Paul's Security Weekly (Audio)

Eric Greenwald, General Counsel for Finite State, brings over 20 years of expertise in law and technology to the discussion on supply chain security and regulatory navigation. He delves into the complexities of cybersecurity compliance, emphasizing the challenges companies face with firmware vulnerabilities. The conversation also highlights the implications of SOC 2 certification and recent legal standards, while reflecting on notable cybersecurity breaches. Additionally, they explore the evolving landscape of telecom security and the need for more effective risk management strategies.

Delve into the world of hacker gadgets as the hosts examine cutting-edge devices like the M5Stack and the Clockwork PI uConsole. Discover the importance of quality storage solutions and the evolution of wireless attacks, including a U.S. embassy cyberattack case study. Learn about AI red teaming and the intricacies of encrypted firmware. The conversation also dives into the dark web, exploring its impact on security practices. With a mix of tech insights and practical tips, this discussion is a must-listen for tech enthusiasts!

Aaron Turner, a distinguished cybersecurity expert with a rich history at Microsoft and the Idaho National Laboratory, shares his journey in the tech world. He reflects on his shift from law to hacking, revealing insights from the early days of digital threats. The discussion covers pivotal moments, such as the Code Red worm, and the evolution of security practices. Turner emphasizes the importance of collaboration and innovation in tackling vulnerabilities, particularly in industrial control systems. Insights into the challenges of cybersecurity jobs highlight the need for innovation and flexibility in the field.

Ken Westin, a Senior Solutions Engineer at Lima Charlie and seasoned cybersecurity expert, shares his thrilling journey in stalking cybercriminals. He discusses the dark world of malware and personal safety when tracking down criminals. Ken dives into the alarming vulnerabilities in major platforms like Fortinet and Palo Alto, emphasizing the risks of using commonplace passwords. He also explores the importance of open communication about online safety, innovative tracking methods with USB devices, and how technology evolves alongside cyber threats.

Ed Skoudis, a renowned cybersecurity expert and SANS instructor, joins the discussion, diving into fascinating topics like zip files within zip files that perplex antivirus software. He emphasizes the huge accountability gaps in CVE management, sparked by vendors ignoring vulnerabilities in end-of-life software. The conversation also highlights this year’s Holiday Hack Challenge, focusing on its engaging structure and innovative designs. Additionally, they discuss the evolution of cybersecurity, from legacy system challenges to the importance of proactive vulnerability research.

Kayne McGladrey, an IEEE senior member and expert on cybersecurity in education, dives into the challenges faced by schools in securing their systems. He discusses the urgent need for funding to support cyber tools and training, especially through initiatives like the FCC's K-12 cybersecurity pilot program. The conversation highlights the role of community engagement in enhancing security and the potential of students in cybersecurity operations. Kayne also shares insights on the evolution of cybersecurity strategies and the importance of adapting to an ever-changing landscape.

In this engaging discussion, Dave Lewis, the Global Advisory CISO at 1Password, unpacks the nuances of shadow IT and security debt, drawing from his extensive cybersecurity expertise. He emphasizes the critical human factors in security and the pressing need for organizations to address outdated technologies. The conversation also touches on recent vulnerabilities, the complexities of managing unauthorized tool usage, and the balance between innovation and security, all while sharing insights that underscore the importance of proactive cybersecurity measures.

In this engaging discussion, Andy Syrewicze, a security evangelist at Hornet Security, shares his expertise on creating a 'secure by default' environment in Microsoft 365. He dives into the complexities of cloud migration, the struggles of managing permissions in SharePoint, and the importance of user training. The conversation also covers intriguing topics such as flaws in EDR systems, speculative execution vulnerabilities, and playful tech pranks. With a perfect blend of deep insights and light-hearted moments, Andy offers valuable perspectives on cybersecurity.

New security and vulnerability research is published every day. How can security teams get ahead of the curve and build architecture to combat modern threats and threat actors? Tune-in to a lively discussion about the threat landscape and tips on how to stay ahead of the curve. Segment Resources: https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server Air gaps are still not air gapped, making old exploits new again, chaining exploits for full compromise, patching is overrated, SBOMs are overrated, VPNs are overrated, getting root with a cigarette lighter, you can be any user you want to be, in-memory Linux malware, the Internet Archive is back, we still don't know who created Bitcoin, unhackable phones, and There's No Security Backdoor That's Only For The "Good Guys" ! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-847

Ed Skoudis, a cybersecurity educator and author, joins the discussion alongside Mandy Logan to dive into the ethics of cybersecurity. They explore the moral dilemmas faced by professionals and the significance of a solid ethical framework when dealing with sensitive information. Personal experiences highlight the importance of mentorship and the challenges of whistleblowing. The conversation also touches on vulnerabilities in outdated technologies and key developments in the cybersecurity landscape, emphasizing the urgent need for integrity in the field.