In the Security News for this week: Lessons from Star Wars on threats, more than just your thermal exhaust port, Pegasus spotted again, Python replaces JavaScript?, Read-Only containers, no problem for malware, breaking out of captive portals, its always DNS, except when its not DNS, but this time its DNS and uClibc, you are ordered to block these sites, ransomeware still hurts, DoD contractors remain vulnerable, hiding in network appliances, QUIETEXIT, & more! 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw739

Due to the high influx of security incidents and limited resources available, conducting incident response is an enormous task for all organizations, large or small. This necessitates the use of security automation, in which we would require a single centralized platform that connects to all other security technologies in order to effectively address incidents in a short period of time. SOAR (Security Orchestration, Automation, and Response) functions similarly to an orchestrator, but instead of controlling and conducting multiple individuals playing various instruments, SOAR manipulates a variety of tools to produce a more streamlined and fluent incident response process.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw272

Especially ICS represents a significant exposure to property and business operations. A scientific research-based approach to loss prevention for traditional property perils can be applied to help protect companies from cyber risk to keep their businesses more resilient. 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw739

In the Leadership and Communications section for this week: SolarWinds breach lawsuits: 6 takeaways for CISOs, Navy Seals’ 5 Leadership Principles That Will Transform Entrepreneurs Into Influential Leaders, More Powerful People Express Less Gratitude, & more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw261

Organizations spend a lot of money on security tools, but how do I know those investments are working? Dave Klein, Cybersecurity Evangelist at Cymulate joins Business Security Weekly to discuss the value of "Extended Security Posture Management". By continuously testing your security solutions with real-time, offensive simulations, organizations can validate their security investments and answer simple questions like "Are we vulnerable?".

This segment is sponsored by Cymulate. Visit https://securityweekly.com/cymulate to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw261

This week in the AppSec News: ExtraReplica in Azure, Chrome disfavors document.domain, appsec presentations highlighted in the latest Thinkst Quarterly, Nimbuspwn Vuln in Linux, & more!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw195

Bad bots accounted for a record-setting 27.7% of all global website traffic in 2021. These automated threats create downtime, degrade service, and increase infrastructure costs. Lynn Marks from Imperva joins us as we talk about the complex and evolving risks bots create for businesses and how the online fraud prevention solution from Imperva protects against these threats.

This segment is sponsored by Imperva. Visit https://securityweekly.com/imperva to learn more about them!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw195

This week in the Enterprise News: Basis Theory raises $17 million funding round, Crunchbase Funding Round Profile, Devo Acquires AI-Powered Security Automation Innovator to Deliver the “Autonomous SOC”, Hivemapper Dashcam, Authtech, Twitter accepts Elon Musk’s $44 billion offer, Austin Peay State University on Twitter, Basis Theory raises $17 million funding round, & more!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw271

This week in the Security News: Java’s “psychic paper”, Musk’s plans for Twitter’s algorithm, Bossware, What Google is getting wrong about expired domains, & NFT Tweet Auctions, Silk Road Seizures, 0-Days, & more!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw738

Digital identity is key to modern security architectures; enables privacy-preserving, trusted services; and drives customer-oriented experiences. Key trends like passwordless, verified credentials, and personal identity will have a profound effect on enterprise security. Discover how you can make the most of these evolutions, and learn how you can support the industry and its professionals.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw271

Marcus Sachs, the Deputy Director for Research at the McCrary Institute for Cyber and Critical Infrastructure Security, joins to discuss his cryptography collection, service for the US Army & Government, Antique Typewriters, & more!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw738

Cloud security is confusing enough these days, but a complex product landscape doesn’t make it any easier. In this segment we’ll talk about what’s driving this, how to make sense of it, and where to find things that actually help.

To register for our upcoming webcast with Rich Mogull on Deploying Cloud Applications Securely, visit https://attendee.gotowebinar.com/register/3131398543024475915?source=esw

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw271

The need to communicate, collaborate and do business on a global level has created a proliferation of cloud based applications and services. Email. Cloud Storage. Messaging platforms. CRM. Digital Apps and Services. Organizations continue to add new cloud channels to support their business needs. But with new channels come new security blind spots that must be addressed. In this session we'll discuss:

Cyber attack trends in the collaboration channel ecosystem

The (yet) unsolved challenges of email security – the main channel of targeted attacks

The rising threat of cloud collaboration and the growing risk of content-borne attacks ...And we will walk though three use cases, their challenges and their deployments.

Segment Resources:

Request a demo and get a FREE coffee on us: https://hubs.la/Q0156lpK0

This segment is sponsored by Perception Point. Visit https://securityweekly.com/perceptionpoint to learn more about them!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw738

How should we empower developers to embrace the NIST software development practices? Because from here on out, developers need to view themselves as the front lines of defense for the end-consumer. A more secure-aware developer leads to a more-protected consumer. Dr. Wang will offer her perspectives on the above question as well as address: - How companies can set their developers up for security success - The importance of implementing micro-learnings - What should CISOs’ expectations be of developers and developers’ expectations of CISOs after Feb. 6 and beyond? - How corporate boards should be aware of implications of developer’s pervasive development and software security and how they should work together

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw194

In the Leadership and Communications section: What cybersecurity metrics should I report to my board?, Cybersecurity litigation risks: 4 top concerns for CISOs, The SEC Is About To Force CISOs Into America’s Boardrooms, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw260

Security leaders are using their hard-won influence with senior leadership to take on challenges related to emerging threats and unrelenting attackers. Yet plenty of old problems remain and are piling up. In this session, Senior Analyst Jess Burn will go highlight Forrester's eight security program recommendations for 2022 that will help security leaders take full advantage of their political capital — and budget — to resolve perennial problems and tackle emerging issues.

Segment Resources:

Blog post: https://www.forrester.com/blogs/our-2022-top-recommendations-for-your-security-program-cisos-get-an-offer-they-cant-refuse/?ref_search=604835_1649953578273

Full report: https://www.forrester.com/report/top-recommendations-for-your-security-program-2022/RES177270?ref_search=604835_1649953578273

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw260

Java's ECDSA implementation is all for nought, writing a modern Linux kernel RCE, lessons learned from the Okta breach, lessons repeated from a log4shell hot patch, a strategy for bug bounties, Microsoft finally disables SMB1

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw194

This week in the Enterprise Security News: Fortress InfoSec raises $125M to help critical infrastructure improve security, ThreatLocker raises $100M, thanks in part to Kaseya’s breach, Obsidian raises $90M to secure SaaS use, DoControl raises $30M to possibly compete with Obsidian, Blueshift raises a seed round to bring SOC and XDR to SMBs, Strike Security raises a seed round to take a different approach to pen testing, Thoma Bravo is still working on an Imprivata exit, The biggest startup failures of all time - how many security vendors are on the list? Is the SEC forcing CISOs into the boardroom, Better, but harder to collect, security metrics, & more!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw270

Logitech’s Lift is a vertical mouse that’s easier to grasp, CISA warns of attackers now exploiting Windows Print Spooler bug, Google tracked 58,exploited zero-day security holes in 2021, For Russian tech firms, QNAP urges customers to disable UPnP port forwarding on routers Putin’s crackdown ended their global ambitions, & Hackers can infect >100 Lenovo models with unremovable malware. Are you patched?

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw737

This is a recurring segment, in which we bring on a VC to provide an investor’s point-of-view on all this activity. It’s hard to imagine a better investor to join us than Will Lin, co-founder of Forgepoint, one of the few VC firms that exclusively invests in cybersecurity startups! We're very excited to have Will back on and are looking forward to discussing:

- Huge valuations and potential pricing/market resets and corrections

- Interesting new security categories: DSPM, SaaS Security, Enterprise Browsers

- Why security startups seem to be more resilient than in other markets (for reference: https://www.cbinsights.com/research/biggest-startup-failures/)

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw270

Considering that history has always had foreign legions, from Lord Byron fighting in Greece (well fighting might be a bit much), to For Whom the Bell Tolls, to the Flying Tigers, to the Layfayette Escadrille, foreign fighters have often entered war zones for a wide variety of reasons. Today, well, you can join up to a virtual cause and fight for whatever cause you are seeking and fight from the comfort of your own gaming chair. No selling your estates and dashing off to attack Lepanto, although you can do that too if you like. In this segment, we discuss, the computer fraud and abuse act, what it means to be a member of the foreign legion, and revisit the whole idea of hacking back as a security technique! 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw737

Learn all about the technical ins and outs of HP SureClick Enterprise with HP expert Dan Allen and discover how SureClick Enterprise can help improve security efforts in your organization.

This segment is sponsored by HP Wolf Security. Visit https://securityweekly.com/hpwolf to learn more about them!

Segment Resources:

https://threatresearch.ext.hp.com/zero-trust-in-reverse-why-the-current-definition-of-zero-trust-is-only-half-full/

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw270

John Alfred is a retired Police Officer that directed a Computer Crimes unit for years. This segment will discuss how that unit got developed, what kinds of skills might be useful to develop in your own units, and what sorts of mistakes are often made trying to operate computer crimes units! 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw737

In the leadership and communications section, 10 Signs of a Good Security Leader, Toxic Leadership: The Four Horsemen of the Apocalypse, Know Them, 3 Ways to Take Control of Your Cyber Security Career in 2022, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw259

With an ever expanding perimeter, how do organizations address the challenges of hybrid cloud? New threats, increased complexity, and continued fragmentation of security responsibilities makes it harder than ever. Tim Woods, VP Technology Alliances at Firemon, joins BSW to discuss how centralized policy management can provide the visibility, enforcement, and compliance of policies across hybrid cloud environments.

This segment is sponsored by FireMon. Visit https://securityweekly.com/firemon to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw259