Paul's Security Weekly (Audio)

This week, we welcome back Shani Dodge and Roi Cohen from Vicarius, to present their segment on Vulnerabilities entitled Prioritize This, Prioritize That, Prioritize with Context! In our second segment, we welcome Patrick Garrity, VP of Operations at Blumira, to talk about Democratizing and Saasifying Security Operations! In the Security News, Microsoft Uses Trademark Law to Disrupt Trickbot Botnet, Barnes & Noble cyber incident could expose customer shipping addresses and order history, Zoom Rolls Out End-to-End Encryption After Setbacks, Google Warns of Severe 'BleedingTooth' Low to Medium risk vulnerabilities, Windows TCP/IP Remote Code Execution vulnerability, and a Prison video visitation system exposed calls between inmates and lawyers!   Show Notes: https://wiki.securityweekly.com/psw670 Visit https://securityweekly.com/vicarius to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes!   Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, in our first segment, we welcome Alexander Krizhanovsky, CEO at Tempesta Technologies, to talk about Fast And Secure Web! In our second segment, we welcome Tony Punturiero, Community Manager at Offensive Security, to discuss Assembling Your First Infosec Home Lab! In the Security News, US Air Force slaps Googly container tech on yet another war machine to 'run advanced ML algorithms', Rare Firmware Rootkit Discovered Targeting Diplomats - NGOs, Hackers exploit Windows Error Reporting service in new fileless attack, HP Device Manager vulnerabilities may allow full system takeover, Malware exploiting XML-RPC vulnerability in WordPress, and it's the 10 year anniversary of Stuxnet!   Show Notes: https://wiki.securityweekly.com/psw669 Visit https://www.securityweekly.com/psw for all the latest episodes!   Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, in our first segment, Paul will take you through his process for creating a docker container for running NGINX as an RTMP proxy for streaming video to multiple services; complete with SSL and authentication! In our second segment, we welcome Chris Sanders, Founder of the Applied Network Defense & Rural Technology Fund, to talk about Intrusion Detection Honeypots! In the Security News, Rumored Windows XP Source Code Leaked Online, Hospitals hit by countrywide ransomware attack, China-linked 'BlackTech' hackers start targeting U.S, a 13-year-old student was arrested for hacking school computers, Who caused the 14 state Monday 911 outage, and A Return to 'Hackers' Is "Being Actively Considered," Says Director!   Show Notes: https://wiki.securityweekly.com/psw668 Visit https://www.securityweekly.com/psw for all the latest episodes!   Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome we welcome Mike Ware, Senior Director of Technology at Synopsys, to talk about the Key Findings From The Newly Released BSIMM11 Report! In our second segment, we welcome James Spiteri, Solutions Architect and Cyber Security Specialist Global Solutions Lead at Elastic, to discuss how Elastic Security Opens Public Detections Rules Repo! In the Security News, Three Cybersecurity Lessons from a 1970s KGB Key Logger, MFA Bypass Bugs Opened Microsoft 365 to Attack, How Hackers Can Pick Your LocksJust By Listening, U.S. House Passes IoT Cybersecurity Bill, the Largest Hacking Campaign Since 2015 Targeted Magento Stores Via Unpatched Bug, and 5 Security Lessons Humans Can Learn From Their Dogs!   Show Notes: https://wiki.securityweekly.com/psw667 Visit https://securityweekly.com/elastic to learn more about them! Visit https://securityweekly.com/synopsys to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome we welcome David Asraf, C++ Developer at Vicarius, and Roi Cohen, Co-Founder & VP Sales at Vicarius, to discuss The Patchless Horseman! In our second segment, we welcome back Sumedh Thakar, President and Chief Product Officer at Qualys, to talk about Building Security Into the DevOps Lifecycle! In the Security News, Cisco Patches Critical Vulnerability in Jabber for Windows, Expert found multiple critical issues in MoFi routers, TeamTNT Gains Full Remote Takeover of Cloud Instances, Bluetooth Bug Opens Devices to Man-in-the-Middle Attacks, Former NSA chief General Keith Alexander is now on Amazon’s board, and the Legality of Security Research is to be Decided in a US Supreme Court Case!   Show Notes: https://wiki.securityweekly.com/psw666 Visit https://securityweekly.com/qualys to learn more about them! Visit https://securityweekly.com/vicarius to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Fredrick "Flee" Lee, Chief Security Officer at Gusto, to discuss Lovable Security: Be a Data Custodian, Not a Data Owner! In our second segment, we welcome Justin Armstrong, Security Architect at MEDITECH, to talk about Cybersecurity & Patient Safety! In the Security News, The NSA Makes Its Powerful Cybersecurity Tool Open Source, The bizarre reason Amazon drivers are hanging phones in trees near Whole Foods, Elon Musk Confirms Serious Russian Bitcoin Ransomware Attack On Tesla, Foiled By The FBI, Attackers are exploiting two zero-day flaws in Cisco enterprise-grade routers, and the FBI is investigating after an alarmed pilot tells the LAX tower: We just passed a guy in a jet pack!   Show Notes: https://wiki.securityweekly.com/psw665 Visit https://www.securityweekly.com/psw for all the latest episodes!   Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, first we talk Security News! We'll be discussing how a Google Researcher Reported 3 Flaws in Apache Web Server Software, Medical Data Leaked on GitHub Due to Developer Errors, Experts hacked 28,000 unsecured printers to raise awareness of printer security issues, Tesla Is Cracking Down On Performance-Enhancing Hacks For The Model 3, Former Uber CSO Charged Over Alleged Breach Cover-Up, and Researchers Sound Alarm Over Malicious AWS Community AMIs! In our second segment, we air two pre recorded interviews from Security Weekly's Virtual Hacker Summer Camp, with Ferruh Mavituna, CEO of Netsparker, and Paul Battista, CEO and Founder of Polarity! In our final segment, we air one more pre recorded interview with Roi Cohen, Co-Founder and VP of Sales at Vicarius, and Shani Dodge, C++ Developer at Vicarius, discussing Predicting Vulnerabilities in Compiled Code!   Show Notes: https://wiki.securityweekly.com/psw664 Visit https://securityweekly.com/vicarius to learn more about them! Take the Polarity Challenge! Get your free community edition by visiting: www.polarity.io/sw Visit https://securityweekly.com/netsparker to get a trial of the best dynamic application scanning solution on the market!   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome back Harry Sverdlove, Founder and CTO of Edgewise, and Dan Perkins, Principal Product Manager at ZScaler, to talk about Protecting Critical Infrastructure and Workloads In Hybrid Clouds! In our second segment, it's the Security News! We'll be talking about how New Microsoft Defender ATP Capability Blocks Malicious Behaviors, Voice Phishers Targeting Corporate VPNs, IBM finds vulnerability in IoT chips present in billions of devices, Marriott faces London lawsuit over vast data breach, US firm accused of secretly installing location tracking SDK in mobile apps, and Disrupting a power grid with cheap equipment hidden in a coffee cup! In our final segment, we air two pre recorded interviews from Security Weekly's Virtual Hacker Summer Camp, with Corey Thuen, Co-Founder of Gravwell, and Deral Heiland, Principal Security Researcher for IoT at Rapid7!   Show Notes: https://wiki.securityweekly.com/psw663 Visit https://securityweekly.com/edgewise to learn more about them! To learn more, visit: https://www.gravwell.io/summercamp2020 Visit https://securityweekly.com/rapid7 to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome back Mike Nichols, Head of Product at Elastic Security, to discuss Why Elastic Is Making Endpoint Security 'Free And Open'! In our second segment, it's the Security News! We'll be talking about how Amazon Alexa One-Click Attack Can Divulge Personal Data, Researcher Publishes Patch Bypass for vBulletin 0-Day, Threat actors managed to control 23% of Tor Exit nodes, a Half a Million IoT Passwords were Leaked, Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment, and a Zoom zero-day flaw allows code execution on victim's Windows machine! In our final segment, we air a pre recorded interview with Michael Assraf, CEO and Co-Founder at Vicarius, to talk about Vulnerability Rich - Contextually Blind!   Show Notes: https://wiki.securityweekly.com/psw662 Visit https://securityweekly.com/vicarius to learn more about them! Visit https://securityweekly.com/elastic to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, it's the Security Weekly Virtual Hacker Summer Camp edition of Paul's Security Weekly! In our first segment, we welcome Chad Anderson, Senior Security Researcher at DomainTools, to discuss Observing Disinformation Campaigns! In our second segment, it's the Security News! We'll be talking about How hackers could spy on satellite internet traffic with just $300 of home TV equipment, Smart locks opened with nothing more than a MAC address, 17-Year-Old 'Mastermind' and 2 Others Behind the Biggest Twitter Hack Arrested, Flaw in popular NodeJS express-fileupload module allows DoS attacks and code injection, and how Netgear Won't Patch 45 Router Models Vulnerable to a Serious Flaw! In our final segment, we air a pre recorded interview with Sumedh Thakar, President and Chief Product Officer at Qualys, and Mehul Revankar, VP Product Management and Engineering of VMDR at Qualys, discussing Automating Your Vulnerability Management Program!   Show Notes: https://wiki.securityweekly.com/psw661 For your free trial of Qualys VMDR, visit: https://securityweekly.com/qualys Visit https://securityweekly.com/domaintools to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4 Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly