The growth in software vulnerability exploitation creates a need for better prediction capabilities. Over time, there have been shifts in the ways of discovering vulnerabilities in binary code. Research and development of new tools enables security pros to adopt innovative techniques to scale the process. This segment is sponsored by Vicarius. Visit https://securityweekly.com/vicarius to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: http...
Aug 29, 2020•52 min
Most analysts will tell you that they balance between being thorough and getting the job done quickly. Paul Battista asked the security community to weigh in on this debate. He’ll share what they thought and explain why it’s no longer necessary to choose between the two. This segment is sponsored by Polarity. Visit https://www.polarity.io/sw to learn more about them! Take the Polarity Challenge! Get your free community edition by visiting: www.polarity.io/sw Dynamic application security testing ...
Aug 28, 2020•34 min
Google Researcher Reported 3 Flaws in Apache Web Server Software, Medical Data Leaked on GitHub Due to Developer Errors, Experts hacked 28,000 unsecured printers to raise awareness of printer security issues, Tesla Is Cracking Down On Performance-Enhancing Hacks For The Model 3, Former Uber CSO Charged Over Alleged Breach Cover-Up, and Researchers Sound Alarm Over Malicious AWS Community AMIs! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.security...
Aug 28, 2020•1 hr 39 min
What use cases are addressed by Threat Hunting Platforms and SIEMs? Where is the overlap and where are the differences? Corey Thuen, Founder of Gravwell, covers the high level and low-level tech that drives these differences. This segment is sponsored by Gravwell. Visit https://securityweekly.com/gravwell to learn more about them! Gravwell is a threat hunting platform built for ingest and search of logs and binary data sources at scale. To learn more, visit: https://www.gravwell.io/summercamp202...
Aug 22, 2020•29 min
New Microsoft Defender ATP Capability Blocks Malicious Behaviors, Voice Phishers Targeting Corporate VPNs, IBM finds vulnerability in IoT chips present in billions of devices, The Sounds a Key Make Can Produce 3D-Printed Replica, US firm accused of secretly installing location tracking SDK in mobile apps, and Disrupting a power grid with cheap equipment hidden in a coffee cup! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw663...
Aug 21, 2020•1 hr 21 min
Customers are concerned about protecting critical services such as Active Directory from compromise. It's game over if AD is compromised. AD environments can be heterogeneous; public cloud, on-prem data centers, clients, servers. It is operationally complex to protect this environment while ensuring smooth business operations How do you deal with changes in the environment? New apps? App updates? New systems? Harry will demo key points of Edgewise's answer to use software identity for microsegme...
Aug 21, 2020•55 min
It s not uncommon to find the traditional vulnerability assessment report buried under the CISO family picture, compliance books, and his latest blood pressure test. These reports highlight the never-ending battle between security and IT about what s more important: risks to servers and endpoints, or keeping the environment up-to-date and secured. There are even problems within the ranks of each unit. Dysfunctional processes, lack of efficient communication, and rudimentary tools put even more p...
Aug 15, 2020•49 min
This week, Amazon Alexa One-Click Attack Can Divulge Personal Data, Adobe tackles critical code execution vulnerabilities in Acrobat, Reader, Threat actors managed to control 23% of Tor Exit nodes, SANS Security Training Firm Hit with Data Breach, Unskilled hackers can breach about 3 out of 4 companies, TeamViewer flaw can allow hackers to steal System password, and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw662...
Aug 14, 2020•1 hr 52 min
Elastic believes that transparency and collaboration must be the new norm for the greater infosec community to succeed in stopping threats at scale. With many individuals now working from home, new endpoints need to be secured and IT teams are rushing years of planning into a few months to onboard distributed employees and resources – all while managing a global shift that is bringing new adversary behaviors targeting the new remote workforce. Organizations need to react fast, implement new cont...
Aug 14, 2020•58 min
In this segment, we discuss the importance of automating the Vulnerability Management Program and discuss Qualys VMDR which takes vulnerability management to the next level bringing detection and response to vulnerability management. For your free trial of Qualys VMDR, visit: https://securityweekly.com/qualys Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw661...
Aug 08, 2020•42 min
How hackers could spy on satellite internet traffic with just $300 of home TV equipment, Smart locks opened with nothing more than a MAC address, 17-Year-Old 'Mastermind' and 2 Others Behind the Biggest Twitter Hack Arrested, Flaw in popular NodeJS express-fileupload module allows DoS attacks and code injection, and how Netgear Won't Patch 45 Router Models Vulnerable to a Serious Flaw! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.c...
Aug 07, 2020•1 hr 36 min
Chad talks about the DomainTools COVID research (and how they stumbled on the CovidLock Android ransomware), mapping the Reopen Campaigns in more detail. He will then touch on some of the work he is doing that will be released that maps Twitter hunting into a nice, observable dashboard for the lazy. This segment is sponsored by DomainTools. Visit https://securityweekly.com/domaintools to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: http...
Aug 07, 2020•39 min
A Vulnerability that Allowed Brute-Forcing Passwords of Private Zoom Meetings, Russia's GRU Hackers Hit US Government and Energy Targets, a New tool that detects shadow admin accounts in AWS and Azure environments, BootHole Secure Boot Threat Found In Mostly Every Linux Distro, and Windows 8 And 10, and how Hackers Broke Into Real News Sites to Plant Fake Stories! Show Notes: https://wiki.securityweekly.com/psw660 Visit https://www.securityweekly.com/psw for all the latest episodes!...
Aug 04, 2020•1 hr 37 min
MIDAS uses unsupervised learning to detect anomalies in a streaming manner in real-time and has become a new baseline. It was designed keeping in mind the way recent sophisticated attacks occur. MIDAS can be used to detect intrusions, Denial of Service (DoS), Distributed Denial of Service (DDoS) attacks, financial fraud and fake ratings. MIDAS combines a chi-squared goodness-of-fit test with the Count-Min-Sketch (CMS) streaming data structures to get an anomaly score for each edge. It then incor...
Aug 01, 2020•32 min
The Gravwell Data Fusion platform is releasing a major update this week. New features make analyzing logs and network data much easier for new users while still keeping the raw power of a unix-like search query pipeline for power users. Gravwell is free for community use and during launch week if you sign up for CE we're bumping the data cap up to 4 GB/day. This segment is sponsored by Gravwell. Visit https://securityweekly.com/gravwell to learn more about them! Visit https://www.securityweekly....
Jul 31, 2020•58 min
Vulnerable Cellular Routers Targeted in Latest Attacks on Israel Water Facilities, Fugitive Wirecard Executive Jan Marsalek Was Involved In Attempt to Purchase Hacking Team Spyware, 8 Cybersecurity Themes to Expect at Black Hat USA 2020, Twitter says hackers viewed 36 accounts' private messages, and how Thieves Are Emptying ATMs Using a New Form of Jackpotting! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw659...
Jul 25, 2020•1 hr 25 min
Leveraging the unifying power of a cloud-based security platform to provide full context and comprehensive visibility into the entire attack chain for a complete, accurate risk-based analysis and response. The cloud allows you to unify different context vectors like asset discovery, rich normalized software inventory, end of life visibility, vulnerabilities and exploits, misconfigurations, in-depth endpoint telemetry, and network reachability with a powerful backend to correlate it all for accur...
Jul 24, 2020•53 min
Zane Lackey joins us once again to talk about Zero Trust, Cloud Security, and the impact of COVID-19 on Digital Transformation! This segment is sponsored by Signal Sciences. Visit https://securityweekly.com/signalsciences to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw659...
Jul 24, 2020•51 min
Microsoft fixes critical wormable RCE SigRed in Windows DNS servers, Zoom Addresses Vanity URL Zero-Day, Docker attackers devise clever technique to avoid detection,a massive DDoS Attack Launched Against Cloudflare in Late June, Critical Vulnerabilities Can Be Exploited to Hack Cisco Small Business Routers, and what you need to know about the Twitter Mega Hack! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw658...
Jul 18, 2020•1 hr
The guys welcome our newest host to the family. John Snyder will replace Matt Alderman on Security and Compliance Weekly. Tune in to hear about how John made the jump from being a trial lawyer in New York to founding AGNES Intelligence, a forensic AI firm that has perfected the application of unsupervised machine learning! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw658...
Jul 18, 2020•59 min
With advent of Internet of Things (IoT) and emerging cloud technologies, ensuring continued cybersecurity at scale is a challenging task. An ever growing increase in demand of cybersecurity workforce makes the problem even more challenging. In this talk we will explore how autonomous solutions based on Artificial Intelligence (AI) and Machine Learning (ML) can help in bridging the gap, by automating current cybersecurity tools and techniques. We will also discuss if current AI solutions can be p...
Jul 17, 2020•45 min
Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment, Cisco Talos discloses technical details of Chrome and Firefox flaws, Palo Alto Networks Patches Command Injection Vulnerabilities in PAN-OS, Zoom zero-day flaw allows code execution on victim's Windows machine, and how the Trump administration is looking into ban on TikTok and other Chinese apps! V isit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode657...
Jul 11, 2020•1 hr 12 min
Arrested at 17 while hacking with a Commodore 64, Terry went on to work for the US National Security Agency help track terrorists. He left the NSA in 2007 to bootstrap Tactical Network Solutions, an offensive-focused cyber company catering to the world's friendly foreign governments and militaries. In 2017, he spun out ReFirm Labs as an investor-backed company to help fight IoT insecurity. In his spare time, he runs mini-real estate portfolio of rental properties. Visit https://www.securityweekl...
Jul 10, 2020•59 min
In this technical demo, Joff will show how you can bring up an IPv6 tunnel to learn and play with IPv6 connectivity and basic concepts. This tech segment will largely be a demo on a Debian based Linux system to show you how you might get started with IPv6. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode657...
Jul 10, 2020•1 hr 2 min
Cisco Releases Security Advisory for Telnet Vulnerability in IOS XE Software, Firefox 78 is out with a mysteriously empty list of security fixes, Python Arbitrary File Write Prevention: The Tarbomb, New Lucifer DDoS Botnet Targets Windows Systems with Multiple Exploits, Critical Apache Guacamole Flaws Put Remote Desktops at Risk of Hacking, and how The Internet is too unsafe, and why We need more hackers! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://w...
Jul 05, 2020•1 hr 18 min
With bug bounties becoming more and more main stream for organizations. The bounty hunters are turning to more and more automation. Open source intelligence gathering can be automated with the use of python and a handful of other opensource tools such as Recon-NG, Amass, and others. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode656...
Jul 04, 2020•37 min
Hackers know that more people are working from home now and accessing/ sending/ sharing sensitive company data through their home networks. How can businesses help employees secure their home networks? Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode656
Jul 03, 2020•52 min
As web applications have evolved from static HTML pages into fully-fledged applications with a native feel to them, web browsers continue to provide developers with truly novel functionality. The resulting paradigm shift from merely rendering web pages to acting as an OS-agnostic abstraction layer poses unique challenges to everyone involved with web application security, including automated web application security scanning solutions. Visit https://www.securityweekly.com/psw for all the latest ...
Jun 13, 2020•45 min
Hospital-busting hacker crew may be behind ransomware attack that made Honda halt car factories, 3 common misconceptions about PCI compliance, SMBleed could allow a remote attacker to leak kernel memory, Kubernetes Falls to Cryptomining via Machine-Learning Framework, and The F-words hidden superpower: How Repeating it can increase your pain threshold! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode655...
Jun 13, 2020•1 hr 39 min
We’ll discuss how organizations can improve their vulnerability management life cycle and demo some quick ways to get started with vulnerability management and combining penetration test results. Then walking through the whole life cycle of a vulnerability. To learn more about PlexTrac, visit: https://securityweekly.com/plextrac Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode655...
Jun 12, 2020•58 min
