PLAY PODCASTS
Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video)

4,876 episodes — Page 60 of 98

Docker, 42 Vulnerabilities, Backdoors, Spying on 100+ Foreign Govs. - PSW #639

In the Security News, Misconfigured Docker Registries Expose Thousands of Repositories, a Forgotten motherboard driver turns out to be perfect for slipping Windows ransomware past antivirus checks, Jail Software Left Inmate Data Exposed Online, Adobe patches 42 vulnerabilities across 5 products, and how the CIA Secretly Owned Global Encryption Provider, Built Backdoors,& Spied On 100+ Foreign Governments! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode639

Feb 16, 20201h 17m

The Unprotected Attack Surface of the Enterprise - John Loucaides - PSW #639

Hackers are using firmware implants and backdoors to compromise enterprise security with attacks that are stealthy and persistent. It's time for information security specialists to learn how to attack and defend enterprise infrastructure. John will provide a preview of his upcoming presentation at InfoSec World where he will demonstrate attacks on firmware that are invisible to traditional security platforms, and show how to detect and defend against them. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode639

Feb 15, 20201h 16m

Living in Blue Team Land and Skicon - O'Shea Bowens - PSW #639

O'Shea Bowens is the CEO of Null Hat Security. O'Shea will discuss why I think blue teaming is as essential now as our red brothers. Mistakenly calling out APT's. A new type of security conference I've created, SKICON. If there is time, diversity in cyber. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode639

Feb 14, 202052 min

RSA NetWitness, MDR+, CASB+, ZeroFox, Elastic Stack, Tufin SecureCloud - ESW #172

This week in the Enterprise News, Paul and Matt cover the following stories: Insight Completes Venture Acquisition of Armis, Salt Security API Protection Explained, RSA NetWitness Platform Bolsters Threat Detection and Incident Response, Thycotic Leads the Way for Cloud-based Privileged Access Management, Deep learning cybersecurity co Deep Instinct raises $43m, LogicHub launches MDR+ to provide flexible end-to-end detection and response, CipherCloud CASB+ for Slack: Visibility, protection and control of all user activity on Slack, ZeroFOX launches AI-powered Advanced Email Protection for Google and Microsoft platforms, 12,000+ Jenkins servers can be exploited to launch, amplify DDoS attacks, Elastic Stack 7.6 delivers automated threat analysis and response, and Tufin SecureCloud Enables Companies to Secure Hybrid Cloud Environments Without Compromising Business Speed or Agility. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode172

Feb 13, 202039 min

Secure Cloud Workloads & Reduce Friction With ExtraHop - Jeff Deininger - ESW #172

Migrating to the cloud is increasingly a business imperative, but there are pressing security challenges unique to cloud environments that can slow, halt, or even reverse progress. Here's how cloud-native network detection and response addresses those challenges, with a real-world example from Wizards of the Coast. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode172

Feb 13, 202034 min

Endpoint Security, Facebook Lawsuit, Hanna Andersson/Salesforce Breach - SCW #17

This week in the Security & Compliance News Segment, Jeff, Scott, Josh and Matt cover the following news stories: IT, Legal, Compliance: We Need to Talk. Corollary: You need to listen, Back to the basics – What is the cost of non-PCI Compliance?, Endpoint Security the Foundation to Cybersecurity, Facebook settles data breach class-action lawsuit, CCPA cited in Hanna Andersson/Salesforce breach lawsuit, and Hanna Andersson Notice of Data Breach to Consumers. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode17

Feb 13, 202023 min

Building a Great Culture, Excelling at Failure, and Leadership Book Suggestions - BSW #162

This week in the leadership articles segment, Paul and Jason cover the following articles: The Answer is Yes! Now, What Was Your Question?, When You Lead A Company Or Startup, You Are Creating The Culture Whether You Mean To Or Not. Ten Insights To Building A Great Culture And Tribe, Why Warren Buffett, Jeff Bezos And Bruce Flatt Excel At Failure, Are You Falling for the Myth of "Failing to Plan is Planning to Fail"?, and 11 Books That Will Change The Way You Think About Leadership. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode162

Feb 13, 202026 min

Cyber Safety & Security in K-12 Schools - David Waugh - ESW #172

As K-12 schools and students move into a digital world, the traditionally separate areas of campus safety and cybersecurity are converging. Cyberbullying, the increase in violence on campus, hackers targeting school information systems and student data, and the technological overlap between campus safety and cybersecurity are all driving this trend. The segment will look at how schools are taking a layered approach to protecting Google G Suite and Microsoft Office 365 data from risks focused on the K-12 education environment. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode172

Feb 12, 202033 min

The Spirit of the Law - Risk-Based Security - SCW #17

What is Risk-Based Security? How does compliance and/or security programs/points-of-view help or hinder risk-based security efforts? How can we change this? Is there a more apparent path forward to teach/educate on the importance of focusing on risk? Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode17

Feb 12, 202033 min

The Critical Role of Basic Cyber Hygiene - Mike Lloyd - BSW #162

Doing simple things consistently and at scale is hard. Today's short staffing doesn't help. Automation is the answer. To find out more and try Redseal, please visit: https://securityweekly.com/redseal Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode162

Feb 12, 202032 min

WhatsApp Flaw, Dropbox Bug Bounty Program, Investigating Web Shell Attacks - ASW #95

This week in the Application Security News, Mike and John cover the following news stories: Critical Security Flaw Found in WhatsApp Desktop Platform Allowing Cybercriminals Read From The File System Access, Dropbox bug bounty program has paid out over $1,000,000, Report Pins Cloud Security Woes on Flawed DevOps Processes, Ghost in the shell: Investigating web shell attacks, An Incident Impacting your Account Identity, and Some Google Photos videos in 'Takeout' backups were sent to strangers last November. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode95

Feb 12, 202031 min

Mitigating at Design Time - Shaun Lamb - ASW #95

In this interview segment, Mike and John interview Shaun Lamb about strategies for how best to design applications so they are "secure by default" and have fewer incidents and vulnerabilities, How DevOps or DevSecOps positively changes the relationship between security and development/operations including: the application design process, security testing, and security education programs, and the security impact of applications moving to a microservices-based architecture running on Docker/Kubernetes and the role of an API Gateway. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode95

Feb 11, 202036 min

Security News - PSW #638

In the Security News, Twitter fixes API bug that can reveal users, Microsoft patches flaws in Azure stack, 8 cities that have been crippled by cyber attacks and how they fought against it, and so much more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode638

Feb 9, 20201h 9m

Adventures In AWS Computing - PSW #638

Paul shows you how to create secure Docker containers and begin to deploy them to Amazon ECS. This segment focuses on the security aspects of taking a legacy/non-contanerized application to the cloud. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode638

Feb 8, 20201h 13m

Security Orchestration Is Not About Tools - Wilson Bautista - ESW #171

We interview Wilson Bautista is the Founder of Jun Cyber. Wilson will talk about leadership, DevOps and Secrity working together to provide security for the business, how does that work? Building secure culture, breaking down silos, communication between teams, security working in teams, IR teams talking, Threat intel teams, pen testers, and compliance. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode171

Feb 8, 202026 min

The Rise of the Cyber Industrial Complex - Malcolm Harkins - ESW #171

Malcolm Harkins is the Chief Security & Trust Officer at Cymatic. Malcolm will discuss the security profits from the insecurity of computing thus at a macro economic level has no real economic incentive to solve many of the risk issues we face. The lack of good economic incentives has turned the notion of Defense in Depth in to one of Expense in Depth where we continue to use outdated approaches to control for risks which results in needing to purchase other solutions to make up for the weakness of the solutions we bought that did not properly control for the risks. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode171

Feb 7, 202031 min

BADASS Army - The Fight Against Revenge Porn - Katelyn Bowden - PSW #638

After finding her own intimate photos online without her consent, Katelyn Bowden discovered that there weren't many resources for those who find themselves victims of this sort of abuse. In response, she started B.A.D.A.S.S., a nonprofit dedicated to fighting image abuse through victim empowerment and awareness. In their 2 year existence, BADASS has accomplished a lot-from legislation to education, and there's so much more on the way. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode638

Feb 7, 202048 min

The Big Lie - Part 2 - SCW #16

You are hedging your bets, hoping that someone else get's breached first, don't believe it's as big as an issue as people make out, keeping your insurance companies happy, telling your board "we're ok" and, basically avoiding looking in the mirror. We interview Chris Roberts to talk about bridging the gap in the learning process that companies only follow when they are breached. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode16

Feb 6, 202040 min

Threat Detection, Risk Analytics, Threat Intelligence, Vulnerability Management - ESW #171

This week in the Enterprise Security News segment, Paul, Jeff, and Matt cover the following news stories: Preempt Security Becomes First in Industry to do Real-Time Threat Detection for Encrypted Authentication Protocol Traffic, Wallarm announces CircleCI Orbs for Wallarm FAST, Automox raises $30 million, Radiflow Launches Business-Driven Industrial Risk Analytics Service, Check Point Delivers Unified Security Management as a Cloud Service, Now available: eSentire's 2019 Annual Threat Intelligence Report, STEALTHbits' free program helps orgs mitigate risks associated with Microsoft's pending AD update, NETSCOUT enables streamline monitoring and reduces risk, If You're Only Focused on Patching, You're Not Doing Vulnerability Management, 2019 Vulnerability Report: Cybercriminals Continue to Target Microsoft Products, Actionable Searching and Data Download with Vulnerability Management Dashboards, Companies and employees embrace BYOD but with compliance and risk challenges. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode171

Feb 5, 202033 min

Kobe's Quotes To Live and Other Leadership News - BSW #161

This week in the leadership articles segment, Matt, Paul and Jason cover the following articles: Tech Isn't the Problem or Solution for Better Productivity. Instead, Look to Your Own Leadership, 9 Quotes By NBA Legend Kobe Bryant That Might Impact Our Lives Forever, Research: How to Build Trust with Business Partners from Other Cultures, Discover focusing on efficiency, brings in new CIO, CTO interview: Juan Villamil discusses changing IT culture, and For zero trust to work, machines and humans require identities. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode161

Feb 5, 202022 min

The Big Lie - Part 1 - Chris Roberts - SCW #16

You are hedging your bets, hoping that someone else get's breached first, don't believe it's as big as an issue as people make out, keeping your insurance companies happy, telling your board "we're ok" and, basically avoiding looking in the mirror. We interview Chris Roberts to talk about bridging the gap in the learning process that companies only follow when they are breached. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode16

Feb 5, 202031 min

Network Communications in the World of IoT - David Starobinski - BSW #161

In this interview, David Starobinksi discusses the changes in network communications in both the wireless and IoT world, including cascading attacks, network outages, and the impact on the economy. David will also discuss software-defined radios (SDRs) and how they can help us in the new world of IoT. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode161

Feb 4, 202035 min

Scaling an AppSec Program - ASW #94

Mike, John, and Matt review the presentation given by Clint Gilber at AppSec Cali, An Opinionated Guide to Scaling Your Company's Security. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode94

Feb 3, 202025 min

Xbox Bounty Program, Magento Patch, RCE in OpenSMTPD - ASW #94

This week in the Application Security News, Mike, John, and Matt cover the following news stories: Xbox Bounty Program, Magento 2.3.4 Patches Critical Code Execution Vulnerabilities, Remote Cloud Execution - Critical Vulnerabilities in Azure Cloud Infrastructure, RCE in OpenSMTPD library impacts BSD and Linux distros, Fintechs divided on screen scraping ban, and Zero trust architecture design principles. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode94

Feb 3, 202028 min

Wawa Breach, Citrix ADC, Magecart Hackers, Ragnarok Ransomware - PSW #637

In the Security News, NHS alerted to severe bulbs in GE health equipment, Ragnarok Ransomware targets Citrix ADC & disables Windows Defender, suspected Magecart hackers arrested in Indonesia, Wawa breach data was found for sale,, and so much more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode637

Feb 3, 20201h 10m

Stopping Python Backdoor Attacks - Peter Smith - PSW #637

The recent MechaFlounder was a backdoor attack linked to Iranian threat actors who targeted Turkish entities. Similar Python-based backdoor attacks have managed to evade traditional network security defenses and propagate inside their target environments. To learn more about Edgewise, visit: https://securityweekly.com/edgewise Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode637

Feb 2, 20201h 13m

The Unicorn Project and The Five Ideals - Gene Kim - PSW #637

In this week's episode of Paul's Security Weekly, Paul and the guys welcome back Gene Kim to interview him about his newest book "The Unicorn Project". Gene shares with us his goals and aspirations for The Unicorn Project, describes in detail the Five Ideals, along with his favorite case studies of both ideal and non-ideal, and why he believes more than ever that DevOps will be one of the most potent economic forces for decades to come. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode635

Feb 1, 20201h 16m

Cybereason, Swimlane, Citrix Scanner - ESW #170

This week in the Enterprise Security News, Paul and Matt cover the following stories: Cequence CQ botDefense, Optimizing Your IT Spend as You Move to the Cloud, Cybereason Launches Free Emotet-Locker Tool, Swimlane Version 10.0, Cisco Launches IoT Security Architecture, AV Vendors Continuing Support for Products Under Windows 7, Citrix and FireEye Launch IoC Scanner, StackRox Announces Google Anthos Support, Sophos Introduces Intercept X for Mobile, New Cisco/AppDynamics Integration, CloudKnox Security Raises Funding, and Magnet Forensics Unveils New Solution to Simplify Remote Forensics Investigations. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode170

Jan 31, 202033 min

Cyber Insurance, Ransomware, and More Cowbell - SCW #15

This week in the Security and Compliance Weekly News, Jeff, Matt, Scott, and Josh cover the following stories: Cyber insurance policies evolving to meet emerging risks - and premiums reflect it, Dallas County Acquires Cyber Insurance through ICAP, Ransomware Claims Driving Up Cyber Insurance Costs, Cowbell Cyber Demystifies Cyber Insurance with Cowbell Prime 100, The Cold Truth About Your Cyber Insurance, Cyber insurance basics, Cyber insurance costs and pitfalls, cyber insurance rates go up, and Even banks don't know what Cyber insurance means. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode15

Jan 30, 202024 min

Trust, Community, Competitive Advantage, Employee Appreciation - BSW #160

This week in the leadership articles segment, Matt and Paul cover the following topics: Board members find cybersecurity risk an existential threat - According to a study from UC Berkeley's Center for Long-Term Cybersecurity (CLTC) and consulting firm Booz Allen Hamilton, When Community Becomes Your Competitive Advantage, The Little Things That Make Employees Feel Appreciated, Don't Stay in Your Lane: The Secret to Developing Your Career, Trust is at the Core or Software Marketing, and Chipotle, Target CISOs: Repurpose talent for cyber. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode160

Jan 30, 202021 min

Edward Snowden and the Insider Threat - Steven Bay - ESW #170

Edward Snowden is a prime example of an Insider Threat. Steven Bay was his manager at the time as says: "My missing employee, Edward Snowden, revealed himself to be the person behind the Top Secret NSA leaks that rocked the country in the preceding days. I felt my life came tumbling down around me. My worst day had come. I had to act - I had to lead. " We discuss insiders and why they are so dangerous and gain unique insights into the Edward Snowden story. The lessons learned we can apply to both identify and protect ourselves from such threats. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode170

Jan 29, 202043 min

Migrating Legacy Apps to the Cloud Pt. 1 - ESW #170

Whether you're trying to migrate a "homegrown" application or an open-source tool, getting into containers and to the cloud can be challenging. There are many ways to achieve the same goal, and as always, some not-so-great advice on the Internet. This segment will cover some of the technical details and considerations for moving applications into Docker and eventually into cloud services. We'll review Docker configurations and strategies for building, maintaining and securing containers. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode170

Jan 29, 202029 min

CISO Challenges in a Changing World - Michael Figueroa - BSW #160

Michael discusses the challenges of CISOs and the differences between large enterprises and small businesses. As the role of the CISO continues to change, so do the requirements for both large enterprise and small business CISOs. We discuss the balance of communications. leadership, ownership, governance, and the board. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode160

Jan 29, 202032 min

Pwn2Own In Miami, Cloud Vuln., Deconstructing Web Cache Deception Attacks - ASW #93

Pwn2Own Miami -- Schedule and Live Results show just how profitable deserialization, information leaks, and out-of-bounds flaws are, Insecure configurations expose GE Healthcare devices to attacks demonstrate more simple flaws with high impacts, NSA Offers Guidance on [Mitigating Cloud Vulnerabilities Mitigating Cloud Vulnerabilities] across four major classes of misconfiguration, poor access control, shared tenancy vulnerabilities, and supply chain vulnerabilities that represent the majority of known vulns, Azure Security Benchmark—90 security and compliance best practices for your workloads in Azure, and Enumerating Docker Registries with go-pillage-registries for pentesters searching for useful information. Deconstructing Web Cache Deception Attacks is another class of problems like HTTP Response Smuggling that takes advantage of inconsistencies in systems that handle web traffic. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode93

Jan 29, 202034 min

Cyber Insurance - SCW #15

Cyber Insurance. Cyberinsurance points to ponder: Relationship and dilution of responsibility between brokers, underwriters, and reinsurance companies, Cost of cyberinsurance, Actuarial tables for cyberinsurance, Questionnaires to get cyberinsurance, Is there anyone who is NOT eligible for cyberinsurance?, Typical exclusions of cyberinsurance policies, How has cyberinsurance changed over the last few years?, Big cases in cyberinsurance (Zurich insurance, Cottage health), and Cost of cyberinsurance vs. the cost of an incident response. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode15

Jan 29, 202033 min

Dynamically Protecting Mobile Applications With RASP - John Butler - ASW #93

Mobile applications are a rapidly growing attack surface and the tools and techniques being used to compromise these environments are constantly evolving. As the provider in mobile application protection mapping to two out of 10 security risks found in the OWASP Mobile Top 10, Guardsquare is most effective in providing advanced detection for on-device and off-device attacks. Guardsquare s RASP library adds resilience and prevents a vast array of dynamic attack vectors by providing detection for indicators of threat and compromise, including hooking, jailbreaking, rooting, code tampering - as well providing obstruction for debugger and emulator attachments of all types. To request a demo with Guardsquare, please visit: https://securityweekly.com/guardsquare Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode93

Jan 28, 202033 min

Tomatoes, Jeff Bezo, Vuln. In AMD ATI Radeon, 'The Rise of Skywalker' - PSW #636

In the Security News, Microsoft Security Shocker As 250 Million Customer Records Exposed Online, the NSA Offers Guidance on Mitigating Cloud Flaws, Multiple Vulnerabilities Found in AMD ATI Radeon Graphics Cards, Brazil prosecutes Glenn Greenwald in attack on press freedom, and Cybersecurity Lessons Learned from 'The Rise of Skywalker'! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode636

Jan 27, 20201h 19m

Electronic Frontier Foundation (EFF), Godwin's Law, Freedom of Speech - Mike Godwin - PSW #636

Paul, Doug and Tyler interview Mike Godwin about the creation of the EFF, why it was created and how he became involved, some of the first cases taken on by the EFF, Godwin's Law, the right to repair, freedom of speech, and much more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode636

Jan 26, 202055 min

Compelling People to Care About Security - Robert Siciliano - ESW #169

Security goes against our core beliefs, therefore security awareness training often falls flat because employees don't care about security. By showing employees the "why" and how it benefits them as individuals, they are much more open to the "how" and begin to appreciate the value security provides. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode169

Jan 25, 202021 min

Dug Song - Engineer to Entrepreneur - Dug Song - PSW #636

Paul, Doug and Tyler interview Dug Song about how he got his start in Information Security, what prompted him to begin work for dsniff, his transition from engineer to entrepreneur, what he learned from his experiences at Arbor Networks, why he decided to found a company in the authentication space, how to grow a company while maintaining your vision and culture, CISCO's acquisition of DUO Security, what it's like to be integrated into such a large company, what makes company's great, advice for talented tech people who want to become entrepreneurs, Dug's book recommendation for inspiring entrepreneurs, and much, much more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode636

Jan 25, 20201h 2m

SAP Vulnerabilities - Alex Horan, Juan Pablo Perez Etchegoyen - ESW #169

Alex Horan is the Director of Product Management at Onapsis and JP Perez is the CTO at Onapsis. Today they discuss the current state as it relates to SAP Vulnerabilities and security. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode169

Jan 24, 202036 min

IE Zero-Day, Flashpoint, Malware Sandboxes - ESW #169

In the Enterprise News, Paul and Matt cover new InfoSec products of the week, CyberArk's new JIT access capabilities, a Micro patch that simulates a workaround for the recent zero-day IE flaw, easier and faster AD rollback and recovery with STEALTHbits StealthRECOVER, automating protection from advanced threats with the new Kaspersky Sandbox, compromised credentials monitoring with FlashPoint, and some funding and acquisition updates from Security Compass, Sysdig, Waterfall Security, ServiceNow, and FireEye! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode169

Jan 24, 202039 min

The Role of Compliance in the Federal Gov. - How Security Works - Trevor Bryant - SCW #14

In this segment, we interview Trevor about his role, his experience and his thoughts on the role of compliance in the Federal Government. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode14

Jan 23, 202032 min

The State of the Financial Markets - Chase Robertson - BSW #159

Chase Robertson, the CEO at Robertson Wealth Management, joins us to discuss the state of the financial markets in 2020 and beyond. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode159

Jan 23, 202031 min

The Role of Compliance in the Federal Gov. - How Compliance Works - Trevor Bryant - SCW #14

In this segment, we continue the discussion with Trevor on the role of compliance in the Federal Government. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode14

Jan 22, 202030 min

Security Money - BSW #159

This week we provide our quarterly Security Money update. This segment tracks the top 25 public security vendors, known as the Security Weekly 25 Index, and the private funding. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode159

Jan 22, 202022 min

Crypto Bugs, IoT Planes and Application Inspectors, Oh My! - ASW #92

PoC Exploits Published For Microsoft Crypto Bug disclosed by NSA, Pratt & Whitney Expects GTF Engine Software Update on A220 Jet in Spring, Building a more private web: A path towards making third party cookies obsolete and making the User-Agent less revealing about the user, Introducing Microsoft Application Inspector, Vulnerability management requires good people and patching skills and DevSecOps: 10 Best Practices to Embed Security into DevOps are more like 10 verbs related to DevOps responsibilities. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode92

Jan 21, 202032 min

Protecting Data in Apps and Protecting Apps from Data - ASW #92

Apps must protect the data they collect. How can DevOps teams apply effective controls like strong authentication and authorization? How do cloud services help or hinder encrypting data? Envelope encryption uses multiple keys to protect data. It's a scalable pattern for protecting data and is nicely documented for AWS, Azure, and GCP. Be warned that each provider uses slightly different terminology for the same principle components. Kubernetes also supports this pattern. Data is also an attack vector that apps must protect themselves against. How relevant is the security recommendation of "use input validation" for modern apps? How can apps that rely on user-generated content or microservice architectures handle data securely? Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode92

Jan 21, 202035 min

CVE-2020-0601, Netscaler RCE, npm - PSW #635

We discuss the details and impact of the latest flaw, disclosed by NSA, in Windows 10 that allows attackers to pass off malware as signed applications and so much more. The Citric Netscaler vulnerability is a rare remote-easy-to-exploit opportunity for attackers. The crew also talks about book recommendations, backdoors in crypto (and why its bad), conspiracy theories and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode635

Jan 19, 20201h 32m

Hacking IoT Devices - Jeff Spielberg, Ryan Speers - PSW #635

The world continues to see a proliferation of highly insecure IoT/embedded products. How can companies making embedded products design security in from the start, and why don t they do it today? Importantly, security needs to be baked in while remaining lean and moving quickly towards an MVP product. Discussions will range from hardware chip selection, cryptographic protocol design, and firmware security -- both at the design and security pen test phases. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode635

Jan 18, 2020