Jason Healey comes on the show to discuss new ideas on whether the new national cybersecurity strategy is working.
Segment Resources:
Show Notes: https://securityweekly.com/psw-822
Patrick Stewart, Colorama, Strelastealer, CVSS scores, CHUDS, Josh Marpet, and more, on this Edition of the Security Weekly News.
Show Notes: https://securityweekly.com/swn-372
With hundreds or thousands of SaaS apps to secure with no traditional perimeter, Identity becomes the focal point for SaaS Security in the modern enterprise. Yet with Shadow IT, now recast as Business-Led IT, quickly becoming normal practice, it’s more complicated than trying to centralize all identities with an Identity Provider (IdP) for Single Sign-On (SSO). So the question becomes, “How do you enable the business while still providing security oversight and governance?”
This segment is sponsored by Savvy. Visit https://securityweekly.com/savvy to learn more about them!
Show Notes: https://securityweekly.com/bsw-343
The GoFetch side channel in Apple CPUs, OpenSSF's plan for secure software developer education, fuzzing vs. formal verification as a security strategy, hard problems in InfoSec (and AppSec), and more!
Show Notes: https://securityweekly.com/asw-278
In the leadership and communications section, The CISO Role Is Changing. Can CISOs Themselves Keep Up? , Why do 60% of SEC Cybersecurity Filings Omit CSO, CISO Info?, How Co-Leaders Succeed, and more!
Show Notes: https://securityweekly.com/bsw-343
While awareness and attention towards cybersecurity are on the rise, some popular and persistent myths about cybersecurity have almost become threats themselves. API security requires a modern understanding of the threat landscape, with the context that most API providers desire to be more open and accessible to all. We will debunk the 5 worst myths about protecting your APIs.
Segment Resources:
This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about API security!
Show Notes: https://securityweekly.com/esw-354
One of the biggest failures in appsec is an attitude that blames users for security problems. A lot of processes and workflows break down because of an insecure design or insecure defaults. Benedek Gagyi chats with us about the impact of the user experience (UX) on security and why it's not only important to understand how to make a user's life easier, but in defining who that user is in the first place.
Segment resources:
Show Notes: https://securityweekly.com/asw-278
Robots gone wild, UDP, GoFetch, Domain Controllers, Pwn2Own, Verner Vinge, Reddit, Aaran Leyland, and More on this edition of the Security Weekly News.
Show Notes: https://securityweekly.com/swn-371
In the enterprise security news,
Lots of funding news, including: - Nozomi Networks Raises $100 Million to Expand Industrial Cybersecurity Business - BigID Raises $60 Million at $1 Billion Valuation - J.P. Morgan Growth Leads $39 Million Investment in Eye Security - CyberSaint raises $21 million to accelerate market expansion Zscaler Acquires Avalor for $350 Million Cisco completes $28 bn acquisition of cybersecurity firm Splunk Airbus Calls Off Planned Acquisition of Atos Cybersecurity Group Cybersecurity firm Cato Networks hires banks for 2025 IPO, sources say
Show Notes: https://securityweekly.com/esw-354
We discuss the always controversial Flipper Zero devices the hidden risks in the undersea cables, and the landscape of government oversight, revealing the intricacies of CVE, KEV, and NVD systems that are the linchpins of our digital safety. The conversation takes a turn to the practicalities of risk management and the impact of individuals on the industry, like Daniel from the curl project, striking a chord with the significance of cybersecurity vulnerabilities compared to environmental pollution. We tackle the challenges of vulnerability prioritization and the importance of a comprehensive approach to managing the ever-evolving threats that target our digital infrastructure.
(00:01) Security Practices and Flipper Zero (07:01) Technology and Privacy Concerns in Cars (17:33) Undersea Cables and NVD Issues (27:45) Government Oversight and Funding for Cybersecurity (33:33) Improving Vulnerability Prioritization in Cybersecurity (45:37) Risk Management and CVE Implementation (58:06) Cybersecurity Budget and Risk Management (01:10:48) Unique Challenges in Cybersecurity Industry (01:16:41) Discussion on Open Source and CNAs (01:26:44) Bluetooth Vulnerabilities and Exploits Discussed (01:39:46) Email Security and Compromised Accounts (01:46:23) Cybersecurity Threats and Vulnerabilities (01:52:06) GPU Security Vulnerabilities Explained
Show Notes: https://securityweekly.com/psw-821
Josh Corman joins us to explore how we can make things more secure, making companies make things more secure, and making regulations that make us make things more secure! We will also touch on supply chain security and the state of vulnerability tracking and scoring.
Show Notes: https://securityweekly.com/psw-821
Piggybacking off of our interview with Dave DeWalt, Tom Parker from Hubble joins Business Security Weekly to discuss a few of the key trends CISOs should be paying attention to. Yes, we'll cover Artificial Intelligence, but more from a business risk and governance perspective. We'll also cover quantum computing, technical debt, and how budgets will impact how organizations can or cannot prepare for these emerging trends. Buckle up and hang on for part two of our jam packed episode.
Show Notes: https://securityweekly.com/bsw-342
Insecure defaults and insecure design in smart locks, FCC adopts Cyber Trust Mark labels for IoT devices, the ZAP project gets a new home, and more!
Show Notes: https://securityweekly.com/asw-277
Sick Jokes, WEBGPU, Fortra, Azorult, Fujitsu, Conversation Overflow, Phishing, Josh Marpet, and more on this Edition of the Security Weekly News.
Show Notes: https://securityweekly.com/swn-370
Lots of companies need cybersecurity programs, as do non-profits. Tyler Von Moll talks about how to get small organizations started on security and how to prioritize initial investments. While an appsec program likely isn't going to be one of the first steps, it's going to be an early one. What decisions can you make at the start that will benefit the program in the years that follow? What does an appsec program look like at a small scale?
Segment Resources:
Show Notes: https://securityweekly.com/asw-277
Dave DeWalt needs no introduction. A four-time CEO and currently the Founder and CEO of NightDragon, Dave collects, analyses, and disseminates more intelligence on the cybersecurity industry in a year than most of us ever will in a lifetime. We've invited Dave to Business Security Weekly to share some of that intelligence with our audience. Specifically, we'll hear about:
Tune in for this insightful discussion before you make your next strategic cybersecurity decisions.
Show Notes: https://securityweekly.com/bsw-342
We don't cover a lot of stories in this week's episode, but we go deep on a few important ones. I'm biased, but I think it's a good one, especially having Darwin's input and encyclopedic knowledge available to us.
Also in this week's news:
All that and more, on this episode of Enterprise Security Weekly.
Show Notes: https://securityweekly.com/esw-353
Cynicism, TikTok, Redline, Securam, Ghostrace, MicroOrange, eSim Swaps, Aaran Leyland, and More on this edition of the Security Weekly News.
Show Notes: https://securityweekly.com/swn-369
In this interview, we talk to Rod Simmons, the VP of Product Strategy at Omada. We'll discuss the complex topic of securing identities against ever growing threats. We'll discuss challenges like unnecessary access, accounts with too many permissions, and a threat landscape that is increasingly finding success from targeting identities. Finally, we'll discuss where the Identity Governance and Administration (IGA) market is going.
Segment Resources:
Show Notes: https://securityweekly.com/esw-353
In the security News end of life routers and exploits, SCCM mis-configurations lead to compromise, apparently you can hack anything with a Flipper Zero, do source code leaks matter?, visibility is important, printer vulnerabilities that no one cares about, friendship gets you firmware, lock hacking continues, VM escapes and risk, and multiple really cool Bluetooth hacking stories.
Show Notes: https://securityweekly.com/psw-820
Omkhar Arasaratnam is the General Manager of the Open Source Software Foundation (OpenSSF) and appears on the show to discuss memory safety, why re-writing software isn't always the best option, open-source software supply chains, and more!
Segment Resources:
Show Notes: https://securityweekly.com/psw-820
The trivial tweaks to bypass authentication in TeamCity, ArtPrompt attacks use ASCII art against LLMs, annoying developers with low quality vuln reports, removing dependencies as part of secure by design, removing overhead with secure by design, and more!
Show Notes: https://securityweekly.com/asw-276
Dem Bones, Leather, QNAP, CISA, Microsoft, PyPI, France, AirBnB, Josh Marpet, and More are on this edition of the Security Weekly News.
Show Notes: https://securityweekly.com/swn-368
A majority of internet traffic now originates from APIs, and cybercriminals are taking advantage. Increasingly, APIs are used as a common attack vector because they’re a direct pathway to access sensitive data. In this discussion, Lebin Cheng shares what API attack trends Imperva, a Thales Company has observed over the past year, and what steps organizations can take to protect their APIs.
This segment is sponsored by Imperva. Visit https://www.securityweekly.com/imperva to learn more about them!
Show Notes: https://securityweekly.com/asw-276
In the leadership and communications section, Cybersecurity in the C-Suite: A CISO’s Guide to Engaging the Board, The CISO's Guide to AI: Embracing Innovation While Mitigating Risk, Cyber Insurance Strategy Requires CISO-CFO Collaboration, and more!
Show Notes: https://securityweekly.com/bsw-341