This week, SIGRed – Resolving Your Way into Domain Admin: Exploiting a 17 Year-old Bug in Windows DNS Servers, Introducing Google Cloud Confidential Computing with Confidential VMs, Internet of Things devices: Stick to these security rules or you could face a ban, Google Cloud Unveils 'Confidential VMs' to Protect Data in Use, and more!

Show Notes: https://wiki.securityweekly.com/asw115

Visit https://www.securityweekly.com/asw for all the latest episodes! 

Digital transformation is taking the IT industry by storm. As the pace of adoption of public cloud increases, security posture management and governance is usually not top of the mind of cloud engineering teams. Cost of leaving the misconfiguration undetected and not rectified sure adds up and what to say about compromise to reputation. Biarca Patrol grew organically in close collaboration with our customers to address this gap. Biarca Patrol is now being offered widely.

Show Notes: https://wiki.securityweekly.com/asw115

Visit https://www.securityweekly.com/asw for all the latest episodes! 

Microsoft fixes critical wormable RCE SigRed in Windows DNS servers, Zoom Addresses Vanity URL Zero-Day, Docker attackers devise clever technique to avoid detection,a massive DDoS Attack Launched Against Cloudflare in Late June, Critical Vulnerabilities Can Be Exploited to Hack Cisco Small Business Routers, and what you need to know about the Twitter Mega Hack!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw658

The guys welcome our newest host to the family. John Snyder will replace Matt Alderman on Security and Compliance Weekly. Tune in to hear about how John made the jump from being a trial lawyer in New York to founding AGNES Intelligence, a forensic AI firm that has perfected the application of unsupervised machine learning!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw658

With advent of Internet of Things (IoT) and emerging cloud technologies, ensuring continued cybersecurity at scale is a challenging task. An ever growing increase in demand of cybersecurity workforce makes the problem even more challenging. In this talk we will explore how autonomous solutions based on Artificial Intelligence (AI) and Machine Learning (ML) can help in bridging the gap, by automating current cybersecurity tools and techniques. We will also discuss if current AI solutions can be practical at scale or simply marketing/media hype.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw658

We continue the discussion with Brian Tremblay, a former auditor who "got religion" when he began to understand the complexities of security and how compliance could help or hinder security program efforts in organizations. We'll also talk about what Brian is doing at Onapsis, and how Onapsis is trying to help solve the problem.

To learn more about Onapsis, visit: https://securityweekly.com/onapsis

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode35

Auditor turned security professional joins Security & Compliance Weekly to talk about how security misconfigurations and vulnerabilities can lead to compliance problems and the need for organizations to adopt a process of continuous compliance. Learn the best practices leaders can use to identify, monitor, and mitigate compliance risks related to their most critical business applications.

To learn more about Onapsis, visit: https://securityweekly.com/onapsis

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode35

In the Leadership and Communications section, I'm a CISO, what's next?, The Upside of Virtual Board Meetings, The new cybersecurity priorities of 2020, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode180

This week, it's our quarterly Security Money update of the Security Weekly 25 Index and the Nasdaq. At the close on July 10th, 2020: - SW25 Index is 1,437.23, which is an increase of 43.72% - NASDAQ Index is 10,617.44, which is an increase of 60.01% Both indexes closed at an all time high on July 10th, 2020

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode180

Microsoft OneDrive client for Windows Qt QML module hijack, Zero-day flaw found in Zoom for Windows 7, Protecting your remote workforce from application-based attacks like consent phishing, Verizon Media, PayPal, Twitter Top Bug-Bounty Rankings, Mozilla suspends Firefox Send service while it addresses malware abuse, and Stop Talking About ‘Technical Debt’!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode114

DevSecOps helps build secure applications and part of that approach means security testing. It takes more than knowing the OWASP Top 10 to make bug bounties successful. From techniques for finding flaws to writing clear reports, we'll take a look at modern appsec testing.

