Paul's Security Weekly (Audio)

This week, Fleming Shi, CTO of Barracuda Networks, joins us for an interview to talk about Protecting the Hybrid Workforce! Then, Fred Gordy, Director of Cybersecurity at Intelligent Buildings, joins us for a discussion on Smart Building Control System Cybersecurity - The Real World! In the Security News, Penetration testing leaving organizations with too many blind spots, A New PHP Composer Bug Could Enable Widespread Supply-Chain Attacks, Apple AirDrop Vulnerability Exposes Users' Personal Information, Darkside Ransomware gang aims at influencing the stock price of their victims, Security firm Kaspersky believes it found new CIA malware, and a Hacker leaks 20 million alleged BigBasket user records for free! All that and more on this episode of Paul's Security Weekly! Show Notes: https://securityweekly.com/psw692 Segment Resources: Visit https://securityweekly.com/barracuda to learn more about them! Intelligent Buildings - https://www.intelligentbuildings.com/ Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Kevin and the CYBER.ORG team are currently finalizing nationwide K-12 cybersecurity learning standards with the goal of having all 50 states adopt them. Expected in the fall, these standards will ensure that all students have equal access to standardized K-12 cybersecurity education. This conversation will introduce Wickr to the PSW listeners. Joel Wallenstrom will discuss the importance of end-to-end encrypted collaboration and communication as it relates to enterprise and federal space. This week in the Security News, U.S Formally Attributes SolarWinds Attack to Russian Intelligence Agency, FBI Clears ProxyLogon Web Shells from Hundreds of Orgs, Justice Dept. Creates Task Force to Stop Ransomware Spread, Facebook faces mass legal action over data leak, and more! Show Notes: https://securityweekly.com/psw691 Segment Resources: https://cyber.org/standards https://cyber.org/about-us/our-impact https://cyber.org/news/k-12-cybersecurity-learning-standards-review-session-completed https://www.businesswire.com/news/home/20200914005156/en/CYBER.ORG-Kicks-Off-National-K-12-Cybersecurity-Learning-Standards-Development Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Lennart Koopmann, the CTO of Graylog, Inc, joins us for an interview to talk about Nzyme, a Free and Open WiFi Defense System. Then, Dutch Schwartz, Principal Security Specialist at Amazon Web Services, joins us for a discussion on the Lessons Learned When Migrating from On Prem to Cloud! In the Security News, Polish blogger sued after revealing security issue in encrypted messenger, The Facebook dump and Have I Been Pwned, Child tweets gibberish from a highly sensitive Twitter account, LinkedIn and more_eggs, APTs targeting Fortinet, SAP Applications Are Under Active Attack again, Is your dishwasher trying to kill you?, Ubiquiti All But Confirms Breach Response Iniquity, Cyber Threat Analysis, 11 Useful Security Tips for AWS and other stuff too, Signal Adds Cryptocurrency Support and Not everyone is a fan, Zoom 0-click exploit, when firmware attacks, attackers blowing up Discord! Register for Joff's Fun Regular Expressions class here: https://bit.ly/JoffReLife Show Notes: https://securityweekly.com/psw690 Segment Resources: https://www.nzyme.org/ Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Nick Percoco, Chief Security Officer at Kraken, joins us for an interview to discuss The Intersection of Cybersecurity and Cryptocurrency. Robert Lemos, Cybersecurity and Data Journalist, joins us for a discussion on Cybersecurity and Journalism! In the Security News, npm netmask library has a critical bug, when AI attacks, firmware attacks on the rise, Microsoft Hololens and order 66, a real executive order 13694, The Ubiquity breach saga, the FreeBSD and wireguard saga, is the cloud more secure? Hopefully for PHP it is, software updates limit muscle car to 3 HP, a brand new Windows 95 easter egg just in time for, well, easter, and aging wine in space, does it make a difference? Show Notes: https://securityweekly.com/psw689 https://www.kraken.com/en-us/features/security/kraken-security-labs https://blog.kraken.com/security-labs/ Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/psw for all the latest episodes!

This week, Mehul Revankar VP Product Management and Engineering at Qualys discusses How to Tame Your Vulnerability Overload. Sven Morgenroth, Security Researcher at Netsparker talks about the dangers of Open Redirects! In the Security News Doom exploit wins an award, a puzzle honors Alan Turing, anyone can create a deepfake, Jabber bugs, unquoted service paths, Nim malware, Deadly sins of secure coding, & are we living in the toughest time of Cybersecurity? Show Notes: https://securityweekly.com/psw688 Sven's Slide Deck - Open Redirects: https://securityweekly.com/wp-content/uploads/2021/03/Netsparker-Sven-Morgenroth-3-25-21-Open-Redirect.pdf Visit https://securityweekly.com/netsparker to learn more about them! Visit https://securityweekly.com/qualys to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Register to attend Joff Thyer's upcoming Wild West Hacking Fest course "Enterprise Attacker Emulation and C2 Implant Development": http://bit.ly/JoffsC2Class Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Dan Decloss, Founder and CEO at Plextrac joins us to talk about getting the real work done: The case studies. In the Security News, If software got a security grade, most would get an F, SolarWinds hackers got some source code, new old bugs in the Linux kernel, hack stuff and get blown up, stop hacking airquotes beer, weekly Chrome zero day, Mirai lives, long live Marai, how attackers could intercept your text messages, and rigging the election, the Homecoming Queen election that is. We round out the show with a special segment from our podcast series with Plextrac on Purple Teaming featuring none other than Bryson Bort! Show Notes: https://securityweekly.com/psw687 Visit https://securityweekly.com/plextracseries to learn more about them! Visit https://www.securityweekly.com/series to view the entire PlexTrac Mini Series! Register to attend Joff Thyer's upcoming Wild West Hacking Fest course "Enterprise Attacker Emulation and C2 Implant Development": http://bit.ly/JoffsC2Class Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome David Hétu, Chief Research Officer at Flare Systems, to discuss How Illicit Markets Really Operate! In the second segment, we jump right into the Security News Microsoft Exchange had some vulnerabilities, how could you not hear about them?, Russians try to throttle Twitter, silicon valley security camera company has been breached and we get to see what it looks like as they make Teslas in China, Did I mention that there was an Exchange hack?, free tool release to help secure the supply chain (but not Russians with bags of cash), the best practices aren't always the best, advanced Linux malware and how not to encrypt C2 and hide files,network-based multi-domain macro-segmentation situational awareness for compliance, & more! Then We close out the show with a special pre-recorded interview featuring Assaf Dahan, Head of Threat Research at Cybereason, on "Ransomware Research, Threats, and Futures"! Show Notes: https://securityweekly.com/psw686 Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Phillip Wylie, instructor at INE, to discuss Offensive Cybersecurity Education and Getting Started in Pentesting! In the second segment, I will personally be walking you through "How to Build a Kick-Ass PC"! Finally, In the Security News, Calling all people who know how to patch MS Exchange servers, we need you, Rockwell Automation PLC flaws and what you can't do about it, a book review I agree with, be careful what you expose at home, yet another Chrome 0day, jailbreak your iPhone, the cybersecurity consolidation, and taking back the term "Hacker", for real this time! Show Notes: https://securityweekly.com/psw685 His book: https://www.wiley.com/en-us/The+Pentester+BluePrint%3A+Starting+a+Career+as+an+Ethical+Hacker-p-9781119684305 The Pwn School Project meetup: https://pwnschool.com/ INE ( https://ine.com ), Phillip's employer offers a free starter pass for training in four different areas of technology; Penetration Testing Student, Getting started in networking, Azure fundamentals, first steps in data science with Python: https://checkout.ine.com/starter-pass Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Peter Warmka the founder of the Counterintelligence Institute and author of the newly released new book titled: "Confessions of a CIA Spy - The Art of Human Hacking"! Senior Security Architect Bryan Seely from Cyemptive Technologies joins us to discuss How to be a CyberSecurity Hero! In the Security News Nvidia tries to throttle cryptocurrency mining, Digging deeper into the Solarwinds breach, now with executive orders, NASA's secret message on Mars, vulnerabilities in Python and Node.js, hacking TVs and AV gear, nation state hacking galore, patch your VMWare vCenter, and is a password manager worth your money?! Show Notes: https://securityweekly.com/psw684 Peter's new book is available on Amazon: https://amazon.com Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Peter Smith from ZScaler, to talk about What Does Zero Trust Mean To You?! Next, We dive straight Into the Security News, discussing Police Playing copyrighted music to stop video of them being posted online, Border agents can search phones freely under new circuit court ruling Microsoft warns enterprises of new 'dependency confusion' attack, Old security vulnerability left millions of IoT devices, A Simple And Yet Robust Hand Cipher,Zero Trust in the Real World , Clubhouse And Its Privacy & Security Risks,Google launches Open Source Vulnerabilities database, Hacker Tries to Poison Water Supply , Cyberpunk 2077 makers CD Projekt hit by ransomware hack, Multiple Security Updates Affecting TCP/IP, Microsoft's Remote Desktop Web Access Vulnerability! Lastly, we close out the show with a special pre-recorded interview with 'Wheel' a Qualys researcher who helped discover the infamous Baron Samedi SUDO Vuln! Show Notes: https://securityweekly.com/psw683 Visit https://securityweekly.com/zscaler to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome our good friend Josh Marpet, COO at Red Lion and Co Host of Security and Compliance Weekly, for a discussion on 'Starting A Non-Profit To Help Small Companies With CMMC'! Bill DeLisi from GOFBA join us next for an interview to talk to us about GOFBA and National Safer Internet Day! In the Security News, Security in a Complex World, Huawei's HarmonyOS embodies "Fake it till you make it", How, er about, Hackers Infiltrating the World of Online Gaming, Sloppy patches breed zero-day exploits, Dutch researcher hacks prepaid vending machines, When was the last time you said: "Hey, that web app on that IoT/network device was really secure!". Test Amber Alert accidentally sent out warning of Chucky from the Child's Play horror movies, Major Vulnerabilities Discovered in Realtek RTL8195A Wi-Fi Module, New Linux malware steals SSH credentials from supercomputers, From Microsoft, how not to run Docker in Azure Functions! Show Notes: https://securityweekly.com/psw682 Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome back Michael Roytman from Kenna Security, for a discussion on 'XDR and Vitamins'!What is XDR? How do we know the security protections we're investing in are working?! Dan DeCloss from PlexTrac returns to join us for a technical segment titled 'How Tall Do You Have to Be to Ride the Ride'? In the Security News, why privacy is like bubble wrap, South African government releases its own browser just to re-enable flash support, former Lulzsec hacker releases VPN zero-day used to hack hacking team, how a researcher broke into Microsoft VS code's Github, & how criminals use a deceased employee's account to wreak havoc! Show Notes: https://securityweekly.com/psw681 Visit https://securityweekly.com/plextrac to learn more about them! Visit https://securityweekly.com/kennasecurity to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Ryan Noon, Co-Founder and CEO from Material Security, joins us first, to discuss Beyond Phishing Blockers: risks to email, phishing, and beyond! Next up, Jon Gorenflo, Founder & Principal Consultant of Fundamental Security LLC, to talk about Hacking Ubiquiti Devices! In the Security News, How two authors became part of WRT54G hacking history, European police and German law enforcement have taken down the illegal "DarkMarket" online marketplace, iHackers Compromise Mimecast, 70 unpatched Cisco vulnerabilities and why these are not a big deal, Adobe is blocking Flash content, most containers still run as root, watching private videos on YouTube is more like silent films, and get a free bag of weed when you get your vaccine! Show Notes: https://securityweekly.com/psw680 Visit https://securityweekly.com/materialsecurity to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Clayton Fields & Michael Assraf from Vicarius join us to discuss The Good, The Bad and The Ugly sides of Automated Vulnerability Remediation! Ming Chow on Infosec Careers, Data Privacy, the Cloud Solution (or not), and DevOps! In the Security News, Nissan Source Code Leaked Online, Ticketmaster fined $10 million for breaking into rival's systems, The Great iPwn, The Great Suspender, the Shady Zero-Day Sales Game, create your own encryption in Python, and using Google to hack Google! Show Notes: https://securityweekly.com/psw679 Visit https://securityweekly.com/vicarius to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Vicarius' very own Roi Cohen and Shani Dodge join us to kick off the show with a technical segment titled "Generating Threat Insights Using Data Science"! Then, Harry SverdLove from ZScaler joins us for a technical segment on "Securing The Enterprise Software Supply Chain"! In the Security News, How suspected Russian hackers outed their massive cyberattack, Millions of Unpatched IoT, OT Devices Threaten Critical Infrastructure, Zodiac Killer Cipher Solved, a Security Researcher states 'solarwinds123' Password Left Firm Vulnerable in 2019, Why the Weakest Links Matter, and a 26-Year-Old Turns 'Mistake' of Being Added to an Honors Geometry Class to Becoming a Rocket Scientist! Show Notes: https://securityweekly.com/psw678 Visit https://securityweekly.com/vicarius to learn more about them! Visit https://securityweekly.com/edgewise to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, it's the 15 Year Anniversary Edition of Security Weekly! We celebrate with three roundtable discussions on Penetration Testing, Blue Team Techniques, and Hacker Culture! Penetration Testing: Join us for a lively discussion surrounding the topic of penetration testing. Sure, we've called out differences between vulnerability scanning and penetration testing. Moving past this particular issue, we'll explore how to effectively use penetration testing in your environments. Blue Team Techniques We often hear that offensive security techniques are "sexier" than defensive blue team techniques. In this panel discussion, we attempt to level the playing field (on so many levels...) between attackers and defenders. Keeping the evil attackers out of our networks and systems is a daunting task that requires creative thinking and creative solutions. Hacker Culture: Hacking matters. The term hacking has gotten away from us over the years. I believe we've reclaimed it, to a certain extent. The goal of this panel is to discuss all things hacking culture. What does it mean to be a hacker and how do we preserve the hacking ideology? Show Notes: https://securityweekly.com/psw677 Visit https://securityweekly.com/ilf to learn more about them! Visit https://securityweekly.com/risksense to learn more about them! Visit https://securityweekly.com/coresecurity to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Vicarius' very own Roi Cohen and Gilad Lev join us to kick off the show with a technical segment titled "From Chaos to Topia"! Jeff Capone from SecureCircle joins us for an interview on zero trust data security! Ed Skoudis returns to talk to us about the Holiday Hack Challenge! Then, in the Security News, Thousands of unsecured medical records were exposed online, Advanced Persistent Threat Actors Targeting U.S. Think Tanks, WarGames for real: How one 1983 exercise nearly triggered WWIII , The Supreme Court will hear its first big CFAA case, TrickBoot feature allows TrickBot to run UEFI attacks, and Cyber Command deployed personnel to Estonia to protect elections against Russian threat! Show Notes: https://securityweekly.com/psw676 Visit https://securityweekly.com/vicarius to learn more about them! Visit https://securityweekly.com/securecircle to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Mimecast's very own Jamie Fernandes and Karsten Chearis join us to discuss recent Threat Actor Trends! Michael Roytman, the Chief Data Scientist at Kenna Security discusses how to use AI and Machine Learning to solve Infosec problems! In the Security News, Verizon has suggestions on how to make DNS more secure, Microsoft is trying to fix another Kerberos vulnerability, Bumble made some security blunders, why trying to write an article about rebooting your router was a terrible idea, popping shells on Linux via the file manager, Trump fired Krebs, backdoors on your TV and why PHP is still a really bad idea! Show Notes: https://securityweekly.com/psw675 Visit https://securityweekly.com/mimecast to learn more about them! Visit https://securityweekly.com/kennasecurity to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Joseph Salazar, Technical Deception Engineer at Attivo Networks, to discuss how to Disrupt Attacks at the Endpoint with Attivo Networks! Then, Badri Raghunathan, Director of Product Management, and Sumedh Thakar, President and Chief Product Officer from Qualys, join us to discuss The Challenges Associated With Securing Container Environments! In the Security News, not all cyberattacks are created equal, Google patches two more Chrome zero days, What does threat intelligence really mean?, Cobalt Strike leaked source code, DNS cache poisoning is back, and Zebras and Dots! Show Notes: https://wiki.securityweekly.com/psw674 Visit https://securityweekly.com/qualys to learn more about them! Visit https://securityweekly.com/attivo to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome back Sven Morgenroth, Security Researcher from Netsparker, to talk about Abusing JWT (JSON Web Tokens)! Dan DeCloss, CEO & President of Plextrac joins us in the following segment to show us how to use Proactive Security Using Runbooks! In the Security News, Deception Technology: No Longer Only A Fortune 2000 Solution, New Chrome Zero-Day Under Active Attacks Update Your Browser, Pornhub Has Been Blocked In Thailand, 3 actively exploited zero days on iOS, and Someone Just Emptied Out a $1 Billion Bitcoin Wallet! Show Notes: https://wiki.securityweekly.com/psw673 Visit https://securityweekly.com/netsparker to learn more about them! Visit https://securityweekly.com/plextrac to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome back Shani Dodge and Roi Cohen from Vicarius to apply what we learned in the previous segment and actually prioritize our vulnerabilities and remediation the right way. Paul Battista, CEO & Founder of Polarity joins us in the following segment to show us how to use and customize augmented reality to speed up security analysis! In the Security News, the KashmirBlack botnet is behind attacks on CMSs such as WordPress, Joomla, and Drupal, Cybercriminals are Coming After Your Coffee, irrigation systems and door openers are vulnerable to attacks, if you have Oracle WebLogic exposed to the Internet you are likely already pwned, who needs Internet Explorer any longer? and why isn't MFA more popular?! Show Notes: https://wiki.securityweekly.com/psw672 Visit https://securityweekly.com/vicarius to learn more about them! Visit https://securityweekly.com/polarity to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome back Corey Thuen from Gravwell, to talk about Sysmon Endpoint Monitoring complete with Clipboard Voyeurism! Next up, Scott Scheferman, the Principal Cyber Strategist at Eclypsium, joins us to talk about how Hackers Are Hitting Below The Belt! In the Security News, testing firm NSS Labs closes up shop, stringing vulnerabilities together to pwn the Discord desktop app, a Wordpress plugin aimed at protecting Wordpress does the opposite, the FDA approves the use of a new tool for medical device vulnerability scoring, and 8 new hot, steamy, moist cybersecurity certifications! Show Notes: https://wiki.securityweekly.com/psw671 Visit https://securityweekly.com/gravwell to learn more about them! Visit https://securityweekly.com/eclypsium to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome back Shani Dodge and Roi Cohen from Vicarius, to present their segment on Vulnerabilities entitled Prioritize This, Prioritize That, Prioritize with Context! In our second segment, we welcome Patrick Garrity, VP of Operations at Blumira, to talk about Democratizing and Saasifying Security Operations! In the Security News, Microsoft Uses Trademark Law to Disrupt Trickbot Botnet, Barnes & Noble cyber incident could expose customer shipping addresses and order history, Zoom Rolls Out End-to-End Encryption After Setbacks, Google Warns of Severe 'BleedingTooth' Low to Medium risk vulnerabilities, Windows TCP/IP Remote Code Execution vulnerability, and a Prison video visitation system exposed calls between inmates and lawyers! Show Notes: https://wiki.securityweekly.com/psw670 Visit https://securityweekly.com/vicarius to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, in our first segment, we welcome Alexander Krizhanovsky, CEO at Tempesta Technologies, to talk about Fast And Secure Web! In our second segment, we welcome Tony Punturiero, Community Manager at Offensive Security, to discuss Assembling Your First Infosec Home Lab! In the Security News, US Air Force slaps Googly container tech on yet another war machine to 'run advanced ML algorithms', Rare Firmware Rootkit Discovered Targeting Diplomats - NGOs, Hackers exploit Windows Error Reporting service in new fileless attack, HP Device Manager vulnerabilities may allow full system takeover, Malware exploiting XML-RPC vulnerability in WordPress, and it's the 10 year anniversary of Stuxnet! Show Notes: https://wiki.securityweekly.com/psw669 Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, in our first segment, Paul will take you through his process for creating a docker container for running NGINX as an RTMP proxy for streaming video to multiple services; complete with SSL and authentication! In our second segment, we welcome Chris Sanders, Founder of the Applied Network Defense & Rural Technology Fund, to talk about Intrusion Detection Honeypots! In the Security News, Rumored Windows XP Source Code Leaked Online, Hospitals hit by countrywide ransomware attack, China-linked 'BlackTech' hackers start targeting U.S, a 13-year-old student was arrested for hacking school computers, Who caused the 14 state Monday 911 outage, and A Return to 'Hackers' Is "Being Actively Considered," Says Director! Show Notes: https://wiki.securityweekly.com/psw668 Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome we welcome Mike Ware, Senior Director of Technology at Synopsys, to talk about the Key Findings From The Newly Released BSIMM11 Report! In our second segment, we welcome James Spiteri, Solutions Architect and Cyber Security Specialist Global Solutions Lead at Elastic, to discuss how Elastic Security Opens Public Detections Rules Repo! In the Security News, Three Cybersecurity Lessons from a 1970s KGB Key Logger, MFA Bypass Bugs Opened Microsoft 365 to Attack, How Hackers Can Pick Your LocksJust By Listening, U.S. House Passes IoT Cybersecurity Bill, the Largest Hacking Campaign Since 2015 Targeted Magento Stores Via Unpatched Bug, and 5 Security Lessons Humans Can Learn From Their Dogs! Show Notes: https://wiki.securityweekly.com/psw667 Visit https://securityweekly.com/elastic to learn more about them! Visit https://securityweekly.com/synopsys to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome we welcome David Asraf, C++ Developer at Vicarius, and Roi Cohen, Co-Founder & VP Sales at Vicarius, to discuss The Patchless Horseman! In our second segment, we welcome back Sumedh Thakar, President and Chief Product Officer at Qualys, to talk about Building Security Into the DevOps Lifecycle! In the Security News, Cisco Patches Critical Vulnerability in Jabber for Windows, Expert found multiple critical issues in MoFi routers, TeamTNT Gains Full Remote Takeover of Cloud Instances, Bluetooth Bug Opens Devices to Man-in-the-Middle Attacks, Former NSA chief General Keith Alexander is now on Amazon's board, and the Legality of Security Research is to be Decided in a US Supreme Court Case! Show Notes: https://wiki.securityweekly.com/psw666 Visit https://securityweekly.com/qualys to learn more about them! Visit https://securityweekly.com/vicarius to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Fredrick "Flee" Lee, Chief Security Officer at Gusto, to discuss Lovable Security: Be a Data Custodian, Not a Data Owner! In our second segment, we welcome Justin Armstrong, Security Architect at MEDITECH, to talk about Cybersecurity & Patient Safety! In the Security News, The NSA Makes Its Powerful Cybersecurity Tool Open Source, The bizarre reason Amazon drivers are hanging phones in trees near Whole Foods, Elon Musk Confirms Serious Russian Bitcoin Ransomware Attack On Tesla, Foiled By The FBI, Attackers are exploiting two zero-day flaws in Cisco enterprise-grade routers, and the FBI is investigating after an alarmed pilot tells the LAX tower: We just passed a guy in a jet pack! Show Notes: https://wiki.securityweekly.com/psw665 Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, first we talk Security News! We'll be discussing how a Google Researcher Reported 3 Flaws in Apache Web Server Software, Medical Data Leaked on GitHub Due to Developer Errors, Experts hacked 28,000 unsecured printers to raise awareness of printer security issues, Tesla Is Cracking Down On Performance-Enhancing Hacks For The Model 3, Former Uber CSO Charged Over Alleged Breach Cover-Up, and Researchers Sound Alarm Over Malicious AWS Community AMIs! In our second segment, we air two pre recorded interviews from Security Weekly's Virtual Hacker Summer Camp, with Ferruh Mavituna, CEO of Netsparker, and Paul Battista, CEO and Founder of Polarity! In our final segment, we air one more pre recorded interview with Roi Cohen, Co-Founder and VP of Sales at Vicarius, and Shani Dodge, C++ Developer at Vicarius, discussing Predicting Vulnerabilities in Compiled Code! Show Notes: https://wiki.securityweekly.com/psw664 Visit https://securityweekly.com/vicarius to learn more about them! Take the Polarity Challenge! Get your free community edition by visiting: www.polarity.io/sw Visit https://securityweekly.com/netsparker to get a trial of the best dynamic application scanning solution on the market! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome back Harry Sverdlove, Founder and CTO of Edgewise, and Dan Perkins, Principal Product Manager at ZScaler, to talk about Protecting Critical Infrastructure and Workloads In Hybrid Clouds! In our second segment, it's the Security News! We'll be talking about how New Microsoft Defender ATP Capability Blocks Malicious Behaviors, Voice Phishers Targeting Corporate VPNs, IBM finds vulnerability in IoT chips present in billions of devices, Marriott faces London lawsuit over vast data breach, US firm accused of secretly installing location tracking SDK in mobile apps, and Disrupting a power grid with cheap equipment hidden in a coffee cup! In our final segment, we air two pre recorded interviews from Security Weekly's Virtual Hacker Summer Camp, with Corey Thuen, Co-Founder of Gravwell, and Deral Heiland, Principal Security Researcher for IoT at Rapid7! Show Notes: https://wiki.securityweekly.com/psw663 Visit https://securityweekly.com/edgewise to learn more about them! To learn more, visit: https://www.gravwell.io/summercamp2020 Visit https://securityweekly.com/rapid7 to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome back Mike Nichols, Head of Product at Elastic Security, to discuss Why Elastic Is Making Endpoint Security 'Free And Open'! In our second segment, it's the Security News! We'll be talking about how Amazon Alexa One-Click Attack Can Divulge Personal Data, Researcher Publishes Patch Bypass for vBulletin 0-Day, Threat actors managed to control 23% of Tor Exit nodes, a Half a Million IoT Passwords were Leaked, Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment, and a Zoom zero-day flaw allows code execution on victim's Windows machine! In our final segment, we air a pre recorded interview with Michael Assraf, CEO and Co-Founder at Vicarius, to talk about Vulnerability Rich - Contextually Blind! Show Notes: https://wiki.securityweekly.com/psw662 Visit https://securityweekly.com/vicarius to learn more about them! Visit https://securityweekly.com/elastic to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, it's the Security Weekly Virtual Hacker Summer Camp edition of Paul's Security Weekly! In our first segment, we welcome Chad Anderson, Senior Security Researcher at DomainTools, to discuss Observing Disinformation Campaigns! In our second segment, it's the Security News! We'll be talking about How hackers could spy on satellite internet traffic with just $300 of home TV equipment, Smart locks opened with nothing more than a MAC address, 17-Year-Old 'Mastermind' and 2 Others Behind the Biggest Twitter Hack Arrested, Flaw in popular NodeJS express-fileupload module allows DoS attacks and code injection, and how Netgear Won't Patch 45 Router Models Vulnerable to a Serious Flaw! In our final segment, we air a pre recorded interview with Sumedh Thakar, President and Chief Product Officer at Qualys, and Mehul Revankar, VP Product Management and Engineering of VMDR at Qualys, discussing Automating Your Vulnerability Management Program! Show Notes: https://wiki.securityweekly.com/psw661 For your free trial of Qualys VMDR, visit: https://securityweekly.com/qualys Visit https://securityweekly.com/domaintools to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4 Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly

This week, we welcome back Corey Thuen, Co-Founder at Gravwell, to talk about Gravwell's Big Bang Release! In our second segment, we welcome Siddharth Bhatia, PhD student at National University of Singapore, to discuss MIDAS: Siddharth's Research that finds anomalies or malicious entities in real-time! In the Security News, a Vulnerability that Allowed Brute-Forcing Passwords of Private Zoom Meetings, Russia's GRU Hackers Hit US Government and Energy Targets, a New tool that detects shadow admin accounts in AWS and Azure environments, BootHole Secure Boot Threat Found In Mostly Every Linux Distro, Windows 8 And 10, and how Hackers Broke Into Real News Sites to Plant Fake Stories! Show Notes: https://wiki.securityweekly.com/psw660 Visit https://securityweekly.com/gravwell to learn more about them! Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4 Visit https://www.securityweekly.com/psw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

This week, we welcome back Zane Lackey, Chief Security Officer at Signal Sciences, to talk about the Affects Of COVID-19 On Web Applications! In our second segment, we welcome back Sumedh Thakar, President and Chief Product Officer at Qualys, to discuss The Power of the Cloud Platform, One Single Agent, One Global View! In the Security News, Vulnerable Cellular Routers Targeted in Latest Attacks on Israel Water Facilities, Fugitive Wirecard Executive Jan Marsalek Was Involved In Attempt to Purchase Hacking Team Spyware, 8 Cybersecurity Themes to Expect at Black Hat USA 2020, Twitter says hackers viewed 36 accounts' private messages, and how Thieves Are Emptying ATMs Using a New Form of Jackpotting! Show Notes: https://wiki.securityweekly.com/psw659 Visit https://securityweekly.com/signalsciences to learn more about them! Visit https://securityweekly.com/qualys to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Ankur Chowdhary, Security Consultant at Bishop Fox, to talk about Artificial Intelligence and Machine Learning in Cybersecurity! In our second segment, we welcome John Snyder, CEO of Agnes Intelligence, and Security and Compliance Weekly's New Co-Host, for an Introduction to John Snyder himself! In the Security News, Microsoft fixes critical wormable RCE SigRed in Windows DNS servers, Zoom Addresses Vanity URL Zero-Day, Docker attackers devise clever technique to avoid detection, a massive DDoS Attack Launched Against Cloudflare in Late June, Critical Vulnerabilities Can Be Exploited to Hack Cisco Small Business Routers, and what you need to know about the Twitter Mega Hack! Show Notes: https://wiki.securityweekly.com/psw658 Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome our very own Joff Thyer, Security Analyst at Black Hills Information Security, to deliver a Technical Segment on IPv6 Tunneling! In our second segment, we welcome Terry Dunlap, Co-Founder at ReFirm Labs, to talk about IoT Security! In the Security News, Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment, Cisco Talos discloses technicals details of Chrome and Firefox flaws, Palo Alto Networks Patches Command Injection Vulnerabilities in PAN-OS, Zoom zero-day flaw allows code execution on victim's Windows machine, and how the Trump administration is looking into ban on TikTok and other Chinese apps! Show Notes: https://wiki.securityweekly.com/PSWEpisode657 Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Jerry Chen, Co-Founder of Firewalla, to discuss Work From Home Cyber Security! In our second segment, we welcome Ryan Hays, Offensive Security Manager at RSA Security, to talk about OSINT Scraping with Python! In the Security News, Cisco Releases Security Advisory for Telnet Vulnerability in IOS XE Software, Firefox 78 is out with a mysteriously empty list of security fixes, Python Arbitrary File Write Prevention: The Tarbomb, New Lucifer DDoS Botnet Targets Windows Systems with Multiple Exploits, Critical Apache Guacamole Flaws Put Remote Desktops at Risk of Hacking, and how the Internet is too unsafe, and why we need more hackers! Show Notes: https://wiki.securityweekly.com/PSWEpisode656 Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome back Dan DeCloss, President and CEO of PlexTrac, to talk about Enhancing Vulnerability Management By Including Penetration Testing Results! In the Security News, Hospital-busting hacker crew may be behind ransomware attack that made Honda halt car factories, 3 common misconceptions about PCI compliance, SMBleed could allow a remote attacker to leak kernel memory, Kubernetes Falls to Cryptomining via Machine-Learning Framework, and The F-words hidden superpower: How Repeating it can increase your pain threshold! In our Final Segment, we air a Pre-Recorded Interview with Ben Mussler, Senior Security Researcher at Acunetix, discussing New Web Technology and its Impact on Automated Security Testing! To learn more about PlexTrac, visit: https://securityweekly.com/plextrac Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://wiki.securityweekly.com/PSWEpisode655

This week, first we present a Technical Segment, on Lightweight Vulnerability Management using NMAP! In our second segment, we welcome back Corey Thuen, Co-Founder of Gravwell, for a second Technical Segment, entitled "PCAPS or it didn't happen", diving into Collecting Packet Captures on Demand within a Threat Hunting use case with Gravwell! In the Security News, Octopus Scanner Sinks Tentacles into GitHub Repositories, RobbinHood and the Merry Men, Zoom Restricts End-to-End Encryption to Paid Users, Hackers steal secrets from US nuclear missile contractor, and Had a bad weekend? Probably, if you're a Sectigo customer, after root cert expires and online chaos ensues! Show Notes: https://wiki.securityweekly.com/PSWEpisode654 To learn more about Gravwell, visit: https://securityweekly.com/gravwell To check out Packet Fleet, visit: https://github.com/gravwell/ingesters/tree/master/PacketFleet Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Greg Foss, Senior Threat Researcher at VMware Carbon Black's Threat Analysis Unit, to talk about 2020 MITRE ATT&CK Malware Trends! In this week's Security News, NSA warns Russia-linked APT group is exploiting Exim flaw since 2019, 'Suspicious superhumans' behind rise in attacks on online services, Hackers Compromise Cisco Servers Via SaltStack Flaws, OpenSSH to deprecate SHA-1 logins due to security risk, all this and more with Special Guest Ed Skoudis, Founder of Counter Hack and Faculty Fellow at SANS Institute! In our final segment, we air a pre recorded interview with Peter Singer, Strategist at New America, and Author of Burn-In: A Novel of the Real Robotics Revolution, talking all things about his new novel Burn-In! Show Notes: https://wiki.securityweekly.com/PSWEpisode653 To get a discounted copy of Burn-In: A Novel of the Real Robotic Revolution, visit: https://800ceoread.com/securityweekly To check out the SANS Pen Test HackFest and Cyber Range Summit, visit: https://www.sans.org/event/hackfest-ranges-summit-2020 Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Jason Nickola, COO and Senior Security Consultant at Pulsar Security, to talk about Building An InfoSec Career! In our second segment, we welcome back Sven Morgenroth, Security Researcher at Nesparker, to talk about HTTP Security Headers In Action! In the Security News, Hackers target the air-gapped networks of the Taiwanese and Philippine military, Stored XSS in WP Product Review Lite plugin allows for automated takeovers, Remote Code Execution Vulnerability Patched in VMware Cloud Director, Shodan scan of new preauth RCE shows 450k devices at risk including all QNAP devices, and The 3 Top Cybersecurity Myths & What You Should Know! Show Notes: https://wiki.securityweekly.com/PSWEpisode652 To learn more about Netsparker, visit: https://securityweekly.com/netsparker Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome back Mike Nichols, Head of Product at Elastic Security, to talk about MITRE ATT&CK & Security Visibility: Looking Beyond Endpoint Data! In our second segment, we welcome back Harry Sverdlove, Founder and CTO of Edgewise Networks, to discuss Securing Remote Access, Quarantines, and Security! In the Security News, Palo Alto Networks Patches Many Vulnerabilities in PAN-OS, Zerodium will no longer acquire certain types of iOS exploits due to surplus, New Ramsay Malware Can Steal Sensitive Documents from Air-Gapped Networks, vBulletin fixes critical vulnerability so patch immediately!, U.S. Cyber Command Shares More North Korean Malware Variants, and The Top 10 Most-Targeted Security Vulnerabilities! Show Notes: https://wiki.securityweekly.com/PSWEpisode651 To learn more about Elastic Security, visit: https://securityweekly.com/elastic To view the Elastic Dashboard of MITRE ATT&CK Round 2 Evaluation Results, visit: https://ela.st/mitre-eval-rd2 To learn more about Edgewise Networks or to request a Demo, visit: https://securityweekly.com/edgewise Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Chris Elgee, Major at the Massachusetts Army National Guard, and Jim McPherson, Cyber Security Analyst, to talk about Public utility security and the National Guards support! In our second segment, we welcome back Mick Douglas, Founder and Owner of InfoSec Innovations, to discuss Project Fantastic - Bringing The CLI to GUI Users! In the Security News, Naikon APT Hid Five-Year Espionage Attack Under Radar, PoC Exploit Released for DoS Vulnerability in OpenSSL, 900,000 WordPress sites attacked via XSS vulnerabilities, Kaiji, a New Linux Malware Targets IoT Devices in the Wild, Another Stuxnet-Style Vulnerability Found in Schneider Electric Software, and remembering the ILOVEYOU virus! Show Notes: https://wiki.securityweekly.com/PSWEpisode650 Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Jeremy Miller, CEO of the SecOps Cyber Institute, and Philip Niedermair, CEO of the National Cyber Group, to talk about Fighting the Cyber War with Battlefield Tactics! In our second segment, we talk Security News, discussing How to encrypt AWS RDS MySQL replica set with zero downtime and zero data loss, how Cybercriminals are using Google reCAPTCHA to hide their phishing, the NSA shares a list of vulnerabilities commonly exploited to plant web shells, Using Pythons pickling to explain Insecure Deserialization, and how Half a Million Zoom Accounts were Compromised by Credential Stuffing and Sold on the Dark Web! In our final segment, the crew talks accomplishing asset management, vulnerability management, prioritization of remediation, with a Deep Dive demonstration of the Qualys VMDR end-to-end solution! Show Notes: https://wiki.securityweekly.com/PSWEpisode649 To learn more about Qualys and VMDR, please visit: https://securityweekly.com/qualys Link to the Cyberspace Solarium Commission (CSC): https://www.solarium.gov/ Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Steven Bay, Director of Security Operations at Security On-Demand, to talk about Insider Threats! In our second segment, we welcome Patrick Laverty, Conference Organizer at Layer8 Conference, and Ori Zigindere, Co-Founder of WorkshopCon, to discuss all things Layer8 Conference and WorkshopCon! In the Security News, Zoom releases 5.0 update with security and privacy improvements, Zero-click, zero-day flaws in iOS Mail 'exploited to hijack' VIP smartphones, NSA shares list of vulnerabilities commonly exploited to plant web shells, Legions of cybersecurity volunteers rally to protect hospitals during COVID-19 crisis, & the Top 10 In-Demand Cybersecurity Jobs in the Age of Coronavirus! Show Notes: https://wiki.securityweekly.com/PSWEpisode648 To sign up for the Layer8 Conference, please visit: https://layer8conference.com/ To watch our interview with Steven Bay on Enterprise Security Weekly #170, visit: https://youtu.be/nbnSSiVUSSw Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Wade Woolwine, Principal Threat Intelligence Researcher at Rapid7 to talk about Threat Intel Program Strategies! In our second segment, we welcome Magno Gomes, Director of Sales Engineering at Core Security (a HelpSystems Company), to discuss Penetration Testing to Validate Vulnerability Scanners! In the Security News, How to teach your iPhone to recognize you while wearing a mask, Hackers Targeting Critical Healthcare Facilities With Ransomware During Coronavirus Pandemic, VMware plugs critical flaw in vCenter Server, Russian state hackers behind San Francisco airport hack, and Macs Are More Secure, and Other Jokes You Can Tell Yourself! To learn more about Core Security, visit: https://securityweekly.com/coresecurity To learn more about Rapid7 or to request a demo, visit: https://securityweekly.com/rapid7 Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode647 Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we bring you one of Security Weekly's very own, Tyler Robinson, Managing Director of Network Operations at Nisos, for a Technical Segment titled: To Hunt or Not To Hunt: Using offensive tooling to obtain OSINT and Real-Time Intelligence on a subject of interest for hunting or targeting! In our second segment, we talk Security News, to discuss Vulnerabilities in B&R Automation Software Facilitate Attacks on ICS Networks, Using AWS to secure your web applications, Serious Vulnerabilities Patched in Chrome & Firefox, Email Provider that got Hacked & Data of 600,000 Users is Now being Sold on the Dark Web, and As if the world couldn't get any weirder, this AI toilet scans your anus to identify you! In our final segment, we air a pre recorded interview with Jeff Man, entitled "Tales from the Crypt...Analysts pt.2", discussing many myths, legends and fables in hacker history! Show Notes: https://wiki.securityweekly.com/PSWEpisode646 Visit https://www.securityweekly.com/psw for all the latest episodes! To view ngrok, visit: https://www.ngrok.com/ To check out the Trape tool, visit: https://github.com/jofpin/trape Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Matt Allen, Senior Solutions Engineer at VIAVI Solutions, to discuss Collaboration between NetOps and SecOps in today's world! In our second segment, we welcome Lorrie Cranor, Director of CyLab Security and Privacy Institute at Carnegie Mellon University, to discuss Research on Security and Privacy labels for IoT devices! In the Security News, Two Zoom Zero-Day Flaws Uncovered, Millions of routers running OpenWRT vulnerable to attack, Marriott says 5.2 million guest records were stolen in another data breach, PoC Exploits for CVE-2020-0796 (SMBGhost) Privilege Escalation flaw published, and we welcome our very special guest for tonight, Dave Kennedy, who joins us to talk about Video Chat Client Vulnerability History and the recent Zoom Vulnerabilities! Show Notes: https://wiki.securityweekly.com/PSWEpisode645 For more information on VIAVI Solutions, visit: https://securityweekly.com/viavi Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome back Corey Thuen, Founder and CEO of Gravwell, to discuss Zen and The Art of Logs In the Cloud! In our second segment, we welcome back Peter Smith, Founder and CEO of Edgewise, to discuss How remote users and administrators can work securely from home! In the Security News, Authorities Helpless as Crypto-Currency Scams Rock Nigeria, C.S. Lewis on the Coronavirus, Microsoft SMBv3.11 Vulnerability and Patch CVE-20200796 Explained, Drobo 5N2 4.1.1 - Remote Command Injection, DDoS attack on US Health agency part of coordinated campaign, A cyberattack hits the US Department of Health and Human Services, and more! Show Notes: https://wiki.securityweekly.com/PSWEpisode644 To learn more about Gravwell, visit: https://securityweekly.com/gravwell To learn more about Edgewise, visit: https://securityweekly.com/edgewise Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome back Gabe Gumbs, Chief Innovation Officer at Spirion, to discuss How attackers will change their strategy to target those working from home! In our second segment, we welcome Bianca Lewis, Founder, and CEO of Girls Who Hack, to discuss Girls Who Hack, teaching classes to middle school girls on hacking, and Secure Open Vote, open-source election system that i This week, we welcome back Gabe Gumbs, Chief Innovation Officer at Spirion, to discuss How attackers will change their strategy to target those working from home! In our second segment, we welcome Bianca Lewis, Founder, and CEO of Girls Who Hack, to discuss Girls Who Hack, teaching classes to middle school girls on hacking, and Secure Open Vote, open-source election system that is in the design stages! In the final segment, we air a pre-recorded interview with Dorit Naparstek, director of R&D at NanoLock Security, to discuss Hacks performed on connected & IoT devices, and revealing major vulnerabilities in existing security measures! Show Notes: https://wiki.securityweekly.com/PSWEpisode643 Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly s in the design stages! In the final segment, we air a pre-recorded interview with Dorit Naparstek, director of R&D at NanoLock Security, to discuss Hacks performed on connected & IoT devices, and revealing major vulnerabilities in existing security measures! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://wiki.securityweekly.com/PSWEpisode643