Security Weekly Podcast Network (Video)

This week in the Security News: Military intelligence, Chrome updates, an exploit for the firewall, racing the kernel, creepy spyware goes away?, weaponizing security complexity, same old tricks, the largest crypto hack, suing journalists, targeting your battery backup, the teenager behind Lapsus$, spring exploits just in time for spring, and hacking your Honda Civic, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw734

Mark is currently involved in building a security operations center for a large organization with an established infrastructure and teams already in place. In this chat, we'll explore the state of the SOC today, the challenges of building one, the reality versus expectations roles, what is SOAR'ing and not, and more. Tangential paths will likely be followed, as information security is fun to talk about in general! Segment Resources: http://www.securitybsides.com https://www.bsidesdc.org Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw734

With an alarming increase in K-12 cybersecurity attacks, districts are considering new ways to protect their students and staff. With the need to increase the cybersecurity talent pipeline, the solution to the problem is much larger than just increasing protective technology measures to keep schools safe. Schools must also be proactive in training the next generation of cybersecurity experts. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw734

In the Leadership and Communications section: Cybersecurity Threat Level is High; Be Pro-Active, Cyber Risk Quantified is Cyber Risk Managed, 5 Ways Managers Sabotage the Hiring Process, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw256

Every CISO CIO asks the question, what's the risk? Quantitative analysis, mathematical models are designed to answer this question. Understand how they work, when to use them, and what they can tell us. Segment Resources: https://www.amazon.com/Ensure-Business-Success-Informed-Decisions-ebook/dp/B09Q7R1HY4 https://fismacs.com/blog/ https://portal.fismacs.com/p/p-rmod4cyber https://fismacs.com/white-paper-mhp-ip4cyber/ Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw256

Developers ignore security issues. But can we really blame them? After all, security folks bombard them with an endless stream of issues that need to be addressed with no way for them to separate what's actually critical from all the noise, all while they are expected to release software more frequently and faster than ever before. It makes sense why developers view security as something that just gets in their way and slows them down. To make application security easy, we must make it developer-first. This is the future of AppSec. Segment Resources: - https://techbeacon.com/devops/5-steps-building-developer-first-application-security-program - https://www.forbes.com/sites/forbestechcouncil/2022/02/14/what-organizations-get-wrong-about-developer-first-application-security/?sh=1dad6eb58e7c - https://www.tromzo.com/state-of-modern-application-security Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw190

In the AppSec News: Okta breach, fuzzing Rust find ReDos, SQL injection and the age of code, Log4j numbers paint a not-pretty picture Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw190

Check out our latest interview with our good friend Dave Kennedy! When not pumping iron Dave is hard at work understanding and implementing C2 infrastructure. TrevorC2 is a really cool framework that allows for some pretty stealthy C2 communications. Tune-in to learn more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw733

Since IT network secrets unlock access to highly privileged systems and data, securing secrets is just as critical to preventing cyberattacks as securing end-user passwords. One study found that 75% of ransomware attacks involve compromised credentials – most of the time, RDP credentials. However, secrets management is a challenge for IT teams, who must mitigate secrets sprawl, hardcoded and embedded credentials, and duplicative data stores in hybrid cloud and multi-cloud environments. Keeper Secrets Manager (KSM) is a fully cloud-based, Zero-Knowledge platform for managing IT infrastructure secrets such as API keys, database passwords, cloud access keys, certificates, SSH keys, service account passwords, and any other type of confidential data. KSM seamlessly integrates into nearly any data environment, with no additional hardware or cloud-hosted infrastructure required. It offers out-of-the-box integrations with a wide variety of DevOps tools, including Github Actions, Kubernetes, Ansible and more. Segment Resources: https://www.keepersecurity.com/en_GB/secrets-manager.html This segment is sponsored by Keeper Security. Visit https://securityweekly.com/keepersecurity to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw266

In the Enterprise Security News for this week: Island raises another $115M to build a secure web browser, less than 2 months after raising $100M, Bionic raises $65M for application intelligence, Israeli startup HUB Security merges with a SPAC to go public on the NASDAQ at a $1.28B valuation, Cybersecurity now has 53 unicorns, which are the most interesting to follow? New data shows VCs pulling back on Series A, B, and C, but is this data any good? Over 90% of orgs had an incident tied to a third party last year, the SEC might require public companies to report hacks and hand over details, & more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw266