Info

Paul's Security Weekly TV

Security news, interviews, how-to technical segments. For security professionals by security professionals. We Hack Naked.
RSS Feed Subscribe in Apple Podcasts
Paul's Security Weekly TV
2022
May
April
March
February
January


2021
December
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


2013
December
November
October
September
August
July
June


Categories

All Episodes
Archives
Categories
Now displaying: Page 13
Oct 8, 2021

In the Enterprise Security News for this week: Orca Security raises all the money, Privacy engineering firms hit their funding stride, McAfee and FireEye merge, but where's RSA's dance partner? Akamai acquires Guardicore, NetApp picks up CloudCheckr, SPDX becomes the ISO standard for SBOMs, & Facebook shares details on how they accidentally Thanos snapped themselves! All that, our weekly Squirrel, and more, on this episode of the Enterprise Security Weekly News!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw245

Oct 8, 2021

Once again, it is Cybersecurity awareness month and we'll be talking with Ryan Kalember about the latest threats and other activities he and Proofpoint have going on this month. When it comes to threats, some tactics aren't changing, though they're still effective. There are some notable shifts though:

- Crews using Office 365 for lateral movement

- FIN7 reborn

- A sudden interest in exploits

- Increased patience and increased focus on the individual as the key to an attack

- SMB attacks look very different from large enterprise campaigns

 

This segment is sponsored by Proofpoint. Visit https://securityweekly.com/proofpoint to learn more about them!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw245

Oct 7, 2021

Sales teams are under more pressure than ever to locate and bring in new customers. The methods they use can range from clever to questionable. While some of the more ethically questionable methods can produce results, we wonder: do vendors realize what these methods could be potentially costing them? Richard Reinders joins us today to discuss how he handles one of the toughest challenges any security leader will have to face: interacting with vendors.

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw245

Oct 7, 2021

This week we're talking all things ISO27001 with Wim Remes! We're starting with what it is, the who, what, where, when, why etc. then we'll talk about the bad and the good. Tune in for this special listener requested topic!

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw89

Oct 6, 2021

This week we're talking all things ISO27001 with Wim Remes! We're starting with what it is, the who, what, where, when, why etc. then we'll talk about the bad and the good. Tune in for this special listener requested topic!

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw89

Oct 6, 2021

We kick-off Cybersecurity Awareness Month with Alaina Clark, Assistant Director for Stakeholder Engagement at the Cybersecurity and Infrastructure Security Agency (CISA). Jill Aitoro, Editor in Chief at SC Media, joins Business Security Weekly for this special interview covering: CISA's Initiatives, Public-Private Partnerships, Cybersecurity Awareness Month, and their 4th annual Cyber Summit.

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw234

Oct 5, 2021

With the first recorded death from a Ransomware attack during the Pandemic, it's time to take medical device security seriously. Dan Purvis, CEO at Velentium, joins Business Security Weekly to discuss the challenges of embedded device security, but also the ramifications to public health. Dan will discuss how to address vulnerabilities in code and firmware, plus the importance of secrets and the software bill of materials.

Segment Resources:

https://www.velentium.com/cybersecurity-training?hsCtaTracking=55e5cb87-6198-4b79-8652-a7ce03738c75%7C94d6bbbb-613b-4377-a95d-b679c8acc53b

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw234

Oct 5, 2021

In the AppSec News, John and Mike discuss Prototype pollution vulns, funding open source project hardening, Let's Encrypt root CA expires, and Marian Trench scanner for Android and Java!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw168

Oct 4, 2021

Developers want to write good code. Secure code. Security tools that optimize developer workflows for handling security issues can take a large burden off security practitioners and make triaging, understanding, prioritizing, and resolving vulnerabilities much easier and faster for the developer. We will discuss GitLab's views on what it means to provide developer-first security and see how these views manifest in GitLab's security offerings.

This segment is sponsored by GitLab. Visit https://securityweekly.com/gitlab to learn more about them!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw168

Oct 2, 2021

In the Security News, Microsoft adds automated mitigations for Exchange servers, Senior US cyber officials support mandatory breach reporting, 2021 has broken the record for 0days, but maybe that's a good thing? Speaking of which, Apple patches some 0days, Lithuania warns against using Huawei and Xiaomi phones, the FCC pays companies to ditch Huawei and ZTE gear, the latest on Cybercrime, UK researchers find a way to pickpocket Apple Pay, and more!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw712

Oct 2, 2021

To defend themselves, companies need to detect ransomware attacks early, gather the intelligence to understand the attack, and prevent the attacks from occurring in the future. Qualys’ Mehul Revankar will discuss ransomware trends, defensive maneuvers and discuss the inspiration and research behind Qualys’ new ransomware exposure dashboard that provides companies with personalized plan to remediate the vulnerabilities in their environment.

Segment Resources:

www.qualys.com/vmdr

 

This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw712

Oct 1, 2021

In the Enterprise Security News: Cyber insurance firm Coalition lands a $205m Series E with a $3.5bn valuation, Risk management platform Panorays nabs $42m, Jscrambler raises a $15m Series A to rewrite the rules of website security (rewrite, get it? huh?), SenseOn nabs $20m for faster, more accurate cybersecurity detection and response, LG (yes, that LG) is acquiring automotive cybersecurity startup Cybellum, We talk about the emergence of the vendor "live security status page", 386 startup post mortems, and don't forget to stick around for Adrian's curveball "Squirrel of the Week" story at the end!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw244

Oct 1, 2021

Identity Detection and Response (IDR) is a new security category that focuses on protecting credentials, privileges, cloud entitlements, and the systems that manage them across endpoints, Active Directory, and the Cloud through visibility and early detection of attacks targeting identities. Attackers consider enterprise identities as high-value targets and attempt to compromise them early in the attack to access the network and gain privileges to essential production assets. Current identity security focuses on safeguarding privileged credentials in PAM solutions or securing the authentication process with MFA and IAM solutions, but these measures leave gaps that attackers can exploit. While current security solutions like Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), Network Detection and Response (NDR), and others provide specific functions for defending the network, they do not focus on identities. EDR focuses on preventing the initial compromise, while XDR and NDR try to detect attacks as they expand from the beachhead. Attacks targeting enterprise identities can evade detection from these security controls, but IDR solutions can bridge these detection gaps to identify such attacks. Join Joseph Salazar from Attivo Networks as he discusses the importance of IDR to modern enterprise security.

 

Segment Resources: https://attivonetworks.com/documentation/Attivo_Networks-Identity_Detection_Response.pdf

https://attivonetworks.com/what-is-identity-detection-and-response-idr/

https://attivonetworks.com/solutions/identity-security/

 

This segment is sponsored by Attivo Networks. Visit https://securityweekly.com/attivonetworks to learn more about them!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw244

Sep 30, 2021

No Man is an Island. Neither can a security program exist without interconnections and strong relationships to the rest of the business. Yet, over and over again I meet Security Leaders that thrive on designing security fiefdoms with large moats, and one bridge that they roll down only when they intend to roll out a new technology, initiative or need budget authority. There is no amount of authority or power that can provided to a CISO that makes he or she immunized against the need for communication, collaboration and diplomacy with peers, users and Senior Executives.

 

Segment Resources:

RevolutionCyber - www.revolutioncyber.com

Juliet is speaking at InfoSec World 2021, register now and save 20%: https://securityweekly.com/isw2021

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw244

Sep 30, 2021

Crowdsourcing and multi-sourcing focus on risk identification and reduction, and they seem to be effective... but my auditor doesn't understand what it is yet - Will it meet the requirements of security compliance standards? Jeff and Casey will dig into the hits and misses of plugging novel assurance approaches into established markets.

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw88

Sep 29, 2021

Crowdsourcing and multi-sourcing focus on risk identification and reduction, and they seem to be effective... but my auditor doesn't understand what it is yet - Will it meet the requirements of security compliance standards? Jeff and Casey will dig into the hits and misses of plugging novel assurance approaches into established markets.

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw88

Sep 29, 2021

This week in the Leadership and Communications section, Who actually owns cyber security: CISO vs. CIO, How to Say “No” After Saying “Yes”, Decode different types of business interruption insurance, and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

 

Show Notes: https://securityweekly.com/bsw233

Sep 28, 2021

We often think "this would be so much better if done properly from the beginning", but the reality is, doing things from scratch comes with different challenges. Managing priorities, deciding what you tackle on from the absolute beginnings of a company in terms of security is a fun challenge.

 

Segment Resources:

Full session at the upcoming GoSec Conference: https://www.gosec.net/sessions/

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

 

Show Notes: https://securityweekly.com/bsw233

Sep 28, 2021

This week in the AppSec News: The Great Leak flaw in Exchange's auto discover feature, common flaws in VMware and Nagios, memory issues and SSRF in Apache's HTTP server, Chrome's plans for memory safety, State of DevOps report, OWASP's 20th anniversary, & more!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

 

Show Notes: https://securityweekly.com/asw167

Sep 28, 2021

In its 2019 Hype Cycle for Application Security report, Gartner revealed a new, “high-priority” category called Application Security Orchestration and Correlation (ASOC). ASOC delivers three primary benefits to the AppSec process within organizations: efficiency, scalability, and accountability. We will take a closer look at these benefits and discuss it can help your DevSecOps team function better.

 

This segment is sponsored by Synopsys. Visit https://securityweekly.com/synopsys to learn more about them!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

 

Show Notes: https://securityweekly.com/asw167

Sep 26, 2021

This week in the Security News: What to do with your old hardware, renting your phone, "persistently execute system software in the context of Windows", sensational headline: ransomware could cause a food shortage, could someone please schedule the year of the Linux desktop?, public-key crypto explained?, malware attacks Windows through Linux, Microsoft Exchange AutoDiscover bug leaks 100k creds, and toilets that can identify you, er, from the bottom... & more!

 

Show Notes: https://securityweekly.com/psw711

Visit https://www.securityweekly.com/psw for all the latest episodes!

Sep 25, 2021

In this segment Paul and Larry attempt to confirm or deny that Nzyme performs intelligent device fingerprinting and behavioral analytics to detect rogue actors. Classic signature-based detection methods are just too easy to circumvent in WiFi environments.

 

Show Notes: https://securityweekly.com/psw711

Visit https://www.securityweekly.com/psw for all the latest episodes!

Sep 25, 2021

Velociraptor is a multi-platform, open-source, endpoint forensics, monitoring, and response platform that allows security professionals to quickly and easily dig through host artifacts and perform detection and response at scale. It’s fast, precise, powerful … and free. It also supports Linux, Windows and MacOS. Velociraptor is a unique tool since it offers a query language so that users may query their endpoint flexibly in response to new threat information. In this session, we'll discuss the key components of Velociraptor, and how it can be leveraged to improve endpoint security and visibility and facilitate rapid response to large networks.

 

Show Notes: https://securityweekly.com/psw711

Segment Resources:

Please visit our documentation site where you can learn about Velociraptor https://docs.velociraptor.app/

Visit https://www.securityweekly.com/psw for all the latest episodes! 

Sep 24, 2021

This week in the Enterprise Security News: Funders Fund Values Identity Startup Persona at $1.5 billion, Neosec Emerges from Stealth With $20.7 million in funding, F5 acquires threat stack, ForgeRock IPOs tomorrow, GitLab announces their IPO, You can now ditch your Microsoft password, Vendor Security 2.0, & more!

 

Show Notes: https://securityweekly.com/esw243

Visit https://www.securityweekly.com/eswfor all the latest episodes!

Sep 24, 2021

Chris will discuss the relevance of intelligence and threat hunting today and how they work together. He will also talk about his EASY framework for creating impactful intelligence and its relation to hunting!

 

Show Notes: https://securityweekly.com/esw243

Visit https://www.securityweekly.com/esw for all the latest episodes!

1 « Previous 10 11 12 13 14 15 16 Next » 125