Security Weekly Podcast Network (Video)

This week in the AppSec News segment, Mike and John talk: HTTP bug bothers IIS, Android platform security, supply chain security (new and old), brief (very brief) history of browser security, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw152

Appsec in a modern CI pipeline needs a combination of tools, collaboration, and processes to be successful. Importantly, it also needs to scale. We can't just shift responsibility left and assume that will be successful. So, how can an appsec team bring tools and security knowledge to developers? This segment is sponsored by ShiftLeft. Visit https://securityweekly.com/shiftleft to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw152

Join Qualys researcher Wheel for a discussion on the team's recent discovery and disclosure of multiple critical vulnerabilities in the Exim mail server. This includes discussion of the vulnerabilities that can be chained together to obtain full remote unauthenticated code execution and gain root privileges. Segment Resources: https://blog.qualys.com/vulnerabilities-research/2021/05/04/21nails-multiple-vulnerabilities-in-exim-mail-server Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw695

Five years after Sounil Yu originally introduced the Cyber Defense Matrix at the 2016 RSA conference, he just wrapped up the third workshop based on the framework. CDM has its own website, is an official OWASP project and has a forthcoming book. We talk to Sounil today to learn more about where the CDM came from, why people find it so useful and where it might be headed in the future. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw695

SolarWinds SUNBURST was a rude awakening for many security teams, and it won't be the last time security leaders face tough questions about how an adversary evaded defenses and stayed hidden. With advanced threats persisting inside the network for months, security teams need a new plan. In this session, ExtraHop VP, Security Response Services Mark Bowling discusses strategies to detect, investigate, and respond to post-compromise attack activities. This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop-rsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw228

This week in the Security News: Is the cyber NTSB a good thing?, Russian virtual keyboard for the win, information should be free, hang on while I unplug the Internet, security MUST be taken seriously, poison the water hole to poison the water, bombing hackers, how industry best practices have failed us?, publishing exploits is still a good thing regardless of what the studies say, and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw695

The Enterprise Security Weekly crew summarizes all the news from RSA Conference 2021, including product announcement, acquisitions, funding, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw228

The perimeter is dissolving. Employees are using any device from any location for work. With limited visibility from our traditional networking and endpoint security controls, how do we protect our data? John Masserini, Global Chief Information Security Officer at Millicom (Tigo) Telecommunications, joins us to discuss the fundamentals of an identity strategy, including identity and access management, single sign-on, multi-factor authentication, and privileged access. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw228

What is top of mind for CISOs in a year where cyber threats are getting sophisticated? Cross platform and cross domain visibility across LAN, WAN, Cloud, and Edge. Jonathan Nguyen-Duy, Vice President, Field CISO Team at Fortinet, shares his insights from other CISOs and the need for a unified security fabric. This segment is sponsored by Fortinet. Visit https://securityweekly.com/fortinet to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw217

Data is the lifeblood of business, but now lives in more places than ever before (data centers, endpoints of remote workers, in multiple clouds, and SaaS applications), is time-consuming to manage, and is under daily attack from cybercriminals and clumsy employees. To address these challenges, IT pros need a solution that can address all workloads, provides end-to-end protection against cybercrime and human error, injects automation and artificial intelligence to simplify complex system, and empowers teams to work on more important projects that move their organization forward. This segment is sponsored by Unitrends. Visit https://securityweekly.com/unitrends to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw217