Security Weekly Podcast Network (Video)

Financial Scams, Microsoft, BianLian, Leihigh Medical, CISA, Vile, and More on this episode of the Security Weekly News! Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn281

Tap, tap - is this thing on? Why do defenders still struggle to detect attacks and attacker activities? Why do so many tools struggle to detect attacks? Today, we've got an expert on detection engineering to help us answer these questions. Thinkst's Canary and Canarytokens make in catching penetration testers and attackers stupidly simple. Thinkst Labs aims to push these tools even further. Casey will share some of the latest research coming out of labs, and we'll ponder why using deception for detection isn't yet a de facto best practice. Segment Resources: https://canary.tools https://canarytokens.org https://blog.thinkst.com Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw309

The CI/CD pipeline is the backbone of the software development process, so it's critical to ensure you are meeting and exceeding the most critical security measures. Throughout this podcast, Tal Morgenstern, Co-founder and CSO of Vulcan Cyber, will break down the process of how organizations can properly secure a CI/CD pipeline into a checklist of four key steps, as well as offer a handful of tools and tactics security leadership can use to bake risk-based vulnerability management into their CI/CD pipelines. He will explain how securing your CI/CD pipelines alone is not enough to reduce the chances of cyber attacks and the importance for organizations to not only maintain security at speed and scale, but quality at speed and scale. Finally, Tal will dive into how Vulcan Cyber helps organizations to streamline security tasks in every stage of the cyber-risk management process, integrating with their existing tools for true end-to-end risk management. Segment Resources: https://vulcan.io/ https://vulcan.io/platform/ https://vulcan.io/blog/ci-cd-security-5-best-practices/ https://www.youtube.com/watch?v=nosAxWc-4dc Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw309

In the security news: AI on your PI, no flipper for you, stealing Tesla's by accident, firmware at scale, the future of the Linux desktop, protect your attributes, SOCKS5 for your Burp, TPM 2.0 vulnerabilities, the world's most vulnerable door device and hiding from "Real" hackers, sandwiches, robot lawyers, poisonis epipens, and profanity in your code! All that, and more, on this episode of Paul's Security Weekly! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw776

Software supply chain attacks, those in which hackers target the "water supply" of software are on the rise. This makes software developers everywhere valid targets. We will discuss the developer perspective on software supply chain attacks. Segment Resources: https://in-toto.io https://sigstore.dev Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw776

In this week's leadership and communications segment, we discuss overemphasizing metrics, delegation drawbacks, security culture starts at the top, and succeeding in security with economic insecurity. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw297

Loom provides transparency on mishandling cookies, GitHub moves to require 2FA, TPM reference implementation includes a buffer overflow, Dropbox shares their security engineer ladder, multiple flaws in a smart intercom Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw232

Natural language processing AI will be at the forefront in 2023, as it will enable organizations to better understand their customers and employees by analyzing their emails and providing insights about their needs, preferences or even emotions. As AI voice cloning technology becomes more powerful and readily available, we will see an increase in impersonation attacks that utilize audio deepfakes. Join Dr. Kiri Addison, Threat Detection and Efficacy Product Manager, Mimecast to discuss how you can prepare and protect your organization from these types of business email compromises with the right cybersecurity products that can effectively protect them against attacks like these. ​ This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecast to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw297

In this segment, Josh will talk about the OWASP ASVS project which he co-leads. He will talk a little about its background and in particular how it is starting to be used within the security industry. We will also discuss some of the practicalities and pitfalls of trying to get development teams to include security activities and considerations in their day-to-day work and examples of how Josh has seen this "in the wild". Segment Resources: Josh's personal website, https://joshcgrossman.com Josh's mastodon handle, https://infosec.exchange/@JoshCGrossman OWASP ASVS site, https://owasp.org/asvs More detailed talk about ASVS v4.0.3, https://www.youtube.com/watch?v=zqj4YuoAlcA The most recent, stable version of the standard (v4.0.3), https://github.com/OWASP/ASVS/tree/v4.0.3/4.0 The "bleeding edge"/in-progress version, https://github.com/OWASP/ASVS/tree/master/5.0 Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw232

Casper, Flipper, NordVPN, Ring, Silicon Valley Bank, GoBruteforcer, Aaran Leyland, and more on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn280