Info

Paul's Security Weekly TV

Security news, interviews, how-to technical segments. For security professionals by security professionals. We Hack Naked.
RSS Feed Subscribe in Apple Podcasts
Paul's Security Weekly TV
2021
December
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


2013
December
November
October
September
August
July
June


Categories

All Episodes
Archives
Categories
Now displaying: January, 2021
Jan 31, 2021

In the Security News, why privacy is like bubble wrap, South African government releases its own browser just to re-enable flash support, former Lulzsec hacker releases VPN zero-day used to hack hacking team, how a researcher broke into Microsoft VS code’s Github, & how criminals use a deceased employee’s account to wreak havoc!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw681

Jan 30, 2021

Today’s segment will discuss effective assessments, the maturity of your security posture, and the composition of your team. Specific topics in the episode include the what, when, and how of conducting assessments, addressing the cybersecurity talent shortage, and facilitating automated assessments. Lastly, we’ll discuss what makes you feel ready for what’s headed your way.

 

This segment is sponsored by PlexTrac. Visit https://securityweekly.com/plextrac to learn more about them!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw681

Jan 30, 2021

What is XDR? How do we know the security protections we're investing in are working? All this and Paul's CBD Pineapple Pizza Drink on this week's show.

 

This segment is sponsored by Kenna Security. Visit https://securityweekly.com/kennasecurity to learn more about them!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw681

Jan 29, 2021

Do we really need to be freaking out? What could we and should we be doing in general regardless of SolarWinds?

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw214

Jan 29, 2021

Fredrik Nordberg Almroth, Security Researcher at Detectify, tells the story of how he managed to claim the top-level domain of an entire country - the Congo (DRC), .cd - before any bad actors could snatch it up. He will also discuss domain takeovers (TLD as well as subdomains) and how they can be prevented. Key to this is to keep track of your assets and monitor them for vulns.

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw214

Jan 28, 2021

This week, in the Enterprise Security News, Platform9 unburdens users from the complexities of Kubernetes, Swimlane Raises $40 Million, SonicWall hacked by zero-days in its own products, Deloitte Buys Root9B, Cygilant and SentinelOne Partnership, Fortinet announces AI-powered XDR, AlgoSec Announced updates to A32, ESET Launches Enhanced Cloud-based Endpoint Security Management, Entrust acquires HyTrust, LogRhythm acquires MistNet, Huntress Acquires EDR Technology From Level Effect, & more!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw214

Jan 28, 2021

The conversation continues on mitigating insider threats and building an insider threat program!

 

This segment is sponsored by Ekran System. Visit https://securityweekly.com/ekran to learn more about them!

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw59

Jan 27, 2021

Mitigating insider threats is a key cybersecurity priority for any organization that works with sensitive data. And to do that, you need an insider threat program. Such a program not only is required by numerous cybersecurity regulations, standards, and laws but also allows a company to detect an insider threat at its early stages, respond to it, and remediate the damage with little to no harm done.

 

This segment is sponsored by Ekran System. Visit https://securityweekly.com/ekran to learn more about them!

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw59

Jan 27, 2021

In the Leadership and Communications section, Cybersecurity Failure among Highest Risks, warns World Economic Forum, How to reboot a broken or outdated security strategy, A 21st Century Solution to Our Cybersecurity Skills Shortfall, and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw203

Jan 26, 2021

When the SolarWinds Orion SUNBURST attack hit the national newscycle, businesses far-and-wide scrambled to determine whether or not they were affected–unfortunately, many found they couldn't say either way with confidence. And then came the question, "why didn't anyone catch this?" ExtraHop's Matt Cauthorn joins BSW to discuss the SUNBURST attack, why it was so challenging to detect, and share some behavioral analysis insights to shed light on what the attackers were doing post-compromise.

 

This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw203

Jan 26, 2021

An overflow and a flawed regex paint an RCE picture for Kindle, messaging apps miss the message on secure state machines, three pillars of a data security strategy for the cloud, where DoH might fit into appsec, and all the things that can go wrong when you give up root in your Kubernetes pod.

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw137

Jan 25, 2021

It's analyst season with the new Forrester Wave on SAST recently published as well as Gartner's Application Security Testing Magic Quadrant publishing in April. We'll talk about what are analyst reports, how should you use them, and how should you interpret placement on them as I like to call it, reading the analyst tea leaves.

 

This segment is sponsored by GitLab. Visit https://securityweekly.com/GitLab to learn more about them!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw137

Jan 17, 2021

In the Security News, How two authors became part of WRT54G hacking history, European police and German law enforcement have taken down the illegal "DarkMarket" online marketplace, 70 unpatched Cisco vulnerabilities and why these are not a big deal, Adobe is blocking Flash content, most containers still run as root, watching private videos on YouTube is more like silent films, and get a free bag of weed when you get your vaccine!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw680

Jan 16, 2021

Ubiquiti network gear has become a favorite among tech enthusiasts, but various Ubiquiti products have had some serious vulnerabilities in recent history. Listen in as we discuss hack, secure, and learn with Ubiquiti gear. We'll also discuss Ubiquiti's data breach announced Jan. 11and what that could mean to the security of your network.

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw680

Jan 16, 2021

Ryan Noon joins Paul, and the rest of the PSW team, this week to chat through the importance of resilience in everything companies do to protect cloud-stored data and IP, unpack growing enterprise demand for a "digital seatbelt," and explain why Material takes a fresh approach to email security: building products with the assumption that bad actors will successfully hack inboxes.

 

This segment is sponsored by Material Security. Visit https://securityweekly.com/materialsecurity to learn more about them!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw680

Jan 15, 2021

The DBoM consortium is a Linux Foundation project to be able to share information with third parties safely, securely, and with control over the information, even after handing it over! Unisys has just open-sourced the code to make this possible, and Chris was a big part of their effort. Using a blockchain-based approach, DBoM works to share software bill of materials (SBoM)s in a fashion that works in a cloud-centric, internet time approach.

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw213

Jan 15, 2021

We all know asset management is one of the basics. In fact, it's literally the first two items on the Center for Internet Security's list of top 20 critical security controls. https://www.cisecurity.org/controls/cis-controls-list/ The term "basics" can be deceptive though. We typically expect something basic to also be easy. This is InfoSec though, and the basics aren't simple or easy. We call them basics because they're foundational. Put another way, the other 18 critical security controls on that top 20 list can't be applied to assets that haven't been discovered yet! In the past few years, we've seen a resurgence in asset management. There are a few players taking a fresh crack at solving this problem and we're hearing positive things. Could this be the year we get a better handle on discovering and managing assets? Join us as we discuss.

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw213

Jan 14, 2021

This week, Beyond Security partners with Vicarius, Amazon’s Parler removal and what it means for Cloud onfidence, Kount sold to Equifax, McAfee vs Crowdstrike, JumpCloud raises some funds, Red Hat acquires StackRox, and SolarWinds warnings of weak security and more!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw213

Jan 14, 2021

We will shift focus of the discussion from understanding to action - that is, what to do about this and similar types of attacks that might be perpetrated agains your organization. Or is there anything to do about this "clear and present danger"?

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw58

Jan 13, 2021

We're going to dissect what we know about the Sunburst/SolarWinds hack to this point - SCW style! We'll touch on the things that keep coming up in the news - attribution, conspiracy theories, implications, consequences, and so forth.

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw58

Jan 13, 2021

In the Leadership and Communications section, How BISOs bridge the gap between corporate boards and cybersecurity, 5 questions CISOs should ask prospective corporate lawyers, Good Leadership Is About Asking Good Questions, and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw202

Jan 12, 2021

Learn why deepwatch chose Splunk as it’s one and only SIEM solution to deliver its Managed Detection & Response services to Fortune 2000 customers. Hear how deepwatch is leveraging a variety of Splunk capabilities and advanced API integrations to detect and respond to threats in customer environments.

 

This segment is sponsored by deepwatch.

Visit https://securityweekly.com/deepwatch to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw202

Jan 12, 2021

Significant source code leak from misconfigured repo, side-channel attack on hardware authentication keys, a third bug bounty for the U.S. Army, the cost of poor software quality, the benefits of DevOps approaches to building systems.

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw136

Jan 11, 2021

Fuzzing can be successful appsec strategy for finding software bugs. And deploying a fuzzer no longer needs to be a cumbersome process. Find out how fuzzing can help secure software beyond just memory safety issues and what the future holds for making this strategy more effective for modern apps.

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw136

Jan 10, 2021

In the Security News, Nissan Source code leaked, how the shady 0-Day sales game is evolving, Hack the Army 3.0 announced, creating your own custom encryption in python, FBI warns of swatting attacks targeting your smart device, & the rise of Uncaptcha3!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw679

1 2 Next »