How a hacker took over a smart home with vulgar music and rising temperatures, a security warning for 23 million YouTube creators following a crazy hack attack, Vimeo sued for storing faceprints of people without their say-so, Selfie Android Apps push ads and can record audio, and how adopting DevOps leads to an improved security posture!
Full Show Notes: https://wiki.securityweekly.com/Episode621
Visit https://www.securityweekly.com/psw for all the latest episodes!
We interview Perry Carpenter and Chris Pritchard at DEF CON SE Village. Perry Carpenter talks about how (as someone on the autism spectrum) has used various social-engineering related skills to become extremely successful in my career. Chris Pritchard talks about the basics of Social Engineering aKa how I break into Casinos, Airports and Critical National Infrastructure.
Full Show Notes: https://wiki.securityweekly.com/Episode621
Visit https://www.securityweekly.com/psw for all the latest episodes!
Tony Meehan is the Vice President of Engineering at Endgame. Tony will be talking about building an engineering team for every stage of company growth. In the fast-paced startup world, there’s one thing you can always rely on: constant change. This makes work challenging and stimulating, but it also means recruiting can be a real challenge. How do you describe your company to prospective candidates when the work environment is constantly evolving? And how do you attract people who will be the right fit for this precise moment in your growth, but who will also continue to be a good fit in the future?
Full Show Notes: https://wiki.securityweekly.com/ES_Episode155
Visit https://www.securityweekly.com/esw for all the latest episodes!
We interview Billy Boatright, Edward Miro, and Jayson Street at DEF CON SE Village. Billy talks about Impostor Syndrome. Edward Miro talks about Rideshare OSINT – Car Based SE For Fun & Profit. Jayson Street talks about Hugs, SE Village, Security Awareness, and DEF CON itself.
Full Show Notes: https://wiki.securityweekly.com/Episode621
Visit https://www.securityweekly.com/psw for all the latest episodes!
Brian Dye is the CEO of Corelight. Brian will be discussing the Path To Threat Hunting Is Paved With Great Network Data. Tune in for a lively discussion about the role of network evidence in threat hunting and innovations our guest speaker sees in the industry from some of the world’s most sophisticated threat hunters. Brian Dye is Chief Product Officer at Corelight, provider of network security monitoring solutions from the creators of open-source Zeek (formerly Bro).
Full Show Notes: https://wiki.securityweekly.com/ES_Episode155
Visit https://www.securityweekly.com/esw for all the latest episodes!
In the news, Akamai acquires MFA specialist KryptCo, HP acquires Bromium to enhance its security platform, Cyber Insurance firm Cowbell emerges from stealth with $3.3M in seed funding, and more. Full Show Notes: https://wiki.securityweekly.com/ES_Episode155
Visit https://www.securityweekly.com/esw for all the latest episodes!
Brian Lamoureux is a Partner at Pannone Lopes Devereaux & O'Gara LLC. Is Big Tech heading down the same road of Big Tobacco?
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode77 Visit https://www.securityweekly.com/bsw for all the latest episodes!
In the leadership and communications section, Troublesome Teammates, Email challenges and how to set boundaries, Cybersecurity confidence rattled by continued investments, small results, and more!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode144 Visit https://www.securityweekly.com/bsw for all the latest episodes!
BSIMM10 Emphasizes DevOps' Role in Software Security and the BSIMM10 report, Crowdsourced Security & the Gig Economy, Lessons learned through 15 years of SDL at work, Software eats the world, jobs double US employment growth rate, and more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode77 Visit https://www.securityweekly.com/asw for all the latest episodes!
Nicolas Valcárcel is the Security Engineer at AdRoll. Nicolas Developers and security professional have vastly different views of the world, so it's not uncommon that trainings created by the later don't fully reach the former. Training for developers should be made with their tools and with their view of the world in mind.
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode77 Visit https://www.securityweekly.com/asw for all the latest episodes!
In the Security News, how an iOS 13 flaw could provide access to contacts with passcode, Equifax demands more information before making payouts, confidential data of 24.3 million patients were discovered online, and a SIM Flaw that lets hackers hijack any phone by sending SMS!
Full Show Notes: https://wiki.securityweekly.com/Episode620
Visit https://www.securityweekly.com/psw for all the latest episodes!
Wes Widner is the Cloud Engineering Manager at CrowdStrike. Wes will be talking about personal voice assistants are the wave of the future. So naturally we should wonder about the unique attack vectors they pose. I'd like to discuss my research into this field and share a few tips on how you can keep yourself safe around voice assistants. Full Show Notes: https://wiki.securityweekly.com/Episode620
Visit https://www.securityweekly.com/psw for all the latest episodes!
Jason Lang is the Sr. Security Consultant of TrustedSec. Modern day red teaming against some of the largest company's in the US. Current passion is Ansible for red teamers (i.e. fast infrastructure buildout).
To learn more about TrustedSec, visit: https://securityweekly.com/trustedsec
Full Show Notes: https://wiki.securityweekly.com/Episode620
Visit https://www.securityweekly.com/psw for all the latest episodes!
John Strand gives a teaser about his upcoming webcast: Attacking AWS: Elastic Map to Reduce Clusters. John will talk about the intro to cloud security research.
Full Show Notes: https://wiki.securityweekly.com/ES_Episode154
Visit https://www.securityweekly.com/esw for all the latest episodes!
In the Enterprise News, hundreds of laid off by Symantec as part of restructuring plan, Infection Monkey Industries first Zero Trust Assesment Tool, Shape Security eyes IPO after raising 51 million at 1 billion evaluation, Lacework secures $42 Million and adds new president, board members and customers, and FireMon announced the introduction of FireMon automation, and more!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode154
Visit https://www.securityweekly.com/esw for all the latest episodes!
Matt gives a demo on Cloud Security covering IaaS, PaaS, FaaS, SaaS, and the components concerning the User and the provider.
Full Show Notes: https://wiki.securityweekly.com/ES_Episode154
Visit https://www.securityweekly.com/esw for all the latest episodes!
Chris Bush is the Head of Security at ObserveIT. He will be discussing: Investigating the Insider Threat.
To learn more about ObserveIT, visit: https://securityweekly.com/observeit
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode143 Visit https://www.securityweekly.com/bsw for all the latest episodes!
Simjacker – Next Generation Spying Over Mobile, Intel CPUs Vulnerable to Sensitive Data Leakage in NetCAT Attack and NetCAT: Practical Cache Attacks from the Network, What is PSD2? And how it will impact the payments processing industry, Better Together: Why Software-Development Toolmakers Should Embrace Integration, and more!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode143 Visit https://www.securityweekly.com/asw for all the latest episodes!
Why So Many Companies Fail at Strategy and How to Fix It, 8 Things Leaders Do That Make Employees Quit, The changing role of the CIO, How to Rehearse for an Important Presentation, and 10 Steps To Get Started In Cybersecurity Careers: What High-Achievers Do While Others Don't!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode143 Visit https://www.securityweekly.com/bsw for all the latest episodes!
Chris Bush is the Head of Security at ObserveIT. He will be discussing: Investigating the Insider Threat.
To learn more about ObserveIT, visit: https://securityweekly.com/observeit
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode143 Visit https://www.securityweekly.com/bsw for all the latest episodes!
The OWASP Application Security Verification Standard (ASVS) Project provides a basis for testing web application technical security controls and also provides developers with a list of requirements for secure development. The excel tool Jay Durga developed can be used to measure metric or as a guidance document for testing effectiveness of security controls put in place in your SDLC and DevOps process.
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode76 Visit https://www.securityweekly.com/asw for all the latest episodes!
At DEF CON 2019, we interview Chris Kirsch on Getting Psychic: Cold Reading Techniques for Fortune Tellers and Social Engineers Cold reading is a technique to make others believe that you have psychic powers. Then we interview Micah Zenko on the rationale and practice of non-cyber red teaming.
Full Show Notes: https://wiki.securityweekly.com/Episode619
Visit https://www.securityweekly.com/psw for all the latest episodes!
Peter Smith is the Founder & CEO of Edgewise. Peter will be covering the Capital One breach and the AWS metadata service with request forgery. He will explain how to solve this problem with Edgewise.
To learn more about Edgewise, visit: https://securityweekly.com/edgewise
Full Show Notes: https://wiki.securityweekly.com/Episode619
Visit https://www.securityweekly.com/psw for all the latest episodes!
This week, we present the Security News, to discuss New ransomware grows 118% as cybercriminals adopt fresh tactics and code innovations, Period Tracker Apps share data with Facebook, U.S. Cyber Command trolls North Korea with Malware Release, and a lot more!
Full Show Notes: https://wiki.securityweekly.com/Episode619
Visit https://www.securityweekly.com/psw for all the latest episodes!