Security Weekly Podcast Network (Video)

Software safety to mitigate the impact of unauthenticated RCEs, exploding regex patterns, web and browser security in the face of Spectre side-channels, signing software artifacts, 8 roles for today's security teams. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw143

Modern appsec demonstrates the importance of a cloud native strategy for enterprise security and how much that strategy must integrate with DevOps tools and workflows. Security solutions need to come from a cohesive platform that addresses the problems DevOps teams face in how they're building apps today. This segment is sponsored by Prisma Cloud/ Palo Alto Networks. Visit https://securityweekly.com/prismacloud to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw143

Assaf Dahan, Sr Director, Head of Threat Research at Cybereason, discusses current trends in ransomware research. What happens when we're not watching or watching the wrong indicators? And threat actor handoff off pillaging to Cyber Merenaries. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw686

Microsoft Exchange had some vulnerabilities, how could you not hear about them?, Russians try to throttle Twitter, silicon valley security camera company has been breached and we get to see what it looks like as they make Teslas in China, Did I mention that there was an Exchange hack?, free tool release to help secure the supply chain (but not Russians with bags of cash), the best practices aren't always the best, advanced Linux malware and how not to encrypt C2 and hide files, and network-based multi-domain macro-segmentation situational awareness for compliance, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw686

David has been studying the structure, size and scope of illicit markets for over 10 years. He has come to realize just how fragmented illicit markets are, how a few select vendors often control most of the sales, and how important social bonds are even in the context of anonymous illicit markets. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw686

This Week, In the Enterprise Security News: Okta acquires Auth0, KnowBe4 Acquires MediaPRO, PayPal to acquire Curv, and Dropbox to acquire DocSend Aqua Security raises $135M, Privacera Secures a Series B, YL Ventures sells its stake in Axonius, Snyk Secures a Series E, and McAfee sells its Enterprise business AWS Announces New Lower Cost Storage, Radware's New Integrated Application Delivery & Protection, Bitdefender launches new Cloud-based EDR Solution, Awake's NDR platform, CrowdStrike Falcon enhancements improve SOC efficiency, Tufin releases Vulnerability-Based Change Automation App, Gigamon launches Hawk, Sonatype Releases New Nexus Firewall Policy to Secure Software Supply Chains, & more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw219

The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. https://github.com/OWASP/Amass https://owasp.org/www-project-amass/ https://vimeo.com/481985359 Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw219

Email security and phishing protection has many gaps that are exploited by attackers. Learn how computer vision can help prevent malicious URLs and websites from doing bad things to your users. Threat Report: https://pixm.net/wp-content/uploads/2021/03/Pixm-Q4-2020-Threat-Report.pdf This segment is sponsored by Pixm. Visit https://securityweekly.com/Pixm to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw219

Industrial Control Systems (ICS) and Operational Technology (OT) have risks and consequences in the real world, such as the health and safety of people, but how those industries handle the potential cybersecurity risks varies greatly depending on the regulation that has been applied. The US Government has declared many different industries as critical infrastructures with different levels of prioritization placed on cybersecurity regulation. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw64

Industrial Control Systems (ICS) and Operational Technology (OT) have risks and consequences in the real world, such as the health and safety of people, but how those industries handle the potential cybersecurity risks varies greatly depending on the regulation that has been applied. The US Government has declared many different industries as critical infrastructures with different levels of prioritization placed on cybersecurity regulation. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw64

In the leadership and communications section, Risky business: 3 timeless approaches to reduce security risk in 2021, Why Less Can Be More When It Comes to Cybersecurity, CISO job search: What to look (and look out) for, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw208

In 2020, we interviewed Gerald Beuchelt on Enterprise Security Weekly. At that time, he was the CISO at LogMeIn. Now he's the CISO at Sprinklr. What's it like to transition jobs in the middle of a pandemic as the first CISO of a company? Gerald discusses his transition story and shares his recommendations and lessons learned for other CISOs. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw208

Making security engineering successful, Go's supply chain, mitigating JSON interoperability flaws, automating the hunt for deserialization flaws, the importance of observability, and what to do about Exchange. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw142

In most IT shops, privacy, data security and compliance often resided under the same umbrella of ownership. While all 50 States in the US have data breach notification laws, we are seeing a shift in focus on data privacy globally. Privacy and data security compliance are often used interchangeably but this misuse in terminology (and the associated requirements for all IT organizations) creates a lot of confusion in an already complicated industry. Cynthia will explore some of the key factors in 2021 as to and why we need to get it right. This segment is sponsored by Capsule8. Visit https://securityweekly.com/capsule8 to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw142

This week, In the Security News, Calling all people who know how to patch MS Exchange servers, we need you, Rockwell Automation PLC flaws and what you can't do about it, a book review I agree with, be careful what you expose at home, yet another Chrome 0day, jailbreak your iPhone, the cybersecurity consolidation, and taking back the term "Hacker", for real this time! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw685

Paul recently built a new PC for daily work and security-related tasks. It's a monster PC! The build was researched heavily, and in this segment, Paul will share all the tips and tricks to you can build the same or similar PC! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw685

Phillip will discuss his passion for offensive cybersecurity education, mentoring, and getting started in pentesting. He co-authored a book based on his conference talk "The Pentester Blueprint: Starting a Career as an Ethical Hacker." He will also talk about his community involvement with the Innocent Lives Foundation, The Pwn School Project, and Hacking is NOT a Crime. His book: https://www.wiley.com/en-us/The+Pentester+BluePrint%3A+Starting+a+Career+as+an+Ethical+Hacker-p-9781119684305 The Pwn School Project meetup: https://pwnschool.com/ INE (https://ine.com), Phillip's employer offers a free starter pass for training in four different areas of technology; Penetration Testing Student, Getting started in networking, Azure fundamentals, first steps in data science with Python: https://checkout.ine.com/starter-pass Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw685

This week, In the Enterprise Security News Thycotic and Centrify join forces, Netwrix acquires Strongpoint, SentinelOne plans for IPO, Qomplx plans to go public, and funding announcements from Axonius, HYAS, Armorblox and platform9. Attivo Networks Announces Continuous Assessment and Enforcement for AD, cPacket Networks announces cCloud, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw218

LexisNexis Risk Solutions recently released its biannual Cybercrime Report covering July 2020 through December 2020, which details how the evolving threat landscape created new opportunities for cybercriminals around the world, particularly as they targeted new online users. Analysis shows that the under 25 age group is most vulnerable to fraud attacks while the oldest age group is second most vulnerable and loses the most money. The stark risk at both ends of the age spectrum emphasizes the importance for companies to protect both new-to-digital and vulnerable customers when transacting online in 2021. The report also provides a full year review which highlights how 2020 saw an overall decline in human-initiated attacks, while bot attacks accelerated. Press release: https://risk.lexisnexis.com/about-us/press-room/press-release/20200223-biannual-cybercrime-report The LexisNexis Risk Solutions Cybercrime Report: https://risk.lexisnexis.com/insights-resources/research/cybercrime-report Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw218

Many security teams have accepted their Intrusion Detection Systems (IDS) as little more than a compliance check-off. IDS reliance on bi-modal signatures is brittle, easily evaded by attackers, and often referred to as an alert canon. In this talk, we'll be discussing what is missing from traditional IDS and how to easily fill the security gaps with NG-IDS capabilities with modern network detection and response (NDR). This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw218

Assuming Nickel and Mike survived the first segment, we're asking them for practical advice in this segment on how to consider and ultimately select the right cyber insurance program for you. We're looking for the usual suspects, gotchas, and recommended actions. Suggested reading: - https://www.psafinancial.com/2020/03/covid-19-5-cybersecurity-risks-you-need-to-consider/ - https://www.psafinancial.com/2019/06/psa-insurance-financial-services-launches-turnkey-cyber-risk-management-solution-for-smbs/ - https://www.psafinancial.com/2018/04/cyber-insurance-your-backstop-in-your-cyber-incident-response/ Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw63

Nickel Lietzau and Mike Volk have heard that we are not huge fans of cyber insurance on SCW, and they have graciously agreed to subject themselves to our scrutiny. In the first segment we'll touch on common myths and misconceptions about Cyber Insurance and let Nickel and Mike set us straight. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw63

In the leadership and communications section, Financial Targets Don't Motivate Employees, Texas power outage flags need to revisit business continuity, Security job candidate background checks: What you can and can't do, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw207

What are some best practices for preparing for a security incident? David Chamberlin, Managing Director at CRA, Inc., joins Business Security Weekly to discuss preparation for a security incident and how to develop a communications plan that's simple and effective. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw207

This week on the Application Security News, Implementation pitfalls in parsing JSON, finding all forms of a flaw with CodeQL, more educational resources for hacking apps, engineering and product management practices for DevOps, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw141

In looking at how to do application security right we talk about understanding the difference between defining types of security testing and the goals that security testing should be aiming for. Plus, we highlight how doing security right also means shifting left in terms of addressing security issues in the design phase. And throughout all this is the importance of being able to communicate security principles and how your design and testing reduces risk. Register for the DevSecOps eSummit for which Ted will be a panelist: https://onlinexperiences.com/Launch/QReg.htm?ShowUUID=5673DA7C-B8C2-4A3E-B675-C6BBF45DC04F Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw141

This week In the Security News, Nvidia tries to throttle cryptocurrency mining, Digging deeper into the SolarWinds breach, now with executive orders, NASA's secret message on Mars, vulnerabilities in Python and Node.js, hacking TVs and AV gear, nation state hacking galore, patch your VMWare vCenter, and is a password manager worth your money!?! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw684

Bryan will talk about how and why he wire-tapped the US Secret Service and FBI, how he used his Marine Corps training, cyber abilities, social engineering, and OSINT to rescue his foster daughter from being trafficked. Bryan will then explain what he does with Cyemptive, his day job. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw684

Peter will tell the story behind the story of his new book "Confessions of a CIA Spy - The Art of Human Hacking" including key highlights from the book regarding data protection. Peter's new book is available on Amazon: https://amazon.com Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw684

The latest MITRE ATT&CK vendor evaluations are due out soon. In advance of the new round, Uptycs' Ganesh Pai and Amit Malik explore the MITRE ATT&CK framework, its ongoing value for analysts AND future plans to extend ATT&CK to cloud and containers. They'll also show how organizations are translating endpoint and cloud workload telemetry to most effectively support MITRE ATT&CK detections and investigations in the Uptycs Security Analytics Platform. This segment is sponsored by Uptycs. Visit https://securityweekly.com/uptycs to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw217

The 2020 SOC Survey results are in and the author, Chris Crowley, will discuss the detailed results in the report and how they can help individuals and organizations reduce the drag on our global community due to insecure information systems. Effective security operations rely on monitoring your data and being prepared to defend yourself and your organization. Chris will explain why he believes that the classic SOC will move, over the next few years, to MSSPs and how to be ready when threats are detected. Download the report: https://soc-survey.com/ Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw217

This week in the Enterprise News: LasPass is no longer free, Tenable helps with dynamic assets, Security Scorecard and the Score Planner, Trend Micro XDR, & Imperva launches sonar! Funding announcements from: PerimeterX, SPHERE, Red Canary, 1Kosmos, & Strata Identity! In the Acquisition news: Sailpoint to Acquire Intello, Crowdstrike to Acquire Humio, Palo Alto to acquire Bridgecrew, Kaseya to Acquire Rocket Cyber, & more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw217

The world of hacking and the threat actors that do that sort of thing. What are the implications on comp sec in 2021 for persons, corporations, nation states and maybe even your cat? Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw62

Jeff, Flee, & Scott talk to John Threat about his background and what led him to becoming a hacker. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw62

In the Leadership and Communications section, Are businesses underinvesting in cybersecurity?, 4 tips to help CISOs get more C-Suite cybersecurity buy-in, New CISO Priorities of 2021, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw206

Dutch Schwartz, Cloud Security Strategist at AWS, discusses cloud's influence on the evolving culture of security. Having worked with many Fortune 500 CISOs and CIOs, Dutch will share his thoughts on risk, aligning to the business, and how cloud can accelerate, but also change the way we approach security. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw206

This week on the Application Security News, Dependency confusion for internal packages, Chrome pulls down the Great Suspender, Microsoft highlights web shells, some strategies on scaling AppSec, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw140

Linux is all over the place (sometimes surprising), why is targeting it different? What types of attacks are used? How can we defend against attacks on Linux? We can incorporate recent attacks against SUDO as a timely reference. This segment is sponsored by Capsule8. Visit https://securityweekly.com/capsule8 to learn more about them! To register for Capsule8's upcoming webcast "Preparing Linux Hosts for Unexpected Threats" visit https://attendee.gotowebinar.com/register/1056145103342240783?source=SW. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw140

"Wheel" was part of the team that discovered the heap overflow vulnerability in SUDO, Baron Samedit (CVE-2021-3156), that impacted major Unix-like operating systems included Linux, macOS, AIX and Solaris. He'll provide an overview of the vulnerability and then dive into a technical discussion of the research. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw683

This week in the Security News, Police Playing copyrighted music to stop video of them being posted online, Border agents can search phones freely under new circuit court ruling, Microsoft warns enterprises of new 'dependency confusion' attack, Old security vulnerability left in millions of IoT devices, A 'Simple And Yet Robust' Hand Cipher, Zero Trust in the Real World , Clubhouse And Its Privacy & Security Risks, Google launches Open Source Vulnerabilities database, Hacker Tries to Poison Water Supply , Cyberpunk 2077 makers CD Projekt hit by ransomware hack, Multiple Security Updates Affecting TCP/IP, Microsoft's Remote Desktop Web Access Vulnerability, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw683

In this segment we'll unpack "Zero Trust", what does it mean and how can it be applied as a concept to information security today? It certainly begs the question what and who do you trust? Often without too much thought, we trust software, machines, and people. Each time you run an "apt upgrade" (using sudo!), you are implying trust. When you deploy that enterprise monitoring software (*cough* Solarwinds *cough*), you have to trust it, but to what degree? Tune in to find out more! This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscaler to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw683

Kelley will discuss his investment thesis in security, his opinions on the cybersecurity investment market in general. He will also review some good and bad investments, stories from the real world, and what companies he likes going forward. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw216

HD has been focused on research related to network discovery and IT asset inventory for the past three years. This work has led to new techniques for device fingerprinting and topology mapping that show enterprise networks in an entirely new light. He will walk through some visualizations of public IP networks (all of Greece, Iceland, etc.) and highlight the weird and unexpected stuff you can find through clever unauthenticated scans. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw216

A new Open-source tool helps discover public Azure blobs, A New Eclypsium Integration with Kenna.VM, Armis Raises $125 Million, Okta launches its new open-source design system, Enterprise selfie biometrics solutions from Ping Identity, Bitglass announces technical integrations between SD-WAN providers and its SASE offering, Cisco AppDynamics strengthens security posture, RSA NetWitness Detect AI claims to provide advanced analytics for actionable threat detection, Jetstack Secure delivers protection and visibility of machine identities, Obsidian SaaS security solution now available on AWS Marketplace, and SentinelOne Acquires Scalyr, & more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw216

Our co-host, Priya Chaudry will enlighten us on several other topics of interest to our community. There might be a mention of Solarwinds, Southwest Airlines, HIQ Labs, and more. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw61

We welcome our resident legal expert and co-host Priya Chaudry to catch us up on the status of the Supreme Court case concerning the Computer Fraud and Abuse Act (CFAA) and some other legal topics. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw61

In the leadership and communications section, 9 Steps for Effective Cybersecurity Risk Management, The Big 8: How to heighten cybersecurity governance, 7 Super Bowl rings for Tom Brady, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw205

Ben Carr, Global Chief Information Security Officer at Qualys, steps in last minute to talk about his transition from Aristocrat to Qualys and the evolution of the CISO role. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw205

Funding bounties or finding bugs, how should we invest? Talks from Enigma Conference on memory unsafety and 0-days. Coming trends in API security and a review of research from 2020. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw139

Alissa Knight has spent her career going against industry and social norms as both a Transgendered and Lesbian business leader and hacker. Learn more about her, her achievements as a published author, her recent vulnerability research in hacking law enforcement vehicles, mHealth apps and APIs, her recent screenplay for her new TV series, her life as a hacker, and barriers she's broken down in business. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw139