Doug White and Matt Alderman talk about audit mistakes. Don't get into the mindset of ticking the box to satisfy audit. - What is this control and why are using it? - What does it control?
Full Show Notes: https://wiki.securityweekly.com/ES_Episode107
Visit http://securityweekly.com/esw for all the latest episodes!
Alpine Linux hit with bug that can lead to Poisoned Containers, data breaches affect stock performance in the long run, Bluebox-ng, a Node.js VoIP pentesting framework, and CommitStrip: It's Not an App!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode32 Follow us on Twitter: https://www.twitter.com/securityweekly
Michael Santarcangelo joined by special guest Ron Gula from Gula Tech Adventures, talk with Chris Brenton about how do you take someone with a basic level certification and give them access to the tool?
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode99
Keith Hoodlet and Paul Asadoorian interview April Wright. They discuss people connected by apps, workplace reward systems, and the importance of building/practicing the process before documenting it. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode32 Follow us on Twitter: https://www.twitter.com/securityweekly
Microsoft accidentally lets encrypted Windows 10 out the the world, Kernel exploit discovered in macOS, PowerShell obfuscation ups the anty on anti virus, Google outlines incident response process, BombGar buys BeyondTrust, and Neil DeGrasse Tyson speaks on Elon Musk saying: Let the man Get High! All that and more, on this episode of Paul's Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode575
Visit our website: http://securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Michael Santarcangelo returns! Michael is joined by Matt Alderman and Ron Gula to interview Chris Brenton. They discuss what is threat hunting, what does this actually mean, is there a level of maturity required (organization, security team, individuals)?
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode99
Eyal Neemany describes how to bypass Linux Pluggable Authentication Modules provide dynamic authentication support for applications and services in a Linux or GNU/kFreeBSD system. Eyal Neemany is the Senior Security Researcher for Javelin Networks.
→Full Show Notes: https://wiki.securityweekly.com/Episode575
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
Brian Coulson is a Senior Security Research Engineer in the Threat Research Group of LogRhythm Labs in Boulder, CO. His primary focus is the Threat Detection Modules such as UEBA, and NTBA.
→Full Show Notes: https://wiki.securityweekly.com/Episode575
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
Proofpoint automates email security with CLEAR, Demisto releases state of SOAR 2018 report, OneLogin and Netskope partner to expand cloud security for enterprises, RedSeal launches remote administrator managed service, Corelight expands network security platform with virtual edition, and more!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode106
Visit http://securityweekly.com/esw for all the latest episodes!
David Maestas, also known as Dave, is the Co-Founder and Chief Technology Officer at Bandura Systems. David talks about how to phase out the bad tools and companies in the enterprise.
Full Show Notes: https://wiki.securityweekly.com/ES_Episode106
Visit http://securityweekly.com/esw for all the latest episodes!
U.S. Government releases post-mortem on Equifax, MacOS security baseline script by Jerry Gamblin, Equifax mega-breach and nothing has changed, Docker hacking challenge, and Bug Bounties and mental health.
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode31 Follow us on Twitter: https://www.twitter.com/securityweekly
Imperva acquires app security firm Prevoty in $140 million deal, Allstate accelerates expansion into Identity Protection with acquisition of InfoArmor, Sonatype receives $80 million investment from TPG, Very Good Security makes data unhackable with $8.5 million from Andreessen, Lacework raises $24 million for AI-based cloud security platform, Synapsefi raises over $17 million in Series A funding, and more!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode98
Zane Lackey is the Founder/Chief Security Officer at Signal Sciences. Zane Lackey explains how we the security industry needs to shift left when it comes to applications and patching.
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode31 Follow us on Twitter: https://www.twitter.com/securityweekly
In the security news, Spanish driver tests positive for every drug test, vulnerabilities found in the remote management interface of Supermicro servers, Apache Struts 2 flaw in the wild, HTTPS crypto-shame, and how to manipulate Apple's podcast charts!
Full Show Notes: https://wiki.securityweekly.com/Episode574
Visit our website: http://securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Michael and Paul interview Gabriel Gumbs from STEALTHbits. They talk about moving from detection to prevention, and protecting your data!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode98
Beacon analysis is an integral part of threat hunting. If you are not looking for beacons you take the chance of missing compromised IoT devices or anything that does not have a threat mitigation agent installed. I'll talk about what makes beacon hunting so hard, and how the open source tool RITA can simplify the process.
***Powerpoint Slides in Full Show Notes***
Full Show Notes: https://wiki.securityweekly.com/Episode574
Visit our website: http://securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Wim Remes from Wire Security bvba comes on the show to talk about pentesting, SDLC, the state of security, life of a (virtual) CISO, and certifications.
Full Show Notes: https://wiki.securityweekly.com/Episode574
Visit our website: http://securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Paul talks with Bret Settle, the CEO of ThreatX about shifting the focus to the hacker. Check out this interview and learn about innovative endpoint defenses and how attackers use covert signaling technologies (such as pulsing cooling fans!) to exfiltrate data.
Full Show Notes: https://wiki.securityweekly.com/ES_Episode105
Visit http://securityweekly.com/esw for all the latest episodes!
Paul interviews Marc French the SVP Chief Trust Officer of Mimecast. He also interviews Ofer Maor the Director of Solutions for Synopsys. Ofer talks about the problem Synopsys solves, the deployment for the static analysis tool, and about the open source libraries from Synopsys.
Full Show Notes: https://wiki.securityweekly.com/ES_Episode105
Visit http://securityweekly.com/esw for all the latest episodes!
How the Department of Defense is using Open Source, BitSight launches forecasting capability, SentinelOne teams up with Sumo Logic, Swimlane supports McAfee's advanced security operation, Fortinet releases new IoT security controller, and Secureworks opens up proprietary UEBA through partner programme.
Full Show Notes: https://wiki.securityweekly.com/ES_Episode105
Visit http://securityweekly.com/esw for all the latest episodes!
In the Security News this week, Zero-Day Windows exploits, How to hide sensitive files in encrypted containers, Misfortune Cookie vulnerability returns, and bank robbers faked Cosmos backend to steal 13.5$ million.
Full Show Notes: https://wiki.securityweekly.com/Episode573 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly
Visit our website: http://securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
John is a Senior Product Manager at DFLabs, where he performs a wide variety of tasks from product management to content development and partner management. Prior to joining DFLabs John worked for a global security services provider, performing a wide variety of incident response consulting services.
Full Show Notes: https://wiki.securityweekly.com/Episode573 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly
Visit our website: http://securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Jayson E. Street is an author of the "Dissecting the hack: Series". Also the DEF CON Groups Global Ambassador. Plus the VP of InfoSec for SphereNY. He has also spoken at DEF CON, DerbyCon, GRRCon and at several other 'CONs and colleges on a variety of Information Security subjects.
Full Show Notes: https://wiki.securityweekly.com/Episode573 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly
Visit our website: http://securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
In the Enterprise News this week, VMWare launches Blockchain project, lacework raises new funds to extend Cloud Security capabilites, Minerva Labs achieves certified integration with McAfee ePO, CrowdStrike helps advance malware searches on hybrid analysis portal, Atos named a leader in IoT services by global analyst firm NelsonHall, and more!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode104
Visit http://securityweekly.com/esw for all the latest episodes!
John Strand delivers the Technical Segment this week on Office 365 User Behavior Analytics. The idea is if you have a user account simultaneously logged in to multiple computer systems, that may be abnormal.
Full Show Notes: https://wiki.securityweekly.com/ES_Episode104
Visit http://securityweekly.com/esw for all the latest episodes!