Info

Paul's Security Weekly TV

Security news, interviews, how-to technical segments. For security professionals by security professionals. We Hack Naked.
RSS Feed Subscribe in Apple Podcasts
Paul's Security Weekly TV
2020
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


2013
December
November
October
September
August
July
June


Categories

All Episodes
Archives
Categories
Now displaying: 2020
May 24, 2020

In the Security News, Hackers target the air-gapped networks of the Taiwanese and Philippine military, Stored XSS in WP Product Review Lite plugin allows for automated takeovers, Remote Code Execution Vulnerability Patched in VMware Cloud Director, Shodan scan of new preauth RCE shows 450k devices at risk including all QNAP devices, and The 3 Top Cybersecurity Myths & What You Should Know!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode652

May 23, 2020

HTTP security headers are an easy and effective way to harden your application against all kinds of client side attacks. We'll discuss which security headers there are, what functions they have and how to use them properly.

 

To learn more about Netsparker, visit: https://securityweekly.com/netsparker

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode652

May 23, 2020

The guests on Trust Me I'm Certified have dropped some real knowledge and I'd like to distill that down as well as talk about building technical skills, looking at your career as a 'thing' that needs care and feeding, and the BSidesNH conference.

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode652

May 22, 2020

In this segment we'll discuss why email security is still not a solved problem and how now that people are increasingly working from home, it poses an increased risk. We'll also share some interesting attacks that we've uncovered in the past several weeks since the beginning of shelter-in-place.

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode184

May 22, 2020

Whether it's an external red team, internal red team, vulnerability scanning data, or a self-assessment questionnaire, results from all of these different types of assessments must be tracked and managed. Dan from Plextrac will walk you through how to track and manage all of these activities in one place!

 

To learn more about PlexTrac or to claim your Free Month, visit: https://securityweekly.com/plextrac

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode184

May 21, 2020

RSA Conference 2021 Changes Date from February to May 2021, Docker partners with Snyk on container image vulnerability scanning, Venafi acquires Jetstack to bring together developer speed and enterprise security, Onapsis expands assessments for its Business Risk Illustration service, Volterra launches VoltShare to simplify the process of securely encrypting confidential data end-to-end, and more!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode184

May 21, 2020

Meet Ann Cleaveland, the Executive Director of the Center for Long-Term Cybersecurity, a research and collaboration think tank housed within the University of California, Berkeley School of Information. Anne will tell us about the work that the CLTC is doing, why "Long-Term" is in the name, and introduce us to their recent joint study with Booz Allen that researched "Considerations for Effective Oversight of Cyber Risk" based on interviews of a cross-section of board level positions.

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode29

May 20, 2020

Meet Ann Cleaveland, the Executive Director of the Center for Long-Term Cybersecurity, a research and collaboration think tank housed within the University of California, Berkeley School of Information. Anne will tell us about the work that the CLTC is doing, why "Long-Term" is in the name, and introduce us to their recent joint study with Booz Allen that researched "Considerations for Effective Oversight of Cyber Risk" based on interviews of a cross-section of board level positions.

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode29

May 20, 2020

In the leadership and communications section, Burnt out CISOs are a huge cyber risk, to build strategy, start with the future, 78% of Organizations Use More than 50 Cybersecurity Products to Address Security Issues, and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode174

May 19, 2020

As many organizations look to their "new normal," remote work will likely be a large piece of that strategy. Adler will dive into the impact this has on the SOC and why EDR should be top-of-mind.

 

To learn more about RSA Security, visit: https://securityweekly.com/RSAsecurity

To check out the RSA NetWitness Platform (SIEM and integrated EDR), visit: https://www.rsa.com/en-us/products/threat-detection-response

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode174

May 19, 2020

The 2020 OSSRA report shows that 91% of commercial applications contain outdated or abandoned open source components. The report, produced by the Synopsys Cybersecurity Research Center (CyRC), examines the results of more than 1,250 audits of commercial codebases, performed by the Black Duck Audit Services team. The most concerning trend in this year’s analysis is the mounting security risk posed by unmanaged open source, with 75% of audited codebases containing open source components with known security vulnerabilities, up from 60% the previous year. Similarly, nearly half (49%) of the codebases contained high-risk vulnerabilities, compared to 40% just 12 months prior.

 

To learn more about Synopsys, visit: https://securityweekly.com/synopsys

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode108

May 18, 2020

Rate limiting can be used to protect against a number of modern web application and API attacks. We’ll discuss some of those attacks, including Object ID enumeration, in detail, will demo an attack and will show how using rate limiting in our solution can protect against these attacks.

 

To learn more about Signal Sciences, visit: https://securityweekly.com/signalsciences

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode108

May 17, 2020

In the Security News, Palo Alto Networks Patches Many Vulnerabilities in PAN-OS, Zerodium will no longer acquire certain types of iOS exploits due to surplus, New Ramsay Malware Can Steal Sensitive Documents from Air-Gapped Networks, vBulletin fixes critical vulnerability so patch immediately!, U.S. Cyber Command Shares More North Korean Malware Variants, and The Top 10 Most-Targeted Security Vulnerabilities!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode651

May 16, 2020

We use terms such as Social Distancing, Quarantine, and Contact Tracing on a regular basis amid the current crisis. How do these apply to Information and Network Security?

 

To learn more about Edgewise Networks or to request a Demo, visit: https://securityweekly.com/edgewise

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode651

May 16, 2020

In this episode of Paul's Security Weekly, we will dive into the recently published MITRE ATT&CK second-round evaluation based on APT29. While MITRE does not declare a "winner," stressing that the results enable users to make informed decisions on what tools meet their needs, It's notable how many vendors claimed victory shortly after the results were published. We will discuss how organizations can interpret the results relative to their own security strategy using the free and open ATT&CK visualization dashboard developed by Elastic. And, since the ATT&CK framework is built to help defenders find the gaps in their security visibility, we will also cover the importance of looking at data beyond the endpoint to develop a comprehensive, extended detection and response position.

 

To learn more about Elastic Security, visit: https://securityweekly.com/elastic

To view the Elastic Dashboard of MITRE ATT&CK® Round 2 Evaluation Results, visit: https://ela.st/mitre-eval-rd2

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode651

May 15, 2020

Many companies hire external consultants to conduct incident response and remediation, which can add up quickly in cost. By providing these security consultants with network data in seconds as opposed to hours or days, we can drastically reduce remediation costs and speed breach containment.

 

To learn more about VIAVI Solutions, visit: https://securitweekly.com/viavi

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode183

May 15, 2020

Discuss approach to vulnerability management at Toyota Financials and benefits of a full life-cycle approach to vulnerability management.

 

To learn more about Qualys VMDR, visit: https://securityweekly.com/qualys

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode183

May 14, 2020

In the Enterprise Security News, how GitHub Code Scanning aims to prevent vulnerabilities in open source software, SlashNext Integrates with Palo Alto Networks Cortex XSOAR to Deliver Automated Phishing IR and Threat Hunting, Portshift Announces Extended Kubernetes Cluster Protection, Vigilant Ops InSight Platform V1 automatically generates device software bill of materials, and more!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode183

May 14, 2020

Security vs. Compliance: Where are the overlaps? Where are the differences?

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode28

May 13, 2020

Security vs. Compliance: Where are the overlaps? Where are the differences?

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode28

May 13, 2020

In the leadership and communications section, Top 5 Tactical Steps for a New CISO, Good Leadership Is About Communicating “Why”, 5, ok maybe only 4, CISO Priorities During the COVID-19 Response, and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode173

May 12, 2020

The coronavirus has focused the world’s attention on disease spread like never before. This discussion will draw out some of the parallels that can inform how we do our work in cybersecurity, and that are helpful in communicating with the people who pay the bills. All the new vocabulary around “social distancing”, “contact tracing”, and “flattening the curve” is useful for our discussions in cybersecurity.

 

To learn more about RedSeal, visit: https://securityweekly.com/redseal

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode173

May 12, 2020

In the Application Security News, Cloud servers hacked via critical SaltStack vulnerabilities, Samsung Confirms Critical Security Issue For Millions: Every Galaxy After 2014 Affected, Mitigating vulnerabilities in endpoint network stacks, Microsoft Shells Out $100K for IoT Security, and Secure your team’s code with code scanning and secret scanning!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode107

May 11, 2020

DevOps and Agile IT practices have been around for a while. However, security teams are just now catching up. We will discuss how security teams can stop being “showstoppers” for the developers and actually work with them, not against them. Focus will be around empowering the developers with open source secrets management, securing endpoints and cloud native apps, and embedding security in the development process as early as possible.

 

To learn more about CyberArk, visit: https://securityweekly.com/cyberark

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode107

May 11, 2020

In the Security News, Naikon APT Hid Five-Year Espionage Attack Under Radar, PoC Exploit Released for DoS Vulnerability in OpenSSL, 900,000 WordPress sites attacked via XSS vulnerabilities, Kaiji, a New Linux Malware Targets IoT Devices in the Wild, Another Stuxnet-Style Vulnerability Found in Schneider Electric Software, and remembering the ILOVEYOU virus!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode650

1 2 3 4 5 6 7 Next » 9