You know SBOMs can help you keep track of your software assets and therefore, their vulnerabilities. Despite even the White House pressing the issue, many vendors aren't forthcoming with SBOMs, and you can't afford to wait. With Tanium's Roland Diaz, we'll discuss the most important considerations when generating your own SBOMs (which is now something their product can also do!).
This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw308
In the Security News: Using HDMI radio interference for high-speed data transfer, Top 10 open source software risks, Dumb password rules, Grand Theft Auto, The false promise of ChatGPT, The “Hidden Button”, How a single engineer brought down twitter, Microsoft’s aim to reduce “Tedious” business tasks with new AI tools, The internet is about to get a lot safer, All that, and more!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw775
Tune in to ask our PSW hosts anything you want to know! Join the live discussion in our Discord server to ask a question. Visit securityweekly.com/discord for an invite!
Larry Pesce, Jeff Man, Tyler Robinson, and more will be answering your questions, including:
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw775
In the leadership and communications section, Your Biggest Cybersecurity Risks Could Be Inside Your Organization, Subtracting: The Simplest Path to Effective Leadership, How to Be a Good Interviewer, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw296
WebSocket hijack that leads to a full workspace takeover in a cloud IDE, malicious packages flood public repos, side-channel attack on a post-quantum algorithm, looking at OWASP's evolution, OAuth misconfigs lead to account takeover, AI risk management framework, Zed Attack Proxy
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw231
From protecting application and data from cyberattacks to meeting compliance regulations, healthcare providers face the complex challenge of providing secure and reliable access to medical data. In this segment, Terry Ray joins Business Security Weekly to discuss common attack trends and security challenges that healthcare providers face along with guidance for securing healthcare data and applications.
This segment is sponsored by Imperva. Visit https://securityweekly.com/imperva to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw296
This week Dr. Droug talks: Lots of AI, Deepfakes, Microsoft Word, OneNote, Russian Pranksters, FIXS, Wago, Water, Aaron Leyland, and more on this edition of Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn278
This week in the Enterprise News: Deepwatch Announces $180 Million in Investments, VulnCheck Raises $3.2 Million to Solve Prioritization Challenge for Enterprise, Government and Cybersecurity Solution Providers, Zscaler to Acquire Israeli Startup Canonic Security, Palo Alto Q2 Fiscal Year 2023 Earnings Call, Tech’s hottest new job: AI whisperer. No coding required, How data breaches affect stock market share prices, & Kenyan Innovator Creates Smart Gloves That Translate Sign Language Into Audible Speech!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw307
Human brain bots grown in petri dish, CISA Decider, BlackLotus, Mustang Panda, Ex22, Dish and Aaran Leyland, and more on the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn277
Today, we talk to Jim Routh - a retired CISO who survived the job for over 20 years! He'll be sharing some wisdom with us, like how analytics and data science can help detect malicious insiders. Also, more generally, Jim will help us understand how data-science-backed tooling can help move the security market forward and help security teams and programs mature.
Segment Resources:
https://www.reveal.security/resources/whitepapers/
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw307
The MSP space has undergone a lot of changes in the past few decades, with the emphasis on security increasing dramatically in the last 5-10 years. We discuss how ConnectWise, which builds and sells solutions to MSPs, has tackled this challenge. We'll be asking questions both from Raffael's point-of-view, selling to MSPs, but also from the customer point-of-view - small to medium businesses with a need to outsource IT and security functions.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw307
In the Security News for this week: indistinguishable classifiers, screenshot the /etc/passwd file, what the Zimbra, couple of cool Burp plugins, my voice is my passport. verify me, software is harder to exploit, unless its in firmware, when ChatGPT writes an article, becoming a trusted installer, not the last breach for lastpass, getting fried at the charger, and why hackers love stickers!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw774
Barracuda published its 2023 Email Security Trends report that shows how email-based security attacks affect organizations around the world. 75% of the organizations surveyed for the report had fallen victim to at least one successful email attack in the last 12 months, with those affected facing average costs of more than $1 million for their most expensive attack. 23% said that the cost of email-based attacks has risen dramatically over the last year.
Segment Resources:
https://assets.barracuda.com/assets/docs/dms/2023-email-security-trends.pdf
This segment is sponsored by Barracuda. Visit https://securityweekly.com/barracuda to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw774
Twitter 2FA goes away, safe testing for server-side prototype pollution, OWASP's guide on AI security & privacy, Adobe's approach to smarter security testing, a fast web fuzzer
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw230
In the leadership and communications section, Leaders Are Feeling the Pressure of an Uncertain, Dynamic Risk Landscape, Gartner Predicts Nearly Half of Cybersecurity Leaders Will Change Jobs by 2025, How to Empower Teams, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw295
Lots of press lately regarding ChatGPT and its impact on cybesecurity. Some say it will help us fight adversaries, while others say it will only make adversaries more sophisticated. Lot's of FUD on both sides of the discussion. BSW hosts debate the pros and cons of ChatGPT (and other AI) to truly understand its impact and what we, as security leaders, need to know.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw295
This week Dr. Doug talks: ClippyNator, NewsCorp, Lastpass, US Marshals, Housez, PureCryptor, CyberStrategy, Jason Wood and more on this edition of Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn276
Join us for this segment with Lina Lau to learn lessons from real incident response engagements covering types of attacks leveraged against the cloud, war stories from supply chain breaches seen in the last 1-2 years, and how defenders and enterprises can better protect and proactively defend against these attacks.
Segment Resources:
Attacking and Defending the Cloud (Training) https://training.xintra.org/
Blackhat Singapore 2023 Training ADVANCED APT THREAT HUNTING & INCIDENT RESPONSE (VIRTUAL) https://www.blackhat.com/asia-23/training/schedule/index.html#advanced-apt-threat-hunting--incident-response-virtual-29792
Blackhat USA 2023 Training ADVANCED APT THREAT HUNTING & INCIDENT RESPONSE (IN-PERSON) https://www.blackhat.com/us-23/training/schedule/#advanced-apt-threat-hunting--incident-response-30558
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw230
This week Dr. Doug civilly discusses: a Liquid Robot Death Punch, Korean cars, Fortinet, Frebniis, Atlassian, BingBots, Hacking Back, Derek Johnson covers the National Cyber Strategy documents and more on the Security Weekly News!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn275
Organizations today operate under the constant looming threat of cyber attacks. While reactive cybersecurity measures will help organizations respond to past and present threats, offensive measures are the only chance to get ahead of attackers and beat them to the punch. There is now a greater call for offensive solutions like penetration testing and red teaming to evaluate environments so security gaps can be identified and closed before a breach. Join us as we discuss how these solutions work both independently and together, as well as practical ways organizations can build or mature an offensive security strategy.
Segment Resources:
This segment is sponsored by Fortra. Visit https://securityweekly.com/fortra to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw306
Inka talks about harnessing Behavioural Science (BS) to influence people’s cyber security behaviours. Focusing on psychology theories (e.g. Behaviour change wheel) she explores some of our barriers (and motivations) to cybersecurity. What are our FMEs ('frequently made excuses') to taking protective action online and how organisations' could create a supportive security culture.
Segment Resources:
Lead researcher for RISCS / UK Home Office funded research project: Cyber Security Quirks: Personalised Interventions for Human Cyber Resilience https://www.riscs.org.uk/project/cyber-security-quirks-personalised-interventions-for-human-cyber-resilience/
Inka will be presenting this research at the Impact Conference on 2.3.2023 https://www.theimpactconference.com/ Lead researcher/author of the Annual Cybersecurity Attitudes and Behaviours Report (2021 and 2022) https://www.cybsafe.com/whitepapers/cybersecurity-attitudes-and-behaviors-report/
SebDB (most comprehensive cyber security behaviour database) https://www.cybsafe.com/research/security-behaviour-database/
Personality and digital footprints whitepapers: https://www.cybsafe.com/whitepapers/personality-and-digital-footprints/
How to measure security behaviour https://www.cybsafe.com/e-books/how-to-measure-behavior-long-read/
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw306
In the Security News: If it can run Linux, it should, TikTok thefts, significant vulnerability findings, and I'm not even joking, typo squatting is lame, what will it take Bruce!, stealing from the TPM, GoAnywhere, including root, what if attackers targeted your yacht?, two for the price of one (exploits), X is really old, and vulnerable, come for a ride on a CHERI-OT and be memory safe, codebreaking old letters, and vulnerable wienermobiles! All that, and more, on this episode of Paul’s Security Weekly!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw773
The memoir of world-renowned hacker Cris Thomas “Space Rogue: How the Hackers Known as L0pht Changed the World” is available for pre-order now. The new book, to be released on February 16, 2023, will cover the influential hacking group L0pht Heavy Industries, the hacker underground of the 1990s, the L0pht’s rise to prominence, their testimony in front of the US Senate, their claim of being able to “take down the Internet”, and how their legacy continues to shape the security of the online world today.
Segment Resources:
https://securityweekly.com/spacerogue
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw306
Zero Trust is the buzzword of the 2020’s. Vendors are selling it, the US Federal Government is requiring it, and organizations are implementing it, but what does it really mean (I mean really beyond the hype)? In this segment, Paul and Ron will talk ways combat threats through people, process, and technology Zero Trust Risk Management.
Segment Resources:
Forrester Research Zero Trust blogs: https://www.forrester.com/blogs/category/zero-trust-security-framework-ztx/
Ron Woerner YouTube: https://www.youtube.com/user/ronw68123
VetSec: https://veteransec.org/
Free CISSP Training Program: https://frsecure.com/cissp-mentor-program/
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw773
In the leadership and communications section, What CISOs Should Know About Hacking in 2023, Getting Employee Buy-In for Organizational Change, Listening — The most important communication skill, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw294