Info

Security Weekly Podcast Network (Video)

This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
RSS Feed Subscribe in Apple Podcasts
Security Weekly Podcast Network (Video)
2024
March
February
January


2023
December
November
October
September
August
July
June
May
April
March
February
January


2022
December
November
October
September
August
July
June
May
April
March
February
January


2021
December
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


2013
December
November
October
September
August
July
June


Categories

All Episodes
Archives
Categories
Now displaying: August, 2020
Aug 16, 2020

It s not uncommon to find the traditional vulnerability assessment report buried under the CISO family picture, compliance books, and his latest blood pressure test. These reports highlight the never-ending battle between security and IT about what s more important: risks to servers and endpoints, or keeping the environment up-to-date and secured. There are even problems within the ranks of each unit. Dysfunctional processes, lack of efficient communication, and rudimentary tools put even more pressure on the CIO and CISO.

 

This segment is sponsored by Vicarius. Visit https://securityweekly.com/vicarius to learn more about them!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw662

Aug 15, 2020

This week, Amazon Alexa One-Click Attack Can Divulge Personal Data, Adobe tackles critical code execution vulnerabilities in Acrobat, Reader, Threat actors managed to control 23% of Tor Exit nodes, SANS Security Training Firm Hit with Data Breach, Unskilled hackers can breach about 3 out of 4 companies, TeamViewer flaw can allow hackers to steal System password, and more!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw662

Aug 15, 2020

Elastic believes that transparency and collaboration must be the new norm for the greater infosec community to succeed in stopping threats at scale. With many individuals now working from home, new endpoints need to be secured and IT teams are rushing years of planning into a few months to onboard distributed employees and resources – all while managing a global shift that is bringing new adversary behaviors targeting the new remote workforce. Organizations need to react fast, implement new controls, and do it all while managing existing budgets and staff. Making Elastic endpoint security completely free and open helps level the playing field for organizations that are struggling with the typically high cost and complexity of adopting effective endpoint security.

 

This segment is sponsored by Elastic. Visit https://securityweekly.com/elastic to learn more about them!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw662

Aug 14, 2020

Security professionals need to be thinking of the next evolution of the approach from working from home, specifically focusing on the security of the home network for both employees and third party contractors. Stephen Boyer, Co-Founder and CTO, discusses how to rate the risk of these new attack vectors using data BitSight already has... This interview is sponsored by BitSight. To learn more about them, visit: https://securityweekly.com/bitsight

ThreatLocker CEO, Danny Jenkins explains why his new approach of blocking everything that is not trusted and only allowing those applications that are approved, is a cleaner and more comprehensive approach to ensuring malware does not end up on your networks. This interview is sponsored by ThreatLocker. To learn more about them, visit: https://www.securityweekly.com/threatlocker

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw194

Aug 14, 2020

Mario Vuksan, CEO and Co-Founder of ReversingLabs discusses modern digital objects, made up of layers of structured code and data, are central to the exchange or storage of information and are becoming increasingly complex. This interview is sponsored by ReversingLabs. To learn more about them, visit: https://www.reversinglabs.com/

Chris Wysopal, Co-Founder, CTO & CISO of Veracode, discusses how DevSecOps has moved security front and center in modern development. Yet security and development teams are driven by different metrics, making it challenging to align on objectives. The move to microservices-driven architecture and the use of containers and serverless has shifted the dynamics of how developers build, test, and deploy code. This interview is sponsored by Veracode. To learn more about them, visit: https://www.veracode.com/

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw194

Aug 13, 2020

Attivo Networks Announces New Integration with IBM Security Resilient, GreatHorn improves email security with better visibility and intelligent protection, Elite Intelligence Ascends to the Cloud With Recorded Future and Microsoft Azure, Thycotic Releases Privileged Access Management Capabilities for the New Reality of Cloud and Remote Work, Datadog has acquired Undefined Labs, a testing and observability company for developer workflows, and more!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw194

Aug 13, 2020

The discussion continues with Jeanette Manfra.

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/scw38

Aug 12, 2020

Government agencies are running in antiquated, fortress-based government clouds under the guise this is the only option for superior security and compliance. However, security and compliance don’t have to be a blocker to innovation; they can be part of the transformation. Jeanette will discuss how Google Cloud is enabling this transformation with Assured Workloads for Government by simplifying the compliance configuration process and providing seamless platform compatibility between government and commercial cloud environments.

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/scw38

Aug 8, 2020

In this segment, we discuss the importance of automating the Vulnerability Management Program and discuss Qualys VMDR which takes vulnerability management to the next level bringing detection and response to vulnerability management.

 

For your free trial of Qualys VMDR, visit: https://securityweekly.com/qualys

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw661

Aug 8, 2020

How hackers could spy on satellite internet traffic with just $300 of home TV equipment, Smart locks opened with nothing more than a MAC address, 17-Year-Old 'Mastermind' and 2 Others Behind the Biggest Twitter Hack Arrested, Flaw in popular NodeJS express-fileupload module allows DoS attacks and code injection, and how Netgear Won't Patch 45 Router Models Vulnerable to a Serious Flaw!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw661

Aug 7, 2020

Chad talks about the DomainTools COVID research (and how they stumbled on the CovidLock Android ransomware), mapping the Reopen Campaigns in more detail. He will then touch on some of the work he is doing that will be released that maps Twitter hunting into a nice, observable dashboard for the lazy.

 

This segment is sponsored by DomainTools. Visit http://domaintools.com/ to learn more about them!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw661

Aug 7, 2020

MITRE ATT&CK seems to be the “next big thing”. Every time I hear about it I can’t help but wonder, “how do you prevent all these attacks in the first place? Shouldn’t that be the end game?” To that end, I set out to map all the recommended “Mitigations” for all the “Techniques” detailed in ATT&CK to see how many are already addressed by what is required in the Payment Card Industry Data Security Standard (PCI DSS). My hypothesis was all of them. The results were interesting and a little surprising, and I’m still trying to figure out how to best use the results and subsequently ATT&CK itself. I will present my findings in the briefing and hopefully generate a discussion about what to do with the results.

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw193

Aug 6, 2020

Tanium offering new cybersecurity service through a partnership with Google Cloud, CyberArk launches open-source Shadow Admin identification tool for Azure and AWS, Threat Stack Cloud Security Platform extends security observability to AWS Fargate tasks, Polyrize announces its SaaS-based security platform, and more!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw193

Aug 6, 2020

The recent shift to a remote work environment has created new challenges for many businesses and government institutions with profound impacts on organizational security models. Users are no longer protected by the many layers of security found on-premise in the corporate network. Organizations must adapt security policies to support a massive influx of inbound connections. Security teams must consider how to adapt core security concepts like Zero Trust to include remote work environments that include corporate laptops, BYOD devices, and home networking gear. Join our conversation as we discuss how much trust you can put in your devices as well as what organizations are doing to assess and verify device integrity down to the firmware and hardware level. Eclypsium will also discuss the #BootHoleVulnerability research they disclosed last week.

 

This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!

To learn more about securing devices down to the firmware and hardware level, visit: https://eclypsium.com/

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw193

Aug 6, 2020

A ground shaking exposé on the failure of popular cyber risk management methods. This book is the first of a series of spinoffs from Douglas Hubbard’s successful first book, How To Measure Anything: Finding the Value of “Intangibles” in Business.

 

Learn more on how to quantify risk in terms of dollars and cents in order to build better "business impact" decision makers, visit: https://hubbardresearch.com/

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/bsw183

Aug 5, 2020

Global spending on cyber security totals over $100 billion per year, with no upper limit in sight as adversaries remain successful at compromising even well-resourced organizations. Why do adversaries remain successful despite advances in security technologies and risk frameworks? As it turns out, an often-overlooked architecture from 30 years ago is a common thread among many successful attacks. By re-thinking the ubiquitous web browser and its connection to the internet, CIOs and CISOs can nearly eliminate their internet risk surface, provide users the tools and access they need, and free up incident responders to focus on more advanced threats.

 

This segment is sponsored by Authentic8. Visit https://www.authentic8.com/bsw to learn more about them!

To download your copy of "The Billion Dollar Security Blanket" by Matt Ashburn, visit: https://www.authentic8.com/bsw

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/bsw183

Aug 4, 2020

Using Amazon GuardDuty to Protect Your S3, OkCupid Security Flaw Threatens Intimate Dater Details, Florida teen charged as “mastermind” in Twitter hack hitting Biden, Bezos, and others, Sandboxing and Workload Isolation, and Microsoft to remove all SHA-1 Windows downloads next week!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/asw117

Aug 4, 2020

As you go full DevSecOps, where does that leave security operations? Who makes changes that are required? How do you empower (or deputize) app folks or ops folks (DevOps) to make those operational changes? What kind of tooling is going to meet the need for that requirement? DisruptOps puts the concepts into action, empowering developers and ops folks to make the needed security changes quickly, consistently and within the tools they use for their daily tasks.

 

Try it out free of charge and experience the future of security operations. Visit https://disruptops.com/free-evaluation/

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/asw117

Aug 1, 2020

A Vulnerability that Allowed Brute-Forcing Passwords of Private Zoom Meetings, Russia's GRU Hackers Hit US Government and Energy Targets, a New tool that detects shadow admin accounts in AWS and Azure environments, BootHole Secure Boot Threat Found In Mostly Every Linux Distro, and Windows 8 And 10, and how Hackers Broke Into Real News Sites to Plant Fake Stories!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw660

Aug 1, 2020

MIDAS uses unsupervised learning to detect anomalies in a streaming manner in real-time and has become a new baseline. It was designed keeping in mind the way recent sophisticated attacks occur. MIDAS can be used to detect intrusions, Denial of Service (DoS), Distributed Denial of Service (DDoS) attacks, financial fraud and fake ratings. MIDAS combines a chi-squared goodness-of-fit test with the Count-Min-Sketch (CMS) streaming data structures to get an anomaly score for each edge. It then incorporates temporal and spatial relations to achieve better performance. MIDAS provides theoretical guarantees on the false positives and is three orders of magnitude faster than existing state of the art solutions.

 

Check out MIDAS at https://github.com/Stream-AD/MIDAS

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw660

« Previous 1 2