Security Weekly Podcast Network (Video)

Cybertruck, Viagra, Struts, Atlassian, Log4Shell, Pharmacies, Security Clearances, Naughty Bots, Jason Wood, and more on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-348

We have a lot of questions about standards. How do standards emerge? How do standards encourage adoption? How do they stay relevant as development patterns change and security threats evolve? We have standards for web appsec (HTML, HTTP), all sorts of protocols, and all sorts of authentication (OAuth, OpenID). Learning how these standards come about can also inform how your own org documents designs and decisions. Segment resources https://datatracker.ietf.org/doc/html/rfc3552 https://identiverse.com/video/the-butterfly-effect-of-standards-development/ https://sphericalcowconsulting.com https://datatracker.ietf.org/doc/html/rfc6919 Show Notes: https://securityweekly.com/asw-266

Materiality, Disclosure, and Evidence... New terms for cybersecurity professionals to understand under the new SEC Regulations for Cybersecurity. And the Solarwinds indictment is just the beginning. Join the BSW crew as they tackle each of these new terms in preparation for SEC enforcement which starts this week. Show Notes: https://securityweekly.com/bsw-331

In the leadership and communications section, Steve Katz, World's First CISO, Dies in Hospice Care, Top CISO Communities to Join in 2024, Workplace Culture 101: How to Create Positivity at Work, and more! Show Notes: https://securityweekly.com/bsw-331

In the Security News: If we still can't change default passwords, we all lose, The Flipper Zero, NO CVE FOR YOU, New tools that are not new at all, The BIOS logo attack vector, a $15 router that has secrets, turns out AI is stupid, and SLAM, dun dun ot, Spectre based on linear address masking, Show Notes: https://securityweekly.com/psw-809

I like how ChatGPT describes this segment: "Picture a dimly lit room filled with the nostalgic hum of old computers and the subtle clinking of ice in glasses as our hosts delve into the intricacies of vulnerability management. These battle-hardened experts peel back the layers of digital defense, recounting their experiences from the front lines of cyber warfare. From epic zero-day exploits to heart-pounding close calls, these hackers have seen it all, and now they're ready to spill the beans. But it's not just about the exploits and the code. Paul's Security Weekly takes a deep dive into the ethics and practices of vulnerability disclosure. With a touch of humor and a hint of mischief, our hosts explore the delicate balance between responsible disclosure and the thrill of the chase. As they share their war stories, they also reflect on the evolving landscape of cybersecurity and the importance of collaboration in securing the digital frontier." Show Notes: https://securityweekly.com/psw-809

This week in the enterprise news, we explore the harsh realities of the startup world with a look at recent failures and shutdowns, investigating the factors leading to these setbacks. Meanwhile, Carbon Black makes headlines by breaking away from VMware in what seems like a divestiture within an acquisition, raising questions about the future of the company. We'll also discuss the European Space Agency's venture into cybersecurity for the space industry, revealing that even the vastness of outer space isn't immune to digital threats. Tune in for all this and more! Show Notes: https://securityweekly.com/esw-342

Q*, Water Wars, Unitronics, SLAM, Bluetooth, Cold Fusion, Google Drive, Push notifications, Aaran Leyland, and More News on the Security Weekly News. Show Notes: https://securityweekly.com/swn-347

The Security Weekly crew dives into a discussion on the latest hardware hacking techniques, including the hardware/software/firmware used to conduct various tests and create neat projects. You may be trying to hack a specific device. You may be creating a device to accomplish a specific goal. We will discuss various aspects of hardware hacking and fill you in on the some of the latest devices and tools. Like the Flipper Zero, and why the alternatives are better in some cases, but also why the Flipper Zero gets a bad rap. Show Notes: https://securityweekly.com/psw-809

Bob Ackerman argues that, from an investment perspective, cybersecurity is like life sciences - a complex, nuanced field that is difficult field to invest in part-time. So his firm, Allegis Cyber, became one of the first to focus exclusively on investing in cyber startups. In this segment, we'll discuss one of Allegis's recent investments, SixMap, and Bob's other investment/accelerator vehicle, Data Tribe. Data Tribe sources investments from national intelligence, with examples like Dragos that came through this program. Show Notes: https://securityweekly.com/esw-342