The CI/CD pipeline is the backbone of the software development process, so it's critical to ensure you are meeting and exceeding the most critical security measures. Throughout this podcast, Tal Morgenstern, Co-founder and CSO of Vulcan Cyber, will break down the process of how organizations can properly secure a CI/CD pipeline into a checklist of four key steps, as well as offer a handful of tools and tactics security leadership can use to bake risk-based vulnerability management into their CI/CD pipelines. He will explain how securing your CI/CD pipelines alone is not enough to reduce the chances of cyber attacks and the importance for organizations to not only maintain security at speed and scale, but quality at speed and scale. Finally, Tal will dive into how Vulcan Cyber helps organizations to streamline security tasks in every stage of the cyber-risk management process, integrating with their existing tools for true end-to-end risk management.
Segment Resources:
https://vulcan.io/blog/ci-cd-security-5-best-practices/
https://www.youtube.com/watch?v=nosAxWc-4dc
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw309
In the security news: AI on your PI, no flipper for you, stealing Tesla's by accident, firmware at scale, the future of the Linux desktop, protect your attributes, SOCKS5 for your Burp, TPM 2.0 vulnerabilities, the world's most vulnerable door device and hiding from "Real" hackers, sandwiches, robot lawyers, poisonis epipens, and profanity in your code! All that, and more, on this episode of Paul’s Security Weekly!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw776
Software supply chain attacks, those in which hackers target the "water supply" of software are on the rise. This makes software developers everywhere valid targets. We will discuss the developer perspective on software supply chain attacks.
Segment Resources:
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw776
In this week's leadership and communications segment, we discuss overemphasizing metrics, delegation drawbacks, security culture starts at the top, and succeeding in security with economic insecurity.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw297
Loom provides transparency on mishandling cookies, GitHub moves to require 2FA, TPM reference implementation includes a buffer overflow, Dropbox shares their security engineer ladder, multiple flaws in a smart intercom
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw232
Natural language processing AI will be at the forefront in 2023, as it will enable organizations to better understand their customers and employees by analyzing their emails and providing insights about their needs, preferences or even emotions. As AI voice cloning technology becomes more powerful and readily available, we will see an increase in impersonation attacks that utilize audio deepfakes. Join Dr. Kiri Addison, Threat Detection and Efficacy Product Manager, Mimecast to discuss how you can prepare and protect your organization from these types of business email compromises with the right cybersecurity products that can effectively protect them against attacks like these.
This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecast to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw297
In this segment, Josh will talk about the OWASP ASVS project which he co-leads. He will talk a little about its background and in particular how it is starting to be used within the security industry. We will also discuss some of the practicalities and pitfalls of trying to get development teams to include security activities and considerations in their day-to-day work and examples of how Josh has seen this “in the wild”.
Segment Resources:
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw232
Casper, Flipper, NordVPN, Ring, Silicon Valley Bank, GoBruteforcer, Aaran Leyland, and more on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn280
In the enterprise security news, A light week in funding, after last week’s mega raises from Wiz and Sandbox AQ HP acquires some Zero Trust and CASB with Axis Security InfoSec-themed Table Top gaming is really catching on The White House’s updated cybersecurity strategy is more of an update than a game changer I go a bit nuts with AI news and essays, but a lot of it is really worth your time, I promise Doing evil things with chrome extensions Women in cybersecurity Letting strangers call you, on purpose All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw308
Selling your soul to the company store, Xenomorph, Sonicwall, Github, Veeam, TSA, Ring, Aaran Leylan, and More on this episode of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn279
Looking at topics around go-to-market strategy and product management, including: how building products is unique in cybersecurity compared to other industries, what is product-led growth and what shape it takes in security, and how to do it right. Touching on the broader and adjacent topics of writing, supporting cybersecurity startups, investing, and the like.
Segment Resources:
Venture in Security blog: https://ventureinsecurity.net/
Venture in Security Angel Syndicate: https://www.visangels.com/
Building Cyber Collective: https://ventureinsecurity.net/p/buildingcyber
Top Venture in Security Articles: https://ventureinsecurity.net/p/top-posts
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw308
You know SBOMs can help you keep track of your software assets and therefore, their vulnerabilities. Despite even the White House pressing the issue, many vendors aren't forthcoming with SBOMs, and you can't afford to wait. With Tanium's Roland Diaz, we'll discuss the most important considerations when generating your own SBOMs (which is now something their product can also do!).
This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw308
In the Security News: Using HDMI radio interference for high-speed data transfer, Top 10 open source software risks, Dumb password rules, Grand Theft Auto, The false promise of ChatGPT, The “Hidden Button”, How a single engineer brought down twitter, Microsoft’s aim to reduce “Tedious” business tasks with new AI tools, The internet is about to get a lot safer, All that, and more!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw775
Tune in to ask our PSW hosts anything you want to know! Join the live discussion in our Discord server to ask a question. Visit securityweekly.com/discord for an invite!
Larry Pesce, Jeff Man, Tyler Robinson, and more will be answering your questions, including:
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw775
In the leadership and communications section, Your Biggest Cybersecurity Risks Could Be Inside Your Organization, Subtracting: The Simplest Path to Effective Leadership, How to Be a Good Interviewer, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw296
WebSocket hijack that leads to a full workspace takeover in a cloud IDE, malicious packages flood public repos, side-channel attack on a post-quantum algorithm, looking at OWASP's evolution, OAuth misconfigs lead to account takeover, AI risk management framework, Zed Attack Proxy
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw231
From protecting application and data from cyberattacks to meeting compliance regulations, healthcare providers face the complex challenge of providing secure and reliable access to medical data. In this segment, Terry Ray joins Business Security Weekly to discuss common attack trends and security challenges that healthcare providers face along with guidance for securing healthcare data and applications.
This segment is sponsored by Imperva. Visit https://securityweekly.com/imperva to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw296
This week Dr. Droug talks: Lots of AI, Deepfakes, Microsoft Word, OneNote, Russian Pranksters, FIXS, Wago, Water, Aaron Leyland, and more on this edition of Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn278
This week in the Enterprise News: Deepwatch Announces $180 Million in Investments, VulnCheck Raises $3.2 Million to Solve Prioritization Challenge for Enterprise, Government and Cybersecurity Solution Providers, Zscaler to Acquire Israeli Startup Canonic Security, Palo Alto Q2 Fiscal Year 2023 Earnings Call, Tech’s hottest new job: AI whisperer. No coding required, How data breaches affect stock market share prices, & Kenyan Innovator Creates Smart Gloves That Translate Sign Language Into Audible Speech!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw307
Human brain bots grown in petri dish, CISA Decider, BlackLotus, Mustang Panda, Ex22, Dish and Aaran Leyland, and more on the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn277
Today, we talk to Jim Routh - a retired CISO who survived the job for over 20 years! He'll be sharing some wisdom with us, like how analytics and data science can help detect malicious insiders. Also, more generally, Jim will help us understand how data-science-backed tooling can help move the security market forward and help security teams and programs mature.
Segment Resources:
https://www.reveal.security/resources/whitepapers/
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw307
The MSP space has undergone a lot of changes in the past few decades, with the emphasis on security increasing dramatically in the last 5-10 years. We discuss how ConnectWise, which builds and sells solutions to MSPs, has tackled this challenge. We'll be asking questions both from Raffael's point-of-view, selling to MSPs, but also from the customer point-of-view - small to medium businesses with a need to outsource IT and security functions.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw307
In the Security News for this week: indistinguishable classifiers, screenshot the /etc/passwd file, what the Zimbra, couple of cool Burp plugins, my voice is my passport. verify me, software is harder to exploit, unless its in firmware, when ChatGPT writes an article, becoming a trusted installer, not the last breach for lastpass, getting fried at the charger, and why hackers love stickers!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw774
Barracuda published its 2023 Email Security Trends report that shows how email-based security attacks affect organizations around the world. 75% of the organizations surveyed for the report had fallen victim to at least one successful email attack in the last 12 months, with those affected facing average costs of more than $1 million for their most expensive attack. 23% said that the cost of email-based attacks has risen dramatically over the last year.
Segment Resources:
https://assets.barracuda.com/assets/docs/dms/2023-email-security-trends.pdf
This segment is sponsored by Barracuda. Visit https://securityweekly.com/barracuda to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw774
Twitter 2FA goes away, safe testing for server-side prototype pollution, OWASP's guide on AI security & privacy, Adobe's approach to smarter security testing, a fast web fuzzer
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw230