Paul's Security Weekly (Audio)

In the security news: KVMs are a hacker's dream Hacking an e-scooter Flipper Zero alternatives The best authentication bypass Pwning Claude Code ForiSIEM, vulnerabilities, and exploits Microsoft patches and Secure Boot fun Making Windows great, again? Breaching the Breach Forum Congressional Emails unsolicited Instagram password reset requests - Is Meta doing enough to secure the platform? LLMs are HIPAA compliant? Threat actors target LLM honeypots Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-909

This week in the security news: Supply chain attacks and XSS PS5 leaked keys Claude tips for security pros No Flipper Zeros allowed, or Raspberry PIs for that matter Kimwolf and your local network Linux is good now Removing unremovable apps without root Detecting lag catches infiltrators Defending your KVM Fixing some of the oldest code Deleting websites live on stage in costume It was a honeypot FCC is letting telecoms off easy Don't buy a Haribo power bank Ransomeware scum Fortinet vulns CISA warns about NVRs Patching MongoDB Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-908

Our field is booming! Cybersecurity jobs are projected to grow 33 percent through 2033, far outpacing the average 4 percent growth across all jobs. (And yes, those stats could be made up, but they sound nice, eh?) Yet newcomers often feel paralyzed by where to start. The truth? There's no single "right path," but there are proven strategies that work. The field needs people at all levels, and you don't need a four-year degree to break in. We'll discuss all the details, including a list of projects for beginners in Cybersecurity, plus plenty of non-technical suggestions! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-907

The crew makes suggestions for building a hacking lab today! We will tackle: What is recommended today to build a lab, given the latest advancements in tech Hardware hacking devices and gadgets that are a must-have Which operating systems should you learn Virtualization technology that works well for a lab build Using AI to help build your lab Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-906

This week in the security news: Linux process injection Threat actors need training too A Linux device "capable of practically anything" The Internet of webcams Hacking cheap devices Automating exploitation with local AI models Lame C2 Smallest SSH backdoor Your RDP is on the Internet These are not the high severity bugs you were looking for Low hanging fruit Your TV is spying on you, again no such thing as "offensive security" MCPs and RCEs Browser extensions collecting your AI chats And flooding TikTok with AI influencers Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-905

This week in our technical segment, you will learn how to build a MITM proxy device using Kali Linux, some custom scripts, and a Raspberry PI! In the security news: Hacking Smart BBQ Probes China uses us as a proxy LOLPROX and living off the Hypervisor Are we overreating to React4Shell? Prolific Spyware vendors EDR evaluations and tin foil hats Compiling to Bash! How e-waste became a conference badge Overflows via underflows and reporting to CERT Users are using AI to complete mandatory infosec training! AI in your IDE is not a good idea Cybercrime is on the rise, and its the kids AI can replace humans in power plants Will AI prompt injection ever go away? To use a VPN or to not use a VPN, that is the question Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-904

This week we welcome Ed Skoudis to talk about the holiday hack challenge (https://sans.org/HolidayHack). In the security news: Oh Asus Dashcam botnets Weird CVEs being issued CodeRED, but not the worm Free IP checking Internet space junk and IoT Decade old Linux kernel vulnerabilities Breaking out of Claude code Malicious LLMs Hacker on a plan gets 7 years Putting passwords into random websites NPM supply chains strike again LLMs will never be intelligent Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-903

Dive into the intriguing world of vibe coding, where Claude helps build a Python Flask app with some ups and downs. Learn about prompting strategies, logic errors from AI, and the importance of manual code intervention. Paul shares insights on using SQLite for exploit data and how caching tackles API rate limits. Discover the future of AI in development, emphasizing precise pre-prompts and collaboration across models. A fascinating mix of innovation and security awaits!

In the security news: Cloudflare was down, it was not good Logitech breached The largest data breach in history? Fortinet Fortiweb - the saga continues Hacking Linux through your malware scanner, oh the irony I never stopped hating systemd The ASUS exploit that never existed If iRobot fails, can we deploy our own hacker bot army? Firmware encryption is a bitch Threat actors deply Claude Code Remembering the Viasat hack and why we can't have nice things Hacking re-entry sensors Sending signals in the wrong direction A File Format Uncracked for 20 Years And 2026 is the year of the Linux desktop! Then, high school junior Bryce Owen joins us to discuss how he created the "Space Badge"! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-901

This week: Minecraft on your lightbulb Sonicwall breached, who's next? Ditch Android, install Linux Hacking your face Thermostat freedom Pen test fails HackRF hacking times 2 Going around EDR Hackers in your printer Chinese data breach NFC relays and PCI Constructive construction hacks FlipperZero firmware update ICS, PLCs, and attacks Bayesian Swiss Cheese, taste good? Do you want to hack back? Keeping secrets Enforcing CMMC OWASP top ten gets a make over Android Spyware makes a LANDFALL Gemini's deep research into your documents Slopguard and AI datacenters in space! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-900