This week, we kick off the show with an interview featuring Sam Bowne, the Founder of Infosec Decoded, Inc. Sam joins to discuss why many people think security is too difficult to learn because it is such a big field, and constantly growing. In the Security News for this week: appliances with holes, gamification and its pitfalls, false rocket sirens, PHP strikes again, new laws we may actually agree with, hacking jacuzzis, Icefall and the state of ICS security, Adobe is blocking anti-virus, Mega...
Jul 13, 2022•3 hr 3 min
This week, we start off the show by interviewing Ray Davidson, the Program Lead at Michigan Cyber Civilian Corps! The program is relatively mature, and will be presented (along with those of Ohio and Wisconsin) at the upcoming National Governors Association Cybersecurity Summit! Then, we wrap up the show with this week's Security News: Big DDOS, tracking smartphones, play Doom in your BIOS, hertzbleed, Apple M1 vulnerability, who will buy NSO, spoof your location data, building system attacks, a...
Jul 08, 2022•2 hr 42 min
Starting off the show this week, we are joined by Matt McGuirk, Solution Architect at Source Defense, to discuss web application client-side security. Finally in this week's Security News: Analyzing chat logs with Python, consumer reports for IoT, hypothetically BS, the year of the Linux desktop and the year of Linux malware are the same, do you trust Google to tell you open-source software is secure?, Twitter fines, WSL attack vector, Follina, UK Government still won't pay a bounty, ransomware ...
Jul 08, 2022•2 hr 50 min
Kicking off the show, John Pescatore joins for an interview & will go through his mostly random career choices that led to a long and fun career in information/cybersecurity - and how that ties into today's demand to secure the increase complex supply web of chains. Finally, this week in the Security News: Chaining Zoom bugs is possible to hack users in a chat by sending them a message, Microsoft vulnerabilities down for 2021, CISA adds 41 flaws to its Known Exploited Vulnerabilities Catalog...
Jul 07, 2022•2 hr 55 min
This week, we kick off the show with an interview featuring Robert Lee, where we discuss The Year in Cyber Review 2021! In the second segment, we interview Saumil Shah, where we talk about Firmware Security! Then, in the Security News: Singapore launches safety rating system for e-commerce sites, Watch Out for Zyxel Firewalls RCE Vulnerability, New Bluetooth hack that can unlock your Tesla, Hackers Compromise a String of NFT Discord Channels, a pentester’s attempt to be ‘as realistic as possible...
May 26, 2022•3 hr 14 min
This week, we kick off the show with an interview featuring Fleming Shi, where we discuss Destructive Malware and Other Threats to Watch! Then, in the Security News: Colonial Pipeline facing $1,000,000 fine, cybercrime tracking bill signed into law, Lincoln College Set to Close After Crippling Cyberattack, Nvidia’s LHR limiter bypassed, & North Carolina Becomes the First State to Prohibit Public Entities from Paying Ransoms, & more! This segment is sponsored by Barracuda Networks. Visit ...
May 13, 2022•2 hr 40 min
This week, we kick off the show with an interview featuring Fatih Karayumak, where we discuss Risk Transfer With Engineering Based Cyber Insurance! Then, in the Security News for this week: Lessons from Star Wars on threats, more than just your thermal exhaust port, Pegasus spotted again, Python replaces JavaScript?, Read-Only containers, no problem for malware, breaking out of captive portals, its always DNS, except when its not DNS, but this time its DNS and uClibc, you are ordered to block th...
May 06, 2022•3 hr 13 min
This week, we start the show off with an interview with Michael Aminov, Founder & Chief Architect at Perception Point to discuss Security Blind Spots: Are You Protected? An interview featuring Marcus Sachs, the Deputy Director for Research at McCrary Institute for Cyber and Critical Infrastructure Security where we discuss Crypto Collecting! Finally, in the Security News for this week: Java’s “psychic paper”, Musk’s plans for Twitter’s algorithm, Bossware, What Google is getting wrong about ...
Apr 29, 2022•3 hr 19 min
This week on Paul's Security Weekly, an interview with Captain John Alfred retired from the Rhode Island State Police. Second up is a discussion with Tom Lonardo, John Alfred, and the hosts to talk about privacy in your organization, the GDPR, the CFA, and other topics in relation to the long arm of the law. In the Security News: Logitech’s Lift is a vertical mouse that’s easier to grasp, CISA warns of attackers now exploiting Windows Print Spooler bug, Google tracked 58,exploited zero-day secur...
Apr 21, 2022•3 hr 10 min
This week, we start the show off with an interview Mike Wilkes, Chief Information Security Officer at SecurityScorecard, for an interview about Third Party Risk Management! An interview featuring Amanda Berlin, Lead Incident Detection Engineer at Blumira! Finally, in the Security News for this week: Microsoft Zero-Days, Former Ethereum Developer Virgil Griffith Sentenced to 5+ Years in Prison for North Korea Trip, Chinese hackers are using VLC media player to launch malware, An update to Raspber...
Apr 15, 2022•3 hr 25 min
This week, we start the show off with an interview Sean Metcalf, the Founder & CTO of Trimarc, where we talk “Active Directory, Azure AD, & Okta Oh My!” An interview featuring featuring Jay Beale, the CEO of InGuardians, about Kubernetes & Container security! Finally, in the Security News for this week: Ransomeware that was a breeze, getting an eyeful while charging your electric vehicle, scanning for secrets, find my iphone is useful, WTF Apple moments and why I run Linux, Wyze is n...
Apr 07, 2022•3 hr 26 min
This week, we start the show off with an interview featuring Mark Boltz-Robinson, the Manager of the ADRP Team at Trellix, about the State of the SOC today! Next up, we welcome Dr. Hanine Salem, a Managing Partner at Novus Consulting Group, to discuss K-12 Cybersecurity Attacks! Finally, in the Security News: Military intelligence, Chrome updates, an exploit for the firewall, racing the kernel, creepy spyware goes away(?), weaponizing security complexity, same old tricks, the largest crypto hack...
Mar 31, 2022•3 hr 28 min
This week, we start the show off with an interview featuring Stephen Ward, the CMO of Source Defense, about Exposing the Shadows: Managing Shadow Code and the Blind Side in 3rd Party Risk! Next up, we jump into the Security News for this week: insiders inside NASA, BIND is in a bind again, Lapsus$ is on a tear, ripping at Microsoft and Okta, anonymous hacks printers, The UEFI security rabbit hole goes DEEP, Microtik and Tickbot, Browser-in-the-Browser attacks, Nestle gets attacked for not wantin...
Mar 24, 2022•3 hr 27 min
This week, we start the show off with an interview featuring G Mark Hardy, President of the National Security Corporation, for an interview where we go from From Hacker Jeopardy to CISO Tradecraft! Next up, we welcome Lawrence Nunn, the CEO of Cyberspatial to discuss Making Cyber Accessible to Everyone! In the Security News: Secret Keys in Samsung Source Code, Conti (tries) to go legit, Cracking crypto keys with a 300 year old algorithm, CISA’s must patch list, & FTC fines CafePress over Dat...
Mar 18, 2022•3 hr 6 min
This week, we start the show off with an interview featuring Daniel Trauner, Senior Director of Security at Axonius, to discuss why Technology Changes, but Security (Often) Stays the Same! Next up, we welcome Antranig Vartanian, the CEO of Illuria Security, Inc to discuss The State of Security of Current UNIX(-like) Systems! Lastly, the Security News for this week: HP UEFI Flaws, Strange Social Engineering Tactics, Samsung Galaxy Source Code Stolen, Malware with NVIDIA code-signing Certs, and Am...
Mar 11, 2022•3 hr 22 min
This week, we start the show off with the Security News for this week: Was It Russia?, Blocking software updates, crowd-sourced attacks, protecting FPGAs, moving Linux to modern C, Nvidia hit, the split of cyber criminals, Namecheap banning, Anonymous declares war, the Alan framework, and leaving your Docker port exposed... & more! Next up, we welcome Alissa Torres, Senior Threat Hunter at Palo Alto Networks, to explain how to “Hack the Hiring Process”! Last up, the a pre-recorded interview ...
Mar 03, 2022•3 hr 16 min
This week, we start the show off with the Security News for this week: Unskilled hacker linked to years of attacks on aviation, transport sectors, The Elite Hackers of the FSB, Bionic Eyes Go Dark, Herpaderping, & more! Next up, we welcome Chris Sistrunk, Technical Manager of ICS/OT at Mandiant, for an interview about Blaming Stuxnet! Last up, a pre-recorded interview featuring Josh Corman! Show Notes: https://securityweekly.com/psw729 Segment Resources: Presentations: https://www.slideshare...
Feb 25, 2022•3 hr 15 min
This week, we start the show off with an interview featuring Michael Daniel, President & CEO, Cyber Threat Alliance! Next up, A tech segment walking through Running Windows Inside Containers On Linux! In the Security News for this week: To steal or collect a bug bounty, print bombing an NFL team, Webkit strikes again, hackers be framing, TIPC Linux kernels, is that an Airtag in your pocket, It was Russia unless it wasn't Russia, Cassandra and Magento, and how not to redact! Show Notes: https...
Feb 17, 2022•2 hr 52 min
This week, we start the show off with Brian Honan, the CEO of BH Consulting joins to discuss why Cybersecurity is Not Just a Technical Problem! In the Security News for this week: Microsoft to block VBA macros by default (in some Office applications), Russia arrests it’s 3rd hacking group, The ‘Metaverse’ of security challenges, $323 Million in crypto stolen from the “Wormhole”, & a rapping influencer allegedly launders $4.5 billion worth of stolen crypto!! Next up, Qualys’ Wheel joins to di...
Feb 11, 2022•2 hr 57 min
This week, we start the show off with an interview with Brent White, Principal Security Consultant at Dark Wolf Solutions! Next up, we have a technical segment where I walk through Linux Post Exploitation! In the Final Segment, Temporary phones, webcam hacks that are so much more, bags of cash, patch Wordpress plugins and patch them some more, crowd-sourced-government-funded vulnerability scanning, hiding deep in UEFI and bouncing off the moon, even more UEFI vulnerabilities, if Samaba were a fr...
Feb 03, 2022•3 hr 23 min
This week, we start the show off with an interview with Jimmy Sanders, CISO at Netflix, to talk about Cracks in the Castle! Next up, we have a technical segment where I walk through Securing Ubiquiti WiFi Systems! In the Final Segment, it’s the Security News: More QR codes you shouldn't trust, race conditions in Rust, encrypting railways, Pwnkit - the latest Linux exploit, tricking researchers into crashing, cybersecurity is broken?, the best cybersecurity research paper, evil Favicons, escaping...
Jan 27, 2022•2 hr 56 min
This week, we start the show off with an interview with Neal O’Farrel, Founder of The PsyberResilience Project, to talk about Cyber Resilience & Cybersecurity Mental Health! Next up, it’s the Security News: Malware targets Ukraine, I wonder where that's coming from?, evil Google Docs comments, Russia grabs REvil, funding a dictatorship, Zoom zero clicks, When 9-year olds launch DDoS attacks, 5G interference, and when your Mom steals your brownies.! In the Final Segment, we air a Technical Se...
Jan 21, 2022•2 hr 56 min
This week, we kick off the show with a tech segment walking through the Log4j Vuln, step by step! Then, Dragos Ruiu, creator of Pwn2Own, joins for an interview! In the Security News: Attacking RDP (from the inside), NetUSB exposed, the old mailing USB drives trick, a persisten DoS in your doorLock, Signal gets a new CEO, attacking the patching software, where does that QR code go, we heard you liked cryptominers, Pluton will fix that, and retiring from a jarring career! Show Notes: https://secur...
Jan 13, 2022•2 hr 50 min
This week, we kick off the show with an interview featuring Deviant Ollam, Physical Penetration Specialist, at Red Team Alliance, where we delve into Lock Picking & Physical Security! Then, John Matherly, creator of SHODAN, joins for a segment about The State Of Internet Exposed Services!! In the Security News: The greatest exploit in the world, throw some more logs on the log4j fire, lock picking with a zip tie, hacking metal detectors, please disclose your vulnerabilities here, bugs in Wif...
Dec 23, 2021•3 hr 27 min
This week, we kick off the show with an interview featuring Ed Skoudis, SANS Fellow and Counter Hack Founder, where we talk about the holiday hack challenge! Then, Sinan Eren, VP of Zero Trust Access & ZTNA Engineering at Barracuda Networks, joins for an segment walking through What to Expect in 2022 for security!! In the Security News: Printing Shellz, the exploit is in the link, 42 CVEs, time to update all of your browsers again, Microsoft App spoofing vulnerability, stealing credit cards ...
Dec 16, 2021•2 hr 48 min
This week, we kick off the show with an interview featuring Shailesh Athalye, Senior Vice President of Product Management at Qualys joins to discuss why Cybersecurity is an Unfair Game! Then, we jump straight into the Security News for this week: Stop hiding your secrets in plain sight, Detecting Wildcard DNS Abuse, $5 setup that hacks biometrics, Managing passwords with pen and paper, Windows 10 Zero Days, & why The Matrix (might be) the best hacker movie!! Finally, we close out the show wi...
Dec 03, 2021•3 hr 32 min
This week, we kick off the show with a technical segment where we walk through creating vulnerable Docker Containers – On Purpose! Then, Derek Rook from Senior Director Purple Team atTeradata, & SANS Certified Instructor joins to discuss technologies to build CTFs as well as what types of things to consider while doing so!! In the Security News: The FBI is spamming you, hacking exists in the mind, Beg Bounties, nasty top-level domains, MosesStaff, why own one npm package when you can own the...
Nov 18, 2021•3 hr 14 min
This week, we kick off the show with an interview featuring Lodrina Cherne, and Martijn Grooten join to discuss the Realworld capabilities of Stalkerware! Then, Sachin Mahajan from Inguardians joins to delve MAVSH!! In the Security News: NPM hijacked again, hardcoding your keys, PAN-ODay, more Nmap in your python or python in your nmap, put your Docker API to rest, Busybox will own your box, Microsoft says its a feature not a vulnerability, SBDCs, TIPC Linux kernel vulnerability, patches that do...
Nov 11, 2021•3 hr 37 min
This week, we kick off the show with an interview featuring Doug Burks, CEO of Security Onion Solutions, who joins to discuss Peel Back the Layers of Your Enterprise with Security Onion 2! Then, I'm going to continue guiding you through Scanning For Default Creds With Python!! In the Security News: LOLbins that make you LOL, over exposing your medical records, Shrootless gets past SIP, 73.6% of statistics are made up and other such lies, we love Signal, if an 0day drops on the Internet how many ...
Nov 04, 2021•3 hr 36 min
This week, we kick off the show with an interview featuring Roger Grimes, Data-Driven Defense Evangelist, KnowBe4, who joins to discuss the Evolution and Maturity of the Cybersecurity Industry! Then, Matt Linton, Chaos Specialist at Google, joins to talk about What Exactly Is an Incident Commander, Anyway! In the Security News: Its still not illegal to look at HTML source code, Nobelium strikes again, npm infections, gas is cheap in Iran, if you can get it, Google Tensor, going beyond the transp...
Oct 28, 2021•3 hr 16 min
