Info

Paul's Security Weekly TV

Security news, interviews, how-to technical segments. For security professionals by security professionals. We Hack Naked.
RSS Feed Subscribe in Apple Podcasts
Paul's Security Weekly TV
2022
August
July
June
May
April
March
February
January


2021
December
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


2013
December
November
October
September
August
July
June


Categories

All Episodes
Archives
Categories
Now displaying: Category: podcast
Jun 3, 2022

This segment will be an opportunity to discuss web application client-side security with subject matter expert Matt McGuirk from Source Defense. Modern web applications have a massive and misunderstood attack surface that exists within the webpages they serve. Potential discussion topics: - A visual overview of the problem - A simulated client-side attack - How to evaluate client-side risk on a given web site - What technologies are available to defend against client-side attacks - Historical case studies of landmark attacks

 

Segment Resources:

"Magecart 101" - a courseware-style overview of the problem for security practioners: https://www.youtube.com/watch?v=T4al8idAE_M

A quick five minute explainer on the problem and Source Defense's solution: https://www.youtube.com/watch?v=f8MO45EQcKY

Source Defense's brand new (as of 5/25/22) "State of the Industry" report for client-side security: https://info.sourcedefense.com/third-party-digital-supply-chain-report-white-papere

 

This segment is sponsored by Source Defense. Visit https://securityweekly.com/sourcedefense to learn more about them!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw743

Jun 3, 2022

This week in the Security News: Analyzing chat logs with Python, consumer reports for IoT, hypothetically BS, the year of the Linux desktop and the year of Linux malware are the same, do you trust Google to tell you open-source software is secure?, Twitter fines, WSL attack vector, Follina, UK Government still won't pay a bounty, and ransomware that makes you a better person!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw743

Jun 3, 2022

In the Autumn of 2019, Salesforce started on an ambitious journey - to require all of their customers to use multi-factor authentication (MFA) as of February 2022. The journey required the collaboration of every product line and every business function within Salesforce. And the journey potentially required every single one of Salesforce’s customer to deploy new technology and to change all of their user’s behavior. Clearly this would be no simple journey, but it was one with massive rewards for everyone involved. Join Ian Glazer as he discusses the impetus for Salesforce’s MFA push, the challenges of such a large scale endeavor, some of the setbacks and victories along the way, and, most importantly, what you can take from Salesforce’s journey towards complete customer MFA adoption and apply it in your own organization.

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw276

Jun 2, 2022

Boards and CEOs are asking what their cyber risk posture is, and they aren't getting clear answers. Reports produced from assessments oftentimes are built on stale data rather than real-time compliance and risk data. How should C-levels be thinking about cybersecurity posture reporting, and how can they manage cyber risk in real-time as opposed to point-in-time?

 

This segment is sponsored by CyberSaint. Visit https://securityweekly.com/cybersaint to learn more about them!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw263

Jun 2, 2022

In the leadership and communications section, CISO MindMap 2022: What do InfoSec Professionals really do?, CISO Shares Top Strategies to Communicate Security's Value to the Biz, Security leaders chart new post-CISO career paths, and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw263

Jun 2, 2022

Web applications have a new and dangerous security gap which requires attention: client-side security. The code and content that a web application delivers into a web browser is a ripe attack surface and requires different consideration, tools, and knowledge than required by traditional web application security. This segment will explore what client-side security is, why client-side attacks are so dangerous, and what options are available to defend ourselves from this new threat.

 

Segment Resources:

"Magecart 101" - a courseware-style overview of the problem for security practioners: https://www.youtube.com/watch?v=T4al8idAE_M

A quick five minute explainer on the problem and Source Defense's solution: https://www.youtube.com/watch?v=f8MO45EQcKY

Source Defense's brand new (as of 5/25/22) "State of the Industry" report for client-side security: https://info.sourcedefense.com/third-party-digital-supply-chain-report-white-paper

 

This segment is sponsored by Source Defense. Visit https://securityweekly.com/sourcedefense to learn more about them!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw276

May 21, 2022

In the Enterprise Security News: The latest cybersecurity fundraising, We discuss the impact of the market downturn on the cybersecurity startup industry, Crypto muggings, Security researchers researching researchers simulating attackers, & Evil Encryption! 

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw274

May 21, 2022

In the Security News for this week: Singapore launches safety rating system for e-commerce sites, Watch Out for Zyxel Firewalls RCE Vulnerability, New Bluetooth hack that can unlock your Tesla, Hackers Compromise a String of NFT Discord Channels, a pentester’s attempt to be ‘as realistic as possible’ backfires, & more!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw741

May 21, 2022

Migrating off passwords and legacy authentication is a journey. Nok Nok has worked with global brands to incorporate passwordless, next-generation authentication into their consumer apps leading to significant improvements in onboarding, authentication success, speed and reduction in fraud among many other benefits. Learn how these organizations have mastered the transition.

 

Segment Resources:

www.noknok.com

https://www.youtube.com/watch?v=yQIwOx2XCSE

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw274

May 20, 2022

Attack intelligence delivers customers actionable, relevant, and timely information. Learn why Collective Defense is an integral aspect of attack intelligence and hear about the cyber trends you need to watch.

 

Segment Resources:

https://www.ironnet.com/blog/what-is-attack-intelligence-and-why-do-you-need-it

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw274

May 20, 2022

In this segment Saumil Shah joins us for a discussion on Firmware Security, complete with a fascinating first-hand demonstration!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw741

May 19, 2022

The past year has been filled with incredible changes in the cyber security landscape from ICS, Mobile, Cloud, and increased threats from Ransomware. This discussion will focus on crucial and quick discussions surrounding the cyber landscape that has changed quickly and forced organizations to consider revamping many of their policies and preparations. Join us for a humorous, and insightful journey back over the past year filled with examples for practitioners, organizations, and those just starting in cyber security.

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw741

May 18, 2022

This week in the AppSec News: Typosquatting spreads to Rust, curl fixes flaws in mishandling dots and slashes, OpenSSF invests in a mobilization plan for open source, interesting appsec from Black Hat Asia. 

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw197

May 18, 2022

What does it look like to try teaching cybersecurity at an undergraduate level? What are the goals and challenges faced when trying to help future generations learn what they need to know to contribute to this industry? 

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw197

May 14, 2022

In the Enterprise News for this week: Funding announcements from Material Security, Abnormal, Teleport, Tailscale, Smallsetp, Phylum and more. Acquisitions include HDiv Security, and Radiflow. New product announcements from Siren, Corelight, Artic Wolf, Onapsis and Aqua. And, in other news, all South Koreans are about to become one year younger, & more!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw273

May 14, 2022

According to CybeReady, during such turbulent times, one should regard all emails with extra caution and double-check the sender’s address carefully. Beware of requests that ask for technical assistance such as running software or helping to take down websites. These might not only be illegal but may also be used to hack systems on the corporate network. Try to remember that during times of crisis, there is an increase in phishing attempts of all kinds as hackers take advantage of the situation. In this circumstance, employees need to stay updated from both a news and computing perspective. To be proactive in the defense of computing environments, our security experts recommend:

1. Personal computer and phones: Install the latest operating system and security updates.

2. Implement 2FA/MFA: Use a phone number or authentication app as the second factor of authentication to all important applications, social media accounts (Facebook/Meta, Linkedin, Twitter, etc.), and personal email accounts. Backup email and ensure it is recoverable.

3. Change Passwords: If you are reusing a password in sites that hold your personal information, it is a good time to change your passwords.

4. Support a Culture of Security: Train your employees continuously, advise friends and family to do the same, and take an active role in creating a safer internet.

5. Defend Work from Home Environments: Install the operating system and security updates. If these are available you should see a notification on your computer or phone. Especially important to business continuity in these times of uncertainty is the need for automated cybersecurity training that adapts to employee educational needs and accelerates the learning process.

 

Segment Resources:

https://cybeready.com/blog

https://cybeready.com/resource-center/playbook

https://cybeready.com/ultimate-guide-to-phishing-protection

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw273

May 13, 2022

In the Security News for this week: Colonial Pipeline facing $1,000,000 fine, cybercrime tracking bill signed into law, Lincoln College Set to Close After Crippling Cyberattack, Nvidia’s LHR limiter bypassed, & North Carolina Becomes the First State to Prohibit Public Entities from Paying Ransoms!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw740

May 13, 2022

In this segment sponsored by Intel, we will explore all things Intel vPro® platform. Learn how Intel vPro® platform can help you keep your computers up-to-date, prevent attacks, provide reports on the status of the firmware in use, and implement advanced hardware security!

 

This segment is sponsored by Intel. Visit https://securityweekly.com/intel to learn more about them!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw273

May 13, 2022

In-depth look at destructive malware and other threats the Barracuda team has been monitoring that you need to be aware of.

 

This segment is sponsored by Barracuda Networks. Visit https://securityweekly.com/barracuda to learn more about them!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw740

May 11, 2022

In the Leadership & Communications section: 6 information governance best practices, The Seven Deadly Sins Of Leadership, Secrets to building a healthy CISO-vendor partnership, & more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw262

May 10, 2022

Land, sea, air, space, and–increasingly–cyber. These are the five domains where war is conducted. In March 2022, CISA and other international cyber agencies issued guidance urging private and public organizations alike to harden their security postures in preparation for cyber fallout. However, to date, the cyber fallout from the conflict has been minor, leaving some questioning the seriousness of the threat. ExtraHop VP of Sales Engineering, Mike Ernst, joins Business Security Weekly for a candid discussion about expected impact on private enterprises, and how business leaders and CISO can use this moment to scrutinize their security posture.

 

This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw262

May 10, 2022

In the AppSec News Mike and John discuss: Secure coding practices and smart contracts, lessons from the Heroku breach, Real World Crypto conference highlights, and an entertaining bug in Google Docs, & more!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw196

May 9, 2022

With 77 percent of all financial transactions touching an SAP system, SAP is the backbone and heart of most organizations. Add to this the vast amounts of customer facing personal data used within SAP, and you can see why SAP security is critical. However, SAP’s complexity - in the form of extensive customization, thousands of configurations, and typical misunderstandings about who and which group is responsible – make SAP security a challenge. Hear SecurityBridge CEO Christoph Nagy discuss with Security Weekly how organizations can navigate and address these challenges by taking critical steps such as patching, creating baselines, and developing roadmaps for risk prioritization and more to become SAP security heroes.

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw196

May 7, 2022

This topic will go over getting value from SOAR beyond just an initial phishing workflow. It will focus on orchestration and response, give ideas for other types of workflows and change the conversation from using SOAR to replace analysts to increasing SOC retention! 

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw272

May 7, 2022

In the Enterprise Security News, Veza raises $110M for Data Security, Traceable raises $60M for API Security, 10 other security startups get funded, Synopsis buys Whitehat for $330M, HackerOne approves a PullRequest, Bright Security acquires WeHackPurple, LexusNexis acquires BehaviorSec, JupiterOne continues to release some compelling books, the DevSecOps evolution, the future of Product-Led Growth, & more! 

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw272

1 « Previous 1 2 3 4 5 6 7 Next » 20