Info

Security Weekly Podcast Network (Video)

This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
RSS Feed Subscribe in Apple Podcasts
Security Weekly Podcast Network (Video)
2024
March
February
January


2023
December
November
October
September
August
July
June
May
April
March
February
January


2022
December
November
October
September
August
July
June
May
April
March
February
January


2021
December
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


2013
December
November
October
September
August
July
June


Categories

All Episodes
Archives
Categories
Now displaying: Category: podcast
Feb 8, 2024

Legacy systems are riddled with outdated and unreliable cryptographic standards. So much so that recent proprietary research found 61 percent of the traffic was unencrypted, and up to 80% of encrypted network traffic has some defeatable flaw in its encryption

No longer can enterprises take their cryptography for granted, rarely evaluated or checked.

Knowing when, where and what type of cryptography is used throughout the enterprise and by which applications is critical to your overall security policy, zero-trust approach, and risk management strategy. After all, zero-trust is meaningless if your cryptography isn't working.

Segment Resources: https://www.businesswire.com/news/home/20231030166159/en/Proprietary-Research-from-Quantum-Xchange-Shows-the-Dreadful-State-of-Enterprise-Cryptography

https://www.forbes.com/sites/forbestechcouncil/people/vincentberk/?sh=3d88055852c1

This segment is sponsored by Quantum Xchange. Visit https://securityweekly.com/quantumxchange to learn more about them!

Show Notes: https://securityweekly.com/esw-349

Feb 8, 2024

As a computer-smitten middle-schooler in the former Soviet Union in the 1970s, to his current and prominent role in the cybersecurity research community, Bratus aims to render the increasingly prevalent and perilous software, hardware, and networks in our lives much safer to use. His fascination with computer security started for real in the 1990s as a mathematics graduate student when a computer he was programming and responsible for at Northeastern University in Boston was taken over by a hacker. That experience set him on his life’s mission to learn as much as he can about the vulnerabilities of software and hardware with the goal of learning how to best minimize or eliminate those vulnerabilities. Noting his embrace of the hacker community for its deep and innovative expertise in this context, Bratus’s portfolio at DARPA could help reduce or entirely remove even some of the most stealthy and unexpected vulnerabilities that reside in software and its logical, computational, and mathematical foundations.

Segment Resources:

• Overall Portfolio: https://www.darpa.mil/staff/dr-sergey-bratus

• Safe Documents: https://www.darpa.mil/news-events/2023-06-14

• Enhanced SBOM for Optimized Software Sustainment: https://sam.gov/opp/d0af3e325a594a8191b94e3f80b6bdcd/view

• V-SPELLS program:  https://www.theregister.com/2023/08/18/darpalegacybinary_patching/

• Digital Corpora Project:  https://www.jpl.nasa.gov/news/jpl-creates-worlds-largest-pdf-archive-to-aid-malware-research

• SocialCyber:  https://www.technologyreview.com/2022/07/14/1055894/us-military-sofware-linux-kernel-open-source/

• Weird Machines:  https://www.darpa.mil/program/hardening-development-toolchains-against-emergent-execution-engines

• Safe Docs: https://www.darpa.mil/news-events/2023-06-14

• Exploit programming:  https://www.usenix.org/publications/login/december-2011-volume-36-number-6/exploit-programming-buffer-ove

Show Notes: https://securityweekly.com/psw-816

Feb 6, 2024

Qualys discloses syslog and qsort vulns in glibc, Apple's jailbroken iPhone for security researchers, moving away from OpenSSL, what an ancient vuln in image parsing can teach us today, and more!

Show Notes: https://securityweekly.com/asw-272

Feb 6, 2024

Teens Gone Wild, Nintendo, Anydesk, RUST, Google, Deepfakes, Jason Wood, and more are on this edition of the Security Weekly News.

Show Notes: https://securityweekly.com/swn-360

Feb 6, 2024

We can't talk about OWASP without talking about lists, but we go beyond the lists to talk about a product security framework. Grant shares his insights on what makes lists work (and not work). More importantly, he shares the work he's doing to spearhead a new OWASP project to help scale the creation of appsec programs, whether you're on your own or part of a global org.

Segment Resources:

Show Notes: https://securityweekly.com/asw-272

Feb 6, 2024

Large security vendors and hyperscalers, including Microsoft, continue to expand their cybersecurity product and service portfolios. Microsoft’s extensive enterprise reach, massive partner network, and enormous influence in the C-suite puts pressure on CIOs and CISOs to consolidate on it as much as possible for cybersecurity. This report helps security leaders understand Microsoft’s cybersecurity portfolio, the tactics it uses, and how to manage peer and executive pressure to single-source security technology.

Show Notes: https://securityweekly.com/bsw-337

Feb 5, 2024

It's time to review the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter. We also update you on the Security Weekly 25 index. The index came roaring back last quarter. Here are the stocks currently in the index:

SCWX Secureworks Corp PANW Palo Alto Networks Inc CHKP Check Point Software Technologies Ltd. SPLK Splunk Inc GEN Gen Digital Inc FTNT Fortinet Inc AKAM Akamai Technologies, Inc. FFIV F5 Inc ZS Zscaler Inc OSPN Onespan Inc LDOS Leidos Holdings Inc QLYS Qualys Inc VRNT Verint Systems Inc. CYBR Cyberark Software Ltd TENB Tenable Holdings Inc DARK Darktrace PLC S SentinelOne Inc NET Cloudflare Inc CRWD Crowdstrike Holdings Inc NTCT NetScout Systems, Inc. VRNS Varonis Systems Inc RPD Rapid7 Inc FSLY Fastly Inc RDWR Radware Ltd ATEN A10 Networks Inc

Show Notes: https://securityweekly.com/bsw-337

Feb 2, 2024

E-Coli, Mercedes, Cloudflare, Ivanti, Volt Typhoon, GIGO, AI, Congress, Aaran Leyland, and more are on this edition of the Security Weekly News.

Show Notes: https://securityweekly.com/swn-359

Feb 2, 2024

In this week's Enterprise Security News, Adrian, Tyler, and Katie discuss: 1. Tons of funding! 2. A notable acquisition! 3. The line is blurring between services and product firms 4. Apparently IronNet isn’t dead? 5. The toxicity of Hero culture in tech 6. Knowing when to quit 7. AI-powered fraud is hitting close to home 8. Quantum snake oil is getting worse 9. Prompt injection 10. Are you being hacked by your washing machine?

All that and more, on this episode of Enterprise Security Weekly.

Show Notes: https://securityweekly.com/esw-348

Feb 1, 2024

We've seen general users targeted with phishing, financial employees targeted for BEC scams, and engineers targeted for access to infrastructure. The truly scary attacks, however, are the indirect ones that are automated. The threats that come in via software updates, or trusted connections with third parties.

The software supply chain is both absolutely essential, and fragile. A single developer pulling a tiny library out of NPM can cause chaos. A popular open source project changing hands could instantly give access to millions of systems. Every day, a new app store or component repository pops up and becomes critical to maintaining infrastructure.

In this interview, we'll chat with Pete Morgan about how these risks can be managed and mitigated.

Segment Resources:

Show Notes: https://securityweekly.com/esw-348

Feb 1, 2024

Danny Jenkins, CEO & Co-Founder of ThreatLocker, a cybersecurity firm providing Zero Trust endpoint security, is a leading cybersecurity expert with over two decades of experience building and securing corporate networks, including roles on red and blue teams. He is dedicated to educating industry professionals about the latest cyber threats and frequently speaks on the topics of ransomware and Zero Trust.

This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!

Show Notes: https://securityweekly.com/psw-815

Feb 1, 2024

When an RCE really isn’t, your kernel is vulnerable, calling all Windows 3.11 experts, back to Ebay, Turkish websites and credentials, 10 public exploits for the same vulnerability, hacking Bitcoin ATMs, another vulnerability disclosure timeline gone wrong, Flipper Zero tips and how you should not use it to change traffic lights, Windows 11 S mode, and you’re dead (but like in the movie Hackers dead), and more!

Show Notes: https://securityweekly.com/psw-815

Jan 30, 2024

Vulns in Jenkins code and Cisco devices that make us think about secure designs, MiraclePtr pulls off a relatively quick miracle, code lasts while domains expire, an "Artificial Intelligence chip" from the 90s, and more!

Show Notes: https://securityweekly.com/asw-271

Jan 30, 2024

This week in the Security Weekly News: the NSA admits to secretly buying your internet browsing data, malicious Google ads target Chinese users, Juniper releases update for Junos OS flaws, Outlook could be leaking your NTLM passwords, WhiteSnake malware on Windows, Jason Wood discusses new guidance on the Microsoft "Midnight Blizzard" attack, and more!

Show Notes: https://securityweekly.com/swn-358

Jan 30, 2024

We return to the practice of presentations, this time with a perspective from a conference organizer. And we have tons of questions! What makes a topic stand out? How can an old, boring topic be given new life? How do you prepare as a first-time presenter? What can conferences do to foster better presentations and new voices?

Segment resources:

Show Notes: https://securityweekly.com/asw-271

Jan 30, 2024

In the leadership and communications section, A tougher balancing act in 2024, the year of the CISO, CISOs Struggle for C-Suite Status Even as Expectations Skyrocket, Want to Be a Better Leader? Stop Thinking About Work After Hours, and more!

Show Notes: https://securityweekly.com/bsw-336

Jan 29, 2024

How do you prepare for a cyber incident? You train as you fight, but in what environment? William "Hutch" Hutchinson, CEO and co-founder of SimSpace, joins BSW to share cyber best practices and why testing in your operational environment not a good idea. Learn what it takes to be Cyber Ready.

Show Notes: https://securityweekly.com/bsw-336

Jan 26, 2024

Visa RB Cash AP Formula 1 Team, Veolia, FeverWarn, SystemK, Fortra, GitLab, Ring, Trickbot, Aaran Leyland, and More News on the Security Weekly News.

Show Notes: https://securityweekly.com/swn-357

Jan 26, 2024

Oleria, Vicarius, and Secret Double Octopus raise funding (NOTE: Secret Double Octopus is a real company that chose Secret Double Octopus as their name, I’m making none of this up). Rumors about Zscaler’s next 9-digit acquisition, 2 new security vendors and demystifying public cybersecurity companies.

Chrome gets AI features, security teams have TOO much data, and a new threat intel database from Wiz. Is bootstrapping a cybersecurity startup a realistic option? Finally, remember Furbies? NSA’s furby docs just dropped, and they are HILARIOUS. Thanks to Jason Koebler from 404Media for that.

Show Notes: https://securityweekly.com/esw-347

Jan 25, 2024

We interview the co-founder and CTO of Fleet to understand why good, cross platform MDM/EMM has been such a challenge for so many years. Want good Windows device management? You're probably going to compromise on MacOS management. Ditto for Windows if you prioritize your Macs. Want good Linux device management? It doesn't exist.

Hopefully, Fleet can change all that in 2024, as they aim to complete their support for all major platforms, using the open source OSQuery project as their base.

Segment Resources:

Show Notes: https://securityweekly.com/esw-347

Jan 25, 2024

In the Security News: Don’t expose your supercomputer, auth bypass and command injection FTW, just patch it, using OSQuery against you, massive credential stuffing, backdoors in Harmony, looking at Android, so basically I am licensing my printer, hacking Tesla, injecting keystrokes over Bluetooth, and remembering the work of David L. Mills.

Show Notes: https://securityweekly.com/psw-814

Jan 25, 2024

Matt Coose is the founder and CEO of cybersecurity compliance firm Qmulos, previously the director of Federal Network Security for the National Cyber Security Division of the (DHS).

CISOs carry the ultimate burden and weight of compliance and reporting and are often the last buck. Says Coose, best-of-breed is better described as best-to-bleed-the-budget: it’s a bottom-up, tech-first, reactive approach for acquiring technology as opposed to managing risk. Coose shares his top considerations below for how CISOs can navigate the crowded market of cybersecurity tools when cost is highly scrutinized, but regulations keep growing.

Platforms are what every vendor dreams of being called, but no platform does it all, says Coose.

Coose shares what smart CISOs and mature organizations understand, that others don’t:

• There’s no “buying their way out of security issues or into a better risk posture.” They understand the need to evolve to a top-down, risk-driven, inherently business-aligned, dynamically adaptable, and evidence-based security management strategy.

• That looking at technology choices through the lens of risk controls (and the related data provided by technology that implements those controls) enables credible and transparent strategic tech portfolio management decisions that are immune to vendor preferences or the latest market(ing) fads.

• The need for meaningful security and risk measurement and the difference between leading and lagging indicators.

• The original intent of security and regulatory compliance as a model for proactive and consistent risk management (leading indicator), not just a historical reporting and audit function (lagging indicator).

• That managing risk, compliance, and security as distinct and separate functions is not only wasteful and inefficient, but denies the enterprise the ability to cross-leverage significant people, process, and technology investments

Show Notes: https://securityweekly.com/psw-814

Jan 23, 2024

RoboJoe, Apple, VMWARE, AI Vision, Confluence, Scarcruft, Microsoft, Jason Wood, and more on this Edition of the Security Weekly News.

Show Notes: https://securityweekly.com/swn-356

Jan 23, 2024

Vulns throw a wrench in a wrench, more vulns drench Atlassian, vulns send GitLab back to the design bench, voting for the top web hacking techniques of 2023, and more!

Show Notes: https://securityweekly.com/asw-270

Jan 23, 2024

Where apps provide something of value, bots are sure to follow. Modern threat models need to include scenarios for bad bots that not only target user credentials, but that will also hoard inventory and increase fraud. Sandy shares her recent research as we talk about bots, API security, and what developers can do to deal with these.

Segment resources

Show Notes: https://securityweekly.com/asw-270

1 « Previous 1 2 3 4 5 6 7 Next » 51