Podcasts by Pauls Security Weekly TV

The DIY AppSec Lab - ASW #185 from 2022-02-21T22:00

Lots of web hacking can be done directly from the browser. Throw in a proxy like Burp plus the browser's developer tools window and you've got a nearly complete toolkit. But nearly complete mean...

Cisco/Splunk Rumors, Canonic Security, Unhelpful Legislation, & Securonix Round - ESW #261 from 2022-02-19T22:00

Finally, in the Enterprise Security News, Securonix raises $1B in Vista-led round (it’s like they ate a unicorn!), Salt Security becomes a Unicorn, has not been eaten (yet), Legit Security raise...

Pixelating Info, Pilfer Or Report, Digital Credit Unions, & Airtag Abuse - PSW #728 from 2022-02-19T10:00

This week in the Security News: To steal or collect a bug bounty, print bombing an NFL team, Webkit strikes again, hackers be framing, TIPC Linux kernels, is that an Airtag in your pocket or?, I...

Cassandra RCE, Pixelation Is Poor Redaction, Rust's Useful Errors, & Hardening Edge - ASW #185 from 2022-02-18T22:27:35

This week in the Application Security News: RCE in Cassandra, why pixelization isn't good redaction, Rust's compiler is friendly, Edge adds arbitrary code guard to its WASM interpreter, & the di...

Running Windows Inside Containers On Linux - PSW #728 from 2022-02-18T22:00

Yes, this is possible! We have incoporated into our vulhub-lab project a way to run Windows inside a Docker Container that is running on Linux. We didn't invent this technique but we will show y...

0patch - Security Patching That Doesn't Make Your Life Miserable - Mitja Kolsek - ESW #261 from 2022-02-18T22:00

0patch is a simple but powerful service that provides tiny targeted security patches to Windows computers, eliminating the most critical vulnerabilities without restarting the computer or relaun...

Cybersecurity Coordinator Under President Obama - Michael Daniel - PSW #728 from 2022-02-18T10:00

Michael joins us to discuss the importance of information sharing, how to convey cybersecurity practice and topics to senior leaders, cybersecurity regulation, myths surrounding militarizing cyb...

Changing the TPCRM Game W/ Cyber Risk Intelligence Tools - Vikram Asnani - ESW #261 from 2022-02-18T10:00

Definitions of the word intelligence include a collection of information of military or political value as well as the ability to acquire and apply knowledge or skills. In cybersecurity, when we...

5 Leadership Lessons, 6 Steps to Success, & 6 Tips to Say No - BSW #250 from 2022-02-17T15:57:24

In the Leadership and Communications section, 5 Leadership Lessons General Marshall can Teach Us, Cybersecurity incident response: The 6 steps to success, 6 Effective Tips to Politely Say No (th...

Time To Move Away From "G - little R - Big C" (GRC) - John Wheeler, Padraic O'Reilly - BSW #250 from 2022-02-15T22:00

How to move from legacy GRC processes and systems to a more automated approach that promotes visibility, agility, and alignment from assessment to Boardroom.

This segment is spon...

Docker Boundaries, Google Bounties, 2021's Top Web Hacks, Apple AirTags, AI vs. RFCs - ASW #184 from 2022-02-15T10:00

In the AppSec News: Docker and security boundaries, Google's year in vuln awards, 2021's year in web hacks, Apple AirTags and privacy, turning AIs onto RFCs for security, & facial recognition re...

The Modern Developer Must be Security Minded, Too - Doug Kersten - ASW #184 from 2022-02-14T22:00

In light of the far-reaching Log4j vulnerability, it’s become increasingly clear that the modern developer can’t operate without a solid level of security expertise. Vulnerability management is ...

Glyptodons, Mandiant Rumors, Virtual CISOs, Log4j Testimony, & A Cyber Safety Board - ESW #260 from 2022-02-12T22:00

Finally, in the Enterprise Security News, Security automation startup Cerby raises $12M, Virtual CISO startup Cynomi raises 3.5M to help SMBs automate cybersecurity, Keeper Security acquires Gly...

Uncovering a Major Linux PolicyKit Security Vulnerability: Pwnkit - Wheel - PSW #727 from 2022-02-12T10:00

Qualys researcher, Wheel, will discuss the discovery of the 12 year old Linux vulnerability in PolicyKit - which Qualys had dubbed, PwnKit. Wheel will provide an overview of the vulnerability an...

The State of Identity in the Enterprise - Branden Williams - ESW #260 from 2022-02-12T10:00

We discuss the current state of identity challenges in the enterprise with Branden Williams.

Visit https://www.securityweekly.com/es...

AR vs. VR, Hacking Mazdas, Risqué Latte Art, Crypto Wormholes, & Carding Forum Seized - PSW #727 from 2022-02-11T22:00

In the Security News for this week: Microsoft to block VBA macros by default (in some Office applications), Russia arrests it’s 3rd hacking group, The ‘Metaverse’ of security challenges, $323 Mi...

To Err Is Human, but the Blockchain Is Forever - ESW #260 from 2022-02-11T22:00

One of the key features of cryptocurrency, NFTs, and other blockchain-based technologies is the immutable ledger. Put another way, there's no clear way to implement an 'undo' button when it come...

Cybersecurity Is Not Just a Technical Problem - Brian Honan - PSW #727 from 2022-02-11T10:00

We have spent decades tackling security threats with technology, and we are failing badly. We need to look and learn from other industries and see how they have improved their industry. In parti...

Cybersecurity Policy Creation, Champions Program, & the War for Talent - BSW #249 from 2022-02-09T10:00

In the leadership and communications section, Cybersecurity Policy Creation: Priority One, 5 steps to run a successful cybersecurity champions program, The war for cloud and cybersecurity talent...

Effective Communications During & After a Cyber Attack - Ann Marie van den Hurk - BSW #249 from 2022-02-08T22:00

A cyber attack is a catastrophic event for any organization. Therefore, effective cyber crisis communication is crucial but often overlooked and an internal concern. In this conversation, we wil...

HTTP/3 Streams, Argo CD Paths, Log4j Devs, Cyber Safety Review Board, OSSF Projects - ASW #183 from 2022-02-08T10:00

Vulns in an HTTP/3 server, path traversal in Argo CD, Log4Shell from the perspective of Log4j devs, DHS launches Cyber Safety Review Board, OSSF launches Alpha and Omega projects, resources for ...

Policy Momentum in Coordinated Vulnerability Disclosure - Amit Elazari - ASW #183 from 2022-02-07T22:00

Security is one of the most evolving and impactful landscapes in the regulatory sphere. Proposed initiatives in the areas of Incident Response, Software and Product Assurance, Coordinated Vulner...

Securing Olympians, Hiding in UEFI, 'Fingerprinting GPUs', & P4x vs. North Korea - PSW #726 from 2022-02-05T10:00

This week in the Security News: Temporary phones, webcam hacks that are so much more, bags of cash, patch Wordpress plugins and patch them some more, crowd-sourced-government-funded vulnerabilit...

A Look at Microsoft's Cloud-Native SIEM - Darwin Salazar - ESW #259 from 2022-02-05T10:00

In late 2019, Microsoft released their cloud-native SIEM, Sentinel. A lot in the world has changed since then so we'll be looking at Sentinel's progression, talking about it's features and what ...

Linux Post Exploitation - PSW #726 from 2022-02-04T22:00

In this Technical Segment, Paul walks through Linux Post Exploitation!

Github: https://github.com/SecurityWeekly/vulhub-lab

How Zapier’s Attila Török Manages Security for a 100% Remote Organization - Attila Török - ESW #259 from 2022-02-04T22:00

Imagine having 500+ employees across the world — all working remotely. Now imagine making sure they can all do their work securely. This is exactly what Zapier’s Head of Security, Attila Török d...

Covert EDC & Physical Pen Tests - Brent White - PSW #726 from 2022-02-04T10:00

Discussing every-day-carry items that are utilized during covert entry assessments. Also discussing the concealment of these tools, and which tools we use for various assessment types.

Se...

The 1000th Unicorn, Island Browser, Optiv For Sale, & Polar Bear Takeover - ESW #259 from 2022-02-04T10:00

Finally, in the Enterprise Security News, Island raises $100M to introduce a new Chromium-based web browser, designed for the enterprise, Plextrac rasies a $70M Series B, HackerOne raises a $49M...

Cybersecurity & Audit, CIO Involvement Grows, & Poor Security Culture - BSW #248 from 2022-02-02T10:00

In the leadership and communications section, Cybersecurity increasingly on audit committee agendas, CIO involvement in security grows as CEOs target risk reduction, How Poor Security Culture Le...

Digital Risk Protection - Dan Mathews - BSW #248 from 2022-02-01T22:00

Your information is everywhere. Executive, employee, and corporate data are contained in breach data, social media, and the dark web. How do you protect your organization from impersonation and ...

PwnKit, Qubit Hack, Multichain Hack, Safari Bounty, & Python NaN - ASW #182 from 2022-02-01T10:00

PwnKit LPE in Linux, two different smart contract logic flaws in two different hacks, a $100K bounty for Safari, Python NaN coercion, appsec games

Visit Listen

Shift Left, NOT S#!T LEFT - Larry Maccherone - ASW #182 from 2022-01-31T22:00

If you attempt to shift security left without adaptation, it'll feel a lot more like S#!T LEFT to the development teams but most security groups lack the mindset and skills to do it in a way tha...

Continuous Red Teaming Trends - Bikash Barai - ESW #258 from 2022-01-29T22:00

Why is continuous security here to stay? How is Red Teaming getting automated and moving towards continuous?

Visit https://www.secur...

12 Year Linux Bug, Recovering Bitcoin, Lulzsec's Impact, & Pimp My Cubicle - PSW #725 from 2022-01-29T10:00

This week in the Security News: More QR codes you shouldn't trust, race conditions in Rust, encrypting railways, Pwnkit - the latest Linux exploit, tricking researchers into crashing, cybersecur...

New Startups From Stealth, It's Not Matt Damon's Fault, Merck Wins, & Pearson Fined - ESW #258 from 2022-01-29T10:00

This week, in the Enterprise Security News, Hunters raises a series C to continue building XDR, Anitian raises a $55M Series B, Four new startups emerge from stealth with seed funding, BugAlert ...

Securing Ubiquiti WiFi Systems - PSW #725 from 2022-01-28T22:00

Ubiquiti has become a crown favorite for WiFi (and many other solutions). Learn how to do some basic security, update the software, change passwords and more!

Visit Listen

Log4Shell: Impact & Lessons Learned - Jamie Moles - ESW #258 from 2022-01-28T22:00

If 2021 taught us anything, it’s that our supply chain–especially our technical supply chain–hangs in the balance of a very fragile system. In this interview, ExtraHop's Jamie Moles examines the...

Cracks in the Castle - Jimmy Sanders - PSW #725 from 2022-01-28T10:00

Enterprises today has an ever expanding attack surface. Jimmy Sanders, Head of Security for DVD.com, joins to discuss how Organizations are constantly trying to stay ahead of the latest known an...

Mastering Art and Science, Stakeholder Trust, and Trustworthy Computing - BSW #247 from 2022-01-26T10:00

In the leadership and communications section, Mastering Art and Science Is Imperative for CISOs to Be Successful, Seven Ways to Ensure Successful Cross-Team Security Initiatives, 2 Key Cybersecu...

Securing the Digital Value Chain - Mark Fernandes - BSW #247 from 2022-01-25T22:00

Enabling the business requires a nuanced view of verticalization and what it means to an enterprise. Why is this important as CISO’s think about how to apply cyber to enterprise resiliency? Mark...

IndexedDB Leak, Linux Kernel Bug, Zoom Security, SSRF & Allow Lists, Security Courses - ASW #181 from 2022-01-25T10:00

In the AppSec News, Safari fixes a privacy leak in IndexedDB, integer arithmetic flaw leads to Linux kernel bug, a look back on Zoom security, SSRF from an URL allow list bypass, a security engi...

API Security (Shadow APIs) - Himanshu Dwivedi - ASW #181 from 2022-01-24T22:00

It is hard, if not impossible, to secure something you don’t know exists. While security professionals spend countless hours on complex yet interesting issues that *may* be exploitable in the fu...

McAfee MVISION XDR, Microsoft Acquires Activision Blizzard, & Tom Brady NFTs - ESW #257 from 2022-01-22T22:00

In the Enterprise Security News: 1Password plans to do some shopping with their massive Series C, Devo announces a $250M round, Permiso Security and Tromzo emerge backed by both traditional VCs ...

REvil Gang Arrested, 5G & Airplanes, Zoom Zero-Click, & Stolen Brownies - PSW #724 from 2022-01-22T10:00

In the Security News: Malware targets Ukraine, I wonder where that's coming from?, evil Google Docs comments, Russia grabs REvil, funding a dictatorship, Zoom zero clicks, When 9-year old's laun...

Architecture & Security from the Trenches - Will Clark - ESW #257 from 2022-01-22T10:00

An open discussion of challenges facing software and system architects in small and medium sized businesses.

Visit https://www.secur...

Using WPScan To Find WordPress Vulnerabilities - PSW #724 from 2022-01-21T22:00

wpscan is a free tool for scanning WordPress, and let's face it, there are many vulnerabilities to be found in Wordpress! This segment will walk you through installing, configuring and using wps...

Vulnerability Management is Dead! - Rickard Carlsson - ESW #257 from 2022-01-21T22:00

Modern tech stacks are becoming increasingly complex puzzles of components built in-house and sourced from third-party vendors. With DNS at the center of the infrastructure, and staging and prod...

Cyber Resilience - Cybersecurity Mental Health - Neal O'Farrell - PSW #724 from 2022-01-21T10:00

What can we do to raise awareness on issues of mental health for cybersecurity professionals? Neal walks us through some of the issues and ways to deal with them. Neil has also put together trai...

Scams and Security in Web3*, URL Parsing Problems, AWS Glue, CI/CD Compromises - ASW #180 from 2022-01-19T10:00

Scams and security flaws in (so-called) web3 and when decentralization looks centralized, SSRF from a URL parsing problem, vuln in AWS Glue, 10 vulns used for CI/CD compromises

V...

Investing in Open Source Security - ASW #180 from 2022-01-18T22:00

This isn't a story about NPM even though it's inspired by NPM. Twice. The maintainer of the "colors" NPM library intentionally changed the library's behavior from its expected functionality to p...

Arming CISOs, The 'Great Resignation', & Deciding Your Next Career Move - BSW #246 from 2022-01-16T10:00

In the leadership and communications segment, Arming CISOs With the Skills to Combat Disinformation, Is the 'Great Resignation' Impacting Cybersecurity?, Ask These 5 Questions to Decide Your Nex...

Israeli CyberSec Drama, Microsoft's Security Chip, Best Job of 2022, & "YAU"s - ESW #256 from 2022-01-15T22:00

In the Enterprise Security News for this week: Pentera announces a $150m Series C - YAU (Yet Another Unicorn), Herjavec Group merges with Fishtech, Google acquires SOAR vendor SIEMplify, A Europ...

Security Money - The Index Has Cooled Off - BSW #246 from 2022-01-15T22:00

The Security Weekly 25 index has finally cooled off, closing at 2226.93 on January 13th, 2022, which is an increase of 122.69% (down from last Q) since inception. The NASDAQ Index closed at 14,8...

CanSecWest, PacSec, & PWN2OWN - Dragos Ruiu - PSW #723 from 2022-01-15T10:00

Dragos is the Organizer of CanSecWest, PACSEC, originator of PWN2OWN, and does security auditing, and virtual engagement/training.

Visit Listen

A Look Back at the Most Active Year in Federal Cybersecurity Ever - Derek Johnson - ESW #256 from 2022-01-15T10:00

2021 was the most active year in federal cybersecurity policy. Ever. The Biden administration used executive orders, new regulations, public/private partnerships and novel law enforcement strate...

Mailing USBs, DoS in DoorLock, Moxie Resigns, QR Code Mystery, & Jarring Revelations - PSW #723 from 2022-01-14T22:00

This week in the Security News: Attacking RDP (from the inside), NetUSB exposed, the old mailing USB drives trick, a persistent DoS in your doorLock, Signal gets a new CEO, attacking the patchin...

New Year, Same Security Problems - Kris Lahiri - ESW #256 from 2022-01-14T22:00

It’s a new year and a time when we make resolutions…which often drop off by the start of February. To keep your security resolutions for 2022, today’s show will be about enterprise security pitf...

Log4j Exploit Step-By-Step - PSW #723 from 2022-01-14T10:00

The log4j vulnerability still exists in many environments. Learn how to exploit this vulnerability in our step-by-step guide. Please only use this information for research and testing purposes, ...

No Log4j, 2021 Recaps, or 2022 Resolutions! - BSW #245 from 2022-01-12T10:00

In the leadership and communications section, no, we're not discussing log4j, 2021 recaps or lessons learned, or 2022 new year's resolutions or predictions!

Visit Listen

Zero Trust Access To, From and Within the Cloud - Colby Dyess - BSW #245 from 2022-01-11T22:00

How cloud resources are architected and utilized is different for every organization, but whether cloud native or cloud traditionalist – security risk and complexity are problems. Concerns over ...

Broadening What We Call AppSec - Christien Rioux - ASW #179 from 2022-01-11T10:00

There's an understandable focus on "shift left" in modern DevOps and appsec discussions. So what does it take to broaden what we call appsec into something effective for modern apps, whether the...

Log4j for FTC, More JNDI, Cache Poisoning, Improving Default Configs, ThinkstScapes - ASW #179 from 2022-01-10T22:00

The FTC issues a warning about taking log4j seriously, JNDI is elsewhere, cache poisoning shows challenges in normalizing strings, semgrep for refactoring configs with security in mind, the Q4 2...

ESW End-of-Year Wrap Up - ESW #255 from 2021-12-25T22:00

In our final security weekly segment of the year, we're wrapping up by reminiscing about 2021's biggest, craziest, and most interesting stories. We'll chat about our favorite interviews of the y...

Zip Tie Pick, Wifi/Bluetooth Bugs, Domain Controllers, & Beetle Behavior - PSW #722 from 2021-12-25T10:00

The greatest exploit in the world, throw some more logs on the log4j fire, lock picking with a zip tie, hacking metal detectors, please disclose your vulnerabilities here, bugs in Wifi and Bluet...

Dragons & Unicorns, Phishing Training, GreyNoise, & Becoming Domain Admin - ESW #255 from 2021-12-25T10:00

In the Enterprise Security News for this week, ZeroFox has a $1.4 billion dollar blank check, Corellium raises a $25m series A, GreyNoise makes its data free to help out Log4j sufferers, AWS suf...

The State Of Internet Exposed Services - John Matherly - PSW #722 from 2021-12-24T22:00

John joins us to talk about what its like to run scans of the Internet on a regular basis. We'll talk about some trends, such as what is more exposed, what is less exposed, and how select segmen...

Bringing Autonomy to AppSec - Dr. David Brumley - ESW #255 from 2021-12-24T22:00

Log4j, solar winds, tesla hacks, and the wave of high profile appsec problems aren’t going to go away with current approaches like SAST and SCA. Why? They are: -40 years old, with little innovat...

Lock Picking & Physical Security - Deviant Ollam - PSW #722 from 2021-12-24T10:00

Many of us, myself included, learned lock picking techniques from Deviant. He comes on the show to talk about physical security in a pandemic, how to train for lock picking and physical security...

The Security Hippie, Part 2 - Barak Engel - SCW #99 from 2021-12-23T10:00

Author of "Why CISOs Fail" is joining us today to tell us about the success of his first book as well as introduce us to his forthcoming book, "Security Hippie. Barak is best known for pioneerin...

The Security Hippie, Part 1 - Barak Engel - SCW #99 from 2021-12-22T22:00

Author of "Why CISOs Fail" is joining us today to tell us about the success of his first book as well as introduce us to his forthcoming book, "Security Hippie. Barak is best known for pioneerin...

Office of the CISO, The Fearless CISO, and America's Cyber Reckoning - BSW #244 from 2021-12-22T10:00

In the leadership and communications section, The Office of the CISO: A Framework for the CISO, America’s Cyber-Reckoning, How to Include Cybersecurity Training in Employee Onboarding, and more!...

Security Maturity: From Hostage Negotiator to Business Leader - Sandy Dunn - BSW #244 from 2021-12-21T22:00

Throughout her career, Sandy Dunn has continued to mature and refine her skills. In the early days, she describes her job as a "hostage negotiator", constantly negotiating between the business t...

Latest Log4j, Outages & Availability, FPGA Security Concepts, & Bug Bounty Awards - ASW #178 from 2021-12-21T10:00

Log4j has more updates and more vulns (but probably not more heartburn...), revisiting outages and whether availability has made it into your threat models, deep dive into hardware security, ano...

Evolving Security Testing - Dan Guido - ASW #178 from 2021-12-20T22:00

What does a collaborative approach to security testing look like? What does it take to tackle an entire attack class as opposed to fixing a bunch of bugs? If we can shift from vulnerability miti...

Cyber-Loaded Bills, Dazz CSPM, Janky Tech, VC Startup Valuations, & Keanu Reeves Talk - ESW #254 from 2021-12-18T22:00

This week in the Enterprise News: Is the art of VC valuations a lie?, Noname Security hits unicorn status, Dazz sounds like an 80's cartoon character and is the latest to join the CSPM category ...

Printing Shellz, Block Chain For C2, Wordpress Theft, & Log4j Who? - PSW #721 from 2021-12-18T10:00

This week in the Security News: Printing Shellz, the exploit is in the link, 42 CVEs, time to update all of your browsers again, Microsoft App spoofing vulnerability, stealing credit cards in Wo...

The Evolution & Future of XDR & the SOC - Scott Crawford - ESW #254 from 2021-12-18T10:00

Like our interview with Allie Mellen last week (episode 253, check it out also), we have another analyst roundtable here (all ESW hosts are former analysts), discussing one of the hottest new cy...

What to Expect in 2022 - Sinan Eren - PSW #721 from 2021-12-17T22:00

Since it is Dec 15 - might make sense to have a discussion on what might be coming in 2022 in terms of security - topics could span Ransomware, and other threats as well as technology segments l...

Morale Is a Safety Control - Shoshana Gourdin - ESW #254 from 2021-12-17T22:00

Not all security is complicated--many aspects boil down to noticing that something is off. Attentive and curious employees are an overlooked safety mechanism, as is handling problems in a constr...

All Your Holiday Hack Challenge Belong To Us - Ed Skoudis - PSW #721 from 2021-12-17T10:00

Let's talk about the 2021 SANS Holiday Hack Challenge. Lotsa great new stuff this year, with a focus on hardware hacking in a virtual world... plus TWO cons at the North Pole.

Se...

Everything You Wanted to Know About CISOs But Were Afraid to Ask, Part 2 - Ben Carr - SCW #98 from 2021-12-16T10:00

Ben Carr will lead us in a discussion about the origins of the role of CISO, roles/responsibilities, and what it's like to be a CISO. We'll touch on qualifications, organizational structure, its...

Everything You Wanted to Know About CISOs But Were Afraid to Ask, Part 1 - Ben Carr - SCW #98 from 2021-12-15T22:00

Ben Carr will lead us in a discussion about the origins of the role of CISO, roles/responsibilities, and what it's like to be a CISO. We'll touch on qualifications, organizational structure, its...

(13 Traits + 7 Strategies)/2 = 10 Effective Ways to Improve Communication - BSW #243 from 2021-12-15T10:00

In the Leadership and Communications section: 13 traits of a security-conscious board of directors, 7 Strategies for CSO Cybersecurity Survival, 10 Effective Ways You Can Improve Your Communicat...

Why Hospitals Face Unique Security Challenges - Mike Murray - BSW #243 from 2021-12-14T22:00

-More than 25% of US hospitals have suffered at least one ransomware attack in the last two years. -Clearly, hospital IT teams, for the first time, the power to see and stop ransomware and other...

Log4Shell, Mozilla's BigFix & New Sandbox, Rust in Linux Kernel, Path Traversal in Go - ASW #177 from 2021-12-14T10:00

This week in the AppSec News, Mike & John talk: All about Log4Shell, Mozilla's BigFix bug and new sandbox, Rust in the Linux kernel, path traversals, reflections on the security profession, & mo...

DevSecOps, Compliance GRC, and the Future of Application Security - Francesco Cipollone - ASW #177 from 2021-12-13T22:00

DevSecOps has been traditionally very people centric. It is hard to measure software security and the landscape is becoming increasingly more complex with container, cloud, and infrastructure. D...

Unicorns Galore, Selling Text Messages, Spicy Takes, & Treacherous Devs - ESW #253 from 2021-12-11T22:00

Finally, in the enterprise security news: At least a dozen cybersecurity companies announced raises totaling more than $900m - just in the past week!, Permira proposes to take Mimecast private f...

Securing the Invisible: Holes in Your Visibility Fabric & Where Hackers Hide - Vincent Berk - ESW #253 from 2021-12-11T10:00

Riverbed’s Network Security Solutions provide the full-fidelity network visibility organizations need to see everything. The rise of cloud and user mobility has increased the complexity and the ...

Digging Into XDR - Allie Mellen - ESW #253 from 2021-12-10T22:00

XDR is the buzzword practitioners can't seem to escape. Or is it? Allie Mellen, Forrester Analyst, will cover her research on what XDR is and what it isn't to help practitioners understand what ...

Killing the SOC, Burger King Runes, ReliaQuest Valuation, & StrongDM - ESW #252 from 2021-12-04T22:00

This week in the enterprise security news: ReliaQuest crests a $1bn valuation, CyCognito raises a $100m Series C, AWS enhances cloud vulnerability management, StrongDM automates access to infras...

The 2021 Security Landscape & What Lies Ahead - Shailesh Athalye - PSW #720 from 2021-12-04T10:00

What are the key security challenges that customers faced this year? What did attackers do differently in 2021, and why are they succeeding more often? What can we expect in 2022? Shailesh will ...

Authentication Vulnerabilities - PSW #720 from 2021-12-04T10:00

Sven will present common vulnerabilities and issues that arise when implementing authentication and authorization in web applications.

This segment is sponsored by Invicti. Visit...

First Look: Is Passwordless Really Killing the Password? - ESW #252 from 2021-12-04T10:00

Passwordless is everywhere these days, but like most new security markets, it's shrouded in confusion. There are already dozens of vendors promising to kill the password, but they don't all seem...

Bypassing Biometrics, Hiding in Plain Sight, Hacker Cinema, & High Aspirations - PSW #720 from 2021-12-03T22:00

In the Security News for this week: Stop hiding your secrets in plain sight, Detecting Wildcard DNS Abuse, $5 setup that hacks biometrics, Managing passwords with pen and paper, Windows 10 Zero ...

Are We Ever Going to Get Information Sharing Right? - Edna Conway - ESW #252 from 2021-12-03T22:00

In this interview, we discuss defenders sharing information, how Edna deals with Azure's supply chain challenges, ransomware trends, and some future predictions. Edna has been in security as lon...

Hacker Situational Awareness, Part 2 - John Threat - SCW #97 from 2021-12-02T10:00

There’s something happening here – and what it is ain’t exactly clear to O.G hackers like John Threat or our own Mr. Jeff Man. We’re going to devote an episode talking about how things used to b...

Hacker Situational Awareness, Part 1 - John Threat - SCW #97 from 2021-12-01T22:00

There’s something happening here – and what it is ain’t exactly clear to O.G hackers like John Threat or our own Mr. Jeff Man. We’re going to devote an episode talking about how things used to b...

Leadership Triad, Awesome CISO Tips, & CISO Demands - BSW #242 from 2021-12-01T10:00

This week in the Leadership & Communications section, 'They Said a CISO Does What?', 5 Tips to be an awesome CISO, 9 tips for an effective ransomware negotiation, and more!

Visit...

CISO Transition: A CISO's Perspective - BSW #242 from 2021-11-30T22:00

We cover a lot of articles about CISO leadership, communications, skills, and yes, transition. This week we discuss the CISO transition from a CISO's perspective. I will interview my co-hosts on...

Bug Bounties in Windows/WebKit, Edge Hardening, OAuth Hardening, & GoDaddy Breach - ASW #176 from 2021-11-30T10:00

This week in the AppSec News: Bug bounty payout practices, Edge goes super duper secure mode, WebKit CSP flaw has consequences for OAuth, GoDaddy breach, vuln in MediaTek audio DSP, & more!

Solving Systemic Risk in Software Development - Chris Wysopal - ASW #176 from 2021-11-29T22:00

In today’s session Chris Wysopal will address a number of topics with Mike, including systemic risk in software development and how developers and security teams can work together to meet common...

Security & Compliance Thru the Lens of a Technology Journalist, Part 2 - Evan Schuman - SCW #96 from 2021-11-25T10:00

In the early days of PCI there was an online column called StorefrontBacktalk which focused on retail and technology issues. The column provided valuable insights from various specialists on the...

Security & Compliance Thru the Lens of a Technology Journalist, Part 1 - Evan Schuman - SCW #96 from 2021-11-24T22:00

In the early days of PCI there was an online column called StorefrontBacktalk which focused on retail and technology issues. The column provided valuable insights from various specialists on the...

4 Things Boards Should Know, 4 in 10 Orgs Don't Have a CISO, & Creating Culture - BSW #241 from 2021-11-24T10:00

In the Leadership & Communications section for this week: Four Things Your CISO Wants Your Board to Know, 4 in 10 Organizations Do Not Employ a CISO, Creating a Culture of Cybersecurity, & more!...

Preventing Attacks Through Risk Management & Governance - Kevin Powers, Padraic O'Reilly - BSW #241 from 2021-11-23T22:00

As a CISO tasked to present to the Board or other executives, communicating cybersecurity in business context is critical to success. Hear from Kevin Powers, who has taught hundreds of CISOs in ...

CVEs 4 CSPs, Malicious PyPi, Bounty Programs, Shared Responsibility, & Breach Costs - ASW #175 from 2021-11-23T10:00

This week in the AppSec News: What would CVEs for CSPs look like, clever C2 in malicious Python packages, diversity in bounty programs, shared responsibility and secure defaults, breach costs to...

wasmCloud - Distributed Computing With WebAssembly - Liam Randall - ASW #175 from 2021-11-22T22:00

CNCF wasmCloud helps developers to build distributed microservices in WebAssembly that they can run across clouds, browsers, and everywhere securely.

Segment Resources:

- ...

Congress Goes Cyber-Crazy, Emotet Returns, SnapAttack, & Netography - ESW #251 from 2021-11-20T22:00

This week in the Enterprise Security News: NDR startup Netography raises a $45m Series A with Martin Roesch at the helm! Data Security startup Laminar comes out of stealth with a $32m Series A T...

Suing Satoshi, Trojans in IDA, FBI Spam, Beg Bounties, & UPNP Strikes Again - PSW #719 from 2021-11-20T10:00

This week in the Security News: The FBI is spamming you, hacking exists in the mind, Beg Bounties, nasty top-level domains, MosesStaff, why own one npm package when you can own them all, how muc...

Skill Building: CTFs & Computer Fundamentals - Derek Rook - PSW #719 from 2021-11-19T22:00

Derek and the hosts will discuss technologies to build CTFs as well as what types of things to consider while doing so. They will also talk about the computer fundamentals that are often underva...

The Real Costs of Ransomware in 2021, 2022, & Beyond - Mike Campfield - ESW #251 from 2021-11-19T22:00

Ransomware: the problem that everyone is talking about, yet somehow continues to get worse with each passing year. In 2021, the cost of ransomware to global businesses is estimated to reach a wh...

Understanding Cyber Insurance Trends & Changes - ESW #251 from 2021-11-19T22:00

Jeffrey joins us today to guide us through the rapidly changing world of Cyber Insurance! We solicited some questions from our audience and look forward to picking his brain in this segment.

Building Vulnerable Docker Containers (On Purpose) - PSW #719 from 2021-11-19T10:00

I needed to create some vulnerable targets for testing exploits and my default password finder I wrote in Python (featured in previous episodes). I found a few useful projects, including Vulhub,...

CISA Guidance for MSPs and SMBs, Part 2 - Chris Loehr - SCW #95 from 2021-11-18T10:00

CISA recently published guidance for how managed service providers (MSPs) should approach security for their operations based on the premise that cyber threat actors are known to target MSPs to ...

CISA Guidance for MSPs and SMBs, Part 1 - Chris Loehr - SCW #95 from 2021-11-17T22:00

CISA recently published guidance for how managed service providers (MSPs) should approach security for their operations based on the premise that cyber threat actors are known to target MSPs to ...

4 Attributes of a Great Leader & 5 Myths About Management & Cybersecurity - BSW #240 from 2021-11-17T10:00

In the Leadership and Communications section, The Gardener: Four Attributes Of A Great Leader, Unpacking 5 Myths About Management, 5 Cybersecurity Myths That Make You More Vulnerable to Attacks,...

Protecting Identity Services - Tony Cole - BSW #240 from 2021-11-16T22:00

Identity Services such as Active Directory is an area that is almost always utilized by the attacker after the initial endpoint is compromised. This is an area lacking critical focus by defender...

PAN-OS Vuln, ChaosDB, Fuzzing BusyBox, Refactoring in Rust, HTML Smuggling - ASW #174 from 2021-11-16T10:00

In the AppSec news: Disclosure decisions and CVE-2021-3064, technical details behind ChaosDB in Azure, fuzzing BusyBox, Prossimo and Rust, vulns in Nucleus RTOS, & HTML smuggling!

Mobile Application Security - Ryan Lloyd - ASW #174 from 2021-11-15T22:00

Mobile applications have a unique attack surface. The tools and techniques being used to compromise these environments are constantly evolving. We'll talk about how to harden mobile apps against...

Record Unicorns, SCYTHE Series A, SPAC Fails, McAfee Worth $14B, & Hashicorp IPO - ESW #250 from 2021-11-13T22:00

In the Enterprise Security News for this week: Drata reaches unicorn status in record time with a $100m Series B, SCYTHE announces a $10m Series A, McAfee Consumer business acquired for $14b, WP...

Building a Risk Based Security Program That Actually Works - Nick Leghorn - ESW #250 from 2021-11-13T10:00

Risk based security programs are all the rage, from managers looking to "trim" the security budget to regulatory bodies looking for excuses to fine your company. Nick is a security pro who has s...

MAVSH - Sachin Mahajan - PSW #718 from 2021-11-12T22:00

Over the course of 2020 and 2021 new UAV regulations and restrictions, such as Remote Identification, have threatened UAV hobbyist's ability to fly freely. These new regulations did leave hobbyi...

MegatronAL on Kicking in the Door to Cybersecurity - Angela Marafino - ESW #250 from 2021-11-12T22:00

I once told my college advisor that I wanted to double major in computer science and jazz performance. She laughed at me. Instead, I jumped into a career in IT and played jazz - without a degree...

Stalkerware Capabilities in the Real World - Lodrina Cherne, Martijn Grooten - PSW #718 from 2021-11-12T10:00

Can using technology risk your personal safety? Tracking information can be shared with attackers and facilitate cyberstalking in multiple ways including key logging and screen sharing. Explorat...

TIPC Kernel Vulns, SBDCs, Truckloads of GPUs, & Hardcoded SSH Keys - PSW #718 from 2021-11-12T10:00

This week in the Security News: NPM hijacked again, hardcoding your keys, PAN-ODay, more Nmap in your python or python in your nmap, put your Docker API to rest, Busybox will own your box, Micro...

Governance, Risk, & Compliance...so What? - Part 2 - Allan Alford - SCW #94 from 2021-11-11T10:00

Join us on this episode of SCW for a general discussion about how to do this whole security/compliance thing better; how compliance really needs to come first; how it's all risk-based or should ...

Governance, Risk, & Compliance...so What? - Part 1 - Allan Alford - SCW #94 from 2021-11-10T22:00

Join us on this episode of SCW for a general discussion about how to do this whole security/compliance thing better; how compliance really needs to come first; how it's all risk-based or should ...

A CISO's Life, FOMO Is Real, & Cybersecurity's Hiring Problem - BSW #239 from 2021-11-10T10:00

In the Leadership and Communications section, The First 100 Days in A CISO’s Life — Biggest Mistakes and Best Quick Wins, Hybrid work woes: FOMO is real, employees feel disconnected, Breaking Do...

Reinvigorating Cybersecurity Teams - Sara Griffith, Suresh Balasubramanian - BSW #239 from 2021-11-09T22:00

The rise in cyberattacks and the switch to remote work has kept security teams busy, but it has also left them isolated by halting their ability to meet with peers and network with industry frie...

Linux Kernel TIPC RCE, NPM Malware, OTP 2FA Bots, & Security Labels - ASW #173 from 2021-11-09T10:00

This week in the AppSec News, Mike and John talk: Excel gains support for JavaScript data types and functions, arbitrary code execution in Linux kernel TIPC, more malware in npm packages, threat...

A Standardized Approach to SBOM - Dan McKinney - ASW #173 from 2021-11-08T22:00

In this segment, Mike and Dan McKinney from Cloudsmith will be discussing SBOM and what that looks like for your applications. Other topics include: cloud-native tooling for your software supply...

Facebook Gets Meta, Crazy Valuations, IBM XDR, & Analysts V.S Darktrace - ESW #249 from 2021-11-06T21:00

In the Enterprise Security News for this week: Laika raises $35m in the growing compliance-as-a-service segment, IBM launches XDR, CrowdStrike acquires SecureCircle and moves into the data layer...

Shrootless Bug, Statistic Stats, Trojan Source, Fake Students, & Clippy Returns - PSW #717 from 2021-11-06T09:00

This week in the Security News: LOLbins that make you LOL, over exposing your medical records, Shrootless gets past SIP, 73.6% of statistics are made up and other such lies, we love Signal, if a...

Building Up the Blue Team - Frank McGovern - ESW #249 from 2021-11-06T09:00

Traditionally, the red team has been seen as "fun and interesting", with blue team characterized as "all work, no play" in terms of cybersecurity career paths. Today we talk with Frank McGovern ...

Peel Back the Layers of Your Enterprise with Security Onion 2 - Doug Burks - PSW #717 from 2021-11-05T21:00

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. We've got a new container-based platform that is more flexible, more powerful, ...

Detecting the Next Breach: How to Win the War With NSX NDR - Chad Skipper - ESW #249 from 2021-11-05T21:00

When it comes to detecting the next cyber breach, would your organization pass the test? Of course, in real life, you not only need to ace the practice exam – you need to test against the real t...

Part 2: Scanning For Default Creds With Python - PSW #717 from 2021-11-05T09:00

We've updated our script with all sorts of new features. The latest version uses the TOML configuration file format to store the vendor information and the credentials to test with. We'll focus ...

Security Industry Burnout, Part 2 - Rick McElroy - SCW #93 from 2021-11-04T09:00

With cybersecurity skills already in short supply, the prospect of losing what little workforce there is to pull from to resignations (especially in the context of the ‘Great Resignation’), is a...

Easy Ways for Businesses to Become More Resilient - Kyle McNulty - BSW #238 from 2021-11-03T21:00

More and more, start-ups and small companies have to consider cybersecurity earlier in their growth cycle. Whether for a VC investment or revolutionary customer, cybersecurity can make or break ...

Security Industry Burnout, Part 1 - Rick McElroy - SCW #93 from 2021-11-03T21:00

With cybersecurity skills already in short supply, the prospect of losing what little workforce there is to pull from to resignations (especially in the context of the ‘Great Resignation’), is a...

10 Questions, 5 Personality Traits, & 3 Security Priorities - BSW #238 from 2021-11-03T09:00

This week, in the Leadership and Communications section, 10 Questions Great Bosses Ask Themselves, 5 cybersecurity personality traits for a successful career, 3 Security Priorities to Support th...

Discourse RCE, Trojan Source, WhatsApp Security, & Privacy Engineering - ASW #172 from 2021-11-02T09:00

This week in the AppSec News, Mike & John talk: Discourse SNS webhook RCE, a checklist for a Minimum Viable Secure Product, WhatsApp security assessment, privacy engineering specialties, & DevOp...

Untangling API Security in 2022 - Peter Klimek - ASW #172 from 2021-11-01T21:00

Peter will talk to the challenges he's hearing from customers and partners about managing the security of APIs and what considerations organizations need to make in 2022 to better protect these ...

Market Analysis With a VC - Introducing Will Lin - ESW #248 from 2021-10-30T21:00

In our news segments, we often discuss and explore the ever-expanding vendor landscape. Funding rounds are getting huge, we're seeing upwards of 40 acquisitions each month - there's a lot of mon...

Iranian Gas, Smelly Towns, View Source Legality, EBCDIC & GDPR, & Unlocking Oculus Go - PSW #716 from 2021-10-30T09:00

This week in the Security News we talk: Its still not illegal to look at HTML source code, Nobelium strikes again, npm infections, gas is cheap in Iran, if you can get it, Google Tensor, going b...

Piiano, Scanning Your Eyes, Rainbow Unicorns, Netflix Execs, & Yeast Milk - ESW #248 from 2021-10-30T09:00

In the Enterprise Security News, Devo, Dragos, Cato Networks and Aura have all announced $200m or larger funding rounds, TransUnion acquires Sontiq for $638m, Summit Partners acquires Invicti fo...

What Exactly Is an Incident Commander, Anyway - Matt Linton - PSW #716 from 2021-10-29T21:00

You may have seen the term "Incident Commander" in discussions about incident response, but do you know where that term came from and what it means? How can professionalizing your incident respo...

Decrypt As If Your Security Depends On It - Jamie Moles - ESW #248 from 2021-10-29T21:00

Use of encryption is on the rise: both by cyber defenders and the attackers they’re tasked to defend against. Encryption has reached near-full adoption by internal teams hoping to implement stro...

Focusing on Preventing Ransomware - Roger Grimes - PSW #716 from 2021-10-29T09:00

A good backup is not prevention. Its recovery. Roger A. Grimes, author of the just released Ransomware Protection Playbook (Wiley), and author of 12 other books and over 1100 articles on compute...

Mapping Across an Ocean of Security Frameworks, Part 2 - Thomas Sager, Tony Sager - SCW #92 from 2021-10-28T09:00

Tony and Thomas will discuss the importance, value, and challenge of cross-mapping security frameworks, and the rationale and process used by CIS to create end support mapping, some real-world e...

Mapping Across an Ocean of Security Frameworks, Part 1 - Thomas Sager, Tony Sager - SCW #92 from 2021-10-27T21:00

Tony and Thomas will discuss the importance, value, and challenge of cross-mapping security frameworks, and the rationale and process used by CIS to create end support mapping, some real-world e...

Board Tips & Tricks, Security Culture, & Zero Trust Myths - BSW #237 from 2021-10-27T09:00

In the Leadership and Communications section for this week: CISOs: Approach the board with precision, simplicity, Layoffs Taught Me To Never Make 3 Powerful Leadership Mistakes, 6 zero trust myt...

Fight Fire With Fire: Proactive CyberSec Strategies for Security Leaders - Renee Tarun - BSW #237 from 2021-10-26T21:00

With today’s expanding attack surface, constantly evolving threat landscape, and growing cyber skills gap, cybersecurity leaders need actionable advice from seasoned peers more than ever. Renee ...

UAParser.js Malware in NPM, Squirrel Sandbox Escape, Securing CI/CD, & AppSec Videos - ASW #171 from 2021-10-26T09:00

This week in the AppSec News: Malware in the UAParser.js npm package, security vuln in Squirrel scripting language, a blueprint for securing software development, L0phtCrack now open source, app...

Security Champions in an Online First World - Ashish Rajan - ASW #171 from 2021-10-25T21:00

Ashish will talk about building a security champion in an online world and how SAST as it stands today will die in the world of DevOps and Cloud.

Segment Resources:

Listen

Wild Hippos, Chrome FTP, L0phtCrack Is Open-Source, Win 11 Pentium, & Legacy Systems - PSW #715 from 2021-10-24T09:00

This week in the Security News: More security advice for non-profits, faster 0-day exploits, ban all the things, you are still phishable, how to treat security researchers, what the heck is cybe...

Scanning For Default Credentials With Python - PSW #715 from 2021-10-23T21:00

We've been working on this Python project that will use the Nmap Python library to scan the local network, enumerate select systems and devices, try to login with default or known credentials, a...

Evolution & Maturity of the Cybersecurity Industry - Maxime Lamothe-Brassard - PSW #715 from 2021-10-23T09:00

The business of Security is gaining in maturity, from being an obscure corner of IT to becoming a core part of the C-Suite. How is this transformation happening and what can we learn from the si...

What We've Learned From Interviewing Cybercriminals - Adam Janofsky - ESW #247 from 2021-10-22T21:00

Over the last year, The Record has published several interviews between security analysts and cybercriminals. This includes representatives from REvil, BlackMatter, and Marketo. The interviews h...

Query.AI, Tenchi Security, HelpSystems, CrowdStrike, & Snowcat Scanner for Istio - ESW #247 from 2021-10-22T09:00

This Week in the Enterprise Security News: HelpSystems Acquires PhishLabs, Elastic and Optimyze, The Leading Indicators of a Great Info/Cybersecurity Program, & more!

Visit Listen

First Jobs in Cybersecurity: The Analyst Role - Joshua Copeland - ESW #247 from 2021-10-21T21:00

There are tons of cybersecurity job openings for folks with 3-5 years of experience, but where are the junior roles? How are people getting their initial 3-5 years in? Josh and the ESW hosts dis...

Excited About PCI DSS 4.0? What to Expect & How to Prepare, Part 2 - Chris Pin - SCW #91 from 2021-10-21T09:00

We’re getting closer to the Q1 2022 release of PCI DSS 4.0, which is expected to differ from the current PCI DSS 3.2.1 version in a few key ways. This includes giving organizations more options ...

Excited about PCI DSS 4.0? What to Expect & How to Prepare, Part 1 - Chris Pin - SCW #91 from 2021-10-20T21:00

We’re getting closer to the Q1 2022 release of PCI DSS 4.0, which is expected to differ from the current PCI DSS 3.2.1 version in a few key ways. This includes giving organizations more options ...

Building Your Zero Trust Architecture: Stronger, Simpler Access Controls - Jason Garbis - BSW #236 from 2021-10-20T09:00

Zero Trust has quickly become a cybersecurity mandate and also the most abused term in the industry. The core tenants of Zero Trust are rooted in the ability to deliver secure access, which is a...

Security Money - The Index Hits a Turkey (3 Records in a Row) - BSW #236 from 2021-10-19T21:00

The Security Weekly 25 Index hits an all-time high for the third straight quarter! In this segment, Matt, Jason, and Ben break down the cybersecurity market winners and losers, in both the publi...

View Source, Bindiff for Vuln Analysis, Bypass with GitHub Actions, & NIST DevSecOps - ASW #170 from 2021-10-19T09:00

This Week in the AppSec News: View source good / vuln bad, IoT bad / rick-roll good, analyzing the iOS 15.0.2 patch to develop an exploit, bypassing reviews with GitHub Actions, & more NIST DevS...

Dev(Sec)Ops Scanning Challenges & Tips - Nuno Loureiro, Tiago Mendo - ASW #170 from 2021-10-18T21:00

There's a plenitude of ways to do Dev(Sec)Ops, and each organization or even each team uses a different approach. Questions such as how many environments you have and the frequency of deployment...

IoT Rickroll, Suing Over Disclosures, K-12 Cybersecurity Act, & SS7 Signaling - PSW #714 from 2021-10-17T09:00

This week in the Security News: Following the ransomware money, the Mystery Snail, school cybersecurity is the law, sue anyone, just not security researchers, "hacking" a flight school, refusing...

GraphQL - Sven Morgenroth - PSW #714 from 2021-10-16T21:00

Sven will talk about GraphQL APIs. He is going to show common issues that arise from its usage and how to attack GraphQL applications.

This segment is sponsored by Invicti. Visit...

Open Source Endpoint Security with Osquery & Fleet - Zach Wasserman - PSW #714 from 2021-10-16T09:00

The world's top tech organizations are pursuing an open-source endpoint security strategy using osquery. We will dig into how osquery and Fleet can enable observation, collection, and investigat...

Wiz Valuation, Facebook OSS Tools, Gretel.ai, & Yubico Biometric Keys - ESW #246 from 2021-10-15T21:00

In the Enterprise Security News: Wiz raises $250 million at a staggering $6 billion valuation, Gretel.ai, another privacy engineering startup, raises $50 million, Forcepoint acquires Bitglass, Y...

Why Less Is More for Static Application Scanning - Surag Patel - ESW #246 from 2021-10-15T09:00

Seeking to capitalize on the full potential of digital transformation, organizations are turning to serverless applications to accelerate development cycles, reduce operational complexities, and...

A Plea for Better Press Releases - ESW #246 from 2021-10-14T21:00

A big part of preparing for Security Weekly news segments is reading press releases. Most of us also get emails whenever a cybersecurity vendor sends out a press release. Too many are frivolous,...

Social Engineering Deep Dive, Part 2 - Perry Carpenter - SCW #90 from 2021-10-14T09:00

Tune in for this discussion on social engineering and its merits on being recognized as a legitimate component of cyber security. We'll also dive into the whole notion of motive and intent as it...

Social Engineering Deep Dive, Part 1 - Perry Carpenter - SCW #90 from 2021-10-13T21:00

Tune in for this discussion on social engineering and its merits on being recognized as a legitimate component of cyber security. We'll also dive into the whole notion of motive and intent as it...

Top Cybersecurity Statistics/Trends/Facts, Zero Trust, & Hiring Strategies - BSW #235 from 2021-10-13T09:00

In the Leadership and Communications section for this week: How to strive and thrive [in a meeting], 5 steps toward real zero trust security, Seven strategies for building a great security team,...

The Human Element of Security Awareness - Brian Reed - BSW #235 from 2021-10-12T21:00

It is Cybersecurity Awareness Month, but security awareness is a lot tougher than just dedicating a month to awareness activities. Security awareness is a journey, requiring motivation along the...

Twitch Breach, HTTPd Path Traversal, Disabling Macros, & Great Cybersecurity Programs - ASW #169 from 2021-10-12T09:00

This week in the AppSec News, Mike and John talk: The Twitch breach, a path traversal in Apache httpd, Microsoft disables macros by default after almost 30 years, factors in a great cybersecurit...

Modernizing the Management of Your Software Supply Chain - Tom Gibson - ASW #169 from 2021-10-11T21:00

SBOM: What does it really tell you and the importance of having one for your organization.

- Finding and fixing known vulnerabilities in dependencies and container images

- Buildin...

LANtennas, ESXi & Python, Twitch Leaks, Facebook BGP, & iPhone Is Always On - PSW #713 from 2021-10-10T09:00

This week in the Security Weekly News: Brushing that data breach under the rug? Get sued by the US Government!, all your text messages belong to someone else, beware of the Python in your ESXi, ...

Up & Running With Security Onion - PSW #713 from 2021-10-09T21:00

There are many options to choose from when setting up The Security Onion. The use cases are vast, including a NIDS (Zeek, Suricata), HIDS (Beats, Wazuh, osquery) and standalone instances for a S...

Survey Says: Improve Your Security Posture by Purple Teaming - Dan DeCloss - PSW #713 from 2021-10-09T09:00

Today Dan DeCloss, CEO of PlexTrac, joins the panel to share results from a CyberRisk Alliance survey of 315 security practitioners in the U.S. and Canada. This research, sponsored by PlexTrac, ...

Privacy Engineering Firms, Facebook Outages, Orca Series C, & Gravwell - ESW #245 from 2021-10-08T21:00

In the Enterprise Security News for this week: Orca Security raises all the money, Privacy engineering firms hit their funding stride, McAfee and FireEye merge, but where's RSA's dance partner? ...

Shifty Adversaries, Shifting Tactics - Ryan Kalember - ESW #245 from 2021-10-08T09:00

Once again, it is Cybersecurity awareness month and we'll be talking with Ryan Kalember about the latest threats and other activities he and Proofpoint have going on this month. When it comes to...

Better Sales, Worse Relationships? - Richard Reinders - ESW #245 from 2021-10-07T21:00

Sales teams are under more pressure than ever to locate and bring in new customers. The methods they use can range from clever to questionable. While some of the more ethically questionable meth...

ISO27001, Part 2 - Wim Remes - SCW #89 from 2021-10-07T09:00

This week we're talking all things ISO27001 with Wim Remes! We're starting with what it is, the who, what, where, when, why etc. then we'll talk about the bad and the good. Tune in for this spec...

ISO27001, Part 1 - Wim Remes - SCW #89 from 2021-10-06T21:00

This week we're talking all things ISO27001 with Wim Remes! We're starting with what it is, the who, what, where, when, why etc. then we'll talk about the bad and the good. Tune in for this spec...

CISA's Initiatives, Partnerships, and Cybersecurity Awareness Month - Alaina Clark - BSW #234 from 2021-10-06T09:00

We kick-off Cybersecurity Awareness Month with Alaina Clark, Assistant Director for Stakeholder Engagement at the Cybersecurity and Infrastructure Security Agency (CISA). Jill Aitoro, Editor in ...

Medical Device Security - Dan Purvis - BSW #234 from 2021-10-05T21:00

With the first recorded death from a Ransomware attack during the Pandemic, it's time to take medical device security seriously. Dan Purvis, CEO at Velentium, joins Business Security Weekly to d...

Prototype Pollution, Funding Open Source Security, Expiring Root CA, Mariana Trench - ASW #168 from 2021-10-05T09:00

In the AppSec News, John and Mike discuss Prototype pollution vulns, funding open source project hardening, Let's Encrypt root CA expires, and Marian Trench scanner for Android and Java!

...

The Power of Developer-First Security - Hillary Benson - ASW #168 from 2021-10-04T21:00

Developers want to write good code. Secure code. Security tools that optimize developer workflows for handling security issues can take a large burden off security practitioners and make triagin...

Pickpocketing Apple Pay, Mandatory Breach Reporting, Huawei Fears, & Cyber Criminals - PSW #712 from 2021-10-02T21:00

In the Security News, Microsoft adds automated mitigations for Exchange servers, Senior US cyber officials support mandatory breach reporting, 2021 has broken the record for 0days, but maybe tha...

Defense Strategies to Combat Sophisticated Ransomware - Mehul Revankar - PSW #712 from 2021-10-02T09:00

To defend themselves, companies need to detect ransomware attacks early, gather the intelligence to understand the attack, and prevent the attacks from occurring in the future. Qualys’ Mehul Rev...

Startup Post Mortems, Live Security Statuses, LG Acquires Cybellum, & Coalition - ESW #244 from 2021-10-01T21:00

In the Enterprise Security News: Cyber insurance firm Coalition lands a $205m Series E with a $3.5bn valuation, Risk management platform Panorays nabs $42m, Jscrambler raises a $15m Series A to ...

The Importance of Identity Detection and Response (IDR) - Joseph Salazar - ESW #244 from 2021-10-01T09:00

Identity Detection and Response (IDR) is a new security category that focuses on protecting credentials, privileges, cloud entitlements, and the systems that manage them across endpoints, Active...

How Good CISOs Build Bad Security Programs - Juliet Okafor - ESW #244 from 2021-09-30T21:00

No Man is an Island. Neither can a security program exist without interconnections and strong relationships to the rest of the business. Yet, over and over again I meet Security Leaders that thr...

Compliance and “The Crowd”, Part 2 - Casey Ellis - SCW #88 from 2021-09-30T09:00

Crowdsourcing and multi-sourcing focus on risk identification and reduction, and they seem to be effective... but my auditor doesn't understand what it is yet - Will it meet the requirements of ...

Compliance and “The Crowd”, Part 1 - Casey Ellis - SCW #88 from 2021-09-29T21:00

Crowdsourcing and multi-sourcing focus on risk identification and reduction, and they seem to be effective... but my auditor doesn't understand what it is yet - Will it meet the requirements of ...

CISO vs. CIO, CISO & the C-Suite, & How the CISO Works With the CPO - BSW #233 from 2021-09-29T09:00

This week in the Leadership and Communications section, Who actually owns cyber security: CISO vs. CIO, How to Say “No” After Saying “Yes”, Decode different types of business interruption insura...

Building Security from Scratch: One Year as CISO at a Start-up - Guillaume Ross - BSW #233 from 2021-09-28T21:00

We often think "this would be so much better if done properly from the beginning", but the reality is, doing things from scratch comes with different challenges. Managing priorities, deciding wh...

Exchange's Great Leak, RCE in VMware, IoT Bug in MQTT, & Chrome's Memory Safety Nets - ASW #167 from 2021-09-28T14:04:30

This week in the AppSec News: The Great Leak flaw in Exchange's auto discover feature, common flaws in VMware and Nagios, memory issues and SSRF in Apache's HTTP server, Chrome's plans for memor...

AppSec Orchestration/Correlation & DevSecOps Efficiency - Anita D'Amico, Patrick Carey - ASW #167 from 2021-09-28T13:14:02

In its 2019 Hype Cycle for Application Security report, Gartner revealed a new, “high-priority” category called Application Security Orchestration and Correlation (ASOC). ASOC delivers three pri...

Renting Your Phone, Public-Key Explained, Toilet Identification, & AutoDiscover Bug - PSW #711 from 2021-09-26T09:00

This week in the Security News: What to do with your old hardware, renting your phone, "persistently execute system software in the context of Windows", sensational headline: ransomware could ca...

Nzyme - Paul Asadoorian & Larry Pesce - PSW #711 from 2021-09-25T21:00

In this segment Paul and Larry attempt to confirm or deny that Nzyme performs intelligent device fingerprinting and behavioral analytics to detect rogue actors. Classic signature-based detection...

Velociraptor - Digging Deeper - Mike Cohen, Wes Lambert - PSW #711 from 2021-09-25T09:00

Velociraptor is a multi-platform, open-source, endpoint forensics, monitoring, and response platform that allows security professionals to quickly and easily dig through host artifacts and perfo...

The Color White, Forgerock IPO, Ditching Your Microsoft Password, & Neosec - ESW #243 from 2021-09-24T21:00

This week in the Enterprise Security News: Funders Fund Values Identity Startup Persona at $1.5 billion, Neosec Emerges from Stealth With $20.7 million in funding, F5 acquires threat stack, Forg...

Threat Intelligence & Threat Hunting - Chris Cochran - ESW #243 from 2021-09-24T09:00

Chris will discuss the relevance of intelligence and threat hunting today and how they work together. He will also talk about his EASY framework for creating impactful intelligence and its relat...

Scaling Application Security - Joe Gillespie, Nuno Loureiro - ESW #243 from 2021-09-23T21:00

A common ratio between Appsec and development teams is 1:100 (1 Security Engineer for every 100 developers). Scaling Appsec teams, especially when it comes to security testing, becomes challengi...

Activism v. Hacktivism, Part 2 - Johanna Baum - SCW #87 from 2021-09-23T09:00

"Hacktivism" is a controversial term with several meanings. The word was coined to characterize electronic direct action as working toward social change by combining programming skills with crit...

Activism v. Hacktivism, Part 1 - Johanna Baum - SCW #87 from 2021-09-22T21:00

"Hacktivism" is a controversial term with several meanings. The word was coined to characterize electronic direct action as working toward social change by combining programming skills with crit...

Boards Rethink Incident Response, CISOs & CIOs Share, & Stay True to Ethics - BSW #232 from 2021-09-22T09:00

This Week, in the Leadership and Communications section: Boards rethink incident response playbook as ransomware surges, How CISOs and CIOs should share cybersecurity ownership, How CISOs are Bu...

Accelerate 0-Trust Adoption W/ End2End Visibility & Increased Collaboration - Tom Roeh - BSW #232 from 2021-09-21T21:00

It's no surprise that Zero Trust initiatives are increasing in importance in both the public and private sectors. New cybersecurity mandates and a boom in remote work due to COVID-19 are just tw...

OMIGOD, FORCEDENTRY, Code Ownership, Security as a Product, & IoT Device Criteria - ASW #166 from 2021-09-21T09:00

This week in the AppSec News, Mike and John talk: RCE in Azure OMI, punching a hole in iMessage BlastDoor, Travis CI exposes sensitive environment variables, keeping code ownership accurate, dep...

Transforming Modern Software Development with Developer-First AppSec - Jeff Williams - ASW #166 from 2021-09-20T21:30

Modern software development demands a different approach to application security. Contrast’s developer-first Application Security Platform empowers developers to accelerate the release of secure...

Dubious Drones, NSO Group, Apple's Bug Bounties, Ghostscript 0-Day, & IBM Server Bugs - PSW #710 from 2021-09-19T09:00

This week in the Security News: Anonymous hacks Epik (with a K), Fuzzing Close-Source Javascript Engines, ForcedEntry, 8 Websites that can replace computer software, REvil decryptor key released...

Brakeman - Justin Collins - PSW #710 from 2021-09-18T21:00

Brakeman is a free static analysis security tool specifically designed for Ruby on Rails applications. It analyzes Rails application code to find security issues at any stage of development. Jus...

The State of Network Security in 2021 - Sinan Eren - PSW #710 from 2021-09-18T09:00

Network breaches, ransomware attacks, and remote-work challenges highlight the need for cloud-native Secure Access Service Edge (SASE) deployments.

Show Notes: Listen

Palo Alto Goes IoT, Numbers Lose Their Meaning, BitSight, & Colossal Mammoths - ESW #242 from 2021-09-17T21:00

This week in the Enterprise News: Adrian's first Enterprise News in the Captain's Seat, BitSight raises $250m on a $2.4bn valuation, Palo Alto Networks enters the consumer IoT market, Martin Roe...

The Device Security Divide - John Loucaides - ESW #242 from 2021-09-17T09:00

Organizations are divided. Some will be able to lean into mitigations against catastrophic and cascading failures. Others will not. In this discussion, we will explore the risk tradeoffs in firm...

Web Asset Discovery in Application Security - Tolga Kayas - ESW #242 from 2021-09-16T21:00

Large organizations develop hundreds of new web applications every year. Some of those deployments are lost in time, and others go wild with high severity vulnerabilities. Forgotten and outdated...

Insider Threats Overview - Going Beyond The Norm, Part 2 - Jim Henderson - SCW #86 from 2021-09-16T09:00

Defining Insider Threats / Going Beyond Traditional Definitions (What Is Really Happening Behind Firewalls) How Damaging And Costly An Insider Threat Incident Can Be? (Eye Opening Examples From ...

Insider Threats Overview - Going Beyond The Norm, Part 1 - Jim Henderson - SCW #86 from 2021-09-15T21:00

Defining Insider Threats / Going Beyond Traditional Definitions (What Is Really Happening Behind Firewalls) How Damaging And Costly An Insider Threat Incident Can Be? (Eye Opening Examples From ...

SEC Is Serious, CISA's Bad Practices, & What Tech Workers Really Want - BSW #231 from 2021-09-15T09:00

This Week, in the Leadership and Communications section, The SEC Is Serious About Cybersecurity. Is Your Company?, CISA Urges Organizations to Avoid Bad Security Practices, IT leaders facing bac...

Cyber Education Is the Key to Solving the Skills Gap - Kevin Nolten - BSW #231 from 2021-09-14T21:00

Kevin Nolten, Director of Academic Outreach from Cyber.org, joins Business Security Weekly to discuss how cyber education is the key to solving the skills gap and developing the next generation ...

OWASP Top 10, CISA Bad Practices, Azurescape, Confluence RCE, & API Security Tokens - ASW #165 from 2021-09-14T09:00

This week in the AppSec News, Mike and John talk: OWASP Top 10 draft for 2021, bad practices noted by CISA, Azurescape cross-account takeover, Confluence RCE, WhatsApp image handling, API securi...

Findings From the 2021 AppSec Shift Left Progress Report - Manish Gupta - ASW #165 from 2021-09-13T21:00

Data from the ShiftLeft customer report shows that companies that have rebuilt their core testing processes around faster and more accurate static analysis are able to release more secure code a...

Iframe Security - Benjamin Daniel Mussler - PSW #709 from 2021-09-05T09:00

Benjamin will discuss securing iframes with the sandbox attribute. This segment is sponsored by Acunetix.

Visit https://securitywee...

Hacking Honda, Insider Threat Galore, ChaosDB, USB File Weight, & Linux 5.14 - PSW #709 from 2021-09-04T21:00

This week in the Security News: Hacking Honda, a fact about single-factor, disarming your home and alarming vulnerability disclosure response, btw, you have a Sudo vulnerability, NSO under inves...

Nmap Vulnerability Scanning/Flan Scan - PSW #709 from 2021-09-04T09:00

Paul presents a Technical Segment that walks through Nmap, Vulners scripts, & Flan Scan!

Visit https://www.securityweekly.com/psw Listen

"Lift & Drag", BeyondTrust, Absolute DataExplorer, & RDP Exploits - ESW #241 from 2021-09-03T21:00

This week in the Enterprise News, "inertia in cybersecurity strategy", Check Point acquires Avanan, Absolute DataExplorer, BreachQuest Launches with $4.4m in seed funding, Acronym Bingo, & More!...

Putting the "R" in the NDR - John Smith - ESW #241 from 2021-09-03T09:00

It's time to think more broadly about the R in NDR. Incident responders need a full spectrum of response–from hunting and investigations to remediation–not just another alert cannon. While block...

Transparency in Large Supply Chains - Philippe Lafoucrière - ESW #241 from 2021-09-02T21:00

GitLab is unique in many ways, but our transparency value is pushing us to mature our Security posture faster than attackers. Discover how GitLab iterates quickly to adapt to a world where every...

The Truth Behind the Payments, Part 2 - Christopher Bulin - SCW #85 from 2021-09-02T09:00

SMB needs to understand the importance of being PCI compliant and that just because the verbiage on a website says the vendor is compliant, doesn't make the merchant compliant. Just because it s...

The Truth Behind the Payments, Part 1 - Christopher Bulin - SCW #85 from 2021-09-01T21:00

SMB needs to understand the importance of being PCI compliant and that just because the verbiage on a website says the vendor is compliant, doesn't make the merchant compliant. Just because it s...

State of Cyber Threats: Tenfold Increase in Ransomware - Derek Manky - BSW #230 from 2021-09-01T09:00

Looking into the first half of 2021, there are important indicators of what cyber adversaries are planning next. This will be a conversation about cyberthreat trends and looking into takeaways f...

Staff Attrition Is Rising, Retaining Women in Tech, & Growing Privacy Concerns - BSW #230 from 2021-08-31T21:00

In the Leadership and Communications section, Executives in tech say staff attrition is rising, 7 in 10 Facility Managers Consider OT Cybersecurity a Major Concern, Consumers Concerned About Per...

ChaosDB, OpenSSL String Bugs, Revealing Locations, & More Top 15 Vulns - ASW #164 from 2021-08-31T09:00

This week in the Application Security News, Mike and John talk: Flaws in Azure's CosmosDB, OpenSSL vulns in string handling, dating app location security, cloud security orienteering, detailed S...

A DevOps Perspective on Risk Tolerance & Risk Transfer - Caroline Wong - ASW #164 from 2021-08-30T21:00

In the segment Mike and Caroline will discuss Risk Tolerance and Risk Transfer. They'll touch on the following: risk ranking, risk transfer in supply chain, how to diversify security controls, t...

Yard Sales, Bitcoin Thief Charged, Mouse Privilege Escalation, & LED Eavesdropping - PSW #708 from 2021-08-29T09:00

This week in the Security News: Some describe T-Mobile security as not good, if kids steal bitcoin just sue the parents, newsflash: unpatched vulnerabilities are exploited, insiders planting mal...

Trends in Mac Malware & Apple Security - Patrick Wardle - PSW #708 from 2021-08-28T21:00

Apple's new M1 systems offer a myriad of benefits for both macOS users, and unfortunately, to malware authors as well. In this talk Patrick details the first malicious programs compiled to nativ...

Working With OpenVAS - PSW #708 from 2021-08-28T09:00

Gain some insights into the OpenVAS project, why you might want to use it and some of the best implementations. This segment will dive right into the extended setup by compiling OpenVAS, and all...

Cloudflare Saves the Day, Sumo Logic SOAR, Tenable Risk Management, & Drones - ESW #240 from 2021-08-27T21:00

This week, In the Enterprise News, Guardicore Centra lets teams stop ransomware and lateral movement, Netskope streamlines procedures with improved attribution models and collaboration, Cloudfla...

Penning a Cyber Thriller - Deb Radcliff - ESW #240 from 2021-08-27T09:00

Deb has written a thriller series about an evil corporation called GlobeCom that takes over the world through human chip implants and the hackers who rise up against it to break its backbones an...

Deciduous / Decision trees + Security Chaos Engineering - Kelly Shortridge - ESW #240 from 2021-08-26T21:00

Deciduous is an app Kelly built with Ryan Petrich that simplifies the process of creating security decision trees. Security decision trees are valuable aids in threat modeling and prioritizing m...

From Compliance to Resiliency: The Evolution of InfoSec, Part 2 - Tim Callahan - SCW #84 from 2021-08-26T09:00

Because only maintaining compliance is not enough to protect your business from the ever-evolving threat landscape, in this session, we will consider the intersection and codependence of complia...

From Compliance to Resiliency: The Evolution of InfoSec, Part 1 - Tim Callahan - SCW #84 from 2021-08-25T21:00

Because only maintaining compliance is not enough to protect your business from the ever-evolving threat landscape, in this session, we will consider the intersection and codependence of complia...

10 Years Later... 15 Priorities, 8 Weeks, & 7 Steps - BSW #229 from 2021-08-25T09:00

This Week, In the Leadership and Communications section:10 years later, software really did eat the world, CISOs’ 15 top strategic priorities for 2021, 7 steps to protect against ransomware-rela...

What Type of CISO Are You & Does It Align to Your Company’s Needs? - Ben Carr - BSW #229 from 2021-08-24T21:00

Ben Carr, Qualys CISO, joins Business Security Weekly to share his views on the evolving role of the CISO. He’ll dive into the ever changing risks and how CISOs need to understand those risks to...

BlackBerry's BadAlloc, Glibc's NULL, Backtick Command Injection, & ProxyLogon Details - ASW #163 from 2021-08-24T09:00

This week Mike & John discuss: BlackBerry addresses BadAlloc bugs, glibc fixes a fix, more snprintf misuse that leads to command injection, ProxyLogon technical details, & more in the AppSec New...

Challenges in Open Source Application Security - Shubhra Kar - ASW #163 from 2021-08-23T21:00

Open Source is the new mainstream of software development. However not much attention is paid on security in the upstream community for creating robust and secure software. At the LF, we are wor...

Shifting Left Probably Left You Vulnerable, Here’s How To Make it Right - Sonali Shah - PSW #707 from 2021-08-22T09:00

Shifting security left is good - but it’s an incomplete strategy that often leads to a false sense of security. In this segment, Sonali will discuss how organizations can reduce their risk of br...

Sequoia: A Local Privilege Escalation Vulnerability in Linux’s Filesystem Layer - Wheel - PSW #707 from 2021-08-21T21:00

The Qualys Research Team discovered a size_t-to-int type conversion vulnerability in the Linux Kernel’s filesystem layer affecting most Linux operating systems. Any unprivileged user can gain ro...

Tractorload of John Deere Vulns, T-Mobile Breach, Kalay IoT Hack, & HolesWarm - PSW #707 from 2021-08-21T09:00

In the Security News for this week: Buffer overflows galore, how not to do Kerberos, no patches, no problem, all your IoTs belong to Kalay, the old pen test vs. vulnerability scan, application s...

New iboss Features, CVSS Scores, Praetorian GoKart, & Anti Anti-Money Laundering - ESW #239 from 2021-08-20T21:00

This week In the Enterprise News, iboss adds features to its Cloud Platform for visibility and control, SailPoint Workflows enable customers to automate security tasks, Digital Shadows launches ...

Cybersecurity Tips & Challenges in the Hybrid Work Era - Darren Guccione - ESW #239 from 2021-08-20T09:00

As organizations shift to respond to an ever-changing landscape of cybersecurity challenges, cybercriminals are trying to stay one step ahead. The last two years have brought an explosion of ran...

Humanizing Security Operations - Allie Mellen - ESW #239 from 2021-08-19T21:00

The security industry spends a lot of time talking about the tools of the SOC, especially around making the SOC more 'autonomous'. But is this really what we need? Allie is also presenting "How ...

Gatekeeping in Cybersecurity, Part 2 - Naomi Buckwalter - SCW #83 from 2021-08-19T09:00

The “cybersecurity skills gap” is a myth. There is no skills gap. There are tens of thousands of amazing, highly intelligent, passionate people around the world looking to break into cybersecuri...

Gatekeeping in Cybersecurity, Part 1 - Naomi Buckwalter - SCW #83 from 2021-08-18T21:00

The “cybersecurity skills gap” is a myth. There is no skills gap. There are tens of thousands of amazing, highly intelligent, passionate people around the world looking to break into cybersecuri...

7 Tips, 5 Simple Tips, & 3 Strategies for CISOs - BSW #228 from 2021-08-18T09:00

This week, in the Leadership and Communications section, 7 tips for better CISO-CFO relationships, 5 Simple Tips to Help You Write a Powerful Email That Gets Read, 3 Strategies to Secure Your Di...

Ransomware Trends 2021 - Fleming Shi - BSW #228 from 2021-08-17T21:00

Ransomware attacks have surged in 2021, with the number of attacks increasing dramatically and ransom amounts continuing to skyrocket. Cybercriminals are also expanding their targets, shifting t...

Cracked Concatenation, Injection Against DNS, Allstar GitHub, & DEF CON Highlights - ASW #162 from 2021-08-17T15:07:33

This week in the AppSec News: Bug bounty report that cleverly manipulates a hash for profit, Allstar GitHub app to enforce security policies, choosing a programming language, what an app should ...

DevSecOps - Making It Real - Mike Rothman - ASW #162 from 2021-08-16T21:00

DevSecOps is an aspirational vision for many teams. With a number of macro changes occurring in modern application development, this segment will explore what tangible, practical things can be d...

Cyber-Symposiums, Apple Backdoor, Crypto Theft, & "Quadruple Extortion" - PSW #706 from 2021-08-15T09:00

This week in the Security News: Accenture gets Lockbit, $600 million in cryptocurrency is stolen, and they've started returning it, Lee and Jeff's data is leaked (among other senior citizens), a...

Offensive Operations With Mythic - Kyle Avery - PSW #706 from 2021-08-14T21:00

Mythic is an open-source, multi-platform framework for conducting red team engagements. This talk will cover the automated deployment of a Mythic server, developing new "wrappers" to extend the ...

OSINT & Social Engineering - Joe Gray - PSW #706 from 2021-08-14T09:00

Joe will discuss his upcoming Book, "Practical Social Engineering" in addition to OSINT. He is primarily passionate about OSINT and adjacent forms of Intelligence, but will need to discuss some ...

Automate Hacker Knowledge & Community in Learning InfoSec - Carolin Solskär, TJ Null - ESW #238 from 2021-08-13T21:00

The reason our founder started Detectify is that they wanted to automate hacker knowledge and make it scalable. This is very different from how most hackers work today and what we believe will r...

Zombie APIs, Morphisec IR Service, "New Product Jeopardy", & Risk Scoring - ESW #238 from 2021-08-13T09:00

This week in the Enterprise News: Latent AI, Optiv Security Launches Next-Gen Managed XDR, An Intriguing Update to Mandiant Advantage, ReversingLabs raises $56M to combat software supply chain, ...

The Different Approaches To Vulnerability Management - ESW #238 from 2021-08-12T21:00

As we dig into vulnerability management we uncover both old and new challenges. We still struggle with developing and maintaining an accurate asset inventory. We also, still, struggle to priorit...

Protecting Comm. & Collaboration in Contested Environments, Pt 2 - Matthew Erickson - SCW #82 from 2021-08-12T09:00

Protecting digital communication and collaboration is critical to both our military and private sector industries in driving mission success. Our ability to secure the local and remote systems w...

Protecting Comm. & Collaboration in Contested Environments, Pt 1 - Matthew Erickson - SCW #82 from 2021-08-11T21:00

Protecting digital communication and collaboration is critical to both our military and private sector industries in driving mission success. Our ability to secure the local and remote systems w...

New Fines Making Business Case for Security, & Improving Security as a Team - BSW #227 from 2021-08-11T09:00

In the Leadership and Communications section for this week, A Chief Executive Officer's Guide to Cybersecurity, Zoom Settlement: An $85M Business Case for Security Investment, CISOs: Do you know...

The 3 Mistakes All First Time CISOs Make That No One Tells You - Jim Routh - BSW #227 from 2021-08-10T21:00

Listen in for a discussion with Jim Routh, former CISO at Aetna, CVS Healthcare, and Mass Mutual, to discuss the 3 mistakes all first time CISOs make. Jim will share the lessons he learned throu...

Router Auth Bypass, Weak IoT RNG, HTTP/2 Request Smuggling, & Kindle Fuzzing - ASW #161 from 2021-08-10T09:00

This week in the AppSec News: Hardware hacking for authn bypass and analyzing IoT RNG, Request Smuggling in HTTP/2, Kindle Fuzzing, Kubernetes Hardening, Countering Dependency Confusion, ATO Che...

Securing Modern Web Apps: Development Techniques are Changing - Tom Hudson - ASW #161 from 2021-08-09T21:36:57

The use of web apps, SPAs, and APIs are growing steadily and traditional scanning methods don't provide enough coverage. The appsec tools need to innovate and become smarter and more contextual ...

'Master Faces', Ship Hijacked, Windows Container Escape, & DNS Loopholes - PSW #705 from 2021-08-08T09:00

This week in the Security News: PwnedPiper and vulnerabilities that suck, assless chaps, how non-techy people use ARP, how to and how not to explain the history of crypto, they are still calling...

The Stakes Are Raised When Protecting the Foundation of Computing - Scott Scheferman - PSW #705 from 2021-08-07T21:00

With Eclypsium researchers' discovery of BIOSDisconnect and their upcoming talk and demo at DefCon 29 upon us, the stakes have never been higher when it comes to protecting the foundation of com...

Corelight Smart PCAPs, Shifting Left, Tenable AD Security, & Tube Vulns - ESW #237 from 2021-08-07T09:00

In the Enterprise News, Armis Identifies Nine Vulnerabilities in pneumatic tubes, Corelight Introduces Smart PCAPs, SolarWinds disputes lawsuit, Code42 and Rapid7 Partner, and more news from thi...

RF Village at DefCon - Rick Farina, Rick Mellendick - PSW #705 from 2021-08-07T09:00

The RF Hackers Sanctuary is a group of experts in the areas of Information, Wifi, and Radio Frequency Security with the common purpose to teach the exploration of these technologies with a focus...

The State of CyberSecurity Ops in a Ransomware Filled Hybrid Work World - David Finger - ESW #237 from 2021-08-06T21:00

Ransomware is flourishing and our endpoints are scattered outside the corporate network. Visibility is a challenge in this age of decentralized corporate assets. Our discussion today will explor...

Cyber Hat Trick: How Ransomware Gangs Exfiltrate, Encrypt & Exploit - Matt Cauthorn - ESW #237 from 2021-08-06T09:00

Exfiltrate. Encrypt. Exploit. In 2021, ransomware attackers moved beyond exfiltrating and encrypting data to extract a ransom, working to compromise the victim’s build server to introduce an exp...

The State of Cybersecurity & Destigmatizing Reporting Security Vulnerabilities - BSW #226 from 2021-08-05T01:00:27

In the Leadership and Communications section for this week: 10 security tools all remote employees should have, 1 in 4 security teams report to CIOs, but would benefit from CISO leadership, stat...

OT Security for Critical Infrastructure and Why It Is Not “Intuitive” - Edward Liebig - BSW #226 from 2021-08-03T21:00

The IT and operational technologies of critical infrastructure are under attack. The "general expectation" from the public and lawmakers is "fix it already" but we will discuss why this expectat...

PunkSpider, Bug Bounties, RCE in PyPI, Kernel Pwning With eBPF, & Top Vulns From CISA - ASW #160 from 2021-08-03T09:00

This week in the AppSec News: PunkSpider coming to DEF CON, Google matures its VRP, $50K bounty for an access token, RCE in PyPI, kernel vuln via eBPF, top vulns reported by CISA, & the importan...

Platform Firmware Security - Maggie Jauregui - ASW #160 from 2021-08-02T21:00

Firmware security is complex and continues to be an industry challenge. In this podcast we'll talk about the reasons firmware security remains a challenge and some best practices around platform...

PetitPotam Attack, History of RickRolling, & Foxit PDF Vulns - PSW #704 from 2021-08-01T09:00

This week in the Security News: From a stolen laptop to inside the company network, the essential tool for hackers called "Discord", fixin' your highs, hacking DEF CON, an 11-year-old can show y...

Cyber-Physical Attacks - Michael Welch - PSW #704 from 2021-07-31T21:00

Join Michael Welch for a discussion on the ramifications a cyber-physical attack can have on ill prepared organizations. As a third-party expert, Michael can speak to: • The importance of being ...

The B Is for Business - Alyssa Miller - PSW #704 from 2021-07-31T09:00

Alyssa will discuss the growing trend of organizations implementing Business Information Security Officers. We'll talk about how the BISO builds bridges between the security and business organiz...

Aqua Security, Clearview AI, Threat Stack EKS Support, & Security Summit 2021 - ESW #236 from 2021-07-30T21:00

This week in the Enterprise News: Aqua Security Introduces new Aqua Platform, Decryption Tools, Security Summit 2021: Google expands Trusted Cloud, Clearview AI raises $30M to accelerate growth ...

Tanium for Incidents: How the Best Defense Gets Better: Part 2 - Stephanie Aceves - ESW #236 from 2021-07-30T09:00

Security starts before detection, it starts before investigations. Mature security teams understand the importance of good hygiene and take proactive measures to secure themselves against the ev...

Need for CyberSecurity Training Programs/Role Cyber Professionals Play - Da-Wyone Haynes - ESW #236 from 2021-07-29T21:00

Brief chat around the rise in Ransomware attacks, campaigns against our Infrastructure, the deficit in Cyber Talent, and how we could address the issue by extending Corporate Cyber Training prog...

Catching Up W/Priya on Recent Litigation and Proposed Legislation: Part 2 - SCW #81 from 2021-07-29T09:00

Priya Chaudhry joins us today as co-host and we are eager to catch up with her and get her legal perspective on recent litigations and proposed legislation that impacts our world of security and...

Catching Up w/Priya on Recent Litigation & Proposed Legislation: Part 1 - SCW #81 from 2021-07-28T21:00

Priya Chaudhry joins us today as co-host and we are eager to catch up with her and get her legal perspective on recent litigations and proposed legislation that impacts our world of security and...

Security Is a Barrier & Incentive, Theatrical Meetings, & Cybersecurity Salaries - BSW #225 from 2021-07-28T09:00

In the Leadership and Communications section for this week: In modernization, security is a barrier and an incentive, Federal CISO DeRusha Maps FISMA Reform Priorities, Cybersecurity salaries: W...

Security Money - The Index Hits Another All Time High - BSW #225 from 2021-07-27T21:00

Both the Security Weekly 25 Index and the NASDAQ close at record highs on 7/23/2021. See how the security market continues to stay hot. The current companies in the Security Weekly 25 Index: SCW...

CWE Top 25, Bugs in Inconstancies, Sequoia Vuln, Twitter Transparency, & Cloud Risks - ASW #159 from 2021-07-27T17:04:14

This week in the AppSec News: CWE releases the top 25 vulns for 2021, findings bugs in similar code, Sequoia vuln in the Linux kernel, Twitter transparency for account security, a future for clo...

Navigating the Seas of Security in Serverless Functions - Peter Klimek - ASW #159 from 2021-07-27T17:03:18

Adoption of serverless functions is rapidly growing, which means security teams will be challenged to deliver protection for data and applications in these complex environments in the coming mon...

Windows Vulns Galore, Homoglyph Domains, Pegasus, & "Trust No One"! - PSW #703 from 2021-07-25T09:00

This week in the Security News: Trust no one, its all about the information, so many Windows vulnerabilities and exploits, so. many., Saudi Aramco data for sale, Sequoia, a perfectly named Linux...

CyberMarket & Democratisation/Globalisation of CyberSecurity Consulting - Gordon Draper - PSW #703 from 2021-07-24T21:00

CyberMarket.com is a marketplace where CyberSecurity Consultancies and clients can find each other. There is a growing trend where CyberSecurity Consultants recognize the gap between what they a...

Online Safety & Security: Dating Apps & Online Marketplaces - Jeff Tinsley - PSW #703 from 2021-07-24T09:00

Safety in online dating spaces is an issue the dating industry has grappled with for some time; with the surge of dating app usage during the pandemic, the demand for dating apps to take respons...

Why Transparency Matters & Web Application Prioritization - Mark Ralls, Wayne Haber - ESW #235 from 2021-07-23T21:00

The shift away from web application security, caused by the pandemic and the focus on remote workforces, resulted in an increased number of web vulnerabilities. In this segment, Mark talks about...

Rapid7 Acquires Intsights, Intezer Refines Malware Analysis, & Funding News - ESW #235 from 2021-07-23T09:00

In the Enterprise News, SafeBreach adds support for new advanced attacks to the Microsoft Defender for Endpoint evaluation lab, Stellar Cyber XDR Kill Chain allows security analyst teams to disr...

Reinventing Asset Inventory for Security - Ed Rossi - ESW #235 from 2021-07-22T21:00

Security teams relying on asset inventory from their IT counterparts can be a challenge due to a lack of security context for assets. This gap can lead to missed opportunities to identify and fi...

Your Security Is ALWAYS in Scope, Part 2 - Joseph Kirkpatrick - SCW #80 from 2021-07-22T09:00

Our client was using a hosted service to perform remote monitoring and management and resisted its inclusion in the audit scope. The vendor's external scans revealed critical vulnerabilities. Pr...

Your Security Is ALWAYS in Scope, Part 1 - Joseph Kirkpatrick - SCW #80 from 2021-07-21T21:00

Our client was using a hosted service to perform remote monitoring and management and resisted its inclusion in the audit scope. The vendor's external scans revealed critical vulnerabilities. Pr...

Know Cybersecurity & Drive Innovation Through Operational Excellence - BSW #224 from 2021-07-21T09:00

This week in the Leadership and Communications section, How much does a CEO or business leader need to know about cybersecurity, How businesses can drive innovation while delivering operational ...

Aligning Cyber Risk to Business Risk Through Automation - Padraic O'Reilly - BSW #224 from 2021-07-20T21:00

In light of recent events and the pressures of the digital world, the landscape is finally shifting towards risk. The opportunity for cyber risk profiling, standardization, and seamless collabor...

Code Comments, Decision Trees, Windows Hello, Telegram Analysis, & Cloud Risks - ASW #158 from 2021-07-20T09:00

This week in the AppSec News: Security from code comments, visualizing decision trees, bypassing Windows Hello, security analysis of Telegram, paying for patient bug bounty programs, cloud risks...

The Role of Open Source in DevSecOps - David DeSanto - ASW #158 from 2021-07-19T21:00

In the wake of events such as the Solarwinds breach, there has been a lot of misinformation about the role of open source in DevSecOps. GitLab believes everyone benefits when everyone can contri...

Ransomware Task Force, Year of the Linux Desktop?, & Ring Doorbell Encryption - PSW #702 from 2021-07-18T09:00

The White House announces a Ransomware Task Force, how much money Microsoft has paid out to security researchers last year, Amazon rolls out encryption for Ring doorbells, how a backdoor in popu...

The Journey from Network Security Engineer to Podcast Host - Jack Rhysider - PSW #702 from 2021-07-17T21:00

In this segment of Paul's Security Weekly, Paul and crew interview Jack Rhysider about how he got his start in Information Security, the projects and careers he worked on over the years, and how...

The BIOS Disconnect - Scott Scheferman - PSW #702 from 2021-07-17T09:00

Eclypsium researchers identified vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS. This disconnect impacted 129 Dell models of consumer and business laptops, desktops, a...

All Our Devices and Privacy on the Web - Deepika Gajaria, Scott Scheferman - ESW #234 from 2021-07-16T21:00

Against the ubiquitous backdrop of Zero Trust initiatives, we have all come to accept the motto of "Verify, then trust". Yet, here we are building an entire stack of Zero Trust enabled technolog...

Microsoft Acquires RiskIQ, Rapid7 InsightCloudSec, & Bitdefender eXtended EDR - ESW #234 from 2021-07-16T09:00

In the Enterprise News, Contrast Security partners with Secure Code Warrior, Bandura releases the Cyber Intelligence Marketplace, Illumio beefs up zero-trust security with automated policy enfor...

Gas South and ExtraHop- A Journey of Security Partnership - Rajiv Thomas - ESW #234 from 2021-07-15T21:00

Gas South and Extrahop have partnered to give Gas South visibility in areas of the network that are normally invisible or dark to the regular network team.

To learn more about ExtraHop, v...

HIP, HIP, HIPAA, Part 2 - Jordan Wiseman - SCW #79 from 2021-07-15T09:00

We'll start with a brief discussion of what HIPAA and is not (e.g., it's doesn't prevent your employer from ask you about your health). Then discuss recent developments like ongoing how ransomwa...

HIP, HIP, HIPAA, Part 1 - Jordan Wiseman - SCW #79 from 2021-07-14T21:00

We'll start with a brief discussion of what HIPAA and is not (e.g., it's doesn't prevent your employer from ask you about your health). Then discuss recent developments like ongoing how ransomwa...

Can XDR Solve Ransomware? - Maurice Stebila - BSW #223 from 2021-07-14T09:00

Every day brings news of more breaches and ransomware attacks. Why are organizations failing to protect themselves, and what can we do to combat these cybersecurity threats? Technological advanc...

CISO Wishes and Initiatives, Risk of Disconnect, and Cyber Insurance Rises - BSW #223 from 2021-07-13T21:00

In the Leadership and Communications section, 3 Things Every CISO Wishes You Understood, What is the BISO role and is it necessary?, Cyber insurance costs up by a third, and more!

Web App and API Security Needs to Be Modernized: Here’s How - Sean Leach - ASW #157 from 2021-07-13T18:17:50

The truth is, most web app and API security tools were designed for a very different era. A time before developers and security practitioners worked together, before applications were globally d...

Password Mismanager, Trusted Types vs. DOM XSS, PrintNightmare, & Fault Injections - ASW #157 from 2021-07-13T18:17:19

In the AppSec news, a password manager makes predictable mistakes, Trusted Types terminate DOM XSS, waking up from PrintNightmare, understanding hardware fault injections.

Visit ...

LinkedIn Breach, Bitcoin From Banks, PrintNightmare, & NFC Flaws in ATMs - PSW #701 from 2021-07-04T09:00

This week in the Security News: LinkedIn breach exposes user data, Why MTTR is Bad for SecOps, 3 Things Every CISO Wishes You Understood, USA as a Cyber Power, is ignorance bliss for hackers, fl...

The Rise of Sim Swapping - Haseeb Awan - PSW #701 from 2021-07-03T21:00

80% of SIM-Swap attacks are successful. This could lead to greater financial loss and loss of social status since this is where hackers latch onto. The statistics are true and spreading like a w...

New Security Threats Stemming from PII Online - Rob Shavell - PSW #701 from 2021-07-03T09:00

Deep dive on the data broker industry, and how new threats are stemming from the widespread availability of employee/personal information publicly for sale at data broker websites.

MalWare Labs and Why You Should Challenge Shift-Left Testing - Mario Vuksan, Rickard Carlsson - ESW #233 from 2021-07-02T21:00

Threat hunters are under increased pressure to rapidly analyze, classify, detect and respond to malicious files. ReversingLabs is stepping forward to address these needs with its new Malware Lab...

Noname Security, JFrog Acquires Vdoo, Micro Segmentation, & AWS Buys Wickr - ESW #233 from 2021-07-02T09:00

This week, In the Enterprise News, Atos launches thinkAI, AWS welcomes Wickr to the team, U.S. DoD approves two (ISC)² certifications as requirements for staff, JFrog to acquire Vdoo, & more! Listen

Why DAST - from Project Management Perspective - Suha Akyuz - ESW #233 from 2021-07-01T21:00

More than 96% of software development projects fail across the globe because too many businesses rely on the legacy DevOps process which allows us to run security testing right before going to p...

CARES Act Fraud, Paying People & Fraudsters, Part 2 - Steve Lenderman - SCW #78 from 2021-07-01T09:00

We will review how synthetics are being utilized to perpetrate pandemic related frauds in the Payroll Protection Program and Unemployment Insurance. An overview of the government programs will t...

CARES Act Fraud, Paying People & Fraudsters, Part 1 - Steve Lenderman - SCW #78 from 2021-06-30T21:00

We will review how synthetics are being utilized to perpetrate pandemic related frauds in the Payroll Protection Program and Unemployment Insurance. An overview of the government programs will t...

Boardroom Perspectives, Greater Business Understanding, & Preventing Burnout - BSW #222 from 2021-06-30T09:00

In the Leadership and Communications section: Cybersecurity today requires greater digital and business understanding, 12 skills business continuity managers need to succeed, SOC burnout is real...

The Year of Hybrid - Jim Richberg - BSW #222 from 2021-06-29T21:00

For the private sector and government alike, 2021 is proving to be a year of transition and refocused activity. A year of hybrid activity - from cyber threats to IT approaches.

Segment Re...

Semgrep, Microsoft Signs With Rootkits, ATT&CK/D3FEND, & Injured Android - ASW #156 from 2021-06-29T09:00

This week in the AppSec News: Visual Studio Code's Workplace Trust, Injured Android an insecure mobile app, Microsoft accidentally signed driver with rootkits, The NSA funds a new sister Matrix ...

Scaling Your Application Security Program - Clint Gibler - ASW #156 from 2021-06-28T21:00

In this segment with Clint Gibler, learn:

* Why secure defaults are higher ROI than finding vulnerabilities

* How modern AppSec teams are working with their engineering counterpart...

Thermostat Hijacking, MA Androids, Windows 11, Hacking Pelotons, & John McAfee - PSW #700 from 2021-06-27T09:00

In the Security News for this week Paul and the crew talk: Windows 11, Drive-by RCE, Cookies for sale, McAfee has passed away, 30 Million Dell Devices at risk, & more!

Visit Listen

CFAA: Recent US Supreme Court Case Van Buren v. US - Thomas Lonardo - PSW #700 from 2021-06-26T21:00

Brief history and purpose of the CFAA. Discussion of the majority and dissenting "Van Buren" opinion. Implications for the computer forensic and security profession.

Segment Resources: Listen

Career Pathing and Advice From Offensive Security - Jim O'Gorman - PSW #700 from 2021-06-26T09:00

Offensive Security expert Jim O'Gorman talks through his own career progression and training, revealing what it takes to be successful in infosec. He also covers key learning tracks and gives co...

SentinelOne IPO, Cloudflare Integrations, D3FEND, & Rumble Network Discovery - ESW #232 from 2021-06-25T21:00

This week In the Enterprise News: Smoothwall Acquires eSafe Global, LookingGlass Cyber Announces Acquisition of AlphaWave, Vectra Launches Detect for AWS, SentinelOne announces IPO, & Building a...

How Teams Can Reduce the Visibility Gap - Brendon Macaraeg - ESW #232 from 2021-06-25T09:00

Security is a shared responsibility, but teams need to know what’s really going on in production with their web apps and APIs, as it’s happening, in order to achieve the reliable security that c...

How Criminals Use Cloud Apps to Inject Chaos Into Work Environments - Doni Brass - ESW #232 from 2021-06-24T21:00

In 2020, cyber criminals used cloud apps, the cover of a pandemic, and a newly embraced work-from-home culture to serve up ransomware, steal data, and disrupt how companies do business. The year...

Value & Importance of Cybersecurity Certification for Professionals, Part 2 - Casey Marks - SCW #77 from 2021-06-24T09:00

Join Dr. Casey Marks' discussion of the merits of cybersecurity certification and learn whether and how it provides training or proves experience or both, the pros and cons, how to start or appr...

Value & Importance of Cybersecurity Certification for Professionals, Part 1 - Casey Marks - SCW #77 from 2021-06-23T21:00

Join Dr. Casey Marks' discussion of the merits of cybersecurity certification and learn whether and how it provides training or proves experience or both, the pros and cons, how to start or appr...

CIO Succession, Hidden Costs, 10 Leadership Habits, & 5 Key Ingredients - BSW #221 from 2021-06-23T09:00

This week, In the Leadership and Communications section, What is the hidden cost of maintaining legacy systems?, 10 Leadership Habits of Highly Effective Leaders, 5 Key Ingredients to Finding Sa...

Making the Case for Supply Chain Behavior Transparency - Ben Higgins, Ted Driggs - BSW #221 from 2021-06-22T21:00

The Biden Cyber Executive Order includes a Software Bill of Materials that is a critical and necessary first measure for protecting the software supply chain. To defend against cyber attacks, su...

Supply Chain Integrity, Format Strings, Systemd Bug, Instagram Bounty, & Refactoring - ASW #155 from 2021-06-22T09:00

This week in the AppSec Weekly News John and Mike discuss: SLSA framework for supply chain integrity, Wi-Fi network of doom for iPhones, seven-year old systemd privesc, $30K for an API call, Cod...

Challenges of DAST Scanners / Adoption by Developers - Nuno Loureiro, Tiago Mendo - ASW #155 from 2021-06-21T21:00

What are some of the DAST scanners challenges, like coverage of modern apps, point & shoot, scan time, partial scans, or scanning at scale? What do developers look for in a DAST scanner?

...

Web Cache Poisoning - Timur Guvenkaya - PSW #699 from 2021-06-21T16:53:26

This presentation will cover how incorrect implementation of caching mechanism within web application might lead to the Web Cache Poisoning vulnerability that can potentially affect all the user...

"Eavesdropping Cameras", Ransomware Poll Results, Windows 11, & CVS Records Leak - PSW #699 from 2021-06-19T21:00

This week in the Security News: Jeff, Larry, & Doug adjust to our Adrian Overlord! Ransomware galore, Ransomware Poll Results, Windows 11 & Windows 10's End-Of-Life, Drones that hunt for human s...

Avoiding the Silo: Bridging the Divide Between Security + Dev Teams - Brian Joe - PSW #699 from 2021-06-19T09:00

Too often, developers and security teams have a siloed relationship. That separation can lead to inefficiencies and gaps in security across software development, ultimately leading to anything f...

Tanium for Incidents. How the Best Defense Gets Better: Part 1 - ESW #231 from 2021-06-18T21:00

Security starts before detection, it starts before investigations. Mature security teams understand the importance of good hygiene and take proactive measures to secure themselves against the ev...

RSA Outseer, Elisity Zero Trust, Contrast Scan, & SOAR Soup - ESW #231 from 2021-06-18T09:00

This week, In the Enterprise News Paul and the crew talk: Zero trust networking startup Elisity raises $26M , Contrast Security Launches Contrast Scan, Vectra Launches Detect for AWS, SOAR Is an...

Open Source Enterprise Communication Security - Ian Tien - ESW #231 from 2021-06-17T21:00

Data security is more important than ever for enterprise organizations -- but in a time where data breaches have become common, it's also more challenging than ever. Mattermost co-founder and CE...

Security Training, Evangelism, & Community Building, Part 2 - Danny Akacki - SCW #76 from 2021-06-17T09:00

Join this segment with Danny Akacki to learn about educating both practitioners and executives on security topics of the day and helping to build community initiatives like trust groups and comm...

Security Training, Evangelism, & Community Building, Part 1 - Danny Akacki - SCW #76 from 2021-06-16T21:00

Join this segment with Danny Akacki to learn about educating both practitioners and executives on security topics of the day and helping to build community initiatives like trust groups and comm...

Cliché Self-Help, RockYou2021, "Productive Procrastinators", & Attracting Talent - BSW #220 from 2021-06-16T09:00

This week, In the Leadership & Communications articles: Attracting Talent During a Worker Shortage, CISOs Say Application Security is Broken, Three Steps to Harden Your Active Directory in Light...

Securing User Connections to Applications - Jonny Noble - BSW #220 from 2021-06-15T21:00

Are Secure Web Gateways doing their job to keep businesses safe in 2021? Recent survey results from ESG reveal 1 in 10 are not happy with their secure web gateway (SWG) and/or web security. Yet ...

ALPACA, EA Breach, sprintf Lives, Go Fuzzing, K8s Goat, & OT Basics - ASW #154 from 2021-06-15T09:00

This week in the AppSec News, Mike and John talk: ALPACA surveys protocol confusion, lessons from the EA breach, forgotten lessons about sprintf, Go fuzzing goes beta, security lessons from Kube...

OWASP SAMM - Software Assurance Maturity Model - Sebastian Deleersnyder - ASW #154 from 2021-06-14T21:00

We will provide a short introduction to OWASP SAMM, which is a flagship OWASP project allowing organizations to bootstrap and iteratively improve their secure software practice in a measurable w...

ANOM Bust, Ransomware Solutions, NAC, & A PCI Deathmatch! - PSW #698 from 2021-06-13T09:00

This week, In the Security News Paul & the crew discuss: Microsoft Patches 6 Zero-Days Under Active Attack, US seizes $2.3 million Colonial Pipeline paid to ransomware attackers, the largest pas...

Protecting the Attack Surface - Rob Gurzeev - PSW #698 from 2021-06-12T21:00

What does it mean to protect the attack surface? What's the difference between attack surface protection vs. attack surface management? Rob Gurzeev, CEO and Founder at Cycognito, joins us to dis...

OpenWRT for Enterprise and Labs - Gene Erik - PSW #698 from 2021-06-12T09:00

OpenWRT is a mature and well supported project. It is supported on many hardware platforms and available as production-level products. OpenWRT has developed into a platform that is filled with e...

BTS of the Cyber Fight and Building a Resilient Web App Security Program - ESW #230 from 2021-06-11T21:00

“Behind the scenes of the cyber fight” – talking about the good on the defender side, taking down cyber criminal supply chains, partnerships, taking down ransomware gangs.

This segment is...

FireEye 'Fire Sale', Panaseer Security Guidance, & Infoblox 3.0 - ESW #230 from 2021-06-11T09:00

This week in the Enterprise News: Proofpoint unveils people-centric innovations across its three platforms, Citrix Secure Internet Access Simplifies Hybrid Workforce Challenges, CyberArk : Advan...

Redefining SaaS Security so SOC/IR Teams Aren’t in the Dark - Stephen Newman - ESW #230 from 2021-06-10T21:00

Traditional options of acquiring network detection and response (NDR) solutions have their individual pros and cons. SaaS or On-Premises NDR solutions allow you to customize it to your environme...

CMMC Program and the DIB Preparation, Part 2 - Doug Landoll - SCW #75 from 2021-06-10T09:00

Doing business with the Federal government has always had its share of requirements and regulations, especially when it comes to storing, processing, or transmitting any sensitive data. In fact,...

CMMC Program and the DIB Preparation, Part 1 - Doug Landoll - SCW #75 from 2021-06-09T21:00

Doing business with the Federal government has always had its share of requirements and regulations, especially when it comes to storing, processing, or transmitting any sensitive data. In fact,...

3 Ways + 4 Measures + 5 Approaches + 5 Myths = 17 Questions - BSW #219 from 2021-06-09T09:00

In the Leadership and Communications section, 3 Effective Ways To Improve Your Internal Communication To Boost Employee Engagement, 4 Immediate Measures to Execute After a Cyberattack, 17 cyber ...

Optimize Buying Criteria to Ensure Success of Your New Security Tools - Travis Isaacson - BSW #219 from 2021-06-08T21:00

CISOs know the power of security as a driver of business, but other stakeholders often equate security with compliance. Security shouldn’t be viewed as a controlling organ - then it will stall i...

HTTP Goes QUIC, Security & Humans, Amazon Sidewalk Privacy, & Product Abuse - ASW #153 from 2021-06-08T09:00

This week in the AppSec News, Tyler Robinson joins Mike & John to discuss: HTTP/3 and QUIC, bounties for product abuse, Amazon Sidewalk security & privacy, security & human behavior, authenticat...

API Security: Understanding Threats to Better Protect Your Organization - Daniel Hampton - ASW #153 from 2021-06-07T21:00

While web application security is a highly researched topic with a lot of subject familiarity among security professionals, it’s still not easy for security and development teams to navigate mod...

CFAA Ruling, Amazon Sidewalk, Agile Security Testing, & WordPress Plugins - PSW #697 from 2021-06-06T09:00

This week In the Security News, Paul and the Crew talk: Establishing Confidence in IoT Device Security: How do we get there?, JBS hack latest escalation of Russia-based aggression ahead of June ...

Digital Transformation's Impact On IT Asset Visibility - Sumedh Thakar - PSW #697 from 2021-06-05T21:00

Over the past year, organizations have rapidly accelerated their digital transformation by leveraging technologies such as cloud and container that support the shift to IoT and a remote workforc...

Attack Surface Discovery and Enumeration - Dan Tentler - PSW #697 from 2021-06-05T09:00

We've let the compliance world drive security for so long there are folks that literally have no idea what 'reasonably secure' looks or feels like because they've never seen it before.

 <...

M1 Chip Flaw, Boeing 747 Hacking, Don't Blame the Intern, & John Deere - PSW #696 from 2021-05-30T09:00

This week in the Security Weekly News, Paul and the Crew Talk: Nagios exploits, hacking a Boeing 747, bypass container image scanning, unpatchable new vulnerability in Apple M1 chips, stop blami...

Cybersecurity Canon - Rick Howard - PSW #696 from 2021-05-29T21:00

Rick Howard joins to talk about his Cybersecurity Canon project, the rock and roll hall of fame for Cybersecurity literature! The Cybersecurity Canon Committee has announced it's hall of winners...

Polarity’s Power-up Sessions, Add an Ability in 15 Minutes - Paul Battista - PSW #696 from 2021-05-29T09:00

Training is critical but it is tough to break away from the day to day. Polarity is running free 15 minute training sessions that leverage our community edition to leave you with a new ability t...

Metrics, Training, Culture & Cloud Security Resilience - Drew Rose, Ganesh Pai - ESW #229 from 2021-05-28T21:00

Metrics, Training, Culture – Why Your Phishing Program Isn’t Working - Drew Rose, Living Security Phishing reports have become the standard for measuring security awareness, and yet breaches kee...

AWS Lambda New Features, ServiceNow Integration, & Zscaler Acquires Smokescreen - ESW #229 from 2021-05-28T09:00

This week in the Enterprise News, Paul and the Crew talk: Secure and monitor AWS Lamba with new, not related, features from Datadog and Imperva, ServiceNow integrates with Microsoft solutions, S...

Down With SIEM, Long Live SOAR! - Nathan Hunstad - ESW #229 from 2021-05-27T21:00

SIEM tools have been the bedrock of Security Operation Centers, or SOCs, for much of the history of modern security. That does not mean that they are loved: most SIEM tools are overwrought, comp...

SBOM, Part 2 - Allan Friedman - SCW #74 from 2021-05-27T09:00

What is SBOM? Who needs to think about this? Is this required today, and what might the future of compliance look like? What is in the recent EO?

Segment Resources:

ntia.gov/SBOM Listen

SBOM, Part 1 - Allan Friedman - SCW #74 from 2021-05-26T21:00

What is SBOM? Who needs to think about this? Is this required today, and what might the future of compliance look like? What is in the recent EO?

Segment Resources:

ntia.gov/SBOM Listen

CISOs Struggle to Cope, Cybersecurity Metrics, & Security by Design - BSW #218 from 2021-05-26T09:00

This week, in the Leadership and Communications section, CISOs Struggle to Cope with Mounting Job Stress, Corporate Compliance Strategies to Protect Data, Cybersecurity Metrics That Matter, and ...

Simplify & Accelerate Patch Management - Chris Hallenbeck - BSW #218 from 2021-05-25T21:00

Most people focus on the patch, check that box but they forget the other side of the coin. How do they make sure a bad actor isn't still in their network?

Segment Resources:

Listen

IIS Bug, Browsers & Androids & Supply Chains Oh My! - ASW #152 from 2021-05-25T09:00

This week in the AppSec News segment, Mike and John talk: HTTP bug bothers IIS, Android platform security, supply chain security (new and old), brief (very brief) history of browser security, & ...

Bringing AppSec to a Modern CI Pipeline - Manish Gupta - ASW #152 from 2021-05-24T21:00

Appsec in a modern CI pipeline needs a combination of tools, collaboration, and processes to be successful. Importantly, it also needs to scale. We can't just shift responsibility left and assum...

21 Nails: Behind the Scenes Discussion of Qualys Exim Vulnerability Discovery - Wheel - PSW #695 from 2021-05-22T09:00

Join Qualys researcher Wheel for a discussion on the team's recent discovery and disclosure of multiple critical vulnerabilities in the Exim mail server. This includes discussion of the vulnerab...

Five by Five: Why the Cyber Defense Matrix Gets Great Reception - PSW #695 from 2021-05-21T21:00

Five years after Sounil Yu originally introduced the Cyber Defense Matrix at the 2016 RSA conference, he just wrapped up the third workshop based on the framework. CDM has its own website, is an...

Building a Response Strategy to Advanced Threats - Mark Bowling - ESW #228 from 2021-05-21T09:00

SolarWinds SUNBURST was a rude awakening for many security teams, and it won't be the last time security leaders face tough questions about how an adversary evaded defenses and stayed hidden. Wi...

Unplugging the Internet, Diversity, Cyber NTSB, & Best Practices - PSW #695 from 2021-05-21T09:00

This week in the Security News: Is the cyber NTSB a good thing?, Russian virtual keyboard for the win, information should be free, hang on while I unplug the Internet, security MUST be taken ser...

All the News From RSA Conference 2021 - ESW #228 from 2021-05-20T21:00

The Enterprise Security Weekly crew summarizes all the news from RSA Conference 2021, including product announcement, acquisitions, funding, and more!

Visit Listen

Identity Management as a Foundation for Future-Proofing your Security - John Masserini - ESW #228 from 2021-05-20T09:00

The perimeter is dissolving. Employees are using any device from any location for work. With limited visibility from our traditional networking and endpoint security controls, how do we protect ...

Building a Unified Security Fabric - Johnathan Nguyen-Duy - BSW #217 from 2021-05-19T21:00

What is top of mind for CISOs in a year where cyber threats are getting sophisticated? Cross platform and cross domain visibility across LAN, WAN, Cloud, and Edge. Jonathan Nguyen-Duy, Vice Pres...

Unified BCDR: Why Backup Alone is No Longer Enough - Joseph Noonan - BSW #217 from 2021-05-19T09:00

Data is the lifeblood of business, but now lives in more places than ever before (data centers, endpoints of remote workers, in multiple clouds, and SaaS applications), is time-consuming to mana...

Third Party Software Risk on the Web - Aanand Krishnan - ASW #151 from 2021-05-18T09:00

Web applications are highly dependent on third party content and JavaScript. This creates a significant set of vulnerabilities that attackers are exploiting. How do you prevent a Solarwinds type...

CNCF Supply Chain, Frag Attacks, Securing Webhooks, & Complexity vs. Security - ASW #151 from 2021-05-18T09:00

CNCF releases a whitepaper on supply chain security, Frag attacks against WiFi devices, security webhooks, trusting terraform plans, shared credentials and app access, complexity vs. security vs...

Executive Order, New & Old Wifi Vulns, Pipeline Hack, & Distro-Less Linux - PSW #694 from 2021-05-16T09:00

This week in the Security News: President Biden issues a 34-page executive order on Cybersecurity, Did you hear about the pipeline hack?, New/Old Wifi vulnerabilities, get this Apple didn't want...

Attack Surface Mapping w/ AMASS - PSW #694 from 2021-05-15T21:00

Learn how to use Amass to collect information about your Internet exposed assets. We'll cover usage of the configuration file (heavily), then put it altogether by integrating Nmap and a screensh...

How Hacking Naked Changed My Life - Alex Chaveriat - PSW #694 from 2021-05-15T09:00

"I hack naked" - Not my best choice of a phrase to use with a prospective client though, now that it is done, might as well go through with this terrible idea... This is the story of a kick-off ...

Accurics Terrascan, Sophos XDR Solution, & API Security Need to Know - ESW #227 from 2021-05-14T21:00

This week in the Enterprise News: XM Cyber Announces Integration with Palo Alto Network's Cortex XSOAR, API Security Lessons Learned, Cycode Raises $20 Million, HelpSystems Acquires Beyond Secur...

Chart Topping Threats – How Attacks will Rage in 2021 - Artsiom Holub, Austin McBride - ESW #227 from 2021-05-14T09:00

Cyberattackers have not been slowed down by the worldwide pandemic. Phishing, cryptojacking, and trojans all continue to dominate the cybersecurity threat charts. It’s critical to know what secu...

Florida Water Treatment Facility Hack, and the Convergence of OT & IT - Damon Small - ESW #227 from 2021-05-13T21:00

What lessons can others still learn from the attack on the Florida water treatment facility? How does this incident shine a light on cybersecurity risks associated with the convergence of OT and...

Hot Legal Topics in Privacy and Cybersecurity, Part 2 - Erik Weinick - SCW #73 from 2021-05-13T09:00

A flurry of legislative and legal activity is re-shaping the way privacy and cybersecurity professionals conduct business. As a result, in addition to actually carrying out their protection resp...

Hot Legal Topics in Privacy and Cybersecurity, Part 1 - Erik Weinick - SCW #73 from 2021-05-12T21:00

A flurry of legislative and legal activity is re-shaping the way privacy and cybersecurity professionals conduct business. As a result, in addition to actually carrying out their protection resp...

6 Ways to Engage, 5 Key Qualities of CISOs, & 4 Actions Leader Take - BSW #216 from 2021-05-12T09:00

In the Leadership and Communications section, 6 ways to spur cybersecurity board engagement, 5 key qualities of successful CISOs, and how to develop them, 4 Actions Transformational Leaders Take...

The Lost Year: The Impact of the Pandemic on Web App Security - Ryan Bergquist - BSW #216 from 2021-05-11T21:00

The shift away from web application security, caused by the pandemic and the focus on remote workforces, resulted in an increased number of web vulnerabilities, as shown in the latest Acunetix b...

AirTags & Threat Models, Qualcomm Modem Vuln, Exim RCE(s), & Binary Hardening - ASW #150 from 2021-05-11T09:00

This Week in the AppSec News, Mike and John talk: "Find My threat model" with AirTags, Qualcomm modem vuln hits lots of Android, an Exim update patches lots of vulns, measuring hardened binaries...

Delivering On the Promise of Application Security - Ankur Shah - ASW #150 from 2021-05-10T21:00

While the vision for app security is relatively clear, executing on that vision is still somewhat of a work in progress. Fast-moving, interdependent pieces—custom code and open source packages, ...

Job Expectations, Pi Password Thief, Python Masscan, & Pingback - PSW #693 from 2021-05-09T09:00

This week in the Security Weekly News the crew talks: Pingback is back, was it ever really gone?, damn QNAP ransomeware, anti-anti-porn software, Qualcomm vulnerabilities, spreading pandas on Di...

Biden Administration EO on Cyber - Jim Langevin - PSW #693 from 2021-05-08T21:00

US Congressman Jim Langevin joins to talk about Executive Orders, International Interest in Cyber, & more in this gripping interview!

Visit Listen

Building a Risk-Based Vulnerability Management Program - Bob Erdman - PSW #693 from 2021-05-08T09:00

Risk-based vulnerability management is more than just a vulnerability scan or assessment. It incorporates relevant risk context and analysis to prioritize the vulnerabilities that pose the great...

JupiterOne, Signal Ad Banned, Series F Funding, & Imperva Acquires CloudVector - ESW #226 from 2021-05-07T21:00

This week in the Enterprise Security News: Code42 enhances Incydr to help identify insider risk related to file uploads to unsanctioned websites, Imperva acquires CloudVector to provide visibili...

The Rise of the SBOM - Steve Springett - ESW #226 from 2021-05-06T21:00

Software Bill of Materials (SBOM) are used to describe the list of ingredients for the software that organizations create or acquire. There's a rapidly expanding community of adopters, implement...

Applications Are Your Lifeblood - Carlos Morales - ESW #226 from 2021-05-06T21:00

Web applications have never been more critical to your business. Yet, the everchanging threat landscape, from the move towards the cloud, to the explosion of devices on the internet, to the effe...

Data Security Compliance & Virginia’s New Privacy Law, Part 2 - Chris Pin - SCW #72 from 2021-05-06T09:00

Just last month, Virginia became the second state in the U.S. to pass a privacy law – the Consumer Data Protection Act (CDPA). While this doesn’t take effect until 2023, it’s important for busin...

Security Money - The Index is Still Going Strong - BSW #215 from 2021-05-05T21:00

This week, it's my favorite segment, Security Money, where we update you on the latest security funding and performance of the public market. The Security Weekly 25 index is still going strong.<...

Data Security Compliance & Virginia’s New Privacy Law, Part 1 - Chris Pin - SCW #72 from 2021-05-05T21:00

Just last month, Virginia became the second state in the U.S. to pass a privacy law – the Consumer Data Protection Act (CDPA). While this doesn’t take effect until 2023, it’s important for busin...

The Benefits of CISO Peer-to-Peer Networks - Graham Keavney - BSW #215 from 2021-05-04T21:00

Graham Keavney, President at Cybersecurity Collaboration Forum, joins us to provide an overview of the Cybersecurity Collaboration Forum and the benefits of CISO peer-to-peer networks.

 <...

BadAlloc Vulns, Gatekeeper Bypass, & More Spectre in Micro-Op Caches - ASW #149 from 2021-05-04T09:00

This week in the AppSec News: Microsoft discloses "BadAlloc" bugs, macOS Gatekeeper logic falters, authentication issues in KDCs and ADs, Spectre gains another vector, followup on the UMN Linux ...

Why Developers Need to Think Differently About Software Security - Rey Bango - ASW #149 from 2021-05-03T21:00

Rey will be digging into the developer security training conundrum based on his own experiences with secure coding and security training. He'll cover:

• The types of security training tha...

AirDrop Vulns, Linux Hypocrite Commits, Wi-Fi Code Execution, & We'll Miss You Dan - PSW #692 from 2021-05-02T09:00

This week in the Security News, Penetration testing leaving organizations with too many blind spots, A New PHP Composer Bug Could Enable Widespread Supply-Chain Attacks, Apple AirDrop Vulnerabil...

Smart Building Control System Cybersecurity - The Real World - Fred Gordy - PSW #692 from 2021-05-01T21:00

Currently, in the United States, there are over 87 billion square feet of commercial real estate. Smart Building control systems pervasive throughout these buildings and helped increase efficien...

Protecting the Hybrid Workforce - Fleming Shi - PSW #692 from 2021-05-01T09:00

Fleming will cover the vulnerabilities of a hybrid workforce and how employees are now working from anywhere, not just their homes. Zero trust will play a large part in securing workforces in th...

Authentication vs. Authorization: Why Privileged Access Matters - Joseph Carson - ESW #225 from 2021-04-30T21:00

Authentication and authorization might sound similar, but they are two distinct security processes. Joe Carson, Chief Security Scientist at Thycotic, joins us to discuss why privileges, not iden...

HackerOne Enhances Platform, PANW Expands Unit 42, & More Funding - ESW #225 from 2021-04-30T09:00

In the Enterprise News for this week: HackerOne Enhances Security Testing Platform, Palo Alto Networks Expands Unit 42 Cybersecurity Consulting Group, Thoma Bravo to take cyber security firm Pro...

Collaboration Rules! Challenging Transparency in Modern App Sec - Rickard Carlsson - ESW #225 from 2021-04-29T21:00

Rickard Carlsson, CEO at Detectify, joins us to talk about collaboration as the modern approach application security. During the discussion, we'll cover: - why organizations should challenge tra...

ATT&CK and CTID, Part 2 - Richard Struse - SCW #71 from 2021-04-29T09:00

Richard Struse, Director of The Center for Threat-Informed Defense from MITRE Engenuity joins the SCW crew for a two part interview! -What is threat-informed defense and how does it relate to ot...

ATT&CK & CTID, Part 1 - Richard Struse - SCW #71 from 2021-04-28T21:00

Richard Struse, Director of The Center for Threat-Informed Defense from MITRE Engenuity joins the SCW crew for a two part interview! -What is threat-informed defense and how does it relate to ot...

Outgunned CISOs, Cyberthreat Reports, & Effective Cyber Security Strategy - BSW #214 from 2021-04-28T09:00

In the Leadership and Communications section, Outgunned CISOs navigate complex obstacles to keep rising attacks from turning into breaches, How to write a cyberthreat report executives can reall...

Cyber Accountability - Mathieu Gorge - BSW #214 from 2021-04-27T21:00

Cyber accountability is often overlooked by Board of Directors and the C-Suite. They tend to turn a blind eye to their cyber security mandates or avoid the issue. But as Solarwinds, MS Exchange ...

Signal Aesthetics, AirDrop Privacy, Safety vs. Security, & Data Ordering Attacks - ASW #148 from 2021-04-27T09:00

This week in the AppSec News: Signal points out parsing problems, privacy preserving improvements to AirDrop, Homebrew disclosure, WhatsApp workflows, adversarial data ordering for ML, & more! Listen

Deceptive Diffs From Subversive Submitters - ASW #148 from 2021-04-26T21:00

We start with the article about "Researchers Secretly Tried To Add Vulnerabilities to Linux Kernel, Ended Up Getting Banned" and explore its range of issues from ethics to securing huge, distrib...

Feds Have a Busy Two Weeks, British Tween Takes On TikTok, & More Facebook Woes... - PSW #691 from 2021-04-25T09:00

This week in the Security News, U.S Formally Attributes SolarWinds Attack to Russian Intelligence Agency, FBI Clears ProxyLogon Web Shells from Hundreds of Orgs, Justice Dept. Creates Task Force...

Encrypted Collaboration & Communication - Joel Wallenstrom - PSW #691 from 2021-04-24T21:00

This conversation will introduce Wickr to the PSW listeners. Joel Wallenstrom will discuss the importance of end-to-end encrypted collaboration and communication as it relates to enterprise and ...

Why Now is the Time for K-12 Cybersecurity Education - Kevin Nolten - PSW #691 from 2021-04-24T09:00

With the U.S. facing a shortage of roughly 314,000 cybersecurity professionals in the workforce, according to CSIS, there is an urgent need to build cybersecurity skills and fill the workforce p...

Darktrace & Knowbe4 IPOs, Dell Spins Off VMWare, & Zscaler Keeps Growing - ESW #224 from 2021-04-23T21:00

In the Enterprise News for this week, Darktrace targets listing for early May, KKR-backed cybersecurity firm KnowBe4 aims for $3 Billion valuation in U.S. IPO, Dell spins off VMware to fuel post...

Stopping Phishing Breaches at the Point of Click - Chris Cleveland - ESW #224 from 2021-04-23T09:00

Phishing links are getting past existing protections and clicked. How do you prevent these attacks? In this segment, Chris Cleveland, CEO at Pixm, will demonstrate how computer vision protection...

How Cloud Defenders Thwart Attacks Against Resilient Services - Jeff Deininger - ESW #224 from 2021-04-22T21:00

In cybersecurity attackers have a structural advantage over defenders: they can succeed with a staggeringly high failure-rate (not caring that most attacks get blocked at the perimeter). Meanwhi...

Compliance Innovations in the Cloud, Part 2 - Chris Hughes - SCW #70 from 2021-04-22T09:00

Cloud has and continues to disrupt many traditional business processes, activities and IT paradigms. Compliance will also be revolutionized by cloud computing. In this session we will dive into ...

Compliance Innovations in the Cloud, Part 1 - Chris Hughes - SCW #70 from 2021-04-21T21:00

Cloud has and continues to disrupt many traditional business processes, activities and IT paradigms. Compliance will also be revolutionized by cloud computing. In this session we will dive into ...

Rust in Android, Vuln Disclosure, Postmortems, & BootHole Follow-Up - ASW #147 from 2021-04-20T09:00

This week in the AppSec News, Mike and John discuss Rust in Android and the Linux kernel, vuln disclosure policy changes from Project Zero, security and DevOps collaboration, XSS with NULL, & a ...

Cyber-Risk Threat, 4 Steps to Better Security Hygiene, & 10 Rules for Work-Life - BSW #213 from 2021-04-20T09:00

In the Leadership and Communications section, Federal Reserve Chairman Says Cyber-Risk a Top Threat to National Economy, What Good Leaders Do When Replacing Bad Leaders, My Ten Rules for Work-Li...

Supply Chain Management - Doug Barbin - ASW #147 from 2021-04-19T21:00

Supply chain security isn't new, despite the renewed attention from the Solar Winds attack. It has old challenges, like having an accurate asset or app inventory, and new opportunities, like Sof...

The Hybrid Workforce: Addressing the Challenges of Work from Anywhere - Fleming Shi - BSW #213 from 2021-04-19T21:00

When the world went fully remote a year ago, many systems had to migrate from on-premise to the cloud. Now that we're starting to re-open offices, do we move these system back to on-premise or i...

Security Awareness Culture Change, Part 2 - Kelley Bray, Stephanie Pratt - SCW #69 from 2021-04-15T09:00

We continue the discussion about the importance of effective security awareness programs and what that would actually look like. We'll also examine how to move beyond "bare minimum" check-box me...

Security Awareness Culture Change, Part 1 - Kelley Bray, Stephanie Pratt - SCW #69 from 2021-04-14T21:00

Today we are going to take a look at security awareness training programs in organizations. We are joined to day by Kelley Bray and Stephanie Pratt who will help facilitate the discussion. We'll...

Facebook Dump, Hacking Your Dishwasher, Zoom 0-Click Exploit, & Ubiquity Response - PSW #690 from 2021-04-11T09:00

This week in the Security News, Polish blogger sued after revealing security issue in encrypted messenger, The Facebook dump and Have I Been Pwned, LinkedIn and more_eggs, APTs targeting Fortine...

Lessons Learned When Migrating from On Prem to Cloud - Dutch Schwartz - PSW #690 from 2021-04-10T21:00

Less than 15% of enterprise customers are primarily cloud native. With so many companies still in early stages of cloud migration, what are the key lessons learned from early adopters as well as...

nzyme - Free & Open WiFi Defense System - Lennart Koopmann - PSW #690 from 2021-04-10T09:00

Nzyme is a new kind of WiFi IDS (WIDS) that detects adversaries by looking at hard to spoof characteristics of an attacker. Existing WIDS tend to look at extremely easy to spoof metadata like ch...

Cybersecurity Unicorns, LogRhythm Version 7.7, Rapid7 Kubernetes Beta, & Cisco SASE - ESW #223 from 2021-04-09T21:00

This week in the Enterprise News, Cyble raises $4M, ThreatQuotient raises $22.5M, OneTrust acquires Convercent, Digital Shadows announces new threat intelligence capabilities, Rapid7 Announces K...

Hackers Are Targeting Your Firmware. Are You Ready? - John Loucaides - ESW #223 from 2021-04-09T09:00

83% of businesses have experienced at least one firmware attack in the past two years - and yet most organizations lack visibility into this attack surface. We'll discuss why hackers are increas...

Inbox: Zero Trust - Ryan Noon - ESW #223 from 2021-04-08T21:00

Ryan Noon joins ESW team this week to chat through the significance of recent hacks (namely: SolarWinds and Hafnium), unpack growing enterprise demand for a “digital seatbelt,” and illuminate wh...

Information Sharing - A 360 Degree View, Part 2 - Errol Weiss - SCW #68 from 2021-04-08T09:00

Errol will talk about his experiences with information sharing and building the world's first Information Sharing & Analysis Center in 1999. Errol brings unique perspective to the table as he wa...

Information Sharing - A 360 Degree View, Part 1 - Errol Weiss - SCW #68 from 2021-04-07T21:00

Errol will talk about his experiences with information sharing and building the world's first Information Sharing & Analysis Center in 1999. Errol brings unique perspective to the table as he wa...

Risk Management Approach, Automation, & the Problem With Cyber Insurance - BSW #212 from 2021-04-07T09:00

In the Leadership and Communications section, Developing a Risk Management Approach to Cybersecurity, How Automation Can Protect Against Data Breaches, The Problem with Cyber Insurance: Outdated...

Accelerating Security with Security Automation - John McClure - BSW #212 from 2021-04-06T21:00

Are you struggling with Alert Overload, Manual Processes, Multiple/Disparate Tools, Talent Shortage, and/or Budget Constraints? Of course you are! John McClure, Chief Information Security Office...

Malicious PHP Commits, OAuth Attacks & XML Injection, & Zines For DevSecOps - ASW #146 from 2021-04-06T09:00

PHP deals with two malicious commits, SSO and OAuth attack vectors to remember for your threat models, zines for your DevSecOps education!

Visit Listen

Shifting Right: What Security Engineers Can Learn From DevSecOps - Leif Dreizler - ASW #146 from 2021-04-05T21:00

The security industry generally agrees on the value of enabling developers in an agile environment—although we don't agree on what to call it… “Shifting Left,” “Creating a Paved Path,” “DevSecOp...

Ubiquiti Breach, Tesla, PHP, & More Sagas - PSW #689 from 2021-04-04T09:00

npm netmask library has a critical bug, when AI attacks, firmware attacks on the rise, Microsoft Hololens and order 66, a real executive order 13694, The Ubiquity breach saga, the FreeBSD and wi...

Cybersecurity Journalist - Robert Lemos - PSW #689 from 2021-04-03T21:00

Paul, and the rest of the PSW Hosts, will talk to Robert about how he got his start in InfoSec.

Visit https://www.securityweekly.com...

The Intersection of Cybersecurity & Cryptocurrency - Nick Percoco - PSW #689 from 2021-04-03T09:00

With an uptick in malware scams and email compromises, the best thing we can do is educate the cryptocurrency community about risks and security best practices. Listen

Tyler's "Deathpool", Astadia, Gigamon, & GRIMM - ESW #222 from 2021-04-02T21:00

This week in the Enterprise News: Funding announcements from Clearsense, Morphisec, Feedzai, Jumio, Ketch, Living Security, Productiv and Socure. ServiceNow acquires Intellibot, Accenture acquir...

Why User Adoption in Enterprise Security is Low - Juliet Okafor - ESW #222 from 2021-04-02T09:00

Security technology roll-outs often fail because of the following: 1) Weak Security Culture - users don't see value or understand the importance of taking action. 2) Security teams often fail to...

Rise of Insider Threat Post-C19 - Zack Moody - ESW #222 from 2021-04-01T21:00

Is there an emerging threat to your data post-C19 with disgruntled employees having to come back to an office? How do we protect our data and keep employees happy that have access to data from w...

Vulnerability Management is Still a Mess - Part 2 - Rafal Los - SCW #67 from 2021-04-01T09:00

In the second segment, the SCW hosts will continue the discussion with Raf and hopefully come up with some guidance on what can be done to make vulnerability management work better.

Vulnerability Management is Still a Mess - Part 1 - Rafal Los - SCW #67 from 2021-03-31T21:00

The SCW hosts discuss Rafal Los' recent blog post "Vulnerability Management is Still a Mess" (...

Business Leader, CISO Skills, & Building Your Cybersecurity A-Team - BSW #211 from 2021-03-31T09:00

In the Leadership and Communications section, Being a CISO in 2021: How to Be a Business Leader in the Boardroom, Skills CISOs Need to Have in 2021, Build your cybersecurity A-team: 7 recruiting...

How NDR Technology Helps Manage Cybersecurity Challenges - Nemi George - BSW #211 from 2021-03-30T21:00

NDR technologies such as ExtraHop are the latest tools in the CISO toolbox for combating cybersecurity threats. It enables previously unattainable speed and efficacy in detecting, identifying an...

TikTok Analysis, Patching Patches, CI/CD Integrity, Faster Fuzzing, & Slack Safety - ASW #145 from 2021-03-30T09:00

Security and privacy technical analysis of TikTok, subtle parsing problems, chain of trust through a CI/CD pipeline, faster fuzzing even without source code, interplay of application security an...

OWASP Top 10 of 2021 - Andrew van der Stock - ASW #145 from 2021-03-29T21:00

The OWASP Top 10 2021 is in development. A public survey has just been released. We have finished collecting data. I would like to discuss what the plans are for the OWASP Top 10 2021, and when ...

Open Redirects - An Underestimated Vulnerability - PSW #688 from 2021-03-28T09:00

Learn what redirects are, the different types, how they work and how they are exploited by attackers. Oh, also learn how to defend against redirect attacks!

Sven's Slide Deck - Open Redir...

DOOM Exploit, iPhone Deep Fakes, & 11 0-Days Infect Devices - PSW #688 from 2021-03-27T21:00

This week in the Security News: Doom exploit wins an award, a puzzle honors Alan Turing, anyone can create a deepfake, Jabber bugs, unquoted service paths, Nim malware, Deadly sins of secure cod...

Taming Vulnerability Overload - Mehul Revankar - PSW #688 from 2021-03-27T09:00

Almost weekly, hackers discover and exploit vulnerabilities in popular programs like SolarWinds and Microsoft Exchange Server, impacting thousands. While it would be great to eradicate these vul...

Axis Security, Qualys, VMware, NFTs, & Linksys/Fortinet - ESW #221 from 2021-03-26T21:00

This week in the Enterprise News, Funding announcements from Security Scorecard, Secureframe, Axis Security, Orca, Cylera, and Vulcan Cyber. A non-funding announcement from Thinkst. Fortinet aqu...

"Jump-Start Your SOC Analyst Career" - Jarrett Rodrick - ESW #221 from 2021-03-26T09:00

Jarrett Rodrick and Tyler Wall's new book, "Jump-start Your SOC Analyst Career," is meant to serve as a roadmap for those who wish to take their first steps into cyber security/SOC analyst. We d...

Platform Security - PaaS & Hosting - Trey Ford - ESW #221 from 2021-03-25T21:00

- What security features does Heroku offer that the customer can control and how have these evolved over time? - How do you balance the security of the application, with the security of the depl...

PlexTrac Talks PCI, Part 2 - Dan DeCloss, Shawn Scott - SCW #66 from 2021-03-25T09:00

The conversation continues as the PlexTrac team, Dan DeCloss & Shawn Scott, demonstrate how PlexTrac can tackle compliance (among other things)!

Visit Listen

PlexTrac Talks PCI, Part 1 - Dan DeCloss, Shawn Scott - SCW #66 from 2021-03-24T21:00

This week, Jeff, Liam Downward, Scott, & Josh talk PCI with Dan DeCloss and Shawn Scott from PlexTrac!

Visit https://www.securitywee...

Dictionary Attacks, SASE Misinformation, & 3 Key Tasks - BSW #210 from 2021-03-24T09:00

In the Leadership and Communication Segment, 5 Reasons Why Cybersecurity Should Be A Priority While Planning Your Business, 3 Key Tasks That Help Me Work Way Less and Accomplish More, Everything...

Medical Device Secure Development Lifecycle - Christopher Gates - BSW #210 from 2021-03-23T21:00

How to incorporate security into your existing medical device development process, What artifacts need to be created, & Security activities that are new.

Visit Listen

Supply Chains in Azure SDK/Xcode, GitHub Sessions, & GCP VRP - ASW #144 from 2021-03-23T09:00

In the AppSec News: Supply chain security in Azure SDK and macOS Xcode, GitHub's postmortem on a session handling flaw, six GCP vulns from 2020, & information resources for hacking the cloud! Listen

Approaching AppSec Like a Hacker - Johanna Ydergard, Roberto Giachetta - ASW #144 from 2021-03-22T21:00

Security is struggling to keep up with securing modern web applications and the fast pace of wild web hacks. Detectify is building automated app scanners that can think like a hacker and shorten...

Plextrac Mini-Series Episode 1: Purple Teaming - Bryson Bort - PSW #687 from 2021-03-21T09:00

The first episode of Security Weekly's podcast mini-series with PlexTrac "Getting the Real Work Done in Cybersecurity" starts with PlexTrac's bread and butter, Purple Teaming! The group - along ...

Security Grades, Mirai, Quantum Cryptography, & Hacking "Beer" - PSW #687 from 2021-03-20T21:00

In the Security News, If software got a security grade, most would get an F, SolarWinds hackers got some source code, new old bugs in the Linux kernel, hack stuff and get blown up, stop hacking ...

Getting The Real Work Done With Plextrac - Dan DeCloss - PSW #687 from 2021-03-20T09:00

Dan will run through some customer testimonials on how they are using Plextrac effectively to get the real work done in security! This segment is sponsored by PlexTrac.

Visit Listen

Attack Surface - What are we Missing? - Ilia Kolochenko - ESW #220 from 2021-03-19T21:00

Ilia Kolochenko, founder of ImmuniWeb, joins Paul and Adrian to discuss the challenge of discovering and handling exposed data and vulnerabilities before the bad guys do.

Visit <...

ARM Support, Cyber "SPAC", Cyber Fusion, Docker, & Beer Outage - ESW #220 from 2021-03-19T09:00

This week in the Enterprise Security News: funding announcements from Coalition, HeraSoft, Cowbell Cyber, Argon, Cynet, Docker, and Cyware. Sonatype Acquires MuseDev, Sumologic Acquires DF Labs,...

Investing In Cybersecurity - Ron Gula - ESW #220 from 2021-03-18T21:00

Ron joins us to cover various aspects of investing, including how to give the right pitch, what enterprises should be looking for in new technologies, are you 5% or amazing tech? Ron is also cha...

Security & Compliance Legal Highlights - Part Deux - SCW #65 from 2021-03-18T09:00

We're letting Priya have the bulk of the time to discuss what's on her mind in terms of legal implications of security & compliance news and events.

Visit Listen

Security & Compliance Legal Highlights - SCW #65 from 2021-03-17T21:00

We're excited to have Priya Chaudry with us today, so we are going to focus our discussion on news and events with legal implications (or the legal implications of news and events)! For starters...

Importance of Culture, Engaging The Board, & 8 New Roles! - BSW #209 from 2021-03-17T09:00

This week, in the Leadership and Communications section, The importance of culture in digital transformation, 4 ways to keep the cybersecurity conversation going after the crisis has passed, 8 n...

The Nine Cybersecurity Habits - George Finney - BSW #209 from 2021-03-16T21:00

In 1989, Stephen Covey first published "The 7 Habits of Highly Effective People," empowering and inspiring leaders for over 25 years. Is there an equivalent or new set of habits for CISOs? Georg...

Unauth'd RCE, "Regexploits", Post-Spectre Web, & SigStore Signing - ASW #143 from 2021-03-16T09:00

Software safety to mitigate the impact of unauthenticated RCEs, exploding regex patterns, web and browser security in the face of Spectre side-channels, signing software artifacts, 8 roles for t...

Cloud Native Security Platforms - John Morello - ASW #143 from 2021-03-15T21:25:33

Modern appsec demonstrates the importance of a cloud native strategy for enterprise security and how much that strategy must integrate with DevOps tools and workflows. Security solutions need to...

Ransomware Research, Threats, and Futures - Assaf Dahan - PSW #686 from 2021-03-14T10:00

Assaf Dahan, Sr Director, Head of Threat Research at Cybereason, discusses current trends in ransomware research. What happens when we're not watching or watching the wrong indicators? And threa...

Russian regex, John McAfee, Verkada Hack, & Microsoft Exchange - PSW #686 from 2021-03-13T22:00

Microsoft Exchange had some vulnerabilities, how could you not hear about them?, Russians try to throttle Twitter, silicon valley security camera company has been breached and we get to see what...

How Illicit Markets Really Operate - David Hétu - PSW #686 from 2021-03-13T10:00

David has been studying the structure, size and scope of illicit markets for over 10 years. He has come to realize just how fragmented illicit markets are, how a few select vendors often control...

CrowdStrike Falcon, Gigamon Hawk, Awake's NDR, & Acquisitions - ESW #219 from 2021-03-12T22:00

This Week, In the Enterprise Security News: Okta acquires Auth0, KnowBe4 Acquires MediaPRO, PayPal to acquire Curv, and Dropbox to acquire DocSend Aqua Security raises $135M, Privacera Secures a...

Attack Surface Management, Monitoring, & Mapping - Jeff Foley - ESW #219 from 2021-03-12T10:00

The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source informat...

Using Computer Vision to Combat Phishing - Chris Cleveland - ESW #219 from 2021-03-11T22:00

Email security and phishing protection has many gaps that are exploited by attackers. Learn how computer vision can help prevent malicious URLs and websites from doing bad things to your users. ...

ICS/OT Regulation, Part 2 - Jim Gilsinn - SCW #64 from 2021-03-11T10:00

Industrial Control Systems (ICS) and Operational Technology (OT) have risks and consequences in the real world, such as the health and safety of people, but how those industries handle the poten...

ICS/OT Regulation - Jim Gilsinn - SCW #64 from 2021-03-10T22:00

Industrial Control Systems (ICS) and Operational Technology (OT) have risks and consequences in the real world, such as the health and safety of people, but how those industries handle the poten...

Risky Business (With Less Resources), Or: Know the CISO Job Search - BSW #208 from 2021-03-10T10:00

In the leadership and communications section, Risky business: 3 timeless approaches to reduce security risk in 2021, Why Less Can Be More When It Comes to Cybersecurity, CISO job search: What to...

Security Leadership in Times of Transition - Gerald Beuchelt - BSW #208 from 2021-03-09T22:00

In 2020, we interviewed Gerald Beuchelt on Enterprise Security Weekly. At that time, he was the CISO at LogMeIn. Now he's the CISO at Sprinklr. What's it like to transition jobs in the middle of...

Security Engineering, Evil Packages, Exchange SSRF, & Observability - ASW #142 from 2021-03-09T10:00

Making security engineering successful, Go's supply chain, mitigating JSON interoperability flaws, automating the hunt for deserialization flaws, the importance of observability, and what to do ...

Privacy, Data Security & Compliance - Cynthia Burke - ASW #142 from 2021-03-08T22:00

In most IT shops, privacy, data security and compliance often resided under the same umbrella of ownership. While all 50 States in the US have data breach notification laws, we are seeing a shif...

Patching Exchange Servers, Book Reviews, Rockwell, & Forgotten AM Broadcasts - PSW #685 from 2021-03-07T10:00

This week, In the Security News, Calling all people who know how to patch MS Exchange servers, we need you, Rockwell Automation PLC flaws and what you can't do about it, a book review I agree wi...

How To Build A Kick-Ass PC - PSW #685 from 2021-03-06T22:00

Paul recently built a new PC for daily work and security-related tasks. It's a monster PC! The build was researched heavily, and in this segment, Paul will share all the tips and tricks to you c...

Offensive Cybersecurity Education and Getting Started in Pentesting - Phillip Wylie - PSW #685 from 2021-03-06T10:00

Phillip will discuss his passion for offensive cybersecurity education, mentoring, and getting started in pentesting. He co-authored a book based on his conference talk "The Pentester Blueprint:...

Thycotic & Centrify, Geography, YubiKey, & K7 Antivirus - ESW #218 from 2021-03-05T22:00

This week, In the Enterprise Security News Thycotic and Centrify join forces, Netwrix acquires Strongpoint, SentinelOne plans for IPO, Qomplx plans to go public, and funding announcements from A...

The New Cybercrime Landscape - Kimberly Sutherland - ESW #218 from 2021-03-05T10:00

LexisNexis Risk Solutions recently released its biannual Cybercrime Report covering July 2020 through December 2020, which details how the evolving threat landscape created new opportunities for...

Traditional IDS is Dead - Matt Cauthorn, Sri Sundaralingam - ESW #218 from 2021-03-04T22:00

Many security teams have accepted their Intrusion Detection Systems (IDS) as little more than a compliance check-off. IDS reliance on bi-modal signatures is brittle, easily evaded by attackers, ...

Tips and Advice: Practical Steps When Considering Cyber Insurance - Albert "Nickel" Lietzau, V, Mike Volk - SCW #63 from 2021-03-04T10:00

Assuming Nickel and Mike survived the first segment, we're asking them for practical advice in this segment on how to consider and ultimately select the right cyber insurance program for you. We...

Cyber Insurance: Debunking Myths - Albert "Nickel" Lietzau, V, Mike Volk - SCW #63 from 2021-03-03T22:00

Nickel Lietzau and Mike Volk have heard that we are not huge fans of cyber insurance on SCW, and they have graciously agreed to subject themselves to our scrutiny. In the first segment we'll tou...

Cyberinsurance, Breaches, Business Continuity, & Beyond! - BSW #207 from 2021-03-03T10:00

In the leadership and communications section, Financial Targets Don’t Motivate Employees, Texas power outage flags need to revisit business continuity, Security job candidate background checks: ...

Security Incidents: Simple Responses That Make All The Difference - David Chamberlin - BSW #207 from 2021-03-02T22:00

What are some best practices for preparing for a security incident? David Chamberlin, Managing Director at CRA, Inc., joins Business Security Weekly to discuss preparation for a security inciden...

JSON, OpenSSL, Educational Resources, & Flaws in CodeQL - ASW #141 from 2021-03-02T10:00

This week on the Application Security News, Implementation pitfalls in parsing JSON, finding all forms of a flaw with CodeQL, more educational resources for hacking apps, engineering and product...

Hackable; How to do Application Security Right - Ted Harrington - ASW #141 from 2021-03-01T22:00

In looking at how to do application security right we talk about understanding the difference between defining types of security testing and the goals that security testing should be aiming for....

TV Hacking, Nvidia, Nation States, NASA, & WMware - PSW #684 from 2021-02-28T10:00

This week In the Security News, Nvidia tries to throttle cryptocurrency mining, Digging deeper into the SolarWinds breach, now with executive orders, NASA's secret message on Mars, vulnerabiliti...

Wait, You Did What? How To Be A Cybersecurity Hero... - Bryan Seely - PSW #684 from 2021-02-27T22:00

Bryan will talk about how and why he wire-tapped the US Secret Service and FBI, how he used his Marine Corps training, cyber abilities, social engineering, and OSINT to rescue his foster daughte...

"Confessions of a CIA Spy - The Art of Human Hacking" Book Release - Peter Warmka - PSW #684 from 2021-02-27T10:00

Peter will tell the story behind the story of his new book "Confessions of a CIA Spy - The Art of Human Hacking" including key highlights from the book regarding data protection. Peter's new boo...

Evaluating the MITRE ATT&CK Evaluations in their Third Year - ESW #217 from 2021-02-26T22:00

The latest MITRE ATT&CK vendor evaluations are due out soon. In advance of the new round, Uptycs' Ganesh Pai and Amit Malik explore the MITRE ATT&CK framework, its ongoing value for analysts AND...

2020 Security Operations Survey - Christopher Crowley - ESW #217 from 2021-02-26T10:00

The 2020 SOC Survey results are in and the author, Chris Crowley, will discuss the detailed results in the report and how they can help individuals and organizations reduce the drag on our globa...

Red Canary, Imperva Sonar, Data Breaches & Share Prices, & TrendMicro XDR - ESW #217 from 2021-02-25T22:00

This week in the Enterprise News: LasPass is no longer free, Tenable helps with dynamic assets, Security Scorecard and the Score Planner, Trend Micro XDR, & Imperva launches sonar! Funding annou...

The Journey Of An Inner City Street Hacker, Part 2 - Chris Cochran, John Threat, Ronald Eddings - SCW #62 from 2021-02-25T10:00

The world of hacking and the threat actors that do that sort of thing. What are the implications on comp sec in 2021 for persons, corporations, nation states and maybe even your cat?

  Listen

The Journey Of An Inner City Street Hacker, Part 1 - John Threat - SCW #62 from 2021-02-24T22:00

Jeff, Flee, & Scott talk to John Threat about his background and what led him to becoming a hacker.

Visit https://www.securityweekly...

Risk, Security Initiatives, Business Outcomes, & Aligning Budgets - BSW #206 from 2021-02-24T10:00

In the Leadership and Communications section, Are businesses underinvesting in cybersecurity?, 4 tips to help CISOs get more C-Suite cybersecurity buy-in, New CISO Priorities of 2021, and more!<...

The Cloud's Influence on the Evolving Culture of Security - Dutch Schwartz - BSW #206 from 2021-02-23T22:00

Dutch Schwartz, Cloud Security Strategist at AWS, discusses cloud's influence on the evolving culture of security. Having worked with many Fortune 500 CISOs and CIOs, Dutch will share his though...

Dependency Confusion, Suspender Falls, Web Shells, & AppSec Scale - ASW #140 from 2021-02-23T10:00

This week on the Application Security News, Dependency confusion for internal packages, Chrome pulls down the Great Suspender, Microsoft highlights web shells, some strategies on scaling AppSec,...

Targeting, Exploiting, & Defending Linux - Brandon Edwards - ASW #140 from 2021-02-22T22:00

Linux is all over the place (sometimes surprising), why is targeting it different? What types of attacks are used? How can we defend against attacks on Linux? We can incorporate recent attacks a...

Unearthing a 10-Year Old SUDO Vulnerability - . Wheel - PSW #683 from 2021-02-14T10:00

“Wheel” was part of the team that discovered the heap overflow vulnerability in SUDO, Baron Samedit (CVE-2021-3156), that impacted major Unix-like operating systems included Linux, macOS, AIX an...

CD Projekt Ransomwared, Ciphers, Water Supply Hacked, & Clubhouse Security Risks - PSW #683 from 2021-02-13T22:00

This week in the Security News, Police Playing copyrighted music to stop video of them being posted online, Border agents can search phones freely under new circuit court ruling, Microsoft warns...

What Does Zero Trust Mean To You? - Peter Smith - PSW #683 from 2021-02-13T10:00

In this segment we'll unpack "Zero Trust", what does it mean and how can it be applied as a concept to information security today? It certainly begs the question what and who do you trust? Often...

Work-Bench Ventures - Kelley Mak - ESW #216 from 2021-02-12T22:00

Kelley will discuss his investment thesis in security, his opinions on the cybersecurity investment market in general. He will also review some good and bad investments, stories from the real wo...

Network Discovery & IT Asset Inventory - HD Moore - ESW #216 from 2021-02-12T10:00

HD has been focused on research related to network discovery and IT asset inventory for the past three years. This work has led to new techniques for device fingerprinting and topology mapping t...

'Selfie Biometrics', NetWitness, Okta, & Jetstack Secure - ESW #216 from 2021-02-11T22:00

A new Open-source tool helps discover public Azure blobs, A New Eclypsium Integration with Kenna.VM, Armis Raises $125 Million, Okta launches its new open-source design system, Enterprise selfie...

Security & Compliance Legal Highlights - SCW #61 from 2021-02-11T10:00

Our co-host, Priya Chaudry will enlighten us on several other topics of interest to our community. There might be a mention of Solarwinds, Southwest Airlines, HIQ Labs, and more.

Update on CFAA - SCW #61 from 2021-02-10T22:00

We welcome our resident legal expert and co-host Priya Chaudry to catch us up on the status of the Supreme Court case concerning the Computer Fraud and Abuse Act (CFAA) and some other legal topi...

9 Steps, the Big 8, & 7 Super Bowl Rings! - BSW #205 from 2021-02-10T10:00

In the leadership and communications section, 9 Steps for Effective Cybersecurity Risk Management, The Big 8: How to heighten cybersecurity governance, 7 Super Bowl rings for Tom Brady, and more...

Evolution of the CISO Role - Ben Carr - BSW #205 from 2021-02-09T22:00

Ben Carr, Global Chief Information Security Officer at Qualys, steps in last minute to talk about his transition from Aristocrat to Qualys and the evolution of the CISO role.

Vis...

BBPLR, API Security Trends, Memory Unsafety, & Patching 0-Days - ASW #139 from 2021-02-09T10:00

Funding bounties or finding bugs, how should we invest? Talks from Enigma Conference on memory unsafety and 0-days. Coming trends in API security and a review of research from 2020.

Being a Serial Entrepreneur, Business Leader, & Hacker - Alissa Knight - ASW #139 from 2021-02-08T22:00

Alissa Knight has spent her career going against industry and social norms as both a Transgendered and Lesbian business leader and hacker. Learn more about her, her achievements as a published a...

Vending Machine Hack, Chucky's Amber Alert, HarmonyOS, & Realtek Vulns - PSW #682 from 2021-02-07T10:00

Security in a Complex World, Huawei’s HarmonyOS embodies “Fake it till you make it”, Hackers Infiltrating the World of Online Gaming, Sloppy patches breed zero-day exploits, Dutch researcher hac...

Quantum Computing & Finding the Truth - Bill DeLisi - PSW #682 from 2021-02-06T22:00

Bill will provide insight on best practices for internet safety, for work from home, family friendly internet habits which leads to the conversation of secure chats/files, & more!

Starting A Non-Profit To Help Small Companies With CMMC - Josh Marpet - PSW #682 from 2021-02-06T10:00

Small federal contractors are being required to become compliant with a new standard, CMMC. They've never had to do the level of security and compliance maturity that it requires! What do they d...

The Cyber Defense Matrix, the DIE Triad, and Cybersecurity Startups - Sounil Yu - ESW #215 from 2021-02-05T22:00

The Cyber Defense Matrix is a framework to help systematically organize the many things that we buy and do in cybersecurity. The DIE Triad offers a new way of thinking about resiliency, how we s...

Attack Surface Management - Jonathan Cran - ESW #215 from 2021-02-05T10:00

Attack Surface Management is an important and growing field within Information Security. In this segment, we discuss how security teams can frame the problem and what can be done to get a handle...

Imperva Updates WAAP, SonicWall Confirms 0-Day, & Arista Zero Trust - ESW #215 from 2021-02-04T22:00

This week in the Enterprise News, Mission Secure Announces Series B, Akamai Technologies Acquires Inverse, for Microsoft, Security is a $10 Billion Business, Sontiq acquires Cyberscout, IRONSCAL...

The Security Poverty Line, Part 2 - Wendy Nather - SCW #60 from 2021-02-04T10:00

Securing an organization means more than just spending money. For those that fall below the "security poverty line," many other dynamics come into play that make it harder for them to accomplish...

The Security Poverty Line, Part 1 - Wendy Nather - SCW #60 from 2021-02-03T22:00

Securing an organization means more than just spending money. For those that fall below the "security poverty line," many other dynamics come into play that make it harder for them to accomplish...

WallStreetBets - Hacking the Hedge Funds - BSW #204 from 2021-02-03T10:00

Everyone has heard the GameStop frenzy by now, but what's it all about. How did a group of Reddit users hack the financial system and squeeze the hedge funds? We're going to discuss the details ...

Security Money - The Index is on the Rise - BSW #204 from 2021-02-02T22:00

It's time for our quarterly segment to review the money of security, including public companies, IPOs, funding rounds and acquisitions from Q4 2020. We'll also update you on our own index that t...

Sudo Vuln, Libgcrypt, BlastDoor on iMessage, & AWS Lambda security - ASW #138 from 2021-02-02T10:00

This week in the Application Security News, Sudo sure does, Libgcrypt flaw, iMessage demonstrates security by design, AWS Lambda shares a message on its design security, & more!

...

Groundhog Day - It's Time to Reset the Script on Vulnerabilities - John Delaroderie - ASW #138 from 2021-02-01T22:00

In honor of the movie Groundhog Day, John will take a look at the top 10 most routinely exploited vulnerabilities through a web app security lens.

This segment is sponsored by Qu...

Ghostcat, Apache, Networks, Starliner - ASW #98 from 2021-01-31T22:10:42.023393

CVE-2020-1938: Ghostcat vulnerability in the Tomcat Apache JServ Protocol. IMP4GT: IMPersonation Attacks in 4G NeTworks demonstrates a proven insecurity on a layer above provably secure protocol...

News - Startup Security Weekly #31 from 2021-01-31T22:10:42.023393

Machine learning from an investor’s perspective, 5 skills entrepreneurs need to succeed, AdEspresso joins Hootsuite, and more in this week’s Startup News!

Full Show Notes: Listen

Hack Naked TV - June 9, 2016 from 2021-01-31T22:10:42.023393

Welcome to another episode of Hack Naked TV recorded June 9th 2016. I’m your host Aaron Lyons and today I’ll be talking about Ransomare, Angler, and the Swift Network.

News - Enterprise Security Weekly #37 from 2021-01-31T22:10:42.023393

LookingGlass debuts a new partner portal, F-Secure acquires Inverse Path, Skyhigh Networks has new CASB patents, and more in this week’s Enterprise News!

Full Show Notes: Listen

Recorded Future and Virsec - PSW #617 from 2021-01-31T22:10:42.023393

We interview Roman Sannikov, the Director and Analyst on Demand at Recorded Future. We also interview Ray DeMeo, the Chief Operating Officer at Virsec.

\Full Show Notes: Listen

Hack Naked TV - June 2, 2016 from 2021-01-31T22:10:42.023393

Hack Naked News covers Team Viewer, Myspace gets hacked, Infoblox, Ransomware, and Darkode! Here on Hack Naked TV!

FireFox, Windows 10, DevOps, and BitHubLab - Application Security Weekly #19 from 2021-01-31T22:10:42.023393

Application news, DevOps food for thought, learning & tools from BitHubLab, and bugs, breaches, and more!

Full Show Notes: https:/...

Hack Naked TV - May 31, 2016 from 2021-01-31T22:10:42.023393

Hack Naked TV, hosted by yours truly, Aaron Lyons! This week he will bring up the Bangladesh Heist, the battle between Google VS Oracle, Rob Graham's Port Scanning, and he'll rant on Ransomware!...

Coresecurity, Endgame, & Edgewise - ESW #150 from 2021-01-31T22:10:42.023393

We interview Steve Laubenstein from CoreSecurity, Ian McShane from Endgame, and Peter Smith from Edgewise!

Full Show Notes: https:...

Hack Naked TV - May 26, 2016 from 2021-01-31T22:10:42.023393

Do you know who Guccifer is? He could hack your email! Aaron Lyons talks about Guccifer, the Bangladesh Heist, and $12 million was stolen from an Ecuadorean bank.

Hack Naked TV - May 24, 2016 from 2021-01-31T22:10:42.023393

This week on Hack Naked TV, Aaron talks about Ransomware, Bangladesh, and US Cyber Tech!

Ping Identity, Cequence, & NowSecure - ASW #73 from 2021-01-31T22:10:42.023393

At Black Hat 2019, we interviewed: Ameya Talwalker from Cequence, Mark Batchelor from PING Identity, and Michael Krueger from NowSecure!

Full Show Notes: Listen

Hack Naked TV - May 19, 2016 from 2021-01-31T22:10:42.023393

Ransomware again? I think so! Hear other great news stories and he will give some special advice! Here on Hack Naked TV!

Hack Naked TV - Beau Bullock from 2021-01-31T22:10:42.023393

Need the Security News for Week? Here's an in-depth update with Beau Bullock about Critical 7-zip Vulns, Symantec BSOD, Facebook CTF Platform, and EmPyre.

Hack Naked TV - May 12, 2016 from 2021-01-31T22:10:42.023393

Need the Security News for the Week? Here on Hack Naked TV, Aaron Lyons gives the top news for the week in Security and Hacking!

Hack Naked TV - May 5, 2016 from 2021-01-31T22:10:42.023393

Ever wonder what Image Magick is? We don't know either! That's why Aaron is here to inform you about Image Magick among other more interesting topics! Stay tuned here on Hack Naked TV!

Hack Naked TV - May 3, 2016 from 2021-01-31T22:10:42.023393

Do you know what Cyber warfare? Hear what Aaron Lyons has to say about Cyber warfare! He rants on this Hack Naked TV.

Kobe's Quotes To Live and Other Leadership News - BSW #161 from 2021-01-31T22:10:42.023393

This week in the leadership articles segment, Matt, Paul and Jason cover the following articles: Tech Isn't the Problem or Solution for Better Productivity. Instead, Look to Your Own Leadership,...

Hack Naked TV - April 28, 2016 from 2021-01-31T22:10:42.023393

Welcome to another episode of Hack Naked TV recorded April 28th 2016. Aaron covers Cyberbombs, the next scan from Robert Graham, professional cyclists hacking their bikes, and more.

Hack Naked TV - April 14, 2016 from 2021-01-31T22:10:42.023393

This week on Hack Naked TV, Aaron Lyons talks about Badlock, Ransomware, Russian Prison for Hackers, and Ransomware. Check out Beau Bullock's Hack Naked for more in depth detail on Badlock.

Episode 367: Live from Mid-Atlantic Collegiate Cyber Defense Competition from 2021-01-31T22:10:42.023393

Fighting IoT Insecurities - Terry Dunlap - PSW #657 from 2021-01-31T22:10:42.023393

Arrested at 17 while hacking with a Commodore 64, Terry went on to work for the US National Security Agency help track terrorists. He left the NSA in 2007 to bootstrap Tactical Network Solutions...

MITRE ATT&CK: Katie Nickels, MITRE - Paul's Security Weekly #612 from 2021-01-31T22:10:42.023393

Katie Nickels is the ATT&CK Threat Intelligence Lead at MITRE Corporation. MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observatio...

Paul's Security Weekly #364 - Security News from 2021-01-31T22:10:42.023393

Paul's Security Weekly #363 - Security News from 2021-01-31T22:10:42.023393

Embedded device fail, WeMo, and more!

Guacamole RCE, PAN-OS Flaw, & A Culture of Resilience - ASW #113 from 2021-01-31T22:10:42.023393

Would you like some RCE with your Guacamole?, Attackers Will Target Critical PAN-OS Flaw, Security Experts Warn, Microsoft releases emergency security update to fix two bugs in Windows codecs, T...

Biometric Authentication, Jumio - Paul's Security Weekly #611 from 2021-01-31T22:10:42.023393

Growth of account takeover and how to prevent it Data breaches continue to threaten organizations and expose usernames and passwords on the Dark Web, enabling fraudsters to use stolen data to ac...

Security Weekly #448 - The Vulnerability Management Maturity Curve from 2021-01-31T22:10:42.023393

Organizations tend to fall somewhere on a scale of 0 through 100 (with 100 being the best) when it comes to the maturity of their vulnerability management program. Starting at 0 for those who do...

AttackDefense Labs Platform - Paul's Security Weekly #609 from 2021-01-31T22:10:42.023393

We interview Vivek Ramachandranis the Founder & CEO of Pentester Academy. Pentester Academy, our AttackDefense Labs platform and other topics. Vivek will show a demo of their AttackDefense labs....

Hack Naked TV: OSCP Review from 2021-01-31T22:10:42.023393

Aaron reviews the Penetration Testing with Kali Linux course and OSCP test.

Startup Security Weekly #20 - Chad Boeckmann, Secure Digital Solutions from 2021-01-31T22:10:42.023393

Chad founded Secure Digital Solutions in 2005 with a vision to provide clients vendor-neutral information security services aligned with business goals and objectives. He has over 17 years of in...

Security Weekly #443 - Security News from 2021-01-31T22:10:42.023393

The Security Weekly crew discusses software security, how to create more secure code, legacy code, IoT devices and more!

Security Weekly Web Site: http://securityweekly.com

Hack Na...

SambaCry, FBI Warnings, and Hacking Segways - Paul's Security Weekly #523 from 2021-01-31T22:10:42.023393

Exploiting SambaCry, a warning from the FBI, hacks versus hurricanes, hacking segways, and more security news!

Full Show Notes: https...

Security Weekly #438 - Interview with Ron Gula from 2021-01-31T22:10:42.023393

We interview Ron Gula, one of the first interviews conducted on Security Weekly. Ron is a leading cybersecurity thinker, innovator, and visionary in the information security industry.

Listen

Security Weekly #436 – Security News: IoT and Nest from 2021-01-31T22:10:42.023393

Today in the news, Kevin recaps the T-Mobile breach. Do we now let the fox watch the henhouse? Larry dives into a Nest (TM) of IoT (drink) devices. Paul tries to keep it together with a blog pos...

The Pillars Of The Enterprise, Gravwell - Enterprise Security Weekly #138 from 2021-01-31T22:10:42.023393

Corey Thuen is the Co-Founder at Gravwell. Corey covers the topics: Framework for discussion: the pillars of the SOC and the 80/20 principle, Wire data, Log/Application Data, Endpoint protection...

Security Weekly #434 Security News - Deep Thoughts with Jack Daniel from 2021-01-31T22:10:42.023393

Jack goes full-rant on Windows 10 touch screen changes. If you are still using Yahoo! messenger, you should stop. Also, vote for McAfee bumper stickers and t-shirts will likely surface after his...

Security Weekly #434 - Interview with Micah Hoffman from 2021-01-31T22:10:42.023393

In our feature interview SANS instructor Micah Hoffman discusses everything from bug bounty programs to better security for your SaaS. Micah is an active member in the NoVAHackers community, wri...

Zane Lackey, Signal Sciences - Application Security Weekly #31 from 2021-01-31T22:10:42.023393

Zane Lackey is the Founder/Chief Security Officer at Signal Sciences. Zane Lackey explains how we the security industry needs to shift left when it comes to applications and patching.

Ful...

Startup Smart and Trade Secrets - Startup Security Weekly #43 from 2021-01-31T22:10:42.023393

Wall Street Journal Best-Selling Author Shares 6 Secrets to Starting Smart [Book Excerpt] - Note the role of emotion to get traction/results Why Entrepreneurs Need To Keep Their Business Focused...

Hack Naked News #96 - October 11, 2016 from 2021-01-31T22:10:42.023393

Tons and tons of Ransomware and Cisco! All that and more with Aaron Lyons on Hack Naked News!

Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_TV_October_11_2016<...

OneLogin Woes, Shadow Brokers Identity, oAuth Nightmares - Paul's Security Weekly #516 from 2021-01-31T22:10:42.023393

Chipotle and OneLogin suffer breaches, Windows XP Too Unstable To Spread WannaCry, Patches Available for Linux Sudo Vulnerability, Cisco, Netgear Readying Patches For Samba Vulnerability, oAuth ...

Adam Fletcher, Blackstone - Business Security Weekly #125 from 2021-01-31T22:10:42.023393

Adam Fletcher is the Chief Information Security Officer for Blackstone. As a security professional with over 18 years of experience, Adam has worked with global security organizations large and ...

Exploiting Client-Side Node.js with Moses Hernandez - Paul's Security Weekly #516 from 2021-01-31T22:10:42.023393

I know what you're thinking, Node.js is server-side right? Not exactly. It turns out many client-side applications have embedded Node.js. And its not always updated to the latest version. And, i...

Security Vendor Response to WannaCry Makes Me Want to Cry - Enterprise Security Weekly #45 from 2021-01-31T22:10:42.023393

Identropy and Exabeam team up, five pitfalls to avoid during a CASB evaluation, FirstWave partners with Fortinet, and more enterprise news!

Full Show Notes: Listen

ICS - Enterprise Security Weekly #102 from 2021-01-31T22:10:42.023393

Paul and Matt review the ICS security landscape, discussing the problems and potential solutions to secure critical infrastructure. We used several on-site interviews and briefings with solution...

Larry Pesce, Getting Started with FL2k - Paul's Security Weekly #570 from 2021-01-31T22:10:42.023393

An introduction to FL2K: Software Defined Radio is all the rage for detecting unknown signals and transmitters. We'll show you how to set up and use a surreptitious transmitter to start your jou...

Hack Naked TV - August 11, 2016 from 2021-01-31T22:10:42.023393

This week on Hack Naked TV, Aaron Lyons discusses all the news during Hacker Summer Camp. So stay tuned!

John Moran, DFLabs - Enterprise Security Weekly #99 from 2021-01-31T22:10:42.023393

John is a Senior Product Manager at DFLabs, where he performs a wide variety of tasks from product management to content development and partner management. John Moran talks about DFLabs Incman ...

Accenture and Heaphones - Startup Security Weekly #66 from 2021-01-31T22:10:42.023393

Paul and Michael talk about headphones, Accenture, and the startup companies that influence the security industry.

Full Show Notes: Listen

Hack Naked TV - July 28, 2016 from 2021-01-31T22:10:42.023393

Aaron Lyons discusses Lastpass, Malicious Insider, and Hacker Summer Camp! Watch all the latest security news every week, here on Hack Naked TV!

Visit http://hacknaked.tv to get all the l...

Hack Naked TV - July 26, 2016 from 2021-01-31T22:10:42.023393

This week Aaron Lyons talks about Powerware, no more Ransomware, and HIPAA! All that and more on Hack Naked TV!

Hack Naked TV - July 21, 2016 from 2021-01-31T22:10:42.023393

This week on Hack Naked TV, Aaron Lyons talks about httpoxy, Neutrino Exploit Kit, and Ubuntu. All that and more, so stay tuned!

Hack Naked TV - July 14, 2016 from 2021-01-31T22:10:42.023393

This week on Hack Naked TV, Aaron Lyons talks about Sundown exploit kit, Store Communications Act, and FDIC Hacked. All that and more, so stay tuned!

EMOTET Disrupted, "Ghost" Hackers, & Why Privacy is 'Like Bubblewrap' - PSW #681 from 2021-01-31T10:00

In the Security News, why privacy is like bubble wrap, South African government releases its own browser just to re-enable flash support, former Lulzsec hacker releases VPN zero-day used to hack...

How Tall Do You Have to Be to Ride the Ride? - Dan DeCloss - PSW #681 from 2021-01-30T22:00

Today’s segment will discuss effective assessments, the maturity of your security posture, and the composition of your team. Specific topics in the episode include the what, when, and how of con...

XDR and Vitamins - Michael Roytman - PSW #681 from 2021-01-30T10:00

What is XDR? How do we know the security protections we're investing in are working? All this and Paul's CBD Pineapple Pizza Drink on this week's show.

This segment is sponsored ...

Supply Chain Security in the Face of Solarwinds - Allan Alford - ESW #214 from 2021-01-29T22:00

Do we really need to be freaking out? What could we and should we be doing in general regardless of SolarWinds?

Visit https://www.se...

DNS Hijacking - Fredrik Nordberg Almroth - ESW #214 from 2021-01-29T10:00

Fredrik Nordberg Almroth, Security Researcher at Detectify, tells the story of how he managed to claim the top-level domain of an entire country - the Congo (DRC), .cd - before any bad actors co...

Platform9, Swimlane, SonicWall 0-Days, & Fortinet - ESW #214 from 2021-01-28T22:00

This week, in the Enterprise Security News, Platform9 unburdens users from the complexities of Kubernetes, Swimlane Raises $40 Million, SonicWall hacked by zero-days in its own products, Deloitt...

How to Build an Insider Threat Program in 10 Steps - Part 2 - Anthony Palmeri - SCW #59 from 2021-01-28T10:00

The conversation continues on mitigating insider threats and building an insider threat program!

This segment is sponsored by Ekran System. Visit Listen

How to Build an Insider Threat Program in 10 Steps - Part 1 - Anthony Palmeri - SCW #59 from 2021-01-27T22:00

Mitigating insider threats is a key cybersecurity priority for any organization that works with sensitive data. And to do that, you need an insider threat program. Such a program not only is req...

Cybersecurity Failure, Reboot Security Strategy, & Solving the Skills Gap - BSW #203 from 2021-01-27T10:00

In the Leadership and Communications section, Cybersecurity Failure among Highest Risks, warns World Economic Forum, How to reboot a broken or outdated security strategy, A 21st Century Solution...

Everyone missed SUNBURST... or did they? - Matt Cauthorn - BSW #203 from 2021-01-26T22:00

When the SolarWinds Orion SUNBURST attack hit the national newscycle, businesses far-and-wide scrambled to determine whether or not they were affected–unfortunately, many found they couldn't say...

KindleDrip, State of Messaging State Machines, DoH, & Data Security Strategies - ASW #137 from 2021-01-26T10:00

An overflow and a flawed regex paint an RCE picture for Kindle, messaging apps miss the message on secure state machines, three pillars of a data security strategy for the cloud, where DoH might...

Reading Industry Analyst Tea Leaves To Predict The Future - Taylor McCaslin - ASW #137 from 2021-01-25T22:00

It's analyst season with the new Forrester Wave on SAST recently published as well as Gartner's Application Security Testing Magic Quadrant publishing in April. We'll talk about what are analyst...

WRT54G Hacking History, 70 Unpatched Cisco Vulns, & Bypassing MFA - PSW #680 from 2021-01-17T10:00

In the Security News, How two authors became part of WRT54G hacking history, European police and German law enforcement have taken down the illegal "DarkMarket" online marketplace, 70 unpatched ...

Hacking Ubiquiti Devices - Jon Gorenflo - PSW #680 from 2021-01-16T22:00

Ubiquiti network gear has become a favorite among tech enthusiasts, but various Ubiquiti products have had some serious vulnerabilities in recent history. Listen in as we discuss hack, secure, a...

Beyond Phishing Blockers - Ryan Noon - PSW #680 from 2021-01-16T10:00

Ryan Noon joins Paul, and the rest of the PSW team, this week to chat through the importance of resilience in everything companies do to protect cloud-stored data and IP, unpack growing enterpri...

The DBoM Consortium - Chris Blask - ESW #213 from 2021-01-15T22:00

The DBoM consortium is a Linux Foundation project to be able to share information with third parties safely, securely, and with control over the information, even after handing it over! Unisys h...

It's 2021, Do You Know Where Your Assets Are? - ESW #213 from 2021-01-15T10:00

We all know asset management is one of the basics. In fact, it's literally the first two items on the Center for Internet Security's list of top 20 critical security controls. https://www.cisecu...

Amazon's Parler Removal, Beyond Security & Vicarius Partner, & More SolarWinds! - ESW #213 from 2021-01-14T22:00

This week, Beyond Security partners with Vicarius, Amazon’s Parler removal and what it means for Cloud onfidence, Kount sold to Equifax, McAfee vs Crowdstrike, JumpCloud raises some funds, Red H...

Sunburst: The Cleanup - SCW #58 from 2021-01-14T10:00

We will shift focus of the discussion from understanding to action - that is, what to do about this and similar types of attacks that might be perpetrated agains your organization. Or is there a...

Sunburst: Down the Rabbit Hole - SCW #58 from 2021-01-13T22:00

We're going to dissect what we know about the Sunburst/SolarWinds hack to this point - SCW style! We'll touch on the things that keep coming up in the news - attribution, conspiracy theories, im...

BISOs Bridge the Gap, Lots of Questions, & Use Negative Feedback to Improve - BSW #202 from 2021-01-13T10:00

In the Leadership and Communications section, How BISOs bridge the gap between corporate boards and cybersecurity, 5 questions CISOs should ask prospective corporate lawyers, Good Leadership Is ...

Why deepwatch Chose Splunk to Secure Customer Networks - Patrick Orzechowski - BSW #202 from 2021-01-12T22:00

Learn why deepwatch chose Splunk as it’s one and only SIEM solution to deliver its Managed Detection & Response services to Fortune 2000 customers. Hear how deepwatch is leveraging a variety of ...

Google 2FA Cloning, Speed vs. Security, & "Hack The Army" Bug Bounty 3.0 - ASW #136 from 2021-01-12T10:00

Significant source code leak from misconfigured repo, side-channel attack on hardware authentication keys, a third bug bounty for the U.S. Army, the cost of poor software quality, the benefits o...

Fuzz Testing - Andrei Serban - ASW #136 from 2021-01-11T22:00

Fuzzing can be successful appsec strategy for finding software bugs. And deploying a fuzzer no longer needs to be a cumbersome process. Find out how fuzzing can help secure software beyond just ...

Custom Python Encryption, Shady 0-Days, & The Great iPwn - PSW #679 from 2021-01-10T10:00

In the Security News, Nissan Source code leaked, how the shady 0-Day sales game is evolving, Hack the Army 3.0 announced, creating your own custom encryption in python, FBI warns of swatting att...

What Has Changed (or Not) Since Our Last Visit? - Ming Chow - PSW #679 from 2021-01-09T22:00

-What are we seeing from infosec graduates as they come into the enterprise to begin their careers? -How has data privacy changed since 2014? -Is the cloud a solution, or creates more problems? ...

Automated Vulnerability Remediation - The Good, the Bad and the Ugly - PSW #679 from 2021-01-09T10:00

The way we identify, prioritize, and mitigate software vulnerabilities was built in the reverse order. Why did it happen? Could a new remediation strategy finally form an alliance between IT and...

SolarWinds, FireEye, Microsoft, Oh My! - Sean Metcalf, Tyler Robinson - ESW #212 from 2021-01-08T22:00

The current ransomware, breaches, and nation state attacks have defenders feeling overwhelmed and under resourced. Can defensive teams really have defended against this type of supply chain atta...

The State of Data Security - Chris Brown - ESW #212 from 2021-01-08T10:00

A casual and candid conversation on database security. Talking through the current data trends including the transition to the cloud and what this means for the database security practitioner. W...

Veracode in AWS Marketplace, ZScaler SUNBURST Assessment, & SolarWinds Fallout - ESW #212 from 2021-01-07T22:00

This week, Tyler Shields joins us for his first episode as Co-Host, and John Strand returns! In the Enterprise News, Two data security companies merge, Veracode's products are now available in t...

Looking Forward - SCW #57 from 2021-01-07T10:00

We don't want to have the typical "predictions" episode, but do want to chat about what we might expect in the coming year; what is changing? what is coming back? and when? (if at all)? Looking ...

Looking Back - SCW #57 from 2021-01-06T22:00

We have a roundtable discussion amongst the hosts looking back on the highs and lows of 2020! Looking back: -Solarwinds (not in depth but just as part of the year) -Covid-19 -Working from home -...

6 Security Concerns, 3 Steps, & 10 Skills - BSW #201 from 2021-01-06T10:00

In the leadership and communications section, 6 board of directors security concerns every CISO should be prepared to address, Four ways to improve the relationship between security and IT, CISO...

CISO Stories - Cybersecurity Leadership 2021 - Todd Fitzgerald - BSW #201 from 2021-01-05T22:00

Up Your game with the CISO STORIES Podcast! If anything this past year has taught us is that we can not go on our own, and leveraging the experiences from other CISOs is critical to our success....

Kubernetes Clusters, Microsoft Solarigate, & Apple's Security DIY - ASW #135 from 2021-01-05T10:00

Microsoft purges malicious SolarWinds presence and highlights a threat model around their source code, the tl;drsec crew provides a hardening guide for Kubernetes, Apples provides a user guide f...

Security By Design - ASW #135 from 2021-01-04T22:00

A premise of adding security to DevOps is we can "shift left" AppSec responsibilities, one of which is building apps so they're secure by design. Yet what resources does the AppSec community pro...

SolarWinds Attack, AIR-FI Technique, & Zodiac Cypher Decoded - PSW #678 from 2020-12-20T10:00

In the Security News, How suspected Russian hackers outed their massive cyberattack, Millions of Unpatched IoT, OT Devices Threaten Critical Infrastructure, Zodiac Killer Cipher Solved, a Securi...

Securing The Enterprise Software Supply Chain - Harry Sverdlove - PSW #678 from 2020-12-19T22:00

SolarWinds is just the latest example of how the enterprise software supply chain, when compromised, can be used successfully by attackers. These coordinated and well-managed attacks prey on tru...

Generating Threat Insights Using Data Science - Roi Cohen, Shani Dodge - PSW #678 from 2020-12-19T10:00

In this world of countless vulnerabilities, we need to find a way to identify threats. Prioritizing known vulnerabilities is a step in the right direction but definitely not enough. There is a n...

Mimecast Awareness Training Philosophy - Emily Huynh, Mandy McKenzie - ESW #211 from 2020-12-18T22:00

When you roll-out the Mimecast Awareness Training best practices to your organization and embrace your employees, you will achieve something magical - employees who become an extension of your s...

Visibility Is Critical in Uncertain Times - Martyn Crew - ESW #211 from 2020-12-18T10:00

As organizations come to terms with continued uncertainty in 2021, Martyn will discuss the importance of hybrid network visibility in building an IT infrastructure that can meet the needs of thi...

42Crunch IDE OpenAPI Editing, DigiCert IoT Device Manager, & More SolarWinds - ESW #211 from 2020-12-17T22:00

This week in the Enterprise security News, A Hack brought unwanted attention to SolarWinds, Datadog and Snyk unveil GitHub integration to automate software development workflow, Thoma Bravo Inve...

Pen Testing, Part 2 w/ Dmitry Zagadsky - SCW #56 from 2020-12-17T10:00

We'll continue our discussion of penetration testing. In this segment, we'll talk about the right reasons to have a penetration test performed, the impact (for better or worse) of the PCI requir...

Pen Testing, Part 1 w/ Dmitry Zagadsky - SCW #56 from 2020-12-16T22:00

The penetration testing mythology as it applies to information security is all screwed up. If nothing else, we're going to attempt to define a penetration test, focus on the goals, and what shou...

Leadership & Communications: Lessons Learned in 2020 - BSW #200 from 2020-12-16T10:00

For this final segment of 2020, why pull more articles to review when we all lived it? Instead, let's recap some of the leadership and communications lessons we have learned in a very difficult ...