Info

Security Weekly Podcast Network (Video)

This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
RSS Feed Subscribe in Apple Podcasts
Security Weekly Podcast Network (Video)
2024
March
February
January


2023
December
November
October
September
August
July
June
May
April
March
February
January


2022
December
November
October
September
August
July
June
May
April
March
February
January


2021
December
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


2013
December
November
October
September
August
July
June


Categories

All Episodes
Archives
Categories
Now displaying: March, 2023
Mar 31, 2023

In the enterprise security news, early stage startup funding stays constant, but late stage is nowhere to be found. Cisco, XM Cyber, and Mastercard make acquisitions. YouTube channels keep getting hacked. Microsoft fails to use Azure securely. Organizations are making progress on zero trust, but slowly. Finally, more discussion on AI threats, concerns, and predictions.

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw311

Mar 31, 2023

Flappy TREX lips, WooCommerce, 3CX, Zimbra, OneNote, ChatGPT, ProPump, Aaran Leyland, and More on this episode of the Security Weekly News.

Visit https://www.securityweekly.com/swn for all the latest episodes! 

Show Notes: https://securityweekly.com/swn285

Mar 31, 2023

The White House recently revealed their National Cybersecurity Strategy and its 5 pillars. Some is straightforward - some is more controversial. Josh helped with it and wrote a blog about it. Adrian read that post and asked Josh to come discuss it. So here we are.

 

Segment Resources:

https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf

https://claroty.com/blog/consequential-cybersecurity-brace-yourself-for-the-white-house-national-cybersecurity-strategy

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw311

Mar 30, 2023

In the Security News: Turning traffic lights green with the flipperzero (and a bunch of other hardware), suspending AV and EDR, Test signing mode, Linux control freaks, hacking the Apple Studio Disaply, Intel;s attack surface reduction claim, the truth about TikTok that everyone is missing, just stop developing AI, but only for 6 months, anyone can connect to Amazon's wireless network, revoking the wrong things, losing your keys, the funny, not-so-funny things about firmware encryption, and exploding thumb drives. All that, and more, on this episode of Paul’s Security Weekly!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw778

Mar 30, 2023

How to get into reversing embedded firmware? Can the planet really be hacked? We'll go over a couple of fun exploitation examples, see what mistakes were made and maybe what could have been done better to make these devices tougher to break into.

Segment Resources:

Voip phone hacking: Blog: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/avaya-deskphone-decade-old-vulnerability-found-in-phones-firmware/

Def Con presentation (intro to hardware hacking): https://www.youtube.com/watch?v=HuCbr2588-w&ab_channel=DEFCONConference

Medical Research: BBraun infusion pump: https://www.youtube.com/watch?v=6agtnfPjd64&ab_channel=hardwear.io

Medical devices under attack: https://www.rsaconference.com/USA/agenda/session/Code%20Blue%20Medical%20Devices%20Under%20Attack

Hacking DrayTek routers: https://www.youtube.com/watch?v=CD8HfjdDeuM&ab_channel=Hexacon

Philippe's public work: https://github.com/philippelaulheret/talks_blogs_and_fun

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw778

Mar 29, 2023

In the leadership and communications section, CISO, The Board, and Cybersecurity, How CISOs Can Work With the CFO to Get the Best Security Budget, Building Effective and Skilled Teams Through Networking, Connectivity, and Communication, and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw299

Mar 29, 2023

Ferrari refuses ransomware, OpenAI deals with security issues from cacheing, video killed a crypto ATM, GitHub rotates their RSA SSH key, bypassing CloudTrail, terms and techniques for measuring AI security and safety

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw234

Mar 28, 2023

We often see security as a thing that has definitive check boxes, end states and deliverables. Audits "end" and then start again, but if you are looking at security as a noun -- as in, a thing that gets done, you are falling short. Security must be a verb. You DO security, you do not HAVE security. Security weaves through every layer and goes beyond the IT assets or codebase.

This includes:

  • Guerrilla marketing of gaining end-user buy-in for initiatives
  • Iterative tuning of your data sources 
  • Active engagement with real-time feedback from the user base and technical teams

Threat- and risk-informed decisions need to be capable of adapting when things get turned upside down. You need to create a culture and the associated processes to look at security like you do. Security teams and roadmaps are designed to look (often myopically) at specific "deliverables" and not so much at the vital signs of the security ecosystem in any given moment (and what that looks like OVER TIME, not at a moment IN time).

 

This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw299

Mar 28, 2023

Twitter, Tax Scams, Microsoft, Executive Orders, Pwn2Own, French Bans, and more on this edition of the Security Weekly News.

 

Visit https://www.securityweekly.com/swn for all the latest episodes!

Show Notes: https://securityweekly.com/swn284

Mar 28, 2023

With the increased interest and use of AI such as GTP 3/4, ChatGPT, GitHub Copilot, and internal modeling, there comes an array of use cases and examples for increased efficiency, but also inherent security risks that organizations should consider. In this talk, Invicti’s CTO & Head of Security Research Frank Catucci discusses potential use cases and talks through real-life examples of using AI in production environments. Frank delves into benefits, as well as security implications, touching on a number of security aspects to consider, including security from the supply chain perspective, SBOMs, licensing, as well as risk mitigation, and risk assessment. Frank also covers some of the types of attacks that might happen as a result of utilizing AI-generated code, like intellectual property leaking via a prompt injection attack, data poisoning, etc. And lastly, Frank shares the Invicti security team's real-life experience of utilizing AI, including early successes and failures.

 

Segment Resources:

  • On-demand webinar on the topic of generative AI - https://www.scmagazine.com/cybercast/generative-ai-understanding-the-appsec-risks-and-how-dast-can-mitigate-them
  • Invicti Research - https://www.invicti.com/blog/web-security/analyzing-security-github-copilot-suggestions/ - https://github.com/svenmorgenrothio/Prompt-Injection-Playground

 

This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw234

Mar 27, 2023

In this episode, Neatsun Ziv, co-founder and CEO of OX Security, takes a deep dive into software supply chain security. He focuses on the new Open Software Supply Chain Attack Reference (OSC&R), a first-of-its-kind framework for understanding techniques, tactics, and procedures (TTPs) used by attackers to compromise supply chains. OSC&R was forged by a group led by OX Security with cybersecurity pros from a number of companies, including Google, GitLab, FICO, Check Point, VISA and Fortinet.

Segment Resources:

 

Visit https://www.securityweekly.com/asw for all the latest episodes! 

Show Notes: https://securityweekly.com/asw231

Mar 24, 2023

This week in the Enterprise News: Dope Security nabs $16M led by GV to build out secure web gateways designed to work on endpoints, not in the cloud. We take the mystery out of some recent funding. Microsoft 365's Copilot tries to do your job for you. Mapping failures with decision trees. An AI hires a human to solve a CAPCHA, because it needed help, and lies to the human about the reason why. You know what's different between AI and you? Those goosebumps on your arms right now and the ice water in your veins. AI can't do that. New drone designs that change everything & Cyber Startup Buzzword Bingo: 2023 Edition.

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw310

Mar 24, 2023

This week Dr. Doug talks: TikTok, Github, CISA and More CISA, Netgear, Do Kwon and More on this episode of the Security Weekly News.

 

Visit https://www.securityweekly.com/swn for all the latest episodes!

Show Notes: https://securityweekly.com/swn283

Mar 24, 2023

The ioXt Alliance is a group of manufacturers, industry alliances, labs, and government organizations, dedicated to harmonizing best security practices and establishing testable standards. Our goal is to bring security, upgradability and transparency to the market and directly into the hands of consumers. Come learn about Smart Product security and what consumers should be asking for.

 

Segment Resources:

https://www.ioxtalliance.org/

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw310

Mar 24, 2023

SafeLiShare delivers tamperproof security from inside out across clouds and eliminate algorithmic complexity attacks and reverse never-ending cycles of defense using policy controlled Confidential Computing with secure enclave technology.

 

Segment Resources:

Presentation - https://1drv.ms/p/s!AqqNWej5CK8uhEoIZW5MUxMTQLJU

Blog - https://safelishare.com/blog/defining-confidential-computing/

Video - https://safelishare.com/data-privacy-resources/

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw310

Mar 23, 2023

In the Security News: Windows MSI tomfoolery, curl turns 8...point owe, who doesn't need a 7" laptop, glitching the ESP, your image really isn't redacted or cropped, brute forcing pins, SSRF and Lightsail, reversing D-Link firmware for the win, ICMP RCE OMG (but not really), update your Pixel and Samsung, hacking ATMs in 2023, breaking down Fortinet vulnerabilities, Jamming with an Arduino, it 315 Mega hurts, analyzing trojans in your chips, and the 4, er 1, er 3, okay well how to suck at math and the 4 Cs of Cybersecurity! All that, and more, on this episode of Paul’s Security Weekly!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw777

Mar 23, 2023

We sit down with Nico Waisman to discuss vulnerability research and other security-related topics!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw777

Mar 22, 2023

Outlook can leak NTLM hashes, potential RCE in a chipset for Wi-Fi calling in phones (and autos!?), the design of OpenSSH's sandboxes, more on the direction of OWASP, celebrating 25 years of Curl.

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw233

Mar 22, 2023

In the leadership and communications section, CISO: A Job in Search of a Description, The Rise of the BISO in Contemporary Cybersecurity, When More is Less: The Dangers of Over-Communication in Teams, and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw298

Mar 21, 2023

When CISOs report into CEOs it gives them more autonomy, empowers them with more decision making authority, and eliminates the inherent conflict of interest present when CISOs report into IT leaders like the CIO.

Segment Resources:

https://www.forrester.com/blogs/five-reasons-why-cisos-should-report-to-ceos

 

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw298

Mar 21, 2023

Dr. Doug talks: The Tang Dynasty, ZippyShare, NuGet, PinDuoDuo, Ernie, Lantern, HDD hard drives, and more on this edition of the Security Weekly News!

 

Visit https://www.securityweekly.com/swn for all the latest episodes!

Show Notes: https://securityweekly.com/swn282

Mar 21, 2023

Static analysis is the art of scrutinizing your code without building or running it. Common static analysis tools are formatters (which change whitespace and other trivia), linters (which detect likely best practice and style issues), and type checkers (which detect likely bugs). Each of these can aid in improving application security by detecting real issues at development-time.

Segment Resources:

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw233

Mar 17, 2023

AI! Then, produce text that can’t be detected as written by an AI! The K-Shaped recovery of the cybersecurity industry, Software Security is More than Vulnerabilities, Microsoft Outlook hacks itself, Robert Downey Jr. gets into teh cyberz, & Reversing intoxication!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw309

Mar 17, 2023

Financial Scams, Microsoft, BianLian, Leihigh Medical, CISA, Vile, and More on this episode of the Security Weekly News!

 

Visit https://www.securityweekly.com/swn for all the latest episodes!

Show Notes: https://securityweekly.com/swn281

Mar 17, 2023

Tap, tap - is this thing on? Why do defenders still struggle to detect attacks and attacker activities? Why do so many tools struggle to detect attacks? Today, we've got an expert on detection engineering to help us answer these questions. Thinkst's Canary and Canarytokens make in catching penetration testers and attackers stupidly simple. Thinkst Labs aims to push these tools even further. Casey will share some of the latest research coming out of labs, and we'll ponder why using deception for detection isn't yet a de facto best practice.

Segment Resources:

 https://canary.tools

https://canarytokens.org

 https://blog.thinkst.com

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw309

1 2 3 Next »