PLAY PODCASTS
Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video)

4,876 episodes — Page 43 of 98

Nzyme - Paul Asadoorian & Larry Pesce - PSW #711

In this segment Paul and Larry attempt to confirm or deny that Nzyme performs intelligent device fingerprinting and behavioral analytics to detect rogue actors. Classic signature-based detection methods are just too easy to circumvent in WiFi environments. Show Notes: https://securityweekly.com/psw711 Visit https://www.securityweekly.com/psw for all the latest episodes!

Sep 25, 20211h 1m

Velociraptor - Digging Deeper - Mike Cohen, Wes Lambert - PSW #711

Velociraptor is a multi-platform, open-source, endpoint forensics, monitoring, and response platform that allows security professionals to quickly and easily dig through host artifacts and perform detection and response at scale. It's fast, precise, powerful … and free. It also supports Linux, Windows and MacOS. Velociraptor is a unique tool since it offers a query language so that users may query their endpoint flexibly in response to new threat information. In this session, we'll discuss the key components of Velociraptor, and how it can be leveraged to improve endpoint security and visibility and facilitate rapid response to large networks. Show Notes: https://securityweekly.com/psw711 Segment Resources: Please visit our documentation site where you can learn about Velociraptor https://docs.velociraptor.app/ Visit https://www.securityweekly.com/psw for all the latest episodes!

Sep 25, 202158 min

The Color White, Forgerock IPO, Ditching Your Microsoft Password, & Neosec - ESW #243

This week in the Enterprise Security News: Funders Fund Values Identity Startup Persona at $1.5 billion, Neosec Emerges from Stealth With $20.7 million in funding, F5 acquires threat stack, ForgeRock IPOs tomorrow, GitLab announces their IPO, You can now ditch your Microsoft password, Vendor Security 2.0, & more! Show Notes: https://securityweekly.com/esw243 Visit https://www.securityweekly.com/eswfor all the latest episodes!

Sep 24, 202146 min

Threat Intelligence & Threat Hunting - Chris Cochran - ESW #243

Chris will discuss the relevance of intelligence and threat hunting today and how they work together. He will also talk about his EASY framework for creating impactful intelligence and its relation to hunting! Show Notes: https://securityweekly.com/esw243 Visit https://www.securityweekly.com/esw for all the latest episodes!

Sep 24, 202122 min

Scaling Application Security - Joe Gillespie, Nuno Loureiro - ESW #243

A common ratio between Appsec and development teams is 1:100 (1 Security Engineer for every 100 developers). Scaling Appsec teams, especially when it comes to security testing, becomes challenging. We would like to have a discussion around this topic, highlighting things that are definitely part of the solution. Show Notes: https://securityweekly.com/esw243 This segment is sponsored by Probely. Visit https://securityweekly.com/probelyto learn more about them! Visit https://www.securityweekly.com/eswfor all the latest episodes!

Sep 23, 202131 min

Activism v. Hacktivism, Part 2 - Johanna Baum - SCW #87

"Hacktivism" is a controversial term with several meanings. The word was coined to characterize electronic direct action as working toward social change by combining programming skills with critical thinking. But just as hack can sometimes mean cyber crime, hacktivism can be used to mean activism that is malicious, destructive, and undermining the security of the Internet as a technical, economic, and political platform. Show Notes: https://securityweekly.com/scw87 Visit https://www.securityweekly.com/scw for all the latest episodes!

Sep 23, 202139 min

Activism v. Hacktivism, Part 1 - Johanna Baum - SCW #87

"Hacktivism" is a controversial term with several meanings. The word was coined to characterize electronic direct action as working toward social change by combining programming skills with critical thinking. But just as hack can sometimes mean cyber crime, hacktivism can be used to mean activism that is malicious, destructive, and undermining the security of the Internet as a technical, economic, and political platform. Show Notes: https://securityweekly.com/scw87 Visit https://www.securityweekly.com/scw for all the latest episodes!

Sep 22, 202136 min

Boards Rethink Incident Response, CISOs & CIOs Share, & Stay True to Ethics - BSW #232

This Week, in the Leadership and Communications section: Boards rethink incident response playbook as ransomware surges, How CISOs and CIOs should share cybersecurity ownership, How CISOs are Building a Modern Cybersecurity Partnership, & more! Show Notes: https://securityweekly.com/bsw232 Visit https://www.securityweekly.com/bswfor all the latest episodes!

Sep 22, 202129 min

Accelerate 0-Trust Adoption W/ End2End Visibility & Increased Collaboration - Tom Roeh - BSW #232

It's no surprise that Zero Trust initiatives are increasing in importance in both the public and private sectors. New cybersecurity mandates and a boom in remote work due to COVID-19 are just two of the most common factors driving this demand. While the need for adopting Zero Trust is evident, the path to success is not. In this episode, we discuss important considerations for planning, implementing, operating, and securing a Zero Trust deployment––more rapidly and with lower risk. This includes the vital role end-to-end visibility and frictionless collaboration between IT ops teams play across Zero Trust rollout phases. Show Notes: https://securityweekly.com/bsw232 Segment Resources: Learn more about implementing Zero Trust: https://www.extrahop.com/solutions/security/zero-trust/?uniqueid=CC07532818&utm_source=security-weekly&utm_medium=podcast&utm_campaign=2021-q3-zero-trust-backlink&utm_content=webpage&utm_term=no-term&utm_region=global&utm_product=security&utm_funnelstage=top&utm_version=no-version This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahopto learn more about them! Visit https://www.securityweekly.com/bswfor all the latest episodes!

Sep 21, 202128 min

OMIGOD, FORCEDENTRY, Code Ownership, Security as a Product, & IoT Device Criteria - ASW #166

This week in the AppSec News, Mike and John talk: RCE in Azure OMI, punching a hole in iMessage BlastDoor, Travis CI exposes sensitive environment variables, keeping code ownership accurate, deploying security as a product, IoT Device Criteria (aka nutrition labels), & more! Show Notes: https://securityweekly.com/asw166 Visit https://www.securityweekly.com/aswfor all the latest episodes!

Sep 21, 202131 min

Transforming Modern Software Development with Developer-First AppSec - Jeff Williams - ASW #166

Modern software development demands a different approach to application security. Contrast's developer-first Application Security Platform empowers developers to accelerate the release of secure code with highly accurate results that include context-aware, how-to-fix vulnerability remediation guidance. Show Notes: https://securityweekly.com/asw166 Segment Resources: 2021 Application Security Observability Report: https://view-su2.highspot.com/viewer/612ff3a8c6485f4687834782 White Paper: Pipeline-native Scanning for Modern Application Development https://view-su2.highspot.com/viewer/612ff3e4cc0bb2392d968b25 DevSecOps Requires a Platform Approach to Application Security https://view-su2.highspot.com/viewer/612ff42ecb2d1b6cd60f3f65 This segment is sponsored by Contrast Security. Visit https://securityweekly.com/contrast to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes!

Sep 20, 202138 min

Dubious Drones, NSO Group, Apple's Bug Bounties, Ghostscript 0-Day, & IBM Server Bugs - PSW #710

This week in the Security News: Anonymous hacks Epik (with a K), Fuzzing Close-Source Javascript Engines, ForcedEntry, 8 Websites that can replace computer software, REvil decryptor key released, Microsoft fixes Critical vulnerability in Linux App, Drone accidentally delivers drug paraphernalia to high schoolers, & more! Show Notes: https://securityweekly.com/psw710 Visit https://www.securityweekly.com/psw for all the latest episodes!

Sep 19, 20211h 38m

Brakeman - Justin Collins - PSW #710

Brakeman is a free static analysis security tool specifically designed for Ruby on Rails applications. It analyzes Rails application code to find security issues at any stage of development. Justin first released Brakeman in 2010. In 2018, the commercial version, "Brakeman Pro", was acquired by Synopsys. Brakeman continues to be a very popular security tool for Rails, with tens of thousands of downloads per day. Show Notes: https://securityweekly.com/psw710 https://github.com/presidentbeef/brakeman Visit https://www.securityweekly.com/psw for all the latest episodes!

Sep 18, 202147 min

The State of Network Security in 2021 - Sinan Eren - PSW #710

Network breaches, ransomware attacks, and remote-work challenges highlight the need for cloud-native Secure Access Service Edge (SASE) deployments. Show Notes: https://securityweekly.com/psw710 This segment is sponsored by Barracuda Networks. Visit https://securityweekly.com/barracuda to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes!

Sep 18, 202152 min

Palo Alto Goes IoT, Numbers Lose Their Meaning, BitSight, & Colossal Mammoths - ESW #242

This week in the Enterprise News: Adrian's first Enterprise News in the Captain's Seat, BitSight raises $250m on a $2.4bn valuation, Palo Alto Networks enters the consumer IoT market, Martin Roesch Joins Netography as CEO, the special "Squirrel of the Week" story, & more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw242

Sep 17, 202142 min

The Device Security Divide - John Loucaides - ESW #242

Organizations are divided. Some will be able to lean into mitigations against catastrophic and cascading failures. Others will not. In this discussion, we will explore the risk tradeoffs in firmware security. This includes risks inherent in devices, supply chain, physical access, and malicious software. We will also explore various mitigation strategies throughout the lifecycle, which separate those leaning in from those that don't. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw242

Sep 17, 202133 min

Web Asset Discovery in Application Security - Tolga Kayas - ESW #242

Large organizations develop hundreds of new web applications every year. Some of those deployments are lost in time, and others go wild with high severity vulnerabilities. Forgotten and outdated web applications are a common culprit of successful hack attacks. What can you do to protect your organization? Let's talk about the first step to securing web applications - continuous web asset discovery. Segment Resources: https://www.acunetix.com/blog/docs/benefits-of-web-asset-discovery/ https://www.netsparker.com/features/continous-web-asset-discovery-engine/ This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw242

Sep 16, 202129 min

Insider Threats Overview - Going Beyond The Norm, Part 2 - Jim Henderson - SCW #86

Defining Insider Threats / Going Beyond Traditional Definitions (What Is Really Happening Behind Firewalls) How Damaging And Costly An Insider Threat Incident Can Be? (Eye Opening Examples From 10+ Years Of Research) Creating An Insider Threat Mitigation Framework Segment Resources: INSIDER THREAT INCIDENTS E-MAGAZINE 2014 To Present The Insider Threat Incidents E-Magazine contains the largest publicly available source of Insider Threat incidents (2,700+ Incidents). View On This Link. Or Download The Flipboard App To View On Your Mobile Device https://flipboard.com/@cybercops911/insider-threat-incidents-magazine-resource-guide-tkh6a9b1z INSIDER THREAT INCIDENT POSTINGS WITH DETAILS (500+ Incidents) https://www.insiderthreatdefense.us/category/insider-threat-incidents/ Incident Posting Notifications Enter your e-mail address in the Subscriptions box on the right of this page. https://www.insiderthreatdefense.us/news/ INSIDER THREAT INCIDENTS COSTING $1 MILLION TO $1 BILLION + https://www.linkedin.com/post/edit/6696456113925230592/ INSIDER THREAT INCIDENT POSTINGS ON TWITTER https://twitter.com/InsiderThreatDG DG CRITICAL INFRASTRUCTURE INSIDER THREAT INCIDENTS https://www.nationalinsiderthreatsig.org/crticial-infrastructure-insider-threats.html Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw86

Sep 16, 202140 min

Insider Threats Overview - Going Beyond The Norm, Part 1 - Jim Henderson - SCW #86

Defining Insider Threats / Going Beyond Traditional Definitions (What Is Really Happening Behind Firewalls) How Damaging And Costly An Insider Threat Incident Can Be? (Eye Opening Examples From 10+ Years Of Research) Creating An Insider Threat Mitigation Framework Segment Resources: INSIDER THREAT INCIDENTS E-MAGAZINE 2014 To Present The Insider Threat Incidents E-Magazine contains the largest publicly available source of Insider Threat incidents (2,700+ Incidents). View On This Link. Or Download The Flipboard App To View On Your Mobile Device https://flipboard.com/@cybercops911/insider-threat-incidents-magazine-resource-guide-tkh6a9b1z INSIDER THREAT INCIDENT POSTINGS WITH DETAILS (500+ Incidents) https://www.insiderthreatdefense.us/category/insider-threat-incidents/ Incident Posting Notifications Enter your e-mail address in the Subscriptions box on the right of this page. https://www.insiderthreatdefense.us/news/ INSIDER THREAT INCIDENTS COSTING $1 MILLION TO $1 BILLION + https://www.linkedin.com/post/edit/6696456113925230592/ INSIDER THREAT INCIDENT POSTINGS ON TWITTER https://twitter.com/InsiderThreatDG DG CRITICAL INFRASTRUCTURE INSIDER THREAT INCIDENTS https://www.nationalinsiderthreatsig.org/crticial-infrastructure-insider-threats.html Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw86

Sep 15, 202137 min

SEC Is Serious, CISA's Bad Practices, & What Tech Workers Really Want - BSW #231

This Week, in the Leadership and Communications section, The SEC Is Serious About Cybersecurity. Is Your Company?, CISA Urges Organizations to Avoid Bad Security Practices, IT leaders facing backlash from remote workers over cybersecurity measures, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw231

Sep 15, 202125 min

Cyber Education Is the Key to Solving the Skills Gap - Kevin Nolten - BSW #231

Kevin Nolten, Director of Academic Outreach from Cyber.org, joins Business Security Weekly to discuss how cyber education is the key to solving the skills gap and developing the next generation of cybersecurity professionals. Kevin will share examples of how we, the cybersecurity community, can get involved in K-12 and higher education programs, strategies for developing young talent, and how Cyber.org's curriculum can be used to train your employees! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw231

Sep 14, 202131 min

OWASP Top 10, CISA Bad Practices, Azurescape, Confluence RCE, & API Security Tokens - ASW #165

This week in the AppSec News, Mike and John talk: OWASP Top 10 draft for 2021, bad practices noted by CISA, Azurescape cross-account takeover, Confluence RCE, WhatsApp image handling, API security tokens survey, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw165

Sep 14, 202137 min

Findings From the 2021 AppSec Shift Left Progress Report - Manish Gupta - ASW #165

Data from the ShiftLeft customer report shows that companies that have rebuilt their core testing processes around faster and more accurate static analysis are able to release more secure code at scale, scan more frequently, fixes earlier in the software development life cycle, have less security debt, and maintain more security fixes overall. Segment Resources: http://shiftleft.io/resources/appsec-shift-left-progress-report-2021?utm_source=cyber_risk_alliance&utm_medium=podcast This segment is sponsored by ShiftLeft. Visit https://securityweekly.com/shiftleft to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw165

Sep 13, 202136 min

Iframe Security - Benjamin Daniel Mussler - PSW #709

Benjamin will discuss securing iframes with the sandbox attribute. This segment is sponsored by Acunetix. Visit https://securityweekly.com/acunetix to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw709

Sep 5, 202146 min

Hacking Honda, Insider Threat Galore, ChaosDB, USB File Weight, & Linux 5.14 - PSW #709

This week in the Security News: Hacking Honda, a fact about single-factor, disarming your home and alarming vulnerability disclosure response, btw, you have a Sudo vulnerability, NSO under investigation, Loki and 0days, Linux turns 30, SANS appoints a new president of the college, how much does your USB thumb drive weigh?, and When "Florida Woman" attacks! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw709

Sep 4, 20211h 32m

Nmap Vulnerability Scanning/Flan Scan - PSW #709

Paul presents a Technical Segment that walks through Nmap, Vulners scripts, & Flan Scan! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw709

Sep 4, 202135 min

"Lift & Drag", BeyondTrust, Absolute DataExplorer, & RDP Exploits - ESW #241

This week in the Enterprise News, "inertia in cybersecurity strategy", Check Point acquires Avanan, Absolute DataExplorer, BreachQuest Launches with $4.4m in seed funding, Acronym Bingo, & More!!! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw241

Sep 3, 202150 min

Putting the "R" in the NDR - John Smith - ESW #241

It's time to think more broadly about the R in NDR. Incident responders need a full spectrum of response–from hunting and investigations to remediation–not just another alert cannon. While blocking and containment are important steps, complete incident response is about gathering forensic evidence, sharing it across teams to establish root cause, pulling together an actionable plan, and eradicating the risk or vulnerability from the organization's environment. ExtraHop's Principal Engineer John Smith joins Security Weekly to discuss. Segment Resources: - ExtraHop Extends Response and Forensics Capabilities with Deep Threat Insights for Hybrid Cloud https://www.extrahop.com/company/press-releases/2021/revealx-360-innovations/?uniqueid=FJ07532845&utm_source=security-weekly&utm_medium=podcast&utm_campaign=2021-q3-security-weekly-pr-resource&utm_content=press-release&utm_term=no-term&utm_region=global&utm_product=security&utm_funnelstage=top&utm_version=no-version - ExtraHop free and interactive demo https://www.extrahop.com/demo/?uniqueid=AN07532846&utm_source=security-weekly&utm_medium=podcast&utm_campaign=2021-q3-security-weekly-demo&utm_content=demo&utm_term=no-term&utm_region=global&utm_product=security&utm_funnelstage=top&utm_version=no-version This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw241

Sep 3, 202132 min

Transparency in Large Supply Chains - Philippe Lafoucrière - ESW #241

GitLab is unique in many ways, but our transparency value is pushing us to mature our Security posture faster than attackers. Discover how GitLab iterates quickly to adapt to a world where everyone can contribute. Segment Resources: https://about.gitlab.com/handbook/values/#transparency This segment is sponsored by GitLab. Visit https://securityweekly.com/gitlab to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw241

Sep 2, 202135 min

The Truth Behind the Payments, Part 2 - Christopher Bulin - SCW #85

SMB needs to understand the importance of being PCI compliant and that just because the verbiage on a website says the vendor is compliant, doesn't make the merchant compliant. Just because it says it from a service provider standpoint, asking for a copy of their AOC is critical. If your merchant service provider is guiding you through the SAQ, or telling you to just check yes or no, they are coercing you into falsifying documents which is a breach of your agreement. Segment Resources: https://www.linkedin.com/pulse/what-matters-moreyour-vendor-relationship-your-client-bulin/?published=t Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw85

Sep 2, 202138 min

The Truth Behind the Payments, Part 1 - Christopher Bulin - SCW #85

SMB needs to understand the importance of being PCI compliant and that just because the verbiage on a website says the vendor is compliant, doesn't make the merchant compliant. Just because it says it from a service provider standpoint, asking for a copy of their AOC is critical. If your merchant service provider is guiding you through the SAQ, or telling you to just check yes or no, they are coercing you into falsifying documents which is a breach of your agreement. Segment Resources: https://www.linkedin.com/pulse/what-matters-moreyour-vendor-relationship-your-client-bulin/?published=t Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw85

Sep 1, 202133 min

State of Cyber Threats: Tenfold Increase in Ransomware - Derek Manky - BSW #230

Looking into the first half of 2021, there are important indicators of what cyber adversaries are planning next. This will be a conversation about cyberthreat trends and looking into takeaways from big name attacks so far this year. Show Notes: https://securityweekly.com/bsw230 Segment Resources: https://www.fortinet.com/fortiguard/labs https://www.fortinet.com/blog/threat-research This segment is sponsored by Fortinet. Visit https://securityweekly.com/fortinet to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes!

Sep 1, 202121 min

Staff Attrition Is Rising, Retaining Women in Tech, & Growing Privacy Concerns - BSW #230

In the Leadership and Communications section, Executives in tech say staff attrition is rising, 7 in 10 Facility Managers Consider OT Cybersecurity a Major Concern, Consumers Concerned About Personal Data Collection, and more! Show Notes: https://securityweekly.com/bsw230 Visit https://www.securityweekly.com/bsw for all the latest episodes!

Aug 31, 202132 min

ChaosDB, OpenSSL String Bugs, Revealing Locations, & More Top 15 Vulns - ASW #164

This week in the Application Security News, Mike and John talk: Flaws in Azure's CosmosDB, OpenSSL vulns in string handling, dating app location security, cloud security orienteering, detailed S3 threat model, & more! Show Notes: https://securityweekly.com/asw164 Visit https://www.securityweekly.com/asw for all the latest episodes!

Aug 31, 202134 min

A DevOps Perspective on Risk Tolerance & Risk Transfer - Caroline Wong - ASW #164

In the segment Mike and Caroline will discuss Risk Tolerance and Risk Transfer. They'll touch on the following: risk ranking, risk transfer in supply chain, how to diversify security controls, time vs risk reduction vs vulnerability exposure all from a DevOps perspective. While also touching upon how security is not (and should not) be a gate. Show Notes: https://securityweekly.com/asw164 Visit https://www.securityweekly.com/asw for all the latest episodes!

Aug 30, 202132 min

Yard Sales, Bitcoin Thief Charged, Mouse Privilege Escalation, & LED Eavesdropping - PSW #708

This week in the Security News: Some describe T-Mobile security as not good, if kids steal bitcoin just sue the parents, newsflash: unpatched vulnerabilities are exploited, insiders planting malware, LEDs can spy on you, hacking infusion pumps, PRISM variants, 1Password vulnerabilities, plugging in a mouse gives you admin, & yard sales! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw708

Aug 29, 20211h 31m

Trends in Mac Malware & Apple Security - Patrick Wardle - PSW #708

Apple's new M1 systems offer a myriad of benefits for both macOS users, and unfortunately, to malware authors as well. In this talk Patrick details the first malicious programs compiled to natively target Apple Silicon (M1/arm64), focusing on methods of analysis. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw708

Aug 28, 20211h 6m

Working With OpenVAS - PSW #708

Gain some insights into the OpenVAS project, why you might want to use it and some of the best implementations. This segment will dive right into the extended setup by compiling OpenVAS, and all components, from source code. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw708

Aug 28, 202140 min

Cloudflare Saves the Day, Sumo Logic SOAR, Tenable Risk Management, & Drones - ESW #240

This week, In the Enterprise News, Guardicore Centra lets teams stop ransomware and lateral movement, Netskope streamlines procedures with improved attribution models and collaboration, Cloudflare claims they blocked the 'greatest DDoS attack in history', SecurityScorecard partners up with Tenable to improve Risk Management, Sumo Logic delivers on SOAR promise by acquiring DFLabs, SCAR invests in cyber startup Hook Security, Hunters raises $30 Million in Series B, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw240

Aug 27, 202141 min

Penning a Cyber Thriller - Deb Radcliff - ESW #240

Deb has written a thriller series about an evil corporation called GlobeCom that takes over the world through human chip implants and the hackers who rise up against it to break its backbones and its grip on humanity. In it, she sticks very close to technology and hacks in use today to show the ramifications of tech over reach and couch the hackers as heroes. Her characters are drawn from hackers and agents she's met throughout her career and they have reviewed and approved the story. She is currently wrapping up her second book in the series, which delves more into AI and machine learning. She has written for a general audience, and the story is fast-paced and entertaining with reviewers saying her style is akin to Lee Child. Segment Resources: The book is available at https://www.amazon.com/Breaking-Backbones-Information-Hacker-Trilogy/dp/1665701080/; and her articles, speaking engagements and more information is available at www.debradcliff.com. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw240

Aug 27, 202124 min

Deciduous / Decision trees + Security Chaos Engineering - Kelly Shortridge - ESW #240

Deciduous is an app Kelly built with Ryan Petrich that simplifies the process of creating security decision trees. Security decision trees are valuable aids in threat modeling and prioritizing mitigations, harnessing the power of belief prompting from the realm of behavioral game theory. Segment Resources: - https://www.deciduous.app/ - https://swagitda.com/blog/posts/rick-morty-thanksploitation-decision-tree/ - https://swagitda.com/blog/posts/deciduous-attack-tree-app/ - https://learning.oreilly.com/library/view/security-chaos-engineering/9781492080350/ Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw240

Aug 26, 202131 min

From Compliance to Resiliency: The Evolution of InfoSec, Part 2 - Tim Callahan - SCW #84

Because only maintaining compliance is not enough to protect your business from the ever-evolving threat landscape, in this session, we will consider the intersection and codependence of compliance with security, maturity, defensibility and resiliency. An effective and maturing program must also align to a Control Framework so that you can measure its effectiveness and ensure appropriate decisions are made that enable business requirements and protect the security, integrity, and availability of information and technology. All of this must happen through the lens of defensibility which is an essential consideration when making risk decisions. And finally, we will look at what makes a business cyber-resilient. The cyber-strong resilient company has the ability to quickly adapt to disruptions while maintaining continuous business operations, and safeguarding people, assets, and overall brand equity. To find out more and register with your Security Weekly discount code, visit: https://securityweekly.com/isw2021 Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw84

Aug 26, 202147 min

From Compliance to Resiliency: The Evolution of InfoSec, Part 1 - Tim Callahan - SCW #84

Because only maintaining compliance is not enough to protect your business from the ever-evolving threat landscape, in this session, we will consider the intersection and codependence of compliance with security, maturity, defensibility and resiliency. An effective and maturing program must also align to a Control Framework so that you can measure its effectiveness and ensure appropriate decisions are made that enable business requirements and protect the security, integrity, and availability of information and technology. All of this must happen through the lens of defensibility which is an essential consideration when making risk decisions. And finally, we will look at what makes a business cyber-resilient. The cyber-strong resilient company has the ability to quickly adapt to disruptions while maintaining continuous business operations, and safeguarding people, assets, and overall brand equity. To find out more and register with your Security Weekly discount code, visit: https://securityweekly.com/isw2021 Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw84

Aug 25, 202136 min

10 Years Later... 15 Priorities, 8 Weeks, & 7 Steps - BSW #229

This Week, In the Leadership and Communications section:10 years later, software really did eat the world, CISOs' 15 top strategic priorities for 2021, 7 steps to protect against ransomware-related lawsuits, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw229

Aug 25, 202135 min

What Type of CISO Are You & Does It Align to Your Company's Needs? - Ben Carr - BSW #229

Ben Carr, Qualys CISO, joins Business Security Weekly to share his views on the evolving role of the CISO. He'll dive into the ever changing risks and how CISOs need to understand those risks to be truly aligned to the business. He will also discuss the different types of CISOs and how to align your direction and focus with that of a company's needs. This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw229

Aug 24, 202134 min

BlackBerry's BadAlloc, Glibc's NULL, Backtick Command Injection, & ProxyLogon Details - ASW #163

This week Mike & John discuss: BlackBerry addresses BadAlloc bugs, glibc fixes a fix, more snprintf misuse that leads to command injection, ProxyLogon technical details, & more in the AppSec News! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw163

Aug 24, 202136 min

Challenges in Open Source Application Security - Shubhra Kar - ASW #163

Open Source is the new mainstream of software development. However not much attention is paid on security in the upstream community for creating robust and secure software. At the LF, we are working on some initiatives and tools to help bridge the gap between functional and secure code, so that the benefits flow downstream to all users of OSS. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw163

Aug 23, 202135 min

Shifting Left Probably Left You Vulnerable, Here's How To Make it Right - Sonali Shah - PSW #707

Shifting security left is good - but it's an incomplete strategy that often leads to a false sense of security. In this segment, Sonali will discuss how organizations can reduce their risk of breach by embracing the modern AppSec techniques, that will allow development, operations and security teams to work together in order to efficiently and effectively secure all of their applications. This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw707

Aug 22, 202131 min

Sequoia: A Local Privilege Escalation Vulnerability in Linux's Filesystem Layer - Wheel - PSW #707

The Qualys Research Team discovered a size_t-to-int type conversion vulnerability in the Linux Kernel's filesystem layer affecting most Linux operating systems. Any unprivileged user can gain root privileges on a vulnerable host by exploiting this vulnerability in a default configuration. Successful exploitation of this vulnerability allows any unprivileged user to gain root privileges on the vulnerable host. Qualys security researchers have been able to independently verify the vulnerability, develop an exploit, and obtain full root privileges on default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation. Other Linux distributions are likely vulnerable and probably exploitable. Segment Resources: https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/sequoia-a-local-privilege-escalation-vulnerability-in-linuxs-filesystem-layer-cve-2021-33909 Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw707

Aug 21, 202145 min

Tractorload of John Deere Vulns, T-Mobile Breach, Kalay IoT Hack, & HolesWarm - PSW #707

In the Security News for this week: Buffer overflows galore, how not to do Kerberos, no patches, no problem, all your IoTs belong to Kalay, the old pen test vs. vulnerability scan, application security and why you shouldn't do it on a shoe string budget, vulnerability disclosure miscommunication, tractor loads of vulnerabilities, The HolesWarm.......malware, T-Mobile breach, and All you need is....Love? No, next-generation identity and access management with zero-trust architecture is what you need!!! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw707

Aug 21, 20212h 10m