Paul's Security Weekly (Video)

As the Vice President of Trust & Security, Jason works with clients and security researchers to create high value, sustainable, and impactful bug bounty programs. Full Show Notes: https://wiki.securityweekly.com/Episode564 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

In the Security News this week, Google Chrome has a critical vulnerability, Flash has another zero-day exploit, Colorado passes "most stringent" breach notification law, hackers hack a plane from the ground. Full Show Notes: https://wiki.securityweekly.com/Episode563 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

John Kinsella is a co-founder and head of product for Layered Insight, a container security startup based in San Francisco, California. His 20-year background includes security and network consulting, software development, and datacenter operations. Full Show Notes: https://wiki.securityweekly.com/Episode563 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Jake Reynolds is the Technology Alliances Engineer at LogRhythm, where he is responsible for supporting the development and management of the company's integrations with third-party technology providers. Full Show Notes: https://wiki.securityweekly.com/Episode563 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Dozens of vulnerabilities discovered in DoD's enterprise travel system, what Apple hiding with iOS 11.4, Git repository vulnerability leds to remote code execution attacks, and feeling for Kaspersky. Full Show Notes: https://wiki.securityweekly.com/Episode562 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Chris is a full time husband, father of four, and pen tester; he's a part time Army officer, an aspiring SANS instructor, and the back-up church bass player. Lee Ford spent 2yrs in Information security as the DCOE Assnt Team Chief. Was the lead Project Officer for the stand up of the MA Cyber Battalion. Full Show Notes: https://wiki.securityweekly.com/Episode562 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Ronnie Flathers is an experienced pentester and security consultant who is equally addicted to both netsec and appsec and splits his time appropriately. He currently is the AppSec Pentest Lead at Uptake. Ronnie joins Paul and the crew this week for an interview! Full Show Notes: https://wiki.securityweekly.com/Episode562 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

In the news, what will GDPR's impact be on U.S. consumer privacy, DOJ Sinkholes VPNfilter control servers found in U.S., the most important characteristics of a successful DevOps engineer, FBI seizes domain Russia allegedly used to infect 500,000 consumer routers, Florida man tasered after walking naked through neighborhood carrying cooking oil, and more on this episode of Paul's Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode561 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Sven Morgenroth is a security researcher at Netsparker. He found filter bypasses for Chrome's XSS auditor and several web application firewalls. He likes to exploit vulnerabilities in creative ways and has hacked his smart TV without even leaving his bed. Sven writes about web application security and documents his research on the Netsparker blog. Why it's dangerous to put sensitive information to your javascript files. Way developers hide secret variables. Full Show Notes: https://wiki.securityweekly.com/Episode561 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Steven M. Bellovin is the Percy K. and Vidal L. W. Hudson Professor of Computer Science at Columbia University, member of the Cybersecurity and Privacy Center of the university's Data Science Institute, and an affiliate faculty member at Columbia Law School. He does research on security and privacy and on related public policy issues. Steven joins Paul and the crew this week for an interview! Full Show Notes: https://wiki.securityweekly.com/Episode561 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Google Project Zero call Windows 10 Edge Defense ACG flawed, Wapiti Web Application vulnerability scanner 3.0.1 packet storm, CIA's "Vault 7" Mega-Leak, and Trump eliminates national cyber-coordinator! Full Show Notes: https://wiki.securityweekly.com/Episode560 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Sometimes you just need a router handy when traveling. This allows you to connect multiple devices, use a VPN for all of them, and allow you to connect to a network via Wifi, Ethernet or USB 4G modem/Tether. All this for just $32 and a little configuration time! Learn how in this technical segment. Full Show Notes: https://wiki.securityweekly.com/Episode560 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

This week we interview Matthew Silva, an Undergraduate student attending Roger Williams University, and is the President and Founder of the Cybersecurity and Intel Club! Full Show Notes: https://wiki.securityweekly.com/Episode560 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

"Microsoft Patches Two Zero-Day Flaws Under Active Attack", "5 Powerful Botnets Found Exploiting Unpatched GPON Router Flaws", "Mirai DDoS attack against KrebsOnSecurity cost device owners $300,000", and "The final compliance countdown: Are you ready for GDPR?" Full Show Notes: https://wiki.securityweekly.com/Episode559 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Paul delivers the Technical Segment this week entitled "Docker Security Incident: Lessons Learned"! Full Show Notes: https://wiki.securityweekly.com/Episode559 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Joe Gray is a native of East Tennessee. He joined the U.S. Navy directly out of High School and served for 7 years as a Submarine Navigation Electronics Technician. He joins Paul and the crew this week for an interview! Full Show Notes: https://wiki.securityweekly.com/Episode559 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Firms running Cisco WebEx are told to update their software, Medical devices vulnerable to KRACK Wi-Fi attacks, Kitty Cryptomining Malware Cashes in on Drupalgeddon 2.0, Facebook fires engineer accused of stalking women, and more on this episode of Paul's Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode558 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Leonard Rose, Principal Security Architect at Limelight Networks, joins Paul and the crew this week for an interview! Full Show Notes: https://wiki.securityweekly.com/Episode558 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

In the news, Western Digital My Cloud EX2 NAS device leaks files, Equifax has spent $242.7 million on its data breach so far, New Skill let Amazon Alexa Spy on Users, Hackers find devious way to break into hotel rooms, new tool detects evil maid attacks on Mac laptops, and more on this episode of Paul's Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode557 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

This week in the Topic Segment, our very own Jeff Man gives us a recap on the 2018 RSA Conference! He discusses HackerOne CEO talking Bug Bounty programs, DevSecOps day at RSA demonstrates how the thinking around secure software has evolved, if it's time to kill the Pen Test, and more! Full Show Notes: https://wiki.securityweekly.com/Episode557 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Ferruh Mavituna is the Founder and Product Manager of Netsparker. He developed the first and only proof-based web security scanner with state-of-the-art, accurate vulnerability detection and exploitation features, used by thousands companies around the world today. He joins Paul and the crew this week for an interview! Full Show Notes: https://wiki.securityweekly.com/Episode557 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

In the news, Microsoft built its own custom Linux OS to secure IoT devices, another critical flaw found in Drupal CorePatch your sites immediately, Facebook plans to build its own chips for hardware devices, NSA reveals how it beats 0-days, and more on this episode of Paul's Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode556 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

We've spent time defining the value of penetration testing, how we can do them better and how organizations can make the most out of this activity. The question today is, "Do we still need penetration tests?". If you are conducting penetration testing today or in the market for some testing, this segment is for you! Full Show Notes: https://wiki.securityweekly.com/Episode556 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Adrian is the Research Director and Co-Founder of Savage Security. He spent a decade building security programs and defending large financial firms. He also spent many years as a consultant, performing penetration tests, PCI audits and other security-related assessments. He joins Paul and the crew this week for an interview! Full Show Notes: https://wiki.securityweekly.com/Episode556 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

In the news, RTF bug finally gets patched, so many ways to bridge an air gap, attacking accountants, spoofing all the ports and Trollcave, and more on this episode of Paul's Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode555 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

In the bad old days we used to exploit LSASS memory to dump hashed credentials from memory. When dealing with a domain controller, and a large environment this is dangerous. This segment will address a safer way to extract hashed credentials from the environment for subsequent download, and cracking. Full Show Notes: https://wiki.securityweekly.com/Episode555 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Ron is a Serial Cyber Security Entrepreneur. He founded Tenable Network Security and Network Security Wizards, and has 15+ years experience as CEO in cyber security industry. He joins Paul and the crew this week for an interview! Full Show Notes: https://wiki.securityweekly.com/Episode555 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

In the news, Intel drops plans to develop Spectre microcode for ancient chips, Critical flaw leaves thousands of Cisco Switches vulnerable to remote hacking, VirusTotal launches 'Droidy' sandbox to detect malicious Android apps, Facebook and Twitter may be forced to identify bots, and more on this episode of Paul's Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode554 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Masha Sedova is an industry-recognized people-security expert, speaker and trainer focused on engaging people to be key elements of secure organizations. She is the co-founder of Elevate Security delivering the first human-centric security platform that leverages behavioral-science to transform employees into security superhumans. Full Show Notes: https://wiki.securityweekly.com/Episode554 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Katherine Teitler is the Director of Content for MISTI, where she is responsible for programming information security conferences, workshops, and summits. Katherine also writes on a variety of security topics for the company's Infosec Insider, and contributes articles to third-party security media. She joins Paul and the crew this week for an interview! Full Show Notes: https://wiki.securityweekly.com/Episode554 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

In the news, Apple macOS Bug Reveals Passwords for APFS Encrypted Volumes in Plaintext, Windows 7 Meltdown patch opens worse vulnerability, Atlanta Hit by Ransomware Attack Impacting Multiple Services, and more on this episode of Paul's Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode553 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

In this weeks Technical Segment, Paul delivers his segment entitled Cutting The Cord: The Ideal Home Network Setup. Paul and the crew discuss Nvidia Shield, Firewalls, Parental Control, and other nice devices to have in your home to make things easier! Full Show Notes: https://wiki.securityweekly.com/Episode553 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Rob Cheyne is a highly regarded technologist, trainer, security expert and serial entrepreneur. He has 25 years of experience in the information technology field and has been working in information security since 1998. He joins Paul and the crew this week for an interview! Full Show Notes: https://wiki.securityweekly.com/Episode553 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

The Scarlett Johansson PostgreSQL Malware Attack, Alex Stamos might be leaving Facebook, is Mark Zuckerberg in trouble with the law again?, Uber self-driving car hits and kills pedestrian, and CIS releases revised top-20 critical security controls. Full Show Notes: https://wiki.securityweekly.com/Episode552 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Paul and Jeff express their likes and dislikes of vendor booths. Discover how to be a good sales-rep for your company, how to make yourself stand out in the vendor space, and how to be loose in an a suit-&-tie scenario. Full Show Notes: https://wiki.securityweekly.com/Episode552 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Dick Wilkins is an Associate Professor of Computer Science at Thomas College in central Maine and is Principal Technology Liaison for Phoenix Technologies, a USA based system boot firmware development company. He joins Paul and the team this week for an interview! Full Show Notes: https://wiki.securityweekly.com/Episode551 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

In the news, Memcrashed Memcached DDoS exploit tool, Flash, Windows Users: It's Time to Patch, VMware releases security updates, what happens when Bitcoin miners take over your town, and more on this episode of Paul's Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode551 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Patrick is a pentester for Rapid7, has done SIRT work for Akamai and was a web application developer at Brown University. He joins Paul and the crew this week for an interview! Full Show Notes: https://wiki.securityweekly.com/Episode551 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

In the news, Cisco hardcoded passwords, Kali on Windows, Equifax recovers $114 million on $26.5 million in expenses from breach, and more on this episode of Paul's Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode550 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Sven Morgenroth is a security researcher at Netsparker. He found filter bypasses for Chrome's XSS auditor and several web application firewalls. Full Show Notes: https://wiki.securityweekly.com/Episode550 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Stefano has over 35 years of experience in research and development. Stefano is representing AMI on the UEFI Forum Board of Directors and serves on the UEFI Security Response Team. He joins Larry and team this week for an interview! Full Show Notes: https://wiki.securityweekly.com/Episode550 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

In the news, Quickjack advanced Clickjacking & frame slicing attack tool, how to fight mobile number port-out scams, the Russians hacked the Olympics, top 5 ways security vulnerabilities hide in your IT systems, and GitHub hit by largest DDoS attack ever recorded at 1.35 Tbps! Full Show Notes: https://wiki.securityweekly.com/Episode549 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Bruce Sussman spent more than 20 years on TV screens in Portland, Oregon. He joins Paul and crew this week for an interview! Full Show Notes: https://wiki.securityweekly.com/Episode549 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Mary Beth Borgwing is an Advisor to MACH 37 and Center for Innovation (CIT). She joins Paul and team this week for an interview! Full Show Notes: https://wiki.securityweekly.com/Episode549 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

In the news, DoubleDoor IoT botnet abuses two vulnerabilities to circumvent firewalls, cyber-attackers continue to be financially motivated, Internet security threats at the 2018 Olympics, and more on this episode of Paul's Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode548 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Steve Tcherchian, CISSP, PCI-ISA, PCIP is the Chief Information Security Officer and the Director of Product Management for XYPRO Technology. He joins Paul and team this week for an interview! Full Show Notes: https://wiki.securityweekly.com/Episode548 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

In the news, multiple vulnerabilities in 7-Zip, how getting granular improves network security, NSA exploit use on rise for cryptocurrency mining,and more on this episode of Paul's Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode547 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Larry Pesce delivers the Technical Segment on an intro to the ESP8266 SoC! Full Show Notes: https://wiki.securityweekly.com/Episode547 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Zane Lackey is the Founder/Chief Security Officer at Signal Sciences and serves on the Advisory Boards of the Internet Bug Bounty Program and the US State Department-backed Open Technology Fund. He joins Paul and team this week for an interview! Full Show Notes: https://wiki.securityweekly.com/Episode547 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Bitcoin exchange robbed, Deepfakes AI celebrity porn channel shut down by Discord, NSA Exploit Use On Rise For Crypto Currency Mining, First Jackpotting Attacks Hit U.S. ATMs, and more! Full Show Notes: https://wiki.securityweekly.com/Episode546 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly