PLAY PODCASTS
Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video)

4,876 episodes — Page 29 of 98

JSON and a Regex, IoT Passwords, CAN Injection, Twitter CVE, Complexity, Tabletops - ASW #236

Lessons from an old 2008 JSON.parse vuln, opening garage doors with a password, stealing cars with CAN bus injection, manipulating Twitter's recommendation algorithm, engineering through complexity, successful tabletop exercises, and the anniversary of Heartbleed. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw236

Apr 11, 202337 min

FTX, CISA, Apple, RPKI, Circle, NEXX, MSI, Jason Wood, and more - SWN #288

FTX, CISA, Apple, RPKI, Circle, NEXX, MSI, Jason Wood, and more on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn288

Apr 11, 202330 min

How to Succeed, Lead by Example, & Take Risks & Conquer Fears - BSW #301

In the leadership and communications segment, How to Succeed As a New Chief Information Security Officer, Lead by Example: What Army Special Forces Can Teach You About Leadership, How to Take Risks & Conquer Fears, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw301

Apr 11, 202332 min

Ransomware: The Attack That Keeps on Working - Fleming Shi - BSW #301

Barracuda just released a report on Ransomware findings, here: https://assets.barracuda.com/assets/docs/dms/2023-Ransomware-insights-report.pdf . Here are a few of the highlighted stats: Barracuda international survey finds 73% of organizations experienced a successful ransomware attack in 2022 — 38% were hit more than once. 42% of those hit three times or more paid the ransom to restore encrypted data — compared to 31% of victims hit just once. 69% of ransomware attacks began with an email. 27% of organizations feel underprepared to tackle ransomware. Fleming Shi joins Business Security Weekly to discuss the findings and ways to better prepare for these attacks. This segment is sponsored by Barracuda. Visit https://securityweekly.com/barracuda to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw301

Apr 10, 202335 min

Deception, SaaS Security, and the 10 Plagues of Cloud Security - ESW #312

In this week's enterprise security news, we talk about new companies and funding, trends in the deception and SaaS Security/SSPM space. We discuss Andy Ellis's "10 plagues of cloud security" and Kelly Shortridge's 69 ways to F*&$ up your deploy. We discuss rolling out Yubikeys and the pros/cons of using biometrics instead of security keys. There have been some bad takes in the media on how OpenAI uses your ChatGPT prompts, so we set the record straight there. Cybersecurity is a new requirement for K-12 students in North Dakota, and you've got to see this week's security story - a rogue tire sends a Kia Soul FLYING.* * - but no one was hurt! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw312

Apr 7, 20231h 9m

Naughty Tesla, Flipper Zero, Rilide, Styx, Genesis, Sophos, Cisco, Meta, and More - SWN #287

Naughty Tesla, Flipper Zero, Rilide, Styx, Genesis, Sophos, Cisco, Meta, Aaran Leyland, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn287

Apr 7, 202330 min

Impact of New US National Cybersecurity Strategy on Organizations Building With OSS - Donald Fischer - ESW #312

Overall increase in government regulations. EU as well. Shift in liability from consumers to organizations.How to take advantage of safe harbor protections and reduce organizational risk and liability. NIST SSD Framework - how do you understand the security practices of the open source packages you use in your applications and ensure they are following the NIST practices (so you can take full advantage of safe harbor protections and reduce potential liability). Creating a network of open source maintainers, documenting and attesting to their security practices, is a solution. Work with the maintainers to be able to provide documentation. How to get more involved with development in open source security. What is the mechanism? Segment Resources: https://tidelift.com/government-open-source-cybersecurity-resources https://blog.tidelift.com/webinar-how-the-nist-secure-software-development-framework-impacts-open-source-software https://blog.tidelift.com/webinar-recap-what-the-new-u.s.-national-cybersecurity-strategy-means-for-open-source-software https://blog.tidelift.com/tidelift-advisory-impact-of-new-u.s.-national-cybersecurity-strategy-on-organizations-building-apps-with-open-source-software Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw312

Apr 7, 202345 min

Financial Institutions Under Siege in Cyberspace - Tom Kellermann - ESW #312

Kellermann will discuss the recently published report "Cyber Bank Heist" that exposes the cybersecurity threats facing the financial sector. Security must be a top-of-mind issue amid rising geopolitical tensions, increased destructive attacks utilizing wipers and a record-breaking year of zero-day exploits. Podcast listeners will learn what financial sector security leaders from around the world revealed in a series of interviews about specific trends when it comes to notable cyberattacks, e-fraud and cyber defense. Segment Resources: https://www.contrastsecurity.com/cyber-bank-heists-report - https://www.contrastsecurity.com/security-influencers/cyber-bank-heists-report-code-patrol-podcast-contrast-security Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw312

Apr 6, 202342 min

Rorschach, QNAP, We Got Hacked, SystemD, UTF-8, & Grub2 Music - PSW #779

In the Security News: Rorschach, QNAP and sudo, why bother signing things, why bother having a password, why bother updating firmware, smart screenshotting, TP-Link oh my, music with Grub2, byte arrays and UTF-8, what is my wifi password, Debian and systemd, opening garage doors, downgrade your firmware to be more secure, exploit databases, this is like a movie, unsolved CTFs, and Near-Ultrasound Inaudible Trojans! All that and more on this episode of Paul's Security Weekly! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw779

Apr 6, 20232h 6m

Cybersecurity Workforce Development - Sin Ming Loo - PSW #779

The approach of cybersecurity workforce development and how someone with such technical background come to designing a degree program with non-traditional approach. What it takes to keep it going? Segment Resources: https://go.boisestate.edu/ucore https://go.boisestate.edu/gcore Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw779

Apr 6, 20231h 2m

Ask the BSW Hosts Anything! - BSW #300

You ask, we respond. This Ask Me Anything (AMA) segment allows the audience to ask the BSW hosts anything. From leadership skills to career advice or even why Alderman keeps moving, this segment answers the questions you want to know. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw300

Apr 5, 202332 min

BingBang, Super FabriXss, 3CX on macOS, Secure Code Game, Real World Crypto 2023 - ASW #235

BingBang and Azure, Super FabriXss and Azure, reversing the 3CX trojan on macOS, highlights from Real World Crypto, fun GPT prompts, and a secure code game Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw235

Apr 5, 202333 min

The Journey to Episode 300 - BSW #300

Why 300? 300 is a perfect game in bowling, a milestone few have achieved (unless you're Brendan Alderman who has done it twice before the age of 20). 300 podcast episodes is almost 7 years of recording, a milestone most podcasts haven't achieved. So we thought is was worth celebrating! Join current and former BSW hosts to get a brief history of Business Security Weekly, including: Paul's resignation from Tenable in 2016 to expand the Security Weekly podcast Michael and Paul launching Start-up Security Weekly in 2016 The switch to Business Security Weekly in 2018 Matt's first episode (105) in 2018 as the new CEO of Security Weekly The premier episode of Security Money (113) in 2019 Jason's first episode (101) in 2018 The sale of Security Weekly to CyberRisk Alliance in 2020 Ben's first episode (231) in 2021 The premier episode of Say Easy, Do Hard (289) in 2023 Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw300

Apr 4, 202335 min

ProtoCell Phones, KEV, Efile, 3CX, Western Digital , NATO, More News & Jason Wood - SWN #286

ProtoCell Phones, KEV, Efile, 3CX, Western Digital, NATO, Jason Wood, and More on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn286

