Security Weekly Podcast Network (Video)

When the SolarWinds Orion SUNBURST attack hit the national newscycle, businesses far-and-wide scrambled to determine whether or not they were affected–unfortunately, many found they couldn't say either way with confidence. And then came the question, "why didn't anyone catch this?" ExtraHop's Matt Cauthorn joins BSW to discuss the SUNBURST attack, why it was so challenging to detect, and share some behavioral analysis insights to shed light on what the attackers were doing post-compromise. This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw203

An overflow and a flawed regex paint an RCE picture for Kindle, messaging apps miss the message on secure state machines, three pillars of a data security strategy for the cloud, where DoH might fit into appsec, and all the things that can go wrong when you give up root in your Kubernetes pod. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw137

It's analyst season with the new Forrester Wave on SAST recently published as well as Gartner's Application Security Testing Magic Quadrant publishing in April. We'll talk about what are analyst reports, how should you use them, and how should you interpret placement on them as I like to call it, reading the analyst tea leaves. This segment is sponsored by GitLab. Visit https://securityweekly.com/GitLab to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw137

In the Security News, How two authors became part of WRT54G hacking history, European police and German law enforcement have taken down the illegal "DarkMarket" online marketplace, 70 unpatched Cisco vulnerabilities and why these are not a big deal, Adobe is blocking Flash content, most containers still run as root, watching private videos on YouTube is more like silent films, and get a free bag of weed when you get your vaccine! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw680

Ubiquiti network gear has become a favorite among tech enthusiasts, but various Ubiquiti products have had some serious vulnerabilities in recent history. Listen in as we discuss hack, secure, and learn with Ubiquiti gear. We'll also discuss Ubiquiti's data breach announced Jan. 11and what that could mean to the security of your network. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw680

Ryan Noon joins Paul, and the rest of the PSW team, this week to chat through the importance of resilience in everything companies do to protect cloud-stored data and IP, unpack growing enterprise demand for a "digital seatbelt," and explain why Material takes a fresh approach to email security: building products with the assumption that bad actors will successfully hack inboxes. This segment is sponsored by Material Security. Visit https://securityweekly.com/materialsecurity to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw680

The DBoM consortium is a Linux Foundation project to be able to share information with third parties safely, securely, and with control over the information, even after handing it over! Unisys has just open-sourced the code to make this possible, and Chris was a big part of their effort. Using a blockchain-based approach, DBoM works to share software bill of materials (SBoM)s in a fashion that works in a cloud-centric, internet time approach. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw213

We all know asset management is one of the basics. In fact, it's literally the first two items on the Center for Internet Security's list of top 20 critical security controls. https://www.cisecurity.org/controls/cis-controls-list/ The term "basics" can be deceptive though. We typically expect something basic to also be easy. This is InfoSec though, and the basics aren't simple or easy. We call them basics because they're foundational. Put another way, the other 18 critical security controls on that top 20 list can't be applied to assets that haven't been discovered yet! In the past few years, we've seen a resurgence in asset management. There are a few players taking a fresh crack at solving this problem and we're hearing positive things. Could this be the year we get a better handle on discovering and managing assets? Join us as we discuss. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw213

This week, Beyond Security partners with Vicarius, Amazon's Parler removal and what it means for Cloud onfidence, Kount sold to Equifax, McAfee vs Crowdstrike, JumpCloud raises some funds, Red Hat acquires StackRox, and SolarWinds warnings of weak security and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw213

We will shift focus of the discussion from understanding to action - that is, what to do about this and similar types of attacks that might be perpetrated agains your organization. Or is there anything to do about this "clear and present danger"? Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw58