Security Weekly Podcast Network (Video)

If 2021 taught us anything, it's that our supply chain–especially our technical supply chain–hangs in the balance of a very fragile system. In this interview, ExtraHop's Jamie Moles examines the impact of the Log4Shell zero day and how enterprises can be assured that they're in the clear with the help of a live demo of the vulnerability in a lab environment. This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw258

Ubiquiti has become a crown favorite for WiFi (and many other solutions). Learn how to do some basic security, update the software, change passwords and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw725

Enterprises today has an ever expanding attack surface. Jimmy Sanders, Head of Security for DVD.com, joins to discuss how Organizations are constantly trying to stay ahead of the latest known and unknown risks! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw725

In the leadership and communications section, Mastering Art and Science Is Imperative for CISOs to Be Successful, Seven Ways to Ensure Successful Cross-Team Security Initiatives, 2 Key Cybersecurity Lawmakers Will Not Seek Reelection, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw247

Enabling the business requires a nuanced view of verticalization and what it means to an enterprise. Why is this important as CISO's think about how to apply cyber to enterprise resiliency? Mark Fernandes, Global Chief Technology Officer, Security, Risk, and Governance Solutions from MicroFocus, joins us to provide an overview of their Galaxy platform that aligns threats to prioritized risk activities. If you want learn more or sign-up and try Galaxy for free, please visit https://securityweekly.com/galaxy. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw247

In the AppSec News, Safari fixes a privacy leak in IndexedDB, integer arithmetic flaw leads to Linux kernel bug, a look back on Zoom security, SSRF from an URL allow list bypass, a security engineering course and lectures, 25 years of HTTP/1.1 Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw181

It is hard, if not impossible, to secure something you don't know exists. While security professionals spend countless hours on complex yet interesting issues that *may* be exploitable in the future, basic attacks are occurring every day against flaws in code that receives little review. For example, a "dated trend" by effective yet lazy hackers is to search for APIs unknown by security teams, coined "Shadow APIs", then connect to these APIs and extract data. SQL Injection used to be the hack of choice, as a few simple SQL commands would either mean pay dirt or "move on to the next target". Now the same can be said for Shadow API: Find, Connect, Extract. Himanshu will discuss one of many methods that are used in the wild to target Shadow APIs and export large volumes of data with a few clicks of a button or a few lines of code in Python. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw181

In the Enterprise Security News: 1Password plans to do some shopping with their massive Series C, Devo announces a $250M round, Permiso Security and Tromzo emerge backed by both traditional VCs and industry execs, STG spins out McAfee's MVISION XDR product as Trellix - the first of many spinouts, they say, Microsoft reminds us that, in addition to being the industry's largest security vendor, they can also drop $70B on video games if they feel like it, More reminders that open source is essential, but orgs with massive budgets will still treat it as worthless and disposable, Real-world stories of CI/CD pipeline compromises, Is Uber's former CSO going to jail?, and Tom Brady NFTs! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw257

An open discussion of challenges facing software and system architects in small and medium sized businesses. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw257

In the Security News: Malware targets Ukraine, I wonder where that's coming from?, evil Google Docs comments, Russia grabs REvil, funding a dictatorship, Zoom zero clicks, When 9-year old's launch DDoS attacks, 5G interference, and when your Mom steals your brownies! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw724