Facebook discloses the loss of at least 50M Access Tokens also covered by Motherboard Formjacking is on the rise, Google admits to allowing hundreds of companies read your email, FireFox Monitor will alert you when your accounts have been Pwned, Microsoft releases MS-DOS v1.25 and v2.0 as Open Source, and more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode34 Follow us on Twitter: https://www.twitter.com/securityweekly
Michael, Paul, and Jason discuss how to develop empathy for someone who annoys you, separating the quality of the outcome and quality of the decision, and much more!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode101
Attend local meetups and conferences, practice your coding skills, get educated by World Class security researchers, do your homework, there's no substitute for Practice, OWASP Juice Shop, and much more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode34 Follow us on Twitter: https://www.twitter.com/securityweekly
Michael and Paul ask Jason how to become a better business. Jason explains how to run your security team as in a 'fish bowl', and how to apply this technique to your clients and their business.
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode101
Michael and Paul discuss the tools that have helped them in their business. They talk about the books they've read, the interviews that helped them the most, and the journey from Startup Security Weekly to Business Security Weekly!
In the security news, Russian Hackers use Malware that can survive OS reinstalls, Facebook’s 2-Factor authentication With a phone number isn’t only for security, it’s used for ads ,FBI warns companies about hackers increasingly abusing RDP connections, NSA employee who brought hacking tools home sentenced to 66 months in prison, new Linux Kernel Bug affects Red Hat, CentOS, and Debian Distributions, and Baddies just need one email account with clout to unleash phishing hell, and more!
Full Show Notes: https://wiki.securityweekly.com/Episode577
Visit https://www.securityweekly.com/psw for all the latest episodes!
Carlos Perez delivers the Technical Segment on How to Operate Offensively Against Sysmon. He talks about how SysMon allows him to create rules, and track specific types of tradecraft, around process creation and process termination. He dives into network connection, driver loading, image loading, creation of remote threats, and more!
Full Show Notes: https://wiki.securityweekly.com/Episode577
Visit https://www.securityweekly.com/psw for all the latest episodes!
Mike Nichols is the VP of Product Management at Endgame, and he manages the Endgame endpoint protection platform. Keith McCammon is the Chief Security Officer and Co-Founder of Red Canary, and he runs Red Canary’s Security Operation Center. Shawn Smith is the IT Security Manager at Panhandle Educators Federal Credit Union. They discuss the problems Shawn had that led him to choose Red Canary and Endgame as his solution, skill shortages in vendors, what he did to convince his management to approve of this solution, and what his process for testing the effectiveness of these solutions was.
Full Show Notes: https://wiki.securityweekly.com/Episode577
Visit https://www.securityweekly.com/psw for all the latest episodes!
In the Enterprise News this week, Bomgar to be renamed BeyondTrust after acquisition from PAM vendor, Rapid7 looks to SOAR with InsightConnect Automation Platform, DigiCert, Gemalto, and ISARA Partner on Quantum-Safe Encryption, Symantec extends Data Loss Prevention Platform with DRM, ExtraHop announces the availability of Reveal(x) for Microsoft Azure, Attivo brings cyber security deception to containers and serverless, and more!
Full Show Notes: https://wiki.securityweekly.com/ES_Episode108
Visit https://www.securityweekly.com/esw for all the latest episodes!
Visit http://securityweekly.com/esw for all the latest episodes!
Paul and Matt sit down this week to discuss Threat and Vulnerability Management, the value it has, and the different players that deal with it in the Enterprise. They delve into Cloud and Application Security’s impact on vendors, and who they need to look at for potential integrations or acquisitions.
Full Show Notes: https://wiki.securityweekly.com/ES_Episode108
Visit https://www.securityweekly.com/esw for all the latest episodes!
Visit http://securityweekly.com/esw for all the latest episodes!
In the Application Security News, Hackers stole customer credit cards in Newegg data breach, John Hancock now requires monitoring bracelets to buy insurance, the man who broke Ticketmaster, new security settings available in iOS 12, State Department confirms data breach exposed employee data, and more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode33
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Ron started his cybersecurity career as a network penetration tester for the NSA, and is the Founder of Tenable and Gula Tech Adventures. He joins Keith and April for an interview to talk about security in the upcoming elections, how to maintain separation of duties, attack simulation, and more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode33
Follow us on Twitter: https://www.twitter.com/securityweekly
In the second part of Scott’s interview, Michael and April talk with him about ICS security, communication, and building relationships! They discuss the best practices to understand how these systems work, holding accountability, common goals, and how legal and security share common goals!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode100
Scott brings a unique mixture of hands-on experience in incident response, penetration testing, forensics, operations, architecture, engineering, and executive leadership as a former Chief Information Security Officer (CISO) to the Rapid7 Advisory team. He talks about his role at Rapid7, why he joined the company, how to integrate security better into an organization, and what he recommends to people who need to break the ice and get their first meeting started!
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode100
Senate can't protect senators staff from Cyber Attacks, Equifax fined by ICO over data breach that hit Britons, US Military given the power to hack back and defend forward,and AmazonBasics Microwave works with Alexa!
Full Show Notes: https://wiki.securityweekly.com/Episode576
Visit our website: http://securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Apollo Clark goes through inventory management, access management, config management, patch management, automated remediation, logging and monitoring, and deployment tools.
Full Show Notes: https://wiki.securityweekly.com/Episode576
Visit our website: http://securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Mike Ahmadi oversees IoT security solutions and technical implementations for DigiCert customers across various verticals that include industrial, transportation, smart city, consumer devices and healthcare.
Full Show Notes: https://wiki.securityweekly.com/Episode576
Visit our website: http://securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Cisco aims to make security foundational throughout its business, Fidelis looks to grow cyber-security platform, How artificial intelligence can improve human decision-making in IoT apps, Crossmatch announces the availability of DigitalPersona v3.0, and video fingerprinting.
Full Show Notes: https://wiki.securityweekly.com/ES_Episode107
Visit http://securityweekly.com/esw for all the latest episodes!
Doug White and Matt Alderman talk about audit mistakes. Don't get into the mindset of ticking the box to satisfy audit. - What is this control and why are using it? - What does it control?
Full Show Notes: https://wiki.securityweekly.com/ES_Episode107
Visit http://securityweekly.com/esw for all the latest episodes!
Alpine Linux hit with bug that can lead to Poisoned Containers, data breaches affect stock performance in the long run, Bluebox-ng, a Node.js VoIP pentesting framework, and CommitStrip: It's Not an App!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode32 Follow us on Twitter: https://www.twitter.com/securityweekly
Michael Santarcangelo joined by special guest Ron Gula from Gula Tech Adventures, talk with Chris Brenton about how do you take someone with a basic level certification and give them access to the tool?
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode99
Keith Hoodlet and Paul Asadoorian interview April Wright. They discuss people connected by apps, workplace reward systems, and the importance of building/practicing the process before documenting it. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode32 Follow us on Twitter: https://www.twitter.com/securityweekly
Microsoft accidentally lets encrypted Windows 10 out the the world, Kernel exploit discovered in macOS, PowerShell obfuscation ups the anty on anti virus, Google outlines incident response process, BombGar buys BeyondTrust, and Neil DeGrasse Tyson speaks on Elon Musk saying: Let the man Get High! All that and more, on this episode of Paul's Security Weekly!
Full Show Notes: https://wiki.securityweekly.com/Episode575
Visit our website: http://securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Michael Santarcangelo returns! Michael is joined by Matt Alderman and Ron Gula to interview Chris Brenton. They discuss what is threat hunting, what does this actually mean, is there a level of maturity required (organization, security team, individuals)?
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode99
Eyal Neemany describes how to bypass Linux Pluggable Authentication Modules provide dynamic authentication support for applications and services in a Linux or GNU/kFreeBSD system. Eyal Neemany is the Senior Security Researcher for Javelin Networks.
→Full Show Notes: https://wiki.securityweekly.com/Episode575
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly