllc.com/srt.php
In the security news: keystroke logs are stored in plain-text (and other atrocities in software used in schools), WPBT is the gift that keeps on giving and this time it's Gigabyte, PCI DSS 4.0 (drink!), immutable linux desktops, one packet exploits, neat linux malware, sock puppets, a must read new book about hacks, why SMB why?, boot girls, exposing customers....data, cracking GSM, you MUST use 2fa (not should, must), old wine in a new bottle, lab grown "meat", malicious bookmarks, and ChatGPT's secret reading list! All that and more on this episode of Paul’s Security Weekly.
Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Check out this interview from the ESW VAULT, hand picked by main host Adrian Sanabria! This segment was originally published on October 21, 2021.
The Record has published several interviews with cybercriminals, courtesy The Record's Russian-speaking analyst, Dmitry Smilyanets (https://therecord.media/author/dmitry-smilyanets). These interviews have included representatives from REvil, BlackMatter, and Marketo. The interviews have uncovered the gangs' motivations, targets, and tactics, and have been cited by officials, including White House Deputy National Security Advisor Anne Neuberger. We talk with Adam Janofsky, founder and Editorial Director of The Record about what it's like to start a vendor-sponsored media outlet (The Record is funded by Recorded Future), and what they've learned by interviewing the bad guys.
This segment is sponsored by Devo. Visit https://securityweekly.com/devo to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/vault-esw-1
Check out this interview from the BSW VAULT, hand picked by main host Matt Alderman! This segment was originally published on June 8, 2020.
Marc French has more than 25 years of technology experience in engineering, operations, product management, and security. Prior to his current role at CISO at Product Security Group, Marc was the SVP & Chief Trust Officer at Mimecast, Inc. and has held a variety of senior security roles at Endurance/Constant Contact, EMC/RSA, Iron Mountain, Digital Guardian, and Dun & Bradstreet.
With all this security experience, Marc has created a series of career ladders to help guide infosec professionals with their job journey, including the illustrious CISO position. We will also cover whether you really want to be a CISO...
All of the open source career ladders can be found here: https://github.com/product-security-group/Security_Ladders
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/vault-bsw-1
Check out this interview from the ASW VAULT, hand picked by main host Mike Shema! This segment was originally published on March 14, 2022.
Cybersecurity is a large and often complex domain, traditionally focused on the infrastructure and general information security, with little or no attention to Application Security. Security providers usually tack-on AppSec services to their existing menu of offering without understanding the domain, and their team of professionals have little or no experience with software development or inner workings of modern application architectures. As the world turns Digital at a rapid pace accelerated by the recent pandemic, applications become common place in our lives, providing attackers more opportunities to exploit these poorly protected applications. As such, it is important to know what is actually required to build and run software securely, and how to do application security right.
Segment Resources: https://forwardsecurity.com/2022/03/07/application-security-for-busy-tech-execs/
Show notes: https://www.scmagazine.com/podcast-episode/asw-188-farshad-abasi
Ferret Legging, Elon's Brain Implants, Volt Typhoon, CosmicEnergy, OAuth, ILoveYou (and that's not just the Molly talking), Aaran Leyland, and More on this episode of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn301
On this edition of the ESW news, we're all over the place! Funding and acquisitions are a little sad right now, but AI and TikTok bans raise our spirits. The hosts are split on feelings about the new .zip gTLD, there's a new standard for scoring an "AI Influence Level" (AIL), and lessons learned from Joe Sullivan's case and other Uber breaches. Also, don't miss the new AI tool DragGAN, which enables near magical levels of ease when manipulating photos.
What's even real anymore? We might not be able to tell for long... The reality is no organization is insusceptible to a breach – and security teams, alongside the C-suite, should prepare now to make the response more seamless once a crisis does happen. Based on his experience working 1:1 with security leaders in the private and public sectors, Jon Check, executive director of Cyber Protection Solutions at Raytheon Intelligence & Space, will share the critical steps organizations must take to best prepare for a security breach.
This segment is sponsored by Raytheon. Visit https://securityweekly.com/raytheonrsac to learn more about them!
While companies utilize dozens of security solutions, they continue to be compromised and are continually searching for their real cybersecurity gaps amongst the overload of vulnerability data. A primary issue security teams face is that they lack a way to continuously validate the effectiveness of the different security solutions they have in place. Automated Security Validation is revolutionizing cybersecurity by applying software validation algorithms, for what was once manual penetration testing jobs. It takes the attacker's perspective to challenge the integrity and resilience of security defenses by continuously emulating cyber attacks against them.
This segment is sponsored by Pentera. Visit https://securityweekly.com/penterarsac to learn more about them!
Security teams are always on the lookout for external threats that can harm our organizations. However, an internal threat can derail productivity and lead to human error and burnout: repetitive, mundane tasks. To effectively defend against evolving threats, organizations must leverage no-code automation and free analysts to focus on higher-level projects that can improve their organization’s security posture.
This segment is sponsored by Tines. Visit https://securityweekly.com/tinesrsac to learn more about them!
In today’s hyper-connected world, devices are everywhere, people are online constantly and sensitive data has moved to the cloud. Given these trends, organizations are making digital trust a strategic imperative. More than ever, companies need a unified platform, modern architecture and flexible deployment options in order to put digital trust to work.
This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them!
Bill Brenner, VP of content strategy at CyberRisk Alliance, and Cisco storyteller/team leader/editor Steve Ragan discuss the issues security professionals are sinking their teeth into at RSA Conference 2023, including:
This segment is sponsored by Cisco. Visit https://securityweekly.com/ciscorsac to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw319
Liam Mayron from Fastly comes on the show to talk about his unique path into information security, the security implications of generative AI, advances in technologies to protect web applications, detecting bots, and enabling better MSP services!
This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them!
In the Security News: a cross-platform, post-exploit, red teaming framework, cover your backups, your voice should never be your passport, time to change your fingerprints, a drop in the bucket sucka, Thor will take out those pesky drones, never give your AI friends money, bye-bye PyPi for a while anyhow, bug bounties are broken, you say you want people to update routers, not-too-safe-boot, mystery microcode, Cisco listens to the podcast (they must have heard it from Microsoft), will it run DOOM?, your server is bricked, permentantly, Hell never ends on x86, and coldplay lyrics in your firmware.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw786
Space, the final frontier, Naughty Cell Phones, HP, ASUS, Meta, Google, Gil Kirkpatrick, and more on this edition of the Security Weekly News.
Segment Resources:
https://www.darkreading.com/cloud/microsoft-azure-vms-highjacked-in-cloud-cyberattack
This segment is sponsored by Semperis. Visit https://securityweekly.com/semperis to learn more about them!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn300
The OWASP Top 10 dates back to 2003, when appsec was just settling on terms like cross-site scripting and SQL injection. It's a list that everyone knows about and everyone talks about. But is it still the right model for modern appsec awareness? What if we put that attention and effort elsewhere? Maybe we could have secure defaults instead. Or linters and build tools that point out these flaws. We'll talk about top 10 lists, what we like about them, what we don't like, and what we'd like to see replace them. We'll also test our hosts' knowledge of just how many top 10 lists are out there.
Segment resources:
New TLDs are already old news, fuzzing eBPF validators, Microsoft sets to kill bug classes, draft RFC to track location trackers, a top ten list with directory traversal on it, conference videos from Real World Crypto and BSidesSF, and an attack tree generator from markdown.
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw242
You can rebuild infrastructure. But you can’t un-breach data – Data sits at the core of an organization and is often the most open and vulnerable. This is why data security is the most important and urgent security problem to solve right now. We’re joined by Matt Radolec, Senior Director of Incident Response and Cloud Operations at Varonis, to walk through the blast radius concept – from what it is and how to use it to understand your organization's risk, to how it can serve as a guide to securing data from insiders and external attackers.
Segment Resources:
The Great SaaS Data Risk Exposure report: https://info.varonis.com/hubfs/Files/docs/research_reports/Varonis-The-Great-SaaS-Data-Exposure.pdf
The Forrester Wave™: Data Security Platforms, Q1 2023 https://reprints2.forrester.com/#/assets/2/1646/RES178465/report
Learn more about the Varonis Data Security Platform https://www.varonis.com/products/data-security-platform
This segment is sponsored by Varonis. Visit https://securityweekly.com/varonis to learn more about them!
In the leadership and communications section: Do You Really Need a CISO?, A CISO Employment Contract May Mean the Difference Between Success and Jail, When Your Employee Tells You They’re Burned Out, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw307
$10M reward, a serious wemo vulnerability, EXSI threats, critical Cisco flaws, millions of smart phones with preinstalled malware and Bill Brenner
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn299
This week, we discuss fundings, acquisitions (TWO DSPM exits!), the ongoing market downturn/weirdness, and surprise - LLM-based AIs! We spend a fair amount of time talking about the importance of breach transparency - we need to be able to learn from others' failures to improve our own defenses. We also discuss the inevitable 'One App To Rule them All' that will serve as an all-knowing personal assistant. It will integrate with all our comms, calendars, and notes, which will be scary and fraught with privacy and security issues. But Tyler and Adrian still yearn for it, as their pre-frontal cortexes become increasingly dulled by scotch and beer.
Enterprises are struggling to manage and reduce their organizational attack surface, especially with a shortage of skilled staff. Find out how some security executives are tackling this challenge by automating their IT and vulnerability management.
This segment is sponsored by Syxsense. Visit https://securityweekly.com/syxsensersac to learn more about them!
Cars have evolved from a physical mode of transportation to a digitized experience, bringing with it new risks and challenges in security, privacy and user experience. Putting identity at the center of the connected world solves simplicity and safety challenges, including physical safety, digital security and data privacy. Furthermore, decentralized identity plays a major role in a better, more secure seamless experience – not just for vehicles, but for society at large.
This segment is sponsored by ForgeRock. Visit https://securityweekly.com/forgerockrsac to learn more about them!
There is a war on trust in the digital world, and people are caught in the crosshairs. Everywhere we look, there are identity risks with crippling repercussions for businesses, whether fake people, fake content, or insecure web links. With the rise of generative AI tools in business, threat actors are utilizing these technologies to create more sophisticated phishing emails – mimicking brands and tone or more easily translating copy into several languages making them more difficult to identify and easily connecting hackers with global audiences. Now is the time to implement solutions that empower a connected thread of trust between businesses and users – before all trust is lost.
This segment is sponsored by OneSpan. Visit https://securityweekly.com/onespanrsac to learn more about them!
Semperis CEO Mickey Bresman sits down with SC Magazine to share practical steps for improving Active Directory resilience in the face of escalating cyberattacks, using real-world examples. With cybercrime costs projected to reach $8 trillion in 2023 and AD being the top target for attackers, organizations must prepare to detect, respond, and recover from AD-based attacks. Learn how InfoSec and IAM teams can operationalize the Gartner "top trending" topic of identity threat detection and response (ITDR) to ward off attackers and take back the advantage.
This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisrsac to learn more about them!
Today’s CISOs are laser focused on three imperatives: reducing risk; reducing operational costs, and attracting or retaining top talent. All three priorities are driven by creating a better SOC analyst experience which translates to less time to detect and respond to an attack. In this discussion, we’ll uncover how Extended Detection & Response (XDR) can drastically improve the SOC analyst experience and alleviate CISOs’ top challenges.
This segment is sponsored by VMware. Visit https://securityweekly.com/vmwarecarbonblackrsac to learn more about them!
While emerging cyber threats and vulnerabilities tend to dominate headlines, criminals often exploit known vulnerabilities to gain access to critical systems and data for nefarious purposes. And with the number of vulnerabilities rising constantly, they can pose significant risk to organizations, especially if defenders don’t know which ones are critical. Learn how Expel is helping to pull back the curtain on how organizations can more effectively prioritize their most critical vulnerabilities.
This segment is sponsored by Expel. Visit https://securityweekly.com/expelrsac to learn more about them!
Visit https://www.securityweekly.com/esw\ for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw318
Kevin Johnson joins us to discuss pen testing, automated testing, why AI testing is not pen testing!
In the security news: How AI Knows Things No One Told It, Dragos Employee Gets Hacked, VMProtect Source Code Leaks, CISA Vulnerabilities, SHA-1 is a Shambles, Microsoft Scans Inside Password Protected Files, Geacon Brings Cobalt Strike Compatability to MacOS, Google Launches Tools to Identify Misleading & AI Images, Cyberstalkers Use New Windows Feature to Spy on iPhones, Texas A&M Prof Flunks all his Students, Wemo Won’t Fix Smart Plug Vulnerability, Catfishing on an industrial scale, and Hacking the Ocean to store Carbon Dioxide
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw785
This week in the Security News, Aaran Leyland joins remotely to dish out the latest news: Cyber Resilience Act contains a poison pill, a powerful backdoor, Malicious Actors and Jason Wood - Valued Co-Host OR Malicious Actor? All that and more on this episode of SWN!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn298
What happens to an app's security after six months? What about a year or two years? A Secure SDLC needs to maintain security throughout an app's lifetime, but too often the rate of new flaws can outpace the rate of new code within an app. Appsec teams need strategies and processes to keep software secure for as long as possible.
Segment Resources:
https://www.veracode.com/state-of-software-security-report
Learn how hackers are exploiting the trust that mobile app owners place in their customers. Hackers are increasingly modifying app code, posing as trusted customers, and infiltrating IT infrastructure.
This segment is sponsored by Verimatrix. Visit https://securityweekly.com/verimatrixrsac to learn more about them!
Unlike vulnerabilities, which can and do often exist for months or years in application code without being exploited, a malicious package represents an immediate threat to an organization, intentionally designed to do harm. In the war for cybersecurity, attackers are innovating faster than companies can keep up with the threats coming their way. A new approach is needed to stay ahead of the impacts of malicious packages within applications. Findings from our latest report "Malicious Packages Special Report: Attacks Move Beyond Vulnerabilities" illustrate the growing threat of malicious packages. From 2021 to 2022, the number of malicious packages published to npm and rubygems alone grew 315 percent. Mend.io technology detected thousands of malicious packages in existing code bases. The top four malicious package risk vectors were exfiltration, developer sabotage, protestware, and spam. Nearly 85 percent of malicious packages discovered in existing applications were capable of exfiltration – causing an unauthorized transmission of information. Threat actors leveraging this type of package can easily collect protected information before the package is discovered and removed. We’ll share why as long as open source means open, the door will be left open to bad actors, so it’s especially critical to know when things are being brought into your code. Malicious packages represent an immediate threat, unlike vulnerabilities, and can not be taken lightly.
This segment is sponsored by Mend.io. Visit https://securityweekly.com/mendrsac to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw241
Medtronic's Security Ambassador program has seen tremendous growth and engagement in recent years. Learn how they gave their program a shot of adrenaline and haven't looked back since.
Cybersecurity teams today are inundated with tools that provide an abundance of alerts and data about threats, gaps, vulnerabilities and everything in between. While security tools are critical to operating a cybersecurity program and produce helpful data, they should never dictate an organization’s cybersecurity strategy. Instead, Amad Fida, CEO & Founder of Brinqa, explains why business priorities should be the foundation for any company’s cybersecurity strategy.
This segment is sponsored by Axonius. Visit https://securityweekly.com/axoniusrsac to learn more about them!
Economic uncertainty has forced IT and security leaders to be more cautious than ever when increasing spending and team size. Suh dynamics give CISOs and CIOs an opportunity to demonstrate value by going beyond “merely” defending the organization from threats. We can contribute toward the organization’s efforts to constrain costs by looking inward at existing tools and assets to understand deployment, usage, and value. We can do this by ensuring the company is making the most of what it already has – and eliminating the spend that’s not being utilized in the most effective way.
This segment is sponsored by Brinqa. Visit https://securityweekly.com/brinqarsac to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw306
Singing Terminators, Gmail, Joe Sullivan, Dragos, ESXi, Microsoft, Greatness, Jessica Davis, and More on this episode of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn297
We are nearly half way through 2023, and we're seeing some new trends surface in the cyber landscape. These include generative artificial intelligence, which was everywhere at RSA Conference this year, as well as automation across security operations and the continued need for skilled expertise. Join Matt Alderman from CyberRisk Alliance and Antonio Sanchez, Principal Evangelist at Fortra, as they dive into 2023 cybersecurity trends and observations.
Segment Resources: https://www.fortra.com/resources/cybersecurity-education?code=cmp-0000011812&ls=717710002&utm_source=cyberrisk-alliance&utm_medium=contsynd&utm_campaign=ft-brand-awareness https://www.fortra.com/products/bundles?code=cmp-0000011812&ls=717710002&utm_source=cyberrisk-alliance&utm_medium=contsynd&utm_campaign=ft-brand-awareness
This segment is sponsored by Fortra. Visit https://securityweekly.com/fortra to learn more about them!
In the enterprise security news, A slow week for funding, but, as always, a busy week for AI news! Databricks acquires Okera, CrowdStrike, Fortinet and other cybersecurity shares rise, Merck might finally see that $1.4 billion dollar NotPetya payout, Ex-Uber CISO Joe Sullivan won’t go to jail, Google rolls out passkey support, Do Bartenders make good pen testers?, ICS using steganography to hide data, DEF CON will unleash hackers on Large Language Models, and Security’s eternal prioritization problem!
The browser is the most used application, but was never built with the needs of the enterprise in mind. The Enterprise Browser delivers a whole new level of visibility, security and governance. This conversation will explore the benefits of the Enterprise Browser and the gaps it is filling for enterprises around the world.
This segment is sponsored by Island. Visit https://securityweekly.com/islandrsac to learn more about them!
Resilience and the capacity for reinvention have never been more important. In a world evolving at the speed of tech and roiled by the pandemic, enterprises that have security innovation woven into their DNA enjoy a distinct advantage. Learn more.
This segment is sponsored by Sumo Logic. Visit https://securityweekly.com/sumologicrsac to learn more about them!
The increased prevalence of phishing kits sourced from black markets and chatbot AI tools like ChatGPT has seen attackers quickly develop more targeted phishing campaigns. This improved targeting has simplified the process of manipulating users into taking actions that compromise their security credentials, leaving them and their organizations vulnerable.
This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscalerrsac to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw317
In this talk, Paula Januszkiewicz, renowned cybersecurity expert with years of experience in the field, shares her insights on critical tasks that must be included in any successful penetration testing checklist. She will offer the listeners a sneak peek into her pentesting trick book, discuss the special tools she is using, and highlight the importance of diversifying your pentester's toolkit. This episode is a must-listen for anyone interested in mastering the art of penetration testing.
In the security news: feel free to cry a bit, honeytokens are the shiny new hotness, it's fixed in the future, backdooring electron, should we move to passkeys, the turbo button, why Cisco hates SMBs, old vulnerabilities are new again, MSI, Boot Guard and some FUD, fake tickets, AI hacking, prompt injection, and the SBOM Bombshell!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw784
Poisonous Parsley and Chat GPT, QR codes, Boot Guard, Akira, Wanted Posters, SuperCare, VPNS, Jason Wood, and more on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn296
What does software resilience mean? Why is status quo application security unfit for the modern era of software? How can we move from security theater to security chaos engineering? This segment answers these questions and more.
Segment Resources:
Book -- https://securitychaoseng.com
Blog -- https://kellyshortridge.com/blog/posts/
In the ever-evolving world of cybersecurity, attackers are constantly finding new ways to infiltrate your software supply chains. But with GitGuardian's Honeytoken, you can stay ahead of the game. Deploy honeytokens at scale, monitor for unauthorized use, and detect intrusions before they can wreak havoc on your system. With Honeytoken, you'll have the insight you need to protect your confidential data and know where, who, and how attackers are trying to access it.
This segment is sponsored by GitGuardian. Visit https://securityweekly.com/gitguardianrsac to learn more about them!
In light of the constant change in the threat landscape, how does an organization keep up with the attackers who're always innovating? New specialized security solutions are regularly being introduced to address new threats, increasing complexities and the non-functional requirement(NFRs) associated with integration of these systems to already complicated enterprise web applications. How does an organization implement holistic defense without increasing cost, complexity and impacting user experience? Edgio will address how an edge-enabled holistic security platform can effectively reduce the attack surface, improve the effectiveness of the defense while reducing the latency of critical web applications via it’s multi-layered defense approach. It also offers the ability to integrate with an enterprises' DevSecOps workflow to achieve better security practices. Edio will discuss how its security platform “shrinks the haystacks” so that organizations can better focus on delivering key business outcomes.
This segment is sponsored by Edgio. Visit https://securityweekly.com/edgiorsac to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw240
Each year, Forrester tracks the top systemic risks — external events that impact your firm and customers but are out of your control — facing organizations. The impacts of climate change are both short-term, in the form of severe weather, drought, and heat waves, and long-term, in the form of biodiversity loss, sea-level rise, and rising temperatures. Want to see where climate risk ranked on the list? Read The Top Systemic Risks, 2023 (https://www.forrester.com/report/the-top-systemic-risks-2023/RES179156) or listen to this segment on Business Security Weekly.
A resilient cybersecurity strategy is essential to running your business while protecting against security threats and preventing data breaches. For CISOs, partnering with a managed service security provider (MSSP) means you can be in control of your organization’s information and infrastructure security without placing a strain on internal personnel or resources which is critical in today’s uncertain economy. With an MSSP on board, CISOs are better equipped to meet strategic and business goals, while improving operations and reducing expenses. This interview will discuss not only why to consider an MSSP but how to choose the right one for the job.
This segment is sponsored by Direct Defense. Visit https://securityweekly.com/directdefensersac to learn more about them!
Insider Risk is a problem that continues to grow - and that companies are still struggling to solve. CISOs state that it is the number one most difficult threat to detect, placing it over malware and ransomware. Code42 President and CEO Joe Payne will explain why the Insider Risk problem is so challenging and will offer guidance on how to solve it.
This segment is sponsored by Code42. Visit https://securityweekly.com/code42rsac to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw305
St. Alban's Day, Kimsuky, WinRAR, Microsoft, fake AI, Siemens, Apple, and More on this episode of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn295
This week, we start with the news: 2 weeks of news to catch up on! 16 funding stories, 4 M&A stories, Cybereason prunes its valuation… a lot, First Republic Bank seized by FDIC, Ransomware is irrelevant Sun Tzu hates infosec, AI Trends, Kevin Mandia’s 7 tips for defense, & How much time should we spend automating tasks?
Christopher will delve into what lateral security/lateral movement are and identify key lateral security tools (network segmentation, micro-segmentation, advanced threat prevention systems, network sandboxes, and network traffic analysis/network detection and response). He will also touch on why automation is important when it comes to consistent security and the current threat landscape.
This segment is sponsored by VMware. Visit https://securityweekly.com/vmwarenetsecrsac to learn more about them!
AT&T Cybersecurity released its 12th annual Cybersecurity Insights Report, “Edge Ecosystem,” which highlights the dramatic shift in computing underpinned by 5G, the edge, and the convergence of networking and security. The report found that business and technology leaders are finally coming together not just to understand the new edge computing ecosystem, but to make more predictable, data-informed business decisions. Collaboration among these leaders, as well as external partners in the ecosystem, will be critical for the edge journey ahead – but more progress must be made to better leverage the edge and transform the business.
This segment is sponsored by AT&T Cybersecurity. Visit https://securityweekly.com/attrsac to learn more about them!
EASM is a critical component of continuous threat exposure management and a necessary step in improving validation and vulnerability management processes. Gartner recently published a report describing the evolution of EASM and where it's headed in the market. We're excited to see the market move in this direction because, at NetSPI, we're already committed to investing in our team and technology to stay ahead of these trends. We already have a head start.
This segment is sponsored by NetSpi. Visit https://securityweekly.com/netspirsac to learn more about them!
“Man plans, the Universe laughs” - unfortunately, that’s been the saying for far too long when it comes to cybersecurity. Security leaders know it's only a matter of time before their organization gets breached, but instead of being ready for it, they rely on fixing the problem after it happens. In Cisco’s newest report, the first ever Cybersecurity Readiness Index, it was found that a small minority of businesses globally (15%) consider themselves to be ready and able to defend against the expanding array of cybersecurity risks and threats of today. Organizations need to get ready and stay ready with solutions they can trust.
This segment is sponsored by Cisco. Visit https://securityweekly.com/ciscorsac to learn more about them!
OpenText Cybersecurity is on a mission to simplify security by delivering smarter, innovative solutions. Geoff Bibby, the SVP of OpenText Cybersecurity Marketing & Strategy, will offer insight into the company’s purpose-built approach to create a powerhouse cybersecurity portfolio that scales to meet the security needs of large enterprises down to individual consumers.
This segment is sponsored by OpenText. Visit https://securityweekly.com/opentextrsac to learn more about them!
The continued headcount shortage facing cybersecurity teams is driving many organizations to embrace Managed Detection and Response (MDR) as a way to combat cyber threats. With this demand, dozens of MDR companies have emerged over the past two years. Critical Start’s CTO, Randy Watkins, will discuss the origin of MDR, share evaluation tips, and reveal some of the potential pitfalls.
This segment is sponsored by Critical Start. Visit https://securityweekly.com/criticalstartrsac to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw316
Rob "Mubix" Fuller comes on the show to talk about penetration testing, what's changed over the years? He'll also discuss "Jurassic Malware" and creating games in your BIOS.
This week in the Security News: 5-year old vulnerabilities, hijacking packages, EV charging apps that could steal stuff, do we even need software packages, selling hacking tools and ethics, I hate it when vendors fix stuff, HTTPS lock status, no pornhub for you!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw783
Pornhub, LobShot, TMobile, lawsuits, CISA, CERN, AI, Jason Wood, and more on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn294
Application security is messy and is getting messier. Modern application security teams are struggling to identify what's more important to fix. Cloud security and application security is getting squeezed all together. Modern vulnerability maturity needs a new approach and guidance. Vulnerability management framework and mature defect management is often overlooked as organizations tend to identify issues and stop there. The devil is usually in the details and time gets burned down in identifying who needs to solve what where. Vulnerability Management Maturity Framework has been created to address that.
Segment Resources:
Framework: https://phoenix.security/vulnerability-management-framework/
Books on metrics: https://phoenix.security/whitepapers-resources/data-driven-application-security-vulnerability-management-are-sla-slo-dead/
Vulnerability aggregation and prioritization https://phoenix.security/whitepapers-resources/whitepaper-vulnerability-management-in-application-cloud-security/
Shift left: https://phoenix.security/shift-everywhere/
Vulnerability management talk: https://phoenix.security/web-vuln-management/
Vulnerability management framework playlist (explained) https://www.youtube.com/playlist?list=PLVlvQpDxsvqHWQfqej5Gs7bOd-cq8JO24
How to act on risk: https://phoenix.security/phoenix-security-act-on-risk-calculation/
Without visibility into your entire web application attack surface and a continuous find and fix strategy, dangerous threats can expose your organization's blind spots and create risk. Invicti analyzes common web application vulnerabilities across thousands of assets yearly and releases the Invicti AppSec Indicator for a holistic view of application vulnerability trends from automated scan results across regions. In this interview, Invicti's Patrick Vandenberg zooms in on the vulnerabilities plaguing organizations, providing insight into this year's report trends, and guidance on how CISOs and AppSec program leaders can create an environment for their teams that mitigates risk.
Segment Resources: https://www.invicti.com/clp/appsec-indicator/?utm_medium=contentsyn&utm_source=sc_media&utm_campaign=i-syn_RSA-CRA-interview-2023&utm_content=230424-ga_spring-appsec-indicator&utm_term=brand T
his segment is sponsored by Invicti. Visit https://securityweekly.com/invictirsac to learn more about them!
Flaws in the design and implementation of an application can create business logic vulnerabilities that allow attackers to manipulate legitimate functionality to achieve a malicious goal. What’s more, API-related security incidents exploit business logic, the programming that manages communication between the application and the database. In this discussion, Karl Triebes shares what you need to know about business logic attacks to effectively protect against them.
This segment is sponsored by Imperva. Visit https://securityweekly.com/impervarsac to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw239
This week, it's time for Security Money. We recap Q1 2023 with the latest financial results, funding announcements, and layoffs. Don't miss this quarterly update. At the market close on April 28th 2023: - SW25 Index is 1,404.31, which is an increase of 40.43% (up from last Q) since inception. - NASDAQ Index is 12,226.58, which is an increase of 84.27% (up from last Q) during the same period.
CISOs face the complex challenge of protecting organizations against an expanding array of cybersecurity risks. While the role requires constant adaptation to protect against new threats, CISOs often bear the blame when defenses are breached. In this segment Kunal Anand, CTO & CISO, Imperva, discusses the evolution of the role and what aspiring professionals need to know if they want to hold the title.
This segment is sponsored by Imperva. Visit https://securityweekly.com/impervarsac to learn more about them!
Today’s security products are evolving to meet the changing attack surface, each one targeting a specific set of risks. For organizations, this typically means that to increase security maturity, they need to implement a number of different solutions, and as the attack surface continues to expand, their tech stack quickly becomes difficult to manage. It’s time for the industry to help security teams achieve a better balance and reduce this operational burden.
Segment Resources:
This segment is sponsored by Fortra. Visit https://securityweekly.com/fortrarsac to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw304
Github, FIN7, Banks, Minecraft, Google Authenticator, Qualcomm, TenCent, BlueSky, Derek Johnson talks about China and More on this episode of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn293
STM32 boards, soldering, decapping chips, RTOS development, lasers, multiple flippers and for what you ask? So I can be alerted about a device I already know is there. The Flipper Zero attracted the attention of news outlets and hackers alike as people have used it to gain access to restricted resources. Is the Flipper Zero that powerful that it needs to be banned? This is a journey of recursion and not taking “no” for an answer. Kailtyn Hendelman joins the PSW crew to discuss the Flipper Zero and using it to hack all the things. In the Security News: SSDs use AI/ML to prevent ransomware (And more buzzword bingo), zombie servers that just won't die, spectral chickens, side-channel attacks, malware-free cyberattacks!, your secret key should be a secret, hacking smart TVs with IR, getting papercuts, people still have AIX, ghosttokens, build back better SBOMs, Salsa for your software, Intel let Google hack things, and they found vulnerabilities, and flase positives on your drug test, & more!
Flipper resources: * [Changing Boot Screen Image on ThinkPad's UEFI](https://www.youtube.com/watch?v=kvqZRTMAlMA -Flipper Zero) * [A collection of Awesome resources for the Flipper Zero device.](https://github.com/djsime1/awesome-flipperzero) * [Flipper Zero Unleashed Firmware](https://github.com/DarkFlippers/unleashed-firmware) - This is what Paul is using currently. * [A maintained collective of different IR files for the Flipper!](https://github.com/UberGuidoZ/Flipper-IRDB) - Paul uses these as well. * [Alternative Infrared Remote for Flipperzero](https://github.com/Hong5489/ir_remote)
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw782
Teenage Mutant Ninja Hackers, Mark Twain, TP-Link, Intel, Papercut, Rustbucket, Solarwinds, Blue Check Marks, Jason Wood, and more on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn292
Jeff Moss shares some of history of DEF CON, from CFPs to Codes of Conduct, and what makes it a hacker conference. We also discuss the role of hackers and researchers in representing users within policy discussions.
Segment links
Microsoft turns to a weather-based taxonomy, k8s shares a security audit, a GhostToken that can't be exorcised from Google accounts, BrokenSesame RCE, typos and security, generative AI and security that's more than prompt injection
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw238
We talk a lot about closing the skills gap, but it's harder said than done. So we thought we'd tackle the problem in our 2nd episode os Say Easy, Do Hard. Part 1 will discuss the skills needed, the requirements of the position, and the real qualifications for cybersecurity jobs. We will discuss the practical, realistic expectations of working in cybersecurity, not the hyped stereotypical positions.
After discussing the requirements for working in cybersecurity, part 2 will tackle where to find the talent. We will explore education, apprenticeships, mentorships, and training. We will also identify areas within the business that have resources with skills that are very complementary with cybersecurity that also make great recruiting areas.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw303
Elon, Clop, EvalPhP, VMWare, Google, Fancy Bear, Routers, 3CX, Aaran Leyland, and More on this episode of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn291
Discuss observations and trends across the venture capital ecosystem as it pertains to cybersecurity. This will include a re-cap in how 2022 ended, what we saw in Q12023, and what we expect from an investing standpoint.
Segment Resources:
With over 1 billion records exposed in just the top 35 breaches, over $2.6 billion stolen in the top nine cryptocurrency breaches, and over $2.7 billion in fines levied to the top 35 violators, lessons abound for security teams. We will walk through some of the biggest trends in last year's data breaches and privacy violations, and we'll talk about what security leaders can learn from these events.
Segment Resources:
https://www.forrester.com/blogs/2022-breaches-and-fines-offer-lessons-to-security-leaders
In the Enterprise Security News, Lots of funding announcements and new companies, Private Equity acquires Maltego, Cinven acquires RSA Archer Comcast launches a security product, Zscaler has beef with Gartner, CISA releases updated Zero Trust Model, Amazon jumps into the AI LLM fray, AutoGPT stretches the imagination and potential use cases, The Ever Changing API security market, New security books just released, Zombie birds!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw314
Quantum computing is a rapidly emerging technology that harnesses the laws of quantum mechanics to solve problems that today’s most powerful supercomputers cannot practically solve. IBM's Dr. Kayla Lee will explain how close we are to a computational quantum advantage: the point where a computational task of business or scientific relevance can be performed more efficiently, cost-effectively, or accurately using a quantum computer than with classical computations alone.
Segment Resources:
What is quantum computing? https://www.ibm.com/topics/quantum-computing
About IBM Quantum: https://www.ibm.com/quantum
About the IBM Quantum Development Roadmap: https://www.ibm.com/quantum/roadmap
Access and program a quantum computer: https://quantum-computing.ibm.com/
Quantum computers are scaling rapidly. Soon, they will be powerful enough to solve previously unsolvable problems. But they come with a global challenge: fully-realized quantum computers will be able to break some of the most widely-used security protocols in the world. Dr. Vadim Lyubashevsky will discuss how quantum-safe cryptography protects against this potential future.
Segment Resources:
IBM Quantum Safe: https://www.ibm.com/quantum/quantum-safe
IBM scientists help develop NIST’s quantum-safe standards: https://research.ibm.com/blog/nist-quantum-safe-protocols
Government and industry experts recommend moving to quantum-safe cryptography: https://research.ibm.com/blog/economist-quantum-safe-replay
We're talking with Matt Johansen about his new newsletter, Vulnerable U. We'll discuss his journey from vendors to massive enterprises to less massive enterprises and what he's learned about InfoSec along the way. Like us, Matt has some strong takes on many InfoSec topics, so this conversation could go down many paths. Regardless, we're excited about the journey and the destination with this interview.
Subscribe to [Vulnerable U] https://link.mail.beehiiv.com/ss/c/CygrK4bVgDWxdDLo_7X0UUe8u_TcBPAeAQlRvYdH5hN2mTxFi32BUXbh9K9a2mS8ILJXWKo4rmayv53niV3c6NrsGo7UAp6yFd9EScNQoNwURBhep7S6sIyNBsEMNJ7Z/3v8/6L9W-AB2Sx6Ts9cCBWFiYw/h9/mYsvCYdHno82QRYGHJuyaUZtu8PbgH5PWFi3mLY1CNg
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw315
We will talk about Supply chain security, the TPM 2.0 vulnerabilities recently discovered by a Quarkslab researcher, bugs in reference implementations, vulnerability disclosure and perhaps various other topics.
Segment Resources:
Vulnerabilities in the TPM2.0 reference implementation https://blog.quarkslab.com/vulnerabilities-in-the-tpm-20-reference-implementation-code.html
Vulnerabilities in High Assurance Boot of NXP i.MX microprocessors https://blog.quarkslab.com/vulnerabilities-in-high-assurance-boot-of-nxp-imx-microprocessors.html
Heap memory corruption in ASN.1 parsing code generated by Objective Systems Inc. ASN1C compiler for C/C++ https://github.com/programa-stic/security-advisories/blob/master/ObjSys/CVE-2016-5080/README.md
In the security news: Blizzards, Sleet, Typhoons, Sandstorms and Tsunamis, masking your car stealing tech in a Nokia phone, kill -64, Google doesn't want to fix an RCE, hijacking packages, monitoring macs, beating Roulette, lame advice from Microsoft, are post-authentication vulnerabilities even vulnerabilities?, Ghosts, burpgpt, and do you trust Google? All that and more on this episode of Paul’s Security Weekly.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw781
Securing the business can often come at a cost of employee productivity, but it doesn’t have to be this way. Especially in today’s economic climate, the security team cannot be seen as a blocker to business. Aviv discusses how to find that balance in today’s episode.
This segment is sponsored by Votiro. Visit https://securityweekly.com/votiro to learn more about them!
In the leadership and communications segment, Security Is a Revenue Booster, Not a Cost Center, How cybersecurity leaders can tackle the skills shortage, Engaged Employees Create Better Customer Experiences, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw302
We talk with Ben about the rewards, hazards, and fun of bug bounty programs. Then we find out different ways to build successful and welcoming communities. A new deps.dev API for supply chain enthusiasts, hacking and modding agricultural devices, guidance from CISA on secure by design (and by default!), Glaze brings adversarial art to AI training, key transparency for WhatsApp, a new appsec myth(?), Android hacking tool list, and a Chrome extension to find web debugging behavior.
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw237
Sisyphus and Elon, Action1, Cyber insurance, CISA, LockBit, AI, Jason Wood, and more on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn290
MSMQ, CLFS, Fortinet, Spectre redux, Google Pay, BingBots, Aaran Leyland, and More on this episode of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn289
Fortra's Core Security has conducted it's fourth annual survey of cybersecurity professionals on the usage and perception of pen testing. The data collected provides visibility into the full spectrum of pen testing’s role, helping to determine how these services, tools, and skills must evolve.
Segment Resources:
https://www.fortra.com/resources/guides/2023-pen-testing-report
This segment is sponsored by Fortra's Core Security. Visit https://securityweekly.com/fortracoresecurity to learn more about them!
Compliance with cyber security frameworks such as NIST, PCI, HIPAA, etc. have largely been driven by paper-based processes in Word and Excel. With the rise of cloud computing, containers, and ephemeral systems, paper-based processes can no longer keep up with the speed of business and compliance has become the new bottleneck to progress for highly regulated industries such as government, finance, and energy sector. This session will cover how RegScale is leading a RegOps movement to bring the principles of DevOps to compliance with the world’s first real-time GRC system that enables compliance as code via NIST OSCAL. RegOps seeks to shift compliance left to make it real-time, continuous, and complete so that paperwork is always up to date, self-updating, and takes less manual resources to manage.
Segment Resources:
Website – https://www.regscale.com
Documentation/Learn More – https://regscale.readme.io
In this news segment, we discuss the art of branding/naming security companies, some new cars just out of stealth, 5 startups just out of Y Combinator, and Cybereason's $100M round from Softbank. We also talk new features (Semgrep's new GPT-4 use case), new newsletters, and new reports. We break down Nexx's broken vulnerability disclosure program and its broken products. We also discuss the FDA's new ability to block device certification for security reasons. Android announces rules to make it easier for consumers to delete accounts and remove data when they uninstall apps. IT and Security professionals everywhere are asked not to report breaches, but in some countries more than others. CISOs are more prone to drinking problems, and finally, for our squirrel stories, we discuss a crazy app called Newnew and new ideas in prosthetics.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw313
Imagine an illness that requires surgery a few times a month and restricts your mobility. What would that do to your career? In our chat with Billy Boatright today, we'll find out how he not only switched careers despite his illness, he found an advantage in his weaknesses: he turned them into effective social engineering skills.
In the security news, FBI seizes one of the biggest stolen credential markets, Is catching ransomware the baseline for detection and response? Potential outcomes of the US National Cybersecurity Strategy, Thieves are using headlights to steal cars, China wants to censor generative AI, Tesla sued for snooping on owners through built-in cameras, All that and more, on this episode of Paul’s Security Weekly.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw780
Application security in the cloud is a crucial aspect of protecting data and preventing unauthorized access to applications hosted on cloud platforms. As cloud computing becomes more prevalent, ensuring the security of applications has become a top priority for organizations. This is because cloud environments present unique security challenges, such as shared resources, multi-tenancy, and a lack of physical control. Therefore, it is essential to implement security measures that are specific to cloud-based applications.
Segment Resources: - https://www.youtube.com/@Infosecvandana/videos
Lessons from an old 2008 JSON.parse vuln, opening garage doors with a password, stealing cars with CAN bus injection, manipulating Twitter's recommendation algorithm, engineering through complexity, successful tabletop exercises, and the anniversary of Heartbleed.
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw236
FTX, CISA, Apple, RPKI, Circle, NEXX, MSI, Jason Wood, and more on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn288
Barracuda just released a report on Ransomware findings, here: https://assets.barracuda.com/assets/docs/dms/2023 -Ransomware-insights-report.pdf.
Here are a few of the highlighted stats:
Fleming Shi joins Business Security Weekly to discuss the findings and ways to better prepare for these attacks. In the leadership and communications segment, How to Succeed As a New Chief Information Security Officer, Lead by Example: What Army Special Forces Can Teach You About Leadership, How to Take Risks & Conquer Fears, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw301
Naughty Tesla, Flipper Zero, Rilide, Styx, Genesis, Sophos, Cisco, Meta, Aaran Leyland, and More on this episode of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn287
The approach of cybersecurity workforce development and how someone with such technical background come to designing a degree program with non-traditional approach. What it takes to keep it going?
Segment Resources:
https://go.boisestate.edu/ucore
https://go.boisestate.edu/gcore
In the Security News: Rorschach, QNAP and sudo, why bother signing things, why bother having a password, why bother updating firmware, smart screenshotting, TP-Link oh my, music with Grub2, byte arrays and UTF-8, what is my wifi password, Debian and systemd, opening garage doors, downgrade your firmware to be more secure, exploit databases, this is like a movie, unsolved CTFs, and Near-Ultrasound Inaudible Trojans! All that and more on this episode of Paul’s Security Weekly!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw779
Kellermann will discuss the recently published report “Cyber Bank Heist” that exposes the cybersecurity threats facing the financial sector. Security must be a top-of-mind issue amid rising geopolitical tensions, increased destructive attacks utilizing wipers and a record-breaking year of zero-day exploits. Podcast listeners will learn what financial sector security leaders from around the world revealed in a series of interviews about specific trends when it comes to notable cyberattacks, e-fraud and cyber defense.
Segment Resources:
- https://www.contrastsecurity.com/cyber-bank-heists-report
Overall increase in government regulations. EU as well. Shift in liability from consumers to organizations.How to take advantage of safe harbor protections and reduce organizational risk and liability. NIST SSD Framework - how do you understand the security practices of the open source packages you use in your applications and ensure they are following the NIST practices (so you can take full advantage of safe harbor protections and reduce potential liability). Creating a network of open source maintainers, documenting and attesting to their security practices, is a solution. Work with the maintainers to be able to provide documentation. How to get more involved with development in open source security. What is the mechanism?
Segment Resources:
https://tidelift.com/government-open-source-cybersecurity-resources
In this week's enterprise security news, we talk about new companies and funding, trends in the deception and SaaS Security/SSPM space. We discuss Andy Ellis's "10 plagues of cloud security" and Kelly Shortridge's 69 ways to F*&$ up your deploy. We discuss rolling out Yubikeys and the pros/cons of using biometrics instead of security keys. There have been some bad takes in the media on how OpenAI uses your ChatGPT prompts, so we set the record straight there. Cybersecurity is a new requirement for K-12 students in North Dakota, and you've got to see this week's security story - a rogue tire sends a Kia Soul FLYING.* * - but no one was hurt!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw312
Following on from her successful title "Container Security", Liz has recently authored "Learning eBPF", published by O'Reilly. eBPF is a revolutionary kernel technology that is enabling a whole new generation of infrastructure tools for networking, observability, and security. Let's explore eBPF and understand its value for security, and how it's used to secure network connectivity in the Cilium project, and for runtime security observability and enforcement in Cilium's sub-project, Tetragon.
Segment Resources:
Download "Learning eBPF": https://isovalent.com/learning-ebpf
Buy "Learning eBPF" from Amazon: https://www.amazon.com/Learning-eBPF-Programming-Observability-Networking/dp/1098135121
Code examples accompanying the book: https://github.com/lizrice/learning-ebpf=
Cilium project: https://cilium.io
Tetragon project: https://tetragon.cilium.io/
BingBang and Azure, Super FabriXss and Azure, reversing the 3CX trojan on macOS, highlights from Real World Crypto, fun GPT prompts, and a secure code game
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw235
Why 300? 300 is a perfect game in bowling, a milestone few have achieved (unless you're Brendan Alderman who has done it twice before the age of 20). 300 podcast episodes is almost 7 years of recording, a milestone most podcasts haven't achieved. So we thought is was worth celebrating! Join current and former BSW hosts to get a brief history of Business Security Weekly, including:
You ask, we respond. This Ask Me Anything (AMA) segment allows the audience to ask the BSW hosts anything. From leadership skills to career advice or even why Alderman keeps moving, this segment answers the questions you want to know.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw300
ProtoCell Phones, KEV, Efile, 3CX, Western Digital, NATO, Jason Wood, and More on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn286
Flappy TREX lips, WooCommerce, 3CX, Zimbra, OneNote, ChatGPT, ProPump, Aaran Leyland, and More on this episode of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn285
So much of the tech world went remote at the start of the pandemic, and many of those jobs (and engineers) show no sign of ever going back into an office. Building successful teams in this environment takes a different approach, one defined by autonomy and trust. In this segment, Nickolas Means, VP of Engineering at Sym, will share insights from more than a decade of leading distributed teams to help us all thrive in a world where distributed is the new normal.
The White House recently revealed their National Cybersecurity Strategy and its 5 pillars. Some is straightforward - some is more controversial. Josh helped with it and wrote a blog about it. Adrian read that post and asked Josh to come discuss it. So here we are.
Segment Resources:
https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf
In the enterprise security news, early stage startup funding stays constant, but late stage is nowhere to be found. Cisco, XM Cyber, and Mastercard make acquisitions. YouTube channels keep getting hacked. Microsoft fails to use Azure securely. Organizations are making progress on zero trust, but slowly. Finally, more discussion on AI threats, concerns, and predictions.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw311
How to get into reversing embedded firmware? Can the planet really be hacked? We'll go over a couple of fun exploitation examples, see what mistakes were made and maybe what could have been done better to make these devices tougher to break into.
Segment Resources:
Voip phone hacking: Blog: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/avaya-deskphone-decade-old-vulnerability-found-in-phones-firmware/
Def Con presentation (intro to hardware hacking): https://www.youtube.com/watch?v=HuCbr2588-w&ab_channel=DEFCONConference
Medical Research: BBraun infusion pump: https://www.youtube.com/watch?v=6agtnfPjd64&ab_channel=hardwear.io
Medical devices under attack: https://www.rsaconference.com/USA/agenda/session/Code%20Blue%20Medical%20Devices%20Under%20Attack
Hacking DrayTek routers: https://www.youtube.com/watch?v=CD8HfjdDeuM&ab_channel=Hexacon
Philippe's public work: https://github.com/philippelaulheret/talks_blogs_and_fun
In the Security News: Turning traffic lights green with the flipperzero (and a bunch of other hardware), suspending AV and EDR, Test signing mode, Linux control freaks, hacking the Apple Studio Disaply, Intel;s attack surface reduction claim, the truth about TikTok that everyone is missing, just stop developing AI, but only for 6 months, anyone can connect to Amazon's wireless network, revoking the wrong things, losing your keys, the funny, not-so-funny things about firmware encryption, and exploding thumb drives. All that, and more, on this episode of Paul’s Security Weekly!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw778
With the increased interest and use of AI such as GTP 3/4, ChatGPT, GitHub Copilot, and internal modeling, there comes an array of use cases and examples for increased efficiency, but also inherent security risks that organizations should consider. In this talk, Invicti’s CTO & Head of Security Research Frank Catucci discusses potential use cases and talks through real-life examples of using AI in production environments. Frank delves into benefits, as well as security implications, touching on a number of security aspects to consider, including security from the supply chain perspective, SBOMs, licensing, as well as risk mitigation, and risk assessment. Frank also covers some of the types of attacks that might happen as a result of utilizing AI-generated code, like intellectual property leaking via a prompt injection attack, data poisoning, etc. And lastly, Frank shares the Invicti security team's real-life experience of utilizing AI, including early successes and failures.
Segment Resources:
This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them!
Ferrari refuses ransomware, OpenAI deals with security issues from cacheing, video killed a crypto ATM, GitHub rotates their RSA SSH key, bypassing CloudTrail, terms and techniques for measuring AI security and safety
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw234
Twitter, Tax Scams, Microsoft, Executive Orders, Pwn2Own, French Bans, and more on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn284
We often see security as a thing that has definitive check boxes, end states and deliverables. Audits "end" and then start again, but if you are looking at security as a noun -- as in, a thing that gets done, you are falling short. Security must be a verb. You DO security, you do not HAVE security. Security weaves through every layer and goes beyond the IT assets or codebase. This includes: Guerrilla marketing of gaining end-user buy-in for initiatives Iterative tuning of your data sources Active engagement with real-time feedback from the user base and technical teams Threat- and risk-informed decisions need to be capable of adapting when things get turned upside down. You need to create a culture and the associated processes to look at security like you do. Security teams and roadmaps are designed to look (often myopically) at specific "deliverables" and not so much at the vital signs of the security ecosystem in any given moment (and what that looks like OVER TIME, not at a moment IN time).
This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them!
In the leadership and communications section, CISO, The Board, and Cybersecurity, How CISOs Can Work With the CFO to Get the Best Security Budget, Building Effective and Skilled Teams Through Networking, Connectivity, and Communication, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw299
SafeLiShare delivers tamperproof security from inside out across clouds and eliminate algorithmic complexity attacks and reverse never-ending cycles of defense using policy controlled Confidential Computing with secure enclave technology.
Segment Resources:
Presentation - https://1drv.ms/p/s!AqqNWej5CK8uhEoIZW5MUxMTQLJU
Blog - https://safelishare.com/blog/defining-confidential-computing/
Video - https://safelishare.com/data-privacy-resources/
The ioXt Alliance is a group of manufacturers, industry alliances, labs, and government organizations, dedicated to harmonizing best security practices and establishing testable standards. Our goal is to bring security, upgradability and transparency to the market and directly into the hands of consumers. Come learn about Smart Product security and what consumers should be asking for.
Segment Resources: https://www.ioxtalliance.org/
This week in the Enterprise News: Dope Security nabs $16M led by GV to build out secure web gateways designed to work on endpoints, not in the cloud, Introducing Microsoft 365 Copilot: your copilot for work, A Tweet from Daniel Feldman, A simple test, given to both GPT 3.5 and GPT 4, AI Hires a Human to Solve Captcha, Because It Couldn’t Solve It Itself, You know what's different between AI and you? Those goosebumps on your arms right now and the ice water in your veins. AI can't do that. Amazing Invention- This Drone Will Change Everything, & Cyber Startup Buzzword Bingo: 2023 Edition
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw310
This week Dr. Doug talks: TikTok, Github, CISA and More CISA, Netgear, Do Kwon and More on this episode of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn283
We sit down with Nico Waisman to discuss vulnerability research and other security-related topics!
In the Security News: Windows MSI tomfoolery, curl turns 8...point owe, who doesn't need a 7" laptop, glitching the ESP, your image really isn't redacted or cropped, brute forcing pins, SSRF and Lightsail, reversing D-Link firmware for the win, ICMP RCE OMG (but not really), update your Pixel and Samsung, hacking ATMs in 2023, breaking down Fortinet vulnerabilities, Jamming with an Arduino, it 315 Mega hurts, analyzing trojans in your chips, and the 4, er 1, er 3, okay well how to suck at math and the 4 Cs of Cybersecurity! All that, and more, on this episode of Paul’s Security Weekly!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw777
When CISOs report into CEOs it gives them more autonomy, empowers them with more decision making authority, and eliminates the inherent conflict of interest present when CISOs report into IT leaders like the CIO.
Segment Resources:
https://www.forrester.com/blogs/five-reasons-why-cisos-should-report-to-ceos
In the leadership and communications section, CISO: A Job in Search of a Description, The Rise of the BISO in Contemporary Cybersecurity, When More is Less: The Dangers of Over-Communication in Teams, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw298
Static analysis is the art of scrutinizing your code without building or running it. Common static analysis tools are formatters (which change whitespace and other trivia), linters (which detect likely best practice and style issues), and type checkers (which detect likely bugs). Each of these can aid in improving application security by detecting real issues at development-time.
Segment Resources:
Outlook can leak NTLM hashes, potential RCE in a chipset for Wi-Fi calling in phones (and autos!?), the design of OpenSSH's sandboxes, more on the direction of OWASP, celebrating 25 years of Curl.
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw233
Dr. Doug talks: The Tang Dynasty, ZippyShare, NuGet, PinDuoDuo, Ernie, Lantern, HDD hard drives, and more on this edition of the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn282
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Financial Scams, Microsoft, BianLian, Leihigh Medical, CISA, Vile, and More on this episode of the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn281
The CI/CD pipeline is the backbone of the software development process, so it's critical to ensure you are meeting and exceeding the most critical security measures. Throughout this podcast, Tal Morgenstern, Co-founder and CSO of Vulcan Cyber, will break down the process of how organizations can properly secure a CI/CD pipeline into a checklist of four key steps, as well as offer a handful of tools and tactics security leadership can use to bake risk-based vulnerability management into their CI/CD pipelines. He will explain how securing your CI/CD pipelines alone is not enough to reduce the chances of cyber attacks and the importance for organizations to not only maintain security at speed and scale, but quality at speed and scale. Finally, Tal will dive into how Vulcan Cyber helps organizations to streamline security tasks in every stage of the cyber-risk management process, integrating with their existing tools for true end-to-end risk management.
Segment Resources:
https://vulcan.io/blog/ci-cd-security-5-best-practices/
https://www.youtube.com/watch?v=nosAxWc-4dc
Tap, tap - is this thing on? Why do defenders still struggle to detect attacks and attacker activities? Why do so many tools struggle to detect attacks? Today, we've got an expert on detection engineering to help us answer these questions. Thinkst's Canary and Canarytokens make in catching penetration testers and attackers stupidly simple. Thinkst Labs aims to push these tools even further. Casey will share some of the latest research coming out of labs, and we'll ponder why using deception for detection isn't yet a de facto best practice.
Segment Resources:
Finally, in the enterprise security news, We quickly explain the SVB collapse, A few interesting fundings, Rapid7 acquires Minerva who? We’ll explain. GPT-4 - what’s new? Detect text written by an AI! Then, produce text that can’t be detected as written by an AI! The K-Shaped recovery of the cybersecurity industry, Software Security is More than Vulnerabilities, Microsoft Outlook hacks itself, Robert Downey Jr. gets into teh cyberz, & Reversing intoxication!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw309
Software supply chain attacks, those in which hackers target the "water supply" of software are on the rise. This makes software developers everywhere valid targets. We will discuss the developer perspective on software supply chain attacks.
Segment Resources:
In the security news: AI on your PI, no flipper for you, stealing Tesla's by accident, firmware at scale, the future of the Linux desktop, protect your attributes, SOCKS5 for your Burp, TPM 2.0 vulnerabilities, the world's most vulnerable door device and hiding from "Real" hackers, sandwiches, robot lawyers, poisonis epipens, and profanity in your code! All that, and more, on this episode of Paul’s Security Weekly!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw776
In this segment, Josh will talk about the OWASP ASVS project which he co-leads. He will talk a little about its background and in particular how it is starting to be used within the security industry. We will also discuss some of the practicalities and pitfalls of trying to get development teams to include security activities and considerations in their day-to-day work and examples of how Josh has seen this “in the wild”.
Segment Resources:
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw232
Natural language processing AI will be at the forefront in 2023, as it will enable organizations to better understand their customers and employees by analyzing their emails and providing insights about their needs, preferences or even emotions. As AI voice cloning technology becomes more powerful and readily available, we will see an increase in impersonation attacks that utilize audio deepfakes. Join Dr. Kiri Addison, Threat Detection and Efficacy Product Manager, Mimecast to discuss how you can prepare and protect your organization from these types of business email compromises with the right cybersecurity products that can effectively protect them against attacks like these.
This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecast to learn more about them!
In this week's leadership and communications segment, we discuss overemphasizing metrics, delegation drawbacks, security culture starts at the top, and succeeding in security with economic insecurity.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw297
Casper, Flipper, NordVPN, Ring, Silicon Valley Bank, GoBruteforcer, Aaran Leyland, and more on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn280
You know SBOMs can help you keep track of your software assets and therefore, their vulnerabilities. Despite even the White House pressing the issue, many vendors aren't forthcoming with SBOMs, and you can't afford to wait. With Tanium's Roland Diaz, we'll discuss the most important considerations when generating your own SBOMs (which is now something their product can also do!).
This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more!
Looking at topics around go-to-market strategy and product management, including: how building products is unique in cybersecurity compared to other industries, what is product-led growth and what shape it takes in security, and how to do it right. Touching on the broader and adjacent topics of writing, supporting cybersecurity startups, investing, and the like.
Segment Resources:
Venture in Security blog: https://ventureinsecurity.net/
Venture in Security Angel Syndicate: https://www.visangels.com/
Building Cyber Collective: https://ventureinsecurity.net/p/buildingcyber
Top Venture in Security Articles: https://ventureinsecurity.net/p/top-posts
Finally, in the enterprise security news, A light week in funding, after last week’s mega raises from Wiz and Sandbox AQ
HP acquires some Zero Trust and CASB with Axis Security InfoSec-themed Table Top gaming is really catching on
The White House’s updated cybersecurity strategy is more of an update than a game changer
I go a bit nuts with AI news and essays, but a lot of it is really worth your time, I promise
Doing evil things with chrome extensions
Women in cybersecurity
Letting strangers call you, on purpose
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw308
Selling your soul to the company store, Xenomorph, Sonicwall, Github, Veeam, TSA, Ring, Aaran Leylan, and More on this episode of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn279
Tune in to ask our PSW hosts anything you want to know! Join the live discussion in our Discord server to ask a question. Visit securityweekly.com/discord for an invite!
Larry Pesce, Jeff Man, Tyler Robinson, and more will be answering your questions, including:
In the Security News: Using HDMI radio interference for high-speed data transfer, Top 10 open source software risks, Dumb password rules, Grand Theft Auto, The false promise of ChatGPT, The “Hidden Button”, How a single engineer brought down twitter, Microsoft’s aim to reduce “Tedious” business tasks with new AI tools, The internet is about to get a lot safer, All that, and more!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw775
In this episode, Neatsun Ziv, co-founder and CEO of OX Security, takes a deep dive into software supply chain security. He focuses on the new Open Software Supply Chain Attack Reference (OSC&R), a first-of-its-kind framework for understanding techniques, tactics, and procedures (TTPs) used by attackers to compromise supply chains. OSC&R was forged by a group led by OX Security with cybersecurity pros from a number of companies, including Google, GitLab, FICO, Check Point, VISA and Fortinet.
Segment Resources:
OSCAR WebSocket hijack that leads to a full workspace takeover in a cloud IDE, malicious packages flood public repos, side-channel attack on a post-quantum algorithm, looking at OWASP's evolution, OAuth misconfigs lead to account takeover, AI risk management framework, Zed Attack Proxy
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw231
Lots of AI, Deepfakes, Microsoft Word, OneNote, Russian Pranksters, FIXS, Wago, Water, Aaron Leyland, and more on this edition of Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn278
From protecting application and data from cyberattacks to meeting compliance regulations, healthcare providers face the complex challenge of providing secure and reliable access to medical data. In this segment, Terry Ray joins Business Security Weekly to discuss common attack trends and security challenges that healthcare providers face along with guidance for securing healthcare data and applications.
This segment is sponsored by Imperva. Visit https://securityweekly.com/imperva to learn more about them!
In the leadership and communications section, Your Biggest Cybersecurity Risks Could Be Inside Your Organization, Subtracting: The Simplest Path to Effective Leadership, How to Be a Good Interviewer, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw296
Human brain bots grown in petri dish, CISA Decider, BlackLotus, Mustang Panda, Ex22, Dish and Aaran Leyland, and more on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn277
The MSP space has undergone a lot of changes in the past few decades, with the emphasis on security increasing dramatically in the last 5-10 years. We discuss how ConnectWise, which builds and sells solutions to MSPs, has tackled this challenge. We'll be asking questions both from Raffael's point-of-view, selling to MSPs, but also from the customer point-of-view - small to medium businesses with a need to outsource IT and security functions.
Today, we talk to Jim Routh - a retired CISO who survived the job for over 20 years! He'll be sharing some wisdom with us, like how analytics and data science can help detect malicious insiders. Also, more generally, Jim will help us understand how data-science-backed tooling can help move the security market forward and help security teams and programs mature.
Segment Resources:
https://www.reveal.security/resources/whitepapers/
This week in the Enterprise News: Deepwatch Announces $180 Million in Investments, VulnCheck Raises $3.2 Million to Solve Prioritization Challenge for Enterprise, Government and Cybersecurity Solution Providers, Zscaler to Acquire Israeli Startup Canonic Security, Palo Alto Q2 Fiscal Year 2023 Earnings Call, Tech’s hottest new job: AI whisperer. No coding required, How data breaches affect stock market share prices, & Kenyan Innovator Creates Smart Gloves That Translate Sign Language Into Audible Speech!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw307
Barracuda published its 2023 Email Security Trends report that shows how email-based security attacks affect organizations around the world. 75% of the organizations surveyed for the report had fallen victim to at least one successful email attack in the last 12 months, with those affected facing average costs of more than $1 million for their most expensive attack. 23% said that the cost of email-based attacks has risen dramatically over the last year.
Segment Resources:
https://assets.barracuda.com/assets/docs/dms/2023-email-security-trends.pdf
This segment is sponsored by Barracuda. Visit https://securityweekly.com/barracuda to learn more about them!
In the Security News for this week: indistinguishable classifiers, screenshot the /etc/passwd file, what the Zimbra, couple of cool Burp plugins, my voice is my passport. verify me, software is harder to exploit, unless its in firmware, when ChatGPT writes an article, becoming a trusted installer, not the last breach for lastpass, getting fried at the charger, and why hackers love stickers!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw774
ClippyNator, NewsCorp, Lastpass, US Marshals, Housez, PureCryptor, CyberStrategy, Jason Wood and more on this edition of Security Weekly News. show.fullaudio_desc_addendum
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn276
Join us for this segment with Lina Lau to learn lessons from real incident response engagements covering types of attacks leveraged against the cloud, war stories from supply chain breaches seen in the last 1-2 years, and how defenders and enterprises can better protect and proactively defend against these attacks.
Segment Resources:
Attacking and Defending the Cloud (Training) https://training.xintra.org/
Blackhat Singapore 2023 Training ADVANCED APT THREAT HUNTING & INCIDENT RESPONSE (VIRTUAL) https://www.blackhat.com/asia-23/training/schedule/index.html#advanced-apt-threat-hunting--incident-response-virtual-29792
Blackhat USA 2023 Training ADVANCED APT THREAT HUNTING & INCIDENT RESPONSE (IN-PERSON) https://www.blackhat.com/us-23/training/schedule/#advanced-apt-threat-hunting--incident-response-30558
Twitter 2FA goes away, safe testing for server-side prototype pollution, OWASP's guide on AI security & privacy, Adobe's approach to smarter security testing, a fast web fuzzer
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw230
Lots of press lately regarding ChatGPT and its impact on cybesecurity. Some say it will help us fight adversaries, while others say it will only make adversaries more sophisticated. Lot's of FUD on both sides of the discussion. BSW hosts debate the pros and cons of ChatGPT (and other AI) to truly understand its impact and what we, as security leaders, need to know. In the leadership and communications section, Leaders Are Feeling the Pressure of an Uncertain, Dynamic Risk Landscape, Gartner Predicts Nearly Half of Cybersecurity Leaders Will Change Jobs by 2025, How to Empower Teams, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw295
It's another holiday week, so enjoy this episode from the ESW archives!
The cloud and SaaS were supposed to make things easier, simpler, more scalable. Arguably, they _have_ done all those things, but traditional, legacy networks linger. Migrations are messy and take time. Nearly everything is encrypted in transit by default. Today, we interview Marty Roesch, the creator of Snort and founder of SourceFire, to discuss how things have changed and what defenders can do to catch up and restore some order to the madness. We'll step through some history along the way - listeners might be surprised at how much our current situation mirrors the reasons behind why Marty created Snort in the first place.
It's another holiday week, so enjoy this interview from the PSW archives!
We chat with Marcus J. Ranum of Tenable, pit ODROID against Raspberry Pi, and introduce you to USBee in our security news. All that and more, so stay tuned!
It's another holiday week, so enjoy this episode from the BSW archives!
This week, we welcome Graeme Payne, President at Cybersecurity4Executives, to discuss Impacts of a Data Breach! During the Equifax 2017 Data Breach, Graeme Payne was Senior Vice President and CIO of Global Corporate Platforms. He was fired the day before the former Chairman and CEO of Equifax testified to Congress that the root cause of the data breach was a human error and technological failure. Graeme would later be identified as the human error.
Show Notes: https://securityweekly.com/BSW172
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
It's another holiday week, so enjoy this episode from our archives!
What does a collaborative approach to security testing look like? What does it take to tackle an entire attack class as opposed to fixing a bunch of bugs? If we can shift from vulnerability mitigation to vulnerability elimination, then appsec would be able to demonstrate some significant wins -- and they need a partnership with DevOps teams in order to do this successfully. Log4j has more updates and more vulns (but probably not more heartburn...), revisiting outages and whether availability has made it into your threat models, deep dive into hardware security, another data point on bug bounty awards, and looking at risk topics for the next year. This completes another year of the podcast! A very heartfelt thank you to all our listeners! And a special thank you and shout out to the crew that helps make this possible every week -- Johnny, Gus, Sam, and Renee. We'll keep the New Wave / Post-Punk, movie, and pop culture references coming for all the appsec and DevOps topics you can throw our way. Thanks again everyone!!
Segment Resources:
- https://blog.trailofbits.com/
Show Notes: https://securityweekly.com/asw178
This week Dr. Doug civilly discusses: a Liquid Robot Death Punch, Korean cars, Fortinet, Frebniis, Atlassian, BingBots, Hacking Back, Derek Johnson covers the National Cyber Strategy documents and more on the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn275
Organizations today operate under the constant looming threat of cyber attacks. While reactive cybersecurity measures will help organizations respond to past and present threats, offensive measures are the only chance to get ahead of attackers and beat them to the punch. There is now a greater call for offensive solutions like penetration testing and red teaming to evaluate environments so security gaps can be identified and closed before a breach. Join us as we discuss how these solutions work both independently and together, as well as practical ways organizations can build or mature an offensive security strategy.
Segment Resources:
This segment is sponsored by Fortra. Visit https://securityweekly.com/fortra to learn more about them!
The memoir of world-renowned hacker Cris Thomas “Space Rogue: How the Hackers Known as L0pht Changed the World” is available for pre-order now. The new book, to be released on February 16, 2023, will cover the influential hacking group L0pht Heavy Industries, the hacker underground of the 1990s, the L0pht’s rise to prominence, their testimony in front of the US Senate, their claim of being able to “take down the Internet”, and how their legacy continues to shape the security of the online world today.
Segment Resources:
https://securityweekly.com/spacerogue
Inka talks about harnessing Behavioural Science (BS) to influence people’s cyber security behaviours. Focusing on psychology theories (e.g. Behaviour change wheel) she explores some of our barriers (and motivations) to cybersecurity. What are our FMEs ('frequently made excuses') to taking protective action online and how organisations' could create a supportive security culture.
Segment Resources:
Lead researcher for RISCS / UK Home Office funded research project: Cyber Security Quirks: Personalised Interventions for Human Cyber Resilience https://www.riscs.org.uk/project/cyber-security-quirks-personalised-interventions-for-human-cyber-resilience/
Inka will be presenting this research at the Impact Conference on 2.3.2023 https://www.theimpactconference.com/
Lead researcher/author of the Annual Cybersecurity Attitudes and Behaviours Report (2021 and 2022) https://www.cybsafe.com/whitepapers/cybersecurity-attitudes-and-behaviors-report/
SebDB (most comprehensive cyber security behaviour database) https://www.cybsafe.com/research/security-behaviour-database/
Personality and digital footprints whitepapers: https://www.cybsafe.com/whitepapers/personality-and-digital-footprints/
How to measure security behaviour https://www.cybsafe.com/e-books/how-to-measure-behavior-long-read/
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw306
Zero Trust is the buzzword of the 2020’s. Vendors are selling it, the US Federal Government is requiring it, and organizations are implementing it, but what does it really mean (I mean really beyond the hype)? In this segment, Paul and Ron will talk ways combat threats through people, process, and technology Zero Trust Risk Management.
Segment Resources:
Forrester Research Zero Trust blogs: https://www.forrester.com/blogs/category/zero-trust-security-framework-ztx/
Ron Woerner YouTube: https://www.youtube.com/user/ronw68123
VetSec: https://veteransec.org/
Free CISSP Training Program: https://frsecure.com/cissp-mentor-program/
In the Security News: If it can run Linux, it should, TikTok thefts, significant vulnerability findings, and I'm not even joking, typo squatting is lame, what will it take Bruce!, stealing from the TPM, GoAnywhere, including root, what if attackers targeted your yacht?, two for the price of one (exploits), X is really old, and vulnerable, come for a ride on a CHERI-OT and be memory safe, codebreaking old letters, and vulnerable wienermobiles! All that, and more, on this episode of Paul’s Security Weekly!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw773
Organizations spend hundreds of work hours to build applications and services that will benefit customers and employees alike. Whether the application/service is externally facing or for internal use only, it is mandatory to identify and understand the scope of potential cyber risks and threats it poses to the organization. But where and how do you start with an accurate threat model? Nick can discuss how to approach this and create a model that's useful to security and developers alike.
Segment Resources
https://github.com/trailofbits/publications/blob/master/reviews/2022-12-curl-threatmodel.pdf
Reddit's breach disclosure, simple vulns in Toyota's web portals, OpenSSL vulns, voting results for Portswigger's top 10 web hacking techniques of 2022, tiny IoT cryptography implementations, real world migration of a million lines of code
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw229
This week, guest host Aaran Leyland takes over with expert commentator Josh Marpet! Tune in for Clipper malware, Chinese hackers, record DDoS attack, Apple patch zero day flaw and more!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn274
How do you manage the human side of cybersecurity? Traditionally, security awareness programs have checked this box from a compliance angle but had minimal impact on cyber risk. Human Risk Management (HRM) is transforming this space by connecting an integrated, data-driven approach with personalized security training to deliver quantifiable results. In this session, we'll define HRM, explore how it is being adopted, and review the business case supporting the change.
This segment is sponsored by Living Security. Visit https://securityweekly.com/livingsecurity to learn more about them!
In the leadership and communications section, What CISOs Should Know About Hacking in 2023, Getting Employee Buy-In for Organizational Change, Listening — The most important communication skill, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw294
Dysentery, Healthcare Privacy, Gootloader, Bing AI, Vela, Russian jobs, Reddit, and Bradley Barth discusses his series on Walmart. All this and more on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn273
Tanium has recently released a new capability called Tanium Software Bill of Materials (SBOM) to help customers identify third-party libraries associated with software packages.
• What is Tanium SBOM
• Why is it different and why do you need it
• How to configure SBOM
• How to query for the details about every software application in your environment
• Where your vulnerable packages exist
• Ways that Tanium can remediate vulnerabilities from OpenSSL to Struts to Log4j today as well as new supply-chain vulnerabilities in the future
No one knows what the next supply chain vulnerability is going to be, but with Tanium, you will have access to data about how your applications are affected before it happens so that when it does, you're ready to take action to remediate the issue from within the Tanium XEM platform.
Segment Resources:
https://www.tanium.com/products/tanium-sbom/
https://www.tanium.com/blog/software-bill-of-materials-openssl/
This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them!
Syxsense and Enterprise Management Associates (EMA) recently teamed up to publish a survey around the current state of Zero Trust within enterprises as well as where it’s going. This interview will discuss the key findings and insights into the challenges many organizations face around Zero Trust, as well as endpoint security and network access.
Segment Resources:
https://www.syxsense.com/advancing-zero-trust-priorities
In the Enterprise News: Whether you want insurtechs or not, they’re here and you’re getting them! Don't worry - we’ll explain what insurtechs are. Two potential deals to take security companies private: Sumo Logic and Rapid 7! Looks like 32 year old security company Cyren is shutting down, hoping for an asset sale. They've already laid off all their employees. Big drama: a firm shorts Darktrace and releases a scathing report. We've got yet more more layoffs this week, but don't fret - the NSA is hiring!
For our squirrel stories, we'll be deciding between three stories: codebreakers solve 500 year old ciphers, the real cost of meetings visualized, and sushi terrorists!
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw305
Linux systems are a collection of free and Open Source software-- some packaged by your distro, some built from source. How do you verify that your upstream isn't polluted by bad actors?
Segment Resources:
https://github.com/evilsocket/opensnitch
https://securityonionsolutions.com/software/
https://deer-run.com/users/hal/
https://archive.org/details/HalLinuxForensics
In the Security News: VMware and Ransomware makes you want to run some where, double-free your OpenSSH, download the RIGHT software, you have Docker, I have root, we don't talk about CORS, to vulnerability or not to vulnerability, vulnerability risk scoring, a matter of perspective, very persistent Cisco attacks, running UPNP without all the protections, overflowing a buffer in your bootloader over HTTP, C can be memory safe (but developers will still screw it up), and lasers, microwaves, satellites and the Sun! All that, and more, on this episode of Paul’s Security Weekly!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw772
Linux systems are a collection of free and Open Source software-- some packaged by your distro, some built from source. How do you verify that your upstream isn't polluted by bad actors?
Segment Resources:
https://github.com/evilsocket/opensnitch
https://securityonionsolutions.com/software/
https://deer-run.com/users/hal/
https://archive.org/details/HalLinuxForensics
In the Security News: VMware and Ransomware makes you want to run some where, double-free your OpenSSH, download the RIGHT software, you have Docker, I have root, we don't talk about CORS, to vulnerability or not to vulnerability, vulnerability risk scoring, a matter of perspective, very persistent Cisco attacks, running UPNP without all the protections, overflowing a buffer in your bootloader over HTTP, C can be memory safe (but developers will still screw it up), and lasers, microwaves, satellites and the Sun! All that, and more, on this episode of Paul’s Security Weekly!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw772
Chat-GPT fails, Ernie, Bard, Chinese Androids, Fortra, Sunlogin, Dingo Token, Google Ads, Jason Wood and More on this edition of Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn272
Most of the myths and lies in InfoSec take hold because they seem correct or sound logical. Similar cognitive biases make it possible for even the most preposterous conspiracy theories to become commonly accepted in some groups. This is a talk about the importance of critical thinking and checking sources in InfoSec. Our industry is relatively new and constantly changing. Too often, we operate more off faith and hope than fact or results. Exhausted and overworked defenders often don't have the time to seek direct evidence for claims, question sources, or test theories for themselves.
Resources
- https://www.usenix.org/conference/enigma2023/presentation/sanabria
- https://www.usenix.org/sites/default/files/conference/protected-files/enigma2023_slides_sanabria.pdf
- Discuss: What Makes a Good Breach Response? - ESW #303: https://www.youtube.com/watch?v=5RpZiVu3xEs
The aviation equivalent of ASCII art, a memory safety issue in OpenSSH that might not be terrible, a format string in F5 that might be terrible, a new MITRE framework for supply chain security, programming languages and secure code
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw228
This week, it's Security Money. While the major indexes have improved, the SW25 index has not. Pressures from the macro economic conditions appear to have a greater impact on cybersecurity. We'll dig in and review.
In the leadership and communications section, Who Does Your CISO Report To?, 5 CISO Traps to Avoid and Truths to Embrace, How to effectively communicate cybersecurity best practices to staff, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw293
This week in the Security News Doug Chides: Chat-GPT, QNAP, Google FI, REDIS, Headcrab, Banner, GoodRx, Oracle, GoAnywhere, & more!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn271
Cyber insurance is a must-have, but organizations are finding that cyber insurance premiums are more costly, policies are more difficult to obtain, and policies attach more limitations and exclusions than before. We will discuss cyber insurance’s role in risk management and trends.
Segment Resources:
https://www.forrester.com/report/q-and-a-cyber-insurance/RES178563?ref_search=3185990_1675109251447
Insiders - employees, contractors, and partners - are responsible for almost a quarter of data breaches. Reducing insider risk requires a dedicated approach, including user monitoring. But be careful, Forrester predicts that a C-level executive will be fired for their firm’s use of employee monitoring in 2023.
Segment Resources:
https://www.forrester.com/blogs/predictions-2023-security/?ref_search=3092262_1675290315432
https://www.forrester.com/blogs/apply-critical-thinking-and-culture-to-reduce-insider-risk/
https://www.forrester.com/blogs/practice-empathy-to-reduce-insider-risk/
https://www.forrester.com/blogs/pandemic-fallout-creates-perfect-conditions-for-insider-threat/
In the Enterprise News: There's lots of executive shuffling going on! Saviynt gets a new CEO and $205M in funding, Forescout appoints its 4th CEO in as many years, and Mudge finds a place at Rapid 7. We've got some interesting trends, like more focus on securing small businesses, and more cybersecurity startups pairing technology with cyber insurance. It seems like only yesterday, we were shocked to hear that Microsoft was running a $10B security business, but Microsoft has apparently now grown security revenue to $20 BILLION DOLLARS.
Also, Tyler explains what Herman Miller chairs have to do with spotting market trends, we note the 20 year anniversary of SQL Slammer, and discuss why consumers don’t want smart appliances shoved down their throats!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw304
In a recent survey on purple teaming, 89 percent of respondents who had used the method deemed purple teaming activities “very important” to their security operations. Purple teaming exercises conducted regularly have the power to improve collaboration across teams, ensure issues are identified and remediated more proactively, and provide a means to measure progress over time. With all these benefits, why isn’t everyone doing it? Purple teaming doesn’t have to be such a heavy lift. With the right mindset and tools, any team can get started regardless of resources. This talk will highlight practical tips for getting started with purple teaming exercises and show off PlexTrac Runbooks, a platform designed to plan, execute, report, and remediate collaborative purple teaming engagements so teams can maximize their efforts and improve their security posture.
Segment Resources:
Learn more and book a demo: https://plextrac.com/securityweekly
More information on Runbooks: https://plextrac.com/platform/runbooks/
This segment is sponsored by PlexTrac. Visit https://securityweekly.com/plextrac to learn more about them!
In the Security News for this week: defending against cleaning services, catastrophic mutating events and the future, myths and misconceptions, finding vulnerabilities in logs (And not log4j), SSRF leads to RCE with a PoC, SQLi with XSS bypasses WAF FTW, thinkpad as a server, RPC directory traversal for the win, just directory traversal for the win, Paul gets a Flipper Zero and how he thinks he's some sort of hero, sh1mmer your chromebook, and superconductive magic angle graphene!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw771
A $10M ransom demand to Riot Games, a DoS in BIND and why there's no version 10, an unexpected refactor at Twilio, insights in Rust from the git security audit, SQL Slammer 20 years later, the SQLMap tool
We talk with Dr. David Movshovitz about There Is No Average Behavior!
Segment Resources:
White paper: https://www.reveal.security/lp/white-paper/
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw227
This week Dr. Doug talks: Chat-GPT, Graphing calculators, Swiftslicer, VRealize, Google play, KeePass, Huawei, Github, flying cars, Jason Wood, and More on the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn270
What keeps the cyber C-Suite up at night? What are their main priorities, and how do they articulate them to board? In this session, we’ll go behind the screens and find out what CISOs from all over the world really think in terms of making turning cyber risk into business risk.
This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecast to learn more about them!
In the leadership and communications section, Why CISOs Make Great Board Members, Unlock Your Leadership Potential: 12 Must-Read Books to Take Your Skills to the Next Level, How To Get People To Listen To You, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw292
This week Dr. Doug discusses: Empathy, hacking back, typosquatting, Bitwarden, Lexmark, Exchange, Russians, Iranians, Dragonbridge, Derek Johnson talks about Hive and more on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn269
What makes a good breach response? What makes a bad one? Could we objectively measure them? How would we break down and rate a company’s breach response performance?
This is the first in our 2 segment Enterprise News special! Stay tuned for segment 2!
This is the 2nd segment in our 2 segment Enterprise News special!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw303
This week in the Security News: GetVariable strikes again, attackers could blow up your computer remotely, escaping containers, null-dereferences and faulty evaluations, 31 new CPU vulnerabilities for AMD, a look into Chrome, santa, not-so-secure secure booting, and malware included!
Open source is the bedrock of most of the world’s software today, so how to raise the floor on software quality across the industry? First, we need better tools to measure the trustworthiness of code based on objective measures, processes that encourage better security practices by developers, and tools and processes that encourage teamwork and shared responsibility for security. Several efforts are underway in major open source communities to address these issues. At the Open Source Security Foundation (OpenSSF), major companies, open source software maintainers, startup companies and government actors are working together to improve open source software supply chain security. Brian will share his view of this landscape, detail the work being done at the OpenSSF, show where those efforts are already bearing fruit, and demonstrate what you and your organization can (must!) do to participate in these efforts.
Segment Resources:
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw770
Breach disclosures from T-Mobile and PayPal, SSRF in Azure services, Google Threat Horizons report, integer overflows and more, Rust in Chromium, ML for web scanning, Top 10 web hacking techniques of 2022 Developers write code. Ideally, secure code. But what do we mean by secure code? What should secure code training look like?
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw226
Richard Seiersen and our guest, Doug Hubbard, are finishing the second edition of How to Measure Anything in Cybersecurity Risk. Doug is here to share the success of the first edition and preview the second edition. With more insights, the second edition will share more more research data, free tools, and new concepts like FrankenSME. If you're a risk management professional or want to learn more about risk management, don't miss this interview. In the leadership and communications section, 8 Questions to Ask Before Selecting a New Board Leader, How Cybersecurity Leaders Can Build Employee Trust—And Why It Is Important, 7 rules to communicate the business value of IT, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw291
This Week Dr. Doug talks: Chick-Fil-A, OneNote, XLLs, VastFlux, Tmobile, ChatGPT, Ukraine, Microsoft, Jason Wood, and More on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn268
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn268
There's a LOT of noise in the security industry. We've catalogued over 10,000 cybersecurity products and each of the companies behind these products has a marketing team, a twitter account, a blog, and a ton of content to blast at enterprise security buyers. There's an interesting connection between GreyNoise's product, founder, and principles. While building a product that filtered out the noise that wastes most security operations teams' time, Andrew was dead set against building a startup that resembled the typical security startup. We'll discuss Andrew's unique path to market, the latest features of GreyNoise, and where the lines are drawn between malicious and benign scanning.
Show Notes: https://securityweekly.com/esw264
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
We're aren't recording this holiday week, so enjoy this PSW throwback episode! Main host Paul Asadoorian selected this episode to share as it's still relevant to the hacker community today. PSW366 was recorded June of 2016 with Gary McGraw.
We're aren't recording this holiday week, so enjoy this BSW throwback episode! Main host Matt Alderman selected this episode to share as it's still relevant to the InfoSec business community today.
This week, we welcome Jim Routh, Former CSO, Board member, Advisor at Virsec, to discuss The 3 Mistakes All First Time CISOs Make That No One Tells You!
Show Notes: https://securityweekly.com/bsw227
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://twitter.com/securityweekly
Follow us on Facebook: https://facebook.com/secweekly
We're aren't recording this holiday week, so enjoy this ASW throwback episode! Main host Mike Shema selected this episode to share as it's still relevant to the AppSec community today.
This week, we welcome Nuno Loureiro, CEO at Probely, and Tiago Mendo, CTO at Probely, to talk about Dev(Sec)Ops Scanning Challenges & Tips! There's a plenitude of ways to do Dev(Sec)Ops, and each organization or even each team uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important to understand how to integrate a security scanner in your DevSecOps processes. It all comes down to speed, how fast can I scan the new deployment? Discussion around the challenges on how to integrate a DAST scanner in DevSecOps and some tips to make it easier.
In the AppSec News: View source good / vuln bad, IoT bad / rick-roll good, analyzing the iOS 15.0.2 patch to develop an exploit, bypassing reviews with GitHub Actions, & more NIST DevSecOps guidance!
Show Notes: https://securityweekly.com/asw170
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Dr. Doug talks: Frozen, Fortinet, Scattered Spider, Cisco, Juniper, Apache no more, Telegram, Control Web Panel, and more on the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn267
Europe is a global driver for privacy rules and digital legislation. Which means it is also a force to be reckoned with when it comes to enforcement. With privacy and security being so intertwined, this conversation will focus on the current mindset in Europe and discuss recent regulators’ decision e.g. on Microsoft 365.
Segment Resources:
The International Association of Privacy Professionals (IAPP) is the world’s largest global information privacy community. IAPP website https://iapp.org/
About membership: https://iapp.org/join/
IAPP training is a path to professional advancement and ANSI/ISO-accredited certification. Developed with leading privacy and data protection experts, our in-depth courses span legal, regulatory, governance, and operational issues. Choose the subjects and training modalities that fit your career goals. More info about all IAPP trainings: https://iapp.org/train/
For example:
• IAPP Foundations of Privacy and Data Protection (Your Starting Point in Privacy Education): https://iapp.org/train/foundations/
• IAPP Privacy in Technology training – CIPT (for Software developers, information security professionals, data architects…): https://iapp.org/train/cipt-training/
Check out IAPP news and resources: https://iapp.org/news/ and https://iapp.org/resources/
Military-grade xIoT hacking tools are in use, cybercrime for hire that’s predicated on compromised xIoT devices has been monetized, and organizations worldwide are already “pwned” without even knowing it. Bad actors are counting on you being passive when it comes to xIoT security. Disappoint them!
Segment Resources:
xIoT Threat & Trend Report https://phosphorus.io/xiot-threat-and-trend-report-2022/
xIoT Security Podcast https://phosphorus.io/podcast/ Phosphorus Labs https://phosphorus.io/labs/
Finally, in the enterprise security news, Not much funding this week, but Netskope raises $400M, and Hack the Box raises $55M! Also, what went wrong with IronNet? The Open Source Index highlights popular security projects, Windows 7 and Windows 8.1 have been put out to pasture, Predictions about personal cybersecurity, Cloud security trends, The ongoing impact of ChatGPT on the security industry, Password hygiene revealed to be terrible in the US Government, All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw302
Over the last few years, the trend to use Open Source has been migrating into safety-critical applications, such as automotive and medical, which introduces system-level analysis considerations. In a similar fashion, these components are now being considered for the evolution of critical infrastructure systems. In the US, security concerns have prompted some emerging best practices, such as increased transparency of components, via software bill of materials (SBOMs), but this is not the only aspect to keep in mind.
Segment Resources:
* https://www.linux.com/featured/sboms-supporting-safety-critical-software/
* https://www.zephyrproject.org/
Then, in the Security News: In the security news: Do not panic about RSA encyption, the age old debate: Security vs. Compliance, Cold River, and no not the vodka although it has to do with Russia, the exploit party is happening and someone invited vulnerable drivers, ChatGPT being used to deploy malware, chip vulnerabilities impacting ARM: what you need to know, admin versus admin with Intel AMT and does password expiration help or hurt security?
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw769
Exposed secrets from CircleCI, web hackers target the auto industry, $100K bounty for making Google smart speakers listen, inspiration from Office Space, AWS making better defaults for S3, resources for learning Rust
This segment will discuss options for protecting your APIs. First, why protect them? Second, what are the options and the tradeoffs.
Segment Resources:
- https://stackoverflow.blog/2022/04/11/the-complete-guide-to-protecting-your-apis-with-oauth2/
- https://fusionauth.io/learn/expert-advice/
- https://fusionauth.io/learn/expert-advice/oauth/modern-guide-to-oauth
- https://tools.ietf.org/html/rfc6749
- https://datatracker.ietf.org/doc/id/draft-ietf-oauth-v2-1-07.html
- https://securityboulevard.com/2021/11/biggest-api-security-attacks-of-2021-so-far/
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw225
CodeQL, Kinsing, Bit Buckets, Win 7 is dead, Spynote, Vall-E, Aaran Leyland and More on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn266
In the leadership and communications section, The CISO Role is Broken, Five Cybersecurity Resolutions CISOs Can Actually Keep In 2023, Are Cyber Attacks at Risk of Becoming ‘Uninsurable’?, and more! SolarWinds has been on the journey of Secure by Design since the Sunburst incident in late 2020. Secure by Design is a practical approach to minimizing risk. It involves advanced build systems, an assumed breach model, proactive testing, audit, increased visibility and sharing lessons externally.
Segment Resources:
https://www.solarwinds.com/secure-by-design-resources
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw290
This week in the Security News: Virtual Smells, Werfault, Server 2012, ChatGPT, Captcha, Rust Hyper, Qualcomm, and more on the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn265
If you’ve ever worked on a red or purple team, you know scaling engagements to production is an intensive, unwieldy process. Technology pitfalls may exist, but the fundamental problem is this: the process of writing, testing, deploying, and verifying the efficacy of TTPs is highly flawed and inconsistent. This conversation will focus on applying a scientific process to security testing in order to achieve production scale.
Segment Resources:
Prelude Build GitHub: https://github.com/preludeorg/build
Prelude Docs: https://docs.prelude.org/docs
Introducing Prelude Build: An Open Source IDE Purpose Built for Security Engineers: https://www.preludesecurity.com/blog/introducing-prelude-build-an-ide-purpose-built-for-security-engineers
A Practical Guide for Scaling Continuous Security Testing: https://www.preludesecurity.com/blog/scaled-security-testing-a-practical-guide
Prelude Build: https://www.preludesecurity.com/products/build
We will discuss the migration of the security community from Twitter to Mastodon, logistical challenges, and related matters of managing the community.
Finally, in the enterprise security news, Security funding is back, baby! Security Unicorn layoffs continue though! We talk Zombiecorns, IronNet struggles, Netwrix acquires Remediant, We talk breaches: Lastpass, Rackspace, Okta via Github, Slack via Github, Github announces 2FA improvements, AI generates insecure code, Cyberinsurance challenges, Fyre Festival Fraudster Funding more Frauds All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw301
In the Security News: The Roblox prison yard, password manager problems, PyTorch gets torched with a supply chain attack, Oppenheimer cleared, Puckungfu, spice up your persistence with PHP, turning Google home into a wiretap device, Nintendo 3DS remote code execution, Linux kernel remove code execution, steaking cards in 2022 - The API way, and there is no software supply chain... and more!
This session explores software supply chain security and the details of System of Trust, a community effort to develop and validate a process for integrating evidence of the organizational, technical, and transactional trustworthiness of supply chain elements for decision makers dealing with supply chain security. This framework is defining, aligning, and addressing the specific concerns and risks that stand in the way of organizations’ trusting suppliers, supplies, and service offerings. More importantly, the framework offers a comprehensive, consistent, and repeatable methodology – for evaluating suppliers, supplies, and service offerings alike – that is based on decades of supply chain security experience, deep insights into the complex challenges facing the procurement and operations communities, and broad knowledge of the relevant standards and community best practices.
Segment Resources:
- https://sot.mitre.org/overview/about.html
- https://shiftleft.grammatech.com/automating-supply-chain-integrity
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw768
How do you mature a team responsible for securing software? What are effective ways to prioritize investments? We'll discuss a set of posts on building talent, building capabilities, and what mature teams look like.
Segment resources:
- https://securing.dev/categories/essentials/
Metrics for building a security product, hands-on image classification attacks, a proposed PEACH framework for cloud isolation, looking back at Log4Shell, building an appsec toolbox
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw224
Office Space, Rest assured, your insurance may not ensure anything, Lockbit, Thrilla in Manilla, PyTorch, non-binary ddr5, Jason Wood, and more on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn264
With the current macro economic head winds, 2023 budgets are either frozen or are flat. Where should CISOs focus these limited budgets to maximize the most out of their security program? In this segment, we invite Jon Fredrickson, Chief Risk Officer at Blue Cross Blue Shield of Rhode Island, to debate what should be in your minimum viable security program.
This segment is part 1 of 2 parts and focuses on the minimum viable security capabilities.
With the current macro economic head winds, 2023 budgets are either frozen or are flat. Where should CISOs focus these limited budgets to maximize the most out of their security program? In this segment, we invite Jon Fredrickson, Chief Risk Officer at Blue Cross Blue Shield of Rhode Island, to debate what should be in your minimum viable security program.
This segment is part 2 and focuses on the minimum viable security vendors for our top 6 capabilities:
1. Asset Management
2. Patch Management
3. IAM/MFA/PIM/PAM
4. EDR/MDR/XDR
5. Backup/Recovery
6. Risk Management
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw289
Security teams struggle with managing cyber risk across cloud workloads, services, resources, users, and applications. Parag will discuss the issues this presents and how Qualys’ new TotalCloud solution allows organizations to see all their cloud resources, relationships between resources, the external attack surface, and attack path mapping all delivered via one platform.
Segment Resources:
Qualys TotalCloud free trial: https://www.qualys.com/forms/totalcloud/
TotalCloud Video: https://vimeo.com/765771406
Blogs: https://blog.qualys.com/product-tech/2022/11/01/introducing-totalcloud-cloud-security-simplified
https://blog.qualys.com/product-tech/2022/11/01/why-is-snapshot-scanning-not-enough
This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them!
A brief roundup of our favorite news, trends, and interviews in 2022! See what Adrian, Katherine, and Sean have to say about 2022's best interviews and news stories!
Finally, in the last Enterprise Security News of 2022, We see our first Security Unicorn with a down round, A few new fundings and new companies emerging, Ninjas emerge from stealth, Proofpoint acquires deception detection vendor Illusive, Veracode picks up Crashtest Security, Apple encrypts more consumer data, Passkeys introduced in Chrome, Texas bans TikTok, A great post-mortem of the Joe Sullivan case, Infragard gets hacked, KringleCon 2022.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw300
While we most likely do not believe that penetration testing is dead it continues to evolve over time. What do penetration tests look like today? Have they become more or less specialized? What is the continuing value of penetration testing? With development and IT moving so fast, how have penetration tests adapted? This discussion will dive into the details of penetration testing today and provide you with a guide to make the most of this activity.
Without question, we need more people working in cybersecurity today. Our culture has come a long way to be more open and inviting to new folks, but we still have a lot of work to do. What can you do if you want to break into the field of cybersecurity today? While there is no shortage of resources our experienced hosts will offer their thoughts, opinions, and advice on how you can become the next cybersecurity pro!
How well do you know your hacker history and trivia? See how you compare to our hosts as we tackle hacker trivia live on the air! Categories will include hacker movies, hacker history, and hacker tools.
This week, we round out the Holiday Special 2022 with a special guest appearance by Ed Skoudis, where he joins to fill us in on the Holiday Hack Challenge! Then, an utterly chaotic session of security news to close out 2022!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw767
AI Terrors, Infragard, Microsoft, HIPAA, GitHub, NIST, and more on the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn263
In the Leadership and Communications section, CISOs of the World, Unite!, 8 things to consider amid cybersecurity vendor layoffs, The Best Public Speakers Put the Audience First, and more! Barracuda just finished an email security survey. We start to dig into the results and the impact for 2023, including:
- 86% of respondents in all the countries surveyed said third party email security solutions are essential to keep our Microsoft 365 environment secure
- This rises to 92% for respondents in the U.S.
- And to 91% for companies with between 250 and 499 employees
Also:
- Just under one in five (19%) of all respondents said their top email security concern with Microsoft 365 was data protection and the risk of data loss
- This rises to one in four (25%) among the frontline IT managers and professionals surveyed
This segment is sponsored by Barracuda. Visit https://securityweekly.com/barracuda to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw288
Your money is gone, Chaos, Ublerleaks, Esxi, Fortinet, Cloudflare, Praetorian, Jason Wood, and more on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn262
FreeBSD joins the ping of death list, exploiting a SQL injection through JSON manipulation, Apple's design for iCloud encryption, attacks against machine learning systems and AIs like ChatGPT
Threat modeling is an important part of a security program, but as companies grow you will choose which features you want to threat model or become a bottleneck. What if I told you, you can have your cake and eat it too. It is possible to scale your program and deliver higher quality threat models.
Segment Resources:
- Original blog: https://segment.com/blog/redefining-threat-modeling/
- Open Sourced slides: https://github.com/segmentio/threat-modeling-training
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw223
Is there still a network or has it slipped away from us entirely? What about efforts for localization because people do not trust the cloud, its providers or its reliability (ala Twitter vs. the Fediverse?). Do you still need actual hardware firewalls? What about VPNs? How long will these devices still be around as everyone goes to the cloud and SDWAN technologies? And what about identity? If you can nail identity, doesn't that set you up to be a cloud-first organization? Join us for a discussion with Sinan and the security weekly hosts as we tackle these questions!
This segment is sponsored by Barracuda. Visit https://securityweekly.com/barracuda to learn more about them!
Eclypsium's research team has discovered 3 vulnerabilities in BMCs. Nate Warfield comes on the show to tell the full story! This has garnered much attention in the press:
* Original research post: https://eclypsium.com/2022/12/05/supply-chain-vulnerabilities-put-server-ecosystem-at-risk/
* https://www.securityweek.com/security-flaws-ami-bmc-can-expose-many-data-centers-clouds-attacks
* https://thehackernews.com/2022/12/new-bmc-supply-chain-vulnerabilities.html
* https://therecord.media/three-vulnerabilities-found-in-popular-baseboard-software/
* https://duo.com/decipher/trio-of-megarac-bmc-flaws-could-have-long-range-effects
In the Security News: ping of death returns, remembering when the Internet disconnected if your Mom picked up the phone, a 500-year-old cipher is cracked, VLC is always up-to-date, SIM swapper goes to prison, Rust is more secure but your supply chain is not, if you pwn the developer you win, you have too many security tools, Chrome zero days are not news, Log4Shell what changed?, Hive social again, ChatGPT, there's a vulnerability in your SDK, and it takes 3 exploits to pwn Linux, All that, and more, on this episode of Paul’s Security Weekly!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw766
Ban this, Rackspace, Agrius, Antwerp, New Zealand redux, Royal, Lensa, Chat-GPT, and more on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn261
Announcing Drata’s Series C, Milton Security announces new name, Threathunter.ai, Germany Forces a Microsoft 365 Ban Due to Privacy Concerns – Best of Privacy, New Communication Protocol “Ibex” and Extended Protocol Suite, Gepetto uses OpenAI models to provide meaning to functions decompiled by IDA Pro, Stack Overflow bans ChatGPT, French man wins compensation as judge awards him the right to refuse to be fun at work.
Let’s be honest: people can frustrate us. They don’t always do the things we’d like, and they often do some things we’d rather they didn’t. New research from the National Cybersecurity Alliance reveals insights about the public’s attitudes and beliefs about security. We’ll explore the 2022 Oh Behave! Cybersecurity Attitudes and Behaviors Report and some of the findings may surprise you! We’ll also give you practical, actionable advice on how you can better communicate to influence the behavior change you want to see.
Segment Resources:
https://staysafeonline.org/programs/hbcu-see-yourself-in-cyber/
https://staysafeonline.org/programs/events/convene-clearwater-2023/
Estonia is a small country in the Baltics; however, it has been at the forefront of technology for many years. This session traces Estonia’s journey from independence in 1991 to its current use of digital identities for the systems that allow citizens to vote, check online banking, e-residency, and tax returns. I’ll share lessons learned and key takeaways from incidents that happened along the way, examine what the future holds, and discuss the impact of incorporating AI into a digital society.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw299
This week Dr. Doug tells us Where baby chips come from, PhilTel, AMI, Proot, Magecart, LockBit, scattered spider, Jason Wood, and more on the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn260
Android platform certs leaked, SQL injection to leaked credentials to cross-tenant access in IBM's Cloud Database, hacking cars through web-based APIs, technical and social considerations when getting into bug bounties, a brief note on memory safety in Android
Finding the balance between productivity and security is most successful when it leads to security solutions that help users rather than blames them for security failures. We'll talk about the security decisions that go into handling potentially malicious files so that users can stay calm and carry on.
This segment is sponsored by Votiro. Visit https://securityweekly.com/votiro to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw222
In the leadership and communications section, 5 top qualities you need to become a next-gen CISO, Ego Is the Enemy of Good Leadership, How To Explain Things Better, and more!
The U.S. is at an inflection point in terms of cyber threats; Critical infrastructure attacks are growing more frequent and consequential, and the White House recently called the cyber talent gap of nearly 770,000 open positions a “national security challenge.” Kelly Rozumalski, SVP at Booz Allen Hamilton leading the firm’s national cyber defense business, joins BSW to discuss why upskilling and reskilling are key to closing the cyber talent gap at the federal level and how a collective defense posture across government and private sector can enable us to better secure U.S. critical infrastructure.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw287
This week, Dr. Doug raves about: 'The Orgy of the Walking Dead' or Elon is controlling my brain, Schoolyard Bully, Redigo, DuckLogs, Dod Alphabet soup, Sirius XM, Pixel Tracking, TSA, Single Sign-on rants, and more on the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn259
Despite certain economic indicators warning that a recession is on the horizon, investment remains healthy within the security market amid thirst for cloud security, in particular. One such emerging field is data security posture management (DSPM), which aims to bridge the gap between business goals and a comprehensive security mechanism that leaves no data behind as organizations scale in the cloud.
A deep-rooted cyber security culture is crucial, and it goes as far back as the hiring process… 10 years ago, a typical hiring process consisted of working your way through a checklist, hiring individuals based solely on a CV. Today, the ‘Simon Sinek’ culture is gaining more prevalence, with employers realizing that hiring the right person, rather than the CV, can have immeasurable benefits for business. Ryan will talk about why this is particularly true within the cyber security sphere, and why business leaders should follow this particular ‘Simon Sinek’ strategy to build a successful security operation, and secure business, starting directly with the human’s that run it. You will walk away from this session knowing why it is important to employ the right individual rather than the CV, and how adopting this approach can drastically improve how a business responds to and manages security threats, company wide.
Segment Resources:
Github: https://github.com/stripesoc
TEDx Talk, How clicking a link can cost millions: https://www.youtube.com/watch?v=OI9n2tLf0Tg&list=PLcR8SW0W6hdAQvxYI9XJUEe50zFln6QMY&index=1 I
n the enterprise security news, Funding announcements take a bit of a break, We explore a few new vendors and organizations that have come to our attention recently, Wiz researchers annoy yet another cloud service by pointing out ridiculous vulnerabilities - IBM Cloud, this time, Docker Hub has tons of shady stuffs going on, EU strengthens cybersecurity with new legislation, The US Department of Defense releases Zero Trust strategy (no more Five E
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw301
We are joined by Josh and Kurt from the amazing Open Source Security Podcast! We're talking about supply chain risks, threats and vulnerabilities in this segment!
Segment Resources:
https://opensourcesecurity.io/
This week in the Security News: When you just wanna hurl, malicious containers, FCC bans stuff, these are not the CVE's you're looking for, Linux password mining, mind the gap, hacking smart watches, & more!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw765
This week Dr. Doug talks: Lots of nudity, Tik Tok, Twitter, Festo, IABs, Meta, Jason Wood & more on the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn258
Todd Fitzgerald, author of CISO Compass and host of CISO Stories, joins BSW to share his top leadership lessons from the first 100 episodes of CISO Stories. Todd interviews CISOs and gains insights into their challenges and how they are solving them. Don't miss this recap!
In the leadership and communications section, The Sacrificial CISO heralds a new age for cybersecurity, To Coach Leaders, Ask the Right Questions, How to Handle Criticism Gracefully: 12 Pro Tips, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw286
Crossing tenants with AWS AppSync, more zeros in C++ to defeat vulns, HTTP/3 connection contamination, Thinkst Quarterly review of research, building a research team
MongoDB recently announced the industry’s first encrypted search scheme using breakthrough cryptography engineering called Queryable Encryption. This technology gives developers the ability to query encrypted sensitive data in a simple and intuitive way without impacting performance, with zero cryptography experience required. Data remains encrypted at all times on the database, including in memory and in the CPU; keys never leave the application and cannot be accessed by the database server. While adoption of cloud computing continues to increase, many organizations across healthcare, financial services, and government are still risk-averse. They don’t want to entrust another provider with sensitive workloads. This encryption capability removes the need to ever trust an outside party with your data. This end-to-end client-side encryption uses novel encrypted index data structures in such a way that for the first time, developers can run expressive queries on fully encrypted confidential workloads. Queryable Encryption is based on well-tested and established standard NIST cryptographic primitives to provide strong protection from attacks against the database, including insider threats, highly privileged administrators and cloud infrastructure staff. So even another Capital One type breach is not possible.
Segment Resources:
- https://www.mongodb.com/products/queryable-encryption
- https://www.wired.com/story/mongodb-queryable-encryption-databases/
- https://www.youtube.com/watch?v=mDKfZlQJO3k
- https://thenewstack.io/mongodb-6-0-offers-client-side-end-to-end-encryption/
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw221
Arrrrr mateys! This week Dr.Doug will keel-haul a first-rate plunder of yarns including: pirate booty, phishing kits, CSC, Hive, HHS, Z-library, Iran, FTX, and more on the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn257
Infrastructure-as-code (IaC) allows for quick and consistent configuration and deployment of infrastructure components because it’s defined through code. It also enables repeatable deployments across environments. IaC is seeing significant attention in the cloud security space, but why now? This conversation will dig into how Infrastructure-as-code is enabling faster innovation on application development with security built in.
Segment Resources:
- https://www.lacework.com/solutions/infrastructure-as-code/
- https://www.lacework.com/blog/introducing-secure-automated-iac-deployments-with-terraform/
- https://info.lacework.com/cloud-threat-report.html
We catch up on 2 weeks of news, starting with 18 funding rounds and several new products! Splunk acquires Twinwave Another ASM vendor, Templarbit, gets acquired into the Cyberinsurance industry, InfoSec Layoffs continue in a big way alongside huge cuts at Facebook, Twitter, and Amazon, Microsoft sued for stealing code to train GitHub Copilot, Google sued for tracking when users asked them not to, Apple sued for violating privacy when users asked them not to, Taking away kids’ smartphones, Stealing passwords from Mastodon, Should Cryptocurrency die in a fire? All that and more, on this episode of Enterprise Security Weekly.
This segment will focus on (1) Why Did Sephora Get Fined $1.2M and Why Are They on Probation? (2) Why Data Privacy is Being Overhauled in 2023 (and How You Can Be Ready)
Segment Resources:
- https://www.boltive.com/blog/why-having-a-consent-management-platform-is-not-enough
- https://www.boltive.com/blog/bracing-for-2023-privacy-laws
- https://ceoworld.biz/2022/07/03/three-ways-your-data
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw297
In the Security News: Stealing Mastodon passwords, reporting vulnerabilities in open-source privately, labeling does not solve problems, or does it? will it every get patched? geolocating people from photos, no meta-data required, update your firmware on Linux, hacking flow computers, when a driver isn't really a driver, well, its a driver, but not the one you may be thinking of, oops I leaked it again, misconfiguration leads to compromise, harden runner, guard dog and hacking spacecraft via Ethernet! Navigating the UEFI waters is treacherous. While UEFI has become the standard on most PCs, servers, and laptops, replacing legacy BIOS, it is a complex set of standards and protocols. Jesse joins us to help explain how some of this works and describe how vulnerabilities, specifically with SMM, can manifest and be exploited.
Segment Resources:
[CHIPSEC GitHub] https://github.com/chipsec/chipsec
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw764
CosMiss in Azure, $70k bounty for a Pixel Lock Screen bypass, finding path traversal with Raspberry Pi-based emulators, NSA guidance on moving to memory safe languages, implementing phishing-resistant MFA, egress filtering, and how to approach code reviews
Cider Security’s recently published research of the Top 10 CI/CD Security Risks acts to identify vulnerabilities to help defenders focus on areas to secure their CI/CD ecosystem. They created a free learning tool with a deliberately vulnerable environment to demonstrate these flaws -- “CI/CD Goat”. Like similar tools, this helps appsec and devops teams gain a better understanding of major CI/CD security risks and, importantly, their appropriate countermeasures.
Segment Resources:
- https://www.cidersecurity.io/top-10-cicd-security-risks/
- https://github.com/cider-security-research/top-10-cicd-security-risks
- https://www.cidersecurity.io/blog/research/ci-cd-goat/
- https://github.com/cider-security-research/cicd-goat
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw220
This week Dr. Doug talks: Billbug, Pushwoosh, GitHub, FTX, K-12 schools without security, say it isn't so, Eli Lilly, and is joined by Peter Klimek for Expert Commentary! All that and more on the Security Weekly News!
This segment is sponsored by Imperva. Visit https://securityweekly.com/imperva to learn more about them!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn256
In the leadership and communications section, Is Your Board Prepared for New Cybersecurity Regulations?, 32% of cybersecurity leaders considering quitting their jobs, 40 Jargon Words to Eliminate from Your Workplace Today, and more!
Positive change is coming to cybersecurity. In this segment, Mike Devine (CMO) and John Grancarich (EVP of Strategy) at Fortra discuss the business of leading a cybersecurity company, the reasons behind our recent rebrand, and our plans for continuing as a people-first company that collaborates with our customers to combat the threat landscape with confidence.
This segment is sponsored by Fortra. Visit https://securityweekly.com/fortra to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw285
This week in the Security News: Twitlegit, Liability, Venus, Steganography, C++ death knell, the EU, CISA, and show Wrap-Ups on this edition of the Security weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn255
Don’t leave the door open. Modern systems are complex and require you to consider many aspects. Here are some aspects we consider critical:
- APIs are the dominant software development direction/trend. Traditional/legacy ways to grant access is not fit for purpose of protecting this new way of delivering products and services.
- Customers are demanding better digital experiences. To maintain a competitive edge and drive brand loyalty businesses need to provide great online experiences.
- Standards (such as OAuth and OpenID Connect) are important to ensure high-security levels. Also enables scalability and helps future-proof your infrastructure. For example in the financial sector, these standards play a key role in the drive toward open banking.
- A modern architecture is a zero trust architecture. In a zero trust architecture, the new perimeter hinges on identity.
Segment Resources:
https://thenewstack.io/zero-trust-time-to-get-rid-of-your-vpn/
This segment is sponsored by Curity. Visit https://securityweekly.com/curity to learn more about them!
In this panel discussion, we'll discuss the polarizing case of Joe Sullivan that has rattled the CISO community. Was the Sullivan case a rare anomaly? Were his actions in this scenario typical or unconscionable for the average CISO? Is it okay for Sullivan to take the fall while the rest of Uber and involved parties plead out with little to no punishment?
We'll tackle all these questions and more with our excellent panel, comprised of:
Sounil Yu, CISO and Head of Research at JupiterOne
Brian Markham, CISO at EAB
Rich Friedburg, CISO at Live Oak Bank
Robert Graham, Owner at Errata Security
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw296
Every penetration test should have specific goals. Coverage of the MITRE ATT&CK framework or the OWASP Top Ten is great, but what other value can a pentest provide by shifting your mindset further left or with a more strategic approach? How often do you focus on the overall ROI of your penetration testing program? This talk will explore what it means to “shift left” with your penetration testing by working on a threat informed test plan. Using a threat informed test plan will provide more value from your pentesting program and gain efficiency in your security testing pipeline. This talk applies to both consultants and internal security teams.
Segment Resources:
Hack Your Pentesting Routine WP: https://plextrac.com/resources/white-papers/hack-your-pentesting-routine/
Effective Purple Teaming WP: https://plextrac.com/effective-purple-teaming/
This segment is sponsored by PlexTrac. Visit https://securityweekly.com/plextrac to learn more about them!
In the Security News: submerged under blankets in a popcorn tin is where they found it, Indirect Branch Tracking, don't hack me bro, we're here from the government to scan your systems, Fizzling out security, static and dynamic analysis for the win, BYODC, Bring your own domain controller, application context matters, if you want an update better have an Intel CPU, one-time programs, urlscan is leaking, hacking load balancers, and its all about the company you keep.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw763
Threat actors use automation and technology to do evil at scale. Yet, even with cutting edge technology available to them, smaller organizations feel overwhelmed. Analysts struggle from the “alt-tab, swivel-chair” problem, and security products just don’t feel… powerful. So how does a SOC maximize its most valuable asset–the humans–in combination with technology to overachieve? This talk will teach you a new way to model out your team's resources, assets, and capabilities to defend against various levels of adversaries to determine where you have operational capability, where you have gaps, and how to tell the difference.
This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them!
After years of increases, security budgets are coming under scrutiny. Cybersecurity professionals need practical guidance on how to manage existing budget allocations and new requests for funding. This segment provides Forrester's spending benchmarks, insights, and recommendations to future-proof your security investments in ways that keep you on budget while simultaneously mitigating the risks facing your organization.
Segment Resources:
https://www.forrester.com/blogs/new-security-risk-planning-guide-helps-cisos-set-2023-priorities/
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw284
This week Dr. Doug talks: Exploding heads, Mastodon, James Zhong, Azov, Zlibrary, Siemens and Schneider, Chinese AI, Jason Wood, and more on the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn254
While APIs enable innovation, they’re increasingly targeted as a pathway to data. API abuses are often carried out through automated attacks, in which a botnet floods the API with unwanted traffic—seeking vulnerable applications and unprotected data. In this discussion, Karl Triebes shares what you need to know about the automated bot threats targeting your APIs with guidance on how to protect your applications and APIs from these attacks.
This segment is sponsored by Imperva. Visit https://securityweekly.com/imperva to learn more about them!
The punycode parsing in OpenSSL, missing authentication in Azure Cosmos DB Notebooks, the importance of documentation in security, labeling IoT security, bad response to a security disclosure
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw219
Positive change is coming to cybersecurity. In this segment, John Grancarich, EVP of Strategy at Fortra, explains what it means when we say we’re tenacious in our pursuit of a stronger, simpler future for cybersecurity, and that our advanced threat research and intelligence informs everything we do.
This segment is sponsored by Fortra. Visit https://securityweekly.com/fortra to learn more about them!
Gartner recently reported that the RPA software market will reach $2.9 billion by the end of 2022, up 19.5% from 2021. But, despite Airlines adopting it to help with cancellations and retail for inventory management, we’re not talking about the security risk this tech will cause. Alan Radford, Global IAM Strategist at One Identity discusses the truly devastating impact that can occur when an organization leaves its RPA program vulnerable and without any identity and access protection, why realizing that machines have identities too could save us from dangerous RPA breaches in the future, and steps companies can take to secure their RPA technology as more companies continue to implement it.
Finally, in the enterprise security news, 12 funding announcements, 1Password acquires Passage, Layoffs continue with another round at Cybereason, FTC takes action against Drizly’s CEO, everything you need to know about new US data privacy legislation, Cisco Meraki devices in Russia go POP! Young silicon valley workers are in for a shock, Ransomware trends, MFA trends, US officials say tech companies need to build secure products, All that and lots more, on this episode of Enterprise Security Weekly!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw295
Android Apps send users to Weaponized websites, Dropbox hacked, OpenSSL high severity Vulnerabilities and UK spies help Ukraine defeat Russia, along with show wrap-ups on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Blenster comes on to talk about the Maker Movement, Hackerspaces, community and inclusive cultures, intentionality and kindness as a social cheat code, the right to repair movement, and using tools like the arduino/raspberry Pi to bring your projects to the next level!
In the Security News: last year's open source is tomorrow's vulnerabilities, RepoJacking, I feel like there will always be authenitcation bypass, super charge your hacking, do you have your multipath, RC4 and why not to use it, here's the problem with vulnerability scanners, packages and expired domains, initrd should not be trusted, Apple kernels, oh and did you hear there is a vulnerability in OpenSSL!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly/
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw762
This week in the news, Dr. Doug talks: Elon Tweets, Microsoft, KELA, Chegg, Overclocking, Connectwise, and phone repairs, along with Aaran Leyland on the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn252
In the leadership and communications section, Is Cybersecurity Leadership Broken?, Cybersecurity career mistakes, 13 Cybersecurity Horror Stories to Give you Sleepless Nights, and more!
Cyber risk quantification should be at the center of an enterprise's actions to understand and measure risk posed in the event of a cyberattack. That data should then be used to estimate - financially - cyber risk exposure. To start this process, enterprises need 3 pillars to build a good cyber risk quantification program: the right data, appropriately skilled people and a methodology.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw283
This week in the Security News: A Security Maturity Model for Hardware Development, Palo Alto Networks fixed a high-severity auth bypass flaw in PAN-OS, New UEFI rootkit Black Lotus offered for sale at $5,000, What are SBOMS, & Critical Remote Code Execution issue impacts popular post-exploitation toolkit Cobalt Strike
Chris Crowley, SOC-Class Course Author, SANS Senior Instructor, and Consultant at Montance® LLC, joins PSW to discuss SOC training and development best practices, including insights from the SANS annual SOC survey.
This segment is sponsored by Devo. Visit https://securityweekly.com/devo to learn more about them!
Michael Meis, associate CISO at the University of Kansas Health System, joins PSW to discuss how the history of warfare has influenced modern-day cybercrime and how cyber leaders can shift to a victory mindset.
This segment is sponsored by Devo. Visit https://securityweekly.com/devo to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw760
A critical OpenSSL vuln is coming this Tuesday, a SQLite vuln, Apple blogs about memory safety and bug bounties, determining a random shuffle
The Web3 ecosystem is chock full of applications and projects that have lost money (and their customers’ money) due to breaches, code flaws, or outright fraud. How can security teams do a better job of protecting Web3 apps? Web3 applications (including NFTs) aren’t just vulnerable to attack, they often present a broader attack surface (due to the distributed nature of blockchains) at the same time as being a desirable target because of the value association with tokens. Join us for a lively discussion about key threats to Web3 apps – both on-chain and off-chain - what we can do to mitigate them…and what we absolutely should not do.
Additional resources
- https://www.bloomberg.com/features/2022-the-crypto-story/
- https://web3isgoinggreat.com
- https://blog.trailofbits.com/2022/06/21/are-blockchains-decentralized/
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw218
This week we're joined by Fleming Shi from Barracuda Networks - and Doctor Doug pontificates on: Fodcha , Cranefly, linkedin, CISA, really high speeds, Elon, and more on the Security Weekly News.
This segment is sponsored by Barracuda Networks. Visit https://securityweekly.com/barracuda to learn more about them!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn251
For many companies, the pretenses of separation between work and home have completely disappeared. This has huge security implications for organizations, but creates some opportunities as well. How should organizations and vendors approach the new paradigm of shared devices and identities?
Economic tides are changing, making profitability and identifying efficiencies a priority for many IT teams. Reducing IT costs by modernizing and migrating identity infrastructure to the cloud is one of those projects to be considered. No more wasted time and effort on maintenance, patching, and upgrades. Join us as VP of Product Management at Ping Identity, Jason Oeltjen, will discuss cloud migration benefits, timelines, and how you can improve TCO by migrating your identity to the cloud as leadership seeks the most critical initiatives to fund.
Segment Resources:
https://www.pingidentity.com/en/lp/migrate-to-pings-cloud.html
This segment is sponsored by Ping. Visit https://securityweekly.com/ping to learn more about them!
Finally, in the enterprise security news, The company behind Basecamp and the Hey.com email service pulls anchor and exits the cloud, Your self-hosted Exchange Server might be a problem…Is Confidential Computing for suckers? Gen Z and Millennials found not taking things seriously in, survey fielded by Boomers, Industrial Cybersecurity Market expected to take off, Github adds fine-grained personal access tokens, Australia not playing around anymore, jacks up breach fines more than 20x, Layoffs and exit troubles, & more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw294
This week in the Security News: rethinking vulnerability severity, exploiting the hacker tools, Microsoft "fixes" the vulnerable driver problem, its what you do with the data that matters, what is comprehensive security, deconflictions, moles are always a problem, checking the certs, oh and there is a vulnerability in OpenSSL, well at least one that we know of, currently!
In this segment, we are going to discuss linux security and using the Rust programming language with an Offensive MindSet, and our guest Charles Shirer!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw761
This week Dr. Doug postulates: Fibonacci lasers, Mark of the Web, typosquatting, malvertising, death to 486, AI Coding, CISA, Apple, along with the Expert Commentary of Jason Wood on the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn250
Learn what keeps DevOps and SecOps up at night when securing Kubernetes, container, and cloud native applications, what tactics are best for developers and application architects to consider when securing your latest cloud application and hardening your CI/CD pipeline and processes.
This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them!
Text4Shell isn't a new patching hell, using supply chain info with GUAC, OpenSSF Scorecards and metrics, Toner Deaf firmware persistence, upcoming OWASP Board Elections, Chrome browser exploitation
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw217
Robert Herjavec, CEO of Cyderes, was the keynote speaker at InfoSec World 2022, where he discussed the momentum we continue to see in the cybersecurity industry. Topics included mergers & acquisitions, Robert's outlook on the cyber market, staffing shortages, and nation state threats. Robert joins BSW to expand on his ISW keynote presentation.
In the leadership and communications section, Boards looking to CEOs, not CIOs, to lead digital initiatives, Compensation for Cybersecurity Leaders is on the Rise, 3 cloud security posture questions CISOs should answer, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw282
Cloud computing’s velocity and dynamism make it hard for security teams to monitor and protect workloads in the cloud without impeding the agility of dev teams. ExtraHop Senior Principal Data Scientist Edward Wu joins ESW to discuss practical deployment approaches and scenarios to facilitate gathering and utilizing network data in cloud environments for improved visibility, detection, and response capabilities.
This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them!
The cloud and SaaS were supposed to make things easier, simpler, more scalable. Arguably, they _have_ done all those things, but traditional, legacy networks linger. Migrations are messy and take time. Nearly everything is encrypted in transit by default. Today, we interview Marty Roesch, the creator of Snort and founder of SourceFire, to discuss how things have changed and what defenders can do to catch up and restore some order to the madness. We'll step through some history along the way - listeners might be surprised at how much our current situation mirrors the reasons behind why Marty created Snort in the first place.
This week in the Enterprise News Adrian & the gang discuss: With Technology, there’s no such thing as “Magic”’, Cyber M&A Expected to Remain Robust Into 2023, Former NSO CEO and ex-Austrian Chancellor found startup, Field Effect raises USD $30M in Series A funding led by Edison Partners, & France-based TEHTRIS raises €44M to help companies fight cyber threats in real-time!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw293
SBOMs save the world, Elon, cut cabling, biometric lawsuits, sim swapping, tracking pixels, and fake LinkedIn accounts along with show wrap-ups
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn249
In the leadership and communications section, So you do not want to become a CISO anymore?, Which cybersecurity metrics matter most to CISOs today?, 15 Effective Tips on How To Talk Less (And Listen More!), and more!
One of my favorite segments! We track the top 25 public companies and provide you an update on the overall market. The Security Weekly Index has taken a beating, but so has the broader market. We'll update you on the latest funding, acquisition, and financial news.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw281
Exploiting FortiOS with HTTP client headers, mishandling memory in Linux kernel Wi-Fi stack, a field guide to security communities, secure coding resources from the OpenSSF, Linux kernel exploitation Cybersecurity is a data problem. Accelerated AI enables 100 percent data visibility and faster threat detection and remediation. Find out how NVIDIA used AI to reduce cybersecurity events from 100M per week to up to 10 actionable events per day, and accelerate threat detection from weeks to minutes.
Segment Resources:
Morpheus new digital fingerprinting GTC Fall 22 Demo Video: https://www.youtube.com/watch?v=8rEPkHRvDq0
Morpheus Web Page: https://developer.nvidia.com/morpheus-cybersecurity
Morpheus Digital Fingerprinting Blog: https://developer.nvidia.com/blog/fingerprinting-every-network-user-and-asset-with-morpheus/
Detecting Threats Faster with AI-Based Cybersecurity Blog: https://developer.nvidia.com/blog/detecting-threats-faster-with-ai-based-cybersecurity/
Enroll in our free, self-paced, 1-hour DLI course : https://courses.nvidia.com/courses/course-v1:DLI+T-DS-02+V1/
Try Morpheus in NVIDIA LaunchPad: https://www.nvidia.com/try-morpheus
Download Morpheus from NVIDIA GPU Cloud: https://catalog.ngc.nvidia.com/orgs/nvidia/teams/morpheus/collections/morpheus_
Get started with Morpheus in GitHub: https://github.com/nvidia/morpheus
This segment is sponsored by NVIDIA. Visit https://securityweekly.com/nvidia to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw216
This week, Dr. Doug discusses: YeBots, BlackLotus, Venus, ESXI, Act4shell, Women in cyber, Zoom, and ICS growth along with the expert commentary of Jason Wood on the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn248
Fleming Shi, VMWare, Office, CommonSpiritHealth, Election assault, Thermal Attacks, and more on the Security Weekly News.
This segment is sponsored by Barracuda Networks. Visit https://securityweekly.com/barracuda to learn more about them!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn247
Finally, in the enterprise security news: Don’t worry! IT and Security funding is OK and we have the proof in the form of 16 funding announcements, Private Equity firms are taking advantage of the dip in valuations to make a few acquisitions: KnowBe4 and ForgeRock Legal Drama! We’ll discuss the Joe Sullivan case, the Splunk/Cribl battle, Crypto Drama! Another week, another Crypto exchange losing half a billion, new insights on breaches and ransomware in two new reports from Cyentia Labs, Cybersecurity leaders have a hard time keeping companies secure, and Cyber Nutrition labels!
Fast-paced business initiatives require applications and workloads to migrate to the cloud. While the data remains the same, there are significant differences between securing on-premises and cloud environments. In this discussion, Dan Neault shares what organizations need to know about securing data in the cloud and how to migrate to the cloud without compromising on security.
This segment is sponsored by Imperva. Visit https://securityweekly.com/imperva to learn more about them!
Discuss the current state of the industry as it relates to the threats to application usage of open source. Understand what is being done to define risk, improve education and provide ways to proactively mitigate those risks.
Segment Resources:
https://openssf.org/oss-security-mobilization-plan/
https://github.com/ossf/wg-best-practices-os-developers
https://github.com/ossf/education/tree/main/plan
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw292
As Vice President of Threat Research & Intelligence at BlackBerry, Ismael Valenzuela leads threat research, intelligence, and defensive innovation. Ismael has participated as a security professional in numerous projects around the world for over the past two decades. In this episode, Ismael discusses his journey to become a top cybersecurity expert. We also explore the cybersecurity trends he and his team are seeing, and how cyber attackers are gaining a foothold and maintaining persistence.
Segment Resources:
https://www.blackberry.com/us/en/company/research-and-intelligence
https://blogs.blackberry.com/en/2022/09/the-curious-case-of-monti-ransomware-a-real-world-doppelganger https://blogs.blackberry.com/en/2022/06/symbiote-a-new-nearly-impossible-to-detect-linux-threat
This week in the Security News: The secrets of Schneider Electric’s UMAS protocol, Pixel 6 bootloader: Emulation, Securing Developer Tools: A New Supply Chain Attack on PHP, Microsoft Exchange double zero-day – “like ProxyShell, only different”, Tech Journalists Offered Bribes to Write Articles for Major Outlets, & Detecting Deepfake Audio!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw759
This week, Dr. Doug rants: iPhone trauma to my eye bones, sexy photos, Killnet, Fortinet, Solana, Lufthansa, LofyGang, and Jason Wood on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn246
As 2023 approaches, security leaders are hard at work preparing their budgets, identifying their projects, and setting their priorities for the next twelve months. At the same time, the growth mode days of cybersecurity spending appear to be over as budgets receive more scrutiny than ever. Join us as we discuss the pressures and problems that CISOs will encounter in 2023, and how they can best defend their cybersecurity budgets while the economy slips into a downturn.
In the leadership and communications section, The CISO of Tomorrow Is Stepping Into the Business Spotlight, Why a Risk-Based Cybersecurity Strategy is the Way to Go, The Rise and Fall of Uber CISO and The Future of Cybersecurity Industry, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw280
We talk with Akira Brand about appsec educational resources and crafting better resources for developers to learn about secure coding.
Segment Resources:
Rust arrives in the Linux Kernel, verdict in the Uber security case, overview(s) of JavaScript prototype pollution, flaws in PHP Composer and the NPM vm2 package, reading CloudSecDocs
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw215
The size of my esophagus revealed, SQL Server, Blackbyte, China, Mafiaware666, Linux, Meta apps, IT repairs, and show wrap-ups.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn245
Every year, management needs to figure out what initiatives will be prioritized for the upcoming year. This simple, free method uses a quantitative approach based on CIS controls with input from the front-line analysts and engineers. The outcome is an engaging team discussion and clear plan for what the team should prioritize.
Segment Resources:
https://www.cisecurity.org/controls
It’s CyberSecurity Awareness Month and this year’s theme, set by CISA, is See Yourself in Cyber. We’re going to take some liberties in the interpretation of this to talk about the lines blurring between personal and work accounts and devices. We’ll also discuss MFA risks - what types of MFA are safe to use, and which aren’t in 2022?
This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them!
Finally, in the enterprise security news, Cloudflare has 1.25 billion incentives to draw customers away from AWS, NetSPI raises $410M for pen testing? Tines extends their Series B an extra $55M, Detectify and Eclypsium also raise funding, Some big funding for Web3 security startups, Adversary emulation tools for blue teamers, Breaking news: the security market isn’t out of money, it’s just fine, The art of selling to cybersecurity people, and more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw291
Red Balloon Security CEO Ang Cui has spent over a decade looking into the most critical devices supporting our infrastructure. He explains why the insight that launched his company still holds true, and what it will take for security experts, manufacturers and end users to resolve our insecure stasis.
Segment Resources:
https://redballoonsecurity.com/
https://github.com/redballoonsecurity/ofrak
https://redballoonsecurity.com/def-con-30-badge-fun-with-ofrak/
https://www.wired.com/story/ofrak-iot-reverse-engineering-tool/
In the Security News: deep access, dell drivers for the win, detecting deep fakes with acoustic tracking, exchanging 0days, I got 99 embedded firmware security problems, executing in SMM, secure boot to the rescue, automation or a crappy pen test, PHP supply chain attacks, pig butchering, fake profiles, & bribing journalists!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw758
This week, Dr. Doug talks: Bruce Willis, Deepfake and Deepcake, comm100, cyber month, Chromium, Proxynotshell, fake Proxynotshell, Cobalt Strike, and Jason Wood on the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn244
In an effort to diversify the cybersecurity talent pool and improve cybersecurity literacy, CYBER.ORG created Project Access, a nationwide effort designed to expand access to cybersecurity education for blind and vision impaired students between the ages of 13-21 who are in pre-employment transition (Pre-ETS). Through the Cybersecurity and Infrastructure Security Agency’s Cybersecurity Education and Training Assistance Program (CETAP) grant, CYBER.ORG pioneered a series of camps this past summer in Arkansas, Maine, Virginia, and Michigan to introduce blind and vision impaired students to key cybersecurity topics, help them develop cybersecurity skills, and explore the possibility of a career in a growing industry. This is one of CYBER.ORG’s efforts to improve diversity and inclusion in the cybersecurity industry – starting with K-12 students.
Segment Resouces:
To learn more about CYBER.ORG and Project Access or to get involved, visit: www.cyber.org www.cyber.org/events
www.cyber.org/initiatives/project-access
You can reach Dr. Chuck Gardner, Sr. Director of Government and Non-Profit Engagement for CYBER.ORG at [email protected].
In the leadership and communications section, Fake CISO Profiles on LinkedIn Target Fortune 500s, Cybersecurity Executive Communication and importance of Metrics, Tips for developing cybersecurity leadership talent, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw279
The core focus of this podcast is to provide the listeners with food for thoughts for what is required for releasing secured cloud native applications
- Continuous, Multi-layer, and Multi-service analysis and focusing not only on the code, but also on the runtime and the infrastructure.
- Focus on the vulnerabilities that matter. The critical, exploitable ones. Use Context.
- Choose the right remediation forms. It may come in different shapes
Segment Resources:
Oxeye Website for videos and content - www.oxeye.io
Exchange RCE, bulk pull requests to patch at scale, metrics from DORA, best papers from USENIX, implementing passkeys
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw214
Cybersecurity is now battling a human problem just as much, if not more, than a technical one. According to Verizon’s 2021 Data Breach Security Report, 85% of successful cyberattacks now involve a human element. Combine that with the fact that even the very best technology can only thwart about 93% of attacks and that leaves a large hole in an organization’s basic security hygiene. This has led to a growing demand for ongoing educational programs that rely on behavioral science to measure and manage cybersecurity risk as a distinctly different solution from generic, one-size-fits-all training programs.
In the enterprise security news, SentinelOne and Crowdstrike reinvest in the security market, Malwarebytes raises $100M, Ox Security raises a $34M Seed round??? Jamf acquires ZecOps, New startups looking to improve Code Reviews…Outsource questionnaires…provide consumer privacy awareness…Federal security funding for state and local governments, New software supply chain attacks, Microsoft Windows slaps your hand when you try to update passwords.txt, and stick around until the end, when we talk about a New Jersey Deli with a $100M market cap!
This is a recurring segment, in which we bring on a VC to provide an investor’s point-of-view on all this activity. It’s hard to imagine a better investor to join us than Will Lin, co-founder of Forgepoint, one of the few VC firms that exclusively invests in cybersecurity startups.
We'll discuss:
- How, the last time we had Will on (20 episodes ago, ESW 270), we were asking about huge valuations and potential market resets/corrections. Well, it seems that day arrived. What now?
- Crowdstrike and SentinelOne are active investors with their own funds now. Is this a new trend, or are we just now noticing it? What does it mean for the larger market and for founders looking to raise?
- We've had guests on to discuss enterprise browsers, and DSPM - what hot markets should we target next?
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw290
This week, Dr. Doug discusses: Optimus Prime, Hard Drives, Exchange, Witchetty, TLP, DOD, EIEIO, as well as the show Wrap-Ups and his Threat of the Week!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn243
Hackers rarely break through crypto or exploit fancy zero days. Most of the time they simply login using stolen credentials. Managing passwords, keys and other forms of secrets does not work at scale. In this segment we’ll look into a more radical approach to infrastructure security: getting rid of secrets entirely and moving to access control based on physical properties of humans and machines.
This segment is sponsored by Teleport. Visit https://securityweekly.com/teleport to learn more about them!
This week, we're joined by Casey Ellis to discuss a Telco breach from a land down under, UK government sits out bug bounty boom but welcomes vulnerability disclosure, Karakurt Data Extortion Group, Microsoft Releases Workaround for ‘One-Click’ 0Day Under Active Attack, being caught with your pants down, & more!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw757
New fourth-annual research report analyzes ransomware attack patterns that occurred between August 2021 and July 2022 In the past 12 months, Barracuda researchers identified and analyzed 106 highly publicized ransomware attacks and found the dominant targets are still five key industries: education, municipalities, healthcare, infrastructure, and financial. Researchers also saw a spike in the number of service providers that have been hit with a ransomware attack. The volume of ransomware threats detected spiked between January and June of this year to more than 1.2 million per month. Most ransomware attacks don’t make headlines, though. Many victims choose not to disclose when they get hit, and the attacks are often sophisticated and extremely hard to handle for small businesses. To get a closer look at how ransomware is affecting smaller businesses, the report details three examples that researchers have seen through Barracuda SOC-as-a-Service, the anatomy of each attack, and the solutions that can help stop these attacks.
Segment Resources:
Read the full Threat Spotlight blog post: https://blog.barracuda.com/2022/08/24/threat-spotlight-the-untold-stories-of-ransomware/
This segment is sponsored by Barracuda Networks. Visit https://securityweekly.com/barracuda to learn more about them!
In the leadership and communications section, Attention CISOs: The Board Doesn’t Care About Buzzwords, The Best Managers Are Leaders — and Vice Versa, Firing Your Entire Cybersecurity Team? Are You Sure?, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw278
Applications are the most frequent external attack vector for companies. However, application security can improve only if developers either code securely or remediate existing security flaws — unfortunately, many don’t receive training with proper security know-how. In this session, we will talk about the state of application security education and what you can do to secure what you sell.
Segment Resources: - https://www.forrester.com/blogs/school-is-in-session-but-appsec-is-still-on-vacation/?ref_search=3502061_1663615159889 https://www.wisporg.com/events-calendar/2022/11/8/security-amp-risk-conference-forrester https://www.veracode.com/events/hacker-games https://blogs.microsoft.com/blog/2021/10/28/america-faces-a-cybersecurity-skills-crisis-microsoft-launches-national-campaign-to-help-community-colleges-expand-the-cybersecurity-workforce/
Wiz reveals authorization bypass in Oracle Cloud, Python 15-year old path traversal flaw, Prototype Pollution in Chrome, PS4 flaw reappears in PS5, Why security products fail
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw213
This week Dr. Doug talks: Darth Vader, SmartScreen, Erbium, Graphite, Russia, Metador, Whatsapp, RSocks, and is joined by the illustrious Jason Wood on the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Show Notes: https://securityweekly.com/swn242
Sinan Eren, the VP of Zero Trust at Barracuda joins us to discuss various aspects of MFA Fatigue & Authentication with the PSW crew!
Segment Resources: https://assets.barracuda.com/assets/docs/dms/NetSec_Report_The_State_of_IIoT_final.pdf
This segment is sponsored by Barracuda Networks. Visit https://securityweekly.com/barracuda to learn more about them!
In the Security News: Bloodhound's blind spots, Interactable Giraffe, don't use open-source, it has too many vulnerabilities, MFA fatigue, tamper protection, use-after-freedom, how not to do software updates, hacking gamers, stealing Teslas, safer Linux, trojan putty, there's money in your account, game leak makes history, GPS jammers, Uber blames LAPSUS, spying on your monitor from a zoom call, next-generation IPS with AI and ML for zero-day exploit detection, 3D printed meat, and what to do when the highway is covered with what is usually kept in the nightstand...
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw756
This week, Dr. Doug talks: Bionic Cockroaches, Credential Stuffing, MFA Fatigue, ICS, Magento, Mobsters as well as all the Show Wrap Ups for this week!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn241
This week, Jonathan Roizin from Flow Security joins to discuss what this new security category is all about and how it differs from the OG, false positive heavy DLP we'd all rather forget! Data Security Posture Management (DSPM) is not your dad's DLP. This new category has emerged to tackle one of the toughest areas of security: protecting data. Then, Based on what we know so far (which is limited and could change), the Uber breach appears to be a classic example of how penetration testers and criminals alike break into large organizations. In this segment, we'll discuss how the attack happened. We'll go over the controls that failed, why they failed, and what Uber could have done to prevent or detect this attack. Then, in the Enterprise Security News, Fortanix raises a $90 series C for data security, Cyrebro raises a $40M series C for MSSP SOC solutions, Dig Security raises a $34M series A (yes, this is a repeat from last week, but we didn’t get a chance to talk about it), Internet 2.0 gets funded??? (probably not what you think), How to hire and build your cybersecurity team, The NSA gives some bad advice on securing software, Courtroom Drama, & Oracle makes a really bad whoopsie!
Segment Resources: Flow's blog post - "5 Key Takeaways About DSPM From the Gartner® Hype Cycle™ For Data Security, 2022": https://www.flowsecurity.com/gartner-dspm/
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw289
In the leadership and communications section, Cybersecurity’s Too Important To Have A Dysfunctional Team, In a Crisis, Great Leaders Prioritize Listening, White House Announces Stricter Cybersecurity Guidelines and Rules, and more!
Paul will discuss a risk-based approach to security that prioritizes fixing the most critical issues that will reduce risk in your organization. He'll walk through a three-step cycle that continuously monitors the threat landscape, enables quick response, and measures the metrics that company leadership cares about.
Segment Resources:
This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw277
This week, Dr. Doug talks: Hot, lonely planets, Chromeloader, MFA Fatigue, Lapsus$, Lastpass, LockerGoga, and Lincolnshire, all this and Jason Wood on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn240
Appsec places a lot of importance on secure SDLC practices, API security, integrating security tools, and collaborating with developers. What does this look like from a developer's perspective? We'll cover API security, effective ways to test code, and what appsec teams can do to help developers create secure code.
This segment is sponsored by ThreatX. Visit https://securityweekly.com/threatx to learn more about them!
Appsec dimensions of the Uber breach, Rust creates a security team, MiraclePtr addresses C++ heap mistakes for Chrome, a critical reading of the NSA/CISA Supply Chain guidance, talking about careers
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw212
Enterprise browsers are a new addition into the endpoint security market. Combining enhanced features not in the existing browsers, with centralized reporting and controls, they're promising to bring a better experience to the users and a more secure delivery of applications to the companies who use them. What's real, what's "vision", and what makes them different than all the other solutions that promise to "secure the browsing experience".
In the Enterprise Security News for this week: Funding rounds are back!, Bitwarden rasies $100M for password management Cymulate raises $70M, and a ton more Series A, Series B, and Seed announcements from vendors just coming out of stealth, Ethereum’s merge completes and moves to proof of stake, Some updates on the Twitterpocalypse, The latest in annoying buzzword innovation, and some Cyber Insurance trends that I promise are interesting!
Attackers have been targeting Active Directory for years and more recently set their sights on Azure AD & Microsoft Office 365. There are ways to tighten up these platforms beyond the default configuration and greatly improve the security posture.
Segment Resources:
Trimarc Webcast on how to quickly level up Active Directory security: https://www.hub.trimarcsecurity.com/post/webcast-top-10-ways-to-improve-active-directory-security-quickly
Performing your own Active Directory Security Review - article and PowerShell tool: https://www.hub.trimarcsecurity.com/post/securing-active-directory-performing-an-active-directory-security-review
Trimarc Content Hub: https://hub.trimarcsecurity.com
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw288
This week in the Security News, Dr. Doug discusses: Meat Men, History, Putty, Crypto, Edge, YouTube, EU Laws, Privacy, and show wrap-ups.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn239
Analyst burnout and the talent shortage are creating environments where teams are stressed out, overwhelmed, and frustrated. Security Operations managers (or anyone managing teams of security analysts) must empower their analysts with solutions that can make them more effective at their job. Thomas Kinsella joins to discuss why No-code automation is the ultimate solution to do that! Then, in the Security News: you liked the browser so much we put a browser in your browser, hackers are using sock puppets, the patch that kills performance, detect eavesdroppers, no more passwords, one-click account hijack thanks to JavaScript, the return of Shakata Ga Nai, GIFShell (or is it jifshell), Lexmark firmware confusion, and searching for a long lost copy of OS/2!
Segment Resources: https://www.tines.com/reports/voice-of-the-soc-analyst/
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw755
While applications and APIs are developed with cloud in mind, many organizations must rely on a hybrid architecture and edge computing to deliver their services given the high cost of cloud services. However, many organizations lack the right security stack to protect data and applications in these unique environments, or from threats added through reliance on open source code. With today’s attacks coming from automated threats, organizations need to implement tools to mitigate risks that impact the bottom line, brand reputation, and customer experience without slowing development lifecycles.
This segment is sponsored by Imperva. Visit https://securityweekly.com/imperva to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw276
This week Dr. Doug talks: Steam, VMWare, Intel,HP, Apple, Craiglist killing, Meta, Tiktok and is joined by the illustrious Jason Wood!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn238
Go releases their own curated vuln management resources, OSS-Fuzz finds command injection, Microsoft gets rid of Basic Auth in Exchange, NSA provides guidance on securing SDLC practices, reflections on pentesting, comments on e2e
Shifting left has been a buzzword in the application security space for several years now, and with good reason – making security an integral part of development is the only practical approach for modern agile workflows. But in their drive to build security testing into development as early as possible, many organizations are neglecting application security in later phases and losing sight of the big picture. In this talk, Invicti’s Chief Product Officer Sonali Shah discusses the challenges and misunderstandings around shifting left, and provides tips on how organizations can implement web application security program without tradeoffs throughout the whole application security lifecycle.
This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw211
This week in the Security News: Vangogh vs. AI, Online Safety in California, Bad IoS Apps, Japan vs. Floppy Disks, Chile, Instagram, and show Wrap-Ups!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn237
In the Enterprise Security News This week: more layoff announcements than funding announcements! Krit acquired by GreyNoise, Incident Response in AWS is different, Awesome open source projects for SecOps folks, Tyler Shields can’t wait to talk about Product Led Growth, Forcing open source maintainers to use MFA, Twilio - the breach that keeps on pwning, The US Governments earmarks $15.6 BILLION for cybersecurity and we hear vendors salivating already, & more!
Security training isn't just about anti-phishing and security awareness for employees. When reading through breach details, a similar picture often emerges: the people were there, the tools were in place, but the people didn't know how to use the tools effectively. Every day, security tools catch attacks, but it doesn't matter if a human doesn't notice and tools are in 'monitor only' modes.
This segment is sponsored by RangeForce. Visit https://securityweekly.com/rangeforce to learn more about them!
From its origins a decade ago, the grassroots movement to enshrine in law the right to repair our stuff (read: cell phones, laptops, home appliances, cars, machinery) has morphed into a potent, global movement. Today, much of the debate over right to repair laws has focused on issues like concentrations of market power by large corporations and anti-competitive behavior with regard to service and repair of "smart," connected products. However, there is a less-discussed but equally potent argument in favor of repair: cybersecurity and data privacy. In this conversation, Paul Roberts, the founder of SecuRepairs.org (pron: Secure Repairs), talks about the dire state of device security on the Internet of Things and how efforts by manufacturers to limit access to software updates, diagnostic tools and parts exacerbates IoT cyber risk, even as it burdens consumers and the environment.
Segment Resources:
Securepairs.org: https://securepairs.org
Fight to Repair Newsletter: https://figh
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw287
John Hammond joins us today as we start off the show talking about Cybersecurity education! Training and education is a constant conversation within the cybersecurity community, but it doesn't have to be a hard problem to solve. We will discuss how to bring both valuable and actionable information into the industry and how that makes an impact, even in unexpected ways -- for better or for worse. Then, in the Security News: Lastpas breach, long live John McAfee, Macs getting fewer updates, CPE correlating to CVE, clicky clicky hacks, anti-cheat is not anti-hack, new LVFS release, $8 million zero day, don't sign crappy code, a very handy PI and a site that lets you send poop anonymously is hacked (it was a pretty crappy exploit)!
Segment Resources: https://youtube.com/johnhammond010
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw754
This week Dr. Doug talks: PS5, Twilio, Quantum, Bug Bounties galore, a date bomb, backups, Sephora, as well as the Expert Commentary of Jason Wood on the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn236
We will review the primary needs for cloud security: - Guardrails against misconfiguration - Continuously Identify and Remediate Vulnerabilities in Cloud APIs, Apps, and Services - Observability, Protection, and Reporting against Compliance and Risk Policies - We will also review CNAPP -- Cloud Native Application Protection Platform -- and why companies need to take a closer look for the best cloud security
Segment Resources:
Twitter whistleblower complaint lessons for appsec (and beyond), the LastPass breach, building a culture of threat modeling, signed binaries become vectors for ransomware, a look back to the birth of Nmap and the beginning of Linux.
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw210
In this segment, BARR Advisory founder and president Brad Thies will use real-world examples to discuss how cybersecurity scorecards and KPIs can help organizations measure and manage the effectiveness of their cybersecurity programs. Thies will also reveal which metrics he sees as most valuable in evaluating cybersecurity posture and discuss how to define accountability for security within an organization.
This segment is sponsored by BARR Advisory. Visit https://securityweekly.com/barradvisory to learn more about them!
In the leadership and communications section, 7 Uniquely Personal Bits of Wisdom To Improve Your Leadership, 4 key areas cybersecurity leaders should focus on, Cybersecurity spending strategies in uncertain economic times, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw275
In this edition of the Security Weekly News, Dr. Doug discusses: Toxic Tats, Fakery, MagicWeb, Sliver, Twilio, OSPFv3, Mudge, X-Platform Ransomware as well as all the show Wrap Ups from this week!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn235
The new category of Data Security Posture Management, what is it and why it's important. Discussing real customer stories where DSPM products played a critical role in helping companies secure their data.
Since the dawn of the internet, companies have been fighting cyber vulnerabilities with a myriad of traditional technologies. And assigning cybersecurity training to people without really knowing its effectiveness or being able to tell the difference between knowledge and behavior. This is why AwareGO created the Human Risk Assessment. Designed by behavioral and cybersecurity experts, it allows organizations to measure human risk and resilience across a number of critical cybersecurity threat vectors. It measures cyber risks connected to social media that are not only personal but can affect the workplace as well. It helps assess awareness of secure password handling with multiple interactive experiences and situations. And it allows you to discover how employees would deal with tricky situations around the workplace, such as tailgating and shouldersurfing …. and issues related to remote work. All in a safe and friendly environment. After completing the assessment employees get individualized results with an explanation of what they did right and what they could have done better. This offers guidance and a chance to learn. The overall results help organizations gather actionable insights and make informed decisions about their security strategy. The Human Risk Assessment works as a stand alone product but its flexibility allows integration into existing platforms. When combined with AwareGO’s live action training content it can bring your organization’s cyber resilience to the next level.
Segment Resources:
https://awarego.com/human-risk-assessment/
https://www.securityweekly.com/awaregoresource
https://awarego.com/how-to-measure-human-cyber-risk-finally/
https://awarego.com/materials/the-human-side-of-cybersecurity/
This segment is sponsored by AwareGO. Visit https://securityweekly.com/awarego to learn more about them!
In the Enterprise Security News: We discuss Twitterpocalypse 2022! The Biggest Winner? Security startup Wiz reaches $100M ARR in 18 months??? Tons of funding we probably won’t get to, sorry in advance, we’ve got 2 weeks of news to catch up on! Awesome free tools, free training and DIY tips! Third party attacks and supply chain attacks continue to ramp up, John Deere’s security deficiencies get exposed again, Cyber insurers reduce coverage… again, ESPN8 the Ocho, explained, and more, on this episode of Enterprise Security Weekly!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw286
There's a lot of worry about "fakes" especially in a world rapidly adopting AI/ML, so it's time for solutions. "Solid" is the W3C open standard, extending HTTPS, to upgrade the Web with security paradigms that solve for data integrity. Distributed systems naturally break through digital moats, free control through proper ownership, thus helping expand and achieve the best of the Internet.
Segment Resources:
https://www.flyingpenguin.com/?p=29523
https://alltechishuman.org/davi-ottenheimer
https://www.schneier.com/blog/archives/2020/02/inrupt_tim_bern.html
https://events.inrupt.com/dublin
This week in the Security News: Crypto Miners Using Tox P2P Messenger as Command and Control Server, 8-year-old Linux Kernel flaw DirtyCred is nasty as Dirty Pipe, & Janet Jackson music video given CVE for crashing laptops, & more!
Segment Resources:
Use code "securityweekly" to save 10% off Hack Red Con tickets at https://www.hackredcon.com/
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw753
This week, Dr. Doug talks: Tempus Fugit, PyPI, WordPress, Hikvision, Zimbra, Palo Alto, led morse code, and is joined by Expert Commentator Jason Wood on the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn234
In the leadership and communications section, CISO salaries balloon, likely spurred by demand, 4 Steps to Being an Authentic Leader, Keeping Your Team Motivated When the Company Is Struggling, and more!
In order to run a successful SOC, security leaders rely on tools with different strengths to create layers of defense. This has led to a highly siloed industry with over 2,000 vendors, each with their own specific function and who very seldom work together. To gain an advantage on attackers, we need to start seeing cybersecurity as a team sport––united for a shared mission. In this session, ExtraHop’s Chase Snyder discusses why and how vendors should work together to enable better integrated security for their customers. He’ll answer questions like “what is XDR?” and “how do I get my vendors to work together?”.
This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw274
The unique nature of cloud native apps, Kubernetes, and microservices based architectures introduces new risks and opportunities that require AppSec practitioners to adapt their approach to security tooling, integration with the CI/CD pipeline, and how they engage developers to fix vulnerabilities. In this episode, we’ll discuss how AppSec teams can effectively manage the transition from securing traditional monolithic applications to modern cloud native applications and the types of security tooling needed to provide coverage across custom application code, dependencies, container images, and web/API interfaces. Finally, we’ll conclude with tips and tricks that will help make your developers more efficient at fixing vulnerabilities earlier in the SDLC and your pen testers more effective.
Segment Resources:
https://www.deepfactor.io/kubernetes-security-essentials-securing-cloud-native-applications/
https://www.deepfactor.io/resource/observing-application-behavior-via-api-interception/
https://www.deepfactor.io/developer-security-demo-video/
Ideas on debugging with IDEs, Wiz.io shares technical details behind PostgreSQL attacks in cloud service providers, looking at the attack surface of source code management systems, a Xiaomi flaw that could enable forged payments, defensive appsec design from Signal, what targeted attacks mean for threat models when the targeting goes awry
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw209
Identity management has become a central pillar of many organizations’ security policies and architecture. In this executive interview, Ping Identity Senior Product Marketing Manager Zain Malik analyzes two heavily trending corners of the identity market: passwordless technology and customer identity and access management (or CIAM). This one-on-one session will address topics such as biometrics and QR code-based authentication, and how to determine which customer identity solution is right for each particular consumer touchpoint.
In March 2022, the SEC proposed new rules governing the reporting of cybersecurity incidents. This session will explore how businesses will be affected by this and similar legislation and provide tips to compliance and technical teams alike. S
ecurity Weekly listeners save 20% on this year’s InfoSec World Conference by visiting https://securityweekly.com/isw and using the discount code ISW22-SECWEEK20
In 2023, at least five new “rights-based” data privacy laws will become enforceable in the United States at the state level, including the California Privacy Rights Act (CPRA). Common to all of these laws are information security requirements, including the need for risk assessments and the need for authenticating data access requests. In this podcast we’ll speak with an information security legal veteran on what these new laws mean for cybersecurity professionals and their data protection programs.
Security Weekly listeners save 20% on this year’s InfoSec World Conference by visiting https://securityweekly.com/isw and using the discount code ISW22-SECWEEK20
Segment Resources:
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw285
This week Dr. Doug talks: Janet Jackson, Legit British hacking, CS.Go, PyPI, swiss voting, Vegas, Sysmon, and show wrap-ups on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn233
This week: Greg Conti joins us to discuss InfoSec Lessons from Military Strategy, Tactics, and Operational Art. Online conflict is widespread and at times the internet hurts more than it helps. In this segment, we’ll discuss ways to inform today’s enterprise defense by better understanding strategy, tactics and operational art from government influence operations, electronic warfare, and cyberspace operations! Then, Larry, Doug, Lee, Josh, and Chris Blask cover the security news from this week!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw752
In 1995, Craig Newmark started curating a list of San Francisco arts and technology events, which he personally emailed to friends and colleagues. People were soon calling it “Craig’s List.” Most know the rest of the story. But what did that rapid entry into tech entrepreneurship teach him about information security? And how did that lead to a passion for, among other things, cyber philanthropy? SC Media's Jill Aitoro will speak to Newmark about his career, and his own evolution in infosec awareness that came with it.
Among the more challenging phases for a cyber business is transitioning from inspiring startup to successful enterprise, strategically leveraging investment to scale. SC Media's Jill Aitoro will sit down with Dave Dewalt, founder of NightDragon, and Matt Carroll, CEO of NightDragon's newest investment Immuta. Employees are on the move. As tech and security leaders adjust to managing hybrid teams, they should also plan for the loss and replacement of key security talent. Attrition and the increasing length of time needed to find a replacement leaves security programs — and firms — vulnerable. Implementing a formal succession planning process for the security organization mitigates risk and increases employee satisfaction and retention. This report provides steps for starting a succession planning program and real-world examples of companies that are already focused on developing and retaining the next generation of security talent.
Segment Resources:
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw273
Let's talk about adding security tools to a CI/CD, the difference between "perfect" and "good" appsec, and my upcoming book. Segment Resources: https://community.wehackpurple.com #CyberMentoringMonday on Twitter Microsoft fixes an old bounty from 2019, rewards almost $14M on bounties in the past year, and releases a security layer for Edge; Black Hat talks on bounties and desync attacks, Google's bounties for the Linux kernel, modifying browser behavior, and the Excel championships.
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw208
This week Dr. Doug talks: UEFI, PyPI, vishing, VNC, Sova, Doom, Mailchimp, hiding photos, and is joined by Jason Wood on this episode of Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn232
This week Dr. Doug talks: OnlyFans strikes back, Paul's new post, Windows vs. Linux, Conti, CISA, Zeppelin, NHS, and show wrap-ups on the Security Weekly News!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn231
This week, we start off the show by welcoming Ryan Fried to discuss how Security analysts can move past traditional Indicators of Compromise from threat intel like domains, hashes, URLs, and IP addresses. These indicators typically aren't valid shortly after the incidents happen. Modern threat hunting by doing things like reading recent and relevant security articles, pull out behaviors that attackers are doing like commands such as net group "domain admins" or RDPing from workstation to workstation and translating those to threat hunting queries. Then, Joeseph Carson joins to discuss following in the footsteps of an attacker and uncovering their digital footprints, this episode will uncover an attacker’s techniques used and how they went from zero to full domain admin compromise, which resulted in a nasty ransomware incident. It will also cover general lessons learned from Ransomware Incident Response. Finally, in the Enterprise Security News, Normalyze and Flow Security raise money to protect data, Axio and Lumu raise money to assess risk, Bitsight intends to acquire ThirdPartyTrust, Flashpoint acquires Echosec Systems, ZeroFox goes public, Rumble rebrands as runZero, Trusting Amazon with medical records, Taking cryptocurrency off the (payment) menu, AWS’s CISO tells us why AWS is so much better than their competitors, and an ancient dial-up Internet service returns!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Segment Resources: https://www.scythe.io/library/operationalizing-red-canarys-2022-threat-detection-report
https://www.cisa.gov/uscert/ncas/alerts/aa22-181a
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw287
We start off the show this week by welcoming the infamous Eclypsium security researchers Mickey and Jesse to talk about Secure Boot vulnerabilities. They walk us through the history of Secure Boot, how it works, previous research they've performed ("Boothole"), and some details on their current research presented at Defcon this year in a talk titled "One bootloader to rule them all". Then, in the Security News, key fob hacks and stealing cars, the best Black hat and defcon talks of all-time, open redirects are still open, the keys to decrypt the wizard of oz are in a strange place, why the Linux desktop sucks, why businesses should all switch to Linux desktops, SGX attacks, let me send you an Uber to take you to the bank, 27-factor authentication, start your management engines, and guess what, your DMs are not private, and you should have used Signal.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw751
This week Dr. Doug talks: Body Blows, TA428, Microsoft, Lazarus, GwisinLocker, Burger King, Fraud in China, Nomad and Solana, and is joined by Jason Wood on the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn230
In the leadership and communications section, The Number 1 Growth Killer is Leadership Debt, How to Talk to Your Board & C-Suite About Cybersecurity, 5 ways to unite security and compliance, and more!
Zero Trust is the security buzzword of the moment, and while it is a very powerful approach, nearly every enterprise security product on the market – and some that aren’t even security products — are saying they enable Zero Trust. The problem is this: you can’t buy zero trust. It’s an approach, an architecture, and a journey, not software, hardware, or a service to deploy. Zero Trust also provides a rare opportunity in security - to reduce cost, improve security AND enhance end-user and customer experience.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw272
In today's high-tech industries, security is struggling to keep up with rapidly changing production systems and the chaos that agile development introduces into workflows. Application security (AppSec) teams are fighting an uphill battle to gain visibility and control over their environments. Rather than invest their time in critical activities, teams are overwhelmed by gaps in visibility and tools to govern the process. As a result, many digital services remain improperly protected. In this episode, we plan to address and discuss the current state of AppSec, and point out a few common failure points. Afterwards we plan to discuss what agile AppSec looks like, and how a reorganization, and a shift in management strategy could greatly transform the field, and allow business to truly address the risk of under-protected software.
Segment Resources:
Nextauth.js account takeover due to parsing flaw, URL parsing flaw in Go's net/url, another path traversal, Slack exposes password hashes (whaaat!?), Twitter exposes 5.4 million accounts, ransomware and research against PyPI and GitHub, videos from fwd:cloudsec 2022.
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw207
Naughty lemons, logic errors, CISA, DuckDuckGo, Dark Utilities, CCTV, Sharpext, and show wrap-ups on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn229
In the Enterprise Security News: BlackRock drops $250M into Acronis, Talon raises a massive $100M Series A to make Enterprise Browsers a thing, Cybrary raises $25M, Ghost Security comes out of stealth, Netskope acquires Infiot, Thoma Bravo acquires Ping Identity TLP 2.0, Thought Leadering, And Winamp is back!
The pandemic forced us to rethink our IT environment as office workers went remote, outside the traditional framework of enterprise connectivity and security. This conversation will focus on top security concerns, costs, and containment strategies that 1,100 IT/security workers in 11 countries shared in a global report Infoblox sponsored to understand how organizations are addressing the new workplace.
Segment Resources:
https://blogs.infoblox.com/security/1100-it-pros-spotlight-the-security-hazards-of-hybrid-work/
Secure Access Service Edge (SASE)/Secure Service Edge(SSE) has quickly become part of day-to-day lexicon. But what exactly is SASE/SSE and will it make enterprise data more secure? How will organizations secure their data in a cloud-first world when the user and information are completely outside the enterprise boundary? How SASE frameworks compares to traditional network protection, such as Secure Web Gateway, Next gen Firewalls, Remote Access and DLP.
Segment Resources:
https://www.brighttalk.com/webcast/288/508560
https://www.brighttalk.com/webcast/288/538266
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw283
Neal Bridges, CISO at Query.AI and well-known cybersecurity influencer, breaks down the key differences between the CISO role at a startup vs. an enterprise. He also provides best practices to be successful in this changing role.
In the leadership and communications section, CISOs: Embrace a common business language to report on cybersecurity, The Strategic Impact of Verizon's 2022 Data Breach Investigations Report, Make Shy Employees Part of Your Cybersecurity Strategy, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw271
Guy will go through some of his career choices that eventually led to 25 years in a long and fun career in information and cybersecurity. Infosec has been a fascinating and challenging field which anyone can learn through training and some of the excellent YouTube videos.
Segment Resources:
http://handlers.sans.org/gbruneau/
https://isc.sans.edu/handler_list.html#guy-bruneau
In the Security News: when hackers are not behind and outage, when hackers are behind re-routing traffic, neat pseudo-keystroke loggers, when XSS leads to code excution, TLS inside, post-quantum encryption that doesn't hold up to pre-quantum computers, Lockbit loading Cobalt Strike using Windows Defender, we love authentication bypass, and impress your co-workers with my Linux command of the week, & more!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw750
In our first segment, we are joined by Manish Gupt, the CEO and Co-Founder of ShiftLeft for A discussion of how the changes and advancements in static application security testing (SAST) and intelligent software composition analysis (SCA) have helped development and DevSecOps teams work better together to fix security issues faster! In the AppSec News: Multiple vulns in a smart lock, Office Macros finally disabled by default, data breach costs and threat modeling, designing migration paths for 2FA, & more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw206
This week Dr. Doug talks: Tears in the Rain, Encryption, Microsoft, LockBit 3.0, Twitter keys, Outlook crashes, 911, and Russ Beauchemin on the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn228
Necrobots, Class Action, Paul Speaks, Github, Robin Banks, net neutrality, and show wrap-ups on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn227
In the Enterprise Security News: Blockchain security startups are still raising tons of money, but not in crypto, since it’s now worthless. Ha! just kidding. Maybe. Am I? Anvilogic, AppViewX, Sotero, Resourcely, and Push Security all raise rounds JUICY RUMORS! Is Crowdstrike buying Orca? Is Akamai getting bought out by a PE shop? HUMAN and PerimeterX join in a rare cybersecurity merger, Are Azure’s vulnerabilities out of control? Zoom brings end-to-end encryption to its cloud phone service, npm says FINE, we’ll add some security, Kaseya’s CEO is just, telling it like it is, man. The problem must be with you. A robot attacks a child, time to add EMP grenades to your EDC! All that and more!
In order to run a successful SOC, security leaders rely on tools with different strengths to create layers of defense. This has led to a highly siloed industry with over 2,000 vendors, each with their own specific function and who very seldom work together. To gain an advantage on attackers, we need to start seeing cybersecurity as a team sport––united for a shared mission. In this session, ExtraHop's Jamie Moles and CrowdStrike's Dixon Styres discuss why and how vendors should work together to enable better integrated security for their customers. They'll share their joint philosophy toward an ecosystem approach to security and will show off some of the specific capabilities of the integration between ExtraHop Reveal(x) 360 and CrowdStrike Falcon in a live demo.
This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them!
Heightened emotions, demands for updates, not knowing how bad things might be...
Incident response isn’t easy, but practice and the right tools can make it a whole lot less stressful. Some regulations like PCI require annual IR tests, but is that enough? Imagine playing a sport where the team meets for one half-hearted practice once a year. How would that team perform under pressure? How would they communicate?
Say this sports analogy has convinced you – the IR team should practice more and should practice effectively. Questions still remain – how often? Are tabletops enough, or are live exercises and simulations necessary? We’ll aim to answer these questions and more during this interview with Tim and Paul from Tanium.
This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw282
In our research, 85% of security professionals attribute preventable business impacts to insufficient response practices. In this segment, Bill will discuss the key challenges slowing down response times, such as staffing challenges, alert quality, and organizational culture as primary factors slowing down response.
This segment is sponsored by Deepwatch. Visit https://securityweekly.com/deepwatch to learn more about them!
This week in the Enterprise News: Lacework lays off approx 300 employees, US Narrows Scope of Anti-Hacking Law Long Hated by Critics, Security Study Plan, DevSecOps Vulnerability Management by Guardrails, StackZone, Cipherloc Acquires vCISO Security Services Provider SideChannel, Broadcom to Buy VMware for $61 Billion in Record Tech Deal, Cyscale raises EUR 3 million in Seed Funding Round, & more!
There are a few IETF standards that make the identity world go 'round. SAML, FIDO and LDAP are ones that we know and love... but there's one particularly un-loved standard that is the glue between most identity systems -- cloud and on-prem -- out there. It's called SCIM and -- good news -- smart people are working on improving this 10+ year old standard. Big changes coming, and here to talk with us about it is Paul Lanzi...
Segment Resources:
https://identiverse.com/idv2022/ (Paul on Wednesday)
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw275
We’ve heard about the recent abuses for Apple’s AirTags used in tracking and stalking issues in recent months. While tools exist for detection under the Apple ecosystem, limited options exist for Android and none under Linux. We’ll explore the AirTag beacons and showcase some tools for detecting beacons and creating our own for testing under Linux. We’ll also show some ways to take our methods even further as an exercise left unto the reader.
In the Security News FreeBSD and the software supply chain, open-source implies that its open, hardcoded passwords are always bad, on-again, off-again, on-again, privilege escelation defined, preparing for quantum, so many vulnerabilities, CosmicStrand another UEFI firmware rootkit, & reviving ancient computers!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw749
Nikhil will be discussing the pain points that leaders in the application security space are facing, which can cover how software development has evolved, as well as how this has impacted development teams and security teams as well as the occurrence of shifting left. He would also like to speak to the solution he has found to this problem, specifically being that of developing a community, the Purple Book Community. This closely connects to the final topics he would like to cover, which include how breaches have continued to occur at an increasingly rapid pace, leading to the importance behind why and how companies should be prepared for when, not if, a cyber attack will occur. The talk will also cover how the Purple Book of Software Security came about and how it has now morphed into a global movement by security leaders, for security leaders, to develop secure software.
Segment Resources:
https://www.thepurplebook.club/
https://www.armorcode.com/what-is-appsecops
https://www.armorcode.com/platform-overview
https://www.armorcode.com/news
https://www.armorcode.com/integrations
This week in the AppSec News: Pwn2own results, reading the DBIR for appsec insights, XMPP flaws in Zoom, $10M bounty for a blockchain bridge vuln, researcher puts malicious payloads in ancient packages, Argo patches JWT handling, & more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw199
In the Leadership and Communications section, Uber CISO's trial underscores the importance of truth, transparency, and trust, 4 Leadership Strategies to Help Women Advance in the Tech Industry, 5 Best Predictors of Employee Turnover and What Leaders Should Do About Them, and more!
Data is the most valuable resource on the planet; but, as businesses collect and store data at an astonishing pace, data sprawl, volume, and diverse storage environments create a security nightmare. With support for hundreds of data stores across leading cloud providers and thousands of automation and response integrations, Imperva Data Security Fabric modernizes and simplifies data governance, security, and workflow management for data in all forms across multicloud and hybrid environments. The product’s flexible architecture supports structured, semi-structured, and unstructured data across a range of data repositories to ensure security policies are applied consistently everywhere so businesses can quickly understand and mitigate risk.
This segment is sponsored by Imperva. Visit https://securityweekly.com/imperva to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw264
Boards and CEOs are asking what their cyber risk posture is, and they aren't getting clear answers. Reports produced from assessments oftentimes are built on stale data rather than real-time compliance and risk data. How should C-levels be thinking about cybersecurity posture reporting, and how can they manage cyber risk in real-time as opposed to point-in-time?
This segment is sponsored by CyberSaint. Visit https://securityweekly.com/cybersaint to learn more about them!
In the leadership and communications section, CISO MindMap 2022: What do InfoSec Professionals really do?, CISO Shares Top Strategies to Communicate Security's Value to the Biz, Security leaders chart new post-CISO career paths, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw263
Killer Robots, UEFI, LinkedIn, Ducktail, Costa Rica, Tmobile, Prestashop, we also have a special guest, David Monnier from Team Cymru.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn226
In the leadership and communications section, 5 Cybersecurity Questions CFOs Should Ask CISOs, How Leaders Can Escape Their Echo Chambers, 10 Cybersecurity Compliance Statistics That Show Why You Must Up Your Cybersecurity Game, and more!
Most current security risk assessments are not effective. Doug Landoll joins BSW to explain how we can fIx this. Doug will share 5 Essential Elements of an Effective Security Risk Assessment, including: - Scoping, Scheduling, and Champions - Team Structure - Data and Measurements - Calculations and Analysis - Reporting, Presentation, and Tracking
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw270
Vuln in an Atlassian Confluence app, "Dirty Dancing" in OAuth flows, security audits of sigstore and slf4j, flaws in fleet management app, conducting tabletop exercises.
Pressured by the speed of innovation, organizations are struggling to achieve the continuous web application security they need in the face of mounting threats and compliance requirements. What does it take in order for your AppSec program to be both effective and agile? In this segment, Ferruh Mavituna, founder and strategic advisor of Invicti Security, discusses best practices to help you implement an effective, agile, and – most importantly – continuous approach to application security.
This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw205
Passwordless authentication is all the rage. And rightly so, given its promise of driving engagement and boosting productivity via more secure and frictionless user experiences. However, the path to passwordless often leads to more questions than answers. Don’t fret! We’ll offer a passwordless journey roadmap that delves into leveraging different risk signals like user behavior and device characteristics to make smarter authentication decisions.
Segment Resources: https://www.pingidentity.com/en/solutions/business-priority/passwordless.html
This segment is sponsored by Ping. Visit https://securityweekly.com/ping to learn more about them!
Sick Codes hacked all four John Deere Telematics Gateway's, and the John Deere Gen4 Series Display. Without those, it's "just a tractor." However, this is Critical Infrastructure. In fact, without Tractors, Combines & Implements: farmers cannot plant, spray or harvest. No raw materials == no food & alcohol. You will see how long I persisted over multiple months, to gain access and was able to hack these devices to the absolute binary core, warts & all. What was the bounty? Source Code, Root File Systems, FPGA compiled binaries, the works. Agricultural Security is a serious issue. Multiple ransomware attacks last year showed exactly how destructive attacks on Food & Agriculture are, and how fragile the supply chain is.
Segment Resources:
https://www.youtube.com/watch?v=zpouLO-GXLo
https://hardwear.io/usa-2022/speakers/sick-codes.php
Finally, in the Enterprise Security News: HiveWatch raises $20M to protect the office, FORT Robotics raises $13M to protect the office from robots, Emproof raises €2M to secure embedded devices, Dutch startup OneWelcome acquired by Thales, Dutch startup Hatching acquired by Recorded Future, Pwnednomore aims to protect Web3, Cybersecurity!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw281
In this episode: C++, 8220, HeatDeath, Microsoft, Okta, Candiru, Intel as well as all the show wrap-ups from this week on the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn225
This week in our first segment, we are thrilled to welcome Lesley (@hacks4pancakes) back to the show! In this segment, we'll dig into some ICS security topics including some recent threats, monitoring ICS networks for security, incident response for ICS, and more! Then, in the Security News for this week: heat waves and outages, GPS trackers are vulnerable, cracks in the Linux firewall, bas password crackers, microcode decryptors, SATA antennas, Okta vulnerabilities not vulnerabilities, updates on former CIA agent and Vault 7 leaks, decompiler explorer, and Tuxedo brings to market a liquid cooled laptop, & more!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Roaming Mantis, the FBI, Magecarts, CloudMensis, FreePBX, Russia, and liquid-cooled laptops, we also have a special guest, Rich Mogull from Firemon on this episode of the Security Weekly News.
This segment is sponsored by FireMon. Visit https://securityweekly.com/firemon to learn more about them!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn224
In the leadership and communications section, How CISOs can prepare for new and unpredictable cyberthreats, 8 Leadership and Management Principles from Ex-Navy Seal, Practice Transparent Leadership, and more!
IIoT infrastructure protection requires immediate attention. Barracuda just released key findings from a report titled "The state of industrial security in 2022," that covers the following: • The network breaches, ransomware attacks, and other security incidents businesses are facing • The current challenges related to infrastructure protection, remote access security, and digital transformation • The solutions and strategies decision makers are using to close security loopholes and boost the protection of IIoT infrastructure
This segment is sponsored by Barracuda Networks. Visit https://securityweekly.com/barracuda to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw269
0-day vulnerabilities pose a high risk because cybercriminals race to exploit them and vulnerable systems are exposed until a patch is issued & installed. These types of software vulnerabilities can be found through continuous detection but even then may not always have a patch available. It’s important for software teams to set up tools that continually look for these types of flaws, as well as defenses that let software adapt itself to an evolving threat landscape. In this episode, we will discuss the ins and outs of 0-day vulnerabilities and what the future of managing them looks like.
Segment Resources:
Recent 0-day blog: https://www.contrastsecurity.com/security-influencers/contrast-protect-eliminates-another-zero-day-headache
What is Contrast Security video: https://www.youtube.com/watch?v=8FwY6zJX1ms
The Contrast Secure Code Platform video: https://www.youtube.com/watch?v=k5CycR4R6bg
This segment is sponsored by Contrast Security. Visit https://securityweekly.com/contrast to learn more about them!
This week in the AppSec News: speculative execution attack with retbleed, CSRB's report on log4j, one-line lowercase action leads to a vuln, approaching SOC2 with secure engineering principles, free online Mac Malware book
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw204
In the Leadership and Communications segment: How to build a cyber capable board, Who Is Legally Responsible for a Cyber Incident?, Building a security culture of 'Yes', and more!
This edition of Security money is a 2 quarter update for both Q1 2022 and Q2 2022. That's what happens when you have a lot of interest and interviews. Although the SW25 Index is down, it's still outperforming the Nasdaq!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw268
In this episode of the Security Weekly News: Naivety, Microsoft, UEFI, Mantis, Celsius, Ring, and Minority Report, along with all the show wrap-ups from this week!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn223
This week, in our first segment we are joined by Andy Robbins, the Product Architect of BloodHound Enterprise at SpecterOps! Andy will explain the origin story of BloodHound, as well as where the project is today and where it's going in the future! Then, in the Security News for this week: Raspberry Pi Pico W Adds Wireless, Apple expands commitment to protect users from mercenary spyware, UK health authorities slammed for WhatsApp use in pandemic, Three UEFI Firmware flaws found in tens of Lenovo Notebook models, & a Hack Allows Drone Takeover Via ‘ExpressLRS’ Protocol!
Segment Resources: https://github.com/BloodHoundAD/BloodHound
https://medium.com/p/82667d17187a
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw747
In the Enterprise Security News, Cyber insurance joins the Unicorn club, Bishop Fox raises a $75M Series B, A dozen more funding rounds, XM Cyber acquires Cyber Observer, Zendesk gets bought by private equity, 5 more rounds of cybersecurity layoffs, Some very interesting new products - both open source and commercial, Survival of the Quickest, And a ransom victim earning money from its payment?? How surreal it is for the industry to return to RSA event in person... what changed or transformed fundamentally ... etc. Specific impacts around the areas of ZTNA, SOC, and OT security.
This segment is sponsored by Barracuda Networks. Visit https://securityweekly.com/barracuda to learn more about them!
Merritt Maxim discusses the latest trends on identity access and how organizations should tackle the ever expanding user security challenges.
Connected devices outnumber us humans two to one, a ratio that is on an accelerating growth curve. Risks associated with device counterfeiting and cyberattacks is also growing rapidly and now represent very real real risks to economies, national security, our critical infrastructure, and our very lives. One necessary component for addressing this threat is establishing a verifiable and immutable device identification and lifecycle reporting system.
Segment Resources:
Number of mobile devices worldwide 2020-2025: https://www.statista.com/statistics/245501/multiple-mobile-device-ownership-worldwide/
UCID Website - https://www.ucidentifier.io/
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw280
This week in the AppSec News: Apple introduces Lockdown Mode, PyPI hits 2FA trouble, cataloging cloud vulns, practical attacks on ML, NIST's post-quantum algorithms, & more!
Appsec starts with the premise that we need to build secure code, but it also has to be able to recommend effective practices and tools that help developers. This also means appsec teams need to work with developers to create criteria for security solutions, whether it's training or scanners, in order to make sure their investments of time and money lead to more secure apps.
Segment Resources: https://forwardsecurity.com/2022/04/24/embedding-security-into-software-during-development/
https://forwardsecurity.com/2022/03/15/application-security-for-busy-tech-execs/ https://forwardsecurity.com/2022/03/09/sast-sca-dast-iast-rasp-what-they-are-and-how-you-can-automate-application-security/
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw203
There was a time when the perceived wisdom was to buy best of breed security technologies and that would do for your security program. Trouble of is, none of it integrates with each other or your wider IT. With budgets getting tighter, security pros are being asked to look again at big portfolio security providers and work out whether they can use their offerings to slim down. In this session I'll discuss what I'm hearing from our customers, and some of the things we are starting to see people do to balance the need to optimize cost and efficiency without compromising security protection.
Speed, Velocity, and Acceleration. The physics of motion are well documented, and we understand how these scalar and vector quantities differ. In information security and cyber risk management the dynamics are not as well understood which has confused our ability to distinguish between motion and progress. This confusion intensifies our escalating risk cycle by causing a mirage of control that continues to lead us to down a path of compromise and catastrophe, adding to our growing labor and skill deficit. This segment is meant to explore the existing physics and gravitational forces of how we have approached cyber risk management to date, discuss where we are stuck today as well as ideas for a path forward - a reorientation of security operations function so that it is optimized to handle the volume as well as reposition it from an anchor point of continual reaction to one where it can take proactive action in front of the cycle of risk. The heart of these changes is a redefinition of the risk equation we have been using for decades Risk = F (Threat, Vulnerability, Consequence) which while useful initially has created a spray and pray model across most of our organizations. I will explain how to redefine the equation to be Risk = F (Threat, Exploitability, Consequence).
Segment Resources: https://www.uscybersecurity.net/csmag/going-beyond-the-motions-of-cybersecurity/
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw267
Over the past year, we’ve seen more buzz develop around attack surface management. In fact, major analyst firms Forrester and Gartner recently released research about this topic. But what exactly is it? In this segment, join Mark St. John, LookingGlass’s SVP of Product, to learn more about how to define your attack surface, how to manage it, and how it can help your organization improve its cybersecurity.
This segment is sponsored by LookingGlass Cyber. Visit https://securityweekly.com/lookingglass to learn more about them!
As the push toward digital transformation continues, every organization is having to choose: Security or experience first? We are entering an era where Security and Identity professionals work together to eliminate tradeoffs and rapidly evolve from technical experts to experience artists. Using solutions that customize, code, and integrate for you while boosting security through MFA, passwordless logins, and risk modernizes your identity experience.
This segment is sponsored by Ping. Visit https://securityweekly.com/ping to learn more about them!
PCI DSS v4.0 was released on March 31st, 2022 and we've got Jeff Man joining us today to discuss some of the more notable changes that folks should be aware of.
Some great resources from Jeff and his employer on PCI 4.0:
https://info.obsglobal.com/pci-4.0-resources
And the PCI Council's own summary of changes between PCI 3.2.1 and 4.0: https://securityweekly.com/wp-content/uploads/2022/06/PCI-DSS-Summary-of-Changes-v3_2_1-to-v4_0.pdf
Extortion, business disruption, and monumental payouts. We’ll cover trends in attacker “innovation” and role of identities and credentials.
This segment is sponsored by CyberArk. Visit https://securityweekly.com/cyberark to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw279
This week, we start off the show by interviewing veteran cybersecurity journalist and author Joseph Menn. Now at the Washington Post, Joseph talks about his books and the best reporting on hacking and defense today! Then, in the Security News for this week: ICS training bill, 5 myths, VoIP devices and ransomware, miracle exploits, UnRAR and Zimbra, guess what the most common weakness is, security at the device level is NOT simple, keys to the kingdom, and HP says Destructive firmware attacks pose a significant threat to businesses!
Segment Resources: https://www.amazon.com/Joseph-Menn/e/B001HD1MF6%3Fref=dbs_a_mng_rwt_scns_share
https://www.washingtonpost.com/technology/2022/05/01/russia-cyber-attacks-hacking/
https://www.reuters.com/investigates/special-report/usa-politics-beto-orourke/
https://www.wired.com/story/cult-of-the-dead-cow-at-stake-hackers-excerpt/
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw746
Both GraphQL and template engines have the potential for injection attacks, from potentially exposing data due to weak authorization in APIs to the slew of OGNL-related vulns in Java this past year. We take a look at both of these technologies in order to understand the similarities in what could go wrong, while also examining the differences in how each one influences modern application architectures.
This week in the AppSec News: Lessons learned from fuzzing, OT:ICEFALL report on insecure designs, CSA's Top Threats to Cloud Computing, Twitter apologizes for misusing data collection, & State of Open Source Security report!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw202
Introducing the concept of Tanium Data as a Service. When you've got a product like Tanium, that collects so much useful data - why would you want to keep it within Tanium? The 'Data-as-a-Service' model aims to increase the value of the Tanium product by safely sharing its data with other teams, tools, and groups within a customer's organization.
This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them!
Then, in the enterprise security news, CyberInt raises $28M for attack surface detection, RapidFort raises $8.5M for… pre-attack surface detection? Managing and monitoring your quantum devices? Making sure you don’t lose access to your crypto wallets, IBM acquires Randori, Contrast Security makes some of their tools free, Rumble adds more interesting new features, Microsoft Defender for everyone, and more! PIXM stops phishing attacks at point of click with computer vision in the browser, protecting users from phishing beyond the mailbox in any application. With the launch of PIXM Mobile, PIXM is now delivering this capability on iPhones as well as desktop devices.
Segment Resources:
https://pixmsecurity.com/mobile/
This segment is sponsored by Pixm. Visit https://securityweekly.com/pixm to learn more about them!
The rise in disclosed vulnerabilities, the speed they are weaponized, and the cyber talent shortage have left teams struggling to wade through a mountain of vulnerabilities. In this discussion, Mehul will discuss the need for a new way to cut through the noise to focus teams on prioritizing and fixing those critical vulnerabilities that will most reduce risk in each organization's environment. He'll also cover how Qualys is redefining risk and vulnerability management in the latest version of VMDR and share stories of how customers have leveraged this solution to dramatically reduce risk.
Segment Resources:
This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw278
This week, we kick off the show with an interview featuring Sam Bowne, the Founder of Infosec Decoded, Inc. Sam joins to discuss why many people think security is too difficult to learn because it is such a big field, and constantly growing. In the Security News for this week: appliances with holes, gamification and its pitfalls, false rocket sirens, PHP strikes again, new laws we may actually agree with, hacking jacuzzis, Icefall and the state of ICS security, Adobe is blocking anti-virus, Mega is Mega insecure, Microcorruption CTF and a DIY NSA playset!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Segment Resources:
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Show Notes: https://securityweekly.com/psw745
This week in the Security News: James Webb, Microsoft, Making money getting ransomed, Fake Cisco, Rogers, the SEC, and Zettabytes, all this, and Jason Wood on this episode of the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn222
This week, in the Enterprise News: Vanta raises a $110M Series B to automate SOC 2, ISO, PCI and other compliance efforts Immuta raises a $100M Series E for secure data access (an everything-old-is-new-again market that’s exploding) Perimeter 81 raises $100M Series C and becomes a unicorn - You get a VPN! I get a VPN! Everyone gets a VPN! Over a dozen other vendors raise funding! IBM acquires EASM vendor, Randori Another Azure vulnerability allowing tenancy escapes Microsoft’s Purview goes beyond DLP and gets into the pre-crime business Half a dozen cybersecurity vendor layoff announcements! We discuss the controversy around Rob Lee’s involvement with developing federal standards for critical infrastructure protection and we say farewell (and good riddance) to Internet Explorer… but not really Then, after the news, we’re going to air some segments recorded at the RSA conference last week.
We will cover high level winning strategies in cybersecurity marketing. The do's and don'ts for our specific industry and key factors of success in a go to market strategy.
Segment Resources: https://cybersecuritymarketingsociety.com/podcast/
Two important shifts over the last two years transformed what we once knew as an on-premise ecosystem into a global system accessible from anywhere. One is remote work, which began as a temporary measure to get us through the early days of the pandemic and has since become the norm. The other is cloud adoption, which was mainstream even before the pandemic, but has seen another bump in the last two years. As a result, the internet has become the new corporate network. Where do we go from here? This segment is sponsored by Perimeter 81. Visit https://securityweekly.com/perimeter81 to learn more about them!
Phishing attacks are increasingly focused on new vectors such as social media, business collaboration apps, and text messages. These vectors generally lack any protection for the end user. How can we protect against these attacks that are increasingly leading to costly breaches? This segment is sponsored by Pixm. Visit https://securityweekly.com/pixm to learn more about them!
Employee turnover is the biggest threat to any organization's IP. Nearly 60% of employees move to a new company within similar fields (think: competitors) and are using collaboration technology to take sensitive data at an alarming rate. Code42's Joe Payne will discuss how Insider Risk Management addresses data loss in a volatile job market while still enabling collaboration. This segment is sponsored by Code42. Visit https://securityweekly.com/code42 to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw277
This week in the AppSec News: SynLapse shows shell injection via ODBC, Java deserialization example, MFA for Ruby Gems ecosystem, simple flaws in firmware, the decade-long journey of a Safari vuln, & more!
IE has gone to 11 and is no more. There's some notable history related to IE11 and bug bounty programs. In 2008, Katie Moussouris and others from Microsoft announced their vulnerability disclosure program. In 2013 this evolved into a bug bounty program piloted with IE11, with award ranges from $500 to $11,000. Ten years later, that bounty range is still common across the industry. The technical goals of the program remain similar as well -- RCEs, universal XSS, and sandbox escapes are all vulns that can easily gain $10,000+ (or an order of magnitude greater) in modern browser bounty programs. So, even if we've finally moved on from a browser with an outdated security architecture, we're still dealing with critical patches in modern browsers. Fortunately, the concept of bounty programs continues.
References:
- https://www.blackhat.com/presentations/bh-usa-08/Reavey/MSRC.pdf
- https://web.archive.org/web/20130719064943/http://www.microsoft.com/security/msrc/report/IE11.aspx
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw201
What does a CISO do all day? Do they eat bon-bons and read the WSJ? Do they read Threatpost or BleepingComputer or Twitter? Why does a company need a CISO, or better still, do they need one? All these questions and more will be answered in this weeks episode.
Segment Resources:
https://www.cbts.com/security/security-services/
https://www.cbts.com/blog/cloud-security-controls-mitigate-risk/
https://www.cbts.com/blog/weighing-risks-benefits-moving-to-the-cloud-part-1/
https://www.cbts.com/blog/what-is-cyber-insurance/
With recent proposed rule making from he SEC, there is increased focus on the Board's involvement in governing and managing cybersecurity. What is changing in how effective CISO's engage with their Board of Directors and what is over the horizon for cybersecurity leaders?
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw266
In the Leadership and Communications section, Being concerned is not enough – What boards should know and do about cybersecurity, In the Case of Cybersecurity, the Best Defense is Education, Reskilling workers can help meet the cybersecurity staffing challenge, and more!
Defining Cyber Risk With Bryan Ware This year, RSAC is happening amidst the backdrop of major geopolitical tensions with cyber impacts; a continued, lingering pandemic and a potential economic downturn that cyber adversaries can and have leveraged to their benefit; and increasing technological innovation. All of this points toward ever-evolving cyber risk. What are some of the key considerations that executives – both ones with cyber expertise and ones without – should keep in mind as they look to not only define cyber risk but also reduce it and ensure operational resiliency? In this segment, we’ll hear thoughts from Bryan Ware, the new CEO of LookingGlass Cyber Solutions, former CEO of Next5, a business intelligence and advisory firm, and the first presidentially appointed Assistant Director of Cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security (DHS).
This segment is sponsored by LookingGlass Cyber. Visit https://securityweekly.com/lookingglass to learn more about them!
Is the Market Ready for Integrated Cyber Risk Management? Cyber risk management is now a dynamic practice for security teams and leadership. It requires up-to-date risk intelligence across many factors – external, internal, third parties, cloud posture – to inform the right decisions and enable cyber risk quantification and risk modeling to be more dynamic. Victor will discuss what drove him to leave security leadership and start a company to solve the problems he experienced with cyber risk management and how the market is responding.
Segment Resources: https://fortifydata.com/request-an-assessment
This segment is sponsored by Fortify Data! Visit https://securityweekly.com/fortifydata to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw265
This week, we start off the show by interviewing Ray Davidson, the Program Lead at Michigan Cyber Civilian Corps! The program is relatively mature, and will be presented (along with those of Ohio and Wisconsin) at the upcoming National Governors Association Cybersecurity Summit! Then, we wrap up the show with this week's Security News: Big DDOS, tracking smartphones, play Doom in your BIOS, hertzbleed, Apple M1 vulnerability, who will buy NSO, spoof your location data, building system attacks, a hacker's revenge, & more!
Segment Resources:
Our home page http://micybercorps.org
Our supporting legislation https://www.legislature.mi.gov/documents/mcl/pdf/mcl-Act-132-of-2017.pdf
Our partner organization https://www.michigan.gov/dtmb/services/cybersecurity/cyber-partners
Key article in moving our development forward - https://warontherocks.com/2018/01/estonias-approach-cyber-defense-feasible-united-states/
An article with more info https://www.lawfareblog.com/bridging-state-level-cybersecurity-resources
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw744
Starting off the show this week, we are joined by Matt McGuirk, Solution Architect at Source Defense, to discuss web application client-side security. Finally in this week's Security News: Analyzing chat logs with Python, consumer reports for IoT, hypothetically BS, the year of the Linux desktop and the year of Linux malware are the same, do you trust Google to tell you open-source software is secure?, Twitter fines, WSL attack vector, Follina, UK Government still won't pay a bounty, ransomware that makes you a better person, & more!
This segment is sponsored by Source Defense.
Visit https://securityweekly.com/sourcedefense to learn more about them!
Segment Resources: "Magecart 101" - a courseware-style overview of the problem for security practioners: https://www.youtube.com/watch?v=T4al8idAE_M
A quick five minute explainer on the problem and Source Defense's solution: https://www.youtube.com/watch?v=f8MO45EQcKY
Source Defense's brand new (as of 5/25/22) "State of the Industry" report for client-side security: https://info.sourcedefense.com/third-party-digital-supply-chain-report-white-paper
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw743
This week in the Security News Dr. Doug talks: Ant-Man Anal Attack, IOTAPTs, OpenSea, Microsoft, Jenkins, SFC, and Zuorat, as well as all the show Wrap Ups from this week!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn221
HTTP RFCs have evolved: A Cloudflare view of HTTP usage trends, Career Advice and Professional Development, Active Exploitation of Confluence CVE-2022-26134
Seamlessly Connect & Protect Entire IT Ecosystem
The new business reality is that everything is connected, and everyone is vulnerable. In today’s world, security resilience is imperative, and Cisco believes it requires an open, unified security platform that crosses hybrid multi-cloud environments. Our vision for the Cisco Security Cloud will reshape the way organizations approach and protect the integrity of the entire IT ecosystem.
Segment Resources:
Cisco Security Resilience: https://www.cisco.com/c/en/us/products/security/security-resilience.html
This segment is sponsored by Cisco. Visit https://securityweekly.com/cisco to learn more about them!
The Culture Blindspot: Harmonizing DevSecOps Helps Curb Burnout Recent data shows that security and development teams are still stressed, and they’re taking that stress home with them. Not only are they spending unnecessary hours addressing security issues that they could have otherwise prevented with modern tools and best practices, but also these teams are taking time out of their personal lives during holidays and on weekends to manage critical issues, contributing to burnout and ultimately churn. There’s good news, though: relationships between security and development are steadily improving, and with the right support and modern tooling at hand, you can transform the lives of cybersecurity professionals while also boosting your organization’s security posture, too.
This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw200
This week, Dr. Doug talks: AI, Kubernetes, Skimming, US Law, OpenSSL, the expert commentary of Jason Wood & more on the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn220
This week, Jason Wood talks: Fancy Bear Nukes, CISA/NSA on PowerShell, and Lots More Crime, as well as all the show Wrap-Ups on the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn219
This week Jason Wood is our special Guest Host, and he takes us through: Linux botnets, misconfigure AWS buckets, 24.6 billion credentials for sale, forced updates of Wordpress plugins, and more fun with Elon Musk on this episode of the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn218
This week, Dr. Doug talks: Angry AI, Hertzbleed, Microsoft and more Microsoft, QNAP, Black Folders, as well as all the show Wrap-Ups on the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn217
Explorer, Vytal, SeaFlower, Metasploit, Crypto Declines, Symbiote, child ids, and the Floppotron along with Jason Wood on this episode of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn216
This week Dr. Doug talks: Alarm robots from hell, Atlassian, Windows, Karakurt, Clipminer, Meeting Owl, and show Wrap-Ups on the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn215
Kicking off the show, John Pescatore joins for an interview & will go through his mostly random career choices that led to a long and fun career in information/cybersecurity - and how that ties into today's demand to secure the increase complex supply web of chains. Finally, this week in the Security News: Chaining Zoom bugs is possible to hack users in a chat by sending them a message, Microsoft vulnerabilities down for 2021, CISA adds 41 flaws to its Known Exploited Vulnerabilities Catalog, Using NMAP to Assess Hosts in Load Balanced Clusters, Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover, & more!
Segment Resources: SANS Cyberstart initiative - https://www.cyberstartamerica.org
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Show Notes: https://securityweekly.com/psw742
This episode, in the first segment Matt McGuirk, Solution Architect at Source Defense, joins to discuss Understanding Web Application Client-Side Risk! Then, we are joined by Ian Glazer, the SVP of Product Management, Identity at Salesforce, to talk about Salesforce's Journey Towards Complete Customer MFA! Finally, in the Enterprise Security News, Funding is back, in preparation for RSA! Devo raises $100M and becomes our 56th unicorn, JupiterOne raises $70M and becomes our 57th unicorn! Open source projects get some security funding, 10 more funding announcements, Mimecast has been taken private and is now delisted from the NASDAQ, ReliaQuest acquires Digital Shadows, We talk about public and private market performance, The cybersecurity skills crisis gets worse, Expired certs + IoT devices = PAIN, & more!
Segment Resources:
"Magecart 101" - a courseware-style overview of the problem for security practioners: https://www.youtube.com/watch?v=T4al8idAE_M
A quick five minute explainer on the problem and Source Defense's solution: https://www.youtube.com/watch?v=f8MO45EQcKY
Source Defense's brand new (as of 5/25/22) "State of the Industry" report for client-side security: https://info.sourcedefense.com/third-party-digital-supply-chain-report-white-paper
This segment is sponsored by Source Defense.
Visit https://securityweekly.com/sourcedefense to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw276
Developers want bug-free code -- it frees up their time and is easier to maintain. They want secure code for the same reasons. Matias Madou joins to talk about how the definition of secure coding varies among developers and appsec teams, why it's important to understand those perspectives, and how training is just one step towards building a security culture. This week in the AppSec News: OWASP Top 10 for Kubernetes, Firefox improves security with process isolation, CNCF releases guidance on Secure Software Factories and Cloud Native Security, & the DOJ clarifies its policy on CFAA!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw198
This week, Dr. Doug talks: Flying pastry, Twitter policies and fines, Office, VMWARE, Zyxel, Digital Driver's licenses, and Verizon, along with Jason Wood on this episode of the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn214
This week, we kick off the show with an interview featuring Robert Lee, where we discuss The Year in Cyber Review 2021! In the second segment, we interview Saumil Shah, where we talk about Firmware Security! Then, in the Security News: Singapore launches safety rating system for e-commerce sites, Watch Out for Zyxel Firewalls RCE Vulnerability, New Bluetooth hack that can unlock your Tesla, Hackers Compromise a String of NFT Discord Channels, a pentester’s attempt to be ‘as realistic as possible’ backfires, & more!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw741
This week, in our first segment, we welcome Michael Ehrlich, Chief Technology Officer at IronNet to talk about Attack Intelligence, Collective Defense, & Trends to Watch! Then, Jackie Comp, VP Sales at Nok Nok & Rolf Lindermann, VP Products at Nok Nok, join for an interview about Where to Start Your Passwordless Journey!
Lastly, in the Enterprise News for this week: Funding announcements from Seclore, Pangea Cyber, StackHawk, Xage, and more. Trends include Clouded Judgement, Crypto Muggings, Tourist Investors, and more! Segment Resources: https://www.ironnet.com/blog/what-is-attack-intelligence-and-why-do-you-need-it*****
Segment Resources:
https://www.youtube.com/watch?v=yQIwOx2XCSE
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw274
This week, in the first segment, Brian Glas answers the questions surrounding the next generations of AppSec professionals: What does it look like to try teaching cybersecurity at an undergraduate level? What are the goals and challenges faced when trying to help future generations learn what they need to know to contribute to this industry? Then, in the AppSec News: Typosquatting spreads to Rust, curl fixes flaws in mishandling dots and slashes, OpenSSF invests in a mobilization plan for open source, &interesting AppSec from Black Hat Asia!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw197
Dr. Doug talks: Elon balking, CISA, Nebuchadnezzar, Lianjia, iPhone hacks leaky sites, the EU, and Chinese fraud reports, along with Jason Wood on this episode of the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn213
This week, in our first segment, we welcome Yasser Rasheed, Global Director of Enterprise Client Sales at Intel to talk about Protecting Your Environment with Intel vPro platform! Then, Omer Taran, Co-Founder and CTO of CybeReady, joins for an interview about Overcoming Challenges in Multinational Phishing Simulations! Lastly, in the Enterprise News for this week: Funding announcements from Material Security, Abnormal, Teleport, Tailscale, Smallset, Phylum and more. Acquisitions include HDiv Security, and Radiflow. New product announcements from Siren, Corelight, Artic Wolf, Onapsis and Aqua! In other news, all South Koreans are about to become one year younger!
This segment is sponsored by Intel.
Visit https://securityweekly.com/intel to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw273
In the Security Weekly News, Jason talks: DEA portal hacks, SideWinder APT group, Intel memory bugs, US Bioeconomy, the Russian cyber-threat, as well as all the show Wrap Ups for this week!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn212
This week, we kick off the show with an interview featuring Fleming Shi, where we discuss Destructive Malware and Other Threats to Watch! Then, in the Security News: Colonial Pipeline facing $1,000,000 fine, cybercrime tracking bill signed into law, Lincoln College Set to Close After Crippling Cyberattack, Nvidia’s LHR limiter bypassed, & North Carolina Becomes the First State to Prohibit Public Entities from Paying Ransoms, & more!
This segment is sponsored by Barracuda Networks.
Visit https://securityweekly.com/barracuda to learn more about them!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw740
This week, Mike and John kick off the show with an interview of Christoph Nagy, the CEO of SecurityBridge! Then, in the AppSec News: Secure coding practices and smart contracts, lessons from the Heroku breach, Real World Crypto conference highlights, and an entertaining bug in Google Docs, & more!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw196
This week, Dr. Doug talks: Ransomware including Conti, Event Log Shellcode, Big IP, Clearview, Cybercrime laws, DCRAT, the Fifth Element, as well as the Expert Commentary of the illustrious Jason Wood on this episode of the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn211
This week, we start off with an interview featuring Mike Ernst, VP of Sales Engineering, Worldwide at ExtraHop! Then, in the Leadership & Communications section: 6 information governance best practices, The Seven Deadly Sins Of Leadership, Secrets to building a healthy CISO-vendor partnership, & more!
This segment is sponsored by ExtraHop Networks.
Visit https://securityweekly.com/extrahop to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw262
This week, in our first segment, we welcome Prashasth Baliga, Senior Security Consultant at Palo Alto Networks to talk about Security Orchestration and Automation Simplified! Then, Ryan Fried, Senior Security Engineer at Brooks Running, joins for an interview about Getting Value from SOAR beyond Phishing Workflows! Finally, in the Enterprise Security News, Veza raises $110M for Data Security, Traceable raises $60M for API Security, 10 other security startups get funded, Synopsis buys Whitehat for $330M, HackerOne approves a PullRequest, Bright Security acquires WeHackPurple, LexusNexis acquires BehaviorSec, JupiterOne continues to release some compelling books, the DevSecOps evolution, the future of Product-Led Growth, & more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw272
This week, we kick off the show with an interview featuring Fatih Karayumak, where we discuss Risk Transfer With Engineering Based Cyber Insurance! Then, in the Security News for this week: Lessons from Star Wars on threats, more than just your thermal exhaust port, Pegasus spotted again, Python replaces JavaScript?, Read-Only containers, no problem for malware, breaking out of captive portals, its always DNS, except when its not DNS, but this time its DNS and uClibc, you are ordered to block these sites, ransomeware still hurts, DoD contractors remain vulnerable, hiding in network appliances, QUIETEXIT, & more!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Show Notes: https://securityweekly.com/psw739
In the Security Weekly News, Dr. Doug talks: Cuckoo Bees, Dental bots, password day, SheetJS, f5, vodka, as well as all the show Wrap Ups!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn210
In our first segment: Dave Klein, Cybersecurity Evangelist at Cymulate joins Business Security Weekly to discuss the value of "Extended Security Posture Management"! Then In the Leadership and Communications section for this week: SolarWinds breach lawsuits: 6 takeaways for CISOs, Navy Seals’ 5 Leadership Principles That Will Transform Entrepreneurs Into Influential Leaders, More Powerful People Express Less Gratitude, & more!
This segment is sponsored by Cymulate.
Visit https://securityweekly.com/cymulate to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/bsw261
This week, Mike and John interview Lynn Marks, Product Manager at Imperva, & discuss Bad Bots: The Automated Threat Targeting Your Websites, Apps, & APIs! In the AppSec News: ExtraReplica in Azure, Chrome disfavors document.domain, appsec presentations highlighted in the latest Thinkst Quarterly, Nimbuspwn Vuln in Linux, & more!
This segment is sponsored by Imperva.
Visit https://securityweekly.com/imperva to learn more about them!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw195
This week Dr. Doug Talks: Office Pets, Aruba and Avaya, DoD Scammed, Russian forced labor, Google, Apple Obsolescence, as well as the Expert Commentary of Jason Wood on the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn209
This week, in our first segment, we welcome Rich Mogull, the CISO of DisruptOps - FireMon to discuss The Turbulent Cloud Security Market! Then, Andrew Hindle, the Content Chair at Identiverse & Chair of IDPro at Identiverse, joins to discuss Digital Identity: The Cornerstone of Our Digital World! Finally, in the Enterprise News: Basis Theory raises $17 million funding round, Crunchbase Funding Round Profile, Devo Acquires AI-Powered Security Automation Innovator to Deliver the “Autonomous SOC”, Hivemapper Dashcam, Authtech, Twitter accepts Elon Musk’s $44 billion offer, Austin Peay State University on Twitter, Basis Theory raises $17 million funding round, & more!
To register for our upcoming webcast with Rich Mogull on Deploying Cloud Applications Securely, visit https://attendee.gotowebinar.com/register/3131398543024475915?source=esw
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw271
This week, we start the show off with an interview with Michael Aminov, Founder & Chief Architect at Perception Point to discuss Security Blind Spots: Are You Protected? An interview featuring Marcus Sachs, the Deputy Director for Research at McCrary Institute for Cyber and Critical Infrastructure Security where we discuss Crypto Collecting! Finally, in the Security News for this week: Java’s “psychic paper”, Musk’s plans for Twitter’s algorithm, Bossware, What Google is getting wrong about expired domains, & NFT Tweet Auctions!
Segment Resources: Request a demo and get a FREE coffee on us: https://hubs.la/Q0156lpK0
This segment is sponsored by Perception Point.
Visit https://securityweekly.com/perceptionpoint to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Show Notes: https://securityweekly.com/psw738
This week on the Security Weekly News: Owl grease, Docker, Nimbuspwn, Edge, Emotet, NPM, as well as all the Show Wrap Ups for this week!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn208
This week, Senior Analyst Jess Burn will go highlight Forrester's eight security program recommendations for 2022 that will help security leaders take full advantage of their political capital — and budget — to resolve perennial problems and tackle emerging issues. In the Leadership and Communications section: What cybersecurity metrics should I report to my board?, Cybersecurity litigation risks: 4 top concerns for CISOs, The SEC Is About To Force CISOs Into America’s Boardrooms, and more!
Show Notes: https://securityweekly.com/bsw260
Segment Resources:
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Security News: Secret C Cabal of killer rabbits, Quantum Locker, VMWare, Ricochet Chollima, Truck Braking, Elon, Lapsus$, BlackCat, and the returning Expert Commentary of Jason Wood on this edition of the Security Weekly News!
Show Notes: https://securityweekly.com/swn207
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
How should we empower developers to embrace the NIST software development practices? Because from here on out, developers need to view themselves as the front lines of defense for the end-consumer. A more secure-aware developer leads to a more-protected consumer. Dr. Wang will offer her perspectives! In the AppSec News: Java's ECDSA implementation is all for nought, writing a modern Linux kernel RCE, lessons learned from the Okta breach, lessons repeated from a log4shell hot patch, a strategy for bug bounties, Microsoft finally disables SMB1!
Show Notes: https://securityweekly.com/asw194
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, in the first segment, we learn all about the technical ins and outs of HP SureClick Enterprise with HP expert Dan Allen and discover how SureClick Enterprise can help improve security efforts in your organization! Then, we bring on a VC to provide an investor’s point-of-view! It’s hard to imagine a better investor to join us than Will Lin, co-founder of Forgepoint, one of the few VC firms that exclusively invests in cybersecurity startups! Finally, in the Enterprise Security News: Fortress InfoSec raises $125M to help critical infrastructure improve security, ThreatLocker raises $100M, thanks in part to Kaseya’s breach, Obsidian raises $90M to secure SaaS use, DoControl raises $30M to possibly compete with Obsidian, Blueshift raises a seed round to bring SOC and XDR to SMBs, Strike Security raises a seed round to take a different approach to pen testing, Thoma Bravo is still working on an Imprivata exit, The biggest startup failures of all time - how many security vendors are on the list, Is the SEC forcing CISOs into the boardroom, Better, but harder to collect, security metrics, & more!
This segment is sponsored by HP Wolf Security.
Visit https://securityweekly.com/hpwolf to learn more about them!
Segment Resources: https://threatresearch.ext.hp.com/zero-trust-in-reverse-why-the-current-definition-of-zero-trust-is-only-half-full/
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw270
On this episode of the Security Weekly News: Dr. Doug talks: Lemon Duck, Lemon Curry, Crypto, Pwn2Own, Google, Microsoft, and Sinclair, all this and the show wrap-ups from this week!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn206
This week on Paul's Security Weekly, an interview with Captain John Alfred retired from the Rhode Island State Police. Second up is a discussion with Tom Lonardo, John Alfred, and the hosts to talk about privacy in your organization, the GDPR, the CFA, and other topics in relation to the long arm of the law. In the Security News: Logitech’s Lift is a vertical mouse that’s easier to grasp, CISA warns of attackers now exploiting Windows Print Spooler bug, Google tracked 58,exploited zero-day security holes in 2021, For Russian tech firms, QNAP urges customers to disable UPnP port forwarding on routers Putin’s crackdown ended their global ambitions, & Hackers can infect over 100 Lenovo models with unremovable malware. Are you patched?
Show Notes: https://securityweekly.com/psw737
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Tim Woods, VP Technology Alliances at Firemon, joins BSW to discuss how centralized policy management can provide the visibility, enforcement, and compliance of policies across hybrid cloud environments. In the leadership and communications section, 10 Signs of a Good Security Leader, Toxic Leadership: The Four Horsemen of the Apocalypse, Know Them, 3 Ways to Take Control of Your Cyber Security Career in 2022, and more! With an ever expanding perimeter, how do organizations address the challenges of hybrid cloud? New threats, increased complexity, and continued fragmentation of security responsibilities makes it harder than ever.
Show Notes: https://securityweekly.com/bsw259
Visit https://securityweekly.com/firemon to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Security News: Windows 11, iPhone Zero Click, LinkedIn, Scraping, Ransomware Gangs are not nice, Webex Microphones always on, as well as the Expert Commentary of Jason Wood!
Show Notes: https://securityweekly.com/swn205
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
We can create top 10 lists and we can count vulns that we find with scanners and pen tests, but those aren't effective metrics for understanding and improving an appsec program. So, what should we focus on? How do we avoid the trap of focusing on the metrics that are easy to gather and shift to metrics that have clear ways that teams can influence them? In the AppSec News: OAuth tokens compromised, five flaws in a medical robot, lessons from ASN.1 parsing, XSS and bad UX, proactive security & engineering culture at Chime!
Show Notes: https://securityweekly.com/asw193
Segment resources:
- https://www.philvenables.com/post/10-fundamental-but-really-hard-security-metrics
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
In our first segment, we welcome Bob Erdman, Director of Development at HelpSystems to discuss The Role of Automation in Pen Testing! Then, Justin Tolman, Forensic Evangelist at Exterro joins us to discuss Forensic Challenges for Security Professionals! Finally in the Enterprise News: Datto to be Acquired by Kaseya for $6.2 Billion, with Funding Led by Insight Partners, Perforce Software Puppet, Synopsys acquires Juniper Networks, Managed detection and response startup Critical Start lands $215M in funding, Thinking About the Future of InfoSec, DuckDuckGo launches Mac app in beta, How I automated my presence in video calls for a week (and nobody knew), Why Do So Many Cybersecurity Products Suck?
Segment Resources:
The Truth About Pen Testing Automation - https://www.coresecurity.com/blog/the-truth-abouth-pen-testing-automation
Core Impact Rapid Pen Tests - https://www.coresecurity.com/products/core-impact/rapid-pen-tests
This segment is sponsored by Core Security, A Help Systems Company.
Visit https://securityweekly.com/coresecurity to learn more about them!
Segment Resources:
FTK Over the Air podcast: https://www.exterro.com/ftk-over-the-air-podcast
FTK Feature Focus weekly videos: https://youtube.com/playlist?list=PLjlGL4cu_NaM0e7h1RCTJwNnZb-dyUf3B
This segment is sponsored by Exterro.
Visit https://securityweekly.com/exterro to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw269
This week Dr. Doug talks: Zero-Day Day, Cisco and other Management Networks, "Elon spits in my soup", Struts, as well as all the show Wrap Ups from this week!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn204
This week, we start the show off with an interview Mike Wilkes, Chief Information Security Officer at SecurityScorecard, for an interview about Third Party Risk Management! An interview featuring Amanda Berlin, Lead Incident Detection Engineer at Blumira! Finally, in the Security News for this week: Microsoft Zero-Days, Former Ethereum Developer Virgil Griffith Sentenced to 5+ Years in Prison for North Korea Trip, Chinese hackers are using VLC media player to launch malware, An update to Raspberry Pi OS Bullseye, Bearded Barbie hackers catfish high ranking Israeli officials & more! All that and more, on this episode of Paul’s Security Weekly!
This segment is sponsored by SecurityScorecard!
Visit https://securityweekly.com/securityscorecard to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw736
By and large, individual malware strains come and go, but to stop attacks more quickly, organizations need to gain a deeper understanding of attack techniques. By analyzing the attack goals of attackers, organizations can better align their defenses to adapt to quickly changing attack techniques. FortiGuard Labs analyzed the functionality of detected malware by detonating the malware samples collected throughout the year. The result was a list of the individual tactics, techniques, and procedures the malware would have accomplished had the attack payloads been executed. The intelligence we gathered indicates that stopping an adversary earlier is critical. Understanding adversaries’ goals is crucial to defending against the flood of changing techniques they may use. By focusing on a few identified techniques, an organization could shut down a malware’s methods for attack entirely in some situations. In the Leadership and Communications section: Cybersecurity is IT’s Job, not the Board’s, Right?, Why Some CISOs Fail, How JetBlue creates a culture of security, and more!
Show Notes: https://securityweekly.com/bsw258
Visit https://securityweekly.com/fortinet to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks: Sandworm, Protestware, FancyBear, Eyeball McSqueezy, Quantum, Spring4Shell, PacketStreamer, Bad Tax Software, and autonomous crime, all this and Russ Beauchemin on this edition of the Security Weekly News!
Show Notes: https://securityweekly.com/swn203
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
The zero trust approach can be applied to almost every technology choice in the modern enterprise, and Kubernetes is no exception. For Kubernetes network security particularly, adopting a zero trust model involves some radical changes, including moving from a security perimeter defined by firewalls, IP addresses, and cluster boundaries to a granular approach that treats the network itself as adversarial and moves the security boundary down to the pod level. William will discuss why the zero trust approach is increasingly necessary for comprehensive Kubernetes security, the dos and don’ts when adopting Kubernetes, the implications for operators and security teams, and where tooling like service mesh plays a role. In the Application Security News: SSRF at a FinTech leads to admin account takeover, Zoom's bounty payouts for 2021, SLSA demonstrates Build Provenance, Go's supply chain philosophy, Raspberry Pi credentials, & more!
Show Notes: https://securityweekly.com/asw192
Segment Resources:
- https://buoyant.io/mtls-guide/
- https://buoyant.io/service-mesh-academy/
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
In our first segment, we welcome Josh Snow, Principal Sales Engineer at ExtraHop to discuss Common Sense Steps for Implementing Shields Up! Then, Catherine Ullman, Sr. Information Security Forensic Analyst at the University at Buffalo, joins for an interview on Why Learning Offensive Security Makes You A Better Defender! Finally, in the Enterprise Security News for this week: NordVPN raises $100M and becomes the first Lithuanian Unicorn?, Coro lands a $60M Series C for small business-focused security, Airgap Networks closes a funding gap with a $13.4M Series A, Corsha lands a $12M Series A to bring MFA to machine-to-machine API traffic. What? Tru.id lands a $9M seed round to take a stab at using SIM cards for MFA, ex-Alienvault employees raise funding from Ballistic Ventures with Nudge Security, SeeMetrics scores a $6M seed round to provide better KPIs to CISOs, an essay on trust: the two sides of “Say” and “Do”, Ubiquiti continues to alienate the security community with its attacks against Brian Krebs, Why an option to edit tweets is a terrible idea, & more!
Segment Resources:
A Practical Guide for Shields Up: https://www.extrahop.com/resources/papers/shields-up-guidance-for-organizations/
Free Shields Up Assessment: https://www.extrahop.com/lp/free-shields-up-assessment/
This segment is sponsored by ExtraHop Networks.
Visit https://securityweekly.com/extrahop to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw268
This week in the Security Weekly News, Dr. Doug talks: Rants, Burnout, VMWARE, Microsoft, Android, HIMEM.SYS, Parrot, all this and show Wrap Ups from this week!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn202
This week, we start the show off with an interview Sean Metcalf, the Founder & CTO of Trimarc, where we talk “Active Directory, Azure AD, & Okta Oh My!” An interview featuring featuring Jay Beale, the CEO of InGuardians, about Kubernetes & Container security! Finally, in the Security News for this week: Ransomeware that was a breeze, getting an eyeful while charging your electric vehicle, scanning for secrets, find my iphone is useful, WTF Apple moments and why I run Linux, Wyze is not very wise, stopping teen hackers, and ranking endpoint detection!
Show Notes: https://securityweekly.com/psw735
Segment Resources:
-Peirates, a Kubernetes penetration testing tool: https://www.inguardians.com/peirates/
-Free Kubernetes workshops: https://inguardians.com/kubernetes/
-DEF CON Kubernetes CTF https://containersecurityctf.com/
-Jay's Black Hat Kubernetes Attack and Defense Training https://www.blackhat.com/us-22/training/schedule/index.html#abusing-and-protecting-kubernetes-linux-and-containers-26473
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
As the world shifted to remote work, then hybrid work, organizations have struggled with legacy technologies to solve the security challenges of this new way of working. But what if you could use the PC platform, coupled with endpoint isolation, to create a highly efficient and productive platform for users? Jonathan Gohstand from HP Wolf joins Business Security Weekly to discuss the challenges and how endpoint isolation can: - improve your overall risk management - reduce the complexity of multiple solutions/agents, and - improve user experience and productivity In the Leadership and Communications section: Leaders Must Build Trust, 600,000 Open US Jobs, Cybersecurity Retention Issues & More!
Show Notes: https://securityweekly.com/bsw257
Visit https://securityweekly.com/hpwolf to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks: VMware, Hydra, MailChimp, Cisco, Pear, Red Hat, GitLab, Creepy Agencies, lungworm tentacle robots, the triumphant return of Expert Commentary featuring Jason Wood, & more on the Security Weekly News for this week!
Show Notes: https://securityweekly.com/swn201
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Making a positive impact to how we package software to make developer's lives easier in how they have to manage security. FORCEDENTRY implications for the BlastDoor sandbox, Spring RCE, Zlib flaw resurfaces, security for startups, verifying Rust models, two HTML parsers lead to one flaw!
Show Notes: https://securityweekly.com/asw191
Segment Resources:
- https://youtu.be/Y8jvhCHGQg8
Visit https://securityweekly.com/soos to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Tim Cathcart from Knox County Schools is with us to discuss breaking into cyber from a high school perspective! Then, Steven Turner from Microsoft joins us to sweep away the noise and level set on Zero Trust! Finally, in the Enterprise Security News for this week: 14 cybersecurity startups have raised funding! Massive late stage market corrections underway and talks of self-repricing valuations, A private equity firm acquires Zimperium, Even more massive amounts of cryptocurrency are stolen, The NPM package library is under active, constant attack, Microsoft Azure Defender IoT has trivial critical vulnerabilities, White house earmarks $11B for cybersecurity, Death to SPACs, as well as Several new security vendors and products!
Segment Resources:
- NIST SP 800-207 - https://csrc.nist.gov/publications/detail/sp/800-207/final - UK NCSC ZT Guidance - https://github.com/ukncsc/zero-trust-architecture - USA CISA/OMB ZT Guidance - https://zerotrust.cyber.gov/ - DOD ZT Reference Architecture -https://dodcio.defense.gov/Portals/0/Documents/Library/(U)ZT_RA_v1.1(U)_Mar21.pdf- Microsoft ZT Guidance - https://docs.microsoft.com/en-us/security/zero-trust/
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw267
In this episode of the Security Weekly News: Information overload, Zlib, spring4shell, Apple, Honda Keyless, Rockwell PLCs, Elon Musk's dastardly plans, and National Backup Day, all this as well as the show Wrap Ups for this week!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn200
This week, we start the show off with an interview featuring Mark Boltz-Robinson, the Manager of the ADRP Team at Trellix, about the State of the SOC today! Next up, we welcome Dr. Hanine Salem, a Managing Partner at Novus Consulting Group, to discuss K-12 Cybersecurity Attacks! Finally, in the Security News: Military intelligence, Chrome updates, an exploit for the firewall, racing the kernel, creepy spyware goes away(?), weaponizing security complexity, same old tricks, the largest crypto hack, suing journalists, targeting your battery backup, the teenager behind Lapsus$, spring exploits just in time for spring, & hacking your Honda Civic!
Segment Resources:
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/psw
for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Show Notes: https://securityweekly.com/psw734
Every CISO CIO asks the question, what's the risk? Quantitative analysis, mathematical models are designed to answer this question. Understand how they work, when to use them, and what they can tell us. In the Leadership and Communications section: Cybersecurity Threat Level is High; Be Pro-Active, Cyber Risk Quantified is Cyber Risk Managed, 5 Ways Managers Sabotage the Hiring Process, and more!
Show Notes: https://securityweekly.com/bsw256
Segment Resources:
https://www.amazon.com/Ensure-Business-Success-Informed-Decisions-ebook/dp/B09Q7R1HY4
https://portal.fismacs.com/p/p-rmod4cyber
https://fismacs.com/white-paper-mhp-ip4cyber/
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks: The Rhodesian Secret Police, WordPress, CISA Alerts, VerbleCon, Rapid attacks, Sophos, Apple Watch Spying, as well as the Special Expert Commentary of guest Fleming Shi on this edition of the Security Weekly News!
Show Notes: https://securityweekly.com/swn199
Visit https://securityweekly.com/barracuda to learn more about them!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Developers ignore security issues. But can we really blame them? After all, security folks bombard them with an endless stream of issues that need to be addressed with no way for them to separate what’s actually critical from all the noise, all while they are expected to release software more frequently and faster than ever before. It makes sense why developers view security as something that just gets in their way and slows them down. To make application security easy, we must make it developer-first. This is the future of AppSec. In the AppSec News: Okta breach, fuzzing Rust find ReDos, SQL injection and the age of code, Log4j numbers paint a not-pretty picture.
Show Notes: https://securityweekly.com/asw190
Segment Resources:
- https://techbeacon.com/devops/5-steps-building-developer-first-application-security-program
- https://www.tromzo.com/state-of-modern-application-security
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Security News, Dr. Doug talks: Deepfakes, Supply Chain Attacks, Lapsus$, Russian Indictments, North Korea, as well as all the show Wrap-Ups from this week!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn198
This week, in our first segment, we welcome Zane Bond, Director of Product Management at Keeper Security, for an interview on How to Secure Your Secrets! We discuss how, Since IT network secrets unlock access to highly privileged systems and data, securing secrets is just as critical to preventing cyberattacks as securing end-user passwords! Then, Erin Kenneally, Senior Director, Cyber Risk Strategy at Guidewire to discuss Cyber Risk, & how past ransomware incidents could lead to a call for cyber insurance industry adaptation! Finally, we dive straight into the Enterprise News for this week! In the Enterprise Security News for this week: Island raises another $115M to build a secure web browser, less than 2 months after raising $100M, Bionic raises $65M for application intelligence, Israeli startup HUB Security merges with a SPAC to go public on the NASDAQ at a $1.28B valuation, Cybersecurity now has 53 unicorns, which are the most interesting to follow? New data shows VCs pulling back on Series A, B, and C, but is this data any good? Over 90% of orgs had an incident tied to a third party last year, the SEC might require public companies to report hacks and hand over details, & more!
Segment Resources:
-https://www.dhs.gov/sites/default/files/publications/3950_CYRIE_Report_FINAL508.pdf
Segment Resources:
https://www.keepersecurity.com/en_GB/secrets-manager.html
This segment is sponsored by Keeper Security.
Visit https:// Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw266
This week, we start the show off with an interview featuring Stephen Ward, the CMO of Source Defense, about Exposing the Shadows: Managing Shadow Code and the Blind Side in 3rd Party Risk! Next up, we jump into the Security News for this week: insiders inside NASA, BIND is in a bind again, Lapsus$ is on a tear, ripping at Microsoft and Okta, anonymous hacks printers, The UEFI security rabbit hole goes DEEP, Microtik and Tickbot, Browser-in-the-Browser attacks, Nestle gets attacked for not wanting to hurt babies, & just another sabotage! Finally, a pre-recorded interview featuring Dave Kennedy, where we discuss TrevorC2!
Segment Resources:
Core whitepaper: https://info.sourcedefense.com/event/client-side-white-paper-2022?leadsource=White%20Paper
Blog on the blind side topic https://sourcedefense.com/resources/blog/wheres-the-blind-side-in-your-3rd-party-risk-its-on-the-client-side/
Free risk report on attendee's web properties https://sourcedefense.com/check-your-exposure/
This segment is sponsored by Source Defense.
Visit https://securityweekly.com/sourcedefense to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Show Notes: https://securityweekly.com/psw733
The most recent trends in social engineering, the latest methods attackers are using to trick their victims, and the best practices to protect your business from these evolving threats. In the Leadership and Communications section: What the Newly Signed US Cyber-Incident Law Means for Security, How to plan for increased security risks resulting from the Great Resignation, The 5 Pillars of Growth, and more!
Show Notes: https://securityweekly.com/bsw255
Segment Resources: https://assets.barracuda.com/assets/docs/dms/Spear-phishing-vol7.pdf
Visit https://securityweekly.com/barracuda to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks: Modern problems, Conti, Toyota, Android and Android, BitB, HP, and Jason Wood on this edition of the Security Weekly News!
Show Notes: https://securityweekly.com/swn197
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the AppSec News: A great escape isn't always as great as it sounds, Solana cryptocurrency logic isn't always as great as intended, some people's idea of "peace" isn't that great at all, and some great security suggestions for package maintainers. - Past research such as JNDI Injection, Unsafe deserialization, Struts RCEs - OSS security: CodeQL, Dependabot, collaboration between researchers and developers, OWASP Top Ten Proactive Controls, CVD for OSS.
Show Notes: https://securityweekly.com/asw189
Segment Resources:
- [Write more secure code with the OWASP Top 10 Proactive Controls](https://github.blog/2021-12-06-write-more-secure-code-owasp-top-10-proactive-controls/)
- [An analysis on developer-security researcher interactions in the vulnerability disclosure process](https://github.blog/2021-09-09-analysis-developer-security-researcher-interactions-vulnerability-disclosure/)
- [Building security researcher and developer collaboration](https://www.securitymagazine.com/articles/97066-how-to-build-security-researcher-and-software-developer-collaboration)
- [Coordinated vulnerability disclosure (CVD) for open source projects](https://github.blog/2022-02-09-coordinated-vulnerability-disclosure-cvd-open-source-projects/)
- [GitHub Advisory Database now open to community contributions](https://github.blog/2022-02-22-github-advisory-database-now-open-to-community-contributions/)
- [Blue-teaming for Exiv2: creating a security advisory process](https://github.blog/2021-11-02-blue-teaming-create-security-advisory-process/)
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, in our first segment we're joined by Johanna Ydergard, VP of Product at Detectify joins us to cover a brief overview of the attack surface market - what it is, why it’s necessary to have an additional tool along with DAST, SAST. It will also cover how Detectify’s unique advantage of crowdsourcing is a true differentiator in the EASM market and how the model differs from the big Bug Bounty Platforms. It will detail on how Detectify collaborates with ethical hackers to crowdsource security research from the forefront of the industry, so you can check for 2000+ common vulnerabilities. Next, Learn how a proactive cybersecurity program can be a game changer for an organization's success through continuously assessing risk and evolving to stay ahead of threats. Join us as we discuss impactful ways to stay one step ahead with Pablo Zurro, Product Manager at Core Security, by HelpSystems! Finally, this week in the Enterprise News: Quincy man rescues coworker from Ukraine, Cloudflare Email Security Tools, New CISA Vulns, RSA Conference Acquired, Massive Rounds, Incident Reporting Signed into Law, & more!
Show Notes: https://securityweekly.com/esw265
Segment Resources:
https://detectify.com/external-attack-surface-management
https://detectify.com/crowdsource/what-is-crowdsource
[Guide] Taking Back Control: A Proactive Approach to Advance Your Security Maturity - https://static.helpsystems.com/core-security/pdfs/guides/cs-advancing-your-security-maturity-gd.pdf
[Video] Core Impact Pen Testing Software Overview - https://www.coresecurity.com/resources/videos/core-impact-overview
https://static.helpsystems.com/hs/pdfs/2022/datasheet/hs-security-maturity-matrix-ds.pdf
Visit https://securityweekly.com/detectify to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Security Weekly News, Dr. Doug talks: War rants, sat-com, node-IPC, Counterfeit Chips, Go, AI, shortwave radio, all this and the show Wrap Ups from this week!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn196
This week, we start the show off with an interview featuring G Mark Hardy, President of the National Security Corporation, for an interview where we go from From Hacker Jeopardy to CISO Tradecraft! Next up, we welcome Lawrence Nunn, the CEO of Cyberspatial to discuss Making Cyber Accessible to Everyone! In the Security News: Secret Keys in Samsung Source Code, Conti (tries) to go legit, Cracking crypto keys with a 300 year old algorithm, CISA’s must patch list, & FTC fines CafePress over Data Breach!
Show Notes: https://securityweekly.com/psw732
Segment Resources:
https://www.cisotradecraft.com
https://www.youtube.com/c/cyberspatial
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
It doesn't matter how much security technology you have, how much you spend on security: security outcomes are achieved by doing all the little things right. You can spend $10M on network security technology from any vendor, but you will fail to effectively secure your enterprise if you don't properly manage the policy enforced by those firewalls. That sounds really simple, but simple doesn't scale. If you only have a few firewalls with policies consisting of tens of rules, it may be simple. But imagine an enterprise that has 2,000 firewalls, each firewall has a policy with an average of 500 rules, each rule has an average of 15 objects, each source and destination object represent an average of 50 IP addresses. This enterprise is managing, 2,000 firewalls, 1 million rules, 125 million connections, representing over 300 billion access paths. And just 1 wrong rule could expose the network to compromise. In the Leadership and Communications section: CISOs are still chiefs in name only, Defining “Reasonable” Cybersecurity: Lessons from the States, Security Leaders Find Value in Veterans to Solve Cyber Skills Shortage, and more!
Show Notes: https://securityweekly.com/bsw254
Visit https://securityweekly.com/firemon to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Cybersecurity is a large and often complex domain, traditionally focused on the infrastructure and general information security, with little or no attention to Application Security. Security providers usually tack-on AppSec services to their existing menu of offering without understanding the domain, and their team of professionals have little or no experience with software development or inner workings of modern application architectures. As the world turns Digital at a rapid pace accelerated by the recent pandemic, applications become common place in our lives, providing attackers more opportunities to exploit these poorly protected applications. As such, it is important to know what is actually required to build and run software securely, and how to do application security right. This week in the AppSec News: Dirty Pipe vuln hits the Linux Kernel, AutoWarp vuln hits Azure Automation, TLStorm hits critical infrastructure, & hacking the Mazda RX8 ECU!
Show Notes: https://securityweekly.com/asw188
Segment Resources: https://forwardsecurity.com/2022/03/07/application-security-for-busy-tech-execs/
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week Dr. Doug talks: ASCII Porn, Pirate Hunting, The Ukraine, Conti, Pandora, Mobile Device Hell, and Crypto ATMs, along with Jason Wood on this edition of the Security Weekly News!
Show Notes: https://securityweekly.com/swn195
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Managing firewall rule reviews, especially for PCI-DSS, can be complex but it doesn't have to be. Hear from Jeff Styles as he talks about how you can automate this process to keep you compliant and secure. There's a LOT of noise in the security industry. We've catalogued over 10,000 cybersecurity products and each of the companies behind these products has a marketing team, a twitter account, a blog, and a ton of content to blast at enterprise security buyers. There's an interesting connection between GreyNoise's product, founder, and principles. While building a product that filtered out the noise that wastes most security operations teams' time, Andrew was dead set against building a startup that resembled the typical security startup. We'll discuss Andrew's unique path to market, the latest features of GreyNoise, and where the lines are drawn between malicious and benign scanning. In the Enterprise Security News for this week: Google intends to acquire Mandiant HelpSystems to pick up Alert Logic - at least their 11th security acquisition in the past 3 years, Rumor that Abnormal Security could be our next security unicorn, Axonius raises a $200M Series E, A number of AppSec and cloud security startups raise their first big rounds, SEC requires public companies to report breaches within 4 days,Did we mention Google is buying Mandiant? All that and more, on this episode of Enterprise Security Weekly.
Show Notes: https://securityweekly.com/esw264
Segment Resources:
GreyNoise Visualizer (free web tool for researching scanner IPs): https://www.greynoise.io/viz/query/?gnql=last_seen%3A1d
GreyNoise Trends for Apache Log4j Exploit Attempts: https://www.greynoise.io/viz/tag/apache-log4j-rce-attempt
Visit https://securityweekly.com/firemon to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we start the show off with an interview featuring Daniel Trauner, Senior Director of Security at Axonius, to discuss why Technology Changes, but Security (Often) Stays the Same! Next up, we welcome Antranig Vartanian, the CEO of Illuria Security, Inc to discuss The State of Security of Current UNIX(-like) Systems! Lastly, the Security News for this week: HP UEFI Flaws, Strange Social Engineering Tactics, Samsung Galaxy Source Code Stolen, Malware with NVIDIA code-signing Certs, and Amazon echos hack.... themselves!?
Show Notes: https://securityweekly.com/psw731
Segment Resources: https://www.oshean.org/events/EventDetails.aspx?id=1589105&group=
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
In the Security News, Dr. Doug talks: War of course, supply chains, certs, Ukrainian IT army malware, BazarBackdoor, some scary studies, Walter Cronkite as PewDiePie, along with all the show Wrap Ups on the Security Weekly News!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn194
Something is seriously wrong with our current approach to cybersecurity––the more we spend, the worse the situation becomes. In an industry plagued by a chronic talent shortage, one thing is clear: simply throwing another tool in the mix isn’t the path to better security. If we’re going to solve the security paradox, we’re going to need a cross-functional, in-depth analysis of the problem and a structured approach to fixing it. Michael McPherson joins Business Security Weekly to share tactical questions that security leaders can ask themselves and their teams in order to build a better overall approach to defense. In the Leadership and Communications section, 7 Pressing Cybersecurity Questions Boards Need to Ask, 7 mistakes CISOs make when presenting to the board (Let's see if those align), CISO Checklist for Offboarding Security Staff, and more!
Show Notes: https://securityweekly.com/bsw253
Visit https://securityweekly.com/extrahop to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Security Weekly News, Dr. Doug talks: Ragnar Locker, more Linux vulnerabilities, Samsung, Nvidia, Adafruit and Ada Lovelace, CrowdStrike, Cloudflare, Ping Coalition, and ICS along with the Expert Commentary of Jason Wood on this edition of the Security Weekly News!
Show Notes: https://securityweekly.com/swn193
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
As the volume of API traffic increases, it becomes a greater threat to an organization’s sensitive data. Motivated attackers will increasingly target APIs as the pathway to the underlying infrastructure and database. Imperva API Security is a new product that delivers rapid API discovery and data classification -- helping an organization truly protect all paths to the data, without slowing down the application development lifecycle. In the AppSec News: Finding vulns in markdown parsers, Census II and widespread open source dependencies, inside iCloud Private Relay, and cloud pentesting tools!
Show Notes: https://securityweekly.com/asw187
Visit https://securityweekly.com/imperva to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, in our first segment, we welcome Chad Skipper, Global Security Technologist at VMware, & Karen Worstell, Sr. Cybersecurity Strategist at VMWare, for an interview on Exposing Malware in Linux-Based Multi-Cloud Environments! Then, Sharon Goldberg, the CEO and Co-Founder at BastionZero Inc, joins us to discuss Putting the Zero Back Into Zero-Trust! Finally, in the Enterprise Security News, BlueVoyant raises a $250M Series D to become security’s newest unicorn (baby unicorn, awww), Balbix raises a $70M Series C, Scope Security announces a $20M Series A to specifically focus on monitoring and defense for healthcare, Palo Alto introduces a new product aiming to disrupt the SIEM market, Third Party Risk Management vendors come together to forge the one ring of standards to rule all of cyber (less forge, more rubber stamp though), Signal Science founder, former Etsy CISO, and honorary level 80 DevOps wizard Zane Lackey is now a general partner at Andreesen Horowitz (A16Z), All that and more, on this episode of Enterprise Security Weekly!
Segment Resources:
https://via.vmw.com/exposingmalware
This segment is sponsored by VMware.
Visit https://securityweekly.com/vmware to learn more about them!
Analysis of the federal government's zero trust memo:
https://www.bastionzero.com/blog/i-read-the-federal-governments-zero-trust-memo-so-you-dont-have-to
https://www.bastionzero.com/blog/bashing-vpns-for-fun-and-profit
Zero trust security models https://docs.bastionzero.com/product-docs/home/security-model
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Visit https://www.securityweekly.com/esw for all the latest episodes!
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw263
This week in the Security Weekly News, Dr. Doug talks: War, of course, Toyota, DynamicWeb, open-source, scams, Google, and zero-trust, along with all the Wrap-Ups for this week!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn192
This week, we start the show off with the Security News for this week: Was It Russia?, Blocking software updates, crowd-sourced attacks, protecting FPGAs, moving Linux to modern C, Nvidia hit, the split of cyber criminals, Namecheap banning, Anonymous declares war, the Alan framework, and leaving your Docker port exposed... & more! Next up, we welcome Alissa Torres, Senior Threat Hunter at Palo Alto Networks, to explain how to “Hack the Hiring Process”! Last up, the a pre-recorded interview featuring Rich Mogull from FireMon, to discuss The Unique Challenges of Companies Born in the Cloud!
Show Notes: https://securityweekly.com/psw730
Segment Resources:
Alissa's class with Antisyphon InfoSec Training **Advanced Endpoint Investigations** - https://www.antisyphontraining.com/advanced-endpoint-investigations-w-alissa-torres/
Visit https://securityweekly.com/firemon to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Ransomware developments we saw over the past year—along with a look ahead at what to expect in 2022. In the Leadership and Communications section, Answer this question to assess your leadership, Partner Across Teams to Create a Cybersecurity Culture, The Future of Cyber Insurance, and more!
Show Notes: https://securityweekly.com/bsw252
Visit https://securityweekly.com/barracuda to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks: Erotica, daxin, Judyrecords, the Ukraine, a bunch of scams, as well as the returning Expert Commentary of Jason Wood on the Security Weekly News!
Show Notes: https://securityweekly.com/swn191
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Steve Wilson, Chief Product Officer at Contrast Security, to discuss Integrating Appsec Tools for DevOps Teams! In the AppSec news: Salesforce reveals their bounty totals for 2021, GitHub opens its advisory database for collaboration, a year in review of ICS vulns, automating WordPress plugin security analysis, the Secure Software Factory from CNCF, Samsung's encryption mistakes, filling in the missing semester of Computer Science!
Show Notes: https://securityweekly.com/asw186
Visit https://securityweekly.com/contrast to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, in our first segment, we welcome Jimmy Vo, Detection Engineer at Datadog for an interview on Detection Engineering in the Age of Cloud! Then, Brian Peterson, ICS4ICS Program Manager, ISAGCA Advocacy Program Manager, and LOGIIC Program Manager at International Society of Automation, joins us to discuss Incident Command System for ICS Improves Response to Cybersecurity Incidents! This week in the Enterprise News: eSentire raises $325M as it expands into services, Beyond Identity raises $100M to build out MFA, Secureframe raises $56M to help folks with SOC 2 and HIPAA compliance, Nashville-based Phosphorus Cybersecurity raises $38M to secure IoT devices (curious about the name - what kind of Phosphorus? Could be dangerous!), anecdotes raises a $25M Series A to compete in the same space as Secureframe (lots of money for folks that ease compliance pains!), Cloudflare acquires, Area 1 Security for $162M, Darktrace acquires ASM vendor Cybersprint, Snyk acquires Fugue, Andy Ellis drops an SBOM in his latest opinion piece, the latest of several thought-provoking hot takes from him, CISA publishes a list of free tools and services, & more!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw262
This week Dr. Doug talks: Disney Adventures, Sandworm, Cyclops Blink, Armageddon, Electron Bot, Airtags, SockDetour, as well as all the Wrap Ups for this week on the Security Weekly News!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn190
This week, we start the show off with the Security News for this week: Unskilled hacker linked to years of attacks on aviation, transport sectors, The Elite Hackers of the FSB, Bionic Eyes Go Dark, Herpaderping, & more! Next up, we welcome Chris Sistrunk, Technical Manager of ICS/OT at Mandiant, for an interview about Blaming Stuxnet! Last up, a pre-recorded interview featuring Josh Corman!
Show Notes: https://securityweekly.com/psw729
Segment Resources:
Presentations: https://www.slideshare.net/chrissistrunk
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
The Business Information Security Officer, or BISO, is relatively new and somewhat controversial role. Does this role act as the CISO's non-technical liaison to the business units or as the CISO's deputy to oversee strategy implementation at a granular level? Is this new role a necessary career path for future CISOs or an entry point into security? The BSW hosts debate! In the Leadership & Communications section for this week: What Is Security?, How to Team Up with IT for Cybersecurity, Executive Cybersecurity Leadership Program launches, and more!
Show Notes: https://securityweekly.com/bsw251
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Security News, Dr. Doug Talks: Clearview, Iran, the biggest bug bounty, stone panda, "Adult" scamming, xenomorph, chat attacks, along with the returning Expert Commentary of Jason Wood!
Show Notes: https://securityweekly.com/swn189
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Lots of web hacking can be done directly from the browser. Throw in a proxy like Burp plus the browser's developer tools window and you've got a nearly complete toolkit. But nearly complete means there's still room for improvement. We'll talk about the tools to keep on hand, setting up practice targets, participating in bug bounties, and more resources to help you learn along the way! Then, this week in the Application Security News: RCE in Cassandra, why pixelization isn't good redaction, Rust's compiler is friendly, Edge adds arbitrary code guard to its WASM interpreter, & the difference between secure code and a secure product (as demonstrated by a DAO)
For tips on labs beyond just appsec, be sure to check out the Security Weekly webcast on "Do It Yourself: Building a Security Lab At Home" at https://securityweekly.com/webcasts/do-it-yourself-building-a-security-lab-at-home/
Segment resources: - https://www.darkreading.com/careers-and-people/want-to-be-an-ethical-hacker-here-s-where-to-begin
https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-AWS
https://owasp.org/www-project-juice-shop/
https://owasp.org/www-project-vulnerable-web-applications-directory/
https://portswigger.net/web-security
https://azeria-labs.com/writing-arm-assembly-part-1/
https://twitter.com/0xAs1F/status/1480604655952433155
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw185
This week, Guest Host Aaran Leyland talks: Phishers, WordPress, Free Crypto Scams, Ukraine & Russia, MFA and more, along with the show Wrap Ups for this week in the Security News!
Story Links: Ukraine accuses Russia of cyber-attack on two banks and its defence ministry
Iranian State Broadcaster Clobbered by ‘Clumsy, Buggy’ Code https://threatpost.com/iranian-state-broadcaster-clumsy-buggy-code/178524/ Phishers Spoof Power BI to Visualize Your Credential Data
Vulnerability found in WordPress plugin with over 3 million installations https://www.zdnet.com/article/vulnerability-found-in-wordpress-plugin-with-over-3-million-installations/&web_view=true
MFA fatigue attacks: Users tricked into allowing device access due to overload of push notifications https://portswigger.net/daily-swig/mfa-fatigue-attacks-users-tricked-into-allowing-device-access-due-to-overload-of-push-notifications?&web_view=true FreeCryptoScam
A New Cryptocurrency Scam That Leads to Installation of Backdoors and Stealers https://www.zscaler.com/blogs/security-research/freecryptoscam-new-cryptocurrency-scam-leads-installation-backdoors-and?&web_view=true
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn188
This week, we welcome Mitja Kolsek, Founder, CEO at ACROS Security, to talk about 0patch - Security Patching That Doesn't Make Your Life Miserable! In the next segment, we welcome Vikram Asnani, Sr Director Solution Architecture at CyberGRX, to discuss Changing the TPCRM Game W/ Cyber Risk Intelligence Tools! In the Enterprise Security News, Securonix raises $1B in Vista-led round (it’s like they ate a unicorn!), Salt Security becomes a Unicorn, has not been eaten (yet), Legit Security raises a totally legit $26.5M Series A, Vicarius and Calamu raise Series As,Permit.io, KSOC, Titaniam, Canonic Security, Allure Security, and SecureThings all pick up seed funding! We look at Big Tech’s cybersecurity funding and acquisitions, The rumor mill goes nuts over a Cisco/Splunk deal that’s probably not happening (maybe?) Why are cybersecurity asset management startups so hot right now? New products, unhelpful legislation, a major acquisition, & of course a few squirrel stories!
Show Notes: https://securityweekly.com/esw261
Segment Resources:
0patch Blog with many posts on vulnerabilities and patches we make https://blog.0patch.com/
0patch FAQ https://0patch.zendesk.com/hc/en-us/categories/200441471
Visit https://securityweekly.com/cybergrx to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we start the show off with an interview featuring Michael Daniel, President & CEO, Cyber Threat Alliance! Next up, A tech segment walking through Running Windows Inside Containers On Linux! In the Security News for this week: To steal or collect a bug bounty, print bombing an NFL team, Webkit strikes again, hackers be framing, TIPC Linux kernels, is that an Airtag in your pocket, It was Russia unless it wasn't Russia, Cassandra and Magento, and how not to redact!
Show Notes: https://securityweekly.com/psw728
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome John Wheeler, CEO at Wheelhouse Advisors, and Padraic O'Reilly, Chief Product Officer & Co-Founder at CyberSaint, to discuss why it's Time To Move Away From "G - little R - Big C" (GRC)! In the Leadership and Communications section, 5 Leadership Lessons General Marshall can Teach Us, Cybersecurity incident response: The 6 steps to success, 6 Effective Tips to Politely Say No (that actually work!), and more!
Show Notes: https://securityweekly.com/bsw250
Visit https://securityweekly.com/cybersaint to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Security News: The Ukraine, Defender, Mimikatz, Chrome, Blackbyte, Cities Skylines, Adobe, and Teams, along with special guest commentator Aaran Leyland on this Edition of the Security Weekly News!
Show Notes: https://securityweekly.com/swn187
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Doug Kersten, CISO of Appfire, will discuss how the nature of vulnerabilities today makes it critical for developers to make sure they’re building projects in a secure manner in order to quickly mitigate vulnerabilities – or they risk being left scrambling to respond when a threat hits. In the AppSec News: Docker and security boundaries, Google's year in vuln awards, 2021's year in web hacks, Apple AirTags and privacy, turning AIs onto RFCs for security, & facial recognition research!
Show Notes: https://securityweekly.com/asw184
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, in our first segment, we welcome our own Tyler Robinson for a segment discussing how "To err is human, but the blockchain is forever"! Then, Branden Williams, VP of IAM Strategy at Ping Identity joins to discuss The State of Identity in the Enterprise! Finally, in the Enterprise Security News, Security automation startup Cerby raises $12M, Virtual CISO startup Cynomi raises 3.5M to help SMBs automate cybersecurity, Keeper Security acquires Glyptodon (I’m 90% certain Keeper hasn’t just purchased the remains of an ancient, long-extinct armadillo), SecurityScorecard acquires LIFARS, a DFIR consulting firm, There’s a rumor that Microsoft is considering picking up Mandiant with all the extra cash still laying around after the Activision/Blizzard buy, & DHS launches the first-ever cyber safety review board!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw260
This week in the Security Weekly News: Dr. Doug talks Crypto and more crypto, Sim swapping, Maze resigns, Win 11 scam, Tesla, and all the Wrap-Ups on the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn186
This week, we start the show off with Brian Honan, the CEO of BH Consulting joins to discuss why Cybersecurity is Not Just a Technical Problem! In the Security News for this week: Microsoft to block VBA macros by default (in some Office applications), Russia arrests it’s 3rd hacking group, The ‘Metaverse’ of security challenges, $323 Million in crypto stolen from the “Wormhole”, & a rapping influencer allegedly launders $4.5 billion worth of stolen crypto!! Next up, Qualys’ Wheel joins to discuss Uncovering a Major Linux PolicyKit security vulnerability: Pwnkit!
Show Notes: https://securityweekly.com/psw727
Segment Resources:
Security Industry Failing to Establish Trust https://threatpost.com/security-industry-failing-to-establish-trust/128321/
Treat infosec fails like plane crashes' – but hopefully with less death and twisted metal https://www.theregister.com/2017/11/24/infosec_disasters_learning_op/
IoT security: Lessons we can learn from the evolution of road safety https://www.helpnetsecurity.com/2018/08/09/iot-security-lessons/
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Ann Marie van den Hurk, Small Business Cybersecurity Champion at Mind The Gap Cyber, to talk about Effective Communications During & After a Cyber Attack! In the Leadership and Communications section, Cybersecurity Policy Creation: Priority One, 5 steps to run a successful cybersecurity champions program, The war for cloud and cybersecurity talent is on! , and more!
Show Notes: https://securityweekly.com/bsw249
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Security Weekly News: Avast, Google MFA, CISA, QBOT, QuaDream, the IRS, Slackware, and ms-appinstaller, along with the returning expert commentary of Jason Wood on this edition of the Security Weekly News!
Show Notes: https://securityweekly.com/swn185
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Security is one of the most evolving and impactful landscapes in the regulatory sphere. Proposed initiatives in the areas of Incident Response, Software and Product Assurance, Coordinated Vulnerability Disclosure (CVD), and IoT or Connected Products Regulations are among the most active and developing areas of security policy around the world. This evolving landscape also serves as an opportunity for innovation and research collaboration. Elazari will walk us through some of the most recent trends in policy proposals shaping the future of security. We will also talk about bug bounties and vulnerability disclosure, what are some of the industry's best practices in this area, how to implement these programs to foster security, collaboration and transparency, and how this connects to the policy momentum and its impact on security researchers. In the AppSec News, Vulns in an HTTP/3 server, path traversal in Argo CD, Log4Shell from the perspective of Log4j devs, DHS launches Cyber Safety Review Board, OSSF launches Alpha and Omega projects, resources for learning reverse engineering and appsec!
Show Notes: https://securityweekly.com/asw183
Segment Resources:
- Project Circuit Breaker: https://www.intel.com/content/www/us/en/newsroom/news/intel-launches-project-circuit-breaker.html
- Project Circuit Breaker Landing Page: https://www.projectcircuitbreaker.com/
- Intel’s 2021 Product Security Report: https://www.intel.com/content/www/us/en/security/intel-2021-product-security-report.html
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, in our first segment, Attila Török, joins for an interview on Manages Security for A 100% Remote Workforce! After that, we welcome Darwin Salazar, Cloud Security Consultant at Accenture to take A Look at Microsoft's Cloud-Native SIEM! Finally, in the Enterprise Security News, Island raises $100M to introduce a new Chromium-based web browser, designed for the enterprise, Plextrac rasies a $70M Series B, HackerOne raises a $49M Series E, Tenable acquires BAS vendor Cymptom, Orca swallows up RapidSec (sorry, had to), Cybereason confidentially files for IPO, KKR looks to offload Optiv, Cybersecurity startup trends of 2022, 1000 Unicorns, Infosec Startup Buzzword Bingo, We’ve got fundings, IPOs, acquisitions, take privates, a $3B seed round, legislation that makes sense - all kinds of exciting stuff today, on this episode of Enterprise Security Weekly!
To register for Darwin’s upcoming workshop with Security Weekly, please visit: https://attendee.gotowebinar.com/register/2393226017093033995?source=esw
Microsoft Sentinel Ninja Training - https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/become-a-microsoft-sentinel-ninja-the-complete-level-400/ba-p/1246310#
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw259
In this episode, Dr. Doug talks: Zuck gets zucked, MFA threats, DHS, Elementor, LinkedIn, and all the show Wrap-Ups for this week on the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn184
This week, we start the show off with an interview with Brent White, Principal Security Consultant at Dark Wolf Solutions! Next up, we have a technical segment where I walk through Linux Post Exploitation! In the Final Segment, Temporary phones, webcam hacks that are so much more, bags of cash, patch Wordpress plugins and patch them some more, crowd-sourced-government-funded vulnerability scanning, hiding deep in UEFI and bouncing off the moon, even more UEFI vulnerabilities, if Samaba were a fruit it would be....well vulnerable for one thing, charming kittens, fingerprinting you right in the GPU, Let's not Encrypt, your S3 bucket is showing again, and can you hack the latest wearable sex toys intended to delay things?!
Show Notes: https://securityweekly.com/psw726
Segment Resources:
# Blog website : www.wehackpeople.com
# Employer's website : www.darkwolfsolutions.com
# Link for EDC - Covert Entry Wallet : https://wehackpeople.wordpress.com/2019/10/10/lock-pick-concealment-edc-wallet/
# Link for other EDC items I use : https://wehackpeople.wordpress.com/2020/09/14/covert-entry-specialist-edc/
Physical Pentest Tools: https://www.sparrowslockpicks.com/product_p/hp.htm
https://www.redteamtools.com/espkey
https://www.redteamtools.com/under-door-level-lock-tool
Github: https://github.com/SecurityWeekly/vulhub-lab
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Dan Matthews, Director, Worldwide Sale Engineering from Constella Intelligence, will discuss the challenges with digital risk protection and how to protect your executives, employees, and corporate brand. In the Leadership and Communications section, Cybersecurity increasingly on audit committee agendas, CIO involvement in security grows as CEOs target risk reduction, How Poor Security Culture Leads to Insider Risk, and more!
Show Notes: https://securityweekly.com/bsw248
Visit https://securityweekly.com/constella to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This Week in the Security News: UPnP strikes back, Lazarus, Samba, CISA, SMS Scams, secret pixels, OMB Zero Trust, and Wordle, along with the Expert Commentary of Jason Wood on this edition of the Security Weekly News!
Show Notes: https://securityweekly.com/swn183
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Larry Maccherone, DevSecOps Transformation at Contrast Security, to discuss Shift Left, NOT S#!T LEFT! In the AppSec News: PwnKit LPE in Linux, two different smart contract logic flaws in two different hacks, a $100K bounty for Safari, Python NaN coercion, and AppSec games!
Show Notes: https://securityweekly.com/asw182
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Security News: Overreach, Vultur, QNAP, Trickbot, Apple, pkexec, Space Force, & more on the Security Weekly News Wrap Up show!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn182
This week, we welcome Jamie Moles, Senior Technical Marketing Manager at ExtraHop, to discuss Log4Shell: Impact and Lessons Learned! In the Enterprise Security News, Hunters raises a series C to continue building XDR, Anitian raises a $55M Series B, Four new startups emerge from stealth with seed funding, BugAlert is a new tool for notifying the public of new vulnerabilities, Turns out, Crypto.com WAS hacked, but it wasn’t Matt Damon’s fault, Who is at fault if a hacked car kills someone?, Merck wins - it was NOT an act of war, according to one court...Pearson is fined $1M for misleading investors about their 2018 data breach, Secrets of Successful Security Programs, & Why employees don’t care about your security policies! Lastly, we air a pre recorded segment with Adrian and Bikash Barai, Co-founder, CEO at FireCompass, to talk about Continuous Red Teaming Trends!
Show Notes: https://securityweekly.com/esw258
Visit https://securityweekly.com/extrahop to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we start the show off with an interview with Jimmy Sanders, CISO at Netflix, to talk about Cracks in the Castle! Next up, we have a technical segment where I walk through Securing Ubiquiti WiFi Systems! In the Final Segment, it’s the Security News: More QR codes you shouldn't trust, race conditions in Rust, encrypting railways, Pwnkit - the latest Linux exploit, tricking researchers into crashing, cybersecurity is broken?, the best cybersecurity research paper, evil Favicons, escaping Kubernetes, pimping your cubicle and someone who actually recovered their crypto wallet!
Show Notes: https://securityweekly.com/psw725
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Enabling the business requires a nuanced view of verticalization and what it means to an enterprise. Why is this important as CISO’s think about how to apply cyber to enterprise resiliency? Mark Fernandes, Global Chief Technology Officer, Security, Risk, and Governance Solutions from MicroFocus, joins us to provide an overview of their Galaxy platform that aligns threats to prioritized risk activities.
In the Leadership and Communications section, Mastering Art and Science Is Imperative for CISOs to Be Successful, Seven Ways to Ensure Successful Cross-Team Security Initiatives, 2 Key Cybersecurity Lawmakers Will Not Seek Reelection, and more!
Show Notes: https://securityweekly.com/bsw247
If you want learn more or sign-up and try Galaxy for free, please visit https://www.securityweekly.com/galaxy
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Security News, Dr. Doug talks: Control Web Panel, Russia, Belarus, Office Macros, Trickbot, MoleRats, DTPacker, and Tesla! All that along with the Expert Commentary of Jason Wood on this edition of the Security Weekly News!
Show Notes: https://securityweekly.com/swn181
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
It is hard, if not impossible, to secure something you don’t know exists. While security professionals spend countless hours on complex yet interesting issues that *may* be exploitable in the future, basic attacks are occurring every day against flaws in code that receives little review. For example, a “dated trend” by effective yet lazy hackers is to search for APIs unknown by security teams, coined “Shadow APIs”, then connect to these APIs and extract data. SQL Injection used to be the hack of choice, as a few simple SQL commands would either mean pay dirt or “move on to the next target”. Now the same can be said for Shadow API: Find, Connect, Extract. Himanshu will discuss one of many methods that are used in the wild to target Shadow APIs and export large volumes of data with a few clicks of a button or a few lines of code in Python. In the AppSec News, Safari fixes a privacy leak in IndexedDB, integer arithmetic flaw leads to Linux kernel bug, a look back on Zoom security, SSRF from an URL allow list bypass, a security engineering course and lectures, 25 years of HTTP/1.1
Show Notes: https://securityweekly.com/asw181
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Rickard Carlsson from Detectify is with us to discuss a funeral for vulnerability management! Then, Will Clark from Accela joins us to talk about architecture and security in the trenches! In the Enterprise Security News: 1Password plans to do some shopping with their massive Series C, Devo announces a $250M round, Permiso Security and Tromzo emerge backed by both traditional VCs and industry execs, STG spins out McAfee’s MVISION XDR product as Trellix - the first of many spinouts, they say, Microsoft reminds us that, in addition to being the industry’s largest security vendor, they can also drop $70B on video games if they feel like it, More reminders that open source is essential, but orgs with massive budgets will still treat it as worthless and disposable, Real-world stories of CI/CD pipeline compromises, Is Uber’s former CSO going to jail?, and Tom Brady NFTs!
Show Notes: https://securityweekly.com/esw257
Segment Resources:
Visit https://securityweekly.com/detectify to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks: 2-factor failure, UEFI, McAfee, Whispergate, oracle patches, and more on the Security Weekly News Wrap-up Show!
Show Notes: https://securityweekly.com/swn180
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we start the show off with an interview with Neal O’Farrel, Founder of The PsyberResilience Project, to talk about Cyber Resilience & Cybersecurity Mental Health! Next up, it’s the Security News: Malware targets Ukraine, I wonder where that's coming from?, evil Google Docs comments, Russia grabs REvil, funding a dictatorship, Zoom zero clicks, When 9-year olds launch DDoS attacks, 5G interference, and when your Mom steals your brownies.! In the Final Segment, we air a Technical Segment showing you how to Use WPScan To Find Wordpress Vulnerabilities!
Show Notes: https://securityweekly.com/psw724
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This isn't a story about NPM even though it's inspired by NPM. Twice. The maintainer of the "colors" NPM library intentionally changed the library's behavior from its expected functionality to printing garbage messages. The library was exhibiting the type of malicious activity that typically comes from a compromised package. Only this time users of the library, which easily number in the thousands, discovered this was sabotage by the package maintainer himself. This opens up a broader discussion on supply chain security than just provenance. How do we ensure open source tools receive the investments they need -- security or otherwise? For that matter, how do we ensure internal tools receive the investments they need? Log4j was just one recent example of seeing old code appear in surprising places.
Scams and security flaws in (so-called) web3 and when decentralization looks centralized, SSRF from a URL parsing problem, vuln in AWS Glue, 10 vulns used for CI/CD compromises!
Show Notes: https://securityweekly.com/asw180
Segment resources:
- https://www.zdnet.com/article/when-open-source-developers-go-bad/
- https://www.theregister.com/2022/01/17/open_source_closed_wallets_big/
- https://blog.google/technology/safety-security/making-open-source-software-safer-and-more-secure/
- https://docs.linuxfoundation.org/lfx/security/onboarding-your-project
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr Doug talks: WordPress, Firefox Relay, Multiple Microsoft, White House Summit, Russia Strikes back, VPNLab, my crush on Judy Jetson, and Aaran Leyland.
Show Notes: https://securityweekly.com/swn179
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
The Security Weekly 25 index has finally cooled off, closing at 2226.93 on January 13th, 2022, which is an increase of 122.69% (down from last Q) since inception. The NASDAQ Index closed at 14,806.81 on January 13th, 2022, which is an increase of 123.15% (down from last Q) during the same period. It hit another all-time high of 16,057.44 during the quarter. Then, in the Leadership and Communications segment, Arming CISOs With the Skills to Combat Disinformation, Is the 'Great Resignation' Impacting Cybersecurity?, Ask These 5 Questions to Decide Your Next Career Move, and more!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw246
Dr. Doug talks: Remote desktop, Apple, Microsoft Servers, Taco Tuesday, Gootloader, and "Farmville: Gangsta Edition", as well as his Favorite Threat of the Week!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn178
It’s a new year and a time when we make resolutions…which often drop off by the start of February. To keep your security resolutions for 2022, today’s show will be about enterprise security pitfalls and the areas corporations should focus on when planning their cybersecurity strategy for the year. Topics will include proper data hygiene; ransomware prevention and recovery techniques; challenges in securing a distributed workforce and the changing role of IT and containing data sprawl. We’re looking forward to keeping you informed throughout 2022! 2021 was the most active year in federal cybersecurity policy. Ever. The Biden administration used executive orders, new regulations, public/private partnerships and novel law enforcement strategies to shore up federal systems and engage with industry. Meanwhile, an otherwise active year in Congress took a hit when several major pieces of legislation like incident reporting mandates and federal cybersecurity reform were left of the NDAA. SC Media government reporter Derek B. Johnson will discuss what came out last year's flurry and what we can expect Congress to prioritize in 2022. In the Enterprise Security News for this week: Pentera announces a $150m Series C - YAU (Yet Another Unicorn), Herjavec Group merges with Fishtech, Google acquires SOAR vendor SIEMplify, A European grocery store buys BAS vendor XM Cyber, Flashpoint acquires vuln intel vendor Risk Based Security, Recorded Future acquires SecurityTrails, Drama in the Israeli cybersecurity news, Security, Analyst is the #1 best job of 2022, Microsoft to start rolling out its own hardware security chip, & Some annoying words get banned!
Show Notes: https://securityweekly.com/esw256
Segment Resources: https://www.scmagazine.com/feature/policy/every-month-has-been-cybersecurity-awareness-month-for-the-biden-administration
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we kick off the show with a tech segment walking through the Log4j Vuln, step by step! Then, Dragos Ruiu, creator of Pwn2Own, joins for an interview! In the Security News: Attacking RDP (from the inside), NetUSB exposed, the old mailing USB drives trick, a persisten DoS in your doorLock, Signal gets a new CEO, attacking the patching software, where does that QR code go, we heard you liked cryptominers, Pluton will fix that, and retiring from a jarring career!
Show Notes: https://securityweekly.com/psw723
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
How cloud resources are architected and utilized is different for every organization, but whether cloud native or cloud traditionalist – security risk and complexity are problems. Concerns over account takeover, overprivileged access and the struggle to keep pace with the dynamism of the cloud are driving demand for a better way to secure access. Hear Colby Dyess, Director of Product at Appgate, discuss how the principles of Zero Trust strengthen and simplify access controls across varying cloud architectures. We’ll address everything from users connecting to multi-cloud resources, secure service-to-service communication and running security as code.
In the leadership and communications section, no, we're not discussing log4j, 2021 recaps or lessons learned, or 2022 new year's resolutions or predictions!
Show Notes: https://securityweekly.com/bsw245
This segment is sponsored by Appgate. Visit https://securityweekly.com/appgate to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Security Weekly News: Toilet snakes, CES, CISA, Supply Chain Library Hijinx, QNAP, colors and fakers, and the first episode of 2022 for the Security Weekly News! All this and the returning Expert Commentary of Jason Wood!
Show Notes: https://securityweekly.com/swn177
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
There's an understandable focus on "shift left" in modern DevOps and appsec discussions. So what does it take to broaden what we call appsec into something effective for modern apps, whether they're on the web, mobile, or cloud? We'll talk about moving on from niche offerings into successful appsec programs. The FTC issues a warning about taking log4j seriously, JNDI is elsewhere, cache poisoning shows challenges in normalizing strings, semgrep for refactoring configs with security in mind, the Q4 2021 ThinkstScape quarterly, Salesforce to require MFA!
Show Notes: https://securityweekly.com/asw179
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. David Brumley from ForAllSecure is with us to discuss Bringing Autonomy to Appsec Then, in the enterprise security news, ZeroFox has a $1.4 billion dollar blank check, Corellium raises a $25m series A, GreyNoise makes its data free to help out Log4j sufferers, AWS suffers its third outage in a month (coincidentally hindering GreyNoise’s efforts), Ditching Unicorns for Dragons, Yet another easy way to become domain admin, thanks Microsoft, New report finds that current phishing training isn’t effective and is even potentially harmful. Finally, we’ll take a look at some of the biggest stories and interviews we discussed this year on ESW and will wrap with our thoughts and hopes for 2022.
Show Notes: https://securityweekly.com/esw255
Segment Resources:
Article on competition: https://www.darpa.mil/about-us/timeline/cyber-grand-challenge
Technical article on approach: https://spectrum.ieee.org/mayhem-the-machine-that-finds-software-vulnerabilities-then-patches-them
Example vulns discovered: https://forallsecure.com/blog/forallsecure-uncovers-critical-vulnerabilities-in-das-u-boot
https://github.com/forallsecure/vulnerabilitieslab
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we kick off the show with an interview featuring Deviant Ollam, Physical Penetration Specialist, at Red Team Alliance, where we delve into Lock Picking & Physical Security! Then, John Matherly, creator of SHODAN, joins for a segment about The State Of Internet Exposed Services!! In the Security News: The greatest exploit in the world, throw some more logs on the log4j fire, lock picking with a zip tie, hacking metal detectors, please disclose your vulnerabilities here, bugs in Wifi and Bluetooth have an interesting relationship, not-so-secret backdoors, taking over domain controllers, and interesting precopulatory behavior in darkling beetles!
Show Notes: https://securityweekly.com/psw722
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, guest host Aaran Leyland talks: LOG4J Advisories, HMI/SCADA, Apache, Office Patches, Delivery Scams, and the FBI along with all the show Wrap Ups for this week!
Show Notes: https://securityweekly.com/swn176
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Author of "Why CISOs Fail" is joining us today to tell us about the success of his first book as well as introduce us to his forthcoming book, "Security Hippie. Barak is best known for pioneering the concept of the virtual (or fractional) CISO model nearly two decades ago. Over the twenty years since then he has applied that model and strategy to building, managing and counseling security departments across countless and diverse organizations, including MuleSoft, Amplitude Analytics, Livenation/Ticketmaster, StubHub, Barnes and Noble, bebe Stores and many others. The goal of his new book is to convey security concepts in the form of telling stories, so we hope to hear a few examples from him during the course of the interview.
Show Notes: https://securityweekly.com/scw99
To leave a heartfelt message for Hannah (Jeff's granddaughter): https://www.caringbridge.org/visit/hannahman
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Throughout her career, Sandy Dunn has continued to mature and refine her skills. In the early days, she describes her job as a "hostage negotiator", constantly negotiating between the business teams and the security team. But as you mature, so does your approach to security. Now, Sandy talks about simplifying "knowledge management" to make it easy to understand security and becoming a "business listener" to make the right decisions. In the leadership and communications section, The Office of the CISO: A Framework for the CISO, America’s Cyber-Reckoning, How to Include Cybersecurity Training in Employee Onboarding, and more!
Show Notes: https://securityweekly.com/bsw244
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week Dr. Doug talks: Conti, log4j2, log4shell redux, the return of the Joker, Your Car's warranty is expired, haveibeenpwned, Zoho, Microsoft, and more! All this, the Expert Commentary of Jason Wood, and Doug's farewell to 2021 on this edition of the Security Weekly News!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn175
What does a collaborative approach to security testing look like? What does it take to tackle an entire attack class as opposed to fixing a bunch of bugs? If we can shift from vulnerability mitigation to vulnerability elimination, then appsec would be able to demonstrate some significant wins -- and they need a partnership with DevOps teams in order to do this successfully. Log4j has more updates and more vulns (but probably not more heartburn...), revisiting outages and whether availability has made it into your threat models, deep dive into hardware security, another data point on bug bounty awards, and looking at risk topics for the next year. This completes another year of the podcast! A very heartfelt thank you to all our listeners! And a special thank you and shout out to the crew that helps make this possible every week -- Johnny, Gus, Sam, and Renee. We'll keep the New Wave / Post-Punk, movie, and pop culture references coming for all the appsec and DevOps topics you can throw our way. Thanks again everyone!!
Show Notes: https://securityweekly.com/asw178
Segment Resources:
- https://blog.trailofbits.com/
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
In the Security Weekly News, Dr. Doug talks: LogJammin, sim swapping, Dark Watchman, Pseudomanuscrypt, Facebook bans, high school hijinx, all this and the Show Wrap Ups for this week!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn174
This week, we welcome Shoshana Gourdin, to discuss how Morale Is a Safety Control! Up next, we welcome Scott Crawford, Research Director at 451 Research / S&P Global Market Intelligence, to talk about The Evolution & Future of XDR & the SOC! In the Enterprise News: Is the art of VC valuations a lie?, Noname Security hits unicorn status, Dazz sounds like an 80's cartoon character and is the latest to join the CSPM category with a mega Series A, LogMeIn spins out Lastpass, We'll talk about Log4Shell for a little bit, but not too much, Everyone forgot that AWS had an outage last week, at least, until they had an outage this week, 83% of IT professionals can't guarantee infrastructure is safe from ex-employees, & Senate approves cyber-loaded defense bill but stripped out incident reporting! All that and more, on this episode of Enterprise Security Weekly!
Show Notes: https://securityweekly.com/esw254
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we kick off the show with an interview featuring Ed Skoudis, SANS Fellow and Counter Hack Founder, where we talk about the holiday hack challenge! Then, Sinan Eren, VP of Zero Trust Access & ZTNA Engineering at Barracuda Networks, joins for an segment walking through What to Expect in 2022 for security!! In the Security News: Printing Shellz, the exploit is in the link, 42 CVEs, time to update all of your browsers again, Microsoft App spoofing vulnerability, stealing credit cards in Wordpress, using block chain for C2, MangeEngine 0day, oh and did you hear about the log4j vulnerability!
Show Notes: https://securityweekly.com/psw721
Segment Resources:
Barracuda research on Ransomware trends and remote code execution vulns: https://blog.barracuda.com/2021/08/12/threat-spotlight-ransomware-trends/
https://blog.barracuda.com/2021/10/13/threat-spotlight-remote-code-execution-vulnerabilities/
Visit https://securityweekly.com/barracuda to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Ben Carr will lead us in a discussion about the origins of the role of CISO, roles/responsibilities, and what it's like to be a CISO. We'll touch on qualifications, organizational structure, its place in security and compliance, what it's like to be hero or scapegoat. All this and more!
Show Notes: https://securityweekly.com/scw98
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Mike Murray, CEO and Founder at Scope Security, to discuss Why Hospitals Face Unique Security Challenges! In the Leadership and Communications section: 13 traits of a security-conscious board of directors, 7 Strategies for CSO Cybersecurity Survival, 10 Effective Ways You Can Improve Your Communication Skills, and more!
Show Notes: https://securityweekly.com/bsw243
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week Dr. Doug talks: Satoshi Nakamoto, log4shell, PyPl, bad Bluetooth, bad Google, & bad Elon! All this and the Expert Commentary of Jason Wood on this edition of the Security Weekly News!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn173
This week, we welcome Francesco Cipollone - CEO & Founder - AppSec Phoenix Ltd, to discuss DevSecOps, Compliance GRC, and the Future of Application Security! In the AppSec News, Mike & John talk: All about Log4Shell, Mozilla's BigFix bug and new sandbox, Rust in the Linux kernel, path traversals, reflections on the security profession, & more!
Show Notes: https://securityweekly.com/asw177
Segment Resources:
- AppSec Cali 19 Talk:
https://www.youtube.com/watch?v=cegMUjo25Zc
- ADDO19: https://www.youtube.com/watch?v=x1p3exzkTIY
- Open Security Summit 20
- https://www.youtube.com/watch?v=8myMG36gq4o , https://www.youtube.com/watch?v=mh_P1C1a-CM
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Allie Mellen, Industry Analyst at Forrester Research to discuss Digging Into XDR! In the second segment, Vincent Berk, CTO and Chief Security Architect at Riverbed to talk about Securing the Invisible: Holes in Your Visibility Fabric & Where Hackers Hide! Finally, in the Enterprise Security News for this week: At least a dozen cybersecurity companies announced raises totaling more than $900m - just in the past week!, Permira proposes to take Mimecast private for $5.8bn, The leader of a Swiss tech company is accused of selling access to text message data for surveillance, A former Ubiquiti developer was behind the big breach announced earlier this year - he unsuccessfully tried to extort his employer, SentinelOne tries to bring mobile security back?, Google and Trail of Bits team up to release a tool that scans for vulnerable Python packages, CISA has assembled a panel that will begin making cybersecurity recommendations, Make sure to stick around for, This week's spicy take - Cloudflare recommends ditching your firewall, and This week's squirrel story - a new streaming service from an unexpected source! All that and more, on this episode of Enterprise Security Weekly!
Segment Resources:
https://visibility.riverbed.com/
https://www.riverbed.com/solutions/security.html
https://www.riverbed.com/products/npm/netprofiler-advanced-security-module.html
Visit https://securityweekly.com/riverbed to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/esw253
This week in the Security Weekly News Wrap Up Dr. Doug talks: Ben Dorsey, NginRat, AT&T, Decryption, IoT, and Bad WIFI Routers! All this and Dr. Doug's favorite threat of the week, & the show wrap ups for this week!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn172
In this interview, we discuss defenders sharing information, how Edna deals with Azure's supply chain challenges, ransomware trends, and some future predictions. Edna has been in security as long as most other folks we interview, but was a lawyer for 20 years before that! Passwordless is everywhere these days, but like most new security markets, it's shrouded in confusion. There are already dozens of vendors promising to kill the password, but they don't all seem to be coming at the challenge the same way. In the enterprise security news: ReliaQuest crests a $1bn valuation, CyCognito raises a $100m Series C, AWS enhances cloud vulnerability management, StrongDM automates access to infrastructure, Can we trust AI written code?, Killing the SOC - is the SOC dead?, Comparing secure messaging apps, The best cities for cybersecurity professionals, and Don't miss today's Squirrel Story - it's a personal anecdote!
Show Notes: https://securityweekly.com/esw252
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we kick off the show with an interview featuring Shailesh Athalye, Senior Vice President of Product Management at Qualys joins to discuss why Cybersecurity is an Unfair Game! Then, we jump straight into the Security News for this week: Stop hiding your secrets in plain sight, Detecting Wildcard DNS Abuse, $5 setup that hacks biometrics, Managing passwords with pen and paper, Windows 10 Zero Days, & why The Matrix (might be) the best hacker movie!! Finally, we close out the show with a special pre-recorded interview featuring Sven Morgenroth, Security Researcher at Netsparker, where we discussed Auth Vulnerabilities!
Show Notes: https://securityweekly.com/psw720
Segment Resources:
Visit https://securityweekly.com/invicti
https://www.qualys.com/cloud-platform/
Visit https://securityweekly.com/qualys to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
There’s something happening here – and what it is ain’t exactly clear to O.G hackers like John Threat or our own Mr. Jeff Man. We’re going to devote an episode talking about how things used to be back in the day from a hacker/penetration perspective and discuss how things are today. Are things better? Worse? Depends on your attack vector, perhaps? Join us on Discord and participate in the discussion of what’s right and what’s wrong in our industry today and what can we do about it. All from a hacker’s perspective.
Show Notes: https://securityweekly.com/scw97
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
We cover a lot of articles about CISO leadership, communications, skills, and yes, transition. This week we discuss the CISO transition from a CISO's perspective. I will interview my co-hosts on why they made moves in 2021, what criteria did they use to analyze their next role, and what are their strategies for a successful transition. In the Leadership & Communications section, 'They Said a CISO Does What?', 5 Tips to be an awesome CISO, 9 tips for an effective ransomware negotiation, and more!
Show Notes: https://securityweekly.com/bsw242
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Security Weekly News: Tardigrade, Reaper, HP, Cannazon, Ikea, Cameras, The Virtual DMV Verse, and the Expert Commentary Jason Wood on this edition of the Security Weekly News!
Show Notes: https://securityweekly.com/swn171
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
In today’s session Chris Wysopal will address a number of topics with Mike, including systemic risk in software development and how developers and security teams can work together to meet common goals and solve the speed vs. security dilemma. Specifically, they’ll discuss processes for fixing more vulnerabilities faster and tools for ensuring developer success. And they’ll talk about improving the overall maturity of DevOps teams through good development practices, good testing, remediation, and training. In the AppSec News: Bug bounty payout practices, Edge goes super duper secure mode, WebKit CSP flaw has consequences for OAuth, GoDaddy breach, vuln in MediaTek audio DSP, & more!
Show Notes: https://securityweekly.com/asw176
Segment Resources:
Veracode State of Sofware Security v11 https://www.veracode.com/state-of-software-security-report
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
In the early days of PCI there was an online column called StorefrontBacktalk which focused on retail and technology issues. The column provided valuable insights from various specialists on the interpretation and application of many of the more challenging security requirements found in PCI DSS which was reflected in its tag line, “Techniques, Tools and Tirade about Retail Technology and E-Commerce. The founder of the column, Evan Schuman, is a veteran journalist who has covered a wide range of technology, privacy and legal issues over the past three decades. Evan will give us his take on many of the issues facing the connected world -past, present, and future.
Show Notes: https://securityweekly.com/scw96
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Security Weekly News Wrap Up: Dr. Doug rants in preparation for the Holidays, Scams, Exchange Flaws, SquirrelWaffel, honeypots, hoodies, & more!
Show Notes: https://securityweekly.com/swn170
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
As a CISO tasked to present to the Board or other executives, communicating cybersecurity in business context is critical to success. Hear from Kevin Powers, who has taught hundreds of CISOs in his executive education courses how to level-up their presentation skills, metrics, and executive approach. Learn also from Padriac O'Rielly, CPO & Co-Founder of CyberSaint, about how some of the most cutting-edge security leaders are providing actionable, risk-based insights in Boardrooms and beyond to better build resiliency in the digital age. In the Leadership & Communications section for this week: Four Things Your CISO Wants Your Board to Know, 4 in 10 Organizations Do Not Employ a CISO, Creating a Culture of Cybersecurity, & more!
Show Notes: https://securityweekly.com/bsw241
Visit https://securityweekly.com/cybersaint to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Security Weekly News, Dr. Doug talks: Grandma's recipe, Imunify360, GoDaddy, Nigeria, holiday scams, bug bounties, & Bryon Hundley from ISAC joins for Special Guest Commentary! Bryon will discuss the sector-wide exercise that was conducted over the summer in which top trade associations in retail, hospitality, and travel partnered with RH-ISAC and CISA to support the first industry-wide exercise focused on communication, coordination, and decision making.
Show Notes: https://securityweekly.com/swn169
Segment Resources:
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Liam Randall, CEO at Cosmonic, to talk about wasmCloud - Distributed Computing With WebAssembly! CNCF wasmCloud helps developers to build distributed microservices in WebAssembly that they can run across clouds, browsers, and everywhere securely! In the AppSec News: What would CVEs for CSPs look like, clever C2 in malicious Python packages, diversity in bounty programs, shared responsibility and secure defaults, breach costs to influence AppSec programs!
Show Notes: https://securityweekly.com/asw175
Segment Resources:
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This Week Dr. Doug talks: Satoshi Nakamoto, Weird Sex Objects, teaching hackers, Fatpipe, Banks, Win 11, Glitch, and Perswaysion [sic], and Show Wrap-Ups, on the Security Weekly News!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn168
ExtraHop VP, GM of International and Global Security Programs Mike Campfield joins Security Weekly for a retrospective on ransomware in 2021, shares his predictions on how it will evolve in 2022 and beyond, and what controls enterprises can put into place to build their resilience to the growing threat. Jeffrey then joins us today to guide us through the rapidly changing world of Cyber Insurance! We solicited some questions from our audience and look forward to picking his brain in this segment. In the Enterprise Security News: NDR startup Netography raises a $45m Series A with Martin Roesch at the helm! Data Security startup Laminar comes out of stealth with a $32m Series A Threat Intel divestment SnapAttack spins out of Booz Allen Cloud Security startup Lacework raises $1.3bn in a single round, Lacework acquires Soluble, You can make some cash if you're willing to delete the NPM modules you manage, Congress goes Cyber Crazy - 18 new cybersecurity-related bills introduced, Emotet returns, but there are tracking tools, All that and more, on this episode of Enterprise Security Weekly!
Show Notes: https://securityweekly.com/esw251
Visit https://securityweekly.com/extrahop to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we kick off the show with a technical segment where we walk through creating vulnerable Docker Containers – On Purpose! Then, Derek Rook from Senior Director Purple Team atTeradata, & SANS Certified Instructor joins to discuss technologies to build CTFs as well as what types of things to consider while doing so!! In the Security News: The FBI is spamming you, hacking exists in the mind, Beg Bounties, nasty top-level domains, MosesStaff, why own one npm package when you can own them all, how much is your 0day worth, upnp strikes again, when patches break exploits in weird ways, records exposed in stripchat leak, can we just block ICMP?, trojans in your IDA, suing Satoshi Nakamoto, paying to be in the mile high club, it was cilantro, and sexy VR furniture!
Show Notes: https://securityweekly.com/psw719
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
CISA recently published guidance for how managed service providers (MSPs) should approach security for their operations based on the premise that cyber threat actors are known to target MSPs to reach their customers. MSPs provide remote management of customer IT and end-user systems and generally have direct access to their customers’ networks and data. By exploiting trust relationships in MSP networks, cyber threat actors can gain access to a large number of the victim MSP customers. The CISA Insights publication provides mitigation and hardening guidance for MSPs and their small- and mid-size business customers. By applying this guidance, organizations can protect MSP customer network assets and reduce the risk of successful cyberattacks. Our conversation today will focus on the problems that MSPs and SMBs face in achieving the right level of security for their organizations, satisfy compliance and regulatory requirements, while trying to stay in business.
Show Notes: https://securityweekly.com/scw95
Segment Resources:
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Tony Cole, CTO at Attivo Networks, to discuss Protecting Identity Services! Identity Services such as Active Directory is an area that is almost always utilized by the attacker after the initial endpoint is compromised. This is an area lacking critical focus by defenders for a myriad of reasons. Discussion will entail how this attitude can and should change. In the Leadership and Communications section, The Gardener: Four Attributes Of A Great Leader, Unpacking 5 Myths About Management, 5 Cybersecurity Myths That Make You More Vulnerable to Attacks, and more!
Show Notes: https://securityweekly.com/bsw240
Visit https://securityweekly.com/attivonetworks to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week on the Security Weekly News, Dr. Doug talks: The Eyes don't lie, the FBI, Intel, Microsoft, pompompurin, smishing, and ransom consulting! All this and Aaran Leyland's Expert Commentary on the Security Weekly News!
Show Notes: https://securityweekly.com/swn167
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Ryan Lloyd, Chief Product Officer at Guardsquare, to discuss Mobile Application Security! Mobile applications have a unique attack surface. The tools and techniques being used to compromise these environments are constantly evolving. We'll talk about how to harden mobile apps against modern threats. In the AppSec news: Disclosure decisions and CVE-2021-3064, technical details behind ChaosDB in Azure, fuzzing BusyBox, Prossimo and Rust, vulns in Nucleus RTOS, & HTML smuggling!
Show Notes: https://securityweekly.com/asw174
Visit https://securityweekly.com/guardsquare to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Angela Marafino, PM at Microsoft, to talk about MegatronAL on Kicking in the Door to Cybersecurity! In the second segment, we welcome Nick Leghorn, Director of Application Security at The New York Times, to discuss Building a Risk Based Security Program That Actually Works! In the Enterprise Security News: Drata reaches unicorn status in record time with a $100m Series B, SCYTHE announces a $10m Series A, McAfee Consumer business acquired for $14b, WPScan acquired by Automattic (the company behind WordPress), QOMPLX SPAC is called off, HashiCorp IPO is not called off, open source CSPM and firmware emulation tools, Ghost kitchens and more.
Show Notes: https://securityweekly.com/esw250
https://hbr.org/2021/02/stop-telling-women-they-have-imposter-syndrome
https://www.itspmagazine.com/focal-point-podcast
https://twitter.com/hackerbookclub1
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks: Elon buys my motorcycle, Lyceum, Buzz word security, PS5, Puny Code, Palo Alto, and Small biz, and the show wrap ups on the Security Weekly News Wrap Up show!
Show Notes: https://securityweekly.com/swn166
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we kick off the show with an interview featuring Lodrina Cherne, and Martijn Grooten join to discuss the Realworld capabilities of Stalkerware! Then, Sachin Mahajan from Inguardians joins to delve MAVSH!! In the Security News: NPM hijacked again, hardcoding your keys, PAN-ODay, more Nmap in your python or python in your nmap, put your Docker API to rest, Busybox will own your box, Microsoft says its a feature not a vulnerability, SBDCs, TIPC Linux kernel vulnerability, patches that don't fix everything, truckloads of GPUs and “are you high”?
Show Notes: https://securityweekly.com/psw718
Segment Resources:
http://mav.sh/ https://github.com/0xkayn/Valkyrie
https://www.youtube.com/watch?v=CJZ2gCLopyU
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Join us on this episode of SCW for a general discussion about how to do this whole security/compliance thing better; how compliance really needs to come first; how it's all risk-based or should be RGC not GRC; legal and privacy issues/focus - and how they help or hinder the cause; other factors like burnout/gatekeeping/etc. that all contribute to our industry being overly focused/reliant on technology and don't handle the people/process part very well.
Show Notes: https://securityweekly.com/scw94
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
The rise in cyberattacks and the switch to remote work has kept security teams busy, but it has also left them isolated by halting their ability to meet with peers and network with industry friends. Suresh Balasubramanian Qualys CMO and Sara Griffith CISO at Euronet Worldwide will discuss the value of in-person cybersecurity events, how attending can reinvigorate teams, the benefits to sharing best practices with peers, and getting up to speed on the latest innovations in cybersecurity through conference presentations. In the Leadership and Communications section, The First 100 Days in A CISO’s Life — Biggest Mistakes and Best Quick Wins, Hybrid work woes: FOMO is real, employees feel disconnected, Breaking Down Cybersecurity's Hiring Problem, and more!
Show Notes: https://securityweekly.com/bsw239
Segment Resources: https://www.qualys.com/qsc/2021/las-vegas/
Visit https://securityweekly.com/qualys to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week Dr. Doug talks: ThisElon, UL, You, Robin Hood, Zoho, lots of ransomware, and the return of Jason Wood for Expert Commentary on the Security Weekly News!
Show Notes: https://securityweekly.com/swn165
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Mike, John and Dan McKinney from Cloudsmith will be discussing SBOM and what that looks like for your applications. Other topics include: cloud-native tooling for your software supply chain, the history of provenance, GPG Keys & signing commits, package consumption, understanding threat modeling, and knowing the roles and responsibilities when it comes to security of your assets.
In the AppSec News, Mike and John talk: Excel gains support for JavaScript data types and functions, arbitrary code execution in Linux kernel TIPC, more malware in npm packages, threat models and OTP/2FA bots, NIST Security Labels!
Show Notes: https://securityweekly.com/asw173
Visit https://securityweekly.com/cloudsmith to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This Week in the Security News Dr. Doug talks: War driving, Linux kernels, Pegasus, Darkside, Braktooth, Clippy, and more, on the Security Weekly News Wrap Up!
Show Notes: https://securityweekly.com/swn164
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Chad Skipper, Director Product Marketing at VMware, to talk about Detecting the Next Breach: How to Win the War With NSX NDR! In the second segment, we welcome Frank McGovern, Cybersecurity Architect at StoneX Group Inc., to discuss Building Up the Blue Team! In the Enterprise Security News: Laika raises $35m in the growing compliance-as-a-service segment, IBM launches XDR, CrowdStrike acquires SecureCircle and moves into the data layer, HelpSystems acquires endpoint DLP vendor Digital Guardian, Crazy valuations, Questionable statistics, Analysts shine a doubtful light on Darktrace's value, Facebook gets all Meta on us, and more!
Show Notes: https://securityweekly.com/esw249
Segment Resources:
https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/NDR-Solution.pdf
Visit https://securityweekly.com/vmware to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we kick off the show with an interview featuring Doug Burks, CEO of Security Onion Solutions, who joins to discuss Peel Back the Layers of Your Enterprise with Security Onion 2! Then, I'm going to continue guiding you through Scanning For Default Creds With Python!! In the Security News: LOLbins that make you LOL, over exposing your medical records, Shrootless gets past SIP, 73.6% of statistics are made up and other such lies, we love Signal, if an 0day drops on the Internet how many people have it?, fake Harvard students, uses for an Apple cleaning cloth, Bidi override characters, who owns my house?, who owns your printer?, and the return of Clippy!
Show Notes: https://securityweekly.com/psw717
Segment Resources:
https://github.com/Security-Onion-Solutions/securityonion
https://securityonion.net/discuss
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
With cybersecurity skills already in short supply, the prospect of losing what little workforce there is to pull from to resignations (especially in the context of the ‘Great Resignation’), is a disturbing one. Rick McElroy will speak to the causes of security burnout and the steps organizations need to take to prevent the loss of the precious resource that is security talent. He will share supporting research findings from VMware's latest Global Incident Response Threat Report: Manipulating Reality.
Show Notes: https://securityweekly.com/scw93
Segment Resources: https://www.vmware.com/resources/security/global-incident-response-threat-report-manipulating-reality.html
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Kyle McNulty, Founder and Host at Secure Ventures, to discuss Easy Ways for Businesses to Become More Resilient! More and more, start-ups and small companies have to consider cybersecurity earlier in their growth cycle. Whether for a VC investment or revolutionary customer, cybersecurity can make or break a deal. Kyle will break down key strategies to secure your small company with limited time and resources.
In the Leadership and Communications section, 10 Questions Great Bosses Ask Themselves, 5 cybersecurity personality traits for a successful career, 3 Security Priorities to Support the New Hybrid Workplace, and more!
Show Notes: https://securityweekly.com/bsw238
Segment Resources:
https://podcasts.apple.com/us/podcast/secure-ventures-with-kyle-mcnulty/id1545294976
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Security Weekly News, Dr. Doug talks: Dancing holograms, REvil again, Ransomware busts, hiding malware in source code, http header smuggling, Freeswitch, and the return of Jason Wood!
Show Notes: https://securityweekly.com/swn163
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Peter Klimek, Director of Technology, Office of the CTO at Imperva! Peter will talk to the challenges he's hearing from customers and partners about managing the security of APIs and what considerations organizations need to make in 2022 to better protect these growing ecosystems. In the AppSec News, Mike & John talk: Discourse SNS webhook RCE, a checklist for a Minimum Viable Secure Product, WhatsApp security assessment, privacy engineering specialties, & DevOps presentations!
Show Notes: https://securityweekly.com/asw172
Visit https://securityweekly.com/imperva to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Security News Wrap Up, Dr. Doug talks: Virtual crime, wardriving, Iran, SEO, QR Code Attacks, Avast, CISA, Windows 11, Zuck strikes back, & more!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn162
This week, we welcome Jamie Moles, Senior Technical Marketing Manager at ExtraHop, to discuss Decrypt As If Your Security Depends On It! In the Enterprise Security News, Devo, Dragos, Cato Networks and Aura have all announced $200m or larger funding rounds, TransUnion acquires Sontiq for $638m, Summit Partners acquires Invicti for $625m, Privacy engineering startup Piiano emerges, from stealth mode, Will cybersecurity funding top $20bn for 2021, New US spyware export rules, and a silicon valley entrepreneur wants to scan your eyes! In the final segment, we spoke with Will Lin, co-founder of Forgepoint, one of the few VC firms that exclusively invests in cybersecurity startups!
Show Notes: https://securityweekly.com/esw248
Visit https://securityweekly.com/extrahop to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we kick off the show with an interview featuring Roger Grimes, Data-Driven Defense Evangelist, KnowBe4, who joins to discuss the Evolution and Maturity of the Cybersecurity Industry! Then, Matt Linton, Chaos Specialist at Google, joins to talk about What Exactly Is an Incident Commander, Anyway! In the Security News: Its still not illegal to look at HTML source code, Nobelium strikes again, npm infections, gas is cheap in Iran, if you can get it, Google Tensor, going beyond the transport layer with HTTPS, buying a power plan, EBCIDIC and GDPR, how children can infect parents, signing your rootkit, dates are hard, something smells funny and bird poop in your antenna!
Show Notes: https://securityweekly.com/psw716
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Tony and Thomas will discuss the importance, value, and challenge of cross-mapping security frameworks, and the rationale and process used by CIS to create end support mapping, and some real-world examples and some real-life problems.
Show Notes: https://securityweekly.com/scw92
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Renee Tarun, Deputy CISO at Fortinet, to discuss Fight Fire With Fire: Proactive CyberSec Strategies for Security Leaders! In the Leadership and Communications section for this week: CISOs: Approach the board with precision, simplicity, Layoffs Taught Me To Never Make 3 Powerful Leadership Mistakes, 6 zero trust myths and misconceptions, & more!
Show Notes: https://securityweekly.com/bsw237
Segment Resources:
https://www.barnesandnoble.com/w/fight-fire-with-fire-renee-tarun/1139924071
Visit https://securityweekly.com/fortinet to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Ashish Rajan, Head of Security & Podcast Host at Cloud Security Podcast, to discuss Security Champions in an Online First World! Ashish will talk about building a security champion in an online world and how SAST as it stands today will die in the world of DevOps and Cloud. This week in the AppSec News: Malware in the UAParser.js npm package, security vuln in Squirrel scripting language, a blueprint for securing software development, L0phtCrack now open source, appsec videos on Android exploitation, macOS security, & more!
Show Notes: https://securityweekly.com/asw171
Segment Resources:
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Security News Dr.Doug talks: REvil strikes back, Windows XP, SMS fraud, Nobelium, BQE, Discourse, Polygon, and the returning Expert Commentary of Jason Wood!
Show Notes: https://securityweekly.com/swn161
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This Week Dr. Doug talks: CyberTraining, the death of FTP, Quickfox VPN, Zerodium, FIN7, TruthSocial, GPS hijinx, candy corn, as well as all the show wrap ups on this edition of the Security Weekly News Wrap up Show!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn160
The business of Security is gaining in maturity, from being an obscure corner of IT to becoming a core part of the C-Suite. How is this transformation happening and what can we learn from the similar trend that occurred in IT for the last decade?
We've been working on this Python project that will use the Nmap Python library to scan the local network, enumerate select systems and devices, try to login with default or known credentials, and send a Slack message if it finds anything.
The initial release is here:
https://github.com/SecurityWeekly/netslackbot
This week in the Security News: More security advice for non-profits, faster 0-day exploits, ban all the things, you are still phishable, how to treat security researchers, what the heck is cyber hygiene, Gummy browsers, the Internet is safe now, a particular kind of crack is open-source, sysmon: Now for Linux, Windows 11 and lies, and cocaine Hippos!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw715
This week, we welcome Joshua Copeland, SOC Director at ATT, to talk about the First Jobs in Cybersecurity: The Analyst Role! In the Enterprise News: HelpSystems Acquires PhishLabs, Elastic and Optimyze, The Leading Indicators of a Great Info/Cybersecurity Program, & more! In our final segment, we welcomed Adam Janofsky, Editorial Director at The Record by Recorded Future, to discuss What We've Learned From Interviewing Cybercriminals!
Show Notes: https://securityweekly.com/esw247
Segment Resources:
Visit https://securityweekly.com/devo to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
We’re getting closer to the Q1 2022 release of PCI DSS 4.0, which is expected to differ from the current PCI DSS 3.2.1 version in a few key ways. This includes giving organizations more options in how they become compliant, along with customized implementation. In this podcast, Chris Pin, VP of Privacy and Compliance at PKWARE, will discuss what customized implementation means for organizations, additional changes to 4.0, and why they’re important.
And, while PCI 3.2.1 won’t be retired until 2024, it’s a good idea for companies to get started now with their 4.0 compliance strategy. After all, the road to compliance could be a long one, and 2025 will be here before we know it!
Show Notes: https://securityweekly.com/scw91
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
The Security Weekly 25 Index hits an all-time high for the third straight quarter! In this segment, Matt, Jason, and Ben break down the cybersecurity market winners and losers, in both the public and private markets! In this episode, we discuss the role of Zero Trust Network Access in strengthening and simplifying access controls for today’s hybrid workforce as they connect from anywhere to multi-cloud, on-premises and even legacy applications. This includes how to reduce the attack surface due to digital sprawl and even reduce complexity for improved user-experience and operational efficiency.
Show Notes: https://securityweekly.com/bsw236
Visit https://securityweekly.com/appgate to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks: Sinclair, Ransomware, angry governors, ISC-square, Tian Fu, Fake Government sites, robot umpires, along with the returning Expert Commentary of Jason Wood on this Edition of the Security Weekly News!
Show Notes: https://securityweekly.com/swn159
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Nuno Loureiro, CEO at Probely, and Tiago Mendo, CTO at Probely, to talk about Dev(Sec)Ops Scanning Challenges & Tips! There's a plenitude of ways to do Dev(Sec)Ops, and each organization or even each team uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important to understand how to integrate a security scanner in your DevSecOps processes. It all comes down to speed, how fast can I scan the new deployment? Discussion around the challenges on how to integrate a DAST scanner in DevSecOps and some tips to make it easier. In the AppSec News: View source good / vuln bad, IoT bad / rick-roll good, analyzing the iOS 15.0.2 patch to develop an exploit, bypassing reviews with GitHub Actions, & more NIST DevSecOps guidance!
Show Notes: https://securityweekly.com/asw170
Visit https://securityweekly.com/probely to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This Week in the Security Weekly News Wrap Up Show: Juniper, Wastewater Attacks, South Korea, Phone Scanning, Acer, Android, and Journalists Under Fire as well as all the show Wrap-Ups for this week!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn158
This week, we kick off the show with an interview featuring Zach Wasserman, CTO & Co-Founder of Fleet, who joins us to discuss Open Source Endpoint Security with OSquery & Fleet! Then, Sven Morgenroth, Security Researcher at Invicti, joins us for a technical segment on GraphQL!! In the Security News: Following the ransomware money, the Mystery Snail, school cybersecurity is the law, sue anyone, just not security researchers, "hacking" a flight school,, refusing bug bounties in favor of disclosure, Apple still treats researchers like dog poo, prosecuting people for reading HTML, giving up on security and a high school hacking prank that never wants to give you up and won't let you down!
Show Notes: https://securityweekly.com/psw714
Segment Resources:
Visit https://securityweekly.com/invicti to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Adrian and Paul talk about why we need A Plea for Better Press Releases! In the second segment, we welcome Surag Patel, Chief Strategy Officer at Contrast Security, to discuss Why Less Is More for Static Application Scanning! In the Enterprise Security News: Wiz raises $250 million at a staggering $6 billion valuation, Gretel.ai, another privacy engineering startup, raises $50 million, Forcepoint acquires Bitglass, Yubico releases a new line of biometric security keys, Facebook releases an open source tool for analyzing mobile app code, Venture capital needs to clear its, plate, or it can't have any pudding, Maritime security has a lot of security work to do, & don't forget to stick around for the weekly squirrel!
Show Notes: https://securityweekly.com/esw246
Segment Resources:
Visit https://securityweekly.com/contrast to learn more about them!
Whitepaper: Contrast Scan Is Faster, More Accurate, and More Efficient - https://www.contrastsecurity.com/white-paper-modern-application-security-scanning
eBook: Pipeline-Native Static Analysis Why It Is the Future of SAST - https://www.contrastsecurity.com/ebook-static-analysis-security-testing
Solution Brief: Contrast Scan: Modern Application Security Scanning - https://www.contrastsecurity.com/hubfs/DocumentsPDF/Contrast-Scan-Modern-Application-Security-Scanning_Solution%20Brief_Final.pdf
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Tune in for this discussion on social engineering and its merits on being recognized as a legitimate component of cyber security. We'll also dive into the whole notion of motive and intent as it pertains to deliberately misrepresenting yourself, or simply lying to your customer in order to get them to be more secure.
Show Notes: https://securityweekly.com/scw90
Segment Resources:
The Aspies Guide to Social Engineering: from DEF CON 27 Social Engineering Village: https://www.youtube.com/watch?v=5IraysvK38A
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
It is Cybersecurity Awareness Month, but security awareness is a lot tougher than just dedicating a month to awareness activities. Security awareness is a journey, requiring motivation along the way. Brian Reed, Cybersecurity Evangelist from Proofpoint, joins Business Security Weekly to discuss the security awareness journey and how the human elements can help motivate us. Brian will discuss how personalized content and gamification can help achieve better outcomes for organizations and the individual. In the Leadership and Communications section for this week: How to strive and thrive [in a meeting], 5 steps toward real zero trust security, Seven strategies for building a great security team, & more!
Show Notes: https://securityweekly.com/bsw235
Visit https://securityweekly.com/proofpoint to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week Dr. Doug talks: More Apple 0-Days, SnapMC, the NSA, Olympus, Brother, Android, Facebook, GTA Remakes, and the returning Expert Commentary of Jason Wood on the Security Weekly News!
Show Notes: https://securityweekly.com/swn157
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Tom Gibson, Senior Staff Engineer at Cloudsmith, to talk about Modernizing the Management of Your Software Supply Chain! This week in the AppSec News, Mike and John talk: The Twitch breach, a path traversal in Apache httpd, Microsoft disables macros by default after almost 30 years, factors in a great cybersecurity program, & more!
Show Notes: https://securityweekly.com/asw169
Visit https://securityweekly.com/cloudsmith to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Security Weekly News: Dr. Doug talks Resilience, Twitch, Apache, Canopy, Microsoft, LANtenna, and the US Navy playing Age of Empires, as well as all the show Wrap-Ups on this episode of the Security Weekly News Wrap Up Show!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn156
This week, we kick off the show with an interview featuring Dan DeCloss, the Founder of PlexTrac, for a segment all about Survey Says: Improve Your Security Posture by Purple Teaming! Then, a segment aimed at getting YOU Up and Running With The Security Onion!! In the Security News: Brushing that data breach under the rug? Get sued by the US Government!, all your text messages belong to someone else, beware of the Python in your ESXi, Twitch leaks, when LANtennas attack, zero-trust fixes everything, recalled insulin pumps, Apache -day, you iPhone is always turned on, and Apple pay hacked!
Show Notes: https://securityweekly.com/psw713
Visit https://securityweekly.com/plextrac to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Richard Reinders, Head of Security at Gravity Payments, to discuss Better Sales, Worse Relationships? In the next segment, we welcome Ryan Kalember, Executive Vice President, Cybersecurity Strategy at Proofpoint, to discuss Shifty Adversaries, Shifting Tactics! In the Enterprise News, Orca Security raises all the money, Privacy engineering firms hit their funding stride, McAfee and FireEye merge, but where's RSA's dance partner? Akamai acquires Guardicore, NetApp picks up CloudCheckr, SPDX becomes the ISO standard for SBOMs, & Facebook shares details on how they accidentally Thanos snapped themselves!
Show Notes: https://securityweekly.com/esw245
Visit https://securityweekly.com/proofpoint to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week we're talking all things ISO27001 with Wim Remes! We're starting with what it is, the who, what, where, when, why etc. then we'll talk about the bad and the good. Tune in for this special listener requested topic!
Show Notes: https://securityweekly.com/scw89
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
With the first recorded death from a Ransomware attack during the Pandemic, it's time to take medical device security seriously. Dan Purvis, CEO at Velentium, joins Business Security Weekly to discuss the challenges of embedded device security, but also the ramifications to public health. Dan will discuss how to address vulnerabilities in code and firmware, plus the importance of secrets and the software bill of materials.
We kick-off Cybersecurity Awareness Month with Alaina Clark, Assistant Director for Stakeholder Engagement at the Cybersecurity and Infrastructure Security Agency (CISA). Jill Aitoro, Editor in Chief at SC Media, joins Business Security Weekly for this special interview covering: CISA's Initiatives, Public-Private Partnerships, Cybersecurity Awareness Month, and their 4th annual Cyber Summit.
Show Notes: https://securityweekly.com/bsw234
Segment Resources: https://www.velentium.com/cybersecurity-training?hsCtaTracking=55e5cb87-6198-4b79-8652-a7ce03738c75%7C94d6bbbb-613b-4377-a95d-b679c8acc53b
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This Week Dr. Doug talks: Facebook BGP, Disabled Vets, Coinbase, Cybermonth, Windows 11, Python Ransomware, fake plumbuses, & the Special Guest Expert Commentary of Adrian Sanabria on this episode of the Security Weekly News!
Show Notes: https://securityweekly.com/swn155
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Hillary Benson, Director, Product Management of Secure & Protect at Gitlab, to discuss The Power of Developer-First Security! In the AppSec News, John and Mike discuss Prototype pollution vulns, funding open source project hardening, Let's Encrypt root CA expires, and Marian Trench scanner for Android and Java!
Show Notes: https://securityweekly.com/asw168
Visit https://securityweekly.com/gitlab to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Special guest host Aaran Leyland joins us for the Security News Wrap Up! This week: Google Patches 0 Days, 5-Figure Ransoms, new CISA Tools, & the show Wrap Ups for this week!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn154
This week, we welcome Mehul Revankar, VP Product Management and Engineering, VMDR at Qualys, to discuss Defense Strategies to Combat Sophisticated Ransomware! In the Security News, Microsoft adds automated mitigations for Exchange servers, Senior US cyber officials support mandatory breach reporting, 2021 has broken the record for 0days, but maybe that's a good thing? Speaking of which, Apple patches some 0days, Lithuania warns against using Huawei and Xiaomi phones, the FCC pays companies to ditch Huawei and ZTE gear, the latest on Cybercrime, UK researchers find a way to pickpocket Apple Pay, and more!
Show Notes: https://securityweekly.com/psw712
Segment Resources:
Visit https://securityweekly.com/qualys to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Juliet Okafor, CEO & Founder at RevolutionCyber, to discuss How Good CISOs Build Bad Security Programs! In the second segment, we welcome Joseph Salazar, Technical Deception Engineer at Attivo Networks, to talk about The Importance of Identity Detection and Response (IDR)! In the Enterprise Security News: Cyber insurance firm Coalition lands a $205m Series E with a $3.5bn valuation, Risk management platform Panorays nabs $42m, Jscrambler raises a $15m Series A to rewrite the rules of website security (rewrite, get it? huh?), SenseOn nabs $20m for faster, more accurate cybersecurity detection and response, LG (yes, that LG) is acquiring automotive cybersecurity startup Cybellum, We talk about the emergence of the vendor "live security status page", 386 startup post mortems, and don't forget to stick around for Adrian's curveball "Squirrel of the Week" story at the end!
Show Notes: https://securityweekly.com/esw244
Segment Resources:
RevolutionCyber - www.revolutioncyber.com, Forbes Business Council Member Juliet is speaking at InfoSec World 2021, register now and save 20%: https://securityweekly.com/isw2021
https://attivonetworks.com/documentation/Attivo_Networks-Identity_Detection_Response.pdf
https://attivonetworks.com/what-is-identity-detection-and-response-idr/
https://attivonetworks.com/solutions/identity-security/
Visit https://securityweekly.com/attivonetworks to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Casey Ellis, Founder/Chair/CTO at Bugcrowd, to talk about Compliance and “The Crowd”! Crowdsourcing and multi-sourcing focus on risk identification and reduction, and they seem to be effective... but my auditor doesn't understand what it is yet - Will it meet the requirements of security compliance standards? Jeff and Casey will dig into the hits and misses of plugging novel assurance approaches into established markets.
Show Notes: https://securityweekly.com/scw88
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Guillaume Ross, CISO at Finaptic, to discuss Building Security from Scratch: One Year as CISO at a Start-up! We often think "this would be so much better if done properly from the beginning", but the reality is, doing things from scratch comes with different challenges. Managing priorities, deciding what you tackle on from the absolute beginnings of a company in terms of security is a fun challenge. In the Leadership and Communications section, Who actually owns cyber security: CISO vs. CIO, How to Say “No” After Saying “Yes”, Decode different types of business interruption insurance, and more!
Show Notes: https://securityweekly.com/bsw233
Segment Resources: Full session at the upcoming GoSec Conference: https://www.gosec.net/sessions/
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This Week in the Security News: The Side Eye Toddler, Zix, Clubhouse, VCenter redux, Auntie M, Safepal, Virgil Griffith, the FBI, & the Expert Commentary of Jason Wood!
Show Notes: https://securityweekly.com/swn153
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Anita D'Amico, VP, Market Development at Synopsys, and Patrick Carey, Senior Director of Product Marketing at Synopsys, to discuss AppSec Orchestration/Correlation & DevSecOps Efficiency! In the AppSec News: The Great Leak flaw in Exchange's auto discover feature, common flaws in VMware and Nagios, memory issues and SSRF in Apache's HTTP server, Chrome's plans for memory safety, State of DevOps report, OWASP's 20th anniversary, & more!
Show Notes: https://securityweekly.com/asw167
Visit https://securityweekly.com/synopsys to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we kick off the show with an interview featuring Mike Cohen, from Rapid 7, and Wes Lambert from Security Onion Solutions, for a segment all about Velociraptor & Digging Deeper! Then, we attempt to confirm or deny that Nzyme performs “intelligent device fingerprinting and behavioral analytics to detect rogue actors”!! In the Security News: What to do with your old hardware, renting your phone, "persistently execute system software in the context of Windows", sensational headline: ransomware could cause a food shortage, could someone please schedule the year of the Linux desktop?, public-key crypto explained?, malware attacks Windows through Linux, Microsoft Exchange Auotdiscovery bug leaks 100k creds, and toilets that can identify you, er, from the bottom... & more!
Show Notes: https://securityweekly.com/psw711
Segment Resources:
Please visit our documentation site where you can learn about Velociraptor https://docs.velociraptor.app/
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Security News: Dr. Doug's Favorite Threat of the Week, Apple, Apple, and Apple, NanoMQ, geofencing, FamousSparrow, VMWare, the Foundation Trilogy, as well as all the show Wrap-Ups for this week!
Show Notes: https://securityweekly.com/swn152
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Joe Gillespie, Director at Probely, and Nuno Loureiro, CEO at Probely, to talk about Scaling Application Security! In the next segment, we welcome Chris Cochran, Founder and Producer at Hacker Valley Media, to talk about Threat Intelligence & Threat Hunting! In the Enterprise News, Funders Fund Values Identity Startup Persona at $1.5 billion, Neosec Emerges from Stealth With $20.7 million in funding, F5 acquires threat stack, ForgeRock IPOs tomorrow, GitLab announces their IPO, You can now ditch your Microsoft password, Vendor Security 2.0, & more!
Show Notes: https://securityweekly.com/esw243
Visit https://securityweekly.com/probely to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Johanna Baum, CEO, Founder at Strategic Security Solutions, to talk about Activism v. Hacktivism! "Hacktivism" is a controversial term with several meanings. The word was coined to characterize electronic direct action as working toward social change by combining programming skills with critical thinking. But just as hack can sometimes mean cyber crime, hacktivism can be used to mean activism that is malicious, destructive, and undermining the security of the Internet as a technical, economic, and political platform.
Show Notes: https://securityweekly.com/scw87
Visit https://www.securityweekly.com/scwfor all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Tom Roeh, Director of Systems Engineering at ExtraHop, to discuss Accelerating 0-Trust Adoption W/ End2End Visibility & Increased Collaboration! In this episode, we discuss important considerations for planning, implementing, operating, and securing a Zero Trust deployment––more rapidly and with lower risk. This includes the vital role end-to-end visibility and frictionless collaboration between IT ops teams play across Zero Trust rollout phases. In the Leadership and Communications section: Boards rethink incident response playbook as ransomware surges, How CISOs and CIOs should share cybersecurity ownership, How CISOs are Building a Modern Cybersecurity Partnership, & more!
Show Notes: https://securityweekly.com/bsw232
Segment Resources:
Visit https://securityweekly.com/extrahop to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This Week in the Security News: Cosa Nostra, Amazon AI, Healthcare Apps, OSTIF, OMIGOD, IOS 15, Thailand, and Time Crystals! All this and the triumphant return of Jason Wood for Expert Commentary!
Show Notes: https://securityweekly.com/swn151
Visit https://www.securityweekly.com/swnfor all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Jeff Williams, Co-Founder and Chief Technology Officer at Contrast Security, to discuss Transforming Modern Software Development with Developer-first Application Security! Modern software development demands a different approach to application security. Contrast’s developer-first Application Security Platform empowers developers to accelerate the release of secure code with highly accurate results that include context-aware, how-to-fix vulnerability remediation guidance.
In the AppSec News, Mike and John talk: RCE in Azure OMI, punching a hole in iMessage BlastDoor, Travis CI exposes sensitive environment variables, keeping code ownership accurate, deploying security as a product, IoT Device Criteria (aka nutrition labels), & more!
Show Notes: https://securityweekly.com/asw166
Segment Resources:
2021 Application Security Observability Report: https://view-su2.highspot.com/viewer/612ff3a8c6485f4687834782
White Paper: Pipeline-native Scanning for Modern Application Development https://view-su2.highspot.com/viewer/612ff3e4cc0bb2392d968b25
DevSecOps Requires a Platform Approach to Application Security https://view-su2.highspot.com/viewer/612ff42ecb2d1b6cd60f3f65
Visit https://securityweekly.com/contrast to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we kick off the show with an interview featuring Sinan Eren, VP of Zero Trust Access at Barracuda Networks, to discuss The State of Network Security in 2021! Then, we welcome Justin Collins from the People Empowerer for Product Security Team at Gusto, for a segment focusing on Brakeman! In the Security News: Anonymous hacks Epik (with a K), Fuzzing Close-Source Javascript Engines,ForcedEntry, 8 Websites that can replace computer software,REvil decryptor key released, Microsoft fixes Critical vulnerability in Linux App, Drone accidentally delivers drug paraphernalia to high schoolers, & more!
Show Notes: https://securityweekly.com/psw710
https://github.com/presidentbeef/brakeman
Visit https://securityweekly.com/barracuda to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Offensive Security expert Jeremy Miller walks us through his own career progression and training, revealing what it takes to be successful in infosec, especially the soft skills required. He comments on a recent article from TechRepublic entitled, "Don't forget to evaluate soft skills when hiring for cybersecurity positions." For those looking to advance their infosec careers, Jeremy will comment on key learning tracks and give concrete examples of job roles available to those who prove themselves through industry certifications as well as other soft skills.
Show Notes: https://securityweekly.com/swn150
Segment Resources: https://www.techrepublic.com/article/dont-forget-to-evaluate-soft-skills-when-hiring-for-cybersecurity-positions/
Visit https://securityweekly.com/offSec to learn more about them!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Tolga Kayas, Assistant Application Security Manager at Invicti Security, to discuss Web Asset Discovery in Application Security! Next up, we welcome back John Loucaides, VP Federal Technology at Eclypsium, to talk about The Device Security Divide! In the Enterprise News: Adrian's first Enterprise News in the Captain's Seat, BitSight raises $250m on a $2.4bn valuation, Palo Alto Networks enters the consumer IoT market, Martin Roesch Joins Netography as CEO, the special "Squirrel of the Week" story, & more!
Show Notes: https://securityweekly.com/esw242
Segment Resources: https://www.acunetix.com/blog/docs/benefits-of-web-asset-discovery/
https://www.netsparker.com/features/continous-web-asset-discovery-engine/
Visit https://securityweekly.com/invicti to learn more about them!
Visit https://securityweekly.com/eclypsium to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Jim Henderson, Insider Threat Mitigation Training Course Instructor & Consultant at Insider Threat Defense Group, Inc., to discuss Insider Threats Overview - Going Beyond The Norm!
Show Notes: https://securityweekly.com/scw86
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Kevin Nolten, Director of Academic Outreach from Cyber.org! Kevin joins Business Security Weekly to discuss how cyber education is the key to solving the skills gap and developing the next generation of cybersecurity professionals. Kevin will share examples of how we, the cybersecurity community, can get involved in K-12 and higher education programs, strategies for developing young talent, and how Cyber.org's curriculum can be used to train your employees!
In the Leadership and Communications section, The SEC Is Serious About Cybersecurity. Is Your Company?, CISA Urges Organizations to Avoid Bad Security Practices, IT leaders facing backlash from remote workers over cybersecurity measures, and more!
Show Notes: https://securityweekly.com/bsw231
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Security News: Pegasus, Revil Redux, WooCommerce, Kaspersky reports, Meris, workers going around security, & litecoin. All this and Sinan Eren from Barracuda Networks joins to discuss the HP Wolf Security Rebellions & Rejections report, a study highlighting the tension between IT teams and employees working from home (WFH) that security leaders must resolve to secure the future of work!
Show Notes: https://securityweekly.com/swn149
Segment Resources:
https://www.securitymagazine.com/articles/96074-91-of-it-teams-feel-pressure-to-compromise-security
Visit https://securityweekly.com/barracuda to learn more about them!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Manish Gupta, CEO and Co-Founder of ShiftLeft, to discuss Findings From the 2021 AppSec Shift Left Progress Report! Data from the ShiftLeft customer report shows that companies that have rebuilt their core testing processes around faster and more accurate static analysis are able to release more secure code at scale, scan more frequently, fixes earlier in the software development life cycle, have less security debt, and maintain more security fixes overall.
In the AppSec News, Mike and John talk: OWASP Top 10 draft for 2021, bad practices noted by CISA, Azurescape cross-account takeover, Confluence RCE, WhatsApp image handling, API security tokens survey, & more!
Show Notes: https://securityweekly.com/asw165
Segment Resources:
Visit https://securityweekly.com/shiftleft to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we kick off the show with a technical segment, all about working with NMAP Vuln Scanning & Flan! In the Security News: Lightning cables that steal passwords, Malicious Code in your VRAM, creating a “TJ Hooper” for infosec, Linux 5.14, “Unhackable Wii” has been hacked, Hackers vs. Dictators & more!!! Finally, we have a pre-recorded interview featuring Benjamin Mussle, Senior Security Researcher at Acunetix, who joined to discuss I-Frame security!
Show Notes: https://securityweekly.com/psw709
Visit https://securityweekly.com/acunetix to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, first up, we welcome, Philippe Lafoucrière Distinguished Security Engineer GitLab Inc, to talk about Transparency in Large Supply Chains! Then, John Smith, Principal Engineer of Security at ExtraHop, joins to discuss Putting the "R" in the NDR! Finally, in the Enterprise News, "inertia in cybersecurity strategy", Check Point acquires Avanan, Absolute DataExplorer, BreachQuest Launches with $4.4m in seed funding, Acronym Bingo, and more!
Show Notes: https://securityweekly.com/esw241
Segment Resources: https://about.gitlab.com/handbook/values/#transparency
Visit https://securityweekly.com/gitlab to learn more about them!
Visit https://securityweekly.com/extrahop to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week Dr. Doug talks: "The Gubmint", McFlurries, CREAM, IoT hacks, DDos, and New IDrivers licenses, as well as all the show McWrap Ups on this edition of the Security Weekly News Wrap Up Show!
Show Notes: https://securityweekly.com/swn148
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Christopher Bulin, Founder & CEO at Proven PCI, to talk about The Truth Behind the Payments! SMB needs to understand the importance of being PCI compliant and that just because the verbiage on a website says the vendor is compliant, doesn't make the merchant compliant. Just because it says it from a service provider standpoint, asking for a copy of their AOC is critical. If your merchant service provider is guiding you through the SAQ, or telling you to just check yes or no, they are coercing you into falsifying documents which is a breach of your agreement.
Show Notes: https://securityweekly.com/scw85
Segment Resources: https://www.linkedin.com/pulse/what-matters-moreyour-vendor-relationship-your-client-bulin/?published=t
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Derek Manky, Chief, Security Insights & Global Threat Alliances at Fortinet's FortiGuard Labs, to discuss the State of Cyber Threats: Tenfold Increase in Ransomware! Looking into the first half of 2021, there are important indicators of what cyber adversaries are planning next. This will be a conversation about cyberthreat trends and looking into takeaways from big name attacks so far this year.
In the Leadership and Communications section, Executives in tech say staff attrition is rising, 7 in 10 Facility Managers Consider OT Cybersecurity a Major Concern, Consumers Concerned About Personal Data Collection, and more!
Show Notes: https://securityweekly.com/bsw230
Segment Resources:
https://www.fortinet.com/fortiguard/labs https://www.fortinet.com/blog/threat-research
Visit https://securityweekly.com/fortinet to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This Week Dr.Doug talks: China limits gaming, ISIS gets caught using AWS, Tensorflow, ChaosDB, CISA and multifactor, sudo bugs, Baron Samedit, and Papa Legba. All this and Jason Wood returns for his Expert Commentary on the Security Weekly News!
Show Notes: https://securityweekly.com/swn147
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Caroline Wong, Chief Strategy Officer at Cobalt, to discuss A DevOps Perspective on Risk Tolerance & Risk Transfer! In the segment Mike and Caroline will discuss Risk Tolerance and Risk Transfer. They'll touch on the following: risk ranking, risk transfer in supply chain, how to diversify security controls, time vs risk reduction vs vulnerability exposure all from a DevOps perspective. While also touching upon how security is not (and should not) be a gate.
In the Application Security News, Mike and John talk: Flaws in Azure's CosmosDB, OpenSSL vulns in string handling, dating app location security, cloud security orienteering, detailed S3 threat model, & more!
Show Notes: https://securityweekly.com/asw164
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we kick off the show with a technical segment, all about working with OpenVAS! Next up, we welcome Patrick Wardle, founder of Objective-See, to talk Trends in Mac Malware and Apple Security!! In the Security News: Some describe T-Mobile security as not good, if kids steal bitcoin just sue the parents, newsflash: unpatched vulnerabilities are exploited, insiders planting malware, LEDs can spy on you, hacking infusion pumps, PRISM variants, 1Password vulnerabilities, plugging in a mouse gives you admin,& more!
Show Notes: https://securityweekly.com/psw708
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week Aaran Leyland joins as a guest host and talks: the true cost of hacking social network accounts, OnlyFans rescinds policy changes, IoT Camera Flaws, & the Ragnarok Decryptor release, along with the show Wrap Ups for this week!
Show Notes: https://securityweekly.com/swn146
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, first up, we welcome Kelly Shortridge, Senior Principal Product Technologist at Fastly, to talk about “Deciduous”, Decision Trees, and Security Chaos Engineering! Then, Deb Radcliff, Strategic Analyst and Author from CyberRisk Alliance Joins to discuss “Penning a Cyber Thriller”! Finally, In the Enterprise News Guardicore Centra lets teams stop ransomware and lateral movement, Netskope streamlines procedures with improved attribution models and collaboration, Cloudflare claims they blocked the ‘greatest DDoS attack in history’, SecurityScorecard partners up with Tenable to improve Risk Management, Sumo Logic delivers on SOAR promise by acquiring DFLabs, SCAR invests in cyber startup Hook Security, Hunters raises $30 Million in Series B, and more!
Show Notes: https://securityweekly.com/esw240
Segment Resources:
- https://swagitda.com/blog/posts/rick-morty-thanksploitation-decision-tree/
- https://swagitda.com/blog/posts/deciduous-attack-tree-app/
- https://learning.oreilly.com/library/view/security-chaos-engineering/9781492080350/
- The book is available at https://www.amazon.com/Breaking-Backbones-Information-Hacker-Trilogy/dp/1665701080/ ; and her articles, speaking engagements and more information is available at www.debradcliff.com
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Tim Callahan, SVP, Global CISO at Aflac, to talk about From Compliance to Resiliency: The Evolution of InfoSec! Because only maintaining compliance is not enough to protect your business from the ever-evolving threat landscape, in this session, we will consider the intersection and codependence of compliance with security, maturity, defensibility and resiliency. An effective and maturing program must also align to a Control Framework so that you can measure its effectiveness and ensure appropriate decisions are made that enable business requirements and protect the security, integrity, and availability of information and technology. All of this must happen through the lens of defensibility which is an essential consideration when making risk decisions. And finally, we will look at what makes a business cyber-resilient. The cyber-strong resilient company has the ability to quickly adapt to disruptions while maintaining continuous business operations, and safeguarding people, assets, and overall brand equity.
Show Notes: https://securityweekly.com/scw84
To find out more and register with your Security Weekly discount code, visit: https://securityweekly.com/isw2021
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Ben Carr, CISO at Qualys, joins Business Security Weekly to share his views on the evolving role of the CISO. He’ll dive into the ever changing risks and how CISOs need to understand those risks to be truly aligned to the business. He will also discuss the different types of CISOs and how to align your direction and focus with that of a company's needs. In the Leadership and Communications section:10 years later, software really did eat the world, CISOs’ 15 top strategic priorities for 2021, 7 steps to protect against ransomware-related lawsuits, and more!
Show Notes: https://securityweekly.com/bsw229
Visit https://securityweekly.com/qualys to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Security News, Dr.Doug talks: Liquid, proxyshell redux redux, Realtek and Mirai, The Spaghetti Detective, the Taliban, Powerapps, and Hong Kong censorship, and the returning Expert Commentary of Jason Wood!
Show Notes: https://securityweekly.com/swn145
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Shubhra Kar, Global CTO and GM of Products & IT at The Linux Foundation, to discuss Challenges in Open Source Application Security! In the AppSec News: BlackBerry addresses BadAlloc bugs, glibc fixes a fix, more snprintf misuse that leads to command injection, ProxyLogon technical details, & more!
Show Notes: https://securityweekly.com/asw163
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Security Weekly News Wrap Up, Dr. Doug Talks: Fortinet vs. Rapid7, OnlyFans, Cisco, Kalay, TMobile, the "gub'mint", & more!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn144
This week, we jump straight Into the Security News for this week: Buffer overflows galore, how not to do Kerberos, no patches, no problem, all your IoTs belong to Kalay, the old pen test vs. vulnerability scan, application security and why you shouldn't do it on a shoe string budget, vulnerability disclosure miscommunication, tractor loads of vulnerabilities, The HolesWarm..malware, T-Mobile breach, and All you need is....Love? No, next-generation identity and access management with zero-trust architecture is what you need!!!! Next up, we have a pre-recorded interview featuring Qualys Researcher “Wheel”, who joined Lee and I to discuss Sequoia: A Local Privilege Escalation Vulnerability in Linux’s Filesystem Layer!!! Lastly, a segment from Black Hat 2021 featuring Sonali Shah, Chief Product Officer at Invicti Security, all about Shifting Left, and how YOU can make it right!
Show Notes: https://securityweekly.com/psw707
Segment Resources: https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/sequoia-a-local-privilege-escalation-vulnerability-in-linuxs-filesystem-layer-cve-2021-33909
Visit https://securityweekly.com/qualys to learn more about them!
Visit https://securityweekly.com/netsparker to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, in our first segment, we welcome Allie Mellen, Industry Analyst at Forrester Research, to talk about Humanizing Security Operations! Then, we welcome Darren Guccione, CEO & Co-Founder of Keeper Security, to talk! Finally, In the Enterprise News, iboss adds features to its Cloud Platform for visibility and control, SailPoint Workflows enable customers to automate security tasks, Digital Shadows launches two premium services streams, Praetorian launches and Open Source security scanner, Tigera addresses demand for security of containers and Kubernetes, API Security 101, CVSS scores, and more!
Show Notes: https://securityweekly.com/esw239
Visit https://securityweekly.com/keepersecurity to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Naomi Buckwalter, Founder & Executive Director at Cybersecurity Gatebreakers Foundation, to discuss Gatekeeping in Cybersecurity! The “cybersecurity skills gap” is a myth. There is no skills gap. There are tens of thousands of amazing, highly intelligent, passionate people around the world looking to break into cybersecurity, but they never get the chance. Hiring managers and gatekeepers are simply unwilling to train and mentor the next generation of cybersecurity professionals, and this hurts our profession immensely. We’re fighting an asymmetric war, in which one bad actor can attack multiple companies and industries. We simply don’t have enough defenders and good guys in the trenches, and we need more fighters. The more fighters we have, the better chance we have at winning.
Show Notes: https://securityweekly.com/scw83
Segment Resources: https://cybersecuritygatebreakers.org
Visit https://www.securityweekly.com/scwfor all the latest episodes!
Follow us on Twitter: https://twitter.com/securityweekly
Follow us on Facebook: https://facebook.com/secweekly
This week, we welcome Fleming Shi, CTO at Barracuda Networks, to discuss Ransomware Trends 2021! In the Leadership and Communications segment, 7 tips for better CISO-CFO relationships, 5 Simple Tips to Help You Write a Powerful Email That Gets Read, 3 Strategies to Secure Your Digital Supply Chain, and more!
Show Notes: https://securityweekly.com/bsw228
Visit https://securityweekly.com/barracuda to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://twitter.com.securityweekly
Follow us on Facebook: https://facebook.com/secweekly
This week, Dr. Doug talks: T-Mobile, Deepbluemagic, shell games. China strikes back, Colonial revisited, Fortinet, Captchas, and Cardinals on Parade, All this and the return of Jason Wood on the Security Weekly News!
Show Notes: https://securityweekly.com/swn143
Visit https://www.securityweekly.com/swnfor all the latest episodes!
Follow us on Twitter: https://twitter.com/securityweekly
Follow us on Facebook: https://facebook.com/secweekly
This week, we welcome Mike Rothman, President & Co-founder at DisruptOps, to discuss DevSecOps - Making It Real! In the AppSec News, Bug bounty report that cleverly manipulates a hash for profit, Allstar GitHub app to enforce security policies, choosing a programming language, what an app should log, adding security to DevOps, & manipulating natural-language models!
Show Notes: https://securityweekly.com/scw83
Segment Resources: cybersecuritygatebreakers.org
Visit https://www.securityweekly.com/scwfor all the latest episodes!
Follow us on Twitter: https://twitter.com/securityweekly
Follow us on Facebook: https://facebook.com/secweekly
This week, we kick off the show with an interview featuring Joe Gray, Senior OSINT Specialist at Qomplx, where we talk OSINT & Social Engineering ! Next up, we welcome Kyle Avery, a Penetration Tester for Black Hills Information Security, to delve into Offensive Operations with Mythic! In the Security News for this week: Accenture gets Lockbit, $600 million in cryptocurrency is stolen, and they've started returning it, Lee and Jeff's data is leaked (among other senior citizens), authentication bypass via path traversal, downgrade attacks, Apple's backdoor, super duper secure mode, re-defining end-to-end encryption and how that doesn't work out, pen testers file suit against Dallas County Sherrif's department, Fingerprinting Windows, & double secret quadrupal extortion!
Show Notes: https://securityweekly.com/psw706
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://twitter.com/securityweekly
Follow us on Facebook: https://facebook.com/secweekly
This Week, Dr. Doug talks: Printnightmare, Chaos, VR Nightmares, Aggah, Infra:Halt, Zoom, and Dallas County revisited, as all the show Wrap Ups on this edition of the Security Weekly News!
Show Notes: https://securityweekly.com/swn142
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://twitter.com/securityweekly
Follow us on Facebook: https://facebook.com/secweekly
This week, Paul, Tyler, and Adrian talk about the Different Approaches To Vulnerability Management! In the Enterprise News: Latent AI, Optiv Security Launches Next-Gen Managed XDR, An Intriguing Update to Mandiant Advantage, ReversingLabs raises $56M to combat software supply chain, Morphisec Announces New Incident Response Services, & more! Finally, we air two pre-recorded interviews from BlackHat 2021 with Carolin Solskär from Detectify and TJ Punturiero from Offensive Security!
Show Notes: https://securityweekly.com/esw238
Visit https://securityweekly.com/offsec to learn more about them!
Visit https://securityweekly.com/detectify to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://twitter.com/securityweekly
Follow us on Facebook: https://facebook.com/secweekly
This week, we welcome Matthew Erickson, Vice President of Solutions at SpiderOak Mission Systems, to discuss Protecting Comm. & Collaboration in Contested Environments! Protecting digital communication and collaboration is critical to both our military and private sector industries in driving mission success. Our ability to secure the local and remote systems we rely on to share and operationalize sensitive and confidential information to and from even the most remote location is vital to national security and our economy. Unfortunately, our adversaries know this and are dedicated to infiltrating, exfiltrating, and disrupting this flow of information.
Show Notes: https://securityweekly.com/scw82
Visit https://securityweekly.com/spideroak to learn more about them!
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://twitter.com/securityweekly
Follow us on Facebook: https://facebook.com/secweekly
This week, we welcome Jim Routh, Former CSO, Board member, Advisor at Virsec, to discuss The 3 Mistakes All First Time CISOs Make That No One Tells You! In the Leadership and Communications section for this week, A Chief Executive Officer's Guide to Cybersecurity, Zoom Settlement: An $85M Business Case for Security Investment, CISOs: Do you know what's in your company’s products?, and more!
Show Notes: https://securityweekly.com/bsw227
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://twitter.com/securityweekly
Follow us on Facebook: https://facebook.com/secweekly
This week, we welcome Tom Hudson, Security Research Team Lead at Detectify, to discuss Securing Modern Web Apps: Development Techniques are Changing! In the AppSec News, Hardware hacking for authn bypass and analyzing IoT RNG, Request Smuggling in HTTP/2, Kindle Fuzzing, Kubernetes Hardening, Countering Dependency Confusion, ATO Checklist, & more!
Show Notes: https://securityweekly.com/asw161
Visit https://securityweekly.com/detectifyto learn more about them!
Visit https://www.securityweekly.com/aswfor all the latest episodes!
Follow us on Twitter: https://twitter.com/securityweekly
Follow us on Facebook: https://facebook.com/secweekly
This week, SOHO Routers Redux, GPT-3, Microsoft Proxy Shell and Petitpotam, Flytrap, Nichestack, Bitcoin taxes, and Rickrolling. All this and Jason Wood on the Security Weekly News!
Show Notes: https://securityweekly.com/swn141
Visit https://www.securityweekly.com/swnfor all the latest episodes!
Follow us on Twitter: https://twitter.com/securityweekly
Follow us on Facebook: https://facebook.com/secweekly
This week, Dr. Doug talks Blackhat, NSA, CISA, Autonomous Vehicles, Bazar, evil Liver, Lockbit 2.0 as well as all the show wrap ups on this edition of the Security Weekly News Wrap up Show!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn140
This week, we kick off the show with an interview featuring Rick Farina, & Rick Mellendick Board Members at RF Hackers Sanctuary, to talk about RF Village at DefCon! Next up, we.0 welcome Scott Scheferman, Principal Strategist, & Yuriy Bulygin, CEO of Eclypsium, to discuss how The Stakes are Raised when Protecting the Foundation of Computing!! In the Security News: PwnedPiper and vulnerabilities that suck, assless chaps, how non-techy people use ARP, how to and how not to explain the history of crypto, they are still calling about your car warranty, master faces, things that will always be true with IoT vulnerabilities, DNS loopholes, and a toilet that turns human feces into cryptocurrency!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw705
This week, in our first segment, we welcome Matt Cauthorn, VP Cloud Security at ExtraHop, to talk about the Cyber Hat Trick: How Ransomware Gangs Exfiltrate, Encrypt & Exploit! Then, we welcome David Finger, VP of Product Marketing at Fortinet, to talk The State of CyberSecurity Ops in a Ransomware Filled Hybrid Work World! Finally, In the Enterprise News, Armis Identifies Nine Vulnerabilities in Critical Infrastructure Used by Over 80% of Major Hospitals in North America, Corelight Introduces Smart PCAP to Give Security Teams Immediate Access to the Right Network Evidence, SolarWinds says shareholders’ cyber disclosure lawsuit fails, Code42 and Rapid7 Partner to Deliver Enhanced Detection and Investigation of Insider Threat Events, and more news from this week at BlackHat 2021!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw237
Follow us on Twitter: https://twitter.com/securityweekly
Follow us on Facebook: https://facebook.com/secweekly
This week, we welcome Edward Liebig, CISO at Delviom LLC, to discuss OT Security for Critical Infrastructure and Why It Is Not “Intuitive”! In the Leadership and Communications articles, 10 security tools all remote employees should have, 1 in 4 security teams report to CIOs, but would benefit from CISO leadership, state of cybersecurity survey results, destigmatizing reporting security vulnerabilities and more!
Show Notes: https://securityweekly.com/bsw226
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://twitter.com/securityweekly
Follow us on Facebook: https://facebook.com/secweekly
This week in the Security Weekly News: The NSA, The NSO, Microsoft, Sonic Screwdrivers, regulating cryptocurrency, a mysterious NPM, All this and Jason Wood's legendary Expert Commentary!
Show Notes: https://securityweekly.com/swn139
Visit https://www.securityweekly.com/swnfor all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Maggie Jauregui, Offensive Security Researcher at Intel, to discuss Platform Firmware Security! Firmware security is complex and continues to be an industry challenge. In this podcast we'll talk about the reasons firmware security remains a challenge and some best practices around platform security.
In the AppSec News: PunkSpider coming to DEF CON, Google matures its VRP, $50K bounty for an access token, RCE in PyPI, kernel vuln via eBPF, top vulns reported by CISA, & the importance of testing!
Show Notes: https://securityweekly.com/asw160
Segment Resources: - https://www.helpnetsecurity.com/2020/04/27/firmware-blind-spots/
- https://www.helpnetsecurity.com/2020/09/28/hardware-security-challenges/
- https://darkreading.com/application-security/4-open-source-tools-to-add-to-your-security-arsenal
Hardware Hacking created by Maggie: https://securityweekly.com/wp-content/uploads/2021/08/eArt-2.png
Visit https://www.securityweekly.com/aswfor all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we kick off the show with an interview featuring Alyssa Miller, BISO at S&P Global, to talk about the how the “B” in BISO is for Business! Next up, we welcome Michael Welch, Managing Director at Morgan Franklin, to discuss Cyber-Physical Attacks!! In the Security News, From a stolen laptop to inside the company network, the essential tool for hackers called "Discord", fixin' your highs, hacking DEF CON, an 11-year-old can show you how to get an RTX 30 series, broadcasting your password, to fuzz or not to fuzz, a real shooting war, evil aerobics instructors, the return of the PunkSpider, No Root for you!
Show Notes: https://securityweekly.com/psw704
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://twitter.com/securityweekly
Follow us on Facebook: https://facebook.com/secweekly
This week Dr. Doug talks: Patching, PetitPotam, Elon, Microsoft Defender, Ransomware rules, Meteor, and more, on this edition of the Security Weekly News Wrap up Show! Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn138
This week, in our first segment, we welcome Da-Wyone Haynes, Consultant in Data Analytics at Aegon & Transamerica, to talk about The Need for CyberSecurity Training Programs and the Role Cyber Professionals Play! Then we welcome Stephanie Aceves, Senior Director of Threat Response & SME Lead at Tanium, to discuss Tanium for Incidents! In the Enterprise News: Aqua Security Introduces new Aqua Platform, Decryption Tools, Security Summit 2021: Google expands Trusted Cloud, Clearview AI raises $30M to accelerate growth in image-search technology, & more!
Show Notes: https://securityweekly.com/esw236
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://twitter.com/securityweekly
Follow us on Facebook: https://facebook.com/secweekly
Priya Chaudhry joins us today as co-host and we are eager to catch up with her and get her legal perspective on recent litigations and proposed legislation that impacts our world of security and compliance. Hear ye, Hear ye! The court is now in session.
Show Notes: https://securityweekly.com/scw81
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://twitter.com/securityweekly
Follow us on Facebook: https://facebook.com/secweekly
This week, we talk Security Money! Both the Security Weekly 25 Index and the NASDAQ close at record highs on 7/23/2021. See how the security market continues to stay hot.
In the Leadership and Communications section for this week: In modernization, security is a barrier and an incentive, Federal CISO DeRusha Maps FISMA Reform Priorities, Cybersecurity salaries: What 8 top security jobs pay, and more!
Show Notes: https://securityweekly.com/bsw225
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://twitter.com/securityweekly
Follow us on Facebook: https://facebook.com/secweekly
This week: Dr. Doug talks Elon saying scary things, Exotic Programming languages, Babuk, Kaseya, Petitpotam, litigation and of course the Expert Commentary of Jason Wood on this edition of the Security Weekly News!
Show Notes: https://securityweekly.com/swn137
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Peter Klimek, Director of Technology, Office of the CTO at Imperva, to discuss Navigating the seas of security in serverless functions!
In the AppSec News: CWE releases the top 25 vulns for 2021, findings bugs in similar code, Sequoia vuln in the Linux kernel, Twitter transparency for account security, a future for cloud security, & more!
Show Notes: https://securityweekly.com/asw159
Segment Resources: Details on Imperva Serverless Protection: https://www.imperva.com/company/press_releases/imperva-launches-new-product-to-secure-serverless-functions-with-visibility-into-the-application-layer-code-level-vulnerabilities/
Free trial of the product: https://www.imperva.com/serverless-protection-demo
Visit https://securityweekly.com/imperva to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we kick off the show with an interview featuring Jeff Tinsley, CEO of RealMe, to talk about The Online Safety and Security as it Pertains to Dating Apps and Online Marketplaces! Next up, we welcome Gordon Draper, Founder and CEO of CyberMarket.com, to talk about the Democratisation and Globalisation of CyberSecurity Consulting! In the Security News, Trust no one, its all about the information, so many Windows vulnerabilities and exploits, so. many., Saudi Aramco data for sale, Sequoia, a perfectly named Linux vulnerability, is Microsoft a national security threat?, Pegasus and clickless exploits for iOS, homoglyph domain takedowns, when DNS configuration goes wrong and a backdoor in your backdoor!
Show Notes: https://securityweekly.com/psw703
Segment Resources: https://www.cybermarket.com
There is a blog at https://www.cybermarket.com/homes/blog where an article to help people to start up their own cybersecurity consultancy can be found.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Security Weekly News Wrap Up: Pornageddon, Pegasus, Kaseya, SeriousSam, The FBI Wants hackers dead or alive, SonicWall, HPrinters, Show Wrap Ups, and more!
Show Notes: https://securityweekly.com/swn136
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, in our first segment, we welcome Ed Rossi, Vice President of Product Management, Asset Inventory & Discovery at Qualys, to talk about Reinventing Asset Inventory for Security! Then, in the Enterprise News, SafeBreach adds support for new advanced attacks to the Microsoft Defender for Endpoint evaluation lab, Stellar Cyber XDR Kill Chain allows security analyst teams to disrupt cyberattacks, Bugcrowd Awarded U.S. Patents for Crowd-Enabled Vulnerability Detection, Microsoft puts PCs in the cloud with Windows 365, some funding and acquisition updates from Sysdig, AttackIQ, Stytch, SentinelOne, & more! Finally, we wrap up the show with two micro interviews from RSAC2021 featuring Mark Ralls from Acunetix by Invicti, and Wayne Haber from GitLab!
Show Notes: https://securityweekly.com/esw235
Segment Resources:
CSAM free trial: https://www.qualys.com/forms/cybersecurity-asset-management/
CSAM video overview: https://vimeo.com/551723071
Webpage: https://www.qualys.com/apps/cybersecurity-asset-management/
Visit https://securityweekly.com/qualys to learn more about them!
Visit https://securityweekly.com/acunetix to learn more about them!
Visit https://securityweekly.com/gitlab to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Joseph Kirkpatrick, President at KirkpatrickPrice, to talk about Your Security Is ALWAYS in Scope!
Our client was using a hosted service to perform remote monitoring and management and resisted its inclusion in the audit scope. The vendor's external scans revealed critical vulnerabilities. Prior to a highly-publicized breach, the vendor said no auditor had ever included their service in the scope of their audits. We will explore attitudes that keep critical security controls out of scope.
Show Notes: https://securityweekly.com/scw80
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
In light of recent events and the pressures of the digital world, the landscape is finally shifting towards risk. The opportunity for cyber risk profiling, standardization, and seamless collaboration between CISOs, CIOs, and business-side leadership has come. Padraic O'Reilly, Co-Founder and CPO of CyberSaint discusses what he's learned from working with members of the Global 500 to achieve truly continuous compliance and risk management, and how CyberSaint is delivering Cyber Risk Automation with it's CyberStrong platform.
In the Leadership and Communications section, How much does a CEO or business leader need to know about cybersecurity, How businesses can drive innovation while delivering operational excellence, 6 resume mistakes CISOs still make, and more!
Show Notes: https://securityweekly.com/bsw224
To learn more about CyberSaint, please visit: https://securityweekly.com/cybersaint
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Security News: Billionaires in Space again, grayware, Candiru fish, iOS, China, Mosaic, and of course the returning Expert Commentary of Jason Wood!
Show Notes: https://securityweekly.com/swn135
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome David DeSanto, Senior Director, Product Management, Dev & Sec at Gitlab! In the wake of events such as the Solarwinds breach, there has been a lot of misinformation about the role of open source in DevSecOps. GitLab believes everyone benefits when everyone can contribute. Open source plays a key role in how GitLab addresses DevSecOps. We will discuss GitLab's view of the role of open source in DevSecOps including recent contributions to the open source community as well as GitLab's plans for the future.
In the AppSec News: Security from code comments, visualizing decision trees, bypassing Windows Hello, security analysis of Telegram, paying for patient bug bounty programs, cloud risks, & more!
Show Notes: https://securityweekly.com/asw158
Visit https://securityweekly.com/gitlab to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we kick off the show with an interview featuring Scott Scheferman, Principal Strategist at Eclypsium, to talk about The BIOS Disconnect and vulnerabilities affecting the BIOSConnect feature within the Dell Client BIOS! Next up, we welcome Jack Rhysider, Podcaster and Host of the Darknet Diaries Podcast, to discuss the The Journey from a Network Security Engineer to a Podcast Host! In the Security News, the White House Announces a Ransomware Task Force, how much money Microsoft has paid out to security researchers last year, Amazon rolls out encryption for Ring doorbells, how a backdoor in popular KiwiSDR product gave root to a project developer for years, Trickbot Malware Returns with a new VNC Module to Spy on its Victims, and some of the absolute funniest quotes about cyber security & tech in 2021!
Show Notes: https://securityweekly.com/psw702
Segment Resources: https://eclypsium.com/2021/06/24/biosdisconnect/
Visit https://securityweekly.com/eclypsium to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Where have all the PS5s gone, Luminous Moth, Amazon, Microsoft, Revil, Kaseya, and more along with show wrap-ups on this edition of Security Weekly News.
Show Notes: https://securityweekly.com/swn134
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, in our first segment, we welcome Rajiv Thomas, Sr Systems Engineer at Gas South LLC, to discuss Gas South and ExtraHop- A Journey of Security Partnership! In the Enterprise News, Contrast Security partners with Secure Code Warrior, Bandura releases the Cyber Intelligence Marketplace, Illumio beefs up zero-trust security with automated policy enforcement, Rapid7 Launches InsightCloudSec to Automate Continuous Security and Compliance, Leaked email shows Tanium just lost its fourth chief marketing officers in five years, Bitdefender launches eXtended EDR platform, ThycoticCentrify Releases a new version of Server Suite, Outpost24 acquires threat intelligence solution Blueliv, Microsoft acquires RiskIQ, Cybereason raises $275 million led by Steven Mnuchin's VC fund, and Arctic Wolf triples valuation and raises an additional $150m! Finally, we wrap up the show with two micro interviews from RSAC featuring Deepika Gajaria of Tala Security and Scott Scheferman from Eclypsium!
Show Notes: https://securityweekly.com/esw234
Visit https://securityweekly.com/eclypsium to learn more about them!
Visit https://securityweekly.com/talasecurity to learn more about them!
To learn more about ExtraHop, visit: https://securityweekly.com/extrahop
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
We'll start with a brief discussion of what HIPAA and is not (e.g., it's doesn't prevent your employer from ask you about your health). Then discuss recent developments like ongoing how ransomware attacks are targeting healthcare and, when successful, are reportable breaches; and the recent final rule on interoperability and information blocking that went into effect on April 5th.
Show Notes: https://securityweekly.com/scw79
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Every day brings news of more breaches and ransomware attacks. Why are organizations failing to protect themselves, and what can we do to combat these cybersecurity threats? Technological advances, such as XDR and AI-driven threat monitoring, offer a way to thwart attackers in an ever-evolving security landscape. In the Leadership and Communications section, 3 Things Every CISO Wishes You Understood, What is the BISO role and is it necessary?, Cyber insurance costs up by a third, and more!
Show Notes: https://securityweekly.com/bsw223
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
In the AppSec news, a password manager makes predictable mistakes, Trusted Types terminate DOM XSS, waking up from PrintNightmare, understanding hardware fault injections.
The truth is, most web app and API security tools were designed for a very different era. A time before developers and security practitioners worked together, before applications were globally distributed and API-based. But attackers are developers too, and they aren’t bogged down by the limitations of legacy solutions. It’s never been more clear that it’s time for a change. Sean will outline new rules for web application and API security that respect the way modern applications are built.
Show Notes: https://securityweekly.com/asw157
https://www.fastly.com/blog/the-new-rules-for-web-application-and-api-security
This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks Billionaires in Space, Killer Robots, Kaseya, Solarwinds, Charming Kitten, Schneider Electric, and CISA reports! All this and Jason Wood on this edition of the Security Weekly News!
Show Notes: https://securityweekly.com/swn133
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we kick off the show with an interview featuring Rob Shavelle, Co-Founder and CEO of Abine & DeleteMe, to talk about New Security Threats Stemming from PII Online! Then, Haseeb Awan, CEO of EFANI Inc, joins to discuss the The Rise of Sim Swapping! In the Security News, LinkedIn breach exposes user data, Why MTTR is Bad for SecOps, 3 Things Every CISO Wishes You Understood, USA as a Cyber Power, is ignorance bliss for hackers?, flaws let you hack an ATM by waving your phone, and more!
Show Notes: https://securityweekly.com/psw701
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Security Weekly News: The Revenge of the AI Beer Bots, NIST Software definitions, Printspooler, LinkedIn leaked out, Cybersecurity legislation, and more along with the show Wrap Ups for this week!
Show Notes: https://securityweekly.com/swn132
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, in our first segment, we welcome Suha Akyuz, Application Security Manager at Invicti Security, to discuss “Why DAST? from the Project Management Perspective”! In the Enterprise News, Atos launches thinkAI, AWS welcomes Wickr to the team, U.S. DoD approves two (ISC)² certifications as requirements for staff, & JFrog to acquire Vdoo! Finally, we wrap up the show with two micro interviews from RSAC featuring Mario Vuksan, CEO of ReversingLabs, & Rickard Carlsson, CEO Detectify!
Show Notes: https://securityweekly.com/esw233
Visit https://securityweekly.com/ReversingLabs to learn more about them!
Visit https://securityweekly.com/detectify to learn more about them!
Visit https://securityweekly.com/netsparker to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Steve Lenderman, Director, Strategic Fraud Prevention at ADP, to discuss CARES Act Fraud, Paying People & Fraudsters! We will review how synthetics are being utilized to perpetrate pandemic related frauds in the Payroll Protection Program and Unemployment Insurance. An overview of the government programs will take place with the controls that were in place, how they were compromised, by who and what you can do to remediate risk.
Show Notes: https://securityweekly.com/scw78
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Jim Richberg, Public Sector Field CISO at Fortinet, to discuss The Year of Hybrid! In the Leadership and Communications section: Cybersecurity today requires greater digital and business understanding, 12 skills business continuity managers need to succeed, SOC burnout is real: 3 preventative steps every CISO must take, and more!
Show Notes: https://securityweekly.com/bsw222
Visit https://securityweekly.com/fortinet to learn more about them! https://www.fortinet.com/blog
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/bsw for all the latest episodes!
This week in the Security Weekly News, Number one in the charts, the cyber charts that is, Binance receives the ban hammer from UK's FCA, Lawmakers introduce American Cybersecurity Literacy Act – Marines this does not apply, you keep chomping on your crayons, key vulnerabilities in the Atlassian project and software development platform, GitHub bug bounties: payouts surge past $1.5 million mark – sounds like rooky numbers to me, the UK MoD giving away secrets for free, if you ride the bus, and the return of Jason Wood for Expert Commentary!
Show Notes: https://securityweekly.com/swn131
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Clint Gibler, Head of Security Research at r2c, to discuss Scaling Your Application Security Program! In the AppSec News: Visual Studio Code's Workplace Trust, Injured Android an insecure mobile app, Microsoft accidentally signed driver with rootkits, The NSA funds a new sister Matrix to ATT&CK: D3FEND, & "Ransomware: maybe it's you, not them?", and more!
Show Notes: https://securityweekly.com/asw156
Segment Resources:
https://github.com/returntocorp/semgrep
https://github.com/returntocorp/semgrep-rules
2020 GlobalAppSec SF https://docs.google.com/presentation/d/14PjOViz2dE6iToOyoFk_BQ_RUfkEHGX-celIiybDQZA/edit
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we kick off the show with an interview featuring Jim O'Gorman, Chief Content and Strategy Officer at Offensive Security, to talk Career Pathing and Advice from Offensive Security! Then, Thomas Lonardo, an Associate Professor at Roger Williams University, joins to discuss the recent US Supreme Court Case ruling of Van Buren v. US! In the Security News, Windows 11, Drive-by RCE, Cookies for sale, McAfee has passed away, 30 Million Dell Devices at risk, & more!
Show Notes: https://securityweekly.com/psw700
Segment Resources:
Visit https://securityweekly.com/offSec to learn more about them!
https://www.supremecourt.gov/opinions/20pdf/19-783_k53l.pdf: Prosecuting Computer Crimes DOJ,: https://www.justice.gov/sites/default/files/criminal-ccips/legacy/2015/01/14/ccmanual.pdf
"Computer Crime and Intellectual Property Section DOJ": https://www.justice.gov/criminal-ccips/ccips-documents-and-reports
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the SWN Wrap Up, Dr. Doug talks: NYC Department of Health, Windows 11, John McAfee, Dell UEFI, Zyxel, DarkRadiation, and of course the Wrap Ups of all the shows from this week!
Show Notes: https://securityweekly.com/swn130
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, in our first segment, we welcome Doni Brass, Product Management Lead at Cisco Umbrella, to discuss How Criminals Use Cloud Apps to Inject Chaos into Work Environments! In the second segment, Brendon Macaraeg, Senior Director of Product Marketing at Fastly, joins to talk tell us How Teams Can Reduce the Visibility Gap! In the Enterprise News, Smoothwall Acquires eSafe Global, LookingGlass Cyber Announces Acquisition of AlphaWave, Vectra Launches Detect for AWS, SentinelOne announces IPO, & Building a Better Internet with Code BGP!
Show Notes: https://securityweekly.com/esw232
Visit https://securityweekly.com/ciscoumbrella to learn more about them!
Visit https://securityweekly.com/fastly to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Join Dr. Casey Marks for a two-part discussion of the merits of cybersecurity certification and learn whether and how it provides training or proves experience or both, the pros and cons, how to start or approach getting certified, and more!
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/scw for all the latest episodes!
Show Notes: https://securityweekly.com/scw77
This week in the Security Weekly News: Aaran Leyland guest hosts and talks Oddball, BDSM Videos, iPhone wifi hacks, South Korea, Russia, Carnival, and Google. All this and the returning Expert Commentary of Jason Wood!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn129
This week, Ben Higgins and Ted Driggs of ExtraHop join Security Weekly to explore how behavior transparency can give organizations an advantage by distinguishing between expected noise and indications of compromise! Then, in the Leadership and Communications section, What is the hidden cost of maintaining legacy systems?, 10 Leadership Habits of Highly Effective Leaders, 5 Key Ingredients to Finding Satisfaction and Fulfillment in Your Work, and more!
Segment Resources:
https://www.extrahop.com/behaviortransparency
This segment is sponsored by ExtraHop Networks.
Visit https://securityweekly.com/extrahop to learn more about them or visit https://www.extrahop.com/behaviourtransparency to learn more about behavior transparency!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw221
This week, we welcome Nuno Loureiro & Tiago Mendo from Probely to discuss some Challenges of DAST Scanners, and their Adoption by Developers! Then, in the AppSec News John and Mike discuss: SLSA framework for supply chain integrity, Wi-Fi network of doom for iPhones, seven-year old systemd privesc, $30K for an API call, Codecov refactors from Bash, using the AST to refactor Python, shifting left and right, and more!
This segment is sponsored by Probely.
Visit https://securityweekly.com/probely to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw155
This week, we welcome Brian Joe, Director of Security Product Marketing at Fastly, to discuss Avoiding the Silo: Bridging the Divide Between Security + Dev Teams! In the Security News: Jeff, Larry, & Doug adjust to our Adrian Overlord! Ransomware galore, Ransomware Poll Results, Windows 11 & Windows 10's End-Of-Life, Drones that hunt for human screams, & more! In our final segment, we air a pre-recorded interview with Timur Guvenkaya, Security Engineer at Invicti Security, to show us what Web Cache Poisoning is all about!
Show Notes: https://securityweekly.com/psw699
Segment Resources:
Visit https://securityweekly.com/fastly to learn more about them!
Visit https://securityweekly.com/netsparker to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks: Pinchy Spider, Drones, Biden and Putin, Microsoft, CVS, along with the Show Wrap Ups & his Favorite Threat of the Week!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/swn128
This week, in our first segment, we welcome Ian Tien, CEO and Co-Founder of Mattermost, to discuss "Open-Source Enterprise Communication Security "! In the second segment, Russell From, Enterprise Services Integration Engineer Lead at Tanium joins to talk Tanium for Incidents! In the Enterprise News, Zero trust networking startup Elisity raises $26M , Contrast Security Launches Contrast Scan, Vectra Launches Detect for AWS, SOAR Is an Architecture, Not a Product, & Deloitte Acquires Cloud Security Posture Management!
Show Notes: https://securityweekly.com/esw231
Segment Resources:
To stay connected with Tanium's Endpoint Security Specialist team, join our community site: https://community.tanium.com/s/ues-discussion-group
Visit https://securityweekly.com/tanium to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Join this segment with Danny Akacki to learn about educating both practitioners and executives on security topics of the day and helping to build community initiatives like trust groups and community groups like local DEF CON chapters.
Show Notes: https://securityweekly.com/scw76
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Jonny Noble, Technical Marketing Team Lead at Cisco Umbrella, to discuss Securing User Connections to Applications! In the Leadership & Communications articles: Attracting Talent During a Worker Shortage, CISOs Say Application Security is Broken, Three Steps to Harden Your Active Directory in Light of Recent Attacks, Demystifying RockYou2021, & more!
Show Notes: https://securityweekly.com/bsw220
Visit https://securityweekly.com/ciscoumbrella to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week Dr. Doug talks: Nuclear weapons, astrology, G7, cyber games, and we are joined by of Jason Wood for Expert Commentary on this episode of the Security Weekly News!
Show Notes: https://securityweekly.com/swn127
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Sebastian Deleersnyder, CTO at Toreon, to talk about OWASP SAMM - Software Assurance Maturity Model! In the AppSec News, Mike and John talk: ALPACA surveys protocol confusion, lessons from the EA breach, forgotten lessons about sprintf, Go fuzzing goes beta, security lessons from Kubernetes Goat, basic lessons for OT from CISA, & more!
Show Notes: https://securityweekly.com/asw154
Segment Resources:
- https://github.com/OWASPsamm
- https://app.slack.com/client/T04T40NHX/C0VF1EJGH
- https://www.youtube.com/channel/UCEZDbvQrj5APg5cEET49A_g
- https://twitter.com/OwaspSAMM
- https://www.linkedin.com/company/18910344/admin/
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we kick off the show with an interview featuring Gene Erik, Senior Product Officer at Xcape, Inc, to talk OpenWRT for Enterprise and Labs! Then, Rob Gurzeev, CEO and Co-Founder of CyCognito joins for a technical segment all about Protecting the Attack Surface! In the Security News, Microsoft patches 6 Zero-Days under active attack, US seizes $2.3 million Colonial Pipeline paid to ransomware attackers, the largest password compilation of all time leaked online with 8.4 billion entries, how to pwn a satellite, one Fastly customer triggered internet meltdown, and I got 99 problems, but my NAC ain't one!
Show Notes: https://securityweekly.com/psw698
Segment Resources:
Visit https://securityweekly.com/cycognito to learn more about them!
Company Website Link: https://xcapeinc.com/
Topic Link: https://openwrt.org/
Commercial Product for Topic Link: https://www.gl-inet.com/
Personal CI/CD Projects Link: https://gitlab.com/fossdevops
Personal GitLab Link: https://gitlab.com/geneerik
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Security Weekly News, Dr. Doug talks: Bezos in space, Steam, VMWARE, lots of ransomwmare, Siloscape, TikTok, of course the Show Wrap Ups, and his Favorite Threat for this Week!
Show Notes: https://securityweekly.com/swn126
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, in our first segment, we welcome Stephen Newman Vice President of Product Marketing, at Gigamon ThreatINSIGHT, to discuss " Redefining SaaS Security so SOC/IR Teams Aren’t in the Dark, Distracted, or Alone "! In the enterprise news, Proofpoint unveils people-centric innovations across its three platforms, Citrix Secure Internet Access Simplifies Hybrid Workforce Challenges, CyberArk : Advances Industry-Leading Identity Security Platform, AI-powered cybersecurity provider ExtraHop to be acquired for $900M, New Israeli Unicorn Exabeam Hits $2.4 Billion Valuation, Microsoft acquires ReFirm Labs to boost its IoT security offerings, and more! In our final segment, we have two prerecorded RSAC 2021 interviews airing back-to-back featuring Kevin Gallagher, Chief Revenue Officer at Netsparker, and then Michael Daniel, the President & CEO of Cyber Threat Alliance!
Show Notes: https://securityweekly.com/esw230
Segment Resources: https://www.gigamon.com/content/dam/resource-library/english/solution-brief/sb-gigamon-threatinsight.pdf
Visit https://securityweekly.com/fortinet to learn more about them!
Visit https://securityweekly.com/netsparker to learn more about them!
Visit https://securityweekly.com/gigamon to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Doug Landoll, CEO at Lantego, to talk about CMMC Program and the DIB Preparation! Doing business with the Federal government has always had its share of requirements and regulations, especially when it comes to storing, processing, or transmitting any sensitive data. In fact, organizations doing business with the Federal government involving sensitive data are well acquainted with the cybersecurity controls they must implement based on controls from well-known frameworks such as the National Institute of Standards and Technology (NIST) Special Publication 800-53 (NIST SP 800-53) and NIST SP 800-171. However, in the last several years these controls (and the method by which organizations must demonstrate compliance have drastically changed, culminating in the Cybersecurity Maturity Model Certification (CMMC) Framework.
Show Notes: https://securityweekly.com/scw75
Segment Resources:
Official DoD Acquisition Site for CMMC Program Info: https://www.acq.osd.mil/cmmc/
Official Site of the CMMC Program: https://cmmcab.org/
Official NIST Site for publications such as 800-53, 800-171: https://csrc.nist.gov/publications
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Travis Isaacson, Technical Expertise Manager at Detectify, to discuss Optimize Buying Criteria to Ensure Success of Your New Security Tools! In the Leadership and Communications section, 3 Effective Ways To Improve Your Internal Communication To Boost Employee Engagement, 4 Immediate Measures to Execute After a Cyberattack, 17 cyber insurance application questions you'll need to answer, and more!
Show Notes: https://securityweekly.com/bsw219
Visit https://securityweekly.com/detectify to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Security News Dr. Doug talks: Hillbilly Cannibal Weekend, Siloscape, Amazon is listening, the FBI and the DHS got their eye on you, DHS requirements, Apple Announcements, and Jason Wood returns for his Expert Commentary!
Show Notes: https://securityweekly.com/swn125
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Daniel Hampton, Senior Solutions Architect at Fastly, to discuss API Security: Understanding Threats to Better Protect Your Organization! In the AppSec News, Tyler Robinson joins Mike & John to discuss: HTTP/3 and QUIC, bounties for product abuse, Amazon Sidewalk security & privacy, security & human behavior, authentication bypass postmortem, M1RACLES, & more!
Show Notes: https://securityweekly.com/asw153
Visit https://securityweekly.com/fastly to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Dan Tentler, Executive Founder at Phobos Group, to discuss Attack Surface Discovery and Enumeration! In the second segment, we welcome back Sumedh Thakar, CEO at Qualys, to talk about Digital Transformation's Impact On IT Asset Visibility! In the Security News, Paul and the Crew talk: Establishing Confidence in IoT Device Security: How do we get there?, JBS hack latest escalation of Russia-based aggression ahead of June 16 Putin summit, why Vulnerability Management is the Key to Stopping Attacks, Overcoming Compliance Issues in Cloud Computing, Attack on meat supplier came from REvil, ransomware’s most cutthroat gang, WordPress Plugins Are Responsible for 98% of All Vulnerabilities, and more!
Show Notes: https://securityweekly.com/psw697
Segment Resources:
View the CyberSecurity Asset Management video: https://vimeo.com/551723071/7cc671fc38
Read our CEO’s blog on CyberSecurity Asset Management: https://blog.qualys.com/qualys-insights/2021/05/18/reinventing-asset-management-for-security
Read the detailed blog on CyberSecurity Asset Management: https://blog.qualys.com/product-tech/2021/05/18/introducing-cybersecurity-asset-management
Visit https://securityweekly.com/qualys to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul Battista, CEO of Polarity, joins us for an interview to talk about Polarity’s Power-up Sessions! Then, Rick Howard the CSO of The CyberWire, joins us to talk about the CyberSecurity Canon! In the Security News: Nagios exploits, hacking a Boeing 747, bypass container image scanning, unpatchable new vulnerability in Apple M1 chips, stop blaming employees (Especially interns), spying on mac users, don't tip off the attackers, security researcher plows John Deere, when FragAttacks, & security by design!
Show Notes: https://securityweekly.com/psw696
Segment Resources:
Sign up page: https://polarity.io/ctt/
Past 15min session with GreyNoise: https://youtu.be/sEWQbRU4Duc
Teaser for future session on searching malware sandboxes: https://youtu.be/qo3GxeVSdGg
Teaser for future session on searching for exploit code: https://youtu.be/mGcA8_8dPfg
Teaser for future session on searching for YARA rules: https://youtu.be/Fx8d_fIeFy8
https://icdt.osu.edu/cybercanon
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Nobelium returns, M1RACLES Vuln, Bezos 'The Devourer of Worlds', Vulnhub Doug Rants about his Favorite Threat of the Week and more, on this Security Weekly News Wrap-Up!
Show Notes: https://securityweekly.com/swn124
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook:https://www.facebook.com/secweekly
This week, In the first segment, we welcome Nathan Hunstad, Principal Security Engineer & Researcher, at Code42, for an interview discussing SIEM and SOAR! Next up, In the Enterprise Security News: Secure and monitor AWS Lamba with new, not related, features from Datadog and Imperva, ServiceNow integrates with Microsoft solutions, SentinelOne wins two awards, Reducing risk with IAM, Kemp lanches Zero Trust, AWS launches another contianer product, Zscaler acquires Smokescreen, Sumo Logic acquires DF Labs, Uptycs, Salt Security and Spec Trust secure funding... and more! Then we close out the show with two pre-recorded RSAC 2021 interviews featuring Drew Rose, from Living Security, & Ganesh Pai of Uptycs!
Show Notes: https://securityweekly.com/esw229
Segment Resources:
https://www.code42.com/blog/is-soar-the-new-siem/
Visit https://securityweekly.com/code42 to learn more about them!
Visit https://securityweekly.com/livingsecurity to learn more about them!
Visit https://securityweekly.com/uptycs to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Allan Friedman, Director of Cybersecurity Initiatives at NTIA, to discuss SBOM!
What is SBOM? Who needs to think about this? Is this required today, and what might the future of compliance look like? What is in the recent EO?
Show Notes: https://securityweekly.com/scw74
Segment Resources: https://ntia.gov/SBOM
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week: the Security Weekly News, and special guest Fleming Shi joins for an expert commentary where he discusses API security and supply chain attacks, application security, supply chain security, how your supply chain can damage your reputation, and lessons learned from recent attacks on Sunburst! In the news: Charlie bit my finger, Darkside in the People's court, Big Sur, Trend Micro, and Russian Keyboards.
Show Notes: https://securityweekly.com/swn123
Visit https://securityweekly.com/barracuda to learn more about them!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Chris Hallenbeck, CISO, Americas at Tanium, discussing how to Simplify & Accelerate Patch Management! Most people focus on the patch, check that box but they forget the other side of the coin. How do they make sure a bad actor isn't still in their network? This week, in the Leadership and Communications section, CISOs Struggle to Cope with Mounting Job Stress, Corporate Compliance Strategies to Protect Data, Cybersecurity Metrics That Matter, and more!
Show Notes: https://securityweekly.com/bsw218
Segment Resources:
https://site.tanium.com/rs/790-QFJ-925/images/Tanium_SolutionPaper_DistributedWorkforce_FINAL.pdf
https://site.tanium.com/rs/790-QFJ-925/images/PB-Patch.pdf
Visit https://securityweekly.com/tanium to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Manish Gupta, CEO and Co-Founder at ShiftLeft, to discuss Bringing Appsec to a Modern CI Pipeline! Appsec in a modern CI pipeline needs a combination of tools, collaboration, and processes to be successful. Importantly, it also needs to scale. We can't just shift responsibility left and assume that will be successful. So, how can an appsec team bring tools and security knowledge to developers? In the AppSec News segment, Mike and John talk: HTTP bug bothers IIS, Android platform security, supply chain security (new and old), brief (very brief) history of browser security, & more!
Show Notes: https://securityweekly.com/asw152
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit https://securityweekly.com/shiftleft to learn more about them!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we kick off the show with the Security News: Is the cyber NTSB a good thing?, Russian virtual keyboard for the win, information should be free, hang on while I unplug the Internet, security MUST be taken seriously, poison the water hole to poison the water, bombing hackers, how industry best practices have failed us?, publishing exploits is still a good thing regardless of what the studies say, & more! Then, we have a Technical Segment featuring our own Adrian Sanabria, & Sounil Yu from JupiterOne! Then we wrap up the show with a pre-recorded interview with ‘Wheel’ on the “21 Nails“ Exim Mail Server Vulns!
Show Notes: https://securityweekly.com/psw695
Segment Resources: https://blog.qualys.com/vulnerabilities-research/2021/05/04/21nails-multiple-vulnerabilities-in-exim-mail-server
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, in our first segment, we welcome John Masserini, Global Chief Information Security Officer at Millicom Telecom International, to discuss "Identity Management as a Foundation for Future-Proofing your Security". In the enterprise news segment, we discuss all the enterprise security news from RSA Conference 2021. In our final segment, we welcome Mark Bowling, Vice President of Security Response Services at ExtraHop, to discuss "Building a Response Strategy to Advanced Threats".
Show Notes: https://securityweekly.com/esw228
Visit https://securityweekly.com/extrahop-rsac to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, It's RSA Conference 2021. In our first segment, we welcome Joe Noonan, General Manager at Unitrends, to discuss "Unified BCDR: Why Backup Alone is No Longer Enough". In our second segment, we welcome Jonathan Nguyen, Vice President, Field CISO Team at Fortinet, to discuss "Building a Unified Security Fabric"!
Show Notes: https://securityweekly.com/bsw217
Visit https://securityweekly.com/fortinet to learn more about them!
Visit https://securityweekly.com/unitrends to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Aanand Krishnan, CEO at Tala Security, Inc., to discuss Third Party Software Risk on the Web! Web applications are highly dependent on third party content and JavaScript. This creates a significant set of vulnerabilities that attackers are exploiting. How do you prevent a Solarwinds type hack on your website?
In the AppSec News, CNCF releases a whitepaper on supply chain security, Frag attacks against WiFi devices, security webhooks, trusting terraform plans, shared credentials and app access, complexity vs. security vs. design.
Show Notes: https://securityweekly.com/asw151
https://go.talasecurity.io/blog/data-in-the-browser-is-data-at-risk
https://www.talasecurity.io/protect/#how
https://go.talasecurity.io/blog/how-i-hacked-your-website
Visit https://securityweekly.com/talasecurity to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Alex Chaveriat, Chief Innovation Officer at Tuik Security Group, joins us for an interview where he tells us "How Hacking Naked Changed His Life"! Then, I will take you through attack surface mapping with AMASS! In the Security News, President Biden issues a 34-page executive order on Cybersecurity, Did you hear about the pipeline hack?, New/Old Wifi vulnerabilities, get this Apple didn't want to talk about a malware attack that exposed users, fake Amazon review database, why ad-hoc scanning is not enough, distroless linux, wormable windows bug, codered 2.0 perhaps?, the cryptowars continue and more!
Show Notes: https://securityweekly.com/psw694
Segment Resources: https://youtube.com/alexchaveriat
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week: Dr. Doug talks Elon tweets, Horse Ridge, Frag Attacks, Lots of Ransomware, Fightin' Joe Biden, as well as show Wrap Ups & his Favorite Threat of the Week!
Show Notes: https://securityweekly.com/swn122
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, In the first segment, we welcome Damon Small, Technical Director of Security Consulting at NCC Group, for an interview covering the Florida Water Treatment Facility Hack, and the Convergence of OT & IT! Next up, Artisom Holub, Senior Security Analyst and Austin McBride, Data Scientist, from Cisco Umbrella join to talk about some Chart Topping Threats and How Attacks will rage in 2021! In the Enterprise Security News: XM Cyber Announces Integration with Palo Alto Network's Cortex XSOAR, API Security Lessons Learned, Cycode Raises $20 Million, HelpSystems Acquires Beyond Security, Accurics Terrascan integrates with the Argo Project, Cequence Security API Sentinel 2.0, Seclore Security24 protects sensitive data, Who’s Really Behind the Colonial Pipeline Cyberattack?, Forcepoint acquires Cyberinc, Sophos launches industry’s only XDR solution for endpoint, server, firewall and email security?, and more!
Show Notes: https://securityweekly.com/esw227
Visit https://securityweekly.com/ciscoumbrella to learn more about them!
Segment Resources: https://newsroom.nccgroup.com/news/insight-florida-citys-water-supply-attack-420952
https://www.cnn.com/2021/02/13/us/florida-hack-remote-access/index.html
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
A flurry of legislative and legal activity is re-shaping the way privacy and cybersecurity professionals conduct business. As a result, in addition to actually carrying out their protection responsibilities, professionals charged with protecting private and confidential data must be also be constantly aware of these evolving regulatory and legal obligations.
Show Notes: https://securityweekly.com/scw73
Segment Resources: https://www.otterbourg.com/assets/htmldocuments/Protecting%20Privilege%20in%20Cyberspace%20New%20York%20State%20Bar%20Association%20Erik%20Weinick%20March%202021.pdf
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
The shift away from web application security, caused by the pandemic and the focus on remote workforces, resulted in an increased number of web vulnerabilities, as shown in the latest Acunetix by Invicti Web Application Vulnerability Report. In this segment, Ryan will discuss the main results, the trends that might have caused them, and advise how you can protect your organization against vulnerabilities that can negatively impact your business. In the Leadership and Communications section, 6 ways to spur cybersecurity board engagement, 5 key qualities of successful CISOs, and how to develop them, 4 Actions Transformational Leaders Take, and more!
Show Notes: https://securityweekly.com/bsw216
Segment Resources: The Invicti AppSec Indicator, Spring 2021 Edition: Acunetix Web Vulnerability Report https://www.acunetix.com/white-papers/acunetix-web-application-vulnerability-report-2021/
Visit https://securityweekly.com/netsparker to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Security Weekly News: Elon, Jerry Lee Lewis, Colonial Pipeline, Net Neutrality redux, Lemon Duck, Rico, & Jason Wood returns for Expert Commentary!
Show Notes: https://securityweekly.com/swn121
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
While the vision for app security is relatively clear, executing on that vision is still somewhat of a work in progress. Fast-moving, interdependent pieces—custom code and open source packages, infrastructure and network configurations, user entitlements—make for complex systems. In this episode, we discuss the challenge in addressing each piece independently and consider how consolidated, multi-purpose tools may present an emerging solution. This Week in the AppSec News, Mike and John talk: "Find My threat model" with AirTags, Qualcomm modem vuln hits lots of Android, an Exim update patches lots of vulns, measuring hardened binaries, a maturity model for k8s, & more!
Show Notes: https://securityweekly.com/asw150
Visit https://securityweekly.com/prismacloud to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
This week, Bob Erdman, Associate Director of Development at Core Security, joins us for an interview to talk about Building a Risk-Based Vulnerability Management Program! Then, Jim Langevin, US Congressman at the US House of Representatives, joins us for a discussion on Biden Administration EO on Cyber! In the Security News, Pingback is back, was it ever really gone?, damn QNAP ransomeware, anti-anti-porn software, Qualcomm vulnerabilities, spreading pandas on Discord, the always popular Chinese APTs, exploits you should be concerned about, job expectations, westeal your crypto currency, quick and dirty python (without lists), new spectre attacks, Github says don't post evil malware and more!
Show Notes: https://securityweekly.com/psw693
Segment Resources:
https://www.coresecurity.com/blog/how-mature-your-vulnerability-management-program
https://www.coresecurity.com/blog/when-use-pen-test-and-when-use-vulnerability-scan
https://www.digitaldefense.com/blog/infographic-risk-based-vulnerability-management/
Visit https://securityweekly.com/coresecurity to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Security Weekly News Wrap Up Dr. Doug talks: Pings are bad, m'kay, Yahoo Answers, Python ipaddress bugs and the curse of octal, Deepfakes, Qualcom, Spectre, First Horizon Bank, & the show Wrap Ups for this week!
Show Notes: https://securityweekly.com/swn120
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, In the first segment, we welcome Steve Springett, Chair at CycloneDX SBOM Standard, Core Working Group, for a discussion on The Rise of SBOM! Next up, Carlos Morales, CTO Security Services at Neustar, joins for a discussion on how Applications Are Your Lifeblood – Understanding the Changing Attack! In the Enterprise Security News: Code42 enhances Incydr to help identify insider risk related to file uploads to unsanctioned websites, Imperva acquires CloudVector to provide visibility and security for API traffic, ThreatQuotient launches ThreatQ TDR Orchestrator to accelerate detection and response, KnowBe4 Launches Artificial Intelligence-Driven Phishing Feature, and some funding and acquisition updates from Thoma Bravo, Proofpoint, Darktrace, JupiterOne, and more!
Show Notes: https://securityweekly.com/esw226
Segment Resources: https://www.home.neustar/resources/videos/security-you-can-trust
https://www.home.neustar/resources/whitepapers/web-application-security-threats https://cyclonedx.org/
https://www.ntia.gov/sbom https://owasp.org/scvs https://dependencytrack.org/
Visit https://securityweekly.com/neustar to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Just last month, Virginia became the second state in the U.S. to pass a privacy law – the Consumer Data Protection Act (CDPA). While this doesn’t take effect until 2023, it’s important for businesses to understand what it means for them and start preparing for data security compliance now.
Chris Pin, VP of Security and Privacy at PKWARE, will be discussing:
• How Virginia’s law differs from CCPA and GDPR and the key points companies need to know
• Where and how companies may need to enhance their data privacy policies and processes, and specifically how it’s imperative to know the five W’s of data: Who, What, Why, When, Where and one H, How
• How companies should begin incorporating data discovery, data classification, data minimization, records of data processing activities, and data protection assessments as part of their everyday processes and controls, if they haven’t already
• Real life situations that businesses could find themselves in
Show Notes: https://securityweekly.com/scw72
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Graham Keavney, President at Cybersecurity Collaboration Forum, joins us to provide an overview of the Cybersecurity Collaboration Forum and the benefits of CISO peer-to-peer networks. This week, it's my favorite segment, Security Money, where we update you on the latest security funding and performance of the public market. The Security Weekly 25 index is still going strong.
Show Notes: https://securityweekly.com/bsw215
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Rey Bango will be digging into the developer security training conundrum based on his own experiences with secure coding and security training.
He'll cover:
• The types of security training that work
• The role of security champions
• How the security and development teams can work together to ensure code is create securely from the start
In the AppSec News: Microsoft discloses "BadAlloc" bugs, macOS Gatekeeper logic falters, authentication issues in KDCs and ADs, Spectre gains another vector, followup on the UMN Linux kernel vulns study!
Show Notes: https://securityweekly.com/asw149
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week Dr. Doug talks Dan Kaminsky, Spectre, Badalloc, Cardassian Overlords, Apple patches, and the notorious Jason Wood returns for Expert Commentary!
Show Notes: https://securityweekly.com/swn119
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
In the Security Weekly News Wrap Up for this week: Government intervention in Ransomware, Joe Biden's response to Russia, Passwordstate, AI, Mitre, Chrome, contaminated instruments, and Dr. Doug's Favorite Threat of the Week!
Show Notes: https://securityweekly.com/swn118
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Fleming Shi, CTO of Barracuda Networks, joins us for an interview to talk about Protecting the Hybrid Workforce! Then, Fred Gordy, Director of Cybersecurity at Intelligent Buildings, joins us for a discussion on Smart Building Control System Cybersecurity - The Real World! In the Security News, Penetration testing leaving organizations with too many blind spots, A New PHP Composer Bug Could Enable Widespread Supply-Chain Attacks, Apple AirDrop Vulnerability Exposes Users’ Personal Information, Darkside Ransomware gang aims at influencing the stock price of their victims, Security firm Kaspersky believes it found new CIA malware, and a Hacker leaks 20 million alleged BigBasket user records for free! All that and more on this episode of Paul's Security Weekly!
Show Notes: https://securityweekly.com/psw692
Segment Resources:
Visit https://securityweekly.com/barracuda to learn more about them!
Intelligent Buildings - https://www.intelligentbuildings.com/
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Rickard Carlsson, CEO at Detectify, joins us to talk about collaboration as the modern approach application security. In the Enterprise News for this week: HackerOne Enhances Security Testing Platform, Palo Alto Networks Expands Unit 42 Cybersecurity Consulting Group, Thoma Bravo to take cyber security firm Proofpoint private, BlackRock, Tudor Group Back Cybersecurity Startup Deep Instinct, and more! Authentication and authorization might sound similar, but they are two distinct security processes. Joe Carson, Chief Security Scientist at Thycotic, joins us to discuss why privileges, not identities, are one of the biggest challenges for identity and access. Joe will share Thycotic's simple approach to solving privileged access.
Show Notes: https://securityweekly.com/esw225
Segment Resources: https://blog.detectify.com/2021/04/09/modern-application-security-requires-speed-scale-and-collaboration/
Visit https://securityweekly.com/detectify to learn more about them!
Visit https://securityweekly.com/thycotic to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Richard Struse, Director of The Center for Threat-Informed Defense from MITRE Engenuity joins the SCW crew for a two part interview! -What is threat-informed defense and how does it relate to other aspects of cybersecurity? -The importance of ATT&CK as a lens through which you can view your security posture. -Center for Threat-Informed Defense R&D products aimed at helping defenders better assess the efficacy of the controls they have in place.
Show Notes: https://securityweekly.com/scw71
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Cyber accountability is often overlooked by Board of Directors and the C-Suite. They tend to turn a blind eye to their cyber security mandates or avoid the issue. But as Solarwinds, MS Exchange and many other security incidents prove it, it’s not a strategy. In the Leadership and Communications section, Outgunned CISOs navigate complex obstacles to keep rising attacks from turning into breaches, How to write a cyberthreat report executives can really use, Creating and rolling out an effective cyber security strategy, and more!
Show Notes: https://securityweekly.com/bsw214
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Segment Resources:
https://forbesbooks.com/mathieu-gorge/
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Security Weekly News: Dirty emojis, Nvidia zero-days, Shlayer, Cozy Bear, Emotet, Babuk, iOS 14.5, and Jason Wood returns for Expert Commentary!
Show Notes: https://securityweekly.com/swn117
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
We start with the article about "Researchers Secretly Tried To Add Vulnerabilities to Linux Kernel, Ended Up Getting Banned" and explore its range of issues from ethics to securing huge, distributed software projects. It's hardly novel to point out that bad actors can attempt to introduce subtle and exploitable bugs. More generally, we've also seen impacts from package owners who have revoked their code, like NPM leftpad, or who transfer ownership to actors who later on abuse the package's reputation, as we've seen in Chrome Plugins. So, what could have been a better research focus? In the era of more pervasive fuzzing, how much should we continue to rely on people for security code review? This week in the AppSec News: Signal points out parsing problems, privacy preserving improvements to AirDrop, Homebrew disclosure, WhatsApp workflows, adversarial data ordering for ML, & more!
Show Notes: https://securityweekly.com/asw148
Visit https://www.securityweekly.com/asw for all the latest episodes!
Read the research paper at https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Kevin and the CYBER.ORG team are currently finalizing nationwide K-12 cybersecurity learning standards with the goal of having all 50 states adopt them. Expected in the fall, these standards will ensure that all students have equal access to standardized K-12 cybersecurity education. This conversation will introduce Wickr to the PSW listeners. Joel Wallenstrom will discuss the importance of end-to-end encrypted collaboration and communication as it relates to enterprise and federal space. This week in the Security News, U.S Formally Attributes SolarWinds Attack to Russian Intelligence Agency, FBI Clears ProxyLogon Web Shells from Hundreds of Orgs, Justice Dept. Creates Task Force to Stop Ransomware Spread, Facebook faces mass legal action over data leak, and more!
Show Notes: https://securityweekly.com/psw691
Segment Resources: https://cyber.org/standards
https://cyber.org/about-us/our-impact https://cyber.org/news/k-12-cybersecurity-learning-standards-review-session-completed
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Just sit right back and you'll hear a tale, Lots of Zero Days, CodeCov, FBI Hack backs, Cozy Bear, Mystery Science Theatre, the Professor and the rest, here on Security Weekly Wrap Up Island!
Show Notes: https://securityweekly.com/swn116
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Jeff Deininger, a Principal Cloud Security Engineer, joins us and will use a simulated attack to demonstrate how advanced threat detection works with commonplace architectural elements to deny attackers the crucial traction needed to establish a foothold at the beginning of a campaign, leaving attackers feeling like they are inescapably 'walking on ice'.
Phishing links are getting past existing protections and clicked. How do you prevent these attacks? In this segment, Chris Cleveland, CEO at Pixm, will demonstrate how computer vision protection in the browser stops these attacks in real time and how you can know your own gaps.
In the Enterprise News for this week, Darktrace targets listing for early May, KKR-backed cybersecurity firm KnowBe4 aims for $3 Billion valuation in U.S. IPO, Dell spins off VMware to fuel post-pandemic PC growth opportunities, lots of funding announcements, and more!
Show Notes: https://securityweekly.com/esw224
Segment Resources:
Threat Report: https://pixm.net/wp-content/uploads/2021/03/Pixm-Q4-2020-Threat-Report.pdf
Visit https://securityweekly.com/extrahop to learn more about them!
Visit https://securityweekly.com/pixm to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Chris Hughes, Principal Cybersecurity Engineer at Rise8, to talk about Compliance Innovations in the Cloud. Cloud has and continues to disrupt many traditional business processes, activities and IT paradigms. Compliance will also be revolutionized by cloud computing. In this session we will dive into many of the headaches and pain points traditionally associated with compliance, explaining how leveraging cloud can improve both compliance and security.
Show Notes: https://securityweekly.com/scw70
Segment Resources: https://acloudguru.com/blog/business/compliance-is-cumbersome-but-cloud-can-help
https://www.mediaopsevents.com/devopsconnect
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
When the world went fully remote a year ago, many systems had to migrate from on-premise to the cloud. Now that we're starting to re-open offices, do we move these system back to on-premise or is cloud the new normal? Fleming Shi, CTO from Barracuda Networks, joins us to discuss the ongoing challenges of the hybrid workforce.
In the Leadership and Communications section, Federal Reserve Chairman Says Cyber-Risk a Top Threat to National Economy, What Good Leaders Do When Replacing Bad Leaders, My Ten Rules for Work-Life Balance, and more!
Show Notes: https://securityweekly.com/bsw213
Visit https://securityweekly.com/barracuda to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks naughty vaccines, Air frying is not frying, BGP is leaking, Codecov, Lazarus, Google Alerts, Nitro Ransomware, & we're joined once more for expert commentary by Jason Wood!
Show Notes: https://securityweekly.com/swn115
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Doug Barbin, Managing Partner at Schellman & Company, LLC, to discuss Supply Chain Management! Supply chain security isn't new, despite the renewed attention from the Solar Winds attack. It has old challenges, like having an accurate asset or app inventory, and new opportunities, like Software Bill of Materials. From consequences to code integrity, DevOps teams need to understand how to protect their own code from others' components.
