PLAY PODCASTS
Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video)

4,876 episodes — Page 45 of 98

Your Security Is ALWAYS in Scope, Part 1 - Joseph Kirkpatrick - SCW #80

Our client was using a hosted service to perform remote monitoring and management and resisted its inclusion in the audit scope. The vendor's external scans revealed critical vulnerabilities. Prior to a highly-publicized breach, the vendor said no auditor had ever included their service in the scope of their audits. We will explore attitudes that keep critical security controls out of scope. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw80

Jul 21, 202135 min

Know Cybersecurity & Drive Innovation Through Operational Excellence - BSW #224

This week in the Leadership and Communications section, How much does a CEO or business leader need to know about cybersecurity, How businesses can drive innovation while delivering operational excellence, 6 resume mistakes CISOs still make, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw224

Jul 21, 202126 min

Aligning Cyber Risk to Business Risk Through Automation - Padraic O'Reilly - BSW #224

In light of recent events and the pressures of the digital world, the landscape is finally shifting towards risk. The opportunity for cyber risk profiling, standardization, and seamless collaboration between CISOs, CIOs, and business-side leadership has come. Padraic O'Reilly, Co-Founder and CPO of CyberSaint discusses what he's learned from working with members of the Global 500 to achieve truly continuous compliance and risk management, and how CyberSaint is delivering Cyber Risk Automation with it's CyberStrong platform. Segment Resources: CyberSaint website: www.cybersaint.io Gartner Cool vendor report: https://www.cybersaint.io/gartner-cool-vendor-in-cyber-it-risk-management-download This segment is sponsored by CyberSaint. Visit https://securityweekly.com/cybersaint to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw224

Jul 20, 202131 min

Code Comments, Decision Trees, Windows Hello, Telegram Analysis, & Cloud Risks - ASW #158

This week in the AppSec News: Security from code comments, visualizing decision trees, bypassing Windows Hello, security analysis of Telegram, paying for patient bug bounty programs, cloud risks, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw158

Jul 20, 202138 min

The Role of Open Source in DevSecOps - David DeSanto - ASW #158

In the wake of events such as the Solarwinds breach, there has been a lot of misinformation about the role of open source in DevSecOps. GitLab believes everyone benefits when everyone can contribute. Open source plays a key role in how GitLab addresses DevSecOps. We will discuss GitLab's view of the role of open source in DevSecOps including recent contributions to the open source community as well as GitLab's plans for the future. This segment is sponsored by GitLab. Visit https://securityweekly.com/gitlab to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw158

Jul 19, 202136 min

Ransomware Task Force, Year of the Linux Desktop?, & Ring Doorbell Encryption - PSW #702

The White House announces a Ransomware Task Force, how much money Microsoft has paid out to security researchers last year, Amazon rolls out encryption for Ring doorbells, how a backdoor in popular KiwiSDR product gave root to a project developer for years, Trickbot Malware returns with a new VNC Module to spy on its victims, and some of the absolute funniest quotes about cyber security & tech in 2021! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw702

Jul 18, 20211h 16m

The Journey from Network Security Engineer to Podcast Host - Jack Rhysider - PSW #702

In this segment of Paul's Security Weekly, Paul and crew interview Jack Rhysider about how he got his start in Information Security, the projects and careers he worked on over the years, and how he transitioned from a Network Security Engineer to the host of Darknet Diaries Podcast. Segment Resources: https://darknetdiaries.com/ Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw702

Jul 17, 20211h 0m

The BIOS Disconnect - Scott Scheferman - PSW #702

Eclypsium researchers identified vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS. This disconnect impacted 129 Dell models of consumer and business laptops, desktops, and tablets, including devices protected by Secure Boot and Dell Secured-core PCs. With cyber-attacks on the rise, firmware security, while often overlooked, might be the next battleground for attackers who continue to target enterprise VPNs and other network devices. Segment Resources: https://eclypsium.com/2021/06/24/biosdisconnect/ This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw702

Jul 17, 20211h 3m

All Our Devices and Privacy on the Web - Deepika Gajaria, Scott Scheferman - ESW #234

Against the ubiquitous backdrop of Zero Trust initiatives, we have all come to accept the motto of "Verify, then trust". Yet, here we are building an entire stack of Zero Trust enabled technologies, upon a broken implicit-trust foundation. Nowhere is this risk more apparent, than at the device and firmware level. Indeed this is why both nation-state and criminal actors have converged upon a strategy that combines supply chain attack dynamics, with readily exploitable devices. This allows them to impart maximum impact against victim organizations, and even those victim's downstream partners and customers. In order to address this evolving threat, organizations must take back security control of their devices, and stop trusting the fox that has quite frankly, become the hen house. This segment is sponsored by Eclypsuim. Visit https://securityweekly.com/eclypsium to learn more about them! Data privacy and Web security teams are converging across enterprises and we are seeing more Privacy use cases like cookie banner consent and limiting data sharing (vendors like Facebook, Google etc. are capturing sensitive user data, accessing cameras, microphones, geolocation etc.) via security policies, under the security teams purview. At Tala we offer a Privacy scan that gives enterprises a full view of which vendors have access to sensitive data and how this data is being shared. This in turn helps set the right security controls in place. This segment is sponsored by Tala Security. Visit https://securityweekly.com/talasecurity to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw234

Jul 16, 202141 min

Microsoft Acquires RiskIQ, Rapid7 InsightCloudSec, & Bitdefender eXtended EDR - ESW #234

In the Enterprise News, Contrast Security partners with Secure Code Warrior, Bandura releases the Cyber Intelligence Marketplace, Illumio beefs up zero-trust security with automated policy enforcement, Rapid7 Launches InsightCloudSec to Automate Continuous Security and Compliance, Leaked email shows Tanium just lost its fourth chief marketing officers in five years, Bitdefender launches eXtended EDR platform, ThycoticCentrify Releases a new version of Server Suite, Outpost24 acquires threat intelligence solution Blueliv, Microsoft acquires RiskIQ, Cybereason raises $275 million led by Steven Mnuchin's VC fund, and Arctic Wolf triples valuation and raises an additional $150m! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw234

Jul 16, 202132 min

Gas South and ExtraHop- A Journey of Security Partnership - Rajiv Thomas - ESW #234

Gas South and Extrahop have partnered to give Gas South visibility in areas of the network that are normally invisible or dark to the regular network team. To learn more about ExtraHop, visit: https://securityweekly.com/extrahop Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw234

Jul 15, 202132 min

HIP, HIP, HIPAA, Part 2 - Jordan Wiseman - SCW #79

We'll start with a brief discussion of what HIPAA and is not (e.g., it's doesn't prevent your employer from ask you about your health). Then discuss recent developments like ongoing how ransomware attacks are targeting healthcare and, when successful, are reportable breaches; and the recent final rule on interoperability and information blocking that went into effect on April 5th. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw79

Jul 15, 202136 min

HIP, HIP, HIPAA, Part 1 - Jordan Wiseman - SCW #79

We'll start with a brief discussion of what HIPAA and is not (e.g., it's doesn't prevent your employer from ask you about your health). Then discuss recent developments like ongoing how ransomware attacks are targeting healthcare and, when successful, are reportable breaches; and the recent final rule on interoperability and information blocking that went into effect on April 5th. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw79

Jul 14, 202137 min

Can XDR Solve Ransomware? - Maurice Stebila - BSW #223

Every day brings news of more breaches and ransomware attacks. Why are organizations failing to protect themselves, and what can we do to combat these cybersecurity threats? Technological advances, such as XDR and AI-driven threat monitoring, offer a way to thwart attackers in an ever-evolving security landscape. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw223

Jul 14, 202130 min

CISO Wishes and Initiatives, Risk of Disconnect, and Cyber Insurance Rises - BSW #223

In the Leadership and Communications section, 3 Things Every CISO Wishes You Understood, What is the BISO role and is it necessary?, Cyber insurance costs up by a third, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw223

Jul 13, 202131 min

Web App and API Security Needs to Be Modernized: Here's How - Sean Leach - ASW #157

The truth is, most web app and API security tools were designed for a very different era. A time before developers and security practitioners worked together, before applications were globally distributed and API-based. But attackers are developers too, and they aren't bogged down by the limitations of legacy solutions. It's never been more clear that it's time for a change. Sean will outline new rules for web application and API security that respect the way modern applications are built. https://www.fastly.com/blog/the-new-rules-for-web-application-and-api-security This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw157

Jul 13, 202128 min

Password Mismanager, Trusted Types vs. DOM XSS, PrintNightmare, & Fault Injections - ASW #157

In the AppSec news, a password manager makes predictable mistakes, Trusted Types terminate DOM XSS, waking up from PrintNightmare, understanding hardware fault injections. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw157

Jul 13, 202144 min

LinkedIn Breach, Bitcoin From Banks, PrintNightmare, & NFC Flaws in ATMs - PSW #701

This week in the Security News: LinkedIn breach exposes user data, Why MTTR is Bad for SecOps, 3 Things Every CISO Wishes You Understood, USA as a Cyber Power, is ignorance bliss for hackers, flaws let you hack an ATM by waving your phone, PrintNightmare, Bitcoins from Banks and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw701

Jul 4, 20211h 12m

The Rise of Sim Swapping - Haseeb Awan - PSW #701

80% of SIM-Swap attacks are successful. This could lead to greater financial loss and loss of social status since this is where hackers latch onto. The statistics are true and spreading like a wildfire. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw701

Jul 3, 202149 min

New Security Threats Stemming from PII Online - Rob Shavell - PSW #701

Deep dive on the data broker industry, and how new threats are stemming from the widespread availability of employee/personal information publicly for sale at data broker websites. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw701

Jul 3, 202151 min

MalWare Labs and Why You Should Challenge Shift-Left Testing - Mario Vuksan, Rickard Carlsson - ESW #233

Threat hunters are under increased pressure to rapidly analyze, classify, detect and respond to malicious files. ReversingLabs is stepping forward to address these needs with its new Malware Lab Solution. The ReversingLabs Malware Lab solution powers the next generation of threat hunting by delivering a unique combination of static and dynamic analysis capabilities at scale to identify malicious files including those in the software supply chain. This segment is sponsored by Reversing Labs. Visit https://securityweekly.com/ReversingLabs to learn more about them! The development life cycle as we know it is rapidly changing, and today's AppSec testing needs to keep up with shorter and faster processes. A shift-left approach is no longer enough to protect web assets - you need much more dynamic tools and ways of working. This segment is sponsored by Detectify. Visit https://securityweekly.com/detectify to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw233

Jul 2, 202140 min

Noname Security, JFrog Acquires Vdoo, Micro Segmentation, & AWS Buys Wickr - ESW #233

This week, In the Enterprise News, Atos launches thinkAI, AWS welcomes Wickr to the team, U.S. DoD approves two (ISC)² certifications as requirements for staff, JFrog to acquire Vdoo, & more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw233

Jul 2, 202141 min

Why DAST - from Project Management Perspective - Suha Akyuz - ESW #233

More than 96% of software development projects fail across the globe because too many businesses rely on the legacy DevOps process which allows us to run security testing right before going to production. Using the legacy DevOps can lead to a downfall of the project management triangle (Budget, Scope, and Time). However, with more efficient use of dynamic application security testing tools (DAST) in every single stage/sprint, the legacy DevOps can be transformed into DevSecOps, in turn preventing our projects from failing. This segment is sponsored by Netsparker. Visit https://securityweekly.com/netsparker to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw233

Jul 1, 202130 min

CARES Act Fraud, Paying People & Fraudsters, Part 2 - Steve Lenderman - SCW #78

We will review how synthetics are being utilized to perpetrate pandemic related frauds in the Payroll Protection Program and Unemployment Insurance. An overview of the government programs will take place with the controls that were in place, how they were compromised, by who and what you can do to remediate risk. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw78

Jul 1, 202140 min

CARES Act Fraud, Paying People & Fraudsters, Part 1 - Steve Lenderman - SCW #78

We will review how synthetics are being utilized to perpetrate pandemic related frauds in the Payroll Protection Program and Unemployment Insurance. An overview of the government programs will take place with the controls that were in place, how they were compromised, by who and what you can do to remediate risk. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw78

Jun 30, 202137 min

Boardroom Perspectives, Greater Business Understanding, & Preventing Burnout - BSW #222

In the Leadership and Communications section: Cybersecurity today requires greater digital and business understanding, 12 skills business continuity managers need to succeed, SOC burnout is real: 3 preventative steps every CISO must take, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw222

Jun 30, 202128 min

The Year of Hybrid - Jim Richberg - BSW #222

For the private sector and government alike, 2021 is proving to be a year of transition and refocused activity. A year of hybrid activity - from cyber threats to IT approaches. Segment Resources: https://www.fortinet.com/blog This segment is sponsored by Fortinet. Visit https://securityweekly.com/fortinet to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw222

Jun 29, 202135 min

Semgrep, Microsoft Signs With Rootkits, ATT&CK/D3FEND, & Injured Android - ASW #156

This week in the AppSec News: Visual Studio Code's Workplace Trust, Injured Android an insecure mobile app, Microsoft accidentally signed driver with rootkits, The NSA funds a new sister Matrix to ATT&CK: D3FEND, & "Ransomware: maybe it's you, not them?", and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw156

Jun 29, 202138 min

Scaling Your Application Security Program - Clint Gibler - ASW #156

In this segment with Clint Gibler, learn: * Why secure defaults are higher ROI than finding vulnerabilities * How modern AppSec teams are working with their engineering counterparts * Targeting vulnerability classes, avoiding bug whack-a-mole * The latest innovations in lightweight static analysis Segment Resources: https://semgrep.dev/ https://github.com/returntocorp/semgrep https://github.com/returntocorp/semgrep-rules 2020 GlobalAppSec SF https://docs.google.com/presentation/d/14PjOViz2dE6iToOyoFk_BQ_RUfkEHGX-celIiybDQZA/edit https://tldrsec.com/ Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw156

Jun 28, 202138 min

Thermostat Hijacking, MA Androids, Windows 11, Hacking Pelotons, & John McAfee - PSW #700

In the Security News for this week Paul and the crew talk: Windows 11, Drive-by RCE, Cookies for sale, McAfee has passed away, 30 Million Dell Devices at risk, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw700

Jun 27, 20211h 16m

CFAA: Recent US Supreme Court Case Van Buren v. US - Thomas Lonardo - PSW #700

Brief history and purpose of the CFAA. Discussion of the majority and dissenting "Van Buren" opinion. Implications for the computer forensic and security profession. Segment Resources: https://www.supremecourt.gov/opinions/20pdf/19-783_k53l.pdf Prosecuting Computer Crimes DOJ,: https://www.justice.gov/sites/default/files/criminal-ccips/legacy/2015/01/14/ccmanual.pdf "Computer Crime and Intellectual Property Section DOJ": https://www.justice.gov/criminal-ccips/ccips-documents-and-reports Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw700

Jun 26, 20211h 2m

Career Pathing and Advice From Offensive Security - Jim O'Gorman - PSW #700

Offensive Security expert Jim O'Gorman talks through his own career progression and training, revealing what it takes to be successful in infosec. He also covers key learning tracks and gives concrete examples of job roles available to those who prove themselves through industry certifications and other means. This segment is sponsored by Offensive Security. Visit https://securityweekly.com/offSec to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw700

Jun 26, 202157 min

SentinelOne IPO, Cloudflare Integrations, D3FEND, & Rumble Network Discovery - ESW #232

This week In the Enterprise News: Smoothwall Acquires eSafe Global, LookingGlass Cyber Announces Acquisition of AlphaWave, Vectra Launches Detect for AWS, SentinelOne announces IPO, & Building a Better Internet with Code BGP, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw232

Jun 25, 202131 min

How Teams Can Reduce the Visibility Gap - Brendon Macaraeg - ESW #232

Security is a shared responsibility, but teams need to know what's really going on in production with their web apps and APIs, as it's happening, in order to achieve the reliable security that companies crave. In this podcast, Brendon Macaraeg will focus on the mission-critical need for real-time visibility. As many teams no longer work in the same room side by side, the role visibility plays today — and will continue to play in the future — can no longer be ignored. And it's not just a shift toward distributed work that's creating this increased need for information: while security teams may have more application security tools than ever before, very few of them will actually provide visibility into the important decisions they need to make, like which alerts to triage or which APIs are being targeted. Brendon will discuss why companies need to quickly move past legacy technologies that have limited visibility, to instead more active observability tools that provide real insights to act upon — allowing developers and IT security teams to collaborate in real time. This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw232

Jun 25, 202131 min

How Criminals Use Cloud Apps to Inject Chaos Into Work Environments - Doni Brass - ESW #232

In 2020, cyber criminals used cloud apps, the cover of a pandemic, and a newly embraced work-from-home culture to serve up ransomware, steal data, and disrupt how companies do business. The year is over, but the challenges and risks remain. In this interview featuring Cisco's Doni Brass, we lay out how companies and their IT teams can stave off threats in the cloud app discovery process, stop data from landing in the wrong hands, and identify and block cloud malware that can cost both time and treasure! Segment Resources: What attacks aren't you seeing? - https://learn-umbrella.cisco.com/ebook-library/what-attacks-arent-you-seeing?utm_medium=media-article&utm_source=sc-magazine&utm_campaign=umb-fy21-q3-na-0201-paid-media-sc-magazine-podcast&utm_term=pgm&utm_content=umb-fy20-q3-content-ebook-what-cyber-attacks-arent-you-seeing The modern cybersecurity landscape: Scaling for threats in motion - https://learn-umbrella.cisco.com/technical-paper-library/the-modern-cybersecurity-landscape-scaling-for-threats-in-motion?utm_medium=media-article&utm_source=sc-magazine&utm_campaign=umb-fy21-q3-na-0201-paid-media-sc-magazine-podcast&utm_term=pgm&utm_content=umb-fy21-q2-content-technical-papers-the-modern-cybersecurity-landscape Cloud Security Buyers Guide - https://learn-umbrella.cisco.com/ebook-library/cloud-security-buyers-guide?utm_medium=media-article&utm_source=sc-magazine&utm_campaign=umb-fy21-q3-na-0201-paid-media-sc-magazine-podcast&utm_term=pgm&utm_content=umb-fy21-q2-content-ebook-cloud-security-buyers-guide This segment is sponsored by Cisco Umbrella. Visit https://securityweekly.com/ciscoumbrella to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw232

Jun 24, 202134 min

Value & Importance of Cybersecurity Certification for Professionals, Part 2 - Casey Marks - SCW #77

Join Dr. Casey Marks' discussion of the merits of cybersecurity certification and learn whether and how it provides training or proves experience or both, the pros and cons, how to start or approach getting certified, and more. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw77

Jun 24, 202139 min

Value & Importance of Cybersecurity Certification for Professionals, Part 1 - Casey Marks - SCW #77

Join Dr. Casey Marks' discussion of the merits of cybersecurity certification and learn whether and how it provides training or proves experience or both, the pros and cons, how to start or approach getting certified, and more. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw77

Jun 23, 202132 min

CIO Succession, Hidden Costs, 10 Leadership Habits, & 5 Key Ingredients - BSW #221

This week, In the Leadership and Communications section, What is the hidden cost of maintaining legacy systems?, 10 Leadership Habits of Highly Effective Leaders, 5 Key Ingredients to Finding Satisfaction and Fulfillment in Your Work, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw221

Jun 23, 202128 min

Making the Case for Supply Chain Behavior Transparency - Ben Higgins, Ted Driggs - BSW #221

The Biden Cyber Executive Order includes a Software Bill of Materials that is a critical and necessary first measure for protecting the software supply chain. To defend against cyber attacks, such as the ones that impacted SolarWinds and the Colonial Pipeline, organizations also need transparency about the behaviors of the software in their supply chain––how, and with whom, they are engaging in and outside of their networks. Ben Higgins and Ted Driggs of ExtraHop join Security Weekly to explore how behavior transparency can give organizations an advantage by distinguishing between expected noise and indications of compromise. This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them or visit https://www.extrahop.com/behaviourtransparency to learn more about behavior transparency! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw221

Jun 22, 202132 min

Supply Chain Integrity, Format Strings, Systemd Bug, Instagram Bounty, & Refactoring - ASW #155

This week in the AppSec Weekly News John and Mike discuss: SLSA framework for supply chain integrity, Wi-Fi network of doom for iPhones, seven-year old systemd privesc, $30K for an API call, Codecov refactors from Bash, using the AST to refactor Python, shifting left and right, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw155

Jun 22, 202135 min

Challenges of DAST Scanners / Adoption by Developers - Nuno Loureiro, Tiago Mendo - ASW #155

What are some of the DAST scanners challenges, like coverage of modern apps, point & shoot, scan time, partial scans, or scanning at scale? What do developers look for in a DAST scanner? This segment is sponsored by Probely. Visit https://securityweekly.com/probely to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw155

Jun 21, 202139 min

Web Cache Poisoning - Timur Guvenkaya - PSW #699

This presentation will cover how incorrect implementation of caching mechanism within web application might lead to the Web Cache Poisoning vulnerability that can potentially affect all the users using the web application. Segment Resources: www.netsparker.com This segment is sponsored by Netsparker. Visit https://securityweekly.com/netsparker to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw699

Jun 21, 20211h 6m

"Eavesdropping Cameras", Ransomware Poll Results, Windows 11, & CVS Records Leak - PSW #699

This week in the Security News: Jeff, Larry, & Doug adjust to our Adrian Overlord! Ransomware galore, Ransomware Poll Results, Windows 11 & Windows 10's End-Of-Life, Drones that hunt for human screams, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw699

Jun 19, 20211h 7m

Avoiding the Silo: Bridging the Divide Between Security + Dev Teams - Brian Joe - PSW #699

Too often, developers and security teams have a siloed relationship. That separation can lead to inefficiencies and gaps in security across software development, ultimately leading to anything from bad user experiences to hits to the bottom line. How can teams bridge that gap, and evolve from gatekeepers of their own projects, to partners working in harmony toward a shared goal? In this podcast, Brian Joe will focus on the most overlooked factors in evaluating an organization's InfoSec posture and what development and security teams can do to foster a mutually beneficial partnership and transition from a traditional security team model to a more collaborative one. In doing so, he'll highlight the most common pitfalls of a siloed approach — and what companies can do to avoid them. This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw699

Jun 19, 20211h 9m

Tanium for Incidents. How the Best Defense Gets Better: Part 1 - ESW #231

Security starts before detection, it starts before investigations. Mature security teams understand the importance of good hygiene and take proactive measures to secure themselves against the ever-increasing threat landscape. Join us this week as Russ From, Enterprise Services Lead, talks through a holistic approach to security using the Tanium platform approach. Learn why the best security teams rely heavily on Tanium to get smarter, faster, better in responding to threats and how your organizations can do the same. For folks interested in a trial of Tanium, check out: https://try.tanium.com/ To stay connected with Tanium's Endpoint Security Specialist team, join our community site: https://community.tanium.com/s/ues-discussion-group or find us on Slack: https://docs.google.com/forms/d/e/1FAIpQLSf56reMK4BQPkoLO4MTp-QPMJsxOlJD-MqargZxhW3kNsA3dA/viewform?usp=sf_link This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw231

Jun 18, 202134 min

RSA Outseer, Elisity Zero Trust, Contrast Scan, & SOAR Soup - ESW #231

This week, In the Enterprise News Paul and the crew talk: Zero trust networking startup Elisity raises $26M , Contrast Security Launches Contrast Scan, Vectra Launches Detect for AWS, SOAR Is an Architecture, Not a Product, & Deloitte Acquires Cloud Security Posture Management, & more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw231

Jun 18, 202129 min

Open Source Enterprise Communication Security - Ian Tien - ESW #231

Data security is more important than ever for enterprise organizations -- but in a time where data breaches have become common, it's also more challenging than ever. Mattermost co-founder and CEO Ian Tien shares how leveraging open source software can help enterprises work more securely by allowing organizations to maintain data sovereignty, inspect and evaluate source code, and adapt solutions to meet their security needs. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw231

Jun 17, 202129 min

Security Training, Evangelism, & Community Building, Part 2 - Danny Akacki - SCW #76

Join this segment with Danny Akacki to learn about educating both practitioners and executives on security topics of the day and helping to build community initiatives like trust groups and community groups like local DEF CON chapters. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw76

Jun 17, 202129 min

Security Training, Evangelism, & Community Building, Part 1 - Danny Akacki - SCW #76

Join this segment with Danny Akacki to learn about educating both practitioners and executives on security topics of the day and helping to build community initiatives like trust groups and community groups like local DEF CON chapters. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw76

Jun 16, 202136 min

Cliché Self-Help, RockYou2021, "Productive Procrastinators", & Attracting Talent - BSW #220

This week, In the Leadership & Communications articles: Attracting Talent During a Worker Shortage, CISOs Say Application Security is Broken, Three Steps to Harden Your Active Directory in Light of Recent Attacks, Demystifying RockYou2021, & more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw220

Jun 16, 202134 min