Info

Paul's Security Weekly TV

Security news, interviews, how-to technical segments. For security professionals by security professionals. We Hack Naked.
RSS Feed Subscribe in Apple Podcasts
Paul's Security Weekly TV
2022
August
July
June
May
April
March
February
January


2021
December
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


2013
December
November
October
September
August
July
June


Categories

All Episodes
Archives
Categories
Now displaying: Category: podcast
Apr 8, 2022

Attackers are targeting the systems that control access. This includes Active Directory, Azure AD, and recently Okta. Once they have access to identity, attackers can move onto systems that provide access to data and persistence.

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw735

Apr 6, 2022

In the Leadership and Communications section: Leaders Must Build Trust, 600,000 Open US Jobs, Cybersecurity Retention Issues & More!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw257

Apr 5, 2022

As the world shifted to remote work, then hybrid work, organizations have struggled with legacy technologies to solve the security challenges of this new way of working. But what if you could use the PC platform, coupled with endpoint isolation, to create a highly efficient and productive platform for users? Jonathan Gohstand from HP Wolf joins Business Security Weekly to discuss the challenges and how endpoint isolation can: - improve your overall risk management - reduce the complexity of multiple solutions/agents, and - improve user experience and productivity

 

This segment is sponsored by HP Wolf Security. Visit https://securityweekly.com/hpwolf to learn more about them!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw257

Apr 5, 2022

FORCEDENTRY implications for the BlastDoor sandbox, Spring RCE, Zlib flaw resurfaces, security for startups, verifying Rust models, two HTML parsers lead to one flaw

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw191

Apr 4, 2022

Making a positive impact to how we package software to make developer's lives easier in how they have to manage security.

 

Segment Resources:

- https://app.soos.io/demo

- https://soos.io/

- https://youtu.be/Y8jvhCHGQg8

 

This segment is sponsored by soos.io. Visit https://securityweekly.com/soos to learn more about them!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw191

Apr 2, 2022

In the Enterprise Security News for this week: 14 cybersecurity startups have raised funding! Massive late stage market corrections underway and talks of self-repricing valuations, A private equity firm acquires Zimperium, Even more massive amounts of cryptocurrency are stolen, The NPM package library is under active, constant attack, Microsoft Azure Defender IoT has trivial critical vulnerabilities, White house earmarks $11B for cybersecurity, Death to SPACs, as well as Several new security vendors and products!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw267

Apr 2, 2022

Cybersecurity buzzwords tend to go through a process. They're used as a differentiator. Then everyone adopts them and things get out of control. The term Zero Trust originally gained traction in InfoSec thanks to the model designed by John Kindervag during his time at Forrester. These days, you could be seeing the term Zero Trust because:

1. a vendor makes a product that fits into any one of dozens of categories that contribute to a Zero Trust architecture (IAM, MFA, ZTNA, micro segmentation, directory services, etc)

2. a vendor is using 'zero trust' as a metaphor (small z, small t)

3. a vendor is using 'zero trust' as a philosophy, or company principle (small z, small t)

4. the CMO said it needs to be somewhere on the website for SEO

5. someone told a founder to put it in the sales and/or pitch deck

Steve joins us to separate the cyber virtue signaling from the truth of what Zero Trust actually looks like, why it's difficult, and what impact federal interest in Zero Trust will have on this trend.

 

Segment Resources:

NIST SP 800-207

https://csrc.nist.gov/publications/detail/sp/800-207/final

UK NCSC ZT Guidance

https://github.com/ukncsc/zero-trust-architecture

USA CISA/OMB ZT Guidance

https://zerotrust.cyber.gov/

DOD ZT Reference Architecture

https://dodcio.defense.gov/Portals/0/Documents/Library/(U)ZT_RA_v1.1(U)_Mar21.pdf

Microsoft ZT Guidance

https://docs.microsoft.com/en-us/security/zero-trust/

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw267

Apr 1, 2022

This week in the Security News: Military intelligence, Chrome updates, an exploit for the firewall, racing the kernel, creepy spyware goes away?, weaponizing security complexity, same old tricks, the largest crypto hack, suing journalists, targeting your battery backup, the teenager behind Lapsus$, spring exploits just in time for spring, and hacking your Honda Civic, & more!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw734

Apr 1, 2022

High School students represent the very beginning of the pipeline for the Cyber industry. What are the attitudes and perspectives of these young people? How can we attract the best and brightest into our industry?

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw267

Apr 1, 2022

Mark is currently involved in building a security operations center for a large organization with an established infrastructure and teams already in place. In this chat, we'll explore the state of the SOC today, the challenges of building one, the reality versus expectations roles, what is SOAR'ing and not, and more. Tangential paths will likely be followed, as information security is fun to talk about in general!

 

Segment Resources:

http://www.securitybsides.com

https://www.bsidesdc.org

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw734

Mar 31, 2022

With an alarming increase in K-12 cybersecurity attacks, districts are considering new ways to protect their students and staff. With the need to increase the cybersecurity talent pipeline, the solution to the problem is much larger than just increasing protective technology measures to keep schools safe. Schools must also be proactive in training the next generation of cybersecurity experts.

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw734

Mar 30, 2022

In the Leadership and Communications section: Cybersecurity Threat Level is High; Be Pro-Active, Cyber Risk Quantified is Cyber Risk Managed, 5 Ways Managers Sabotage the Hiring Process, and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw256

Mar 29, 2022

Every CISO CIO asks the question, what's the risk? Quantitative analysis, mathematical models are designed to answer this question. Understand how they work, when to use them, and what they can tell us.

 

Segment Resources:

https://www.amazon.com/Ensure-Business-Success-Informed-Decisions-ebook/dp/B09Q7R1HY4

https://fismacs.com/blog/

https://portal.fismacs.com/p/p-rmod4cyber

https://fismacs.com/white-paper-mhp-ip4cyber/

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw256

Mar 29, 2022

Developers ignore security issues. But can we really blame them? After all, security folks bombard them with an endless stream of issues that need to be addressed with no way for them to separate what’s actually critical from all the noise, all while they are expected to release software more frequently and faster than ever before. It makes sense why developers view security as something that just gets in their way and slows them down. To make application security easy, we must make it developer-first. This is the future of AppSec.

 

Segment Resources:

- https://techbeacon.com/devops/5-steps-building-developer-first-application-security-program

- https://www.forbes.com/sites/forbestechcouncil/2022/02/14/what-organizations-get-wrong-about-developer-first-application-security/?sh=1dad6eb58e7c

- https://www.tromzo.com/state-of-modern-application-security

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw190

Mar 29, 2022

In the AppSec News: Okta breach, fuzzing Rust find ReDos, SQL injection and the age of code, Log4j numbers paint a not-pretty picture

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw190

Mar 26, 2022

Check out our latest interview with our good friend Dave Kennedy! When not pumping iron Dave is hard at work understanding and implementing C2 infrastructure. TrevorC2 is a really cool framework that allows for some pretty stealthy C2 communications. Tune-in to learn more! 

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw733

Mar 25, 2022

In the Security News: insiders inside NASA, BIND is in a bind again, Lapsus$ is on a tear, ripping at Microsoft and Okta, anonymous hacks printers, The UEFI security rabbit hole goes DEEP, Microtik and Tickbot, Browser-in-the-Browser attacks, Nestle gets attacked for not wanting to hurt babies, just another sabotage, & more!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw733

Mar 25, 2022

Since IT network secrets unlock access to highly privileged systems and data, securing secrets is just as critical to preventing cyberattacks as securing end-user passwords. One study found that 75% of ransomware attacks involve compromised credentials – most of the time, RDP credentials. However, secrets management is a challenge for IT teams, who must mitigate secrets sprawl, hardcoded and embedded credentials, and duplicative data stores in hybrid cloud and multi-cloud environments. Keeper Secrets Manager (KSM) is a fully cloud-based, Zero-Knowledge platform for managing IT infrastructure secrets such as API keys, database passwords, cloud access keys, certificates, SSH keys, service account passwords, and any other type of confidential data. KSM seamlessly integrates into nearly any data environment, with no additional hardware or cloud-hosted infrastructure required. It offers out-of-the-box integrations with a wide variety of DevOps tools, including Github Actions, Kubernetes, Ansible and more.

 

Segment Resources: https://www.keepersecurity.com/en_GB/secrets-manager.html

This segment is sponsored by Keeper Security. Visit https://securityweekly.com/keepersecurity to learn more about them!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw266

Mar 25, 2022

In the Enterprise Security News for this week: Island raises another $115M to build a secure web browser, less than 2 months after raising $100M, Bionic raises $65M for application intelligence, Israeli startup HUB Security merges with a SPAC to go public on the NASDAQ at a $1.28B valuation, Cybersecurity now has 53 unicorns, which are the most interesting to follow? New data shows VCs pulling back on Series A, B, and C, but is this data any good? Over 90% of orgs had an incident tied to a third party last year, the SEC might require public companies to report hacks and hand over details, & more!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw266

Mar 25, 2022

With all of your focus and investment on 3rd party risk management, there is likely still a blind-side that remains unaddressed. It is an area that should be moved to the top of your priority list - both for its potential to cause material losses in the form of response costs and fines and judgements, and for the ease in which it can be mitigated. It is a risk introduced by the 3rd party vendors you rely upon (and the nth parties they work with) to power and enhance your website. The threat of JavaScript based attacks - click-jacking, digital skimming, formjacking, defacement, "Magecart" - exists for any organization collecting sensitive data or conducting transactions through their web properties. Attacks of this type have done damage to some of the biggest brands in the world - costing household names like British Airways tens of millions - and they happen by the hundreds per month. Already in 2022, we've seen headlines of major client-side attacks like the one that hit Segway - potentially impacting nearly a million consumers. This is an area of exposure introduced through your own code, and by your partners, that can only be addressed at the client-side. It remains widely unaddressed, as focus in website security to this point has been on securing the server side. Join us for an exploration of the threat of these attacks, real-world examples of the material impact they have caused, and dialogue on the approaches to mitigating this risk with pros and cons of each.

 

Segment Resources:

Our core whitepaper

https://info.sourcedefense.com/event/client-side-white-paper-2022?leadsource=White%20Paper

Blog on the blind side topic https://sourcedefense.com/resources/blog/wheres-the-blind-side-in-your-3rd-party-risk-its-on-the-client-side/

Free risk report on attendee's web properties https://sourcedefense.com/check-your-exposure/

 

This segment is sponsored by Source Defense. Visit https://securityweekly.com/sourcedefense to learn more about them!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw733

Mar 23, 2022

The most recent trends in social engineering, the latest methods attackers are using to trick their victims, and the best practices to protect your business from these evolving threats.

 

Segment Resources: https://assets.barracuda.com/assets/docs/dms/Spear-phishing-vol7.pdf

 

This segment is sponsored by Barracuda Networks. Visit https://securityweekly.com/barracuda to learn more about them!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw255

Mar 23, 2022

In the Leadership and Communications section: What the Newly Signed US Cyber-Incident Law Means for Security, How to plan for increased security risks resulting from the Great Resignation, The 5 Pillars of Growth, and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw255

Mar 22, 2022

Past research such as JNDI Injection, Unsafe deserialization, Struts RCEs - OSS security: CodeQL, Dependabot, collaboration between researchers and developers, OWASP Top Ten Proactive Controls, CVD for OSS

 

Segment Resources:

- [Write more secure code with the OWASP Top 10 Proactive Controls] https://github.blog/2021-12-06-write-more-secure-code-owasp-top-10-proactive-controls/

- [An analysis on developer-security researcher interactions in the vulnerability disclosure process] https://github.blog/2021-09-09-analysis-developer-security-researcher-interactions-vulnerability-disclosure/

- [Building security researcher and developer collaboration] https://www.securitymagazine.com/articles/97066-how-to-build-security-researcher-and-software-developer-collaboration

- [Coordinated vulnerability disclosure (CVD) for open source projects] https://github.blog/2022-02-09-coordinated-vulnerability-disclosure-cvd-open-source-projects/

- [GitHub Advisory Database now open to community contributions] https://github.blog/2022-02-22-github-advisory-database-now-open-to-community-contributions/

- [Blue-teaming for Exiv2: creating a security advisory process] https://github.blog/2021-11-02-blue-teaming-create-security-advisory-process/

 

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw189

Mar 22, 2022

This week in the AppSec News: A great escape isn't always as great as it sounds, Solana cryptocurrency logic isn't always as great as intended, some people's idea of "peace" isn't that great at all, and some great security suggestions for package maintainers.

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw189

1 « Previous 4 5 6 7 8 9 10 Next » 21