In the AppSec News, Mike and John discuss Rust in Android and the Linux kernel, vuln disclosure policy changes from Project Zero, security and DevOps collaboration, XSS with NULL, & a BootHole follow-up!
Show Notes: https://securityweekly.com/asw147
Additional resources:
- National Supply Chain Integrity Month, https://www.cisa.gov/supply-chain-integrity-month
- SCRM vendor template, https://www.cisa.gov/publication/ict-scrm-task-force-vendor-template
- CWE VIEW: Hardware Design, https://cwe.mitre.org/data/definitions/1194.html
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Today we are going to take a look at security awareness training programs in organizations. We are joined to day by Kelley Bray and Stephanie Pratt who will help facilitate the discussion. We'll start with the history and evolution of security awareness programs; what has worked, or more precisely what hasn't worked. We'll also touch on how most security awareness programs stem from compliance requirements but could be doing so much more. We continue the discussion about the importance of effective security awareness programs and what that would actually look like. We'll also examine how to move beyond "bare minimum" check-box mentality about meeting security awareness training requirements and imagine building a culture of security aware employees in the organization.
Show Notes: https://securityweekly.com/scw69
The "Breaking Security Awareness" webinar: https://www.livingsecurity.com/webinar-series-from-compliance-to-culture
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Lennart Koopmann, the CTO of Graylog, Inc, joins us for an interview to talk about Nzyme, a Free and Open WiFi Defense System. Then, Dutch Schwartz, Principal Security Specialist at Amazon Web Services, joins us for a discussion on the Lessons Learned When Migrating from On Prem to Cloud! In the Security News, Polish blogger sued after revealing security issue in encrypted messenger, The Facebook dump and Have I Been Pwned, Child tweets gibberish from a highly sensitive Twitter account, LinkedIn and more_eggs, APTs targeting Fortinet, SAP Applications Are Under Active Attack again, Is your dishwasher trying to kill you?, Ubiquiti All But Confirms Breach Response Iniquity, Cyber Threat Analysis, 11 Useful Security Tips for AWS and other stuff too, Signal Adds Cryptocurrency Support and Not everyone is a fan, Zoom 0-click exploit, when firmware attacks, attackers blowing up Discord!
Show Notes: https://securityweekly.com/psw690
Segment Resources:
Register for Joff's Fun Regular Expressions class here: https://bit.ly/JoffReLife
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Elon visits an audio-only virtual bar, Ubiquity denies, Accellion, ToadSuck.gov, and more, plus show wrap-ups!
Show Notes: https://securityweekly.com/swn114
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, In the first segment, Ryan Noon from Material Security join us for a discussion on Zero Trust! Next up, John Loucaides joins for an interview on firmware attacks, and what enterprises need to do! In the Enterprise Security News:Cyble raises $4M, ThreatQuotient raises $22.5M, OneTrust acquires Convercent, Digital Shadows announces new threat intelligence capabilities, Rapid7 Announces Kubernetes Open Beta in InsightVM, LogRhythm Releases Version 7.7, Imperva unveils new data security platform built for cloud, Acronis releases a new version of Acronis Cyber Protect Cloud, Minerva Labs Launches Cloud Version of its Endpoint Threat Prevention Platform, What's Behind the Surge in Cybersecurity Unicorns? Cisco Umbrella unlocks the power of SASE and more!
Show Notes: https://securityweekly.com/esw223
Segment Resources: Assessing Enterprise Firmware Security Risk in 2021 - https://eclypsium.com/2021/01/14/assessing-enterprise-firmware-security-risk-in-2021/
https://github.com/chipsec/chipsec
The Top 5 Firmware Attack Vectors - https://eclypsium.com/2018/12/28/the-top-5-firmware-and-hardware-attack-vectors/ https://material.security/blog/email-is-too-important-to-protect-like-a-tsa-checkpoint
https://www.cnbc.com/2021/03/09/microsoft-exchange-hack-explained.html
Visit https://securityweekly.com/eclypsium to learn more about them!
Visit https://securityweekly.com/materialsecurity to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Errol will talk about his experiences with information sharing and building the world's first Information Sharing & Analysis Center in 1999. Errol brings unique perspective to the table as he was the service provider behind the Financial Services ISAC, then a subscriber and ISAC member for 13 years in the banking and finance sector.
Show Notes: https://securityweekly.com/scw68
Segment Resources:
Errol's Testimony Before the House Financial Services Subcommittee Transcript - https://www.sifma.org/wp-content/uploads/2012/06/WeissCitionbehalfofSIFMAHFSsubchrgcybersecurity20120601.pdf
Video - https://www.c-span.org/video/?306361-1/cyberthreats-us-financial-industry (Errol Weiss - 30:03)
National Council of ISACs - great resource to find out about all the different ISACs https://www.nationalisacs.org/
ISAOs - https://www.isao.org/information-sharing-groups/
Information Sharing Best Practices Toolkit: https://h-isac.org/h-isac-information-sharing-best-practices/
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Are you struggling with Alert Overload, Manual Processes, Multiple/Disparate Tools, Talent Shortage, and/or Budget Constraints? Of course you are! John McClure, Chief Information Security Officer from Laureate Education, joins us to discuss how he solved these challenges by implementing SOAR and accelerating security.
In the Leadership and Communications section, Developing a Risk Management Approach to Cybersecurity, How Automation Can Protect Against Data Breaches, The Problem with Cyber Insurance: Outdated Incentives, and more!
Show Notes: https://securityweekly.com/bsw212
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks Breaches, Microsoft, the Dead Return to Life, The IRS is coming for your Bitcoin, Have YOU been PWNed, and the Expert Commentary of none other than Jason Wood!
Show Notes: https://securityweekly.com/swn113
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Leif Dreizler - Engineering Manager, Product Security - Segment, to talk about Shifting Right: What Security Engineers Can Learn From DevSecOps! In the AppSec News, PHP deals with two malicious commits, SSO and OAuth attack vectors to remember for your threat models, zines for your DevSecOps education!
Show Notes: https://securityweekly.com/asw146
Segment Resources: https://segment.com/blog/shifting-engineering-right/
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Nick Percoco, Chief Security Officer at Kraken, joins us for an interview to discuss The Intersection of Cybersecurity and Cryptocurrency. Robert Lemos, Cybersecurity and Data Journalist, joins us for a discussion on Cybersecurity and Journalism! In the Security News, npm netmask library has a critical bug, when AI attacks, firmware attacks on the rise, Microsoft Hololens and order 66, a real executive order 13694, The Ubiquity breach saga, the FreeBSD and wireguard saga, is the cloud more secure? Hopefully for PHP it is, software updates limit muscle car to 3 HP, a brand new Windows 95 easter egg just in time for, well, easter, and aging wine in space, does it make a difference?
Show Notes: https://securityweekly.com/psw689
https://www.kraken.com/en-us/features/security/kraken-security-labs
https://blog.kraken.com/security-labs/
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/psw for all the latest episodes!
This week, Dr. Doug talks Joe Biden, Bad Octal, North Korea Zinc Group, PhP Compromised, NMP, the Mafia, and the show Wrap Ups for the week!
Show Notes: https://securityweekly.com/swn112
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, In the first segment, Zack Moody from AVX Corporation join us for an interview on the Rise of Insider Threat post Covid-19! Next up, Juliet Okafor joins for an interview on Why User Adoption in Enterprise Security is Low! In the Enterprise Security News: Funding announcements from Clearsense, Morphisec, Feedzai, Jumio, Ketch, Living Security, Productiv and Socure. ServiceNow acquires Intellibot, Accenture acquires Cygni, Astadia acquires Anubex, AutoRABIT acquires CodeScan, Kroll Acquires Redscan. GRIMM launches a Private Vulnerability Disclosure program, AttackIQ automates the validation of AI and ML, CircleCI offers CI/CD for ARM in the cloud, Elastic Observability updates, Gigamon and FireEye collaborate on integration of Gigamon Hawk, McAfee unveils MVision cloud, Red Hat OpenShift Service Available on AWS, Sysdig Adds Unified Threat Detection Across Containers and Cloud and more!
Show Notes: https://securityweekly.com/esw222
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
The SCW hosts discuss Rafal Los' recent blog post "Vulnerability Management is Still a Mess" ( https://blogwh1t3rabbit.medium.com/vulnerability-management-is-still-a-mess-27519ffcecc0 ). In the first segment, we will learn all about Rafal's cybersecurity background and why vulnerability management has not evolved in line with the technology. In the second segment, the SCW hosts will continue the discussion with Raf and hopefully come up with some guidance on what can be done to make vulnerability management work better.
Show Notes: https://securityweekly.com/scw67
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Nemi George, VP, IT & Information Security Officer at Pacific Dental Services, to discuss How NDR Technology Helps Manage Cybersecurity Challenges! MoNDR technologies such as ExtraHop are the latest tools in the CISO toolbox for combating cybersecurity threats. It enables previously unattainable speed and efficacy in detecting, identifying and responding to anomalies and malicious traffic and network events. In the Leadership and Communications section, Being a CISO in 2021: How to Be a Business Leader in the Boardroom, Skills CISOs Need to Have in 2021, Build your cybersecurity A-team: 7 recruiting tips, and more!
Show Notes: https://securityweekly.com/bsw211
Visit https://securityweekly.com/extrahop to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks Microsoft, Apple Store, PhP, Video Game Cheating, Joe Biden's executive order, & the return of Jason Wood for Expert Commentary!
Show Notes: https://securityweekly.com/swn111
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Andrew van der Stock, Executive Director at OWASP Foundation, to talk about the OWASP Top 10 of 2021! The OWASP Top 10 2021 is in development. A public survey has just been released. We have finished collecting data. I would like to discuss what the plans are for the OWASP Top 10 2021, and when it will be released, and how you can get involved.
In the AppSec News, Security and privacy technical analysis of TikTok, subtle parsing problems, chain of trust through a CI/CD pipeline, faster fuzzing even without source code, interplay of application security and application safety!
Show Notes: https://securityweekly.com/asw145
https://owasp.org/www-project-top-ten/
https://github.com/OWASP/Top10
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Doug talks SolarWinds patches, Jack Dorsey's Clockblock, Tesla banned, 11 zero-days in one year, Turing, & the recaps of this week's content on the Security Weekly News Wrap-Up!
Show Notes: https://securityweekly.com/swn110
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Mehul Revankar VP Product Management and Engineering at Qualys discusses How to Tame Your Vulnerability Overload. Sven Morgenroth, Security Researcher at Netsparker talks about the dangers of Open Redirects! In the Security News Doom exploit wins an award, a puzzle honors Alan Turing, anyone can create a deepfake, Jabber bugs, unquoted service paths, Nim malware, Deadly sins of secure coding, & are we living in the toughest time of Cybersecurity?
Show Notes: https://securityweekly.com/psw688
Sven's Slide Deck - Open Redirects: https://securityweekly.com/wp-content/uploads/2021/03/Netsparker-Sven-Morgenroth-3-25-21-Open-Redirect.pdf
Visit https://securityweekly.com/netsparker to learn more about them!
Visit https://securityweekly.com/qualys to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Register to attend Joff Thyer's upcoming Wild West Hacking Fest course "Enterprise Attacker Emulation and C2 Implant Development": http://bit.ly/JoffsC2Class
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Trey Ford from Salesforce joins us to talk about Platform Security, as well as PaaS and Hosting. Next Up, Jarrett Rodrick from VMware discusses how you can "Jump-start Your SOC Analyst Career"! In the enterprise security news Funding announcements from SecurityScorecard, Secureframe, Axis Security, Orca, Cylera, and Vulcan Cyber. A non-funding announcement from Thinkst. Fortinet aquires ShieldX, VMware acquires Mesh7 and Copado aquires New Context. Knowbe4 files for IPO. Exabeam Launches First-ever Comprehensive Use Case Coverage, Linksys and Fortinet form an interesting partnership, Sonatype targets a more secure software supply chain with a 5-part announcement, CTO.ai Launches Serverless Kubernetes Platform and more!
Show Notes: https://securityweekly.com/esw221
https://www.amazon.com/Jump-start-Your-Analyst-Career-Cybersecurity/dp/148426903
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Jeff, Liam Downward, Scott, & Josh talk PCI with Dan DeCloss and Shawn Scott from PlexTrac!
Show Notes: https://securityweekly.com/scw66
Visit https://securityweekly.com/plextrac to learn more!
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Christopher Gates, Director of Product Security at Velentium, to discuss the Medical Device Secure Development Lifecycle! How to incorporate security into your existing medical device development process, What artifacts need to be created, & Security activities that are new. In the Leadership and Communication Segment, 5 Reasons Why Cybersecurity Should Be A Priority While Planning Your Business, 3 Key Tasks That Help Me Work Way Less and Accomplish More, Everything You Need to Know About Dictionary Attacks, Is Misinformation Slowing SASE Adoption, & more!
Show Notes: https://securityweekly.com/bsw210
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr.Doug talks GE Universal Relays, NETOP, Microsoft, F5, and has a special Guest Expert Commentary featuring Martyn Crew & Baseer Balazadeh from Gigamon!
Show Notes: https://securityweekly.com/swn109
Visit https://securityweekly.com/gigamon to learn more about them!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Johanna Ydergard, VP of Detectify Crowdsource at Detectify, and Roberto Giachetta, Engineering Manager at Detectify, to discuss Approaching AppSec Like a Hacker! Security is struggling to keep up with securing modern web applications and the fast pace of wild web hacks. Detectify is building automated app scanners that can think like a hacker and shorten vulnerability detection time down to minutes and hours, whilst helping ethical hackers do bug bounty/disclosures in a scalable way. In the AppSec News: Supply chain security in Azure SDK and macOS Xcode, GitHub's postmortem on a session handling flaw, six GCP vulns from 2020, & information resources for hacking the cloud!
Show Notes: https://securityweekly.com/asw144
Visit https://securityweekly.com/detectify to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Dan Decloss, Founder and CEO at Plextrac joins us to talk about getting the real work done: The case studies. In the Security News, If software got a security grade, most would get an F, SolarWinds hackers got some source code, new old bugs in the Linux kernel, hack stuff and get blown up, stop hacking airquotes beer, weekly Chrome zero day, Mirai lives, long live Marai, how attackers could intercept your text messages, and rigging the election, the Homecoming Queen election that is. We round out the show with a special segment from our podcast series with Plextrac on Purple Teaming featuring none other than Bryson Bort!
Show Notes: https://securityweekly.com/psw687
Visit https://securityweekly.com/plextracseries to learn more about them!
Visit https://www.securityweekly.com/series to view the entire PlexTrac Mini Series!
Register to attend Joff Thyer's upcoming Wild West Hacking Fest course "Enterprise Attacker Emulation and C2 Implant Development": http://bit.ly/JoffsC2Class
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, our good friend Ron Gula joins us to talk about cybersecurity investments, tips for both enterprises and enturprenurs. In the enterprise security news funding announcements from Coalition, HeraSoft, Cowbell Cyber, Argon, Cynet, Docker, and Cyware. Sonatype Acquires MuseDev, Sumologic Acquires DF Labs, Acronis acquires Synapsys, Lookout grabs CipherCloud and a cybersecurity SPAC. Kasada announces some new features to its bot detection offering, Rapid7 introduces an agent for CloudFront, Aqua supports ARM, and Chris Roberts joins Cynet! Ilia Kolochenko, the chief architect at Immuniweb joins us to talk about attack surface management!
Show Notes: https://securityweekly.com/esw220
Gula Tech Foundation Grant Program - Data Care: https://www.gula.tech/foundation
Gula Tech Non-Profits: https://www.gula.tech/projects
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Dr. Doug talks Tinder, Schneider Electric, Chrome, Ulysses, Mirai, as well as his Favorite Threat of the Week, all the show Wrap Ups from this week, & more!
Show Notes: https://securityweekly.com/swn108
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
We're excited to have Priya Chaudry with us today, so we are going to focus our discussion on news and events with legal implications (or the legal implications of news and events)!
For starters, the U.S. Cyber Command recently held a virtual edition of its 2021 Legal Conference. The annual conference explores current law and policy issues related to offensive and defensive cyberspace operations.
Show Notes: https://securityweekly.com/scw65
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
In 1989, Stephen Covey first published "The 7 Habits of Highly Effective People," empowering and inspiring leaders for over 25 years. Is there an equivalent or new set of habits for CISOs? George Finney, Chief Security Officer at Southern Methodist University, joins Business Security Weekly to discuss the Nine Cybersecurity Habits. In the Leadership and Communications section, The importance of culture in digital transformation, 4 ways to keep the cybersecurity conversation going after the crisis has passed, 8 new roles today’s security team needs, and more!
Show Notes: https://securityweekly.com/bsw209
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week: Dr. Doug talks more chrome zero days, Schneider Electric Meters, Exchange redux, Signal, iPhone, Nvidia, and the triumphant return of Jason Wood for Expert Commentary on the Security Weekly News!
Show Notes: https://securityweekly.com/swn107
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome John Morello, VP of Product at Palo Alto Networks, joins us to talk about Cloud Native Security Platforms! Modern appsec demonstrates the importance of a cloud native strategy for enterprise security and how much that strategy must integrate with DevOps tools and workflows. Security solutions need to come from a cohesive platform that addresses the problems DevOps teams face in how they're building apps today.
In the AppSec News, Software safety to mitigate the impact of unauthenticated RCEs, exploding regex patterns, web and browser security in the face of Spectre side-channels, signing software artifacts, 8 roles for today's security teams. This segment is sponsored by Prisma Cloud/ Palo Alto Networks.
Show Notes: https://securityweekly.com/asw143
Visit https://securityweekly.com/prismacloud to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome David Hétu, Chief Research Officer at Flare Systems, to discuss How Illicit Markets Really Operate! In the second segment, we jump right into the Security News Microsoft Exchange had some vulnerabilities, how could you not hear about them?, Russians try to throttle Twitter, silicon valley security camera company has been breached and we get to see what it looks like as they make Teslas in China, Did I mention that there was an Exchange hack?, free tool release to help secure the supply chain (but not Russians with bags of cash), the best practices aren't always the best, advanced Linux malware and how not to encrypt C2 and hide files,network-based multi-domain macro-segmentation situational awareness for compliance, & more! Then We close out the show with a special pre-recorded interview featuring Assaf Dahan, Head of Threat Research at Cybereason, on "Ransomware Research, Threats, and Futures"!
Show Notes: https://securityweekly.com/psw686
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week Dr. Doug talks Studmaster, McAfee, z0Miner, Exchange, Linux, and bad cameras! All this, with his Favorite Threat of the Week, and the show Wrap Ups for the week!
Show Notes: https://securityweekly.com/swn106
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, In the first segment, Chris Cleveland from PIXM join us to discuss using computer vision to combat phishing! Next up, Jeff Foley joins for an interview on the OWASP Amass Project! In the Enterprise Security News: Okta acquires Auth0, KnowBe4 Acquires MediaPRO, PayPal to acquire Curv, and Dropbox to acquire DocSend, Aqua Security raises $135M, Privacera Secures a Series B, YL Ventures sells its stake in Axonius, Snyk Secures a Series E, and McAfee sells its Enterprise business, AWS Announces New Lower Cost Storage, Radware's New Integrated Application Delivery & Protection, Bitdefender launches new Cloud-based EDR Solution, Awake's NDR platform, CrowdStrike Falcon enhancements improve SOC efficiency, Tufin releases Vulnerability-Based Change Automation App, Gigamon launches Hawk, Sonatype Releases New Nexus Firewall Policy to Secure Software Supply Chains, & more!
Show Notes: https://securityweekly.com/esw219
Visit https://securityweekly.com/Pixm to learn more about them!
Threat Report: https://pixm.net/wp-content/uploads/2021/03/Pixm-Q4-2020-Threat-Report.pdf
https://github.com/OWASP/Amass
https://owasp.org/www-project-amass/
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Jim Gilsinn, Principal Industrial Consultant at Dragos, to discuss ICS/OT Regulation! Industrial Control Systems (ICS) and Operational Technology (OT) have risks and consequences in the real world, such as the health and safety of people, but how those industries handle the potential cybersecurity risks varies greatly depending on the regulation that has been applied. The US Government has declared many different industries as critical infrastructures with different levels of prioritization placed on cybersecurity regulation.
Show Notes: https://securityweekly.com/scw64
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week Dr. Doug talks More Microsoft attacks and more info on the Exchange server attacks, a new Intel Side Channel attack, Your python may be poisoned, the DoD let down its guard on contractors, & Aaran Leyland returns for guest Expert Commentary!
Show Notes: https://securityweekly.com/swn105
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
In 2020, we interviewed Gerald Beuchelt on Enterprise Security Weekly. At that time, he was the CISO at LogMeIn. Now he's the CISO at Sprinklr. What's it like to transition jobs in the middle of a pandemic as the the first CISO of a company? Gerald discusses his transition story and shares his recommendations and lessons learned for other CISOs.
In the Leadership and Communications section, Risky business: 3 timeless approaches to reduce security risk in 2021, Why Less Can Be More When It Comes to Cybersecurity, CISO job search: What to look (and look out) for, and more!
Show Notes: https://securityweekly.com/bsw208
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Cynthia Burke, Compliance Manager at Capsule8, to discuss Privacy, Data Security & Compliance! In most IT shops, privacy, data security and compliance often resided under the same umbrella of ownership. While all 50 States in the US have data breach notification laws, we are seeing a shift in focus on data privacy globally. Privacy and data security compliance are often used interchangeably but this misuse in terminology (and the associated requirements for all IT organizations) creates a lot of confusion in an already complicated industry. Cynthia will explore some of the key factors in 2021 as to and why we need to get it right.
In the AppSec News, Making security engineering successful, Go's supply chain, mitigating JSON interoperability flaws, automating the hunt for deserialization flaws, the importance of observability, and what to do about Exchange!
Show Notes: https://securityweekly.com/asw142
Visit https://securityweekly.com/capsule8 to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Phillip Wylie, instructor at INE, to discuss Offensive Cybersecurity Education and Getting Started in Pentesting! In the second segment, I will personally be walking you through "How to Build a Kick-Ass PC"! Finally, In the Security News, Calling all people who know how to patch MS Exchange servers, we need you, Rockwell Automation PLC flaws and what you can't do about it, a book review I agree with, be careful what you expose at home, yet another Chrome 0day, jailbreak your iPhone, the cybersecurity consolidation, and taking back the term "Hacker", for real this time!
Show Notes: https://securityweekly.com/psw685
The Pwn School Project meetup: https://pwnschool.com/
INE ( https://ine.com ), Phillip's employer offers a free starter pass for training in four different areas of technology; Penetration Testing Student, Getting started in networking, Azure fundamentals, first steps in data science with Python: https://checkout.ine.com/starter-pass
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week Dr. Doug talks Non-fungible tokens, Exchange, Talon cameras, OSINT, Rockwell, & show wrap ups on the Security Weekly Wrap Up Show!
Show Notes: https://securityweekly.com/swn104
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, In the first segment, Matt Cauthorn & Sri Sundaralingam from ExtraHop join us to discuss why Traditional IDS is Dead! Kimberly Sutherland from LexisNexis Risk Solutions will discuss The New Cybercrime Landscape! In the Enterprise Security News Thycotic and Centrify join forces, Netwrix acquires Strongpoint, SentinelOne plans for IPO, Qomplx plans to go public, and funding announcements from Axonius, HYAS, Armorblox and platform9. Attivo Networks Announces Continuous Assessment and Enforcement for AD, cPacket Networks announces cCloud, a network packet capture and analytics for Azure, Cavirin speeds up the process of keeping customers' hybrid clouds safe, Elastic announces an alerting framework, Bridgecrew automates cloud security in VS Code, Going Passwordless with YubiKey and Microsoft Azure AD, The Free ImmuniWeb Community Edition, GreatHorn vs Proofpoint: A 3rd Party Comparison, CyberArk's New Identity Security Offerings and more!
Show Notes: https://securityweekly.com/esw218
Visit https://securityweekly.com/extrahop to learn more about them!
Press release: https://risk.lexisnexis.com/about-us/press-room/press-release/20200223-biannual-cybercrime-report
The LexisNexis Risk Solutions Cybercrime Report: https://risk.lexisnexis.com/insights-resources/research/cybercrime-report
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Albert "Nickel" Lietzau, V and Mike Volk from PSA Insurance & Financial Services! Nickel Lietzau and Mike Volk have heard that we are not huge fans of cyber insurance on SCW, and they have graciously agreed to subject themselves to our scrutiny. In the first segment we'll touch on common myths and misconceptions about Cyber Insurance and let Nickel and Mike set us straight. Assuming Nickel and Mike survived the first segment, we're asking them for practical advice in this segment on how to consider and ultimately select the right cyber insurance program for you. We're looking for the usual suspects, gotchas, and recommended actions.
Show Notes: https://securityweekly.com/scw63
Suggested reading:
- https://www.psafinancial.com/2020/03/covid-19-5-cybersecurity-risks-you-need-to-consider/
- https://www.psafinancial.com/2018/04/cyber-insurance-your-backstop-in-your-cyber-incident-response/
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, David Chamberlin, Managing Director at CRA, Inc., joins Business Security Weekly to discuss preparation for a security incident and how to develop a communications plan that's simple and effective. In the Leadership and Communications section, Financial Targets Don’t Motivate Employees, Texas power outage flags need to revisit business continuity, Security job candidate background checks: What you can and can't do, and more!
Show Notes: https://securityweekly.com/bsw207
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Security Weekly News, Gootloader, the darker web, Copyright infringement, a very special guest from the future, and deep fakes, all this and Aaran Leyland joins for guest Expert Commentary!
Show Notes: https://securityweekly.com/swn103
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Ted Harrington, Executive Partner at Independent Security Evaluators, to discuss Hackable; How to do Application Security Right! In the Application Security News, Implementation pitfalls in parsing JSON, finding all forms of a flaw with CodeQL, more educational resources for hacking apps, engineering and product management practices for DevOps, & more!
Show Notes: https://securityweekly.com/asw141
Register for the DevSecOps eSummit for which Ted will be a panelist: https://onlinexperiences.com/Launch/QReg.htm?ShowUUID=5673DA7C-B8C2-4A3E-B675-C6BBF45DC04F
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Peter Warmka the founder of the Counterintelligence Institute and author of the newly released new book titled: "Confessions of a CIA Spy - The Art of Human Hacking"! Senior Security Architect Bryan Seely from Cyemptive Technologies joins us to discuss How to be a CyberSecurity Hero! In the Security News Nvidia tries to throttle cryptocurrency mining, Digging deeper into the Solarwinds breach, now with executive orders, NASA's secret message on Mars, vulnerabilities in Python and Node.js, hacking TVs and AV gear, nation state hacking galore, patch your VMWare vCenter, and is a password manager worth your money?!
Show Notes: https://securityweekly.com/psw684
Peter's new book is available on Amazon: https://amazon.com
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks Flying cars, Net Neutrality, LOTS of supply chain stories, and all this weeks' shows, on the Security Weekly News Wrap Up!
Show Notes: https://securityweekly.com/swn102
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, in the Enterprise Security News, Lastpass is no longer free, Tenable helps with dynamic assets, SecurityScorecard and the Score Planner, Trendmicro XDR, Imperva launches sonar, Funding announcements from: PerimeterX, SPHERE, Red Canary, 1Kosmos, Strata Identity. In the acquisistion news: Sailpoint to Acquire Intello, Crowdstrike to Acquire Humio, Palo Alto to acquire Bridgecrew, Kaseya to Acquire Rocket cyber! In the second segment, we welcome Christopher Crowley from Montance, LLC, to discuss the 2020 Security Operations Survey! In the final segment, Amit Malike & Ganesh Pai from Uptycs join us to discuss Evaluating the MITRE ATT&CK Evaluations in their Third Year!
Show Notes: https://securityweekly.com/esw217
Download the report: https://soc-survey.com/
Visit https://securityweekly.com/uptycs to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome John Threat, Hacker at Mediathreat, followed by Chris Cochran and Ronald Eddings from Hacker Valley Media! Jeff, Flee, & Scott talk to John Threat about his background and what led him to becoming a hacker. The world of hacking and the threat actors that do that sort of thing. What are the implications on comp sec in 2021 for persons, corporations, nation states and maybe even your cat?
Show Notes: https://securityweekly.com/scw62
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Dutch Schwartz, Cloud Security Strategist at AWS, to discuss cloud's influence on the evolving culture of security. Having worked with many Fortune 500 CISOs and CIOs, Dutch will share his thoughts on risk, aligning to the business, and how cloud can accelerate, but also change the way we approach security. In the Leadership and Communications section, Are businesses underinvesting in cybersecurity?, 4 tips to help CISOs get more C-Suite cybersecurity buy-in, New CISO Priorities of 2021, and more!
Show Notes: https://securityweekly.com/bsw206
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week Dr. Doug talks Bad typing, Crippled Video Drivers from NVDIA, TDOS, APT31, Malformed URLs, and more! Also, Jason Wood returns for Expert Commentary!
Show Notes: https://securityweekly.com/swn101
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Brandon Edwards, Co-Founder and Chief Scientist at Capsule8, to discuss Targeting, Exploiting, & Defending Linux! Linux is all over the place (sometimes surprising), why is targeting it different? What types of attacks are used? How can we defend against attacks on Linux? We can incorporate recent attacks against Sudo as a timely reference. In the Application Security News, Dependency confusion for internal packages, Chrome pulls down the Great Suspender, Microsoft highlights web shells, some strategies on scaling AppSec, & more!
Show Notes: https://securityweekly.com/asw140
Visit https://securityweekly.com/capsule8 to learn more about them!
To register for Capsule8's upcoming webcast "Preparing Linux Hosts for Unexpected Threats" visit https://attendee.gotowebinar.com/register/1056145103342240783?source=SW
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Peter Smith from ZScaler, to talk about What Does Zero Trust Mean To You?! Next, We dive straight Into the Security News, discussing Police Playing copyrighted music to stop video of them being posted online, Border agents can search phones freely under new circuit court ruling Microsoft warns enterprises of new 'dependency confusion' attack, Old security vulnerability left millions of IoT devices, A Simple And Yet Robust Hand Cipher,Zero Trust in the Real World , Clubhouse And Its Privacy & Security Risks,Google launches Open Source Vulnerabilities database, Hacker Tries to Poison Water Supply , Cyberpunk 2077 makers CD Projekt hit by ransomware hack, Multiple Security Updates Affecting TCP/IP, Microsoft’s Remote Desktop Web Access Vulnerability! Lastly, we close out the show with a special pre-recorded interview with 'Wheel' a Qualys researcher who helped discover the infamous Baron Samedi SUDO Vuln!
Show Notes: https://securityweekly.com/psw683
Visit https://securityweekly.com/zscaler to learn more about them!
Visit https://www.securityweekly.com/psw
for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
On this week's news recap, Microsoft Remote Desktop Web Access Authentication Timing Attack, Multiple TCP/IP stack flaws could leave millions of devices open to attack, Adobe fixes a buffer overflow issue in Reader which is exploited in the wild, and Apple Patches Recent Sudo Vulnerability in macOS.
Show Notes: https://securityweekly.com/swn100
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, in the Enterprise Security News, A new Open-source tool helps discover public Azure blobs, A New Eclypsium Integration with Kenna.VM, Armis Raises $125 Million, Okta launches its new open-source design system, Enterprise selfie biometrics solutions from Ping Identity, Bitglass announces technical integrations between SD-WAN providers and its SASE offering, Cisco AppDynamics strengthens security posture, RSA NetWitness Detect AI claims to provide advanced analytics for actionable threat detection, Jetstack Secure delivers protection and visibility of machine identities, Obsidian SaaS security solution now available on AWS Marketplace, and SentinelOne Acquires Scalyr! In the second segment, we welcome HD Moore from Rumble, Inc! In the final segment, Kelley Mak from Work-Bench joins us for a discussion on work-bench ventures!
Show Notes: https://securityweekly.com/esw216
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, our co-host, Priya Chaudry will enlighten us on several other topics of interest to our community. There might be a mention of Solarwinds, Southwest Airlines, HIQ Labs, and more! We welcome our resident legal expert and co-host Priya Chaudry to catch us up on the status of the Supreme Court case concerning the Computer Fraud and Abuse Act (CFAA) and some other legal topics.
Show Notes: https://securityweekly.com/scw61
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Ben Carr, Global Chief Information Security Officer at Qualys! Ben steps in last minute to talk about his transition from Aristocrat to Qualys and the evolution of the CISO role! In the leadership and communications section, 9 Steps for Effective Cybersecurity Risk Management, The Big 8: How to heighten cybersecurity governance, 7 Super Bowl rings for Tom Brady, and more!
Show Notes: https://securityweekly.com/bsw205
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, hundred thousand Spotify accounts leaked in credential stuffing attack, Hacker breached Florida water facility, raising chemical levels to dangerous levels, SonicWall Zero-Day in the SMA 100 Series, and Multiple Google attacks!
Show Notes: https://securityweekly.com/swn99
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Alissa Knight, Partner at Knight Ink, to discuss Being a Serial Entrepreneur, Business Leader, & Hacker! Alissa Knight has spent her career going against industry and social norms as both a Transgendered and Lesbian business leader and hacker. Learn more about her, her achievements as a published author, her recent vulnerability research in hacking law enforcement vehicles, mHealth apps and APIs, her life as a hacker, and barriers she's broken down in business. In the AppSec News, Funding bounties or finding bugs, how should we invest? Talks from Enigma Conference on memory unsafety and 0-days. Coming trends in API security and a review of research from 2020!
Show Notes: https://securityweekly.com/asw139
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome our good friend Josh Marpet, COO at Red Lion and Co Host of Security and Compliance Weekly, for a discussion on 'Starting A Non-Profit To Help Small Companies With CMMC'! Bill DeLisi from GOFBA join us next for an interview to talk to us about GOFBA and National Safer Internet Day! In the Security News, Security in a Complex World, Huawei’s HarmonyOS embodies “Fake it till you make it”, How, er about, Hackers Infiltrating the World of Online Gaming, Sloppy patches breed zero-day exploits, Dutch researcher hacks prepaid vending machines, When was the last time you said: "Hey, that web app on that IoT/network device was really secure!". Test Amber Alert accidentally sent out warning of Chucky from the Child’s Play horror movies, Major Vulnerabilities Discovered in Realtek RTL8195A Wi-Fi Module, New Linux malware steals SSH credentials from supercomputers, From Microsoft, how not to run Docker in Azure Functions!
Show Notes: https://securityweekly.com/psw682
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks NIST, Fake News, Cisco, Azure Functions, Clearview, Uber drinks, followed by all of the show Wrap Ups!
Show Notes: https://securityweekly.com/swn98
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, in the Enterprise Security News, Mission Secure Announces Series B, Akamai Technologies Acquires Inverse,For Microsoft, Security is a $10 Billion Business, Sontiq acquires Cyberscout, IRONSCALES improves the ability to detect phishing attacks, Arista launches a zero trust security framework, Cymulate Integrates with Microsoft Defender for Endpoint, Tenable Empowers MSSPs to Launch Cloud-Based Vulnerability Management Services, StackPath Launches Direct Connect, Rapid7 acquires Alcide.IO to extend cloud security, Imperva updates its WAAP and Data Security offerings, SonicWall Confirms A Zero-Day Vulnerability with NO other details, Arista intros Multi-Domain Macro-Segmentation Service (I don't know what it means, but its provocative)! In the second segment, we welcome Jonathan Cran from Intrigue.io to discuss attack surface management! In the final segment, Sounil Yu from YL Ventures joins us for a discussion on the The Cyber Defense Matrix, the DIE Triad, and Cybersecurity Startups!
Show Notes: https://securityweekly.com/esw215
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/esw for all the latest episodes!
This week, we welcome Wendy Nather, Head of Advisory CISOs at Duo Security at Cisco, to discuss The Security Poverty Line! Securing an organization means more than just spending money. For those that fall below the "security poverty line," many other dynamics come into play that make it harder for them to accomplish even the basics. How do we help them rather than scolding them?
Show Notes: https://securityweekly.com/scw60
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, it's time for our quarterly segment to review the money of security, including public companies, IPOs, funding rounds and acquisitions from Q4 2020. We'll also update you on our own index that tracks public security companies called, Security Weekly 25! Everyone has heard the GameStop frenzy by now, but what's it all about. How did a group of Reddit users hack the financial system and squeeze the hedge funds? We're going to discuss the details behind r/wallstreetbets and how they hacked the hedge funds!
Show Notes: https://securityweekly.com/bsw204
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Security News, Dr. Doug talks TikTok naughtiness, Sonic Wall, the NSA, BigNox, Slipstreaming, and ESET research! Jason Wood returns with Expert Commentary on the US Court System Going back to Paper-Only for Sensitive Documents!
Show Notes: https://securityweekly.com/swn97
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome John Delaroderie, Security Solutions Architect at Qualys, to discuss Groundhog Day - It's Time to Reset the Script on Vulnerabilities! In honor of the movie Groundhog Day, John will take a look at the top 10 most routinely exploited vulnerabilities through a web app security lens. In the Application Security News, Sudo sure does, Libgcrypt flaw, iMessage demonstrates security by design, AWS Lambda shares a message on its design security, & more!
Show Notes: https://securityweekly.com/asw138
Visit https://securityweekly.com/qualys to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Michael Roytman from Kenna Security, for a discussion on 'XDR and Vitamins'!What is XDR? How do we know the security protections we're investing in are working?! Dan DeCloss from PlexTrac returns to join us for a technical segment titled 'How Tall Do You Have to Be to Ride the Ride'? In the Security News, why privacy is like bubble wrap, South African government releases its own browser just to re-enable flash support, former Lulzsec hacker releases VPN zero-day used to hack hacking team, how a researcher broke into Microsoft VS code’s Github, & how criminals use a deceased employee’s account to wreak havoc!
Show Notes: https://securityweekly.com/psw681
Visit https://securityweekly.com/plextrac to learn more about them!
Visit https://securityweekly.com/kennasecurity to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks The Walking Dead, Sudo, Slipstreaming, Office 365, GameStop, & Show Wrap Ups!
Show Notes: https://securityweekly.com/swn96
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, in the Enterprise Security News, Platform9 unburdens users from the complexities of Kubernetes,Swimlane Raises $40 Million, SonicWall hacked by zero-days in its own products?, Deloitte Buys Root9B, Cygilant and SentinelOne Partnership, Fortinet announces AI-powered XDR, AlgoSec Announced updates to A32, ESET Launches Enhanced Cloud-based Endpoint Security Management, Entrust acquires HyTrust, LogRhythm acquires MistNet, and Huntress Acquires EDR Technology From Level Effect! In the second segment, we welcome Fredrik Nordberg Almroth from Detectify to discuss his recent research into DNS Hijacking to control top-level domains! In the final segment, Allan Alford from The Cyber Ranch Podcast joins us for a discussion on the ever popular topic of Supply Chain Security!
Show Notes: https://securityweekly.com/esw214
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/esw for all the latest episodes!
This week, we welcome Anthony Palmeri, Enterprise Account Executive at Ekran System, to talk Insider Threats! Mitigating insider threats is a key cybersecurity priority for any organization that works with sensitive data. And to do that, you need an insider threat program. Such a program not only is required by numerous cybersecurity regulations, standards, and laws but also allows a company to detect an insider threat at its early stages, respond to it, and remediate the damage with little to no harm done.
Show Notes: https://securityweekly.com/scw59
Visit https://securityweekly.com/ekran to learn more about them!
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Matt Cauthorn, VP Sales Engineering at ExtraHop, to talk about how Everyone missed SUNBURST... or did they? When the SolarWinds Orion SUNBURST attack hit the national newscycle, businesses far-and-wide scrambled to determine whether or not they were affected–unfortunately, many found they couldn't say either way with confidence. And then came the question, "why didn't anyone catch this?" ExtraHop's Matt Cauthorn joins BSW to discuss the SUNBURST attack, why it was so challenging to detect, and share some behavioral analysis insights to shed light on what the attackers were doing post-compromise. In the Leadership and Communications section, Cybersecurity Failure among Highest Risks, warns World Economic Forum, How to reboot a broken or outdated security strategy, A 21st Century Solution to Our Cybersecurity Skills Shortfall, and more!
Show Notes: https://securityweekly.com/bsw203
Visit https://securityweekly.com/extrahop to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks TikTok, Sonic Wall, Cisco, Fake Security Blogs, Joe Biden, and C-Suite Phishing, all this and the return of Jason Wood for Expert Commentary!
Show Notes: https://securityweekly.com/swn95
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Taylor McCaslin, Sr. Product Manager of Secure at GitLab, to discuss Reading Industry Analyst Tea Leaves To Predict The Future! It's analyst season with the new Forrester Wave on SAST recently published as well as Gartner's Application Security Testing Magic Quadrant publishing in April. We'll talk about what are analyst reports, how should you use them, and how should you interpret placement on them as as I like to call it, reading the analyst tea leaves.
In the AppSec News, an overflow and a flawed regex paint an RCE picture for Kindle, messaging apps miss the message on secure state machines, three pillars of a data security strategy for the cloud, where DoH might fit into AppSec, and all the things that can go wrong when you give up root in your Kubernetes pod!
Show Notes: https://securityweekly.com/asw137
Visit https://securityweekly.com/GitLab to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Welcome to the Security Weekly News Wrap up for the the Week of 10 - Jan 2021. Government, the Effabeeeye, Mimecast, Ubquiti, Cisco, and the German Police, all this and show wrap ups on the Security Weekly News Wrap Up!
Show Notes: https://securityweekly.com/swn94
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Ryan Noon, Co-Founder and CEO from Material Security, joins us first, to discuss Beyond Phishing Blockers: risks to email, phishing, and beyond! Next up, Jon Gorenflo, Founder & Principal Consultant of Fundamental Security LLC, to talk about Hacking Ubiquiti Devices! In the Security News, How two authors became part of WRT54G hacking history, European police and German law enforcement have taken down the illegal "DarkMarket" online marketplace, iHackers Compromise Mimecast, 70 unpatched Cisco vulnerabilities and why these are not a big deal, Adobe is blocking Flash content, most containers still run as root, watching private videos on YouTube is more like silent films, and get a free bag of weed when you get your vaccine!
Show Notes: https://securityweekly.com/psw680
Visit https://securityweekly.com/materialsecurity to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, in the Enterprise Security News, Beyond Security partners with Vicarius, Amazon’s Parler removal and what it means for cloud confidence, Kount sold to Equifax, McAfee vs Crowdstrike, Jumpcloud raises some funds, Red Hat Acquires StackRox, and SolarWinds warnings of weak security and more. In the second segment, we talk Asset Management, Could this be the year we get a better handle on discovering and managing assets? In the final segment, we welcome Chris Blask from Unisys for an interview!
Show Notes: https://securityweekly.com/esw213
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Jim McKee, Founder & CEO at Red Sky Alliance for an interview!We're going to dissect what we know about the Sunburst/SolarWinds hack to this point - SCW style! We'll touch on the things that keep coming up in the news - attribution, conspiracy theories, implications, consequences, and so forth.
In the second segment, we will shift focus of the discussion from understanding to action - that is, what to do about this and similar types of attacks that might be perpetrated agains your organization. Or is there anything to do about this "clear and present danger"?
Show Notes: https://securityweekly.com/scw58
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Happy New Year! This week, Dr. Doug talks Parler, Section 230, Venomous Bear, Solarwinds continued, Carl Busch, Chris Krebs, Alex Stamos, Parler, all that and the Expert Commentary with Jason Wood!
Show Notes: https://securityweekly.com/swn93
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Patrick Orzechowski, VP of R&D at deepwatch, to help us learn why deepwatch chose Splunk as it’s one and only SIEM solution to deliver its Managed Detection & Response services to Fortune 2000 customers. Hear how deepwatch is leveraging a variety of Splunk capabilities and advanced API integrations to detect and respond to threats in customer environments.
In the Leadership and Communications section, How BISOs bridge the gap between corporate boards and cybersecurity, 5 questions CISOs should ask prospective corporate lawyers, Good Leadership Is About Asking Good Questions, and more!
Show Notes: https://securityweekly.com/bsw202
Visit https://securityweekly.com/deepwatch to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Andrei Serban, Co-Founder at Fuzzbuzz, to discuss Fuzz Testing! Fuzzing can be successful AppSec strategy for finding software bugs. And deploying a fuzzer no longer needs to be a cumbersome process. Find out how fuzzing can help secure software beyond just memory safety issues and what the future holds for making this strategy more effective for modern apps. In the AppSec News, Significant source code leak from misconfigured repo, side-channel attack on hardware authentication keys, a third bug bounty for the U.S. Army, the cost of poor software quality, and the benefits of DevOps approaches to building systems!
Show Notes: https://securityweekly.com/asw136
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Clayton Fields & Michael Assraf from Vicarius join us to discuss The Good, The Bad and The Ugly sides of Automated Vulnerability Remediation! Ming Chow on Infosec Careers, Data Privacy, the Cloud Solution (or not), and DevOps! In the Security News, Nissan Source Code Leaked Online, Ticketmaster fined $10 million for breaking into rival’s systems, The Great iPwn, The Great Suspender, the Shady Zero-Day Sales Game, create your own encryption in Python, and using Google to hack Google!
Show Notes: https://securityweekly.com/psw679
Visit https://securityweekly.com/vicarius to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Enterprise security News, Two data security companies merge, Veracode's products are now available in the AWS Marketplace, Zscaler launches a program for organizations dealing with the SolarWinds attack, SolarWinds is being sued in a class action lawsuit, funding announcements from Weaveworks, iBoss and Venafi. Chris Brown, Senior Director of Data Security at Imperva joins us to discuss the state of data security, Sean Metcalf, Founder and CTO at Trimarc Security and Tyler Robinson, Security Weekly host and Offensive Security Director at Trimarc Security will discuss the Solar Winds attack!
Show Notes: https://securityweekly.com/esw212
Visit https://securityweekly.com/imperva to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show summaries, JetBrains, FBI Warnings, Some Government news, and Bill Gates is about to take control of your brain and install Windows 3.0 Beta on your medula oblongata!
Show Notes: https://securityweekly.com/swn92
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we start the new year off with a roundtable discussion amongst the hosts looking back on the highs and lows of 2020! We don't want to have the typical "predictions" episode, but do want to chat about what we might expect in the coming year; what is changing? what is coming back? and when? (if at all)?
Looking back:
-Solarwinds (not in depth but just as part of the year)
-Covid-19
-Working from home
-Conferences shut down
-Travel gone
-The new normal of zoom calls
-Kids at home
Looking forward:
-Vaccines
-Anti-vaxxers
-Resumption of travel?
-Resumption of conferences????
-Sales and marketing changes
-Societal changes
-The problems we face moving forward in compliance and security
Show Notes: https://securityweekly.com/scw57
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Todd Fitzgerald, Vice President, Cybersecurity Strategy at Cybersecurity Collaborative, to talk about CISO Stories! Up Your game with the CISO STORIES Podcast! If anything this past year has taught us is that we can not go on our own, and leveraging the experiences from other CISOs is critical to our success. Join Todd as he introduces a new Podcast featuring actionable lessons from top-notch CISOs and Cybersecurity Leaders. In the Leadership and Communications section, 6 board of directors security concerns every CISO should be prepared to address, Four ways to improve the relationship between security and IT, CISO playbook: 3 steps to breaking in a new boss, and more!
Show Notes: https://securityweekly.com/bsw201
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week Dr. Doug talks Bill Gates Mind control, Section 230, Threatpost 2021 Predictions, Zyxel, California Privacy Law, Ticketmaster Hacking Rivals, and Jason Wood returns for Expert Commentary!
Show Notes: https://securityweekly.com/swn91
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
A premise of adding security to DevOps is we can "shift left" AppSec responsibilities, one of which is building apps so they're secure by design. Yet what resources does the AppSec community provide for this approach to design? We take a look at the OWASP Top 10, Web Security Testing Guide, and Application Security Verification Standard to find a way forward for DevOps teams. In the AppSec News, Microsoft purges malicious SolarWinds presence and highlights a threat model around their source code, the tl;drsec crew provides a hardening guide for Kubernetes, Apples provides a user guide for hardening accounts, and Firefox provides a new storage system to defeat side channel abuse!
Show Notes: https://securityweekly.com/asw135
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Vicarius' very own Roi Cohen and Shani Dodge join us to kick off the show with a technical segment titled "Generating Threat Insights Using Data Science"! Then, Harry SverdLove from ZScaler joins us for a technical segment on "Securing The Enterprise Software Supply Chain"! In the Security News, How suspected Russian hackers outed their massive cyberattack, Millions of Unpatched IoT, OT Devices Threaten Critical Infrastructure, Zodiac Killer Cipher Solved, a Security Researcher states ‘solarwinds123’ Password Left Firm Vulnerable in 2019, Why the Weakest Links Matter, and a 26-Year-Old Turns ‘Mistake’ of Being Added to an Honors Geometry Class to Becoming a Rocket Scientist!
Show Notes: https://securityweekly.com/psw678
Visit https://securityweekly.com/vicarius to learn more about them!
Visit https://securityweekly.com/edgewise to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Enterprise security News, A Hack brought unwanted attention to SolarWinds, Datadog and Snyk unveil GitHub integration to automate software development workflow, Thoma Bravo Invests In Machine Identity Management/Security Startup Venafi, FireEye Closes $400M Blackstone Investment, and DigiCert now enables manufacturers to embed certificates on chips prior to manufacturing! Then, Martyn Crew from Gigamon joins us to discuss how "Visibility Is Critical in Uncertain Times", and we wrap up the show with a pre-recorded interview with Emily Huynh and Mandy McKenzie from Mimecast, discussing the Mimecast Awareness Training Philosophy!
Show Notes: https://securityweekly.com/esw211
Visit https://securityweekly.com/mimecast to learn more about them!
Visit https://securityweekly.com/gigamon to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, it's the final episode of Security Weekly News for 2020! Dr. Doug talks show summaries, the Russians, SolarWinds kill switch, everyone is hacked, Gitpaste-12 returns, and more!
Show Notes: https://securityweekly.com/swn90
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
The penetration testing mythology as it applies to information security is all screwed up. If nothing else, we're going to attempt to define a penetration test, focus on the goals, and what should be in a report. You better believe there is going to be an overarching "PCI" context to this discussion. We'll continue our discussion of penetration testing. In this segment, we'll talk about the right reasons to have a penetration test performed, the impact (for better or worse) of the PCI requirement for annual penetration testing, and how to get the most out of your penetration testing results.
Show Notes: https://securityweekly.com/scw56
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Padraic O'Reilly, Chief Product Officer & Co-Founder at CyberSaint, to talk about Transforming Cyber Risk/Compliance Through Automation! For this final segment of 2020, why pull more articles to review when we all lived it? Instead, let's recap some of the leadership and communications lessons we have learned in a very difficult 2020 and discuss the changes we'll make in 2021 to be better leaders.
Show Notes: https://securityweekly.com/bsw200
Visit https://securityweekly.com/cybersaintbsw to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks about U.S Agencies hit by Foreign Adversaries, SolarWinds, New PyMicropsia Trojan, SoRel-20M, Naughty Cyberpunk 2077 glitches, and the return of Jason Wood!
Show Notes: https://securityweekly.com/swn89
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Ev Kontsevoy, CEO at Teleport, to discuss Freedom From Computing Environments! In the Application Security News, FireEye shares supply chain subterfuge, researchers show repeated mistakes in TCP/IP stacks, Google open sources Python fuzzing, Cisco and Microsoft patch their patches for vulns in Jabber and printer modules!
Show Notes: https://securityweekly.com/asw134
Visit https://securityweekly.com/teleport to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
This week, it's the 15 Year Anniversary Edition of Security Weekly! We celebrate with three roundtable discussions on Penetration Testing, Blue Team Techniques, and Hacker Culture! Penetration Testing: Join us for a lively discussion surrounding the topic of penetration testing. Sure, we've called out differences between vulnerability scanning and penetration testing. Moving past this particular issue, we'll explore how to effectively use penetration testing in your environments. Blue Team Techniques We often hear that offensive security techniques are "sexier" than defensive blue team techniques. In this panel discussion, we attempt to level the playing field (on so many levels...) between attackers and defenders. Keeping the evil attackers out of our networks and systems is a daunting task that requires creative thinking and creative solutions. Hacker Culture: Hacking matters. The term hacking has gotten away from us over the years. I believe we've reclaimed it, to a certain extent. The goal of this panel is to discuss all things hacking culture. What does it mean to be a hacker and how do we preserve the hacking ideology?
Show Notes: https://securityweekly.com/psw677
Visit https://securityweekly.com/ilf to learn more about them!
Visit https://securityweekly.com/risksense to learn more about them!
Visit https://securityweekly.com/coresecurity to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks Steam flaws, Zuck gets zucked, Black Mirror, Kerberos flaws in Windows, and the 15th Anniversary/Unlocked show! All this and show wrap ups on the Security Weekly News Wrap Up!
Show Notes: https://securityweekly.com/swn88
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Enterprise Security News, How Kali Linux creators plan to handle the future of penetration testing, Tenable founders launch cybersecurity foundation to hand out grants, FireEye cybersecurity tools compromised in state-sponsored attack, Bitdefender launches cloud-based endpoint detection, response platform for companies, and Sysnet acquires Viking Cloud to enhance its cloud security platform and boost market expansion! Mike Lloyd from RedSeal joins us to discuss "How Can We Vaccinate Our Networks?", and we wrap up the show with an interview with Joe Rivela from Polarity!
Show Notes: https://securityweekly.com/esw210
Visit https://www.polarity.io/sw to learn more about them!
Visit https://securityweekly.com/redseal to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Padraic O'Reilly, Chief Product Officer & Co-Founder at CyberSaint, to talk about The Cyber Risk/Compliance Transformation Solution! We want to take the time in the segment to formally introduce you to one of our new co-hosts, Mr. Fredrick "Flee" Lee. Flee is currently the Chief Security Officer for a company called Gusto and used to be Head of Information Security at Square. We'll spend some time getting to know Flee and his background, pepper him with questions, talk shop, all the while engaging in the usual mayhem!
Show Notes: https://securityweekly.com/scw55
Visit https://securityweekly.com/cybersaintscw to learn more about them!
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks Amnesia:33, the NSA, IoT Laws, Trickbot returns from the dead, & IRS tax ID Pins! Tim Mackey, Principal Security Strategist at Synopsys, joins us for Expert Commentary to discuss the impact of the supreme court taking up the case of how broad the CFAA is and its impact on security research!
Show Notes: https://securityweekly.com/swn87
Visit https://securityweekly.com/synopsys to learn more about them!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Sri Sundaralingam joins Security Weekly to discuss the challenges of hybrid workforce and what security professionals should start thinking about as they begin planning for a return to the office in 2021! In the leadership and communications section, Darth Vader Week - Leadership from the Dark Side, Compassionate Leadership Is Necessary — but Not Sufficient, 3 Steps to Run Better and More Effective Meetings, and more!
Show Notes: https://securityweekly.com/bsw199
Visit https://securityweekly.com/extrahop to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Mike Manrod, CISO of Grand Canyon University, joined by John Delaroderie, Security Solutions Architect at Qualys, to discuss his approach to web application security with an emphasis on improving knowledge of web application vulnerabilities and the external attack surface, and his approach to reducing the number of opportunities an attacker has to compromise our information and infrastructure! In the Application Security News, An old security bug in the Play library still affects 8% of apps in Google Play, Project Zero researcher spends six months to reboot an iPhone (in an epic manner), GitHub looks at the security of repos within its Octoverse, the OWASP Web Security Testing Guide gets a minor bump, and XS-Leaks get more attention.
Show Notes: https://securityweekly.com/asw133
Visit https://securityweekly.com/qualys to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Vicarius' very own Roi Cohen and Gilad Lev join us to kick off the show with a technical segment titled "From Chaos to Topia"! Jeff Capone from SecureCircle joins us for an interview on zero trust data security! Ed Skoudis returns to talk to us about the Holiday Hack Challenge! Then, in the Security News, Thousands of unsecured medical records were exposed online, Advanced Persistent Threat Actors Targeting U.S. Think Tanks, WarGames for real: How one 1983 exercise nearly triggered WWIII , The Supreme Court will hear its first big CFAA case, TrickBoot feature allows TrickBot to run UEFI attacks, and Cyber Command deployed personnel to Estonia to protect elections against Russian threat!
Show Notes: https://securityweekly.com/psw676
Visit https://securityweekly.com/vicarius to learn more about them!
Visit https://securityweekly.com/securecircle to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks Krebs, slack, docker vulnerabilities, Jeff Man finds fake news, a massive IoS article, and UEFI, all this and show wrap ups on the Security Weekly News Wrap Up!
Show Notes: https://securityweekly.com/swn86
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, in the Enterprise Security News, securing Amazon EKS, Attivo Networks announces a new integration, a cloud security mapping startup comes out of stealth, recent funding announcements from DefenseStorm, GoSecure, EclecticIQ and more! We discuss The Road To Secure Your Organization, with Ferruh Mavituna, and wrap up the show with a special Round Table Discussion on Cybersecurity and Diversity featuring; Jackie Abrams, Gabe Gumbs, Mandy Logan, & Susan Bosco!
Show Notes: https://securityweekly.com/esw209
Visit https://securityweekly.com/netsparker to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we're going to take on a different aspect of the cybersecurity skills gaps in this episode. Namely, the lack of diversity in our industry when it comes to African Americans and what can we all do about it. To facilitate the discussion today we are joined by AJ Yawn, who is a founding board member of the National Association of Black Compliance & Risk Management Professionals, Inc. (NABCRMP). He's also co-founder and CEO of a company called ByteChek whose tagline is "We Make Compliance Suck Less" so I think we're in store for a fascinating discussion.
Show Notes: https://securityweekly.com/scw54
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Jeff Capone, CEO and Co-founder at SecureCircle, joins us to discuss how to protect all of your data and stop asking "Where's Your Data?"! If we can protect everything, who cares where it is, as you continue to maintain control! In the Leadership and Communications section,Your Title Doesn't Make You a Leader, The New Nine to Five: How Traditional Hours Are Holding Your Business Back, Building a Better Workplace Starts with Saying “Thanks”, and more!
Show Notes: https://securityweekly.com/bsw198
Visit https://securityweekly.com/securecircle to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Building High Performing Security Teams - The Skills Gap vs The Talent Shortage: Cybrary CEO and Co-Founder Ryan Corey sits down with Security Weekly to chat about the trends they are seeing in Cybersecurity skill development among high performing teams. Ryan will share some highlights from Cybrary's recent Cybersecurity Skills Gap Survey Report.
Show Notes: https://securityweekly.com/swn85
Visit https://cybrary.it/solved to learn more about them!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Tim Mackey, Principal Security Strategist at Synopsys, to talk about Security Decisions During Application Development! In the Application Security News, Xbox bug exposed email identities, focusing on prevention for your cloud security strategies, Amazon looking to hire more Rust developers, KubeCon continues push for security, and a DevOps reading list!
Show Notes: https://securityweekly.com/asw132
Visit https://securityweekly.com/synopsys to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Enterprise Security News, Why Companies Should Outsource Cybersecurity During COVID and Beyond, Sectigo Adds Five PKI DevOps Integrations, a Drupal vulnerability press statement from ExtraHop, Palo Alto Networks launches Industry’s first 5G-Native Security offering, And Passwords exposed for almost 50,000 vulnerable Fortinet VPNs! We discuss Which Multifactor Authentication is the Right One with Matt Barnett, Chief Strategist at SEVN-X!, and then we gain some insights into Sharpening CVSS with Asset Context, with Clayton Fields and Michael Assraf of Vicarius!
Show Notes: https://securityweekly.com/esw208
Visit https://securityweekly.com/vicarius to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Zulfikar Ramzan, Ph.D., Chief Digital Officer at RSA Security, to talk about how Zero Trust Intersects XDR in Today’s Digital Era! In the second segment, the SCW crew and Dr. Ramzan talk about Cyber Credit Score Industry! Someone made an offhand comment about the Cyber Credit Score Industry on one of our shows a couple weeks ago, so we thought we'd bring it up as a compliance topic. We'll define what we're talking about when it comes to Cyber Credit Scores - what they are intended to do and for whom. Then we'll pick it apart, SCW style!
Show Notes: https://securityweekly.com/scw53
Visit https://securityweekly.com/rsasecurity to learn more about them!
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, James Gomez, CISO at Cybersec, join us to discuss Cybersecurity & Integrated Risk Management! In the Leadership and Communication Segment we discuss the creative mindset, CMMC challenges, work from home security is still lacking security, you may not get it right the first time, reaching your goals, increasing productivity with music, tackling bottlenecks and more!
Show Notes: https://securityweekly.com/bsw197
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, in the first segment, Mike, Adrian, and John discuss Threat Modeling! We threat model every day without realizing it. And, of course, we often threat model with systems and products within our organizations. So how formal does our approach need to be? How do we best guide the "what could go wrong" discussion with DevOps teams? And what's a sign that we're generating useful threat models? In the Application Security News, a manifesto highlights principles and values for threat modeling, the CNCF releases a Cloud Native Security Whitepaper, Microsoft put security in the CPU with Pluton, mass scanning for secrets, ancient flaws resurface in Drupal, and steps for implementing source composition analysis!
Show Notes: https://wiki.securityweekly.com/asw131
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Mimecast's very own Jamie Fernandes and Karsten Chearis join us to discuss recent Threat Actor Trends! Michael Roytman, the Chief Data Scientist at Kenna Security discusses how to use AI and Machine Learning to solve Infosec problems! In the Security News, Verizon has suggestions on how to make DNS more secure, Microsoft is trying to fix another Kerberos vulnerability, Bumble made some security blunders, why trying to write an article about rebooting your router was a terrible idea, popping shells on Linux via the file manager, Trump fired Krebs, backdoors on your TV and why PHP is still a really bad idea!
Show Notes: https://securityweekly.com/psw675
Visit https://securityweekly.com/mimecast to learn more about them!
Visit https://securityweekly.com/kennasecurity to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks about IoT Legislature, Krebs is fired, DNS, Joff Thyer, Clearview, Cicada, and Funny Dream as well as the show Wrap Ups!
Show Notes: https://securityweekly.com/swn84
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we start with the Enterprise News, discussing the all new AWS Network Firewall, Zero Trust for Kubernetes, interactive coding simulations, DNS monitoring, and Twitter appoints a new head of security! The latest acquisitions from Cisco, Acronis, Palo Alto Networks, and Flashpoint, and recent funding announcements from Unbound, Havoc Shield, Menlo Security and Cato networks!In our second segment, we discuss how network detection helps fill the gaps with Steve Porcello from Gigamon! Finally, we gain some insights into the future of Osquery with Ganesh Pai and Julian Wayte from Uptycs!
Show Notes: https://securityweekly.com/esw207
Visit https://securityweekly.com/gigamon to learn more about them!
Visit https://securityweekly.com/uptycs to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we have the pleasure of welcoming the newest member of the CRA/Security Weekly family, Adrian Sanabria! What is his role at Security Weekly, and what is the plan for rolling things out over the next 12-18 months? We'll continue the discussion with Adrian Sanabria and explore if and how the plans for CRA/Security Weekly will impact the Security & Compliance Weekly audience!
Show Notes: https://wiki.securityweekly.com/scw52
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Kevin O'Brien, CEO and Co-Founder at GreatHorn, for a discussion around what Risk Mitigation looks like in email! In the Leadership and Communications section, The CISO’s Dilemma: Balancing Security, Productivity With a Housebound Workforce, Seven cybersecurity predictions for 2021, Avoiding cloud sprawl: 5 considerations for managing a multicloud environment, and more!
Show Notes: https://securityweekly.com/bsw196
Visit https://securityweekly.com/greathorn to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks Bumble, Facebook Scams, Mudge, CISA, Hidden Cobra, and Lazarus Group! All this and Jason Wood returns for Expert Commentary on the Security Weekly News!
Show Notes: https://securityweekly.com/swn83
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Rickard Carlsson, Co-founder & CEO at Detectify, to talk about Automated Hacker Knowledge! In the Application Security News, The Platypus Attack Threatens Intel SGX, a Revitalized Attack Makes for Sad DNS, Bug Hunter Hits DOD With an IDOR, Steps for DevOps, Testing in Prod, Two More Chrome Bugs, and Open Source K8s Tools From Capital One!
Show Notes: https://wiki.securityweekly.com/asw130
Visit https://securityweekly.com/detectify to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Joseph Salazar, Technical Deception Engineer at Attivo Networks, to discuss how to Disrupt Attacks at the Endpoint with Attivo Networks! Then, Badri Raghunathan, Director of Product Management, and Sumedh Thakar, President and Chief Product Officer from Qualys, join us to discuss The Challenges Associated With Securing Container Environments! In the Security News, not all cyberattacks are created equal, Google patches two more Chrome zero days, What does threat intelligence really mean?, Cobalt Strike leaked source code, DNS cache poisoning is back, and Zebras and Dots!
Show Notes: https://wiki.securityweekly.com/psw674
Visit https://securityweekly.com/qualys to learn more about them!
Visit https://securityweekly.com/attivo to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Doug talks Tianfu, Ghimob, Scalper bots, Animal Jam, Pay2Key, the Sad State Of 2FA, all this and Doug's Threat of the Week on the Security Weekly News Wrap Up!
Show Notes: https://securityweekly.com/swn82
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Trevor Welsh, Global Security Strategist at Chronicle, to discuss Getting Google Scale Threat Detection With Chronicle Detect! In the Enterprise News, Radware Announces Expanded Elastic Scalability and Resiliency for its Virtual DDoS Protection in AWS, Neustar Agrees to Buy Verisign’s Public DNS Service, Auto-Scaling Network Visibility in AWS Cloud, Palo Alto Networks introduces Enterprise Data Loss Prevention, New Kasada API protects from botnet attacks and targeted fraud, and more! In our final segment, we have two pre-recorded interviews with Jeff Capone of SecureCircle, and Roi Cohen of Vicarius!
Show Notes: https://securityweekly.com/esw206
Visit https://securityweekly.com/chronicle to learn more about them!
Visit https://securityweekly.com/securecircle to learn more about them!
Visit https://securityweekly.com/vicarius to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Liam Downward, CEO at CYRISMA, to talk about Data, Data, Data! You've scanned your data to uncover risks and vulnerabilities and assigned accountability through mitigation plans to meet compliance mandates. Now you must classify, rank, prioritize and score your data to track efforts and stay organized.
Show Notes: https://wiki.securityweekly.com/scw51
Visit https://securityweekly.com/cyrisma to learn more about them!
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Dr. Mike Lloyd, CTO at RedSeal, to talk about the Cybersecurity Forecast: Cloudy With a Chance of Turbulence! In the Leadership and Communications section, How to Be a Visionary Leader and Still Have a Personal Life, 5 Mistakes CISOs Make in Their Board Presentations, What are CEOs focused on for next year?, and more!
Show Notes: https://securityweekly.com/bsw195
Visit https://securityweekly.com/redseal to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug reviews all of the latest cyber security news and then discusses incident response strategy and scenario exercising with Joshua Harr, Sr. Advisory Services Consultant at Rapid7!
Show Notes: https://securityweekly.com/swn81
Visit https://securityweekly.com/rapid7 to learn more about them!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we have the pleasure to welcome back Keith Hoodlet, Senior Manager, Application Experience at Thermo Fisher Scientific, and former Host of Application Security Weekly, to discuss how Security Is a Feature! In the Application Security News, China's top hacking contest turns months of effort into 15 minutes of exploits, an injection flaw in GitHub Actions, understanding post-compromise activity in exploits targeting Solaris and VoIP, security and quality challenges in integrating software from multiple vendors, and CVE naming turns into wibbly wobbly timey wimey stuff!
Show Notes: https://wiki.securityweekly.com/asw129
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Sven Morgenroth, Security Researcher from Netsparker, to talk about Abusing JWT (JSON Web Tokens)! Dan DeCloss, CEO & President of Plextrac joins us in the following segment to show us how to use Proactive Security Using Runbooks! In the Security News, Deception Technology: No Longer Only A Fortune 2000 Solution, New Chrome Zero-Day Under Active Attacks Update Your Browser, Pornhub Has Been Blocked In Thailand, 3 actively exploited zero days on iOS, and Someone Just Emptied Out a $1 Billion Bitcoin Wallet!
Show Notes: https://wiki.securityweekly.com/psw673
Visit https://securityweekly.com/netsparker to learn more about them!
Visit https://securityweekly.com/plextrac to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug Talks Billion USD Bitcoin Mystery Solved, Russian Bears Doxed, Oracle, Zoom Snooping, and Drugs, all this and show wrap ups on the Security Weekly News Wrap Up!
Show Notes: https://securityweekly.com/swn80
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we start off the show with an Interview with Mike Gruen, VP of Engineering & CISO from Cybrary, to discuss The Benefits of Online On-Demand Training For Teams! In our second segment, we welcome Kevin O'Brien, Co-Founder and CEO of GreatHorn, to talk about Massive Cyberattack Spreading Across 68% of Organizations! In our final segment, we welcome Mike Campfield, VP of Global Security Programs from ExtraHop, joins us for a technical segment on Why Network Detection & Response Belongs In Your 2021 Strategy!
Show Notes: https://securityweekly.com/esw205
Visit https://securityweekly.com/GreatHorn to learn more about them!
Visit https://cybrary.it/solved to learn more about them!
Visit https://securityweekly.com/extrahop to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Frank Macreery, Co-Founder and CTO at Aptible, to talk about Cloud Computing Compliance: Intelligent vs. Basic Automations, this this special two part interview!
Show Notes: https://wiki.securityweekly.com/scw50
Visit https://securityweekly.com/aptible to learn more about them!
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Marie Ketner, Director of Product at Cybrary, to talk about How to Develop Your Cybersecurity Skills! In the Leadership and Communications section, The Dark Side Of Authentic Leadership, Why CISOs must be students of the business, Top IT certifications and degrees to help you advance your career, and more!
Show Notes: https://securityweekly.com/bsw194
Visit https://cybrary.it/solved to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks Election Day jitters, Zero Days in Microsoft, Maze, Kimsuky, and it's Jersey Baby in Montana! Jason Woods returns for Expert Commentary on Ransomware in Action & Their communications & use of Legitimate Services!
Show Notes: https://securityweekly.com/swn79
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Alfred Chung, Sr. Product Manager at Signal Sciences, to discuss Azure App Service & Cloud-Native Signal Sciences Deployments! In the Application Security News, Lax IoT security exposes smart-irrigation systems, Adobe Flash goes truly end of line in one last update, confidential computing gets a turbo boost with Nitro, link previews show security and privacy problems, and security theatre gets an encore!
Show Notes: https://wiki.securityweekly.com/asw128
Visit https://securityweekly.com/signalsciences to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Shani Dodge and Roi Cohen from Vicarius to apply what we learned in the previous segment and actually prioritize our vulnerabilities and remediation the right way. Paul Battista, CEO & Founder of Polarity joins us in the following segment to show us how to use and customize augmented reality to speed up security analysis! In the Security News, the KashmirBlack botnet is behind attacks on CMSs such as WordPress, Joomla, and Drupal, Cybercriminals are Coming After Your Coffee, irrigation systems and door openers are vulnerable to attacks, if you have Oracle WebLogic exposed to the Internet you are likely already pwned, who needs Internet Explorer any longer? and why isn't MFA more popular?!
Show Notes: https://wiki.securityweekly.com/psw672
Visit https://securityweekly.com/vicarius to learn more about them!
Visit https://securityweekly.com/polarity to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Enterprise News, Blackpoint Cyber introduces insurance for customers and MSPs, Qualys Extends Integration with Microsoft Azure Defender, GrammaTech CodeSentry now identifies third party code vulnerabilities, AttackIQ integrates with Microsoft Azure Sentinel, Aqua Security announces Kubernetes-native security capabilities and funding updates from Artic Wolf, StackHawk, Eagle Eye Networks and more! In our second segment, we welcome Jeff Capone, Co-Founder and CEO of SecureCircle to discuss Conditional Data Access for Endpoints! In our final segment, Alexi Papaleonardos, Cloud Incident Response Manager at Crowdstrike joins us to discuss Attacking and Defending Cloud Infrastructure!
Show Notes: https://securityweekly.com/esw204
Visit https://securityweekly.com/crowdstrike to learn more about them!
Visit https://securityweekly.com/securecircle to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks Dorsey, Zuckerberg, and Pichai in the Senate hotseat, KashmirBlack, Healthcare under assault, typosquatting, WebLogic, bug bounties, and the NSA strikes back, all this and show wrap ups on the Security Weekly News Wrap Up!
Show Notes: https://securityweekly.com/swn78
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we have the pleasure of welcoming Frank Price, VP of Product at CyberGRX, to discuss Third Party Risk Assessment: What's in Your Supply Chain? In our second segment, we welcome Alain Espinosa, Director of Security Operations at Online Business Systems, to talk about Logging, Monitoring, and SIEM, Oh My!
Show Notes: https://wiki.securityweekly.com/scw49
Visit https://securityweekly.com/cybergrx to learn more about them!
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Matt Ashburn, Federal Engagement Lead at Authentic8, to talk about Scale Your SOC: Protecting Against Browser-Based Threats! In the Leadership and Communications section, Cybersecurity, a risk to all board of directors, Is The Cybersecurity Industry Selling Lemons? Apparently Lots Of Important CISOs Think it Is, 4 critical strategies for tech leaders in Gartner's CIO agenda, and more!
Show Notes: https://securityweekly.com/bsw193
Visit https://securityweekly.com/authentic8 to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks IoT, Southern Comfort, Winston Privacy, backdoor wars, KashmirBlack, healthcare keeps getting hit, and Roger Hale from BigID joins us for Expert Commentary!
Show Notes: https://securityweekly.com/swn77
Visit https://securityweekly.com/bigid to learn more about them!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Cesar Rodriguez, Head of Developer Advocacy at Accurics, to talk about Cyber Resiliency Through Self-Healing Cloud Infrastructure! In the Application Security News, NSA publishes list of top vulnerabilities currently targeted by Chinese hackers, Nvidia Warns Gamers of Severe GeForce Experience Flaws, Addressing cybersecurity risk in industrial IoT and OT, Firefox 'Site Isolation' feature enters user testing, expected next year, Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser, and Exit Stage Left: Eradicating Security Theater!
Show Notes: https://wiki.securityweekly.com/asw127
Visit https://securityweekly.com/accurics to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Corey Thuen from Gravwell, to talk about Sysmon Endpoint Monitoring complete with Clipboard Voyeurism! Next up, Scott Scheferman, the Principal Cyber Strategist at Eclypsium, joins us to talk about how Hackers Are Hitting Below The Belt! In the Security News, testing firm NSS Labs closes up shop, stringing vulnerabilities together to pwn the Discord desktop app, a Wordpress plugin aimed at protecting Wordpress does the opposite, the FDA approves the use of a new tool for medical device vulnerability scoring, and 8 new hot, steamy, moist cybersecurity certifications!
Show Notes: https://wiki.securityweekly.com/psw671
Visit https://securityweekly.com/gravwell to learn more about them!
Visit https://securityweekly.com/eclypsium to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, first we talk Enterprise News, discussing how Palo Alto Networks announces cloud native security platform, Akamai launches new API security tool, SentinelOne secures patent for unique approach to uncovering exploits in their initial payload stage, Splunk helps security teams modernize and unify their security operations in the cloud, and Agile1 Predictive Analytics Risk Scoring helps orgs identify, prioritize and quantify cybersecurity risks! In our second segment, we welcome Ed Bellis, Co-Founder and CTO at Kenna Security, to discuss Prioritization to Prediction Vulnerability Research Series! In our final segment, we welcome back Corey Bodzin, CTO at deepwatch, to talk about deepwatch Lens Score and Series B!
Show Notes: https://securityweekly.com/esw203
Visit https://securityweekly.com/deepwatch to learn more about them!
Visit https://securityweekly.com/kennasecurity to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug wraps up all the shows from this week, and talks about Twitter hacks, Oracle patches, Sandworm, Singapore facial recognition, and Donald Trump says we don't need security!
Show Notes: https://securityweekly.com/swn76
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Steve Schlarman, Integrated Risk Management Strategist at RSA Security, to discuss Integrated Risk Management & Operational Resiliency! In our second segment, we welcome David Mundhenk, Principal Security Consultant at Herjavec Group, and Ivan Tsarynny, Co-Founder and CEO at Feroot Security, to talk about How Backdoors Lead To Breaches & GRC Compliance Issues!
Show Notes: https://wiki.securityweekly.com/scw48
Visit https://securityweekly.com/rsasecurity to learn more about them!
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week we update you on the Security Weekly 25 Index! In the Leadership and Communications segment, 96% of Cybersecurity Professionals are Happy With Their Roles, 4 Tips for Effective Virtual Collaboration, What’s Really Happening in Infosec Hiring Now?, 5 Signs That Point to a Schism in Cybersecurity, Tactical vs Strategic: CISOs and Boards Narrow Communication Gap, and CISO Stressbusters: 7 tips for weathering the cybersecurity storms!
Show Notes: https://securityweekly.com/bsw192
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Danny Akacki discusses how do we, as a NDR product company with an emphasis on user outreach and education, continue not only to keep our product effective for distributed workforce's but also continue to beat the drum on education and knowledge share? It's not easy but we've come up with a few ways both to stay connected to our clients and help them keep an eye on their wires. This segment is sponsored by GigaMon.
Show Notes: https://securityweekly.com/swn75
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Taylor McCaslin, Security Product Manager at GitLab, to discuss current trends in the application security testing industry! In the Application Security News, Patch Your Windows - “Ping of Death” bug revealed, 800,000 SonicWall VPNs vulnerable to remote code execution bug, T2 Exploit Team Creates Cable That Hacks Mac, Zoom Rolling Out End-to-End Encryption, and 'BleedingTooth' Bluetooth flaw!
Show Notes: https://wiki.securityweekly.com/asw126
Visit https://securityweekly.com/GitLab to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Shani Dodge and Roi Cohen from Vicarius, to present their segment on Vulnerabilities entitled Prioritize This, Prioritize That, Prioritize with Context! In our second segment, we welcome Patrick Garrity, VP of Operations at Blumira, to talk about Democratizing and Saasifying Security Operations! In the Security News, Microsoft Uses Trademark Law to Disrupt Trickbot Botnet, Barnes & Noble cyber incident could expose customer shipping addresses and order history, Zoom Rolls Out End-to-End Encryption After Setbacks, Google Warns of Severe 'BleedingTooth' Low to Medium risk vulnerabilities, Windows TCP/IP Remote Code Execution vulnerability, and a Prison video visitation system exposed calls between inmates and lawyers!
Show Notes: https://wiki.securityweekly.com/psw670
Visit https://securityweekly.com/vicarius to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr.Doug talks about naughty camera captures being sold on Discord, Zoom End to End, Patching, Trickbot attacks, Bleeding Tooth, Gamer Scams, and hiding your cash while wearing a toga!
Show Notes: https://securityweekly.com/swn74
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, first we talk Enterprise News, discussing the Bad Neighbor Vulnerability, FireEye Announced ‘Mandiant Advantage: Threat Intelligence’ SaaS-based Offering, Aqua’s Trivy Now Available as a GitHub Action, Datadog adds Deployment Tracking to its APM to prevent outages related to bad code deploys, and Tenable and the Center for Internet Security Enter Partnership to Bolster Cyber Hygiene Across Public and Private Sectors! In our second segment, we welcome Whitney Maxwell, Security Consultant at Rapid7, for and interview on Vishing/Phishing! In our final segment, we wrap up the show with two pre-recorded micro interviews from Security Weekly's Virtual Hacker Summer Camp, with Liam Downward, CEO of CYRISMA, and Matthew Gardiner, Principal Security Strategist at Mimecast!
Show Notes: https://securityweekly.com/esw202
Visit https://securityweekly.com/rapid7 to learn more about them!
Visit https://securityweekly.com/cyrisma to learn more about them!
Visit https://securityweekly.com/mimecastbh to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Michael Brooks, vCISO at Abacode, to discuss Turning Cybersecurity Challenges Into a Competitive Advantage! In the second segment, the SCW crew along with Michael Brooks delve into an update on the goings on of Cybersecurity Maturity Model Certification (CMMC)!
Show Notes: https://wiki.securityweekly.com/scw47
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks Facebook Bug Bounty club, Zuck reverses, Trickbot, the FAA gets airline warning, IoT, Zerologon, and Fitbit! Jason Wood returns for Expert Commentary on Office 365: A Favorite for Cyberattack Persistence!
Show Notes: https://securityweekly.com/swn73
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Dr. Mike Lloyd, CTO at RedSeal, to discuss Navigating Complexity: Orienting Your Security Solutions! In our second segment, Michael Santarcangelo and Matt discuss The 4 C's of Leadership!
Show Notes: https://securityweekly.com/bsw191
Visit https://securityweekly.com/redseal to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome James Manico, CEO at Manicode Security, to talk about Application Security Best Practices! In the Application Security News, Redefining Impossible: XSS without arbitrary JavaScript, API flaws in an "unconventional" smart device, Facebook Bug Bounty Announces "Hacker Plus", Anti-Virus Vulnerabilities, and Chrome Introduces Cache Partitioning!
Show Notes: https://wiki.securityweekly.com/asw125
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, in our first segment, we welcome Alexander Krizhanovsky, CEO at Tempesta Technologies, to talk about Fast And Secure Web! In our second segment, we welcome Tony Punturiero, Community Manager at Offensive Security, to discuss Assembling Your First Infosec Home Lab! In the Security News, US Air Force slaps Googly container tech on yet another war machine to 'run advanced ML algorithms', Rare Firmware Rootkit Discovered Targeting Diplomats - NGOs, Hackers exploit Windows Error Reporting service in new fileless attack, HP Device Manager vulnerabilities may allow full system takeover, Malware exploiting XML-RPC vulnerability in WordPress, and it's the 10 year anniversary of Stuxnet!
Show Notes: https://wiki.securityweekly.com/psw669
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks Stuxnet Redux, Fancy Bear, HP Printers, UEFI bootkits, EGregor, and locked up naughty bits!
Show Notes: https://securityweekly.com/swn72
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, first we talk Enterprise News, discussing how Anchore Rolls Out Open Source DevOps Tools, Rapid7 Cloud Identity and Access Management Governance Module for DivvyCloud, Digital Shadows launches access key alerts, Microsoft Azure customers can now implement Datadog as a monitoring solution for their cloud workloads, and Ping Identity unveils PingOne Services! In our second segment, we welcome Cris Neckar, CISO of Spring Labs, to discuss Trading Least Privilege for Security Theater! In our final segment, we welcome Jen Ayers, VP of OverWatch at Crowdstrike, for an interview on the 2020 Threat Hunting Report: Insights from the CrowdStrike OverWatch Team!
Show Notes: https://securityweekly.com/esw201
Visit https://securityweekly.com/crowdstrike to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we're going to look back on our favorite episodes of the first year, reflect on how we are doing, solicit feedback from listeners, look ahead to the future/coming year - what to expect! In our second segment, the crew discusses Ransomware Attacks!
Show Notes: https://wiki.securityweekly.com/scw46
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Parham Eftekhari, SVP & Executive Director of Cybersecurity Collaborative, to discuss The Power of True Peer-to-Peer Collaboration! In the Leadership and Communications section, What it takes to be a transformational CISO, Put Your Metrics Where Your Mouth Is, 5 Simple Ways to Make Better Decisions, and more!
Show Notes: https://securityweekly.com/bsw190
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks John McAfee in trouble again, Tenda routers, Egregor, Someone is going after Trickbot, the OFAC may come after you for paying ransoms, Maxwell's Demon, the second law of thermodynamics, and Jason Wood joins for Expert Commentary on Ransomware Victims That Pay Up Could Incur Steep Fines from Uncle Sam!
Show Notes: https://securityweekly.com/swn71
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Chris Romeo, CEO at Security Journey, to discuss Things Every Developer Should Know About Security! In the Application Security News, DOMOS 5.8 - OS Command Injection, 4G, 5G networks could be vulnerable to exploit due to ‘mishmash’ of old technologies, Google sets up research grant for finding bugs in browser JavaScript engines, Announcing the launch of the Android Partner Vulnerability Initiative, and more!
Show Notes: https://wiki.securityweekly.com/asw124
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, in our first segment, Paul will take you through his process for creating a docker container for running NGINX as an RTMP proxy for streaming video to multiple services; complete with SSL and authentication! In our second segment, we welcome Chris Sanders, Founder of the Applied Network Defense & Rural Technology Fund, to talk about Intrusion Detection Honeypots! In the Security News, Rumored Windows XP Source Code Leaked Online, Hospitals hit by countrywide ransomware attack, China-linked 'BlackTech' hackers start targeting U.S, a 13-year-old student was arrested for hacking school computers, Who caused the 14 state Monday 911 outage, and A Return to 'Hackers' Is "Being Actively Considered," Says Director!
Show Notes: https://wiki.securityweekly.com/psw668
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks about The debate (no politics), Microsoft & 911 (& more Microsoft), Pinchy Spider, Twitch debates, and Emotet!
Show Notes: https://securityweekly.com/swn70
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Liam Downward, CEO at CYRISMA, to talk about Data Centric Security! In our second segment, Jeff, Josh, Scott, John, and Liam discuss Vulnerability Management & the Art of Prioritization of Risk!
Show Notes: https://wiki.securityweekly.com/scw45
Visit https://securityweekly.com/cyrisma to learn more about them!
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug discusses the Microsoft outage, Jokers wild, Alien Forking at Android, Ryuk, United Health, possessed coffee makers, and Jason Wood joins us for Expert Commentary to talk about REvil Ransomware!
Show Notes: https://wiki.securityweekly.com/swn69
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Ryan Benson, Director of Service Offerings at deepwatch, to discuss the State of the Managed Detection & Response Market! In the Leadership and Communications section, 6 types of CISO and the companies they thrive in, What are the habits of highly effective CISOs, Cybersecurity is Not a Four-Letter Word, and more!
Show Notes: https://securityweekly.com/bsw189
Visit https://securityweekly.com/deepwatch to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Mike, Matt, and John talk about The Difference Between Finding Vulns & Securing Apps! In the Application Security News, 6 Things to Know About the Microsoft 'Zerologon' Flaw, You can bypass TikTok's MFA by logging in via a browser, Instagram RCE: Code Execution Vulnerability in Instagram App for Android and iOS, and more!
Show Notes: https://wiki.securityweekly.com/asw123
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks the Tesla outage, Microsoft Redux, Lokibot, Wicked Panda, Maze, Facebook gone forever, Magic Swords, and enchanted codpieces!
Show Notes: https://wiki.securityweekly.com/swn68
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, first we talk Enterprise News, ExaGrid releases version 6.0 with Time-Lock for Ransonware Recovery Feature, Microsoft overhauls 'Patch Tuesday', Palantir to begin New York trading on September 30th, Accenture acquires SALT Solutions to build cloud-based industrial IoT platforms, and Code42 Incydr: A cloud-native product that mitigates insider data exposure and exfiltration! In our second segment, we welcome Edward Wu, Principal Data Scientist of ExtraHop, and Ted Driggs, Head of Product at ExtraHop, to discuss Demystifying AI & ML for Cybersecurity! In our final segment, we welcome Jeff Capone, CEO & Co-Founder of SecureCircle, for an interview on ZeroTrust Data Security!
Show Notes: https://securityweekly.com/esw200
Visit https://securityweekly.com/securecircle to learn more about them!
Visit https://securityweekly.com/extrahop to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Chas Ballew, Co-Founder and CEO at Aptible, to discuss Reducing the Headache of Audit Prep With Automation! In the second segment, we welcome back Priya Chaudhry, Jedi Warrior Princess and Criminal Defense Trial Lawyer at ChaudhryLaw PLLC, to discuss the Legal Review of CFAA Supreme Court Case!
Show Notes: https://wiki.securityweekly.com/scw44
Visit https://securityweekly.com/aptible to learn more about them!
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Corey Thuen, Founder of Gravwell, to discuss The Power of Context & Collaboration in a Data Driven World! In the second segment, Michael Santarcangelo and Sam Estrella join us to discuss the anatomy of an acquisition! A listener request, Michael will walk us through the Security Weekly acquisition by CyberRisk Alliance to understand the key criteria, processes, and challenges of an acquisition, especially during COVID-19!
Show Notes: https://wiki.securityweekly.com/bsw188
Visit https://securityweekly.com/gravwell to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks Zerologon, Wicked Panda, OSINT, Doom found to run on Xbox, and Dark Overlord! Jason Wood returns for Expert Commentary on why to Think Twice Before Using Facebook, Google, or Apple to Sign In Everywhere!
Show Notes: https://wiki.securityweekly.com/swn67
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Justin Massey, Product Manager, Security Monitoring at Datadog, to discuss Visualizing and Detecting Threats For Your Custom Application! In the Application Security News, Microsoft announces new Project OneFuzz framework, an open source developer tool to find and fix bugs at scale, Bluetooth Spoofing Bug Affects Billions of IoT Devices, Firefox bug lets you hijack nearby mobile browsers via WiFi, Safeguarding Secrets Within the Pipeline, and more!
Show Notes: https://wiki.securityweekly.com/asw122
Visit https://securityweekly.com/datadog to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome we welcome Mike Ware, Senior Director of Technology at Synopsys, to talk about the Key Findings From The Newly Released BSIMM11 Report! In our second segment, we welcome James Spiteri, Solutions Architect and Cyber Security Specialist Global Solutions Lead at Elastic, to discuss how Elastic Security Opens Public Detections Rules Repo! In the Security News, Three Cybersecurity Lessons from a 1970s KGB Key Logger, MFA Bypass Bugs Opened Microsoft 365 to Attack, How Hackers Can Pick Your LocksJust By Listening, U.S. House Passes IoT Cybersecurity Bill, the Largest Hacking Campaign Since 2015 Targeted Magento Stores Via Unpatched Bug, and 5 Security Lessons Humans Can Learn From Their Dogs!
Show Notes: https://wiki.securityweekly.com/psw667
Visit https://securityweekly.com/elastic to learn more about them!
Visit https://securityweekly.com/synopsys to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug discusses Microsoft OneFuzz, Tik Tok, QAnon, Mozi, and more news from the sunny shores of Venus!
Show Notes: https://wiki.securityweekly.com/swn66
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, first we talk Enterprise News, discussing Acunetix new data retention policies, 5 things you should ask your web app pen test provider, Microsoft's open source tool for sniffing out Windows 10 bugs, Datadog unveils support for distributed tracing for AWS Step Functions via AWS X-Ray, and Gravwell's Data Fusion platform breaks the mold of legacy data ingestion engines! In our second segment, we welcome Ferruh Mavituna, CEO of Netsparker, to discuss Current Security Needs Of Modern Enterprise Companies! In our final segment, we welcome Jimmy Mesta, Director of Security Research at Signal Sciences, to discuss Securing Enterprise Digital Transformations!
Show Notes: https://securityweekly.com/esw199
Visit https://securityweekly.com/netsparker to learn more about them!
Visit https://securityweekly.com/signalsciences to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome David King, Founding Member and Owner at Cyber Support Alliance and Governing Goliath Media, to discuss How We Lost the Cybersecurity War (and What Happens Next), in this two part interview!
Show Notes: https://wiki.securityweekly.com/scw43
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks Candiru fish, Office Phishing attacks with a twist, Fancy Bear, Zhenhua data leaks, TikTok and Oracle, and Big Eyed Beans from Venus! Jason Wood returns for Expert Commentary on a Russian hacker selling a how-to video on exploiting unsupported Magento installations to skim credit card details for $5,000!
Show Notes: https://wiki.securityweekly.com/swn65
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back John Loucaides, VP of Research & Development at Eclypsium, to discuss Cracks in the Foundation: Understanding the New Endpoint Challenge! In the Leadership and Communications section, we're playing 3 questions - Does Your Board Really Understand Your Cyber Risks?, How can the C-suite support CISOs in improving cybersecurity?, Think You're Spending Enough on Security?, and more!
Show Notes: https://wiki.securityweekly.com/bsw187
Visit https://securityweekly.com/eclypsium to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Frank Catucci, Sr. Director GTP of Application Security at Gartner, to discuss The People & Process of DevOps! In the Application Security News, BLURtooth vulnerability lets attackers overwrite Bluetooth authentication keys, Microsoft Patch Tuesday, Sept. 2020 Edition, XSS->Fix->Bypass: 10000$ bounty in Google Maps, Academics find crypto bugs in 306 popular Android apps, none get patched, using CRYLOGGER to detect crypto misuses dynamically, Remote Code Execution as SYSTEM/root via Backblaze, and more!
Show Notes: https://wiki.securityweekly.com/asw121
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome we welcome David Asraf, C++ Developer at Vicarius, and Roi Cohen, Co-Founder & VP Sales at Vicarius, to discuss The Patchless Horseman! In our second segment, we welcome back Sumedh Thakar, President and Chief Product Officer at Qualys, to talk about Building Security Into the DevOps Lifecycle! In the Security News, Cisco Patches Critical Vulnerability in Jabber for Windows, Expert found multiple critical issues in MoFi routers, TeamTNT Gains Full Remote Takeover of Cloud Instances, Bluetooth Bug Opens Devices to Man-in-the-Middle Attacks, Former NSA chief General Keith Alexander is now on Amazon’s board, and the Legality of Security Research is to be Decided in a US Supreme Court Case!
Show Notes: https://wiki.securityweekly.com/psw666
Visit https://securityweekly.com/qualys to learn more about them!
Visit https://securityweekly.com/vicarius to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks Cisco patching Jabber Flaw, Insider Threats are huge, BLURtooth, Apple COVID-19 opt ins, and pretty much everyone is trying to interfere with the election!
Show Notes: https://wiki.securityweekly.com/swn64
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, first we talk Enterprise News, discussing how Yubico Delivers New Security Key the YubiKey 5C NFC, ManageEngine ADSelfService Plus now supports MFA for VPNs to protect remote workforce, Sysdig partners with VulnDB to strengthen vulnerability intelligence reporting, 3 Signs it’s Time for a Penetration Test, and CrowdStrike Expands Support for AWS Workloads and Container Deployments! In our second segment, we welcome Corey Williams, VP Marketing/Idaptive by CyberArk at CyberArk, to talk about Exploring Identity Security and Its Role in the Modern Enterprise! In our final segment, we welcome Bradon Rogers, SVP of Global Pre-Sales Engineering at Mimecast, to discuss Cloud Based Cyber Resiliency!
Show Notes: https://securityweekly.com/esw198
Visit https://securityweekly.com/mimecast to learn more about them!
Visit https://securityweekly.com/cyberark to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Oleg Shomonko, Head of Business Development, Co-founder at Ekran System for an interview! Ekran System is a universal insider threat protection platform that combines three essential insider security controls: activity monitoring, access management, and identity management. Functionality is provided in a single universal software platform delivering light-weight agents for all types of endpoints. This segment is sponsored by Ekran System.
Show Notes: https://wiki.securityweekly.com/scw42
Visit https://securityweekly.com/ekran to learn more about them!
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks Security Weekly sold to Cyber Risk Alliance, Argentina and Newcastle ransomwared, Cisco Jabber, the NSA wants to educate you, and Jason Wood returns for Expert Commentary on how Creepy ‘Geofence’ Finds Anyone Who Went Near a Crime Scene!
Show Notes: https://wiki.securityweekly.com/swn63
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Fredrick "Flee" Lee, Chief Security Officer at Gusto, to discuss Lovable Security: Be a Data Custodian, Not a Data Owner! In our second segment, we welcome Justin Armstrong, Security Architect at MEDITECH, to talk about Cybersecurity & Patient Safety! In the Security News, The NSA Makes Its Powerful Cybersecurity Tool Open Source, The bizarre reason Amazon drivers are hanging phones in trees near Whole Foods, Elon Musk Confirms Serious Russian Bitcoin Ransomware Attack On Tesla, Foiled By The FBI, Attackers are exploiting two zero-day flaws in Cisco enterprise-grade routers, and the FBI is investigating after an alarmed pilot tells the LAX tower: We just passed a guy in a jet pack!
Show Notes: https://wiki.securityweekly.com/psw665
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks Snowden Vindicated? Hermain Cain tweets from beyond the grave, APT TA413, Iranian cats again, Carolyn Meinel, hard coded credentials, and KryptoCibule!
Show Notes: https://wiki.securityweekly.com/swn62
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, first we talk Enterprise News, discussing Proofpoint's $300 Million buyback program, LogRhythmn Power Users share their use cases, Bitdefender Enhances MDR Service to Increase Proactive Protection and Advanced Detection, Anchore Unveils Enterprise 2.4 With Expanded & Updated Capabilities, and Auth0's new bot detection! In our second segment, we air two pre recorded interviews from Security Weekly Virtual Hacker Summer Camp with Corey Bodzin from Deepwatch, and Michael Sanders from Extrahop! In our final segment, we air two more pre-recorded interviews from Security Weekly Virtual Hacker Summer Camp with Ian McShane of Crowdstrike, and Michael Borohovski from Synopsys!
Show Notes: https://securityweekly.com/esw197
Visit https://securityweekly.com/crowdstrike for a totally free trial!
Visit https://securityweekly.com/synopsys to learn more about them! V
isit https://www.deepwatch.com/lens-score/ to try deepwatch Lens Score for free!
Visit https://securityweekly.com/extrahop to learn more about them!
For a free trial of Reveal(x)360 visit: www.extrahop.com/swbh
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Priya Chaudhry, Jedi Warrior Princess, at ChaudhryLaw PLLC (Criminal Defense Trial Lawyer), to discuss the Uber Indictments in a special two part interview!
Show Notes: https://wiki.securityweekly.com/scw41
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Carlos Becerra, Co-Founder at CB Universal, to discuss Role of the CISO, Why Do You Need a vCISO? In the Leadership and Communications section, the lucky 7's have it: 7 Keys to Effective Leadership in Our New Normal, The 7 elements of an enterprise cybersecurity culture, 7 Quotes from Military Leaders to Help You Win at Life, and more!
Show Notes: https://wiki.securityweekly.com/bsw186
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/bsw for all the latest episodes!
This week, Dr. Doug talks Tesla, Slack, Charming Kitten returns, KryptoCibule, and Tweets from the great beyond! In the Expert Commentary, we welcome Ian McShane, VP, Product Marketing at CrowdStrike, to discuss remote work/return to office, and the challenges therein!
Show Notes: https://wiki.securityweekly.com/swn61
Visit https://securityweekly.com/crowdstrike to learn more about them!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Marc Tremsal, Director of Product Management of Security at Datadog, to discuss Detecting Threats & Avoiding Misconfigs In The Cloud-Age! In the Application Security News, A Tale of Escaping a Hardened Docker container, Four More Bugs Patched in Microsoft’s Azure Sphere IoT Platform, Upgrading GitHub to Ruby 2.7, Upgrading GitHub to Ruby 2.7, Redefining What CISO Success Looks Like, and Lessons from Uber: Be crystal clear on the law and your bug bounty policies!
Show Notes: https://wiki.securityweekly.com/asw120
Visit https://securityweekly.com/datadog to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, first we talk Security News! We'll be discussing how a Google Researcher Reported 3 Flaws in Apache Web Server Software, Medical Data Leaked on GitHub Due to Developer Errors, Experts hacked 28,000 unsecured printers to raise awareness of printer security issues, Tesla Is Cracking Down On Performance-Enhancing Hacks For The Model 3, Former Uber CSO Charged Over Alleged Breach Cover-Up, and Researchers Sound Alarm Over Malicious AWS Community AMIs! In our second segment, we air two pre recorded interviews from Security Weekly's Virtual Hacker Summer Camp, with Ferruh Mavituna, CEO of Netsparker, and Paul Battista, CEO and Founder of Polarity! In our final segment, we air one more pre recorded interview with Roi Cohen, Co-Founder and VP of Sales at Vicarius, and Shani Dodge, C++ Developer at Vicarius, discussing Predicting Vulnerabilities in Compiled Code!
Show Notes: https://wiki.securityweekly.com/psw664
Visit https://securityweekly.com/vicarius to learn more about them!
Take the Polarity Challenge! Get your free community edition by visiting: www.polarity.io/sw
Visit https://securityweekly.com/netsparker to get a trial of the best dynamic application scanning solution on the market!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, first we talk Enterprise News, discussing Checkmarx Announces GitLab Integration, Panaseer Automates IRM with Archer Integration, How Attivo Networks Strengthens Active Directory Defense, Elastic Security 7.9 delivers a major milestone toward endpoint security integrated into the Elastic Stack, VMware brings Kubernetes to its VMware Fusion and VMware Workstation solutions, and more! In our second segment, we welcome Kwan Lin, Principal Data Scientist at Rapid7, to discuss "Under the Hoodie:" Rapid7's 2020 Pen Testing Report! In our final segment, we welcome Patrick Carey, Director of Product Marketing at Synopsys, to talk about Building Security into Application Development!
Show Notes: https://securityweekly.com/esw196
Visit https://securityweekly.com/rapid7 to learn more about them!
Visit https://securityweekly.com/synopsys to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks MITRE, COBALT, SNYK, CISOs behaving badly at Uber, Zoom says it's all better now, and Amazon AI wants you to send nudes for criticism, and all the show wrap ups from this past week!
Show Notes: https://wiki.securityweekly.com/swn60
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Jeff, John, Josh, and Scott talk Pragmatic Approaches to Cybersecurity Maturity! There are a lot of ways to measure/assess the level of organizational maturity of security programs. But, how do you mature your organization? We will discuss practical steps, like prioritizing the to-do list, the balance between people, process, and technology, as well as the balance between policies, standards, procedures vs. technical controls, to develop a pragmatic approach to mature your cybersecurity program.
Show Notes: https://wiki.securityweekly.com/scw40
Reference Slides: https://securityweekly.com/scw-episode-40-reference-slides/
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks Zoom crash, Apple insecurities, Dharma, MITRE, Elon Musk is about to eat your brain, and Jason Wood returns with Expert Commentary on Ex-Uber chief security officer charged, accused of covering up theft of personal info from databases by hackers!
Show Notes: https://wiki.securityweekly.com/swn59
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Ed Amoroso, CEO at TAG Cyber, to discuss Disrupting Traditional Security Research & Advisory! In the Leadership and Communications section, Why Do Your Employees Resist New Tech?, Who’s Responsible for a Safer Cloud?, Publicly Reported Data Breaches Stand at its Lowest Point in 5 Years, and more!
Show Notes: https://wiki.securityweekly.com/bsw185
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Sundar Krish, CEO & Co-Founder at Sken.ai, to talk about DevOps-First Application Security For Mid-Markets! In the Application Security News, The Confused Mailman: Sending SPF and DMARC passing mail as any Gmail or G Suite customer, ATM makers Diebold and NCR deploy fixes for 'deposit forgery' attacks, Control Flow Guard for Clang/LLVM and Rust, Fuzzing Services Help Push Technology into DevOps Pipeline, and 7 Things to Make DevSecOps a Reality!
Show Notes: https://wiki.securityweekly.com/asw119
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Harry Sverdlove, Founder and CTO of Edgewise, and Dan Perkins, Principal Product Manager at ZScaler, to talk about Protecting Critical Infrastructure and Workloads In Hybrid Clouds! In our second segment, it's the Security News! We'll be talking about how New Microsoft Defender ATP Capability Blocks Malicious Behaviors, Voice Phishers Targeting Corporate VPNs, IBM finds vulnerability in IoT chips present in billions of devices, Marriott faces London lawsuit over vast data breach, US firm accused of secretly installing location tracking SDK in mobile apps, and Disrupting a power grid with cheap equipment hidden in a coffee cup! In our final segment, we air two pre recorded interviews from Security Weekly's Virtual Hacker Summer Camp, with Corey Thuen, Co-Founder of Gravwell, and Deral Heiland, Principal Security Researcher for IoT at Rapid7!
Show Notes: https://wiki.securityweekly.com/psw663
Visit https://securityweekly.com/edgewise to learn more about them!
To learn more, visit: https://www.gravwell.io/summercamp2020
Visit https://securityweekly.com/rapid7 to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug White talks 3D keys, Emotet returns, FritzFron, Voice Phishing, ICS, coffee cup magnets, and how the Secret Service is buying your location data!
Show Notes: https://wiki.securityweekly.com/swn58
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, first we talk Enterprise News, discussing how ThreatConnect Integrates with Microsoft Graph Security API to Strengthen Security Automation, Sectigo unveils Sectigo Quantum Labs to help orgs prepare for quantum computers, Trend Micro to offer comprehensive network and endpoint protection for IoT and 5G private networks, Thycotic Releases Thycotic Identity Bridge, and more! In our second segment, we air two pre recorded interviews from Security Weekly Virtual Hacker Summer Camp with Chris Morales from Vectra, and Anton Chuvakin from Google Cloud & Matt Hastings from Tanium! In our final segment, we air two more precorded interviews from Virtual Hacker Summer Camp with Dan DeCloss from PlexTrac, and Gabe Gumbs from Spirion!
Show Notes: https://securityweekly.com/esw195
To get one month of PlxTrac for free, visit: https://securityweekly.com/plextrac
Visit https://securityweekly.com/spirionbh to learn more about them!
Visit https://securityweekly.com/tanium to learn more about them!
To see how Vectra can detect attacks in SaaS like Office 365, please visit: https://www.vectra.ai/o365
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Matt Tarr, Principal Solutions Engineer at CyberArk! He talks about how his 15 years in Systems and Sales Engineering roles adds a layer of experience at CyberArk. Matt will then explain how CyberArk provides Security for the Heart of the Enterprise by adding a layer of security around privileged accounts. Matt will also discuss the overarching importance of securing privileged access throughout the organization as it relates to the overall security posture and compliance requirements!
Show Notes: https://wiki.securityweekly.com/scw39
Visit https://securityweekly.com/cyberark to learn more about them!
Endpoint Privilege Manager Free Trial: https://www.cyberark.com/products/privileged-account-security-solution/endpoint-privilege-manager/endpoint-privilege-manager-free-trial/
Blueprint for PAM Implementation: https://www.cyberark.com/blueprint/
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks Russel Kirsch, Carol Baskin, IcedID, Emotet, TeamTNT, and the CRA! Jason Wood returns for Expert Commentary on how the Secret Service reportedly paid to access phone location data!
Show Notes: https://wiki.securityweekly.com/swn57
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Jeff Costlow, Deputy CISO at ExtraHop, to discuss the challenges of detecting and patching Ripple20! Ripple 20 is a series of zero-day vulnerabilities in a widely used low-level TCP/IP software library developed by Treck, Inc. In the Leadership and Communications section, CISOs say new problem solving strategies required, How Remote Work is Reshuffling Your Security Priorities and Investments, Security Jobs With a Future -- And Ones on the Way Out and more!
Show Notes: https://wiki.securityweekly.com/bsw184
Visit https://securityweekly.com/extrahop to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Cesar Rodriguez, Head of Developer Advocacy at Accurics, to discuss Immutable Security For Immutable Infrastructure! In the Application Security News, Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards, In-band key negotiation issue in AWS S3 Crypto SDK for golang, Re VoL TE attack can decrypt 4G (LTE) calls to eavesdrop on conversations, Hardware Security Is Hard: How Hardware Boundaries Define Platform Security, How to make your security team more business savvy, and more!
Show Notes: https://wiki.securityweekly.com/asw118
Visit https://securityweekly.com/accurics to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Mike Nichols, Head of Product at Elastic Security, to discuss Why Elastic Is Making Endpoint Security 'Free And Open'! In our second segment, it's the Security News! We'll be talking about how Amazon Alexa One-Click Attack Can Divulge Personal Data, Researcher Publishes Patch Bypass for vBulletin 0-Day, Threat actors managed to control 23% of Tor Exit nodes, a Half a Million IoT Passwords were Leaked, Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment, and a Zoom zero-day flaw allows code execution on victim's Windows machine! In our final segment, we air a pre recorded interview with Michael Assraf, CEO and Co-Founder at Vicarius, to talk about Vulnerability Rich - Contextually Blind!
Show Notes: https://wiki.securityweekly.com/psw662
Visit https://securityweekly.com/vicarius to learn more about them!
Visit https://securityweekly.com/elastic to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug wraps up Fancy Bear, Alexa flaws, 747's fly with 3.5 inch floppies, Drovorub, Volte/Revolte LTE hacks, and how Cybersecurity Earnings are up!
Show Notes: https://wiki.securityweekly.com/swn56
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, first we talk Enterprise News, discussing how Attivo Networks Announces New Integration with IBM Security Resilient, GreatHorn improves email security with better visibility and intelligent protection, Elite Intelligence Ascends to the Cloud With Recorded Future and Microsoft Azure, Thycotic Releases Privileged Access Management Capabilities for the New Reality of Cloud and Remote Work, Datadog has acquired Undefined Labs, a testing and observability company for developer workflows, and more! In our second segment, we air two pre-recorded interviews from Security Weekly Virtual Hacker Summer Camp with Chris Wysopal from Veracode and Mario Vuksan from ReversingLabs! In our final segment, we air two more pre-recorded interviews from Virtual Hacker Summer Camp with Danny Jenkins from ThreatLocker and Stephen Boyer from BitSight!
Show Notes: https://securityweekly.com/esw194
To learn more about BitSight, visit: https://securityweekly.com/bitsight
To learn more about ThreatLocker, visit: https://www.securityweekly.com/threatlocker
To learn more about ReversingLabs, visit: https://www.reversinglabs.com/
To learn more about Veracode, visit: https://www.veracode.com/
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Jeanette Manfra, Global Director, Security and Compliance at Google Cloud! Government agencies are running in antiquated, fortress-based government clouds under the guise this is the only option for superior security and compliance. However, security and compliance don t have to be a blocker to innovation; they can be part of the transformation. Jeanette will discuss how Google Cloud is enabling this transformation with Assured Workloads for Government by simplifying the compliance configuration process and providing seamless platform compatibility between government and commercial cloud environments.
Show Notes: https://wiki.securityweekly.com/scw38
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug White talks TikTok, Microsoft 0-Days, Google Bug Bounties, Mercedes bugs, Kr00k redux, Tor nodes, and is 5G Dead? Jason Wood joins us for Expert Commentary on how the Cybersecurity Skills Gap Worsens, Fueled by Lack of Career Development!
Show Notes: https://wiki.securityweekly.com/swn55
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, it's the Security Weekly Virtual Hacker Summer Camp edition of Paul's Security Weekly! In our first segment, we welcome Chad Anderson, Senior Security Researcher at DomainTools, to discuss Observing Disinformation Campaigns! In our second segment, it's the Security News! We'll be talking about How hackers could spy on satellite internet traffic with just $300 of home TV equipment, Smart locks opened with nothing more than a MAC address, 17-Year-Old 'Mastermind' and 2 Others Behind the Biggest Twitter Hack Arrested, Flaw in popular NodeJS express-fileupload module allows DoS attacks and code injection, and how Netgear Won't Patch 45 Router Models Vulnerable to a Serious Flaw! In our final segment, we air a pre recorded interview with Sumedh Thakar, President and Chief Product Officer at Qualys, and Mehul Revankar, VP Product Management and Engineering of VMDR at Qualys, discussing Automating Your Vulnerability Management Program!
Show Notes: https://wiki.securityweekly.com/psw661
For your free trial of Qualys VMDR, visit: https://securityweekly.com/qualys
Visit https://securityweekly.com/domaintools to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
This week, it's Security Weekly Virtual Hacker Summer Camp! In our first segment, we welcome John Loucaides, VP of Research & Development at Eclypsium, to talk about Putting Zero Trust in Your Devices! In our second segment, we talk Enterprise News, discussing Tanium offering new cybersecurity service through a partnership with Google Cloud, CyberArk launches open-source Shadow Admin identification tool for Azure and AWS, Threat Stack Cloud Security Platform extends security observability to AWS Fargate tasks, Polyrize announces its SaaS-based security platform, and more! In our final segment, we welcome our dear friend and Security and Compliance Weekly's host Jeff Man, to talk about Mapping MITRE ATT&CK to PCI DSS!
Show Notes: https://securityweekly.com/esw193
To learn more about securing devices down to the firmware and hardware level, visit: https://eclypsium.com/
Visit https://www.securityweekly.com/esw for all the latest episodes!
Join the Security Weekly Discord: https://discord.gg/pqSwWm4
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, it's Security Weekly Virtual Hacker Summer Camp, and we have two interviews! First, we welcome Matt Ashburn, Federal Engagement Lead at Authentic8, to discuss "How Security Spending Overlooks the Biggest Risk of All"! Then, we welcome Doug Hubbard, Founder at Hubbard Decision Research, to discuss "The Failure of Risk Management"!
Show Notes: https://wiki.securityweekly.com/bsw183
Learn more on how to quantify risk in terms of dollars and cents in order to build better "business impact" decision makers, visit: https://hubbardresearch.com/
Visit https://www.authentic8.com/bsw to learn more about them!
Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
This week, it's Security Weekly Virtual Hacker Summer Camp 2020! In our first segment, we welcome Mike Rothman, President at DisruptOps, to discuss: How Does Sec Live In A DevOps World? In the Application Security News, Using Amazon GuardDuty to Protect Your S3, OkCupid Security Flaw Threatens Intimate Dater Details, Florida teen charged as mastermind in Twitter hack hitting Biden, Bezos, and others, Sandboxing and Workload Isolation, and Microsoft to remove all SHA-1 Windows downloads next week!
Show Notes: https://wiki.securityweekly.com/asw117
Try it out free of charge and experience the future of security operations. Visit https://disruptops.com/free-evaluation/
Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
This week, we welcome back Corey Thuen, Co-Founder at Gravwell, to talk about Gravwell's Big Bang Release! In our second segment, we welcome Siddharth Bhatia, PhD student at National University of Singapore, to discuss MIDAS: Siddharth's Research that finds anomalies or malicious entities in real-time! In the Security News, a Vulnerability that Allowed Brute-Forcing Passwords of Private Zoom Meetings, Russia's GRU Hackers Hit US Government and Energy Targets, a New tool that detects shadow admin accounts in AWS and Azure environments, BootHole Secure Boot Threat Found In Mostly Every Linux Distro, Windows 8 And 10, and how Hackers Broke Into Real News Sites to Plant Fake Stories!
Show Notes: https://wiki.securityweekly.com/psw660
Visit https://securityweekly.com/gravwell to learn more about them!
Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
This week, 'Boothole' vulnerability basically affects everything, Garmin Pays Ransomware but the implications are scary, Doki, Fancy Bear, GRU, Fancy Bear is hitting lots of US targets in an escalating campaign ,and someone who does like Assange doesn't like Idaho very much!
Show Notes: https://wiki.securityweekly.com/swn54
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, discussing how Attivo Networks EDN enhancements prevent attackers from fingerprinting an endpoint, CloudPassage Expands Cloud Security Capabilities for Docker, Kubernetes, and Container-related Services on AWS, Digital Shadows announces integration with Atlassian Jira, LogRhythm Releases Version 7.5 of NextGen SIEM Platform and New Open Collector Technology, Cloudflare releases Workers Unbound, a secure serverless computing platform, and more! In our second segment, we welcome Om Moolchandani, Chief Technology Officer of Accurics, to Learn about a new paradigm dubbed immutable security! In our final segment, we air a pre recorded interview with Neira Jones, Ambassador at Emerging payments Association, discussing Compliance and Fraud Prevention in FinTech!
Show Notes: https://securityweekly.com/esw192
Visit https://securityweekly.com/accurics to learn more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, John Snyder will lead the discussion about the legal implications of Security and Compliance! In the second segment, we continue the discussion with John Snyder, our new co-host. Peppering him with questions about the law, hacking, security, compliance, and we might throw in a few of our favorite lawyer movie quotes!
Show Notes: https://wiki.securityweekly.com/scw37
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, QSnatch, dave.com, ShinyHunters, a quantum internet, government tyranny, and DEFCON! Jason Wood returns with Expert Commentary on A Cyberattack on Garmin Disrupted More Than Workouts!
Show Notes: https://wiki.securityweekly.com/swn53
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Drew Cohen, President & CEO at MasterPeace Solutions Ltd., to discuss Cybersecurity Challenges in a Teleworking World! In the second segment, Matt, Paul, and Jason talk about how marketing to today s CISO is no easy task. CISOs have an unprecedented amount of work on their plates with constantly shifting technology, vast amounts of data in motion, regulatory requirements and new threats arising daily. We'll discuss the results of a Merritt Group Survey on Marketing and Selling to the CISO, 2020 Edition.
Show Notes: https://wiki.securityweekly.com/bsw182
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome John Matherly, Founder of Shodan, to talk about Fixing Vulnerabilities Effectively & Efficiently! In the Application Security News, TaskRouter JS SDK Security Incident, Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability, An EL1/EL3 coldboot vulnerability affecting 7 years of LG Android devices, Towards native security defenses for the web ecosystem, and more!
Show Notes: https://wiki.securityweekly.com/asw116
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Zane Lackey, Chief Security Officer at Signal Sciences, to talk about the Affects Of COVID-19 On Web Applications! In our second segment, we welcome back Sumedh Thakar, President and Chief Product Officer at Qualys, to discuss The Power of the Cloud Platform, One Single Agent, One Global View! In the Security News, Vulnerable Cellular Routers Targeted in Latest Attacks on Israel Water Facilities, Fugitive Wirecard Executive Jan Marsalek Was Involved In Attempt to Purchase Hacking Team Spyware, 8 Cybersecurity Themes to Expect at Black Hat USA 2020, Twitter says hackers viewed 36 accounts' private messages, and how Thieves Are Emptying ATMs Using a New Form of Jackpotting!
Show Notes: https://wiki.securityweekly.com/psw659
Visit https://securityweekly.com/signalsciences to learn more about them!
Visit https://securityweekly.com/qualys to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Mark Ralls, President and Chief Operating Officer at Acunetix, to discuss The Evolution of Enterprise Web Apps and Its Impact on Web Security! In our second segment, we welcome Brian Kelly, Head of Conjur Engineering for CyberArk, for a Technical Segment on Secretless And The End Of Application Secrets As We Know Them! In our final segment, we air a pre recorded interview with Steve Wylie, General Manager at Black Hat, discussing An overview of Black Hat USA 2020!
Show Notes: https://securityweekly.com/esw191
Visit https://securityweekly.com/cyberark to learn more about them!
Visit https://securityweekly.com/acunetix to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Twitter is still hacked, social engineering, Emotet returns, Chinese Hackers, Your VPN is definitely lying to you, Bad Power, and Doug Revisits Forever Hack via the Meow Attack!
Show Notes: https://wiki.securityweekly.com/swn52
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we have a very special edition of Security & Compliance weekly, welcoming the PCI Dream Team: Ben Rothke, Jeff Hall, David Mundhenk, Art Cooper, as they answer all of the toughest PCI questions in a two part interview!
Show Notes: https://wiki.securityweekly.com/scw36
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Twitter updates, Chinese GoldenSpy, Cloudflare outages, Rapid 7 reports, Crypto Trojans, BadPower attacks, and Jason Wood returns for Expert Commentary on 7 VPNs that leaked their logs - the logs that "didn't exist"!
Show Notes: https://wiki.securityweekly.com/swn51
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Justin Bradley, Chief Growth Officer at Intezer, to talk about Zero Trust Execution as Part of Your Cloud Workload Protection Strategy! In the Leadership and Communications section, CISOs undervalued, overworked, burning out, warns CIISec, The 10 Worst Cybersecurity Strategies, AppSec Becomes A Priority For New CISOs/CSOs, and more!
Show Notes: https://wiki.securityweekly.com/bsw181
Visit https://securityweekly.com/intezer to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Kris Rajana, President and CTO at Biarca, and Bhasker Nallapothula, Director of Engineering at Biarca, to talk about Cloud Security Posture Management & Governance! In the Application Security News, SIGRed Resolving Your Way into Domain Admin: Exploiting a 17 Year-old Bug in Windows DNS Servers, Introducing Google Cloud Confidential Computing with Confidential VMs, Internet of Things devices: Stick to these security rules or you could face a ban, Google Cloud Unveils 'Confidential VMs' to Protect Data in Use, and more!
Show Notes: https://wiki.securityweekly.com/asw115
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Ankur Chowdhary, Security Consultant at Bishop Fox, to talk about Artificial Intelligence and Machine Learning in Cybersecurity! In our second segment, we welcome John Snyder, CEO of Agnes Intelligence, and Security and Compliance Weekly's New Co-Host, for an Introduction to John Snyder himself! In the Security News, Microsoft fixes critical wormable RCE SigRed in Windows DNS servers, Zoom Addresses Vanity URL Zero-Day, Docker attackers devise clever technique to avoid detection, a massive DDoS Attack Launched Against Cloudflare in Late June, Critical Vulnerabilities Can Be Exploited to Hack Cisco Small Business Routers, and what you need to know about the Twitter Mega Hack!
Show Notes: https://wiki.securityweekly.com/psw658
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Twitter hacked, TikTok Bans continued, Cozy Bear, Huawei bans, Social Engineering and Sir Walter Raleigh in a can!
Show Notes: https://wiki.securityweekly.com/swn50
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Brian Tremblay, Director, SOX Cyber Audit & Compliance in Sales at Onapsis, to talk about how security misconfigurations and vulnerabilities can lead to compliance problems and the need for organizations to adopt a process of continuous compliance. Learn the best practices leaders can use to identify, monitor, and mitigate compliance risks related to their most critical business applications.
Show Notes: https://wiki.securityweekly.com/SCWEpisode35
To learn more about Onapsis, visit: https://securityweekly.com/onapsis
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, it's our quarterly Security Money update of the Security Weekly 25 Index and the Nasdaq! At the close on July 10th, 2020: - SW25 Index is 1,437.23, which is an increase of 43.72% - NASDAQ Index is 10,617.44, which is an increase of 60.01% Both indexes closed at an all time high on July 10th, 2020 In the Leadership and Communications section, I'm a CISO, what's next?, The Upside of Virtual Board Meetings, The new cybersecurity priorities of 2020, and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode180
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Even more TikTok wars, MGM Grand data for sale, Karens, SAP Vulnerability, Mirai Returns with 9 new exploits, and the Secret Service! Jason Wood joins us for Expert Commentary on how TrickBot Sample Accidentally Warns Victims They re Infected!
Show Notes: https://wiki.securityweekly.com/SWNEpisode49
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Judy Ngure, Cybersecurity Engineer at Africastalking, to talk about DevSecOps! In the Application Security News, Microsoft OneDrive client for Windows Qt QML module hijack, Zero-day flaw found in Zoom for Windows 7, Protecting your remote workforce from application-based attacks like consent phishing, Verizon Media, PayPal, Twitter Top Bug-Bounty Rankings, Mozilla suspends Firefox Send service while it addresses malware abuse, and Stop Talking About Technical Debt!
Show Notes: https://wiki.securityweekly.com/ASWEpisode114
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome our very own Joff Thyer, Security Analyst at Black Hills Information Security, to deliver a Technical Segment on IPv6 Tunneling! In our second segment, we welcome Terry Dunlap, Co-Founder at ReFirm Labs, to talk about IoT Security! In the Security News, Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment, Cisco Talos discloses technicals details of Chrome and Firefox flaws, Palo Alto Networks Patches Command Injection Vulnerabilities in PAN-OS, Zoom zero-day flaw allows code execution on victim's Windows machine, and how the Trump administration is looking into ban on TikTok and other Chinese apps!
Show Notes: https://wiki.securityweekly.com/PSWEpisode657
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Look, this week, it's all about the RCE. Seriously, there were so many RCE stories, wow. Oh and a creepy guy story. All this and more on the Security Weekly News Wrap Up!
Show Notes: https://wiki.securityweekly.com/SWNEpisode48
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to talk about Why You Need Recorded Futures Ultimate Security Intelligence Kit, Securing the Multi-Cloud Environment through CSPM and SSPM, CyberKnight joins forces with Armis to bring agentless EDR to OT, IoT and ICS environments, Attivo Networks' enhanced EDN solution prevents attackers from seeing or exploiting production data, Check Point Infinity SOC is launched, and more! In our second segment, we welcome Scott DeLong, Chief Information Officer and Sr. Technology & Security Officer at Scott DeLong & Associates, to talk about Living Through a Ransomware Attack! In our final segment, we welcome Robb Reck, Chief Information Security Officer at Ping Identity, to discuss Trends in Enterprise Identity!
Show Notes: https://wiki.securityweekly.com/ESWEpisode190
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Kimber Dowsett (@mzbat) for a two part interview! @mzbat is a frequent speaker at hacker conferences, and likes to help folks prepare for job searches by performing mock interviews and resume reviews!
Show Notes: https://wiki.securityweekly.com/SCWEpisode34
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Juan Canales, an ExtraHop customer, and Matt Cauthorn, VP Sales Engineering at ExtraHop, to discuss An Honest Conversation About "Response"! In the Leadership and Communications section, Profile of the Post-Pandemic CISO, Time to rethink business continuity and cyber security, Protecting Remote Workers Productivity and Performance, and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode179
To request a demo with ExtraHop, visit: https://securityweekly.com/extrahop
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, TikTok bans part 2, Try2Cry, Lazarus rises from the dead, Chinese Data blocking, and the Bubonic Plague! Jason Wood returns for Expert Commentary on how a flashy Nigerian Instagram star was extradited to the U.S. to face BEC charges!
Show Notes: https://wiki.securityweekly.com/SWNEpisode47
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Catherine Chambers and Will Hickie from Irdeto, to discuss Protecting Mobile Applications! In the Application Security News, Would you like some RCE with your Guacamole?, Attackers Will Target Critical PAN-OS Flaw, Security Experts Warn, Microsoft releases emergency security update to fix two bugs in Windows codecs, The Current State of Kubernetes Threat Modelling, and How To Build a Culture of Resilience Through Good Habits!
Show Notes: https://wiki.securityweekly.com/ASWEpisode113
To download the white paper, visit: https://securityweekly.com/irdeto
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Jerry Chen, Co-Founder of Firewalla, to discuss Work From Home Cyber Security! In our second segment, we welcome Ryan Hays, Offensive Security Manager at RSA Security, to talk about OSINT Scraping with Python! In the Security News, Cisco Releases Security Advisory for Telnet Vulnerability in IOS XE Software, Firefox 78 is out with a mysteriously empty list of security fixes, Python Arbitrary File Write Prevention: The Tarbomb, New Lucifer DDoS Botnet Targets Windows Systems with Multiple Exploits, Critical Apache Guacamole Flaws Put Remote Desktops at Risk of Hacking, and how the Internet is too unsafe, and why we need more hackers!
Show Notes: https://wiki.securityweekly.com/PSWEpisode656
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug wraps up the hot topics across all the shows for this week, talking about Bad laws, bad hackers, India bans 59 Chinese Apps including TikTok, Lucifer botnet threatens Windows Systems, Schuchman sentenced to 13 months for botnet development, and more!
Show Notes: https://wiki.securityweekly.com/SWNEpisode46
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to talk about how Semperis adds vulnerability assessment, security reporting, and auto-remediation to its DSP, AWS launches Amazon Honeycode to help quickly build mobile and web apps without programming, Attivo Networks Advanced Protection Disrupts Ransomware 2.0, Improved threat visibility, defense and protection across social platforms with SafeGuard 7.6, and more! In our second segment, we welcome Greg Thomas, Lead Security Engineer at Jvion, to talk about HITRUST Compliance vs. Security and Diversity in InfoSec! In our final segment, we welcome Franz Payer, CEO at Cyber Skyline, to discuss Cybersecurity Hiring!
Show Notes: https://wiki.securityweekly.com/ESWEpisode189
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Matt Springfield, Founder of 12Feet, Inc., to talk about PCI Workloads in the Cloud! In the Security and Compliance News, Cloud Security for a Dynamic Environment, Why identity-based, distributed controls are better suited to address cloud-era threats, Top Cloud Security Challenges in 2020, Exposed Cloud Databases Attacked 18 Times Per Day, and more!
Show Notes: https://wiki.securityweekly.com/SCWEpisode33
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Graeme Park, CISO at Matillion, to discuss Cybersecurity Challenges in Growth Organizations! In the Leadership and Communications section, Why Cybersecurity Is Really A Business Problem, 6 Reasons Your Strategy Isn t Working, 5 cities with the highest tech salaries, and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode178
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, TikTok bans, OZ increases Cyber budgets, The US Senate wants the justice department to read your mail, the Top Ten Bug Bounties, and BlueLeaks! Jason Wood returns for Expert Commentary on how the REvil Ransomware Gang Adds Auction Feature for Stolen Data!
Show Notes: https://wiki.securityweekly.com/SWNEpisode45
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Cesar Rodriguez, Head of Developer Advocacy at Accurics, to talk about Using IaC to Establish And Analyze Secure Environments! In the Application Security News, DLL Hijacking at the Trend Micro Password Manager, Adobe Prompts Users to Uninstall Flash Player As EOL Date Looms, The State of Open Source Security 2020, Microservices vs. Monoliths: Which is Right for Your Enterprise?, What Modern CI/CD Should Look Like, and Build trust through better privacy!
Show Notes: https://wiki.securityweekly.com/ASWEpisode112
To learn more about Accurics, visit: https://securityweekly.com/accurics
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Show News, Ebay thugs, Ripple 20, T-Mobile, Zoom, and the call may be coming from inside the house! All this and more on the Security Weekly News Wrap Up!
Show Notes: https://wiki.securityweekly.com/SWNEpisode44
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to talk about how BeyondTrust Announces Integration with the SailPoint Predictive Identity Platform, Check Point Launches CloudGuard Cloud Native Security, CyberArk Alero enhancements provide secure privileged access for remote users, Digital Shadows announces new capabilities to identify and remediate unwanted code exposure, and more! In our second segment, we welcome back Ferruh Mavituna, CEO of Netsparker, to talk about Debunking DAST Myths and Short-Term Strategies To Fixing Vulnerabilities! In our final segment, we welcome Jason Fruge, Vice President, Business Application Cybersecurity at Onapsis, to talk about Emerging Security Threats to Your Digital Supply Chain!
Show Notes: https://wiki.securityweekly.com/ESWEpisode188
To learn more about Netsparker, visit: https://securityweekly.com/netsparker
To request a complimentary assessment, visit https://securityweekly.com/onapsis
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Jeff, Matt, Scott, and Josh continue the conversation and talk "How to Become an InfoSec Professional With Limited Resources", and talk about "What Is An InfoSec Professional?"!
Show Notes: https://wiki.securityweekly.com/SCWEpisode32
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Cute robot dogs available for sale, T-Mobile was down all day, lightbulbs can be bugged, DARPA bug bounties, Ebay is going to get ya, and Bob Erdman from Core Security talks about Ransomware!
Show Notes: https://wiki.securityweekly.com/SWNEpisode43
To learn more about Core Security, visit: https://securityweekly.com/coresecurity
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show news, Facebook and the FBI try to catch a child predator, REvil, State Sponsored hacking, Darpa bug bounties, and the F Word!
Show Notes: https://wiki.securityweekly.com/SWNEpisode42
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Lewie Dunsworth, CEO of Nuspire, to talk about How CISOs Can Best Prioritize Security With a Decreased Budget! In the Leadership and Communications section, Five signs a virtual CISO makes sense for your organization, How to Negotiate Virtually, Why Securing Endpoints Is The Future Of Cybersecurity, and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode177
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Michelle Dennedy, CEO of DrumWave, to discuss Data Mapping & Data Value Journey! In the Application Security News, CallStranger hits the horror trope where the call is coming from inside the house, SMBleedingGhost Writeup expands on prior SMB flaws that exposed kernel memory, Misconfigured Kubeflow workloads are a security risk, Verizon Data Breach Investigations Report, and more!
Show Notes: https://wiki.securityweekly.com/ASWEpisode111
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Dan DeCloss, President and CEO of PlexTrac, to talk about Enhancing Vulnerability Management By Including Penetration Testing Results! In the Security News, Hospital-busting hacker crew may be behind ransomware attack that made Honda halt car factories, 3 common misconceptions about PCI compliance, SMBleed could allow a remote attacker to leak kernel memory, Kubernetes Falls to Cryptomining via Machine-Learning Framework, and The F-words hidden superpower: How Repeating it can increase your pain threshold! In our Final Segment, we air a Pre-Recorded Interview with Ben Mussler, Senior Security Researcher at Acunetix, discussing New Web Technology and its Impact on Automated Security Testing!
Show Notes: https://wiki.securityweekly.com/PSWEpisode655
To learn more about PlexTrac, visit: https://securityweekly.com/plextrac
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to talk about how Morpheus Announces Zero-Trust Cloud Management Platform, Thycotic Releases New Version of DevOps Secrets Vault, Qualys Remote Endpoint Protection gets malware detection, F-Secure launches ID PROTECTION, Vectra integrates network threat detection and response for Microsoft Security Services, and more! In our second segment, we welcome Scott Kuffer, Co-Founder & COO at Nucleus Security, to talk about Vulnerability Management! In our final segment, we welcome Heather Adkins, Senior Director of Information Security and Privacy at Google, to talk about Google s New Site Reliability Engineering Book and best practices for designing scalable and reliable systems that are fundamentally secure!
Show Notes: https://wiki.securityweekly.com/ESWEpisode187
To learn more about Nucleus Security, visit: http://nucleussec.com
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Chris Patteson and Robert Carey from RSA Security, to talk about Navigating the Risks Associated With the Return to "Normal"! Jeff, Scott, Josh, and Matt round out the show with the Compliance News of the week!
Show Notes: https://wiki.securityweekly.com/SCWEpisode31
To learn more about RSA Security, visit: https://securityweekly.com/RSAsecurity
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Twitter cracks down on 5G, Tycoon Ransomware, Citizen App, CallStranger, and REvil! Matt Allen from VIAVI Solutions joins us for Expert Commentary to talk about Leveraging enriched flow insights to accelerate response and remediation!
Show Notes: https://wiki.securityweekly.com/SWNEpisode41
To learn more about VIAVI Solution, visit: https://securityweekly.com/viavi
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Marc French, CISO & Managing Director at Product Security Group, Inc., to talk about Career Ladders in Information Security! In the Leadership and Communications section, Challenges of a New CISO: The First Year, Why a robust security culture begins with people, How Cybersecurity Leaders Can Chart the Seas of Business Communication, and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode176
All of the open source career ladders can be found here: https://github.com/product-security-group/Security_Ladders
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Phillip Maddux, Sr. Technical Account Manager at Signal Sciences, to talk about The Future State of AppSec! In the Application Security News, Two vulnerabilities in Zoom could lead to code execution, Zero-day in Sign in with Apple, Focus on Speed Doesn t Mean Focus on Automation, Apple pushes fix across ALL devices for unc0ver jailbreak flaw, and more!
Show Notes: https://wiki.securityweekly.com/ASWEpisode110
To learn more about Signal Sciences, visit: https://securityweekly.com/signalsciences
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, first we present a Technical Segment, on Lightweight Vulnerability Management using NMAP! In our second segment, we welcome back Corey Thuen, Co-Founder of Gravwell, for a second Technical Segment, entitled "PCAPS or it didn't happen", diving into Collecting Packet Captures on Demand within a Threat Hunting use case with Gravwell! In the Security News, Octopus Scanner Sinks Tentacles into GitHub Repositories, RobbinHood and the Merry Men, Zoom Restricts End-to-End Encryption to Paid Users, Hackers steal secrets from US nuclear missile contractor, and Had a bad weekend? Probably, if you're a Sectigo customer, after root cert expires and online chaos ensues!
Show Notes: https://wiki.securityweekly.com/PSWEpisode654
To learn more about Gravwell, visit: https://securityweekly.com/gravwell
To check out Packet Fleet, visit: https://github.com/gravwell/ingesters/tree/master/PacketFleet
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show news, Anonymous Returns, Deep Fakes and Deep Fake Hunters, IP in IP hacks, and IPv6.
Show Notes: https://wiki.securityweekly.com/SWNEpisode40
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to talk about how SureCloud Launches Cyber Resilience Assessment Solution, Blackpoint Cyber launches 365 Defense - a Microsoft 365 security add-on for its MDR service, Endace and Palo Alto Networks Cortex XSOAR enable accelerated forensics of cyberthreats, Zscaler acquires Edgewise Networks, WatchGuard Technologies Completes Acquisition of Panda Security, and more! In our second segment, we welcome Alyssa Miller, Application Security Advocate at Snyk, to talk about Unraveling Your Software Bill of Materials! In our final segment, we welcome Aaron Rinehart, CTO and Co-Founder of Verica, and Casey Rosenthal, CEO and Co-Founder of Verica, to talk about Security Chaos Engineering!
Show Notes: https://wiki.securityweekly.com/ESWEpisode186
To learn more about Snyk, visit: https://securityweekly.com/snyk
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Jeff loves PCI DSS. Josh has been a fierce critic of it... and... Josh has been working with public policy... We'll dig into the nuances and offer better ways to tell good from bad policy incentives.
Show Notes: https://wiki.securityweekly.com/SCWEpisode30
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, SpaceX docks, Anonymous returns, Apple pays, Zephyr blows, and Mobile Phishing is Expensive!
Show Notes: https://wiki.securityweekly.com/SWNEpisode39
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Jen Ellis, Vice President of Community & Public Affairs at Rapid7, to talk about How to Truly Disrupt Cybercrime! In the Leadership and Communications section, CISO vs. CEO: How executives rate their security posture, 3 Reasons Why Cybersecurity Is Not A Technical Problem, How to Be a Great Listener in Remote Meetings and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode175
To learn more about Rapid7 or to request a demo, visit: https://securityweekly.com/rapid7
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we speak with John Chirhart, Customer Experience Engineer at Google Cloud, to discuss How to Prevent Account Takeover Attacks! In our second segment, we welcome Catherine Chambers, Senior Product Manager at Irdeto, to talk about why Apps Are the New Endpoint!
Show Notes: https://wiki.securityweekly.com/ASWEpisode109
To learn more about Irdeto, visit: https://securityweekly.com/irdeto
To learn more about Google Cloud and reCAPTCHA, visit: https://securityweekly.com/recaptcha
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Greg Foss, Senior Threat Researcher at VMware Carbon Black's Threat Analysis Unit, to talk about 2020 MITRE ATT&CK Malware Trends! In this week's Security News, NSA warns Russia-linked APT group is exploiting Exim flaw since 2019, 'Suspicious superhumans' behind rise in attacks on online services, Hackers Compromise Cisco Servers Via SaltStack Flaws, OpenSSH to deprecate SHA-1 logins due to security risk, all this and more with Special Guest Ed Skoudis, Founder of Counter Hack and Faculty Fellow at SANS Institute! In our final segment, we air a pre recorded interview with Peter Singer, Strategist at New America, and Author of Burn-In: A Novel of the Real Robotics Revolution, talking all things about his new novel Burn-In!
Show Notes: https://wiki.securityweekly.com/PSWEpisode653
To get a discounted copy of Burn-In: A Novel of the Real Robotic Revolution, visit: https://800ceoread.com/securityweekly
To check out the SANS Pen Test HackFest and Cyber Range Summit, visit: https://www.sans.org/event/hackfest-ranges-summit-2020
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show news, 5G Quantum Oscillations, Ragnar, Windows Hello, Facebook, and FISA!
Show Notes: https://wiki.securityweekly.com/SWNEpisode38
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to talk about the MITRE ATT&CK for ICS: A Technical Deep Dive, Tufin Expands Security Automation Capabilities, Strengthen Business and Security Alignment with ThreatConnect, BeyondTrust Privilege Management for Windows and Mac SaaS Accelerates and Enhances Endpoint Security, Re-imaging threat detection, hunting and response with CTI, and more! In our second segment, we welcome Adam Bosnian, Executive Vice President of Global Business Development at CyberArk, discussing What Is The Real Value Of Identity In A Multi-vendor IT Environment? In our final segment, we welcome Zack Moody, Head of Global Cybersecurity & Privacy at AVX Corporation, to talk about how Cybersecurity Is a Mindset That Cannot Be Taught!
Show Notes: https://wiki.securityweekly.com/ESWEpisode185
To learn more about CyberArk, visit: https://securityweekly.com/cyberark
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Defcon is still cancelled, Cyber insurance?, Phishing, rogue drones, the return of the dark web, Sarwent malware, and Dutch Grandmothers in trouble. Jason Wood joins us for the Expert Commentary on how eBay users spot the online auction house port-scanning their PCs!
Show Notes: https://wiki.securityweekly.com/SWNEpisode37
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Jason Nickola, COO and Senior Security Consultant at Pulsar Security, to talk about Building An InfoSec Career! In our second segment, we welcome back Sven Morgenroth, Security Researcher at Nesparker, to talk about HTTP Security Headers In Action! In the Security News, Hackers target the air-gapped networks of the Taiwanese and Philippine military, Stored XSS in WP Product Review Lite plugin allows for automated takeovers, Remote Code Execution Vulnerability Patched in VMware Cloud Director, Shodan scan of new preauth RCE shows 450k devices at risk including all QNAP devices, and The 3 Top Cybersecurity Myths & What You Should Know!
Show Notes: https://wiki.securityweekly.com/PSWEpisode652
To learn more about Netsparker, visit: https://securityweekly.com/netsparker
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week on the Wrap Up, Danny Trejo, COVID-19 Contact Tracing, SaltStack, and lots of hacked Supercomputers with cool names!
Show Notes: https://wiki.securityweekly.com/SWNEpisode36
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to discuss how RSA Conference 2021 Changes Date from February to May 2021, Docker partners with Snyk on container image vulnerability scanning, Venafi acquires Jetstack to bring together developer speed and enterprise security, Onapsis expands assessments for its Business Risk Illustration service, Volterra launches VoltShare to simplify the process of securely encrypting confidential data end-to-end, and more! In our second segment, we welcome Dan DeCloss, President & CEO of PlexTrac, to talk about Managing Enterprise Security Assessments! In our final segment, we welcome DJ Sampath, Co-Founder & CEO of Armorblox, to discuss Dealing with Phishing Attacks Outside Of Email!
Show Notes: https://wiki.securityweekly.com/ESWEpisode184
To learn more about PlexTrac or to claim your Free Month, visit: https://securityweekly.com/plextrac
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Ann Cleaveland, the Executive Director of the Center for Long-Term Cybersecurity, a research and collaboration think tank housed within the University of California, Berkeley School of Information! We have the pleasure of having Ann for the entire show today in this two part interview!
Show Notes: https://wiki.securityweekly.com/SCWEpisode29
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug returns to the studio, to discuss how DEFCON is Cancelled, Many Applications have Security flaws, Verizon Security Report for 2019, The FBI and DoJ want encryption backdoors, and Space, the final Frontier! The Master of Commentary Jason Wood joins us to talk about how a Ransomware Gang Was Arrested for Spreading Locky to Hospitals!
Show Notes: https://wiki.securityweekly.com/SWNEpisode35
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Mike Adler, Vice President of RSA NetWitness Platform at RSA Security, for a conversation on the question: Is the Virtual SOC Our "New Normal"? In the Leadership and Communications segment, Burnt out CISOs are a huge cyber risk, to build strategy, start with the future, 78% of Organizations Use More than 50 Cybersecurity Products to Address Security Issues, and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode174
To learn more about RSA Security, visit: https://securityweekly.com/RSAsecurity
To check out the RSA NetWitness Platform (SIEM and integrated EDR), visit: https://www.rsa.com/en-us/products/threat-detection-response
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Jack Zarris, Senior Sales Engineer at Signal Sciences, to talk about Using Rate Limiting to Protect Web Apps and APIs! In our second segment, we welcome Tim Mackey, Principal Security Strategist at Synopsys, to discuss the Highlights From the New Open Source Security and Risk Analysis Report!
Show Notes: https://wiki.securityweekly.com/ASWEpisode108
To learn more about Synopsys, visit: https://securityweekly.com/synopsys
To learn more about Signal Sciences, visit: https://securityweekly.com/signalsciences
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Mike Nichols, Head of Product at Elastic Security, to talk about MITRE ATT&CK & Security Visibility: Looking Beyond Endpoint Data! In our second segment, we welcome back Harry Sverdlove, Founder and CTO of Edgewise Networks, to discuss Securing Remote Access, Quarantines, and Security! In the Security News, Palo Alto Networks Patches Many Vulnerabilities in PAN-OS, Zerodium will no longer acquire certain types of iOS exploits due to surplus, New Ramsay Malware Can Steal Sensitive Documents from Air-Gapped Networks, vBulletin fixes critical vulnerability so patch immediately!, U.S. Cyber Command Shares More North Korean Malware Variants, and The Top 10 Most-Targeted Security Vulnerabilities!
Show Notes: https://wiki.securityweekly.com/PSWEpisode651
To learn more about Elastic Security, visit: https://securityweekly.com/elastic
To view the Elastic Dashboard of MITRE ATT&CK Round 2 Evaluation Results, visit: https://ela.st/mitre-eval-rd2
To learn more about Edgewise Networks or to request a Demo, visit: https://securityweekly.com/edgewise
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Doug wraps up all the shows across our network, including the Show News, Bunny Lebowski's toes, STAMINA, RAMSAY, and US-Cert Vulnerabilities!
Show Notes: https://wiki.securityweekly.com/SWNEpisode34
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to discuss how GitHub Code Scanning aims to prevent vulnerabilities in open source software, SlashNext Integrates with Palo Alto Networks Cortex XSOAR to Deliver Automated Phishing IR and Threat Hunting, Portshift Announces Extended Kubernetes Cluster Protection, Vigilant Ops InSight Platform V1 automatically generates device software bill of materials, and more! In our second segment, we welcome Georges Bellefontaine, Manager of Vulnerability Management at Toyota Financial, to discuss the approach to vulnerability management and the benefits of a full life-cycle approach to vulnerability management with Qualys' VMDR Solution! In our final segment, we welcome Sid Nanda, Senior Product Marketing Manager at VIAVI Solutions, to talk about Using the Network to Reduce Remediation Costs!
Show Notes: https://wiki.securityweekly.com/ESWEpisode183
To learn more about Qualys VMDR, visit: https://securityweekly.com/qualys
To learn more about VIAVI Solutions, visit: https://securitweekly.com/viavi
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Jake Williams, Founder and Principal Consultant at Rendition Infosec, to talk about Security vs. Compliance: Where are the overlaps? Where are the differences?
Show Notes: https://wiki.securityweekly.com/SCWEpisode28
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Dr. Mike Lloyd, CTO at RedSeal, to talk about Lessons for Cybersecurity From a Pandemic! In the leadership and communications section, Top 5 Tactical Steps for a New CISO, Good Leadership Is About Communicating Why , 5, ok maybe only 4, CISO Priorities During the COVID-19 Response, and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode173
To learn more about RedSeal, visit: https://securityweekly.com/redseal
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Security Weekly News, DEFCON 28 is indeed cancelled, Paying Ransomware may double the recovery cost, ThunderSpy evil maid attack on thunderbolt devices, FBI to release a warning about Chinese hackers targeting virus research, and more! Jason Wood returns for the Expert Commentary to talk about Four GDPR Violations that multiple companies have been fined for!
Show Notes: https://wiki.securityweekly.com/SWNEpisode33
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Joe Garcia, DevOps Security Engineer at CyberArk, to discuss How Can Security Work TOGETHER, Not Against, Developers! In the Application Security News, Cloud servers hacked via critical SaltStack vulnerabilities, Samsung Confirms Critical Security Issue For Millions: Every Galaxy After 2014 Affected, Mitigating vulnerabilities in endpoint network stacks, Microsoft Shells Out $100K for IoT Security, and Secure your team s code with code scanning and secret scanning!
Show Notes: https://wiki.securityweekly.com/ASWEpisode107
To learn more about CyberArk, visit: https://securityweekly.com/cyberark
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Doug White wraps up the hot topics and interviews across all of our shows on the network! Then delving into some of the top news stories like No more foreign power equipment, AppleGoogle bans the use of GPS in tracking, power supply oohs and aahs, and the Love Bug Remembered!
Show Notes: https://wiki.securityweekly.com/SWNEpisode32
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Chris Elgee, Major at the Massachusetts Army National Guard, and Jim McPherson, Cyber Security Analyst, to talk about Public utility security and the National Guards support! In our second segment, we welcome back Mick Douglas, Founder and Owner of InfoSec Innovations, to discuss Project Fantastic - Bringing The CLI to GUI Users! In the Security News, Naikon APT Hid Five-Year Espionage Attack Under Radar, PoC Exploit Released for DoS Vulnerability in OpenSSL, 900,000 WordPress sites attacked via XSS vulnerabilities, Kaiji, a New Linux Malware Targets IoT Devices in the Wild, Another Stuxnet-Style Vulnerability Found in Schneider Electric Software, and remembering the ILOVEYOU virus!
Show Notes: https://wiki.securityweekly.com/PSWEpisode650
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to discuss how Microsoft is to buy Israeli cybersecurity startup CyberX, ExtraHop Data Shows Shifts in IoT Device Usage During COVID-19 Have Broad Security Implications, Immuta and Snowflake help customers share data with automated privacy protection, Code42 Integrates with Palo Alto Networks Cortex XSOAR to Speed and Automate Insider Threat Incident Response, and more! In our second segment, we welcome Matt Cauthorn and Ted Driggs of ExtraHop, to talk about Why the Cloud Stall is Now the Cloud Surge! In our final segment, we welcome Justin Buchanan, Senior Manager of Solutions, Vulnerability Management and Offensive Security at Rapid7, to discuss Effective Goal Setting and Tracking!
Show Notes: https://wiki.securityweekly.com/ESWEpisode182
To learn more about Rapid7, or to request a Demo, visit: https://securityweekly.com/rapid7
To learn more about ExtraHop, visit: https://securityweekly.com/extrahop
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Today we will discuss the PCI DSS and some of its myths, misunderstandings, and misconceptions, including: Why most vendors don't understand how their products fit within PCI, The six overall goals of the PCI DSS, Why PCI is perceived as a check box program, and more!
Show Notes: https://wiki.securityweekly.com/SCWEpisode27
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Hackers are using infected movie downloads to spread malware to PC, Esoteric Exfiltration using Power Supplies on Airgapped machines, US Government bans purchase of bulk power system equipment from hostile foreign powers, Eventbot malware targets banking apps on Android Phones, and Apple makes it easier to unlock your phone while wearing a mask! In the Expert Commentary, we welcome Corey Thuen, Co-Founder at Gravwell, to discuss how Gravwell is built to ingest data from anything for collection and correlation with logs, security events, or network packets. They're releasing Packetfleet open source as a tool that makes it easier to do on-demand packet capture from multiple locations!
Show Notes: https://wiki.securityweekly.com/SWNEpisode31
To learn more about Gravwell, visit: https://securityweekly.com/gravwell
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Graeme Payne, President at Cybersecurity4Executives, to discuss Impacts of a Data Breach! During the Equifax 2017 Data Breach, Graeme Payne was Senior Vice President and CIO of Global Corporate Platforms. He was fired the day before the former Chairman and CEO of Equifax testified to Congress that the root cause of the data breach was a human error and technological failure. Graeme would later be identified as the human error . In the Leadership and Communications Segment, CISO position burnout causes high churn rate, 7 Rules for Staying Productive Long-Term, Now Is an Unprecedented Opportunity to Hire Great Talent, and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode172
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Gareth Rushgrove, Director of Product Management at Snyk, to talk about Modern Application Security and Container Security! In the Application Security News, Psychic Paper demonstrates why a lack of safe and consistent parsing of XML is disturbing, Beware of the GIF: Account Takeover Vulnerability in Microsoft Teams, Salt Bugs Allow Full RCE as Root on Cloud Servers, and Love Bug's creator tracked down to repair shop in Manila!
Show Notes: https://wiki.securityweekly.com/ASWEpisode106
To learn more about Snyk, visit: https://securityweekly.com/snyk
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Security Weekly News Wrap Up, Doug White talks Brute Forcing Returns, Zero Days in Salt and SOPHOS, COVID Tracking APPS and privacy, Drones delivering drugs, Digital Identity, and no more double spacing at the end of a sentence!
Show Notes: https://wiki.securityweekly.com/SWNEpisode30
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Jeremy Miller, CEO of the SecOps Cyber Institute, and Philip Niedermair, CEO of the National Cyber Group, to talk about Fighting the Cyber War with Battlefield Tactics! In our second segment, we talk Security News, discussing How to encrypt AWS RDS MySQL replica set with zero downtime and zero data loss, how Cybercriminals are using Google reCAPTCHA to hide their phishing, the NSA shares a list of vulnerabilities commonly exploited to plant web shells, Using Pythons pickling to explain Insecure Deserialization, and how Half a Million Zoom Accounts were Compromised by Credential Stuffing and Sold on the Dark Web! In our final segment, the crew talks accomplishing asset management, vulnerability management, prioritization of remediation, with a Deep Dive demonstration of the Qualys VMDR end-to-end solution!
Show Notes: https://wiki.securityweekly.com/PSWEpisode649
To learn more about Qualys and VMDR, please visit: https://securityweekly.com/qualys
Link to the Cyberspace Solarium Commission (CSC): https://www.solarium.gov/
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to discuss how Obsidian Security lets security teams monitor Zoom usage, Guardicore Infection Monkey now maps its actions to MITRE ATT&CK knowledge base, Trustwave Security Colony delivers resources, playbooks and expertise to bolster security posture, Netskope's security controls and protection now available for Microsoft Teams, Why You Need Both SIEM and SOAR Solutions in your Cybersecurity Ecosystem, and more! In our second segment, we welcome Gerald Beuchelt, Chief Information Security Officer of LogMeIn, to discuss the Security Challenges When Working Remotely and Enabling a Remote Workforce! In our final segment, we welcome Wim Remes, CEO & Principal Consultant of Wire Security, to talk about How to Build an Enterprise Security Team, including How to Find the Right People!
Show Notes: https://wiki.securityweekly.com/ESWEpisode181
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Joe Brinkley, Director Offensive Security at ACTIVECYBER, to discuss Cyber and Disabilities! We're taking a different angle on compliance today; talking to Joe Brinkley, the "Blind Hacker"!
Show Notes: https://wiki.securityweekly.com/SCWEpisode26
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week on the Security Weekly News, Shade Ransomware End of Life, Microsoft vulnerability in Teams can allow hijacking of accounts, Two spaces after a period now decreed a "typo", Israel reports attacks on SCADA Water Systems, Microbes have memory and the use of biofilm to create a biological computing environment, and more! In the Expert Commentary, Jason Wood discusses how Agent Tesla was delivered by the same phishing campaign for over a year!
Show Notes: https://wiki.securityweekly.com/SWNEpisode29
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome David Spark, Producer of the CISO Series, to discuss how relations are improving between buyers and sellers of security products! In the Leadership and Communications segment, Executives and Boards, Avoid These Missteps in a Crisis, Strategizing a return to the office, How to Answer an Unanswerable Question, and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode171
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Avi Douglen, Founder and CEO of Bounce Security, to talk about Threat Modeling in Application Security, DevSecOps, and how Application Security is mapping Security culture! In the Application Security News, Nintendo Confirms Breach of 160,000 Accounts via a legacy endpoint, NSA shares list of vulnerabilities commonly exploited to plant web shells, Code Patterns for API Authorization: Designing for Security, Health Prognosis on the Security of IoMT Devices? Not Good, and 8 Tips to Create an Accurate and Helpful Post-Mortem Incident Report!
Show Notes: https://wiki.securityweekly.com/ASWEpisode105
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Steven Bay, Director of Security Operations at Security On-Demand, to talk about Insider Threats! In our second segment, we welcome Patrick Laverty, Conference Organizer at Layer8 Conference, and Ori Zigindere, Co-Founder of WorkshopCon, to discuss all things Layer8 Conference and WorkshopCon! In the Security News, Zoom releases 5.0 update with security and privacy improvements, Zero-click, zero-day flaws in iOS Mail 'exploited to hijack' VIP smartphones, NSA shares list of vulnerabilities commonly exploited to plant web shells, Legions of cybersecurity volunteers rally to protect hospitals during COVID-19 crisis, & the Top 10 In-Demand Cybersecurity Jobs in the Age of Coronavirus!
Show Notes: https://wiki.securityweekly.com/PSWEpisode648
To sign up for the Layer8 Conference, please visit: https://layer8conference.com/
To watch our interview with Steven Bay on Enterprise Security Weekly #170, visit: https://youtu.be/nbnSSiVUSSw
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week on the Security Weekly News Wrap Up, Cyber Justice League volunteers working with healthcare in the COVID-19 plague, Android 8.0-9.0 Bluetooth zero click RCE - Bluefrag, IBM refuses to patch 4 zero days and so, they are released on github, Audits Don't solve security problems, and Hack a satellite with the US Air Force CTF!
Show Notes: https://wiki.securityweekly.com/SWNEpisode28
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to discuss F-Secure launching protection and response service to protect remote workers, Sectigo and Infineon integrate to advance IoT security with automated certificate provisioning, Enhanced continuous threat detection and secure remote access with the Claroty Platform, and some acquisition and funding updates from SafeBreach, Swimlane, & Syncurity! In our second segment, we welcome Mark Orsi, President of the Global Resilience Federation, to talk about the Business Impacts and Security Risks with Working from Home! In our final segment, we welcome Peter Warmka, Founder of the Counterintelligence Institute, to discuss how The Threat of Social Engineering Goes Well Beyond Phishing!
Show Notes: https://wiki.securityweekly.com/ESWEpisode180
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome our Founder and CTO of Security Weekly, Paul Asadoorian, to talk about his vision for Security Weekly Productions and how Security & Compliance Weekly fits into the mix! In the Security and Compliance News, Back to basics: The GDPR and PCI DSS, Why Compliance is for Guidance, Not a Security Strategy, Cognizant hit by 'Maze' ransomware attack, Audits Don't Solve Security Problems, Contact Tracing Apps Attempt to Balance Necessary Public Health Measures With User Privacy, and more!
Show Notes: https://wiki.securityweekly.com/SCWEpisode25
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Summer Fowler, Co-Chair of the Leadership Board for InfoSec World Conference, to discuss how this is an excellent opportunity for Executive, Management, and Technical teams to attend a conference together to learn more about both the business of cyber security and the latest in technical capabilities! In the Leadership and Communications segment, Leaders, Do You Have a Clear Vision for the Post-Crisis Future?, 3 recession scenarios and their impact on tech spend, Supply chain transparency: Technology, partnership and progress, and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode170
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week on the Security Weekly News, COVID-19 affects web traffic and attack trends, Hackers continue to exploit patched Pulse Secure VPN Flaws, Starbleed: Flaw in FPGA chips exposes safety-critical devices to attacks, COVID-19's impact on Tor, and more! Jason Wood delivers the Expert Commentary on how Attackers Are Not Letting This Crisis Go To Waste!
Show Notes: https://wiki.securityweekly.com/SWNEpisode27
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Rebecca Black, Senior Staff Application Security Engineer at Avalara, to talk about Building an AppSec Ecosystem! This week in the Application Security News, JSON Web Token Validation Bypass in Auth0 Authentication API, Mining for malicious Ruby gems, A Brief History of a Rootable Docker Image, Privacy In The Time Of COVID, and Threat modeling explained: A process for anticipating cyber attacks!
Show Notes: https://wiki.securityweekly.com/ASWEpisode104
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Wade Woolwine, Principal Threat Intelligence Researcher at Rapid7 to talk about Threat Intel Program Strategies! In our second segment, we welcome Magno Gomes, Director of Sales Engineering at Core Security (a HelpSystems Company), to discuss Penetration Testing to Validate Vulnerability Scanners! In the Security News, How to teach your iPhone to recognize you while wearing a mask, Hackers Targeting Critical Healthcare Facilities With Ransomware During Coronavirus Pandemic, VMware plugs critical flaw in vCenter Server, Russian state hackers behind San Francisco airport hack, and Macs Are More Secure, and Other Jokes You Can Tell Yourself!
To learn more about Core Security, visit: https://securityweekly.com/coresecurity
To learn more about Rapid7 or to request a demo, visit: https://securityweekly.com/rapid7
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/PSWEpisode647
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Security Weekly News Wrap Up Show, Doug White covers the hot topics and and stories across all our shows on the Security Weekly Network! How to teach your iPhone to recognize FACE ID while wearing a mask, Energetic bear behind SFO Airport site hacks, Hackers are targeting critical healthcare facilities with ransomware during the pandemic, Cyber insurance providers using "act of war" exclusion in reference to "cyberwar" in notPetya Claims, and more!
Show Notes: https://wiki.securityweekly.com/SWNEpisode26
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to discuss how NeuVector adds to container security platform and automates end-to-end vulnerability management, Sysdig Expands Unified Monitoring Across IBM Cloud Services Globally, Optiv Hires Deloitte Stalwart Kevin Lynch as Chief Executive Officer, Illusive Networks Integrates with Infoblox to Speed Deployment, and Microsoft's April 2020 Patch Tuesday arrives with fixes for 3 zero-day exploits and 15 critical flaws! In our second segment, we welcome Terry McCorkle, Founder and CEO of PhishCloud, to discuss Phishing's effect on the Corporate Culture! In our final segment, we welcome Tim Williams, Founder and CEO of Index Engines, to talk about how Testing is the Missing Link for Protecting Your Data Against a Ransomware Attack!
Show Notes: https://wiki.securityweekly.com/ESWEpisode179
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Jeffrey Smith, Managing Partner at Cyber Risk Underwriters, to sell us Cyber Insurance, and how he wants to take on the skeptics (e.g. the SCW hosts) about the role that Cyber Insurance plays in security! Jeffrey stays on for the Security and Compliance News, to talk about how Cyber Insurance in playing out in the real world, or at least how it's showing up in the news!
Show Notes: https://wiki.securityweekly.com/SCWEpisode24
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, it's our Security Money show, where we'll review the Security Weekly 25 Index and all the financial updates for both the public and private security markets! In the Leadership and Communications segment, the 3 stages of adapting to a crisis, build a culture that aligns to people's values, stop, start, defer: how companies are navigating technology spend in a crisis, and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode169
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Brad Geesaman, Co-Founder of Darkbit, to talk about Making Kubernetes a Hostile Place for Attackers! In the Application Security News, Zoom Taps Ex-Facebook CISO Amid Security Snafus, Lawsuit, How we abused Slack's TURN servers to gain access to internal services, Moving from reCAPTCHA to hCaptcha, Automate Security Testing with ZAP and GitHub Actions, Shift-Right Testing: The Emergence of TestOps, and Building Secure and Reliable Systems!
Show Notes: https://wiki.securityweekly.com/ASWEpisode103
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week on the Security Weekly News, Checkpoint Global Threat Index moved Dridex to third place, Dutch Telco towers damaged by 5G protestors, CyberCube reports indicate Increased targeting of C-Suite employees, Cybercrime may be the world's third-largest economy by 2021, and Jason Wood joins for the Expert Commentary on how WooCommerce Falls to Fresh Card-Skimmer Malware!
Show Notes: https://wiki.securityweekly.com/SWNEpisode25
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we bring you one of Security Weekly's very own, Tyler Robinson, Managing Director of Network Operations at Nisos, for a Technical Segment titled: To Hunt or Not To Hunt: Using offensive tooling to obtain OSINT and Real-Time Intelligence on a subject of interest for hunting or targeting! In our second segment, we talk Security News, to discuss Vulnerabilities in B&R Automation Software Facilitate Attacks on ICS Networks, Using AWS to secure your web applications, Serious Vulnerabilities Patched in Chrome & Firefox, Email Provider that got Hacked & Data of 600,000 Users is Now being Sold on the Dark Web, and As if the world couldn't get any weirder, this AI toilet scans your anus to identify you! In our final segment, we air a pre recorded interview with Jeff Man, entitled "Tales from the Crypt...Analysts pt.2", discussing many myths, legends and fables in hacker history!
Show Notes: https://wiki.securityweekly.com/PSWEpisode646
Visit https://www.securityweekly.com/psw for all the latest episodes!
To view ngrok, visit: https://www.ngrok.com/
To check out the Trape tool, visit: https://github.com/jofpin/trape
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Doug White brings you the latest on the Security Weekly Network in the Weekly Wrap Up, discussing Soaring phone calls, analprints, yes, I said that correctly, snake oil, Grace Hopper's ghost, and COBOL. No one has ever said all those things in a single sentence in the history of the world. All this and more on the Security Weekly News Wrapup.
Show Notes: https://wiki.securityweekly.com/SWNEpisode24
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to discuss how Ping Identity's PingID multi-factor authentication is now available in AWS Marketplace, 8,000 Unprotected Redis Instances Accessible From Internet, Tufin Announces Free Firewall Change Tracker to Enhance Network Security and Connectivity for Remote Workforces, Simple Advanced Persistent Threat Emulation with BreakingPoint Attack Campaigns from Ixia, and more! In our second segment, we welcome back Ferruh Mavituna, CEO and Founder of Netsparker, to talk about the Time to Measure Security Improvement in Application Security! In our final segment, we air a pre recorded interview from RSAC 2020 with Ed Bellis, Co-Founder and Chief Technology Officer at Kenna Security, discussing Moving Towards Modern Vulnerability Management!
To learn more about Netsparker, visit: https://securityweekly.com/netsparker
Show Notes: https://wiki.securityweekly.com/ESWEpisode178
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Chris Golden, Board Member for the Accreditation Body, as he will answer questions surrounding the DOD's release of the CMMC program to keep the amount of false information to a minimum!
Show Notes: https://wiki.securityweekly.com/SCWEpisode23
To view the CMMC Model, visit: https://www.acq.osd.mil/cmmc/docs/CMMC_v1.0_Public_Briefing_20200131_v2.pdf
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Richard Clarke to discuss his new book, The Fifth Domain, and the need for cyber resilience, especially these days! In the Leadership and Communications segment, 4 Behaviors That Help Leaders Manage a Crisis, The Right Way to Keep Your Remote Team Accountable, 15 Steps to Take Before Your Next Video Call, and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode168
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Zoombombers threatened with jail time by FBI, Cybercriminals are trying to cash in on Zoom use, How to protect your Zoom calls, Bad Bots in 2020, CyberHero Comics: Defending your Health, and zoom configurations along with the lack of effective zooming on the zoom camera application!
Show Notes: https://wiki.securityweekly.com/SWNEpisode23
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Grant Ongers, Co-Founder of Secure Delivery, to discuss why "You re (probably) Doing AppSec Wrong"! In the Application Security News, Zoom is gaining lots of attention for flaws, Popular Digital Wallet Exposes Millions to Risk in Huge Data Leak, 12k+ Android apps contain master passwords, secret access keys, secret commands in not-so-secret client-side code identified by a research tool Inputscope, and more!
Show Notes: https://wiki.securityweekly.com/ASWEpisode102
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Matt Allen, Senior Solutions Engineer at VIAVI Solutions, to discuss Collaboration between NetOps and SecOps in today's world! In our second segment, we welcome Lorrie Cranor, Director of CyLab Security and Privacy Institute at Carnegie Mellon University, to discuss Research on Security and Privacy labels for IoT devices! In the Security News, Two Zoom Zero-Day Flaws Uncovered, Millions of routers running OpenWRT vulnerable to attack, Marriott says 5.2 million guest records were stolen in another data breach, PoC Exploits for CVE-2020-0796 (SMBGhost) Privilege Escalation flaw published, and we welcome our very special guest for tonight, Dave Kennedy, who joins us to talk about Video Chat Client Vulnerability History and the recent Zoom Vulnerabilities!
Show Notes: https://wiki.securityweekly.com/PSWEpisode645
For more information on VIAVI Solutions, visit: https://securityweekly.com/viavi
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to discuss OWASP Security Knowledge Framework, How to Write an Automated Test Framework in a Million Little Steps, Sumo Logic Selects StackRox to Protect Its Cloud-Native Applications and Services, Sysdig Provides the First Cloud-Scale Prometheus Monitoring Offering, and Windows users under attack via two new RCE zero-days! In our second segment, we welcome Sumedh Thakar, Chief Product Officer at Qualys, to talk about Cybersecurity Challenges Created by a Remote Workforce! In our final segment, we welcome Tod Beardsley, Director of Research at Rapid7, to discuss SMB exposures and User Behavior Analytics failures, using findings from Rapid7 Research Labs!
To learn more about Qualys, visit: https://securityweekly.com/qualys
To learn more about Rapid7 or to get a free trial, visit: https://securityweekly.com/rapid7
Show Notes: https://wiki.securityweekly.com/ESWEpisode177
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Doug White brings you the latest and greatest news across all of our shows on the network, as well as all of the hot topics this week! Doug discusses Zoombombing, Russian Hackers, Zuck turns over the controls to the AIs, free cybersecurity products to help out, Chubb hacked, and more!
Show Notes: https://wiki.securityweekly.com/SWNEpisode22
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome David Walter, Vice President, RSA Archer and RSA Cloud at RSA Security, to discuss Compliance Risk Challenges! In our second segment, we welcome Kevin Haynes, Chief Privacy Officer at Nemours Children's Health System, to talk about Nemours' use of RSA Archer to manage Compliance Risk!
To learn more about RSA Security, visit: https://securityweekly.com/RSAsecurity
Show Notes: https://wiki.securityweekly.com/SCWEpisode22
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Jeff Costlow, Deputy CISO at ExtraHop, to discuss Protect Your Assets According to Their Value! In the Leadership and Communications segment, Matt, Jason, and Paul discuss Real Leaders: Abraham Lincoln and the Power of Emotional Discipline, Social Distancing: 15 Ideas for How to Stay Sane, Rethink Your Relationship with Your Vendors, and more!
To learn more about ExtraHop, visit: https://securityweekly.com/extrahop
Show Notes: https://wiki.securityweekly.com/BSWEpisode167
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Doug White brings you the latest news for this week, including Zoombombing, Zero Days at Microsoft, AI Takes charge at Facebook, and COVID-19! In the Expert Commentary, we welcome Daniel Hampton, Sr. Technical Account Manager at Signal Sciences, to talk Working Smarter and Not Harder!
To learn more about Signal Sciences or to request a demo, visit: https://securityweekly.com/signalsciences
Show Notes: https://wiki.securityweekly.com/SWNEpisode21
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Adam Hughes, Chief Software Architect at Sylabs Inc., to discuss Singularity: A Different Take on Container Security! In the second segment, we welcome Utsav Sanghani, Senior Product Manager at Synopsys, to discuss Why combining SAST and SCA in your IDE produces higher quality, secure software faster!
To learn more about Synopsys, visit: https://securityweekly.com/synopsys
Show Notes: https://wiki.securityweekly.com/ASWEpisode101
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Corey Thuen, Founder and CEO of Gravwell, to discuss Zen and The Art of Logs In the Cloud! In our second segment, we welcome back Peter Smith, Founder and CEO of Edgewise, to discuss How remote users and administrators can work securely from home! In the Security News, Authorities Helpless as Crypto-Currency Scams Rock Nigeria, C.S. Lewis on the Coronavirus, Microsoft SMBv3.11 Vulnerability and Patch CVE-20200796 Explained, Drobo 5N2 4.1.1 - Remote Command Injection, DDoS attack on US Health agency part of coordinated campaign, A cyberattack hits the US Department of Health and Human Services, and more!
Show Notes: https://wiki.securityweekly.com/PSWEpisode644
To learn more about Gravwell, visit: https://securityweekly.com/gravwell
To learn more about Edgewise, visit: https://securityweekly.com/edgewise
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Doug White brings to you the Security Weekly News Wrap Up, with the hot topics across all of our shows, including, Pornhub has Italians singing from balconies, The Senate renews surveillance rules, Drobo hacks, Google Cloud bug bounties, all the show wrapups, and COVID-19
Show Notes: https://wiki.securityweekly.com/SWNEpisode20
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to talk about Fortinet Introducing Self-Learning AI Appliance for Sub-Second Threat Detection Enterprise IT World, GreatHorn Offers Free Email Protection for 60 Days, ZeroNorth raises $10M to further expand engineering, customer support and sales, WordPress to get automatic updates for plugins and themes, and more!! In our second segment, we air two pre recorded interviews with Mehul Revanker of SaltStack and Utsav Sanghani of Synopsys from RSAC 2020! In our final segment, we air two more pre recorded interviews from the RSAC2020, with Kevin Gallagher of Netsparker and Mark Ralls of Acunetix!
To request a demo with SaltStack, visit: https://securityweekly.com/saltstack
To get a demo of Synopsys, please visit: https://securityweekly.com/synopsys
To schedule a demo with Acunetix, visit: https://securityweekly.com/acunetix
To get a demo of NetSparker, please visit: https://securityweekly.com/netsparker
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Stephen Black, InfoSecWorld 2020 Speaker and Visiting Professor of Cyberlaw at the University of Houston, to discuss Where the Law Thinks Your Data Lives! In the Leadership and Communications segment, Drowning in a Sea of Alerts, Boeing taps Qantas exec Susan Doniz as CIO, CIO interview: Ian Cohen, chief product and technology officer, at Addison Lee, and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode166
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Matt Allen from VIAVI Solutions! The SCW crew discusses compliance requirements and SecOps frameworks like NIST - checking boxes rather than a holistic view? The vendor eco-system feeding on checking boxes (of which we are one, we HAVE to be.) RSA s theme this year: the human factor . Are CFOs driving technical decisions that put SecOps teams underwater? Investing in Protect vs. Detect vs. Responding tools/resources.
Show Notes: https://wiki.securityweekly.com/SCWEpisode21
To learn more about VIAVI Solutions, visit: https://securityweekly.com/viavi
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Doug White talks Plague surveillance coming soon, the US government is worried about cryptocurrency, dbags attack the HHS, and new attacks on Android phones! Jason Wood delivers the Expert Commentary on Coronavirus Phishing Scams!
Show Notes: https://wiki.securityweekly.com/SWNEpisode19
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Clint Gibler, Research Director at NCC Group, to discuss DevSecOps and Scaling Security! In the Application Security News, Data of millions of eBay and Amazon shoppers exposed as another supply chain casualty, Announcing Bottlerocket, a new open-source Linux-based operating system purpose-built to run containers, and The DevOps Sweet Spot: Inserting Security at Pull Requests (Part 1)!
Show Notes: https://wiki.securityweekly.com/ASWEpisode100
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Doug White brings you the Security Weekly News Wrap up, discussing Biting other passengers on EU flights, Everyone is going to telecommute, NSO argues with Facebook in court of phone bugging, the return of FIDO, and more!
Show Notes: https://wiki.securityweekly.com/SWNEpisode18
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Gabe Gumbs, Chief Innovation Officer at Spirion, to discuss How attackers will change their strategy to target those working from home! In our second segment, we welcome Bianca Lewis, Founder, and CEO of Girls Who Hack, to discuss Girls Who Hack, teaching classes to middle school girls on hacking, and Secure Open Vote, open-source election system that is in the design stages! In the final segment, we air a pre-recorded interview with Dorit Naparstek, director of R&D at NanoLock Security, to discuss Hacks performed on connected & IoT devices, and revealing major vulnerabilities in existing security measures!
Show Notes: https://wiki.securityweekly.com/PSWEpisode643
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to talk about Neustar's enhanced UltraDNS capabilities boast greater capacity, global reach, and security, WatchGuard acquires Panda Security to expand endpoint capabilities, Ping Identity launches two-hybrid IT-focused solution packages, and Fortinet updates FortiOS & launches next-gen firewall product! In our second segment, we welcome back Corey Thuen, Co-Founder and CEO of Gravwell, to discuss Secondary Consequences of Bad Pricing Models! In our final segment, we air two pre-recorded interviews from the RSA conference 2020, with Corey Bodzin of ExtraHop, and Todd Weller of Bandura!
Show Notes: https://wiki.securityweekly.com/ESWEpisode175
To try RevealX Cloud for Free visit: https://securityweekly.com/extrahop
To find out more about Bandura Cyber, please email [email protected]
To learn more about ExtraHop, visit: https://securityweeky.com/extrahop
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Visit https://www.securityweekly.com/esw for all the latest episodes!
This week, we discuss how we breakdown the categories in Information Security. We look at the major areas of Infosec and how they relate to your security programs and the vendors/technologies in each category. Our category breakdown will be used to label each segment we produce and allow subscribers to select categories of interest! In the Leadership and Communications segment, CISOs who leave after 2 years may not finish what they start, Most CISOs ready to move jobs if something better comes along, A New Framework for Executive Compensation, and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode165
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Winn Schwartau for an interview. The goal of the show is to explore all the attitudes and impressions between security and compliance regardless of where you stand. for security folks - how to navigate compliance to promote security; for compliance folks - to expose them to the depth of research/knowledge/capabilities of the hacker community.
Show Notes: https://wiki.securityweekly.com/SCWEpisode20
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Microsoft starts disabling authentication, New ransomware called PwndLocker is out and about, and a secret-sharing app called Whisper is "the safest place on the internet. James Adams from Core Security, a Help Systems Company joins us today talking about "How to think and act like a hacker."
Show Notes: https://wiki.securityweekly.com/SWNEpisode17
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Guy Podjarny, Snyk's Founder and President! In the Application Security News, Revoking certain certificates on March 4 and Why 3 million Let s Encrypt certificates are being killed off today, Gandalf: An Intelligent, End-To-End Analytics Service for Safe Deployment in Large-Scale Cloud Infrastructure and slides, and CISOs Who Want a Seat at the DevOps Table Better Bring Value!
Show Notes: https://wiki.securityweekly.com/ASWEpisode99
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Hacker Movies, misinformation, and 70% of government employees felt they hadn't had adequate training in security. Doug White recaps the past week of all of the shows on the Security Weekly network!
Show Notes: https://wiki.securityweekly.com/SWNEpisode16
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Sean Metcalf, Founder and CTO at Trimarc, to discuss Azure AD & Office 365 Security, including a breakdown of Microsoft's security offerings and recommendations for cloud migrations for Active Directory! In the second segment, we welcome Mark Cooper, President and Founder of PKI Solutions, to talk about how SHAKEN/STIR and PKI will end the global robocall problem! In the Security News, Shark Tank Star Corcoran Loses $400K in Email Scam, Backdoor malware is being spread through fake security certificate alerts, Venezuela Power outage knocked out part of the internet connectivity, Experts warn of mass scans for Apache Tomcat Ghostcat flaw, 4 essential things security experts do to protect their own data, and more!
Show Notes: https://wiki.securityweekly.com/PSWEpisode642
Link to an article Mark wrote for Dark Reading: https://www.darkreading.com/endpoint/shaken-stir-finally!-a-solution-to-caller-id-spoofing/a/d-id/1336285
Link to landing page with more info: https://www.pkisolutions.com/shakenstir/
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to talk about CrowdStrike Falcon's expanded visibility protects workloads across all environments, SentinelOne launches container and cloud-native workload protection offering, Forcepoint's Tech Partnership with Amazon Web Services, Ping Identity Announces New Workforce and Customer Authentication Solutions for the Modern Digital Enterprise, and a whole lot more! In our second segment, we air two pre-recorded interviews from RSAC 2020 with Mike Nichols of Elastic and Tod Beardsley of Rapid7! In our final segment, we air two more pre-recorded interviews from RSAC 2020 with Dan DeCloss of PlexTrac and Corey Thuen of Gravwell!
Show Notes: https://wiki.securityweekly.com/ESWEpisode174
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Reflections on RSAC 2020, discussing the grand festival of infosec consumerism that is RSA Conference! Was it worth catching the Coronavirus? And if so, did you use a lime!? In the Security and Compliance News, Health compliance measures to improve pandemic recovery and reduce issues, World Bank pandemic awareness, Is coronavirus not the flu?, Dear passwords: Forget you. Here's what is going to protect us instead, Cyber insurance coverage reflects a changing threat landscape, and the greatest contest ever Privacy vs. Security!
Show Notes: https://wiki.securityweekly.com/SCWEpisode19
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Dan Petit, to discuss his upcoming 2-day workshop at InfoSec World 2020! The workshop is a "deep survey" into all things DevSecOps. In the Application Security News, CVE-2020-1938: Ghostcat vulnerability in the Tomcat Apache JServ Protocol, APIs are becoming a major target for credential stuffing attacks and don't have to target the login workflow, SSL/TLS certificate validity chopped down to one year by Apple s Safari and how this can drive secure DevOps behaviors, and 5 key areas for tech leaders to watch in 2020!
Show Notes: https://wiki.securityweekly.com/ASWEpisode98
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we're back from RSAC 2020 to talk Tesla files leaking, Shark Tank Judge gets back scam cash, Spotify accounts hacked?, and the Swiss Government is fed up and filing charges in the Crypto AG situation! Jason Wood delivers the Expert Commentary on Cyberattacks a Top Concern for Gov Workers.
Show Notes: https://wiki.securityweekly.com/SWNEpisode15
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, live from RSAC 2020, we interview our very own Jeff Man! There are many myths, legends and fables in hacker history. One of the themes of these legends surrounds some of the first red team hackers working for the US Government out of NSA. The building where they worked was called "The Pit". Jeff Man sits with us for this segment to talk about, where he can, the history and events that transpired during his tenure with the NSA! In our second segment, Gabriel Gumbs and the Security Weekly crew discuss strategies for protecting your data. We will explore practical use-cases for needing to manage access and protect your data as it pertains to security and compliance. Protect what matters most! In the final segment, Paul, Matt, and Scott talk all new thoughts, ideas, and findings from the RSA Conference 2020!
Show Notes: https://wiki.securityweekly.com/PSWEpisode641
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/spirion for more information.
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, live from RSAC 2020 we welcome Rob Gurzeev, CEO of Cycognito, to discuss the idea of Shadow Risk and why it's something your organization can t ignore! In our second segment, we welcome Jinan Budge, Principal Analyst at Forrester, to discuss CISO Leadership, Security Culture, and the Evolving Role of the CISO!
Show Notes: https://wiki.securityweekly.com/BSWEpisode164
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, live from RSAC 2020, we interview Chris Eng, Chief Research Officer at Veracode! Chris provides an update on Veracode including 2019 growth, new product announcements, Veracode Security Labs, and booth activities at RSA Conference 2020! In the RSAC Application Security News, 6 of the 10 vendors at Innovation Sandbox are application security companies, F5 Empowers Customers with End-to-End App Security, Checkmarx Simplifies Automation of Application Security Testing for Modern Development and DevOps Environments, and more RSA Conference News!
Show Notes: https://wiki.securityweekly.com/ASWEpisode97
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Doug brings you the weekly Wrap Up, talking all things like D-List Celebrities will call you for money, RSA Sold for 2.1B, IBM pulls out of RSA due to fear of COVID-19, Citrix hacks, all this and more including highlights from this past week across all of our shows!
Show Notes: https://wiki.securityweekly.com/SWNEpisode14
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Mike Nichols, Head of Product at Elastic Security, to talk about how Elastic Security is unifying SIEM and Endpoint Security! In our second segment, we welcome Ian Coldwater, Lead Platform Security Engineer at Heroku, to talk bout Kubernetes and Container Security! In the Security News, Iranian Hackers are targeting Dutch Universities, how electrical tape can fool Tesla sensors, Ransomware attack forces 2-day shutdown of a natural gas pipeline, Ring Rolls Out Mandatory 2FA & New Privacy Controls, and 7 Ways to Improve the Security of Mobile Banking Apps!
Show Notes: https://wiki.securityweekly.com/PSWEpisode640
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Matt is joined by Scott Lyons and Josh Marpet to talk Enterprise News, and how IBM announced RSA Conference withdrawal, Dell Offloads RSA, 12 hottest new cybersecurity startups at RSA 2020, and lots of funding announcements! In the second segment, CEO of Red Lion LLC. Scott Lyons will provide an overview of their CTF at InfoSec World 2020, including their training class and CTF 101! In our final segment, we welcome Ben Budge, System Administrator III at Litehouse Foods, and Lyle Beck, Technology Manager at Litehouse Foods, to discuss the problems they faced at Litehouse in regards to network and system monitoring, troubleshooting, and how that ultimately took them to ExtraHop!
Show Notes: https://wiki.securityweekly.com/ESWEpisode173
To learn more about ExtraHop, visit: https://securityweekly.com/extrahop
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Jeff Recor, Global IRM Lead at Accenture, to talk about how Integrated Risk Management is the New GRC! Jeff was scheduled to be part of the 'Security vs. Compliance' Roundtable (https://securityweekly.com/shows/security-vs-compliance-psw-632-2/) recorded on Dec. 19, 2019, but got snowed out!
Show Notes: https://wiki.securityweekly.com/SCWEpisode18
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Quantum Crypto Chaos, IBM Cloud Vulnerabilities in CICS, Crowded Flounder and Hacking Back, Turkish RATs, Israeli soldiers catfished by HAMAS, and the Julian Assange Trial: Australian PMs trying to prevent extradition to the United States!
Show Notes: https://wiki.securityweekly.com/SWNEpisode13
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome David Sherry, Chief Information Security Officer at Princeton University, and Tara Schaufler, Information Security Awareness and Training Program Manager at Princeton University, to discuss Rapid Cultural Change of Security on the Princeton Campus! In the Leadership and Communications segment, Why 67% of companies fear they can't sustain privacy compliance, How Using An Old School Paper Planner Changed My Life, How to attract top talent in a competitive hiring market, and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode163
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Doug DePerry, Director of Defense at Datadog, to discuss Lessons Learned From The DevSecOps Trenches! In the Application Security News, SweynTooth: Unleashing Mayhem over Bluetooth Low Energy, RetireJS, What Is DevSecOps and How to Enable It on Your SDLC? and more!
Show Notes: https://wiki.securityweekly.com/ASWEpisode96
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Doug White brings you through the latest across all of our shows on the network, CIA pwns well, everyone in history, Bluetooth hacking, Thousands of Docker Repositories are open to the internet, lots of ransomware, and is Apple giving up passwords?
Show Notes: https://wiki.securityweekly.com/SWNEpisode12
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Oshea Bowens, Founder & Chief Janitor at Null Hat Security, to talk about Living in Blue Team Land and Skicon, a conference Founded by Oshea himself! In our second segment, we welcome John Loucaides, VP of Research & Development at Eclypsium, to talk about Hacking Firmware: The Unprotected Attack Surface of the Enterprise! In the Security News, Misconfigured Docker Registries Expose Thousands of Repositories, a Forgotten motherboard driver turns out to be perfect for slipping Windows ransomware past antivirus checks, Jail Software Left Inmate Data Exposed Online, Adobe patches 42 vulnerabilities across 5 products, and how the CIA Secretly Owned Global Encryption Provider, Built Backdoors,& Spied On 100+ Foreign Governments!
Show Notes: https://wiki.securityweekly.com/PSWEpisode639
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to talk about Salt Security API Protection Explained, Thycotic Leads the Way for Cloud-based Privileged Access Management, ZeroFOX launches AI-powered Advanced Email Protection for Google and Microsoft platforms, Elastic Stack 7.6 delivers automated threat analysis and response, and 12,000+ Jenkins servers can be exploited to launch, amplify DDoS attacks! In our second segment, we welcome David Waugh, Chief Revenue Officer at Managed Methods, to discuss how K-12 schools are victims of lateral phishing campaigns! In our final segment, we welcome Jeff Deininger, Principal Sales Engineer for the Cloud at ExtraHop, to discuss How to Secure Cloud Workloads & Reduce Friction with Cloud-Native Network Detection & Response!
Show Notes: https://wiki.securityweekly.com/ESWEpisode172
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Dr. Mike Lloyd, CTO at RedSeal, to discuss The Critical Role of Basic Cyber Hygiene! In the Leadership and Communication Segment, 5 things successful people don't care about, 11 books that will change the way you think about Leadership, how IBM wants to be the next Microsoft starting with the CEO, and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode162
To find out more and try Redseal, please visit: https://securityweekly.com/redseal
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Jeff and the crew discuss What is Risk-Based Security? How does compliance and/or security programs/points-of-view help or hinder risk-based security efforts? How can we change this? In the Security & Compliance News, Back to the basics What is the cost of non-PCI Compliance?, Endpoint Security the Foundation to Cybersecurity, Facebook settles data breach class-action lawsuit, CCPA cited in Hanna Andersson/Salesforce breach lawsuit, and Hanna Andersson Notice of Data Breach to Consumers!
Show Notes: https://wiki.securityweekly.com/SCWEpisode17
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
The CIA spying? NASA could have used a USB charger? Election technology not very secure? ICS is a threat and the return of the Equifax monster from beyond the grave!
Show Notes: https://wiki.securityweekly.com/SWNEpisode11
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Mike and John interview Shaun Lamb about strategies for how to best design applications so they are "secure by default" and have fewer incidents and vulnerabilities, and more! In the Application Security News, Dropbox bug bounty program has paid out over $1,000,000, Report Pins Cloud Security Woes on Flawed DevOps Processes, Ghost in the shell: Investigating web shell attacks, An Incident Impacting your Account Identity, and more!
Show Notes: https://wiki.securityweekly.com/ASWEpisode95
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Doug White gives you the latest updates across all of Security Weekly's shows, from malware to hacking air-gapped computers, Ashley Madison, Katelyn Bowden and the BADASSARMY, Security Through Obscurity in Iowa, and highlights from the show notes from the week of February 2, 2020!
Show Notes: https://wiki.securityweekly.com/SWNEpisode10
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Katelyn Bowden, CEO of BADASS, (Battling Against Demeaning and Abusive Selfie Sharing), to talk about her journey, and how she started BADASS! In our second segment, we present you with a Technical Segment to talk about Adventures in AWS Computing! In the Security News, Google shares private videos with the wrong users, how to get hacked through a Philips Hue smart hub, Buggy Iowa Caucus App is actually Buggy? No way!, how US cities have handled their fight against cybercrime attacks, and how someone sabotaged their boss with ransomware from the dark web!
Show Notes: https://wiki.securityweekly.com/PSWEpisode638
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, in the Enterprise Security News, Preempt Security Becomes First in Industry to do Real-Time Threat Detection for Encrypted Authentication Protocol Traffic, Actionable Searching and Data Download with Vulnerability Management Dashboards, Companies and employees embrace BYOD but with compliance and risk challenges! In our second segment, we interview Wilson Bautista, Founder of Jun Cyber, to talk about leadership, DevOps and Security working together to provide security for the business! In our final segment, we welcomeMalcolm Harkins, Chief Security & Trust Officer at Cymatic, to discuss the security profits from the insecurity of computing thus at a macro economic level has no real economic incentive to solve many of the risk issues we face!
Show Notes: https://wiki.securityweekly.com/ESWEpisode171
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome David Starobinksi, Professor, Department of Electrical and Computer Engineering at Boston University, to discuss the changes in network communications in both the wireless and IoT world! In the Leadership and Communications segment, 9 Quotes By NBA Legend Kobe Bryant That Might Impact Our Lives Forever, How to Build Trust with Business Partners from Other Cultures, and For zero trust to work, machines and humans require identities, and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode161
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Chris Roberts, CSS of Attivo Networks! You are hedging your bets, hoping that someone else gets breached first, don't believe it's as big as an issue as people make out, keeping your insurance companies happy, telling your board "we're ok" and, basically avoiding looking in the mirror. We interview Chris Roberts to talk about bridging the gap in the learning process that companies only follow when they are breached!
Show Notes: https://wiki.securityweekly.com/SCWEpisode16
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Everyone wins in Iowa, Twitter has conspiracy theories? No way! Hackers steal billions and don't get caught, Iowa Election Apps secured by "obscurity", and the top 24 passwords found on the Dark Web. In the Expert Commentary, we welcome back Jason Wood, to talk about a New Iranian Campaign Tailored to US Companies Utilizes an Updated Toolset!
Show Notes: https://wiki.securityweekly.com/SWNEpisode9
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Mike, John, and Matt review the presentation given by Clint Gilber at AppSec Cali, An Opinionated Guide to Scaling Your Company's Security! In the Application Security News, Xbox Bounty Program, Magento 2.3.4 Patches Critical Code Execution Vulnerabilities, Remote Cloud Execution - Critical Vulnerabilities in Azure Cloud Infrastructure, RCE in OpenSMTPD library impacts BSD and Linux distros, Fintechs divided on screen scraping ban, and Zero trust architecture design principles!
Show Notes: https://wiki.securityweekly.com/ASWEpisode94
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Gene Kim, Founder, Researcher, and Author of the Phoenix Project and The Unicorn Project, to talk about his goals and aspirations in The Unicorn Project, take a deep dive into the Five Ideals, and how DevOps will be a major player for decades to come! In our second segment, we welcome back Peter Smith, CEO, and Co-Founder of Edgewise, to talk about Stopping Python Backdoor Attacks, and how similar attacks have managed to evade traditional network security defenses and propagate inside their target environments! In the Security News, NHS alerted to severe vulns in GE health equipment, Ragnarok Ransomware targets Citrix ADC & disables Windows Defender, suspected Magecart hackers arrested in Indonesia, Wawa breach data was found for sale, and a mega-breach that exposed more than 250 million users!
Show Notes: https://wiki.securityweekly.com/PSWEpisode637
Visit https://www.securityweekly.com/psw for all the latest episodes!
To learn more about Edgewise, visit: https://securityweekly.com/edgewise
Visit https://securit Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
DEFCON is canceled from Coronavirus, Ragnarok Ransomware Runs Ragged Rapidly, Avast suddenly stops selling your data to third parties and shutters Jumpshot, Charges against Coalfire Red Team dropped in Dallas County, and 20 Board Members realize that Cybersecurity is more than just some guy named Ned in the Basement!
Show Notes: https://wiki.securityweekly.com/SWNEpisode8
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to talk about New Cisco and AppDynamics integration bridges IT and DevOps for app management, Citrix and FireEye Mandiant Launch Indicator of Compromise Scanner, Sophos Introduces Intercept X for Mobile, Optimizing Your IT Spend as You Move to the Cloud, and more! In our second segment, we will deliver a Technical Segment on Migrating Legacy Apps to the Cloud Pt. 1! In our final segment, we welcome Steven Bay, Director of Security Operations at Security On-Demand, to discuss Edward Snowden and the Insider Threat!
Show Notes: https://wiki.securityweekly.com/ESWEpisode170
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Jeff, Scott, Josh, and Matt talk about Cyber Insurance! They'll dive into some topics such as Relationship and dilution of responsibility between brokers, underwriters, and reinsurance companies, Cost of Cyber Insurance, and much more! In the Security and Compliance News, Dallas County Acquires Cyber Insurance through ICAP, Ransomware Claims Driving Up Cyber Insurance Costs, Cowbell Cyber Demystifies Cyber Insurance with Cowbell Prime 100, The Cold Truth About Your Cyber Insurance, and more!
Show Notes: https://wiki.securityweekly.com/SCWEpisode15
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Michael Figueroa, Independent Executive Security Advisor, to discuss the challenges of CISOs and the differences between large enterprises and small businesses! In the Leadership and Communications segment, Board members find cybersecurity risk an existential threat, When Community Becomes Your Competitive Advantage, The Little Things That Make Employees Feel Appreciated, Don't Stay in Your Lane: The Secret to Developing Your Career, and more!
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, How all vehicles are on the road to being hackable, Misinformation on the internet regarding the Corona virus? No way!, Jersey police are barred from using Clearview, CDC report on the Coronavirus, and Coveware reports said that ransomware payments increased over 100% in Q4 of 2019! In the Expert Commentary, we welcome Jason Wood of Paladin Security, to talk about how Leaked Documents Expose the Secretive Market for Your Web Browsing Data!
Show Notes: https://wiki.securityweekly.com/SWNEpisode7
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome John Butler, Solutions Engineer at Guardsquare, to discuss Dynamically Protecting Mobile Applications with RASP! In the Application Security News, Insecure configurations expose GE Healthcare devices to attacks demonstrate more simple flaws with high impacts, NSA Offers Guidance on Mitigating Cloud Vulnerabilities, Enumerating Docker Registries with go-pillage-registries for pentesters searching for useful information, and more!
Like us on Facebook: https://www.facebook.com/secweekly
To request a demo with Guardsquare, please visit: https://securityweekly.com/guardsquare
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Dug Song, Co-Founder and General Manager of Duo Security at Cisco, to discuss the vision and culture behind Duo Security, and talk about his journey from when he began his start in Information Security! In our second segment, we welcome Mike Godwin, Distinguished Senior Fellow at R Street Institute, to talk about Digital Rights and Privacy! In the Security News, Microsoft Security Shocker As 250 Million Customer Records Exposed Online, the NSA Offers Guidance on Mitigating Cloud Flaws, Multiple Vulnerabilities Found in AMD ATI Radeon Graphics Cards, Brazil prosecutes Glenn Greenwald in an attack on press freedom, and Cybersecurity Lessons Learned from 'The Rise of Skywalker'!
Show Notes: https://wiki.securityweekly.com/PSWEpisode636
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Doug White brings the Security Weekly News update for the week of January 20, 2020, to discuss the top news stories of the week, across all of the Security Weekly Network shows!
Show Notes: https://wiki.securityweekly.com/SWNEpisode6
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to talk about Security Compass securing funding to enhance solutions portfolio and accelerate growth, Micropatch simulates workaround for recent zero-day IE flaw, New Kaspersky Sandbox automates protection from advanced threats, FireEye adds Cloudvisory to its stable, and some funding and acquisition updates from ServiceNow, Sysdig, Waterfall Security Solutions, and more! In our second segment, we welcome Alex Horan, Director of Product Management of Onapsis, and JP Perez, CTO of Onapsis, to discuss SAP Vulnerability and the current state as it relates to SAAP Vulns and Security! In our final segment, we welcome Robert Siciliano, Security Awareness Expert, to discuss Security Awareness: Empowering employees to care about security through security appreciation training!
Show Notes: https://wiki.securityweekly.com/ESWEpisode169
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Chase Robertson, CEO at Robertson Wealth Management, to discuss the state of the financial markets in 2020 and beyond! In our second segment, it's our quarterly Security Money update! This segment tracks the Top 25 public security vendors, known as the Security Weekly 25 Index, and the private funding!
Show Notes: https://wiki.securityweekly.com/BSWEpisode159
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Trevor Bryant, Senior Information Security Architect at Epigen Technology, to talk about the Risk Management Framework, and how to leverage sound business practices to promote security and compliance initiatives in the workplace!
Show Notes: https://wiki.securityweekly.com/SCWEpisode14
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Clearview app lets strangers find your information through Facial Recognition, Travelex begins reboot as VPN bug persists, ADP users hit by Phishing Scam, Exposed Telnet ports lead to over 500,000 IoT devices credentials stolen, and over 1000 local governments reported they were hit by ransomware in 2019! In the Expert Commentary, we welcome Jason Wood of Paladin Security, to talk about how the FBI is to inform election officials about hacking attempts!
Show Notes: https://wiki.securityweekly.com/SWNEpisode5
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in our first segment, Mike, Matt, and John, discuss Protecting Data in Apps and Protecting Apps from Data! In the Application Security News, PoC Exploits Published For Microsoft Crypto Bug disclosed by NSA, Introducing Microsoft Application Inspector, Vulnerability management requires good people and patching skills, and DevSecOps: 10 Best Practices to Embed Security into DevOps are more like 10 verbs related to DevOps responsibilities!
Show Notes: https://wiki.securityweekly.com/ASWEpisode92
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, in the Security News, A Powerful GPG collision attack spells the end for SHA-1, an unpatched Citrix Flaw now has PoC Exploits, a Lottery hacker gets 9 months for his 5 cut of the loot, Windows 10 has a security flaw so severe the NSA disclosed it, and PayPal patches a high severity password vulnerability! In our second segment, we welcome Ryan Speers & Jeff Spielberg of River Loop Security, to talk about Embedded Product Security: Left of Ship! In our final segment, we will be airing our Hacker Culture Roundtable, recorded from the Security Weekly Christmas Extravaganza, with a boatload of hosts from the Security Weekly Family!
Show Notes: https://wiki.securityweekly.com/PSWEpisode635
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Highlights from the Security Weekly shows this week, including dealing with personalities and compliance, Windows 10 exploits, alert fatigue in your SoC, security for startups, Windows 10 exploits, Tik Tok backdoors, lottery hack, 5G (in)security and more!
Show Notes: https://wiki.securityweekly.com/SWNEpisode4
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to talk about How to Create Easy and Open Integrations with VMRays REST API, Zimperium integrates with Microsoft Defender Advanced Threat Protection EDR, PacketViper Deception360 now available for Microsoft Azure, Up Your Vulnerability Prioritization Game with Tenable Lumin for Tenable.sc, and Say Goodbye to Windows Server 2008 and Hello to Azure?! In our second segment, we welcome Mark Orlando, Founder, and CEO of Bionic, to discuss Outdated Defense Approaches and the need to revisit traditional thinking about security operations in the Enterprise! In our final segment, we welcome Ward Cobleigh, Product Line Manager at VIAVI Solutions, to discuss VISA Security Alerts - What we can learn, and what we can do!
Show Notes: https://wiki.securityweekly.com/ESWEpisode168
To learn more about VIAVI Solutions, visit: https://securityweekly.com/viavi
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Al Ghous, VP and Head of Security at ServiceMax, to discuss Startup Security - It s Everyone s Business! In the Leadership Articles, Unexpected Companies Produce Some of the Best CEOs, Security Think Tank: Hero or villain? Creating a no-blame culture, The Guy Who Invented Inbox Zero Says We're All Doing It Wrong, Enterprise-scale companies adopting Azure over AWS, and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode158
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Ben Rothke, Senior Information Security Specialist for Tapad, to talk about the Multiple Personalities we encounter during Compliance and Audit Engagements! In the Security and Compliance news, A Risk Assessment Path to Real-Time Assurance, Culture, Integrity and the Board's Role in Guarding Corporate Reputation, Skills For the Compliance Professional in the 2020s, Four Compliance Insights For 2020 and Beyond, Compliance Officer Burnout, Why You Should Draft a Compliance Mission Statement, and more!
Show Notes: https://wiki.securityweekly.com/SCWEpisode13
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Tesla goes Pwn2Own again this year, GRU "hacks" a Ukranian gas company at the heart of scandals in DC, Microsoft has officially ended support for Windows 7 and Server 2008, and a nasty bug in Firefox, Citrix exploits are being well...exploited, and the return of Emotet! In the Expert Commentary, we welcome Jason Wood of Paladin Security, to talk about The State of 5G Security!
Show Notes: https://wiki.securityweekly.com/SWNEpisode3
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Hillel Solow, CTO at Check Point, to discuss The Evolution of DevSecOps and AppSec Trends in 2020! In the Application Security News, Policy and Disclosure: 2020 Edition, A look back & forward for bug bounties over the past decade, 4 Ring Employees Fired For Spying on Customers, Exploit Fully Breaks SHA-1, Lowers the Attack Bar, The Open Source Licence Debate: Comprehension Consternations & Stipulation Frustrations, Synopsys Buys Tinfoil, and Rotate Your Amazon RDS, Aurora, and Amazon DocumentDB (with MongoDB compatibility) Certificates!
Show Notes: https://wiki.securityweekly.com/ASWEpisode91
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Welcome to the first-ever Security Weekly News Wrap up for the week of January 5th, 2020. We have a massive amount of content here on Security Weekly every week, and Doug White is here to try and sum it all up for you, so you can just hit the high points for the week. So, stick around, and we'll cover all the shows and all the top stories of the week!
Show Notes: https://wiki.securityweekly.com/SWNEpisode2
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Dan DeCloss, President and CEO at PlexTrac, to talk about How to Improve Penetration Testing Outcomes with Purple Teaming! In our second segment, we welcome Ambuj Kumar, CEO, and Co-Founder of Fortanix, to discuss The Keys to Your Kingdom: Protecting Data in Hybrid and Multiple Public Clouds! In the Security News, Car hacking hits the streets, Four Ring employees fired for spying on customers, MITRE presents ATT&CK for ICS, and Las Vegas suffers cyberattack on the first day of CES!
Show Notes: https://wiki.securityweekly.com/PSWEpisode634
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to talk about Tapplock introducing new enterprise fingerprint scanning padlock accessories, Protecting corporations without sacrificing performance with Cloudflare, as well as their acquisition of S2 Systems, Pulse Secure, and SecureWave enter a partnership, Mimecast acquires Segasec, and more! In our second segment, we discuss Docker Container Security - Vulnerable Upon Inception! In our final segment, we welcome back Britta Glade, Director of Content and Curation for RSAC, and Linda Gray, Senior Director and General Manager for RSAC, to discuss what to expect at the world's largest cybersecurity conference in San Francisco!
Show Notes: https://wiki.securityweekly.com/ESWEpisode167
To register for RSAC 2020 using our discount code or to book an interview with Security Weekly on-site at RSA Conference visit: https://securityweekly.com/rsac2020
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
This week on Security and Compliance Weekly, we welcome Ian Amit, CSO at Cimpress, to discuss utilizing quantitative (vs qualitative) metrics in a security program, maturing it from a technical novelty to something a business can align with and see value from, and understanding where security fits into risk management!
Show Notes: https://wiki.securityweekly.com/SCWEpisode12
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week on Business Security Weekly, Matt Alderman, Paul Asadoorian and Jason Albuquerque discuss the best and worst companies and performance of 2019 including Amazon, Apple, Lululemon, Facebook, Boeing, and Pacific Gas and Light! In the Leadership and Communications segment, 5 CIO and IT leadership trends for 2020, First Look: Leadership Books for January 2020, The Right Way to Form New Habits, and 5 Questions You Can Ask to Learn About Company Culture in a Job Interview and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode157
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Happy New Year and welcome to the first episode ever of Security Weekly News! It's another year of malware, exploits, and fun here on the Security Weekly Network, with your host, Doug White! Ransomware, TikTok, and in the Expert Commentary, we welcome Jason Wood of Paladin Security, to talk about Iranian Cyber Threats: Practical Advice for Security Professionals!
Show Notes: https://wiki.securityweekly.com/SWNEpisode1
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week on Application Security Weekly, Mike Shema and Matt Alderman discuss Privacy by Design - The 7 Foundational Principles! In the Application Security News, Featured Flaws and Big Breaches, Cloud, Code and Controls (Python is dead. Long live Python!), Learning and Tools (Breaking Down the OWASP API Security Top 10), and Food for Thought (Facebook will stop mining contacts with your 2FA number, 6 Security Team Goals for DevSecOps in 2020, 7 security incidents that cost CISOs their jobs)!
Show Notes: https://wiki.securityweekly.com/ASWEpisode90
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Kavya Pearlman, CEO at XR Safety Initiative, to talk about Who is going to protect the Brave New Virtual Worlds, and HOW?! In our second segment, we welcome Chris Painter, Commissioner at the Global Commission on the Stability of Cyberspace, to discuss Diplomacy, Norms, and Deterrence in Cyberspace! In the security news, mysterious Drones are Flying over Colorado, 7 Tips for Maximizing Your SOC, The Most Dangerous People on the Internet This Decade, North Korean Hackers Stole 'Highly Sensitive Information' from Microsoft Users, Critical Vulnerabilities Impact Ruckus Wi-Fi Routers, & The Coolest Hacks of 2019!
Show Notes: https://wiki.securityweekly.com/PSWEpisode633
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome you with our Roundtable Discussion on DevOps and Securing Applications, where we'll cover how to navigate the wide variety of options for securing modern applications and the processes used to build and deploy software today! Next up we debate one of Information Security's long-standing debates: Security vs. Compliance! The final segment in this episode assembles a panel of experts to discuss The History of Security and what we can learn from the past!
Show Notes: https://wiki.securityweekly.com/PSWEpisode632
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we kick things off with the Blue Team Roundtable, to discuss defensive techniques that actually work, and ones that don't! In the second segment, we'll switch teams and transition to The State of Penetration Testing Roundtable, where we'll discuss the evolution of Penetration Testing, and how to get the most value from the different types of assessments! In our final segment, we welcome back long-time friend of the show Ed Skoudis, to discuss this year's Counterhack Holiday Hack Challenge, a holiday tradition here at Security Weekly, and one of the community's favorite hacking challenges!
Show Notes: https://wiki.securityweekly.com/PSWEpisode631
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to talk about how MITRE updates ATT&CK for the cloud, Ping Identity builds and matures Zero Trust Infrastructures, SaltStack integrates with ServiceNow to deliver Closed-Loop IT and Security Automation, and some acquisition updates from Fortinet, CyberSponse, Guardsquare, Zimperium, and more! In our second segment, we discuss Unifying DevOps and SecOps, exploring the people and process challenges of DevSecOps and Where to integrate Security Seamlessly in the DevOps Pipeline! In our final segment, we welcome Jason Rolleston, Chief Product Officer at Kenna Security, and Michael Roytman, Chief Data Scientist at Kenna Security, to discuss Risk-Based Vulnerability Management and Threat and Vulnerability Management!
Show Notes: https://wiki.securityweekly.com/ESWEpisode166
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we are joined in studio by Steve Levinson, Vice President of Online Business Systems Risk, Security, & Privacy practice (full disclosure - he s also my boss!). We ll talk about the Security & Compliance divide from the compliance side, and hopefully, gain some insight into why I m so passionate (or dispassionate about) PCI!
To learn more about Online Business Systems, visit: https://securityweekly.com/online
Show Notes: https://wiki.securityweekly.com/SCWEpisode11
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Montana TV stations hit by cyber attack, Ransomware crisis in US schools, a deep dive into Phobos Ransomware, Cybersecurity salary survey reveals variance across industries and geolocations in 2020, and Ring smart camera claims they were not hacked!! In the expert commentary, we welcome Paul Asadoorian, CTO and Founder of Security Weekly, to discuss why you should be careful who you do business with!
Show Notes: https://wiki.securityweekly.com/HNNEpisode246
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Martin Bally, CISO at American Axle & Manufacturing! In the Leadership and Communications segment, Why Crowdsourcing Often Leads to Bad Ideas, Do You Need Charisma to Be a Great Public Speaker?, Fight the skills gap with a great upskilling and reskilling strategy, and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode156
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Dave Ferguson, Director of Product Management and WAS at Qualys! Dave will discuss the issue of latent vulnerabilities and how they may linger in your custom-coded web applications and APIs, presenting an enticing target for attackers. In the Application Security News, GitLab Doles Out Half a Million Bucks to White Hats, How can we integrate security into the DevOps pipelines?, Go passwordless to strengthen security and reduce costs - and design your app to support these types of workflows, including account recovery.
Show Notes: https://wiki.securityweekly.com/ASWEpisode89
To learn more, visit: https://securityweekly.com/qualys
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Jorge Salamero, Director of Product Marketing at Sysdig, to talk about Runtime Protection for Containers! In our second segment, we welcome back the Legend himself John Strand, to talk about Backdoors & Breaches, an Incident Response Card Game! In the security news, Your Smart Christmas Lights Are Safer Than They Were Last Year, Intels SGX coughs up crypto keys when scientists tweak CPU voltage, Hackers Can Block iPhones and iPads Via AirDrop Attack, How hackers are breaking into Ring Cameras, and Bloomberg accidentally created an Alexa Fleshlight!
Show Notes: https://wiki.securityweekly.com/PSWEpisode630
To learn more about BHIS, visit: https://securityweekly.com/bhis
To learn more about Sysdig, visit: https://securityweekly.com/sysdig
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Laura Jones, Author of a children's book titled Cyber Ky & Tekkie Guy Manage the Risk of Being Online. She focuses on children being as 'appropriately informed' as they are comfortable with using technology! In the Security and Compliance News, Equifax nears 'historic' data breach settlement that could cost up to $3.5B, Maryland Again Amends its Data Breach Notification Law, Hidden Complexity is Biggest Threat to Compliance, Data Security Remains Top IT Concern for Small Businesses and Others, A Compliance Carol: A visit from the Ghost of Compliance Past, and more!
Show Notes: https://wiki.securityweekly.com/SCWEpisode10
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to talk about Barracuda launching Cloud Security Guardian integration with Amazon Detective, Sophos launches new cloud-based threat intelligence and analysis platform, Accenture launches Cloud Native solution to help clients, and 10 notable Cybersecurity acquisitions of 2019, Pt. 2! In our second segment, we welcome James Carder, Chief Security Officer & Vice President at LogRhythm, to discuss Measuring and Maturing Security Operations Maturity! In our final segment, we welcome Jamie Butler, Tech Lead at Elastic Security, to talk about how improving security requires reducing complexity!
Show Notes: https://wiki.securityweekly.com/ESWEpisode165
To learn more about Elastic, visit: https://securityweekly.com/elastic
To learn more about LogRhythm, visit: https://securityweekly.com/logrhythm
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome John Ramsey, Chief Information Security Officer at National Student Clearinghouse, to discuss Security in Education! In the Leadership and Communication Segment, In-depth protection is a matter of basic hygiene, 4 strategies to find time for yourself, Enterprises muddled over cloud security responsibilities, and Screw Productivity Hacks: My morning routine is getting up late!
Show Notes: https://wiki.securityweekly.com/BSWEpisode155
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, How Panasonic is using internet honeypots to improve IoT device security, A new Windows 10 ransomware threat?, 'Hackable' karaoke and walkie talkie toys found by Which?, Linux Bug Opens Most VPNs to Hijacking, New Office 365 Feature Provides Detailed Information on Email Attack Campaigns, and Google Confirms Critical Android 8, 9 And 10 Permanent Denial Of Service Threat! In the expert commentary, we welcome Tyler Robinson, Managing Director of Network Operations at Nisos, Inc, to discuss Sophos Uncovering New Version of Snatch Ransomware!
Show Notes: https://wiki.securityweekly.com/HNNEpisode245
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Allan Friedman, Director of Cybersecurity Initiatives at the NTIA US Department of Commerce, to talk about the Software Bill of Materials! In the Application Security News, GitHub Seeks Security Dominance With Developers, IoT and Agile Framework Partners in Efficacy, WhiteSource acquires & open sources Renovate dependency update toolset, and Java vs. Python: Which should you choose?
Show Notes: https://wiki.securityweekly.com/ASWEpisode88
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Eric Brown, Senior Security Analyst at LogRhythm, to talk about the Outlook on Phishing in 2020! In our second segment, we welcome back Micah Hoffman, Principal Investigator at Spotlight Infosec, to discuss OSINT in Cyber! In the Security News, HackerOne breach lets outside hacker read customers private bug reports, Two malicious Python libraries caught stealing SSH and GPG keys, Smash-and-grab car thieves use Bluetooth to target cars containing tech gadgets, and If You Bought a Smart TV on Black Friday, the FBI Has a Warning for You!
Show Notes: https://wiki.securityweekly.com/PSWEpisode629
To learn more about LogRhythm, visit: https://securityweekly.com/logrhythm
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise Security News, discussing How Mimecast Challenges Shadow IT for Cloud App Usage on Mobile and Desktop Devices, CloudKnox Security Announces Integration with AWS IAM Access Analyzer, Morphisec Achieves AWS Security Competency Status for Cloud Server Workload Protection, and more! In our second segment, we welcome back Ferruh Mavituna, CEO and Founder at Netsparker, as he'll be talking about how to start building a web security program and a realistic approach to starting a web security program in enterprises! In the final segment, we welcome Heather Paunet, VP of Product at Untangle, to talk about how Untangle will be releasing an SD-WAN Router, which has advanced routing capabilities and provides the ability for a business to build a comprehensive, secure Software-Defined Networking!
Show Notes: https://wiki.securityweekly.com/ESWEpisode164
To learn more about Netsparker, visit: https://securityweekly.com/netsparker
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter Visit https://www.securityweekly.com/esw
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Mathieu Gorge, CEO at Vigitrust for an interview! In the Security and Compliance News, Sale of 4 Million Stolen Cards Tied to Breaches at 4 Restaurant Chains, Sentara Hospitals to pay $2.2M HIPAA settlement for undisclosed data breaches, Privacy Regs Changing the Face of Cybersecurity, TrueDialog Leaks 600GB of Personal Data, Affecting Millions, CFTC Fines Goldman Sachs $1 Million for Failing to Record Calls, Global Cops Shut 31,000 Domains in IP Crackdown, and more!
Show Notes: https://wiki.securityweekly.com/SCWEpisode9
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Ward Cobleigh, Senior Product Manager at VIAVI Solutions! In the Leadership and Communications segment, Companies Need to Rethink What Cybersecurity Leadership Is, What Companies That Are Good at Innovation Get Right, Staff in smaller businesses bogged down by poor communications, Why You Should Be Sending More Video Emails And How To Record Them, Enterprises muddled over cloud security responsibilities, and Top tech conferences to attend in 2020!
Show Notes: https://wiki.securityweekly.com/BSWEpisode154
To learn more about VIAVI Solutions, visit: https://securityweekly.com/viavi
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Microsoft OAuth Flaw Opens Azure Accounts to Takeover, Vulnerabilities Disclosed in Kaspersky, Trend Micro Products, Critical Code Execution Vulnerability Found in GoAhead Web Server, and StrandHogg Vulnerability Allows Malware to Pose as Legitimate Android Apps! In the expert commentary, we welcome back Adam Gordon from ITPro.TV, to discuss DevSecOps and the Culture Clash in Organizations!
Show Notes: https://wiki.securityweekly.com/HNNEpisode244
To learn more about ITPro.TV, visit: https://securityweekly.com/itpro
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Sandy Carielli, Principal Analyst at Forrester Research, to discuss the impact of good and bad bots on enterprises and how it is both a security and customer experience problem! In the Application Security News, Analysis of Jira Bug Stresses Impact of SSRF in Public Cloud, DevSecOps Adoption and the Web Security Myth, Facebook, Twitter profiles slurped by mobile apps using malicious SDKs, Firefox gets tough on tracking tricks that sneakily sap your privacy, and Decoding the Modern Enterprise Software Spaghetti!
Show Notes: https://wiki.securityweekly.com/ASWEpisode87
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to talk about how Cloudflare Open-Sources its Network Vulnerability Scanner, Qualys brings its Market Leading Vulnerability Management Solution to the next level, and some acquisition and funding updates from Palo Alto, Cymulate, Detectify, and Perimeter 81! In our second segment, we welcome Ken Belva, CEO, and Founder of OpCode41, to talk about IoT Crusher, Testing for Default & Weak Credentials! In our final segment, we air a Pre-Recorded interview with Brenden O'Conner, Information Security Program Manager at Root Insurance, to discuss Patch Management!
Show Notes: https://wiki.securityweekly.com/ESWEpisode163
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Russell Mosley and Jim Nitterauer, to discuss security and compliance specifically for small businesses where they have been involved with audit and compliance including NIST 800-171, 800-53 (FISMA) and SOC, and how to achieve decent security and meet compliance requirements with limited staff and resources!
Show Notes: https://wiki.securityweekly.com/SCWEpisode8
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Nate Fick, GM of Elastic Security and former CEO of Endgame, to discuss Elastic's resource-based pricing! In the Leadership and Communications segment, Why Business Leaders Need to Understand Their Algorithms, How to Do a Digital Detox: 3 Easy Steps for Success, How Remote Workers Make Work Friends, and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode153
To learn more about Elastic Security, visit: https://securityweekly.com/elastic
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, PoC exploit code for Apache Solr RCE flaw is available online, Some Fortinet products used hardcoded keys and weak encryption for communications, Critical Flaws in VNC Threaten Industrial Environments, Twitter allows users to use 2FA without a phone number, and Smash-and-grab car thieves use Bluetooth to target cars containing tech gadgets! In the expert commentary, we welcome back Jason Wood from Paladin Security, to discuss an Iranian hacking crew that is targeting Industrial Control Systems!
Show Notes: https://wiki.securityweekly.com/HNNEpisode243
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Tim Mackey, Principal Security Strategist at Synopsys! In the Application Security News, $1M Google Hacking Prize, 1.2B Records Exposed in Massive Server Leak, How Attackers Could Hijack Your Android Camera to Spy on You, XSS in GMail s AMP4Email via DOM Clobbering, and more!
Show Notes: https://wiki.securityweekly.com/ASWEpisode86
To learn more about Synopsys, visit: https://securityweekly.com/synopsys
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
This week, we welcome Peter Liebert, CEO at Liebert Security, to discuss The Next Generation of SOCs: DevSecOps, Automation and breaking the model! In our second segment, we welcome back our friend Dave Kennedy, Founder and CEO of TrustedSec & Binary Defense, to discuss the Coalfire Incident and DerbyCon Communities! In the Security News, Disney Plus Blames Past Hacks for User Accounts Sold Online, Why Multifactor Authentication Is Now a Hacker Target, How the Linux kernel balances the risks of public bug disclosure, a critical flaw in Jetpack exposes millions of WordPress sites, and Amazon tells senators it isn't to blame for Capital One breach!
Show Notes: https://wiki.securityweekly.com/PSWEpisode628
To learn more about TrustedSec, visit: https://trustedsec.com/securityweekly
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, discussing how Sysdig supports Google Cloud Run for Anthos to secure serverless workloads in production, StackRox Kubernetes Security Platform 3.0 Introduces Advanced Features and New Workflows for Configuration and Vulnerability Management, and some acquisition and funding updates from CyberCube, 1Password, Docker, WhiteSource, and more! In our second segment, we welcome Reuven Harrison, Chief Technology Officer at Tufin, to discuss the Cloud, Containers, and Microservices! In our final segment, we welcome Jorge Salamero, Director of Product Marketing at Sysdig, to discuss the challenges of implementing security in Kubernetes Environments!
Show Notes: https://wiki.securityweekly.com/ESWEpisode162
To learn more about Sysdig, visit: https://securityweekly.com/sysdig
To learn more about Sysdig, visit: https://securityweekly.com/tufin
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk about the 2019 Verizon Payment Security Report! Why is PCI Compliance Decreasing? Why is it decreasing? What's missing? What needs to change? In the Security and Compliance News, Is My PCI Compliance Good Enough to Serve as a Network Cybersecurity Audit?, Getting Prepared for New York s Expanded Security Breach and Data Security Requirements, Virginia Builds New Model for Quantifying Cybersecurity Risk, Five Cyber Program Elements Financial Services Firms Must Cover To Stay Compliant, and more!
Show Notes: https://wiki.securityweekly.com/SCWEpisode7
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Scott Petry, CEO at Authentic8, to discuss challenges with the browser and securing web sessions! In the Leadership and Communications segment, CISOs left in compromising position as organizations tout cyber robustness, How To Get More Out Of Your Team, 8 Steps To Convert Your Commute Time To Me Time, and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode152
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Vulnerabilities in Android Camera Apps Exposed Millions of Users to Spying, what to do if surveillance has you worried, GitHub launches Security Lab to boost open source security, Disney+ Credentials Land in Dark Web Hours After Service Launch, and 146 security flaws uncovered in pre-installed Android apps! In the expert commentary, we welcome Bob Erdman, Sr. Manager of Product Management at Core Security, a HelpSystems Company, to talk about Effective Phishing Campaigns!
Show Notes: https://wiki.securityweekly.com/HNNEpisode242
To learn more about Core Security, a HelpSystems company, visit: https://securityweekly.com/helpsystems
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Pawan Shankar, Senior Product Marketing Manager of Sysdig, to announce the launch of Sysdig Secure 3.0! In the Application Security News, Mirantis' Docker Enterprise acquisition a lifeline as industry shifts to Kubernetes, Attackers' Costs Increasing as Businesses Focus on Security, Soft Skills: 6 Nontechnical Traits CISOs Need to Succeed, and Three Ways Developers Can Worry Less About Security!
Show Notes: https://wiki.securityweekly.com/ASWEpisode85
To learn more about Sysdig, visit: https://securityweekly.com/sysdig
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Dr. Kevin Harris, Program Director for Information Systems Security and Information Technology Management at the American Public University System, to talk about The Ethics of Surveillance! In our second segment, we welcome back Bryson Bort, Founder, and CEO of SCYTHE, to demonstrate how to safely simulate ransomware and a multi-staged APT with lateral movement in your production environment! In the Security News, US-CERT Warns of Remotely Exploitable Bugs in Medical Devices, McDonalds Hamburgler Account Attack, No, YouTube isn't planning to jettison your unprofitable channel, McDonalds Hamburgler Account Attack, and how Memes could be our secret weapon against pesky bots!
Show Notes: https://wiki.securityweekly.com/PSWEpisode627
To learn more about SCYTHE, visit: https://scythe.io/securityweekly
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
The hosts of Security and Compliance Weekly answer questions like what is a security program and what is a compliance program?, Aren't they the same thing?, What are some differences?, Where do they overlap or how should they work together?, Do they compete for the same budget?, and more! In the Security and Compliance News, Payment Security Compliance Declines - 1 in 3 Companies Make the Grade, RMC Agrees to $3M HIPAA Settlement Over Mobile Device Encryption, How Emerging Technologies Are Disrupting the Banking Compliance Landscape, and much more!
Show Notes: https://wiki.securityweekly.com/SCWEpisode6
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we discuss part 1 of how Artificial Intelligence and Machine Learning can be used for Compliance, including: - What is Artificial Intelligence (AI) and Machine Learning (ML)? - What are the roles of AI/ML for Compliance? - Example: Gaming In the Security and Compliance News, What does your business need to know about the California Consumer Privacy Act (CCPA)?, California AG: No CCPA Safe Harbor for GDPR Compliance, Canada data breach tally soars since new privacy laws arrived, Marijuana Compliance and the quandary for brokers and dealers, and more!
Show Notes: https://wiki.securityweekly.com/SCWEpisode5
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, discussing how STEALTHbits releases real-time threat detection and response platform StealthDEFEND 2.2, Bitdefender GravityZone enhanced with new endpoint defense capabilities, Tenable to Secure Enterprise Cloud Environments with Microsoft Azure Integration, and Aqua Security buys CloudSploit to expand into cloud security posture management! In our second segment, we welcome Baber Amin, CTO West at Ping Identity, to discuss Zero Trust Architecture! In our final segment, we welcome Ward Cobleigh, Sr. Product Manager at VIAVI Solutions, to discuss Threat Detection: The Network Scavenger Hunt!
Show Notes: https://wiki.securityweekly.com/ESWEpisode161
To learn more about VIAVI, visit: https://securityweekly.com/viavi
To learn more about Ping Identity, visit: https://securityweekly.com/ping
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Ron Ross, a Fellow at the National Institute of Standards and Technology! His focus areas include cybersecurity, systems security engineering, and risk management. Dr. Ross leads the Federal Information Security Modernization Act (FISMA) Implementation Project, which includes the development of security standards and guidelines for the federal government, contractors, and the United States' critical infrastructure!
Show Notes: https://wiki.securityweekly.com/SCWEpisode4
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we air pre-recorded interviews from the 2019 NACD Blue Ribbon Commission Initiative! But first, in the Security and Compliance News, What is the Board's Role in Effective Risk Management?, CEOs could get jail time for violating privacy bill, California Amends Breach Notification Law, 5 Updates from PCI SSC That You Need to Know, and more!
Show Notes: https://wiki.securityweekly.com/SCWEpisode3
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, in the first segment, Mike, Matt, and John talk Security Testing! In the Application Security News, Pwn2Own Tokyo Roundup: Amazon Echo, Routers, Smart TVs Fall to Hackers, Robinhood Traders Discovered a Glitch That Gave Them 'Infinite Leverage', Bugcrowd Pays Out Over $500K in Bounties in One Week, GWP-ASan: Sampling heap memory error detection in-the-wild, and more!
Show Notes: https://wiki.securityweekly.com/ASWEpisode84
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, BlueKeep freakout had little impact on patching, Experts warn of spike in TCP DDoS reflection attacks targeting Amazon and others, Nvidia patches graphics products and GeForce Experience update tool, hackers breach ZoneAlarm's forum site, and how Apple is to fix Siri bug that exposed parts of encrypted emails! In the expert commentary, we welcome Dan DeCloss, Founder and CEO of PlexTrac, to talk about Communicating Vulnerabilities!
To learn more about PlexTrac, visit: https://securityweekly.com/plextrac
Show Notes: https://wiki.securityweekly.com/HNNEpisode241
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Brendon Macaraeg, Sr. Director of Product Marketing at Signal Sciences, to discuss how to develop an effective AppSec security program! In the Leadership and Communications segment, The CIO role, from IT operator to business strategist, 5 questions with Cisco's CISO, Gartner's strategic tech trends for 2020, and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode151
To learn more about Signal Sciences, visit: https://signalsciences.com/psw
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Peter Smith, Founder and CEO of Edgewise for an interview! In our second segment, we welcome back Kevin Finisterre & Josh Valentine, to talk about their project Arcade Hustle, and the things they ve learned during their into to the arcade scene!! In the Security News, Who is responsible for Active Directory security within your organization?, Apple publishes new technical details on privacy features, How to ensure online safety with DNS over HTTPS, and Amazons Ring Video Doorbell could open the door of your home to hackers!
Show Notes: https://wiki.securityweekly.com/PSWEpisode626
To learn more about Edgewise, visit: https://securityweekly.com/edgewise
To learn more about Arcade Hustle, visit: https://github.com/ArcadeHustle
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Alexander Niejelow, Senior Vice President, Cybersecurity Coordination and Advocacy at Mastercard for an interview! In the Security and Compliance News, New York s Breach Law Amendments and New Security Requirements, Cybersecurity, The C-Suite, & The Boardroom: The Rising Specter Of Director & Officer Liability, Kaiser says data breach exposed information on nearly 1,000 Sacramento-area patients, Companies Still Not Prepared to Comply with GDPR and Potential EU Data Breaches, The Human Factor of Cyber Security, and more!
Show Notes: https://wiki.securityweekly.com/SCWEpisode2
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we bring to you our brand new show, Security and Compliance Weekly, hosted by Jeff Man, and Co-Hosted by Scott Lyons, Josh Marpet, and Matt Alderman! In the first segment, Jeff and the hosts talk about PCI and how it affects the state of the union! In the Security and Compliance News, Important security notice about your DoorDash account, How PCI DSS compliance milestones can be a GDPR measuring stick, Companies vastly overestimating their GDPR readiness, only 28% achieving compliance, When Compliance Isn't Enough: A Case for Integrated Risk Management, and much more!
Show Notes: https://wiki.securityweekly.com/SCWEpisode1
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, talking about how Trustwave offers threat detection and response for Microsoft Azure, LogRhythm offers migration service to Splunk customers to address security challenges, CrowdStrikes Falcon security platform lands on AWS, and how GitLab plans to ban hires in China and Russia due to espionage concerns! In our second segment, we welcome back Adrian Sanabria, Advocate at Thinkst, to discuss Enterprise Deception and how Thinkst is helping in the security space! In our final segment, we welcome Tim Callan, Senior Fellow at Sectigo, to talk about Quantum Computing & what its arrival means for IT, traditional computing, and infosec!
Show Notes: https://wiki.securityweekly.com/ESWEpisode160
To learn more about Thinkst, visit: https://securityweekly.com/canary
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Henry Harrison, Co-Founder, and CTO at Garrison, to discuss how hardware security solutions from the intelligence community can help the commercial industry! In the Leadership and Communications Segment, Balancing the Company s Needs and Employee Satisfaction, Why Successful People Wear The Same Thing Every Day, What industry gets wrong about cyber insurance, and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode150
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, aggressive IoT malware that's forcing Wi-Fi routers to join its botnet army, Google discloses Chrome Zero-Day exploited in the wild on Halloween, the first Bluekeep exploit found in the wild, and oC Exploits Published for Unpatched RCE Bugs in rConfig! In the expert commentary, we welcome Sean O'Brien, Founder, and CEO of PrivacySafe, to talk about Siri, Alexa, and Google Assistant hacked via Laser Beam!
Show Notes: https://wiki.securityweekly.com/HNNEpisode240
To learn more about PrivacySafe, visit: https://securityweekly.com/privacysafe
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we interview Daniel Lowrie and Justin Dennison, Edutainers at ITProTV, to discuss how to bridge the gap between a Developer and Security! In the Application Security News, Stable Channel Update for Desktop Chrome users should upgrade to, Overcoming the container security conundrum: What enterprises need to know, Security Think Tank: In the cloud, the buck stops with you, PHP Bug Allows Remote Code-Execution on NGINX, Servers and patch details at Sec Bug #78599, Raising Security Awareness: Why Tools Can't Replace People, and much more!
Show Notes: https://wiki.securityweekly.com/ASWEpisode83
To learn more about ITProTV, visit: https://securityweekly.com/itprotv
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Philippe Courtot, Chairman and CEO of Qualys, and Sumedh Thakar, Chief Product Officer at Qualys, to talk about a new prescription for security, and Security in the Cloud Era! In our second segment, we air a pre-recorded Technical Segment with Sven Morgenroth of Netsparker! In our final segment, we air another pre-recorded interview with Dave Bitner, producer and host from the CyberWire podcast!
Show Notes: https://wiki.securityweekly.com/PSWEpisode625
To learn more about Qualys, visit: https://securityweekly.com/qualys
To learn more about Netsparker, visit: https://securityweekly.com/netsparker
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, first we talk Enterprise News, discussing how IaaS cloud vulnerabilities are expected to increase 50% over 2018 figures, examining security process maturity in 400 organizations, Snow Software Unveils Risk Monitor to Combat Security and Compliance Threats, and some funding and acquisition updates from Aviatrix and enSilo! In our second segment, we welcome Carter Manucy, Cybersecurity Manager at the FMPA (Florida Municipal Power Agency), to talk IT/OT convergence in the power/utility space! In our final segment, we talk about the Vulnerability Management Evaluation Guide, with aspects of Deployment, Practice, and Reporting!
Show Notes: https://wiki.securityweekly.com/ESWEpisode159
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Kevin O'Brien, Co-founder, and CEO at GreatHorn, to discuss email security! In the Leadership and Communications segment, Of the 4 manager types, only 1 boost employee performance 26%, How to Look and Sound Confident During a Presentation, 2020 IT spending priorities, and the traps a cloud shift creates, and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode149
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Adobe database exposes 7.5 million Creative Cloud users, PHP team fixes nasty site-owning remote execution bug, Trend Micro's antivirus tools will run malware if the filename is cmd.exe, and how the country of Georgia was hit by a massive cyber attack! In the expert commentary, we welcome Jason Wood, to discuss how Fancy Bear targets Sporting and Anti-Doping Orgs as the 2020 Olympics Loom!
Show Notes: https://wiki.securityweekly.com/HNNEpisode239
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Mike Shema, Matt Alderman, and John Kinsella talk about Bug Bounties, Pentesting, & Scanners! In the Application Security News, Top cloud security controls you should be using, State of Software Security X, Developers: The Cause of and Solution to Security's Biggest Problems, and much more!
Show Notes: https://wiki.securityweekly.com/ASWEpisode82
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Tom Williams, Director of Veterans Operations for the Veterans Mental Health Hackers, to talk about How Mental Health Hackers is going to help Veterans in Infosec in 2020 and beyond! In our second segment, we talk Security News, discussing how Amazon Echo and Kindle devices were affected by a WiFi bug, Ransomware and data breaches linked to uptick in fatal heart attacks, a woman was ordered to type in her iPhone password so police could search the device, and how the military found Marijuana at a North Dakota nuclear launch facility! In our final segment, we air a pre-recorded interview with Mark Dufresne!
Show Notes: https://wiki.securityweekly.com/PSWEpisode624
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, In our first segment, we talk Enterprise News, discussing how ManageEngine launched a holistic take on privileged access security, Avast faced a security breach aimed at messing up its CCleaner, Recorded Future enhanced partnership with ServiceNow to reduce organizational risk, and the Sophos Cloud Optix are now available on AWS marketplace! In our second segment, we welcome Erich Anderson, Insider Threat Principal at ObserveIT, to talk about the Foundational Elements of an Insider Threat Program! In our final segment, we welcome Kevin O'Brien, CEO & Co-Founder at GreatHorn, to discuss Pen Testers, Social Engineering, and more!
To learn more about GreatHorn, visit: https://securityweekly.com/greathorn
Show Notes: https://wiki.securityweekly.com/ESWEpisode158
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Merlin Namuth, former Chief Information Security Officer and Program Committee Member at RSA Conference! In the Leadership and Communications segment, Two Big Reasons that Digital Transformations Fail, DevSecOps model requires security to get out of its comfort zone, 3 things CIOs should discuss with the CEO to optimize cybersecurity, and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode148
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, researchers turn Alexa and Google Home into credential thieves, Microsoft aims to block firmware attacks with new secured-core PCs, the popular VPN service NordVPN confirms data center breach, a 4-year-old critical Linux Wi-Fi bug allows system compromise, and US nuclear weapons command finally ditches 8-inch floppies! In the expert commentary, we welcome Jason Wood, to discuss the Evolution of False Flag Operations!
Show Notes: https://wiki.securityweekly.com/HNNEpisode238
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Doug Coburn, Director of Professional Services at Signal Sciences, discussing Containers, Layer 7, and Application Security! In the Application Security News, From Stackoverflow to CVE, with some laughs along the way, Four-Year-Old Critical Linux Wi-Fi Bug Allows System Compromise, Recent Site Isolation improvements in Chrome, policy_sentry is an IAM Least Privilege Policy Generator, auditor, and analysis database, and much more!
Show Notes: https://wiki.securityweekly.com/ASWEpisode81
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Daniel DeCloss, President and CEO of PlexTrac, to talk about what makes an excellent pentest report! In our second segment, we talk Security News, how hackers can hijack your local airport, Baltimore to buy $20M in cyber insurance months after the attack, a dangerous Kubernetes bug that allows authentication bypass-DoS, and using machine learning to detect IP hijacking! In our final segment, we air a pre-recorded interview with Peter Kruse, Co-Founder of the CSIS Security Group, discussing Cybercrime, Threat Hunting, and spear-phishing attacks!
Show Notes: https://wiki.securityweekly.com/PSWEpisode623
To learn more about PlexTrac, visit: https://securityweekly.com/plextrac
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, In our first segment, we talk Enterprise News, discussing how Okta is launching offerings for threat detection and remediation, Tenable extends Lumin to all platform customers, Signal Sciences announces integration with Pivotal Container Service, and how Thoma Bravo made a 3.9 Billion dollar offer to acquire Sophos! In our second segment, we talk about Tactics for Understanding Security Vendor Products! In our final segment, we air three pre-recorded interviews from Hacker Halted with Cathy Ullman, Joe Gray, and Jenny Radcliffe!
Show Notes: https://wiki.securityweekly.com/ES_Episode157
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, it's our quarterly security money segment! In the first segment, we'll review the Security Weekly 25 index! In our second segment, we'll share the results of our Security Weekly 25 Index Survey, which we completed earlier this year!
Show Notes: https://wiki.securityweekly.com/BSWEpisode147
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Francois Lacelles, Field CTO of Ping Identity for an interview! In the Application Security News, Key takeaways from Imperva breach, From Automated Cloud Deployment to Progressive Delivery, Designing Your First App in Kubernetes: An Overview Food for Thought, Autonomy and the death of CVEs?, and AppSec 'Spaghetti on the Wall' Tool Strategy Undermining Security!
To learn more about Ping Identity, visit: https://securityweekly.com/ping
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ASWEpisode80
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Ty Sbano, Cloud Chief Information Security Officer of Sisense for an interview! In the Leadership and Communications section, The 5 Enemies of Trustworthy Leadership, 5 Things Leaders Do That Stifle Innovation, 'What's Your Purpose'? Big Tech's 7 Favorite Interview Questions, and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode146
To learn more, please visit - http://www.tysbano.com
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Signal rushes to patch serious eavesdropping vulnerability, Wi-Fi signal let researchers ID people through walls from their gait, the FBI warns about attacks that bypass MFA, Vulnerable Twitter API leaves tens of thousands of iOS apps open to attacks, and D-Link home routers open to remote takeover will remain unpatched! In the expert commentary, we welcome Justin Elze from TrustedSec, to talk about Red Teaming and Adversary Emulation!
Show Notes: https://wiki.securityweekly.com/HNNEpisode237
To learn more about TrustedSec, visit: https://trustedsec.com/securityweekly
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Mike, Matt, and John talk about Cloud Security for Small Teams! In the Application Security News, Ex-Yahoo Engineer Abused Access to Hack 6,000 User Accounts, American Express Insider Breaches Cardholder Information, How a double-free bug in, WhatsApp turns to RCE, Flare-on 6 2019 Writeups, and Five Trends Shaping the Future of Container Security!
Show Notes: https://wiki.securityweekly.com/ASWEpisode79
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Security News, how Turkey fines Facebook $282,000 over privacy breach, why the FBI is encouraging not to pay ransomware demands, the top 10 cybersecurity myths that criminals love, Doordash third-party breach hits 4.9 Million users, and how a "Bulletproof" Dark Web data center was seized by German police! In our second segment, we air a pre-recorded interview with Stewart Room, Partner at PwC, to talk about Data Privacy and The Journey to Code! In our final segment, we air a show trailer of our brand new podcast, Security & Compliance Weekly w/ Jeff Man, Matt Alderman, Scott Lyons, and Josh Marpet!
Show Notes: https://wiki.securityweekly.com/Episode622
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, in our first segment, we talk Enterprise News, discussing how Tripwire unveils a new version of Tripwire Connect, Infrastructure management at scale with Netshield, Five Trends Shaping the Future of Container Security, and some funding updates from BurstIQ and Kenna Security! In our second segment, we welcome Paul Claxton, COO and Managing Partner at Elite Holding, Co., Valiant Consulting, and Reciprocity ROI LLC, to talk about the Top Cyber Threats for COO's, CMO's, and CISO's! In our final segment, we welcome Matt Wyckhouse, Co-Founder and CEO at Finite State, to talk about Supply Chain Security in the IoT Era!
Show Notes: https://wiki.securityweekly.com/ESWEpisode156
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Jeff Costlow, Deputy CISO at ExtraHop, to discuss how to strengthen your cloud security posture! In the Leadership and Communications segment, Why New Leaders Should Make Decisions Slowly, What Einstein's Most Famous Equation Says About Maximizing Your Productivity, Shift to digital business is booming, but are CEOs ignoring associated risk?, and more!
To learn more about ExtraHop, visit: https://securityweekly.com/extrahop
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode145
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, 335 Million Malicious apps were installed on Google Play in September, a new bug found in NSAs Ghidra tool, a Medical Practice closed permanently after a Ransomware attack, researchers find a new hack to read content of password-protected PDF files, and a billboard in Michigan was hacked to play Pornography for drivers along I-75! In the expert commentary, we welcome Sean O'Brien, Founder and CEO of PrivacySafe, to talk about PrivacySafe - The Anti Cloud Appliance!
To learn more about PrivacySafe, visit: https://securityweekly.com/privacysafe
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode236
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Ryan Kelso, Application Security Engineer at 10-Sec, Inc., to discuss Information Disclosure Vulnerabilities! In the Application Security News, Threat Actors Use Percentage-Based URL Encoding to Bypass Email Gateways, Intelligent Tracking Prevention 2.3 and a discussion to Limit the length of the Referer header with some background on Browser Side Channels, Serverless Security Threats Loom as Enterprises Go Cloud Native, and much more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode78
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Security News, discussing how a hacker took over a smart home with vulgar music and rising temperatures, a security warning for 23 million YouTube creators following a crazy hack attack, Vimeo sued for storing faceprints of people without their say-so, Selfie Android apps push ads and can record audio, and how adopting DevOps leads to an improved security posture! In our second segment, we air three pre-recorded interviews from the SE village at DEFCON 27 with Billy Boatright, Edward Miro, and Jayson Street! In our final segment, we air two more pre-recorded interviews from the SE Village at DEFCON 27, featuring Perry Carpenter and Chris Edwards!
Full Show Notes: https://wiki.securityweekly.com/Episode621
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com
This week, in the enterprise news segment, Akamai acquires MFA specialist KryptCo, HP acquires Bromium to enhance its security platform, Cyber Insurance firm Cowbell emerges from stealth with $3.3M in seed funding and more! In our second segment, we interview Brian Dye, Chief Product Officer at Corelight, a Help Systems company, to discuss "The Path to Threat Hunting is Paved with Great Network Data". In our third segment, we interview Tony Meehan, Vice President of Engineering at Endgame, to discuss "Building an engineering team for every stage of company growth".
Full Show Notes: https://wiki.securityweekly.com/ES_Episode155
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Facebook suspends tens of thousands of apps from hundreds of developers, a Privilege Escalation flaw found in Forcepoint VPN Client for Windows, WannaCry and why it never went away, 0patch promises support for Windows 7 beyond January 2020, and how the FBI arrests more than 200 hackers in different countries! In the expert commentary, we welcome Grant Sewell, Director of IT Security at Safelite Autoglass, to talk about Risk-based security and identity controls, and the Use of Preempt Security's Platform!
To learn more about Preempt, visit: https://securityweekly.com/preempt
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode235
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Brian Lamoureux, Partner at Pannone Lopes Devereaux & O'Gara, to discuss the similarities of Big Tech to Big Tobacco. In the leadership and communications section, Troublesome Teammates, Email challenges and how to set boundaries, Cybersecurity confidence rattled by continued investments, small results, and more!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode144
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Nicolas Valcarcel, Security Engineer at NextRoll! In the Application Security News, BSIMM10 Emphasizes DevOps' Role in Software Security and the BSIMM10 report, Crowdsourced Security & the Gig Economy, Lessons learned through 15 years of SDL at work, Software eats the world, jobs double US employment growth rate, and more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode77
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Jason Lang, Sr. Security Consultant at TrustedSec, to talk about modern-day Red Teaming against some of the largest companies in the U.S.! In our second segment, we welcome Wes Widner, Cloud Engineering Manager at CrowdStrike, to talk about Audio Security, and why personal voice assistants are the wave of the future! In the Security News, how an iOS 13 flaw could provide access to contacts with a passcode, Equifax demands more information before making payouts, confidential data of 24.3 million patients were discovered online, and a SIM Flaw that lets hackers hijack any phone by sending SMS!
To learn more about TrustedSec, visit: https://securityweekly.com/trustedsec
Full Show Notes: https://wiki.securityweekly.com/Episode620
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, in our first segment, John Strand talks Attacking AWS: Elastic Map to Reduce Clusters! In the Enterprise News, hundreds laid off by Symantec as part of restructuring plan, Infection Monkey Industries first Zero Trust Assesment Tool, Shape Security eyes IPO after raising $51 Million at a $1 Billion evaluation, Lacework secures $42 Million and adds new president, board members, and customers, FireMon announced the introduction of FireMon Automation, and more! In our final segment, we talk Cloud Security, and what security products you need in the cloud!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode154
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, experts disclosed passcode bypass bug in iOS 13 a week before release, drone attacks hit two Saudi Arabia Aramco oil plants, Google fixes 2FA flaw in built-in security key, LastPass fixes bug that leaks credentials, AMD Radeon Driver flaw lead to VM escape, and how the Air Force will let hackers try to hijack an orbiting satellite! In the expert commentary, we welcome George Avetisov, CEO and Co-Founder at HYPR Corp., to talk about True Passwordless Security!
To learn more about Hypr, visit: https://securityweekly.com/hypr
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode234
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Chris Bush, Head of Security at ObserveIT, to discuss Investigating the Insider Threat! In the Leadership and Communications segment, Why So Many Companies Fail at Strategy and How to Fix It, 8 Things Leaders Do That Make Employees Quit, The changing role of the CIO, How to Rehearse for an Important Presentation, and 10 Steps To Get Started In Cybersecurity Careers: What High-Achievers Do While Others Don't!
To learn more about ObserveIT, visit: https://securityweekly.com/observeit
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode143
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we present the Security News, to discuss new ransomware growing 118% as cybercriminals adopt fresh tactics and code innovations, Period Tracker Apps share data with Facebook, U.S. Cyber Command trolls North Korea with Malware Release, and a lot more! In our second segment, we welcome back Peter Smith, the Founder & CEO of Edgewise, to talk about Edgewise's 1-Click Microsegmentation! In our final segment, we air a pre-recorded interviews from SE Village with Chris Kirsch and Micah!
To learn more about Edgewise, visit: https://securityweekly.com/edgewise
Full Show Notes: https://wiki.securityweekly.com/Episode619
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Jay Durga, IT Architect at CIRCOR International, to discuss the excel tool he developed, and how it can be used to measure metrics or as a guidance document for testing effectiveness of security controls put in place in your SDLC and DevOps process! In the Application Security News, Simjacker Next Generation Spying Over Mobile, Intel CPUs Vulnerable to Sensitive Data Leakage in NetCAT Attack and NetCAT: Practical Cache Attacks from the Network, What is PSD2? And how it will impact the payments processing industry, Better Together: Why Software-Development Toolmakers Should Embrace Integration, and more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode76
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, in the Enterprise News, Splunk buys SaaS startup Omnition, Stage Fund buys Israeli cybersecurity co Cymmetria, Trustwave platform brings more visibility and control cloud security, and more! Steve Laubenstein is the VP - Cyber Threat Products Group at Core Security - a HelpSystems Company. Steve will be discussing the need to understand your system's resilience to attacks, and your people's ability to quickly identify and respond has never been higher. Yet, we live in an IT world that is increasingly becoming borderless. We will be discussing the role of pen testing where mobile, cloud, IoT and network sprawl are the new normal.
To learn more about Core Security, visit: https://securityweekly.com/coresecurity
We interview Dan Cornell, the Founder & CTO the at DenimGroup.Next, Bryson Bort, the Founder & CEO at SCYTHE. Last, Yuriy Bulygin, the Founder & CEO at Eclypsium.
Full Show Notes: https://wiki.securityweekly.com/ES_Episode153
Visit https://www.securityweekly.com/esw for all the latest episodes!
This week, 60,000 GPS trackers for people and pets are using the same password, YouTube fined $170m for covertly tracking kids online, a free working exploit for BlueKeep, WordPress 5.2.3 fixes new clutch of security vulnerabilities, critical Exim flaw opens millions of servers to Takeover, cyberattack Disrupted Firewalls at U.S. Power Utility, a Million-plus IoT Radios Open to Hijack via Telnet Backdoor, Vulnerabilities in D-Link, Comba Routers Can Leak Credentials, and vulnerabilities exposed 2 million Verizon customer contracts. In the expert commentary, Matt Alderman talks about the slew of ransomware attacks, and pay-offs, targeted at cities and municipalities earlier this year, is the tide starting to turn?
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode233 Visit http://hacknaked.tv to get all the latest episodes!
David X Martin is the CEO at DavidXMartin, LLC. He is passionate about helping business leaders sleep better at night by equipping them with critical cyber risk management tools that protect their enterprises while enhancing strategic business growth. David will be covering Critical Business Decision Making - IT vs Business Making. ***** Brian Reed is the Chief Mobility Officer at NowSecure. Brian discusses mobile-app traffic now outpaces mobile web traffic, yet for many organizations mobile security drags behind web leaving businesses at risk. In fact, industry benchmarks show 85% of mobile apps have security issues and 72% have mobile privacy issues. As more organizations build mobile apps to engage with customers in delightful experiences and drive digital transformation, dev and security teams are looking for ways to ensure security and privacy are built-in.
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode142
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Ty Sbano is the Cloud Chief Information Security Officer of Sisense. Ty will be discussing Tools in the DevOps Pipeline, Component Analysis, and Anything Application Security! ***** A very deep dive into iOS Exploit chains found in the wild followed by Heap Exploit Development, Twitter turns off SMS texting after @Jack hijacking, CVE-2019-15846: Unauthenticated Remote Command Execution Flaw Disclosed for Exim, 7 Steps to Web App Security, Fuzzing 101: Why Bug Hunters Still Love It After All These Years, and more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode75 Visit https://www.securityweekly.com/asw for all the latest episodes!
This week, Paul and Matt Alderman talk Enterprise News, to discuss a Privilege Escalation Vulnerability that existed in Check Point Software, Untangle survey finds SMBs continue to struggle with IT Security, Tufin delivers enhanced Visibility and Topology modeling for Cisco ACI Migration, and how the OS that powered smartphones started from failure! In our second segment, we air two pre recorded interviews from BlackHat 2019 with Jason Brvenik of NSS Labs and Mehul Revankar of SaltStack! In our final segment, we air two more pre-recorded interviews from BlackHat 2019 with Carolyn Crandall of Attivo Networks and Krupa Srivatsan of Infoblox!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode152
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, hackers indiscriminately infected iPhones for two years, Google throws bug bounty bucks at mega-popular third-party apps, how Jack Dorsey's Twitter account got hacked, and how attackers are exploiting vulnerable WordPress plugins to backdoor sites! In the Expert Commentary, Larry Alston of Tufin joins us to discuss Developing and Enforcing Security Policies in the Cloud!
To learn more about Tufin, visit: https://securityweekly.com/tufin
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode232
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we present the Security News, to discuss how AT&T employees took bribes to plant malware on the company’s network, how hackers could decrypt your GSM calls, 80 suspects charged with massive BEC scam, and how the passports and licenses of 300 people were leaked in New Zealand! In our second segment, we welcome back Corey Thuen, Co-Founder at Gravwell, to talk about analyzing custom log sources! In our final segment, we air a pre-recorded interview with Chris Hadnagy, Founder, CEO, and Chief Human Hacker at Social Engineer, LLC., to talk about the SEVillage Orlando 2020, and the mission and some info on the Innocent Lives Foundation!
To learn more about Gravwell, visit: https://securityweekly.com/gravwell
Full Show Notes: https://wiki.securityweekly.com/Episode618
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul and Matt Alderman talk Enterprise News, to discuss 5 tips on how testers can collaborate with software developers, Imperva discloses a data breach affecting some firewall users, VMware unveils security enhancements in Virtual Cloud Network Offering, and how Veristor and Synack partner to apply Ethical Hackers and AI Technology! In our second segment, we air three pre-recorded interviews from BlackHat 2019 with Chris Kennedy from AttackIQ, Balaji Prasad of BlueHexagon, and Mike Weber of Coalfire! In our final segment, we air three more pre-recorded interviews from BlackHat 2019 with Brett Wahlin of Respond Software, Andrew Homer of Morphisec, and Mat Gangwer from Sophos!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode151
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Tony Howlett, CISO at SecureLink, to talk about best practices to limit 3rd party risk! In the Leadership and Communications segment, The elements of a good company apology, 8 ways leaders delegate successfully, there's no shame in working on vacation, and more!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode141
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweek
Like us on Facebook: https://www.facebook.com/secweekly
This week, a hacker finds Instagram Account Takeover Flaw worth $10,000, a U.S. Judge orders Capital One hacker Paige Thompson to remain in prison, a vast majority of newly registered domains are malicious, and why half of all Social Media logins are fraud! In the expert commentary, Jason Wood joins us to discuss Building Your First Incident Response Policy: A Practical Guide for Beginners!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode231
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Pawan Shankar, Senior Product Marketing Manager of Sysdig! In our second segment, we air two pre-recorded interviews with Azi Cohen, Co-Founder of WhiteSource, and Jeff Hudson, CEO of Venafi from BlackHat USA 2019!
To learn more about Sysdig, visit: https://securityweekly.com/sysdig
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode74
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we present a Technical Segment sponsored by our partner DomainTools, on Deobfuscating JavaScript to investigate Phishing Domains! In our second segment, we welcome Richard Melick, Senior Technology Product Marketing Manager at Automox, to talk about why waiting to deploy critical patches makes you a bigger target! In our final segment, we air two pre recorded interviews from BlackHat USA 2019, with Roman Sannikov from Recorded Future and Ray Dimeo of Virsec!
To learn more about Automox, visit: https://securityweekly.com/automox
To learn more about DomainTools, visit: https://securityweekly.com/domaintools
Full Show Notes: https://wiki.securityweekly.com/Episode617
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul is joined by John Strand and Matt Alderman to talk Enterprise News, in which ThreatConnect released Enhanced Integration with Flashpoint, ObserveIT unveils crowdsourced insider threat analytics solution, Thycotic launches automated solution for managing service accounts, and StackRox Kubernetes Security Platform is offered on the GCP! In our second segment, we air three pre-recorded interviews from BlackHat 2019 with Steve Laubenstein of CoreSecurity, Ian McShane from Endgame, and Peter Smith from Edgewise! In our final segment, we air two more pre-recorded interviews from BlackHat 2019 with Carsten Willems of VMRay and David Etue of BlueVoyant!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode150
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Jessica Johnson and Amber Pedroncelli to discuss Hacker Halted and the Global CISO Forum! In the Leadership and Communications segment, 3 Traits Of Successful Entrepreneurs, 4 Ways To Gain Power And Use It For Good, 5 Reasons to Never Compromise on Punctuality, and more!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode140
To register for Hacker Halted, visit: https://securityweekly.com/hackerhalted and use the discount code HH19SW to get $100 off!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, 61 impacted versions of Apache Struts let off security advisories, a hacker publicly releases Jailbreak for iOS version 12.4, Chrome users ignoring warnings to change breached passwords, an unpatchable security flaw found in popular SoC boards, and a reward up to $30,000 for find vulns in Microsoft Edge dev and beta channels! In the expert commentary, we welcome Jason Wood, to discuss Ransomware and City Governments!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode230
Roman Sannikov, Recorded Future - https://www.youtube.com/watch?v=0kCZIX6a-6o
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, in the Application Security News, HTTP/2 Denial of Service Advisory with seven vulns that affects the protocol implemented by several vendors, SSH certificate authentication for GitHub Enterprise Cloud works well with tools like Sharkey and BLESS, Polaris Points the Way to Kubernetes Best Practices, and much more! In our second segment, we air three pre-recorded interviews from Black Hat 2019, with Ameya Talwalker from Cequence, Mark Batchelor from PING Identity, and Michael Krueger from NowSecure!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode73
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Tony Punturiero, Community Manager at Offensive Security, to talk about the journey of turning from a Blue Teamer to a Red Teamer, and kick starting an InfoSec community! In the Security News, BlackHat USA 2019 breaks records once again, new flaws in Qualcomm Chips expose Android devices to hacking, DEFCON 27 badge hacking for beginners, the CapitalOne hacker may have stolen from more than 30 companies, and a new data breach that exposed millions of fingerprint and facial recognition records! In our final segment, we air three Pre-Recorded interviews from the SE Village and BT Village from DEFCON 27, with O'Shea Bowens, Tyler Robinson, and Aaran Leyland!
Full Show Notes: https://wiki.securityweekly.com/Episode616
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul and Matt Alderman interview Mehul Revankar, Senior Product manager at SaltStack, to discuss the Sec and Ops Challenge! In the Enterprise Security News, Signal Sciences Rolls New Application Security Product, A10 Networks brings zero-day automated protection to DDoS defense, and we have some acquisition and funding updates from Symantec, McAfee, Cybereason, and Capsule8! In our final segment, we air three pre-recorded interviews with NETSCOUT, Remediant, and BitDefender from BlackHat USA 2019!
To learn more about NetScout, visit: https://securityweekly.com/netscout
Full Show Notes: https://wiki.securityweekly.com/ES_Episode149
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, in the Leadership and Communications segment, how our brains decide when to trust, Warren Buffet's "2 List strategy", lack of IT leadership fuels IoT trial failures, and more! In our second segment, we air a Pre-Recorded interview with Vanessa Van Edwards, Lead Investigator at Science of People, to discuss the 6 Secrets of Success, Myths About Body Language, Confident Body Language Boosters, and more!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode139
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Mike Shema and Matt Alderman discuss Hacker Summer Camp as the Security Weekly team has returned from Las Vegas all in one piece! In the Application Security News, From Equifax to Capital One: The problem with web application security, Apple extends its bug bounty program to cover macOS with $1 million in rewards, Azure Security Lab: a new space for Azure research and collaboration, Awarding Google Cloud Vulnerability Research, and more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode72
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/asw for all the latest episodes!
This week, we are LIVE from BlackHat 2019, as we welcome John Smith, Principal Sales Engineer of Security at ExtraHop, to discuss Network Detection & Response! In our second segment, we welcome Joe Gillespie, Enterprise Account Executive at Netsparker, to talk about Managing Vulnerabilities in the Enterprise! In the final segment, we welcome Brandon Edwards, Chief Scientist at Capsule8, to discuss the importance of understanding the security properties of containers, how they have been escaped in the past, and how they are likely to be escaped in the future!
To learn more about Netsparker, visit: https://netsparker.com/securityweekly
To learn more about ExtraHop, visit: https://extrahop.com/securityweekly
Full Show Notes: https://wiki.securityweekly.com/ES_Episode148
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, from BlackHat 2019, we welcome back Gabriel Gumbs, Chief Innovation Officer at Spirion! Gabe talks about his role at the company, and shares some stories of his endeavors in the world of security! In the second segment, Paul, Larry, Doug, and Gabe, talk Software Development: Security Do's and Don'ts! In the final segment, we welcome Josh Douglas, VP of Threat Intelligence at Mimecast, to discuss the threats facing organizations today, and how IT and security teams need to understand the threats their organizations face!
Full Show Notes: https://wiki.securityweekly.com/Episode615
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Sam Straka, Technical Product Manager at LogRhythm, to talk about LogRhythm's Next Gen SIEM Platform orchestration! In our second segment, we welcome Doug Coburn, Director of Professional Services at Signal Sciences, to talk about how Signal Sciences is Implemented, and we'll take a look at installing Signal Sciences in a Kubernetes environment and the Signal Sciences dashboard! In the Security News, the U.S. Government issues a light aircraft cyber alert, thieves steal a laptop with 30 years of Data from University of Western Australia, RCE is possible by exploiting flaws in Vxworks, and the alleged Capital One hacker is barely bothered to hide!
To learn more about LogRhythm, visit: https://securityweekly.com/logrhythm
To learn more about Signal Sciences, visit: https://signalsciences.com/psw
Full Show Notes: https://wiki.securityweekly.com/Episode614
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul, Matt, and John discuss how Microsoft acquires BlueTalon to bolster data governance offerings, Arduino selects Auth0 as standardized login for open source ecosystem, new code-signing solution released by Venafi, and ExtraHop issues warning about phoning home in new security advisory! In our second segment, we talk Evaluating Security Vendors! In our final segment, we welcome Charles Thompson, Senior Director of Product Management at VIAVI Solutions!
To learn more about VIAVI Solutions, visit: https://securityweekly.com/viavi
Full Show Notes: https://wiki.securityweekly.com/ES_Episode147
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Todd Fitzgerald, Managing Director/CISO/Cybersecurity Leadership Author at CISO SPOTLIGHT, LLC, to discuss his book, the CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers! In the Leadership and Communications segment, Leading with Trust, Portrait of a CISO, roles and responsibilities, Cybersecurity Risk: What does a "reasonable" posture entail and who says so?, and more!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode138
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, a rare steganography hack can compromise fully patched websites, the Louisiana governor declares state of emergency after a local ransomware outbreak, Google found a way to remotely attack Apple iOS devices by sending a boobytrapped iMessage, and 100 million users data stolen in the Capital One breach! In the expert commentary, we welcome Jason Wood, to discuss how the U.S. issues a hacking security alert for small planes!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode229
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, in the Application Security News, Rare Steganography Hack Can Compromise Fully Patched Websites, Bug Bounties Continue to Rise as Google Boosts its Payouts, Snyk Acquires DevSecCon to Boost DevSecOps Community, and much more! In our second segment, we welcome Murray Goldschmidt, COO & Co-founder of Sense of Security, to talk about The State of Container Security in the Enterprise!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode71
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Troels Oerting, Head of the Global Centre for Cybersecurity at the World Economic Forum, to discuss Integrity through Prevention, and protection and prosecution via people, technology, and processes! In the Security News, a phishing scheme that targets AMEX cardholders, the list of labs affected by the American Medical Collection Agency data breach continues to grow, a Silk Road drug dealer gets caught converting Bitcoin to cash, how GDPR is forcing the tech industry to rethink Identity Management and Authentication, and a Mirai-like botnet wages massive application layer DDoS attack! In our final segment, we air a pre recorded interview with Murray Goldschmidt, to talk about DDoS and Container Security!
Full Show Notes: https://wiki.securityweekly.com/Episode613
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Matt and Paul discuss how Synopsys and Ixia announce a collaboration to enable scalable networking SoC validation, Digital Shadows announces significant updates to its SearchLight platform, Check Point introduces high-performance security gateways, and nine steps to lock down corporate browsers! In our second segment, we welcome Luis Giraldo, VP of Strategy at Kaseya, to talk about Unified IT and the capabilities of Kaseya's IT Complete Platform! In our final segment, we welcome Michael Aiello, Director of Product Management of Google Cloud Security, to talk about Security Responsibility in the Hybrid and Multi-Cloud!
To learn more about Kaseya, visit: https://securityweekly.com/kaseya
Full Show Notes: https://wiki.securityweekly.com/ES_Episode146
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Ajit Sancheti, CEO at Preempt, to discuss Securing Identity with Conditional Access! In the Leadership and Communications segment, 8 Sales Skills You Need to Learn, The Trust Crisis, Five Management Lessons From the Apollo Moon Landing, and more!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode137
To learn more about Preempt, visit: https://securityweekly.com/preempt
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, a bug in NVIDIAs Tegra Chipset opens doors to Malicious Code Execution, hackers publish a list of phished Discord creds, Equifax to pay up to $700 Million in 2017 data breach settlement, several vulnerabilities found in Comodo Antivirus, and VLC player has a critical RCE flaw with no patch available! In the expert commentary, we welcome Jason Wood, to discuss why Corporate Mobile Security just isn't cutting it!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode228
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Ian Eyberg, CEO of NanoVMs! In the Application Security News, detecting malware in package manager repositories, Attacking SSL VPN, Solving Digital Transformation Cybersecurity Concerns With DevSecOps, How I Could Have Hacked Any Instagram Account, Tracking Anonymized Bluetooth Devices and Bluetooth Bug, and more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode70
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Katie Nickels, ATT&CK Threat Intelligence Lead at the MITRE Corporation, to talk about the MITRE ATT&CK Framework! In our second segment, a security roundtable discussion on Vulnerability Management, Patching, Hunt Teaming, Asset Management, and System Hardening! In the Security News, Lenovo confirms 36TB Data Leak security vulnerability, Slack resets passwords after 2015 data breach, why BlueKeep hasn't reeked havoc yet, and why you don't need a burner at a hacking conference!
To learn more about MITRE ATT&CK, visit: https://attack.mitre.org
Full Show Notes: https://wiki.securityweekly.com/Episode612
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, in the Enterprise News, we discuss how the ThreatConnect Platform now supports MITRE ATT&CK framework, Aqua Security deepens strategic relationship with Microsoft to accelerate Azure deployments, DefenseStorm raises $15 Million to invest in employees and innovation, and Signal Sciences integrates with Datadog to provide Real-Time security threat insights! In our second segment, we welcome David Harding, SVP & Chief Technology Officer at Imageware Systems Inc., to talk about how Identity Authentication is more important now than ever before! In our final segment, we welcome Jared Haggerty, Director of Content and Curation for Databerry, to talk about where the security of business is and where it's headed going forward!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode145
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Eric McAlpine, Co-founder and Managing Partner at Momentum Cyber! In our second segment, we bring you our "Security Money" segment to review the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode136
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, the Zoom RCE flaw is affecting RingCentral and Zhumu, a researcher releases PoC code for critical Atlassian Crowd RCE flaw, thousands of legacy Lenovo storage devices exposed millions of files, unusual Linux ransomware targets NAS servers, and how hacked hair straighteners can threaten your home! In the expert commentary, we welcome our CEO Matt Alderman, to discuss Facebook's $5 Billion dollar FTC fine!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode227
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Gururaj Pandurangi, Founder and CEO of Cloudneeti, to discuss Security in Multi-Cloud Environments! In the Application Security News, yes, the Zoom thing, 50 ways to leak your data in 1,300 popular Android apps access data, without proper permissions, GE Aviation exposed internal configs via open Jenkins instance, and more!
To learn more about Cloudneeti, visit: https://securityweekly.com/cloudneeti
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode69
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Ben Ten, Team Lead of Defense and Countermeasures at TrustedSec, to talk about Purple Teaming and avoiding detection! In the Security News, Zoom's RCE Vulnerability is affecting over 700,000 companies, how YouTube is trying to ban hacking videos, 1TB of police body cam footage is available online, and how the U.S. Cyber Command warns of Outlook flaw exploited by Iranian Hackers! In our final segment, we air a pre recorded interview with Reinhard Hochrieser, CMO at Jumio, to discuss today's state of security demands and the need for Biometric Authentication!
To learn more about TrustedSec, visit: https://securityweekly.com/trustedsec
Full Show Notes: https://wiki.securityweekly.com/Episode611
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, John and Matt will discuss Threat Hunting! In the Enterprise News, Is Broadcom buying Symantec?, Chronicle will join Google Cloud, PingID to Support FIDO-Compliant Biometric Authentication and Security Keys, and BeyondTrust Simplifies Endpoint Privilege Management with PAM Platform Integration! In our third segment, we interview Craig Taylor, Co-Founder and CISO at Cyberhoot, to discuss Security Awareness Training!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode144
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Mark Brown, Senior Director of Standards Connect at ANSI! In the Leadership and Communications segment, Life Lessons of Ben Franklin, A Lesson in Leadership, How to Start a Speech: The Best (and Worst) Speech Openers, and more!
To learn more about ANSI, visit: https://securityweekly.com/ansi
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode135
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, US Cyber Command warns of Iran-linked hackers exploiting Outlook, New "WannaHydra" malware a triple threat to Android, British Airways slapped with record $230M fine, Apple Patches iMessage Bug That Bricks iPhones with Out-of-Date Software, and more! Jason Wood joins us for expert commentary on Firms That Promised High-Tech Ransomware Solutions Almost Always Just Pay the Hackers!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode226
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Mike Shema, John Kinsella, and Matt Alderman talk Cloud Native from an application perspective! In the Application Security News, WordPress Plugin WP Statistics Patches XSS Flaw, Three RCEs in Android's Media framework, Nine Best Practices For Integrating Application Security Testing Into DevOps, 6 Traits That Define DevSecOps, and much more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode68
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Edna Conway, Chief Security Officer at CISCO! Edna will be discussing Global Value Chain at Cisco! In the Leadership and Communications segment, MasterCard CTO reveals must-have executive leadership traits, 10 Presentation Ideas That Will Radically Improve Your Presentation Skills, 7 tech skills managers hunt for, and more!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode134
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, A Crypto Flaw in Yubico Security Keys, Facebook's Lawyers say You Have No Right to Privacy, Two Cloud Services, PCM and Attunity, Have Breaches, and Two Florida Cities Pay Over $1M in Ransomware Attacks in Less Than a Week! Jason Wood joins us for expert commentary on Trump Officials Weighing a Crackdown on End-to-End Encryption!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode225
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Mike Shema, John Kinsella, & Matt Alderman discuss security training for Devs! In the Application Security News, GKE improves authentication with Workload Identity, AWS reinforce reveals traffic tools and security solutions that improve support for DevOps, Brief history of Trusted Execution Environments, From the Enterprise's Project: How to Explain Service Mesh in Plain English, and Developers and Security Teams Under Pressure to Collaborate!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode67
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Don Pezet, Co-Founder and Edutainer at our sponsor ITProTV, to discuss the new CySA+ and PenTest+ certifications! In the second segment, we welcome Kathleen Smith, CMO at CyberSecJobs.com and ClearedJobs.net, to talk about tools to hack your career and tips to help your career search! In the Security News, a massive DHS data breach raises questions about Oregon's cybersecurity protocols, The fake French minister in a silicone mask who stole millions, a police officer rewarded 585 thousand dollars after colleagues snooped her DMV data, and nearly 100 drivers following Google Maps detour got stuck in a muddy field!
To learn more about ITProTV, visit: https://securityweekly.com/itprotv
Slides: https://www.slideshare.net/CyberSecJobs/cyber-security-community-volunteering-survey-results-2018
Full Show Notes: https://wiki.securityweekly.com/Episode610
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Matt and John join Paul to discuss the Enterprise Security News, in which CyberArk opens integration ecosystem to community contributions, ExtraHop Announces Reveal(x) Cloud, McAfee announced updates to McAfee MVISION Cloud for Amazon Web Services, and Elastic expands cybersecurity push in new version of software suite! In our second segment, we welcome Sai Chavali, Security Strategist at ObserveIT to talk about Email Data Exfiltration, and why Prevention is ideal, but Detection and Response is a must! In our final segment, we welcome Britta Glade, Director of Content and Curation of RSA Conference, and Linda Gray, Director and Chief of Operations for RSAC APJ, to discuss what's coming new this year for the RSA Conference APJ!
To learn more about ObserveIT, visit: https://securityweekly.com/observeit
To learn more about RSAC APJ, visit: https://www.rsaconference.com/events/ap19
Full Show Notes: https://wiki.securityweekly.com/ES_Episode143
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we interview Tom Garrubba, Senior Director/CISO at Santa Fe Group/Shared Assessments! In the Leadership and Communications segment, CEOs Share Their Most Helpful (and Unconventional) Career Advice, 3 Lessons From Emerging Leaders On The Power of Differing Perspectives, New breed of security vendor spells trouble for pure play firms, and more!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode133
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, cryptomining malware that launches Linux VMs on Windows and macOS, Oracle patches another actively-exploded WebLogic 0-day, LokiBot and NanoCore malware distributed in ISO image files, and an anonymous hacker that was exposed after dropping a USB drive while throwing a Molotov cocktail! In the expert commentary, we welcome Tyler Hudak, Practice Lead of Incident Response to talk about TrickBot malware!
Learn more about TrustedSec, visit: https://securityweekly.com/trustedsec
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode224
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Matt, John, and Mike discuss a guide to API Security! They also discuss Public vs. Private APIs, and if the best practice should be segregation of the two! In the Application Security News, Mozilla pushes a patch onto an Array, Netflix shares a stream of patches, Breach to bankruptcy for healthcare company, Osquery becomes a foundational tool, Avoiding DevOps dangers, and Assigning DevOps directions!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode66
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Vivek Ramachandran, Founder and CEO of the Pentester Academy, to talk about their AttackDefense Labs platform, and how the Pentester Academy is helping thousands of customers from government agencies to Fortune 500 companies! In the second segment, we welcome back Bryson Bort, Founder and CEO of Scythe, to talk about purple teaming, top attack simulation scenarios, and testing command and control channels! In the Security News, how not to prevent a cyberwar with Russia, the case against knee-jerk installation of Windows patches, U.S. Customs and Border Protection data breach is the result of a supply chain attack, and a phishing scam that hacks two factor authentication!
To learn more about SCYTHE, visit: https://securityweekly.com/scythe
Full Show Notes: https://wiki.securityweekly.com/Episode609
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Bryan Warren, President and Chief Consultant at WarSec Security, to talk about the Challenges of Healthcare Security! In our second segment, we'll talk about the challenges of inheriting someone else's code! In the Enterprise News, Docker desktop for Windows 10 will soon switch to WSL 2, Netskope introduces Zero-Trust secure access to private enterprise applications, 10 notable security acquisitions of 2019, and can your patching strategy keep up with the demands of open source?
Full Show Notes: https://wiki.securityweekly.com/ES_Episode142
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Jeremy Winter, the Director of Azure Management, to talk about what CSO's and CISO's need to know about Azure! In the Leadership and Communications Segment, the trust crisis in business, employee engagement and successful change, and 3 shocking ways to show up today!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode132
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, prevent the impact of a Linux worm, Yubico recalls FIPS Yubikey tokens after flaw discovered, how fraudulent domains hide in plain site, Samsung reminds rabble to scan smart TV's for viruses and makes them forget, and the scraping of millions of Venmo transactions in a privacy warning to consumers! In the expert commentary, we welcome Sagi Bar-Zva, Strategic Pre-Sales Manager from Tufin to talk about Using Automation to Improve Your Overall Security Posture!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode223
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we interview Shannon Lietz, the Director Information Security at Intuit, to talk about DevOps! In the Application Security News, there's no escape that will save you..., the privilege of running a Chrome extension, and Four practices towards DevSecOps!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode65
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
This week, we welcome Peter Smith, Founder and CEO of Edgewise, to talk about Edgewise's 1 Click Micro Segmentation! In the second segment, we welcome back Corey Thuen, Co-Founder and CEO of Gravwell, to talk about security analytics using the new Sysmon DNS Logging that dropped this week! In the Security News, the rise of purple teaming, the World's largest beer brewer sets up a Cybersecurity team, a mystery signal shutting down key fobs in an Ohio neighborhood, why hackers ignore most security flaws, and warnings of real world-wide worm attacks are the real deal!
To get involved with Edgewise, visit: https://securityweekly.com/edgewise
To get involved with Gravwell, visit: https://securityweekly.com/gravwell
Full Show Notes: https://wiki.securityweekly.com/Episode608
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we're joined by John Strand and Matt Alderman, to talk about how Rapid7 is integrating access to Insight Platform Applications, Ixia releases a new Scalable, modular packet broker, Sonatype's Nexus user conference to bring 2000 DevSecOps leaders together for free, and CyberArk and CNA introduce cybersecurity insurance! In our second segment, we interview Adam Gordon, Edutainer and SME at ITProTV, to talk about what are container services in the Microsoft Azure Cloud! In the final segment, Matt and I discuss seed rounds, equity rounds, and debt rounds!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode141
To learn more about ITPro.TV, visit: https://securityweekly.com/itprotv
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, a botnet that's targeting 1.5 million RDP servers worldwide, VLC Player gets patched for two highly severe bugs, thousands of images stolen from US border hack, Troy Hunt looks to sell I Been Pwnd, and a near-ubiquitous critical Microsoft RCE bugs affect all versions of Windows! In the expert commentary, we welcome back Jason Wood from Paladin Security to talk about how the Evolution of Extortion Emails continues! All that and more, on this episode of Hack Naked News!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode222
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we're going to discuss the state of privacy one year after GDPR! Yes, GDPR is a year old! Are things better, worse, or the same? In the Leadership and Communications segment, 7 subconscious habits that sabotage your ability to listen - and lead, the power of writing stuff down, what really helps employees improve, and more!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode131
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Tanya Janca, also known as SheHacksPurple, a senior cloud advocate for Microsoft, specializing in application, cloud security, and more! Tanya is joining us on the show to talk about DevSecOps and Securing Software Supply Chains! In the Application Security News, "Waiting for the worms to come." -- Pink Floyd and RDP's CVE-2019-0708. Even the NSA warns about the population of exposed systems, A patch commands attention for mail servers, In macOS Catalina and iOS 13, Apples finds a way to find devices and not lose privacy, iOS App Transport Security has strong benefits, but weak adoption, and much more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode64
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
In this episode of Paul's Security Weekly, we will talk with Paul Ewing of Endgame about how to close the 'breakout window' between detection and response, and hear about Endgame's recently announced technology, Reflex, that was built with customized protection in mind! In our second interview, we welcome back Amanda Berlin, CEO of Mental Health Hackers to talk about why its important to educate technology professionals about unique mental health risks faced by people in the field, and how we can provide them with the proper support services to help! In the Security News, SalesForce bans customers from gun sales, what is your iPhone talking to overnight, Office retires support for old Android versions, and really how likely are weaponized cars?!
To learn more about Endgame, visit: https://securityweekly.com/endgame
Full Show Notes: https://wiki.securityweekly.com/Episode607
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul is joined by Jeff Man to interview Charles Thompson, Senior Director of Product Management at VIAVI Solution to talk about the importance of response and remediation in a strong security strategy! In our second segment, we talk about Defending Your Environment Against Major Microsoft Vulnerabilities, and four pillars that define a "major" Microsoft vulnerability! In the Enterprise News, Database security for Amazon RDS, Infoblox unveils simplified security platform to detect and stop cyber threats, Palo Alto launches new 'Prisma' cloud security suite, and we have some funding and acquisition updates from Recorded Future, Swinlane, EnSilo, and SentinelOne!
To learn more about Viavi Solutions, visit: https://securityweekly.com/viavi
Full Show Notes: https://wiki.securityweekly.com/ES_Episode140
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome John McCumber, Director of Cybersecurity Advocacy at (ISC)2, to talk about the statistics behind the cybersecurity workforce gap! In our second segment, we air a pre recorded interview with Andrew Hollister, Chief Architect and Product Manager at LogRhythm, discussing how to measure the effectiveness of your SOC!
To learn more about ISC2, visit: https://securityweekly.com/isc2
To learn more about LogRhythm, visit: https://securityweekly.com/logrhythm
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode130
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, SUPRA Smart TV flaw lets attackers hijack screens with no video, 20,000 Linksys routers leak historic record of every device ever connected, a new attack creates ghost taps on Android smartphones, and an Australian teenager that hacked into Apple twice to get a job! In the expert commentary, we welcome Winn Schwartau from the Security Awareness Company to talk about Ethical Bias in Artificial Intelligence-Based Security Systems!
To learn more about SAC, visit: https://securityweekly.com/sac
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode221
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Mike and John delve into some DevSecOps topics. They discuss good design patterns that emerged from cloud native environments, Kubernetes and containers, and building blocks of unique services in the AppSec world. In the Application Security News, Duo reveals a path from a Docker container to its host, Google fumbles some password functionality, GitHub makes dependency tracking more dependable, and more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode63
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Eric Butash, Director of Digital Platforms at InnovateEDU, and Mike Klein, Professional Learning Coordinator at Highlander Institute, to talk about how important it is to teach good digital hygiene to the future generations of cybersecurity! In the second segment, we welcome Robert Graham, CEO of Errata Security, to take a deep dive on his tool rdpscan! In our third segment, we welcome David Boucha, Sr. Engineer at SaltStack, to talk about how Salt Open and SaltStack Enterprise can help you automate your infrastructure! In the Security News, why mobile ad fraud prevention is too good to be true, how police can snoop on McDonald's and Westfield WiFi customers, macOS Gatekeeper bypass exploits trust on network shares, and the cryptominer that kept coming back!
To learn more about SaltStack, visit: https://securityweekly.com/saltstack
Full Show Notes: https://wiki.securityweekly.com/Episode606
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, in the Enterprise News, Paul is joined by John Strand to discuss how Okta joins forces with Secret Double Octopus, Tenable unveils new innovations for Cyber Exposure analytics, Barracuda launches bot protection feature for firewall offerings, and some acquisition and funding updates from Palo Alto, FireEye, and Verodin! In the second segment, we welcome to Ruvi Kitov, CEO and Co-Founder of Tufin to talk about the importance of having a network-wide security policy! In our final segment, we interview Jack Jones, Chief Risk Scientist at RiskLens to talk about Understanding and quantifying cyber risk using FAIR!
To learn more about Tufin, visit: https://securityweekly.com/tufin
Full Show Notes: https://wiki.securityweekly.com/ES_Episode139
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Microsoft brings hardware-based isolation to Chrome & Firefox, the U.S. border's license plate scanning technology hacked, crooks leverage WordPress and Joomla sites for malicious redirects, the Chinese military wants to replace Windows OS in fear of U.S. hacking, and how Google-protected mobile browsers were open to phishing for over a year! In the expert commentary, we welcome back Jason Wood from Paladin Security to talk about how almost one million are still vulnerable to the BlueKeep Vulnerability!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode220
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Matthew McMahon, Head of Security Analytics at Salve Regina University, to talk about Medical devices, Cybersecurity and Resilience, and Cybersecurity Training! In our second segment, we welcome Justin Murphy, Cloud Security Engineer at Cisco, to talk about DNS in the Security Architecture! In our final segment, Doug, Jeff, Patrick, and Lee give you the latest security news to talk about a Zero Day for Windows, the battle over Huawei with the US and Google, & unpatched hardware and companies tripping themselves up!
Full Show Notes: https://wiki.securityweekly.com/Episode605
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Corey Thuen, Co-Founder of Gravwell, to talk about focusing on the basics that sustain us! In our second interview, we welcome Candy Alexander, President of the Information Systems Security Association for an interview! In the Enterprise News, ThreatQuotient expands integration with MITRE ATT&CK Framework, JASK launches a new Heads Up Display for security operations centers, and we have some acquisition and funding updates from Guardicore, Auth0, and KnowBe4!
To learn more about Gravwell, visit: https://securityweekly.com/gravwell
Full Show Notes: https://wiki.securityweekly.com/ES_Episode138
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Ferruh Mavituna, Founder and CEO of Netsparker! Ferruh will be discussing the discover and scan perspective of applications, how to handle in-house written applications vs. ones that are acquired, and more! In the Leadership and Communications segment, don't let your expertise narrow your perspective, don't be blinded by your own expertise, and the smartest cities in the future of urban development!
To get involved with Netsparker, visit: https://securityweekly.com/netsparker
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode129
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Unistellar attackers wiped over 12,000 MongoDB databases, a Slack bug that allows remote file hijacking, Baltimore ransomware nightmare could last weeks more, over 25,000 smart Linksys routers are leaking sensitive data, and Huawei's microchip vulnerability explained! In the expert commentary, we welcome Charles Thompson, Senior Director of Product Management at VIAVI to talk about Security Forensics!
To learn more about VIAVI Solutions, visit: https://securityweekly.com/viavi
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode219
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Cody Wood, AppSec Product Support Engineer at Signal Sciences! In the AppSec News, Cisco Expressway goes off path and a Cisco IOS XE vuln goes for emojis, More erosion of CPU data boundaries, RDP patches a pre-auth problem and even resuscitates a patch process for XP, Microsoft's Attack Surface Analyzer gives DevSecOps teams more data, Clear design goals for better privacy and security, and Google Security blogs that basics are best!
To get involved with Signal Sciences, visit: https://securityweekly.com/signalsciences
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode62
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Julian Zottl, Cyber and Information Operations SME at Raytheon, to talk about defending against advanced adversaries! In the second segment, we welcome Federico Simonetti, CTO of Xiid Corporation, to talk about how to fix identity and access management! In the Security News, Singapore passes an anti-fake news law, WhatsApp Vulnerability Exploited to Infect Phones with Israeli Spyware, major security issues found in Cisco routers, and Microsoft Releases Security Updates to Address Remote Code Execution Vulnerability!
Full Show Notes: https://wiki.securityweekly.com/Episode604
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Ferruh Mavituna, CEO and Founder at our sponsor Netsparker, to talk about centralization of web application security in large enterprises! In the Enterprise News, Atos launches a new unified cloud identity and access management solution, ExtraHop announces new panorama partner program, SysDig and In-Q-Tel partnership to provide U.S. government agencies with the SysDig Cloud Native VSP, and LogRhythm releases a Cloud Based NextGen SIEM platform! In our final segment, we talk about Enterprise Open-Source Firewalls!
To learn more about Netsparker, visit: https://netsparker.com/securityweekly
Full Show Notes: https://wiki.securityweekly.com/ES_Episode137
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Jon Fredrickson, Information Security Officer at Blue Cross & Blue Shield of Rhode Island! In the Leadership and Communications segment, Transformational leadership style inspires 'moonshot goals', How to Deal With Information Overload, The surprising secret of success: it's not about winning, and more!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode128
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, hacking the unhackable eyeDisk USB stick, how to brick all Samsung mobile phones, how Twitter shared user location data through advertising, a 0-Day flaw used to install spyware on phones, and a Linux kernel flaw allows remote code execution! In the expert commentary, we welcome Marcin Szary, CTO at Secfense, to talk about Web Authentication!
To learn more about Secfense, visit: https://securityweekly.com/secfense
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode218
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Derek Weeks joins us to talk about DevSecOps and Securing Software Supply Chains! Derek is the VP and DevOps Advocate at Sonatype! In the Application News, Chrome constrains the cookies and Edge pushes privacy, Windows builds a sandbox for Linux, Android Q for more quarantined code with more LLVM features, Steve Singh stepping down as Docker CEO, and Verizon releases its 2019 DBIR!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode61
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Lesley Carhart, Principal Threat Analyst at Dragos Inc., to talk about moving from IT security to OT security, DFIR in ICS, and more! In the second segment, we welcome Chris Sanders, Founder of Applied Network Defense & Director of the Rural Technology Fund, to talk about delivering high quality IT training and donating scholarships and equipment to further education in schools! In the Security News, the top 5 mistakes that create field days for hackers, WordPress 5.2 brings new security features, a discontinued Insulin pump with security a security flaw in high demand, and how to communicate privately in the age of digital policing!
Full Show Notes: https://wiki.securityweekly.com/Episode603
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Nik Whitfield, CEO at Panaseer, to talk about Continuous Controls Monitoring! In the Enterprise news, Secureworks launches new cybersecurity analytics app, StackRox Kubernetes Security Platform Receives Red Hat Container Certification, SIEM Solutions Firm Exabeam Raises $75 Million, and Serverless monitoring startup Espagon expands to cover broader microservices TechCrunch, and more! In our final segment, we have a Security Industry Briefings Update, where we talk about 42Crunch, Viridium, Whitecanyon, and Eclypsium!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode136
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Matt, Jason, and Paul do a recap on the Global Cyber Innovation Summit that was held in Baltimore last week! In the Leadership and Communications segment, How to build a startup, You Don't Have To Be Nice To Be Respected. Boeing and the Importance of Encouraging Employees to Speak Up, and more!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode127
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, software flaw exposed most dell computers to remote hacking, Israel neutralizes cyber attack by blowing up a building with hackers, an expert that found hundreds of vulnerable Jenkins plugins, a bug in Mirai code allows crashing C2 servers, and how researchers discovered a highly stealthy Microsoft Exchange Backdoor! In the expert commentary, the return of Jason Wood from Paladin Security, joins us to talk about how Japan is developing a computer virus to fight cyber attacks!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode217
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Sven Morgenroth, Security Researcher at Netsparker to talk about securing our applications, web applications, and how we can make it easier to build applications! In the AppSec News, Firefox gives more scrutiny to add-ons but Firefox also forgot to give more scrutiny to a cert, Path traversals trampled by ransomware, Secure Software Design: The Next Frontier In Cybersecurity, Trust the Stack, Not the People, VRT adds a CAN, and MDM, parental controls, and security!
To learn more about Netsparker, visit: https://securityweekly.com/netsparker
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode60
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Philip Niedermair, CEO at the National Cyber Group, to discuss the National Cyber Education Program! In our second interview, we welcome back Josh Abraham, Staff Engineer at Praetorian, to talk about the MITRE attack framework for attackers! In the Security News, how Tenable experts found 15 flaws in wireless penetration systems, Julian Assange refused exfiltration to the US, PoC exploits for old SAP config flaws increase risk of attacks, and how 1.75 million dollars was stolen from a Church through a phishing attack!
Full Show Notes: https://wiki.securityweekly.com/Episode602
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Jay Prassl, CEO of Automox joins us to discuss Patch Management struggles and how to overcome them! In our second interview, we're joined by Josh Abraham in studio, who is a Staff Engineer at Praetorian, to talk about the MITRE attack framework for defenders! In the Enterprise news, ThreatConnects new features make creating security playbook's easier, SolarWinds adds password management to security portfolio, Checkpoint Systems announces HALO IoT platform, and BlackHat USA offers an inside look at Intel's security engine!
To get involved with Automox, visit: https://securityweekly.com/automox
Why Praetorian Benchmarks to MITRE ATT&CK: https://p16.praetorian.com/blog/why-praetorian-benchmarks-to-mitre-attack
Full Show Notes: https://wiki.securityweekly.com/ES_Episode135
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Craig Sandman, President and Co Founder of Symbol Security, a Cyber Security SaaS company with a mission to reduce corporate risk through Security Awareness Education! Craig will discuss Security Awareness, Education, and Training! In the Leadership and Communications segment, 5 Myths about Strategy, The making of a technology leader, Want Fewer Employees to Quit? Listen to Them, and more!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode126
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, how a politicians' kids accessed his laptop through facial recognition, critical flaws in WordPress and Qualcomm chips, how 2 million IoT security cameras and baby monitors are vulnerable to takeover, and how a new Emotet variant uses connected devices as proxy C2 servers! In the expert commentary, the return of Jason Wood from Paladin Security, joins us to talk about how Microsoft is telling IT admins to nix 'obsolete' password reset practices!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode216
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Larry Maccherone, Senior Director of Comcast, to talk about the world of SecOps vs. DevSecOps! In the Application Security News, Software update gums up fingerprints, a counterproductive security practice expires thanks to well-considered guidelines, Docker Hub breach response, a path to hacking Ruby Gems, 5 Security Challenges to API Protection, and more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode59
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Haroon Meer, CEO and Researcher at our sponsor Thinkst, to talk about why hackers should create companies, and some of the technical details behind Thinkts' tool Canary! In the second segment, we welcome Gururaj Pandarangi, CEO and Co-Founder of Cloudneeti, to talk about how their SaaS product is delivering continuous cloud security and compliance assurance to businesses! In the Security News, serious vulnerabilities found in fujifilm x-ray devices, facebook could be fined 5 billion over privacy violations, preinstalled malware on bootleg streaming devices, hackers using SIM swapping to steal cryptocurrency, and how a 29 year old computer scientist created the algorithm that took the first ever picture of a black hole!
To learn more about Thinkst, visit: https://securityweekly.com/canary
To learn more about CloudNeeti, visit: https://cloudneeti.com/securityweekly
Full Show Notes: https://wiki.securityweekly.com/Episode601
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul Asadoorian is joined by Matt Alderman, as we interview Francis Dinha, the CEO of OpenVPN! In the Enterprise News, ShieldX adds lateral movement prevention to the Elastic Security Platform for AWS, Tenable Integrates with Google Cloud Security Command Center, Capsule8 to help Google Cloud SCC members consolidate findings and speed up response, and Evident and Okta partnership simplifies identity verification and reduces risk for businesses! In the final segment, Security Legend Dave Kennedy sits down with our Founder and CTO Paul Asadoorian at InfoSec World 2019 to discuss his company Binary Defense and how they're helping the Security community!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode134
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Adam Fletcher, Chief Information Security Officer for Blackstone! In the Leadership and Communications segment, 5 Ways to Find Natural Leaders for Your Team, Business Wisdom Learned From Bomb Squad Experts And Their Commanders, Why Rest Is Essential To High Performance, 4 Ways Working Dads Can Make More Time for Family, and more!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode125
Please join Adam and other CISOs at the Global Cyber Innovation Summit by visiting https://globalcybersummit.org/request-information to request your invitation.
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Thomas Hatch, the creator of the Salt open source software project, and is the CTO of SaltStack, the company behind Salt! In the Application Security News, Breach at IT outsourcer Wipro, SCP serves the file it wants, Confluence Path traverses to RCE, another Local PrivEsc on Windows, easier sandboxing for C and C++ APIs, and Computer Science plus Ethics!
To learn more about SaltStack, visit: https://securityweekly.com/saltstack
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode58
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, a weather channel that was knocked off air by a malicious attack, how bad bots make up 20 percent of web traffic, ransomware ravages municipalities nationwide, a flaw in Shopify API exposed revenue and traffic data of thousands of stores, and how attackers are weaponizing more vulnerabilities than ever before! In the expert commentary, we welcome Itai Tevet, CEO of Intezer, to talk about Linus threats, recent Mirai variants, and general code reuse in the cyber space!
To learn more about Intezer, visit: https://securityweekly.com/intezer
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode215
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we interview Matt Cauthorn, VP of Cyber Security Engineering at ExtraHop, to discuss "The Three Horsemen of SOC Intel"! In the news segment, Solarwinds to acquire Samanage for $350M, Tufin goes public, and Tenable releases Predictive Prioritization. And this week, our third segment airs our interview with Matt Tierney from Endgame for InfoSec World 2019. So stay tuned, for all that and more, on this episode, of Enterprise Security Weekly! To get involved with ExtraHop, vist: https://securityweekly.com/extrahop
Full Show Notes: https://wiki.securityweekly.com/ES_Episode133
Visit http://securityweekly.com/esw for all the latest episodes!
This week, the Apache Tomcat Patches Important Remote Code Execution Flaw, New variants of Mirai botnet detected, targeting more IoT devices, Hackers used credentials of a Microsoft Support worker to access users' webmail, TicTocTrack Smartwatch Flaws Can Be Abused to Track Kids, Ecuador suffered 40 Million Cyber attacks after the Julian Assange arrest, Security weakness in popular VPN clients, and Open Source Tool From FireEye Automates Analysis of Flash Files! In the expert commentary, Jason Wood talks about The Impact of Cyber Warfare! All that and more, on this episode of Hack Naked News!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode214
Gabriel Gumbs is the VP of Product Management at Spirion where his focus is on the strategy and technology propelling Spirion’s rapidly-growing security platform. Merissa Villalobos is the North America Talent Acquisition Leader for NCC Group, a global security consulting firm and has been recruiting in security for 10 years. She got her start in Virginia, at a Federal Government contractor, filling roles for the intelligence community and various Government Agencies. Jessica Gulick leads Katzcy Consulting, a growth hacker company that helps tech firms grow through strategy, market research, and digital marketing. With 20+ years in cybersecurity, she is a seasoned cybersecurity manager, marketer, consultant, and expert with a substantial network of technical and executive peers. In the news, Bitcoin mining ban considered by China's economic planner, Yahoo strikes $117.5 million data breach settlement, Serious flaws leave WPA3 vulnerable to hacks that steal Wi-Fi passwords, WikiLeaks Founder Julian Assange arrested and charged in US with computer hacking conspiracy, and How HTML5 Ping Is Used in DDoS Attacks.
Full Show Notes: https://wiki.securityweekly.com/Episode600
Follow us on Twitter: https://www.twitter.com/securityweekly
Follow us on Twitter: https://www.twitter.com/securityweekly
Will is a Partner and a Founding Investor at ForgePoint Capital. He has been an avid technology enthusiast for decades: building his first computer in elementary school and starting online businesses while completing his bachelor’s degree from the University of California, Berkeley. This week we have our quarterly segment to review the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter. We also update the Security Weekly 25 index. Let's understand how the security market is doing.
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode124
This last week was pretty busy with announcements and presentations from the Google Next Conference. In 2018 they previewed some security tools and this year many of them are now GA along with a lot of other developer-focused services. In the news, 3D fingerprints and unlocking Android, Ticking off another command injection, Alexa, audio, and annotations, STS no longer just for HTTP, and Hardenize goes beyond TLS.
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode57 Follow us on Twitter: https://www.twitter.com/securityweekly
Mike Weber is the Vice President of Coalfire and Rebecca Larson is the Director, Vulnerability Assessment Operations of Coalfire. Coalfire ASV Scanning: - ASV program (love, praise, struggle) - Development and growth of scanning, 1-5 person team, partnership, marketing position - Published opinion piece, getting knowledge, supporting the industry - Scan platform - RISE - movement in the company, coalfire programs, development at Coalfire - Limitations of scanning, pen testing? To learn more about Coalfire, visit: https://securityweekly.com/coalfire Full Show Notes: https://wiki.securityweekly.com/ES_Ep... Visit http://securityweekly.com/esw for all the latest episodes!
This week, we welcome Loris Degioanni from Sysdig to discuss their open source container native runtime security project called Falco! In the News segment, The Matrix turns 20, Containers are Weakest Security Leak Again, The Evolution of Application Security in the Serverless World, and more!
To learn more about Sysdig, visit: https://securityweekly.com/sysdig
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode56
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
In-Depth Analysis of JS Sniffers Uncovers New Families of Credit Card-Skimming Code, Nvidia Fixes 8 High-Severity Flaws Allowing DoS, Code Execution, Computer virus alters cancer scan images, A Serious Apache server bug gives root to baddies in shared host environments, Cybercrime Groups Are Still Rampant on Facebook, 90% of OT organizations are cyberattack victims, Tenable Discloses Verizon Fios Router Vulnerabilities, and Samsung Galaxy S10 Fingerprint Sensor Duped With 3D Print!
Neil Butchart the SVP at Ekran, comes on the show to talk about "Is the industry broken?"
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode213
This week, we welcome Michael Murray, Chief Security Officer at Lookout! Michael joins us today to talk about Post-perimeter Security! In the Leadership and Communications segment, 94% of CIOs, CISOs have to make protection compromises, Accelerating Business Through Customer Centricity, 5 states dominating tech employment, and more!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode123
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Mary Beth Borgwing, President and Founder of of the Cyber Social Club, to talk about Uniting Women in Cyber! In the Technical Segment, we welcome back our friend Chris Brenton, Chief Operating Officer at Active Countermeasures, to discuss why threat hunting is the missing link between our protection tools and our response tools, and will take a deep dive into the AI Hunter! In the Security News, Attackers exploiting IMAP to bypass MFA on O365 and G-Suite accounts, Vietnam's OceanLotus Group Ramps up hacking car companies, UC Browser violates Google Play Store Rules, & how Russia is spoofing GPS Signals on a massive scale!
To learn more about Active Countermeasures and to get the slides for the Technical Segment today, visit: https://securityweekly.com/acm
Full Show Notes: https://wiki.securityweekly.com/Episode599
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Dr. Branden R. Williams! Branden has more than twenty years of experience in business, technology, and information security as a consultant, leader, and an executive. His specialty is navigating complex landscapes—be it compliance, security, technology, or business—and finding innovative solutions that propel companies forward while reducing risk. In the second segment, Paul and Matt sit down with Wade Lance and Nir Greenberg of Illusive Networks at the RSA Conference 2019!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode131
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Mike Shema, Product Security Lead of Square! Mike joins us on the show to talk about where the wins and challenges are in AppSec! In the Application Security News, XSS Vulnerability in Abandoned Cart Plugin Leads to WordPress Site Takeover, The RedMonk Programming Language Rankings: January 2019, I Deleted Facebook Last Year; Here's What Changed (and What Didn't), CommitStrip: Over-excited, and more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode55
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Asus pushes patch after hackers used updates to send malware, Microsoft announces Windows Defender ATP Antivirus for Mac, researchers find 36 new security flaws in LTE protocol, new settings let hackers easily pentest Facebook and Instagram Mobile Apps, and how researchers can get a free Tesla for spotting infotainment system bug! Sven Morgenroth from Netsparker joins us for expert commentary to discuss how Facebook stored hundreds of Millions of user passwords in plain text!
To learn more about Netsparker, visit: https://securityweekly.com/netsparker
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode212
Subscribe to our YouTube channel: https://www.youtube.com/securityweekly
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Ian McShane, Vice President of Product Marketing at Endgame, to discuss Security ROI! In the Leadership and Communications segment, Even CEOs Should Clean Their Own Bathrooms Sometimes, Building an Effective Cybersecurity Program, How to Get Booked as a Podcast Guest, and more!
To learn more about Endgame, visit: https://securityweekly.com/endgame
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode122
Visit https://www.securityweekly.com/bs for all the latest episodes!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Marcus Carey, CEO and Founder of ThreatCare, to talk about Tribe of Hackers, a collection of industry, career, and personal insights from 70 cybersecurity professionals! In the Security News, WordPress plugin removed after zero day discovered, why you should change your facebook password NOW, threat hunting tips to improve security operations, hacked tornado sirens taken offline ahead of a major storm, and how a white hat hacker found a new bug class in Windows! In the final segment, we run a Technical Demo with our sponsor DomainTools, all about Domain Investigation w/ DomainTools Iris! All that and more, on this episode of Paul's Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode598
To learn more about DomainTools and Iris, visit: https://securityweekly.com/domaintools
Visit https://www.securityweekly.com/psw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week, in the Enterprise Security News, I am joined by John Strand to discuss how Stackpath released new edge computing VMs, ExtraHop hires former Tenable and HPE leaders to support growth in cyber, Security professionals want to return fire to Venafi, Dragos acquires NexDefense, and 42Crunch unveils a new platform to discover API vulnerabilities and protect them from attacks! In the second segment, we air some pre recorded from RSA Conference 2019 with Endgame, Virsec, and Scythe!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode130
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Jamie Duncan, a recovering history major who has been at Red Hat for just over 7 years! Beginning with his role as a TAM, his focus has increasingly centered on the operations-oriented features of OpenShift, including the May 2018 publication of OpenShift In Action by Manning Publishing. Jamie has had this discussion with customers, OpenShift advocates, and technology fans on multiple continents to date. In the Application Security News, Owner of MAGA-Friendly Yelp Knockoff Threatens to Call FBI After Researcher Exposes Security Holes, Chinese Data Breach Exposes 'Breed Ready' Status Of Almost 2 Million Women, Dozens of companies leaked sensitive data thanks to misconfigured Box accounts, DARPA Is Building a $10 Million, Open Source, Secure Voting System, and much more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode54
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Nick Galbreath, Co-founder and Chief Technology Officer at Signal Sciences, to discuss the Intersection of Development and Security! In the Leadership and Communications segment, How Boeing Should Have Responded to the 737 Max Safety Crisis, Digital Transformation is Not About Technology, Gartner's Top 10 Security Projects for 2019, and more!
To learn more about Signal Sciences, visit: https://securityweekly.com/signalsciences
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode121
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Zero-Days in Counter Strike client could be used to build a major botnet, huge aluminum plants hit by 'severe' ransomware attack, Myspace loses 50 million songs in server migration, wifi signals can reveal your password, and PuTTY in your hands: an SSH client gets patched after RSA key exchange memory vulnerability was spotted! Ralf Hund from VMRay joins us for expert commentary to discuss the Evolution of GandCrab!
To learn more about VMRay, visit: https://securityweekly.com/vmray
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode211
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Peter Smith, Founder and CEO of Edgewise to talk about the evolution of Zero Trust! In the Security News, New WordPress flaw lets unauthenticated remote attackers hack sites, Tesla allegedly spied on and ran a smear campaign on a whistleblower, Facebook and Instagram suffer most severe outage ever, a man drives 3,300 miles to talk to YouTube about a deleted video, and what do sexy selfies, search warrants, and tax files have in common? In the final segment, we air a pre recorded interview with Carsten Willems, Co-Founder and CEO at VMRay, discussing malware sandboxing!
To learn more about Edgewise, visit: https://securityweekly.com/edgewise/ To learn more about VMRay, visit: https://securityweekly.com/vmray
Full Show Notes: https://wiki.securityweekly.com/Episode597 Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week, we interview Gururaj Pandurangi, Founder and CEO at Cloudneeti, to discuss Continuous Cloud Assurance! Gururaj Pandurangi is a founder and CEO of Cloudneeti, a software-as-a-service company focused on continuous cloud security, data privacy and compliance assurance. Gururaj has 20 years of professional experience, a good portion of it as an early adopter of cloud technologies and building global scale cloud products like Windows Live, Bing platform, Consumer Identity and Federations. Paul Asadoorian and Matt Alderman recorded interviews with the following vendors at RSA Conference 2019: - Venafi - XM Cyber - Onapsis Paul Asadoorian and Matt Alderman recap RSA Conference 2019, including their briefings with: - 42Crunch - Baffle - CyberInt - Eclypsium - Ericom Software - Lacework - Radware - RiskRecon and More!
To learn more about Cloudneeti, visit: https://securityweekly.com/cloudneeti
Full Show Notes: https://wiki.securityweekly.com/ES_Episode129
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Keith and Paul discuss the structure and experiences of 2019's RSA Conference! In the Application Security News, WordPress accounted for 90 percent of all hacked CMS sites in 2018, Japanese police charge 13-year-old for sharing 'unclosable popup' prank online, Facebook exploit – Confirm website visitor identities, NSA's top policy advisor: It's time to start putting teeth in cyber deterrence, study shows programmers will take the easy way out and not implement proper password security, and the CommitStrip for the week on Why check for incognito mode?
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode53
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, a Severe RCE vulnerability affected popular StackStorm Automation software, Crowdfense is willing to pay $3 Million for iOS and Android Zero-Days, Equifax neglected cyber security prior to breach, Google launches new Cloud Security services, and an unprotected MongoDB instance exposes 800 million emails! Jason Wood from Paladin Security joins us for expert commentary on how a researcher claims an Iranian APT is behind a 6TB Data Heist at Citrix!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode210
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Ben Carr, Chief Information Security Officer at Aristocrat! Prior to Aristocrat, we was VP of Strategy for Cyberbit and North America's Technical Director for Tenable! In the Leadership and Communications segment, how to make sure your board sets a good example for your company, cybersecurity is putting customer trust at the center of competition, 6 reasons your home office is better than your company office, and more!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode120
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Allan Liska, Senior Solutions Architect at our sponsor Recorded Future, to talk about Catching Up To The Hype w/ Threat Intelligence! In the second interview, we welcome David Marble, President and CEO at OSHEAN Incorporated, to talk about what to expect at at this years Rhode Island Cybersecurity Exchange Day! In the Security News, YouTube controversy on ALL fronts, Cisco SOHO wireless VPN firewalls and routers open to attack, Ring doorbell flaw opens door to spying, bot plagues, free hacking toolkits, and everything you need to know about the Huawei controversy!
Get Trending Threat Insights Delivered to Your Inbox, at: https://securityweekly.com/recordedfuture
OSHEAN is hosting RI Cybersecurity Exchange Day on March 13th at the O'Hare Academic Building at Salve Regina in Newport, RI! Register Now at https://OSHEAN.org/events.
Full Show Notes: https://wiki.securityweekly.com/Episode596
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul is joined by Matt Alderman to discuss some Funding and M&A, such as Elevate Security announces an $8 million series A to alter employee security behavior, Armorblox raises 16.5 million in series A, Bandura Cyber raises 10 million in venture funding, and much more! In the Enterprise Security News, Capsule8 expands threat detection platform for PCI DSS, BitSight unveils peer analytics for more effective security performance management, Imperva advances autonomous application protection capabilities, and Synopsys launches Polaris Software integrity platform!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode128
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, many websites threatened by highly critical code-execution bug in Drupal, UK parliament calls for antitrust, data abuse probe of Facebook, CommitStrip: Get rich quick, Google says the built-in microphone it never told Nest users about was 'never supposed to be a secret', and more! In our second segment, we welcome Matt Springfield, is the Founder of 12Feet, Inc., an information security consulting firm based in the Dallas area! Matt has more than 23 years of information security experience spanning operations, architecture and consulting with a focus on large scale retail and service provider environments!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode52
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, millions of utility customers passwords stored in plain text, Google ditches passwords in latest android devices, online validation services vulnerable to digital signature spoofing attacks, flaws in 4G and 5G allow snooping on calls, and TurboTax hit with credential stuffing attack and tax returns were compromised! Nicholas Sciberras from Acunetix joins us for expert commentary on how hackers created social media work after a bug report was ignored!
To GET A FREE 14-DAY TRIAL of Acunetix, visit: https://securityweekly.com/acunetix
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode209
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we interview DJ Sampath, Co-Founder and Chief Executive Officer at Armorblox! DJ comes on the show to discuss "Securing the Human Layer"! In our second interview, we welcome Bruce Sussman, the Media-Development Director at SecureWorld! Bruce will give us a preview of SecureWorld Boston 2019 and the upcoming events!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode119
Visit https://www.securityweekly.com/bsw for all the latest episodes!
SecureWorld Boston is hosting their 15th annual conference March 27-28 @ the Hynes Convention Center. Security Weekly Listeners save $100 off a full conference pass by visiting https://secureworldexpo.com and using the code 'SecurityWeekly'.
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Marcello Salvati, Security Analyst at our sponsor Black Hills Information Security, to give some updates on his Post Exploitation Tool SILENTTRINITY! In the second interview, we welcome Steve Brown, Keynote Speaker at SecureWorld Boston 2019 to discuss his talk about Building Your Strategic Roadmap for the Next Wave of Digital Transformation! In the Security News, password managers leaking data in memory, security analysts are only human, Splunk changes position of Russian customers, Google admits error over hidden microphone, and a nasty code-execution bug in WinRAR threatened millions of users for 14 years!
Full Show Notes: https://wiki.securityweekly.com/Episode595
To learn more about our sponsor Black Hills Information Security, visit: https://securityweekly.com/bhis
To see the SILENTTRINITY code itself on Github, visit: https://github.com/byt3bl33d3r/SILENTTRINITY
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we interview Cody Cornell, Founder and CEO at Swimlane to discuss Security Orchestration, Automation, and Response! In the Enterprise Security News, CylancePROTECT now available on AWS Marketplace, Attivo Networks enhances deception platform with forensic collection, cyber security market will reach $365.26 billion dollars by 2026, and Elevate Security raises 8 million dollars in Series A!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode127
Visit http://securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Matt and Paul interview Gurpreet S. Sachdeva, the Assistant Vice President of Technology for Altran! Gurpreet will be discussing "Integrating Security into DevOps"! In the Application Security News, A PNG Android Vulnerability, 620 million stolen accounts for sale on the dark web, how shifting security left speeds development, and more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode51
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Google paid out $3.4 million for vulnerabilities reported in 2018, hackers target WordPress sites via WP cost estimation plugin, Facebook paid $25,000 for CSRF exploit that leads to Account Takeover, and PoC Exploit Code for recent container escape flaw in runc published online! Jason Wood from Paladin Security joins us for expert commentary on Apple being sued over their two factor authentication!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode208
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Brendan Goodwin, the Regional Cyber Director for the Northeast & Mid-Atlantic at Alfred J. Gallagher Co. Brendan comes on the show to talk about "How Cyber Insurance can Augment Your Cyber Security Strategy." In the Leadership and Communications segment, Jason Albuquerque joins Matt to discuss if boards of directors responsible for cybersecurity, cybersecurity mental health warning, how to cope with a Mid-Career Crisis, and more!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode118
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Visit https://infosecworld.misti.com/ and use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Harry Sverdlove, Chief Technology Officer of Edgewise for an interview, to talk about The Future of Firewalls! In the Technical Segment, we discuss some Enterprise-ish Network Security hardware and software that we've incorporated here in our Security Weekly Studio! In the Security News, why it's way too easy to sell counterfeit goods on Amazon, how to defend against the runC container vulnerability, creating a dream team for the new age of cyber security, how you can get a Windows 95 emulator for Windows 10, Linux, or MAC, DEF CON goes to Washington, and InfoSec institutes top podcasts that take your computer skills to the next level!
Full Show Notes: https://wiki.securityweekly.com/Episode594
To learn more about Edgewise, visit: https://www.edgewise.net/security-weekly
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul is joined by Matt Alderman in the absence of John Strand, to discuss The Evolution of Vulnerability Management, and where we stand today in areas such as Applications, Infrastructure, and Mobile! In the Enterprise Security News, Cisco unlocks IoT potential with Intent-Based Networking, Qualys extends cloud platform with patch management, Tenable announces general availability of Predictive Prioritization, Lacework announces security support for Azure and Multicloud environments, and more!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode126
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit http://securityweekly.com/esw for all the latest episodes!
This week, Paul is joined by Joff Thyer to interview Tim Eades, CEO of vArmour, to talk about basic flow of problem, solution, and value! In the Application Security News, many popular iPhone apps secretly record your screen without asking, MongoDB databases still being held for ransom, most of the Fortune 100 still use flawed software that led to the Equifax breach, and a Chrome extension with millions of users is now serving popup ads!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode50
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, your Lenovo X is watching you & sharing information, a client-side DNS attack emerges from academic research, a macOS vulnerability leaks safari data, hackers hit VFEmail & wipe US servers and backups, and a check-in system flaw puts major airlines at risk! Jason Wood from Paladin Security joins us for expert commentary on how fraudsters are scamming teenage 'money mules' on Instagram and Snapchat!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode207
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Ed Moyle, General Manager and Chief Content Officer at Prelude Institute! Ed is on the Advisory Board for InfoSec World and joins us to talk about InfoSec World 2019 and its upcoming plans, where he'll be giving a talk titled "Cryptocurrency Lessons for Enterprise Blockchain"! In the Leadership and Communications segment, keep your employees and you’ll keep your customers, why leadership development is superficial and how to fix it, simple techniques to overcome negative emotions when negotiating with others, and more!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode117
Visit https://infosecworld.misti.com/ and use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Chris Long, Security Engineer at Palantir for our Technical Segment to talk about DetectionLab, a collection of Vagrant and Packer scripts that allow you to automate the creation of networks! In the Security News, 5G networks must be secured from hackers and bad actors, Zero-Day vulnerability highlights the responsible disclosure dilemma, a flaw in multiple airline systems exposes passenger data, security bugs in video chat tools enable remote attackers, and an original World War II German message decrypts to go on display at the National Museum of Computing! In our final segment, we air a Pre Recorded interview with InfoSec World Speaker Connie Mastovich, the Sr. Security Compliance Analyst at Reclamere to talk about the Dark Web!
Full Show Notes: https://wiki.securityweekly.com/Episode593 Visit https://infosecworld.misti.com/ and use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass. Visit https://www.securityweekly.com/psw for all the latest episodes! To learn more about DetectionLab, visit: https://detectionlab.network
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul and John interview Randall Trzeciak, the Director of the CERT Insider Threat Center at Carnegie Mellon University's Software Engineering Institute! Randall will also be speaking at InfoSec World 2019 about "An Effective Insider Threat Program" on Saturday, March 30th @ 9:00 am! In the Enterprise Security News, RSA Conference announces finalists for Innovation Sandbox Contest 2019, DigiCert announces all-in-one digital certificate management solution, Google's new Chrome extension warns you about stolen passwords, Signal Sciences raises 35$ Million to accelerate market expansion and tech innovation, and Palo Alto is in talks to buy Information Security firm Demisto!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode125
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Visit https://infosecworld.misti.com/ and use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass!
Like us on Facebook: https://www.facebook.com/secweekly
Visit http://securityweekly.com/esw for all the latest episodes!
This week, roughly 500,000 Ubiquiti devices may be affected by a flaw already exploited in the wild, Outlaw Shellbot infects Linux servers to mine for Monero, Apple's Siri shortcuts feature vulnerable to abuse, Google's new Chrome extension warns you about stolen passwords, and Google patches critical .png image bug! David Pearson from Awake Security joins us for expert commentary on recent news around Japan performing an IoT pentest on their public IPs!
To learn more about Awake Security, visit: https://securityweekly.com/awake
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode206
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Keith and Paul discuss the current state of privacy and software development! They discuss how Facebook pays teens to install VPN that spies on them, how Apple blocks Facebook from running its internal iOS apps, and more! In the Application Security News, Three UK customer details exposed in homepage blunder, Microsoft cloud services see global authentication outage, the age of surveillance capitalism, the rise of DevXOps, and much more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode49
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome David Kennedy, Founder and CEO at TrustedSec, to discuss why it's important to be investing in the right technology and resources! In our second segment, we welcome Sandra Toms, Vice President and Curator, and Britta Glade, Director of Content and Curation from RSA Conference, to preview what's new at RSA Conference 2019!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode116
To learn more about TrustedSec, visit: https://www.securityweekly.com/trustedsec
Go to https://rsaconference.com/securityweekly-us19 to register now using the discount code 5U9SWFD to receive $100 off a full conference pass!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Benjamin Daniel Mussler, Senior Security Researcher at Acunetix to talk about Web App Scanning with Authentication! In our second segment, the Security Weekly hosts will discuss the Future of Security, such as major changes, evolving threats, and security culture! In the Security News, 5 tips for access control from an ethical hacker, Japan is to hunt down citizens insecure IoT devices, kid tracking watches allow attackers to monitor real time location data, and Imperva mitigated a DDoS attack that generated 500 million packets per second!
Full Show Notes: https://wiki.securityweekly.com/Episode592
Visit https://www.securityweekly.com/psw for all the latest episodes!
To learn more about Acunetix, visit: https://www.acunetix.com/securityweekly/
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Matt and Paul interview Shreyans Mehta, Chief Technology Officer at Cequence Security to talk about Advanced Bot Protection! In the Leadership and Communications segment, Cybersecurity isn't just for tech people anymore, The Weird Approach to leadership, 4 things to do before a tough conversation, and more!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode115
Visit https://www.securityweekly.com/bsw for all the latest episodes!
To find out more about Cequence Security visit: https://securityweekly.com/cequence
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, I am joined by Matt Alderman and John Strand to interview Andrew Peterson, Founder and CEO of Signal Sciences, to talk about prioritizing bugs, functionality, and security fixes! In the Enterprise Security News, we will discuss how Cynets Platform approach tames cyber security issues, Salt Security launches API protection platform, Yubicos 2019 state of password and authentication security report, and we have some acquisition and funding updates from ReSec, Medigate, Cato Networks, Sophos, and DarkBytes!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode124
Visit https://www.securityweekly.com/esw for all the latest episodes!
If you want to learn more about Signal Sciences, visit: https://www.signalsciences.com/psw
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Keith and Paul start the show with the Application Security News, discussing concerns about WordPress’ new “White Screen of Death”, Google Chrome changes could ‘destroy’ ad-blockers, Mozilla is adding and ad-blocker to Firefox Focus 9.0, websites can steal browser data via extensions APIs, and a Fortnite security issue would have granted hackers access to accounts! In the second segment, Keith and Paul interview Jing Xie, Product Manager at Venafi, to talk about Static Analysis, Secure Code Signing, and more!!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode48
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, a tool that finds vulnerable robots on the Internet, a new exploit that threatens over 9,000 Cisco routers, apple turns of group FaceTime after an eavesdropping bug, wordpress sites under attack via Zero-Day in abandoned plugin, and OpenBMC caught with 'pantsdown' over a new security flaw! Jason Wood from Paladin Security joins us for expert commentary on Abusing Exchange: One API call away from Domain Admin!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode205
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Chris Morales, the Head of Security Analytics at Vectra for an interview to talk about Machine Learning! In our second segment, the Security Weekly hosts talks about some of our favorite hacker movies, influencers in the community, and what software and devices make appearances in our labs! In the Security News, cellular carriers are implementing services to identify cell scam leveraging, new Android malware uses motion sensor to avoid detection, Linux malware disables security software to mine cryptocurrency, and how a hacker threatened a family using a Nest camera to broadcast a fake missile attack alert!
Full Show Notes: https://wiki.securityweekly.com/Episode591
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, I am joined by Jeff Man for the Enterprise News, to talk about Ping Identity offering advanced API cyber protection, AppDynamics keeps expanding monitoring vision, eSentire announces managed endpoint defense powered by Carbon Black, and Juniper Networks signs a deal with IBMs! In the Technical Segment, we will discuss some Open-Source and Free Collaboration Security Tools for Project Planning, Ticketing Systems, Remote System Monitoring, RSS feeds, and Documentation!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode123
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week on Application Security Weekly, Matt Alderman takes the reigns and is joined by Co-Host James Wickett, who is the Head of Research at Signal Sciences! They talk about the human element of application security training and testing! In the Application Security News, Oracle patches 284 vulnerabilities, a bug in Twitter Android app exposed protected tweets, four tips for better API Security in 2019, and more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode47
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, a flaw in MySQL could allow rogue servers to steal files, a state agency exposes 3TB of data including FBI info, how cybercriminals clean their dirty money, a critical RCE flaw in Linux APT allows remote attackers to hack systems, and how to protect against a new breed of cyber attack! Jason Wood from Paladin Security joins us for expert commentary on how attackers used a LinkedIn job ad and Skype call to breach a bank's defense!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode204
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Matt and Paul interview Zane Lackey, Co-Founder and Chief Security Officer at Signal Sciences! In the Leadership and Communications segment, customer surveys are no substitute for actually talking to customers, CEOs most concerned about Cybersecurity in 2019, the open workspace, doesn't work, and more!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode114
Visit https://www.securityweekly.com/bsw for all the latest episodes!
For more information about Signal Sciences, visit: https://www.signalsciences.com/psw
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Dr. Eric Cole, the Founder and CEO of Secure Anchor Consulting for an interview! In the Technical segment, our very own Joff Thyer will be demonstrating some syntax with PowerShell useful for transferring data into a network while pen testing! In the Security News, two code execution flaws patched in Drupal, 773 million records exposed in massive data breach, prices for Zero-Day Exploits are rising, new attacks target recent PHP Framework Vulnerability, Microsoft launches a new Azure DevOps Bug Bounty program, and more!
Full Show Notes: https://wiki.securityweekly.com/Episode590
Visit https://www.securityweekly.com/psw for all the latest episodes!
For more information about Black Hills Information Security, visit: securityweekly.com/bhis
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul is joined by Matt Alderman to discuss some mergers, acquisitions, and partnerships, such as TokenEx partnering with SureCloud, Check Point acquires ForceNock, Zix agrees to acquire AppRiver for $275 million, and more! In this second segment, they discuss some security product launches and announcements from Trustwave, NopSec, ConnectGuard, Pulse Secure, Synopsys, and more!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode122
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Keith and Paul interview Rey Bango, Security Advocate for Microsoft! Rey is focused on helping the community build secure systems & being a voice for researchers within MS! In the Application Security News, Another server security lapse at NASA exposed staff and project data, CRLF Injection Into PHP’s cURL Options, System Down: A systemd-journald exploit, GitHub now gives free users unlimited private repositories, Twitter is broken, Government shutdown: TLS certificates not renewed, many websites are down, and much more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode46
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, US Government shutdown leaves dozens of .gov sites vulnerable, Firefox 69 to disable Adobe Flash, an unpatched vCard flaw could leave your PCs open to attackers, Tesla's contest Pwn2Own could win you a Model 3, and how building site cranes are easier to hack than garage door openers! Jason Wood from Paladin Security joins us for expert commentary on how the Boston Hospital Attacker was sentenced to 10 years in prison, and more on this episode of Hack Naked News!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode203
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Matt and Paul introduce a new quarterly segment to review the money of security, including public companies, IPOs, funding rounds, and acquisitions from the previous quarter! We've also created our own index to track public security companies called the Security Weekly 25, so let's understand how the security market is doing! In the Leadership Articles, Matt and Paul discuss how to be present, manage time, and avoid distractions, why your gut instinct is usually wrong, the 5 most efficient ways to get your work done, the creative difference between multitasking and multi-focus, and more!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode113
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Bryson Bort, the Founder and CEO of SCYTHE to talk about Attack Simulation! In the Technical Segment, Kory Findley will be presenting a tool he created entitled “pktrecon”, for internal network segment reconnaissance using broadcast and service discovery protocol traffic! In the Security News, why Hyatt Is launching a public bug bounty program, Amazon Key partners with myQ, web vulnerabilities up, IoT flaws down, enterprise iPhones will soon be able to use security dongles, how El Chapo's IT manager cracked his encrypted chats and brought him down, and more!
Full Show Notes: https://wiki.securityweekly.com/Episode589
Visit https://www.securityweekly.com/psw for all the latest episodes!
For more information about SCYTHE, visit: https://www.scythe.io/securityweekly
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Tony Cole, Chief Technology Officer at Attivo Networks for an interview! Tony joins us to discuss the cyber deception in the enterprises today, and gives a brief history of deception and its applicability to cybersecurity! In the Enterprise News, Neustar bolsters fraud detection capabilities with Trustid, almost half of containers in production have vulnerabilities, BlackBerry offers its security technology to IoT device makers, and Radware to acquire ShieldSquare for expansion of its cloud security portfolio!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode121
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Keith and Paul interview Ken Johnson, Application Security Engineer at GitHub! Ken joins us to discuss approaching AppSec the right way, "running a scanner without context", getting the right context/importance of context, and how to figure what's real and what's legit! In the Application Security News, Wormable stored XSS on WordPress.org, a security lapse revealed private complaints from Silicon Valley employees, hackers hijack thousands of Chromecasts to warn of latest security bug, a linting tool for checking accessibility, speed, and security, host websites on GitHub, and more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode45
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Ethereum hit by Double Spend attack, NSA to release reverse engineering tool for free, a Skype glitch allowed Android Authentication Bypass, Zerodium offers $2 Million for remote iOS jailbreaks, and tens of thousands of hot tubs are exposed to hacking! Our CEO Matt Alderman joins us for expert commentary on how Container Security lags amidst DevOps enthusiasm, and more!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode202
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Matt and Paul interview Tim Callahan, Global Chief Security Officer of Aflac, to discuss communicating threat intelligence to executives and the board! In the Leadership Articles, Matt and Paul discuss how to moderate a panel discussion, the secret to leading organizational change is empathy, DevOps explained, 5 cloud computing predictions for 2019, and the top 3 things CIOs lose sleep over!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode112
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Dameon Welch-Abernathy, or “Phoneboy”, a Cyber Security Evangelist at Check Point Software Technologies for an interview! Dameon joins us to discuss how to help people in the security community, a topic near and dear to our hearts! In the Technical Segment, the Security Weekly crew accompanied by Dameon holds a discussion on Breaches, Privacy, Compliance, and more! In the Security News, the worst hacks of 2018, hijacking smart TV's to promote PewDiePie, hackers attempt to sell stolen 9/11 documents, and turning your house into a DOOM level with a Roomba! All that and more, on this episode of Paul's Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode588
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Vaughn Adams, Enterprise Sales Engineer at LogRhythm! Vaughn will be talking about using freely available tools and logs you are already collecting to detect attacker behavior! In our second segment, we have a Round Table discussion entitled "What the Heck Are Security Basics?", to talk about what should organizations be doing to meet the basic security requirements, and much more! In our final segment, we air a pre-recorded interview with Mandy Logan on "Hacking the Brainstem", her trip through recovery, and how she came to love Information Security!
Full Show Notes: https://wiki.securityweekly.com/Episode587
Visit https://www.securityweekly.com/psw for all the latest episodes!
To get involved with LogRhythm, go to: www.securityweekly.com/logrhythm
Support Mandy by going to her GoFundMe Page: https://www.gofundme.com/hacking-recovery-brainstem-stroke
Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul, John Strand, and Matt Alderman talk the Enterprise News, which includes TPG in early talks to sell McAfee to Thoma Bravo, Bitdefender offers new managed threat monitoring service, Symantec and Fortinet partner to deliver robust and comprehensive Cloud Security Service, and Untangle partners with Malwarebytes to bring Layered Security to SMBs! In our final segment of the year, Paul brings you his personal Top Ten List for 2018 including his favorite acquisitions, breaches, vulnerabilities, interviews, attack tools, news articles, and more!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode120
Visit https://www.securityweekly.com/esw for all the latest episodes!
Visit https://www.activecountermeasures/esw to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Keith and Paul interview Harry Sverdlove, CTO and Founder of Edgewise! Harry joins us to discuss what Edgewise does in the AppSec world, segmentation, cloud migration, trying different architectures, and more! In the Application Security News, Facebook bug exposed private photos of 6.8 million users, thousands of Jenkins servers will let anonymous users become admins, Signal app can't include a backdoor for the Australian government, WordPress plugs bug that led to Google indexing some user passwords, and more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode44
To get involved with Edgewise, go to: https://www.edgewise.net/securityweekly
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Follow us on Twitter: https://www.twitter.com/securityweekly
This week, when meme's attack, how Google's taking steps to secure Kubernetes, suggestions for last minute Holiday IT gifts, Twitter fixes bug that exposed data, and how WordPress was targeted with clever SEO Injection Malware! Ed Sattar from Quickstart joins us for expert commentary on how to optimize your cyber security investment to maximize ROI, and more!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode201
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Visit https://www.activecountermeasures/hnn to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Matt and Paul interview Bob Ackerman, a legend in venture capital investing, and is referred to as one of "Cyber's Money Men". Bob is also the Founder and Managing Director of venture capital firm AllegisCyber! In the Leadership Articles, Matt and Paul discuss how to be productive during the holiday season, how to work from home without losing your mind, how to talk to your boss when you’re underperforming, selling your product as you build it, and more!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode111
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Visit https://www.activecountermeasures/bsw to sign up for a demo or buy our AI Hunter!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, how Taylor Swift used Facial Recognition to thwart stalkers, unlocking Android phones with a 3D printed head, Ticketmaster fails to take responsibility for malware, and it's December of 2018, to Hell with it, just patch your stuff already! In our first interview, we welcome back Ed Skoudis, Founder of the Counter Hack Challenge and Kringle Con 2018! Ed joins us on the show to talk about this years challenge and what's in store! In our final interview, we welcome back Don Murdoch, the Assistant Director at Regent University Cyber Range! Don joins us this week to discuss his book, "Blue Team Handbook: Incident Response Edition", and more!
Full Show Notes: https://wiki.securityweekly.com/Episode586
Visit https://www.securityweekly.com/psw for all the latest episodes!
Join KringleCon 2018: www.kringlecon.com
Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul and John Strand interview John Bradshaw, Senior Director and Solutions Engineer at Acalvio Technologies, to talk about 5 Tenets of Enterprise Deception! In the Enterprise News this week, NopSec announces the latest release of its flagship product, Minerva Labs Anti-Evasion Platform Achieves VMware Ready Status, SecurityScorecard Announces Partnership with Cybernance to Drive Holistic View of Cyber Risk Across the Enterprise, and we have some acquisition and funding updates from Venafi, WhiteFox, and Pindrop!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode119
Visit https://www.securityweekly.com/esw for all the latest episodes!
Visit https://www.activecountermeasures/esw to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Keith and Paul interview Chris Elgee, the Technical Engineer at Counter Hack Challenges! Chris joins Keith and Paul this week to talk about the Counter Hack Challenge, how it’s been working on the challenge vs. playing it, and more! In the Application Security News, Kubernetes instances are being hijacked worldwide, malicious sites abuse 11-year old Firefox bug that Mozilla failed to fix, Google is on a Witch Hunt for Internal Leakers, and more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode43
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Google+ flaw leads Chocolate Factory to shut down early, 40,000 credentials for government portals found online, one tweak that can save you from NotPetya, ESET discovers 21 new Linux malware variants, and how this Phishing Scam group built a list of 50,000 execs to target! Jason Wood from Paladin Security joins us for expert commentary on how Microsoft is calling for facial recognition tech regulation!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode200
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Visit https://www.activecountermeasures/hnn to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Matt and Paul interview Brian Carey, Senior Security Consultant at Rapid7! Brian talks about emerging trends that he is seeing with his clients, and how they impact their clients’ security programs, including maturity, roadmap, and recommendations! In the Leadership Articles, Matt and Paul discuss how to collaborate with people you don’t like, the right way to solve complex business problems, what the habits are of successful people, three things to know before you land a tech job, and more!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode110
To learn more about Rapid7, go to: www.rapid7.com/securityweekly
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Visit https://www.activecountermeasures/bsw to sign up for a demo or buy our AI Hunter!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, how Docker containers can be exploited to mine for cryptocurrency, WordPress sites attacking other WordPress sites, why the Marriott breach is a valuable IT lesson, malicious Chrome extensions, why hospitals are the next frontier of cybersecurity, and how someone is claiming to sell a Mass Printer Hijacking service! In our first Technical Segment, we welcome Marcello Salvati, Security Consultant at BHIS, to talk about SILENTTRINITY, a post-exploitation agent powered by Python, IronPython, C#/.NET! In our second Technical Segment, we air a pre-recorded interview of Lenny Zeltser, VP of Products at Minerva! Lenny will be discussing Evasion Tactics in Malware from the Inside Out!
Full Show Notes: https://wiki.securityweekly.com/Episode585
Visit https://www.securityweekly.com/psw for all the latest episodes!
To learn more about Minerva Labs, go to: https://l.minerva-labs.com/security-weekly
To learn more about Black Hills Information Security, go to: https://www.blackhillsinfosec.com/PSW
To look more into SILENTTRINITY, go to: https://github.com/byt3bl33d3r/SILENTTRINITY
Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul and John Strand interview Mike Nichols, the VP of Product for Endgame! Mike joins us to talk about the MITRE evaluation of Endgame, Open-Source Query Language EQL, and more! In the Enterprise Security News, Ixia extends collaboration with ProtectWise, Ping Identity brings in New Customer Identity as a service solution, Fortinet introduces new security automation capabilities on AWS, Yubico announces YubiHSM 2 integration with AWS IoT Greengrass, and more!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode118
Visit https://www.securityweekly.com/esw for all the latest episodes!
To learn more about Endgame, go to: www.endgame.com
Visit https://www.activecountermeasures/esw to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Keith and Paul interview Aleksei Tiurin, Senior Security Researcher at Acunetix! Aleksei joins Keith and Paul this week for a Technical Segment on reverse proxies using WebLogic, Nginx, and Tomcat! In the Application Security News, hackers are opening SMB ports on routers to infect PC’s with NSA malware, bug detectives whip up smarter version of classic AFL fuzzer to hunt code vulnerabilities, malware & rogue users can spy on some apps' HTTPS crypto, exploiting developer infrastructure is insanely easy, and more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode42
To learn more about Acunetix, go to: www.acunetix.com/securityweekly
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, hijacking printers to promote a YouTube channel, fake iOS apps that steal money, Google patches 11 critical RCE Android Vulnerabilities, Marriott hack hits 500 million Starwood guests, and getting Pwned through an oscilloscope! Jason Wood from Paladin Security joins us for expert commentary to discuss how the "Iceman" hacker was charged with running a drone-smuggling ring from jail, and more!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode199
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Visit https://www.activecountermeasures/hnn to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Matt Alderman interviews Jay Prassl, CEO of Automox in a Pre-Recorded interview! Jay explains what Automox does, how Automox bridges the gap between ITOps and SecOps use case, and how Automox defines the way to patch systems in the MacOS, Linux, Windows, and MSP! In the Leadership Articles, Paul is joined by Jason Alburquerque to discuss the new math of leadership, how pragmatic leaders can transform stuck organizations, why building a work community is critical, and more!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode109
To learn more about Automox, go to: www.automox.com
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Visit https://www.activecountermeasures/bsw to sign up for a demo or buy our AI Hunter!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Wietse Venema and Dan Farmer, the Developers of Security Administrator Tool for Analyzing Networks (SATAN) Sven Morgenroth of Netsparker will talk about PHP Object injection vulnerabilities and explain the dangers of PHP's unserialize function, and the crew will wrap the show with the Security News!
Full Show Notes: https://wiki.securityweekly.com/Episode584
To learn more about Netsparker, go to: https://www.netsparker.com/securityweekly
Follow us on Twitter: https://www.twitter.com/securityweekly
This week, Paul and John Strand to interview Jeremy Winter, Director of Azure Management at Microsoft, to talk about Microsoft's Azure program, what they have built, and how it helps further the evolving roles of Cloud Ops and Cloud Security! In the Enterprise News this week, StackPath launches EdgeEngine Serverless Computing, Alcide advances Cloud-Native security firewall platform, Orkus launches Access Governance platform for Cloud Security, Tufin announces a new Cloud Security solution, and more!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode117
Visit https://www.securityweekly.com/esw for all the latest episodes!
Visit https://www.activecountermeasures/esw to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Keith and Paul interview Brent Dukes! Brent is a hacker, and Director of Information Security for an established manufacturing company. He joins Keith and Paul this week to talk about WAF’s, Pentesting, Burp Suite, and more! In the Application Security News, Hackers use Drupalgeddon 2 and Dirty COW exploits to take over web servers, second WordPress hacking campaign underway, USPS took a year to fix a vulnerability that exposed all 60 million users' data, this JavaScript can snoop on other Browser Tabs to work out what you're visiting, and more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode41
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, disastrous Rowhammer bitflips, malicious developer steals Bitcoin with NodeJS module, Germany proposes router security guidelines, Uber fined 148$ Million for data breach cover-up, Microsoft yanks two buggy Office patches, and a malware advertising campaign that impacts millions of iOS users! Jason Wood from Paladin Security joins us for Expert Commentary to discuss how the FBI created a fake FedEx website to unmask a cybercriminal, and more on this episode of Hack Naked News!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode198
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Visit https://www.activecountermeasures/hnn to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Richard Seiersen, former Chief Information Security Officer at Lending Club and Twilio to talk about his CISO experience, and the book Richard co-authored called, "How to Measure Anything in Cybersecurity Risk"! In the Leadership and Communications segment, the million-dollar question of cyber-risk, risk assessments essential to secure third-party vendor management, how digital tech is transforming business ecosystem, and more!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode108
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Visit https://www.activecountermeasures/bsw to sign up for a demo or buy our AI Hunter!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, John Strand makes his triumphant return to join Paul and interview Rick Fernandez, Senior Sales Engineer at LogRhythm to talk about Choosing the Best Option for MSSPS! In the Enterprise News this week, Israeli cybersecurity company Tufin plans Nasdaq IPO, F-Secure boosts endpoint detection and response, Mimecast joins IBM Security app exchange community, and Awake Security debuts Network Traffic Analysis Platform to detect risks! In the Final Segment, we air some interviews we recorded at DEF CON and Black Hat 2018 with Irdeto, Venafi, and HP!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode116
To learn more about LogRhythm, go to: www.LogRhythm.com
For the Full DefCon18 Playlist, go to: https://securityweekly.com/summercamp18
Visit https://www.securityweekly.com/esw for all the latest episodes!
Visit https://www.activecountermeasures/esw to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Keith and Paul interview John Kinsella, Vice President of Container Security at Qualys! John discusses Qualys’ Container Security, continuous discovery, and tracking for containers and images! In the Application Security News, Instagram leaks passwords to the public, Clickjacking on Google MyAccount Worth $7,500, James Wickett's thread on Open Source SAST options, an advanced search tool for sensitive information stored in GitHub repos, and more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode40
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, what happens when support won't change your password, Gmail glitch Phishing Attacks, stopping the Infiltration of Things, Make-A-Wish website serves a Cryptojacking Script, Instagram exposes user passwords, and DirtyCOW is back in backdoor attack targeting Drupal Web Servers! Jason Wood from Paladin Security joins us for expert commentary to discuss how Ford is eyeing the use of customers personal data to boost profits!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode197
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Visit https://www.activecountermeasures/hnn to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Michael Pleasant, Chief Executive Officer and Founder at Open Security for an interview! They discuss transferring from Marine training to a business environment, and his company Open Security! In the Article Discussion, Special Guest Co-Host Jason Alburquerque joins me in studio to discuss Six ways you can establish which goals are important, How to diversify your professional network, the impact of perception and bias on leadership, and more on this episode of Business Security Weekly!!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode107
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Visit https://www.activecountermeasures/bsw to sign up for a demo or buy our AI Hunter!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Jon Buhagiar, Network+ Review Course Instructor at Sybex for an interview to talk about Network Operations! In the Technical Segment, we welcome back John Moran, Senior Product Manager at DFLabs to talk about IncMan SOAR and how DFLabs Automation & Response platform helps automate, orchestrate, and measure CSIRTs and SOCs! In the Security News this week, 7 new Spectre/Meltdown attacks, Hacking ATM's for free cash is easier than Windows XP, AI can now fake fingerprints fooling ID scanners, and Japan's cybersecurity minister admits he's never used a computer!
Full Show Notes: https://wiki.securityweekly.com/Episode583
To learn more about DFLabs, go to: www.dflabs.com/securityweekly
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul and Matt Alderman interview James Wickett, Head of Research at Signal Sciences! James talks about how security is moving to the application space and web applications! In the Enterprise News this week, AlgoSec delivers Native Cloud Security Management for Azure, HP Reinvents customer experience with Ping Identity, what mid market security budgets will look like in 2019, and we have some acquisition & funding updates from ForeScout, Dragos, Netskope, Duality, and more!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode115
To learn more about Signal Sciences, go to: www.signalsciences.com/psw
Visit https://www.securityweekly.com/esw for all the latest episodes!
Visit https://www.activecountermeasures/esw to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Keith and Paul interview Brian Kelly, Head of Conjur Engineering at CyberArk! Brian focuses on creating products that add much-needed security and identity management to the landscape of DevOps tools and cloud systems. In the Application Security News, DJI Drone Vulnerability, Hackers are increasingly destroying logs to hide attacks, Adobe ColdFusion servers under attack from APT group, understanding Open Source Code use in your business, and more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode39
To learn more about Conjur, go to: www.conjur.org/asw
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Vulnerabilities in SSD Encryption, Bypassing Windows UAC, Botnet Pwns over 100,00 routers w/ ancient security flaw, Google hit with IP Hijack, and 1 thing you can do to make your internet safer and faster! Jason Wood from Paladin Security joins us for expert commentary to discuss how Phineas Fisher got away with hacking Team Hacker!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode196
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Visit https://www.activecountermeasures/hnn to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Matt and Paul interview Dario Forte, Chief Executive Officer and Founder of DFLabs! Dario explains his journey to the position he is in now, DFLabs recent press release about Open Integration Framework, and what it allows people to do when it comes to the DFLabs platform addressing SOAR! In the Article Discussion, Matt and Paul talk the key to better focus and higher productivity, living your life on purpose, why people are willing to do more meaningful work for less money, the fundamentals of leadership, and more on this episode of Business Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode106
Check out Sponsor's website: www.dflabs.com/securityweekly
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Visit https://www.activecountermeasures/bsw to sign up for a demo or buy our AI Hunter!!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Corin Imai, Senior Security Advisor for DomainTools! She joins Paul and the crew to talk about DNS, phishing tools, and tease what DomainTools has in store for 2019! In our Technical Segment, we welcome back Eyal Neemany, Senior Security Researcher at Javelin Networks to talk about securing remote administration, remote credentials, why Jump Servers aren’t as good, and he shows that you have to connect to remote machines using AD! In the Security News, Cisco accidentally released Dirty Cow exploit code, Apache Struts Vulnerabilities, Zero Day exploit published for VM Escape flaw, Spam spewing IoT botnet infects 100,000 routers, some of these vibrating apps turn your phone into a sex toy, and more on this episode of Paul's Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode582
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul and Matt Alderman interview Harry Sverdlove, Chief Technology Officer at Edgewise to talk about Zero Trust Segmentation! In the Enterprise News this week, Symantec boosts security with Javelin Networks, ThreatQuotient integrates Verified Breach Intelligence from Visa, FireMon delivers hybrid cloud security with new visibility and orchestration, StackPath partners with Sectigo, and we have some acquisition & funding updates from Veracode, Shape Security, Thoma Bravo, and more!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode114
Visit https://www.securityweekly.com/esw for all the latest episodes!
Visit https://www.activecountermeasures/esw to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Keith and Paul interview Daniel Cuthbert, Global Head of Security Research for Banco Santander! In the Application Security News, a nasty DHCPv6 packet can Pwn vulnerable Linux Boxes, 'Stalkerware' website let anyone intercept texts of tens of thousands of people, twelve malicious Python libraries found and removed from PyPI, the U.S. Department of Defense Guide for "Detecting Agile BS", and more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode38
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul and Matt interview CISO Alex Wood! He joins us to talk about the business mind set, how to be an effective CISO, and the vulnerabilities in the business that you have to watch out for! In the Article Discussion on Leadership, Communication, and Innovation, Matt and Paul talk how getting fired can be good for your career, a powerful planning routine that puts you in control, how to get better with sales execution, why you need a theme, not goals, and more on this episode of Business Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode105
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Visit https://www.activecountermeasures/bsw to sign up for a demo or buy our AI Hunter!!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Aleksei Tiurin, Senior Security Researcher at Acunteix for a Technical Segment on Insecure Deserialization in Java/JVM! In our second Technical Segment, we welcome Matt Toussain, Security Analyst at Black Hills Information Security to talk about RAS! In the security news, Bleedingbit Vulnerabilities, Cisco Zero-Day exploited in the wild, Researchers find Flaws in chips used in hospitals, US Governments network infected with Russian Malware, and the Weird Trick that turns your Google Home Hub into a Doorstep!
Full Show Notes: https://wiki.securityweekly.com/Episode581
Visit https://www.securityweekly.com/psw for all the latest episodes!
→Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!!
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Matt Alderman is in studio to interview Ian McShane, VP of Product Marketing at Endgame! In the Enterprise News this week, LogRhythm advances NextGen SIEM security platform with SOAR, Ping Identity launches a Quickstart private sandbox, McAfee takes a big step in the cloud, Endgame improves Endpoint Security with Total Attack Lookback, and we have some acquisition updates from IBM, Red Hat, Neustar, and more!
To learn more about Endgame, go to: https://www.endgame.com
Full Show Notes: https://wiki.securityweekly.com/ES_Episode113
This week, Keith and Paul interview Johnny Xmas, Director of Field Engineering at Kasada.io! In the Application Security News, Millions of passengers affected by Cathay Pacific Airline Hack, China has been hijacking the internet backbone of Western countries, how proficient are developers at fixing Application Security flaws, MicroTik Router Bug is as bad as it gets, and more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode37
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, A one-liner exploit for X, the danger of searching for Chrome in Bing, exposing your Docker API, you can find sensitive data in the cloud, exploit users by embedded videos in Word documents, dead web apps, hacking BGP routes, a new DHCP vulnerability and hacking your brain! Jason Wood from Paladin Security joins us for expert commentary to discuss twelve malicious Python libraries found and removed from PyPI!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode195
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Visit https://www.activecountermeasures/hnn to sign up for a demo or buy our AI Hunter!!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Michael and Paul discuss the tools that have helped them in their business. They talk about the books they've read, the interviews that helped them the most, and the journey from Startup Security Weekly to Business Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode103
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Visit https://www.activecountermeasures/bsw to sign up for a demo or buy our AI Hunter!!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Veronica Schmitt, Senior Digital Forensic Scientist for DFIRLABS! Veronica explains what SRUM is in Windows 10, and how SRUM can be a valuable tool in Digital Forensics! In the Technical Segment, we welcome Yossi Sassi, the Co-Founder and Cybersecurity Researcher at CyberArtSecurity.com and Advisory Board member at Javelin Networks! Yossi joins us to discuss using Windows Powershell, discussing DCSync, DCShadow, creative Event Log manipulation & thoughts about persistence! In the Security News, Fear of AI attacks, the FDA releases cybersecurity guidance, watch hackers steal a Tesla, serious D-Link router security flaw may never be patched, and California addresses default passwords! All that and more, on this episode of Paul's Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode580
Visit https://www.securityweekly.com/psw for all the latest episodes!
To learn more about Javelin Networks, Go To: www.javelin-networks.com
Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!!
Follow us on Twitter: https://www.twitter.com/securityweekly
ike us on Facebook: https://www.facebook.com/secweekly
This week, Paul is joined by guest host Tyler Shields to interview Jonathan Sander, Security Field CTO of Snowflake computing! Jonathan explains how he came to work for Snowflake, what Snowflake does in the enterprise security space, and how Snowflake contains their data and protect from breaches as well as keeping the data safe! In the Enterprise Security News, Netscout takes internet scale Threat Protection to the Edge, Splunk addresses several vulnerabilities in Enterprise and Light products, Ping Identity launches a Quickstart Private Sandbox, and we have some acquisition updates from CheckPoint acquiring Dome9, CrowdStrike, Fortinet, Rapid7, and more!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode112
Visit https://www.securityweekly.com/esw for all the latest episodes!
Visit https://www.activecountermeasures/esw to sign up for a demo or buy our AI Hunter!
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul and April Wright discuss a jQuery Plugin that has been exploited for years is finally getting patched, a flaw in LibSSH leaves thousands of servers at risk, a remote code implantation flaw found in Medtronic Cardiac Programmers, hackers hiding Cryptocurrency malware in Adobe flash updates, how the government is finally rolling out 2 Factor Authentication for Federal Agency Domains, and how Disney is helping women from across their company to become Developers!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode36
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Critical Code execution flaws, WordPress working on wiping older versions from existence, Multiple serious flaws in Drupal, TCP/IP flaws leave IoT gear open to mass hijacking, jQuery plugin actively exploited for at least three years, Flaw in libssh leaves thousands of servers at risk of hijacking, and 8 adult websites exposes a bunch of "intimate" user data! Leonard Simon from Springboard joins us for expert commentary on how to get into the field of Information Security!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode194
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Visit https://www.activecountermeasures/hnn to sign up for a demo or buy our AI Hunter!!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Michael and Paul interview Mike McKee, CEO of ObserveIT, and he joins us to talk about the importance of focussing on people, and you do that to experience growth! In the Article Discussion, Michael and Paul talk about the root cause of workplace drama, how to make the most of meetings between IT and your business partners, how to stop procrastinating on your goals by using the “Seinfeld Strategy", and more on this episode of Business Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode103
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Visit https://www.activecountermeasures/bsw to sign up for a demo or buy our AI Hunter!!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Mark Dufresne, VP of Threat Research at Endgame for an interview, to talk about how MITRE created their tool and what the MITRE attack framework is! In our second feature interview, we welcome John Walsh, DevOps Evangelist at CyberArk to talk about Kubernetes, DevSecOps, and how to strengthen your container authentication with CyberArk! In the security news, how to use the Shodan search engine to secure an enterprise's internet presence, Apache access vulnerability could affect thousands of applications, vulnerable controllers could allow attackers to manipulate marine diesel engines, & ICS Security Plagued with basic, and avoidable mistakes! All that and more, on this episode of Paul's Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode579
Visit https://www.securityweekly.com/psw for all the latest episodes!
Sponsor Landing Page: www.endgame.com
Sponsor Landing Page: www.conjure.org/asw
Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, John Strand and Paul discuss some companies Paul got a chance to catch up with! They discuss GuardiCore and their Application Segmentation, Cyxtera and their Network Security and Software Defined Perimeters, PreVeil’s Encrypted Email and File Sharing, and more! In the Enterprise News this week, Avast launches AI-based software for phishing attacks, Carbon Black and Secureworks apply Red Cloak Analytics to Carbon Blacks Cloud, ShieldX integrates intention engine into Elastic Security Platform, and we have updates from Imperva, WhiteSource, BlackBerry, and more on this episode of Enterprise Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode111
Visit https://www.securityweekly.com/esw for all the latest episodes!
Visit https://www.activecountermeasures/esw to sign up for a demo or buy our AI Hunter!
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Millions of voter records for sale on the Dark Web, Apple passcode bypass can access pictures and contacts, how Chrome and Firefox could ruin your business, Fake Adobe updates, Microsoft Zero-Day patch for JET bug incomplete, and 5 ways attackers are targeting the Healthcare Industry! Doug White joins us for expert commentary how China used a Tiny Chip to infiltrate America's top companies, and more on this episode of Hack Naked News!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode193
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Visit https://www.activecountermeasures/hnn to sign up for a demo or buy our AI Hunter!!
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Keith and Paul interview Garrett Gross, Senior Solutions Engineer at Rapid7! They talk about catching bugs earlier in the process of development, what can lead to certain successes in development, and more! In the Application Security News, Git Project patches Remote Code Execution Vulnerability, Google is shutting down Google+ after 500k accounts potentially affected by a data breach, Facebook wants people to Invite its cameras into their homes, GitHub introduces user blocking notifications, DevOps producing more insecure apps than ever, and more on this episode of Application Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode35
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Michael and Paul talk about the Article Discussion on Leadership, Communication, and Innovation! They discuss how to automate habits and never think about them again, why it’s important to explain to employees that organizational changes are coming, how journaling can boost your leadership skills, why you need to tell them why, and more on this episode of Business Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode102
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Visit https://www.activecountermeasures/bsw to sign up for a demo or buy our AI Hunter!!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Lee Neely, Senior Cyber Analyst at Lawrence Livermore National Lab for an interview! In the Technical Segment, Omer Yair from Javelin Networks brings us through his talk he presented at DerbyCon entitled: “Goodbye Obfuscation, Hello Invisi-Shell”! In the security news, new Apple and Microsoft security flaws at Black Hat Europe, CCTV makers leaves at least 9 million cameras public, upset Google+ users are suing Google, US weapons systems apparently can be easily hacked, not all multifactor authentication is created equal, and Kanye's '000000' password makes iPhone security Great again! All that and more, on this episode of Paul's Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode578
Visit https://www.securityweekly.com/psw for all the latest episodes!
→Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, in the Enterprise News, Paul is joined by Joff Thyer to discuss WhiteHat Security's single page application scanning, Palo Alto Networks acquires RedLock to build out Cloud Security, KnowBe4 boosts security awareness training, Symantec brings workload assurance security to the cloud, and Splunk unveils first IoT platform for Customers! In our final segment, we air a Pre Recorded interview from Microsoft Ignite with Secure Digital Life host Doug White and CTO of Microsoft, Mark Russinovich!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode110
Visit https://www.securityweekly.com/esw for all the latest episodes!
Visit https://www.activecountermeasures/esw to sign up for a demo or buy our AI Hunter!
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Tenable researcher reveals extended MikroTik Router Vulnerability, Wi-Fi versions will get names people can actually understand, don't accept Facebook's 2nd friend request, Google Plus exposed 500,000 users data, weak passwords are being banned in California, and code execution bug in malicious repositories resolved by Git Project! Juxin Dyrmishi Brigjaj of Acunetix joins us for expert commentary to talk about the resurgence of XSS after the big British Airways and NewEgg Hack! All that and more, on this episode of Hack Naked News!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode192
Sponsor Landing Page: https://www.acunetix.com/securityweekly/
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Visit https://www.activecountermeasures/hnn to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Michael and Paul interview Jason Albuquerque, CISO at Carousel Industries! Jason explains how to run your security team as in a 'fish bowl', and how to apply this technique to your clients and their business! In our second segment, they discuss how to develop empathy for someone who annoys you, separating the quality of the outcome and quality of the decision, and much more!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode101
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Visit https://www.activecountermeasures/bsw to sign up for a demo or buy our AI Hunter!!
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul and John Strand interview Mike Gordover, iSenior Solutions Architect at ObserveIT! They discuss the current perception in the market of DLP, how ObserveIT’s solutions differ from traditional DLP, what challenges he faces when combating insider threats, and much more! In the Enterprise Security News, Mimecast offers free training kit as part of Cybersecurity Awareness Month, Microsoft will finally kill off the old Skype client (for real this time), LogRhythm receives patent for data monitoring tech, Tufin launches first of its kind program for MSSPs, three reasons why BlackBerry stock is potentially about to soar, and more on this episode of Enterprise Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode109
ObserveIT Landing Page: www.observeit.com/securityweekly
Visit https://www.securityweekly.com/esw for all the latest episodes!
Visit https://www.activecountermeasures/esw to sign up for a demo or buy our AI Hunter!
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Robocallers get huge fines for spoofing phone numbers, 100,000 home routers used for Brazilian hacking scam, 85 reasons to update your Adobe PDF software, 9 NAS bugs open LenovoEMC, 5 major Security updates for Chrome extensions, and Twitter bans distribution of hacked materials ahead of the US midterm elections! Sven Morgenroth of Netsparker joins us for expert commentary this week on the most recent Facebook hack!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode191
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Visit https://www.activecountermeasures/hnn to sign up for a demo or buy our AI Hunter!!
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Keith and Paul talk about landing a job in Application Security! They discuss attending local meetups and conferences, practicing your coding skills, getting educated by World Class security researchers, doing your homework, and much more! In the Application Security News, Facebook discloses the loss of at least 50 millions access tokens, Google admits to allowing hundreds of companies to read your email, FireFox Monitor will alert you when your accounts have been Pwned, Microsoft releases MS-DOS v1.25 and v2.0 as Open Source, and more on this episode of Application Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode34
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul interviews Mike Nichols of Endgame, Keith McCammon of Red Canary, & Shawn Smith of Panhandle Educators Federal Credit Union! Carlos Perez deliver the Technical Segment on How to Operate Offensively Against SysMon, and the crew will wrap the show with the Security News!
Full Show Notes: https://wiki.securityweekly.com/Episode577
Visit https://www.securityweekly.com/psw for all the latest episodes!
This week, Paul and Matt Alderman talk about Threat and Vulnerability management, and how Cloud and Application security's impact on vendors can help with integration in the Enterprise! In the Enterprise News this week, Bomgar to be renamed BeyondTrust after acquisition, Attivo brings cyber security deception to containers and serverless, Symantec extends data loss prevention platform with DRM, ExtraHop announces the availability of Reveal(x) for Azure, and Cloud Native applications are at risk from Zero Touch attacks! All that and more on this episode of Enterprise Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode108
Visit https://www.securityweekly.com/esw for all the latest episodes!
Visit https://www.activecountermeasures/esw to sign up for a demo or buy our AI Hunter!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Keith and special guest host April Wright interview Ron Gula, Founder of Tenable and Gula Tech Adventures! They discuss security in the upcoming elections, how to maintain separation of duties, attack simulation, and more! In the Application Security News, Hackers stole customer credit cards in Newegg data breach, John Hancock now requires monitoring bracelets to buy insurance, the man who broke Ticketmaster, new security settings available in iOS 12, State Department confirms data breach exposed employee data, and more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode33
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, WordPress sites backdoored with malicious code, Google's forced sign in to Chrome raises red flags, Newegg is victimized by Magecart Malware, a Woman hijacked CCTV cameras for Trump's inauguration, Bitcoin DDoS attacks, Cybercriminals target Kodi for Malware, and a Security Researcher is fined for hacking hotel Wifi. Jason Wood joins us for expert commentary on Google Chrome's "dark pattern" of poor privacy changes, on this episode of Hack Naked News!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode190
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Visit https://www.activecountermeasures/hnn to sign up for a demo or buy our AI Hunter!!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Michael is joined by April Wright to interview Scott King, Sr. Director of Strategic Advisory Services at Rapid 7! In this two part interview, Michael and April talk with Scott about transitioning into his role at Rapid7, ICS Security, the best practices to understand how these systems work, holding accountability, and how legal and security share common goals!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode100
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Visit https://www.activecountermeasures/bsw to sign up for a demo or buy our AI Hunter!!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul interviews Mike Ahmadi, Global Director of IoT Security Solutions at DigiCert! Apollo Clark delivers the Technical Segment on Threat Hunting in the Cloud! In the Security News this week, Senate can't protect senators staff from Cyber Attacks, Equifax fined by ICO over data breach that hit Britons, US judge allows e-voting despite hack fears, Zero Day in Internet connected cameras, US Military given the power to hack back and defend forward, and AmazonBasics Microwave works with Alexa!
Presentation Link: https://www.slideshare.net/ApolloClark/threat-hunting-in-the-cloud
Project: https://github.com/apolloclark/tf-aws
Commands: https://gist.github.com/apolloclark/35cb4a7501ac41df763bc45860fbd406
Full Show Notes: https://wiki.securityweekly.com/Episode576
Visit https://www.securityweekly.com/psw for all the latest episodes!
→Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!!
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Doug White and Matt Alderman talk about Big Time IT Audit Mistakes in the Enterprise! In the Enterprise News this week, Cisco aims to make security foundational throughout Its business, Fidelis looks to grow cyber-security platform, how artificial intelligence can improve human decision-making in IoT apps, Crossmatch announces the availability of DigitalPersona v3.0, and Video Fingerprinting. All that and more on this episode of Enterprise Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode107
Visit https://www.securityweekly.com/esw for all the latest episodes!
Visit https://www.activecountermeasures/esw to sign up for a demo or buy our AI Hunter!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Keith Hoodlet and Paul Asadoorian interview April Wright from ArchitectSecurity.org! Next, bugs, breaches, and more in the Application Security News!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode32
Visit https://www.securityweekly.com/asw for all the latest episodes!
Drone assassins are cheap, deadly, and at your local store, State Department shamed, MS-ISAC releases advisory advisory PHP vulnerabilities, a nasty piece of CSS code, a Zero-Day bug in CCTV surveillance cameras, and FreeBSD has its own TCP-queue-of-death bug! Jason Wood's expert commentary on The Effectiveness of Publicly Shaming Bad Security!
Full Show Notes: https://wiki.securityweekly.com/HNNEp... Visit http://hacknaked.tv to get all the latest episodes!
This week, Michael Santarcangelo returns! Michael and Matt Alderman interview Chris Brenton from Active Countermeasures. Then the Tracking Security Innovation segment with special guest Ron Gula from Gula Tech Adventures!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode99
Visit https://www.securityweekly.com/bsw for all the latest episodes!
This week, Paul interviews Brian Coulson, Sr. Threat Research Engineer at LogRhythm! Eyal Neemany, Sr. Cyber Security Researcher at Javelin Networks delivers the Technical Segment on Bypassing PAM! In the Security News, Microsoft accidentally let encrypted Windows 10 out into the world, Kernel exploit discovered in macOS Webroot SecureAnywhere antivirus software, PowerShell obfuscation ups the ante on antivirus, Bomgar Buys BeyondTrust, and a low cost rubber ducky!
Full Show Notes: https://wiki.securityweekly.com/Episode575
Visit https://www.securityweekly.com/psw for all the latest episodes!
→Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!!
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul and Matt Alderman interview Dave Maestas, Co-Founder and Chief Technology Officer at Bandura! In the Enterprise News, Proofpoint automates email security With CLEAR, OneLogin and Netskope partner to expand Cloud Security, Corelight expands network security platform with Virtual Edition, Demisto releases State of SOAR 2018 Report, OneLogin and Netskope partner to expand cloud security, and more on this episode of Enterprise Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode106
Visit https://www.securityweekly.com/esw for all the latest episodes!
Visit https://www.activecountermeasures/esw to sign up for a demo or buy our AI Hunter!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Keith and Paul interview Zane Lackey, Chief Security Officer and Founder of Signal Sciences! In the news, U.S. government releases Post-mortem on Equifax, Microsoft Windows Zero-Day found in Task Scheduler, British Airways breached via XSS, Windows subsystem Linux for Linux Distros, Bug Bounties and mental health, and more on this episode of Application Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode31
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, stealing your Tesla, British Airways hack, Equifax long list of mistakes, Windows 7 support, oops I forgot to encrypt your chats, I can see your browser history, Tor browsers, VPNs and Coldfusion? Jason Wood from Paladin Security joins us for expert commentary, so stay tuned for this episode of Hack Naked News!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode188
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Visit https://www.activecountermeasures/hnn to sign up for a demo or buy our AI Hunter!!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, we share a Pre-Recorded interview with Gabriel Gumbs, VP of Product Strategy at STEALTHbits! We talk about moving from detection to prevention, and protecting your data! In Tracking Security Innovation, Imperva acquires app security firm Prevoty, Allstate accelerates expansion into Identity Protection, 100+ startups globally accepted into StackPaths Propel startup program, Kaseya acquires RapidFire Tools, Very Good security makes data unhackable with Andreessen, and some excellent funding rounds from various companies!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode98
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Visit https://www.activecountermeasures/bsw to sign up for a demo or buy our AI Hunter!!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul and the crew sit down with Wim Remes, Founder and Principal Consultant at Wire Security! In our Technical Segment, we welcome back Chris Brenton, Chief Operating Officer for Active Countermeasures, in which he explains why Beacon Analysis in an integral part of threat hunting! In the Security News this week, Vulnerabilities found in remote management interface of Supermicro servers, Google fixes Chrome issue that allowed theft of WiFi logins, U.S. to charge North Korean spy over WannaCry and Sony Pictures hack, how to manipulate Apple’s podcast charts, and a Spanish driver that tests positive for every drug on the test. All that and more, on this episode of Paul’s Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode574
** Link to slides for the Technical Segment can be found in the show notes!
Visit https://www.securityweekly.com/psw for all the latest episodes!
→Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!!
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul and John talk BitSight, SentinelOne, Swimlane, Fortinet, and more! After the Enterprise News, we air some pre-recorded interviews from Black Hat and DEF CON with Mimecast CTO Marc French, Director of Solutions of Synopsys Ofer Maor, CEO of ThreatX Bret Settle, and Willy Leichter of Virsec!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode105
Visit https://www.securityweekly.com/esw for all the latest episodes!
Visit https://www.activecountermeasures/esw to sign up for a demo or buy our AI Hunter!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Android OS API-Breaking Flaw, Thousands of MikroTik Routers Hacked, John McAfee's "unhackable" Bitcoin wallet is hackable, misconfigured 3D printers, researchers used sonar signal to steal unlock passwords, and the Linux Foundation sets to improve Open-Source code security. Ron Gula of Gula Tech Adeventures joins us for expert commentary, so stay tuned for this episode of Hack Naked News!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode187
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Visit https://www.activecountermeasures/hnn to sign up for a demo or buy our AI Hunter!!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul and the crew sit down with Jayson Street, VP of Infosec at SphereNY for an interview! John Moran, Senior Project Manager of DFLabs delivers the Technical Segment on a new No-Script Automation Tool! In the Security News this week, 0-Day Windows exploits, How to hide sensitive files in encrypted containers, Misfortune Cookie vulnerability returns, and bank robbers faked Cosmos backend to steal 13.5$ million! All that and more, on this episode of Paul’s Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode573
Visit https://www.securityweekly.com/psw for all the latest episodes!
→Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!!
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul and John Strand interview Rick Holland, CISO at Digital Shadows! In our Technical Segment, John Strand talks about Office 365 User Behavior Analytics! In the Enterprise News this week, we have updates from VMware, Caveonix, Qualys, Minerva Labs, Bitdefender, CrowdStrike, and more on this episode of Enterprise Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode104
Visit https://www.securityweekly.com/esw for all the latest episodes!
Visit https://www.activecountermeasures/esw to sign up for a demo or buy our AI Hunter!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Keith and Paul discuss The Apache Struts2 RCE Vulnerability! In the news, Using Signal Sciences to defend against Apache Struts, PHP flaw puts WordPress sites at risk, Oracle will charge for Java starting in 2019, how Netflix does Failovers in 7 minutes flat, Burp Suite 2.0 Beta released, even anonymous coders leave fingerprints, and more on this episode of Application Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode30
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul is joined by Dr. Doug White to interview Todd Weller, Chief Security Officer at Bandura Systems! In the Tracking Security Innovation segment, Paul and Doug talk about updates from AlienVault, Cloudera, Splunk, CA, and more on this episode of Business Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode97
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Visit https://www.activecountermeasures/bsw to sign up for a demo or buy our AI Hunter!!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, AT commands will pwn your phone, Adobe gets creative with an update, protecting your pin, why companies should use the Google Play store, 0-day Windows vulnerabilities disclosed on Twitter, and side-channel attacks that can be mitigated with tin foil. Jason Wood from Paladin Security joins us for expert commentary on an Enterprise version of Burp on the way, so stay tuned for this episode of Hack Naked News!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode186
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Visit https://www.activecountermeasures/hnn to sign up for a demo or buy our AI Hunter!!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul and the crew sit down with Tod Beardsley, Director of Research at Rapid7 for an interview! Sven Morgenroth, Security Researcher at Netsparker delivers the Technical Segment on PHP Type Juggling Vulnerabilities! In the Security News this week, The Untold story of NotPetya, New Apache Struts RCE Flaw, How door cameras are creating dilemmas for police, Google gets sued for tracking you even when your location history is off, and Artificial Whiskey is coming, and one company is betting you'll drink up! All that and more on this episode of Paul’s Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode572
Visit https://www.securityweekly.com/psw for all the latest episodes!
→Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!!
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul and John Strand interview Mike Jones, VP of Product at DomainTools! In our final segments, we air the last of our Pre-Recorded interviews with Paul and Matt Alderman LIVE from DEF CON and Black Hat, discussing different security vendors they encountered at biggest security conferences in the country!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode103
Visit https://www.securityweekly.com/esw for all the latest episodes!
Visit https://www.activecountermeasures/esw to sign up for a demo or buy our AI Hunter!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Keith and Paul interview Tom McLaughlin, Founder of ServerlessOps! In the final segment, we air a Pre-Recorded segment with Paul and Matt Alderman, as they sat down at DEF CON to talk all things AppSec, vendors that were there, and companies they had briefings with from our pool cabana!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode29
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Hacking Blackhat Badges, USB Harpoons (not the ale), PHP attacks, privacy in Las Vegas hotels, or not, who is looking at your DNS requests?, AWS breaches. Jason Wood from Paladin Security joins us for expert commentary on Social networks getting fined for hosting terrorist content so stay tuned to this episode of Hack Naked News!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode185
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Visit https://www.activecountermeasures/hnn to sign up for a demo or buy our AI Hunter!!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul and Matt Alderman interview Sharon Goldberg, CEO/Co-Founder of Commonwealth Crypto, and makes her return to Security Weekly! In our final segment, we air a pre-recorded segment with Matt Alderman and Paul live from DEF CON, discussing different vendors and CEO’s they had a chance to sit down with explaining their products and marketing in the security industry!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode96
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Visit https://www.activecountermeasures/bsw to sign up for a demo or buy our AI Hunter!!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, our very own Larry Pesce delivers the Technical Segment on Spoofing GPS with a hackRF! In the Security News, Hacking Police Bodycams, Adobe execution flaws, Google expands to Bug Bounty Program, and if you live in Australia, you could face ten years in jail if you don't unlock your phone! In our final segment, we air our pre-recorded interview with Paul and Matt Alderman from DEF CON on Cigars and Security!
Full Show Notes: https://wiki.securityweekly.com/Episode571
Visit https://www.securityweekly.com/psw for all the latest episodes!
→Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!!
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul and John Strand interview Al Ghous, Senior Director of Cyber Security at GE Digital! In our second segment, Paul and Matt review the ICS security landscape, discussing the problems and potential solutions to secure critical infrastructure. In the final segment, Paul and Matt discuss all of the vendors providing attack simulation solutions, including why you want (or need) this type of solution, the problem(s) they solve, and differentiators. This is an exciting space, so exciting that Paul and Matt sweat A LOT as this was recorded live from our pool cabana in Las Vegas!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode102
Visit https://www.securityweekly.com/esw for all the latest episodes!
Visit https://www.activecountermeasures/esw to sign up for a demo or buy our AI Hunter!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Keith is joined by Dr. Doug White to discuss Secure Coding Practices! In the news, Comcast security flaws, Facebook plans to partner with banks, hacker finds ‘God Mode’ in x86 CPU’s, bypassing CSP using polyglot JPEGs, and more on this episode of Application Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode28
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Las Vegas, Linux vulnerabilities, malicious faxes, Apple macOS vulnerabilities, and police body cams open to attack. We air a pre recorded interview with Matt Alderman and Torin Sandall from Styra at Black Hat 2018, and more on this episode of Hack Naked News!
OPA Website: https://www.openpolicyagent.org/
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode184
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Visit https://www.activecountermeasures/hnn to sign up for a demo or buy our AI Hunter!!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Keith and James Wickett interview Galen Hunt, Distinguished Engineer and Director at Microsoft! In the news, hackers automate the laundering of money via Clash of Clans, Epic Games sidesteps the Play Store with Fortnite for Android launch, the most exciting game, and more on this episode of Application Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode27
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, we air our pre-recorded interview with Eric Bednash, CEO of RackTop! In our second interview, Paul interviews Katie Stebbins, Research Associate Professor of Computer Science at UMASS!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode95
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Visit https://www.activecountermeasures/bsw to sign up for a demo or buy our AI Hunter!!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul interviews Josh Abraham, Staff Engineer at Praetorian! In the Technical Segment, our very own Larry Pesce gives an introduction to FL2K! In the Security News, Microsoft Edge flaws, Ransomware attacks, Yale university data breaches, Reddit data breaches, Linux kernels, and in our Funny story of the week, why people are rubbing toothpaste on their breasts to make them larger, and more on this episode of Paul’s Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode570
Visit https://www.securityweekly.com/psw for all the latest episodes!
→Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!!
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul is joined by Security Weekly’s very own Jeff Man, to talk about Evaluating Security Vendors at Trade shows! In the Enterprise News, Mimecast snaps up Solebit for $88 Million, NetSpectre attack could enable remote CPU exploitation, Oracle brings autonomous security to identity with Trust Fabric, and more on this episode of Enterprise Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode101
Visit https://www.securityweekly.com/esw for all the latest episodes!
Visit https://www.activecountermeasures/esw to sign up for a demo or buy our AI Hunter!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Keith and Paul interview Jessica Rozhin, Security Engineer at Marqeta! In the news, New Spectre attack can remotely steal secrets, Microsoft discovers supply chain attack at unnamed maker of PDF Software, XSS filter in edge, and OWASP iGoat is a vulnerable swift application for iOS!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode26
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, hacking AOL style, DHS attempts to secure critical infrastructure, hacking for poison, ERP targeting, hacking 10,000 Wordpress sites, prisoners steal things, wiping your car and get paid to hack your printer. Ed Sattar from QuickStart joins us for expert commentary with some tips for breach prevention, and more on this episode of Hack Naked News!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode182
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Visit https://www.activecountermeasures/hnn to sign up for a demo or buy our AI Hunter!!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul is joined by Matt Alderman in the absence of Michael to talk about reducing the number of decisions that you have to make on any given day. In Tracking Security Innovation, we have updates from Tenable, Carbon Black, Sophos, and Imperva!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode94
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Visit https://www.activecountermeasures/bsw to sign up for a demo or buy our AI Hunter!!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul interviews Dean Coclin, Senior Director of Business Development at DigiCert! In our second feature interview, we welcome Chris Dale, Head of the Penetration Testing and Incident Handling at Netsecurity! In the Security News, Bluetooth bug allows man-in-the-middle attacks on phones and laptops, serial killer electrocutes himself in jail cell sex act, Google launches its own USB-based FIDO U2F keys, and more on this episode of Paul’s Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode569
Visit https://www.securityweekly.com/psw for all the latest episodes!
→Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!!
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul and John interview Corey Thuen, Founder of Gravwell! John performs a Technical Segment on whether your enterprise should replace your antivirus software!! In the Enterprise News, Google Cloud everywhere, Fortinet, CLOUDHealth, Sumo Logic, and more on this episode of Enterprise Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode100
Visit https://www.securityweekly.com/esw for all the latest episodes!
Visit https://www.activecountermeasures/esw to sign up for a demo or buy our AI Hunter!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Keith and Paul interview Joe Garcia, Global Corporate Solutions Engineer at CyberArk! In the news, Venmo caught publishing all transactions publicly, Oracle releases critical patches, Microsoft releases PowerShell Core for Linux, Health insurers are vacuuming up details about you, changing your screen to Grayscale can help fight phone addiction, and more on this episode of Application Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode25
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Edgy XSS bypass, hacking fitness tracking in China, Russian hackers love power, leaky backups, Google hates Phishing for Google employees, Apache Tomcat, Solaris vulnerabilities that weren't really fixed, OpenWhisk fails to beat a vulnerability.
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode182
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Visit https://www.activecountermeasures/hnn to sign up for a demo or buy our AI Hunter!!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Michael and Paul interview Gary Berman, CEO of Cyberman Security and Author of "CyberHero Adventures"! In the Article Discussion, Michael and Paul discuss the power of leaders who focus on solving problems, always waiting for and trusting the question, what someone learned from 5 years at Gartner, & how “Urgency bias” is killing your productivity.
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode93
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Visit https://www.activecountermeasures/bsw to sign up for a demo or buy our AI Hunter!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul interviews Davi Ottenheimer, Product Strategy at MongoDB! In our second feature interview, we welcome Chris Spehn, Consultant at Mandiant’s Red Team! In the Security News, Pentesting, SIM Hijackers, Thousands of Mega logins dumped online, the Russians who allegedly hacked the DNC mined Bitcoin for funds, and more on this episode of Paul’s Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode568
Visit https://www.securityweekly.com/psw for all the latest episodes!
→Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul interviews John Moran, Senior Product Manager of DFLabs to talk about SOAR! Paul and John will then wrap up with the Enterprise News to give updates on McAfee, ThreatConnect, Optiv Security, CA Technologies, and more on this episode of Enterprise Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode99
Visit https://www.securityweekly.com/esw for all the latest episodes!
Visit https://www.activecountermeasures/esw to sign up for a demo or buy our AI Hunter!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Keith and Paul discuss AppSec Solutions is a DevOps World! In the news, Compromised JavaScript Package Caught Stealing npm Credentials, remote iOS bugs, a $39 device that can defeat iOS USB Restricted mode, Broadcom buys CA Technologies, and more on this episode of Application Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode24
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Michael and Paul interview Mayank Varia, Research Associate Professor of Computer Science at Boston University! Mayank is also the co-director of BU's Center for Reliable Information Systems & Cyber Security.
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode92
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Visit https://www.activecountermeasures/bsw to sign up for a demo or buy our AI Hunter!!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul interviews Zane Lackey, Founder and CSO of SIgnal Sciences! In our second feature interview, Paul talks with Limor Elbaz, Founder of Peerlyst! In the Security News, Arch Linux PDF reader package poisoned, WPA3, Two news Spectre-class CPU flaws cause $100k bounty, Average cost of a data reach exceeds $3.8 million, ,and more on this episode of Paul’s Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode567
Visit https://www.securityweekly.com/psw for all the latest episodes!
→Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!!
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul and John interview Ferruh Mavituna, Founder of Netsparker! In the Technical Segment, CISO from Automox Joe McManus joins us to discuss ! Paul and John will then wrap up with the Enterprise News to give updates on, and more on this episode of Enterprise Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode98
Visit https://www.securityweekly.com/esw for all the latest episodes!
Visit https://www.activecountermeasures/esw to sign up for a demo or buy our AI Hunter!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Keith and Paul talk The Hardest Problem in Application Security: Visibility. In the news, Google patches critical remote code execution bugs in Android OS, JavaScript API for face recognition in the browser with tensorflow.js, Social media apps are 'deliberately' addictive to users, and more on this episode of Application Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode23
Visit https://www.securityweekly.com/asw for all the latest episodes!
Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Michael and Paul talk how to get the upper hand in any offer, experts needing to get better at telling stories, why companies need to build a skills inventory, and more! In our feature interview, CSO of Cisco Edna Conway makes her return on Business Security Weekly to sit down with Paul to discuss Intellectual Property! All that and more on this episode of Business Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode91
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Visit https://www.activecountermeasures/bsw to sign up for a demo or buy our AI Hunter!!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Keith is joined by James Wickett from Signal Sciences to interview Thomas GX, CEO of Yelda and Founder of CommitStrip! In the news, Keith and James talk GitHub Hackers, Ticketmaster breach, Sniffing network traffic, and more on this episode of Application Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode22
Visit https://www.securityweekly.com/asw for all the latest episodes!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul interviews Tom Brennan, Founder of Proactive Risk, and Gary Berman, CEO of Cyberman Security! Our very own Joff Thyer delivers the Technical Segment this week entitled "Fun with Android APK's"! Paul and the crew will then wrap up the show with the Security News, and more on this episode of Paul’s Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode566
Visit https://www.securityweekly.com/psw for all the latest episodes!
→Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!!
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul and John interview Gabriel Gumbs, VP of Product Strategy at STEALTHbits! Paul and John will then wrap up with the Enterprise News, and give updates on CyberArk, Demisto, Sophos, and more on this episode of Enterprise Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode97
Visit https://www.securityweekly.com/esw for all the latest episodes!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Keith and Paul interview Dan Kuykendall, Sr. Director of Application Security Products at Rapid7! In the news, Flaw in macOS 'Quick Look' could reveal encrypted data, the man who was fired by a machine, Deploy to Azure with Docker and VS Code, and more on this episode of Application Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode21
Visit https://www.securityweekly.com/asw for all the latest episodes!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Michael and Paul bring to you a special Topic Segment this week entitled "How To Conduct a Time Audit"! In the Article Discussion, Tron Foundation acquired BitTorrent for $140 Million, PayPal raised $200 Million in Series E Cylance raised $120 Million in Series E, and more on this episode of Business Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode90
Visit https://www.securityweekly.com/bsw for all the latest episodes!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul interviews Galen Hunt, Founder of Microsoft Azure Sphere and Distinguished Engineer at Microsoft! Hack Naked News host Jason Wood delivers the Technical Segment on NMAP Scripts! Paul and the crew will then wrap up the show with the Security News, and more on this episode of Paul’s Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode565
Visit https://www.securityweekly.com/psw for all the latest episodes!
→Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!!
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul and John discuss IPFIX, and how John learned to love it and not hate it! In the Enterprise News, we have updates from ForeScout, SafeBreach, ExtraHop, Fortinet, and more on this episode of Enterprise Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode96
Visit https://www.securityweekly.com/esw for all the latest episodes!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Michael and Paul interview Sandy Dunn, CISO for Blue Cross of Idaho! In Tracking Security innovation, Splunk acquired VictorOps for $120M, Claroty raised $60 in Series B, Two techniques for helping employees change ingrained habits, and more on this episode of Business Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode89
Visit https://www.securityweekly.com/bsw for all the latest episodes!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, we share our Pre-Recorded interview with Ron Gula, Founder of Gula Tech Adventures! In the news, Paul is joined by Business Security Weekly host Michael Santarcangelo to discuss Microsoft Windows remote kernel crash vulnerability, Cops are confident that iPhone hackers found a workaround to Apple's new security feature, and more on this episode of Application Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode20
Visit https://www.securityweekly.com/asw for all the latest episodes!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul interviews Jason Haddix, VP of Trust and Security at Bugcrowd! In our Technical Segment, Application Security Weekly host Keith Hoodlet talks about Bug Bounty Hunting! Paul and the crew will then wrap up the show with the Security News, and more on this episode of Paul’s Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode564
Visit https://www.securityweekly.com/psw for all the latest episodes!
→Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!!
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul and John welcome Chris Brenton, Chief Operating Officer of Active Countermeasures! In the Enterprise News, we have updates from Riverbed, Tufin, ServiceNow, Splunk, and more on this episode of Enterprise Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode95
Visit https://www.securityweekly.com/esw for all the latest episodes!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Keith and Paul interview Peter Chestna, Director of Developer Engagement at Veracode! In the news, Windows 10 update April 2018 update breaks SMBv1, GitHub vs. GitLab, ThoughtWorks Technology Radar, DevOps brings value to security, and more on this episode of Application Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode19
Visit https://www.securityweekly.com/asw for all the latest episodes!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul is joined by Matt Alderman to interview Masha Sedova, Co-Founder of Elevate Security! In the Article Discussion, “Senior Executives Get More Sleep Than Everyone Else”, “The Changing Face of B2B Marketing”, “The Best Mentors Ask These 8 Questions”, and more! In Tracking Security Innovation, Fortinet acquired Bradford Networks, Qualys acquired Second Front Systems, and more on this episode of Business Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode88
Visit https://www.securityweekly.com/bsw for all the latest episodes!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Technology Alliances Engineer at LogRhythm Jake Reynolds joins us for an interview! Matt Alderman and Doug White run the show this week and talk with the crew about the Security News: Google Chrome has a critical vulnerability, Flash has another zero-day exploit, Colorado passes “most stringent” breach notification law, hackers hack a plane from the ground! In our final segment, we air our pre-recorded interview with John Kinsella, Co-Founder and Head of Product for Layered Insight!
Full Show Notes: https://wiki.securityweekly.com/Episode563
Visit https://www.securityweekly.com/psw for all the latest episodes!
→Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!!
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, on a Special Edition of Enterprise Security Weekly, Paul and John welcome Adrian Sanabria, Director of Research for Savage Security; Dave Kennedy, Founder of TrustedSec, Binary Defense, and DerbyCon; and Security Weekly's very own Jeff Man, for a group discussion on Penetration Testing! In the Enterprise News, we have updates from Qualys, Twistlock, Fortinet, Tenable, and more on this episode of Enterprise Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode94
Visit https://www.securityweekly.com/esw for all the latest episodes!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Keith and Paul discuss what the difference is between Agile and DevOps! In the Learning and Tools, OWASP Top 10 Proactive Controls v3.0 released, VS Live Share, Bob Ross Lorem Ipsum, and more! In the news, we have updates from Oracle, Microsoft, GDPR, and more on this episode of Application Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode18
Visit https://www.securityweekly.com/asw for all the latest episodes!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Michael and Paul interview CISO of Harvard University, Christian Hamer! In our second feature interview, Michael and Paul talk with Jonathan Pritchard, Founder of Like A Mind Reader Training! In Tracking Security Innovation, Microsoft to acquire GitHub for $7.5B, Signifyd raised $100M Series D, Cyberbit raised $30M in an equity round, and more on this episode of Business Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode87
Visit https://www.securityweekly.com/bsw for all the latest episodes!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, AppSec Lead for Uptake Technologies Ronnie Flathers joins us for our feature interview! Chris Elgee and Lee Ford of the Massachusetts Army National Guard will then join us for our second feature interview! In the news, dozens of vulnerabilities discovered in DoD's enterprise travel system, what Apple's hiding with iOS 11.4, Git repository vulnerability leads to remote code execution, and more on this episode of Paul's Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode562
Visit https://www.securityweekly.com/psw for all the latest episodes!
→Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!!
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul and John interview the CEO and CTO of RackTop Systems, Eric Bednash and Jonathan Halstuch! In the news, we have updates from Lastline, Duo Security, Varonis, InAuth, and more on this episode of Enterprise Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode93
Visit https://www.securityweekly.com/esw for all the latest episodes!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
This week, we interview Steven Bellovin, the Professor of Computer Science at Columbia University! For the Technical Segment, we're joined by Sven Morgenroth, Security Researcher at Netsparker! In the news, GDPR's impact on U.S. consumer privacy, DOJ Sinkholes, FBI seizes domain from Russia, Floridian man gets tasered while naked carrying cooking oil, and more on this episode of Paul's Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode561
Visit https://www.securityweekly.com/psw for all the latest episodes!
This week, John Strand returns and runs the show solo, presenting his Technical Segment entitled "Build A Purple Team"! In the news, we have updates from Skybox, Wombat Security, McAfee, AlgoSec, and more, on this episode of Enterprise Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode92
Visit https://www.securityweekly.com/esw for all the latest episodes!
This week, Keith and Paul interview James Wickett, Head of Research at Signal Sciences! In the news, we have updates from Nest, Node.js, Google, F.Secure, and more on this episode of Application Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode17
Visit https://www.securityweekly.com/asw for all the latest episodes!
This week, Michael and Paul interview Corey Thuen and Kristopher Watts, Founders of Gravwell! In our second feature interview, Michael and Paul talk with Terry Mason on how to build a Third Party Risk Management program from the ground up! In Tracking Security Innovation, we have updates from Capital One, TransUnion, Auth0, Tanium, and more on this episode of Business Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode86
Visit https://www.securityweekly.com/bsw for all the latest episodes!
This week, we interview Matthew Silva, an Undergraduate student attending Roger Williams University, and is the President and Founder of the Cybersecurity and Intel Club! Paul will deliver the Technical Segment this week entitled "Configuring Your Own Travel Router with OpenVPN"! In the news, we have updates from Google, Nest, VMware, RedHat, ,and more on this episode of Paul's Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode560
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!!
This week, Paul interviews Ron Gula, Co-Founder of Tenable and Founder of Gula Tech Adventures! In the news, we have updates from ServiceNow, Red Hat, ExtraHop, SailPoint, and more on this episode of Enterprise Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode91
Visit https://www.securityweekly.com/esw for all the latest episodes!
Thomas Fischer joins us at Source Boston 2018. Thomas Fischer tells Paul about his talk at Source Boston on "GDPR: Why it Matters Now!". Michael Santarcangelo joins Paul Asadoorian at Source Boston 2018 for an Enterprise Security Weekly interview. Michael Santarcangelo is the Founder of Security Catalyst, author of "Into the Breach", creator of the Straight Talk Framework, and host of Business Security Weekly. Apollo Clark, a well-known name on the Security Weekly network, joins us at Source Boston to discuss his talk on Malicious User Stories.
Visit http://securityweekly.com/esw for all the latest episodes!
This week, Keith and Paul interview Adam Gordon, Edutainer at ITPro.TV! In the news, we have updates from Uber, WhatsApp, Microsoft, and more on this episode of Application Security Weekly!
→Full Show Notes: https://wiki.securityweekly.com/ASW_Episode16
→Visit https://www.securityweekly.com/asw for all the latest episodes!
This week, Michael and Paul interview George Finney, Chief Security Officer at Southern Methodist University! In the Article Discussion, "Why People Really Quit Their Jobs", "Why You Need an Untouchable Day Every Week", and more! In Tracking Security Innovation, we have updates from PhishLabs, Avast, SafeBreach, Red Canary, and more on this episode of Business Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode85
Visit https://www.securityweekly.com/bsw for all the latest episodes!
This week, we interview Joe Gray from the Advanced Persistent Security Podcast! Paul will deliver the Technical Segment this week entitled “Docker Security Incident: Lessons Learned”! In the news, we have updates from Microsoft, Powerful Botnets, Mirai DDoS attack against KrebsOnSecurity, GDPR, and more on this episode of Paul's Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode559
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!
This week, Keith and Paul continue to talk about building your AppSec program! In the Learning and Tools Segment, Keith and Paul discuss Snipe-IT: Open Source Asset Management, Astra: Automated Security Testing for REST API's, GREP: A whiteboard by Julia Evans, and more! In the news, we have updates from Twitter, Meltdown, JavaScript, and more on this episode of Application Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode15
Visit https://www.securityweekly.com/asw for all the latest episodes!
This week, Michael and Paul interview Senior Attorney, Elizabeth Wharton! In the Article Discussion, the work required to have an opinion, why email is so stressful, productivity, and more! In Tracking Security Innovation, we have updates from Carbon Black, Trusted Key, Namogoo, IronNet Cybersecurity, and more on this episode of Business Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode84
Visit https://www.securityweekly.com/bsw for all the latest episodes!
This week, we interview Leonard Rose, Principal Security Archtiect of Limelight Networks! In the news, we have updates from Cisco, Drupalgeddon, Facebook, Twitter, and more on this episode of Paul's Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode558
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!!
This week, Paul and John interview Adam Gordon, Edutainer at ITPro.TV! In the news, we have updates from Cisco, IBM, LogRhythm, ServiceNow, and more! In our final segment, we are joined by Security Weekly's own Jeff Man, who will give us an RSA Vendor Wrap-Up! All that and more, on this episode of Enterprise Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode89
Visit https://www.securityweekly.com/esw for all the latest episodes!
This week, Paul and Keith discuss Building Your AppSec Program and how to get started! In the news, we have updates from Microsoft, Android, the FDA, and more on this episode of Application Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode14
Visit https://www.securityweekly.com/asw for all the latest episodes!
This week, in the Programming Update and Discussion, Michael and Paul discuss the Value Prop Scoreboard, Book Club Segment, Regular Audience-Driven Segment, and more! In Tracking Security Innovation, we have updates from Carbon Black, Avast, Scality, & Minim! In our final segment, we air our Pre-Recorded interview with CEO of DomainTools, Tim Chen, and more on this episode of Business Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode83
Visit https://www.securityweekly.com/bsw for all the latest episodes!
This week, Paul and Keith discuss Drupal 7 and 8 core critical releases, Irony of Leaky App at RSAC not lost on attendees, avoiding XSS in React is still hard, and more! In our Pre-Recorded interview, Paul and Keith sit down with Rami Sass, CEO and Co-Founder of WhiteSource, and more on this episode of Application Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode13
Visit https://www.securityweekly.com/asw for all the latest episodes!
This week, we interview Founder and Product Manager of Netsparker, Ferruh Mavituna! In the Topic Segment, our very own Jeff Man gives us a recap of RSAC! In the news, we have updates from Equifax, John McAffe, Amazon, GitHub, and more on this episode of Paul's Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode557
Visit https://www.securityweekly.com/psw for all the latest episodes!
This week, John Strand and I interview Lenny Zeltser and Eddy Bobritsky of Minerva Labs! In our Technical Segment, we're joined by the one and only Eyal Neemany of Javelin Networks to talk about how AD Domain Trusts and Forest Trusts operate! In the news, we have updates from RSA, Fortinet, Twitter, SANS, and more on this episode of Enterprise Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode88
Visit https://www.securityweekly.com/esw for all the latest episodes!
This week in the Article Discussion, Michael and Paul discuss 4 ways to improve your content marketing & why your sales team is losing deals! In Tracking Security Innovation, in the NYC enterprise startup scene, security is job one, RSA updates, and more! In our interview segment, we air our Pre-Recorded interview with Ron Gula of Gula Tech Adventures, and more on this episode of Business Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode82
Visit https://www.securityweekly.com/bsw for all the latest episodes!
This week, we interview Adrian Sanabria, Co-Founder and Research Director of Savage Security! In the Topic Segment, Penetration Testing Is Dead; Long Live Penetration Testing! In the news, we have updates from Drupal, Facebook, NSA, Microsoft, and more on this episode of Paul's Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode556
Visit https://www.securityweekly.com/psw for all the latest episodes!
This week, Michael Santarcangelo is joined by Shawn Tuma, Cybersec & Data Privacy Attorney at Scheef & Stone, LLP! Shawn sticks around to sort the good advice from the misinformation surrounding attorney-client privilege! In the news, we have updates from Carbon Black, Bomgar, Palo Alto, SpyCloud, and more, on this episode of Business Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode81
Visit https://www.securityweekly.com/bsw for all the latest episodes!
This week, Paul and Keith discuss Github's 10th Anniversary and talk about Open Source Software! In the news, we have updates from Rapid7, a new MacOS backdoor, your Windows PC can be hacked by just visiting a site, and more on this episode of Application Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode12
Visit https://www.securityweekly.com/asw for all the latest episodes!
This week, Ron Gula of Gula Tech Adventures joins us for an interview! Our very own Joff Thyer delivers the Technical Segment entitled: Got Privs? Extract and Crack the Creds! In the news, RTF bug finally gets patched, so many ways to bridge an air gap, attacking accountants, spoofing all the ports and Trollcave, and more on this episode of Paul’s Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode555
Visit https://www.securityweekly.com/psw for all the latest episodes!
This week, John Strand and I interview Senior Solutions Architect at ObserveIT, Kevin Donovan! In the news this week, Product announcements from Infoblox, Infocyte, ObserveIT, ThreatQuotient, Cisco and Tufin. Symantec could be in hot water, and CA and Palo Alto both made a recent acquisition. All that and more, on this episode of Enterprise Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode87
Visit https://www.securityweekly.com/esw for all the latest episodes!
This week, Paul is joined by the Wizard of Entrepreneurship, Matt Alderman! In the Article Discussion, five techniques to nail the marketing aspect of your investor pitch, 18 things you need to know before you quit your job & launch your own startup, and more! In Tracking Security Innovation, BetterCloud closes $60M funding round, Fyde raises $3M in seed funding, RSA Acquires Fortscale, expands NetWitness SIEM Platform, and more on this episode of Business Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode80
Visit https://www.securityweekly.com/bsw for all the latest episodes!
This week, Paul and Keith discuss One Language to Rule Them All: Node-Based Operating System, NodeOS! In the news, we have updates from Cloudflare, Slack, NASA’s Voyager 1 spacecraft, how Georgia passed an Anti-Infosec Legislation, and more on this episode of Application Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode11
Visit https://www.securityweekly.com/asw for all the latest episodes!
This week, Katherine Teitler, Director of Content for MISTI joins us for our first feature interview! Masha Sedova, Co-Founder of Elevate Security joins us for our second feature interview! In the news, Intel drops plans to develop Spectre microcode for ancient chips, critical flaw leaves thousands of Cisco Switches vulnerable to remote hacking, Facebook and Twitter may be forced to identify bots, and more on this episode of Paul’s Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode554
Visit https://www.securityweekly.com/psw for all the latest episodes!
This week, Paul is joined by our very own Doug White to discuss Security Threats from Virtual Machines! In the news, we have updates from SolarWinds, VMware, Sonatype, and more on this episode of Enterprise Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode86
Visit https://www.securityweekly.com/esw for all the latest episodes!
This week, Keith and Paul have the debate as to whether it's DevOps or DevSecOps, they discuss OWASP vulnerable web apps directory project, Red Team wisdom, and more on this episode of Application Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode10
Visit https://www.securityweekly.com/asw for all the latest episodes!
This week, Executive Director of Source Boston 2018 Rob Cheyne joins us for an interview! Paul delivers the Technical Segment this week entitled, Cutting The Cord: The Ideal Home Network Setup! In the Security News, we have updates from Apple macOS, Windows 7 Meltdown patch, Atlanta’s Ransomware attack, a special appearance in the Security News from Apollo Clark, and more on this episode of Paul’s Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode553
Visit https://www.securityweekly.com/psw for all the latest episodes!
This week, Paul is joined by our very own Keith Hoodlet to review the book The Phoenix Project! In the news, we have updates from Cisco, Distil Networks, BeyondTrust, Cambridge Analytica, and more on this episode of Enterprise Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode85
Visit https://www.securityweekly.com/esw for all the latest episodes!
Dan Wheatley, Partner and CEO at Straight Talk Agency, joins us for the interview this week. Tenable hires Morgan Stanley, Sift Science raised $53M Series D, and Virsec raised $24M Series B. This segment is about the companies making news with founding rounds, exits, and other impacts you need to know about in the industry.
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode79
Visit http://securityweekly.com/category/bsw for all the latest episodes!
Paul gives a tech segment on How to find the most innovative tech at a security show. In the news, we have updates from Alex Stamos, Facebook harvesting information about YOU, Uber self-driving car hits and kills pedestrian, and more on this episode of Paul's Security Weekly!
→Full Show Notes: https://wiki.securityweekly.com/Episode552
→Visit https://www.securityweekly.com/psw for all the latest episodes!
This week, Michael and Paul interview Fred Scholl, President of Monarch Information Networks! Then the articles of discussion and tracking security innovation! All that and more, on this episode of Business Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode78
Visit https://www.securityweekly.com/bsw for all the latest episodes!
This week, John Strand takes the show by the reigns and conducts an outstanding interview with Brian Honan, who is recognised internationally as an expert on cybersecurity! John also gives a tech segment on how enterprises defend against attacks! All that and more, here on Enterprise Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode84
This week, Keith and Paul discuss Uber's open source tool for adversarial simulation, AMD processors, Hijacked MailChimp accounts used to distribute banking malware, and more on this episode of Application Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode09
Visit https://www.securityweekly.com/asw for all the latest episodes!
This week, Patrick Laverty of Rapid7 joins us for an interview! Dick Wilkins of Phoenix Technologies joins us for our second feature interview! In the news, we have updates from Flash, Pwn2Own, VMware, and more on this episode of Paul's Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode551
Visit https://www.securityweekly.com/psw for all the latest episodes!
This week, Rami Essaid, Founder of Distil Networks joins us for an interview! In the news, we have updates from CyberArk, Tenable, Fortinet, & Rapid7! Our very own Michael Santarcangelo is joined by Matt Alderman on this episode of Enterprise Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode83
Visit https://www.securityweekly.com/esw for all the latest episodes!
This week, Michael and Paul interview Futurist Thornton May, and CSO of Cisco Systems, Inc., Edna Conway! Then the articles of discussion and tracking security innovation! All that and more, on this episode of Business Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode77
Visit https://www.securityweekly.com/bsw for all the latest episodes!
This week, Paul and Keith talk about “The Phoenix Project”, Amazon admits Alexa is creepily laughing at people, Ethereum fixes serious ‘eclipse’ flaw, Kali Linux is now an app in the Windows App Store, Docker + Minecraft = Dockercraft, and more on this episode of Application Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode08
Visit https://www.securityweekly.com/asw for all the latest episodes!
This week, Stefano Righi of UEFI joins us for an interview! Sven Morgenroth, Security Researcher at Netsparker joins us for the Technical Segment! In the news, we have updates from FinFisher, Equifax, Facebook, and more on this episode of Paul's Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode550
Visit https://www.securityweekly.com/psw for all the latest episodes!
This week, Paul and John are accompanied by Eyal Neemany, Senior Cyber Security Researcher at Javelin Networks! In the news, we have updates from Duo Security, SolarWinds, AlgoSec, Martin Shkreli, and more on this episode of Enterprise Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode82
Visit https://www.securityweekly.com/esw for all the latest episodes!
This week, Michael & Paul interview Shawn Tuma, Cybersec and Data Privacy Attorney at Scheef & Stone, LLP! In the Article Discussion, Michael and Paul talk how to build trust with colleagues, simple concepts to free up innovation, and how to avoid death by committee! In the news, we have updates from PhishMe, Splunk, CyberX, and more on this episode of Business Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode76
Visit https://www.securityweekly.com/bsw for all the latest episodes!
This week, Keith and Paul discuss Facebook’s mandatory malware scan, GitLeaks: Check git repos for secrets and keys, New York quietly working to prevent a major cyber attack, and more on this episode of Application Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode07
Visit https://www.securityweekly.com/asw for all the latest episodes!
This week, Mary Beth Borgwing of Mach37, joins us for an interview! In our second feature interview, Paul speaks with Cybersecurity Journalist Bruce Sussman of SecureWorld! In the news, we have updates from Quickjack, GitHub, the 2018 Olympics, and more on this episode of Paul's Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode549
Visit https://www.securityweekly.com/psw for all the latest episodes!
This week, Paul is joined by Doug White to interview Ferruh Mavituna, Founder and Product Manager of Netsparker! In the news, we have updates from Atos, Trustwave, Radware, and more on this episode of Enterprise Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode81
Visit https://www.securityweekly.com/esw for all the latest episodes!
This week, Michael is joined by Matt Alderman to interview Will Lin, Principal and Founding Investor at Trident Capital Security! In the Security News, Apptio raised $4.6M in Equity, Morphisec raised $12M in Series B, & Dover Microsystems raised $6M "Seed" Round! Last but not least, part two of our second feature interview with Sean D'Souza, author of The Brain Audit! All that and more, on this episode of Business Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode75
Visit https://www.securityweekly.com/bsw for all the latest episodes!
This week, Michael and Paul interview Joe Kay, Founder & CEO of Enswarm! In the Tracking Security Information segment, IdentityMind Global rasied $10M, DataVisor raised $40M, & Infocyte raised $5.2M! Last but not least, our second feature interview with Sean D'Souza, author of The Brain Audit! All that and more, on this episode of Business Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode74
Visit https://www.securityweekly.com/bsw for all the latest episodes!
This week, Keith and Paul discuss Data Security and Bug Bounty programs! In the news, Lenovo warns of critical Wifi vulnerability, Russian nuclear scientists arrested for Bitcoin mining plot, remote workers outperforming office workers, and more on this episode of Application Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode06
Visit https://www.securityweekly.com/asw for all the latest episodes!
This week, Steve Tcherchian, CISO and Director of Product Management of XYPRO Technology joins us for an interview! In our second feature interview, Paul speaks with Michael Bazzell, OSINT & Privacy Consultant! In the news, we have updates from Google, Bitcoin, NSA, Microsoft, and more on this episode of Paul's Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode548
Visit https://www.securityweekly.com/psw for all the latest episodes!
This week, Paul and John are accompanied by Guy Franco, Security Consultant for Javelin Networks, who will deliver a Technical Segment on Domain Persistence! In the news, we have updates from ServerSide, Palo Alto, NopSec, Microsoft, and more on this episode of Enterprise Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode80
Visit https://www.securityweekly.com/esw for all the latest episodes!
This week, Michael and Paul interview Dawn-Marie Hutchinson, Executive Director of Optiv Offline! In the Article Discussion, security concern pushing IT to channel services, what drives sales growth and repeat business, and in the news, we have updates from Proofpoint, J2 Global, LogMeIn, and more on this episode of Business Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/SSWEpisode73
Visit https://www.securityweekly.com/ssw for all the latest episodes!
This week, Keith and Paul continue to discuss OWASP Application Security Verification Standard! In the news, Cisco investigation reveals ASA vulnerability is worse than originally thought, Google Chrome HTTPS certificate apocalypse, Intel made smart glasses that look normal, and more on this episode of Application Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode05
Visit https://www.securityweekly.com/ for all the latest episodes!
This week, Zane Lackey of Signal Sciences joins us for an interview! Our very own Larry Pesce delivers the Technical Segment on an intro to the ESP8266 SoC! In the news, we have updates from Bitcoin, NSA, Facebook, and more on this episode of Paul's Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode547
Visit https://www.securityweekly.com/psw for all the latest episodes!
This week, Paul is joined by Doug White, host of Secure Digital Life, to interview InfoSecWorld 2018 Speaker Summer Fowler! In the news, we have updates from Cisco, SANS, Scarab, and more on this episode of Enterprise Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode79
Visit https://www.securityweekly.com/esw for all the latest episodes!
This week, Michael and Paul interview Vik Desai, Managing Director at Accenture! Matt Alderman and Asif Awan of Layered Insight join Michael and Paul for another interview! In the news, we have updates from BehavioSec, RELX, DISCO, Logikcull, and more on this episode of Business Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/SSWEpisode72
Visit https://www.securityweekly.com/ssw for all the latest episodes!
This week, Keith and Paul discuss OWASP Application Security Verification Standard! In the news, Intel warns Chinese companies of chip flaw before U.S. government, bypassing CloudFair using Internet-wide scan data, and more on this episode of Application Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode04
Visit https://www.securityweekly.com/ for all the latest episodes!
This week, InfoSecWorld speakers Mark Arnold & Will Gragido join us for an interview! John Strand of Black Hills Information Security joins us for the Technical Segment on MITRE! In the news, we have updates from Discord, Bitcoin, NSA, Facebook, and more on this episode of Paul's Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode546
Visit https://www.securityweekly.com/psw for all the latest episodes!
This week, Paul and John interview Brendan O'Connor, Security CTO at ServiceNow, and John Moran, Senior Project Manager of DFLabs! In the news, we have updates from Twistlock, Microsoft, BeyondTrust, and more on this episode of Enterprise Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode78
Visit https://www.securityweekly.com/esw for all the latest episodes!
This week in the Article Discussion, Michael is joined by Doug White, host of Secure Digital Life to discuss how to design an addictive product, yearning for the vast and endless sea, and five soft skills recruiters want most! In the news, we have updates from SheerID, Facebook, Amazon, and more on this episode of Business Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/SSWEpisode71
Visit https://www.securityweekly.com/ssw for all the latest episodes!
This week, Keith is joined by Doug White, host of Secure Digital Life! Matias Madou of Secure Code Warrior joins us for an interview! In the news, Red Hat has now reverted CPU patches for Spectre, Russian Twitterbots are blaming the US shutdown on Democrats, and more on this episode of Application Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode03
Visit https://www.securityweekly.com/ for all the latest episodes!
This week, Kevin Donovan, Senior Solutions Architect at ObserveIT joins us for an interview! John Strand joins us for the Technical Segment on Critical Security Control Resources! In the news, we have updates from Dell, Meltdown, Spectre, and OnePlus! Larry Pesce hosts this weeks episode, Carlos Perez makes his epic return, and more on this episode of Paul's Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode545
Visit https://www.securityweekly.com/psw for all the latest episodes!
This week, Paul and John interview Lenny Zeltser, VP of Products for Minerva Labs! In the news, we have updates from ThreatMetrix, CrowdStrike, SmartBear, Carbon Black, and more on this episode of Enterprise Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode77
Visit https://www.securityweekly.com/esw for all the latest episodes!
This week, Paul and Michael interview Jennifer Minella, VP of Engineering with Carolina Advanced Digital, Inc.! In the article discussion, how absolute zero can heat up growth, three time management tips that work, and how to let go of the need to be perfect! In the news, updates from FireEye, WatchGuard, First Alert, and more on this episode of Business Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/SSWEpisode70
Visit https://www.securityweekly.com/ssw for all the latest episodes!
This week, Paul and Keith discuss the second half of the OWASP 2017 Top Ten! In the news, Facebook can track you by the dust on your camera lens, Apple health data used in murder trial, the stress of remote working, and more on this episode of Application Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode02
Visit https://www.securityweekly.com/ for all the latest episodes!
This week, Adam Gordon from ItPro.TV joins us for an interview! Rebekah Brown, a Threat Intelligence Lead of Rapid7, joins us for another interview! In the news, we have updates from BIND, the latest Apple bug, Intel, YouTube, Skygofree, and more, on this episode of Paul's Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode544
Visit https://www.securityweekly.com/psw for all the latest episodes!
This week, Michael Santarcangelo joins Paul to interview Clayton Fields, the Director of Javelin Networks joins us for an interview! In the news, we have updates from VIVOTEK, ServiceNow, Moneris, AlgoSec, and more on this episode of Enterprise Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode76
Visit https://www.securityweekly.com/esw for all the latest episodes!
This week in the Article Discussion, Paul and Michael discuss how to be more productive without burning out, what cybersecurity chiefs can learn from Warren Buffett, and the importance of explaining "Why" before "What" when you need help! In the news, we discuss SolarWinds acquired LOGGLY, Verizon acquired Niddel, Cyxtera Technologies acquires Immunity, and more on this episode of Business Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/SSWEpisode69
Visit https://www.securityweekly.com/ssw for all the latest episodes!
This week, Paul and Keith will discuss the ten most critical web application risks! In the news, how malicious NPM packages could harvest credit card numbers and passwords, NVIDIA updates video drivers to help address CPU memory security, multiple vulnerabilities in PHP could allow for arbitrary code execution, and more on this episode of Application Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode01
Visit https://www.securityweekly.com/ for all the latest episodes!
Diana Kelley and Ed Moyle of Security Curve join us for an interview! Jake Williams, founder of Rendition Infosec and Senior Instructor at the SANS Institute joins us for another interview! In the news, fingerprinting digital documents, Skype finally getting end-to-end encryption, Apple set to patch yet another macOS password security flaw, and more on this episode of Paul's Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode543
Visit https://www.securityweekly.com/psw for all the latest episodes!
This week, Matt Alderman joins Paul to interview Marci McCarthy, CEO and President of T.E.N. & CEO and Chairman of ISE®! Marci has over 20 years of business management and entrepreneurial experience! In the news, we have updates from Bitglass, WhiteHat, and Twistlock! Matt Alderman talks container security with Paul, and more on this episode of Enterprise Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode75
Visit https://www.securityweekly.com/esw for all the latest episodes!
This week, Bam Azizi of NoPassword joins us for an interview! In the article discussion, we talk about why not to brainstorm in groups, the real reasons companies are so focused on short term, and how to break bad business habits! In the news, we discuss Barracuda Networks acquiring PhishLine for an undisclosed amount, and more on this episode of Startup Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/SSWEpisode68
Visit https://www.securityweekly.com/ssw for all the latest episodes!
Paul Asadoorian and Keith Hoodlet bring you our brand new show, Application Security Weekly! On our first episode, Paul and Keith will discuss the history of application security and software security! In the news, what you need to know about CPU vulnerabilities, negative results testing Intel CPU design, Mozilla Firefox patches, and Starbucks Wi-Fi mines Monero via CoinHive! All that and more, on the first episode of Application Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode00
Visit https://www.securityweekly.com/psw for all the latest episodes!
Marcello Salvati of Coalfire Labs joins us for our featured interview. John Strand delivers another killer Tech Segment about the new mimikatz event log clearing feature. Then in the security news, 10 things in cybersecurity that you might have missed in 2017, a flaw in major browsers, a critical flaw in phpMyAdmin, beware of a VMWare VDP remote root issue, how to protect your home router, Meltdown and Spectre explain how chip hacks work, and Intel is in the security Hot Seat over a serious CPU design flaw! We also hear from Keith Hoodlet about our brand new show! All that and more on this episode of Paul's Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode542
Visit https://www.securityweekly.com/psw for all the latest episodes!
This week, Doctors make the best rappers, 3 innovative security companies, Devops will be a thing, integrate products swimmingly, AI and Machine Learning in the hands of bad actors, and serverless security capabilities. Our topic segment today will discuss Patching Intel Vulnerabilities In The Enterprise. All that and more on Enterprise Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode74
Visit https://www.securityweekly.com/esw for all the latest episodes!
This week, Rick Olesek and Rich Walchuck of CryptoniteNXT join us for an interview! In the article discussion, we talk about startups most likely to succeed, how to pitch your app to investors, and calculating your total addressable market! In the news, we have updates from Thales, Amazon, Convercent, ADT, and more on this episode of Startup Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/SSWEpisode67
Visit https://www.securityweekly.com/ssw for all the latest episodes!
Bob Hillery, Co-Founder and Director of InGuardians joins us for an interview, and Kevin Finisterre, Principal of the Security Consultancy of Department 13 joins us to deliver the tech segment! In the news, Uber pays hacker to keep quiet, flaw in Intel processors allowing undetectable malware, Apple patches other High Sierra security holes, and more on this episode of Paul's Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode541
Visit https://www.securityweekly.com/psw for all the latest episodes!
This week, Paul and John talk about Active Directory insecurity, how to solve problems with endpoint detection and response, and how to fix authentication issues! In the news, we have updates from Flexera, Amazon, ExtraHop, and more on this episode of Enterprise Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode73
Visit https://www.securityweekly.com/esw for all the latest episodes!
Michael reports on a suspected North Korea Ransomware attack, Kaspersky federal software ban, compelled passwords, and 1 in 3 IT professionals looking for new jobs! Jason Wood of Paladin Security joins us for the expert commentary on Bitcoin, and more on this episode of Hack Naked News!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode154
Visit https://www.securityweekly.com/psw for all the latest episodes!
In our article discussion, we discuss managing risk, defining moments for your customers, ditching PowerPoint for better apps, and planning communications to avoid pitfalls! In the news, we have updates from Simility, Upstream, ShieldX, Atos, Menlo Security, and more on this episode of Startup Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/SSWEpisode66
Visit https://www.securityweekly.com/ssw for all the latest episodes!
Joe Gray of the Advanced Persistent Security podcast joins us for an interview! Ed Skoudis of the SANS Institute joins us to discuss the SANS Holiday Hack Challenge and what he’s been up to in the cyber world! In the news, the team discusses on-demand webcasts, net neutrality, pen testing, and Vegemite with Joff!
Full Show Notes: https://wiki.securityweekly.com/Episode540
Visit https://www.securityweekly.com/psw for all the latest episodes!
Jeff Schilling, CSO of Armor joins us for an interview to discuss Cloud based security and incident response! In the news, updates from LogRhythm, Optiv Security, Fortinet, RiskSense, and more on this episode of Enterprise Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode72
Visit https://www.securityweekly.com/esw for all the latest episodes!
Paul reports on Google patches, vulnerability in two keyless entry locks, Mozilla security updates, and 1.4 billion plain-text leaked passwords found online! Jason Wood of Paladin Security joins us for the expert commentary, and more on this episode of Hack Naked News!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode153
Visit https://www.securityweekly.com/psw for all the latest episodes!
Todd O'Boyle of StrongArm joins us for an interview! In our article discussion, we discuss behaviors that can drive cultural change, the power of office back-channeling, and the five traits of successful teams at Google! In the news, we have updates from InterVision, Prevoty, Okta, and Riskonnect, and more on this episode of Startup Security Weekly
Full Show Notes: https://wiki.securityweekly.com/SSWEpisode65
Visit https://www.securityweekly.com/ssw for all the latest episodes!
Lisa O'Connor of Accenture Labs joins us for an interview to discuss threat intelligence, advanced cyber hunting, active defense, and security of the Industrial Internet of things! Eyal Neemany of Javelin Networks joins us for the tech segment to discuss bypassing Two-Factor Authentication! Paul and Larry talk about Uber, vulnerable banking apps, and bluetooth on the news, on this weeks episode of Paul's Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode539
Visit https://www.securityweekly.com for all the latest episodes!
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
Paul reports on a flaw found in Dirty COW patch, Apache Software security updates, more hacks in 2018, and a MailSploit e-mail spoofing flaw! Jason Wood joins us to give expert commentary on a Federal Data Breach Legislation, and more on this episode of Hack Naked News!Full Show Notes: https://wiki.securityweekly.com/HNNEpisode152
Visit http://hacknaked.tv for all the latest episodes!
Zach Schlumpf of IOActive joins us. In our article discussion, we talk about winning arguments, turning insight into execution, and avoiding the "Yes" dilemma. In the news, we have updates from Bitdefender, McAfee, Barracuda Networks, Pwnie Express, ReversingLabs, and more on this episode of Startup Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/SSWEpisode64
Visit https://www.securityweekly.com/ssw for all the latest episodes!
Allison Miller joins us for an interview, Mick Douglas of the SANS Institute shows us how to feed common and default logs into ELK stacks, and we report on the latest security news on this episode of Paul's Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode538
Visit https://www.securityweekly.com for all the latest episodes!
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
James Wilkinson joins us to discuss his transition from the military to the enterprise security space. In the news, updates from Docker, GuardiCore, Trend Micro, Barracuda Networks, and more on this episode of Enterprise Security Weekly!Full Show Notes: https://wiki.securityweekly.com/ES_Episode71
Visit https://www.securityweekly.com/esw for all the latest episodes!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
Paul and Michael report on an Exim-ergency, why Uber’s in hot water, Firefox’s new pwnage warnings, 1.7 million breached Imgur accounts, bidding farewell to SMS authentication, voting and security, and more on this episode of Hack Naked News!Full Show Notes: https://wiki.securityweekly.com/HNNEpisode151
Visit http://hacknaked.tv for all the latest episodes!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
Ismael Valenzuela of the SANS Institute joins us. In the news, Rapid7 and Tenable announce new headquarters, Meg Whitman steps down, announcements for CA World ‘17, and more on this episode of Enterprise Security Weekly!Full Show Notes: https://wiki.securityweekly.com/ES_Episode70
Visit https://www.securityweekly.com/esw for all the latest episodes!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
Darren Mar-Elia of Semperis joins us. In the news, deciding with speed and conviction, learning from unicorns, starting your social enterprise, and updates from ThreatQuotient, Symantec, Optiv, and more on this episode of Startup Security Weekly!Full Show Notes: https://wiki.securityweekly.com/SSWEpisode63
Visit https://www.securityweekly.com/ssw for all the latest episodes!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
Don Pezet of ITProTV joins Paul to discuss Amazon S3 buckets, Google collecting Android data, secret spyware in smartwatches, and patches for Microsoft, Intel, HP, and more on this episode of Hack Naked News!Full Show Notes: https://wiki.securityweekly.com/HNNEpisode150
Visit http://hacknaked.tv for all the latest episodes!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
Kyle Wilhoit of DomainTools joins us for an interview, Mike Roderick and Adam Gordon of ITProTV deliver a technical segment on VDI and virtualization, and we discuss the latest security news on this episode of Paul’s Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode537
Visit https://www.securityweekly.com for all the latest episodes!
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
Tony Kirtley of SecureWorks joins us for an interview. In the news, free tools to remove website malware, next-gen CASBs, helping financial services with security, 10 steps to stop lateral movement, and more on this episode of Enterprise Security Weekly!Full Show Notes: https://wiki.securityweekly.com/ES_Episode69
Visit https://www.securityweekly.com/esw for all the latest episodes!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
Michael Santarcangelo and Jason Wood discuss Amazon Key’s launch, backdoors on phones, consumers distrusting businesses with data, IT professionals turning to cybersecurity, and more on this episode of Hack Naked News!Full Show Notes: https://wiki.securityweekly.com/HNNEpisode149
Visit http://hacknaked.tv for all the latest episodes!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
Roi Abutbul of Javelin Networks joins us. In the news, myths about successful founders, side hustle, overwhelmed consumers, and updates from CrowdStrike, Skybox, Zscaler, and more on this episode of Startup Security Weekly!Full Show Notes: https://wiki.securityweekly.com/SSWEpisode62
Visit https://www.securityweekly.com/ssw for all the latest episodes!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
Amanda Berlin of NetWorks Group and Lee Brotherston of Wealthsimple join us, Sven Morgenroth of Netsparker delivers a tech segment on cross-site scripting, and we discuss the latest security news on this episode of Paul’s Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode536
Visit https://www.securityweekly.com for all the latest episodes!
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
Logan Harris of SpotterRF joins us for an interview. In the news, Juniper enhances Contrail Cloud, Microsoft LAPS headaches, Flexera embraces open-source, local market deception technology, and more on this episode of Enterprise Security Weekly!Full Show Notes: https://wiki.securityweekly.com/ES_Episode68
Visit https://www.securityweekly.com/esw for all the latest episodes!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
Doug White and Jason Wood discuss improvements to IoT, fooling millions of Android users, Google Play bug bounties, school boards being hacked by pro-ISIS groups, and more with Jason Wood on this episode of Hack Naked News!Full Show Notes: https://wiki.securityweekly.com/HNNEpisode148
Visit http://hacknaked.tv for all the latest episodes!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
Paul and Michael discuss contribution margin, sales lessons from successful entrepreneurs, battling from idea to launch, and why the future will be won by the scientist. In our startup security news segment, we have updates from SailPoint, WatchGuard, ForeScout, Synopsys, and more on this episode of Startup Security Weekly!Full Show Notes: https://wiki.securityweekly.com/SSWEpisode61
Visit https://www.securityweekly.com/ssw for all the latest episodes!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
Richard Moulds of Whitewood Security and Gadi Evron of Cymmetria join us for interviews, and Tim Medin of the SANS Institute delivers a tech segment on this episode of Paul’s Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode535
Visit https://www.securityweekly.com for all the latest episodes!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
Bryan Patton of Quest Software joins us for an interview. In the news, security horror stories, making cloud native a reality, and updates from Ixia, Lacework, Francisco, and more on this episode of Enterprise Security Weekly!Full Show Notes: https://wiki.securityweekly.com/ES_Episode67
Visit https://www.securityweekly.com/esw for all the latest episodes!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
Michael Santarcangelo discusses platform security architecture, Kaspersky, the Cyber Peace Corps, and more with Jason Wood on this episode of Hack Naked News!Full Show Notes: https://wiki.securityweekly.com/HNNEpisode147
Visit http://hacknaked.tv for all the latest episodes!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
Kaspersky has “nothing to hide”, the internet wants YOU, OS X malware runs rampant, WHOIS database slip-ups, and more. Jason Wood discusses an attack on critical US infrastructure on this episode of Hack Naked News!Full Show Notes: https://wiki.securityweekly.com/HNNEpisode146
Visit http://hacknaked.tv for all the latest episodes!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
Ten sales rules you should break, how to pitch a venture capitalist, guiding employees towards mental health, and updates from Duo Security, Contrast Security, and more on this episode of Startup Security Weekly!Full Show Notes: https://wiki.securityweekly.com/SSWEpisode60Visit https://www.securityweekly.com/ssw for all the latest episodes!
Wendy Nather of Duo Security is our featured interview, Joe Vest and Andrew Chiles of MINIS deliver a tech segment on borrowing Microsoft metadata and digital signatures to “hide” binaries, and in the security news, Microsoft hypocritically mocks Google, hacking child safety smart watches, five steps to building a vulnerability management program, Google Play introduces a bug bounty program, and why is technology outing sex workers?
Full Show Notes: https://wiki.securityweekly.com/Episode534
Visit https://www.securityweekly.com for all the latest episodes!
Richard Moulds of Whitewood Security joins us to discuss the return of the ROCA crypto bug. In the news, Tanium expands their security platform, Carbon Black and IBM team up for a rapid response tool, improved container threat detection from StackRox, Illusive Networks introduces new mainframe deception, and more on this episode of Enterprise Security Weekly!Full Show Notes: https://wiki.securityweekly.com/ES_Episode66
Visit https://www.securityweekly.com/esw for all the latest episodes!
What you should know about the KRACK WiFi vulnerability, information on the ROCA attack, emptying ATMs, Google removes malicious extensions, and more. Don Pezet of ITProTV delivers expert commentary on the KRACK and ROCA on this episode of Hack Naked News!Full Show Notes: https://wiki.securityweekly.com/HNNEpisode145
Visit http://hacknaked.tv for all the latest episodes!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
Splunk goes shopping, ForeScout joins forces with an endpoint vendor, Carbon Black makes an announcement, ManageEngine has some new integrations, Microsoft is announcing some new security features, and ZoneFox launches a new UEBA platform in the cloud. Matt Alderman joins us for this episode and our topic is how to secure your Cloud services AKA SaaS offerings on this episode of Enterprise Security Weekly!Full Show Notes: https://wiki.securityweekly.com/ES_Episode65
Visit https://www.securityweekly.com/esw for all the latest episodes!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
Don Pezet of ITProTV joins us. In the startup security news, defining traits of leaders, the realities of stealth mode, and updates from Attivo Networks, CloudZero, Akami, and more on this episode of Startup Security Weekly!Full Show Notes: https://wiki.securityweekly.com/SSWEpisode59Visit https://www.securityweekly.com/ssw for all the latest episodes!
Matthew Toussain of the SANS Institute and Spectrum Information Security joins us, Mick Douglas of SANS shows us how to use PowerShell to pause and resume processes, and we discuss the latest information security and hacking news on this episode of Paul’s Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode533
Visit https://www.securityweekly.com for all the latest episodes!
Doug White and Jason Wood discuss Kaspersky, social security, Duqu 2.0, and the Equifax breach on this episode of Hack Naked News!Full Show Notes: https://wiki.securityweekly.com/HNNEpisode144
Visit http://hacknaked.tv for all the latest episodes!
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
Elizabeth Lawler of CyberArk joins us for an interview. In the articles for discussion, we discuss leveling the playing field for entrepreneurs, using storytelling to increase sales, online crowdfunding, and more. In the startup security news for the week, Slack and Oracle team up, ForeScout files for an IPO, and updates from Social Capital, Guidewire, Forensic Logic, and more on this edition of Startup Security Weekly!Full Show Notes: https://wiki.securityweekly.com/SSWEpisode58Visit https://www.securityweekly.com/ssw for all the latest episodes!
Don Pezet of ITProTV and Ran Levi of Podcast Israel Media join us, and we discuss the latest information security and hacking news on this episode of Paul’s Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode532
Visit https://www.securityweekly.com for all the latest episodes!
Mary Chaney of ICMCP joins us. In the news, John McAfee finally reveals his hack-proof system, ShieldX and Webroot join forces, a biometrics company teams up with Honeywell, and what percentage of successful attacks are caused by phishing? Paul and John discuss the ethics of hacking back on this episode of Enterprise Security Weekly!Full Show Notes: https://wiki.securityweekly.com/ES_Episode64
Visit https://www.securityweekly.com/esw for all the latest episodes!
The internet isn’t ready for DNS sec, Netgear patches away, Whole Foods is the latest victim of a credit card breach, and more. Ferruh Mavituna and Sven Morgenroth of Netsparker join us to discuss Apache Struts vulns and the Equifax breach on this episode of Hack Naked News!Full Show Notes: https://wiki.securityweekly.com/HNNEpisode143
Visit http://hacknaked.tv for all the latest episodes!
Barrett Lyon of Neustar joins us. In the news, funding your business with no experience, buying and selling strategy and tactics, taking a sabbatical, and updates from Google, Vimeo, CA Technologies, and more on this episode of Startup Security Weekly!Full Show Notes: https://wiki.securityweekly.com/SSWEpisode57Visit https://www.securityweekly.com/ssw for all the latest episodes!
Jim Nitterauer of AppRiver and Ed Skoudis of Counter Hack & SANS Institute join us, and we discuss the latest information security and hacking news!
Full Show Notes: https://wiki.securityweekly.com/Episode531
Visit https://www.securityweekly.com for all the latest episodes!
Paul and John discuss network security architecture. In the news, Google Cloud acquires Bitium, Ixia extends cloud visibility, Lacework now supports Microsoft Windows Server, and more on this episode of Enterprise Security Weekly!Full Show Notes: https://wiki.securityweekly.com/ES_Episode63
Visit https://www.securityweekly.com/esw for all the latest episodes!
Tracking cars, iOS 11 patches eight vulnerabilities, Equifax dumps their CEO, High Sierra gets slammed with a 0-day, and more. Jason Wood of Paladin Security discusses an email DDos threat on this episode of Hack Naked News!Full Show Notes: https://wiki.securityweekly.com/HNNEpisode142
Visit http://hacknaked.tv for all the latest episodes!
Don Pezet and Tim Broom of ITProTV join us. In the news, building successful products, the most important startup question, and updates from McAfee, Slack, ThreatStack, and more on this episode of Startup Security Weekly!Full Show Notes: https://wiki.securityweekly.com/SSWEpisode56Visit https://www.securityweekly.com/ssw for all the latest episodes!
Paul and John discuss insights into the Equifax data breach. In the news, CyberGRX and BitSight join forces, YARA rules explained, Riverbed teases an application networking offering, and more on this episode of Enterprise Security Weekly!Full Show Notes: https://wiki.securityweekly.com/ES_Episode62
Visit https://www.securityweekly.com/esw for all the latest episodes!
CCleaner is distributing malware, rogue WordPress plugins, Equifax replaces key staff members, and more. Jason Wood of Paladin Security discusses malicious WordPress plugins on this episode of Hack Naked News!Full Show Notes: https://wiki.securityweekly.com/HNNEpisode141
Visit http://hacknaked.tv for all the latest episodes!
Jason Brvenik of NSS Labs joins us. In the news, attributes of a scalable business, founder struggles, how to grow your startup, and updates from AppGuard, Securonix, CashShield, and more on this episode of Startup Security Weekly!Full Show Notes: https://wiki.securityweekly.com/SSWEpisode55Visit https://www.securityweekly.com/ssw for all the latest episodes!
Ted Demopoulos and Mike Assante of the SANS Institute join us, and we discuss the latest information security and hacking news!
Full Show Notes: https://wiki.securityweekly.com/Episode530
Visit https://www.securityweekly.com for all the latest episodes!
Tom Parker of Accenture joins us. In the news, Bay Dynamics and VMware join forces, confessions of an insecure coder, Flexera acquires BDNA, and more on this episode of Enterprise Security Weekly!Full Show Notes: https://wiki.securityweekly.com/ES_Episode61
Visit https://www.securityweekly.com for all the latest episodes!
Bypassing Windows 10 security software, Android is vulnerable (go figure), hacking syringe infusion pumps to deliver fatal doses, and more. Jason Wood of Paladin Security discusses iOS 11 on this episode of Hack Naked News!Full Show Notes: https://wiki.securityweekly.com/HNNEpisode140Visit https://www.securityweekly.com for all the latest episodes!
Gary Golomb of Awake Security joins us. In the news, changing a prospect's mind, the MVP paradox, commodifying SaaS, and updates from ForgeRock and Michael and Paul's startup journeys!Full Show Notes: https://wiki.securityweekly.com/SSWEpisode54Visit https://www.securityweekly.com/ssw for all the latest episodes!
Michele Jordan of Under the Oak Consulting joins us, Chris Crowley of SANS Institute discusses mobile application security, and we discuss the latest information security and hacking news!
Full Show Notes: https://wiki.securityweekly.com/Episode529
Visit https://www.securityweekly.com for all the latest episodes!
Don Pezet of ITProTV and Doug White join us to discuss network security architecture. In the news, SealPath and Boldon James join forces, following the money, AI in the cloud, and more on this episode of Enterprise Security Weekly!Full Show Notes: https://wiki.securityweekly.com/ES_Episode60Visit https://www.securityweekly.com for all the latest episodes!
AT&T customers at risk, WikiLeaks gets vandalized, catching hackers in the act, going to jail over VPNs, and more. Jason Wood of Paladin Security discusses wheeling and dealing malware on this episode of Hack Naked News!Full Show Notes: https://wiki.securityweekly.com/HNNEpisode139Visit https://www.securityweekly.com for all the latest episodes!
Matt Alderman of Automox joins us. In the news, changing your audience’s perceptions, improving sales efforts, letting your kids fail, and updates from Facebook, Juniper, Qadium, and more on this episode of Startup Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/SSWEpisode53
Visit https://www.securityweekly.com for all the latest episodes!
Larry Pesce and Dave Kennedy hold down the fort in Paul’s absence! Kyle Wilhoit of DomainTools delivers a tech segment on pivoting off domain information, Dave talks about the upcoming DerbyCon, and we discuss the latest information security news!
Full Show Notes: https://wiki.securityweekly.com/Episode528
Visit https://www.securityweekly.com for all the latest episodes!
Michael and Matt join Paul to discuss security operations, endpoint protection, enterprise networking monitoring, and the latest enterprise security news on this episode of Enterprise Security Weekly!Full Show Notes: https://wiki.securityweekly.com/ES_Episode59Visit https://www.securityweekly.com for all the latest episodes!
Sparring government agencies, Microsoft patches a patch of a patch, Intel chips and backdoors, SMS authentication begone, and more. Jason Wood of Paladin Security discusses scaling back data demand on this episode of Hack Naked News!Full Show Notes: https://wiki.securityweekly.com/HNNEpisode138Visit https://www.securityweekly.com for all the latest episodes!
Michael and Paul discuss de-risking risk. In the news, ten tools to streamline your processes, why cash conversion matters, creating psychological safety, and updates from Cisco, Nationwide, and more on this episode of Startup Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/SSWEpisode52
Visit https://www.securityweekly.com for all the latest episodes!
Richard Moulds of Whitewood Security joins us, Larry delivers a surprise technical segment, and we discuss the latest security news!
Full Show Notes: https://wiki.securityweekly.com/Episode527
Visit https://www.securityweekly.com for all the latest episodes!
Paul and John discuss developer awareness, security training, and vulnerability tracking and reporting. In the news, diving deep into threat intelligence, GeoGuard and Skyhook team up, securing mobile devices, and more on this episode of Enterprise Security Weekly!Full Show Notes: https://wiki.securityweekly.com/ES_Episode58Visit https://www.securityweekly.com for all the latest episodes!
Zero-days in PDF readers, updates to Debain Stretch, killer robots are coming, and more. Jason Wood of Paladin Security discusses sexually charged sonar-based attacks on this episode of Hack Naked News!Full Show Notes: https://wiki.securityweekly.com/HNNEpisode137Visit https://www.securityweekly.com for all the latest episodes!
Tarah Wheeler joins us. In the news, how much your startup needs to raise, 6 steps to surviving 3 years, documenting failures, and more on this episode of Startup Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/SSWEpisode51
Visit https://www.securityweekly.com for all the latest episodes!
Bryson Bort of GRIMM joins us, Sven Morgenroth of Netsparker deploys filters for web applications, and we discuss the latest security news!
Full Show Notes: https://wiki.securityweekly.com/Episode526
Visit https://www.securityweekly.com for all the latest episodes!
Mike Nichols of Endgame joins us, we explore Paul’s IoC enchanting quadrants, and cover the latest enterprise news on this episode of Enterprise Security Weekly!Full Show Notes: https://wiki.securityweekly.com/ES_Episode57Visit https://www.securityweekly.com for all the latest episodes!
Allowing terrible passwords, four arrested in Game of Thrones leak, using EternalBlue to attack hotel guests, and more. Don Pezet of ITProTV joins us to deliver expert commentary on this episode of Hack Naked News!Full Show Notes: https://wiki.securityweekly.com/HNNEpisode136Visit https://www.securityweekly.com for all the latest episodes!
Matt Alderman joins us for a recap of Black Hat and Hacker Summer Camp. In the news, how not to botch your pitch, why VCs love insurance, and updates from OpenText, WatchGuard, and more on this episode of Startup Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/SSWEpisode50
Visit https://www.securityweekly.com for all the latest episodes!
Aram Jivanyan of BeSafe joins us, our tech segment covers Paul’s recent printer hacking adventures, and we discuss the latest security news!
Full Show Notes: https://wiki.securityweekly.com/Episode525
Visit https://www.securityweekly.com for all the latest episodes!
Paul and John discuss security policies and procedures. In the news, WatchGuard acquires Datablink, Cylance brings enterprise technology to home users, Oracle and SafeLogic join forces for OpenSSL, 12 security startups that raised new funding in 2017, and more on this episode of Enterprise Security Weekly!Full Show Notes: https://wiki.securityweekly.com/ES_Episode56Visit https://www.securityweekly.com for all the latest episodes!
Shame on Disney, shooting down customer drones, flaws in solar panels, Chrome extensions spreading adware, and more. Doug White of Roger Williams University joins us to discuss hacking back on this episode of Hack Naked News!Full Show Notes: https://wiki.securityweekly.com/HNNEpisode135Visit https://www.securityweekly.com for all the latest episodes!
Glenn Chisholm and Ben Johnson of Obsidian Security join us. In the news, how to keep your head without losing your heart, what aspiring founders need to know, supercharging sales, and how NOT to start a startup. Michael and Paul deliver updates from Callsign, Juvo, Awake Security, and more on episode of Startup Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/SSWEpisode49Visit https://www.securityweekly.com for all the latest episodes!
Danny Miller of Ericom Software joins us, Larry and his intern Galen Alderson exfiltrate data from networks with inexpensive hardware, and we discuss the latest security news!
Full Show Notes: https://wiki.securityweekly.com/Episode524
Visit https://www.securityweekly.com for all the latest episodes!
Ping Look of Optiv joins us, John delivers a tech segment on RITA, and we discuss the latest enterprise security news!Full Show Notes: https://wiki.securityweekly.com/ES_Episode55Visit https://www.securityweekly.com for all the latest episodes!
No more VPNs in Russia, hacking luxury cars, stolen Game of Thrones scripts, your Echo is spying on you, and more. Jason Wood of Paladin Security joins us to discuss Chrome plugin phishing attacks on this episode of Hack Naked News!Full Show Notes: https://wiki.securityweekly.com/HNNEpisode134Visit https://www.securityweekly.com for all the latest episodes!
Ali Golshan of StackRox and special guest host Doug White join us on this containerized episode of Startup Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/SSWEpisode48Visit https://www.securityweekly.com for all the latest episodes!
Ronnie Feldman of Learnings & Entertainments joins us. In the news, how to be “customer first”, four components of a successful sales strategy, and updates from Symantec, Nok Nok Labs, Flashpoint, HyTrust, and more!
Full Show Notes: https://wiki.securityweekly.com/SSWEpisode47Visit https://www.securityweekly.com for all the latest episodes!
Almog Ohayon of Javelin Networks pits Javelin ADProtect against Microsoft ATA, Sven Morgenroth of Netsparker bypasses corporate firewalls, and we discuss the latest security news!
Full Show Notes: https://wiki.securityweekly.com/Episode523
Visit https://www.securityweekly.com for all the latest episodes!
Thomas Fischer of Digital Guardian joins us to discuss GDPR, Paul talks about monitoring infrastructure with Nagios, and we discuss the latest enterprise security news!Full Show Notes: https://wiki.securityweekly.com/ES_Episode54Visit https://www.securityweekly.com for all the latest episodes!
Forgetting your Windows password, bidding farewell to SMS authentication, reviewing Black Hat USA 2017, Ubuntu Linux for Windows 10, and more. Jason Wood of Paladin Security joins us to discuss companies being breached due to misconfiguration on this episode of Hack Naked News!Full Show Notes: https://wiki.securityweekly.com/HNNEpisode133Visit https://www.securityweekly.com for all the latest episodes!
Joe Desimone of Endgame joins us to discuss fileless attacks, Don Pezet of ITProTV delivers a technical segment on hardening weak software RNGs and hardware entropy sources, and we discuss the latest security news!
Full Show Notes: https://wiki.securityweekly.com/Episode522
Visit https://www.securityweekly.com for all the latest episodes!
Ferruh Mavituna of Netsparker joins us to discuss CI level automated web security, Paul talks about hardening Docker containers, and the latest enterprise security news!Full Show Notes: https://wiki.securityweekly.com/ES_Episode53Visit https://www.securityweekly.com for all the latest episodes!
Solving artificial stupidity, Petya’s decryption key is released, sleeping with the enemy, burned laptops for DEF CON, and more. Jason Wood of Paladin Security joins us to discuss the FTC shutting down a loan application firm on this episode of Hack Naked News!Full Show Notes: https://wiki.securityweekly.com/HNNEpisode132Visit https://www.securityweekly.com for all the latest episodes!
James Jardine of Jardine Software joins us. In the news, the hells of being a founder, killing projects before they kill you, intellectual property 101, and updates from Auth0, Upstream, Palo Alto Networks, Symantec, and more!
Full Show Notes: https://wiki.securityweekly.com/SSWEpisode46Visit https://www.securityweekly.com for all the latest episodes!
Tim Helming of DomainTools joins us, Paul Ewing of Endgame demystifies the art of hunting, and we discuss the latest security news!
Full Show Notes: https://wiki.securityweekly.com/Episode521
Visit https://www.securityweekly.com for all the latest episodes!
Doug White joins us to discuss network hardening using egress filtering, and we discuss the latest enterprise news!Full Show Notes: https://wiki.securityweekly.com/ES_Episode52Visit https://www.securityweekly.com for all the latest episodes!
Moses Hernandez of Cisco Systems joins us, our friends at Javelin Networks discuss admin hunting and methods of credential theft for high privileged accounts, and we discuss the latest security news!
Full Show Notes: https://wiki.securityweekly.com/Episode520
Visit https://www.securityweekly.com for all the latest episodes!
Apollo Clark joins us to discuss managing AWS cloud resources, docker security in the enterprise is our topic for the week, and we discuss the latest enterprise news!Full Show Notes: https://wiki.securityweekly.com/ES_Episode51Visit https://www.securityweekly.com for all the latest episodes!
DoD networks have been compromised, the Shadow Brokers continue their exploits, a Pennsylvania healthcare system gets hit with Petya, and more. Jason Wood of Paladin Security joins us to discuss nations' offensive technical strengths and defensive weaknesses on this episode of Hack Naked News!Full Show Notes: https://wiki.securityweekly.com/HNNEpisode131Visit https://www.securityweekly.com for all the latest episodes!
Fred Kneip of CyberGRX joins us. In the news, why most startups fail, conference season tips, the question you need to ask before solving any problem, and updates from GreatHorn, Cybereason, Amazon, and more!Full Show Notes: https://wiki.securityweekly.com/SSWEpisode45Visit https://www.securityweekly.com for all the latest episodes!
Eric Conrad of SANS joins us, Justin Henderson reverse analyzes attacks for detection purposes, and we discuss the latest security news!
Full Show Notes: https://wiki.securityweekly.com/Episode519
Visit https://www.securityweekly.com for all the latest episodes!
Brian Ventura of SANS Institute and Ted Gary of Tenable join us. In the news, five ways to maximize your IT training, pocket-sized printing, 30 years of evasion techniques, and more on this episode of Enterprise Security Weekly!Full Show Notes: https://wiki.securityweekly.com/ES_Episode50Visit https://www.securityweekly.com for all the latest episodes!
Hacking military phone systems, IoT malware activity doubles, more WikiLeaks dumps, decade-old Linux bugs, and more. Jason Wood of Paladin Security joins us to discuss the erosion of ISP privacy rules on this episode of Hack Naked News!Full Show Notes: https://wiki.securityweekly.com/HNNEpisode130Visit https://www.securityweekly.com for all the latest episodes!
Trey Forgety of NENA joins us, Carrie Roberts of Black Hills Information Security shows us how to prevent blacklisting while password spraying with Burp and ProxyCannon, and we discuss the latest security news!
Full Show Notes: https://wiki.securityweekly.com/Episode518
Visit https://www.securityweekly.com for all the latest episodes!
Paul and John discuss malware and endpoint defense. In the news, Carbon Black releases Cb Response 6.1, what to ask yourself before committing to a cybersecurity vendor, Malwarebytes replaces antivirus with endpoint protection, and more on this episode of Enterprise Security Weekly!Full Show Notes: https://wiki.securityweekly.com/ES_Episode49Visit https://www.securityweekly.com for all the latest episodes!
How to delete an entire company, GameStop suffers a breach, Macs do get viruses, Docker released LinuxKit, and more. Jason Wood of Paladin Security joins us to discuss the military beefing up their cybersecurity reserve on this episode of Hack Naked News!Full Show Notes: https://wiki.securityweekly.com/HNNEpisode129Visit http://www.securityweekly.com for all the latest episodes!
Tarun Desikan of Banyan joins us alongside guest host Matt Alderman. In the news, negotiation mistakes that are hurting your deals, hiring re-founders, updates from Hexadite, Amazon, Sqrrl, and more on this episode of Startup Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/SSWEpisode44 Visit https://www.securityweekly.com for all the latest episodes!
The six secrets to starting smart, a startup’s guide to protecting trade secrets, knowing what your customers value, and more articles for discussion. In the news, updates from Netskope, Yubikey, CybelAngel, and more on this episode of Startup Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/SSWEpisode43 Visit https://www.securityweekly.com for all the latest episodes!
Graham Cluley joins us, our friends at Javelin Networks explain how to defend against performing one-click domain admin attacks, and we discuss the latest information security news!
Full Show Notes: https://wiki.securityweekly.com/Episode517
Visit https://www.securityweekly.com for all the latest episodes!
Paul and John discuss building an internal penetration testing team. In the news, automating all the things, Juniper Networks opens a software-defined security ecosystem, millions of devices are running out-of-date systems, Duo and McAfee join forces, and more in this episode of Enterprise Security Weekly!Full Show Notes: https://wiki.securityweekly.com/ES_Episode48Visit https://www.securityweekly.com for all the latest episodes!
Exploiting Windows 10, mimicking Twitter users, vulnerabilities in new cars, security issues surrounding virtual personal assistants, and more. Jason Wood of Paladin Security joins us to discuss sniffing out spy tools with ridesharing cars on this episode of Hack Naked News!Full Show Notes: https://wiki.securityweekly.com/HNNEpisode128Visit http://www.securityweekly.com for all the latest episodes!
Matt Alderman joins us. In the news, how startups can stand out, Honeywell launches a $100 million venture fund, why you should think twice about listening to business gurus, and more on this episode of Startup Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/SSWEpisode42 Visit https://www.securityweekly.com for all the latest episodes!
Don Pezet of ITPro.TV joins us, Moses Hernandez of Cisco/SANS Institute delivers a tech segment on Node.js, and we discuss the latest security news!
Full Show Notes: https://wiki.securityweekly.com/Episode516
Visit https://www.securityweekly.com for all the latest episodes!
Corey Bodzin of Tenable joins us. In the news, the power of exploits, Carbon Black’s open letter to Cylance, security measures increase due to ransomware attacks, and more in this episode of Enterprise Security Weekly!Full Show Notes: https://wiki.securityweekly.com/ES_Episode47Visit https://www.securityweekly.com for all the latest episodes!
Bugs found in pacemaker code, NTP is more secure, the most polite hackers ever, Microsoft is patching away, and more. Jason Wood of Paladin Security joins us to discuss government regulation on this episode of Hack Naked News!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode127
Visit https://www.securityweekly.com for all the latest episodes!
Don Pezet and Tim Broom of ITPro.TV join us. In the news, starting up on the right foot, the key to growth, marketing automation, financial modeling, and more on this episode of Startup Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/SSWEpisode41 Visit http://www.securityweekly.com for all the latest episodes!
Dr. Branden R. Williams joins us, Almog Ohayon of Javelin Networks delivers part two of Javelin’s active directory series, and we discuss the latest security news!
Full Show Notes: https://wiki.securityweekly.com/Episode515
Visit https://www.securityweekly.com for all the latest episodes!
Atif Ghauri of Herjavec Group joins us. In the news, stopping insider threats with machine learning, uncovering encrypted threats, end-user experience matters everywhere, and are too many SEIM alerts overwhelming your staff? All that and more in this episode of Enterprise Security Weekly!Full Show Notes: https://wiki.securityweekly.com/ES_Episode46Visit http://www.securityweekly.com for all the latest episodes!
Booby-trapped subtitles, Netgear is recording your IP and MAC addresses, net neutrality is on the chopping block, and more. Jason Wood of Paladin Security joins us to explain why companies should hack back on this episode of Hack Naked News!Full Show Notes: https://wiki.securityweekly.com/HNNEpisode126Visit http://www.securityweekly.com for all the latest episodes!
How to come up with worthy startup ideas, why your explainer video matters, and what does “Minimum Viable Product” actually mean, anyway? Paul and Michael give updates on their startup journeys and report on Karamba, Crowdstrike, Wandera, and more on this episode of Startup Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/SSWEpisode40 Visit http://www.securityweekly.com for all the latest episodes!
Joel Scambray of NCC Group joins us, we show you how to disable SMBv1, and we discuss the latest security news!
Full Show Notes: https://wiki.securityweekly.com/Episode514 Visit http://www.securityweekly.com for all the latest episodes!
April Wright of Verizon Enterprise and Matt Ploessel of Markley Group join us to discuss vendor response to WannaCry. In the news, Identropy and Exabeam team up, five pitfalls to avoid during a CASB evaluation, FirstWave partners with Fortinet, and more in this episode of Enterprise Security Weekly!Full Show Notes: https://wiki.securityweekly.com/ES_Episode45Visit http://www.securityweekly.com for all the latest episodes!
Netflix blocks rooted devices, HP laptops are logging your keystrokes, Google Chrome is vulnerable, and more. Jason Wood of Paladin Security joins us to discuss a global tech support scheme on this episode of Hack Naked News!
Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/HNNEpisode125
Visit http://www.securityweekly.com for all the latest episodes!
Amanda Rousseau of Endgame joins us to discuss ransomware and malware protection on this episode of Hack Naked News!
Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/HNNEpisode124
Visit http://www.securityweekly.com for all the latest episodes!
Bonnie Halper of StartupOneStop joins us. In the news, why companies aren’t startups, how to be insanely well-connected, CyberArk acquires Conjur, and more!
Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/SSWEpisode39
Visit http://securityweekly.com/category/ssw/ for all the latest episodes!
Steve Lipner of SAFECode joins us, Roi Abutbul and Guy Franco of Javelin Networks show us the importance of protecting AD, and we discuss the latest security news!
Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Episode513
Visit http://www.securityweekly.com for all the latest episodes!
Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg
Security Weekly Website: http://securityweekly.com
Follow us on Twitter: @securityweekly
Ryan Hays of TBG Security joins us. In the news, VMware falls out with Tanium, machine learning at Invincea, the war on legacy IT, Cisco Cloudlock releases an apps firewall, and more in this episode of Enterprise Security Weekly!Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode44 Visit http://www.securityweekly.com for all the latest episodes!
Phishing in Google’s waters, HandBrake has been compromised, Dell releases patches galore, and more. Jason Wood of Paladin Security delivers expert commentary on how ultrasonic beacons can track your phone on this episode of Hack Naked News!
Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/HNNEpisode123
Visit http://www.securityweekly.com for all the latest episodes!
Steven Grossman of Bay Dynamics joins us. In the news, why your startup doesn’t necessarily need early stage funding, Cisco acquires Viptela, the risks of startup debt, and why do chefs and soldiers make the best product managers?
Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/SSWEpisode38 Visit http://www.securityweekly.com for all the latest episodes!
Javvad Malik of AlienVault joins us, Ferruh Mavituna of Netsparker delivers a demo on second order attacks, and we discuss the security news for the week!
Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Episode512 Visit http://www.securityweekly.com for all the latest episodes!
Don Pezet of ITPro.TV talks about deception technologies and honeypots. In the news, Duo launches its MSP program, Fortscale beefs up its partner programs, integrating threat intelligence into your operations, and more in this episode of Enterprise Security Weekly!Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode43 Visit http://www.securityweekly.com for all the latest episodes!
Microsoft VB macro barriers have been penetrated, the website that doesn’t let you change your password, IBM flash drives have malware, and more. Jason Wood of Paladin Security joins us to deliver expert commentary on NATO’s cyberwar games on this episode of Hack Naked News!
Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/HNNEpisode122
Visit http://www.securityweekly.com for all the latest episodes!
Paul, John, and Michael discuss building a bug bounty program. In the news, LockPath and SailPoint join forces, Skyhigh Networks announces a cloud security partnership, Acalvio is building deception farms, and more in this episode of Enterprise Security Weekly!Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode42 Visit http://www.securityweekly.com for all the latest episodes!
Mike Simon of Cryptonite NTX joins us. In the news, how to drive maximum performance in your business, 6 reasons your small business will fail, how McAfee is securing its future, and how well do you know the language of startups?
Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/SSWEpisode37 Visit http://www.securityweekly.com for all the latest episodes!
Mimi Herrmann of Taylor and Francis joins us, Paul delivers part two of his tips on staying secure at conferences, and we discuss the security news for the week!
Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Episode511 Visit http://www.securityweekly.com for all the latest episodes!
Windows boxes are getting pwned, vulnerabilities in SugarCRM, Ashley Madison is back in the news, and more. Jason Wood of Paladin Security joins us to deliver expert commentary on hacking cars with radio gadgets on this episode of Hack Naked News!
Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/HNNEpisode121 Visit http://www.securityweekly.com for all the latest episodes!
Roger Courville of EventBuilder joins us. In the news, the number one trait of successful entrepreneurs, SoftBank is investing, the “store of the future,” Jeff Bezos’s annual letter, and more!
Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/SSWEpisode36 Visit http://www.securityweekly.com for all the latest episodes!
Phil Zimmermann of Silent Circle and PGP joins us, Paul drops knowledge on staying secure at hacker conferences, and we discuss the security news for the week!Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Episode510 Visit http://www.securityweekly.com for all the latest episodes!
Rami Essaid of Distil networks joins us for an interview. In the news, Cylance battles the malware testing industry, Tanium’s CEO issues an apology, Malwarebytes integrates with ForeScout, and more in this episode of Enterprise Security Weekly!Full show notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode41 Visit http://www.securityweekly.com for all the latest episodes!
Doug White and Jason Wood discuss Cyberpatriot, Shadow Brokers, and more on this episode of Hack Naked News!
Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/HNNEpisode120
Visit http://www.securityweekly.com for all the latest episodes!
Paul, Michael, and guest host Jeff Man discuss buyer perspective in the startup ecosystem. In the news, Comcast has a new investment, how to close investors, launching startups in crowded markets, and more!
Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/SSWEpisode35 Visit http://www.securityweekly.com for all the latest episodes!
Alex Horan of Onapsis rejoins us, our own Carlos Perez shows us the basics of WMI events, and we review the security news for the week!Full show notes: http://wiki.securityweekly.com/wiki/index.php/Episode508 Visit http://www.securityweekly.com for all the latest episodes!
Gabriel Gumbs of STEALTHbits joins us for an interview. In the news, virtualization-based security, the road to Twistlock 2.0, Trend Micro embraces machine learning, and more in this episode of Enterprise Security Weekly!Full show notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode40 Visit http://www.securityweekly.com for all the latest episodes!
Signal patches vulnerabilities, hackers target tornado sirens in Texas, a Microsoft Word 0-day is being used to spread malware, and more. Don Pezet of ITPro.TV offers his expert commentary on this episode of Hack Naked News!
Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/HNNEpisode119 Visit http://www.securityweekly.com for all the latest episodes!
Paul and Doug discuss incident response and how to disclose the public. In the news, Cisco has new certs, 5 things to consider when building an SOC, CounterTack announces new data loss prevention measures, and more!
Full show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode39 Visit http://www.securityweekly.com for all the latest episodes!
James Gellert of RapidRatings joins us. In the news, 5 reasons to slow or stop the growth of your business, Walmart is working with startups, Cloudera goes public, and more!Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/SSWEpisode34 Visit http://www.securityweekly.com for all the latest episodes!
Anna Manley of Manley Law Inc. joins us, our very own Jeff Man briefs us on his trip to IBM InterConnect 2017, and we review the security news for the week!Full show notes: http://wiki.securityweekly.com/wiki/index.php/Episode508 Visit http://www.securityweekly.com for all the latest episodes!
Doug White fills in in the studio, while the awesome, sheer naked power of Jason Wood fills the airwaves. Anonymous FTP, the Russians, Skynet activates in Connecticut, and the return of Van Eck Phreaking!
Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/HNNEpisode118
Visit http://hacknaked.tv to get all the latest episodes!
Ira Winkler of Secure Mentem joins us. In the news, how to hire remote employees effectively, the periodic table of security startups, why no business is bulletproof, and more!Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/SSWEpisode33 Visit http://www.securityweekly.com for all the latest episodes!
Brad Antoniewicz of OpenDNS and BSides NYC joins us, Paul demonstrates how to block ads and malware using Pi-hole, and we discuss the security news for the week!Full show notes: http://wiki.securityweekly.com/wiki/index.php/Episode507 Visit http://www.securityweekly.com for all the latest episodes!
Paul and John discuss configuration management. In the news, enSilo adds NGAV support, the cure for infectious malware, and what percentage of malware attacks are 0-days? Stay tuned! Full show notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode38 Visit http://www.securityweekly.com for all the latest episodes!
LastPass fixes vulnerabilities, Instagram adds 2FA, scammers target iOS porn viewers, and more. Israel Barak of Cybereason joins us to deliver expert commentary on unifying industrial control system security operations into an enterprise SOC. Stay tuned!
Kevin O’Brien of GreatHorn joins us. In the news, 5 challenges most entrepreneurs don’t anticipate, 6 ways marketing can shrink the sales cycle, what you need to know about raising seed funding, and more. Stay tuned!
Ferruh Mavituna of Netsparker makes his triumphant return, Paul shows us how to secure your Arlo wireless camera system, and Don Pezet of ITPro.TV gives tips on securing your online backups. Stay tuned!
The Fappening 2.0 is upon us, hackers escape VMware, thieves are caught using facial recognition software, and more. Don Pezet of ITPro.TV joins us to deliver expert commentary on safe backups. Stay tuned!
Michael Figueroa of the Advanced Cyber Security Center joins us. In the news, machine learning from an investor’s perspective, 5 skills entrepreneurs need to succeed, AdEspresso joins Hootsuite, and more. Stay tuned!
Andrew Whitaker of Rapid7 and Render Man of the Internet of Dongs Project join us for interviews, and we discuss the security news for this week. Stay tuned!
Michael Dalgleish of LogRhythm joins us. In the news, LookingGlass debuts a new partner portal, F-Secure acquires Inverse Path, Skyhigh Networks has new CASB patents, and more. Stay tuned!
Patch Tuesday returns, Android devices have malware, a government spyware maker doxes itself, and more. Jason Wood of Paladin Security delivers expert commentary on the Wikipedia for spies. Stay tuned!
Steve Tout and Stan Bounev of VeriClouds join us. In the news, AI startups are winning, 8 funding alternatives, CA Technologies acquires Veracode, and more. Stay tuned!
Hyrum Anderson of Endgame and Keith Hoodlet of Rapid7 and InfoSec Mentors Project join us for interviews, and we cover the latest security news. Stay tuned!
Don Pezet of ITProTV and Jason Wood of Paladin Security join us to discuss cloud and virtual infrastructure security. In the news, Arista containerizes itself, the CIA slams Wikileaks, Okta buys Stormpath to add identity control, and more. Stay tuned!
Google and Microsoft announce bug bounty programs, HackerOne releases open source projects, less spam for all of us, and more. Jason Wood of Paladin Security delivers expert commentary on ransomware for dummies. Stay tuned!
Frank Wank of Cybersecurity Factory joins us. In the news, PowerPoint slides that will save you hours on your next deck, 5 of the biggest first-time founder struggles, Palo Alto acquires LightCyber, and when is less more? Stay tuned!
Alan White of Dell SecureWorks and the U.S. Army joins us, our very own Doug White delivers a tech segment on incident response and forensic reporting, and we cover the latest security news. Stay tuned!
Chris Clymer, Jack Nichelson, and Jason Middaugh of InfoSec World join us. In the news, the first threat intelligence platform compliant with STIX 2.0 is here, LightCyber joins Palo Alto, Flowmon teams up with Ixia, and more. Stay tuned!
Microsoft browsers are hit with a 0-day, Apple severs ties with Supermicro, IoT toy are spying on kids, and more. Jason Wood of Paladin Security joins us to talk about how the NSA is using cyberattacks for defense!
Mike Kail of Cybric join us. In the news, Verizon closes in on Yahoo, 8 key ingredients to a profitable consulting business, building a repeatable sales process, and when should you fire yourself? Stay tuned!
Don Pezet of ITPro.TV joins us, David Fletcher of Symantec delivers a technical segment, and we cover the security news for the week. Stay tuned!
Jim Routh of Aetna and InfoSec World joins us. In the news, Cisco touts next-generation firewall gear, a new decryption tool from Avast, Centrify stops breaches in real time, and more. Stay tuned!
A lone hacker breaches 60 universities and federal agencies, Yahoo loses $350 million from breaches, more bug bounty programs for porn sites, and is your child a hacker? Jason Wood of Paladin Security joins us to talk about smart city technology that could make military bases more secure!
Scott Kannry and Jason Christopher of Axio join us. In the news, Sophos acquires Invincea, the startup fundraising dictionary, five tough lessons every solopreneur needs to know, and how much is a Shark Tank appearance worth? Stay tuned!
David Conrad of ICANN joins us, Carrie Roberts of Black Hills InfoSec breaks all the firewalls, and we discuss the security news for the week. Stay tuned!
Paul and John review the CISO Manifesto and deliver the top 10 rules for security vendors. In the news, Nerdio partners with CensorNet, ThreatConnect reveals a new threat intelligence product suite, free cyberthreat hunter and defender tools for security analysts, and more. Stay tuned!
Microsoft delays Patch Tuesday, WordPress continues to fail at failing, Valve eradicates a Steam bug, ransomware that makes you do terrible things, and more. Jason Wood of Paladin Security joins us to talk about a father and son who created access to a supercomputer via voice commands!
Lior Frenkel of Waterfall Security joins us. In the Enterprise News, CyberArk beefs up its cloud security, Kenna Security partners with Exodus, Gigamon is eliminating network blind spots, and more. Stay tuned!
William Lin of Trident Capital Cybersecurity joins us. In the news, 12 KPIs you need to know before pitching your startup, VC firms back a record number of cybersecurity startups in 2016, and why should entrepreneurs think like farmers? Stay tuned!
Paul and a dozen infosec professionals celebrate episode 500 by hosting roundtable discussions on IoT security and penetration testing. Stay tuned!
Android vulnerabilities are patched, your TV is watching you, iOS apps are vulnerable, the lamest crypto bug, and more. Jason Wood of Paladin Security joins us to talk about a former NSA contractor who may have stolen 75% of TAO’s elite hacking tools!
Archie Agarwal of ThreatModeler joins us. In the news, how to prevent startup burnout, five IoT cybersecurity predictions for 2017, three tips to help entrepreneurs make the right sacrifices, and what exactly is your income statement telling you? Stay tuned!
Katherine Teitler of MISTI joins us, Nathaniel "Q" Quist of LogRhythm delivers a technical segment, and we cover the latest security news. Stay tuned!
Matt Alderman of Tenable joins us. In the Enterprise News, Distil Networks wants to leverage device fingerprints, Exabeam reveals its latest security intelligence program, HPE acquires Niara, and more. Stay tuned!
Don Pezet of ITPro.TV joins us to discuss why a luxury hotel has gone analog, ransomware shutting down security cameras, and more hacking news. Stay tuned!
Eddy Bobritsky of Minerva Labs joins us. In startup news, GFI acquires Kerio, why 2017 will be tough for seed startups, the MVP you’ve probably never heard of, why your product team is failing, and more. Stay tuned!
Chris Kubecka of HypaSec joins us, our very own Jeff Man documents his trip to HP's headquarters, and we discuss the security news for the week! Stay tuned!
Jayne Groll and Alan Shimel join us. In the news, SyferLock announces a technology alliance with OpenIAM, RiskIQ strengthens their digital threat mitigation capabilities, RiskSense Platform 7.0 is here, and more. Stay tuned!
Firefox attempts to protect users, Android threats that matter (and one that doesn't), Cisco patches a critical flaw, and more. Jason Wood of Paladin Security joins us to discuss the Attorney General's stance on encryption. Stay tuned!
Ron Gula joins us. In startup news this week, we talk about 9 ways to distance your business from cyber attacks, lessons learned from Target, 11 free tools every first-time entrepreneur should use, and can your startup generate venture-scale returns? Stay tuned!
Jason Blanchard of SANS and Bruce Potter of ShmooCon join us, and we discuss the security news for this week. Stay tuned!
Zane Lackey of Signal Sciences joins us. In this week’s news, how to choose the right distributed ledger program, Ixia and K2 integrate IoT platforms, SyferLock announces multi-factor authentication integration, and is a new antivirus program really the next generation of security?
Israel Barak of Cybereason joins us to discuss endpoint security, malware, ransomware, and more news stories in this week’s episode of Hack Naked News!
Bob Stratton of Mach37 joins us. In startup news this week, we talk about getting your metrics together, why founders fail to market their products, and does communication determine the success of your business? Stay tuned!
Lesley Carhart of Motorola Solutions joins us, Beau Bullock delivers a tech segment on bypassing antivirus programs using Android, and we discuss the security news for this week. Stay tuned!
The world’s easiest bug bounty program, Shamoon’s capabilities spread to desktops, the fridge who loved me, and are Geek Squad techs working for the FBI? Find out in this week’s edition of Hack Naked News!
Justin Foster of Foster Thinking joins us In startup news this week, we talk about DIY home security suites, a cybersecurity company’s biggest 2016 failure, and what should you expect as a tech startup in 2017? Stay tuned!
Joe McCray of Strategic Security joins us, Doug White will give us an introduction to forensic data carving using FTK, and we discuss the security news for this week. Stay tuned!
Michael Santarcangelo joins Paul and John to discuss cyber insurance. In this week’s news, HP debuts new IoT devices, Bitdefender’s second BOX is here, FireMon announces support for Check Point R80, and more!
0day vulnerabilities in storage devices, why VMware sucks at key management, how to un-ransomware your Google TV, and did Russia really tamper with the 2016 election? All that and more on this edition of Hack Naked News!
Two critical vulnerabilities you will want to patch before 2017 and a free tool to keep ransomware off the new gadgets you received over the holidays.
Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_News_104_December_28_2016
Visit http://hacknaked.tv to get all the latest episodes!
Eric “Munin” Rand of Brown Hat Security joins us, Joshua Marpet and Scott Lyons deliver a tech segment on credit cards escaping the Cardholder Data Environment, and we cover the security news for the week. Stay tuned to our last episode of 2016!
Our very own John Strand delivers a technical segment on integrating Ubuntu with Windows 10. Learn this invaluable skill here on Enterprise Security Weekly!
Chad Boeckmann of Secure Digital Solutions joins us for an interview. In startup news this week, we talk about why many boom-time startups are fizzling out, the average age of startup founders, why Johnson & Johnson is getting into startups, and much more. Stay tuned!
Dave Shackleford of Voodoo Security and SANS joins us, Paul delivers a tech segment on his new Linux laptop, and we cover the security news for the week. Stay tuned!
Don Pezet of ITPro.TV is back to talk about non-security skills for the enterprise security professional and the enterprise news for the week. Stay tuned!
Josh Lefkowitz and Chris Camacho of Flashpoint join us for an interview. In startup news this week,promising equity against issuing equity, why someone burned $10 million so you don’t have to, and we ask the age-old question: are you taking enough risks? and more. Stay tuned!
Ferruh Mavituna of Netsparker joins us, Ofri Ziv of GuardiCore shows us how the Oracle of Delphi will steal your credentials, and we discuss the security news for this week. Stay tuned!
Don Pezet of ITPro.TV joins us for an interview regarding the IT security skills gap, and we discuss the enterprise news for the week. Stay tuned!
The USB killer is on the loose, why you shouldn’t use Visa, Obama challenges the Trump administration (sorta), the dumbest car thief of the week, and much more on this edition of Hack Naked News!
Michael Tanji of Wapack Labs joins us for an interview. In startup news, what mistakes to avoid in product development, how to measure success, the 5 habits you should abandon as your startup grows, and much more. Stay tuned!
John Hurd and Alex Valdivia of ThreatConnect join us, Jimmy Mesta of Invoca and OWASP gives tips on containerizing your security operations center, and we talk security news for the week. Stay tuned!
SecureAuth aims to protect mobile users, Palo Alto Networks automates cloud security deployment on AWS, the cybersecurity skills shortage (and what you can do about it), and more. Our topic for this week is defending against attackers and pen testers. Stay tuned!
WordPress security gets another black mark, free transit rides for all in San Francisco, routers are hacked again, NTP is vulnerable, why buy when you can rent....a botnet, that is, backdooring Android, and a popular porn site is the victim of a data breach. Stay tuned!
Take the Security Weekly Survey: www.securityweekly.com/survey
Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_News_102_November_29_2016
Rumors of a new director of national intelligence, ATMs spill money into the streets of China, real security requires a hedgehog, and Oracle buys a now famous DNS company, all that and more on Hack Naked News!
eph2nih8
Tyler Shields of Signal Sciences joins us for an interview, we review some listener feedback, and discuss the startup news for the week. Stay tuned!
Jen Ellis and Harley Geiger of Rapid7 join us, Alex Horan and Sebastian Bortnik of Onapsis will be giving a trends report for 2016, and we discuss the security news for the week. Stay tuned!
Can you use open-source firewalls, IDS, networking monitoring, SEIM, and more to defend your enterprise? Find out with Paul and John on Enterprise Security Weekly!
Chinese company installed secret backdoor on hundreds of thousands of phones, hacking team back for your Android, major linux holes gapes open, and much more, here on Hack Naked News!
Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_News_100_November_2016#Hack_Naked_News_Announcement
Take the Security Weekly Survey: www.securityweekly.com/survey
Visit http://hacknaked.tv to get all the latest episodes!
Michael is joined by Joshua Marpet and Scott Lyons to talk about their experience building and supporting security startups. In the news, Owler's Cryptzone profile, Illumio releases new templates that offer better security, and why the top entrepreneurs are seeking corporate venture money. Stay tuned!
Greg Foss of LogRhythm joins us, our tech segment covers a Outlook Web Access two-factor authentication bypass, and we chat security news for the week. Stay tuned!
Our topic is incident response in the enterprise. We also discuss OneLogin acquiring Sphere Secure Workspace, Synopsys acquiring Cigital, Codiscope bolstering its security portfolio, Gartner's latest report on the CASB market, and much more here on Enterprise Security Weekly!
David Koplovitz of ProXPN joins us, our technical segment covers considerations for using Intel SGX, and we talk about the security news for this week. Stay tuned!
Rapid 7 makes a strategic integration, should you use artificial intelligence in your enterprise to replace your workforce?, what is your DDoS mitigation strategy?, a big social media company sets out to create an open-source project that will stick it to Cisco, and Amazon sucking it in the cloud (but not like that). Stay tuned!
Adam Bixler of Efflux Systems joins us. In startup news, the 3 most abstract tips to make your startup succeed, the 5 best presentation apps for your startup needs, non-expensive ways to make your small business feel big, and much more. Stay tuned!
A popular cloud based website hosting company could become the next myspace, more powerful IoT botnet, browser vendors lack trust in 2CAs, and some, including myself about an election day hack. All that and more, so stay tuned!
Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_News_99_November_2016
Take the Security Weekly Survey: www.securityweekly.com/survey
Visit http://hacknaked.tv to get all the latest episodes!
Brian Beyer of Red Canary joins us, and we discuss updates on Paul's and Michael's startup journeys, the 22 most active celebrity startup investors, and much more. Stay tuned!
Chris Roberts of Acalvio Technologies joins us, Mark Dufresne of Endgame tells us why signatures suck, and we discuss the security news for the week. Stay tuned!
Carahsoft adds Okta ID, FireMon acquires FortyCloud, why Juniper Networks stock soared today, and much more. Stay tuned!
Don Pezet joins us from ITPro.TV, to talk about how to secure those devices that hackers have been taking advantage of.
Visit http://hacknaked.tv to get all the latest episodes!
HD Moore, founder of the Metasploit project, joins us for an interview. In startup news, we talk about the differences between Angel and VC investments, expanding the concept of entrepreneurship, is running a startup for you?, how to become a cybersecurity entrepreneur in a crowded market, and making your elevator pitch more memorable. Stay tuned!
Adrien de Beaupre joins us to discuss "So You Wanna Be A Pen Tester?", we cover fixing pen test findings and XMLRPC, and talk security news. Stay tuned!
Microsoft and Adobe, Guccifer, and ransomware! Hack Naked News with Aaron Lyons!
Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_TV_October_18_2016
Visit http://hacknaked.tv to get all the latest episodes!
We tell you how to spot a bad Kickstarter, inside the mind of a venture capitalist, how to be disruptive with your startup, and how to stop hackers from destroying your startup. Stay tuned!
Scott Lyons of WarCollar Industries and Joshua Marpet of CyberGRC join us, our listener feedback segment discusses drinking from the infosec fire hose, and we talk security news for the week. Stay tuned!
Securing your data, an account security solution or ASS?, and securing IoT in the Enterprise!
Tons and tons of Ransomware and Cisco! All that and more with Aaron Lyons on Hack Naked News!
Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_TV_October_11_2016
Visit http://hacknaked.tv to get all the latest episodes!
We discuss magical momentum, how to build online trust, pivotal stories every startup leader should be able to tell, and more. Stay tuned!
Cody Pierce from Endgame will talk about pre-exploit prevention. Security news will discuss Yahoo! spying, Mirai source code lessons learned, and more! Our interview this week is with Ed Skoudis of Counterhack Challenges and the SANS Institute. Stay tuned!
Juniper's bug push into security, a big endpoint player goes IPO, and a firewall company enters the Anti-Virus game. The topic for this week is Darkweb monitoring, is it really worth it and how can it help your enterprise? Stay tuned!
WoSign, Cisco, Ransomware, and Linux crash! All that and more, so stay tuned! Visit http://hacknaked.tv to get all the latest episodes!
We interview Ferruh Mavituna of Netsparker, discuss shadow IT in our listener feedback, and discuss our security news. Stay tuned!
A behavior analytics company has a new release, endpoint security for vulnerabilities and threats, outsource your threat hunting, get with the flow on your network, and waiting in the wings to get bought. Plus, John and I discuss security training for the enterprise, what will work work best for you?
Hack Naked coversthis week, CompTIA Security, CISSP, CEH v9, and Red Hat Linux. All that and more on Hack Naked TV!
Visit http://hacknaked.tv to get all the latest episodes!
A listener feedback segment on technical debt, we delve into more listener requests, and in our news stories, we discuss how freemium can work for you, seven common mistakes entrepreneurs make, and more. Stay tuned!
Microsoft partners with Ping, CyberArk gets a new patent, yet even more behavior based endpoint protection, Intel sells McAfee, teaming up with MSPs, and embracing change in the cloud. Stay tuned!
Kobi and Doron Naim of Cyberark Labs join us, Paul shows us how to try to make a secure shell script, and we discuss TMobile's free network, Cisco's injection flaw warning, and more, so stay tuned!
Runtime application self-protection market shows growth, cloud-based access provider new single sign-on for SAS, Oracle bought someone, and privileged identity management. Stay tuned!
This week we interview Jon Searles and Will Genovese, the founders of the NESIT hacker space and organizers of Bsides Connecticut.
Security Weekly Web Site: http://securityweekly.com Follow us on Twitter: @securityweekly
Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Episode467#Interview:_Jon_Searles_and_Will_Genovese_from_BSidesCT_and_NESIT
Lots of Ransomware, Cisco, Lauri Love news, S.W.I.F.T, and Yahoo! gets hacked! All that and more on Hack Naked TV!
Visit http://hacknaked.tv to get all the latest episodes!
Josh Abraham of Praetorian and co-host Matthew Alderman of Tenable join us in-studio and we discuss internet-connected vibrator lawsuits. Stay tuned!
Malware, Mysql exploits, and ransomeware ransomeware ransomeware! Here on Hack Naked TV!
Visit http://hacknaked.tv to get all the latest episodes!
Aaron Lyons tells us what he does here on Hack Naked TV. Tyler interviews Aaron Lyons on this subject.
Visit http://hacknaked.tv to get all the latest episodes!
McAfee trademark dispute, customers want large security vendors, do you trust your pin in the cloud, CyberArk struggles, and embrace change! Enterprise Security User Awareness Training and Paul dancing!
We chat with Marcus J. Ranum of Tenable, pit ODROID against Raspberry Pi, and introduce you to USBee in our security news. All that and more, so stay tuned!
Gucifer, Sophos Blue Screen, and Sundown Exploit Kit here on Hack Naked TV!
Visit http://hacknaked.tv to get all the latest episodes!
Joshua Corman of Cyber Statecraft Initiative joins us, our listener feedback segment covers "Magic Wiffle Dust", and in our security news, Dropbox has been breached (again). Stay tuned!
Aaron talks with Paul Paget, CEO of Pwnie Express, about the Pwn Phone being on the USA network hit show Mr. Robot.
Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_TV_September_01_2016
Visit http://hacknaked.tv to get all the latest episodes!
Ios Zero Days, Russian Hacker convicted in the US, and a certificate authority makes a blunder. Here on Hack Naked TV!
Visit http://hacknaked.tv to get all the latest episodes!
Threat Intelligence gets funding, Security products in the cloud, incorporating virus totaling in your products, two factor authentication for voice-over IP. To MSSP or not to MSSP is the question. All that and more on Enterprise Security Weekly!
Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode13
Visit http://securityweekly.com/esw for all the latest episodes!
We interview Heather Mahalik from SANS Institute on mobile phone forensics, our listener feedback segment will be The Host's Perspective, and our security news covers Facebook facial recognition, hacking smart cities, and why Ashley Madison has agreed to a security overhaul. Stay tuned!
Updates on the Shadowbroker dump, Malware on Wiki Leaks, and some brand new ransomware!
Visit http://hacknaked.tv to get all the latest episodes!
Juniper joins Cisco and Fortigate, US and Canada store were infected by malware, and DARPA Cyber Grand Challenge that ran at DEFCON.
Visit http://hacknaked.tv to get all the latest episodes!
Event Viewer UAC bypass, AppWhitelisting Bypass, 80% of Android Devices vulnerable to Hijacking, PowerShell Open Sourced, and Tool of the Week! - DataSploit.
Visit http://hacknaked.tv to get all the latest episodes!
We interview Alex Horan from Onapsis, discuss pros and cons of being a contractor, and talk about why Snowden thinks it's Russia's fault. Stay tuned!
Integration in the enterprise security space, Cisco cuts its work force, and Pwnie Express Paul Paget.
Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode12
Visit http://securityweekly.com/esw for all the latest episodes!
Well the “shortage” of IT and InfoSec Professionals made have just been solved by Cisco. Yesterday Cisco announce it is planning to cut 5,500 jobs from its workforce. The layoffs will supposedly allow the company to invest in key priorities such as security, IoT, collaboration, next generation data center and cloud.
Visit http://hacknaked.tv to get all the latest episodes!
NSA hacked by the "Shadowbrokers", Scolex malware, Cerber ransomware, and hacking naked! News on Hack Naked TV!
Visit http://hacknaked.tv to get all the latest episodes!
Lance James of Flashpoint joins us in-studio this week, Joff walks us through TachyonNet, and we discuss this year's Pwnies. All that and more, so stay tuned!
This week Logrhythm has a free network monitoring tool, SAP HANA, the hottest technology you didn't see at Blackhat, free anti-ransomware, Beyondtrust product announcement and traps.
Visit http://securityweekly.com/esw for all the latest episodes!
Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode11
This week on Hack Naked TV, Aaron Lyons discusses all the news during Hacker Summer Camp. So stay tuned!
This week, Federico Kirschbaum of Infobyte and Faraday joins us. Our Listener Feedback segment discussing balancing life and work. In security news, Verizon buys Yahoo, hackers sniffs your keystrokes from nearby, and vulnerabilities and light bulbs. Stay tuned!
User behavior analytics wins and fails, the top 10 emerging security vendors (according to some), and virtually testing your network, all that and more so stay tuned!
Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode10
Aaron Lyons discusses Lastpass, Malicious Insider, and Hacker Summer Camp! Watch all the latest security news every week, here on Hack Naked TV!
Visit http://hacknaked.tv to get all the latest episodes!
This week Aaron Lyons talks about Powerware, no more Ransomware, and HIPAA! All that and more on Hack Naked TV!
This week on Security Weekly, John Kindervag from Forrester joins us! Paul and Rick Farina demonstrate Bluetooth scanning using the PwnPad4 and Blue Hyrda. In security news, we show you how to cheat in Pokemon Go. Stay tuned!
This week on Hack Naked TV, Aaron Lyons talks about httpoxy, Neutrino Exploit Kit, and Ubuntu. All that and more, so stay tuned!
This week on Hack Naked TV, Beau Bullock talks about OpenSSHd Username Enum vulnerability, Attack of the Printers, there’s no Hacking in Baseball, and Ubuntu forum breached.
This week on Security Weekly, Bob Stratton of Mach37 joins us. Joff will write a Python script that can download malware domain name lists from a URL, and create a DNS blackhole bind9 based configuration file on the domain names obtained. In security news, we discuss Pokemon Go, an FDIC hack, and more. Stay tuned!
This week in the news no excuses to go Phish yourself, a services vendor helps you identify risk, the #1 privileged identity management solution (According to some), and a huge blow to the Endpoint Security Agent market. And we'll talk about how to secure your SDLC. All that and more so stay tuned!
Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode8
This week on Hack Naked TV, Aaron Lyons talks about Sundown exploit kit, Store Communications Act, and FDIC Hacked. All that and more, so stay tuned!
Aaron Lyons will be talking about S.W.I.F.T. Network, Ransomware, Angler Exploit Kit, and Pokemon Go! Here on Hack Naked TV!
Tonight on Security Weekly, we chat with Elizabeth Gossell, a Product Strategist at Tenable. Paul shows us how to block ads and malware using Bind DNS. Stay tuned!
I’m your host Aaron Lyons and today I’ll be talking about Palo Alto’s upcoming CTF, Update on Symantec’s most recent vulnerabilities, and password sharing conviction.
Welcome to another episode of Hack Naked TV recorded July 5th 2016. Your host, Aaron Lyons, will be covering Zepto, Facebook, and Privacy Shield. All that and more, so stay tuned!
This week on Security Weekly, SANS instructor Mark Baggett joins us for an interview! Our tech segment covers how to build your own PfSense firewall. Paul, Larry, and Joff cover their security news stories of the week. Stay tuned!
I'm your host Aaron Lyons and today I'll be covering password re-use attackes, symantec, and another SWIFT bank heist.
Cisco makes an acquisition in cloud security, Palerra claims a first in the same space, Crowdstrike bundles prevent breaches? And Barracuda makes it easier to give them money for Next-Gen firewalls, all that and more so stay tuned!
Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode8
This episode is dedicated to Jennifer Collis. This week on Security Weekly, Cory Doctorow of craphound.com joins us to discuss all things security! Pentoo dev Rick Farina stops in to talk about the new Pwn Pad4 as well. Stay tuned!
Welcome to another Hack TV, this episode we have a special interview with Don Pezet from IT Pro. Stay Tuned!
Full Wiki Notes: http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_TV_June_23_2016
This week on Enterprise Security Weekly, tenable makes a strategic partnership to ease authenticated vulnerability scanning, avast announces a much faster antivirus engine, Risksense unveils cyber risk scoring that allows some other kind of scoring that you might be familiar with, and alert logic goes into the cloud. All that and more, so stay tuned!
Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode7
This week on Hack Naked TV, Beau Bullock talks about Bad Tunnel, GoToMyPC, and how Ransomware is all Javascript. Watch for full stories, here on Hack Naked TV!
Beau teaching SANS SEC504 in Marina del Rey, CA August 15, 2016: http://tinyurl.com/beau-sec504-aug16
This week on Security Weekly, we welcome Paul back to the studio! Doug White and Jeff Mann join us in-studio to pick Russell Beauchemin's brain about his telepresence robot. Security news covers GitHub's password woes, the BadTunnel vulnerability, and Microsoft OLE. All that and more, so stay tuned!
I'm your host Aaron Lyons and today I'll be covering Microsoft, hard drive decryption, ISIS hackers, and GitHub.
Welcome to another episode of Hack Naked TV. Recorded June 14th 2016. Aaron Lyons will be covering Symantec buying Bluecoat, Microsoft buying linkedin, Michael Thomas and the CFAA, and the Pentagon bug Bounty.
This week on Security Weekly, Larry serves as our interim host alongside co-host Russell Beauchemin, who will be in studio with our guest Chris Poulin. Larry will discuss with Russell about his new Hololens! They talk about Typo squatting package managers, 20 years of red teaming, Spear Phishing, how InfoSec is a sham, and GPS DoS.
Welcome to another episode of Hack Naked TV recorded June 9th 2016. I’m your host Aaron Lyons and today I’ll be talking about Ransomare, Angler, and the Swift Network.
Hack Naked News covers Team Viewer, Myspace gets hacked, Infoblox, Ransomware, and Darkode! Here on Hack Naked TV!
This week is, well, rough, ServiceNow buys threat intelligence company, memory scanning in the hypervisor, and next-generation network segmentation and NAC, and John and I discuss the evolution of IDS and IPS!
Full Show Notes Here: http://wiki.securityweekly.com/wiki/index.php/ES_Episode6
Visit http://securityweekly.com/esw for all the latest episodes!
Hack Naked TV, hosted by yours truly, Aaron Lyons! This week he will bring up the Bangladesh Heist, the battle between Google VS Oracle, Rob Graham's Port Scanning, and he'll rant on Ransomware!
This week on Security Weekly, we interview Wade Baker, Vice President of ThreatConnect! Paul, Jack, Jeff, and Larry address listener feedback and questions. Paul discusses, Jeremiah Grossman, Apple hiring crypto-wizard Jon Callas to beef up security, Google killing passwords on Android, and lots more in Security News.
Do you know who Guccifer is? He could hack your email! Aaron Lyons talks about Guccifer, the Bangladesh Heist, and $12 million was stolen from an Ecuadorean bank.
"Cyber Deception" comes to Defcon and IoT, Cisco makes a push for Voice over WiFi, Sumo Logic monitors your Lambdas, and identity management integrates with SEIM? All that and more so stay tuned!
http://wiki.securityweekly.com/wiki/index.php/ES_Episode5
Do you know what Macworld and Cloudflare are? Paul and John Strand talk about these topics and Threat Intelligence!
http://wiki.securityweekly.com/wiki/index.php/ES_Episode2
Security Weekly Web Site: http://securityweekly.com Follow us on Twitter: @securityweekly
Pwnie Express secures a $12.9 million funding round, Palo Alto forms strategic partnership with HardwareSolutions, Sophos introduces a new tool to combat ransomeware, webroot introduces a new IoT Security Gateway and Paul and John discuss some of the latest topics around vulnerability management.
Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode3
This week on Hack Naked TV, Aaron talks about Ransomware, Bangladesh, and US Cyber Tech!
This week we interview Neil Wyler aka Grifter. We liked listener feedback so much, we're going to do it again and talk about disclosure and evil domain squatting. In the stories of the week Chrome blocks flash and things get hacked.
Paul and John Strand begin a new series here on Security Weekly. They delve into Threat Hunting, FireEye, Tripwire IP360, and much more. Check this prime OG Episode of Enterprise Security Weekly!
Security Weekly Web Site: http://securityweekly.com Follow us on Twitter: @securityweekly
Ransomware again? I think so! Hear other great news stories and he will give some special advice! Here on Hack Naked TV!
Need the Security News for Week? Here's an in-depth update with Beau Bullock about Critical 7-zip Vulns, Symantec BSOD, Facebook CTF Platform, and EmPyre.
Need the Security News for the Week? Here on Hack Naked TV, Aaron Lyons gives the top news for the week in Security and Hacking!
Ever wonder what Image Magick is? We don't know either! That's why Aaron is here to inform you about Image Magick among other more interesting topics! Stay tuned here on Hack Naked TV!
Do you know what Cyber warfare? Hear what Aaron Lyons has to say about Cyber warfare! He rants on this Hack Naked TV.
Welcome to another episode of Hack Naked TV recorded April 28th 2016. Aaron covers Cyberbombs, the next scan from Robert Graham, professional cyclists hacking their bikes, and more.
Doug White was the first certified instructor for the ISFCE digital forensics boot camps and has worked for a variety of professional training organizations and corporations teaching and working in technology.
Do you want to know the inside scoop of Netsparker? Listen to us interview Ferruh Mavituna, who has been in the security industry for well over a decade and his ambition to ease the process of automatically detecting web application vulnerabilities led him to build Netsparker, and pursued it to the point of commercial reality. Ferruh is also Netsparker’s Product Architect.
Sean Metcalf (@PyroTek3) is a Microsoft Certified Master (MCM) / Microsoft Certified Solutions Master (MCSM) in Directory Services (Active Directory Windows Server 2008 R2) which is an elite group of Active Directory experts (only about 100 worldwide). As of 2016, he is also a Microsoft Most Valuable Professional (MVP). We ask him about his start in information security and PowerShell. Listen in now!
This week, Jeff comes on the show and hosts Jeff's Round Table. He talks about Google Play Music, Jedi Conference, vulnerability management vendors, and integration into asset discovery. All that and more, here on Security Weekly!
Aaron Lyons will be covering the recent sentencing of some malicious insiders, and the creators of the the SpyEye botnet creator.
Lee Holmes is the lead security architect of Microsoft's Enterprise Cloud Group, covering Windows Server, Azure Stack, System Center, and Operations Management Suite. He is author of the Windows PowerShell Cookbook, and an original member of the PowerShell development team.
This week, Beau Bullock discusses in depth about Badlock, WordPress Encryption, WhatsApp End to End Encryption, and AllPorts.Exposed. Stay tuned for more stories from Beau, here on Hack Naked TV.
This week on Hack Naked TV, Aaron Lyons talks about Badlock, Ransomware, Russian Prison for Hackers, and Ransomware. Check out Beau Bullock's Hack Naked for more in depth detail on Badlock.
Welcome to another episode of Hack Naked TV recorded April 8th 2016. Aaron covers the Panama Papers, Cyber-Insurance, Ransomware, Hacking Team, and the Pentagon's bug bounty program.
We interview James Lyne from SANS. He comes from a background in cryptography but over the years has worked in a wide variety of security problem domains including anti-malware and hacking. James spent many years as a hands-on analyst dealing with deep technical issues and is a self-professed "massive geek".
This week Paul takes the place of Aaron Lyons who is busy fighting Ninja Lamas. Paul discusses Car future Malware, Ubuntu Patches Kernel Vulnerabilities, OSVDB Shuts Down For Good, Flash zero-day in the wild to be fixed by Adobe, and FBI: $2.3 Billion Lost to CEO Email Scams. Check out the Security Weekly Wiki for more information!
This week we talk with Alex Horan from Onapsis. He is a security focused IT professional with strong experience leading and motivating IT teams and departments.
This week on Hack Naked TV Aaron Lyons talks about FBI vs Apple, the new Android bug, Cisco Firepower/Snort IDS, and ransomware.
This week on Security Weekly, we talk with Ferruh Mavituna from Netsparker. He explains how he can scan 1,000 websites simultaneously and what he does with the information he collects from the websites. Ferruh gives advice on threat modeling and how to understand the surface. For this week's Tech Segment, Paul talks about scanning websites with Nmap.
This week on Hack Naked TV, Aaron Lyons give you the update on Apple vs FBI, iMessage Encryption, FBI's cyber most wanted updated, and Badlock the newest named logo vulnerability.
This week Beau reviews SANS Netwars. He also talks about CTFs.
Jared Atkinson is the Hunt Capability Lead with Veris Group’s Adaptive. Passionate about PowerShell and the Open Source community, Jared is the lead developer of the PowerForensics project, an open source forensics framework for PowerShell, and maintains a DFIR focused blog.
Micah Zenko, a senior fellow at the Council on Foreign Relations and author of the new book "Red Team: How to Succeed By Thinking Like the Enemy." We talk to Micah about techniques to prevent domestic terrorism, parallels between physical security and computer security and red teaming. They also discuss software security, how to create more secure code, legacy code, IoT devices and more!
Security Weekly Web Site: http://securityweekly.com
Hack Naked Gear: http://shop.securityweekly.com
Follow us on Twitter: @securityweekly
Like is on Facebook: https://www.facebook.com/secweekly
This week on Hack Naked TV, Aaron Lyons talks about FBI's most wanted hackers, Google's Bug, the Home Depot data breach, man-in-the-middle attacks, and ransomware.
Paul, Larry, and Jack talk with Dennis Fisher from Pindrop and On the Wire. Dennis expalins what are some of the more interesting trends in security news and how to overcome major problems in his industry. All that and more, so stay tuned!
Aaron Lyons talks about Tor, Apple ransomware, the banning of Kali, and fake facebook profiles. Check all that and more, here on Hack Naked TV!
This week on Hack Naked TV, Aaron Lyons does a follow up on Apple and the FBI, Cross-site Scripting, the Drown Attack, and a brief blurb about Infosec.
This week, Paul makes a big announcement! We are lucky to have several of the fine folks at InGuardians come on the show and share their wisdom and knowledge on the topic of perimeter protection. Stories of the week include DROWN, cool tools for analyzing firmware and Z-Wave, and much more!
This week on Security Weekly we interview Jeff Pike and Jeff Frisk from SANS GIAC. Paul and Larry talk about digital badges, CPEs, and SANS training. On Security Weekly, Paul, Larry, and Mike talk about the Hacker Summer Camp Planning Guide, Open DNS Blogs, wireless mics and keyboards, and excessive amounts of lube! The best place to get information about security! Stay tuned for the best in security news.
Norse Corp followup, DHS and FBI Employee info leak, ENCRYPT Act, and Hackers aren't smart.
Show notes for this episode: http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_TV_February_18_2016
This week, Joff talks with Paul, Carlos, and Michael about building DIY Linux-based routers.
This week on Security Weekly, we introduce Mike Strouse who is the CEO of ProXPN. He explains how he got started in ProXPN and more!
Security News of the week talks about:
Today on Hack Naked TV, Beau talks about Cash for Creds, Gmail Warnings, IRS PIN Compromise, and Cisco ASA RCE. Here on Hack Naked TV!
This week on Hack Naked TV, Aaron will be talking about Norse Co., Java, Cyber Terrorism, and Safe Harbor.
Beau talks about Backdoor in AMX, Linux Kernel Vuln, Apple Sharing Cookies, Hot Potato, Backhat 2016 Course, BSides Orlando.
This week, we interview Dropbox's head of security, Patrick Heim. Paul, Larry, Jack, Joff, Carlos and Not Kevin talk about automating vulnerability scans, hackable kids toys and much more!
The Security Weekly crew interviews Essobi on his techniques for scanning the Internet and some of the interesting results!
Organizations tend to fall somewhere on a scale of 0 through 100 (with 100 being the best) when it comes to the maturity of their vulnerability management program. Starting at 0 for those who don't do any type of vulnerability management or scanning, to those higher up on the scale integrating 3rd party products and producing business-based metrics. Find out all the different levels, some of the pitfalls, and most importantly how go from 0 to hero in your vulnerability management program.
This week on Security Weekly with Carlos, Jack, Michael, Joff, Paul and Larry talk about Windows updates, Sean Penn, WordPress XSS, Windows compatibility issues, TrendMicro's node.js password manager (now featuring arbitrary command execution), and a whole lot more!
We also interview Chris Domas. Chris is a researcher interested in reverse engineering and exploitation. He joins us to talk about visualizing binaries, accessing ring -2 and making reversers sad.
This week we interview Adrien de Beaupre, a SANS instructor and Internet Storm Center handler. Adrien has been researching the security of HTTP/2 and even does a live demo! We put out a call to action for the security community to become more pro-active in researching this protocol.
In Stories of the Week Paul, Larry, John, Joff and special guest star Adrien talk about Juniper backdoors, the "biggest" security threats for 2016, axing Internet Explorer and Uber fines for data breaches.
This week Beau talks about malicious Google Play apps, Comcast home security systems, attacking ICS and MS15-132.
Sharon Goldberg joins us to talk about her research into NTP, BGP and DNS protocol security. Then, in Security News, Paul, Joff and Not Kevin talk about registering zones, reply to all, CISA and much more!
Aaron reviews the Penetration Testing with Kali Linux course and OSCP test.
The lost episode! YouTube flagged this video as inappropriate, removed the video, and put our YouTube channel in bad standing. Now you can view the video for yourself, and see just how "bad" the content is to cause YouTube to flag us YET AGAIN for so-called "inappropriate" content. YET AGAIN, we have filed an appeal and are waiting to get our YouTube channel back in good standing. In the mean time, many features of our YouTube channel have been disabled, including the ability to upload videos longer than 15 minutes. This really puts a cramp in our style, and is an example of just how bad a job of YouTube is doing policing videos and channels.
Welcome to another episode of Hack Naked TV recorded December 17th 2015. Aaron talks about the FBI using 0-Days, Drone Registration, Root DNS attack, and RCE in FireEye.
Ed Skoudis joins us to talk about the Holiday Hack Challenge.
John Strand does a segment on penetration testing and answers 5 of Paul's questions on the topic.
Security News is entertaining as always!
Security Weekly Web Site: http://securityweekly.com
Follow us on Twitter: @securityweekly
The lost episode! YouTube flagged this video as inappropriate, removed the video, and put our YouTube channel in bad standing. Now you can view the video for yourself, and see just how "bad" the content is to cause YouTube to flag us YET AGAIN for so-called "inappropriate" content. YET AGAIN, we have filed an appeal and are waiting to get our YouTube channel back in good standing. In the mean time, many features of our YouTube channel have been disabled, including the ability to upload videos longer than 15 minutes. This really puts a cramp in our style, and is an example of just how bad a job of YouTube is doing policing videos and channels.
Welcome to another episode of Hack Naked TV recorded December 10th 2015. Today Aaron talks about Cybersecurity Information Sharing Act, Kazakhstan, Flash updates, encryption backdoors, and cyber espionage.
Welcome to another episode of Hack Naked TV recorded December 2nd 2015. Today Aaron talks about Dell root certificate fiasco, Hacking Back being reviewed by the government, the LANDesk breach, new tool releases, and more!
For a full list of stories, visit our wiki here.
Interview with Ferruh Mavituna
Security Weekly brings back Ferruh Mavituna to discuss SLDC and writing vulnerable command injection in PHP. For a full list of topics discussed, visit our wiki: http://wiki.securityweekly.com/wiki/index.php/Episode442#Guest_Interview:_Ferruh_Mavituna_-_6:05PM-6:45PM
Failed Windows 3.1 and Hacking BackSecurity news this week we talk about the latest iThing, this one brews your coffee. Find out why its a bad idea to run Windows 3.1 in your environment, or Windows NT. Paul goes back in time, talking about OpenVMS.
http://wiki.securityweekly.com/wiki/index.php/Episode442#Stories_of_the_Week_-_7:00PM-8:00PM
Security Weekly Web Site: http://securityweekly.com
Hack Naked Gear: http://shop.securityweekly.com
Follow us on Twitter: @securityweekly
Welcome to another episode of Hack Naked TV recorded November 20th 2015. Today Beau talks Bitlocker bypass, Gmail address spoofing and more. For a full list of stories covered, visit the wiki here: http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_TV_November_20_2015#Beau.27s_Stories
Security Weekly Web Site: http://securityweekly.com
Hack Naked Gear: http://shop.securityweekly.com
Follow us on Twitter: @securityweekly
Welcome to another episode of Hack Naked TV recorded November 19th 2015. Today Aaron talks about encrypted communications in the Paris terrorist attacks, Google security news, Comcast password resets, and the Well Fargo Cybersecurity Survey.
For a full list of stories, visit our wiki here: http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_TV_November_19_2015#Aaron.27s_Stories
Security Weekly Web Site: http://securityweekly.com
Hack Naked Gear: http://shop.securityweekly.com
Follow us on Twitter: @securityweekly
Interview with Miron Livny and Barton Miller
This week, we interview Miron Livny and Barton Miller of SWAMP. SWAMP simultaneously alleviates the costs, maintenance and licensing burdens of tools, while also eliminating the need to learn numerous tool interfaces. You can read more about SWAMP here: https://continuousassurance.org/
IoT Security In Alarm Clocks
Security news this week features the unmasking of TOR users, an alarm clock that slaps you around and more. For a full list of stories, visit our wiki: http://wiki.securityweekly.com/wiki/index.php/Episode441#Stories_of_the_Week_-_7:00PM-8:00PM
Security Weekly Web Site: http://securityweekly.com
Hack Naked Gear: http://shop.securityweekly.com
Follow us on Twitter: @securityweekly
Today Beau talks about vBulletin RCE, PageFair serving malware, and a million dollar bug bounty for iOS 9. For a full list of stories visit http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_TV_November_9_2015#Beau.27s_Stories.
For a directory of all Hack Naked TV shows visit http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_Show_Notes.
Security Weekly Web Site: http://securityweekly.com
Hack Naked Gear: http://shop.securityweekly.com
Follow Security Weekly on Twitter: @securityweekly
Follow Beau on Twitter: @dafthack
Bug Bounty and Responsible Disclosure
We bring back Samy Kamkar "Samy's My Hero," and bring on special guests Casey Ellis from BugCrowd and Katie Moussouris from HackerOne. We talk about the tough ethical questions and the future of bug bounties in 5 years.
Interview with Ron Gula
We interview Ron Gula, one of the first interviews conducted on Security Weekly. Ron is a leading cybersecurity thinker, innovator, and visionary in the information security industry.
Security Weekly Web Site: http://securityweekly.com
Hack Naked Gear: http://shop.securityweekly.com
Follow us on Twitter: @securityweekly
Special Segment: Making The Most Of Threat Intelligence
This week, Paul and Mike discuss the current state of threat intelligence. In this segment, Paul and Mike dive deep in using threat intelligence properly.
Security News: Chip and Pin Hacked
This week in the news we learn about how chip and pin was hacked in France and are you fooled by fake online reviews? For a full list of stories including links, visit the wiki http://wiki.securityweekly.com/wiki/index.php/Episode439#Stories_of_the_Week_-_7:00PM-8:00PM.
Security Weekly Web Site: http://securityweekly.com
Hack Naked Gear: http://shop.securityweekly.com
Follow us on Twitter: @securityweekly
Today Beau talks about MITM NTP, chip and pin vulnerabilities. and encrypting all the things by default.
For a full list of stories discussed today, visit our wiki: http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_TV_October_23_2015
Security Weekly Web Site: http://securityweekly.com
Hack Naked Gear: http://shop.securityweekly.com
Follow us on Twitter: @securityweekly
Today Aaron talks about the E-Trade breach, China still hacking the US, CyberInsurance, and More.
Visit the wiki for a full list of stories: http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_TV_October_20_2015
Security Weekly Web Site: http://securityweekly.com
Hack Naked Gear: http://shop.securityweekly.com
Follow us on Twitter: @securityweekly
Interview wth Peiter "Mudge" Zakto
Peiter C. Zatko, better known as Mudge, is a network security expert, open source programmer, writer, and a hacker. Peiter talks about his start in information security, rather him starting information security. Peiter talks about his early involvment in BGP and how to take down the internet.
Mobile Security and Privacy
We get Simple Nomad and David Schwartzberg to join us for a panel discussion on Mobile Security and Privacy. David Schwartzberg is a Sr. Security Engineer at MobileIron and Simple has been doing hacker and security-related things for over 30 years, wearing black, white, and gray hats at various points.
Hacker Jeopardy
Hacker Jeopardy includes popular topics such as famous hackers and decimal to binary conversions. Test your knowledge now!
Security Weekly Web Site: http://securityweekly.com
Hack Naked Gear: http://shop.securityweekly.com
Follow us on Twitter: @securityweekly
Interview with Mikko Hypponen
To kick off our ten-year anniversary we interview Mikko Hypponen of F-Secure. We talk about the first virus discovered, reviewing printed viruses, and more.
Visit our wiki for list of important links including the one that got him banned from Twitter: http://wiki.securityweekly.com/wiki/index.php/Episode438#Guest_Interview:_Mikko_Hypp.C3.B6nen_10:05_AM
L0pht Heavy Industries Panel
L0pht Heavy Industries was a hacker collective active between 1992 and 2000 and located in the Boston, Massachusetts area. We learn about the history of the L0pht and the future.
Security Weekly Web Site: http://securityweekly.com
Hack Naked Gear: http://shop.securityweekly.com
Follow us on Twitter: @securityweekly
Today Aaron talks about breaches of LoopPay, Uber, and Dow-Jones. For a full list of stories, visit http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_TV_October_13_2015.
This week on Hack Naked TV, Aaron talks about breaches of LoopPay, Uber, and Dow-Jones.Visit our wiki for a complete list of articles and links covered in the show: http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_TV_October_13_2015Security Weekly Web Site: http://securityweekly.comHack Naked Gear: http://shop.securityweekly.comFollow us on Twitter: @securityweekly
Interview with Dafydd Stuttard
This week, we interview Dafydd Stuttard the creator of Burp Suite and the author of the Web Application hacker's Handbook. We talk about the source of the name "Burp" and the future of webapp scanning.
Security News - Facebook Sex tapes and rooting the OnHub
This week in security news, we talk about Stagefright 2.0, how to root your very own Google OnHub, breaking SHA-1, and AWS WAF's.
For a full list of stories, vist our wiki: http://wiki.securityweekly.com/wiki/index.php/Episode437#Stories_of_the_Week_-_7:00PM-8:00PM
Security Weekly Web Site: http://securityweekly.com
Hack Naked Gear: http://shop.securityweekly.com
Follow us on Twitter: @securityweekly
Password Cracking With Larry
This week on Security Weekly, we are joined by none other than Larry Pesce. After his recent DerbyCon talk, Larry gives us some insight on his 600 dollar password cracking machine.
Security News
Today in the news, Kevin recaps the T-Mobile breach. Do we now let the fox watch the henhouse? Larry dives into a Nest (TM) of IoT (drink) devices. Paul tries to keep it together with a blog post on MS08-067.
For a full list of stories and links, visit the wiki: http://wiki.securityweekly.com/wiki/index.php/Episode436#Stories_of_the_Week_-_7:00PM-8:00PM
Security Weekly Web Site: http://securityweekly.com
Hack Naked Gear: http://shop.securityweekly.com
Follow us on Twitter: @securityweekly
Today Aaron talks about BitPay, OPM, Volkswagen, and new TrueCrypt Flaws. For a full list of stories, visit the wiki: http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_TV_October_1_2015#Aaron.27s_Stories
Security Weekly Web Site: http://securityweekly.com
Hack Naked Gear: http://shop.securityweekly.com
Follow us on Twitter: @securityweekly
This week on Hack Naked TV Beau talks iOS malware, Kaspersky vulnerabilities in their AV engine and more. Links to all stories are below.Android Screen Lock Bypass - http://sites.utexas.edu/iso/2015/09/15/android-5-lockscreen-bypass/
iOS malware - https://isc.sans.edu/forums/diary/Detecting+XCodeGhost+Activity/20171/
Zerodium Million Dollar Bug Bounty - https://threatpost.com/zerodium-hosts-million-dollar-ios-9-bug-bounty/114736/
Kaspersky Vulns - http://googleprojectzero.blogspot.co.uk/2015/09/kaspersky-mo-unpackers-mo-problems.html
Security Weekly Web Site: http://securityweekly.com
Hack Naked Gear: http://shop.securityweekly.com
Follow us on Twitter: @securityweekly
This week interview Josh Pyorre from OpenDNS on honeypots and malware. Josh is a security analyst with OpenDNS. Josh has presented at Defcon, multiple Bsides across the USA and Source Boston.In this interview, we find Josh's secret weapon against attackers and why he goes second in ass-grabby-grabby.For links to Josh's blog and Twitter, visit our wiki:http://wiki.securityweekly.com/wiki/index.php/Episode435#Interview:_Josh_Pyorre_-_6:05PM-6:55PMToday in the news we discuss an Apple iOS directory traversal vulnerability in AirDrop. Also in Security News is the Facebook 'Dislike' button. Not to be confused with with a downvote, more along the line of sympathy or empathy. Do you ever wish you could remotely detonate resistors? Well now you can (kind of).For a full list of stories, visit our wiki:http://wiki.securityweekly.com/wiki/index.php/Episode435#Stories_of_the_Week_-_7:00PM-8:00PM
Brought to you by Black Hills Information Security and Cybrary!
This week Aaron talks about the Ubiquity email scam, the Excellus BCBS breach, Netflix dumping antivirus, McAfee for President, and more.
Hack Naked TV Web Site: http://hacknaked.tv
Security Weekly Web Site: http://securityweekly.com
This week Jack joins Paul in studio, Joff, Carlos, John, and Michael are on via Skype. Jack mixes up some fabulous cocktails and we are off.
Paul and the crew interview Micah Hoffman. Micah Hoffman has been working in the information technology field since 1998 supporting federal government, commercial, and internal customers in their searches to discover and quantify information security weaknesses within their organizations.
In the news, we talk about John McAfee for President, responsible disclosure, and 10 things to do before your laptop is stolen.
Show Notes:http://wiki.securityweekly.com/wiki/index.php/Episode434
Security Weekly Web Site: http://securityweekly.com
Hack Naked Gear: http://shop.securityweekly.com
Brought to you by Black Hills Information Security and Cybrary!
Today, Beau talks more about the Ashley Madison password dump, responsible disclosure to FireEye, and shiny new Android Ransomware. Also as promised on last week's episode, a quick demo of Powershell Empire.
http://tinyurl.com/HNTV-AM-PASSWORD-CRACKING
http://tinyurl.com/HNTV-FIREEYE-VULNS
http://tinyurl.com/HNTV-ANDRIOD-RANSOM
http://tinyurl.com/HNTV-EMPIRE
Hack Naked TV Web Site: http://hacknaked.tv
Security Weekly Web Site: http://securityweekly.com
Brought to you by Black Hills Information Security and Cybrary!
This week Aaron talks about the OPM breach, Windows 10 data collection being back-ported, HP no longer sponsoring Pwn2Own, and vulnerabilities in FireEye's products being sold.
Hack Naked TV Web Site: http://hacknaked.tv
Security Weekly Web Site: http://securityweekly.com
Twitter: @securityweekly
This week Larry and Jack join Paul in studio, Carlos is on via Skype without a shirt and none other than Google-Image-Search-John-Strand joins us...from his car none the less!
Jack recently gave a talk at B-Sides Cleveland and was approached by a listener on how exactly you should talk to high-level execs about security, the DBIR and more. Then, well, tangents...
We talk about a recent article describing how to crack the passwords resulting from the Ashley Madison breach. Paul's prediction of UPnP being used for evil is in the news, this time the bad guys will turn all of your routers into a botnet, a bigger, better, faster botnet.
Show Notes:http://wiki.securityweekly.com/wiki/index.php/Episode433
Security Weekly Web Site: http://securityweekly.com
Hack Naked Gear: http://shop.securityweekly.com
Follow us on Twitter: @securityweekly
Brought to you by Black Hills Information Security and Cybrary!
This week Aaron talks about the Ubiquity email scam, the resignation of the Ashley Madison CEO, the NSA’s bulk collection extension, NSA backdooring encryption and MORE!
Show Notes: http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_TV_September_1_2015
Hack Naked TV Web Site: http://hacknaked.tv
Security Weekly Web Site: http://securityweekly.com
This week on Hack Naked TV, Beau talks about his top 5 favorite pentest and hacking tools as seen at BlackHat/DefCon/B-Sides.
tinyurl.com/HNTV-EMPIRE
tinyurl.com/HNTV-SSTI
tinyurl.com/HNTV-BLEKEY
tinyurl.com/HNTV-NETRIPPER
tinyurl.com/HNTV-CRACKLORD
Also, be on the lookout for Chrome pausing all flash-based ads on September 1, 2015. You can read the full article at tinyurl.com/HNTV-FLASH-KILLER.
Jack's Uplifting Rants, Stories of the Week - Episode 432 - August 27, 2015
In our first segment: No seriously, Jack was in rare form: Uplifting, sympathetic, offering help, and dare I say trying to be positive! After 45 minutes of this, we just wanted the old Jack back...
Jack gets into full rant mode in this segment, where we cover some more news about the epic Ashley Madison breach, Smart fridge that gets hacked, and more!
Show Notes: http://wiki.securityweekly.com/wiki/index.php/Episode432
Security Weekly Web SIte: http://securityweekly.com
This week we interview Phil Young and Chad Rikansrud on the topic of hacking mainframes and their recent Defcon presentation. Stories of the week will include Barbie Swiss Army knives, evil Cisco firmware, and some possible ways to give your security team a fighting chance. All that and more so stay tuned!
This week we kick it old school and talk about the upcoming Defcon, Blackhat and Bsides conferences. Then we chew the fat on the stories of the week including Adroid vulns and more!
This week we talk about stagefright, the Hacking Team and OPM breaches and more!
This week we interview Samy Kamkar who [redacted]. All that and more so stay tuned!
This week we talk wireless security with Rick Farina and discuss rolling your own password management. All that and more so stay tuned!
This week we talk OS X security with Patrick Wardle, the vintage bearded man Jack Daniel is back in studio and stories of the week include topics such as bug bounty programs, are they worth it?, the latest big Apple security bug, and hacking LastPass. All that and more so stay tuned!
This week we interview Ferruh Mavituna, CEO of Netsparker to talk about web application scanning, Apollo joins us in studio to discuss security for startups, and this week's stories include the crowd favorites: Wordpress vulnerabilities and exploiting home routers!
We interview Byron Cleary to talk about virtual honeynets, the dreamy Trey Ford joins us in studio, and we'll talk about a whole bunch of security news!
This week we interview Gavin Millard from Tenable Network Security, put an end to the "wake up Mehreen" meme, and talk about jamming logs in our stories of the week.
At Praetorian, Josh Abraham is a key member of the technical execution team. In this capacity, he is responsible for leading, directing and executing client-facing engagements that include Praetorian's tactical and strategic service offerings.
Over the years, Josh has become a well-known resource for his contributions to the information security space. An avid researcher and presenter, Josh has spoken at numerous conferences including BlackHat, DefCon, BSides, ShmooCon, The SANS Pentest Summit, Infosec World, SOURCE, CSI, OWASP, LinuxWorld and Comdex.
Justin Searle is a Managing Partner of UtiliSec, specializing in Smart Grid security architecture design and penetration testing. Justin led the Smart Grid Security Architecture group in the creation of NIST Interagency.
Michael Assante is an internationally recognized thought leader in cyber security of industrial control systems. Assante held the position of Vice President and Chief Security Officer at the North American Electric Reliability Corporation and oversaw the implementation of cyber security standards across the North American electric power industry.
Matthew E. Luallen is a well-respected information professional, researcher, instructor, and author. Mr. Luallen serves as the president and co-founder of CYBATI, a strategic and practical educational and consulting company. CYBATI provides critical infrastructure and control system cybersecurity consulting, education, and awareness.
Jonathan Pollet, Founder and Principal Consultant for Red Tiger Security, USA has over 12 years of experience in both Industrial Process Control Systems and Network Security.
In this tech segment we're going to talk about regular expressions in python. We're going to be using perl-style regular expressions, which is usually referenced as "PCRE". PCRE is used in many places outside of Python, such as snort and other IDS signatures, and most places you see regular expressions, it will be PCRE. Regex is a language, but it's far more restricted than a normal programming language.
If you need to perform any complex string search and replace, you're probably going to use regular expressions. As the famous saying goes, Some people, when confronted with a problem, think “I know, I'll use regular expressions.” Now they have two problems.
So I'm going to teach you how to create some problems for yourself.
I'm going to put the testing strings in the show notes. If you want to play along, you don't need to install python, we're going to use pythex, an online regular expressions tester. I think this is the best way to demonstrate regular expressions without getting too bogged down in the context of code.
FTP Passwords!! They are everywhere!! http://tinyurl.com/HNTV-FTP-Creds
Chargeware.. It is legal, but it can still get you shot. http://tinyurl.com/HNTV-EULA
Target breach and the state of phishing: http://tinyurl.com/HNTV-Target-Email
SANS 560 Orlando April 7th - 12th
http://tinyurl.com/SANS-560-Orlando
Please note the link and the dates in the video are wrong for SANS Orlando.
DjangoSCA is a python based Django project source code security auditing system that makes use of the Django framework itself, the Python Abstract Syntax Tree (AST) library, and regular expressions. Django projects are laid out in a directory structure that conforms to a standard form using known classes, and standard file naming such as settings.py, urls.py, views.py, and forms.py. DjangoSCA is designed for the user to pass the root directory of the Django project as an argument to the program, from which it will recursively descend through the project files and perform source code checks on all python source code, and Django template files.
Brian Richardson is a Senior Technical Marketing Engineer with Intel Software and Services Group. After fifteen years of external experience with BIOS and UEFI, Brian joined Intel in 2011 to focus on industry enabling for UEFI. Brian has a Master's Degree in Electrical Engineering from Clemson University, along with five US patents and a variety of seemingly disconnected hobbies involving video production. Brian has presented at Intel Developer Forum, UEFI Plugfest, Windows Ecosystem Summit and WinHEC. Brian can be contacted via twitter at @Intel_Brian and @Intel_UEFI.
Chris has been in IT security since the late 90’s with his first role in network support by monitoring IDS and explaining how hackers were breaking into places and what they did once they were in. He now specializes in intrusion analysis and runs the professional services side of CyTech Services, overseeing the commercial consulting and managed security services.
Plus, the stories of the week!
Jared DeMott is a principal security researcher at Bromium and has spoken at security conferences such as Black Hat, Defcon, ToorCon, Shakacon, DakotaCon, GRRCon, and DerbyCon. He is active in the security community by teaching his Application Security course.
Windows Meterpreter recently got some new capabilities thru the Extended API module by OJ Reeves also known as TheColonial. He added support for: *Interacting with the Clipboard *Query services *Window enumeration *Executing ADSI Queries We will cover in this Technical Segment the ADSI interface since it gives us a capacity in enterprise environments not available previously in meterpreter other than a module from Meatballs called enum_ad_computers.
Peter Van Eeckhoutte is the founder of Corelan Team, author of exploit writing tutorial series and free tools. He started working in IT and security in 1995, and currently works as a CISO.
Joel Yonts is a seasoned security executive with a passion for information security research. He has over 20 years of diverse Information Technology experience with an emphasis in Information Security. Joel is currently the Chief Information Security Officer for Advanced Auto Parts and maintains a blog at Malicious Streams.com.
Ian Iamit is currently serving as a Director of Services at the leading boutique security consulting company IOActive, where he leads the services practice in the EMEA region. He is one of the founders of the Penetration Testing Execution Standard (PTES), its counterpart – the SexyDefense initiative, and a core member of the DirtySecurity crew.
Rob Lee is an entrepreneur and consultant in the Washington, DC area, specializing in information security, incident response, and digital forensics. Rob is currently the curriculum lead and author for digital forensic and incident response training at the SANS Institute in addition to owning his own firm.
Before Jens 'Atom' Steube wrote hashcat, he was a bug hunter for fun, focusing on open source software. After 2005 he only did bug hunting on commercial software and therefore not allowed to disclose product names. In 2010 he started hashcat and since that time it's the only project he's been working on.
Thomas MacKenzie works for NCC Group as a Security Consultant, conducting all different types of security assessments. Ryan Dewhurst works for NCC Group as a Security Consultant, conducting all different types of security assessments. ScriptAlert1.com is a very simple and concise platform to explain Cross-Site Scripting, it's dangers and mitigation. Our aim is for penetration testers to include a link in their pen test reports to the resource and to get it to be the de facto description for semi-technical/tech savvy managers.
Kyle is an information security engineer who devotes his spare time to exploiting the ‘internet of things’. He enjoys lockpicking, CTFs, tinkering with electronics, exploit development and blogging about his findings. He is the founding member of Louisville Organization of Locksport.
Walkthrough the Episode 350 Crypto Challenge puzzle with Mike Connor, a senior member of the Analysis team at Dell SecureWorks. He is a big supporter of all things Chicago, specifically THOTCON , BsidesChicago, and all of the different Burbsec groups.
Robert Graham is the co-founder and CTO of Errata Security, a firm specializing in cybersecurity consulting and product verification. Mr. Graham learned hacking as a toddler from his grandfather, a World War II codebreaker. His first IDS was written more than 10 years ago designed to catch Morris-worm copycats.
Dan Auerbach is a Staff Technologist who is passionate about defending civil liberties and encouraging government transparency. Dan works on EFF's various technical projects and helps lawyers, activists, and the public understand important technologies that might threaten the privacy or security of users.
Corey Thuen is co-founder of Southfork Security, a security services company specializing in ICS. Corey recently found out first-hand how fragile privacy can be when a large corporation decides to sue you over your open source software.
Nik Seetharaman is a consultant for a government client in the DC area. He spent 11 years in the United States Air Force where he served in the intelligence and joint special operations communities.
Nate Kenyon (@L2Nate) spent 5 years in the Marine Corps doing everything from pulling cable to configuring routers and switches. After leaving the USMC he worked for several defense contractors working with the US Navy and Defense Logistics Agency doing firewall, IPS and network configurations. He currently works for a large corporation working on wired and wireless intrusion detection systems and security product evaluations.
Michael Farnum has worked with computers since he got a Kaypro II and an Apple IIc during his middle school years. Michael served in the US Army, where he drove, loaded, and gunned on the mighty M1A1 Abrams main battle tank (which is where he got his "m1a1vet" handle).
Dave Kennedy worked for the United States Marine Corps and deployed to Iraq twice for intelligence related missions. He also holds the World Record for most hugs given at a conference and is founder and principal security consultant of TrustedSec - An information security consulting firm located in Cleveland Ohio.
RazorEQX is a A CEH, OSCP certified Security professional with over 25 years’ experience and a proven leadership track record. Experience in most aspects of Information Technology, in a wide range of industries and disciplines; specializing in in-depth Malware, intelligence collaboration the past 4 years.
Sno0ose (@Sno0ose) served as Combat medic for a combat aviation unit. Was wounded overseas during a 1 year tour of duty. Now a consultant with focus on incident response, vulnerability assessment, reverse-engineering malware, and penetration testing. Co-host of Grumpysec, and lead coordinator of BSidesMSP.
Jayson E. Street is an author of “Dissecting the hack: The F0rb1dd3n Network” from Syngress. He has also spoken at DEFCON, DerbyCon, UCON and at several other ‘CONs and colleges on a variety of Information Security subjects. His life story can be found on Google under “Jayson E. Street.” He is a highly carbonated speaker who has partaken of Pizza from Beijing to Brazil. He does not expect anybody to still be reading this far but if they are please note he was chosen as one of Time’s persons of the year for 2006. ;)
Kevin Finisterre is a Senior Research Consultant with Accuvant, has hacked everything from utilities providers to police cars and is keen on disseminating information relating to the identification and exploitation of software vulnerabilities on many platforms.
As with most sizable organizations it is near impossible to uninstall or completely disable Java which sent us on a hunt for a feasible way to contain Java based attacks. What we came up with was restricting it to run only in trusted zones. This worked for APPLET tags when encountered in IE.
What this does is block any applet from running if it is not part of a trusted internet zone. First thing is to identify all the internal trusted zones and add them. Next allow the user to trust their own zones. Most of the time it seemed they knew when there was an applet they wanted to run.
The Honeynet Project is a lnon-profit security research organization, dedicated to investigating the latest attacks and developing open source security tools to improve Internet security. With Chapters around the world, our volunteers have contributed to fight again malware (such as Confickr), discovering new attacks and creating security tools used by businesses and government agencies all over the world. The organization continues to be on the cutting edge of security research by working to analyze the latest attacks and educating the public about threats to information systems across the world.
Why would use use HTTP Comments displayer? This nmap script makes use of patterns to extract HTML comments from HTTP responses. There are times sensitive information may be present within these comments. While this does not necessarily represent a breach in security, this information can be leveraged by an attacker for exploitation.
SCADA systems are being attacked and making headlines. However, this is not news, or is it? There is a lot of new found "buzz" around attacking SCADA and defending SCADA. Technology has evolved and many systems are Internet connected and more advanced than ever. Water, power, electric, manufacturing all have SCADA.
Justin Searle is a Managing Partner of UtiliSec, specializing in Smart Grid security architecture design and penetration testing.
Joel Langill is the SCADAhacker. His expertise was developed over nearly 30 years through in-depth, comprehensive industrial control systems architecture, product development, implementation, upgrade and remediation in a variety of roles covering manufacturing of consumer products, oil and gas including petroleum refining, automation solution sales and development, and system engineering.
Dale Peterson is the founder and CEO of Digital Bond, a control system consulting and research practice. He performed his first SCADA assessment in 2000, and Dale is the program chair for the S4 conference every January in Miami Beach.
Patrick Miller provides services as an independent security and regulatory advisor for the Critical Infrastructure sectors as Partner and Managing Principal of the Anfield Group.
Welcome to our very special episode 350! We have a very special episode, all in support of wounded veterans in our armed services. Please take the time to donate using the links above. We've got an epic day in store for you, including contests, panel discussions, technical segments and more!
Active Defense: Taking The Fight To Attackers: Should We?
We've all heard the term "Hacking Back". We all have mixed feelings about this term. Lets be clear, its not about feelings! The revenge-based "hacking back" was doomed for failure from the beginning. On the flip side, we're losing the battle against attackers on many fronts. What can we do? Setting traps, tracking attackers, luring them into areas of the network and systems deemed "honeypots" is on the table, or is it? What are the legal ramifications to this activity?
Benjamin Wright is the author of several technology law books, including Business Law and Computer Security, published by the SANS Institute. With over 25 years in private law practice, he has advised many organizations, large and small, private sector and public sector, on privacy, computer security, e-mail discovery, outsourcing contracts and records management. Nothing Mr. Wright says in public is legal advice for your particular situation. If you need legal advice or a legal opinion, you should retain a lawyer.
Joshua Corman is the Director of Security Intelligence for Akamai. Mr. Corman’s cross-domain research highlights adversaries, game theory and motivational structures. His analysis cuts across sectors to the core security challenges plaguing the IT industry, and helps to drive evolutionary strategies toward emerging technologies and shifting incentives.
Dave Dittrich is an Affiliated Research Scientist with the Office of the Chief Information Security Officer at the University of Washington. He is also a member of the Honeynet Project and Seattle's "Agora" computer security group.
Robert Graham is the co-founder and CTO of Errata Security, a firm specializing in cybersecurity consulting and product verification. Mr. Graham learned hacking as a toddler from his grandfather, a WW-II codebreaker. His first IDS was written more than 10 years ago designed to catch Morris-worm copycats.
This segment was broken in two parts as the technical segment with Heather Mahalik happened in the middle of it. Heather is a senior digital forensics analyst at Basis Technology. As the on-site project manager, she uses her experience to manage the cell phone exploitation team and supports media and cell phone forensics efforts in the U.S. government. Heather is a certified SANS instructor and teaching the upcoming course Advanced Smartphone and Mobile Device Forensics.
Ok, on to the stories of the week with Paul, Larry, Allison and Jack. What'd you do this summer? Disney? Six Flags? Big Data Land? After much chatter in the Twittersphere (logged here by Space Rogue) last week, Jack brings up the "Popping Penguins" article from Forbes. The article talks about this super vulnerable program that is going to be the downfall of Linux. It's called bash. Would you believe you can use bash to start a listener on your machine and then send some commands over telnet to have someone else's machine connect back to you? Uh oh. Also, beware of another application, one that runs from the desktop that lets you connect to other computers and pull down files from a machine you don't own. Yeah, that one's called a browser. Sounds equally dangerous, no? Should we uninstall bash as a security measure?
Larry threw out there an article on 5 WiFi security myths to abandon. But Larry mentioned that some of these might not actually be very new. Things like don't hide SSID as some newer systems will see them anyway and digging deeper to find the SSID isn't that hard. Plus, if its owner took the steps to hide it, wouldn't that pique your interest that there may be something good running there? Sending out a weak signal may sound like a good idea as if someone can't reach it, they can't connect to it, right? But all that does is annoys its intended users and if someone really wants to get on the network, they'll simply use an antenna. The article ends with the non-myth that if you truly want WiFi security, make sure you use good encryption and a strong password. Simple, eh?
Jack was looking forward to going on a good patch rant. He and Paul have done webinars about really stretching things and getting your patch cycle down to five days from the day of release. Jack said during the good old days, he'd challenge himself to getting his systems patched within 72 hours. Patch Tuesday was to be completed by Friday. In this article by Dr. Anton Chuvakin, he does indicate how it would be good for some big corporations to get their patch cycle down from 90 days to 30 days, but then argues if the bad guys only need 3, then what's the point of all that effort? Jack's feeling is that even the 30 days should be enough in many cases, but it's often politics and other "can't do" attitudes that prevent it from happening. Why is that? Get those patches in place people!
One quick note on a tangent the team went off on. In their experience as pentesters, Larry and Paul mention that all to often the way they end up pwning a system is through some machine that no one knew was running, with services that no one knew were running, with an account that no one knows why it still exists. Do you have a good inventory of where your data is? What machines are in your data center? What services and accounts are on each? If those are gold to a pentester, who has to respect a customer's defined scope, guess what a malicious user is going to do to your network.
Paul's looking for advice on what new phone he should get? Android? iPhone? What say you? Tweet him up with your suggestion at @securityweekly.
Remember that Yahoo bug bounty program? $12.50 credit toward the Yahoo store? A little update from the rants and ridicule from last week, it was actually one guy , Ramses Martinez, Director, Yahoo Paranoids, who was very appreciative of people reporting bugs and was paying them out of pocket. He would send researchers a Yahoo tshirt but would then find out the recipient already had multiple Yahoo shirts. Martinez's idea then was to give the reporter a credit in the Yahoo store matching the value of the shirt, our of his own pocket. Since the uproar, Yahoo has installed its own bug bounty program and Martinez is no longer paying for the reports himself. Good on ya, Yahoo and even better, thank you Ramses Martinez for caring about security.
Speaking of bug bounties, Google has started a bug bounty program for open source software. Repeat that, it's not just Google software that they're paying bounties for, it's software that there really is no organization behind and normally count on volunteers to fix things. Now Google is putting their money behind that effort. As Allison mentions, there hasn't ever been any motivation for anyone to report bugs and now there is.
estrada-sm.jpgPaunch, the alleged author of the Blackhole exploit kit was arrested in Russia last week. Or at least we think so. Some unconfirmed reports have indicated this and Blackhole has not been updated since this time. Or maybe the guy just decided to take an extended vacation and threw the story out there himself. Either way, it might be time for Evil Bob to find a new exploit kit. (Note: Erik Estrada is not "Paunch", he's Ponch, as in Frank Poncharello)
Microsoft has a new disk cleanup where it removes all the old and outdated updates. Jack gained more than 6 GB of space after running the cleanup but a word of caution, it take a concerning long time for the next reboot. You might think you killed your computer but no, it really does take that long.
Check out "Tails" a security and privacy distribution and let us know what you think. Is it good? What makes it a better choice than some others? Though the number of security updates in recent versions is a little concerning. Yeah, I get it that it's good that security holes are fixed and that it's to software that the distro is including. But it's just a little concerning when you pitch it as being for security and privacy yet there are piles of security updates. It makes me wonder just how secure it is and whether it's any better than a secure version of your favorite distribution anyway. But you can certainly let me know and I'll post some comments from you in upcoming week. Tweet me at @plaverty9
There was also some discussion on iOS7 image identification, Larry has a colleague at Inguardians who wrote up an intro to using rfcat and Jack suggests taking a deeper look for yourself before jumping into the patch for MS13-81 and whether your system needs it. If it does, test thoroughly. It's got some deep stuff on it.
Jaime "WiK" Filson enjoys long walks on the beach while his computer equipment is busy fuzzing software, cracking passwords, or spidering the internet. He's also the creator of the gitDigger project as well as staff of DEFCON's wireless village.
Jared DeMott has spoken at security conferences such as Black Hat, Defcon, ToorCon, Shakacon, DakotaCon, GRRCon, and DerbyCon. He is active in the security community by teaching his Application Security course, and has co-authored a book on Fuzzing.
Pete Finnigan works as an independant Oracle security consultant for his own company PeteFinnigan.com Limited . Pete specialises in performing detailed Oracle security IT Health checks against Oracle databases using a detailed methodology developed by Pete from many years of experience in securing databases.
We've got a good one for you this week. Paul and Jack were in studio we were treated with a visit from the DerbyCon organizers. Dave "Rel1k" Kennedy, Adrian "Irongeek" Crenshaw, Martin "PureHate_" Bos and Nick "Nick8ch" Hitchcock. Derby is one of those cons that that sells out within minutes or less, so they're surely not here to sell tickets for the September 25-29th even in Louisville, Kentucky. Listen to find out all the great things they have in store for this year's event. They've expanded with six tracks this year, two nights of big events and will have The Crystal Method playing on Saturday night! Dave also mentioned that his choice of Weird Al Yankovic got vetoed, but if I had any kind of vote, I'd love to see Al. In addition to some of the best talks on the planet, you'll see some games such as "Are You Smarter Than a CISSP?" and "Whose Slide Is It Anyway?" One of the other great things about DerbyCon is they make many, if not all of the videos available for people to view, in near real time, thanks to the kickass video guy Adrian.
Then on to the stories. Talking with the Derby guys is always so much fun, and with the weekly Stogie Geeks podcast immediately after, there wasn't much time left for stories. Paul and Jack got into Marissa Mayer not locking her iPhone and people trying to board commercial aircraft with hand grenades. Yeah. According to the article, TSA found 83 people with hand grenades in either their carry-on or checked luggage. But when we dig a little deeper in the article, we see those 83 also included "The majority of these grenades were inert, replica, or novelty items". The basically took away toys. I guess that sounds silly at first until you figure the hassle someone could cause by pulling out a toy but real-looking grenade mid-flight. Who's going to confirm that it's just a toy? It'd make for one heckuva stressful flight. So leave your grenades at home.
The only other story the guys talked about was Yahoo! CEO Marissa Mayer and how she avoids the hassle of locking her iPhone with a passcode. The article is an interesting one where one side wonders why she takes mobile security so casually? If hers fell into the wrong hands, first imagine the phishing that someone could pull off. But also what kind of trove of data is available on there from upcoming plans at Yahoo! (a publicly traded company) to private email conversations with other executives at the company. But then the other side wonders if the security advice for Mayer has the same level of appropriateness as for an average user. Maybe Mayer takes better physical precautions with her iPhone than a typical 16 year old high school student. Is her point valid that the extra step of entering a passcode isn't worth the ease of getting into her device many times a day to conduct business? Seems like an interesting question at least.
Have you heard of those scam phone calls from "Windows" where the person on the other end of the phone claims to know there's a problem with your computer ("Is it running more slowly lately?") and they even have you test it out by running some commands and referring to common files as viruses. Then they're so friendly that if you simply go to their web site and download a couple files, they'll clean it all up for you. Maybe one of the worst people they could possibly call would be the head guy at Black Hills Information Security, John Strand. Yep, and John was only too happy to give them just enough rope to hang themselves. Listen along for how John was also able to irritate the scammers.
Then we tried to get going on the stories of the week and were off to a great start but very quickly got derailed with a story from Australia. Apparently the Australian government is looking to put a filter on the internet in their country that would completely block all perceived porn sites. If someone wants to be able to access porn web sites from inside Australia, they'd need to "opt out" of the filter by simply contacting the government. What could possibly go wrong with this idea? I'm certain that there wouldn't be any privacy issues whatsoever. Additionally, wasn't the internet basically invented for the purpose of porn consumption? Ok, back to the rest of the stories discussed.
Remember a few weeks ago when we talked about a scumbag who intruded upon a family through their baby monitor and was able to shout at the baby and parents through the monitor. Well, the Federal Trade Commission (FTC) has slapped down a manufacturer of different brand of baby monitor and said they may no longer market their product as being "secure" until they fix these flaws. The flaws being that they say the feeds are private while anyone can view them on the internet at least in part because the authentication from the internet is clear-text and needs to be encrypted. Here we are already seeing where it seems like a great idea for manufacturers to internetify their product but don't completely understand all aspects of that or at least don't understand basic security needs. I don't know which is the chicken and which is the egg yet, but with the promise of IPv6, we're going to eventually see just about everything we own trying to have some sort of presence on the internet and these basic security precautions will need to be met.
Allison alerted us to the fact that Burp Suite got an upgrade this week. I'm constantly amazed at how much Burp can do especially when you consider the $300 price. Sure, there's also ZAP available from OWASP for even cheaper (free) but I think Burp is one of those tools that just about everyone uses because of its awesomeness. If I had to pick out just one of the new features, I'd mention the "Plug 'n Hack". According to Portswigger: "This enables faster configuration of the browser to work with Burp, by automatically configuring the browser to use Burp as its proxy, and installing Burp's CA certificate in the browser."
We also found out more details this week about another trojan called FinFisher by Gamma. The existence of FinFisher had been previously revealed but in a presentation by Mikko Hypponen, he talked about some of the things that the tool can do, including cracking WPA1 and WPA2, decrypting common email sites and even copying over a whole drive encrypted with TrueCrypt via a USB stick. Reportedly, the tool had only been available to governments in order to conduct their own national intelligence, but by now there's no way of knowing whether this has slipped out into the wild and in the hands of just anyone.
At Black Hat this year, Mike Shema from Qualys talked about a new way to possibly prevent CSRF. As we've seen in the past, the only way to reliably prevent the attack is to place a token in the action and have the server validate that token. This requires that the developer of the application understand CSRF and understand an API for creating the token, and to also implement it properly. If you're in the training or penetration testing business, this sounds like a great thing for job security. However there are millions of developers worldwide and training all of them may take a while. Heck, look at how prevalent much simpler attacks like SQL injection and Cross Site Scripting are. Do we really think that we'll be able to "train away" CSRF? This is where Shema has the idea of "Session Origin Security" and put the token in the browser. Now instead of training millions of developers, we simply get about five browser developers to jump on board. But the gang was a little skeptical about other plugins to work around this as well as breaking valid sessions and backward compatibility. We also wondered whether it may make more sense to allow the browser to choose whether it wants the CSRF protection and turn it on by default and let the user turn it off if there's a good reason to. These all seem to be questions that Shema and his team are looking into.
Jack told us about a post from Gunnar Peterson and the "Five Guys Burgers Method of Security". I don't think it means where it's so good for the first ten minutes and then you feel like crap about it for the next few hours. It's the idea that when you go to a Five Guys (and if you haven't yet, you should) they have two things, burgers and fries. They do these two things exceptionally well. They haven't morphed into also being a chicken place, and a fish place and a milkshake place and a coffee place and then letting the overall quality slip. They are focused on doing their two things and doing them extremely well. And I wondered if this is where so many in the security industry get frustrated and eventually burned out. As John brought up, the frustration often comes when there is so much compliance and documentation required, which yeah, I can see that as well. Who likes checking boxes and meeting with guys in ties to explain how you meet the PII, PCI, SOX and whatever other acronyms? I also wonder if there's also frustration in that we're hired to be "the security person" and we have areas that we're good at and enjoy. Whether that's network security, mobile security, web security or whichever. But due to budgets and many other reasons, we are expected to be experts in all areas, much unlike Five Guys. The Five Guys philosophy is if you want a great chicken sandwich, go to a chicken place. If you want a great milkshake, go to a milkshake joint. However in our jobs, we are the burgers and fries and chicken and fish and milkshakes and we're expected to be perfect at all of them. Anyway, it's an interesting take.
Do you have a Web site? No? Ok, then you're probably safe. Robert "Rsnake" Hansen put together an infographic about all the different things that you need to worry about today when securing your web site. It started out as a joke but then got a bit too close to reality and finally just got head-shakingly scary.
Finally, if you haven't already, check to see if your web site is "locked." Simply do a whois on your site and see if you have at a minimum a status of "ClientTransferProhibited." Some have said the recent NY Times hack was able to happen because the domain was not locked and the Syrian Electronic Army (SEA) was able to get the DNS credentials from someone and then change the DNS records to their own server. But if your DNS is locked, it'll take a bit more work to make the updates. Your registrar will go through additional validation steps before the DNS records are updated. This is likely enough that if someone is looking to hijack web sites, they'll realize yours isn't worth the both and move on to an easier target. With Congress possibly authorizing an attack on Syria and with the twelfth anniversary of the September 11, 2001 attacks upcoming, it would not be surprising to see another round of attacks on web infrastructure. So take this very easy step and protect your site.
Carlos Perez is also known as @DarkOperator, He spends his time reverse engineering, and practicing PowerShell Kung-Fu. Known by his motto "Shell is only the Beginning".
The show was missing its usual sunshine and unicorns as Jack was unable to attend the show but fear not, Paul and Larry took us all through the stories of the week!
First, Larry found an article telling us why we should never trust geolocation values. The article talks about how the major geolocators (Google and Apple) will keep a database of where wifi hotspots exist and their mapping systems use these known values. But what if one of those "known values" moves? What if a hotspot that was in downtown Providence gets moved to Paris? We'd probably have another person drive their car into the ocean! But the part that Larry is talking about that he'd like to get is actually the reverse. Rather than knowing where the hotspots are and get an address back, have a way to submit the address and get a list of known hotspots in the area.
Stop us if you've heard this one before...there's a Java 0-day in the wild. Well, at least this one was for Java 6. Worried about how to remedy this? Wondering when the patch will be released? Well, it kind of has, it's called "upgrade to Java 7" which then throws a gray area into the whole "it's a 0-day" thing.
Ok, so here is the reason that we listen to the stories of the week. The experience that Paul and Larry have in the business is priceless in itself so when a story can spin off into an interesting story from the field, it's worth *at least* what you pay for the show. Paul tells us about WebAntix, a shell script that someone wrote that uses a Nessus NBE to take a list of URLs and go take a screenshot of each site and create a web site with those screenshots. Really useful on a pentest, right? Paul also mentions how Tim (@LaNMaSteR53) had written something similar called Peeping Tom. But what got spurred on here is Larry's story about a pentest that he was on. He was using a tool to spider through the client's site and realizing it was going to take a while, he went to lunch. In the meantime, the tool hit a page that it couldn't authenticate into. The tool didn't know when to quit and it would continue to try the page, failing each time. With each failure, a new log entry was created. However the company had a log watcher that would send an email to many people on each individual failed auth. 1.2 million emails later, the Exchange server was dead.
There's also this BYOD thing. Employers are wrestling with this problem in how they deal with employees bringing in their own laptops, mobile devices, tablets and who knows what else. Paul talks about how back in the days when Jack was probably only middle-aged, you could go to work at a place like IBM and they'd supply you with a far more expensive, far more powerful machine than you could probably afford on your own. So you almost looked forward to going to work just to use this souped up computer. Here lies the BYOD problem for businesses. On one hand, they can save money knowing that people have all this stuff on their own and they're going to use it so there's no longer a need to buy them the latest and greatest super strong computer. But, can that also be used in the reverse? What if a business wants to fight the whole BYOD thing by putting people back on super strong machines to where they won't even want to bring their own in anymore? It may be an interesting thought, but it really isn't going to keep the leakiest of machines out of the office, also known as the mobile phone.
How about if you ever need to get sudo on a Mac OSX machine and don't have the password? As long as someone has ever successfully done a sudo on the machine, you can simply do a sudo -k in the Terminal window, set the date back to the epoch and voila, you now have sudo on that machine. Or simply use Dave Kennedy's python script to do it all for you. Ok, this is one where I have to tell a story of my own. One time in a job, someone emailed me about how to get elevated privileges on a machine and I wrote back in email that he should go ask the system admin team for sudo access. Well, apparently he thought I was an idiot or didn't know how to spell or something because he promptly wrote to the unix administrator and said that I suggested he ask for some kind of "pseudo-access" to the box. Much laughter ensued.
What good would it be if I simply recap the whole show for you. Of course we want you to listen, so let's go quick with a few more. You can use an unauthenticated API to access some functions and interact with a Tesla automobile. The Register is telling us that the Poison Ivy RAT is the AK-47 of attacks. Learn to break Android apps with tutorials and sample sites for learning! An ISP was caught tracking mouse clicks! The horrors! Well, they were tracking where users were clicking on their support page. I can at least see the defense here. They wanted to know how effective their support page was and whether people were able to quickly and easily find the right answers, and where they were clicking around on the screen, hopefully in an attempt to make it more efficient. At least that's the story I'd believe.
Matt is a long time volunteer of BruCON and is going to let us know all the great things in store for 2013.
Ira Winkler, CISSP is President of Secure Mentem. Ira is one of the foremost experts in the human elements of cyber security and is known for the extensive espionage and social engineering simulations that he has conducted for Fortune 500 companies globally, and has been named a "Modern Day James Bond" by the media.
Zachary Cutlip is a security researcher with Tactical Network Solutions, in Columbia, MD. At TNS, Zach develops exploitation techniques targeting embedded systems and network infrastructure. Since 2003, Zach has worked either directly for or with the National Security Agency in various capacities. Before embracing a lifestyle of ripped jeans and untucked shirts, he spent six years in the US Air Force, parting ways at the rank of Captain. Zach holds an undergraduate degree from Texas A&M University and a master's degree from Johns Hopkins University.
Zach will be going over how he does research on exploiting embedded systems and his exploit development framework bowcaster.
After her presentation at Black Hat 2013, Allison is back in studio and will do a tech segment titled "Denying Service to DDOS Protection Services"
Are you not keeping your firmware up to date? Any chance that you're setting yourself up to be hit by the HP Integrated Lights-Out authentication bypass? If you're not going to be diligent about updating firmware and must have these things on the internet, then as Paul says, firewall the hell out of it and keep it away from the rest of your network.
Using a new scanning interface from Paul and Jack's employer, Tenable, you're able to see if your desktop software is out of date. Everyone's browser seemed to need updates and as we learned with some help from Carlos, you even need to update your pooty (PuTTY).
One of the many good lessons that can be gained from watching Security Weekly is "Don't screw with people's kids." Let's go one step further and say it's probably in poor form to call some random stranger's two year old a "slut". Larry and Paul tell us about a story where one of those baby monitor camera systems was "hacked" because it was on the internet and using the default (ie. no password) password. So someone was able to log in to the camera and shout expletives through the speakers, at the sleeping child and eventually at the parents. Ok, first as Jack already mentioned, don't screw with people's kids. Second, as Larry mentioned, why put this thing on the internet? Third, if you are going to put it on the internet, make it easier or more obvious that a default password needs to be changed. Or finally, as Jack mentions, it might be a little harder to support, but go with a handful of default passwords and put a sticker on the system to let people know what it is. That's a whole lot better than no password when this thing goes on the internet.
Leave it to Expert Steve to start a fire right in the Security Weekly studios.
Rob Graham over at Erratasec gives a nice behind-the-scenes account of the Blaster worm as it was already 10 years ago that the outbreak first happened. Rob talks about how he found out about the possibility, was soundly mocked even in his own company about the upcoming outbreak and even how he launched his own bloodless coup in his company. He simply told the CEO that a major problem was coming, that he knew how to fix it and he was taking over immediately. In spite of much preparation for a big fight, the CEO simply said "ok" and Rob was off and running. While it only took his in-house developers to create an exploit for the vulnerability, it took much longer than expected for it to be seen in the wild. It was eventually first seen on August 11, 2003. And Rob was vindicated.
So the Transcend SD WiFi Card is completely vulnerable to all kinds of bad things. The tiny little card runs Linux and even has netcat installed! There's a web server on there where you can upload more fun scripts that let you do all kinds of things you shouldn't be able to. Things like see the user's password in the web page source code or remote file includes. But to leave netcat installed and leave open the ability to get a shell on an SD card? As Larry asks "The smaller the device, the less attention that is paid to security??"
While out at Black Hat, Allison got to play with the Hot Plug. No no, in spite of the name this is not some kind of sex toy. Instead, it's a great device that allows you to remove the power plug from a wall socket but still leave the device powered on. According to Allison, it's a male-to-male plug where you just slightly remove the plug from the socket, connect the Hot Plug and then remove the plug from the socket.
There are more discussions and articles but finally, Paul brought up this Dark Reading article by Maxim Weinstein called The More Things Change. This article goes into how many millions of malware variants we've seen through the years, but in the end, all of these hacks require at least one of three things: "exploiting a vulnerability, compromising user credentials, and/or tricking the user." The real question is how we fix these?
Ok, one more. There's an add-on to the Leap Motion device where you can simply use hand (or other) gestures to log in to your Windows machine. Oh so many ways that we could log in...
There are all these stories and more this week on the Security Weekly Drunken Security News!
If you've seen one of mine, or John Strand's, presentations on offensive countermeasures, you know about Honeyports. If you've taken our class or read our book, you've seen this too! Just to recap:
If you tell your host to listen for connections on a port, and make certain the client is making a full TCP connection, you can "shun" or block the remote IP address. A Honeyport is a port that nothing should be listening on. When something, or someone, makes a connection to this port, you create and implement a local firewall rule on the host to block that IP address.
Previously we had shell scripts and a Windows command to make this happen. I wanted to extend this functionality, but quickly ran into limitations. So, I decided to write a Python script to implement this on all 3 platforms.
Ty Miller is CEO and Founder of Threat Intelligence , has had many TV appearances, radio interviews, print newspaper and magazine articles, and regular online commentary & BlackHat Trainings. Ty Miller's experience not only covers penetration testing, it also expands into regulations like PCI, developing and running industry benchmark accreditations, performing forensic investigations, as well as creating and executing security training ranging from introductory security through to highly advanced security concepts and skillsets. Today he is here to do a tech segment on his product Threat Analytics.
Selena Proctor, Alex Horan and Mariano Nunez join us from Onapsis.
Schuyler Towne is on a mission to recover as much information as possible about the lock-related patents that were lost to the patent office fire of 1836. His primary interest is in the history and the story of the creators of the lost locks, but his goal is to conduct all of the research in public, using Zotero, so everyone can follow along and those particularly inclined can even participate. That rough research will remain available indefinitely, but he will go on to curate and organize the work for publication on the website. Depending on what we recover we could potentially restore entire patents to the patent record, or 3D print working locks based on their drawings. We could solve a mystery, or rewrite history.
Matt "Level" Bergin, age twenty four, works for CORE Security as a Senior Security Consultant where his day job consists of discovering, exploiting, and mitigating vulnerabilities in their client's network environments. Before joining CORE, Matt became well recognized in the industry through his activities in the US Cyber Challenge and publications of vulnerability research such as his discovery of the Microsoft IIS 7.5 FTP Heap Overflow.
Kati Rodzon is the manager of Security Behavior Deisgn for MAD Security. Her last nine years have been spent studying psychology and ways to modify human behavior. From learning about the power of social pressure on groups, to how subtle changes in reinforcement can drastically change individual behavior, Kati has spent the better part of a decade learning how humans work and now applies that to security awareness.
Mike Murray has spent more than a decade helping companies to protect their information by understanding their vulnerability posture from the perspective of an attacker. Mike co-founded MAD Security, where he leads engagements to help corporate and government customers understand and protect their security organization.
Security Weekly #335 (Part 2) Interview: Bill Stearns Tech Segment: Phil Hagen on logstash
Security Weekly 335 (Part 1) Special Segment with Dave "Rel1k" Kennedy: Connecting the Dots on Bypassing AV CycleOverride with JP Bourget and Bruce Potter
Andy Ellis is Akamai's Chief Security Officer, responsible for overseeing the security architecture and compliance of the company's massive, globally distributed network. He is the designer and patentholder of Akamai's SSL acceleration network, as well as several of the critical technologies underpinning the company's Kona Security Solutions.
Greg is an Intern with Security Weekly and a Senior Security Engineer for a financial services firm. Greg specializes in Vulnerability management, penetration testing and security architecture. He's on tonight to cover his blog post on Windows Software Restriction Policies.
Kurt Baumgartner of Kaspersky Labs joins us to talk about Red October, a research paper that he co-authored, along with the other areas that he works on at Kaspersky.
It's time for another Drunken Security News. Much of the gang was on the road this week so Patrick Laverty sat in with Paul and Engineer Steve for the show, plus Jack's epic beard called in via Skype from lovely Maryland.
First, Paul admitted it was a stretch to bring this into a security context but he wanted to talk about an article that he found in The Economist (via Bruce Schneier) about one theory that if the US would simply be nicer to terrorists, release them from Guantanamo Bay, Cuba and stop hunting them down around the world, that they would in turn be nicer to us. Also, fewer would pop up around the world. The thinking is that jailing and killing them turns others into terrorists. So here's the leap. Can the same be said for black hat hackers? If law enforcement agencies stop prosecuting the hackers, will they be nicer and will there be fewer of them? I think we all came to the same conclusion. "Nah."
Paul also found an Adam Shostack article about how attention to the tiniest details can be important to the largest degree. The example given was the vulnerability to the Death Star in the original Star Wars movie was so small and the chances of it being exploited were so remote that the Empire overlooked it, Grand Moff Tarkin even showing his arrogance shortly before his own demise. The same can be said for our systems. It might be a tiny hole and maybe you think that no one would look for it and even if they do, what are the chances they both find it and exploit it? In some cases, it can have quite dire consequences. The Empire overlooked a small vulnerability that they shouldn't have. Are you doing the same with your systems?
Did we happen to mention that Security BSides Boston is May 18 at Microsoft NERD in Cambridge, MA and Security BSides Rhode Island is June 14th and 15th in Providence, RI. Good seats and good conference swag are still available. We all hope to see you there!
The Onion's Twitter account was breached by the Syrian Electronic Army and they handled it a way that only The Onion can, making light of both themselves and the SEA. Additionally, possibly for the first time ever, The Onion published a non-parody post about exactly how the breach occurred.
Additionally, the National Republican Congressional Committee (NRCC) web site got spam hacked/defaced with Viagra ads. The only thing we were wondering is, are we sure it was hacked and not just a convenient online pharmacy for their members?
A new whitepaper was released from MIT talking about "Honeywords". The problem being solved here is creating a way for server admins to know sooner when a passwords file has been breached on a server. In addition to the correct password, this new system would add a bunch of fake passwords as well. When the attacker starts trying usernames and passwords, if they use one of the fake passwords, the server admin would be notified that someone is doing that and it is very likely that the passwords file has been breached. It's an interesting concept to ponder.
Jack had an article from Dennis Fisher at Threatpost, asking the question about what's the point of blaming various people for cyberespionage if we don't have a plan to do something about it.
The NSA also has its own 643 page document telling its members how to use Google to find things like Excel documents in Russian that contain the word "login". Wait, I feel like I've heard of this somewhere before. Oh yeah, that's right. Johnny Long was talking about Google Hacking at least as far back as 2007. It's just interesting some times to see things that the media gets wind of and without the slightest bit of checking, thinks something is "new".
Rob Cheyne is a highly regarded technologist, trainer, security expert and serial entrepreneur.
He was the co-founder and CEO of Safelight Security, a leading provider of information security education programs. He has taught information security training classes to tens of thousands of developers, architects, and managers for industry-leading organizations. He has over 20 years of experience in the information technology field and has been working in information security since 1998.
Rob regularly speaks at security and training conferences, and frequently presents to the local chapters of various security organizations.
Paul's Security Weekly #329 Sumit Sumit Siddarth - "The Art of Exploiting Injection Flaws" Free Amazon Socks Proxy to Tunnel to Freedom Drunken Security News
Paul's Security Weekly #329 Interview with Brad Bowers
Mark Baggett is the owner of Indepth Defense, an independent consulting firm that offers incident response and penetration testing services. Mark is the author of SANS Python for Penetration testers course (SEC573) and the pyWars gaming environment. In January 2011, Mark assumed a new role as the Technical Advisor to the DoD for SANS.
Yet another Paul's Security Weekly Drunken Security News! Can I Stop Typing In Caps Yet?
Please follow along at home and check out the show notes to see the stories that Paul, Larry, Jack and Allison have decided to talk about this week! Additionally, have you heard yet that Paul is putting on BSides Rhode Island? Got your ticket yet? Plus, Larry is teaching SEC616 for SANS in May in sunny San Diego. Don't miss that!
And did you check out the latest HackNaked TV by John Strand? It's an introduction to getting started with Recon-NG the new tool by Tim Tomes. If you've ever wanted a great reconnaissance tool that feels a bit like Metasploit, then give Recon-NG a try.
What are the guys busting Steve the Engineers chops about at the beginning? They thought that Steve had deleted the just-completed interview with Bill Cheswick. Much to Paul's pleasant surprise, the raw video survived and we have the interview available for you.
Paul found a story about upgrading a router by removing chips and resoldering new ones and additional ones back on. Want an overview of how this works? Larry educates us on the necessary tools and techniques. Remember, it's all about the tip size and always practice on hardware you don't care about as it's likely you'll screw it up the first time you try.
Larry also discovered the "Dave" video. Dave is a Belgian mindreader that brings people in off the street, into his New Age-y looking tent, invokes various dances, chants and feels people's energy. In the end, he is able to determine what seems like way too much personal information about these strangers. How does Dave do it? I won't reveal the trick here, but you can see the two and half minute video on YouTube for yourself. Be careful out there.
Jack gives a shoutout to Rackspace for taking on the patent trolls and Allison finds an ISP in Texas that is injecting ads in their customers' traffic. She also wonders what would happen if a customers, seeing these ads, were to simply click on them incessantly, driving up the cost to the advertisers, defeating the purpose of the advertising budget.
Hey, you know that whole "hacking back", offensive countermeasures thing? Yeah, so a guy in Russia actually tried it as we know everything's legal in Russia, right? He set up a honeypot on one of his machines that loaded malware on your machine if you went to it. Ok, maybe that doesn't sound very nice, but the only way you could get into it is if you did some SQL injection on the box. So it's not like the people affected had innocent intentions.
If you're reading this far, you're probably a security practitioner to some degree and you're aware of ATM skimmers and give an extra look for them. But do you look anywhere else other than ATMs? Skimmers are starting to pop up in all kinds of credit card terminals from the local grocery store to taxis. So be aware and maybe just pay cash.
Other stories include farting on servers, dressing like a cyberwarrior, the return of Archer and Arrested Development, sniffing, scapy and getting the government to hire security professionals who may not exactly have a pristine past.
See you next week with Mandiant's CSO Richard Bejtlich!
Simon is a Mozilla Security Automation Engineer and ZAP Project Leader. He is also one of the founders of the OWASP Manchester chapter and the OWASP Data Exchange Format project. Simon is on to discuss OWASP's Zed Attack Proxy v2.0.0.
From the OWASP site: The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
Are you here to learn something about infosec? Well, you're in luck because this week you get even more. You even get Paul and Larry's beer trivia and find out who has the oldest trademark anywhere!
Can you guess the password on your first try? Of course you'd simply try the default password for the device, right? So would that be illegal to log in to that device and install software/malware? Of course it would be illegal, but it's still pretty neat that they were able to find approximately 1.2 million unprotected devices and turn about 420,000 of those into their botnet, which allowed them to scan the entire IPv4 address space in one hour. Also interestingly, this scan estimated that only about one-third of the IPv4 addresses are actually in use.
Along the same lines, Allison and Paul chatted about an article explaining how the botnet business is booming. One group is paying as much as $500 for 1,000 infections. Also discussed are the costs of a DDOS or 20,000 spam emails. Larry also pulls out $9 and some pocket lint wondering how many people he can spam with his resume.
Allison also brought up the Brian Krebs SWATing story and explains her own forays into this underground black-market subculture. Very interesting explanations of how easy it is to get enough personal information about someone in order to trick various businesses or services into helping the impersonator access their target's account.
NATO decided and published a report that they are justified in killing hackers. John offered his opinion on this that it makes sense. As war moves into new grounds and countries are using hackers to attack other countries, it makes sense that country is going to defend itself against this type of attacker.
Did you finally get your own 3D printer? Can you legally print out your own guns? Would that be legal? I would guess as long as you're the Vice-President and simply creating a double-barrel shotgun to scare people away, then it's all good. Maybe.
How's this for bottom-up economics? Larry tells us about a couple guys who owned a Subway sandwich shop and decided to get into the PIN pad business and eventually become a distributor to the parent Subway company. Except that these guys pre-installed remote admin access, and you can guess the rest.
Stick around 'til the end of the show for even more of Paul's beer trivia!
Jonathan leads the Microsoft Security Response Center Engineering team in investigating externally-reported security vulnerabilities and ensuring they are addressed appropriately via Microsoft's monthly security update process. Jonathan also acts as one of the engineering technical leads for the Microsoft company-wide Software Security Incident Response Process. The most important aspect of his work is helping customers find ways to reduce attack surface and protect themselves. Outside Microsoft work, Jonathan participates as a member of a reserve military unit helping to protect DoD networks and has written three-part "Gray Hat Hacking" book series.
Michael Farnum has worked with computers since he got a Kaypro II and an Apple IIc during his middle school years. Michael served in the US Army, where he drove, loaded, and gunned on the mighty M1A1 Abrams main battle tank (which is where he got his "m1a1vet" handle). Michael has worked at Accuvant as a solutions manager and is the founder of HouSecCon, THE Houston Security Conference, which will hold its 4th annual event in October.
Joe McCray is an Air Force Veteran and has been in IT security for over 10 years. His background includes both Network and Web Application penetration testing as well as incident response and forensics within the DoD and commercial sector.
Having a home lab is really key in our field. There always seems to be projects you want to work on that require a specific OS or software. You just need hardware at home, whether you are pen testing or doing security research. I grew tired of using laptops, and especially my own laptop. Having some low-cost servers will open up the possibilities.
Adrian joins the show to talk about his history in security, his co-creation of Derbycon, a primer into how he gets conference videos online so quickly and other tales of fun at conferences.
Joey Peloquin came on to talk about his recent findings with mobile security testing, and the platform he prefers, among iOS, Android and the new MS Surface. Plus, Paul and Larry are in studio to talk about the stories of the week.
Craig Heffner is a Vulnerability Researcher with Tactical Network Solutions in Columbia, MD. He has 6 years experience analyzing wireless and embedded systems and operates the devttys0 blog which is dedicated to embedded hacking topics. He has presented at events such as Blackhat and DEF CON and teaches embedded device exploitation courses.
Have you ever jumped on a random WiFi connection and you didn't know where it was coming from? Probably. Most people have. But if you're one of Josh Wright's neighbors, or even if he's sipping coffee at the local shop, you might want to be careful about which wireless connection you're jumping on. But if you start seeing images that are out of focus or getting a page that seems about five years out of date or even end up on kittenwars.com, Josh might be the one responsible. Or at least his VM. You can get it on his site http://neighbor.willhackforsushi.com/
Josh is also working on something great for BSides Rhode Island. Check out the video below and he'll explain it. But if you hate the long lines at places like Cheesecake Factory and those stupid little buzzers that notify you when your table is ready, Josh might have some help for that. But you'll need to be at BSides RI to hear about it.
As for the stories of the week, we had a little bit of a lean week. However jokes about Jack's balls, I mean bells, were frequent and fun. After all, it was Mardi Gras and Jack brought beads for the whole crew with the one stipulation that we had to keep out clothes on.
Did you know that on Monday, February 18 at 2 pm, Paul and John will hold a free webinar with SANS. Titled "Active Defense Harbinger Distribution - Defense is Cool Again" the guys will be talking about the new offensive security distro that was built by Black Hills Infosec's Ethan Robish and John Strand. It's free, so sign up at the link above.
As for some of the stories, we knew it was going to be a rough week when Paul showed us the 10 ways to reduce security headaches in a BYOD world and #1 was to secure your data. Ohhhhkayyy. Moving on.
Paul also played the audio from a news broadcast from out west where the zombie apocalypse has begun. It's like a modern day War of the Worlds where people were actually calling the police to see if the story was true.
Jack explained how Mega's KimDotCom (isn't it quite egotistical to just take your first name and stick "dotcom" after it? I mean, seriously) continues to show his brilliance. Where else can you get a solid, top to bottom pentest for only about 10,000 euros. He challenged anyone to hack his site and after a few bugs, he began paying up. Pretty smart.
One story that actually didn't get mentioned on the show but is in the show notes is a quote from Bit9 after their hack this week: "There is no easy answer to a world where there are sophisticated actors continuously targeting every company and individual and whose primary goal is to steal information, whether for profit, power or glory. This is not fear-mongering or hype--everyone in the security business knows this fact. This is the state of cybersecurity today, and we are all frustrated and angered by it." Isn't this exactly why security firms get paid? Because there are bad people out there looking to steal information? If those people didn't exist, then would Bit9 need to exist? That's biting the hand that feeds you.
That's it for this week. We'll be back next week on the usual day, Thursday, February 21 at 6 pm EST! Until then, stay calm and hack naked!
Ethan Robish is a researcher with Black Hills Information Security and is here to give us some of the background on a suite of tools for the Offensive Countermeasures class - Active Defense Harbinger Distribution. The Active Defense Harbinger Distribution (ADHD) is a Linux distro based on Ubuntu 12.04 LTS. It comes with many tools aimed at active defense preinstalled and configured. The purpose of this distribution is to aid defenders by giving them tools to "strike back" at the bad guys.
A lean week in episode 319's Drunken security news, but at least the house was full with PDC staff. With Paul, Larry, Allison and Jack in-studio and John and Carlos via Skype to fill us in on all the fun.
But first, make sure to not miss the other two segments from episode 319. First was 451 Research's Wendy Nather to talk with the team, and then Ethan Robish and John Strand came on to talk about a brand new distribution. If you like distributions like Samurai, Backtrack and others, you might be interested in this one. Titled ADHD (Active Defense Harbinger Distribution) this has been three years in the making and takes on offensive security with many of the tools you love.
As for the stories of the week, Paul started off with a couple quick hits, including a joke about the Federal Reserve hack and bugs in hospital embedded devices. Then follow along as Jack goes a long way to make a joke about prime numbers, after one of the largest only-divisible-by-one-and-itselfs was discovered.
The first story they dig into is one that Larry brought along, about SSL/TLS being broken. After some explanation on the Oracle padding issue and the use of the same key, John and Larry bring up Wright's Law (to be discussed in episode 320 on Tuesday). Larry wonders, who is working on fixing SSL and if there is someone with a fix today, it could take five years until it is fully implemented.
Do you need anything more than six seconds? Apparently if you use Vine for Twitter, that's all you'll need. It's a new video sharing service, but all you get is six seconds of video. And what happens on Vine stays on Vine, right? Umm, no.
What would you do if you were Adobe's CISO? Take the staff out to lunch? Quit? Or actually get things cleaned up. I guess at least they're not Sony.
Congratulations to Allison who is Gold GCIA certified after her paper on digital watermarking to help prevent leaks. You can read the entire thing in the SANS Reading Room.
Lastly, Larry drops an "I told you so" with regard to Universal Plug and Play (uPnP). As Larry wrote, now there is a single Packet UDP exploit for it, for almost every device - of which there are millions of devices connected to the internet based on HD Moore's scanning.
Oh and if your company is looking for their next great employee (or if you get a referral bonus) contact Larry with the opportunity.
Thug is a Python low-interaction honeyclient. All too often in Incident Response you have logs that indicate a client was exploited by an exploit kit and compromised, but retrieving a copy of the the applicable piece of malware is difficult. Thug is designed to mimic a vulnerable web browser and follow the exploit kit back to its malware.
But with all that in the books, the conversation quickly turn to porn, smut and "sextortion." Yup, this was the first time that word had ever been uttered on the Paul's Security Weekly, which required a visit to Urban Dictionary. As Allison noted, you can now get your very own sextortion coffee mugs, bumper stickers and magnets. The article described talks about how someone hacks into girls' computers (password guessing?), finds risqué photos and then uses those to get the girls to either send more pictures or go on video. Another man was recently charged with a similar crime where he'd talk to boys in IRC, get them to reveal themselves in a video chat where he'd then grab screenshots and use that against the victims. Lessons learned? If you are going to take a nude picture of yourself, DON'T INCLUDE YOUR FACE! But if push comes to shove, profit off it. As Paul said, it worked for the Kardashians and the Hiltons.
Did you know you're 182 times more likely to get malware on a news site than on a porn site?
China hacked the New York Times! Or did they? Wait, China did it? How in the world did a country of one billion people hack the NY Times. Isn't that the same thing as my blog getting hacked by the kid down the street and saying "The United States did it!" Maybe it was someone in China, maybe it was someone hired by Chinese government officials maybe it was someone who does things the same way that Chinese hackers have done it in the past. But as Allison and Jack noted, it's good that the Times is being so public with the situation.
As we begin adding more technology to embedded devices like televisions, we're not paying any additional attention to the security on them. Researchers are reporting having seen televisions and CCTV cameras pop up in their honeypots.
Paul talked about fifty million Universal Plug and Play network devices being open to packet attack. As he noted: "This is not a shock to me at all. UPnP is horrible, there just had to be a flaw in there somewhere. HD Moore found some, and turns out there are millions of vulnerable devices on the Internet. I am so happy to see this research come to light, it needs to happen. Free tools exist to check for the vulnerabilities, and details are forthcoming."
Speaking of forthcoming, the new version of Backtrack Linux is coming...
Oracle now cares about fixing the flaws in Java. Really? What could have possibly spurred this on? Maybe when the US Department of Homeland Security is telling everyone to stop using it? Maybe when they say they're patching the flaws and then a few minutes later, someone already has a new vulnerability for it? Good to know that this is what it takes for Oracle to finally care about security. Now imagine if such a company were involved in things like databases? Oh wait.
Wrapping this up with just a few more things. Paul talks about an XSS vulnerability in the VMware Management Interface. Free environment snapshots? Yes please!
Allison brings up the new law making it more illegal to jailbreak your mobile device if the carrier says you can not. But what about if you buy an unlocked phone for full price? That's ok, right?
Oh yeah, that grad student who was expelled from a Canadian university for telling them about their bad security practices? Well, it's actually a little worse. According to his expulsion letter, he was twice caught and admitted to using SQL injection to break into their informational systems. Yeah, that's a little more than just informing the school about their bad security practices, that's rubbing their nose in it. So lesson for the day, if you're paying someone thousands of dollars for a graduate degree, don't rub their nose in their bad security practices and expect to stick around.
Did you hear that Security BSides Rhode Island tickets are now on sale? Get them at http://bsidesri.eventbrite.com
Alissa Torres is a certified SANS Instructor and Incident Handler at Mandiant, finding evil on a daily basis. Alissa began her career in information security as a Communications Officer in the United States Marine Corps and is a graduate of University of Virginia and University of Maryland. She's on tonight to talk to us about Bulk Extractor.
Cisco responds to the WRT54GL Linksys router hack. They're working on a fix for people being able to remotely get a root shell, but their recommendation in the meantime? Only let friends use your router. Oh yeah, with friends like these...
Have you signed up for the SANS webinar titled "Uninstall Java? Realistic Recommendation? No. Insanity? Yes!" with John Strand, Paul Asadoorian and Eric Conrad? It's coming up, this Tuesday at 2 pm EST.
Do you have all the HTTP response codes memorized? Someone is proposing a new range of 700-level codes Some that might be helpful: HTTP 725: It Works On My Machine. And I fear how often the Security Weekly web server will return an HTTP 767. It simply reads "Drunk".
Former Dawson College graduate student, Ahmed Al-Khabaz, who was expelled for allegedly hacking the university's infrastructure, has received multiple job offers. The guys talks about the situation with a little more detail than is often reported. He found a vulnerability and reported it. So far, so good. But then a little while later, he pointed a scanner at the vulnerability that he found, presumably setting off alarms. Even worse, the noise from the scanner pointed back to him. Once he reported the vulnerability, what's he doing going back to it, and as "evil" Jack mentions, why didn't Al-Khabaz cover his tracks better when he switched his hat color? Nonetheless, lots of weirdness abounds in this story. The university overreacted (what?!? a university overreacted? never!) instead of using this as a learning opportunity. Plus, the student may have made some mistakes along the way, yet he comes out better for it. So is the lesson here to hack your way to a job? Is that what the universities are for? Umm, no. Never go after something that you don't have explicit, written permission to hack. Plus there's Paul's suggestion of punishment here, the student should have been required to work the help desk for three months. That's enough to teach anyone a good lesson.
Incident Response in 3.08 MB - Always nice to see folks, like our good friend and Stogie Geeks co-host Tim Mugherini, writing about tools that work. This product just sounds useful: The idea behind Carbon Black (CB) is to monitor code execution. A small Windows agent is deployed to each host throughout the enterprise. This agent hashes each process, monitors the sub processes, module loads, registry edits, file writes, and network connections. Digital signatures and the activity of each binary is stored on the CB server.
National Weather Service Hacked - In other news, snow storms are reported in Miami, earthquakes in the mid-west, and its been raining in San Diego for 3 weeks straight, but sunny and 75 in Seattle. CSRF and XSS strike again! The Importance of Security Awareness - User awareness is still kicking around, and everyone seems to have a different take. One thing we all agree on is that it leaves gaps, which is why you need other stuff to protect your organization. After exploring this topic, I am of the opinion that you need an awareness program. There are several companies providing this type of service, go seek them out, get a solution to educate your users that fits you, and your budget/ROI, and run with it. I firmly believe this is something everyone needs to have, just like a firewall or IDS (as lame as that sounds). Know how much return each defensive measure provides and use it accordingly.
Zero-day attacks last much longer than most would believe - This speaks to the huge problem we have with software security. On average, its takes 10 months to uncover a 0day vulnerability. Yikes, 10 months is a long time and a lotof damage will occur.
Pacemaker hacker says worm could possibly 'commit mass murder' | Computerworld Blogs - Barnaby Jack strikes again, in what could be a huge problem. This is something that has always bothered me, what happens when criminals take advantage of technology to damage people? Sure, many evil hacking groups launch DoS attacks and break into places like Sony. Thats the least of our worries, as when attacks can affect people's health and well-being on a mass scale, its a game changer. We've seen some car hacking stuff, but pacemakers hit the "heart" of the matter. The response seems to be as much diluted as it always has been, lots of finger pointing and disbelief.
Interview Dan Kuykendall
Dan manages NT OBJECTives’ software development and has an extensive background in web application development and security and is co-host of "An Information Security Place" Podcast.
How did you get your start in information security? We are seeing the proliferation of apps using JSON, AJAX, REST, etc. These apps have vulns that aren't being tested by scanners and people don't know how to test them, yet there are serious vulns there. What about HTML5, what are the new vulnerabilities and protections? How can we test them? What are the challenges, and solutions, for an automated scanner to overcome authentication? How do you handle technologies such as Flash? Which seems to have more vulnerabilities, in-house written apps, open-source or commercial? Or are they all even? What advice do you have for folks looking to acquire an application to solve a business problem? Scanners traditionally have trouble with certain vulnerabilities, which ones are the most problematic? Are people testing them by hand? If so, what can you do to be the most efficient? Scanners haven't really kept up with the application technology and the coverage gap is widening. Scanners need more application coverage. They will never cover all of the app, but they should cover more. What are your thoughts on that as pen testers? How do you balance manual and automated testing? Which vulnerability, with respects to web applications, goes unnoticed and unlatched the most? What training options are available for application developers? What advice do you have for folks who want to get started and learn how to test web applications for security?
Guest Tech Segment: Charlie Eriksen on Wordpress plugin security
In this technical segment, we will look at Charlie Eriksens research into Wordpress plugin security. By searching large amounts of code for code that is often insecurely written, it is possible to find a large amount of vulnerabilities in plugins running on thousands of Wordpress sites across the internet.
Stories
How Your #Naked Pictures Ended Up on the Internet The Security-Conscious Uncle - Yea, I'm talking about ATM card security. After reading this, and hearing my thoughts and views on Debit cards, I want to keep my money in my own safe. Banks make it so hard to keep your money secure. I don't want a Debit card, its a ridiculous concept that only benefits the bank. I want more than a 4-digit pin number too. My best advice is to only tie your ATM card to an account with a small amount of cash to limit damages, if your bank even allows you to do that. No homecoming queen vote if you don't wear RFID tag? - I'm sorry, I don't want to wear an RFID tag. Tracking students has gotten way out of control. I proved how you can clone RFID tags in a MA CCDC compition. So, students, if you want a lesson on how to become any one of your classmates, please come find me. Hacker wins $60 - Don't get me wrong, I think this is a good thing. The more we encourage legit folks to find vulnerabilities, the better. Firefox 16 pulled offline following security flaw find - Firefox is becoming the new IE! Mobile Brings a New Dimension to the Enterprise Risk Equation - I think I've solved the BYOD problem, just buy all employees brand new iPhone 5s, manage them with an MDM (like Apple Profile Manager) and everyone is happy. I think this comes down to giving the people what they want. Reporting Mistakes - I agree that we need to be forthcoming about where security has failed. I don't get First, talking about the exact way to exploit an 0day makes it easier for more people to exploit it. Learning of a 0Day exploit, and the details, gives us a fighting chance to defend ourselves. I think there has to be some quiet time if you want to involved the vendor, then you gotta tell people. It also depends on the nature of the 0day, maybe the vendor won't listen, or maybe its 0Day in the DNS protocol. James Bond's Dry Erase Marker: The Hotel PenTest Pen - SpiderLabs Anterior - This is just way too super cool, best usage of Arduino and Dry Erase marker EVER (maybe the only usage of the two together). HP Communities - CISO Concerns - Security vs. Usability - CISOs love to bat around terms like security, usability, compliance, affordability, ROI, etc... These are fine, in the right context, but lets not forget, you have the word security in your title, and at some level you have to prevent people from getting pwned. Sometimes I think we lose site of that.
Interview Daniel Suarez
Daemon and Freedom were fairly epic. How difficult was it to begin Kill Decision knowing that you had a gang of fans with such high expectations for your next book? Tell us about Kill Decision There was a fair amount of drone usage in FreedomTM). Was there a particular event or news story which inspired you to concentrate on drone warfare for Kill Decision? What was the germination like for Kill Decision? Was it formulated before or after Daemon and Freedom(TM) What kind of research did you do to get the drone hardware to be realistic in the book? In a recent interview, you indicated that technology was being siphoned out of high tech meccas into other parts of the world via both Globalization as well as good old fashioned Espionage. Do you think, at least for the US, we're past the point of no return when it comes to ensuring that we're not giving away our intellectual property when we farm out our manufacturing overseas? Similar to the above, one of the warnings in Freedom(TM) appeared to be that a nation has to safeguard its food sources - not to be complacent about the importance of being able to grow your own food to feed its citizens. Do you feel that the government is aware of this issue or that more needs to be done? Where do you see the future of drone warfare going? Since the book has been published, have you been given any additional information concerning how close we are to the reality seen in Kill Decision? There was one term which we're told gives a lot of writers "grief": making love. How tough was the love scene to write in Kill Decision? :)
Paul's Stories
A Guide To Network Vulnerability Management - Dark Reading - If you want the "training wheels" approach to vulnerability management, then you should read this article. However, the problem goes so much deeper, and this article doesn't even know what tool to use in order to scratch the surface. Sure, you gotta know what services are running on your systems, but it goes so much deeper than that. Environments, threats, systems and people all change, so howdo you keep up? How do you really find, and more importantly fix, the vulnerabilities in your environment?
Old Operating Systems Die Harder - Dark Reading - Okay, here is where you could make a lot of money. Create a company that can actually provide some real security to legacy operating systems. So many of our defenses fail if there is a vulnerability that doesn't have a patch. You can implement some security, but it doesn't really solve the true problem. Once an attacker is able to access the system, its game over. Unless, there is something that can really solve the problem, even thwart the exploit and/or shellcode. Technologies exist, but back-porting to legacy systems is not often done. And this is where we need the help.
Microsoft Disrupts ‘Nitol’ Botnet in Piracy Sweep - Microsoft takes down another botnet. Why is this news? Not-so-sure, as this should be the rule rather than the exception.
Blackhole Exploit Kit updates to 2.0 - Check this out, attackers are implementing security! Check this out, this exploit kit now sports: Dynamic URL generation, so there is no longer a standard URL pattern that could be used to identify the kit.IP blocking at the executable URL, so that AV companies can't just download your binary. This is meant to slow down AV detection. Use of Captcha in the admin panel login page, to prevent brute forcing unauthorized access. If legit defendersonly did all that, well, except for the CAPTCHA, which is useless.
Domino's Pizza says website hacked - One of the most useful things the Internet has ever given birth to, aside from access to free porn, is the ability to order pizza online. So back off! Oh, then there is this: "This is a very unfortunate event which has happened despite the security ecosystem that we have created around our online assets. Some security "ecosystem" you got there.
More SSL trouble - SSL is broken, again, Drink!
Apple unveils redesigned iPhone 5 with 4-inch display - I did not see any mention of improved security, but what a sexy device. Wireless now supports dual band n, which is awesome.
Google helps close 163 security vulnerabilities in iTunes - iTunes is a beast, I use it all the time and well at the end of the day its kind of a resource pig, but gets the job done. However, its pretty crappy software, tons of vulnerabilities, and new ones found by Google! Webkit was to blame for many...#Antivirus programs often poorly configured - New study finds AV is not configured correctly. No huge surprises there... Do weneed to make it easier to configure or are people just lazy or both?
Larry's stories
Who's your GoDaddy - [Larry] - Yup, GoDaddy dns was down for the count. This included their own authoritative DNS as well as for those for the hosted stuff. Of course, now folks are talking about DoS against root name servers, and OMG the sky is falling. Of course, a single Anonymous member took credit, and GoDaddy, said along the lines of "Ooops, we tripped on a cable and corrupted our routing tables". Who do you believe… In other notes, a leaf fell from a tree and an individual member from anonymous took credit.
What happens when your encryption is EOL-ed - [Larry] - Victorinox (the Swiss Army folks) are offering full refunds if you return the secure usb thumb drives. Why? As of September 15th the certificate will expire, and they have no intent on renewing and are stopping support for the software. If you don't get your data out of the encrypted volume before then, you'll allegedly lose it. So, what happens when we have something else like this that is significantly more mission critical, we have significant investment and no upgrade path. Choose wisely.
Judge rules WiFi Sniffing Legal - [Larry] - Basically it boils down that is you have an open network and the data is in the clear, you should be able to sniff it. Don't want someone to sniff it? Encrypt it - and yes, WEP would be sufficient for word of law here. So, why did the judge rule this way? Wireless is a shared medium. If you are not allowed to sniff traffic that is not destined to you, then how are you able to determine that the traffic on said network is destined for you? Ruling against it would make all WiFi networks illegal, just by nature of the technology.
ACTUAL Stego in the wild for "legitimate purpose" - [Larry] - I just put this story in for Darren to bust John's stones. But, it appears that Blizzard has been embedding information about the user via stegonaography into screenshots taken by the WoW clients.
Jack's Ruminations
Half of all Androids have Vulns? Also, water is wet. I'm surprised at this, I would have expected much higher. Android phones are at the mercy of their carriers for updates. And carriers are not noted for their mercy.
Chip and Pin, er, PWN Chip and pin research shows that this bandage for the fundamentally obsolete and insecure payment card systems. The EMV protocol has crypto issues, as in "programmers may not be using cryptographic random number generator algorithms to create UNs, and instead may be using counters, timestamps or homegrown algorithms that are not so random."
New FBI Facial Recognition program what could possibly go wrong? From the article "nabbing crooks after a crime is only part of the appeal. The technology also foreshadows upcoming security enhancements that will stop many offenses before they start". That "before they start" bit sounds pretty damned scary to me.
Interview with Jason Lam
Jason is the head of global threat management at a major financial institution based in Canada. Jason specializes in Web application security, and shares his research findings and experiences by teaching at the SANS Institute. His recent SANS courseware development includes Defending Web Application Security Essentials and Web Application Pen Testing Hands-On Immersion.
How did you get your start in information security? Tell us something no one knows about Defending Web Apps...
Show Notes: http://securityweekly.com/wiki/index.php/Episode301
Answers to Allison's Puzzle Contest, Paul's Stories:
100,000 Vulnerabilities - Security vulnerabilities measured in numbers is sometimes a scary thing. At some level there you can prove strength or weakness in numbers. If you count vulnerabilities, for better or worse, how are you qualifying them? Severity? Exploitability? Ubiquity? All those things, and more, can impact your view on the matter, in fact it can make it matter, or not. The point being, try not to play the numbers game. There is a "shit ton" of vulnerabilities out there, and what we do to prevent them from happening in the first place and how we deal with them in the real world is what matters.
Schneier on Security: CSOs/CISOs Wanted: Cloud Security Questions - This is one topic which we did not debate, that is the cloud. I think, like security vs. obscurity, its a simple solution on the surface. For example, if you care about your data, don't store it in the cloud. Similarly, if you care about the security of anything, don't just obscure it, secure it. Wow, that sounds even cheesier than I thought. Secret account in mission-critical router opens power plants to tampering | Ars Technica - This speaks to the continued lack of awareness in device manufacturers when it comes to security. I'm baffled that they have not solved the problem. The common problems they have, such as easily exploitable vulnerabilities, are easy to fix. It requires two things: Awarenesss training for developers and QA (ala Rugged/DevOps) and regular security assessments. In the grand scheme of things, it doesn't cost all that much. In the end, you produce a better product. Hopefully the market has changed, and customers value security as one component of a great product. Or maybe I live in a dream world...
The Social-Engineer Toolkit (SET) v3.7 Street Cred has been released. « - Java 0-Day is in SET. Coupled with the other Java payloads, this ensures your phishing success. On the defense side, I disagree with everyone saying "Disable Java" or "Disable Flash". There is going to be users that require this technology. Those are the users we will target. Sure, it reduces your attack surface, and that does help. But I believe what people miss the boat is just how deep "security" needs to go. Its more than layers. Its more than awareness and technology. Its about doing all sorts of things to keep your organization resilient to attacks, and having a plan to deal with successful attacks and minimize damage.
Cracking Story – How I Cracked Over 122 Million SHA1 and MD5 Hashed Passwords « Thireus' Bl0g - Nice crack...ing.
BYOD creates generation of workaholics - Saying that BYOD adds 20 hours to your work week is ridiculous. How much work can you really get done on your smartphone? If your spending that much time in email or some such thing, you need to re-evaluate your strategy. Devices and technology should make you more productive or your doing it wrong. However, it does increase the threat landscape.
3 security mistakes your management is making now - I have to say, and this usually never happens, I agree with Roger, at least on the first point of testing vendor products. I think a lot of people get this wrong. It goes deeper than what Roger stated. Sure, you should test out products before you buy them, and even use them on real production networks. Also, you have to understand your problems, develop requirements, and research the right way to test, install and configure the said products. Many don't do this and end up with the wrong products for the wrong reasons. Along these lines, products that work for others may not work for you, so don't put too much stake in what works for others. I also agree that priorities couldn't be more wrong. Attacker are successfully phishing you, so lets buy an IPS and firewall. WTF? The whole thing about "drift" is bit puzzling, but I think it just needs better clarification. Configuration management is important. The first thing most do wrong is never define a secure configuration. If you've made it that far, most don't do much to keep the systems in a secure state. The toughest organizations to break into are ones that have a secure config and work to keep systems that way.
[papers - How to Use PyDbg as a Powerful Multitasking Debugger] - Love the Python debugger, just sayin'.
Interview with Marc Maiffret
Marc Maiffret is the Chief Technology Officer at BeyondTrust, a leading vulnerability and compliance management company, and was a co-founder of eEye Digital Security.
How did you get your start in information security? Tell us about your work at eEye and your work in the early days there. Back in 2007, you left eEye to start work on a mobile phone application - what would do you think is needed in the Mobile arena now that is NOT security related? What research do you think needs to be done that no one is doing now?
Hack your Car with CANBUS
A little into in a few minutes. yes, as implied, it is a BUS and you can gain access to it from the ODB-II port. Think a hub. All messages on a segment go to all devices on the segment. Messages can be filtered with a gateway (think firewall) between various busses, which may or may not be exposed at the ODB-II port. A little bit different from networks that we are familliar with. First off, the message do not have source field, but do have a destination in the form of a one byte arbitration ID, these arbitration IDs also indicate priority - the lower the Arbitration ID destination, the higher priority the message. So the ArbID 0 would be processed prior to 73febeef. Now, each message is sent to the bus with an ArbID, and each device LISTENS for specific ArbIDs that is concerned about. With that, Gateways can pass specific messages, and each Device can look for multiple messages. Oh, those messages? Either 11 or 29 bytes, so fairly easy to fuzz.
Guests: Ed Skoudis, Alex Horan, Ron Gula, Weasel
Once upon a time a big bad pen tester gets a contract with 3 little pigs, Inc. On the first test, he huffs, and he puffs and blows down the network made of straw. On the next test, you build it out of sticks, and you get the same result (everyone now, he huffs and he puffs and he…). On the next test, you build your network out of bricks, and the big bad pen tester shows up with a wrecking ball, knocks down the house and presents you with an invoice.
(strange sci-fi sound)
In a parallel universe, the big bad pen tester contracts with 3 little pigs inc. The first test the straw house gets knocked down rather fast. But 3 little pigs Inc. gets a report outlining the weaknesses in construction along with recommendations for improvement. The knocking down of the house was a mere simulation, and they are given an opportunity to add a layer to the network, of sticks. The next test the big pad pen tester has to huff and puff, and huff and puff again, simulating another network destruction. No harm is really done, so the process repeats, until a wall of bricks is built. Now the only big bad person able to get through has to really work at it, too much huffing and puffing, and decides to go rob the three little bears instead, using their APT, and eating their IP. First question for the group, 3-5 minutes each, is penetration testing worth it, why or why not?
What benefits to you receive from a "good" penetration test and what are the qualities of a "good" penetration test? If someone were to give you a "penetration test", then run a couple of automated tools and provide the stock report, is this a bad thing in all cases? If we don't test our defenses in a controlled experiment, how do we really know they work? Lets say a penetration tester is conducting an internal penetration test, and finds out quickly that more than 50 servers have missing patches for vulnerabilities that lead to a reliable shell. What is the benefit of the penetration test from this point?
Automating Wifi Attacks by John Strand - In this Tech Segment we will talk about one of the easiest ways to create an evil access point to steal credentials. We will be using the very cool utility called easy-creds.
PFSense for pentesters - We use PFSense every day and love it. I also love the nice red Alix box that we built. After using it day to day, we've found that it is great, and has a few things that drive us nuts. Specifically, when you put two guys behind that doing two pentests or vuln scans, the box just cant stand up unless properly configured. We're gonna to install it on a real PC. This PC we happened to pull from the trash, and is some 64bit AMD system with 2 gig of ram. Total cost? Free. It is probably way more horses than we need for this situation, but is is what we got.
Guests: Wendy Nather, Iftach Amit, David Mortman, Dan Crowley, RSnake, David Maynor
"We have a firewall". "All of our systems use Anti-Virus software" "We've implemented the latest web application firewalls and intrusion prevent systems" "We have a patching cycle, weekly maintenance windows and a 30-day patch turn-around" These are things we've all heard before. These are things I often hear right before we are about to start a penetration testing. Depending on how you define success, these things do little to stop attackers.
What are we doing wrong when it comes to defense? What is the number one thing that organizations miss when it comes to defense? Should we even bother, and just know that a certain percentage of attackers will be successful? Can't we just do the easy and cheap security "things" and get by as long as we don't get owned as badly as our competition?
Data Mining ETW - In this technical segment we will look at how to tap into the vast amounts of data logged by Windows Communication Foundation (WCF) and fed to Event Tracing for Windows (ETW). ETW Provider will sometimes log information excesive amounts of information giving an attacker access to sensitive data. By tapping into these otherwise silent logging mechnisms an attacker can find all kinds of useful information.
AWESIEM - After years of making security databases, I realized that Security Information doesn't match up to the way databases have to be normalized - I started looking at Ontology languages and triple stores instead to store security info, and am now working on an app framework to write security apps using an ontology storage backend, it's called AWESIEM. Here's my intro on how to use ontologies for infosec knowledge.
Jonathan Cran is the CTO of Pwnie Express. Previously, he built and ran the quality assurance program for Metasploit, where he focused on automated testing, bug smashing and release engineering. He blogs at Pentestify.com.
How do you intercept HTTP or HTTPS traffic from an application other than a browser? We have seen this on a number of different penetration tests in the past few months and thought we should talk a bit about one of our favorite tools for the task, fiddler.
Zach Lanier's Awesome Tech Segment - Reverse Engineering Blackberry Playbook Firmware:
Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our YouTube Channel or our Bliptv channel.
Alex Horan & Mife Yaffe Discussion:
Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our YouTube Channel or our Bliptv channel.
Drunken Security News #286:
Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our YouTube Channel or our Bliptv channel.
Nick Farr Interview:
Drunken Security News #285:
Episode Hosts:
Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our YouTube Channel or our Bliptv channel.
Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our YouTube Channel or our Bliptv channel.
Martin Bos Interview:
Password Auditing with Nessus & Metasploit:
Drunken Security News #284:
Episode Hosts:
The real story behind Goatse:
Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our YouTube Channel or our Bliptv channel.
Gene Kim Interview:Episode 283 - Part 1 with Gene Kim - Direct Audio Download (mp3)
Episode 283 - Part 2 with Goatse - Direct Audio Download (mp3)
Episode Hosts:
Alan Paller comes on the show to tell us how to give great presentations, moderate panels, influence the youth of America, and how to get involved with CyberQuest, a program for college students in information security!
Episode Hosts:
Dan Geer comes on the show to talk about security, metrics, APT, breaches, and more!
Episode Hosts:
Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our YouTube Channel or our Bliptv channel.
Episode 281 Featuring Paul, John, and an awesome small crowd of fans at SANS 2012!
Video Feeds:Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our YouTube Channel or our Bliptv channel.
Episode 280 Featuring Raphael Mudge:
Episode 280 - Direct Audio Download (mp3)
Episode Hosts:
Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our YouTube Channel or our Bliptv channel.
Jeremiah Grossman Interview:
Video coming soon…
Drunken Security News Weekly #278:
Video coming soon...
Episode 278 - Direct Audio Download (mp3)
Episode Hosts:
Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our YouTube Channel or our Bliptv channel.
Adam Shostack Interview:
Drunken Security News Weekly #277:
Episode 277 - Direct Audio Download (mp3)
Episode Hosts:
Drunken Security News Weekly - #276:
Episode Hosts:
Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our Bliptv channel.
Audio Feeds: Video Feeds:Joe Stewart on Malware Analysis:
UPnP Hacking with Backtrack 5 & Python:
Episode Hosts:
Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our Bliptv channel.
Video Feeds:Dave Kennedy and SET - The Social Engineering Toolkit (And Derbycon stuff):
Dave gives the best man-hugs.
Drunken Security News Weekly - #274:
The latest in the security world, from the drunken people you trust!
Episode Hosts:
Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our Bliptv channel.
Video Feeds:HD Moore on Metasploit new features and changes and other cool stuff:
HD Moore is my hero.
Episode 274 - Part 1 - Direct Audio Download
Episode Hosts:
Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our Bliptv channel.
Video Feeds:Building Your Own pfSense Wireless Access Point:
Use off-the-shelf parts and open source software to build your very own robust access point!
Drunken Security News Weekly - #273:
The latest in the security world, from the drunken people you trust!
Episode 273 - Part 1 - Direct Audio Download
Episode 273 - Part 2 - Direct Audio Download
Episode Hosts:
Framing in Social Engineering - Chris Hadnagy:
Use Framing to be more successful in Social Engineering
Episode Hosts:
Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our Bliptv channel.
Video Feeds:Bruce Schneier comes on the show to discuss security, privacy, and his new book "Liars and Outliers":
Bruce Schneier Interview - Episode 272 - Part 1
Robin "Digininja" Wood talks about "zonetransfer.me":
Robin Wood on DNS Zone Transfer Testing - Episode 272 - Part 2
Drunken Security News Segment (Cut short due to Ustream problems):
Drunken Security News - Episode 272 - Part 3
Drunken Security News Segment:
Jason Fossen:
Tim Medin on Smart Ways To Crack Password Hashes:
Drunken Security News Segment:
Episode 270 - Direct Audio Download
Episode Hosts:
Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our Bliptv channel.
Video Feeds:Paul and Jack try to hold things together for the stories of the week, and fail:
Episode 269 Part 1- Direct Audio Download
Episode 269 Part 2- Direct Audio Download
Episode Hosts:
Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our Bliptv channel.
Audio Feeds: Video Feeds:Katie Moussouris, leader of the Security Community Outreach and Strategy team at Microsoft:
Video for this segment was missing some audio and video was out of sync, apologies to our viewers!John Strand does a Tech Segment on CSRF:
Episode 269 Part 1- Direct Audio Download
Episode 269 Part 2- Direct Audio Download
Episode Hosts:
Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our Bliptv channel.
Audio Feeds: Video Feeds:Paul, Larry, and Jack talk about the stories for the week:
Episode 268 - Direct Audio Download
Episode Hosts:
Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our Bliptv channel.
Audio Feeds: Video Feeds:Scott Moulton on hard drive forensics:
Core Security Technologies research team tell us about bypassing the OS X sandbox:
Episode 268 - Direct Audio Download
Episode Hosts:
Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our Bliptv channel.
Video Feeds:Simple Nomad talks "APT", and Chris Pogue talks "Sniper Forensics":
Episode 267 - Simple Nomad, Chris Pogue - Direct Audio Download
Episode Hosts:
Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Nite episodes on our Bliptv channel.
Video Feeds:Interview with Jeff Moss:
Interview with Kevin Mitnick:
Part 3 - Interview with Ron Gula:
Part 2 - Interview with Marcus Ranum
Part 2 - Drunken Security News:
Part 1 - Interview with Mike Poor and Tom Liston:
Part 3 - Drunken Security News for the Week:
Part 2 - Interview with Rich Perkins and Mike Tassey on DIY UAVs:
Part 1 - Interview with Dave Porcello, CEO of Pwnie Express:
The crew talks about the stories for the week!
Episode 262 Part 2 Direct Audio Download
Episode Hosts:
Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.
Video Feeds:Charlie Miller, pwn2own champion, Interview:
Alessandro Acquisti Interview:
Episode 262 Part 1 Direct Audio Download
Episode Hosts:
Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.
Video Feeds:Brian Kennish on Facebook Privacy:
Paul and Jack bat around the stories for the week:
Episode 261 Direct Audio Download
Episode Hosts:
Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.
Video Feeds:Paul, Darren, and Jack bat around the stories for the week:
Episode 260 Part 2 Direct Audio Download
Episode Hosts:
Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.
Video Feeds:Jennifer Granick Interview:
Raphael Mudge, author of Armitage, a front-end tool for Metasploit:
Episode 260 Part 1 Direct Audio Download
Episode Hosts:
Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.
Video Feeds:Drunken Security News:
Episode 259 Part 2 Direct Audio Download
Episode Hosts:
Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.
Video Feeds:Dino Dai Zovi Interview:
Elie Bursztein talks about An Analysis of Private Browsing Modes in Modern Browsers:
Episode 259 Part 1 Direct Audio Download
Episode Hosts:
Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.
Video Feeds:Paul, Larry, Jack, and the gang talks about the latest news for the week, including APT, cyber criminals, SSL, and how to pick a good password (Just kidding, we actually did talk about stuff that you may care about):
Episode 258 Part 2 Direct Audio Download
Episode Hosts:
Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.
Video Feeds:Alex Hutton Interview:
Chris Greer - The Commoditization of Malware Distribution:
Episode 258 Part 1 Direct Audio Download
Episode Hosts:
Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.
Video Feeds:Drunken Security News for episode 257 features SSL certs gone wild, attacking the PHY layer, undercovering social media, and more!:
Episode 257 Part 2 Direct Audio Download
Episode Hosts:
Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.
Video Feeds:In this episode's first part we interview Don Bailey on Hacking Cars with "War Texting":
Then onto Hacking Prisons with John Strauchs, Tiffany Rad, & Teague Newman:
We also talk about "Sneakers"!
Episode 257 Part 1 Direct Audio Download
Episode Hosts:
Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.
Video Feeds:In Part 2 we discuss Apache DoS, HP problems, UPnP hacking tool, no black and white security, customizing Nessus scanners, Paul agrees with Gartner, Senior moments with Jack Daniel
Episode 256 Part 2 Direct Audio Download
Episode Hosts:
Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.
Video Feeds:Mark Russinovich is a Technical Fellow in Windows Azure, Microsoft's cloud operating system group. He was a cofounder of software producers Winternals before it was acquired by Microsoft in 2006 and is author of the high tech thriller Zero Day: A Novel. We interview Mark in this segment, and kill some bugs:
Episode 256 Part 1 Direct Audio Download
Episode Hosts:
Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.
Video Feeds:Live from the Security Weekly out door studios, Paul, Darren, Ian, and Carlos are joined by "Thor", Martin Mckeay, and Josh Corman! What a line-up! We talk passwords, PCI, things most people do wrong when it comes to security, and more!
Episode 255 Part 2 Direct Audio Download
Episode Hosts:
Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.
Video Feeds:In Part 1 we interview Timothy "Thor" Mullen. As Johnny Long says: "Most recognize Thor as the Norse god of thunder with massive powers of destruction. Few realize that he was also the god of restoration. Likewise, his namesake, Timothy "Thor" Mullen, has spent his entire adult life both destroying and restoring Microsoft-based security systems. Thor's Microsoft Security Bible conveys the wisdom and expertise of the industry legend that has defined the bleeding edge of Microsoft security for over twenty years. I highly recommend this book."
Episode 255 Part 1 Direct Audio Download
Episode Hosts:
Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.
Video Feeds:In Part 2 of this episode we hear from more the fine folks of Trustwave's Spider labs and are amazed by:
Traps of Gold with Andrew Wilson:
Then we attempt to do the drunken stories of the week and reveal the special "adult" guests to our booth at Defcon:
Episode 254 Part 2 Direct Audio Download
Episode Hosts:
Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.
Video Feeds:In this episode we hear from the fine folks of Trustwave's Spider labs. They appear on the show to give three, that's right, three special technical segments on various topics. In part 1 we are astounded by:
Amazingly True Stories from Real Penetration Tests:
We also hear from our good friend Dan Crowley on cryptographic Oracles:
Episode 254 Part 1 Direct Audio Download
Episode Hosts:
Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.
Video Feeds:Paul, Larry, Jack, and Nick Selby talk about the stories for the week! Including hacking cars, mod_security challenge results, router pwn web sites, drug smuggling.
All the Paul's Security Weekly episodes on our Bliptv archives.
In part 1 we interview Nick Selby, a newly minted police officer of the Dallas-Fort Worth area. He was formerly an information security analyst and consultant for nine years, and worked in physical security and intelligence consulting in various roles since 1993 and was a travel writer for European destinations in a previous life.
Episode 253 Part 1 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
In this episode we interview Matt Yoder! Matt is a lover of fine pens and paper, and a pencrafter. He has also spent time, in multiple stints, performing direct security consulting, including assessment and auditing, security systems support, and firewall deployment. He currently spends his days, and earns something resembling an income, assisting with server administration for a major University in the midwest, which prefers to go unnamed. (Due to audio problems we are unable to release the video, sorry about that!)
Then we discuss How wide open is your voicemail, the rise of security monkeys, rent-a-laptop, orange cartoon octopus virus, stroke development, a hacking epidemic, attacking small firms during the drunken security news segment:
Episode 252 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Hosts: Paul Asadoorian,Carlos Perez, John Strand, & Jack Daniel
David Kennedy, Jim O'Gorman, Devon Kearns, join us to talk about their new book! (Mati Aharoni is also an author but could not make it). "...while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Tester's Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors."
Drunken security news, including: Hacking femtocell, Wifi hacker sent to jail, losing your phone at the airport, RIP Win XP, long live "Hef", binary C&C over HTTP, fresh PuTTY, Loki explained, RFID bootable distro, process injection, shoulder surfing FTW.
Episode 251 Part 2 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
In part 1 we interview Claudio Criscione a security test engineer at Google. Before joining the company in 2011, Claudio was a penetration tester for most of his career, assessing the security of large infrastructures as well as holding roles in webapp and virtualization security.
Video of the interview with Claudio:
Episode 251 Part 1 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Part 2 of episode 250 was a wild ride! Our friends, including Caitlin Johansen from Core Security, Bill and Trent from i-hacked, and Dave "I give big hugs" Kennedy join us to reflect on the past 250 epsiodes of SecurityWeekly:
"What I Learned on SecurityWeekly"
"Top Ten Things I Learned on SecurityWeekly"
Then, we get really drunk and talk about security news:
Episode 250 part 2 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Sorry for the long delay! Our new production system is still in process, and you will see episodes released more timely. Our 250th episode was extremely special, featuring Randal Schwartz, and a host of good friends and familiar faces!
In part 1 we interview Randal Schwartz:
Episode 250 part 1 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Episode 249 part 2 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Episode 249 part 1 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Episode 248 part 2 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Episode 248 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Peter Zerechak the creator of the upcoming doucmentary CODE: 2600 a look at the hacker community, joins us for a discussion on his work filming and what kind of a film he wanted to make.
Watch the blip.tv video for a special 10 min trailer that was made for the Paul's Security Weekly episode. We do have a fine tech segment from Tim Thomes (LaNMaSteR53) and using Google to brute force subdomains. Of course we also have security news and review of this week in the blog..Episode 247 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Episode 246 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Episode 245 part 2 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Episode 245 part 1 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Episode 244 part 2 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Episode 244 part 1 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Episode 243 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Paul, Larry, and Carlos tell us how to use Nmap to perform stealthy host and service discovery on a network:
Drunken security news style:
Episode 242 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Andrew Case discusses de-anonymizing Live CDs using analysis of the memory
Then better than last week we have security news from the week only half drunk... Larry is sick at home but at least he has skype.
Episode 241 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Welcome to episode 240...
Here we have a tech segment on Web Labyrinth While it was a quiet week we drink and do the news anyway.Episode 240 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Adrian "IronGeek" Crenshaw talks about his violation and penetration with his USB stick.
Then Security news... drunken style... cause there really is no other way.
Episode 239 part 2 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Episode 239 part 1 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Here is our fabulous 238th episode.
Random dude (Chris Palmer) from the EFF tells us its time to fix SSL its done broken. Ryan Barnett drops us into a XSS street fight. And of course drunken idiots discussing news stories from the week. Our best advice in stories is to burry it deep.Episode 238 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Then we talk about some security news from the week.
Episode 237 part 2 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Episode 237 part 1 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Fully packed show! Chris Nickerson and Eric Smith come on to talk about PTES, the new standard to executing penetration tests. Kevin Fiscus does an interview about risk management, helping customers, and more! Bugbear does a technical segment that will make you think twice about timestomping (NTFS MFT FTW), and the crew talks stories, including RSA, Comodo, and more!
Episode 236 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Episode 235 part 2 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
OSSTMM Creator Peter Herzog is interviewed to share his thoughts and work in the security field... and all the way from across the pond.
Episode 235 part 1 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Paul's Security Weekly from the Mid-Atlantic Collegiate Cyber Defense Competition for 2011. Where they discuss cyber defense of cyber assets by being a cyber warrior to fight the cyber criminals and the cyber thieves. Then we have a cyber podcast where we discuss some cyber news about cyber events all over the cyber sphere. So join cyber Paul, cyber Larry, Cyber John, Cyber Carlos, and last and certainly not least Intern Cyber for this cyberific podcast.
Episode 234 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Episode 233 part 2 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Pretty sad to represent Sharon on the show, who has a beautiful voice by the way... we have an image of who else.. JOHN STRAND everyone.
Episode 233 part 1 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Then some chuckleheads discuss stories from the week.
Episode 232 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Surbo and hevensnt join us from the land of Kansas to give us the scoop on hacking Evite. Also why they think that hackers are a bit out of shape and what they are doing about it. It involves running... nothing chasing you just running for... get this... FUN!!
Then we discuss some stories for the week with a Cheap Trick lead in.
Episode 231 part 2 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Episode 231 part 1 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
a special thanks to Paul Joyal for letting us take over his cigar lounge for this episode.
Episode 230 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
a special thanks to Paul's beer fridge... or the contents of said fridge.
Episode 229 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Thanks to the EFF representative that was trying to go home but gave us a few moments of her time.
Episode 228 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Father John Strand gives tonights technical segment on a tool called WebLabyrinth writen by Ben Jackson with Mahemic Labs. This the fine David Bowie picture... Paul is a HUGE David Bowie fan.
Sorry for the static pictures but we had internet issues that prevented a proper video recording of this episode. Paul love his ISP.
Episode 227 part 2 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Episode 227 part 1 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Episode 226 part 2 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Scott Ullrich & Warren Baker lovers of freedom free software OpenBSD and they know a thing or two about pfSense open source firewall. These two join us to discuss their work on the pfSense project how it came to be and why. Also what the future holds for this great product.
DISCLAMER: This is not a duplicate just for some reason for two weeks now John Strand is what blip.tv has chosen as the frame to represent the entire video. This only means I need to do a better job of finding pictures of John to use during the recordings. At least he is hot... really hot.. I want to touch him, but interns are not allowed with in 15 feet of him.
Episode 226 part 1 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Episode 225 part 2 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Episode 225 part 1 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
And hot on the heels of part 1 we give you part 2. Just us continuing to make your holiday the cheeriest on record. This one best served with the adult egg nog... and LOTS of it.
Episode 224 part 2 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
On episode 224 we gift wrap for you Mr. Daily Dave Aitel,and one of the master minds at Immunity. So lets download... throw another Yule log onto the fire... what ever that is, and enjoy our soothing voices this holiday season.
Episode 224 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Here we are back at At the Mr.J's Havana shop we talk cigars, Armitage GUI front end for Metasploit and how to launch a hail mary. WE have this News and more with Paul, Larry, John, Carlos, and Dan King.
Episode 223 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Live from Ron Gula's pool house!
There is actually a dead drop in the bottom of Ron's pool.
Episode 222 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Hosts: Paul Asadoorian,Larry Pesce, Carlos Perez, Dennis Brown
Xavier Mertens and Sebastien "FireSt0rm" Jeanquier join us to talk tech: Single Packet Authentication, URL shortening data leaks, Facebook password cracking and more!
Episode 221 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Episode 220 Part 2 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Episode 220 Part 1 Direct Audio Download
All the Paul's Security Weekly episodes on our Bliptv archives.
Episode 219 Part 2 Direct Audio Download
Episode 219 Part 1 Direct Audio Download
Lars Ewe with Cenzic discusses Web Application security and then stories for this week
Episode 218 Part 2 Direct Audio Download
Bruce Potter comes on the show to talk about Shmoocon 2011, and Paul does a technical segment on Nessus reporting!
Episode 218 Part 1 Direct Audio Download
Episode 217 Show Notes Episode 217 part 1 Direct Audio Download
Hosts: Paul Asadoorian,John Strand,Larry Pesce,Carlos Perez Audio Feeds:
IDS / IPS theme continues with a tech segment from "the Other guy" proving he is not just another pretty face on the podcast. Then Dlink DCC bypass made simple by Paul. Of course stories, and we all LOVE stories.
Episode 217 part 2 Direct Audio Download
Security Weekly YouTube Channel.
We work really hard at eliminating the PG rated part 1 to something that family members should not download. We have a couple of tech segments and some stories for you in here somewhere. You can find video of our tech segments in our YouTube channel at Security Weekly YouTube Channel.
The Three Amigos are back for part deux.
Episode 216 part 2 Direct Audio Download
Hosts: Paul Asadoorian,John Strand,Larry Pesce,Carlos Perez
Audio Feeds:Mati "Muts" Aharoni & Chris "l0gan" Hadnagy help us heathens keep the first part of the podcast PG. But only the first part. So to their families this is the ONLY part you should ever download.
Welcome to the new basement recording studio and watch the intern run video and the sound board.
Episode 216 part 1 Direct Audio Download
Live from Mr. J's Havana Smoke Shop! Special guest Josh Corman.
Video recorded on October 14, if you can see us through the clouds of smoke
Hosts: Paul Asadoorian,Larry 'Haxorthematrix' Pesce, Carlos "Dark Operator" Perez
Hosts: Paul Asadoorian,Larry 'Haxorthematrix' Pesce, Carlos "Dark Operator" Perez
After Carlos does the tech segment, this episode is not intended for human consumption.
Episode 208 Part 2 - Direct Audio DownloadIn part 1 of this episode we have "The Dan Kaminskies"!
Episode 208 Part 1 - Direct Audio Download
Hosts: Paul Asadoorian,John Strand
Hosts: Paul Asadoorian,John Strand
* Still more audio fail... it will be better once the new studio is complete!
Dennis Brown explains that Kismet for the QuahogCon badges is out and how he used the new release to mimic parts of the Ninja Networks DefCon18 Ninja party badges. The hosts also discuss stories for this week. Episode 206 - Direct Audio DownloadHosts: Paul Asadoorian,John Strand
Our sincerest condolences go out to the friends and family of Mathew Shoemaker of the Infosec Daily Podcast. He will be missed for sure. We will dedicate a special episode to Matthew later this week.
Paul and John shoot the breeze on a lazy summer night and talk about Linux honeyports, vulnerability scanning vs. penetration testing, IPv6 host discovery, and attacking consumer devices.
* Sorry for the audio lag and weirdness it will be better once the new studio is complete!
Plane ticket to Las Vegas: $500. Admission ticket to Defcon $140. Hotel room: $99/night. Admission to exclusive Ninja Networks party: $0. Passing out at party, getting your face written on, and having your picture taken with darktangent and others: Priceless.
Episode 204 - Direct Audio Download
Hosts: Paul Asadoorian,John Strand
John & Paul get busy wit' it and do the humpty dance. Featuring Alex Lanstein from Fireeye.
Yes, Larry gets another mohawk at Defcon, proving well, you can get a mohawk at Defcon
Episode 203 - Direct Audio Download
Hosts: Paul Asadoorian,John Strand
Part 2: Come get all warm and fuzzy with the PDC crew... don't worry its soft. I was talking about WFuzz... We also discuss a few stories from the week too.
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Last minute vulnerability disclosure debate, and a bunch of fun stories including 10 things that we'd like to hack (including your blender)
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Episode 200 Show Notes Episode 200 all day podcast in support of hackersforcharity.org.
FINAL: In the last release from 200 Sonny Crocket joins us as we discuss ZigBee, Linux hardening and Stories from the week.
Remember its never to little or to late to donate to Johnny Long's hackers for charity.Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Episode 200 Show Notes Episode 200 all day podcast in support of hackersforcharity.org.
Part 6: HD Moore joins us to discuss a small project he has been working on... MetaSploit!!!
Remember its never to little or to late to donate to Johnny Long's hackers for charity.Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Episode 200 Show Notes HISTORIC Episode 200 all day podcast in support of hackersforcharity.org.
Part 5: Retired competitive food eater and lover of the entire snuggy product line, Dennis Brown joins us to discuss how easy it is to get a hold of your very own Zeus botnet. Learn how much a few grand gets you, and what functionality.
Remember its never to little or to late to donate to Johnny Long's hackers for charity.Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Episode 200 Show Notes HISTORIC Episode 200 all day podcast in support of hackersforcharity.org.
Part 4: Paul Joyal from, Mr. J's Havana shop in West Warwick, RI, joins us to go a bit off topic and talk about cigars. So light up your favorite stick and sit back and enjoy something NOT security related.
Remember its never to little or to late to donate to Johnny Long's hackers for charity.
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Episode 200 Show Notes HISTORIC Episode 200 all day podcast in support of hackersforcharity.org.
Part 3: Ron from Tenable Security and Anthony from Core Security take on an array of listener questions about their respective products.
Remember its never to little or to late to donate to Johnny Long's hackers for charity.
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Episode 200 Show Notes HISTORIC Episode 200 all day podcast in support of hackersforcharity.org.
Part 2: interview with the man him self Mr. Johnny Long from Uganda. Listen in as he discusses how this all started, what the future holds and just how far a few dollars can go in Uganda.
Remember its never to little or to late to donate to Johnny Long's hackers for charity.
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Episode 200 Show Notes HISTORIC Episode 200 all day podcast in support of hackersforcharity.org. Part 1 with Lenny Zeltser talking about malicious documents. Remember its never to little or to late to donate to Jhonny Long's hackers for charity.
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Part 2: Further instructions for taking over the world via embedded devices, and stories of interest for this week.
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Episode 196: Introducing the new PDC project www.securityfail.com!!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Part 2: The crew discusses storys for this week with out Paul as he rests at home reovering from certain kind of male 'enhancement' surgery.
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Part 2: Tech Segment how to grab SSH credentials. Discuss news stories for this week. Listen for the peepers as we broadcast outside for the first time this year.
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Part 2: The crew discusses stories for this week, dump on the iPad, and how to mess up an intern's car.
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Part 1: Interview with Johannes Ullrich
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Part 1: Fuzzing with Jeremy Brown
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Part 2: The crew discusses software security, selling exploits, defense, & Lamas
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Part 2: Ron Gula & Richard Bejtlich Debate Controls, Threats, and APT
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Part 1: Nessus Scanning Through A Metasploit Meterpreter Session
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Live from CCDC!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Top ten tips to socially engineer management into implementing security the right way, plus all sorts of interesting stories including the "porn detection stick"!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Part 2: DNS sub-domain brute forcing & Penetration
We discuss when penetration is important, how to talk to management, coolest WRT54G hack, and a technical segment on DNS sub-domain brute forcing.
188 Part 2 - Direct Audio Download
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Part 1: "Freedom TM"
The Security Weekly crew interviews Daniel Suarez to discuss his new book Freedom TM, security, privacy, socialogy, and more!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Part 2: Windows command line kung fu and discussion of the stories for the week!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Part 1: Pwning VMware and the Smart Grid...
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Security Weekly talks smack about security...
We love Irongeek (but not like that).
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Chaos. Intelligent Debate. Shmooball fights. Keg Stands. Educated Opinions.
Thats right get all of that and more when you listen to the audio from the 2010 Shmoocon Podcaster Meetup!
Here's what the press has to say:
"The security podcasters’ meet-up on Saturday night was more like a Motley Crue concert than anything else. The podcasters on stage resembled the head table at a Klingon wedding. But drunken antics conference-wide were minimal, and some decent food for thought came out of the podcasting event despite the rowdiness."
-- Bill Brenner, CSO Online
"The podcasters meetup is like watching a bunch of monkeys fn a football with add!"
-- "@secbarbie"
You be the judge!
David Hoelzer comes and hangs out with the Security Weekly crew...
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
The Security Weekly crew discuss the stories of the week...
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
The Security Weekly crew discuss the stories of the week...
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
The Security Weekly crew discuss the stories of the week...
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
The Security Weekly crew go one on one with an FBI agent, no handcuffs this time!
No really, it sucks.
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Google/China/Auora crapola, security stuff, fixing the real problems.
This week we all road the FUD train
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Didier Stevens comes on the show to talk about PDF hacking!
Chicken Corn Noodles are a valid PDF documentHosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Mick walks us through sneaky web crawling, GSM & DECT cracked, and more stories and tech news!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Bruce Potter comes on the show to talk about the death of defense in depth, full disclosure, netflow analysis, trusted computing, and Lard.
Because sometimes you just need pure lard.
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
John analyzes Windows firewall logs, and they guys discuss yet even more mitigations that don't work, laugh at the "top 5 essential patches of 2009", and hacking ATMs.
Merry Christmas From Everyone At SecurityWeekly
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Using OSVDB to find vulnerable software, SQL injection by example, Fake Steve jobs article enlightens the Security Weekly crew.
Warning: Contains explicit language!
High alcohol content beer makes for interesting podcasts
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Deviant comes on the show and we talk about locking picking, bumping, and raking! Make sure you visit the show notes page for this episode to get the Powerpoint slides and videos associated with the interview!
Deviant ready for the Security Weekly Interview
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Paul calls out Bruce Schneier, Ping Of Death returns, don't trust the devil on the inside, cloning fingerprints, and Paul makes the D-list!
The Devil is not only in the details, its on the inside.
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Its Larry's Birthday! Spankings ensue, radio frequencies are snooped upon for pager traffic, beer is consumed, cigars are smoked.
Special guest Ben Jackson!
On The Airways, Stealin' Your Info
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Security Weekly crew talks about Nessus 4.2, Point-of-Sale security woes, Dave K. dials in again, and more!
"Security FAIL"
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
The Security Weekly crew interviews Christ Brenton and talks about firewalls, perimeter protection, and cats in the office.
"Firewalls Are Still HOT"
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
The Security Weekly crew talks about the differences between exploit frameworks, how we overcome our handicaps, and we rock the kung fu because you hacked my master!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
The Security Weekly crew interview Chris Hoff and talk about security in the real world, the cloud, cigars, and martial arts!
"Don't Hassle The Hoff"
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Paul talks about building a security lab on the cheap, and a SPECIAL GUEST APPEARANCE!!!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
In Part one of the episode we interview the CTO of Cenzic, Lars Ewe. Paul butchers the pronunciation of his last name, but Lars sticks around to talk shop, discuss web application vulnerabilities, same origin polices, and the recent controversey over the latest trends report.
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
The Security Weekly crew talks about DNS enumeration, network packet analysis with Xplico, spilled COFEE, Pwning your own ATM machine, and more!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Larry finishes up a tech segment on Mass 0wnage with Jaseger and complimentary tools, and we discuss the stories of the week, including why MS patch Tuesday is a bad idea and tons of other hacks, tips, ticks, and security fail.
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
The Security Weekly Crew interviews Ethan Galstad, the founder of Nagios open source project!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
The sock puppets talk about letting your users access the Internet, bad Internet users, bad!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Paul, Larry, John, Mick, and Carlos are joined by a wide array of guests, including Anthony Jacobin (talking about Barcrawl a tool for scouring pastebin for interesting stuff), the entire Security Justice crew, Jack Daniel, and last, but not least (at least that's what we tell him) intern Darren!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Paul, Mick, Larry (and the "intern", and Carlos talk about a tech segment on Jaseger, and we unlock that magic that was gifted to us by unicorns.
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Paul, Mick, Larry (and the "intern", and Carlos talk Flash vulnerabilities with the expert web application security engineer from HP Prajakta Jagdale, tech segment on Jaseger, and we unlock that magic that was gifted to us by unicorns.
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Paul, John, Larry, and Carlos gather around some beer to talk about Microsoft patches, John does a tech segment on Windows Prefetch, and we discuss possibly the most hilarious and disgusting story ever on the show!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Paul, John, Larry, Mick, and Carlos all apear on the show and we're MAD AS HELL and we're not going to take it anymore!
Larry does a great technical segment on username harvesting from Social Media. The crew then discusses the latest computer security news such as Moxie's trouble with Paypal, Netgear's new "killer router", watching your logs, and much more!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
In Part 2 of this episode we interview Thomas Wilhelm!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
In this episode we announce the winners of the Network Forensics Puzzle, do a technical segment on using encryption and good passwords together, and discuss the stories of the week!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Rowin' with the anchor up behind the firewall!
In this episode we talk to Ryan Dewhurst, the author of Damn Vulnerable Web App, a distrobution that is insecure and secure all at the same time! We also talk about all kinds of security fail, introduce a studio guest, and more!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
This week we interview Moxie Marlinspike of thoughtcrime.org to speak about hitchhiking and breaking SSL!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
This week we interview Nick Harbour of rnicrosoft.net to speak about Forensic Software tools and techniques!
We've got two fabulous technical segments, one on stealing Firefox passwords and another on enumerating VPN concentrators.
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
In this episode of Paul's Security Weekly we have a very special guest, Daniel Suarez the author of "Daemon", one of the best books we've ever read here at SecurityWeekly. You can read my full review of the book, and listen to a full interview with Dan on this episode!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
The Splunk Ninja himself, Michael Wilde, appears on the show to talk about all things log searching and management! Paul, Mick, and Carlos do a fabulous segment on Security FAIL.
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Roelof Temmingh and his henchman "Andrew" from Paterva / Maltego discuss penetration testing evolutions, information gathering, drinking, and the latest features in the soon to be released version 3 of Maltego!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Our guest this week is Renaud Deraison, author of the Nessus the world best vulnerability scanner!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
All:
For your listening pleasure I have (finally!) edited the podcaster meetup audio. You can hear the likes of:
At this meetup we took questions from the audience, performed strip teases, and did some general ranting.
Special guest appearance by none other than Twitchy!
Our guest this week is Lance Spitzner, co-founder of the Honeynet Project and former tank operator :)
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Our guest this week is none other than David Rice, author of Geekonomics!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Our guests this Episode are Lee Kushner and Mike Murray, here to talk about infosec career hacking!
Our guests this Episode are the SecuraBit folks, who will discuss current security events alongside the PDC crew, with Technical Segments by Larry "sniff" Pesce on "Sniffing DECT for fun and Penetration Testing" and Mick "Hella" Douglas on "Kon-Boot".
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Special guest Valsmith comes to talk to us about Phishing, post exploitation, recon and al sorts of other evil goodies!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
An all out, no holds barred PCI Round Table Featuring all types of industry luminaries, including Anton Chauvakin, Jericho and others. The gloves come off and the debate gets bloody!
Hosts: Paul Asadoorian, Carlos "Dark0perator" Perez
We are very excited to release two interviews with some of the leaders in the field when it comes to web application testing and vulnerabilities.
The first interview is with Andres Riancho, lead developer of w3af, one of the most comprehensive open-source web application testing frameworks. We talk with Andres about breaking up with girlfriends, the differences between w3af and commercial web application testing packages, and much more!
The second interview is with Sandro Gauci, founder of Enable Security and the co-author of WafW00f, a suite of tools to test web application firewalls. There is some serious security FAIL going on here, and we get all of the details.
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, Carlos "dark0perator" Perez
Special guest speaker Rob talking about MiTM and virtualization, live from SANSFIRE!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas
Special guest Peter Kleissner, WMIC command line fun, and more!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas
Live from Las Vegas, the entire crew gets together for the first time live on stage!
Note: We did NOT figure out a way to get free access to "adult" programming at the hotel. Although we heard some reports that it was as easy going into the setup menu, add/delete channels, then using the regular channel up/down buttons. So we heard...
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas
A tutorial on winenum, a Metasploit meterpreter script that performs post-exploitation information gathering by "Dark0perator". A video tutorial can be viewed below:
Windows Enumeration Script for Meterpreter from PaulDotCom on Vimeo.
Hosts: Larry Pesce, Paul Asadoorian, John Strand, Mick Douglas, & Carlos Perez
Interview with Steve Sims talking about breaking software!
Hosts: Larry Pesce, Paul Asadoorian, John Strand, Mick Douglas, & Carlos Perez
Panelists:
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas
Special guest Tom Eston From Security Justice Podcast, SQmap tech segment.
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas
Special guest Harlan Carvey talks Windows forensics, W3af Part II.
"Security Weekly Foresics Exam"
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas
In this first part of Episode 150 we crack the keg, introduce the show, and do a short interview with Lenny Zeltser:
"Much of security advice under the "best practices" umbrella seems to assume that the company is interested in having strong security or in being a high performer of IT/security practices. Yet, most companies (e.g SMBs) don't care about high performance: they just want to survive and conduct business and to have security that's just good enough. So, what advice should we offer to companies who will never be proactive about security, who will never implement defense-in-depth, and who maybe don't need to worry about these issues? That's why I've been creating one-page cheat-sheets to assist companies who haven't prepared, yet a stuck in a tough spot. "
The Security Weekly crew are over 9 hours into the 12 hour marathon and talking to Stephen Northcutt! We also have a great segment on Google Hacking. This is just the "show" portion of the episode, look for the other segments in the coming weeks.
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas
The Security Weekly crew drink, hack, and get merry with our new sponsor Cenzic, we teach you about Argus and UPnP Nmap hacking, and announce our 12 Hour podcast!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand
Paul's laptop lives, but the soundboard doesn't, talking shop about MQ series and security FAIL, sniff wireless on all 14 channels AT THE SAME TIME! All brought to you by the fine acoustic sound of the McDonald's drive-thru.
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand
Email: [email protected]
This week we have special guests from www.i-hacked.com, the show gets hijacked, Paul's laptop gets thirsty, one crazy show!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand
This week we have special guests, Hal Pomeranz and Ed Skoudis will be joining us to talk about the Command Line Kung Fu blog!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand
Paul, Larry, and John welcome special guests, Jonathan Ham, SANS instructor/owner of Jham Corp and Sherri Davidoff, blogger at philosecurity.org/owner of Davidoff Information Security Consulting!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand
Paul, Larry, and John do a tech segment extravaganza with special guest Seth Misener!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand
Paul, Larry, and John are together in the same room for the first time podcasting live from SANS Orlando 2009!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand
Paul, Larry and John talkin' security and memory dumping with special guest Marcus Carey!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand
Paul, Larry and John talkin' security and WMIC with special guest Mick!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand
Paul, Larry and John rappin' security Special guest Shlomo from Israel!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand
Paul and Larry talk coming at you live from Shmoocon 2009! Special guests include Marcus Carey, Johnny Long, Listener Karl, Mubix, and Matthew Carpenter!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand
Paul and Larry talk security!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand
Paul, Larry, and John talk security!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand
Paul, Larry, and John talk security with Dave Shackleford!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand
Email: [email protected]
Paul, Larry, and John talk security!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand
Paul, Larry, and John talk security with Eric Cole!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand
Paul, Larry, and John talk security!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand
Paul, Larry, and John talk security with special guests from Microsoft!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand
Paul, Larry, and John talk security with special guest Dan Hoffman!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand
Paul, Larry, and John talk security!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand
Paul, Larry, and John talk security with special guest Marcus Ranum!
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand
Paul & Larry talk security with special guest Andre Dimino!
Live from the Paul's Security Weekly Studio....
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian, Nick "Twitchy" Depetrillo, Andy Lockhart
Email: [email protected]
Paul & Larry talk security with special guest John Strand!
Paul & Larry discuss security, hash, rubber chickens, religion, politics, and American history (Yes, I'm convinced no one reads what I type here ;)
In Part II we discuss stories and bring on none other than Josh Wright to talk about some of the latest attacks against TKIP.
We are still working on the sound quality problems, swapped out a few cables this week and it helped. The intro to the show is messed up and Larry and I are only on the left channel, this does NOT persist throughout the entire episode. Please bare with us while we work towards better sound quality.
Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian
Email: [email protected]
In Part I of this week's episode we are joined by Bill Brenner, talking to us and the listeners about the best ways to sell security to upper management.
In Part II we discuss stories and bring on none other than Josh Wright to talk about some of the latest attacks against TKIP.
We are still working on the sound quality problems, swapped out a few cables this week and it helped. The intro to the show is messed up and Larry and I are only on the left channel, this does NOT persist throughout the entire episode. Please bare with us while we work towards better sound quality.
We are still working on the sound quality problems and have yet even more equipment to replace, so next episode we should have it all worked out (I hope).
We are joined this week by Jason Ostrom, author of voiphopper.
We are still working on the sound quality problems and have yet even more equipment to replace, so next episode we should have it all worked out (I hope).
Larry does a tech segment, and we discuss the stories for the week.
Again, apologize for the sound quality.
We are joined by two special guests, Larry does a tech segment, and we discuss the stories for the week.
I do apologize for the sound quality, we are still working some of the kinks out of our new system. We will be replacing the recording laptop for next week, which seems to have been the cause of the background noise.
Paul and Larry are in the studio with special guest Ed Skoudis!
Paul and Larry are in the studio with special guest Ed Skoudis!
Simcard Forensics, An Adventure in Information Gathering
Live from SANS Las Vegas! Be certain to download Larry's presentation that is associated with this episode:
Simcard Forensics, An Adventure in Information Gathering
Paul & Larry continue penetration testing discussions with Core and discuss the stories for the week!
Paul talks Metasploit and Core comes on the show to talk shop!
Paul & Larry interview Fyodor (Part II), Fyodor critiques Paul's Nmap Foo, and we discuss stories...
Paul & Larry interview Fyodor, author of Nmap!
Paul & Larry discuss stories with the visitor from Kalamazoo, and much more!
Paul & Larry interview Jay "MF" Beale, get a visitor from Kalamazoo, and much more!
Paul & Larry interview White Wolf Security and discuss the stories of the week.
Paul & Larry interview Mike Kershaw, Brad Haines, and Frank Thorton to discuss Kismet, the ultimate open-source wireless monitoring/IDS tool!
The Paul's Security Weekly Monthly Summaries are the recordings from the monthly Late-Breaking Computer Attack Vectors webcast. This month we I will discuss some of the latest attacks, including:
You can download the slides to this presentation here:
Paul & Larry rock out to some punk music and bring you the latest security and hacking news!
Paul & Larry are back in the studio!
Paul is in the studio and Larry is on via skype for a fun-filled episode!
Live from a hotel room in Boston and a hotel room in Las Vegas!
Live from the Security Weekly studios!
Live from the Security Weekly studios with special guest Rich Mogul!
Live from the Security Weekly studios!
Live from the Security Weekly studios, with a soopa secret special guest!
Live from the Security Weekly studios, with the Backtrack CD developers via Skype, Backtrack 3 is released live, right here on the PaulCotCom show!
Live from the Security Weekly studios via Skype featuring JMS!... :)
Live from the Security Weekly studios featuring guest host Lenny Zeltser!...
Live from the Security Weekly studios...
Live from the Security Weekly studios, Larry via Skype, and JJ comes on the show to talk about FreeBSD security, open-source tools for scheduling Nessus scans, Debian not-so-randomness, and more!...
Live from the Security Weekly studios, Larry via Skype, and JJ comes on the show to talk about FreeBSD security, open-source tools for scheduling Nessus scans, Debian not-so-randomness, and more!...
Live from the Security Weekly studios...
Live from the Security Weekly studios...
Live from the Security Weekly studios...
Live from the Security Weekly studios with special guest Wesley McGrew talking about memory analysis tools.
Live from the Security Weekly studios with special guest Kevin "The Hacker Princess" Johnson! In the second part of this episode we wrap up the discussion on web app testing and cover the stories for the week.
Live from the Security Weekly studios with special guest Kevin "The Hacker Princess" Johnson!
Live from the Security Weekly studios...
Live from the Security Weekly studios...
Live from the Paul's Security Weekly Studio, the fine folks from GNUCITIZEN (Petko D. Petkov and Adrian P.) join us for discussion on even more projects, including MDNS and others. Part two of two.
Live from the Paul's Security Weekly Studio, the fine folks from GNUCITIZEN (Petko D. Petkov and Adrian P.) join us for discussion on how they got started, and who they are all about and delve into some of their projects in this episode. Part one of two.
Live from the Paul's Security Weekly Studio for Episode 100! Special guest appearnces from listeners across the world, Black Dragon offers listeners a special treat, and Paul & Larry profess their love for each other...
Live from the Paul's Security Weekly Studio for Episode 100! Special guest appearnces from Ed Skoudis, Ron Gula, the British Royal Family, and Bob's true identity revealed!
Paul is live from the Paul's Security Weekly Studio, and Larry is live from Shmoocon! Get the latest information from the hottest security conference this year!
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian
Email: [email protected]
Live from the Paul's Security Weekly Studio with our very own "reverse engineering specialist", the baby maker from Canada himself, Justin Seitz!
In part II of this episode we first have an awesome discussion about how broken the information security industry is right now and offer some advice on how to fix it, then cover the stories for the week.
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian
Email: [email protected]
Live from the Paul's Security Weekly Studio with our very own "reverse engineering specialist", the baby maker from Canada himself, Justin Seitz!
In part I of this episode we cover two technical segments, one by Justin on DLL injection, and one by Security Weekly on hacking mDNS/Bonjour/Zeroconf.
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian
Email: [email protected]
Live from the Paul's Security Weekly Studio with a cast of special guests, including:
The authors of SANS SEC610 Reverse-Engineering Malware: Malware Analysis Tools and Techniques including Lenny Zeltser, Mike Murr and Bojan Zdrnja.
Of course, our "reverse engineering specialist", the baby maker from Canada himself, Justin Seitz!
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian
Email: [email protected]
This is a recorded session from my SANS Webcast called "Things That Go Bump In The Network: Embedded Device (In)Security". Information, the accompanying presentation, and resources can be found below:
Description: Embedded devices come into your network and appear in many different forms, including printers, iPhones, wireless routers and network-based cameras. What you might not realize is that these devices offer unique opportunities for attackers to do damage and gain access to your network - and to the information it contains. This webcast will review known embedded device vulnerabilities and cover how these vulnerabilities can be used to gain control of devices, networks, and data - and, more importantly, what can be done about it.
Presentation: Things That Go Bump In The Network: Embedded Device (In)Security
Resources: I have collected a number of articles and papers that are relevent to embedded device security. You can find them on my del.icio.us links tag AttackingEmbeddedDevices.
Live from the Paul's Security Weekly Studio with special guest Matt Jonkman!
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian
Email: [email protected]
Live from the Paul's Security Weekly Studio!
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian
Email: [email protected]
Live from the Paul's Security Weekly Studio!
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian
Email: [email protected]
Live from the Paul's Security Weekly Studio!
Please note that our download server has changed to http://media.libsyn.com/pauldotcom/. Our file format remains the same, however we have chosen to move all downloads to Libsyn for better tracking and atchiving. All previous podcasts will remain on the old server for now.
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian
Email: [email protected]
Live from the Paul's Security Weekly Studio, this is the second part in a two-part episode. Larry and I created a two-hour podcast marathon this week and have decided to release it in two parts.
Larry and I weigh in on the Mogul/Hoff demonstration of hacking SCADA systems, but its a day late and a dollar short for that one as its come out that it was a "Set up". :)
Happy Holidays!
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian
Email: [email protected]
Live from the Paul's Security Weekly Studio, this is the first part in a two-part episode. Larry and I created a two-hour podcast marathon this week and have decided to release it in two parts. Part II will be released next week, and we will resume regularly scheduled broadcasting the week after Christmas.
Happy Holidays!
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian
Email: [email protected]
Live from the Paul's Security Weekly Studio...
Special Guest, Joel Esler!
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian
Email: [email protected]
Live from the Paul's Security Weekly Studio...
Live from the Paul's Security Weekly Studio...
Live from the Paul's Security Weekly Studio...
Live from the Paul's Security Weekly Studio...
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian
Email: [email protected]
Live from the Paul's Security Weekly Studio...
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian
Email: [email protected]
Recorded on October 18, 2007 in the Paul's Security Weekly studios via Skype:
This first part primarily covers some of the tools offered by Sensepost for free, what they do, and how to use them. Part II will cover the new tool they released called "Squeeza" and a very interesting discussion about penetration testing and web application security.
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian
Email: [email protected]
Recorded on October 18, 2007 in the Paul's Security Weekly studios via Skype:
This first part primarily covers some of the tools offered by Sensepost for free, what they do, and how to use them. Part II will cover the new tool they released called "Squeeza" and a very interesting discussion about penetration testing and web application security.
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian
Email: [email protected]
This is a really fun time! Larry, Dave "Cool", and myself hosted a live hacking event. There were real networks to defend and real exploits coming at them. It was great fun! I took about 4+ hours of audio and condensed it into 36 minutes, so its just the highlights. What will you take away from this? The blue and red team experiences carry through into our real working worlds and it is interesting to hear the mock press interviews, red team updates, and most importantly the end briefings.
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian
Email: [email protected]
Live from the Paul's Security Weekly Studio...
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian
Email: [email protected]
Live from SANS Las Vegas Network Security 2007!
I'd like to thank SANS for having us back, Dave Cool, Rich Mogull for helping out, props to Mike Poor (C.E.O Chief Entertainment Officer), and Eliot from Hack A Day for hanging out and providing t-shirts. Also, our sponsors gave us TONS of free stuff to give away, such as iPod Nanos, Amex and Starbucks Gift cards, t-shirts, and a really cool light saber.
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian
Email: [email protected]
Live from the Paul's Security Weekly Studios...
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian
Email: [email protected]
Live from the Paul's Security Weekly Studios...
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian
Email: [email protected]
Live from the Paul's Security Weekly Studios...
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian
Email: [email protected]
I did my best to improve the audio quality on this one, and spent way too much time doing it (so no complaining! :)
I wanted to thank Ed, Tom, and Matt from Intelguardians, it was a fun episode with tons of useful information!
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian
Email: [email protected]
The audio quality on this one may be a bit off, Skype and Gizmo gave us problems during the interview. However, there is some great content, thanks in large part to Tim and Dwight from White Wolf Security!
"Not Your Typical Episode"
I apologize we were light on the show notes, a bit light on the content, and there were no technical segments. We will return in the coming weeks to bring you feature packed episodes, and some awesome interviews!
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian, Joe "Mr. C" Conlin, Tyler, and Martin Mckeay
Recorded at SANSFIRE in the noisy vendor expo, where there was "Banging"....
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian, Luiz Eduardo, "Anthony From Core"
Live from the Paul's Security Weekly Studio....
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian, Andy Lockhart
Live from the Paul's Security Weekly Studio....
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian, Andy Lockhart
Live from the Paul's Security Weekly Studio....
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian, Andy Lockhart
Live from the Paul's Security Weekly Studio....
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian, Nick "Twitchy" Depetrillo, Andy Lockhart
Live from an undisclosed Studio....
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian, Nick "Twitchy" Depetrillo, Andy Lockhart
Live from the Paul's Security Weekly Studio....
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian, Nick "Twitchy" Depetrillo, Andy Lockhart
Live from the Paul's Security Weekly Studio....
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian, Nick "Twitchy" Depetrillo, Andy Lockhart
Live from the Paul's Security Weekly Studio....
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian, Nick "Twitchy" Depetrillo, Andy Lockhart
Live from the Core Security Technology Offices.... (aka, film location for the movie "The Departed")
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian, Nick "Twitchy" Depetrillo
Email: [email protected]
Live from the Paul's Security Weekly Studio....
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian, Nick "Twitchy" Depetrillo, Andy Lockhart
Email: [email protected]
Live from the Paul's Security Weekly Studio....
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian, Nick "Twitchy" Depetrillo, Andy Lockhart
Email: [email protected]
Live from the Paul's Security Weekly Studio....
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian, Nick "Twitchy" Depetrillo, Joe "Mr. C" Conlin
Live from SANS San Diego 2007....
Live from the Brand New Paul's Security Weekly Studio....
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian, Nick "Twitchy" Depetrillo, Joe "Mr. C" Conlin Email: [email protected]
In this episode, we had the pleasure of interviewing Seth Fogie, who presented at Shmoocon 2007 on the topic of Windows Mobile security, er,w ell, we should say "insecurity".
Full Show Notes Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian, Joe "Mr. C" Conlin Email: [email protected]
Live from Shmoocon!
WARNING: This was recorded in front of a live audience, and as a result, it contains some audio anomalies and stronger then usual language.
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian, Nick "Twitchy" Depetrillo, Joe "Mr. C" Conlin Email: [email protected]
Live from the Brand New Paul's Security Weekly Studio....
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian, Nick "Twitchy" Depetrillo, Joe "Mr. C" Conlin Email: [email protected]
Live from the Brand New Paul's Security Weekly Studio....
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian, Nick "Twitchy" Depetrillo, Joe "Mr. C" Conlin Email: [email protected]
Live from the Brand New Paul's Security Weekly Studio....
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian, Nick "Twitchy" Depetrillo, Joe "Mr. C" Conlin Email: [email protected]
Live from the Paul's Security Weekly Studio....
Paul, Larry, and Twitchy take on listener questions and feedback. We had so much awesome feedback that we wanted to cover, we're splitting this one into two parts. As promised, here is part two. Be certain to send us your questions!
Skype: pauldotcom Phone: 401.369.9820
Listener Feedback Episode 5 Show Notes
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian, Nick "Twitchy" DePetrillo Email: [email protected]
Live from the Paul's Security Weekly Studio....
Paul, Larry, and Twitchy take on listener questions and feedback. We had so much awesome feedback that we wanted to cover, we're splitting this one into two parts. Be certain to send us your questions!
Skype: pauldotcom Phone: 401.369.9820
Listener Feedback Episode 5 Show Notes
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian, Nick "Twitchy" DePetrillo
Live from the Brand New Paul's Security Weekly Studio....
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian, Nick "Twitchy" Depetrillo, Joe "Mr. C" Conlin Email: [email protected]
On this episode, we had the pleasure of interviewing Ron Gula, Founder and CEO of Tenable Security and creator of Dragon IDS. We talked with Ron about:
Full Show Notes Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian, Joe "Mr. C" Conlin Email: [email protected]
Live from the Brand New Paul's Security Weekly Studio....
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian, Nick "Twitchy" Depetrillo, Joe "Mr. C" Conlin Email: [email protected]
Live from the Brand New Paul's Security Weekly Studio....
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian, Nick "Twitchy" Depetrillo, Joe "Mr. C" Conlin Email: [email protected]
Paul, Larry, Joe, and Twitchy an our special guest Mr_T take on listener questions and feedback. Be certain to send us your questions!
Skype: pauldotcom Phone: 401.369.9820
Listener Feedback Episode 4 Show Notes
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian, Nick "Twitchy" DePetrillo, Joe "Mr C" Conlin Email: [email protected]
Paul, Larry, Joe, and Twitchy take on listener questions and feedback. Be certain to send us your questions!
Skype: pauldotcom Phone: 401.369.9820
Listener Feedback Episode 3 Show Notes
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian, Nick "Twitchy" DePetrillo, Joe "Mr C" Conlin Email: [email protected]
Live from the Paul's Security Weekly Studio....
Paul, Larry, Joe, and Twitchy take on listener questions and feedback. Be certain to send us your questions!
Skype: pauldotcom Phone: 401.369.9820
Listener Feedback Episode 2 Show Notes
Hosts: Larry "Uncle Larry" Pesce, Paul Asadoorian, Nick "Twitchy" DePetrillo, Joe "Mr C" Conlin Email: [email protected]Live from the Paul's Security Weekly Studio....
In this first episode Paul, Larry, and Twitchy take on listener questions and feedback. Be certain to send us your questions!
Skype: pauldotcom Phone: 401.369.9820
Hosts: Larry Pesce, Paul Asadoorian, "Twitchy" Email: [email protected]
Live from the Paul's Security Weekly Studio....
This episode was also broadcast over SkypeCast, so look for us each week when we record. It will also be announced in our IRC chatroom #Security Weekly on Freenode (irc.freenode.net).
We had two special guests on the show, Kevin Amorin from Harvard and co-deveoper of Packet Fence, and Martin Mckeay of the Network Security Podcast.
This episode was also broadcast over SkypeCast, so look for us each week when we record. It will also be announced in our IRC chatroom #Security Weekly on Freenode (irc.freenode.net).
We are very proud to bring you the exclusive interview with Johnny Long. I would like everyone to go out and buy two copies of his Google hacking book from Johnny's web site because 100% of the proceed go to charity, and everyone should have a copy for work and a copy for home :) Here are the links to purchase:
Purchase the book here - All proceeds benefit the Compassion International Children's Fund.
NOTE: There was some lag on this call, we're sorry, hoping to upgrading bandwith or replace Skype with something better.En liten tjänst av I'm With Friends. Finns även på engelska.