U.S. Government releases post-mortem on Equifax, MacOS security baseline script by Jerry Gamblin, Equifax mega-breach and nothing has changed, Docker hacking challenge, and Bug Bounties and mental health.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode31 Follow us on Twitter: https://www.twitter.com/securityweekly

Imperva acquires app security firm Prevoty in $140 million deal, Allstate accelerates expansion into Identity Protection with acquisition of InfoArmor, Sonatype receives $80 million investment from TPG, Very Good Security makes data unhackable with $8.5 million from Andreessen, Lacework raises $24 million for AI-based cloud security platform, Synapsefi raises over $17 million in Series A funding, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode98

Zane Lackey is the Founder/Chief Security Officer at Signal Sciences. Zane Lackey explains how we the security industry needs to shift left when it comes to applications and patching.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode31 Follow us on Twitter: https://www.twitter.com/securityweekly

In the security news, Spanish driver tests positive for every drug test, vulnerabilities found in the remote management interface of Supermicro servers, Apache Struts 2 flaw in the wild, HTTPS crypto-shame, and how to manipulate Apple's podcast charts!

Full Show Notes: https://wiki.securityweekly.com/Episode574

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Michael and Paul interview Gabriel Gumbs from STEALTHbits. They talk about moving from detection to prevention, and protecting your data!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode98

Beacon analysis is an integral part of threat hunting. If you are not looking for beacons you take the chance of missing compromised IoT devices or anything that does not have a threat mitigation agent installed. I'll talk about what makes beacon hunting so hard, and how the open source tool RITA can simplify the process.

***Powerpoint Slides in Full Show Notes***

Full Show Notes: https://wiki.securityweekly.com/Episode574

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Wim Remes from Wire Security bvba comes on the show to talk about pentesting, SDLC, the state of security, life of a (virtual) CISO, and certifications.

Full Show Notes: https://wiki.securityweekly.com/Episode574

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Paul talks with Bret Settle, the CEO of ThreatX about shifting the focus to the hacker. Check out this interview and learn about innovative endpoint defenses and how attackers use covert signaling technologies (such as pulsing cooling fans!) to exfiltrate data.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode105

Visit http://securityweekly.com/esw for all the latest episodes!

Paul interviews Marc French the SVP Chief Trust Officer of Mimecast. He also interviews Ofer Maor the Director of Solutions for Synopsys. Ofer talks about the problem Synopsys solves, the deployment for the static analysis tool, and about the open source libraries from Synopsys.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode105

Visit http://securityweekly.com/esw for all the latest episodes!

How the Department of Defense is using Open Source, BitSight launches forecasting capability, SentinelOne teams up with Sumo Logic, Swimlane supports McAfee's advanced security operation, Fortinet releases new IoT security controller, and Secureworks opens up proprietary UEBA through partner programme.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode105

Visit http://securityweekly.com/esw for all the latest episodes!

In the Security News this week, Zero-Day Windows exploits, How to hide sensitive files in encrypted containers, Misfortune Cookie vulnerability returns, and bank robbers faked Cosmos backend to steal 13.5$ million.

Full Show Notes: https://wiki.securityweekly.com/Episode573 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

John is a Senior Product Manager at DFLabs, where he performs a wide variety of tasks from product management to content development and partner management. Prior to joining DFLabs John worked for a global security services provider, performing a wide variety of incident response consulting services.

Full Show Notes: https://wiki.securityweekly.com/Episode573 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Jayson E. Street is an author of the "Dissecting the hack: Series". Also the DEF CON Groups Global Ambassador. Plus the VP of InfoSec for SphereNY. He has also spoken at DEF CON, DerbyCon, GRRCon and at several other 'CONs and colleges on a variety of Information Security subjects.

Full Show Notes: https://wiki.securityweekly.com/Episode573 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

In the Enterprise News this week, VMWare launches Blockchain project, lacework raises new funds to extend Cloud Security capabilites, Minerva Labs achieves certified integration with McAfee ePO, CrowdStrike helps advance malware searches on hybrid analysis portal, Atos named a leader in IoT services by global analyst firm NelsonHall, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode104

Visit http://securityweekly.com/esw for all the latest episodes!

John Strand delivers the Technical Segment this week on Office 365 User Behavior Analytics. The idea is if you have a user account simultaneously logged in to multiple computer systems, that may be abnormal.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode104

Visit http://securityweekly.com/esw for all the latest episodes!

In the Application security news, 'Fortnite' developer had sharp words for Google after an Exploit was discovered, PHP flaw puts WordPress sites at risk, Oracle will charge for Java starting in 2019, how Netflix does Failovers in 7 minutes flat, hacking Black Hat, Burp Suite 2.0 Beta released, Windows 95 running in Electron, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode30 Follow us on Twitter: https://www.twitter.com/securityweekly

Rick Holland has more than 15 years' experience working in information security. Paul and John talk to Rick about vulnerability management, WAFs, and advice to enterprise marketing.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode104

Visit http://securityweekly.com/esw for all the latest episodes!

Join Paul, Doug White, and Todd to talk about Security Innovation that includes: AlienVault, Cloudera, Splunk, Fortinet, CA and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode97

Visit http://securityweekly.com/category/ssw for all the latest episodes!

Keith Hoodlet and Paul Asadoorian talk about The Apache Struts2 RCE Vulnerability. They cover:

- CVE-2018-11776

- How the 3 Ways of DevOps can guide us toward better security practices

- Shared Version Control

- Test Environments

- Shared Ticketing

- ChatOps

- Buying

Time Full Show Notes: https://wiki.securityweekly.com/ASW_Episode30

Follow us on Twitter: https://www.twitter.com/securityweekly

The Untold story of NotPetya, New Apache Struts RCE Flaw, How door cameras are creating dilemmas for police, Google gets sued for tracking you even when your location history is off, and Artificial Whiskey is coming, and one company is betting you'll drink up.

Full Show Notes: https://wiki.securityweekly.com/Episode572 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Todd talks about his journey in the security industry. Todd also explains what Bandura Systems does for the security industry and how they sell their solution to companies.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode97

Visit http://securityweekly.com/category/ssw for all the latest episodes!

Sven Morgenroth is a security researcher at Netsparker. He found filter bypasses for Chrome's XSS auditor and several web application firewalls. He comes on the show to discuss PHP Type Juggling Vulnerabilities.

Full Show Notes: https://wiki.securityweekly.com/Episode572 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Tod Beardsley is the Director of Research at Rapid7. Paul talks to Tod about his recent projects Sonar and Heisenberg. They also discuss Tod's Under the Hoodie pentest report.

Full Show Notes: https://wiki.securityweekly.com/Episode572 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Mike leads the Product Management, Product Marketing, UX, and Business Development efforts at DomainTools. He brings over 20 years of experience in the security industry, and has a real passion for building products that customers love and driving significant growth for the product lines he leads.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode103

Visit http://securityweekly.com/esw for all the latest episodes!

Paul Asadoorian and Matt Alderman compare and contrast the enterprise security vendors that were at Black Hat and DEF CON 2018.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode103

Visit http://securityweekly.com/esw for all the latest episodes!