Info

Paul's Security Weekly TV

Security news, interviews, how-to technical segments. For security professionals by security professionals. We Hack Naked.
RSS Feed Subscribe in Apple Podcasts
Paul's Security Weekly TV
2022
May
April
March
February
January


2021
December
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


2013
December
November
October
September
August
July
June


Categories

All Episodes
Archives
Categories
Now displaying: Page 6
Feb 15, 2022

How to move from legacy GRC processes and systems to a more automated approach that promotes visibility, agility, and alignment from assessment to Boardroom.

 

This segment is sponsored by CyberSaint . Visit https://securityweekly.com/cybersaint to learn more about them!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw250

Feb 15, 2022

In the AppSec News: Docker and security boundaries, Google's year in vuln awards, 2021's year in web hacks, Apple AirTags and privacy, turning AIs onto RFCs for security, & facial recognition research!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw184

Feb 14, 2022

In light of the far-reaching Log4j vulnerability, it’s become increasingly clear that the modern developer can’t operate without a solid level of security expertise. Vulnerability management is not just about responding quickly but should be top-of-mind during all stages of software development from inception to delivery. Modern threats mean developers can’t assume security isn’t part of their job and push the burden of responsibility to their infrastructure teams. Doug Kersten, CISO of Appfire, will discuss how the nature of vulnerabilities today makes it critical for developers to make sure they’re building projects in a secure manner in order to quickly mitigate vulnerabilities – or they risk being left scrambling to respond when a threat hits.

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw184

Feb 12, 2022

Finally, in the Enterprise Security News, Security automation startup Cerby raises $12M, Virtual CISO startup Cynomi raises 3.5M to help SMBs automate cybersecurity, Keeper Security acquires Glyptodon (I’m 90% certain Keeper hasn’t just purchased the remains of an ancient, long-extinct armadillo), SecurityScorecard acquires LIFARS, a DFIR consulting firm, There’s a rumor that Microsoft is considering picking up Mandiant with all the extra cash still laying around after the Activision/Blizzard buy, & DHS launches the first-ever cyber safety review board!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw260

Feb 12, 2022

Qualys researcher, Wheel, will discuss the discovery of the 12 year old Linux vulnerability in PolicyKit - which Qualys had dubbed, PwnKit. Wheel will provide an overview of the vulnerability and then dive into a technical discussion of the research.

Segment Resources:

https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw727

Feb 12, 2022

We discuss the current state of identity challenges in the enterprise with Branden Williams.

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw260

Feb 11, 2022

In the Security News for this week: Microsoft to block VBA macros by default (in some Office applications), Russia arrests it’s 3rd hacking group, The ‘Metaverse’ of security challenges, $323 Million in crypto stolen from the “Wormhole”, & a rapping influencer allegedly launders $4.5 billion worth of stolen crypto, & more!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw727

Feb 11, 2022

One of the key features of cryptocurrency, NFTs, and other blockchain-based technologies is the immutable ledger. Put another way, there's no clear way to implement an 'undo' button when it comes to blockchain. In more traditional situations, passwords can be reset. Financial institutions can issue a stop payment order.

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw260

Feb 11, 2022

We have spent decades tackling security threats with technology, and we are failing badly. We need to look and learn from other industries and see how they have improved their industry. In particular the airline safety and automobile safety industries have a lot that we can learn from. Things such as breach disclosures, accountability, root cause analysis with openly shared results, focused training, industry norms for checklists, certification of products, and regulations have all improved these industries.

Segment Resources:

Security Industry Failing to Establish Trust https://threatpost.com/security-industry-failing-to-establish-trust/128321/

Treat infosec fails like plane crashes' – but hopefully with less death and twisted metal https://www.theregister.com/2017/11/24/infosec_disasters_learning_op/

IoT security: Lessons we can learn from the evolution of road safety https://www.helpnetsecurity.com/2018/08/09/iot-security-lessons/

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw727

Feb 9, 2022

In the leadership and communications section, Cybersecurity Policy Creation: Priority One, 5 steps to run a successful cybersecurity champions program, The war for cloud and cybersecurity talent is on! , and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw249

Feb 8, 2022

A cyber attack is a catastrophic event for any organization. Therefore, effective cyber crisis communication is crucial but often overlooked and an internal concern. In this conversation, we will talk about critical communications and why it is essential to recover quickly and with their reputation intact.

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw249

Feb 8, 2022

Vulns in an HTTP/3 server, path traversal in Argo CD, Log4Shell from the perspective of Log4j devs, DHS launches Cyber Safety Review Board, OSSF launches Alpha and Omega projects, resources for learning reverse engineering and appsec

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw183

Feb 7, 2022

Security is one of the most evolving and impactful landscapes in the regulatory sphere. Proposed initiatives in the areas of Incident Response, Software and Product Assurance, Coordinated Vulnerability Disclosure (CVD), and IoT or Connected Products Regulations are among the most active and developing areas of security policy around the world. This evolving landscape also serves as an opportunity for innovation and research collaboration. Elazari will walk us through some of the most recent trends in policy proposals shaping the future of security. We will also talk about bug bounties and vulnerability disclosure, what are some of the industry's best practices in this area, how to implement these programs to foster security, collaboration and transparency, and how this connects to the policy momentum and its impact on security researchers.

 

Segment Resources:

- Project Circuit Breaker: https://www.intel.com/content/www/us/en/newsroom/news/intel-launches-project-circuit-breaker.html

- Project Circuit Breaker Landing Page: https://www.projectcircuitbreaker.com/

- Intel’s 2021 Product Security Report: https://www.intel.com/content/www/us/en/security/intel-2021-product-security-report.html

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw183

Feb 5, 2022

This week in the Security News: Temporary phones, webcam hacks that are so much more, bags of cash, patch Wordpress plugins and patch them some more, crowd-sourced-government-funded vulnerability scanning, hiding deep in UEFI and bouncing off the moon, even more UEFI vulnerabilities, if Samaba were a fruit it would be....well vulnerable for one thing, charming kittens, fingerprinting you right in the GPU, Let's not Encrypt, your S3 bucket is showing again, and can you hack the latest wearable sex toys intended to delay things?

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw726

Feb 5, 2022

In late 2019, Microsoft released their cloud-native SIEM, Sentinel. A lot in the world has changed since then so we'll be looking at Sentinel's progression, talking about it's features and what may make it attractive to enterprises in 2022 and beyond. To register for Darwin’s upcoming workshop with Security Weekly, please visit: https://attendee.gotowebinar.com/register/2393226017093033995?source=esw

Microsoft Sentinel Ninja Training - https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/become-a-microsoft-sentinel-ninja-the-complete-level-400/ba-p/1246310#

Forrester MSFT Sentinel reports indicating 201% ROI over 3 years - https://www.microsoft.com/security/blog/2020/11/16/forrester-tei-study-azure-sentinel-delivers-201-percent-roi-over-3-years-and-a-payback-of-less-than-6-months/

If you want to get started with Kusto Query Language (KQL) without having to bootstrap your own environment, MSFT has a live log analytics workspace with tons of log data. You must have an Azure subscription to use. Link : https://aka.ms/lademo 

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw259

Feb 4, 2022

In this Technical Segment, Paul walks through Linux Post Exploitation!

Github: https://github.com/SecurityWeekly/vulhub-lab

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw726

Feb 4, 2022

Imagine having 500+ employees across the world — all working remotely. Now imagine making sure they can all do their work securely. This is exactly what Zapier’s Head of Security, Attila Török does. In this chat, you’ll hear from Attila regarding his experience and best practices for defending a cloud-based tech company with a remote workforce and infrastructure (including what systems to implement).

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw259

Feb 4, 2022

Discussing every-day-carry items that are utilized during covert entry assessments. Also discussing the concealment of these tools, and which tools we use for various assessment types.

Segment Resources:

# Blog website : www.wehackpeople.com

# Employer's website : www.darkwolfsolutions.com

# Link for EDC - Covert Entry Wallet : https://wehackpeople.wordpress.com/2019/10/10/lock-pick-concealment-edc-wallet/

# Link for other EDC items I use : https://wehackpeople.wordpress.com/2020/09/14/covert-entry-specialist-edc/

Physical Pentest Tools: https://www.sparrowslockpicks.com/product_p/hp.html

https://www.redteamtools.com/espkey

https://www.redteamtools.com/under-door-level-lock-tool

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw726

Feb 4, 2022

Finally, in the Enterprise Security News, Island raises $100M to introduce a new Chromium-based web browser, designed for the enterprise, Plextrac rasies a $70M Series B, HackerOne raises a $49M Series E, Tenable acquires BAS vendor Cymptom, Orca swallows up RapidSec (sorry, had to), Cybereason confidentially files for IPO, KKR looks to offload Optiv, Cybersecurity startup trends of 2022, 1000 Unicorns, Infosec Startup Buzzword Bingo, We’ve got fundings, IPOs, acquisitions, take privates, a $3B seed round, legislation that makes sense - all kinds of exciting stuff today, on this episode of Enterprise Security Weekly!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw259

Feb 2, 2022

In the leadership and communications section, Cybersecurity increasingly on audit committee agendas, CIO involvement in security grows as CEOs target risk reduction, How Poor Security Culture Leads to Insider Risk, and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw248

Feb 1, 2022

Your information is everywhere. Executive, employee, and corporate data are contained in breach data, social media, and the dark web. How do you protect your organization from impersonation and account takeover attacks? Dan Matthews, Director, Worldwide Sale Engineering from Constella Intelligence, will discuss the challenges with digital risk protection and how to protect your executives, employees, and corporate brand.

 

This segment is sponsored by Constella Intelligence . Visit https://securityweekly.com/constella to learn more about them!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw248

Feb 1, 2022

PwnKit LPE in Linux, two different smart contract logic flaws in two different hacks, a $100K bounty for Safari, Python NaN coercion, appsec games

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw182

Jan 31, 2022

If you attempt to shift security left without adaptation, it'll feel a lot more like S#!T LEFT to the development teams but most security groups lack the mindset and skills to do it in a way that works well with modern development approaches and tools but directly focuses on gradual methodical practice and culture change. Larry Maccherone led the Dev(Sec)Ops transformation program in the highly diverse environment at Comcast using Agile and Digital Transformation approaches. Teams that onboarded to the program had 1/7th as many vulnerabilities and incidents in production -- a result so compelling that security leadership allowed it to scale to all 600 development teams. Along the way, Larry learned some critical lessons on how to provide a gradual onramp to empowering teams to be worthy of being trusted with the security of the products they were developing.

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw182

Jan 29, 2022

Why is continuous security here to stay? How is Red Teaming getting automated and moving towards continuous?

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw258

Jan 29, 2022

This week in the Security News: More QR codes you shouldn't trust, race conditions in Rust, encrypting railways, Pwnkit - the latest Linux exploit, tricking researchers into crashing, cybersecurity is broken?, the best cybersecurity research paper, evil Favicons, escaping Kubernetes, pimping your cubicle and someone who actually recovered their crypto wallet!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw725

1 « Previous 3 4 5 6 7 8 9 Next » 125