Security Weekly Podcast Network (Video)

In the Security News: If an exploit falls in the forest do I still need to patch?, Reflections on trusting trust: the source code revealed, prompt injection in your resume, iPhones be updating, a deep dive into vulnerable kernel drivers and wiping SPI flash, cheap to exploit software, to ransom or steal?, oh OAuth, Florida man, door bell shenanigans, don't pay the ransom, the White House and AI, and quantum teleportation via measurement-induced entanglement. All that and more on this episode of Paul's Security Weekly! Show Notes: https://securityweekly.com/psw-805

AI/ML is providing significant benefits in a wide range of application domains but also provides adversaries with a new attack surface. Learn about DARPA's efforts to help evaluate AI/ML and work towards a trust model that will allow us to use these valuable tools safely. Segment Resources: Identifying and Mitigating the Security Risks of Generative AI paper (co-authored by Kathleen): https://arxiv.org/abs/2308.14840 DARPA's AI Forward, which will include AI Exploration opportunities and resource material: https://www.darpa.mil/work-with-us/ai-forward I2O webpage, important to include because this hosts links to many of the programs Dr. Fisher will discuss: https://www.darpa.mil/i2o Show Notes: https://securityweekly.com/psw-805

OAuth implementation failures, the State of DevOps report, data poisoning generative AIs with Nightshade, implementing spectre attacks with JavaScript and WebAssembly against WebKit, sandboxing apps Show Notes: https://securityweekly.com/asw-261

The categories of security tools that we're most familiar with have struggled to keep up with how modern apps are designed and what modern devs need. What if instead of being beholden to categories, we created tools that solved problems devs have today in the types of apps they build today? And what if we had more dev leadership to influence security tools as well as secure by design? What would that leadership look like? Segment Resources: https://danondev.com/youtube Show Notes: https://securityweekly.com/asw-261

Dr. Who, iLeakage, Canada, AI, Killnet, NuGet, You might be a North Korean, More News, and Jason Wood, on this Halloween edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-338

In the leadership and communications section, Proactive Boards Enable More Reliable Cyber Governance, CISO Best Practices for Managing Cyber Risk, The Evolution of Work: How Can Companies Prepare for What's to Come?, and more! Show Notes: https://securityweekly.com/bsw-326

As the workforce increasingly relies on the cloud, the browser has become a critical aspect of enterprise security. Employees now use browsers to access data and applications from various devices and locations, making browsers the primary target for cyber attackers. Enterprise browsers are specifically designed to address the security challenges of the modern and complex workforce. According to Gartner, "By 2030, enterprise browsers will be the core platform for delivering workforce productivity and security software on managed and unmanaged devices, ensuring a seamless hybrid work experience." Tune in to a discussion with Chrome Enterprise's Robert Shield, where he discusses the importance of an enterprise browser for modern businesses and shares insights on how to improve browser security. Segment Resources: - Here's how you can get started with Chrome Enterprise for free: Chrome Enterprise - Chrome Enterprise Landing Page: https://chromeenterprise.google/browser/security - Complimentary Gartner report: Gartner® Emerging Tech: Security – The Future of Enterprise Browsers Report This segment is sponsored by Google Chrome Enterprise. Visit https://securityweekly.com/chromeenterprise to learn more about them! Show Notes: https://securityweekly.com/bsw-326

This week, we discuss Island's raise, unicorn status, and what that means for both the enterprise browser market and the cybersecurity market in general. We discuss Censys and the state of the external attack surface management market, or what they're trying to call, "exposure management". We discuss the details of the Okta breach in depth, and why we're worried about the larger impact it could have on the industry and vendor trust in general. Finally, we wrap up with some fun squirrel stories. Show Notes: https://securityweekly.com/esw-337

Pumpkin Spice, VMWARE, Winter Vivern, RoundCube, Apple, Big-IP, Oktapus, Aaran Leyland, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-337

In the age of remote and hybrid work, employees are now spending most of their time in the browser or virtual meetings, making the browser an increasingly important part of an enterprise's security strategy. According to Gartner, "By 2030, enterprise browsers will be the core platform for delivering workforce productivity and security software on managed and unmanaged devices for a seamless hybrid work experience." Learn more about: The browser's role in a business's security strategy How an enterprise browser can support your workforce Zero Trust Architecture and how businesses can enforce context-aware access controls and add customizable data loss prevention Segment Resources: Complimentary Gartner Emerging Tech: Security – The Future of Enterprise Browsers Report Get started with Chrome Enterprise for free Learn about Google's Zero Trust solution, BeyondCorp Enterprise Customer spotlight: Check out the Google Cloud Next recording to hear how Snap is leveraging our secure enterprise browsing solution to protect their workforce How to contact us This segment was sponsored by Google Chrome Enterprise. Visit https://securityweekly.com/chromeenterprise to learn more! Show Notes: https://securityweekly.com/esw-337