Outlook can leak NTLM hashes, potential RCE in a chipset for Wi-Fi calling in phones (and autos!?), the design of OpenSSH's sandboxes, more on the direction of OWASP, celebrating 25 years of Curl.
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw233
When CISOs report into CEOs it gives them more autonomy, empowers them with more decision making authority, and eliminates the inherent conflict of interest present when CISOs report into IT leaders like the CIO.
Segment Resources:
https://www.forrester.com/blogs/five-reasons-why-cisos-should-report-to-ceos
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw298
Dr. Doug talks: The Tang Dynasty, ZippyShare, NuGet, PinDuoDuo, Ernie, Lantern, HDD hard drives, and more on this edition of the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn282
Static analysis is the art of scrutinizing your code without building or running it. Common static analysis tools are formatters (which change whitespace and other trivia), linters (which detect likely best practice and style issues), and type checkers (which detect likely bugs). Each of these can aid in improving application security by detecting real issues at development-time.
Segment Resources:
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw233
AI! Then, produce text that can’t be detected as written by an AI! The K-Shaped recovery of the cybersecurity industry, Software Security is More than Vulnerabilities, Microsoft Outlook hacks itself, Robert Downey Jr. gets into teh cyberz, & Reversing intoxication!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw309
Financial Scams, Microsoft, BianLian, Leihigh Medical, CISA, Vile, and More on this episode of the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn281
Tap, tap - is this thing on? Why do defenders still struggle to detect attacks and attacker activities? Why do so many tools struggle to detect attacks? Today, we've got an expert on detection engineering to help us answer these questions. Thinkst's Canary and Canarytokens make in catching penetration testers and attackers stupidly simple. Thinkst Labs aims to push these tools even further. Casey will share some of the latest research coming out of labs, and we'll ponder why using deception for detection isn't yet a de facto best practice.
Segment Resources:
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw309
The CI/CD pipeline is the backbone of the software development process, so it's critical to ensure you are meeting and exceeding the most critical security measures. Throughout this podcast, Tal Morgenstern, Co-founder and CSO of Vulcan Cyber, will break down the process of how organizations can properly secure a CI/CD pipeline into a checklist of four key steps, as well as offer a handful of tools and tactics security leadership can use to bake risk-based vulnerability management into their CI/CD pipelines. He will explain how securing your CI/CD pipelines alone is not enough to reduce the chances of cyber attacks and the importance for organizations to not only maintain security at speed and scale, but quality at speed and scale. Finally, Tal will dive into how Vulcan Cyber helps organizations to streamline security tasks in every stage of the cyber-risk management process, integrating with their existing tools for true end-to-end risk management.
Segment Resources:
https://vulcan.io/blog/ci-cd-security-5-best-practices/
https://www.youtube.com/watch?v=nosAxWc-4dc
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw309
In the security news: AI on your PI, no flipper for you, stealing Tesla's by accident, firmware at scale, the future of the Linux desktop, protect your attributes, SOCKS5 for your Burp, TPM 2.0 vulnerabilities, the world's most vulnerable door device and hiding from "Real" hackers, sandwiches, robot lawyers, poisonis epipens, and profanity in your code! All that, and more, on this episode of Paul’s Security Weekly!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw776
Software supply chain attacks, those in which hackers target the "water supply" of software are on the rise. This makes software developers everywhere valid targets. We will discuss the developer perspective on software supply chain attacks.
Segment Resources:
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw776
In this week's leadership and communications segment, we discuss overemphasizing metrics, delegation drawbacks, security culture starts at the top, and succeeding in security with economic insecurity.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw297
Loom provides transparency on mishandling cookies, GitHub moves to require 2FA, TPM reference implementation includes a buffer overflow, Dropbox shares their security engineer ladder, multiple flaws in a smart intercom
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw232
Natural language processing AI will be at the forefront in 2023, as it will enable organizations to better understand their customers and employees by analyzing their emails and providing insights about their needs, preferences or even emotions. As AI voice cloning technology becomes more powerful and readily available, we will see an increase in impersonation attacks that utilize audio deepfakes. Join Dr. Kiri Addison, Threat Detection and Efficacy Product Manager, Mimecast to discuss how you can prepare and protect your organization from these types of business email compromises with the right cybersecurity products that can effectively protect them against attacks like these.
This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecast to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw297
In this segment, Josh will talk about the OWASP ASVS project which he co-leads. He will talk a little about its background and in particular how it is starting to be used within the security industry. We will also discuss some of the practicalities and pitfalls of trying to get development teams to include security activities and considerations in their day-to-day work and examples of how Josh has seen this “in the wild”.
Segment Resources:
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw232
Casper, Flipper, NordVPN, Ring, Silicon Valley Bank, GoBruteforcer, Aaran Leyland, and more on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn280
In the enterprise security news, A light week in funding, after last week’s mega raises from Wiz and Sandbox AQ HP acquires some Zero Trust and CASB with Axis Security InfoSec-themed Table Top gaming is really catching on The White House’s updated cybersecurity strategy is more of an update than a game changer I go a bit nuts with AI news and essays, but a lot of it is really worth your time, I promise Doing evil things with chrome extensions Women in cybersecurity Letting strangers call you, on purpose All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw308
Selling your soul to the company store, Xenomorph, Sonicwall, Github, Veeam, TSA, Ring, Aaran Leylan, and More on this episode of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn279
Looking at topics around go-to-market strategy and product management, including: how building products is unique in cybersecurity compared to other industries, what is product-led growth and what shape it takes in security, and how to do it right. Touching on the broader and adjacent topics of writing, supporting cybersecurity startups, investing, and the like.
Segment Resources:
Venture in Security blog: https://ventureinsecurity.net/
Venture in Security Angel Syndicate: https://www.visangels.com/
Building Cyber Collective: https://ventureinsecurity.net/p/buildingcyber
Top Venture in Security Articles: https://ventureinsecurity.net/p/top-posts
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw308
You know SBOMs can help you keep track of your software assets and therefore, their vulnerabilities. Despite even the White House pressing the issue, many vendors aren't forthcoming with SBOMs, and you can't afford to wait. With Tanium's Roland Diaz, we'll discuss the most important considerations when generating your own SBOMs (which is now something their product can also do!).
This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw308
In the Security News: Using HDMI radio interference for high-speed data transfer, Top 10 open source software risks, Dumb password rules, Grand Theft Auto, The false promise of ChatGPT, The “Hidden Button”, How a single engineer brought down twitter, Microsoft’s aim to reduce “Tedious” business tasks with new AI tools, The internet is about to get a lot safer, All that, and more!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw775
Tune in to ask our PSW hosts anything you want to know! Join the live discussion in our Discord server to ask a question. Visit securityweekly.com/discord for an invite!
Larry Pesce, Jeff Man, Tyler Robinson, and more will be answering your questions, including:
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw775
In the leadership and communications section, Your Biggest Cybersecurity Risks Could Be Inside Your Organization, Subtracting: The Simplest Path to Effective Leadership, How to Be a Good Interviewer, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw296
WebSocket hijack that leads to a full workspace takeover in a cloud IDE, malicious packages flood public repos, side-channel attack on a post-quantum algorithm, looking at OWASP's evolution, OAuth misconfigs lead to account takeover, AI risk management framework, Zed Attack Proxy
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw231
From protecting application and data from cyberattacks to meeting compliance regulations, healthcare providers face the complex challenge of providing secure and reliable access to medical data. In this segment, Terry Ray joins Business Security Weekly to discuss common attack trends and security challenges that healthcare providers face along with guidance for securing healthcare data and applications.
This segment is sponsored by Imperva. Visit https://securityweekly.com/imperva to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw296
This week Dr. Droug talks: Lots of AI, Deepfakes, Microsoft Word, OneNote, Russian Pranksters, FIXS, Wago, Water, Aaron Leyland, and more on this edition of Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn278