Security Weekly Podcast Network (Audio)

This week we welcome Ed Skoudis to talk about the holiday hack challenge (https://sans.org/HolidayHack). In the security news: Oh Asus Dashcam botnets Weird CVEs being issued CodeRED, but not the worm Free IP checking Internet space junk and IoT Decade old Linux kernel vulnerabilities Breaking out of Claude code Malicious LLMs Hacker on a plan gets 7 years Putting passwords into random websites NPM supply chains strike again LLMs will never be intelligent Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-903

Mike Puglia, General Manager of Kaseya Labs, dives into the growing security blind spots in popular SaaS platforms like Microsoft 365 and Salesforce. He highlights how attackers are exploiting these vulnerabilities, particularly through hijacking tokens and misconfigured integrations. The conversation shifts to the crucial role of the Chief Trust Officer and the debate over reliance on big cloud providers. Mike also offers strategies for SMBs on managing SaaS security, along with the necessity for enhanced visibility across organizational apps.

AI semantics, Calendly, GreyNoise, Teams, Schmaltz, India, Antigravity, Scada, Aaran Leyland, and More... Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-534

For OT systems, uptime is paramount. That's a hard rule that makes maintaining, upgrading, and securing them a complex struggle. Tomas "Data" Owens and James Cotter discuss how Tennessee is tackling the organizational and technical challenges that come with hardening OT systems across the state. Those challenges range from old technology (like RS-232 over Wi-Fi!?) to limited budgets. They talk about the different domains where OT appears and provide some examples of how the next generation of builders and breakers can start learning about this space. Segment Resources: Free Cyber OT Training (INL): https://ics-training.inl.gov/ Free Cyber Hygiene Training (CISA): https://www.cisa.gov/cyber-hygiene-services Recommendations for network hardening (CISA): https://www.cisa.gov/shields-up More OT and ICS resources: https://github.com/biero-el-corridor/OTICSressource_list   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-359

In a dynamic discussion, cybersecurity leaders share insights from InfoSec World 2025. Perry Schumacher explores challenges for mid-sized companies, emphasizing AI for efficiency and resilience. Maureen Allison introduces Security Control Management, advocating for automated oversight. Ryan Heritage discusses operationalizing security and insider risks, notably among Gen Z. Patricia Titus highlights the rise of AI phishing and innovative behavioral defenses. Dr. Ron Ross stresses the importance of secure hardware and community diversity in building a robust cybersecurity framework.

Aaron Leland, a security practitioner, and Josh Marpet, an expert in SIM swapping, delve into the crucial topic of mobile device security and strategies for handling phone loss. They share personal theft stories, highlighting the urgency of being prepared while traveling. The duo discusses immediate response tactics, from bricking phones to utilizing Find My iPhone. Practical advice includes using strong passcodes, protecting critical apps with biometrics, and having a disaster plan in place. Tune in for expert insights on safeguarding your digital life!

Dive into the fascinating world of vibe coding as Paul shares his hands-on experiment with a Python Flask app. He reveals how AI, particularly Claude, generated extensive documentation and code, while discussing methodologies for creating and securing software. The team debates the balance between vibe coding and hand-coding, explores the integration of various exploit databases, and emphasizes the importance of human oversight in AI development. Get ready for insights on using AI to enhance productivity in software creation!

The Security Weekly 25 index hits near all-time highs, reflecting a strong NASDAQ performance. Excitingly, Netskope's IPO is ensuring stability in the index despite upcoming acquisitions. AI is the hot topic, with funding shifting towards security driven by artificial intelligence. The panel debates the risks of prioritizing short-term profits and highlights the need for AI specialists on boards. They stress that AI should assist rather than replace human decision-making, and provide practical tips on crafting effective prompts.

In this engaging conversation, Dr. Shakour Abuzneid, Director of Computer Science and Cybersecurity at Roger Williams University, shares insights on AI's transformative impact on education. He discusses vulnerable jobs and the ethical implications of AI in the workforce, including its dual role in cybersecurity. Shakour emphasizes the importance of human oversight in the face of AI's limitations and advocates for AI literacy across disciplines. He also highlights the need for regulation, addressing privacy concerns and bias in AI technologies.

Explore the world of secure coding with insights on the OWASP Top 10 and security program strategies. Co-hosts compare the importance of secure by design versus merely passing scanner results. They debate the use of fuzzing and the dangers of homegrown cryptography. Learn about integrating security practices into developer workflows and making security context relevant to user stories. Delve into threat modeling and best practices for embedding security in software development while balancing business needs.