HR Chatbots, MITRE, 4chan, Oracle, Identity, Port 53, NTLM, Zambia, Josh Marpet, and More, on this edition of the Security Weekly News.

Show Notes: https://securityweekly.com/swn-469

Govt Unravelling, AI Hijinx, Bot Chaos, Recall, Oracle, Slopesquatting, Tycoon 2FA, College, who knows, a lot more... On Paul's Security Weekly.

Show Notes: https://securityweekly.com/psw-870

Zero Trust isn't a new concept, but not one easily implemented. How do organizations transform cybersecurity from a "default allow" model, where everything is permitted unless blocked, to a "default deny" model?

Danny Jenkins, Co-founder and CEO at ThreatLocker, joins Business Security Weekly to discuss this approach. Deny by default means all actions are blocked by default, with only explicitly approved activities allowed. This shift enhances security, reduces vulnerabilities, and sets a new standard for protecting organizations from cyber threats. ‍ Danny will discuss how ThreatLocker not only protects your endpoints and data from zero-day malware, ransomware, and other malicious software, but provides solutions for easy onboarding, management, and eliminates the lengthy approval processes of traditional solutions.

This segment is sponsored by ThreatLocker. Visit https://www.securityweekly.com/threatlocker to learn more about them!

In the leadership and communications section, Bridging the Gap Between the CISO & the Board of Directors, CISO MindMap 2025: What do InfoSec Professionals Really Do?, How to Prevent Strategy Fatigue, and more!

Show Notes: https://securityweekly.com/bsw-391

QUBIT AI, Recall This, Defender, Tycoon, Slopsquatting, Feng Mengleng, Aaran Leyland, and more, on the Security Weekly News.

Show Notes: https://securityweekly.com/swn-468

The breaches will continue until appsec improves. Janet Worthington and Sandy Carielli share their latest research on breaches from 2024, WAFs in 2025, and where secure by design fits into all this. WAFs are delivering value in a way that orgs are relying on them more for bot management and fraud detection. But adopting phishing-resistant authentication solutions like passkeys and deploying WAFs still seem peripheral to secure by design principles. We discuss what's necessary for establishing a secure environment and why so many orgs still look to tools. And with LLMs writing so much code, we continue to look for ways LLMs can help appsec in addition to all the ways LLMs keep recreating appsec problems.

Resources

• https://www.forrester.com/blogs/breaches-and-lawsuits-and-fines-oh-my-what-we-learned-the-hard-way-from-2024/
• https://www.forrester.com/blogs/wafs-are-now-the-center-of-application-protection-suites/
• https://www.forrester.com/blogs/are-you-making-these-devsecops-mistakes-the-four-phases-you-need-to-know-before-your-code-becomes-your-vulnerability/

In the news, crates.io logging mistake shows the errors of missing redactions, LLMs give us slopsquatting as a variation on typosquatting, CaMeL kicks sand on prompt injection attacks, using NTLM flaws as lessons for authentication designs, tradeoffs between containers and WebAssembly, research gaps in the world of Programmable Logic Controllers, and more!

Show Notes: https://securityweekly.com/asw-326

Default deny is an old, and very recognizable term in security. Most folks that have been in the industry for a long time will associate the concept with firewall rules. The old network firewalls, positioned between the public Internet and private data centers, however, were relatively uncomplicated and static. Most businesses had a few hundred firewall rules at most.

The idea of implementing default deny principles elsewhere were attempted, but without much success. Internal networks (NAC), and endpoints (application control 1.0) were too dynamic for the default deny approach to be feasible. Vendors built solutions, and enterprises tried to implement them, but most gave up.

Default deny is still an ideal approach to protecting assets and data against attacks - what it needed was a better approach. An approach that could be implemented at scale, with less overhead. This is what we’ll be talking to Threatlocker’s CEO and co-founder, Danny Jenkins, about on this episode. They seemed to have cracked the code here and are eager to share how they did it.

This segment is sponsored by ThreatLocker. Visit https://www.securityweekly.com/threatlocker to learn more about them!

Show Notes: https://securityweekly.com/esw-402

In the enterprise security news,

1. new startup funding
2. what happened to the cybersecurity skills shortage?
3. tools for playing with local GenAI models
4. CVE assignment drama
5. a SIEM-agnostic approach to detection engineering
6. pitch for charity
7. a lost dog that doesn’t want to be found

All that and more, on this episode of Enterprise Security Weekly.

Show Notes: https://securityweekly.com/esw-402

We wanted security data? We got it! Now, what the heck do we DO with all of it?

The core challenge of security operations, incident response, and even compliance is still a data management and analysis problem. Which is why we’re seeing companies like Abstract Security pop up to address some of these challenges.

Abstract just released a comprehensive eBook on security data strategy, linked below, and you don’t even need to give up an email address to read it! In this interview, we’ll talk through some of the highlights:

• Challenges
• Myths
• Pillars of a data security strategy
• Understanding the tools available

Segment Resources

• A Leader’s Guide to Security Data Strategy eBook

Show Notes: https://securityweekly.com/esw-402

Win95, Shuckworm, Ottokit, DCs, EC2, IAB, OSS, Recall, Josh Marpet, and More, on this edition of the Security Weekly News.

Show Notes: https://securityweekly.com/swn-467

In the security news this week: You should really just patch things, the NVD backlog, Android phones with malware pre-installed, so convenient, keyloggers and a creepy pharmacist, snooping on federal workers, someone stole your browser history, NSA director fired, deputy director of NSA also fired, CrushFTP the saga continues, only steal the valid credit cards, another post that vanished from the Internet, hiding in NVRAM, protecting the Linux kernel, you down with MCP?, more EOL IoT, bypassing kernel protections, when are you ready for a pen test, red team and bug bounty, what EDR is really missing, and based on this story you should just patch everything all the time!

Show Notes: https://securityweekly.com/psw-869

This week, it's double AI interview Monday!

In our first interview, we discuss how to balance AI opportunities vs. risk. Artificial Intelligence (AI) has the potential to revolutionize how businesses operate. But with this exciting advancement comes new challenges that cannot be ignored. For proactive security and IT leaders, how do you balance the need of security and privacy in AI with the opportunities that come with accelerating adoption?

Matt Muller, Field CISO at Tines, joins Business Security Weekly to discuss the unprecedented challenges facing Chief Information Security Officers (CISOs) and approaches to mitigate AI's security and privacy risks. In this interview, we'll discuss ways to mitigate AI's security and privacy risks and strategies to help ease AI stress on security teams.

Segment Resources: - https://www.tines.com/blog/cisos-report-addressing-ai-pressures/ - https://www.tines.com/blog/ai-enterprise-mitigate-security-privacy-risks/

In our second interview, we dig into the challenges of securing Artificial Intelligence. Are you being asked to secure AI initiatives? What questions should you be asking your developers or vendors to validate security and privacy concerns?

Who better to ask than Summer Fowler, CISO at Torc Robotics, a self-driving trucking company. Summer will guide us on her AI security journey to help us understand:

• Regulatory requirements regarding AI
• Build vs. buy decisions
• Security considerations for both build and buy scenarios
• Resources to help guide you

Show Notes: https://securityweekly.com/bsw-390

DOS Lives, Web Cams Gone Wild, VSCODE, Coinblack, Oracle, P&G, Satan, Sec Gemini, Shopify, Josh Marpet, and more on the Security Weekly News.

Show Notes: https://securityweekly.com/swn-466

We have a top ten list entry for Insecure Design, pledges to CISA's Secure by Design principles, and tons of CVEs that fall into familiar categories of flaws. But what does it mean to have a secure design and how do we get there? There are plenty of secure practices that orgs should implement are supply chains, authentication, and the SDLC. Those practices address important areas of risk, but only indirectly influence a secure design. We look at tactics from coding styles to design councils as we search for guidance that makes software more secure.

Segment resources

• https://owasp.org/Top10/A042021-InsecureDesign/
• https://www.cisa.gov/securebydesign/pledge
• https://www.cisa.gov/securebydesign
• https://kccnceu2025.sched.com/event/1xBJR/keynote-rust-in-the-linux-kernel-a-new-era-for-cloud-native-performance-and-security-greg-kroah-hartman-linux-kernel-maintainer-fellow-the-linux-foundation
• https://newsletter.pragmaticengineer.com/p/how-linux-is-built-with-greg-kroah
• https://daniel.haxx.se/blog/2025/04/07/writing-c-for-curl/

Show Notes: https://securityweekly.com/asw-325

This week, in the enterprise security news,

1. we check the vibes
2. we check the funding
3. we check runZero’s latest release notes
4. tons of free tools!
5. the latest TTPs
6. supply chain threats
7. certs won’t save you
8. GRC needs disruption
9. the latest Rippling/Deel drama

All that and more, on this episode of Enterprise Security Weekly.

Show Notes: https://securityweekly.com/esw-401

You might know them from their excellent research work on groups like Scattered Spider, or their refreshing branding/marketing style, but Permiso is laying some impressive groundwork for understanding and defending against identity and cloud-based attacks. In this interview, we talk with co-founder and co-CEO Paul Nguyen about understanding the threats against some of cybercriminals' favorite attack surface, insider threats, and non-human identity compromise.

Segment Resources:

• This blog post from our threat research team on Scattered Spider shows how threat actors move laterally in an environment across identity providers, Iaas, PaaS and SaaS environments, and how this lateral movement ultimately creates blind spots for many security teams
• This great talk by Ian Ahl, from fwd:cloudsec 2024, touches on a lot of great TTPs used by attackers in IDPs and in the cloud
• Another blog, When AI Gets Hijacked: Exploiting Hosted Models for Dark Roleplaying
• and another, What Security Teams Can Learn From The Rippling/Deel Lawsuit: Intent Lies in Search Logs

Show Notes: https://securityweekly.com/esw-401

When we use the phrase "talent gap" in cybersecurity, we're usually talking about adding headcount. For this interview, however, we're focusing on a gap that is evident within existing teams and practitioners - the often misunderstood soft skills gap.

Side note: I really hate the term "soft skills". How about we call them "fundamental business skills", or "invaluable career advancement skills"? Hmm, doesn't quite roll off the tongue the same.

Soft skills can impact everything, as they impose the limits of how we interact with our world. That goes for co-worker interactions, career advancements, and how we're perceived by our peers and community. It doesn't matter how brilliant you might be - without soft skills, your potential could be severely limited.

Did you know that soft skills issues contributed to the Equifax breach?

We'll also discuss how fear is related to some of the same limitations and challenges as soft skills.

Segment Resources:

• https://www.softskillstech.ca/
• Order the Book

Show Notes: https://securityweekly.com/esw-401

AI Doomsday, Hot Robots, Google, palo Alto, Ivanti, CrushFTP, AI, Aaran Leyland, and More, on this edition of the Security Weekly News.

Show Notes: https://securityweekly.com/swn-465

Rob Allen, Chief Product Officer at Threatlocker joins us for an interview segment on using AI in security products: What works and what's not fully baked! Then in the security news, There are more holes in your boot...loader according to Microsoft, related: Secure Boot is in danger and no one is really talking about it (still), Dear Microsoft: I don't want to send you my data, I don't grant you remote access, and I don't want to create a MS account, CrushFTP has to crush some bugs, bypassing unprivileged user namespace restrictions, FBI raids, attackers using your GPU, Find My anything, protecting GlobalProtect, the exploits will continue until things improve, your call records were not protected, good vs. bad drivers, AI is hacking AI, time traveling attacks, and a bizarre call for security researchers.

This segment is sponsored by ThreatLocker. Visit https://www.securityweekly.com/threatlocker to learn more about them!

Show Notes: https://securityweekly.com/psw-868

Vulnerability prioritization, the final frontier. Many say they do it, but do they really? It takes way more than vulnerability data to truly prioritize vulnerabilities.

Greg Fitzgerald, Co-Founder and CXO at Sevco Security, and Steve Lodin , Vice President, Information Security at Sallie Mae, join Business Security Weekly to dig in. We'll discuss the importance of context, including asset inventory and configuration management, in truly prioritizing vulnerabilities. But it's not that easy. We'll discuss the challenges and approaches to help solve this ever evasive topic.

This segment is sponsored by Sevco Security. Visit https://securityweekly.com/sevco to learn more about them!

Segment Resources: https://www.sevcosecurity.com/vulnerability-prioritization/ https://www.sevcosecurity.com/continuous-threat-exposure-management/

Show Notes: https://securityweekly.com/bsw-389

Schrodinger's Television, Lucid, Crocodilus, Wordpress, Ivanti, Oracle, Android, Josh Marpet, and more on the Security Weekly News.

Show Notes: https://securityweekly.com/swn-464

We take advantage of April Fools to look at some of appsec's myths, mistakes, and behaviors that lead to bad practices. It's easy to get trapped in a status quo of chasing CVEs or discussing which direction to shift security. But scrutinizing decimal points in CVSS scores or rearranging tools misses the opportunity for more strategic thinking. We satirize some worst practices in order to have a more serious discussion about a future where more software is based on secure designs.

Segment resources:

• https://bsidessf2025.sched.com/event/1x8ST/secure-designs-ux-dragons-vuln-dungeons-application-security-weekly
• https://bsidessf2025.sched.com/event/1x8TU/preparing-for-dragons-dont-sharpen-swords-set-traps-gather-supplies
• https://www.rfc-editor.org/rfc/rfc3514.html
• https://www.rfc-editor.org/rfc/rfc1149.html

Show Notes: https://securityweekly.com/asw-324

In this week's enterprise security news,

1. Big funding for Island
2. Is DLP finally getting disrupted? By something that works?
3. We learn all about Model Context Protocol servers
4. Integrating SSO and SSH!
5. Do we have too many cybersecurity regulations?
6. Toxic cybersecurity workplaces
7. Napster makes a comeback
8. this week, we’ve got 50% less AI and 50% more co-hosts

All that and more, on this episode of Enterprise Security Weekly.

Show Notes: https://securityweekly.com/esw-400

In this interview, we feature some research from Geoff Cairns, an analyst at Forrester Research. This is a preview to the talk he'll be giving at Identiverse 2025 in a few months.

We won't have time to cover all the trends, but there are several here that I'm excited to discuss!

• Deepfake Detection Difficult
• Zero Trust Agentic AI
• Phishing resistant MFA adoption
• Identity Verification
• Machine Identity
• Decentralized Identity
• Post Quantum
• Shared Signals

Segment Resources:

• The Top Trends Shaping Identity And Access Management In 2025 - (Forrester subscription required)

Show Notes: https://securityweekly.com/esw-400

A successful SIEM deployment depends on a lot more than implementing the SIEM correctly. So many other things in your environment have an impact on your chances of a successful SIEM.

• Are the right logs enabled?
• Is your EDR working correctly?
• Would you notice a sudden increase or decrease in events from critical sources?
• What can practitioners do to ensure the success of their SIEM deployment?

This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about them!

Show Notes: https://securityweekly.com/esw-400

Mrtentacle, Morphing Meerkat, Tor, VMWare, Waymo, Oracle, Aaran Leyland, and More, on this edition of the Security Weekly News.

Show Notes: https://securityweekly.com/swn-463