
Security Weekly Podcast Network (Video)
4,876 episodes — Page 44 of 98

New iboss Features, CVSS Scores, Praetorian GoKart, & Anti Anti-Money Laundering - ESW #239
This week In the Enterprise News, iboss adds features to its Cloud Platform for visibility and control, SailPoint Workflows enable customers to automate security tasks, Digital Shadows launches two premium services streams, Praetorian launches and Open Source security scanner, Tigera addresses demand for security of containers and Kubernetes, API Security 101, CVSS scores, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw239

Cybersecurity Tips & Challenges in the Hybrid Work Era - Darren Guccione - ESW #239
As organizations shift to respond to an ever-changing landscape of cybersecurity challenges, cybercriminals are trying to stay one step ahead. The last two years have brought an explosion of ransomware attacks and other cybersecurity threats that prey on existing security weaknesses and vulnerabilities that opened when moving to a remote or hybrid work environment. Our discussion will include ways to combat these threats, as well as learning to boost your existing cybersecurity policies and infrastructure. This segment is sponsored by Keeper Security. Visit https://securityweekly.com/keepersecurity to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw239

Humanizing Security Operations - Allie Mellen - ESW #239
The security industry spends a lot of time talking about the tools of the SOC, especially around making the SOC more 'autonomous'. But is this really what we need? Allie is also presenting "How to effectively manage XDR" at Maintaining Endpoint Security: New opportunities and new risks (SC Media Virtual Event) on August 24, 2021. Register Now: https://www.scmagazine.com/virtual-conference/maintaining-endpoint-security-new-opportunities-and-new-risks Segment Resources: https://go.forrester.com/blogs/stop-trying-to-take-humans-out-of-security-operations/ https://go.forrester.com/blogs/ransomware-survive-by-outrunning-the-guy-next-to-you/ https://go.forrester.com/blogs/xdr-faq-frequently-asked-questions-on-extended-detection-and-response/ https://go.forrester.com/blogs/top-5-lies-security-vendors-tell-about-the-siem/ Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw239

Gatekeeping in Cybersecurity, Part 2 - Naomi Buckwalter - SCW #83
The "cybersecurity skills gap" is a myth. There is no skills gap. There are tens of thousands of amazing, highly intelligent, passionate people around the world looking to break into cybersecurity, but they never get the chance. Hiring managers and gatekeepers are simply unwilling to train and mentor the next generation of cybersecurity professionals, and this hurts our profession immensely. We're fighting an asymmetric war, in which one bad actor can attack multiple companies and industries. We simply don't have enough defenders and good guys in the trenches, and we need more fighters. The more fighters we have, the better chance we have at winning. Segment Resources: cybersecuritygatebreakers.org Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw83

Gatekeeping in Cybersecurity, Part 1 - Naomi Buckwalter - SCW #83
The "cybersecurity skills gap" is a myth. There is no skills gap. There are tens of thousands of amazing, highly intelligent, passionate people around the world looking to break into cybersecurity, but they never get the chance. Hiring managers and gatekeepers are simply unwilling to train and mentor the next generation of cybersecurity professionals, and this hurts our profession immensely. We're fighting an asymmetric war, in which one bad actor can attack multiple companies and industries. We simply don't have enough defenders and good guys in the trenches, and we need more fighters. The more fighters we have, the better chance we have at winning. Segment Resources: cybersecuritygatebreakers.org Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw83

7 Tips, 5 Simple Tips, & 3 Strategies for CISOs - BSW #228
This week, in the Leadership and Communications section, 7 tips for better CISO-CFO relationships, 5 Simple Tips to Help You Write a Powerful Email That Gets Read, 3 Strategies to Secure Your Digital Supply Chain, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw228

Ransomware Trends 2021 - Fleming Shi - BSW #228
Ransomware attacks have surged in 2021, with the number of attacks increasing dramatically and ransom amounts continuing to skyrocket. Cybercriminals are also expanding their targets, shifting their focus to our critical infrastructure and evolving into deep-rooted software supply chain attack campaigns, which can cause long-lasting devastation. In the past 12 months, Barracuda researchers have identified and analyzed 121 ransomware incidents, a 64% increase in attacks, year over year. Cybercriminals are still heavily targeting municipalities, health care, and education, but attacks on other businesses are surging. This segment is sponsored by Barracuda Networks. Visit https://securityweekly.com/barracuda to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw228

Cracked Concatenation, Injection Against DNS, Allstar GitHub, & DEF CON Highlights - ASW #162
This week in the AppSec News: Bug bounty report that cleverly manipulates a hash for profit, Allstar GitHub app to enforce security policies, choosing a programming language, what an app should log, adding security to DevOps, & manipulating natural-language models! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw162

DevSecOps - Making It Real - Mike Rothman - ASW #162
DevSecOps is an aspirational vision for many teams. With a number of macro changes occurring in modern application development, this segment will explore what tangible, practical things can be done today by security teams that add immediate value. This segment is sponsored by DisruptOps. Visit https://securityweekly.com/disruptops to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw162

Cyber-Symposiums, Apple Backdoor, Crypto Theft, & "Quadruple Extortion" - PSW #706
This week in the Security News: Accenture gets Lockbit, $600 million in cryptocurrency is stolen, and they've started returning it, Lee and Jeff's data is leaked (among other senior citizens), authentication bypass via path traversal, downgrade attacks, Apple's backdoor, super duper secure mode, re-defining end-to-end encryption and how that doesn't work out, pen testers file suit against Dallas County Sherriff's department, Fingerprinting Windows, double secret quadruple extortion, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw706

Offensive Operations With Mythic - Kyle Avery - PSW #706
Mythic is an open-source, multi-platform framework for conducting red team engagements. This talk will cover the automated deployment of a Mythic server, developing new "wrappers" to extend the framework, and modifying public payload types to evade signature-based detections. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw706

OSINT & Social Engineering - Joe Gray - PSW #706
Joe will discuss his upcoming Book, "Practical Social Engineering" in addition to OSINT. He is primarily passionate about OSINT and adjacent forms of Intelligence, but will need to discuss some social engineering (conducting it or defenses). He will also mention the Trace Labs OSINT Search Party competitions (he won his 2nd one last weekend at DEFCON). Segment Resources: https://www.theosintion.com https://wiki.theosintion.com http://discord.theosintion.com Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw706

Automate Hacker Knowledge & Community in Learning InfoSec - Carolin Solskär, TJ Null - ESW #238
The reason our founder started Detectify is that they wanted to automate hacker knowledge and make it scalable. This is very different from how most hackers work today and what we believe will revolutionize hacking. This segment is sponsored by Detectify. Visit https://securityweekly.com/detectify to learn more about them! Tony "TJ Null" from Offensive Security will discuss the role of the community in learning infosec, particularly pentesting, and also in continuing education. Additionally, he will offer some practical tips on learning pentesting with help from the community. This segment is sponsored by Offensive Security. Visit https://securityweekly.com/offSec to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw238

Zombie APIs, Morphisec IR Service, "New Product Jeopardy", & Risk Scoring - ESW #238
This week in the Enterprise News: Latent AI, Optiv Security Launches Next-Gen Managed XDR, An Intriguing Update to Mandiant Advantage, ReversingLabs raises $56M to combat software supply chain, Morphisec Announces New Incident Response Services, & more! Show Notes: https://securityweekly.com/esw238 Visit https://www.securityweekly.com/esw for all the latest episodes!

The Different Approaches To Vulnerability Management - ESW #238
As we dig into vulnerability management we uncover both old and new challenges. We still struggle with developing and maintaining an accurate asset inventory. We also, still, struggle to prioritize and execute remediation. There are many new approaches to solving these problems, from ad-hoc scanning to automation of all the things. Get our take on vulnerability management in this segment! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw238

Protecting Comm. & Collaboration in Contested Environments, Pt 2 - Matthew Erickson - SCW #82
Protecting digital communication and collaboration is critical to both our military and private sector industries in driving mission success. Our ability to secure the local and remote systems we rely on to share and operationalize sensitive and confidential information to and from even the most remote location is vital to national security and our economy. Unfortunately, our adversaries know this and are dedicated to infiltrating, exfiltrating, and disrupting this flow of information. They are highly motivated, well-funded, trained, and equipped, and work relentlessly to find exploitable technical or human vulnerabilities. Join Matt Erickson, VP of Solutions for SpiderOak Mission Systems to discuss the looming threats to federal and private sector communication and collaboration systems, the consequences of failure, and how emerging technologies such as Zero-Trust and Distributed Ledger can harden our defenses and protect our most valuable data. This segment is sponsored by SpiderOak. Visit https://securityweekly.com/spideroak to learn more about them! Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw82

Protecting Comm. & Collaboration in Contested Environments, Pt 1 - Matthew Erickson - SCW #82
Protecting digital communication and collaboration is critical to both our military and private sector industries in driving mission success. Our ability to secure the local and remote systems we rely on to share and operationalize sensitive and confidential information to and from even the most remote location is vital to national security and our economy. Unfortunately, our adversaries know this and are dedicated to infiltrating, exfiltrating, and disrupting this flow of information. They are highly motivated, well-funded, trained, and equipped, and work relentlessly to find exploitable technical or human vulnerabilities. Join Matt Erickson, VP of Solutions for SpiderOak Mission Systems to discuss the looming threats to federal and private sector communication and collaboration systems, the consequences of failure, and how emerging technologies such as Zero-Trust and Distributed Ledger can harden our defenses and protect our most valuable data. This segment is sponsored by SpiderOak. Visit https://securityweekly.com/spideroak to learn more about them! Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw82

New Fines Making Business Case for Security, & Improving Security as a Team - BSW #227
In the Leadership and Communications section for this week, A Chief Executive Officer's Guide to Cybersecurity, Zoom Settlement: An $85M Business Case for Security Investment, CISOs: Do you know what's in your company's products?, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw227

The 3 Mistakes All First Time CISOs Make That No One Tells You - Jim Routh - BSW #227
Listen in for a discussion with Jim Routh, former CISO at Aetna, CVS Healthcare, and Mass Mutual, to discuss the 3 mistakes all first time CISOs make. Jim will share the lessons he learned throughout his career and how CISOs can avoid these 3 mistakes, including: 1. Setting Expectations 2. Hiring Talent 3. Retaining Employees Visit https://www.securityweekly.com/bsw for all the latest episodes!a Show Notes: https://securityweekly.com/bsw227

Router Auth Bypass, Weak IoT RNG, HTTP/2 Request Smuggling, & Kindle Fuzzing - ASW #161
This week in the AppSec News: Hardware hacking for authn bypass and analyzing IoT RNG, Request Smuggling in HTTP/2, Kindle Fuzzing, Kubernetes Hardening, Countering Dependency Confusion, ATO Checklist, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw161

Securing Modern Web Apps: Development Techniques are Changing - Tom Hudson - ASW #161
The use of web apps, SPAs, and APIs are growing steadily and traditional scanning methods don't provide enough coverage. The appsec tools need to innovate and become smarter and more contextual in order to test modern apps and APIs at scale. Tom Hudson, Security Research Team Lead at Detectify, will give a peek into how Detectify is innovating to help solve these modern app and API developer challenges. Segment Resources: - Sign up for updates and be the first to know about Detectify API scanning open beta: https://www.detectify.com/api - Blog post announcing Detectify's plans to expand scanner to fuzz public-facing APIs: https://blog.detectify.com/2021/08/03/detectify-fuzzing-public-facing-apis/ This segment is sponsored by Detectify. Visit https://securityweekly.com/detectify to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw161

'Master Faces', Ship Hijacked, Windows Container Escape, & DNS Loopholes - PSW #705
This week in the Security News: PwnedPiper and vulnerabilities that suck, assless chaps, how non-techy people use ARP, how to and how not to explain the history of crypto, they are still calling about your car warranty, master faces, things that will always be true with IoT vulnerabilities, DNS loopholes, and a toilet that turns human feces into cryptocurrency! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw705

The Stakes Are Raised When Protecting the Foundation of Computing - Scott Scheferman - PSW #705
With Eclypsium researchers' discovery of BIOSDisconnect and their upcoming talk and demo at DefCon 29 upon us, the stakes have never been higher when it comes to protecting the foundation of computing at the firmware level. A feature meant to make updating and protecting the firmware easier for users (BIOSConnect) ends up exposing the BIOS to being bricked or implanted with malicious code operating at the highest privilege. Yet another example of the significant vulnerabilities that exist at the firmware level that attackers have been eyeing of late. Segment Resources: https://defcon.org/html/defcon-29/dc-29-speakers.html#shkatov https://eclypsium.com/2021/06/24/biosdisconnect/ https://eclypsium.com/2021/04/14/boothole-how-it-started-how-its-going/ https://eclypsium.com/2020/12/03/trickbot-now-offers-trickboot-persist-brick-profit/ This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw705

Corelight Smart PCAPs, Shifting Left, Tenable AD Security, & Tube Vulns - ESW #237
In the Enterprise News, Armis Identifies Nine Vulnerabilities in pneumatic tubes, Corelight Introduces Smart PCAPs, SolarWinds disputes lawsuit, Code42 and Rapid7 Partner, and more news from this week at BlackHat 2021! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw237

RF Village at DefCon - Rick Farina, Rick Mellendick - PSW #705
The RF Hackers Sanctuary is a group of experts in the areas of Information, Wifi, and Radio Frequency Security with the common purpose to teach the exploration of these technologies with a focus on security. We focus on teaching classes on Wifi and Software Defined Radio, presenting guest speakers and panels, and providing the very best in Wireless Capture the Flag games to promote learning. Segment Resources: https://rfhackers.com/ [email protected] https://discordapp.com/invite/JjPQhKy https://rfhackers.com/blog Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw705

The State of CyberSecurity Ops in a Ransomware Filled Hybrid Work World - David Finger - ESW #237
Ransomware is flourishing and our endpoints are scattered outside the corporate network. Visibility is a challenge in this age of decentralized corporate assets. Our discussion today will explore the problem from two sides. On the endpoint, where much of the battle against ransomware tends to be fought, is prevention a lost battle? Regardless of hopes for better prevention, it is clear that the ability to detect and respond is as important as ever, so we'll discuss how security operations should be positioning themselves. This segment is sponsored by Fortinet. Visit https://securityweekly.com/fortinet to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw237

Cyber Hat Trick: How Ransomware Gangs Exfiltrate, Encrypt & Exploit - Matt Cauthorn - ESW #237
Exfiltrate. Encrypt. Exploit. In 2021, ransomware attackers moved beyond exfiltrating and encrypting data to extract a ransom, working to compromise the victim's build server to introduce an exploit through which to launch large scale attacks. VP of Cloud Security Matt Cauthorn joins Security Weekly to walk through the lateral movements these attackers use to pull off the Cyber Hat Trick. This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw237

The State of Cybersecurity & Destigmatizing Reporting Security Vulnerabilities - BSW #226
In the Leadership and Communications section for this week: 10 security tools all remote employees should have, 1 in 4 security teams report to CIOs, but would benefit from CISO leadership, state of cybersecurity survey results, destigmatizing reporting security vulnerabilities and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw226

OT Security for Critical Infrastructure and Why It Is Not "Intuitive" - Edward Liebig - BSW #226
The IT and operational technologies of critical infrastructure are under attack. The "general expectation" from the public and lawmakers is "fix it already" but we will discuss why this expectation is yet to be fully met. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw226

PunkSpider, Bug Bounties, RCE in PyPI, Kernel Pwning With eBPF, & Top Vulns From CISA - ASW #160
This week in the AppSec News: PunkSpider coming to DEF CON, Google matures its VRP, $50K bounty for an access token, RCE in PyPI, kernel vuln via eBPF, top vulns reported by CISA, & the importance of testing! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw160

Platform Firmware Security - Maggie Jauregui - ASW #160
Firmware security is complex and continues to be an industry challenge. In this podcast we'll talk about the reasons firmware security remains a challenge and some best practices around platform security. Segment Resources: - https://www.helpnetsecurity.com/2020/04/27/firmware-blind-spots/ - https://www.helpnetsecurity.com/2020/09/28/hardware-security-challenges/ - https://darkreading.com/application-security/4-open-source-tools-to-add-to-your-security-arsenal - https://chipsec.github.io Hardware Hacking created by Maggie: https://securityweekly.com/wp-content/uploads/2021/08/eArt-2.png Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw160

PetitPotam Attack, History of RickRolling, & Foxit PDF Vulns - PSW #704
This week in the Security News: From a stolen laptop to inside the company network, the essential tool for hackers called "Discord", fixin' your highs, hacking DEF CON, an 11-year-old can show you how to get an RTX 30 series, broadcasting your password, to fuzz or not to fuzz, a real shooting war, evil aerobics instructors, the return of the PunkSpider, No Root for you, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw704

Cyber-Physical Attacks - Michael Welch - PSW #704
Join Michael Welch for a discussion on the ramifications a cyber-physical attack can have on ill prepared organizations. As a third-party expert, Michael can speak to: • The importance of being aware of the widening attack surface due to an inter-connected world of cyber-physical security. • The critical need to have the right solutions in place to thwart bad actors from gaining access to a physical system. • The security considerations organizations, specifically in the healthcare and critical infrastructure sectors, should address to circumvent cyber-physical attacks. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw704

The B Is for Business - Alyssa Miller - PSW #704
Alyssa will discuss the growing trend of organizations implementing Business Information Security Officers. We'll talk about how the BISO builds bridges between the security and business organizations that DevSecOps shared-responsibility culture. We'll dive into Alyssa's career progression and the lessons she learned along the way the prepared her for this high level leadership role. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw704

Aqua Security, Clearview AI, Threat Stack EKS Support, & Security Summit 2021 - ESW #236
This week in the Enterprise News: Aqua Security Introduces new Aqua Platform, Decryption Tools, Security Summit 2021: Google expands Trusted Cloud, Clearview AI raises $30M to accelerate growth in image-search technology, & more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw236

Tanium for Incidents: How the Best Defense Gets Better: Part 2 - Stephanie Aceves - ESW #236
Security starts before detection, it starts before investigations. Mature security teams understand the importance of good hygiene and take proactive measures to secure themselves against the ever-increasing threat landscape. Join us this week as Stephanie Aceves, Threat Response SME Lead, talks through a holistic approach to security using the Tanium platform approach. Learn why the best security teams rely heavily on Tanium to get smarter, faster, better in responding to threats and how your organizations can do the same. For folks interested in a trial of Tanium, check out https://try.tanium.com/ To stay connected with Tanium's Endpoint Security Specialist team, join our community site: https://community.tanium.com/s/ues-discussion-group or find us on Slack: https://docs.google.com/forms/d/e/1FAIpQLSf56reMK4BQPkoLO4MTp-QPMJsxOlJD-MqargZxhW3kNsA3dA/viewform?usp=sf_link This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw236

Need for CyberSecurity Training Programs/Role Cyber Professionals Play - Da-Wyone Haynes - ESW #236
Brief chat around the rise in Ransomware attacks, campaigns against our Infrastructure, the deficit in Cyber Talent, and how we could address the issue by extending Corporate Cyber Training programs to extend past the Corporate boundary. Segment Resources: https://www.aegon.com/home/ https://talklou.com/ https://www.infragardnational.org/ https://inl.gov/critical-infrastructure-protection-training/ https://www.ymcalouisville.org/chestnut/kids-and-teens/black-achievers.html https://www.techgirlz.org/ Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw236

Catching Up W/Priya on Recent Litigation and Proposed Legislation: Part 2 - SCW #81
Priya Chaudhry joins us today as co-host and we are eager to catch up with her and get her legal perspective on recent litigations and proposed legislation that impacts our world of security and compliance. Hear ye, Hear ye! The court is now in session. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw81

Catching Up w/Priya on Recent Litigation & Proposed Legislation: Part 1 - SCW #81
Priya Chaudhry joins us today as co-host and we are eager to catch up with her and get her legal perspective on recent litigations and proposed legislation that impacts our world of security and compliance. Hear ye, Hear ye! The court is now in session. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw81

Security Is a Barrier & Incentive, Theatrical Meetings, & Cybersecurity Salaries - BSW #225
In the Leadership and Communications section for this week: In modernization, security is a barrier and an incentive, Federal CISO DeRusha Maps FISMA Reform Priorities, Cybersecurity salaries: What 8 top security jobs pay, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw225

Security Money - The Index Hits Another All Time High - BSW #225
Both the Security Weekly 25 Index and the NASDAQ close at record highs on 7/23/2021. See how the security market continues to stay hot. The current companies in the Security Weekly 25 Index: SCWX PANW CHKP SPLK NLOK FTNT AKAM FFIV ZS PFPT FEYE QLYS VRNT CYBR TENB SAIL MIME NET CRWD NTCT VRNS RPD SUMO RDWR PING Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw225

CWE Top 25, Bugs in Inconstancies, Sequoia Vuln, Twitter Transparency, & Cloud Risks - ASW #159
This week in the AppSec News: CWE releases the top 25 vulns for 2021, findings bugs in similar code, Sequoia vuln in the Linux kernel, Twitter transparency for account security, a future for cloud security, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw159

Navigating the Seas of Security in Serverless Functions - Peter Klimek - ASW #159
Adoption of serverless functions is rapidly growing, which means security teams will be challenged to deliver protection for data and applications in these complex environments in the coming months and years. Peter Klimek is helping Imperva customers address these challenges and will offer guidance on how to get protection for functions without slowing DevOps. Segment Resources: Details on Imperva Serverless Protection: https://www.imperva.com/company/press_releases/imperva-launches-new-product-to-secure-serverless-functions-with-visibility-into-the-application-layer-code-level-vulnerabilities/ Free trial of the product: https://www.imperva.com/serverless-protection-demo This segment is sponsored by Imperva. Visit https://securityweekly.com/imperva to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw159

Windows Vulns Galore, Homoglyph Domains, Pegasus, & "Trust No One"! - PSW #703
This week in the Security News: Trust no one, its all about the information, so many Windows vulnerabilities and exploits, so. many., Saudi Aramco data for sale, Sequoia, a perfectly named Linux vulnerability, is Microsoft a national security threat?, Pegasus and clickless exploits for iOS, homoglyph domain takedowns, when DNS configuration goes wrong and a backdoor in your backdoor!Trust no one, its all about the information, so many Windows vulnerabilities and exploits, so. many., Saudi Aramco data for sale, Sequoia, a perfectly named Linux vulnerability, is Microsoft a national security threat?, Pegasus and clickless exploits for iOS, homoglyph domain takedowns, when DNS configuration goes wrong and a backdoor in your backdoor! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw703

CyberMarket & Democratisation/Globalisation of CyberSecurity Consulting - Gordon Draper - PSW #703
CyberMarket.com is a marketplace where CyberSecurity Consultancies and clients can find each other. There is a growing trend where CyberSecurity Consultants recognize the gap between what they are worth to a consultancy as being sold out for a daily rate compared to what they get paid. There are a number of consultants who are leaving consultancies to start the next generation of independent / boutique consultancies but they don't have a sales pipeline and sales staff like their old consultancies do. CyberMarket.com is a place to help facilitate the sales pipeline for cybersecurity consultancies of various sizes. Segment Resources: https://www.cybermarket.com There is a blog at https://www.cybermarket.com/homes/blog where an article to help people to start up their own cybersecurity consultancy can be found. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw703

Online Safety & Security: Dating Apps & Online Marketplaces - Jeff Tinsley - PSW #703
Safety in online dating spaces is an issue the dating industry has grappled with for some time; with the surge of dating app usage during the pandemic, the demand for dating apps to take responsibility and ensure safer online interactions is at an all-time high. RealMe is a technology platform that hopes to solve this problem on dating apps (and other online marketplaces) by providing in-app background checks that aggregate publicly available information on criminal records, sex offender status, personal reviews, and more. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw703

Why Transparency Matters & Web Application Prioritization - Mark Ralls, Wayne Haber - ESW #235
The shift away from web application security, caused by the pandemic and the focus on remote workforces, resulted in an increased number of web vulnerabilities. In this segment, Mark talks about the best starting point for organizations to get back on track and prioritize your web app security. This segment is sponsored by Acunetix. Visit https://securityweekly.com/acunetix to learn more about them! Security can be somewhat of a mystery at a lot of organizations. Most companies choose to be tight-lipped about the security measures they have implemented. Rightfully so, there is an underlying fear that publicizing your security efforts could make you more vulnerable to security attacks and damage your reputation with your customers. However, there is another way. Transparency can be your ally in security. This segment is sponsored by GitLab. Visit https://securityweekly.com/gitlab to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw235

Rapid7 Acquires Intsights, Intezer Refines Malware Analysis, & Funding News - ESW #235
In the Enterprise News, SafeBreach adds support for new advanced attacks to the Microsoft Defender for Endpoint evaluation lab, Stellar Cyber XDR Kill Chain allows security analyst teams to disrupt cyberattacks, Bugcrowd Awarded U.S. Patents for Crowd-Enabled Vulnerability Detection, Microsoft puts PCs in the cloud with Windows 365, some funding and acquisition updates from Sysdig, AttackIQ, Stytch, SentinelOne, & more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw235

Reinventing Asset Inventory for Security - Ed Rossi - ESW #235
Security teams relying on asset inventory from their IT counterparts can be a challenge due to a lack of security context for assets. This gap can lead to missed opportunities to identify and fix asset-centric issues like EOL or unauthorized software that they can address even before running their vulnerability management program. Ed will discuss the role asset inventory plays in your overall security strategy. This will include the importance of security context for IT assets, which teams benefit from the information, how to identify and assess the health of critical databases and how to effectively implement a cybersecurity asset management practice. Segment Resources: CSAM free trial: https://www.qualys.com/forms/cybersecurity-asset-management/ CSAM video overview: https://vimeo.com/551723071 Webpage: https://www.qualys.com/apps/cybersecurity-asset-management/ This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw235

Your Security Is ALWAYS in Scope, Part 2 - Joseph Kirkpatrick - SCW #80
Our client was using a hosted service to perform remote monitoring and management and resisted its inclusion in the audit scope. The vendor's external scans revealed critical vulnerabilities. Prior to a highly-publicized breach, the vendor said no auditor had ever included their service in the scope of their audits. We will explore attitudes that keep critical security controls out of scope. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw80