Unraveling Cybersecurity Complexity: A Conversation with Haroon Meer Haroon Meer, an influential figure in the world of cybersecurity, takes center stage in this podcast interview. With a deep reservoir of knowledge and a track record of tackling complex security challenges, Haroon has established himself as a key player in the InfoSec domain. As the founder of Thinkst Applied Research, Haroon brings a wealth of practical experience to the table. Join us as we explore his professional journey, from early forays into cybersecurity to pioneering innovations that have reshaped how organizations approach security. Haroon Meer's insights go beyond the theoretical, offering a pragmatic understanding of cybersecurity issues and solutions. Dive into the intricacies of threat landscapes, security architectures, and the evolving dynamics of cyber threats as Haroon shares his perspectives on the current state of cybersecurity. With a focus on practicality and a knack for simplifying complex concepts, Haroon Meer's interview is a must-listen for anyone interested in the nuances of cybersecurity. Gain a deeper understanding of the challenges faced by security professionals and uncover valuable takeaways that can enhance your approach to securing digital environments. Join us as we explore the mind of a cybersecurity luminary, unraveling the layers of InfoSec intricacies with Haroon Meer in this enlightening podcast episode. Show Notes: https://securityweekly.com/vault-psw-14

If you've ever wondered how attackers could go after payphones that are "smart" we got you covered! Inbar has done some amazing research and is here to tell us all about it! Segment Resources: https://www.retro.unarmedsecurity.net/post/%D7%9E%D7%A1%D7%AA%D7%91%D7%A8-%D7%A9%D7%92%D7%9D-%D7%98%D7%9C%D7%A4%D7%95%D7%9F-%D7%A6%D7%99%D7%91%D7%95%D7%A8%D7%99-%D7%94%D7%95%D7%90-%D7%98%D7%9C%D7%A4%D7%95%D7%9F-%D7%97%D7%9B%D7%9D XSS is the number one threat?, fix your bugs faster, hacking VoIP systems, AI and how it may help fuzzing, hacker gift guides, new DMA attacks, hacking InTune, Rhode Island gets hacked, OpenWrt supply chain issues, we are being spied on, Germans take down botnet, Bill and Larry are speaking at Shmoocon!, and TP-Link bans. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-855

Join us for this segment as we discuss government regulations and certifications as they apply to supply chain security and vulnerability management, and how understanding the mumbo jumbo can enable organizations to improve their cyber security. In the security news, the crew, (minus Paul) get to gather to discus hacks causing disruptions, in healthcare, donuts and vodka, router and OpenWRT hacks (and the two are not related), Salt/Volt Typhoon means no more texting and 10 year old vulnerabilities and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-854

The hosts discuss hacker gadgets! We'll cover what we've been hacking on lately and discuss gadgets we want to work on in the future and other gadgets we want to get our hands on. Paul has been working with some M5Stack devices, a guide can be found here: https://securitypodcaster.com/m5stack-hacking-guide/ We will cover the Clockwork PI "uConsole" (RPI CM4) - https://www.clockworkpi.com/uconsole We want the RPI Pico 2 W and the RPI CM5 (https://www.raspberrypi.com/products/) Paul upgraded one of his Flipper Zeros with Momentum Firmware (https://momentum-fw.dev/) Paul and Larry have the new Crowview Note (https://www.kickstarter.com/projects/elecrow/crowview-note-empowering-your-device-as-a-laptop?ref=20bm9i) Larry's List: Cheap Yellow Display - https://github.com/witnessmenow/ESP32-Cheap-Yellow-Display KV4P HT - https://www.kv4p.com/ Lilygo T-Deck - https://lilygo.cc/products/t-deck Helltec LoRa32 https://heltec.org/project/wifi-lora-32-v3/ NRF52840-DK - https://www.mouser.com/ProductDetail/Nordic-Semiconductor/nRF52840-DK?qs=F5EMLAvA7IA76ZLjlwrwMw%3D%3D NRF52840 Dongle - https://www.mouser.com/ProductDetail/Nordic-Semiconductor/nRF52840-Dongle?qs=gTYE2QTfZfTbdrOaMHWEZg%3D%3D&mgh=1 MakerDialry NRF52840 - https://wiki.makerdiary.com/nrf52840-mdk-usb-dongle/ Radioberry - https://www.amazon.com/dp/B0CKN1PW4J Bootkitties and Linux bootkits, Canada realizes banning Flippers is silly, null bytes matter, CVE samples, how dark web marketplaces do security, Perl code from 2014 and vulnerabilities in needrestart, malware in gaming engines, the nearby neighbor attack, this week in security appliances featuring Sonicwall and Fortinet, footguns, and get it off the freakin public Internet! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-853

Aaron Turner, a distinguished cybersecurity expert with a rich history at Microsoft and the Idaho National Laboratory, shares his journey in the tech world. He reflects on his shift from law to hacking, revealing insights from the early days of digital threats. The discussion covers pivotal moments, such as the Code Red worm, and the evolution of security practices. Turner emphasizes the importance of collaboration and innovation in tackling vulnerabilities, particularly in industrial control systems. Insights into the challenges of cybersecurity jobs highlight the need for innovation and flexibility in the field.

Ken Westin, a Senior Solutions Engineer at Lima Charlie and seasoned cybersecurity expert, shares his thrilling journey in stalking cybercriminals. He discusses the dark world of malware and personal safety when tracking down criminals. Ken dives into the alarming vulnerabilities in major platforms like Fortinet and Palo Alto, emphasizing the risks of using commonplace passwords. He also explores the importance of open communication about online safety, innovative tracking methods with USB devices, and how technology evolves alongside cyber threats.

Ed Skoudis, a renowned cybersecurity expert and SANS instructor, joins the discussion, diving into fascinating topics like zip files within zip files that perplex antivirus software. He emphasizes the huge accountability gaps in CVE management, sparked by vendors ignoring vulnerabilities in end-of-life software. The conversation also highlights this year’s Holiday Hack Challenge, focusing on its engaging structure and innovative designs. Additionally, they discuss the evolution of cybersecurity, from legacy system challenges to the importance of proactive vulnerability research.

Kayne McGladrey, an IEEE senior member and expert on cybersecurity in education, dives into the challenges faced by schools in securing their systems. He discusses the urgent need for funding to support cyber tools and training, especially through initiatives like the FCC's K-12 cybersecurity pilot program. The conversation highlights the role of community engagement in enhancing security and the potential of students in cybersecurity operations. Kayne also shares insights on the evolution of cybersecurity strategies and the importance of adapting to an ever-changing landscape.

In this engaging discussion, Dave Lewis, the Global Advisory CISO at 1Password, unpacks the nuances of shadow IT and security debt, drawing from his extensive cybersecurity expertise. He emphasizes the critical human factors in security and the pressing need for organizations to address outdated technologies. The conversation also touches on recent vulnerabilities, the complexities of managing unauthorized tool usage, and the balance between innovation and security, all while sharing insights that underscore the importance of proactive cybersecurity measures.

In this engaging discussion, Andy Syrewicze, a security evangelist at Hornet Security, shares his expertise on creating a 'secure by default' environment in Microsoft 365. He dives into the complexities of cloud migration, the struggles of managing permissions in SharePoint, and the importance of user training. The conversation also covers intriguing topics such as flaws in EDR systems, speculative execution vulnerabilities, and playful tech pranks. With a perfect blend of deep insights and light-hearted moments, Andy offers valuable perspectives on cybersecurity.