Security Weekly Podcast Network (Video)

Discord.io ceases to be, Azure AD breach to get scrutiny from the CSRB, Zoom's AI stumbles show security concerns, model confusion attacks, a look at how far we have -- and haven't -- come with XSS flaws, an approachable article on AI, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-252

Cold Fusion Flaw, EncroChat, sneaky Amazon and Google, Spoofing Apple devices, Telsa data breach, Space and Jason Wood on this episode of the Security Weekly News! Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-320

Ransomware-as-a-Service has contributed to a steady rise in sophisticated ransomware attacks. Ransomware authors are increasingly staying under the radar by launching encryption-less attacks which involve large volumes of data exfiltration. Organizations must move away from using legacy point products and instead migrate to a fully integrated zero trust platform that minimizes their attack surface, prevents compromise, reduces the blast radius in the event of a successful attack, and prevents data exfiltration. Segment Resources: https://www.zscaler.com/press/zscaler-2023-ransomware-report-shows-nearly-40-increase-global-ransomware-attacks https://www.zscaler.com/blogs/security-research/2023-phishing-report-reveals-472-surge-phishing-attacks-last-year This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscalerbh to learn more about them! The security mediascape is buzzing with discussions around the growing threat of generative AI. But, how can we use this powerful new weapon for good? In this executive interview, IRONSCALES CEO Eyal Benishti walks us through the ways in which generative AI can be used to significantly harden organizations' cyber defenses, and even unveils the latest, cutting-edge tools to be added to IRONSCALES' growing AI suite of capabilities. Meet IRONSCALES' Themis Co-Pilot for Outlook and learn how your team can use artificial intelligence to tip the scales back in your favor. Segment Resources: https://ironscales.com/company/news-awards/news/ironscales-announces-themis-copilot Video: https://youtu.be/ayn8ecsNgKY This segment is sponsored by IRONSCALES. Visit https://securityweekly.com/ironscalesbh to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-317

Modern applications are transforming how businesses serve their customers, employees, and partners. But they also challenge security teams with limited to no visibility or control while expanding an organization's attack surface. Jason Rolleston, vice president and general manager of VMware Carbon Black, discusses how security teams can enable their companies to safely adopt modern application environments. Segment Resources: https://blogs.vmware.com/security/2023/07/announcing-cloud-native-detection-and-response-for-carbon-black.html This segment is sponsored by VMWare Carbon Black. Visit https://securityweekly.com/vmwarebh to learn more about them! In today's mobile-first world, where Android and iOS apps are crucial for customer engagement, companies often overlook the vulnerability of their applications - which poses a growing risk to the enterprise. While business cybersecurity measures are robust, hackers exploit the app path to circumvent server-side security. To help you understand the risks and safeguard your mobile apps and your customer PII, Asaf Ashkenazi will talk about the top mobile app attacks, the real-world implications, the blind spot in many company security teams, and easy ways to protect, detect and respond to this growing threat. Segment Resources: [Asaf Ashkenazi introduces Verimatrix XTD](https://youtu.be/j3mJoc8OSY8) [Verimatrix XTD](https://www.verimatrix.com/cybersecurity/verimatrix-xtd/) [Verimatrix's Triple-Threat Initiative Enhances Mobile App Security](https://www.itsecurityguru.org/2023/04/13/verimatrixs-triple-threat-initiative-enhances-mobile-app-security/) This segment is sponsored by Verimatrix. Visit https://securityweekly.com/verimatrixbh to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-252

The Security Weekly 25 Index is still trying to recover. Inflation fears have tampered the recovery and the NASDAQ is outperforming the Index. Fastly replaces Sumo Logic in the Index and Thoma Bravo has not acquired anyone, so hoping the index stays stable for more than a quarter :). Here's the latest list of companies in the index: Secureworks Corp Palo Alto Networks Inc Check Point Software Technologies Ltd. Splunk Inc Gen Digital Inc Fortinet Inc Akamai Technologies, Inc. F5 Inc Zscaler Inc Onespan Inc Leidos Holdings Inc Qualys Inc Verint Systems Inc. Cyberark Software Ltd Tenable Holdings Inc Darktrace PLC SentinelOne Inc Cloudflare Inc Crowdstrike Holdings Inc NetScout Systems, Inc. Varonis Systems Inc Rapid7 Inc Fastly Inc Radware Ltd A10 Networks Inc Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-317

The rapid growth of APIs used to build microservices in cloud-native architecture has left many enterprises in the dark when it comes to knowing where, how many, and what types of APIs they have. With multiple teams creating their own API endpoints without shared visibility or governance, exposed APIs can become a critical threat vector for hackers to exploit. Edgio's new advanced API security capabilities give customers integrated and unparalleled protection at the edge, protecting APIs that are critical to modern businesses. Edgio delivers these services as part of its fully integrated holistic Web Application and API protection solutions giving customers the ability to respond to threats quicker. An edge-enabled holistic security platform can effectively reduce the attack surface, and improve the effectiveness of the defense while reducing the latency of critical web applications via its multi-layered defense approach. Edgio's security platform "shrinks the haystacks" so that organizations can better focus on delivering key business outcomes. This segment is sponsored by Edgio. Visit https://securityweekly.com/edgiobh to learn more about them! Offensive security is a proactive approach that identifies weaknesses using the same exploitation techniques as threat actors. It combines vulnerability management with pen testing and red team operations to "expose and close" vulnerabilities before they are exploited. This segment is sponsored by Fortra. Visit https://securityweekly.com/fortrabh to learn more about them! Join us at Black Hat as we delve into the world of Managed Detection and Response (MDR) providers. In this podcast, we'll explore the critical factors to consider when selecting an MDR provider, uncover the common shortcomings in their services, and discuss the necessary evolution required to ensure ongoing effectiveness and enhanced value for customers. Get ready to unravel the complexities of MDR and gain insights into the future of this vital cybersecurity solution. This segment is sponsored by Critical Start. Visit https://securityweekly.com/criticalstartbh to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-328

Elon Throttling, Dilithium, Africa, Suse, Citrix, QR Codes, AI Meetings, and More on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-319

As more organizations explore edge computing, understanding the entire ecosystem is paramount for bolstering security and resiliency, especially within a critical industry like healthcare. In this segment, Theresa Lanowitz, Head of Cybersecurity Evangelism at AT&T Business, will provide a deep dive into the state of edge computing—specifically, how it is revolutionizing healthcare. This segment is sponsored by AT&T Cybersecurity. Visit https://securityweekly.com/attcybersecuritybh to learn more about them! With Active Directory (AD) exploited in 9 out of 10 cyberattacks, delaying AD modernization—especially after a merger or acquisition—can compound security risks. Security is the most compelling reason to migrate to a pristine AD forest or perform an AD forest or domain consolidation, but many organizations delay such projects due to the effort and planning they require. We talk with Mickey Bresman about the keys to a smooth and secure AD modernization strategy. This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to learn more about them! Security organizations are increasingly adopting data lakes and cloud services as additions or alternatives to traditional SIEMs, but face challenges like scarcity of data engineering expertise and high data ingestion and cloud compute costs. To overcome these, a new security data stack is emerging, guided by models like SecDataOps and supported by solutions like Tenzir. In this segment, we will be talking about what is driving the heavy use of data in security operations, why that is stressing traditional security operations tools and processes, and what some early-adopter organizations are doing to meet these challenges. This segment is sponsored by Tenzir. Visit https://securityweekly.com/tenzirbh to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-328

In the enterprise security news, Check Point buys Perimeter 81 to augment its cybersecurity 2023 Layoff Tracker: SecureWorks Cuts 300 Jobs Hackers Rig Casino Card-Shuffling Machines for 'Full Control' Cheating 'DoubleDrive' attack turns Microsoft OneDrive into ransomware NYC bans TikTok on city-owned devices Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-328

In the Security News: You should read the NIST CSF, JTAG hacking the original Xbox, tricked into sharing your password, attacking power management software, the vulnerability is in the SDK, tearing apart printers to find vulnerabilities, a pain in the NAS, urllib.parse is vulnerable, hacking the subway, again, how not to implement encryption from OSDP, Intel does a good job with security, and hacking card shuffling machines! All that and more on this episode of Paul's Security Weekly! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-795