Security Weekly Podcast Network (Video)

This week in the security news, Dr. Doug and Larry explore various technological advancements and their implications with a healthy dose of nostalgia, particularly focusing on health monitoring through Wi-Fi signals, the misconceptions surrounding 5G connectivity, the importance of understanding internet speed needs, and the cybersecurity threats facing water systems. They also discuss the potential chaos that could arise from infrastructure failures and the vulnerabilities present in automated tank gauges, emphasizing the need for better asset management and security measures. Show Notes: https://securityweekly.com/psw-844

Fuzzing network traffic in OpenWRT, parsing problems lead to GitLab auth bypass, more fuzzing finds vulns in a JPEG parser, and more! Show Notes: https://securityweekly.com/asw-300

C3pbot, Kaspersky, Octo2 Electric Boogaloo, Honkai: Star Rail, ServiceNow, LinkedIn, IoT, Josh Marpet, and more on the Cyber Security News. Show Notes: https://securityweekly.com/swn-416

APIs are essential to modern application architectures, driving rapid development, seamless integration, and improved user experiences. However, their widespread use has made them prime targets for attackers, especially those deploying sophisticated bots. When these bots exploit business logic, they can cause considerable financial and reputational damage. In this discussion, David Holmes offers insights into the latest trends in API and bot attacks and provides strategies to defend against these threats. Segment Resources: The Economic Impact of API and Bot Attacks: https://www.imperva.com/resources/resource-library/reports/the-economic-impact-of-api-and-bot-attacks/ The True Cost of API Insecurity and Bot Attacks in 2024: https://www.imperva.com/resources/resource-library/webinars/the-true-cost-of-api-insecurity-and-bot-attacks-in-2024/ This segment is sponsored by Imperva. Visit https://www.securityweekly.com/imperva to learn more about them! Show Notes: https://securityweekly.com/asw-300

AI is bringing productivity gains like we've never seen before -- with users, security teams and developers already reaping the benefits. However, AI is also bolstering existing threats to application security and user identity -- even enabling new, personalized attacks to emerge. Shiven Ramji, President of Customer Identity at Okta, joins Business Security Weekly to discuss how AI is changing app authentication and authorization for developers and security teams. With traditional and AI-powered applications facing more complex security challenges, companies need to explore new ways to protect their end users while also creating seamless customer experiences – and that starts with Identity. Segment Resources: https://developerday.com/ https://www.okta.com/customer-identity/ This segment is sponsored by Okta. Visit https://www.securityweekly.com/okta to learn more about them! Show Notes: https://securityweekly.com/bsw-365

In the leadership and communications segment, CISA Releases Cyber Defense Alignment Plan for Federal Agencies, UnitedHealth Group CISO: We had to 'start over' after Change Healthcare attack, 20 Essential Strategies for Leadership Development Success, and more! Show Notes: https://securityweekly.com/bsw-365

This week, the cybersecurity industry's most basic assumptions under scrutiny. Following up our conversation with Wolfgang Goerlich, where he questions the value of phishing simulations, we discuss essays that call into question: the maturity of the industry the supposed "talent gap" with millions of open jobs despite complaints that this industry is difficult to break into cybersecurity's 'delusion' problem Also some whoopsies: researchers accidentally take over a TLD When nearly all your customers make the same insecure configuration mistakes, maybe it's not all their fault, ServiceNow finds out Fortinet has a breach, but is it really accurate to call it that? Some Coalfire pentesters that were arrested in Iowa 5 years ago share some unheard details about the event, and how it is still impacting their lives on a daily basis five years later. The news this week isn't all negative though! We discuss an insightful essay on detection engineering for managers from Ryan McGeehan is a must read for secops managers. Finally, we discuss a fun and excellent writeup on what happens when you ignore the integrity of your data at the beginning of a 20 year research project that resulted in several bestselling books and a Netflix series! Show Notes: https://securityweekly.com/esw-376

In this episode, we explore some compelling reasons for transitioning from traditional SOAR tools to next-generation SOAR platforms. Discover how workflow automation and orchestration offers unparalleled speed and flexibility, allowing organizations to stay ahead of evolving security threats. We also delve into how advancements in AI are driving this shift, making new platforms more adaptable and responsive to current market demands. Segment Resources: Learn more about using Tines for Security Peruse the Tines library of 'Stories' built by Tines partners and customers Learn how to integrate AI tooling into Tines stories and workflows This segment is sponsored by Tines. Visit https://securityweekly.com/tines to learn more about them! Show Notes: https://securityweekly.com/esw-376

Shroombots, pagers, Tor, Raptor Train, GRU, Blue Light, Aaran Leyland, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-415

Back to the office serfs, Void Banshee, ServiceNow, Taiwan, Dlink, C++, Aaran Leyland, and more on this Edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-414