Security Weekly Podcast Network (Video)

One of the key features of cryptocurrency, NFTs, and other blockchain-based technologies is the immutable ledger. Put another way, there's no clear way to implement an 'undo' button when it comes to blockchain. In more traditional situations, passwords can be reset. Financial institutions can issue a stop payment order. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw260

In the Security News for this week: Microsoft to block VBA macros by default (in some Office applications), Russia arrests it's 3rd hacking group, The 'Metaverse' of security challenges, $323 Million in crypto stolen from the "Wormhole", & a rapping influencer allegedly launders $4.5 billion worth of stolen crypto, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw727

We have spent decades tackling security threats with technology, and we are failing badly. We need to look and learn from other industries and see how they have improved their industry. In particular the airline safety and automobile safety industries have a lot that we can learn from. Things such as breach disclosures, accountability, root cause analysis with openly shared results, focused training, industry norms for checklists, certification of products, and regulations have all improved these industries. Segment Resources: Security Industry Failing to Establish Trust https://threatpost.com/security-industry-failing-to-establish-trust/128321/ Treat infosec fails like plane crashes' – but hopefully with less death and twisted metal https://www.theregister.com/2017/11/24/infosec_disasters_learning_op/ IoT security: Lessons we can learn from the evolution of road safety https://www.helpnetsecurity.com/2018/08/09/iot-security-lessons/ Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw727

In the leadership and communications section, Cybersecurity Policy Creation: Priority One, 5 steps to run a successful cybersecurity champions program, The war for cloud and cybersecurity talent is on! , and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw249

A cyber attack is a catastrophic event for any organization. Therefore, effective cyber crisis communication is crucial but often overlooked and an internal concern. In this conversation, we will talk about critical communications and why it is essential to recover quickly and with their reputation intact. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw249

Vulns in an HTTP/3 server, path traversal in Argo CD, Log4Shell from the perspective of Log4j devs, DHS launches Cyber Safety Review Board, OSSF launches Alpha and Omega projects, resources for learning reverse engineering and appsec Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw183

Security is one of the most evolving and impactful landscapes in the regulatory sphere. Proposed initiatives in the areas of Incident Response, Software and Product Assurance, Coordinated Vulnerability Disclosure (CVD), and IoT or Connected Products Regulations are among the most active and developing areas of security policy around the world. This evolving landscape also serves as an opportunity for innovation and research collaboration. Elazari will walk us through some of the most recent trends in policy proposals shaping the future of security. We will also talk about bug bounties and vulnerability disclosure, what are some of the industry's best practices in this area, how to implement these programs to foster security, collaboration and transparency, and how this connects to the policy momentum and its impact on security researchers. Segment Resources: - Project Circuit Breaker: https://www.intel.com/content/www/us/en/newsroom/news/intel-launches-project-circuit-breaker.html - Project Circuit Breaker Landing Page: https://www.projectcircuitbreaker.com/ - Intel's 2021 Product Security Report: https://www.intel.com/content/www/us/en/security/intel-2021-product-security-report.html Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw183

This week in the Security News: Temporary phones, webcam hacks that are so much more, bags of cash, patch Wordpress plugins and patch them some more, crowd-sourced-government-funded vulnerability scanning, hiding deep in UEFI and bouncing off the moon, even more UEFI vulnerabilities, if Samaba were a fruit it would be....well vulnerable for one thing, charming kittens, fingerprinting you right in the GPU, Let's not Encrypt, your S3 bucket is showing again, and can you hack the latest wearable sex toys intended to delay things? Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw726

In late 2019, Microsoft released their cloud-native SIEM, Sentinel. A lot in the world has changed since then so we'll be looking at Sentinel's progression, talking about it's features and what may make it attractive to enterprises in 2022 and beyond. To register for Darwin's upcoming workshop with Security Weekly, please visit: https://attendee.gotowebinar.com/register/2393226017093033995?source=esw Microsoft Sentinel Ninja Training - https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/become-a-microsoft-sentinel-ninja-the-complete-level-400/ba-p/1246310# Forrester MSFT Sentinel reports indicating 201% ROI over 3 years - https://www.microsoft.com/security/blog/2020/11/16/forrester-tei-study-azure-sentinel-delivers-201-percent-roi-over-3-years-and-a-payback-of-less-than-6-months/ If you want to get started with Kusto Query Language (KQL) without having to bootstrap your own environment, MSFT has a live log analytics workspace with tons of log data. You must have an Azure subscription to use. Link : https://aka.ms/lademo Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw259

In this Technical Segment, Paul walks through Linux Post Exploitation! Github: https://github.com/SecurityWeekly/vulhub-lab Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw726