
Security Weekly Podcast Network (Video)
4,876 episodes — Page 15 of 98
Highlights from BlackHat/DefCon, Vulnerabilities, and Cyber Marketing Challenges - ESW #372
In this conversation, the hosts discuss patchless patching, vulnerabilities in the Windows TCP/IP stack, and the trustworthiness of Microsoft. They highlight the challenges of marketing in the cybersecurity industry and the importance of building trust with customers. The conversation also touches on the need for vendors to prioritize security and code quality over rushing products to market. Overall, the hosts express concerns about the frequency of security vulnerabilities and the potential impact on customer trust. Other topics of discussion include the Innovators and Investors Summit at Black Hat, the potential sale of Trend Micro, layoffs in the industry, and the controversy surrounding room searches at DEF CON. They also touch on the concept of time on the moon and its implications for future lunar missions. Show Notes: https://securityweekly.com/esw-372

LPE FTW - PSW #839
This week: Option ROMS are a novel way to compromise a system at the lowest level, Sinkclose opens AMD processors up to attacks, at home in your firmware exploiting SMM complete with examples, Sonos speakers get hacked and enable attackers to listen in on your conversations, DEF CON badges use new chips and are not without controversy, lasers that can steal your passwords, it was a regex, Larry updates us on some IoT research, attackers have your SSN, and more updates from last week's hacker summer camp! Show Notes: https://securityweekly.com/psw-839

Cybersecurity Myths - Eugene Spafford - PSW #839
Early on in his career Spaf was working with microcode and continued to work on technical projects. As time went on he realized that focusing on the non-technical work, such as policies and shaping our thinking, would help move the needle. Borrowing concepts from his book on the subject, we will delve into some cybersecurity myths such as: Are users really the weakest link? Are cybersecurity vendors truly incentivized to provide better security? Do we agree on what cybersecurity really means? - Do not miss this segment! Show Notes: https://securityweekly.com/psw-839

Reducing Supply Chain Risk & What's lurking in your phone? - Danny Jenkins, Nikos Kiourtis - ASW #295
In complex software ecosystems, individual application risks are compounded. When it comes to mitigating supply chain risk, identifying backdoors or unintended vulnerabilities that can be exploited in your environment is just as critical as staying current with the latest hacking intel. Understand how to spot and reduce the risk to your environment and prevent disruption to your operation. Every mobile device connecting to enterprise assets hosts a unique blend of work and personal apps, creating a complex landscape of innumerable vulnerabilities. Thankfully, methods exist to provide security teams with the real-world insights necessary to proactively address threats and shield against attacks targeting mobile apps and device endpoints. Nikos Kiourtis, CTO at Quokka, shares the latest findings in mobile security, outlining emerging threats and effective measures to reduce your mobile app attack surface – and safeguarding against potential attacks and data breaches. Segment Resources: - Panelcast with SC Magazine: 8 ways attackers target mobile apps to steal your data (and how to stop them) https://www.scmagazine.com/cybercast/8-ways-attackers-target-mobile-apps-to-steal-your-data-and-how-to-stop-them - Ryan Johnson's talk at DEF CON 32, "Android App Usage and Cell Tower Location: Private. Sensitive. Available to Anyone?" https://defcon.org/html/defcon-32/dc-32-speakers.html This segment is sponsored by Threatlocker. Visit https://securityweekly.com/threatlockerbh for a free trial! This segment is sponsored by Quokka. Visit https://securityweekly.com/quokkabh to learn more about their intelligence app solutions! Show Notes: https://securityweekly.com/asw-295

DEFCON Hijinx, AMD, Ukraine, FreeBSD, OpenVPN, the Pwnie Awards, Josh Marpet... - SWN #406
DEFCON Hijinx, AMD, Ukraine, FreeBSD, OpenVPN, the Pwnie Awards, Josh Marpet, and more, on this Edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-406

When Appsec Needs to Start Small - Kalyani Pawar - ASW #295
Startups and small orgs don't have the luxury of massive budgets and large teams. How do you choose an appsec approach that complements a startup's needs while keeping it secure. Kalyani Pawar shares her experience at different ends of an appsec maturity spectrum. Show Notes: https://securityweekly.com/asw-295

Cybersecurity Leadership Crisis, Is It Time to Pivot Your Strategy? - BSW #360
In the leadership and communications segment, The Cybersecurity Leadership Crisis Dooming America's Companies, Judge Rejects SEC's Aggressive Approach to Cybersecurity Enforcement, Is It Time to Pivot Your Strategy?, and more! Show Notes: https://securityweekly.com/bsw-360

Security Money: Crowdstrike Crashes the Index - BSW #360
This week, it's time for security money, our quarterly review of the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter. This quarter, Crowdstrike crashes the index, as Thoma Bravo acquires another index company. The index is currently made up of the following 25 pure play cybersecurity public companies: Secureworks Corp Palo Alto Networks Inc Check Point Software Technologies Ltd. Rubrik Inc Gen Digital Inc Fortinet Inc Akamai Technologies, Inc. F5 Inc Zscaler Inc Onespan Inc Leidos Holdings Inc Qualys Inc Verint Systems Inc. Cyberark Software Ltd Tenable Holdings Inc Darktrace PLC SentinelOne Inc Cloudflare Inc Crowdstrike Holdings Inc NetScout Systems, Inc. Varonis Systems Inc Rapid7 Inc Fastly Inc Radware Ltd A10 Networks Inc Show Notes: https://securityweekly.com/bsw-360

More AI funding, Crowdstrike ripples continue, GPT yourself - ESW #371
, in the enterprise security news, AI is still getting a ton of funding! Netwrix acquires PingCastle Tenable looks for a buyer SentinelOne hires Alex Stamos as their new CISO Crowdstrike doesn't appreciate satire when it's at their expense Intel begins one of the biggest layoffs we've ever seen in tech Windows Downdate RAG poisoning GPT yourself The Xerox Hypothesis All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-371

Interviewing Black Hat Startup Spotlight Winner, Knostic - Sounil Yu - ESW #371
We chat with Sounil Yu, co-founder of LLM access control startup, Knostic. We discuss both the experience of participating in Black Hat's startup competition, and what his company, Knostic, is all about. Knostic was one of four finalists for Black Hat's Startup Spotlight competition and was announced as the winner on August 6th. References DarkReading: Knostic Wins 2024 Black Hat Startup Spotlight Competition Knostic's Website Show Notes: https://securityweekly.com/esw-371

0.0.0.0, Blacksuit, OpenAI, AWS, Cisco Phones, Win 10, Aaran Leyland, and More... - SWN #405
0.0.0.0, Blacksuit, OpenAI, AWS, Cisco Phones, Win 10, Aaran Leyland, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-405

AI Red Teaming and AI Safety - Amanda Minnich - ESW #371
In this interview we explore the new and sometimes strange world of redteaming AI. I have SO many questions, like what is AI safety? We'll discuss her presence at Black Hat, where she delivered two days of training and participated on an AI safety panel. We'll also discuss the process of pentesting an AI. Will pentesters just have giant cheatsheets or text files full of adversarial prompts? How can we automate this? Will an AI generate adversarial prompts you can use against another AI? And finally, what do we do with the results? Resources: PyRIT AI redteaming tool Microsoft's AI redteaming guide Show Notes: https://securityweekly.com/esw-371

Things Not to Miss at BH/DC/Bsides - PSW #838
Learn what is most interesting at hacker summer camp this year! Show Notes: https://securityweekly.com/psw-838

Downgrades and Attacking Security Things - PSW #838
This week, Downgrade attacks, bootloader fun, check your firmware before you wreck your firmware, you've got mail server issues, Ivanti is the new Rhianna, you should update your BIOS, Openwrt dominates, and attacking the security tools for fun and profit! Show Notes: https://securityweekly.com/psw-838

Dead Code, CrowdStrike's Kernel Lessons, VMs & Security Boundaries, SLUBStick Attack - ASW #294
The code curation considerations of removing abandoned protocols in OpenSSL, kernel driver lessons from CrowdStrike's crash, choosing isolation primitives, cross-cache attacks made possible by SLUBStick, and more! Show Notes: https://securityweekly.com/asw-294

Fake IDS, Storm Bamboo, uBlock, Rhysida, Snake, Delta, TikTok, Josh Marpet... - SWN #404
Fake IDS, Storm Bamboo, uBlock, Rhysida, Snake, Delta, TikTok, Josh Marpet, and more, on this Edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-404

Building Successful Security Champions Programs - Marisa Fagan - ASW #294
Even though Security Champions programs look very different across organizations and maturity levels, they share core principles for becoming successful. Marisa shares her experience in building these programs to foster a positive security culture within companies. She explains the incentives and rewards that lead to more engagement from champions and the benefits that come from so many people being engaged with security. Segment Resources: OWASP Security Champions Guide - Get Involved! - https://owasp.org/www-project-security-champions-guidebook/#div-getinvolved OWASP Security Champions Guide - LinkedIn page - https://www.linkedin.com/company/owasp-security-champions-guide/ The Security Champions Success Guide - https://securitychampionsuccessguide.org/ "Building a Successful Security Champions Program... What Does it Take?" - https://www.katilyst.com/post/building-a-successful-security-champions-program-what-does-it-take Show Notes: https://securityweekly.com/asw-294

Say Easy, Do Hard - Job Search Strategies for CISOs - Part 2 - Merlin Namuth, Brad Rager - BSW #359
Inspired by my co-host Jason Albuquerque, this quarter's Say Easy, Do Hard segment is Job Search Strategies for CISOs. In part 2, Jason proposes we blow it all up, while Ben recommends a certification board for CISOs. We have no shortage of suggestions for how to fix the CISO hiring problem. Show Notes: https://securityweekly.com/bsw-359

Say Easy, Do Hard - Job Search Strategies for CISOs - Part 1 - Merlin Namuth, Brad Rager - BSW #359
Inspired by my co-host Jason Albuquerque, this quarter's Say Easy, Do Hard segment is Job Search Strategies for CISOs. In part 1, we discuss the challenges facing the CISO role and it's hiring. As CISOs leave the role, the position is not necessarily being refilled. How will this impact future CISO hiring? Show Notes: https://securityweekly.com/bsw-359

Funding, Cato, Code42, DoS Robots, and Blackhat Prep - ESW #370
This week, in the enterprise security news, over half a billion in funding, as everyone gets their pre-Blackhat announcements out! Mimecast picks up Code42 Will Cato Networks IPO? Canarytokens update We still have some crowdstrike fallout to discuss CISO responses to SEC rules Making things secure without security tools tips for going SOCLess denial of service robots All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-370

10 Security Researcher Qualities Marketers Should Adopt - Dani Woolf - ESW #370
There's plenty of content out there detailing how vendors fall short: scummy, aggressive sales tactics overuse of jargon and buzzwords sneaky sales tactics dumping on competitors products that fall far short of claims ambulance chasing So what should they doing? In this episode, we chat with Dani Wolff, about how marketers can adopt the skills and mindsets of security researchers to improve GTM strategies, without resorting to awful tactics. Drawing from extensive experience in qualitative interviews and collaborations with enterprise security executives and researchers, Dani will uncover how the innate curiosity and analytical prowess of researchers can dismantle unhealthy habits within vendor organizations. We'll also discuss Dani's various projects, including the WTF Did I Just Read podcast, CyberNest, and CyberSynapse. Dani will explain how these are all designed to address the gap between vendors and buyers in the cybersecurity industry. Show Notes: https://securityweekly.com/esw-370

Taco Bell AI, Azure, Scams, AI Emails, IBM, Crowdstrike, Aaran Leyland, and More... - SWN #403
Taco Bell AI, Azure, Scams, AI Emails, IBM, Crowdstrike, I try to be more succinct, Aaran Leyland, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-403

Cybersecurity's Love Affair with Distractions - Fred Wilmot - ESW #370
Remember 20 years ago? When we were certain SIEMs would grant our cybersecurity teams superpowers? Or 10 years ago, when we were sure that NGAV would put an end to malware as we knew it? Or 15 years ago, when we were sure that application control would put an end to malware as we knew it? Or 18 years ago, when NAC would put an end to unauthorized network access? Why do we keep thinking that the next vendor offering is going to solve all our problems? In this interview, we talk with Fred Wilmot about the hard work of building effective processes and resilient architectures that will actually yield reductions in risk and detection/response capabilities that actually work. We'll discuss shifts in thinking that can move us past the latest distractions, and keep security teams focused on work that moves the needle. Fred may also mention his past transgressions against the industry and what he's doing to "wipe out the red from his ledger". Show Notes: https://securityweekly.com/esw-370

It's Always DNS - PSW #837
Hacking traffic lights (for real this time), the Docker API strikes again, access Github deleted data, using EDR to elevate privileges on Windows, computers I need in my life, failed experiments and Raspberry PI access points, sitting ducks and TuDoor - its always DNS times 2, null sessions and a blast from the past, chaining UEFI vulnerabilities, pirates exposed, revoking SSL certificates, and using AI to analyze your brain: Multimodal Automated Interpretability Agent! Show Notes: https://securityweekly.com/psw-837

PK Fail - John Loucaides - PSW #837
John is one of the foremost experts in UEFI and joins us to talk about PK Fail! What happens when a vendor in the supply chain accidentally loses a key? It's one of the things that keeps me up at night. Well, now my nightmare scenario has come true as a key has been leaked. Learn how and why and what you can do about it in this segment! Show Notes: https://securityweekly.com/psw-837

Forever mouse, RPC, WhatsApp, NIST, PKFail, 0Auth, Josh Marpet, and More... - SWN #402
Forever Mouse, RPC, WhatsApp, NIST, PKFail, 0Auth, Josh Marpet, and More, on this Edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-402

A CISO's Perspective on AI, Appsec, and Changing Behaviors - Paul Davis - ASW #293
Modern appsec isn't modern because security tools got shifted in one direction or another, or because teams are finding and fixing more vulns. It's modern because appsec is meeting developer needs and supporting the business. Paul Davis talks about how AI is (and isn't) changing appsec, the KPIs that reflect outcomes rather than being busy, and the importance of communication for security teams. This segment is sponsored by JFrog. Visit https://securityweekly.com/jfrog to learn more about them! Show Notes: https://securityweekly.com/asw-293
The Evolving Role of the CISO - Allan Alford - BSW #358
The CISO role has been evolving for 20 years, but the last 2 years have accelerated that evolution. Some might say it's evolving into extinction. What are the factors driving this evolution? Allan Alford, CEO at Alford and Adams Consulting and host of The Cyber Ranch Podcast, joins Business Security Weekly to discuss this evolution and some of the factors driving these trends. In this interview, Allan will share his insights: Migratory Trends of the CISO CISO Skill Sets: Technical or Business? The Language of the CISO Show Notes: https://securityweekly.com/bsw-358

Identity Security Posture Management - Dor Fledel - BSW #358
Identity, the security threat that keeps on giving. For the 17th year in a row, identity is one of the top threats identified in the Verizon DBIR. Why? Dor Fledel, Senior Director of Product Management at Okta and Co-Founder of Spera, joins Business Security Weekly to discuss the challenges of identity and how to solve them. From numerous disparate identity systems to a proliferation is SaaS application usage, Dor explains why Identity SecurityPosture Management is critical component to identify vulnerabilities, prioritize risks, and streamline remediation. If you're struggling with securing your identities, don't miss this interview. Segment Resources: https://www.okta.com/products/identity-security-posture-management/ https://www.okta.com/secure-identity-commitment/ This segment is sponsored by Okta. Visit https://www.securityweekly.com/okta to learn more about them! Show Notes: https://securityweekly.com/bsw-358

AI Ruining the Internet, Crowdstrike Post Mortem, Wiz Walks - ESW #369
This week, on Enterprise Security Weekly, we've got: Identity Security gets more funding Wiz walks away BlackHat Announces Startup Spotlight Finalists Crowdstrike post mortem Simple Security Tricks are the Best Security Tricks Splitting the CISO role Web scraping for AI is out of control SEC vs Solarwinds Vaping the Internet Show Notes: https://securityweekly.com/esw-369
Can the latest wave of AI innovation deliver for security operations teams? - ESW #369
Edward Wu thinks so! Understandably so, as his startup, Dropzone.ai is making a big bet on generative AI to change the face (and pace) of security operations. We'll talk about what has changed here, and I have so many questions: after many generations of AI/ML technology in security, is the current gen really that dramatically different? Dropzone is far from the only startup with the same idea here, how will they differentiate? Is the problem that we need more help than we can possibly hire, or are we fundamentally doing something wrong in security operations? Specifically, what is this tech doing to help? Finally, we'll wrap by talking about where this tech goes next, and can we get there with current technology, or are we dependent on more breakthroughs from companies like OpenAI, Anthropic, and Meta? Show Notes: https://securityweekly.com/esw-369

Twitter, the DOJ, DarkSeoul, Fake Employees, PlugX, Stargazer Ghost, Aaran Leyland... - SWN #401
Twitter Opt-In, the DOJ, DarkSeoul, Fake Employees, PlugX, Stargazer Ghost, Aaran Leyland, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-401
Generative AI (as used by defenders AND attackers) will Drive SOC Evolution - Greg Notch - ESW #369
The emergence of generative AI has caused us to rethink things on two fronts: how we consume threat detection data, as defenders how we need to shift our thinking and approaches to prepare for attackers' newfound GenAI capabilities But wait - is GenAI even useful for defenders or attackers? We'll dive deep into the state of AI as it pertains to security operations, just as Gartner announces that AI is hitting the trough of disillusionment. What better time to dispel the hype and focus on where real progress can be made? Show Notes: https://securityweekly.com/esw-369

Crowdstrike: The Aftermath - PSW #836
Segment description coming soon!The Crowdstrike incident: what happened and what we can do better, people forget what 0-Day really means, shutting off the heat in January, honeypot evasion and non-functional exploits, what not to use to read eMMC, what if we don't patch DoS related vulnerabilities, a CVSS 10 deserves its own category, port shadow attacks, IPC and DBUS and a very informative and entertaining article, container breakouts, when you are bored on an airplane, Linksys security violations, fake IT workers, Telegram 0-day, and how to be more resilient on the same technology stack! Show Notes: https://securityweekly.com/psw-836

MS Patch Tuesday: Which Vulnerabilities Really Need Prioritizing - Douglas McKee - PSW #836
Doug and the Security Weekly crew talk about vulnerabilities, are we patching the right things? This is the burning question. We will try to answer it. Segment Resources: https://blog.sonicwall.com/en-us/2024/04/patch-tuesday-which-vulnerabilities-really-need-prioritizing/ Show Notes: https://securityweekly.com/psw-836

SAPwned, Squarespace Domain Hijacks, AIs Fixing Code, Infosec Investments - ASW #292
SAPwned demonstrates tenets of tenant isolation, a weak login flow puts Squarespace domains at risk, how AIs might (or might not) be useful for fixing code, getting buy-in for infosec investments, and more! Show Notes: https://securityweekly.com/asw-292

Risk Management Insights: What CEOs and Boards Really Need - Jeff Recor - BSW #357
Security is a risk management discipline. No one understand that more than Jeff Recor. Jeff has built risk management practices for Deloitte, Grant Thornton, and Accenture and has recently formed his own risk consulting practice. In this unscripted interview, Jeff will share his insights on the evolution of security as a risk management discipline, what CEOs and Boards really need, and how CISOs can be successful as a business leader. Show Notes: https://securityweekly.com/bsw-357

Where Generative AI Can Actually Help Security (And Where It Doesn't) - Allie Mellen, Farshad Abasi - ASW #292
Generative AI has produced impressive chatbots and content generation, but however fun or impressive those might be, they don't always translate to value for appsec. Allie brings some realistic expectations to how genAI is used by attackers and can be useful to defenders. Segment resources: https://www.forrester.com/blogs/generative-ai-will-not-fulfill-your-autonomous-soc-hopes-or-even-your-demo-dreams/ https://www.forrester.com/blogs/top-5-things-you-need-to-know-about-how-generative-ai-is-used-in-security-tools/ https://www.forrester.com/blogs/the-blob-is-poisoning-the-security-industry/ Show Notes: https://securityweekly.com/asw-292

Killer Robots, Crowdstrike, Southwest, Play, FrostyGoop, Josh Marpet and More - SWN #400
Elon's Killer Robots, Crowdstrike and More Crowdstrike, Southwest, Play, FrostyGoop, Josh Marpet, and more, on this Edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-400
Closing CISO-CEO Communication Gap Requires a Common Business Language - Sumedh Thakar - BSW #357
Back in April, we covered a story on episode #348 titled "CISO-CEO communication gaps continue to undermine cybersecurity". In that article, Sumedh Thakar, the CEO at Qualys, stated "CISOs must translate technical risks into business impact for CEOs." But he didn't say how. So, we invited him on the show to explain. In this episode, Sumedh walks us through real life interactions with his CISO and Board and explains why security needs to be communicated in business terms. Show Notes: https://securityweekly.com/bsw-357

Analyzing the CrowdStrike Incident and Its Ripple Effects - SWN #399
In this episode of Security Weekly News, Dr. Doug White and Josh Marpet delve into the widespread impact of the recent CrowdStrike and Microsoft technical issue, which disrupted various industries, including airlines, DMVs, and hospitals. They discuss the interconnectedness of modern systems, the reliance on automatic updates, and the critical need for thorough testing and third-party risk management. Emphasizing the importance of understanding and planning for system failures, the hosts highlight the necessity for comprehensive inventories, continuous monitoring, and robust backup plans to ensure business continuity and resilience. Tune in for expert insights into mitigating the significant consequences of system failures. Show Notes: https://securityweekly.com/swn-399
Rumored Wiz Deal Would be HISTORIC (if it happens), redefining shared responsibility - ESW #368
In this week's enterprise security news, Google is rumored to be considering acquiring Wiz for $23 BILLION ThreatConnect acquires Polarity XBOW and Sola Security are interesting new companies we'll discuss What does "shared responsibility" actually mean? Palo Alto probably isn't going to buy your startup Snowflake-related breaches continue getting worse MUCH less AI talk than usual Defragmenting your browser All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-368
What's wrong with the cybersecurity industry and what we can do about it - Richard Hollis - ESW #368
On this segment, we're going to zoom all the way out to discuss one of my favorite topics: what's fundamentally wrong with this industry? I believe we're at an inflection point: security teams have budget, staff, and more sway at the board level than ever. The cybersecurity market is doing great - growing at an astonishing rate with cyber startups that almost never fail and funding that survives every market downturn. So why are failures also breaking records? What are we getting wrong? Why are we failing? These are the questions Richard, Katie, and I will try to answer in this segment. Segment Resources: www.riskcrew.com/resources-2/cybersecurity-circle-of-failure/ Show Notes: https://securityweekly.com/esw-368
Book Discussion: Jump-start Your SOC Analyst Career - Jarrett Rodrick, Tyler Wall - ESW #368
Three years after we last discussed this book on episode #221, Jarrett Rodrick returns, joined by co-author Tyler Wall to discuss an update of the book. We talk opportunities and layoffs. Career paths and experience. Degrees, certifications, and home labs. We talk about who cybersecurity is the right field for, and the pros and cons of the industry as a whole. We also talk myths and reality about a cybersecurity career. Can you really make $100k just a few years in? Is it really an entry level field? Are you better off entering cyber from IT or the military? Segment Resources: Pick up the book on the publisher's website Pick up the book on Amazon Actual junior roles and entry level opportunities Show Notes: https://securityweekly.com/esw-368

Vulnerability Chains - PSW #835
Find new flaws in UEFI using STASE, combining vulnerabilities to exploit Sonicwall Devices, remote BMC exploits, Netgear patches, and not a lot of information, 22 minutes before exploited, if the secrets were lost, we'd all be in screwed, Exim has not been replaced by something better and its vulnerable, CISA's red team reports, and attackers use drivers to attack EDR, the saga continues! Show Notes: https://securityweekly.com/psw-835

3D Printing For Hackers - David Johnson - PSW #835
Thinking about getting a 3D printer or have one and need a good primer? Check out this segment, we live 3D print a Captain Crunch whistle and talk all about 3D printing for hackers! Segment Resources: Slides used in this segment: https://files.scmagazine.com/wp-content/uploads/2024/07/3D-Printing-for-Hackers.pdf Major 3D Printer Websites: https://vorondesign.com/ https://www.prusa3d.com/ https://www.creality.com/ https://bambulab.com/ https://elegoo.com Major 3D File libraries: https://printables.com (Prusa) https://thingiverse.com https://thangs.com https://makerworld.com (Bambu Labs) https://cults3d.com Youtube Channels: Uncle Jessy CnC Kitchen The Edge of Tech Makers Muse Show Notes: https://securityweekly.com/psw-835

A 2024 Appsec Report, Preparing for the AIxCC, Secure Design and Post-Quantum Crypto - ASW #291
Cloudflare's 2024 appsec report, reasoning about the Cyber Reasoning Systems for the upcoming AIxCC semifinals at DEF CON, lessons in secure design from post-quantum cryptography, and more! Show Notes: https://securityweekly.com/asw-291

Floppy Disks, Exim, Kaspersky, Darkgate, AT&T, Josh Marpet and more... - SWN #398
Floppy Disks, Exim, Kaspersky, Darkgate, AT&T, Josh Marpet, and more are on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-398

Producing Secure Code by Leveraging AI - Stuart McClure - ASW #291
How can LLMs be valuable to developers as an assistant in finding and fixing insecure code? There are a lot of implications in trusting AI or LLMs to not only find vulns, but in producing code that fixes an underlying problem without changing an app's intended behavior. Stuart McClure explains how combining LLMs with agents and RAGs helps make AI-influenced tools more effective and useful in the context that developers need -- writing secure code. Show Notes: https://securityweekly.com/asw-291

Board and CEO Understanding of CyberSecurity as CISOs Grapple with the C-Suite - BSW #356
In the leadership and communications section, The Board's understanding of cybersecurity, What does your CEO need to know about cybersecurity?, As CISOs grapple with the C-suite, job satisfaction takes a hit, and more! Show Notes: https://securityweekly.com/bsw-356