PLAY PODCASTS
Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video)

4,876 episodes — Page 19 of 98

Electric Sheep, Exchange, Darcula, NuGet, Rockwell, FTX, Aaran Leyland, and More - SWN #373

AI Dreams of Electric Sheep, Exchange, Darcula, NuGet, Rockwell, FTX, Aaran Leyland, and More, on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-373

Mar 29, 202437 min

Why cyber hygiene requires curious talent - Clea Ostendorf - ESW #355

Many years ago, I fielded a survey focused on the culture of cybersecurity. One of the questions asked what initially drew folks to cybersecurity as a career. The most common response was a deep sense of curiosity. Throughout my career, I noticed another major factor in folks that brought a lot of value to security teams: diversity. Diversity of people, diversity of background, and diversity of experience. I've seen auto mechanics, biologists, and finance experts bring the most interesting insights and forehead-slapping observations to the table. I think part of the reason diversity is so necessary is that security itself is incredibly broad. It covers everything that technology, processes, and people touch. As such, cybersecurity workers need to have a similarly broad skillsets and background. Today, we talk to someone that embodies both this non-typical cybersecurity background and sense of curiosity - Clea Ostendorf. We'll discuss: The importance for organizations to actively seek and welcome curious newcomers in the security field who may not conform to traditional cybersecurity norms. Strategies for organizations to foster an environment that encourages individuals with curiosity, motivation, and a willingness to challenge conventional norms, thereby promoting innovative thinking in addressing security risks. Segment Resources: Evolving Threats from Within - Insights from the 2024 Code42 Data Exposure Report Show Notes: https://securityweekly.com/esw-355

Mar 28, 202448 min

Crypto, Bluetooth Vulns, Unsafe Locks - PSW #822

The PSW crew discusses some crypto topics, such as post-quantum and GoFetch, new Flipper Zero projects, RFID hacking and hotel locks, BlueDucky, side channel attacks and more! Show Notes: https://securityweekly.com/psw-822

Mar 28, 20241h 55m

Are we winning? - Jason Healey - PSW #822

Jason Healey comes on the show to discuss new ideas on whether the new national cybersecurity strategy is working. Segment Resources: DEFRAG Hacker Film Festival short documentary (https://youtu.be/NYvHWcQsIRE) on hackers and their favorite films. For educational purposes only, as we don't have the rights to the clips. YouTube link to Wargames event with Jen Easterly, Matt Devost, Amelia Koran and Kevin Huyck (head of ops for NORAD) (https://youtu.be/iqx6STDYJ7c?si=73WQtSG4RnCGsBcT). https://www.lawfaremedia.org/article/which-cyber-regulations-fit-which-sectors https://www.lawfaremedia.org/article/the-national-cybersecurity-strategy-breaking-a-50-year-losing-streak https://www.lawfaremedia.org/article/twenty-five-years-of-white-house-cyber-policies https://www.lawfaremedia.org/article/understanding-offenses-systemwide-advantage-cyberspace Show Notes: https://securityweekly.com/psw-822

Mar 28, 20241h 5m

Patrick Stewart, Colorama, Strelastealer, CVSS scores, CHUDS, Josh Marpet, and more - SWN #372

Patrick Stewart, Colorama, Strelastealer, CVSS scores, CHUDS, Josh Marpet, and more, on this Edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-372

Mar 26, 202430 min

Apps Gone Wild: Re-thinking App and Identity Security for SaaS - Guy Guzner - BSW #343

With hundreds or thousands of SaaS apps to secure with no traditional perimeter, Identity becomes the focal point for SaaS Security in the modern enterprise. Yet with Shadow IT, now recast as Business-Led IT, quickly becoming normal practice, it's more complicated than trying to centralize all identities with an Identity Provider (IdP) for Single Sign-On (SSO). So the question becomes, "How do you enable the business while still providing security oversight and governance?" This segment is sponsored by Savvy. Visit https://securityweekly.com/savvy to learn more about them! Show Notes: https://securityweekly.com/bsw-343

Mar 26, 202429 min

CSO Role vs. Changing CISO Role as 60% of Both Roles are Omitted from SEC Filings - BSW #343

In the leadership and communications section, The CISO Role Is Changing. Can CISOs Themselves Keep Up? , Why do 60% of SEC Cybersecurity Filings Omit CSO, CISO Info?, How Co-Leaders Succeed, and more! Show Notes: https://securityweekly.com/bsw-343

Mar 26, 202433 min

GoFetch Side Channel, OpenSSF & Security Education, Fuzzing vs. Formal Verification - ASW #278

The GoFetch side channel in Apple CPUs, OpenSSF's plan for secure software developer education, fuzzing vs. formal verification as a security strategy, hard problems in InfoSec (and AppSec), and more! Show Notes: https://securityweekly.com/asw-278

Mar 26, 202432 min

Top 5 Myths About API Security and What to Do Instead - Robert Dickinson - ESW #354

While awareness and attention towards cybersecurity are on the rise, some popular and persistent myths about cybersecurity have almost become threats themselves. API security requires a modern understanding of the threat landscape, with the context that most API providers desire to be more open and accessible to all. We will debunk the 5 worst myths about protecting your APIs. Segment Resources: API Security Basics - Everything You Need to Know Graylog API Security - Gain Visibility & Control Over Your API Attack Surface This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about API security! Show Notes: https://securityweekly.com/esw-354

Mar 25, 202449 min

Successful Security Needs a Streamlined UX - Benedek Gagyi - ASW #278

One of the biggest failures in appsec is an attitude that blames users for security problems. A lot of processes and workflows break down because of an insecure design or insecure defaults. Benedek Gagyi chats with us about the impact of the user experience (UX) on security and why it's not only important to understand how to make a user's life easier, but in defining who that user is in the first place. Segment resources: https://www.usenix.org/conference/8th-usenix-security-symposium/why-johnny-cant-encrypt-usability-evaluation-pgp-50 Show Notes: https://securityweekly.com/asw-278

Mar 25, 202436 min

Robots, UDP, GoFetch, DCs, Pwn2Own, Verner Vinge, Reddit, Aaran Leyland, and More - SWN #371

Robots gone wild, UDP, GoFetch, Domain Controllers, Pwn2Own, Verner Vinge, Reddit, Aaran Leyland, and More on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-371

Mar 22, 202428 min

Lots Of Funding News, Airbus Says No, and Cato Networks Going IPO? - ESW #354

In the enterprise security news, Lots of funding news, including: - Nozomi Networks Raises $100 Million to Expand Industrial Cybersecurity Business - BigID Raises $60 Million at $1 Billion Valuation - J.P. Morgan Growth Leads $39 Million Investment in Eye Security - CyberSaint raises $21 million to accelerate market expansion Zscaler Acquires Avalor for $350 Million Cisco completes $28 bn acquisition of cybersecurity firm Splunk Airbus Calls Off Planned Acquisition of Atos Cybersecurity Group Cybersecurity firm Cato Networks hires banks for 2025 IPO, sources say Show Notes: https://securityweekly.com/esw-354

Mar 22, 202455 min

A Dive into Vulnerabilities and Compliance - PSW #821

We discuss the always controversial Flipper Zero devices the hidden risks in the undersea cables, and the landscape of government oversight, revealing the intricacies of CVE, KEV, and NVD systems that are the linchpins of our digital safety. The conversation takes a turn to the practicalities of risk management and the impact of individuals on the industry, like Daniel from the curl project, striking a chord with the significance of cybersecurity vulnerabilities compared to environmental pollution. We tackle the challenges of vulnerability prioritization and the importance of a comprehensive approach to managing the ever-evolving threats that target our digital infrastructure. (00:01) Security Practices and Flipper Zero (07:01) Technology and Privacy Concerns in Cars (17:33) Undersea Cables and NVD Issues (27:45) Government Oversight and Funding for Cybersecurity (33:33) Improving Vulnerability Prioritization in Cybersecurity (45:37) Risk Management and CVE Implementation (58:06) Cybersecurity Budget and Risk Management (01:10:48) Unique Challenges in Cybersecurity Industry (01:16:41) Discussion on Open Source and CNAs (01:26:44) Bluetooth Vulnerabilities and Exploits Discussed (01:39:46) Email Security and Compromised Accounts (01:46:23) Cybersecurity Threats and Vulnerabilities (01:52:06) GPU Security Vulnerabilities Explained Show Notes: https://securityweekly.com/psw-821

Mar 21, 20241h 58m

Securing All The Things - Josh Corman - PSW #821

Josh Corman joins us to explore how we can make things more secure, making companies make things more secure, and making regulations that make us make things more secure! We will also touch on supply chain security and the state of vulnerability tracking and scoring. Show Notes: https://securityweekly.com/psw-821

Mar 21, 20241h 10m

Emerging Trends CISOs Should Pay Attention To - Tom Parker - BSW #342

Piggybacking off of our interview with Dave DeWalt, Tom Parker from Hubble joins Business Security Weekly to discuss a few of the key trends CISOs should be paying attention to. Yes, we'll cover Artificial Intelligence, but more from a business risk and governance perspective. We'll also cover quantum computing, technical debt, and how budgets will impact how organizations can or cannot prepare for these emerging trends. Buckle up and hang on for part two of our jam packed episode. Show Notes: https://securityweekly.com/bsw-342

Mar 19, 202429 min

Vulns in Smart Locks, FCC labels for IoT, ZAP's New Home - ASW #277

Insecure defaults and insecure design in smart locks, FCC adopts Cyber Trust Mark labels for IoT devices, the ZAP project gets a new home, and more! Show Notes: https://securityweekly.com/asw-277

Mar 19, 202438 min

Sick Jokes, WEBGPU, Fortra, Azorult, Fujitsu, Phishing, Josh Marpet, and More - SWN #370

Sick Jokes, WEBGPU, Fortra, Azorult, Fujitsu, Conversation Overflow, Phishing, Josh Marpet, and more on this Edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-370

Mar 19, 202432 min

Figuring Out Where Appsec Fits When Starting a Cybersecurity Program - Tyler VonMoll - ASW #277

Lots of companies need cybersecurity programs, as do non-profits. Tyler Von Moll talks about how to get small organizations started on security and how to prioritize initial investments. While an appsec program likely isn't going to be one of the first steps, it's going to be an early one. What decisions can you make at the start that will benefit the program in the years that follow? What does an appsec program look like at a small scale? Segment Resources: "Cybersecurity for Nonprofits", https://docs.google.com/presentation/d/18HuKtwgwGMtEJ87CgkMqHp1JDVRUXPP--zptjMpF0/edit?usp=sharing https://www.verizon.com/business/resources/reports/dbir/2023/master-guide/ Show Notes: https://securityweekly.com/asw-277

Mar 19, 202435 min

How The Evolving Threat Landscape Drives Innovation In Cybersecurity - Dave Dewalt - BSW #342

Dave DeWalt needs no introduction. A four-time CEO and currently the Founder and CEO of NightDragon, Dave collects, analyses, and disseminates more intelligence on the cybersecurity industry in a year than most of us ever will in a lifetime. We've invited Dave to Business Security Weekly to share some of that intelligence with our audience. Specifically, we'll hear about: The evolving threat landscape, including impacts of Artificial Intelligence The latest cybersecurity innovation, including what's working and what's NOT working The impact of budgets on buying decisions, including whether "best of breed" is dead in lieu of platforms Tune in for this insightful discussion before you make your next strategic cybersecurity decisions. Show Notes: https://securityweekly.com/bsw-342

Mar 18, 202432 min

Will AI allow us to finally scale vuln mgmt and threat detection? - ESW #353

We don't cover a lot of stories in this week's episode, but we go deep on a few important ones. I'm biased, but I think it's a good one, especially having Darwin's input and encyclopedic knowledge available to us. Also in this week's news: Homomorphic encryption pops up again! Microsoft Security Copilot has a release date! Sudo for Windows Microsegmentation pops up again! The TikTok Ban Darwin's Newsletter: The Cybersecurity Pulse All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-353

Mar 15, 20241h 8m

Cynicism, TikTok, Redline, Securam, Ghostrace, eSim Swaps, Aaran Leyland, and More - SWN #369

Cynicism, TikTok, Redline, Securam, Ghostrace, MicroOrange, eSim Swaps, Aaran Leyland, and More on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-369

Mar 15, 202432 min

Addressing Identity-Related Threats in 2024 - Rod Simmons - ESW #353

In this interview, we talk to Rod Simmons, the VP of Product Strategy at Omada. We'll discuss the complex topic of securing identities against ever growing threats. We'll discuss challenges like unnecessary access, accounts with too many permissions, and a threat landscape that is increasingly finding success from targeting identities. Finally, we'll discuss where the Identity Governance and Administration (IGA) market is going. Segment Resources: Analyst Report: The State of Identity Governance 2024 Show Notes: https://securityweekly.com/esw-353

Mar 15, 202448 min

Printers Are "Not Nice" - PSW #820

In the security News end of life routers and exploits, SCCM mis-configurations lead to compromise, apparently you can hack anything with a Flipper Zero, do source code leaks matter?, visibility is important, printer vulnerabilities that no one cares about, friendship gets you firmware, lock hacking continues, VM escapes and risk, and multiple really cool Bluetooth hacking stories. Show Notes: https://securityweekly.com/psw-820

Mar 14, 20241h 56m

Memory Safety, Re-Writing Software, and OSS Supply Chains - Omkhar Arasaratnam - PSW #820

Omkhar Arasaratnam is the General Manager of the Open Source Software Foundation (OpenSSF) and appears on the show to discuss memory safety, why re-writing software isn't always the best option, open-source software supply chains, and more! Segment Resources: https://openssf.org/blog/2024/02/26/openssf-supports-efforts-to-build-more-secure-and-measurable-software/ https://www.whitehouse.gov/wp-content/uploads/2024/02/Final-ONCD-Technical-Report.pdf Show Notes: https://securityweekly.com/psw-820

Mar 14, 202452 min

TeamCity Authn Bypass, ArtPrompt Attacks, Low Quality Vuln Reports, Secure by Design - ASW #276

The trivial tweaks to bypass authentication in TeamCity, ArtPrompt attacks use ASCII art against LLMs, annoying developers with low quality vuln reports, removing dependencies as part of secure by design, removing overhead with secure by design, and more! Show Notes: https://securityweekly.com/asw-276

Mar 12, 202436 min

Dem Bones, Leather, QNAP, CISA, Microsoft, PyPI, France, AirBnB, Josh Marpet and More - SWN #368

Dem Bones, Leather, QNAP, CISA, Microsoft, PyPI, France, AirBnB, Josh Marpet, and More are on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-368

Mar 12, 202432 min

More API Calls, More Problems: The State of API Security in 2024 - Lebin Cheng - ASW #276

A majority of internet traffic now originates from APIs, and cybercriminals are taking advantage. Increasingly, APIs are used as a common attack vector because they're a direct pathway to access sensitive data. In this discussion, Lebin Cheng shares what API attack trends Imperva, a Thales Company has observed over the past year, and what steps organizations can take to protect their APIs. This segment is sponsored by Imperva. Visit https://www.securityweekly.com/imperva to learn more about them! Show Notes: https://securityweekly.com/asw-276

Mar 12, 202435 min

CISO's Guides to Engaging The Board, Artificial Intelligence, and Cyber Insurance - BSW #341

In the leadership and communications section, Cybersecurity in the C-Suite: A CISO's Guide to Engaging the Board, The CISO's Guide to AI: Embracing Innovation While Mitigating Risk, Cyber Insurance Strategy Requires CISO-CFO Collaboration, and more! Show Notes: https://securityweekly.com/bsw-341

Mar 12, 202426 min

Protecting Executives: Why The Home Is The New Battle Ground - Chris Pierson - BSW #341

When you think of executive protection, you think of work related activities such as security details, travel planning, and other physical security protections. But in the world of Artificial Intelligence and DeepFakes, the risk landscape for executives goes far beyond work and into their personal lives. The home is now the new battle field and family life will never be the same. Chris Pierson, CEO at BlackCloak, joins Business Security Weekly to discuss the changes in the risk landscape for executives, including Generative AI, and its impacts on social engineering, personal attacks, and family threats. Executive protection must now include digital protection, both at work and at home. This segment is sponsored by BlackCloak. Visit https://securityweekly.com/blackcloak to learn more about them! Show Notes: https://securityweekly.com/bsw-341

Mar 11, 202431 min

Star Trek, JetBrains, Facebook, Chrome, FBI, USBs, TikTok, Aaran Leyland, and More - SWN #367

Star Trek, JetBrains, Facebook, Chrome, FBI, USBs, TikTok, Aaran Leyland, and More on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-367

Mar 8, 202432 min

Early stage startup M&A on fire, funding healthy, and attackers are like lawyers? - ESW #352

In the enterprise security news, Axonius raises $200M and is doing $100M ARR! Claroty raises $100M and is doing $100M ARR! Crowdstrike picks up DSPM with Flow Security CyCode picks up Bearer Are attackers like lawyers? How a bank failed (with no help from a cyber attack) the FTC cracks down on customer data collection Apple's car sadly won't be a thing any time soon or maybe ever. All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-352

Mar 8, 20241h 0m

What can we do today to prevent tomorrow's breach? - Michael Mumcuoglu - ESW #352

Defenders spend a lot of time and money procuring and implementing security controls. At the heart of SecOps and the SOC are technologies like XDR, SIEM, and SOAR. How do we know these technologies are going to detect or prevent attacks? Wait for the annual pen test? Probably not a good idea. In this segment, we'll talk with Michael Mumcuoglu about how MITRE's ATT&CK framework can help defenders better prepare for inevitable attack TTPs they'll have knocking on their doors. Segment Resources: CardinalOps Contributes to MITRE ATT&CK for Fourth Consecutive Release ESG Report: Operationalize MITRE ATT&CK with Detection Posture Management Report: Enterprise SIEMs offer inadequate threat detection 2023 State of SIEM Detection Risk Report Show Notes: https://securityweekly.com/esw-352

Mar 8, 202447 min

DCNextGen, Memory Safety And More! - PSW #819

BiaSciLab from DEF CON joins us to discuss DCNextGen! In the security News: MouseJacking still works, CISA recommends a complete rebuild, memory safety and re-writing code, not all doorbells are created equal, putting a firewall in front of your LLM, rugged gear and vulnerabilities, PLCs are not safe, neither are Windows kernels.. Segment Resources: https://www.defcon.kids https://www.BiaSciLab.com https://www.GirlsWhoHack.com https://www.SecureOpenVote.com Show Notes: https://securityweekly.com/psw-819

Mar 7, 20242h 0m

Facing the Reality of Risk Prioritization - Dan DeCloss - PSW #819

Public information about exploits and vulnerabilities alone is not enough to inform prioritization, especially with the growing rate and variety of CVEs. Dan DeCloss, founder and CTO of PlexTrac, joins the show to discuss solving the challenges of risk prioritization to drive faster, more strategic assessment cycles. Spoiler: The key is adding context and prioritization to risk-scoring equations. Segment Resources: https://plextrac.com/get-ready-to-prioritize-risk-with-our-new-contextual-scoring-engine/?utmmedium=techptr&utmsource=securityweekly https://plextrac.com/video/priorities/?utmmedium=techptr&utmsource=securityweekly This segment is sponsored by PlexTrac. Visit https://securityweekly.com/plextrac to learn more about them! Show Notes: https://securityweekly.com/psw-819

Mar 7, 20241h 4m

ToddleShark, Zeek, Stuxnet revisited, ICS, AMEX, Apple, Change, Josh Marpet, and More - SWN #366

ToddleShark, Zeek, Stuxnet revisited, ICS, AMEX, Apple, Change, Josh Marpet, and More on this Edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-366

Mar 5, 202431 min

The Simple Mistakes and Complex Seeds of a Vulnerability Management Program - Emily Fox - ASW #275

The need for vuln management programs has been around since the first bugs -- but lots of programs remain stuck in the past. We talk about the traps to avoid in VM programs, the easy-to-say yet hard-to-do foundations that VM programs need, and smarter ways to approach vulns based in modern app development. We also explore the ecosystem of acronyms around vulns and figure out what's useful (if anything) in CVSS, SSVC, EPSS, and more. Segment resources: https://www.redhat.com/en/blog/patch-management-needs-a-revolution-part-1 https://next.redhat.com/blog/ https://www.first.org/cvss/v4-0/ https://www.first.org/epss/ https://deadliestwebattacks.com/appsec/2010/02/19/primordial-cross-site-scripting-xss-exploits -- For a bit of history, one of the earliest "bugs bounty" from 1995. Show Notes: https://securityweekly.com/asw-275

Mar 5, 202440 min

Security Starts At The Top and as CISOs Struggle, do they replace the CIO? - BSW #340

In the leadership and communications section, Effective cyber security starts at the top, CISOs Struggling to Balance Regulation and Security Demands With Rising Cybersecurity Pressures, Death of the CIO, Redefining the CISO role, and more! Show Notes: https://securityweekly.com/bsw-340

Mar 5, 202425 min

SAML & Secrets, Serializing AI Models, OWASP ISTG, More Memory Safety - ASW #275

A SilverSAML example similar to the GoldenSAML attack technique, more about serializing AI models for Hugging Face, OWASP releases 1.0 of the IoT Security Testing Guide, the White House releases more encouragement to move to memory-safe languages, and more! Show Notes: https://securityweekly.com/asw-275

Mar 5, 202438 min

The Convergence of Security, Compliance, and Risk - Igor Volovich - BSW #340

The SEC's new cyber reporting requirements are forcing organizations to rethink their compliance and risk programs. No longer can compliance and risk be static, point in time assessments. Instead they need to match the speed of security which is dynamic and real-time. Couple the difference in speeds with whistleblowers and attack groups reporting non-compliance with the new SEC rules and organizations find themselves in a regulatory nightmare. Igor Volovich, VP of Compliance Strategy for Cyber Compliance at Qmulos, joins BSW to share his "Notes from the battlefield" on how automation is the only way to effectively converge security, risk, and compliance into a dynamic, real-time discipline. Show Notes: https://securityweekly.com/bsw-340

Mar 4, 202433 min

Clueless pols, Lazarus, Ubiquity, UAMPQP, BlackCat, Airlines, Aaran Leyland and More - SWN #365

Clueless pols, Lazarus, Ubiquity, UAMPQP, BlackCat, CryptoChameleon, Airlines, Aaran Leyland, and More on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-365

Mar 1, 202432 min

Funding goes quiet while M&A makes some noise! - ESW #351

In this week's news segment, we discuss the lack of funding announcements, and the potential effect RSA could have on the timing of all sorts of press releases. We also discuss 1Password's potential future with its sizable customer base and the $620M it raised a few years back. Some other topics we discuss: NIST CSF 2.0 insider threats Ivanti Pulse Secure's appliance software found to be running positively ancient software (11 year old Linux distro, 5-20+ year old libraries & components) Nevada AG trying to get messaging decrypted for children, to "protect them" Kelly Shortridge's response to CISA's secure development RFI OpenAI's new GenAI video product, Sora and the potential impact it could have on cybersecurity Instacart spews out crappy AI recipes and photos Show Notes: https://securityweekly.com/esw-351

Mar 1, 20241h 7m

Hacktivism Unveiled: Insights into the Footprints of Hacktivists - Pascal Geenens - ESW #351

Pascal Geenens from Radware joins us to discuss the latest research findings relating to hacktivists an other actors using volumetric and other network-based attacks. We'll discuss everything from the current state of DDoS attacks to use in the military and even the impact of cyberattacks on popular culture! You can find the report Pascal mentions here, on Radware's website: https://www.radware.com/threat-analysis-report/ Show Notes: https://securityweekly.com/esw-351

Mar 1, 202451 min

Malware In Strange Places, Overheating, LockBit - PSW #818

The latest attacks against WiFi, its illegal to break encryption, BLE Padlocks are as secure as you think, when command not found attacks, how did your vibrator get infected...with malware, the OT jackpot, the backdoor in a random CSRF library, it's a vulnerability but there is no CVE, car theft and Canada, Glubteba, and settings things on fire! Show Notes: https://securityweekly.com/psw-818

Feb 29, 20241h 42m

Social Engineering: AI & Living Off The Land - Jayson E. Street - PSW #818

Jayson joins us to discuss how he is using, and social engineering, AI to help with his security engagements. We also talk about the low-tech tools he employs to get the job done, some tech tools that are in play, and the most important part of any security testing: Talking to people, creating awareness, and great reporting. Show Notes: https://securityweekly.com/psw-818

Feb 29, 20241h 10m

PrintListener, Post-Quantum Crypto in iMessage, Silent Sabotage, Rust Survey Results - ASW #274

PrintListener recreates fingerprints, iMessage updates key handling for a PQ3 rating, Silent Sabotage shows supply chain subterfuge against AI models, 2023 Rust survey results, the ways genAI might help developers, and more! Show Notes: https://securityweekly.com/asw-274

Feb 27, 202422 min

Avast, Hadoop & Druid Servers, HackerGPT, Apple, Crowdstrike, EFF Lockbit, & More - SWN #364

This week in the Security Weekly News: Avast fines, HackerGPT innovations, DDoS threats, encryption updates, Josh Marpet, and more! Show Notes: https://securityweekly.com/swn-364

Feb 27, 202428 min

Creating the Secure Pipeline Verification Standard - Farshad Abasi - ASW #274

Farshad Abasi joins us again to talk about creating a new OWASP project, the Secure Pipeline Verification Standard. (Bonus points for not being a top ten list!) We talk about what it takes to pitch a new project and the problems that this new project is trying to solve. For this kind of project to be successful -- as in making a positive impact to how software is built -- it's important to not only identify the right audience, but craft guidance in a way that's understandable and achievable for that audience. This is also a chance to learn more about a project in its early days and the opportunities for participating in its development! Segment resources https://github.com/OWASP/www-project-secure-pipeline-verification-standard--spvs- (coming soon!) Show Notes: https://securityweekly.com/asw-274

Feb 27, 202434 min

How Application Performance Transformed into Application Security - Shibu George - BSW #339

Panoptica, Cisco's cloud application security solution, was born out of Outshift, Cisco's incubation engine. Shibu George, Engineering Product Manager at Outshift, joins Business Security Weekly to discuss his transition from application performance monitoring to application security and how Panoptica was born. This segment is sponsored by Panoptica. Visit https://securityweekly.com/panoptica to learn more about them! Show Notes: https://securityweekly.com/bsw-339

Feb 27, 202431 min

The Unique Challenges of AI Risks - Padraic O'Reilly - BSW #339

Released on January 26, 2023, the NIST AI RMF Framework was developed through a consensus-driven, open, transparent, and collaborative process that included a Request for Information, several draft versions for public comments, multiple workshops, and other opportunities to provide input. It is intended to build on, align with, and support AI risk management efforts by others. Padraic O'Reilly, Founder and Chief Innovation Officer at CyberSaint, joins BSW to discuss why AI risks are a unique challenge and how they can impact both organizations and society. Without proper controls, AI systems can amplify, perpetuate, or exacerbate inequitable or undesirable outcomes for individuals and communities. With proper controls, AI systems can mitigate and manage inequitable outcomes. This segment is sponsored by CyberSaint . Visit https://securityweekly.com/cybersaint to learn more about them! Show Notes: https://securityweekly.com/bsw-339

Feb 26, 202433 min

Two-Factor Authentication - SWN Vault

Check out this interview from the SWN Vault, hand picked by main host Doug White! This segment was originally published on November 2, 2018. This week, Dr. Doug and Russ talk about the mysterious world of Two-Factor Authentication. This is something you hear all the time, and more and more sites are requiring and supporting it. The real question is, should you be using it? Show Notes: https://securityweekly.com/vault-swn-12

Feb 23, 202431 min