In the security news, Car hacking hits the streets, 4 Ring employees fired for spying on customers, MITRE presents ATT&CK for ICS, and Las Vegas suffers cyberattack on the first day of CES! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode634
According to Gartner, 70% of businesses are adopting a hybrid cloud and multi-cloud strategy to augment their internal data centers. The challenges of protecting data and using encryption for multiple hybrid, public cloud, and on-premises environments increases complexity, cost, and security risk. As workloads and sensitive data move to the cloud, keeping cryptographic keys, shared secrets and tokens secure is critical to secure public cloud deployments and successful digital transformation. Vis...
Purple teaming reduces the lifespan of vulnerabilities found from pentests by facilitating knowledge transfer between red and blue teams in the remediation phase. PlexTrac provides a single interface through which red teams may report vulnerabilities and blue teams may remediate them. Visit https://www.securityweekly.com/plextrac to claim your free month of PlexTrac. Also, be sure to stop by their booth in the Early Stage Exhibit at RSA next month. Visit https://www.securityweekly.com/psw for al...
In the security news, mysterious Drones are Flying over Colorado (watchout Mr. Alderman), 7 Tips for Maximizing Your SOC, The Most Dangerous People on the Internet This Decade, North Korean Hackers Stole 'Highly Sensitive Information' from Microsoft Users, Critical Vulnerabilities Impact Ruckus Wi-Fi Routers, & The Coolest Hacks of 2019! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode633...
Global conversations around acceptable norms of behavior in cyberspace (particularly for states), attribution, accountability, and deterrence (though we have not done well on the last one), recent attacks, and the processes that are dealing with setting rules of the road in cyberspace. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode633...
The history of security can be traced back to a variety of different sources. The amount of articles on the topic is dizzying. Most will cite names of early phone phreaks, Kevin Mitnick, Kevin Poulsen, Steve Jobs, Steve Wozniak and quickly transition to many other more recent "hacks" or breaches. Our goal is to not review the history of hacking. This is the history of security. We've carefully chosen key events and research to discuss the very beginnings of security, and their impact and lessons...
Emerging technologies such as Virtual, Augmented and Mixed Reality are inevitably gaining momentum and helping businesses gain competitive advantage. These technological advancements are giving rise to digital transformation as well as digital risks. The bigger question is who will protect these technologies. While the world is catching up on the business aspects and the real use cases, Silicon Valley startups are already gearing up to combat the risks born alongside emerging tech's benefits. Th...
It was once said that if Security and Compliance were in a relationship the status would be "It's Complicated". This discussion will aim to help you understand this relationship and how it can be beneficial or a mere distraction to an organization's overall security posture. - Define "Secure" and "Compliant". - Does compliance merely raise awareness about security shortcomings? - What is the relationship between Security and Compliance? - Being Secure and being Compliant are mere points in time,...
Each year the team at Counterhack Challenges makes available the Holiday Hack Challenge. Led by Ed Skoudis, and created by some of the most talented security professionals in the industry, it is not to be missed. Tune in to hear the details, or at least some information, about this year's Holiday Hack Challenge! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode631...
Penetration testing has evolved quite a bit in the past year. As defenses shift, and in some cases get much better, attack techniques and landscapes have changed as well. - What has changed in the past year with regards to penetration testing? - What is adversary simulation? What are the benefits? Is the offering and consumption of this service an indication that organizations are getting better at building effective security programs? - How has the increased popularity of breach and attack simu...
- Given that DevOps is a process and its execution requires many different tools, how do we get started "doing DevOps"? - What about DevOps allows us to produce more secure applications? - What concepts inside of DevOps do most people lose site of? - What are the major challenges involved in taking an application from traditional development to DevOps? - What are some of the best approaches to making an application more resilient to threats - To ORM or not to ORM? - Which services do you impleme...
It's often said that attackers need only to get it right once, where defenders have to be right all of the time. Those of us who have worked in a security role as a defender know we don't always get it right, in fact, there are often many exposures in our defenses. This segment will aim to help defenders learn tactics and techniques that are effective and try to answer some of the following questions: - How do you prioritize your defensive efforts? - How do you best detect attacks? - How do you ...
In the Security News, Reveton ransomware schemer stripped of six years of freedom, £270,000, and Rolex, Web-hosting firm 1&1 hit by almost €10 million GDPR fine over poor security at call centre, iPR Software Exposed Thousands via a Humongous Corporate Data Leak, and how the FBI assesses Russian apps may be counterintelligence threat! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode630...
John Strand is a Security Analyst, Founder of Black Hills Information Security, and CTO of Offensive Countermeasures. John will be talking about Backdoors & Breaches, the Incident Response card game. To learn more about BHIS, visit: https://securityweekly.com/bhis Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode630...
Jorge Salamero is the Director of Technical Marketing at Sysdig. Jorge enjoys playing with containers and Kubernetes, home automation and DIY projects. Currently, he is part of the Sysdig team, and in the past was a Debian developer. When he is away from computers, you will find him walking with his 2 dogs in the mountains or driving his car through a twisted road. To learn more about Sysdig, visit: https://securityweekly.com/sysdig Visit https://www.securityweekly.com/psw for all the latest epi...
Netflix: BPF is a new type of software we use to run Linux apps securely in the kernel, Automated security tests with OWASP ZAP, HackerOne Breach Leads to $20,000 Bounty Reward, US-CERT AA19-339A: Dridex Malware , and much more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode629
Micah Hoffman is the Principle Investigator at Spotlight Infosec. Looking to increase the publicity of using Open Source Intelligence (OSINT) in traditional cyber fields like pentest, DFIR, and cyber defense. Just created a new non-profit called The OSINT Curious Project (https://osintcurio.us) that is a clearinghouse for excellent OSINT information and resources. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode629...
Eric Brown is the Sr. Security Analyst at LogRhythm. Eric will cover topics including: Phishing Trends, 2020 Outlook, Top 4 Types Eric is seeing: Exec Phish / Legit websites (Box/sites.google/OneDrive) / Fake O365 / HTML attachment, Use of/upload to VirusTotal, Value of Incident Response and Playbooks, Value of Training baseStriker, Has it been patched? Or just now detectable?, and Hunting Phish Kits. To learn more about LogRhythm, visit: https://securityweekly.com/logrhythm Visit https://www.se...
In the Security News, Disney Plus Blames Past Hacks for User Accounts Sold Online, Why Multifactor Authentication Is Now a Hacker Target, How the Linux kernel balances the risks of public bug disclosure, A critical flaw in Jetpack exposes millions of WordPress sites, and Amazon tells senators it isn't to blame for Capital One breach! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode628...
Dave Kennedy is the Founder & CEO of TrustedSec. Dave comes on the show to talk about the Coalfire incident and DerbyCon communities. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode628
Peter Liebert is the CEO at Liebert Security. After working in and with SOCs for the majority of my career, as well as building one from the ground up for the State of California, there are some lessons learned that can be shared with the wider community. The first is how to leverage automation and devsecops methodologies in your SOC and the second is how to break out of the traditional Tier 1-3 model. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki...
Two security researchers earned $60,000 for hacking an Amazon Echo, Amazon Kindle, Embedded devices Open to Code-Execution, This App Will Tell You if Your iPhone Gets Hacked, Two New Carding Bots Threaten E-Commerce Sites, and much more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode627
Bryson Bort (Founder and CEO of SCYTHE) will demonstrate how to safely simulate ransomware and a multi-staged APT with lateral movement in your production environment! How would your organization protect, detect and respond to a ransomware attack? Bryson is also announcing the availability of the SCYTHE marketplace where red teams can collaboratively build and share threats and modules to extend the SCYTHE platform while also sharing market intelligence on what enterprises are looking for in the...
As advancements have been made in technologies new surveillance tools have been designed giving those charged with protecting citizen’s additional opportunities to prevent crimes or identify those who have violated laws or policies. While innovation has introduced a variety of new platforms there remains a concern of if the implementation of them is ethical. Additionally, there are concerns that surveillance has been and continues to be unequally applied. Our guest for this segment is Dr. Kevin ...
In the Security News, Who is responsible for Active Directory security within your organization?, Apple publishes new technical details on privacy features, How to ensure online safety with DNS over HTTPS, Amazons Ring Video Doorbell could open the door of your home to hackers, and much more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode626...
Kevin Finisterre is a Co-founder of Arcade Hustle. Josh Valentine is a Co-founder of Arcade Hustle. Josh and Kevin have spent the last year immersing ourselves in arcade platforms, games, and cabinets. There is quite a bit of cross over into the traditional security scene. There is even more to learn in the subtle differences of how each scene handles. We'd like to talk about our project Arcade Hustle, and the things we've learned during our into to the arcade scene. Visit https://www.securitywe...
Peter Smith is the Founder & CEO of Edgewise. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode626
Paul and Matt sit down with Dave Bittner from Cyberwire to discuss the state of security podcasts, the latest security trends, and the security community. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode625
Sven Morgenroth is the Security Researcher at Netsparker. Sven joins us again to talk about Formatting string vulnerabilities. To learn more about Netsparker, visit: https://securityweekly.com/netsparker Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode625...
Philippe Courtot is the Chairman and CEO of Qualys. Sumedh Thakar is the Chief Product Officer Qualys. Philippe Courtot, chairman and CEO of Qualys will examine the impact of today's complex and hyper-connected IT environments have on security and compliance. He will discuss why, in a world where everything connects, we need to regain the visibility we have lost, and why visibility is now the cornerstone of security. Simply put, it is difficult, if not impossible, to secure what we do not know o...
