Wormable stored XSS on WordPress.org, a security lapse revealed private complaints from Silicon Valley employees, hackers hijack thousands of Chromecasts to warn of latest security bug, a linting tool for checking accessibility, speed, and security, host websites on GitHub, and UnCaptcha2.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode45 Follow us on Twitter: https://www.twitter.com/securityweekly

This week how to moderate a panel discussion, the secret to leading organizational change is empathy, DevOps explained, 5 cloud computing predictions for 2019, and the top 3 things CIOs lose sleep over.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode112

Hijacking smart TV's to promote PewDiePie, hackers attempt to sell stolen 9/11 documents, turning your house into a DOOM level with a Roomba, and hopefully you're over that New Year's hangover, because there's an Adobe PDF app patch to install!

Full Show Notes: https://wiki.securityweekly.com/Episode588

Follow us on Twitter: https://www.twitter.com/securityweekly

The Security Weekly crew has a lively topic discussion on the following: Security Breaches, Privacy, Vulnerability Disclosure, Evaluating Security Solutions, and Compliance.

Full Show Notes: https://wiki.securityweekly.com/Episode588

Follow us on Twitter: https://www.twitter.com/securityweekly

"Phoneboy" has been helping the security community for over 15 years. We fondly remember Phoneboy as a resource that helped us configure our Check Point firewalls back in the day! Phoneboy comes on the show to discuss how to help people in the security community, a topic near and dear to our hearts.

Full Show Notes: https://wiki.securityweekly.com/Episode588

Follow us on Twitter: https://www.twitter.com/securityweekly

Following a series of 5 strokes and major head injuries, Mandy is no longer in the construction engineering industry. Instead, she is pursuing all things InfoSec with an emphasis on Incident Response, Neuro Integration, Artificial General Intelligence, sustainable, ethical neuro tech, and improving the lives and community of InfoSec professionals and Neurodiverse professionals. She enjoys art, requires loads of rest still, and hopes to be half the person her service dog, Trevor, is.

Support Mandy by going to her GoFundMe Page: https://www.gofundme.com/hacking-recovery-brainstem-stroke

Full Show Notes: https://wiki.securityweekly.com/Episode587
Follow us on Twitter: https://www.twitter.com/securityweekly

The question comes up quite often, what should organizations be doing to meet the basic security requirements? We often hear the terms "Security Basics", "Minimum Security Standards" or dear lord "Security Hygiene". But what does all this mean? Is it the same for everyone? People will point to different resources that attempt to define the security basics, but do they really work? Does compliance play into this picture?

Full Show Notes: https://wiki.securityweekly.com/Episode587

Follow us on Twitter: https://www.twitter.com/securityweekly

Vaughn will discuss using freely available tools and logs you are already collecting to detect attacker behavior. Vaughn has a cookbook that will allow you to configure and analyze logs to detect attacks in your environment. You don't need anything fancy to detect attacks, use what you have along with freely available tools and techniques!

To get involved with LogRhythm, go to: https://securityweekly.com/logrhythm

Full Show Notes: https://wiki.securityweekly.com/Episode587

Follow us on Twitter: https://www.twitter.com/securityweekly

Paul, Matt Alderman, and John Strand talk Paul’s Top Ten List of 2018! They talk about Paul’s personal favorite acquisitions, breaches, vulnerabilities, interviews, attack tools, news articles, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode120

Visit http://securityweekly.com/esw for all the latest episodes!

Bitdefender offers new managed threat monitoring service, Symantec and Fortinet partner to deliver robust and comprehensive cloud security service, Untangle partners with Malwarebytes to bring layered security to SMBs, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode120

Visit http://securityweekly.com/esw for all the latest episodes!

Facebook bug exposed private photos of 6.8 million users, thousands of Jenkins servers will let anonymous users become admins, Signal app can't include a backdoor for the Australian government, WordPress plugs bug that led to Google indexing some user passwords, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode44 Follow us on Twitter: https://www.twitter.com/securityweekly

Matt and Paul discuss how to be productive during the holiday season, how to work from home without losing your mind, how to talk to your boss when you’re underperforming, selling your product as you build it, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode111

Harry Sverdlove is the CTO of Edgewise. Harry joins Keith and Paul to discuss what Edgewise does in the AppSec world, segmentation, cloud migration, trying different architectures, and more!

To get involved with Edgewise, go to: https://www.edgewise.net/securityweekly

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode44 Follow us on Twitter: https://www.twitter.com/securityweekly

Bob Ackerman is a legend in venture capital investing and is referred to as one of "Cyber's Money Men". Bob is the Founder and Managing Director of venture capital firm AllegisCyber, Co-Founder of DataTribe, Maryland's Cyber Start-up Studio, and the Founder and Executive Chairman of FounderÕs Equity Partners. Bob, welcome to Business Security Weekly.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode111

How Taylor Swift used Facial Recognition to Thwart Stalkers, unlocking android phones with a 3D printed head, Ticketmaster fails to take responsibility for malware, and it's December of 2018, To Hell with it, Just patch your stuff already!

Full Show Notes: https://wiki.securityweekly.com/Episode586

Follow us on Twitter: https://www.twitter.com/securityweekly

Ed Skoudis, Founder of the Counter Hack Challenge and Kringle Con 2018, joins us on the show to talk about this years challenge and what's in store! "Welcome to Counter Hack Challenges, an organization devoted to creating educational, interactive challenges and competitions to help identify people with information security interest, potential, skills, and experience. We design and operate a variety of capture-the-flag and quiz-oriented challenges for the SANS Institute, Cyber Aces, US Cyber Challenge, and other organizations. Our featured products include NetWars, CyberCity, Holiday Hack Challenge, Cyber Aces Online, and several Cyber Quests."

Join KringleCon: www.kringlecon.com

Full Show Notes: https://wiki.securityweekly.com/Episode586

Follow us on Twitter: https://www.twitter.com/securityweekly

NopSec announces the latest release of its flagship product, Minerva Labs Anti-Evasion Platform achieves VMware ready status, SecurityScorecard announces partnership with cybernance to drive holistic view of cyber risk across the enterprise, and we have some acquisition and funding updates from Venafi, WhiteFox, and Pindrop!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode119

Visit http://securityweekly.com/esw for all the latest episodes!

Don Murdoch is the Assistant Director at Regent University Cyber Range. Don discusses his book "Blue Team Handbook Incident Response Edition".

Full Show Notes: https://wiki.securityweekly.com/Episode586

Follow us on Twitter: https://www.twitter.com/securityweekly

This segment is sponsored by Acalvio. Check out their deception technologies by visiting https://securityweekly.com/acalvio. And remember, all [cyber] war is based on deception!

Our guest is John Bradshaw, the Sr. Director of Solutions Engineering at Acalvio Technologies. John has more than 25 years of experience in the Cyber Security industry focusing on advanced, targeted threats. John joins Paul Asadoorian and John Strand to discuss the five tenets of enterprise deception, levels of interactivity for deception targets, and many more interest facets of deception technologies as they are applied to an enterprise security program!

To learn more about Acalvio, go to: https://securityweekly.com/acalvio
Full Show Notes: https://wiki.securityweekly.com/ES_Episode119

Visit http://securityweekly.com/esw for all the latest episodes!

Kubernetes instances are being hijacked worldwide, malicious sites abuse 11-year old Firefox bug that Mozilla failed to fix, Google is on a Witch Hunt for Internal Leakers, a botnet of over 20,000 WordPress sites is attacking other WordPress sites, the rise of visual studio code, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode43 Follow us on Twitter: https://www.twitter.com/securityweekly

Chris Elgee is a full time husband, father of four, and technical engineer at Counter Hack Challenges. Chris joins Keith and Paul this week to talk about the Counter Hack Challenge, how it's been working on the challenge vs. playing it, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode43 Follow us on Twitter: https://www.twitter.com/securityweekly

How to collaborate with people you don't like, the right way to solve complex business problems, what the habits are of successful people, three things to know before you land a tech job, a CISO's wishlist, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode110

Brian Carey is a Senior Security Consultant at Rapid7, specializing in: Security Program Assessments, Security Program Development, Vulnerability Management Program Development, Security Awareness and Policy Development. In this interview, we discuss emerging trends that he is seeing with his clients, and how they impact their clients' security programs, including maturity, roadmap, and recommendations!

To learn more about Rapid7, go to: www.rapid7.com/securityweekly Full Show Notes: https://wiki.securityweekly.com/BSWEpisode110

This week, how Docker containers can be exploited to mine for cryptocurrency, WordPress sites attacking other WordPress sites, why the Marriott Breach is a valuable IT lesson, malicious Chrome extensions, why hospitals are the next frontier of cybersecurity, and how someone is claiming to sell a Mass Printer Hijacking service!

Full Show Notes: https://wiki.securityweekly.com/Episode585

Follow us on Twitter: https://www.twitter.com/securityweekly

Marcello Salvati is a security consultant at BHIS, and is giving a technical segment on SilentTrinity. Marcello will solve the red team tradecraft problem of gaining dynamic access to the .net api without going through powershell.

To learn more about Black Hills Information Security, go to: https://www.blackhillsinfosec.com/PSW

Full Show Notes: https://wiki.securityweekly.com/Episode585

Follow us on Twitter: https://www.twitter.com/securityweekly