Paul and April Wright discuss a jQuery Plugin that has been exploited for years is finally getting patched, a flaw in LibSSH leaves thousands of servers at risk, and a remote code implantation flaw found in Medtronic Cardiac Programmers.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode36 Follow us on Twitter: https://www.twitter.com/securityweekly

Mike McKee, CEO of ObserveIT, joins us to talk about the importance of focussing on people, and you do that to experience growth.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode103

To Learn More About ObserveIT, Go To: www.observeit.com/securityweekly

How to use the Shodan search engine to secure an enterprise's internet presence, Apache access vulnerability could affect thousands of applications, vulnerable controllers could allow attackers to manipulate marine diesel engines, & ICS Security Plagued with Basic, and avoidable mistakes!

Full Show Notes: https://wiki.securityweekly.com/Episode579

Follow us on Twitter: https://www.twitter.com/securityweekly

John Walsh the DevOps Evangelist for CyberArk joins us on the show. John talks about the articles he wrote for CyberArk about Kubernetes, DevSecOps, and how to strengthen your container authentication with CyberArk.

Sponsor Landing Page: https://www.conjur.org/asw

Full Show Notes: https://wiki.securityweekly.com/Episode579

Follow us on Twitter: https://www.twitter.com/securityweekly

Mark Dufresne explains why MITRE created their tool and what the MITRE attack framework is.

Full Show Notes: https://wiki.securityweekly.com/Episode579

Follow us on Twitter: https://www.twitter.com/securityweekly

In the Enterprise Security News, Avast launches AI-based software for phishing attacks, Carbon Black and Secureworks apply Red Cloak Analytics to Carbon Blacks Cloud, ShieldX integrates intention engine into Elastic Security Platform, and we have updates from Imperva, WhiteSource, BlackBerry, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode111

Visit https://www.securityweekly.com/esw for all the latest episodes! 

In a special segment for this week, John Strand and Paul discuss some companies that Paul had a chance to sit down for briefings with! They discuss GuardiCore and their Application Segmentation, Cyxtera and their Network Security and Software Defined Perimeters, PreVeil’s Encrypted Email and File Sharing, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode111

Visit https://www.securityweekly.com/esw for all the latest episodes! 

Garrett Gross received his first modem at age six and has been plugged in ever since. Today, Garrett is a Senior Solutions Engineer with a specialization in application security at Rapid7. He serves as an escalation layer to the applied engineering department, provides technical enablement, and facilitates cross-departmental functionality. Garrett joins Keith and Paul this week for an interview!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode35

Visit https://www.securityweekly.com/asw for all the latest episodes!

www.rapid7.com/securityweekly

Follow us on Twitter: https://www.twitter.com/securityweekly

In the Application Security News, Git Project patches Remote Code Execution Vulnerability, Google is Shutting Down Google+ after 500k accounts potentially affected by a data breach, Facebook wants people to Invite its cameras into their homes, GitHub introduces user blocking notifications, DevOps producing more insecure apps than ever, Climate Change being taught on Fortnite Twitch stream, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode35

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

This week, Michael and Paul talk about the Article Discussion on Leadership, Communication, and Innovation! They discuss how to automate habits and never think about them again, why it’s important to explain to employees that organizational changes are coming, how journaling can boost your leadership skills, why you need to tell them why, and more on this episode of Business Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode102

New Apple and Microsoft security flaws at Black Hat Europe, CCTV makers leaves at least 9 million cameras public, upset Google+ users are sueing Google, US weapons systems apparently can be easily hacked, not all multifactor authentication is created equal, and Kanye's '000000' password makes iPhone security great again!

Full Show Notes: https://wiki.securityweekly.com/Episode578

Follow us on Twitter: https://www.twitter.com/securityweekly

Lee Neely is a senior IT and security professional at LLNL with over 25 years of extensive experience with a wide variety of technology and applications from point implementations to enterprise solutions.

Full Show Notes: https://wiki.securityweekly.com/Episode578

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Omer is End-Point team lead at Javelin Networks. The team focuses on methods to covertly manipulate OS internals. Before Javelin Networks, he was a malware researcher at IBM Trusteer for two years focusing on financial malware families and lectured about his research on Virus Bulletin and Zero Nights conferences.

Full Show Notes: https://wiki.securityweekly.com/Episode578

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Doug White interviews Mark Russinovich at Microsoft Ignite. Doug and Mark talk about Azure Confidential Computing, Mark's book Zero Day, and Azure security.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode110

Visit http://securityweekly.com/esw for all the latest episodes!

Splunk unveils first IoT platform for customers, Palo Alto Networks acquires RedLock to build out Cloud Security Tech, KnowBe4 boosts security awareness training with Virtual Risk Officer, Symantec brings workload assurance security to the Cloud, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode110

Visit http://securityweekly.com/esw for all the latest episodes!

Mimecast offers free training kit as part of Cybersecurity Awareness Month, Microsoft will finally kill off the old Skype client (for real this time), Security startup Tanium raises another $200 million at a $6.5 billion valuation, LogRhythm receives patent for data monitoring tech, Tufin launches first of its kind program for MSSPs, three reasons why BlackBerry stock is potentially about to soar, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode109

Visit http://securityweekly.com/esw for all the latest episodes!

Mike Gordover is a Pre-Sales manager and solutions architect at ObserveIT. He has been at ObserveIT consulting on insider threat management for 5 years, working hands on with over 300 deployments, and working with researchers and analysts on strategies to mitigate internal risk. Paul and John talk with Michael about the current perception in the market of DLP, how ObserveIT’s solutions differ from traditional DLP, what challenges he faces when combating insider threats, and much more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode109 ObserveIT Landing Page: www.observeit.com/securityweekly

Visit http://securityweekly.com/esw for all the latest episodes!

Facebook discloses the loss of at least 50M Access Tokens also covered by Motherboard Formjacking is on the rise, Google admits to allowing hundreds of companies read your email, FireFox Monitor will alert you when your accounts have been Pwned, Microsoft releases MS-DOS v1.25 and v2.0 as Open Source, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode34 Follow us on Twitter: https://www.twitter.com/securityweekly

Michael, Paul, and Jason discuss how to develop empathy for someone who annoys you, separating the quality of the outcome and quality of the decision, and much more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode101

Attend local meetups and conferences, practice your coding skills, get educated by World Class security researchers, do your homework, there's no substitute for Practice, OWASP Juice Shop, and much more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode34 Follow us on Twitter: https://www.twitter.com/securityweekly

Michael and Paul ask Jason how to become a better business. Jason explains how to run your security team as in a 'fish bowl', and how to apply this technique to your clients and their business.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode101

Michael and Paul discuss the tools that have helped them in their business. They talk about the books they've read, the interviews that helped them the most, and the journey from Startup Security Weekly to Business Security Weekly!

In the security news, Russian Hackers use Malware that can survive OS reinstalls, Facebook’s 2-Factor authentication With a phone number isn’t only for security, it’s used for ads ,FBI warns companies about hackers increasingly abusing RDP connections, NSA employee who brought hacking tools home sentenced to 66 months in prison, new Linux Kernel Bug affects Red Hat, CentOS, and Debian Distributions, and Baddies just need one email account with clout to unleash phishing hell, and more!

Full Show Notes: https://wiki.securityweekly.com/Episode577

Visit https://www.securityweekly.com/psw for all the latest episodes! 

Carlos Perez delivers the Technical Segment on How to Operate Offensively Against Sysmon. He talks about how SysMon allows him to create rules, and track specific types of tradecraft, around process creation and process termination. He dives into network connection, driver loading, image loading, creation of remote threats, and more!

Full Show Notes: https://wiki.securityweekly.com/Episode577

Visit https://www.securityweekly.com/psw for all the latest episodes! 

Mike Nichols is the VP of Product Management at Endgame, and he manages the Endgame endpoint protection platform. Keith McCammon is the Chief Security Officer and Co-Founder of Red Canary, and he runs Red Canary’s Security Operation Center. Shawn Smith is the IT Security Manager at Panhandle Educators Federal Credit Union. They discuss the problems Shawn had that led him to choose Red Canary and Endgame as his solution, skill shortages in vendors, what he did to convince his management to approve of this solution, and what his process for testing the effectiveness of these solutions was.

Full Show Notes: https://wiki.securityweekly.com/Episode577

Visit https://www.securityweekly.com/psw for all the latest episodes!