Security Weekly Podcast Network (Video)

Microsoft OneDrive client for Windows Qt QML module hijack, Zero-day flaw found in Zoom for Windows 7, Protecting your remote workforce from application-based attacks like consent phishing, Verizon Media, PayPal, Twitter Top Bug-Bounty Rankings, Mozilla suspends Firefox Send service while it addresses malware abuse, and Stop Talking About 'Technical Debt'! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode114

DevSecOps helps build secure applications and part of that approach means security testing. It takes more than knowing the OWASP Top 10 to make bug bounties successful. From techniques for finding flaws to writing clear reports, we'll take a look at modern appsec testing. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode114

Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment, Cisco Talos discloses technical details of Chrome and Firefox flaws, Palo Alto Networks Patches Command Injection Vulnerabilities in PAN-OS, Zoom zero-day flaw allows code execution on victim's Windows machine, and how the Trump administration is looking into ban on TikTok and other Chinese apps! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode657

Arrested at 17 while hacking with a Commodore 64, Terry went on to work for the US National Security Agency help track terrorists. He left the NSA in 2007 to bootstrap Tactical Network Solutions, an offensive-focused cyber company catering to the world's friendly foreign governments and militaries. In 2017, he spun out ReFirm Labs as an investor-backed company to help fight IoT insecurity. In his spare time, he runs mini-real estate portfolio of rental properties. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode657

In this technical demo, Joff will show how you can bring up an IPv6 tunnel to learn and play with IPv6 connectivity and basic concepts. This tech segment will largely be a demo on a Debian based Linux system to show you how you might get started with IPv6. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode657

Robb Reck, CISO at Ping Identity, joins ESW to discuss the current focus for some companies including , passwordless authentication, focus on customer identity, and zero trust acceleration during COVID. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode190

Having helped organizations identify, assess, remediate and recover from a significant ransomware attack, Scott describes the step by step process of events organizations will experience living through a ransomware attack and share some lessons learned for both dealing with an attack and for mitigating an organization's susceptibility to an attack. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode190

Why You Need Recorded Futures Ultimate Security Intelligence Kit, Securing the Multi-Cloud Environment through CSPM and SSPM, CyberKnight joins forces with Armis to bring agentless EDR to OT, IoT and ICS environments, Attivo Networks' enhanced EDN solution prevents attackers from seeing or exploiting production data, Check Point Infinity SOC is launched, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode190

@mzbat is a frequent speaker at hacker conferences, and likes to help folks prepare for job searches by performing mock interviews and resume reviews. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode34

Director of Security Engineering at Truss. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode34

In the Leadership and Communications section, Profile of the Post-Pandemic CISO, Time to rethink business continuity and cyber security, Protecting Remote Workers' Productivity and Performance, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode179

It's time to come out and say it: "response" means something different to every category in cybersecurity. Yet, it's broadly used with little industry definition. In endpoint detection and response (EDR) systems, "response" refers to a prescriptive set of actions that can be taken with little to no human intervention. For example, if suspicious activity occurs on a device, that device can be automatically quarantined by the EDR tool. In network detection and response, "response" is more broad. The network is too vast and interconnected for blunt responses and therefore requires more surgical precision and investigation. To request a demo with ExtraHop, visit: https://securityweekly.com/extrahop Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode179

Would you like some RCE with your Guacamole?, Attackers Will Target Critical PAN-OS Flaw, Security Experts Warn, Microsoft releases emergency security update to fix two bugs in Windows codecs, The Current State of Kubernetes Threat Modelling, and How To Build a Culture of Resilience Through Good Habits! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode113

What do you do if your ambition is to provide security for all the mobile apps in the world? You hire a data scientist! Machine Learning is more than just a buzz word, it is the science behind making decisions quickly and at scale. Catherine Chambers returns to Application Security Weekly with Irdeto's lead data scientist Will Hickie to describe how they turned Mobile Application Security into a data science problem, and what that means for your mobile app. To download the white paper, visit: https://securityweekly.com/irdeto Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode113

Cisco Releases Security Advisory for Telnet Vulnerability in IOS XE Software, Firefox 78 is out with a mysteriously empty list of security fixes, Python Arbitrary File Write Prevention: The Tarbomb, New Lucifer DDoS Botnet Targets Windows Systems with Multiple Exploits, Critical Apache Guacamole Flaws Put Remote Desktops at Risk of Hacking, and how The Internet is too unsafe, and why We need more hackers! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode656

With bug bounties becoming more and more main stream for organizations. The bounty hunters are turning to more and more automation. Open source intelligence gathering can be automated with the use of python and a handful of other opensource tools such as Recon-NG, Amass, and others. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode656

Hackers know that more people are working from home now and accessing/ sending/ sharing sensitive company data through their home networks. How can businesses help employees secure their home networks? Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode656

Given the huge demand for cybersecurity professionals, how can we improve the hiring process to find those who are talented, but may not have an extensive resume? Let's discuss how CTF-style exercises can be used to help enterprises cast a wider net and find more diverse and qualified talent with low friction. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode189

Discussing HITRUST compliance in small and medium environments and how to use automation and scalable practices in the cloud to be both compliant and secure. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode189

Semperis adds vulnerability assessment, security reporting, and auto-remediation to its DSP, AWS launches Amazon Honeycode to help quickly build mobile and web apps without programming, Attivo Networks Advanced Protection Disrupts Ransomware 2.0, Improved threat visibility, defense and protection across social platforms with SafeGuard 7.6, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode189

Cloud Security for a Dynamic Environment, Why identity-based, distributed controls are better suited to address cloud-era threats, Top Cloud Security Challenges in 2020, Exposed Cloud Databases Attacked 18 Times Per Day, and more! Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode33

Taking a deeper look into moving PCI related resources into cloud platforms. Public cloud, private cloud, do's, don'ts and can'ts! We will explore key considerations and impacts to security compliance and responsibilities related to cloud. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode33

In the leadership and communications section, Why Cybersecurity Is Really A Business Problem, 6 Reasons Your Strategy Isn't Working, 5 cities with the highest tech salaries, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode178

As part of our CISO interview series, we'll ask Graeme our standard questions, including: How did you get started in security?, What security problems do you face on a daily basis?, How have you solved your challenges?, Where do you report within the organization? And any other advice or recommendations for other CISOs. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode178

DLL Hijacking at the Trend Micro Password Manager, Adobe Prompts Users to Uninstall Flash Player As EOL Date Looms, The State of Open Source Security 2020, Microservices vs. Monoliths: Which is Right for Your Enterprise?, What Modern CI/CD Should Look Like, and Build trust through better privacy! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode112

Teams building Infrastructure as Code still need to ensure that the infrastructure deployed matches the code they created. Not only can IaC help establish secure environments, analyzing that code can help identify when environments have drifted from security baselines or even highlight when misconfigurations lead to exploitable vulns. To learn more about Accurics, visit: https://securityweekly.com/accurics Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode112

Despite running the mission-critical applications that power your business, ERP applications, such as SAP and Oracle E-Business Suite, and their custom code are often a cybersecurity blind spot. In this podcast, we'll be discussing how missing patches, misconfigurations, issues with custom code and other vulnerabilities are leaving your most important data and applications unprotected—and what to do about it. To request a complimentary assessment, visit https://securityweekly.com/onapsis Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode188

Paul, Matt, and Ferruh discuss the differences between DAST and other approaches such as SAST and IAST! They will debunk some common DAST myths and then follow-up on their last conversation and discuss Short-Term Vulnerability Management Tools! To learn more about Netsparker, visit https://securityweekly.com/netsparker Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode188

BeyondTrust Announces Integration with the SailPoint Predictive Identity Platform, Check Point Launches CloudGuard Cloud Native Security, CyberArk Alero enhancements provide secure privileged access for remote users, Digital Shadows announces new capabilities to identify and remediate unwanted code exposure, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode188

Jeff, Matt, Scott, and Josh continue the conversation and talk "How to Become an InfoSec Professional With Limited Resources"! Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode32

Jeff, Matt, Scott, and Josh talk "What Is An InfoSec Professional?"! Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode32

In the Leadership and Communications section, Five signs a virtual CISO makes sense for your organization, How to Negotiate — Virtually, Why Securing Endpoints Is The Future Of Cybersecurity, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode177

The recent pandemic has been a financial burden across the country while also forcing businesses to transition to a work from home environment where IT and security departments were tasked with making sure their security infrastructure were prepared. As the country slowly begins to reopen, organizations may not have the necessary funds to spend on areas of their business, including security. Knowing what security best practices to prioritize can help organizations reduce risks, while getting back to work, without breaking the bank. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode177

CallStranger hits the horror trope where the call is coming from inside the house, SMBleedingGhost Writeup expands on prior SMB flaws that exposed kernel memory, Misconfigured Kubeflow workloads are a security risk, Verizon Data Breach Investigations Report, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode111

Data management can transform a company. This digital transformation is about more than changing the way users relate to their data. It is about revolutionizing how we work with and think about data. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode111

As web applications have evolved from static HTML pages into fully-fledged applications with a native feel to them, web browsers continue to provide developers with truly novel functionality. The resulting paradigm shift from merely rendering web pages to acting as an OS-agnostic abstraction layer poses unique challenges to everyone involved with web application security, including automated web application security scanning solutions. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode655

Hospital-busting hacker crew may be behind ransomware attack that made Honda halt car factories, 3 common misconceptions about PCI compliance, SMBleed could allow a remote attacker to leak kernel memory, Kubernetes Falls to Cryptomining via Machine-Learning Framework, and The F-words hidden superpower: How Repeating it can increase your pain threshold! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode655

We'll discuss how organizations can improve their vulnerability management life cycle and demo some quick ways to get started with vulnerability management and combining penetration test results. Then walking through the whole life cycle of a vulnerability. To learn more about PlexTrac, visit: https://securityweekly.com/plextrac Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode655

Heather will discuss a new book detailing best practices for designing scalable and reliable systems that are fundamentally secure. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode187

In this episode of Enterprise Security Weekly, Nucleus co-founder Scott Kuffer talks about the problems teams face in doing the process of vulnerability management effectively and how Nucleus is uniquely positioned in the marketplace to solve them. To learn more about Nucleus Security, visit: http://nucleussec.com Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode187

Morpheus Announces Zero-Trust Cloud Management Platform, Thycotic Releases New Version of DevOps Secrets Vault, Qualys Remote Endpoint Protection gets malware detection, F-Secure launches ID PROTECTION, Vectra integrates network threat detection and response for Microsoft Security Services, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode187

Security and Compliance news of the week (or longer - it's our show). Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode31

Around the U.S., economies are re-opening and employees are beginning to return to the office. Rob and "C-Pat" will provide perspective on what new compliance and security challenges the public and private sectors need to be looking to in order to manage as it enters this new phase of how things are today. To learn more about RSA Security, visit: https://securityweekly.com/RSAsecurity Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode31

In the Leadership and Communications section, Challenges of a New CISO: The First Year, Why a robust security culture begins with people, How Cybersecurity Leaders Can Chart the Seas of Business Communication, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode176

Marc French has more than 25 years of technology experience in engineering, operations, product management, and security. Prior to his current role at CISO at Product Security Group, Marc was the SVP & Chief Trust Officer at Mimecast, Inc. and has held a variety of senior security roles at Endurance/Constant Contact, EMC/RSA, Iron Mountain, Digital Guardian, and Dun & Bradstreet. With all this security experience, Marc has created a series of career ladders to help guide infosec professionals with their job journey, including the illustrious CISO position. We will also cover whether you really want to be a CISO... All of the open source career ladders can be found here: https://github.com/product-security-group/Security_Ladders Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode176

Two vulnerabilities in Zoom could lead to code execution, Zero-day in Sign in with Apple, Focus on Speed Doesn't Mean Focus on Automation, Apple pushes fix across ALL devices for "unc0ver" jailbreak flaw, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode110

Application Security is changing rapidly, and with changes to automation and tooling will look vastly different 5 years from now than it does today. Discuss what those changes will look like, including what we're already seeing today. To learn more about Signal Sciences, visit: https://securityweekly.com/signalsciences Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode110

Octopus Scanner Sinks Tentacles into GitHub Repositories, RobbinHood and the Merry Men, Zoom Restricts End-to-End Encryption to Paid Users, Hackers steal secrets from US nuclear missile contractor, and Had a bad weekend? Probably, if you're a Sectigo customer, after root cert expires and online chaos ensues! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode654

Threat hunting activities often require packet capture analysis but capturing and storing PCAP at scale is rough. This segment covers open source tools for collecting packet captures on demand within a threat hunting use case in Gravwell. To learn more about Gravwell, visit: https://securityweekly.com/gravwell To check out Packet Fleet, visit: https://github.com/gravwell/ingesters/tree/master/PacketFleet Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode654

Paul delivers a Technical Segment on Lightweight Vulnerability Management using NMAP! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode654