Security Weekly Podcast Network (Video)

Tune in for this discussion on social engineering and its merits on being recognized as a legitimate component of cyber security. We'll also dive into the whole notion of motive and intent as it pertains to deliberately misrepresenting yourself, or simply lying to your customer in order to get them to be more secure. Segment Resources: The Aspies Guide to Social Engineering: from DEF CON 27 Social Engineering Village: https://www.youtube.com/watch?v=5IraysvK38A Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw90

In the Leadership and Communications section for this week: How to strive and thrive [in a meeting], 5 steps toward real zero trust security, Seven strategies for building a great security team, & more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw235

It is Cybersecurity Awareness Month, but security awareness is a lot tougher than just dedicating a month to awareness activities. Security awareness is a journey, requiring motivation along the way. Brian Reed, Cybersecurity Evangelist from Proofpoint, joins Business Security Weekly to discuss the security awareness journey and how the human elements can help motivate us. Brian will discuss how personalized content and gamification can help achieve better outcomes for organizations and the individual. This segment is sponsored by Proofpoint. Visit https://securityweekly.com/proofpoint to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw235

This week in the AppSec News, Mike and John talk: The Twitch breach, a path traversal in Apache httpd, Microsoft disables macros by default after almost 30 years, factors in a great cybersecurity program, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw169

SBOM: What does it really tell you and the importance of having one for your organization. - Finding and fixing known vulnerabilities in dependencies and container images - Building a source of truth for packages to avoid malicious packages getting through - Combining continuous packaging and security into a CI/CD pipeline - Establishing Trust & Provenance in your Software Supply Chain - Visibility in your Software Supply Chain with upstreams and signatures This segment is sponsored by Cloudsmith. Visit https://securityweekly.com/cloudsmith to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw169

This week in the Security Weekly News: Brushing that data breach under the rug? Get sued by the US Government!, all your text messages belong to someone else, beware of the Python in your ESXi, Twitch leaks, when LANtennas attack, zero-trust fixes everything, recalled insulin pumps, Apache 0-day, you iPhone is always turned on, Apple pay hacked, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw713

There are many options to choose from when setting up The Security Onion. The use cases are vast, including a NIDS (Zeek, Suricata), HIDS (Beats, Wazuh, osquery) and standalone instances for a SOC workstation and static analysis. I really like SO as a platform to collect all kinds of data from the network and from your systems (some even use the word XDR). Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw713

Today Dan DeCloss, CEO of PlexTrac, joins the panel to share results from a CyberRisk Alliance survey of 315 security practitioners in the U.S. and Canada. This research, sponsored by PlexTrac, shows a correlation between purple teaming and program maturity, which emphasizes the importance of adversary emulation in today's security landscape. Tune in to get the scoop on the survey results and MUCH more! This segment is sponsored by PlexTrac. Visit https://securityweekly.com/plextrac to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw713

In the Enterprise Security News for this week: Orca Security raises all the money, Privacy engineering firms hit their funding stride, McAfee and FireEye merge, but where's RSA's dance partner? Akamai acquires Guardicore, NetApp picks up CloudCheckr, SPDX becomes the ISO standard for SBOMs, & Facebook shares details on how they accidentally Thanos snapped themselves! All that, our weekly Squirrel, and more, on this episode of the Enterprise Security Weekly News! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw245

Once again, it is Cybersecurity awareness month and we'll be talking with Ryan Kalember about the latest threats and other activities he and Proofpoint have going on this month. When it comes to threats, some tactics aren't changing, though they're still effective. There are some notable shifts though: - Crews using Office 365 for lateral movement - FIN7 reborn - A sudden interest in exploits - Increased patience and increased focus on the individual as the key to an attack - SMB attacks look very different from large enterprise campaigns This segment is sponsored by Proofpoint. Visit https://securityweekly.com/proofpoint to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw245