Security Weekly Podcast Network (Video)

It's a topic we discuss often on Business Security Weekly: CISO Burnout. It's real, but how should you manage it? Dr. Yonesy Núñez, Global Cybersecurity Executive at Chain Bridge Bank and former Managing Director, Chief Cybersecurity Risk Officer, and Chief Information Security Officer at The Depository Trust & Clearing Corporation (DTCC), joins Business Security Weekly to share his personal insights. An advocate of CISO Health and Wellness, Yonesy will discuss how we can "Optimize the Operator" by creating harmony with mind and spirit. Segment Resources: https://councils.forbes.com/profile/Yonesy-Nunez-Global-Cybersecurity-Executive-Chain-Bridge-Bank/e79e72a5-4b18-48b1-b5ab-8a0afd47d782 In the leadership and communications segment, CISOs are cracking under pressure, How BISOs enable CISOs to scale security across the business, Great Leaders Empower Strategic Decision-Making Across the Organization, and more! Show Notes: https://securityweekly.com/bsw-422

Cloudflare, Gh0stRAT, npm, North Korean Employees, Arch Linux Steam Machine, Documentaries, Aaran Leyland, and more on the Security Weekly News. Show Notes: https://securityweekly.com/swn-530

Secure code should be grounded more in concepts like secure by default and secure by design than by "spot the vuln" thinking. Matias Madou shares his experience in secure coding training and the importance of teaching critical thinking. He also discusses why critical thinking is so closely related to threat modeling and how LLMs can be a tool for helping developers get beyond the superficial advice of, "Think like an attacker." Show Notes: https://securityweekly.com/asw-357

Segment 1: Interview with Rob Allen It's the Year of the (Clandestine) Linux Desktop! As if EDR evasions weren't enough, attackers are now employing yet another method to hide their presence on enterprise systems: deploying tiny Linux VMs. Attackers are using Hyper-V and/or WSL to deploy tiny (120MB disk space and 256MB memory) Linux VMs to host a custom reverse shell and reverse proxy. In this segment, we'll discuss strategies and mitigations to battle this novel technique with Rob Allen from Threatlocker. Segment Resources: Pro-Russian Hackers Use Linux VMs to Hide in Windows Russian Hackers Abuse Hyper-V to Hide Malware in Linux VMs Qilin ransomware abuses WSL to run Linux encryptors in Windows This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Segment 2: Topic - Threat Modeling Humanoid Robots We're entering the age of human-shaped robots, so it seems like a good time to talk about the fact that they ALREADY HAVE CVEs assigned to them. I guess this isn't a terrible thing - John Connor might have had an easier time if he could simply hack the terminators from a distance... Resources https://www.unitree.com/H2 (watch the video!) China's humanoid robots get factory jobs as UBTech's model scores US$112 million in orders The big reveal: Xpeng founder unzips humanoid robot to prove it's not human Exploit Allows for Takeover of Fleets of Unitree Robots - Security researchers find a wormable vulnerability 100-page Paper: The Cybersecurity of a Humanoid Robot 5-page Paper: Cybersecurity AI: Humanoid Robots as Attack Vectors Amazingly, $300 smart vacuums have some of the same exact vulnerabilities and backdoors built into them as the $16,000 humanoid robots! The Day My Smart Vacuum Turned Against Me Segment 3: Weekly News Finally, in the enterprise security news, A $435M venture round A $75M seed round a few acquisitions the producer of the movie Half Baked bought a spyware company AI isn't going well, or is it? maybe we just need to adopt it more slowly and deliberately? ad-blockers are enterprise best practices firewalls and VPNs are security risks, according to insurance claims could you power an entire house with disposable vapes? All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-433

Augustus De Morgan, Doordash, Fortiweb, Typosquatting, Vista, Ransomware, AI, Josh, Rob, Aaran, Jason, Dr. Scott, Rocky, Uh., and More on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-529

This week: Minecraft on your lightbulb Sonicwall breached, who's next? Ditch Android, install Linux Hacking your face Thermostat freedom Pen test fails HackRF hacking times 2 Going around EDR Hackers in your printer Chinese data breach NFC relays and PCI Constructive construction hacks FlipperZero firmware update ICS, PLCs, and attacks Bayesian Swiss Cheese, taste good? Do you want to hack back? Keeping secrets Enforcing CMMC OWASP top ten gets a make over Android Spyware makes a LANDFALL Gemini's deep research into your documents Slopguard and AI datacenters in space! Show Notes: https://securityweekly.com/psw-900

As AI revolutionizes how we work, it has created a new attack surface with new technologies. One of those new technologies is Model Context Protocol (MCP). MCP has emerged as the standard for connecting AI to external tools, but its flexibility has created security challenges. How do we secure MCP? Rahul Parwani, Head of Product, Security Solutions at Airia, joins Business Security Weekly to discuss the challenges of MCP and how to secure this new protocol. Rahul will cover how Aria's solutions help you secure your AI development by: Centralizing Access Control Enforcing Security Policies Maintaining Compliance Enabling Rapid Response This segment is sponsored by Airia. Visit https://securityweekly.com/airia to learn more about them! In the leadership and communications segment, CISO Burnout – Epidemic, Endemic, or Simply Inevitable?, If Trust Is So Important, Why Aren't We Measuring It?, Over one-third of companies plan to replace entry roles with AI, survey says, and more! Show Notes: https://securityweekly.com/bsw-421

Miles Davis, Jimmy Buffet, 10/8 time, Lost Phones, Phishing, Whisper Leak, Quantum Route Redirect, AI Galore, Rob Allen, and more on the Security Weekly News. Segment Resources: https://www.bleepingcomputer.com/news/security/how-a-ransomware-gang-encrypted-nevada-governments-systems/ This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Show Notes: https://securityweekly.com/swn-528

Just how bad can things get if someone clicks on a link? Rob Allen joins us again to talk about ransomware, why putting too much attention on clicking links misses the larger picture of effective defenses, and what orgs can do to prepare for an influx of holiday-infused ransomware targeting. Segment resources https://www.bleepingcomputer.com/news/security/how-a-ransomware-gang-encrypted-nevada-governments-systems/ https://www.darkreading.com/endpoint-security/pro-russian-hackers-linux-vms-hide-windows https://www.threatlocker.com/blog/how-to-build-a-robust-lights-out-checklist This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Show Notes: https://securityweekly.com/asw-356

Segment 1: OT Security Doesn't Have to be a Struggle OT/ICS/SCADA systems are often off limits to cybersecurity folks, and exempt from many controls. Attackers don't care how fragile these systems are, however. For attackers aiming to disrupt operations, fragile but critical systems fit criminals' plans nicely. In this interview, we discuss the challenge of securing OT systems with Todd Peterson and Joshua Hay from Junto Security. This segment is sponsored by Junto Security. Visit https://securityweekly.com/junto to learn more! Segment 2: Topic - Spotting Red Flags in Online Posts This week's topic segment is all about tuning your 'spidey sense' to spot myths and misconceptions online so we can avoid amplifying AI slop, scams, and other forms of Internet bunk. It was inspired by this LinkedIn post, but we've got a cybersecurity story in the news that we could have easily used for this as well (the report from MIT). Segment 3: Weekly Enterprise News Finally, in the enterprise security news, Some interesting fundings Some more interesting acquisitions a new AI-related term has been coined: cyberslop the latest insights from cyber insurance claims The AI security market isn't nearly as big as it might seem cybercriminals are targeting trucking and logistics to steal goods Sorry dads, science says the smarts come from mom All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-432