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode114

Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment, Cisco Talos discloses technical details of Chrome and Firefox flaws, Palo Alto Networks Patches Command Injection Vulnerabilities in PAN-OS, Zoom zero-day flaw allows code execution on victim's Windows machine, and how the Trump administration is looking into ban on TikTok and other Chinese apps!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode657

Arrested at 17 while hacking with a Commodore 64, Terry went on to work for the US National Security Agency help track terrorists. He left the NSA in 2007 to bootstrap Tactical Network Solutions, an offensive-focused cyber company catering to the world's friendly foreign governments and militaries. In 2017, he spun out ReFirm Labs as an investor-backed company to help fight IoT insecurity. In his spare time, he runs mini-real estate portfolio of rental properties.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode657

In this technical demo, Joff will show how you can bring up an IPv6 tunnel to learn and play with IPv6 connectivity and basic concepts. This tech segment will largely be a demo on a Debian based Linux system to show you how you might get started with IPv6.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode657

Robb Reck, CISO at Ping Identity, joins ESW to discuss the current focus for some companies including , passwordless authentication, focus on customer identity, and zero trust acceleration during COVID.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode190

Having helped organizations identify, assess, remediate and recover from a significant ransomware attack, Scott describes the step by step process of events organizations will experience living through a ransomware attack and share some lessons learned for both dealing with an attack and for mitigating an organization's susceptibility to an attack.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode190

Why You Need Recorded Futures Ultimate Security Intelligence Kit, Securing the Multi-Cloud Environment through CSPM and SSPM, CyberKnight joins forces with Armis to bring agentless EDR to OT, IoT and ICS environments, Attivo Networks' enhanced EDN solution prevents attackers from seeing or exploiting production data, Check Point Infinity SOC is launched, and more!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode190

@mzbat is a frequent speaker at hacker conferences, and likes to help folks prepare for job searches by performing mock interviews and resume reviews.

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode34

Director of Security Engineering at Truss.

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode34

In the Leadership and Communications section, Profile of the Post-Pandemic CISO, Time to rethink business continuity and cyber security, Protecting Remote Workers’ Productivity and Performance, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode179

It's time to come out and say it: "response" means something different to every category in cybersecurity. Yet, it's broadly used with little industry definition. In endpoint detection and response (EDR) systems, "response" refers to a prescriptive set of actions that can be taken with little to no human intervention. For example, if suspicious activity occurs on a device, that device can be automatically quarantined by the EDR tool. In network detection and response, "response" is more broad. The network is too vast and interconnected for blunt responses and therefore requires more surgical precision and investigation.

To request a demo with ExtraHop, visit: https://securityweekly.com/extrahop

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode179

Would you like some RCE with your Guacamole?, Attackers Will Target Critical PAN-OS Flaw, Security Experts Warn, Microsoft releases emergency security update to fix two bugs in Windows codecs, The Current State of Kubernetes Threat Modelling, and How To Build a Culture of Resilience Through Good Habits!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode113

What do you do if your ambition is to provide security for all the mobile apps in the world? You hire a data scientist! Machine Learning is more than just a buzz word, it is the science behind making decisions quickly and at scale. Catherine Chambers returns to Application Security Weekly with Irdeto's lead data scientist Will Hickie to describe how they turned Mobile Application Security into a data science problem, and what that means for your mobile app.

To download the white paper, visit: https://securityweekly.com/irdeto

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode113

Cisco Releases Security Advisory for Telnet Vulnerability in IOS XE Software, Firefox 78 is out with a mysteriously empty list of security fixes, Python Arbitrary File Write Prevention: The Tarbomb, New Lucifer DDoS Botnet Targets Windows Systems with Multiple Exploits, Critical Apache Guacamole Flaws Put Remote Desktops at Risk of Hacking, and how The Internet is too unsafe, and why We need more hackers!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode656

With bug bounties becoming more and more main stream for organizations. The bounty hunters are turning to more and more automation. Open source intelligence gathering can be automated with the use of python and a handful of other opensource tools such as Recon-NG, Amass, and others.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode656