Security Weekly Podcast Network (Audio)

In the leadership and communications section, SEC’s Enforcement Head: It’s Time for ‘Proactive Compliance’, Improving cybersecurity culture: A priority in the year of the CISO, Breaking Down Barriers: 6 Simple Measures to Overcome Communication Barriers, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-338

We've been scanning code for decades. Sometimes scanning works well -- it finds meaningful flaws to fix. Sometimes it distracts us with false positives. Sometimes it burdens us with too many issues. We talk about finding a scanning strategy that works well and what the definition of "works well" should even be. Segment Resources: https://www.lacework.com/blog/introducing-a-new-approach-to-code-security/ LLMs improve fuzzing coverage, the Shim vuln threatens Linux secure boot, considering AI application threat models, a new language for a configuration file format, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-273

Angry mobs, Azure, Avanti, Rhysida, Warzone, Flipper Zero, Bitlocker, Josh Marpet, and more are on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-362

Vincent Berk, cybersecurity expert, discusses the importance of cryptography and zero trust. They explore the risks of outdated algorithms and the need for actively managing cryptographic systems. The chapter emphasizes the challenges of separating cryptography from other data and the growing importance of quantum-safe algorithms. The speakers also touch on the risks of cybersecurity companies going public and the acquisition of Protect AI and layer AI. They discuss a decentralized alternative to Twitter and the voluntary cybersecurity performance goals for hospitals.

RoboJoe, SHIM, Fortinet, FaceOff, Simswap, sudo in Windows, Aaran Leyland, and More on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-361

As a computer-smitten middle-schooler in the former Soviet Union in the 1970s, to his current and prominent role in the cybersecurity research community, Bratus aims to render the increasingly prevalent and perilous software, hardware, and networks in our lives much safer to use. His fascination with computer security started for real in the 1990s as a mathematics graduate student when a computer he was programming and responsible for at Northeastern University in Boston was taken over by a hacker. That experience set him on his life’s mission to learn as much as he can about the vulnerabilities of software and hardware with the goal of learning how to best minimize or eliminate those vulnerabilities. Noting his embrace of the hacker community for its deep and innovative expertise in this context, Bratus’s portfolio at DARPA could help reduce or entirely remove even some of the most stealthy and unexpected vulnerabilities that reside in software and its logical, computational, and mathematical foundations. Segment Resources: • Overall Portfolio: https://www.darpa.mil/staff/dr-sergey-bratus • Safe Documents: https://www.darpa.mil/news-events/2023-06-14 • Enhanced SBOM for Optimized Software Sustainment: https://sam.gov/opp/d0af3e325a594a8191b94e3f80b6bdcd/view • V-SPELLS program:  https://www.theregister.com/2023/08/18/darpalegacybinary_patching/ • Digital Corpora Project:  https://www.jpl.nasa.gov/news/jpl-creates-worlds-largest-pdf-archive-to-aid-malware-research • SocialCyber:  https://www.technologyreview.com/2022/07/14/1055894/us-military-sofware-linux-kernel-open-source/ • Weird Machines:  https://www.darpa.mil/program/hardening-development-toolchains-against-emergent-execution-engines • Safe Docs: https://www.darpa.mil/news-events/2023-06-14 • Exploit programming:  https://www.usenix.org/publications/login/december-2011-volume-36-number-6/exploit-programming-buffer-ove   In the Security News: - Shim Shady, Up Shims Creek, whatever you want to call it, there’s a vulnerability affecting pretty much all Linux distributions (and other operating systems as well), when your toothbrush attacks the Internet, or some claim, glibc has some vulnerabilities, not all got a CVE, and one is for the algorithm lovers, Google shows some love for Rust, beating Bitlocker in 43 seconds, DEF CON was canceled, then uncancelled, and I’m not even joking this time, and the Government is here to "unhack" your router, Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-816

Teens Gone Wild, Nintendo, Anydesk, RUST, Google, Deepfakes, Jason Wood, and more are on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-360

We can't talk about OWASP without talking about lists, but we go beyond the lists to talk about a product security framework. Grant shares his insights on what makes lists work (and not work). More importantly, he shares the work he's doing to spearhead a new OWASP project to help scale the creation of appsec programs, whether you're on your own or part of a global org. Segment Resources: https://owasp.org/www-project-product-security-capabilities-framework/ https://github.com/OWASP/pscf https://prods.ec/ https://owaspsamm.org https://iso25000.com/index.php/en/iso-25000-standards/iso-25010 https://www.scmagazine.com/podcast-episode/application-security-weekly-242 Qualys discloses syslog and qsort vulns in glibc, Apple's jailbroken iPhone for security researchers, moving away from OpenSSL, what an ancient vuln in image parsing can teach us today, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-272

It's time to review the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter. We also update you on the Security Weekly 25 index. The index came roaring back last quarter. Here are the stocks currently in the index: SCWX Secureworks Corp PANW Palo Alto Networks Inc CHKP Check Point Software Technologies Ltd. SPLK Splunk Inc GEN Gen Digital Inc FTNT Fortinet Inc AKAM Akamai Technologies, Inc. FFIV F5 Inc ZS Zscaler Inc OSPN Onespan Inc LDOS Leidos Holdings Inc QLYS Qualys Inc VRNT Verint Systems Inc. CYBR Cyberark Software Ltd TENB Tenable Holdings Inc DARK Darktrace PLC S SentinelOne Inc NET Cloudflare Inc CRWD Crowdstrike Holdings Inc NTCT NetScout Systems, Inc. VRNS Varonis Systems Inc RPD Rapid7 Inc FSLY Fastly Inc RDWR Radware Ltd ATEN A10 Networks Inc Large security vendors and hyperscalers, including Microsoft, continue to expand their cybersecurity product and service portfolios. Microsoft’s extensive enterprise reach, massive partner network, and enormous influence in the C-suite puts pressure on CIOs and CISOs to consolidate on it as much as possible for cybersecurity. This report helps security leaders understand Microsoft’s cybersecurity portfolio, the tactics it uses, and how to manage peer and executive pressure to single-source security technology. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-337

E-Coli, Mercedes, Cloudflare, Ivanti, Volt Typhoon, GIGO, AI, Congress, Aaran Leyland, and more are on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-359