Funding bounties or finding bugs, how should we invest? Talks from Enigma Conference on memory unsafety and 0-days. Coming trends in API security and a review of research from 2020.

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw139

Alissa Knight has spent her career going against industry and social norms as both a Transgendered and Lesbian business leader and hacker. Learn more about her, her achievements as a published author, her recent vulnerability research in hacking law enforcement vehicles, mHealth apps and APIs, her recent screenplay for her new TV series, her life as a hacker, and barriers she's broken down in business.

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw139

Security in a Complex World, Huawei’s HarmonyOS embodies “Fake it till you make it”, Hackers Infiltrating the World of Online Gaming, Sloppy patches breed zero-day exploits, Dutch researcher hacks prepaid vending machines, When was the last time you said: "Hey, that web app on that IoT/network device was really secure!"? Test Amber Alert accidentally sent out warning of Chucky from the Child’s Play horror movies, Major Vulnerabilities Discovered in Realtek RTL8195A Wi-Fi Module, New Linux malware steals SSH credentials from supercomputers, From Microsoft: how not to run Docker in Azure Functions.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw682

Bill will provide insight on best practices for internet safety, for work from home, family friendly internet habits which leads to the conversation of secure chats/files, & more!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw682

Small federal contractors are being required to become compliant with a new standard, CMMC. They've never had to do the level of security and compliance maturity that it requires! What do they do? Who can they talk to?

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw682

The Cyber Defense Matrix is a framework to help systematically organize the many things that we buy and do in cybersecurity. The DIE Triad offers a new way of thinking about resiliency, how we secure the future, and what startups should focus on to help us get there.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw215

Attack Surface Management is an important and growing field within Information Security. In this segment, we discuss how security teams can frame the problem and what can be done to get a handle on the ever-growing attack surface of enterprises!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw215

This week in the Enterprise News, Mission Secure Announces Series B, Akamai Technologies Acquires Inverse, for Microsoft, Security is a $10 Billion Business, Sontiq acquires Cyberscout, IRONSCALES improves the ability to detect phishing attacks, Imperva updates its WAAP and Data Security offerings, SonicWall Confirms A Zero-Day Vulnerability with NO other details, Arista intros Multi-Domain Macro-Segmentation Service (I don't know what it means, but its provocative), & more!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw215

Securing an organization means more than just spending money. For those that fall below the "security poverty line," many other dynamics come into play that make it harder for them to accomplish even the basics. How do we help them rather than scolding them?

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw60

Securing an organization means more than just spending money. For those that fall below the "security poverty line," many other dynamics come into play that make it harder for them to accomplish even the basics. How do we help them rather than scolding them?

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw60

Everyone has heard the GameStop frenzy by now, but what's it all about. How did a group of Reddit users hack the financial system and squeeze the hedge funds? We're going to discuss the details behind r/wallstreetbets and how they hacked the hedge funds.

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw204

It's time for our quarterly segment to review the money of security, including public companies, IPOs, funding rounds and acquisitions from Q4 2020. We'll also update you on our own index that tracks public security companies called, Security Weekly 25.

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw204

This week in the Application Security News, Sudo sure does, Libgcrypt flaw, iMessage demonstrates security by design, AWS Lambda shares a message on its design security, & more!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw138

In honor of the movie Groundhog Day, John will take a look at the top 10 most routinely exploited vulnerabilities through a web app security lens.

This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw138

In the Security News, why privacy is like bubble wrap, South African government releases its own browser just to re-enable flash support, former Lulzsec hacker releases VPN zero-day used to hack hacking team, how a researcher broke into Microsoft VS code’s Github, & how criminals use a deceased employee’s account to wreak havoc!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw681

Today’s segment will discuss effective assessments, the maturity of your security posture, and the composition of your team. Specific topics in the episode include the what, when, and how of conducting assessments, addressing the cybersecurity talent shortage, and facilitating automated assessments. Lastly, we’ll discuss what makes you feel ready for what’s headed your way.

This segment is sponsored by PlexTrac. Visit https://securityweekly.com/plextrac to learn more about them!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw681

What is XDR? How do we know the security protections we're investing in are working? All this and Paul's CBD Pineapple Pizza Drink on this week's show.

This segment is sponsored by Kenna Security. Visit https://securityweekly.com/kennasecurity to learn more about them!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw681

Do we really need to be freaking out? What could we and should we be doing in general regardless of SolarWinds?

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw214

Fredrik Nordberg Almroth, Security Researcher at Detectify, tells the story of how he managed to claim the top-level domain of an entire country - the Congo (DRC), .cd - before any bad actors could snatch it up. He will also discuss domain takeovers (TLD as well as subdomains) and how they can be prevented. Key to this is to keep track of your assets and monitor them for vulns.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw214

This week, in the Enterprise Security News, Platform9 unburdens users from the complexities of Kubernetes, Swimlane Raises $40 Million, SonicWall hacked by zero-days in its own products, Deloitte Buys Root9B, Cygilant and SentinelOne Partnership, Fortinet announces AI-powered XDR, AlgoSec Announced updates to A32, ESET Launches Enhanced Cloud-based Endpoint Security Management, Entrust acquires HyTrust, LogRhythm acquires MistNet, Huntress Acquires EDR Technology From Level Effect, & more!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw214

The conversation continues on mitigating insider threats and building an insider threat program!

This segment is sponsored by Ekran System. Visit https://securityweekly.com/ekran to learn more about them!

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw59

Mitigating insider threats is a key cybersecurity priority for any organization that works with sensitive data. And to do that, you need an insider threat program. Such a program not only is required by numerous cybersecurity regulations, standards, and laws but also allows a company to detect an insider threat at its early stages, respond to it, and remediate the damage with little to no harm done.

This segment is sponsored by Ekran System. Visit https://securityweekly.com/ekran to learn more about them!

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw59

In the Leadership and Communications section, Cybersecurity Failure among Highest Risks, warns World Economic Forum, How to reboot a broken or outdated security strategy, A 21st Century Solution to Our Cybersecurity Skills Shortfall, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw203

When the SolarWinds Orion SUNBURST attack hit the national newscycle, businesses far-and-wide scrambled to determine whether or not they were affected–unfortunately, many found they couldn't say either way with confidence. And then came the question, "why didn't anyone catch this?" ExtraHop's Matt Cauthorn joins BSW to discuss the SUNBURST attack, why it was so challenging to detect, and share some behavioral analysis insights to shed light on what the attackers were doing post-compromise.

This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw203

An overflow and a flawed regex paint an RCE picture for Kindle, messaging apps miss the message on secure state machines, three pillars of a data security strategy for the cloud, where DoH might fit into appsec, and all the things that can go wrong when you give up root in your Kubernetes pod.

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw137