Paul's Security Weekly (Audio)

This week we welcome Ed Skoudis to talk about the holiday hack challenge (https://sans.org/HolidayHack). In the security news: Oh Asus Dashcam botnets Weird CVEs being issued CodeRED, but not the worm Free IP checking Internet space junk and IoT Decade old Linux kernel vulnerabilities Breaking out of Claude code Malicious LLMs Hacker on a plan gets 7 years Putting passwords into random websites NPM supply chains strike again LLMs will never be intelligent Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-903

Dive into the intriguing world of vibe coding, where Claude helps build a Python Flask app with some ups and downs. Learn about prompting strategies, logic errors from AI, and the importance of manual code intervention. Paul shares insights on using SQLite for exploit data and how caching tackles API rate limits. Discover the future of AI in development, emphasizing precise pre-prompts and collaboration across models. A fascinating mix of innovation and security awaits!

In the security news: Cloudflare was down, it was not good Logitech breached The largest data breach in history? Fortinet Fortiweb - the saga continues Hacking Linux through your malware scanner, oh the irony I never stopped hating systemd The ASUS exploit that never existed If iRobot fails, can we deploy our own hacker bot army? Firmware encryption is a bitch Threat actors deply Claude Code Remembering the Viasat hack and why we can't have nice things Hacking re-entry sensors Sending signals in the wrong direction A File Format Uncracked for 20 Years And 2026 is the year of the Linux desktop! Then, high school junior Bryce Owen joins us to discuss how he created the "Space Badge"! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-901

This week: Minecraft on your lightbulb Sonicwall breached, who's next? Ditch Android, install Linux Hacking your face Thermostat freedom Pen test fails HackRF hacking times 2 Going around EDR Hackers in your printer Chinese data breach NFC relays and PCI Constructive construction hacks FlipperZero firmware update ICS, PLCs, and attacks Bayesian Swiss Cheese, taste good? Do you want to hack back? Keeping secrets Enforcing CMMC OWASP top ten gets a make over Android Spyware makes a LANDFALL Gemini's deep research into your documents Slopguard and AI datacenters in space! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-900

This week: Reversing keyboard firmware Ghost networks Invasion of the face changers Ghost tapping and whole lot of FUD AI doesn't code securely, but Aardvark can secure code De-Googling Thermostats Dodgy Android TV boxes can run Debian HackRF vs. Honda Cyberslop AI paper Turning to the darkside Poisoning the watering hole Nagios vulnerabilities VPNs are a target Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-899

In the security news this week: Cybersecurity is dead, and AI killed it Exploiting the patching system Apple makes it easier for spyware Who is patching Cisco ASA? Shove that DMCA somewhere HTTPS - a requirement Russia wants to own all the exploits Abandonware challenges Reversing at its hardest with Lua Hacking team is back, and leetspeak malware When you forget to authenticate your API Jamming with cool tech GoSpoof and After 35 Years, a Solution to the CIA's Kryptos Puzzle Has Been Found! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-898

In the security news: When in doubt, blame DNS, you're almost always correct How to Make Windows 11 great, or at least suck less CSRF is the least of your problems Shady exploits Linux security table stakes (not steaks) The pill camera Give AI access to your UART Security products that actually try to be secure? Firmware vulnerabilities, lots of them Teams is spying on you More details on PolarEdge VSCode, marketplaces, and developers at risk Cisco SNMP flaw used to deploy malware The 90's called, they want their exploits back This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-897

First up is a technical segment on UEFI shells: determining if they contain dangerous functionality that allows attackers to bypass Secure Boot. Then in the security news: Your vulnerability scanner is your weakest link Scams that almost got me The state of EDR is not good You don't need to do that on a phone or Raspberry PI Hash cracking and exploits Revisiting LG WebOS Hardening Docker images Hacking Moxa NPort Shoddy academic research The original sin of computing Bodycam hacking A new OS for ESP32 The AI bubble is going to burt Mobile VPNs are not always secure Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-896

This week we kick things off with a special interview: Kieran Human from Threat Locker talks about EDR bypasses and other special projects. In the security news: Hacking TVs Flushable wipes are not the only problem People just want to spy on their pets, except the devices can be hacked Linux EDR is for the birds What does my hat say we love exploits and hashes ESP32s in your router RF signal generator on a PI Zero Mic-E-Mouse and other things that will probably never happen, until they do Hacking with money Uninitialized variables and other things the compiler should catch Breaking out of the shell Hacking with sound, for real, not just another side channel attack Bring back 2G When the game engine gets hacked Oracle 0-days This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-895

Mary Ann Davidson, an experienced security leader and former Oracle executive, makes a surprise appearance to discuss the crucial role of governance in AI. She advocates for a security mindset among developers and emphasizes building defensible systems rather than over-relying on security personnel. The conversation explores AI's practical applications, the importance of human oversight, and the challenges surrounding risk-based compliance in cybersecurity. Mary Ann also shares insights on mentorship and recruiting new talent in the field.