Apr 4, 202332 min

Learning eBPF - Liz Rice - ASW #235

Following on from her successful title "Container Security", Liz has recently authored "Learning eBPF", published by O'Reilly. eBPF is a revolutionary kernel technology that is enabling a whole new generation of infrastructure tools for networking, observability, and security. Let's explore eBPF and understand its value for security, and how it's used to secure network connectivity in the Cilium project, and for runtime security observability and enforcement in Cilium's sub-project, Tetragon. Segment Resources: Download "Learning eBPF": https://isovalent.com/learning-ebpf Buy "Learning eBPF" from Amazon: https://www.amazon.com/Learning-eBPF-Programming-Observability-Networking/dp/1098135121 Code examples accompanying the book: https://github.com/lizrice/learning-ebpf= Cilium project: https://cilium.io Tetragon project: https://tetragon.cilium.io/ Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw235

Apr 4, 202338 min

AI Can't Stop, Won't Stop; Early Stage Funding is Strong; YouTubers Hacked - ESW #311

In the enterprise security news, early stage startup funding stays constant, but late stage is nowhere to be found. Cisco, XM Cyber, and Mastercard make acquisitions. YouTube channels keep getting hacked. Microsoft fails to use Azure securely. Organizations are making progress on zero trust, but slowly. Finally, more discussion on AI threats, concerns, and predictions. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw311

Mar 31, 202348 min

TREXes, WooCommerce, 3CX, Zimbra, OneNote, ChatGPT, ProPump, & Aaran Leyland - SWN #285

Flappy TREX lips, WooCommerce, 3CX, Zimbra, OneNote, ChatGPT, ProPump, Aaran Leyland, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn285

Mar 31, 202335 min

Unpacking the White House National Cybersecurity Strategy - Josh Corman - ESW #311

The White House recently revealed their National Cybersecurity Strategy and its 5 pillars. Some is straightforward - some is more controversial. Josh helped with it and wrote a blog about it. Adrian read that post and asked Josh to come discuss it. So here we are. Segment Resources: https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf https://claroty.com/blog/consequential-cybersecurity-brace-yourself-for-the-white-house-national-cybersecurity-strategy Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw311

Mar 31, 202357 min

The RESTRICT Act, Intel's Attack Surface, & Stop Developing AI (For 6 Months) - PSW #778

In the Security News: Turning traffic lights green with the flipperzero (and a bunch of other hardware), suspending AV and EDR, Test signing mode, Linux control freaks, hacking the Apple Studio Disaply, Intel;s attack surface reduction claim, the truth about TikTok that everyone is missing, just stop developing AI, but only for 6 months, anyone can connect to Amazon's wireless network, revoking the wrong things, losing your keys, the funny, not-so-funny things about firmware encryption, and exploding thumb drives. All that, and more, on this episode of Paul's Security Weekly! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw778

Mar 30, 20231h 55m

Firmware Hacking! Reversing and Exploitation - Philippe Laulheret - PSW #778

How to get into reversing embedded firmware? Can the planet really be hacked? We'll go over a couple of fun exploitation examples, see what mistakes were made and maybe what could have been done better to make these devices tougher to break into. Segment Resources: Voip phone hacking: Blog: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/avaya-deskphone-decade-old-vulnerability-found-in-phones-firmware/ Def Con presentation (intro to hardware hacking): https://www.youtube.com/watch?v=HuCbr2588-w&ab_channel=DEFCONConference Medical Research: BBraun infusion pump: https://www.youtube.com/watch?v=6agtnfPjd64&ab_channel=hardwear.io Medical devices under attack: https://www.rsaconference.com/USA/agenda/session/Code%20Blue%20Medical%20Devices%20Under%20Attack Hacking DrayTek routers: https://www.youtube.com/watch?v=CD8HfjdDeuM&ab_channel=Hexacon Philippe's public work: https://github.com/philippelaulheret/talks_blogs_and_fun Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw778

Mar 30, 20231h 1m

CISO, The Board, and Cybersecurity - Enough Said! - BSW #299

In the leadership and communications section, CISO, The Board, and Cybersecurity, How CISOs Can Work With the CFO to Get the Best Security Budget, Building Effective and Skilled Teams Through Networking, Connectivity, and Communication, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw299

Mar 29, 202326 min

OpenAI Info Leak, BitCoin ATM Hack, GitHub RSA SSH Key, Measuring AI Security - ASW #234

Ferrari refuses ransomware, OpenAI deals with security issues from cacheing, video killed a crypto ATM, GitHub rotates their RSA SSH key, bypassing CloudTrail, terms and techniques for measuring AI security and safety Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw234

Mar 29, 202336 min

You DO Security, You Do Not HAVE Security - Melissa Bischoping - BSW #299

We often see security as a thing that has definitive check boxes, end states and deliverables. Audits "end" and then start again, but if you are looking at security as a noun -- as in, a thing that gets done, you are falling short. Security must be a verb. You DO security, you do not HAVE security. Security weaves through every layer and goes beyond the IT assets or codebase. This includes: Guerrilla marketing of gaining end-user buy-in for initiatives Iterative tuning of your data sources Active engagement with real-time feedback from the user base and technical teams Threat- and risk-informed decisions need to be capable of adapting when things get turned upside down. You need to create a culture and the associated processes to look at security like you do. Security teams and roadmaps are designed to look (often myopically) at specific "deliverables" and not so much at the vital signs of the security ecosystem in any given moment (and what that looks like OVER TIME, not at a moment IN time). This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw299

Mar 28, 202329 min

Twitter, Tax Scams, Microsoft, Executive Orders, Pwn2Own, more News & Jason Wood - SWN #284

Twitter, Tax Scams, Microsoft, Executive Orders, Pwn2Own, French Bans, and more on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn284

Mar 28, 202333 min

Real-life Examples. Benefits, Risk & Security Implications of AI - Frank Catucci - ASW #234

With the increased interest and use of AI such as GTP 3/4, ChatGPT, GitHub Copilot, and internal modeling, there comes an array of use cases and examples for increased efficiency, but also inherent security risks that organizations should consider. In this talk, Invicti's CTO & Head of Security Research Frank Catucci discusses potential use cases and talks through real-life examples of using AI in production environments. Frank delves into benefits, as well as security implications, touching on a number of security aspects to consider, including security from the supply chain perspective, SBOMs, licensing, as well as risk mitigation, and risk assessment. Frank also covers some of the types of attacks that might happen as a result of utilizing AI-generated code, like intellectual property leaking via a prompt injection attack, data poisoning, etc. And lastly, Frank shares the Invicti security team's real-life experience of utilizing AI, including early successes and failures. Segment Resources: On-demand webinar on the topic of generative AI - https://www.scmagazine.com/cybercast/generative-ai-understanding-the-appsec-risks-and-how-dast-can-mitigate-them Invicti Research - https://www.invicti.com/blog/web-security/analyzing-security-github-copilot-suggestions/ - https://github.com/svenmorgenrothio/Prompt-Injection-Playground This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw234

Mar 28, 202338 min

A Deep Dive Into Software Supply Chain Security - Neatsun Ziv - ASW #231

In this episode, Neatsun Ziv, co-founder and CEO of OX Security, takes a deep dive into software supply chain security. He focuses on the new Open Software Supply Chain Attack Reference (OSC&R), a first-of-its-kind framework for understanding techniques, tactics, and procedures (TTPs) used by attackers to compromise supply chains. OSC&R was forged by a group led by OX Security with cybersecurity pros from a number of companies, including Google, GitLab, FICO, Check Point, VISA and Fortinet. Segment Resources: https://pbom.dev/ https://github.com/pbom-dev/OSCAR Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw231

Mar 27, 202340 min

AI Hires Humans to Solve Captcha, Amazing Drones, & Buzzword Bingo 2023 Edition - ESW #310

This week in the Enterprise News: Dope Security nabs $16M led by GV to build out secure web gateways designed to work on endpoints, not in the cloud. We take the mystery out of some recent funding. Microsoft 365's Copilot tries to do your job for you. Mapping failures with decision trees. An AI hires a human to solve a CAPCHA, because it needed help, and lies to the human about the reason why. You know what's different between AI and you? Those goosebumps on your arms right now and the ice water in your veins. AI can't do that. New drone designs that change everything & Cyber Startup Buzzword Bingo: 2023 Edition. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw310

Mar 24, 20231h 1m

TikTok, GitHub, CISA, More CISA, a Little More CISA, Netgear, & DoKwon - SWN #283

This week Dr. Doug talks: TikTok, Github, CISA and More CISA, Netgear, Do Kwon and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn283

Mar 24, 202332 min

Bringing Transparency and Security to IoT with ioXt - Grace Burkard - ESW #310

The ioXt Alliance is a group of manufacturers, industry alliances, labs, and government organizations, dedicated to harmonizing best security practices and establishing testable standards. Our goal is to bring security, upgradability and transparency to the market and directly into the hands of consumers. Come learn about Smart Product security and what consumers should be asking for. Segment Resources: https://www.ioxtalliance.org/ Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw310

Mar 24, 202344 min

Eliminate Attack Surface from Inside Out - Shamim Naqvi - ESW #310

SafeLiShare delivers tamperproof security from inside out across clouds and eliminate algorithmic complexity attacks and reverse never-ending cycles of defense using policy controlled Confidential Computing with secure enclave technology. Segment Resources: Presentation - https://1drv.ms/p/s!AqqNWej5CK8uhEoIZW5MUxMTQLJU Blog - https://safelishare.com/blog/defining-confidential-computing/ Video - https://safelishare.com/data-privacy-resources/ Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw310

Mar 24, 202343 min

7" Laptop, Trojans in Chips, Samsung's Faux Moon, & The 4 C's - PSW #777

In the Security News: Windows MSI tomfoolery, curl turns 8...point owe, who doesn't need a 7" laptop, glitching the ESP, your image really isn't redacted or cropped, brute forcing pins, SSRF and Lightsail, reversing D-Link firmware for the win, ICMP RCE OMG (but not really), update your Pixel and Samsung, hacking ATMs in 2023, breaking down Fortinet vulnerabilities, Jamming with an Arduino, it 315 Mega hurts, analyzing trojans in your chips, and the 4, er 1, er 3, okay well how to suck at math and the 4 Cs of Cybersecurity! All that, and more, on this episode of Paul's Security Weekly! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw777

Mar 23, 20232h 7m

Vulnerability Research (& Other "Things") - Nico Waisman - PSW #777

We sit down with Nico Waisman to discuss vulnerability research and other security-related topics! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw777

Mar 23, 20231h 8m

PassTheHash from Outlook, RCE in Modem Chipset, OpenSSH Sandboxes, Curl's Anniversary - ASW #233

Outlook can leak NTLM hashes, potential RCE in a chipset for Wi-Fi calling in phones (and autos!?), the design of OpenSSH's sandboxes, more on the direction of OWASP, celebrating 25 years of Curl. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw233

Mar 22, 202340 min

CISO: Job in Search of a Description, Rise of the BISO, When More is Less - BSW #298

In the leadership and communications section, CISO: A Job in Search of a Description, The Rise of the BISO in Contemporary Cybersecurity, When More is Less: The Dangers of Over-Communication in Teams, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw298

Mar 22, 202333 min

The Reasons Why CISOs Should Report to CEOs - Jeff Pollard - BSW #298

When CISOs report into CEOs it gives them more autonomy, empowers them with more decision making authority, and eliminates the inherent conflict of interest present when CISOs report into IT leaders like the CIO. Segment Resources: https://www.forrester.com/blogs/five-reasons-why-cisos-should-report-to-ceos Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw298

Mar 21, 202333 min

ZippyShare, NuGet, PinDuoDuo, ERNIE, Lantern, HDDs, & Jason Wood - SWN #282

Dr. Doug talks: The Tang Dynasty, ZippyShare, NuGet, PinDuoDuo, Ernie, Lantern, HDD hard drives, and more on this edition of the Security Weekly News! Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn282

Mar 21, 202335 min

Automating Security With Static Analysis - Josh Goldberg - ASW #233

Static analysis is the art of scrutinizing your code without building or running it. Common static analysis tools are formatters (which change whitespace and other trivia), linters (which detect likely best practice and style issues), and type checkers (which detect likely bugs). Each of these can aid in improving application security by detecting real issues at development-time. Segment Resources: https://typescript-eslint.io https://eslint.org https://blog.joshuakgoldberg.com Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw233

Mar 21, 202337 min

Robert Downey Jr, K-Shaped, GPT-4, Rapid7, & SVB - ESW #309

AI! Then, produce text that can't be detected as written by an AI! The K-Shaped recovery of the cybersecurity industry, Software Security is More than Vulnerabilities, Microsoft Outlook hacks itself, Robert Downey Jr. gets into teh cyberz, & Reversing intoxication! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw309

Mar 17, 202354 min

Financial Scams, Microsoft, BianLian, Leihigh Medical, CISA, & Vile Hackers - SWN #281

Financial Scams, Microsoft, BianLian, Leihigh Medical, CISA, Vile, and More on this episode of the Security Weekly News! Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn281

Mar 17, 202335 min

Applied Research & the Power of Sustained Thinking - Casey Smith - ESW #309

Tap, tap - is this thing on? Why do defenders still struggle to detect attacks and attacker activities? Why do so many tools struggle to detect attacks? Today, we've got an expert on detection engineering to help us answer these questions. Thinkst's Canary and Canarytokens make in catching penetration testers and attackers stupidly simple. Thinkst Labs aims to push these tools even further. Casey will share some of the latest research coming out of labs, and we'll ponder why using deception for detection isn't yet a de facto best practice. Segment Resources: https://canary.tools https://canarytokens.org https://blog.thinkst.com Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw309

Mar 17, 202343 min

How to Secure Your CI/CD Pipeline by Prioritizing Cyber-Risk Management - Tal Morgenstern - ESW #309

The CI/CD pipeline is the backbone of the software development process, so it's critical to ensure you are meeting and exceeding the most critical security measures. Throughout this podcast, Tal Morgenstern, Co-founder and CSO of Vulcan Cyber, will break down the process of how organizations can properly secure a CI/CD pipeline into a checklist of four key steps, as well as offer a handful of tools and tactics security leadership can use to bake risk-based vulnerability management into their CI/CD pipelines. He will explain how securing your CI/CD pipelines alone is not enough to reduce the chances of cyber attacks and the importance for organizations to not only maintain security at speed and scale, but quality at speed and scale. Finally, Tal will dive into how Vulcan Cyber helps organizations to streamline security tasks in every stage of the cyber-risk management process, integrating with their existing tools for true end-to-end risk management. Segment Resources: https://vulcan.io/ https://vulcan.io/platform/ https://vulcan.io/blog/ci-cd-security-5-best-practices/ https://www.youtube.com/watch?v=nosAxWc-4dc Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw309

Mar 16, 202346 min

How to Steal a Tesla, AI On Your Pi, Linux Desktop: Future, & SOCKS5 Your Burp - PSW #776

In the security news: AI on your PI, no flipper for you, stealing Tesla's by accident, firmware at scale, the future of the Linux desktop, protect your attributes, SOCKS5 for your Burp, TPM 2.0 vulnerabilities, the world's most vulnerable door device and hiding from "Real" hackers, sandwiches, robot lawyers, poisonis epipens, and profanity in your code! All that, and more, on this episode of Paul's Security Weekly! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw776

Mar 16, 20231h 46m

Everything's Valid in Code & War: Attacks on the Software Supply Chain - Santiago Torres Arias - PSW #776

Software supply chain attacks, those in which hackers target the "water supply" of software are on the rise. This makes software developers everywhere valid targets. We will discuss the developer perspective on software supply chain attacks. Segment Resources: https://in-toto.io https://sigstore.dev Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw776

Mar 16, 20231h 3m

Common Leadership Disconnects and Leading Security through Hard Times - BSW #297

In this week's leadership and communications segment, we discuss overemphasizing metrics, delegation drawbacks, security culture starts at the top, and succeeding in security with economic insecurity. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw297

Mar 15, 202328 min

Loom Disclosure, GitHub 2FA, Buffer Overflow in TPM, Dropbox Career Framework - ASW #232

Loom provides transparency on mishandling cookies, GitHub moves to require 2FA, TPM reference implementation includes a buffer overflow, Dropbox shares their security engineer ladder, multiple flaws in a smart intercom Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw232

Mar 15, 202345 min

AI In Email Security – A Tale of Two Sides​ - Dr. Kiri Addison - BSW #297

Natural language processing AI will be at the forefront in 2023, as it will enable organizations to better understand their customers and employees by analyzing their emails and providing insights about their needs, preferences or even emotions. As AI voice cloning technology becomes more powerful and readily available, we will see an increase in impersonation attacks that utilize audio deepfakes. Join Dr. Kiri Addison, Threat Detection and Efficacy Product Manager, Mimecast to discuss how you can prepare and protect your organization from these types of business email compromises with the right cybersecurity products that can effectively protect them against attacks like these. ​ This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecast to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw297

Mar 14, 202333 min

The OWASP ASVS and Sustainable Software Security Practices - Josh Grossman - ASW #232

In this segment, Josh will talk about the OWASP ASVS project which he co-leads. He will talk a little about its background and in particular how it is starting to be used within the security industry. We will also discuss some of the practicalities and pitfalls of trying to get development teams to include security activities and considerations in their day-to-day work and examples of how Josh has seen this "in the wild". Segment Resources: Josh's personal website, https://joshcgrossman.com Josh's mastodon handle, https://infosec.exchange/@JoshCGrossman OWASP ASVS site, https://owasp.org/asvs More detailed talk about ASVS v4.0.3, https://www.youtube.com/watch?v=zqj4YuoAlcA The most recent, stable version of the standard (v4.0.3), https://github.com/OWASP/ASVS/tree/v4.0.3/4.0 The "bleeding edge"/in-progress version, https://github.com/OWASP/ASVS/tree/master/5.0 Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw232

Mar 14, 202340 min

Casper, Flipper, NordVPN, Ring, SVBk, GoBruteforcer, Aaran Leyland, and more - SWN #280

Casper, Flipper, NordVPN, Ring, Silicon Valley Bank, GoBruteforcer, Aaran Leyland, and more on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn280

Mar 14, 202333 min

A Light Week, InfoSec Tabletop Gaming, White House CyberSec, & AI Galore! - ESW #308

In the enterprise security news, A light week in funding, after last week's mega raises from Wiz and Sandbox AQ HP acquires some Zero Trust and CASB with Axis Security InfoSec-themed Table Top gaming is really catching on The White House's updated cybersecurity strategy is more of an update than a game changer I go a bit nuts with AI news and essays, but a lot of it is really worth your time, I promise Doing evil things with chrome extensions Women in cybersecurity Letting strangers call you, on purpose All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw308

Mar 10, 202352 min

Snailbrook, Xenomorph, SonicWALL, Github, Veeam, TSA, Ring, Aaran Leylan, and more - SWN #279

Selling your soul to the company store, Xenomorph, Sonicwall, Github, Veeam, TSA, Ring, Aaran Leylan, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn279

Mar 10, 202335 min