Paul's Security Weekly (Audio)

This week, we welcome Steven Bay, Director of Security Operations at Security On-Demand, to talk about Insider Threats! In our second segment, we welcome Patrick Laverty, Conference Organizer at Layer8 Conference, and Ori Zigindere, Co-Founder of WorkshopCon, to discuss all things Layer8 Conference and WorkshopCon! In the Security News, Zoom releases 5.0 update with security and privacy improvements, Zero-click, zero-day flaws in iOS Mail 'exploited to hijack' VIP smartphones, NSA shares list of vulnerabilities commonly exploited to plant web shells, Legions of cybersecurity volunteers rally to protect hospitals during COVID-19 crisis, & the Top 10 In-Demand Cybersecurity Jobs in the Age of Coronavirus! Show Notes: https://wiki.securityweekly.com/PSWEpisode648 To sign up for the Layer8 Conference, please visit: https://layer8conference.com/ To watch our interview with Steven Bay on Enterprise Security Weekly #170, visit: https://youtu.be/nbnSSiVUSSw Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Wade Woolwine, Principal Threat Intelligence Researcher at Rapid7 to talk about Threat Intel Program Strategies! In our second segment, we welcome Magno Gomes, Director of Sales Engineering at Core Security (a HelpSystems Company), to discuss Penetration Testing to Validate Vulnerability Scanners! In the Security News, How to teach your iPhone to recognize you while wearing a mask, Hackers Targeting Critical Healthcare Facilities With Ransomware During Coronavirus Pandemic, VMware plugs critical flaw in vCenter Server, Russian state hackers behind San Francisco airport hack, and Macs Are More Secure, and Other Jokes You Can Tell Yourself! To learn more about Core Security, visit: https://securityweekly.com/coresecurity To learn more about Rapid7 or to request a demo, visit: https://securityweekly.com/rapid7 Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode647 Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we bring you one of Security Weekly's very own, Tyler Robinson, Managing Director of Network Operations at Nisos, for a Technical Segment titled: To Hunt or Not To Hunt: Using offensive tooling to obtain OSINT and Real-Time Intelligence on a subject of interest for hunting or targeting! In our second segment, we talk Security News, to discuss Vulnerabilities in B&R Automation Software Facilitate Attacks on ICS Networks, Using AWS to secure your web applications, Serious Vulnerabilities Patched in Chrome & Firefox, Email Provider that got Hacked & Data of 600,000 Users is Now being Sold on the Dark Web, and As if the world couldn't get any weirder, this AI toilet scans your anus to identify you! In our final segment, we air a pre recorded interview with Jeff Man, entitled "Tales from the Crypt...Analysts pt.2", discussing many myths, legends and fables in hacker history! Show Notes: https://wiki.securityweekly.com/PSWEpisode646 Visit https://www.securityweekly.com/psw for all the latest episodes! To view ngrok, visit: https://www.ngrok.com/ To check out the Trape tool, visit: https://github.com/jofpin/trape Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Matt Allen, Senior Solutions Engineer at VIAVI Solutions, to discuss Collaboration between NetOps and SecOps in today's world! In our second segment, we welcome Lorrie Cranor, Director of CyLab Security and Privacy Institute at Carnegie Mellon University, to discuss Research on Security and Privacy labels for IoT devices! In the Security News, Two Zoom Zero-Day Flaws Uncovered, Millions of routers running OpenWRT vulnerable to attack, Marriott says 5.2 million guest records were stolen in another data breach, PoC Exploits for CVE-2020-0796 (SMBGhost) Privilege Escalation flaw published, and we welcome our very special guest for tonight, Dave Kennedy, who joins us to talk about Video Chat Client Vulnerability History and the recent Zoom Vulnerabilities! Show Notes: https://wiki.securityweekly.com/PSWEpisode645 For more information on VIAVI Solutions, visit: https://securityweekly.com/viavi Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome back Corey Thuen, Founder and CEO of Gravwell, to discuss Zen and The Art of Logs In the Cloud! In our second segment, we welcome back Peter Smith, Founder and CEO of Edgewise, to discuss How remote users and administrators can work securely from home! In the Security News, Authorities Helpless as Crypto-Currency Scams Rock Nigeria, C.S. Lewis on the Coronavirus, Microsoft SMBv3.11 Vulnerability and Patch CVE-20200796 Explained, Drobo 5N2 4.1.1 - Remote Command Injection, DDoS attack on US Health agency part of coordinated campaign, A cyberattack hits the US Department of Health and Human Services, and more! Show Notes: https://wiki.securityweekly.com/PSWEpisode644 To learn more about Gravwell, visit: https://securityweekly.com/gravwell To learn more about Edgewise, visit: https://securityweekly.com/edgewise Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome back Gabe Gumbs, Chief Innovation Officer at Spirion, to discuss How attackers will change their strategy to target those working from home! In our second segment, we welcome Bianca Lewis, Founder, and CEO of Girls Who Hack, to discuss Girls Who Hack, teaching classes to middle school girls on hacking, and Secure Open Vote, open-source election system that i This week, we welcome back Gabe Gumbs, Chief Innovation Officer at Spirion, to discuss How attackers will change their strategy to target those working from home! In our second segment, we welcome Bianca Lewis, Founder, and CEO of Girls Who Hack, to discuss Girls Who Hack, teaching classes to middle school girls on hacking, and Secure Open Vote, open-source election system that is in the design stages! In the final segment, we air a pre-recorded interview with Dorit Naparstek, director of R&D at NanoLock Security, to discuss Hacks performed on connected & IoT devices, and revealing major vulnerabilities in existing security measures! Show Notes: https://wiki.securityweekly.com/PSWEpisode643 Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly s in the design stages! In the final segment, we air a pre-recorded interview with Dorit Naparstek, director of R&D at NanoLock Security, to discuss Hacks performed on connected & IoT devices, and revealing major vulnerabilities in existing security measures! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://wiki.securityweekly.com/PSWEpisode643

This week, we welcome back Sean Metcalf, Founder and CTO at Trimarc, to discuss Azure AD & Office 365 Security, including a breakdown of Microsoft's security offerings and recommendations for cloud migrations for Active Directory! In the second segment, we welcome Mark Cooper, President and Founder of PKI Solutions, to talk about how SHAKEN/STIR and PKI will end the global robocall problem! In the Security News, Shark Tank Star Corcoran Loses $400K in Email Scam, Backdoor malware is being spread through fake security certificate alerts, Venezuela Power outage knocked out part of the internet connectivity, Experts warn of mass scans for Apache Tomcat Ghostcat flaw, 4 essential things security experts do to protect their own data, and more! Show Notes: https://wiki.securityweekly.com/PSWEpisode642 Link to an article Mark wrote for Dark Reading: https://www.darkreading.com/endpoint/shaken-stir-finally!-a-solution-to-caller-id-spoofing/a/d-id/1336285 Link to landing page with more info: https://www.pkisolutions.com/shakenstir/ Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, live from RSAC 2020, we interview our very own Jeff Man! There are many myths, legends and fables in hacker history. One of the themes of these legends surrounds some of the first red team hackers working for the US Government out of NSA. The building where they worked was called "The Pit". Jeff Man sits with us for this segment to talk about, where he can, the history and events that transpired during his tenure with the NSA! In our second segment, Gabriel Gumbs and the Security Weekly crew discuss strategies for protecting your data. We will explore practical use-cases for needing to manage access and protect your data as it pertains to security and compliance. Protect what matters most! In the final segment, Paul, Matt, and Scott talk all new thoughts, ideas, and findings from the RSA Conference 2020! Show Notes: https://wiki.securityweekly.com/PSWEpisode641 Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/spirion for more information. Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Mike Nichols, Head of Product at Elastic Security, to talk about how Elastic Security is unifying SIEM and Endpoint Security! In our second segment, we welcome Ian Coldwater, Lead Platform Security Engineer at Heroku, to talk bout Kubernetes and Container Security! In the Security News, Iranian Hackers are targeting Dutch Universities, how electrical tape can fool Tesla sensors, Ransomware attack forces 2-day shutdown of a natural gas pipeline, Ring Rolls Out Mandatory 2FA & New Privacy Controls, and 7 Ways to Improve the Security of Mobile Banking Apps! Show Notes: https://wiki.securityweekly.com/PSWEpisode640 Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Oshea Bowens, Founder & Chief Janitor at Null Hat Security, to talk about Living in Blue Team Land and Skicon, a conference Founded by Oshea himself! In our second segment, we welcome John Loucaides, VP of Research & Development at Eclypsium, to talk about Hacking Firmware: The Unprotected Attack Surface of the Enterprise! In the Security News, Misconfigured Docker Registries Expose Thousands of Repositories, a Forgotten motherboard driver turns out to be perfect for slipping Windows ransomware past antivirus checks, Jail Software Left Inmate Data Exposed Online, Adobe patches 42 vulnerabilities across 5 products, and how the CIA Secretly Owned Global Encryption Provider, Built Backdoors,& Spied On 100+ Foreign Governments! Show Notes: https://wiki.securityweekly.com/PSWEpisode639 Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly