Security Weekly Podcast Network (Video)

Security Weekly Productions

Episodes

Mentioned books

undefined
Mar 5, 2024 • 32min

ToddleShark, Zeek, Stuxnet revisited, ICS, AMEX, Apple, Change, Josh Marpet, and More - SWN #366

ToddleShark, Zeek, Stuxnet revisited, ICS, AMEX, Apple, Change, Josh Marpet, and More on this Edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-366
undefined
Mar 5, 2024 • 41min

The Simple Mistakes and Complex Seeds of a Vulnerability Management Program - Emily Fox - ASW #275

The need for vuln management programs has been around since the first bugs -- but lots of programs remain stuck in the past. We talk about the traps to avoid in VM programs, the easy-to-say yet hard-to-do foundations that VM programs need, and smarter ways to approach vulns based in modern app development. We also explore the ecosystem of acronyms around vulns and figure out what's useful (if anything) in CVSS, SSVC, EPSS, and more. Segment resources: https://www.redhat.com/en/blog/patch-management-needs-a-revolution-part-1 https://next.redhat.com/blog/ https://www.first.org/cvss/v4-0/ https://www.first.org/epss/ https://deadliestwebattacks.com/appsec/2010/02/19/primordial-cross-site-scripting-xss-exploits -- For a bit of history, one of the earliest "bugs bounty" from 1995. Show Notes: https://securityweekly.com/asw-275
undefined
Mar 5, 2024 • 25min

Security Starts At The Top and as CISOs Struggle, do they replace the CIO? - BSW #340

In the leadership and communications section, Effective cyber security starts at the top, CISOs Struggling to Balance Regulation and Security Demands With Rising Cybersecurity Pressures, Death of the CIO, Redefining the CISO role, and more! Show Notes: https://securityweekly.com/bsw-340
undefined
Mar 5, 2024 • 39min

SAML & Secrets, Serializing AI Models, OWASP ISTG, More Memory Safety - ASW #275

A SilverSAML example similar to the GoldenSAML attack technique, more about serializing AI models for Hugging Face, OWASP releases 1.0 of the IoT Security Testing Guide, the White House releases more encouragement to move to memory-safe languages, and more! Show Notes: https://securityweekly.com/asw-275
undefined
Mar 4, 2024 • 34min

The Convergence of Security, Compliance, and Risk - Igor Volovich - BSW #340

The SEC's new cyber reporting requirements are forcing organizations to rethink their compliance and risk programs. No longer can compliance and risk be static, point in time assessments. Instead they need to match the speed of security which is dynamic and real-time. Couple the difference in speeds with whistleblowers and attack groups reporting non-compliance with the new SEC rules and organizations find themselves in a regulatory nightmare. Igor Volovich, VP of Compliance Strategy for Cyber Compliance at Qmulos, joins BSW to share his "Notes from the battlefield" on how automation is the only way to effectively converge security, risk, and compliance into a dynamic, real-time discipline. Show Notes: https://securityweekly.com/bsw-340
undefined
Mar 1, 2024 • 32min

Clueless pols, Lazarus, Ubiquity, UAMPQP, BlackCat, Airlines, Aaran Leyland and More - SWN #365

Clueless pols, Lazarus, Ubiquity, UAMPQP, BlackCat, CryptoChameleon, Airlines, Aaran Leyland, and More on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-365
undefined
Mar 1, 2024 • 1h 8min

Funding goes quiet while M&A makes some noise! - ESW #351

In this week's news segment, we discuss the lack of funding announcements, and the potential effect RSA could have on the timing of all sorts of press releases. We also discuss 1Password's potential future with its sizable customer base and the $620M it raised a few years back. Some other topics we discuss: NIST CSF 2.0 insider threats Ivanti Pulse Secure's appliance software found to be running positively ancient software (11 year old Linux distro, 5-20+ year old libraries & components) Nevada AG trying to get messaging decrypted for children, to "protect them" Kelly Shortridge's response to CISA's secure development RFI OpenAI's new GenAI video product, Sora and the potential impact it could have on cybersecurity Instacart spews out crappy AI recipes and photos Show Notes: https://securityweekly.com/esw-351
undefined
Mar 1, 2024 • 51min

Hacktivism Unveiled: Insights into the Footprints of Hacktivists - Pascal Geenens - ESW #351

Pascal Geenens from Radware joins us to discuss the latest research findings relating to hacktivists an other actors using volumetric and other network-based attacks. We'll discuss everything from the current state of DDoS attacks to use in the military and even the impact of cyberattacks on popular culture! You can find the report Pascal mentions here, on Radware's website: https://www.radware.com/threat-analysis-report/ Show Notes: https://securityweekly.com/esw-351
undefined
Feb 29, 2024 • 1h 43min

Malware In Strange Places, Overheating, LockBit - PSW #818

The latest attacks against WiFi, its illegal to break encryption, BLE Padlocks are as secure as you think, when command not found attacks, how did your vibrator get infected...with malware, the OT jackpot, the backdoor in a random CSRF library, it's a vulnerability but there is no CVE, car theft and Canada, Glubteba, and settings things on fire! Show Notes: https://securityweekly.com/psw-818
undefined
Feb 29, 2024 • 1h 11min

Social Engineering: AI & Living Off The Land - Jayson E. Street - PSW #818

Jayson joins us to discuss how he is using, and social engineering, AI to help with his security engagements. We also talk about the low-tech tools he employs to get the job done, some tech tools that are in play, and the most important part of any security testing: Talking to people, creating awareness, and great reporting. Show Notes: https://securityweekly.com/psw-818

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!
App store bannerPlay store banner
 Get the app