Info

Security Weekly Podcast Network (Video)

Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and breaking news on the latest hacking techniques, vulnerabilities, and industry trends. Stay informed and secure with the most trusted voices in cybersecurity!
RSS Feed Subscribe in Apple Podcasts
Security Weekly Podcast Network (Video)
2024
December
November
October
September
August
July
June
May
April
March
February
January


2023
December
November
October
September
August
July
June
May
April
March
February
January


2022
December
November
October
September
August
July
June
May
April
March
February
January


2021
December
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


2013
December
November
October
September
August
July
June


Categories

All Episodes
Archives
Categories
Now displaying: Category: podcast
Oct 11, 2024

In the enterprise security news,

  1. Eon, Resolve AI, Harmonic and more raise funding
  2. Dragos acquires Network Perception
  3. Prevalent acquires Miratech
  4. The latest DFIR reports
  5. A spicy security product review
  6. Secure by Whatever
  7. New threats
  8. Hot takes

All that and more, on this episode of Enterprise Security Weekly.

Show Notes: https://securityweekly.com/esw-379

Oct 11, 2024

Cybercab, Golden Jackal, Mamba 2FA, Multi Microsoft, iPhone thieves, esims, Aaran Leyland, and More, on this edition of the Security Weekly News.

Show Notes: https://securityweekly.com/swn-421

Oct 11, 2024

Aaron was already a skilled bug hunter and working at HackerOne as a triage analyst at the time. What he discovered can't even be described as a software bug or a vulnerability. This type of finding has probably resulted in more security incidents and breaches than any other category: the unintentional misconfiguration.

There's a lot of conversation right now about the grey space around 'shared responsibility'. In our news segment later, we'll also be discussing the difference between secure design and secure defaults. The recent incidents revolving around Snowflake customers getting compromised via credential stuffing attacks is a great example of this. Open AWS S3 buckets are probably the best known example of this problem. At what point is the service provider responsible for customer mistakes? When 80% of customers are making expensive, critical mistakes? Doesn't the service provider have a responsibility to protect its customers (even if it's from themselves)?

These are the kinds of issues that led to Aaron getting his current job as Chief of SaaS Security Research at AppOmni, and also led to him recently finding another common misconfiguration - this time in ServiceNow's products. Finally, we'll discuss the value of a good bug report, and how it can be a killer addition to your resume if you're interested in this kind of work!

Segment Resources:

Show Notes: https://securityweekly.com/esw-379

Oct 11, 2024

For this interview, Ben from CyberNest joins us to talk about one of my favorite subjects: information sharing in infosec. There are so many amazing skills, tips, techniques, and intel that security professionals have to share. Sadly, a natural corporate reluctance to share information viewed as privileged and private has historically had a chilling effect on information sharing.

We'll discuss how to build such a community, how to clear the historical hurdles with information sharing, and how to monetize it without introducing bias and compromising the integrity of the information shared.

Show Notes: https://securityweekly.com/esw-379

Oct 10, 2024

"Code of Honor: Embracing Ethics in Cybersecurity" by Ed Skoudis is a book that explores the ethical challenges faced by cybersecurity professionals in today's digital landscape. The book delves into the complex moral dilemmas that arise in the field of cybersecurity, offering guidance on how to navigate these issues while maintaining integrity. The authors provide practical advice and real-world examples to help readers develop a strong ethical framework for decision-making in their cybersecurity careers.

Segment Resources:

Show Notes: https://securityweekly.com/psw-846

Oct 9, 2024

The many lessons to take away from a 24-year old flaw in glibc and the mastery in crafting an exploit in PHP, changing a fuzzer's configuration to find more flaws, fuzzing LLMs for prompt injection and jailbreaks, security hardening of baseband code, revisiting the threat models in Microsoft's Recall, and more!

Show Notes: https://securityweekly.com/asw-302

Oct 8, 2024

In the leadership and communications segment, PwC Urges Boards to Give CISOs a Seat at the Table, CISO Salary Surge: Fewer Job Changes, Bigger Paychecks for Experienced Cybersecurity Leaders, Fostering a cybersecurity-first culture: Key leadership insights for building resilient businesses, and more!

Show Notes: https://securityweekly.com/bsw-367

Oct 8, 2024

Zed Attack Proxy has been a crucial web app testing tool for decades. It's also had a struggle throughout 2024 to obtain funding that would enable the tool to add more features while remaining true to its open source history. Simon Bennetts, founder of ZAP, and Ori Bendet from Checkmarx update us on that journey, share some exploration of LLM fuzzing that ZAP has been working on, and what the future looks like for this well-loved project.

Segment Resources:

Show Notes: https://securityweekly.com/asw-302

Oct 8, 2024

AI Fest, American Water, Broadband, Claroty, Okta, Meta, Phishing, Robocop, Josh Marpet, and more on the Security Weekly News.

Show Notes: https://securityweekly.com/swn-420

Oct 8, 2024

Get ready for a wild ride in this week's podcast episode, where we dive into the latest security shenanigans!

  • Default Credentials Gone Wild: We’ll kick things off with a look at how default credential scanners are like that friend who shows up to the party but never brings snacks. They're everywhere, but good luck finding one that actually works!
  • Critical Vulnerabilities in Tank Gauges: Next, we’ll discuss how automated tank gauges are now the new playground for hackers. With vulnerabilities that could lead to environmental disasters, it’s like giving a toddler a box of matches—what could possibly go wrong?
  • Cisco Routers: The Forgotten Gear: Cisco's small business routers are like that old car in your driveway—still running but definitely not roadworthy. We’ll explore why you should check your network before it becomes a digital junkyard.
  • Firmware Updates: A Love Story: Richard Hughes has dropped some juicy updates on fwupd 2.0.0, making firmware updates as easy as ordering takeout. But let’s be real, how many of us actually do it?
  • Stealthy Linux Malware: We’ll also uncover Perfctl, the stealthy malware that’s been creeping around Linux systems since 2021. It’s like that one relative who overstays their welcome—hard to get rid of and always looking to borrow money!
  • PrintNightmare Continues: And yes, the PrintNightmare saga is still haunting Windows users. It’s like a horror movie that just won’t end—grab your popcorn!
  • Cyber Shenanigans at Comcast and Truist: We'll wrap up with a juicy breach involving Comcast and Truist Bank that compromised data for millions. Spoiler alert: they didn’t have a great plan for cleaning up the mess.

Tune in for all this and more as we navigate the wild world of security news with a wink and a nudge!

Show Notes: https://securityweekly.com/psw-846

Oct 8, 2024

Does the CISO need to act like a politician? Negotiating budgets, communicating risks, and selling your strategy across the organization does sound a little like a politician. And if that's the case, are you hiring the right campaign staff?

Kush Sharma, former CISO for CPR, City of Toronto, and Saputo, joins Business Security Weekly to discuss why you should run your security program like an election campaign. Kush will discuss the other positions you need to hire, not just the technical positions, to help you budget, communicate, and sell your strategy. A politician can't do it all by themself, so why should a CISO?

Show Notes: https://securityweekly.com/bsw-367

Oct 5, 2024

The way we use browsers has changed, so has the way we need to secure them. Using a secure enterprise browser to execute content away from the endpoint, inside a secure cloud browser is a dramatically more effective and cost-effective approach to protect users and secure access.

This segment is sponsored by Menlo Security. Visit https://securityweekly.com/menloisw to learn more about them!

Sevco is a cloud-native vulnerability and exposure management platform built atop asset intelligence to enable rapid risk prioritization, mitigation, validation, and metrics.

Segment Resources: Customer Testimonials: https://www.sevcosecurity.com/testimonials/ Product Videos: https://www.sevcosecurity.com/sevcoshorts/

This segment is sponsored by Sevco Security. Visit https://securityweekly.com/sevcoisw to learn more about them!

Show Notes: https://securityweekly.com/esw-378

Oct 4, 2024

Perfctl, Warm Cookie, Pig Butchering, Ivanti, Zimbra, BabyLockerKZ, AI gone Wild, Aaran Leyland, and More, on this edition of the Security Weekly News.

Show Notes: https://securityweekly.com/swn-419

Oct 4, 2024

Automated tank gauges are leaking more than just fuel, while CUPS is serving up a steaming hot brew of vulnerabilities. Meanwhile, Supermicro's BMC firmware is giving away root access like it's going out of style. If you thought your Kia was safe, think again - all it takes is a license plate and 30 seconds to turn your car into a hacker's joyride. China's been busy building a massive IoT botnet called Raptor Train. It's been chugging along undetected for four years. NIST has decided that your password doesn't need to be a cryptographic masterpiece anymore. No more special characters or arbitrary changes - just make it long and don't use "password123". A Texas hospital is playing a game of "hot potato" with ambulances thanks to a ransomware attack. More thoughts on known exploited vulnerabilities, firmware unpacking tools lowdown, Aruba, Bahama, come-on command injection, and kids changing the name of their school!

Show Notes: https://securityweekly.com/psw-845

Oct 4, 2024

Our latest in a series of interviews discussing cybersecurity career paths, today we talk to Jayson Grace his path into cybersecurity and his experience building red teams at national labs and purple teams at Meta. We also talk about his community impact, giving talks and building open source tools. Jayson just left Meta for an AI safety startup named Dreadnode, which we'll discuss as well.

Segment Resources:

Show Notes: https://securityweekly.com/esw-378

Oct 3, 2024

This week in the enterprise security news, we've got:

  1. Torq, Tamnoon, and Defect Dojo raise funding
  2. Checkmarx acquires ZAP
  3. Commvault acquires Clumio
  4. Would you believe San Francisco is NOT the most funded metro area for cybersecurity?
  5. Auto-doxxing Smart glasses are now possible
  6. Meta gets fined $100M for storing plaintext passwords
  7. AI coding assistants might not be living up to expectations
  8. Worst Practices
  9. Dumpster fires and truth bombs

All that and more, on this episode of Enterprise Security Weekly!

Show Notes: https://securityweekly.com/esw-378

Oct 2, 2024

This episode of Paul Security Weekly features John Hammond, a senior security researcher from Huntress, discussing malware analysis. Hammond dives into the analysis of Ocean Lotus attacks, highlighting the use of stealthy techniques like alternate data streams and DLL side-loading. The conversation also touches on the challenges of combating attackers who leverage ‘bring your own vulnerable driver’ techniques to gain kernel-level privileges. The hosts discuss the need for secure-by-default configurations and the ongoing struggle to combat attackers who exploit vulnerabilities. The episode concludes with a discussion on how to improve the security of the industry.

Segment Resources:

Show Notes: https://securityweekly.com/psw-845

Oct 1, 2024

Death Stars are not real or are they?, Recall, Microsoft, Brocade, AI and More and More AI, Josh Marpet, and more on the Cyber Security News.

Show Notes: https://securityweekly.com/swn-418

Oct 1, 2024

In the leadership and communications segment, Underfunding And Leadership Gaps Weaken Cybersecurity Defenses, A Self-Care Checklist for Leaders, Senate bill eyes minimum cybersecurity standards for health care industry, and more!

Show Notes: https://securityweekly.com/bsw-366

Sep 30, 2024

The zero-trust security model has been billed as an ultra-safe defense against emerging, unrecognized and well-known threats. Unlike perimeter security, it doesn't assume people inside an organization are automatically safe. Instead, it requires every user and device -- inside and out -- to be authorized before any access is granted. Sounds enticing, but deployments require major architectural, hardware, and software changes to be successful.

Rob Allen, Chief Performance Officer at ThreatLocker, joins Business Security Weekly to discuss how their Zero Trust Endpoint Protection Platform can start to help you attain Zero Trust from your endpoints by:

  • Blocking Untrusted Software,
  • Ringfencing™ Applications, and
  • Dynamically Controlling Network Traffic

This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!

Show Notes: https://securityweekly.com/bsw-366

Sep 28, 2024

In the Enterprise News, the hosts discuss various trends and challenges in the cybersecurity landscape, including the evolution of terminology, funding trends, the emergence of new startups, and the impact of AI on security practices. They also explore the challenges faced by CISOs, the importance of humor in the industry, and the future of quantum readiness. The conversation highlights the need for clarity in cybersecurity messaging and the potential for consolidation in the market.

Show Notes: https://securityweekly.com/esw-377

Sep 27, 2024

We've been hearing a lot lately about how the talent gap in cybersecurity is much more complex than some folks have been making it out to be. While making six figures after going through a six week boot camp might be overselling the cybersecurity job market a bit, it is definitely a complex space with lots of opportunities.

Fortunately, we have folks building passion projects like My Cyber Path. When Jason transitioned into cyber from the military, he took note of the path he took. He also noticed how different the path was for many of his peers. Inspired by NIST NICE and other programs designed to help folks get a start in cyber, he created My Cyber Path.

My Cyber Path has a very organized approach. There are 12 paths outlined, which fall into 4 main areas. After taking a personality test, this tool suggests the best paths for you. Hmmm, this sounds a lot like the sorting hat in Harry Potter, and there are 4 "houses" you could get put into... coincidence?

Segment Resources: My Cyber Path has a free account where people can get matched to a cybersecurity work role based on their interests and personality traits and get access to free areas in the platform without having to save a credit card.

Show Notes: https://securityweekly.com/esw-377

Sep 27, 2024

Passwords, CUPS, KIA, Gilbert Gottfried, Salt Typhoon, Rob Allen from ThreatLocker, and More on the Security Weekly News.

Segment Resources: https://www.bleepingcomputer.com/news/security/hackers-deploy-ai-written-malware-in-targeted-attacks/

This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!

Show Notes: https://securityweekly.com/swn-417

Sep 26, 2024

Kayla Williams, Chief Security Information Officer at Devo, discussed the role of AI in cybersecurity and the ongoing issue of burnout for SOC analysts. Working with Wakefield Research, Devo discovered that 83% of IT professionals feel burnt out due to stress, lack of sleep, and anxiety. Many also report that their burnout leads to breaches.

This segment is sponsored by Devo . Visit https://securityweekly.com/devo to learn more about them!

Segment Resources: SOC Analyst Appreciation Day: https://www.socanalystday.com/ Kayla's LinkedIn: https://www.linkedin.com/in/kaylamwilliams1/

Show Notes: https://securityweekly.com/psw-844

Sep 26, 2024

The SIEM market has undergone some significant changes this summer. This is a great opportunity to talk about the current state of SIEM! In this conversation, we'll discuss:

  • market changes and terminology: security analytics, data lakes, SIEM
  • what is SOAR's role in the current SIEM market?
  • machine learning and generative AI's role
  • strategies for implementing a SIEM
  • common mistakes that still lead to SIEMs becoming shelfware
  • and much more!

Both Seth and Adrian have a long history when it comes to SIEMs, so this conversation will be packed with anecdotes, stories, and lessons learned!

This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about them!

Show Notes: https://securityweekly.com/esw-377

1 « Previous 1 2 3 4 5 6 7 Next » 66