
Security Weekly Podcast Network (Video)
4,876 episodes — Page 47 of 98

AirTags & Threat Models, Qualcomm Modem Vuln, Exim RCE(s), & Binary Hardening - ASW #150
This Week in the AppSec News, Mike and John talk: "Find My threat model" with AirTags, Qualcomm modem vuln hits lots of Android, an Exim update patches lots of vulns, measuring hardened binaries, a maturity model for k8s, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw150

Delivering On the Promise of Application Security - Ankur Shah - ASW #150
While the vision for app security is relatively clear, executing on that vision is still somewhat of a work in progress. Fast-moving, interdependent pieces—custom code and open source packages, infrastructure and network configurations, user entitlements—make for complex systems. In this episode, we discuss the challenge in addressing each piece independently and consider how consolidated, multi-purpose tools may present an emerging solution. This segment is sponsored by Prisma Cloud/ Palo Alto Networks. Visit https://securityweekly.com/prismacloud to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw150

Job Expectations, Pi Password Thief, Python Masscan, & Pingback - PSW #693
This week in the Security Weekly News the crew talks: Pingback is back, was it ever really gone?, damn QNAP ransomeware, anti-anti-porn software, Qualcomm vulnerabilities, spreading pandas on Discord, the always popular Chinese APTs, exploits you should be concerned about, job expectations, westeal your crypto currency, quick and dirty python (without lists), new spectre attacks, Github says don't post evil malware and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw693

Biden Administration EO on Cyber - Jim Langevin - PSW #693
US Congressman Jim Langevin joins to talk about Executive Orders, International Interest in Cyber, & more in this gripping interview! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw693

Building a Risk-Based Vulnerability Management Program - Bob Erdman - PSW #693
Risk-based vulnerability management is more than just a vulnerability scan or assessment. It incorporates relevant risk context and analysis to prioritize the vulnerabilities that pose the greatest risk to your organization This segment will explore the elements of a successful vulnerability management program and impactful ways to build upon your foundation. Segment Resources: https://www.coresecurity.com/blog/how-mature-your-vulnerability-management-program https://www.coresecurity.com/blog/when-use-pen-test-and-when-use-vulnerability-scan https://www.digitaldefense.com/blog/infographic-risk-based-vulnerability-management/ This segment is sponsored by Core Security, A Help Systems Company. Visit https://securityweekly.com/coresecurity to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw693

JupiterOne, Signal Ad Banned, Series F Funding, & Imperva Acquires CloudVector - ESW #226
This week in the Enterprise Security News: Code42 enhances Incydr to help identify insider risk related to file uploads to unsanctioned websites, Imperva acquires CloudVector to provide visibility and security for API traffic, ThreatQuotient launches ThreatQ TDR Orchestrator to accelerate detection and response, KnowBe4 Launches Artificial Intelligence-Driven Phishing Feature, and some funding and acquisition updates from Thoma Bravo, Proofpoint, Darktrace, JupiterOne, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw226

Applications Are Your Lifeblood - Carlos Morales - ESW #226
Web applications have never been more critical to your business. Yet, the everchanging threat landscape, from the move towards the cloud, to the explosion of devices on the internet, to the effects of the pandemic, keeps shifting the playing field. Join Carlos Morales, CTO Security Services, Neustar, to hear about how cyber criminals are taking advantage of these changes and considerations for how best to de-risk your application environment, no matter where your apps are hosted. Segment Resources: Learn more about [Security Solutions at Neustar] https://www.home.neustar/security-solutions See our [Video] https://www.home.neustar/resources/videos/security-you-can-trust Read our new white paper: [The Changing Face of Web Application Security] https://www.home.neustar/resources/whitepapers/web-application-security-threats This segment is sponsored by Neustar. Visit https://securityweekly.com/neustar to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw226

The Rise of the SBOM - Steve Springett - ESW #226
Software Bill of Materials (SBOM) are used to describe the list of ingredients for the software that organizations create or acquire. There's a rapidly expanding community of adopters, implementers, and producers that are creating, consuming, and analyzing them en mass. What are the benefits of SBOMs and what types of risk that can be identified through their use? Segment Resources: https://cyclonedx.org/ https://www.ntia.gov/sbom https://owasp.org/scvs https://dependencytrack.org/ Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw226

Data Security Compliance & Virginia's New Privacy Law, Part 2 - Chris Pin - SCW #72
Just last month, Virginia became the second state in the U.S. to pass a privacy law – the Consumer Data Protection Act (CDPA). While this doesn't take effect until 2023, it's important for businesses to understand what it means for them and start preparing for data security compliance now. Chris Pin, VP of Security and Privacy at PKWARE, will be discussing: • How Virginia's law differs from CCPA and GDPR and the key points companies need to know • Where and how companies may need to enhance their data privacy policies and processes, and specifically how it's imperative to know the five W's of data: Who, What, Why, When, Where and one H, How • How companies should begin incorporating data discovery, data classification, data minimization, records of data processing activities, and data protection assessments as part of their everyday processes and controls, if they haven't already • Real life situations that businesses could find themselves in Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw72

Data Security Compliance & Virginia's New Privacy Law, Part 1 - Chris Pin - SCW #72
Just last month, Virginia became the second state in the U.S. to pass a privacy law – the Consumer Data Protection Act (CDPA). While this doesn't take effect until 2023, it's important for businesses to understand what it means for them and start preparing for data security compliance now. Chris Pin, VP of Security and Privacy at PKWARE, will be discussing: • How Virginia's law differs from CCPA and GDPR and the key points companies need to know • Where and how companies may need to enhance their data privacy policies and processes, and specifically how it's imperative to know the five W's of data: Who, What, Why, When, Where and one H, How • How companies should begin incorporating data discovery, data classification, data minimization, records of data processing activities, and data protection assessments as part of their everyday processes and controls, if they haven't already • Real life situations that businesses could find themselves in Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw72

Security Money - The Index is Still Going Strong - BSW #215
This week, it's my favorite segment, Security Money, where we update you on the latest security funding and performance of the public market. The Security Weekly 25 index is still going strong. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw215

The Benefits of CISO Peer-to-Peer Networks - Graham Keavney - BSW #215
Graham Keavney, President at Cybersecurity Collaboration Forum, joins us to provide an overview of the Cybersecurity Collaboration Forum and the benefits of CISO peer-to-peer networks. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw215

BadAlloc Vulns, Gatekeeper Bypass, & More Spectre in Micro-Op Caches - ASW #149
This week in the AppSec News: Microsoft discloses "BadAlloc" bugs, macOS Gatekeeper logic falters, authentication issues in KDCs and ADs, Spectre gains another vector, followup on the UMN Linux kernel vulns study! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw149

Why Developers Need to Think Differently About Software Security - Rey Bango - ASW #149
Rey will be digging into the developer security training conundrum based on his own experiences with secure coding and security training. He'll cover: • The types of security training that work • The role of security champions • How the security and development teams can work together to ensure code is create securely from the start Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw149

AirDrop Vulns, Linux Hypocrite Commits, Wi-Fi Code Execution, & We'll Miss You Dan - PSW #692
This week in the Security News, Penetration testing leaving organizations with too many blind spots, A New PHP Composer Bug Could Enable Widespread Supply-Chain Attacks, Apple AirDrop Vulnerability Exposes Users' Personal Information, Darkside Ransomware gang aims at influencing the stock price of their victims, Security firm Kaspersky believes it found new CIA malware, and a Hacker leaks 20 million alleged BigBasket user records for free! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw692

Smart Building Control System Cybersecurity - The Real World - Fred Gordy - PSW #692
Currently, in the United States, there are over 87 billion square feet of commercial real estate. Smart Building control systems pervasive throughout these buildings and helped increase efficiency, profitability, and the occupant experience. This increase of this technology has exponentially increased the attack surface of companies. In this episode, Fred Gordy will discuss findings, attacks, and IT-induced events that he and his team have seen from the thousands of assessments they have performed in the US, Canada, and overseas. He will also provide low-cost basic practices to decrease exposure to these events. Segment Resources: Intelligent Buildings - https://www.intelligentbuildings.com/ Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw692

Protecting the Hybrid Workforce - Fleming Shi - PSW #692
Fleming will cover the vulnerabilities of a hybrid workforce and how employees are now working from anywhere, not just their homes. Zero trust will play a large part in securing workforces in the future as well as password managers for corporate and personal use. He will expand his point of view on the topics in the prep call next week. This segment is sponsored by Barracuda Networks. Visit https://securityweekly.com/barracuda to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw692

Authentication vs. Authorization: Why Privileged Access Matters - Joseph Carson - ESW #225
Authentication and authorization might sound similar, but they are two distinct security processes. Joe Carson, Chief Security Scientist at Thycotic, joins us to discuss why privileges, not identities, are one of the biggest challenges for identity and access. Joe will share Thycotic's simple approach to solving privileged access. This segment is sponsored by Thycotic. Visit https://securityweekly.com/thycotic to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw225

HackerOne Enhances Platform, PANW Expands Unit 42, & More Funding - ESW #225
In the Enterprise News for this week: HackerOne Enhances Security Testing Platform, Palo Alto Networks Expands Unit 42 Cybersecurity Consulting Group, Thoma Bravo to take cyber security firm Proofpoint private, BlackRock, Tudor Group Back Cybersecurity Startup Deep Instinct, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw225

Collaboration Rules! Challenging Transparency in Modern App Sec - Rickard Carlsson - ESW #225
Rickard Carlsson, CEO at Detectify, joins us to talk about collaboration as the modern approach application security. During the discussion, we'll cover: - why organizations should challenge transparency and open up their security practices and information internally, - how to approach security as a collaborative effort (with some real-life examples), - and Detectify's vision of building a hub where security information and research is shared across the globe. Segment Resources: We recently published the ebook "A guide to modern web application security" for SaaS and tech organizations looking to bring their security up to speed with development. Download it here: https://blog.detectify.com/2021/04/09/modern-application-security-requires-speed-scale-and-collaboration/ This segment is sponsored by Detectify. Visit https://securityweekly.com/detectify to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw225

ATT&CK and CTID, Part 2 - Richard Struse - SCW #71
Richard Struse, Director of The Center for Threat-Informed Defense from MITRE Engenuity joins the SCW crew for a two part interview! -What is threat-informed defense and how does it relate to other aspects of cybersecurity -The importance of ATT&CK as a lens through which you can view your security posture -Center for Threat-Informed Defense R&D products aimed at helping defenders better assess the efficacy of the controls they have in place Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw71

ATT&CK & CTID, Part 1 - Richard Struse - SCW #71
Richard Struse, Director of The Center for Threat-Informed Defense from MITRE Engenuity joins the SCW crew for a two part interview! -What is threat-informed defense and how does it relate to other aspects of cybersecurity? -The importance of ATT&CK as a lens through which you can view your security posture. -Center for Threat-Informed Defense R&D products aimed at helping defenders better assess the efficacy of the controls they have in place. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw71

Outgunned CISOs, Cyberthreat Reports, & Effective Cyber Security Strategy - BSW #214
In the Leadership and Communications section, Outgunned CISOs navigate complex obstacles to keep rising attacks from turning into breaches, How to write a cyberthreat report executives can really use, Creating and rolling out an effective cyber security strategy, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw214

Cyber Accountability - Mathieu Gorge - BSW #214
Cyber accountability is often overlooked by Board of Directors and the C-Suite. They tend to turn a blind eye to their cyber security mandates or avoid the issue. But as Solarwinds, MS Exchange and many other security incidents prove it, it's not a strategy. Segment Resources: www.VigiTrust.com https://forbesbooks.com/mathieu-gorge/ Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw214

Signal Aesthetics, AirDrop Privacy, Safety vs. Security, & Data Ordering Attacks - ASW #148
This week in the AppSec News: Signal points out parsing problems, privacy preserving improvements to AirDrop, Homebrew disclosure, WhatsApp workflows, adversarial data ordering for ML, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw148

Deceptive Diffs From Subversive Submitters - ASW #148
We start with the article about "Researchers Secretly Tried To Add Vulnerabilities to Linux Kernel, Ended Up Getting Banned" and explore its range of issues from ethics to securing huge, distributed software projects. It's hardly novel to point out that bad actors can attempt to introduce subtle and exploitable bugs. More generally, we've also seen impacts from package owners who have revoked their code, like NPM leftpad, or who transfer ownership to actors who later on abuse the package's reputation, as we've seen in Chrome Plugins. So, what could have been a better research focus? In the era of more pervasive fuzzing, how much should we continue to rely on people for security code review? For additional resources please visit: Deceptive Diffs From Subversive Submitters - ASW #148 Featuring: John Kinsella (https://www.linkedin.com/in/jlkinsel), Mike Shema (https://www.linkedin.com/in/zombie). Read the research paper at https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw148

Feds Have a Busy Two Weeks, British Tween Takes On TikTok, & More Facebook Woes... - PSW #691
This week in the Security News, U.S Formally Attributes SolarWinds Attack to Russian Intelligence Agency, FBI Clears ProxyLogon Web Shells from Hundreds of Orgs, Justice Dept. Creates Task Force to Stop Ransomware Spread, Facebook faces mass legal action over data leak, and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw691

Encrypted Collaboration & Communication - Joel Wallenstrom - PSW #691
This conversation will introduce Wickr to the PSW listeners. Joel Wallenstrom will discuss the importance of end-to-end encrypted collaboration and communication as it relates to enterprise and federal space. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw691

Why Now is the Time for K-12 Cybersecurity Education - Kevin Nolten - PSW #691
With the U.S. facing a shortage of roughly 314,000 cybersecurity professionals in the workforce, according to CSIS, there is an urgent need to build cybersecurity skills and fill the workforce pipeline with students who are prepared to pursue cybersecurity careers. The aftermath of the SolarWinds breach has shown that there is a desperate need to expand K-12 cybersecurity education across the country. Since its inception in 2007, over 21,500 teachers have enrolled in CYBER.ORG's content platform and over 14,000 teachers have been trained to use CYBER.ORG content for cybersecurity education. Kevin and the CYBER.ORG team are currently finalizing nationwide K-12 cybersecurity learning standards with the goal of having all 50 states adopt them. Expected in the fall, these standards will ensure that all students have equal access to standardized K-12 cybersecurity education. Segment Resources: https://cyber.org/standards https://cyber.org/about-us/our-impact https://cyber.org/news/k-12-cybersecurity-learning-standards-review-session-completed https://www.businesswire.com/news/home/20200914005156/en/CYBER.ORG-Kicks-Off-National-K-12-Cybersecurity-Learning-Standards-Development Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw691

Darktrace & Knowbe4 IPOs, Dell Spins Off VMWare, & Zscaler Keeps Growing - ESW #224
In the Enterprise News for this week, Darktrace targets listing for early May, KKR-backed cybersecurity firm KnowBe4 aims for $3 Billion valuation in U.S. IPO, Dell spins off VMware to fuel post-pandemic PC growth opportunities, lots of funding announcements, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw224

Stopping Phishing Breaches at the Point of Click - Chris Cleveland - ESW #224
Phishing links are getting past existing protections and clicked. How do you prevent these attacks? In this segment, Chris Cleveland, CEO at Pixm, will demonstrate how computer vision protection in the browser stops these attacks in real time and how you can know your own gaps. Segment Resources: Threat Report: https://pixm.net/wp-content/uploads/2021/03/Pixm-Q4-2020-Threat-Report.pdf This segment is sponsored by Pixm. Visit https://securityweekly.com/pixm to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw224

How Cloud Defenders Thwart Attacks Against Resilient Services - Jeff Deininger - ESW #224
In cybersecurity attackers have a structural advantage over defenders: they can succeed with a staggeringly high failure-rate (not caring that most attacks get blocked at the perimeter). Meanwhile, defenders lose when that single successful attack goes unnoticed regardless of how many attacks were successfully stopped. Disproportionate consequences similarly advantage attackers: typical times to detect and contain that one successful attack are still measured in weeks and months. Yet high-availability and resiliency characteristics built-in to "Well-Architected" microservices offer defenders an opportunity to turn the tables and rob attackers of their asymmetric advantages. The key missing ingredient is a sufficient early-warning system that can detect and respond to advanced threats. In this presentation, Jeff Deininger, a Principal Cloud Security Engineer, will use a simulated attack to demonstrate how advanced threat detection works with commonplace architectural elements to deny attackers the crucial traction needed to establish a foothold at the beginning of a campaign, leaving attackers feeling like they are inescapably 'walking on ice'. This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw224

Compliance Innovations in the Cloud, Part 2 - Chris Hughes - SCW #70
Cloud has and continues to disrupt many traditional business processes, activities and IT paradigms. Compliance will also be revolutionized by cloud computing. In this session we will dive into many of the headaches and pain points traditionally associated with compliance, explaining how leveraging cloud can improve both compliance and security. Segment Resources: https://acloudguru.com/blog/business/compliance-is-cumbersome-but-cloud-can-help https://www.mediaopsevents.com/devopsconnect Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw70

Compliance Innovations in the Cloud, Part 1 - Chris Hughes - SCW #70
Cloud has and continues to disrupt many traditional business processes, activities and IT paradigms. Compliance will also be revolutionized by cloud computing. In this session we will dive into many of the headaches and pain points traditionally associated with compliance, explaining how leveraging cloud can improve both compliance and security. Segment Resources: https://acloudguru.com/blog/business/compliance-is-cumbersome-but-cloud-can-help https://www.mediaopsevents.com/devopsconnect Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw70

Cyber-Risk Threat, 4 Steps to Better Security Hygiene, & 10 Rules for Work-Life - BSW #213
In the Leadership and Communications section, Federal Reserve Chairman Says Cyber-Risk a Top Threat to National Economy, What Good Leaders Do When Replacing Bad Leaders, My Ten Rules for Work-Life Balance, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw213

Rust in Android, Vuln Disclosure, Postmortems, & BootHole Follow-Up - ASW #147
This week in the AppSec News, Mike and John discuss Rust in Android and the Linux kernel, vuln disclosure policy changes from Project Zero, security and DevOps collaboration, XSS with NULL, & a BootHole follow-up! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw147

Supply Chain Management - Doug Barbin - ASW #147
Supply chain security isn't new, despite the renewed attention from the Solar Winds attack. It has old challenges, like having an accurate asset or app inventory, and new opportunities, like Software Bill of Materials. From consequences to code integrity, DevOps teams need to understand how to protect their own code from others' components. Additional resources: - National Supply Chain Integrity Month, https://www.cisa.gov/supply-chain-integrity-month - SCRM vendor template, https://www.cisa.gov/publication/ict-scrm-task-force-vendor-template - CWE VIEW: Hardware Design, https://cwe.mitre.org/data/definitions/1194.html Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw147

The Hybrid Workforce: Addressing the Challenges of Work from Anywhere - Fleming Shi - BSW #213
When the world went fully remote a year ago, many systems had to migrate from on-premise to the cloud. Now that we're starting to re-open offices, do we move these system back to on-premise or is cloud the new normal? Fleming Shi, CTO from Barracuda Networks, joins us to discuss the ongoing challenges of the hybrid workforce. This segment is sponsored by Barracuda Networks. Visit https://securityweekly.com/barracuda to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw213

Security Awareness Culture Change, Part 2 - Kelley Bray, Stephanie Pratt - SCW #69
We continue the discussion about the importance of effective security awareness programs and what that would actually look like. We'll also examine how to move beyond "bare minimum" check-box mentality about meeting security awareness training requirements and imagine building a culture of security aware employees in the organization. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw69

Security Awareness Culture Change, Part 1 - Kelley Bray, Stephanie Pratt - SCW #69
Today we are going to take a look at security awareness training programs in organizations. We are joined to day by Kelley Bray and Stephanie Pratt who will help facilitate the discussion. We'll start with the history and evolution of security awareness programs; what has worked, or more precisely what hasn't worked. We'll also touch on how most security awareness programs stem from compliance requirements but could be doing so much more. The "Breaking Security Awareness" webinar: https://www.livingsecurity.com/webinar-series-from-compliance-to-culture Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw69

Facebook Dump, Hacking Your Dishwasher, Zoom 0-Click Exploit, & Ubiquity Response - PSW #690
This week in the Security News, Polish blogger sued after revealing security issue in encrypted messenger, The Facebook dump and Have I Been Pwned, LinkedIn and more_eggs, APTs targeting Fortinet, SAP Applications Are Under Active Attack again, Is your dishwasher trying to kill you?, Ubiquiti All But Confirms Breach Response Iniquity, Cyber Threat Analysis, 11 Useful Security Tips for AWS and other stuff too, Signal Adds Cryptocurrency Support and Not everyone is a fan, Zoom 0-click exploit, when firmware attacks, attackers blowing up Discord. Register for Joff's Fun Regular Expressions class here: https://bit.ly/JoffReLife Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw690

Lessons Learned When Migrating from On Prem to Cloud - Dutch Schwartz - PSW #690
Less than 15% of enterprise customers are primarily cloud native. With so many companies still in early stages of cloud migration, what are the key lessons learned from early adopters as well as digitally native companies? What are common mistakes and how can one avoid them? Register for Joff's Fun Regular Expressions class here: https://bit.ly/JoffReLife Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw690

nzyme - Free & Open WiFi Defense System - Lennart Koopmann - PSW #690
Nzyme is a new kind of WiFi IDS (WIDS) that detects adversaries by looking at hard to spoof characteristics of an attacker. Existing WIDS tend to look at extremely easy to spoof metadata like channels or BSSIDs. The new approach of nzyme looks at hardware fingerprints and physical attributes like signal strengths. For example, it constantly tries to follow the signal "track" of every WiFi access point in range and alerts once a second track appears because this is most likely someone spoofing the legitimate access point from a different location. Segment Resources: https://www.nzyme.org/ Register for Joff's Fun Regular Expressions class here: https://bit.ly/JoffReLife Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw690

Cybersecurity Unicorns, LogRhythm Version 7.7, Rapid7 Kubernetes Beta, & Cisco SASE - ESW #223
This week in the Enterprise News, Cyble raises $4M, ThreatQuotient raises $22.5M, OneTrust acquires Convercent, Digital Shadows announces new threat intelligence capabilities, Rapid7 Announces Kubernetes Open Beta in InsightVM, LogRhythm Releases Version 7.7, Imperva unveils new data security platform built for cloud, Acronis releases a new version of Acronis Cyber Protect Cloud, Minerva Labs Launches Cloud Version of its Endpoint Threat Prevention Platform, What's Behind the Surge in Cybersecurity Unicorns? Cisco Umbrella unlocks the power of SASE and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw223

Hackers Are Targeting Your Firmware. Are You Ready? - John Loucaides - ESW #223
83% of businesses have experienced at least one firmware attack in the past two years - and yet most organizations lack visibility into this attack surface. We'll discuss why hackers are increasingly targeting firmware and what enterprises need to do to detect and prevent these attacks. Segment Resources: Assessing Enterprise Firmware Security Risk in 2021 - https://eclypsium.com/2021/01/14/assessing-enterprise-firmware-security-risk-in-2021/ https://github.com/chipsec/chipsec The Top 5 Firmware Attack Vectors - https://eclypsium.com/2018/12/28/the-top-5-firmware-and-hardware-attack-vectors/ Request a demo of the Eclypsium platform - https://eclypsium.com/ This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw223

Inbox: Zero Trust - Ryan Noon - ESW #223
Ryan Noon joins ESW team this week to chat through the significance of recent hacks (namely: SolarWinds and Hafnium), unpack growing enterprise demand for a "digital seatbelt," and illuminate why Material takes a fresh approach to email security: building products with the assumption that bad actors will successfully hack inboxes. Segment Resources: https://material.security/blog/email-is-too-important-to-protect-like-a-tsa-checkpoint https://www.cnbc.com/2021/03/09/microsoft-exchange-hack-explained.html This segment is sponsored by Material Security. Visit https://securityweekly.com/materialsecurity to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw223

Information Sharing - A 360 Degree View, Part 2 - Errol Weiss - SCW #68
Errol will talk about his experiences with information sharing and building the world's first Information Sharing & Analysis Center in 1999. Errol brings unique perspective to the table as he was the service provider behind the Financial Services ISAC, then a subscriber and ISAC member for 13 years in the banking and finance sector. Segment Resources: National Council of ISACs - great resource to find out about all the different ISACs https://www.nationalisacs.org/ ISAOs - https://www.isao.org/information-sharing-groups/ Information Sharing Best Practices Toolkit: https://h-isac.org/h-isac-information-sharing-best-practices/ Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw68

Information Sharing - A 360 Degree View, Part 1 - Errol Weiss - SCW #68
Errol will talk about his experiences with information sharing and building the world's first Information Sharing & Analysis Center in 1999. Errol brings unique perspective to the table as he was the service provider behind the Financial Services ISAC, then a subscriber and ISAC member for 13 years in the banking and finance sector. Segment Resources: Errol's Testimony Before the House Financial Services Subcommittee Transcript - https://www.sifma.org/wp-content/uploads/2012/06/WeissCitionbehalfofSIFMAHFSsubchrgcybersecurity20120601.pdf Video - https://www.c-span.org/video/?306361-1/cyberthreats-us-financial-industry (Errol Weiss - 30:03) Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw68

Risk Management Approach, Automation, & the Problem With Cyber Insurance - BSW #212
In the Leadership and Communications section, Developing a Risk Management Approach to Cybersecurity, How Automation Can Protect Against Data Breaches, The Problem with Cyber Insurance: Outdated Incentives, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw212

Accelerating Security with Security Automation - John McClure - BSW #212
Are you struggling with Alert Overload, Manual Processes, Multiple/Disparate Tools, Talent Shortage, and/or Budget Constraints? Of course you are! John McClure, Chief Information Security Officer from Laureate Education, joins us to discuss how he solved these challenges by implementing SOAR and accelerating security. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw212