This week in the Security News: From a stolen laptop to inside the company network, the essential tool for hackers called "Discord", fixin' your highs, hacking DEF CON, an 11-year-old can show you how to get an RTX 30 series, broadcasting your password, to fuzz or not to fuzz, a real shooting war, evil aerobics instructors, the return of the PunkSpider, No Root for you, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw704...
Jul 31, 2021•1 hr 48 min
Join Michael Welch for a discussion on the ramifications a cyber-physical attack can have on ill prepared organizations. As a third-party expert, Michael can speak to: • The importance of being aware of the widening attack surface due to an inter-connected world of cyber-physical security. • The critical need to have the right solutions in place to thwart bad actors from gaining access to a physical system. • The security considerations organizations, specifically in the healthcare and critical ...
Jul 30, 2021•39 min
Alyssa will discuss the growing trend of organizations implementing Business Information Security Officers. We'll talk about how the BISO builds bridges between the security and business organizations that DevSecOps shared-responsibility culture. We'll dive into Alyssa's career progression and the lessons she learned along the way the prepared her for this high level leadership role. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw7...
Jul 30, 2021•57 min
This week in the Security News: Trust no one, its all about the information, so many Windows vulnerabilities and exploits, so. many., Saudi Aramco data for sale, Sequoia, a perfectly named Linux vulnerability, is Microsoft a national security threat?, Pegasus and clickless exploits for iOS, homoglyph domain takedowns, when DNS configuration goes wrong and a backdoor in your backdoor!Trust no one, its all about the information, so many Windows vulnerabilities and exploits, so. many., Saudi Aramco...
Jul 24, 2021•1 hr 33 min
CyberMarket.com is a marketplace where CyberSecurity Consultancies and clients can find each other. There is a growing trend where CyberSecurity Consultants recognize the gap between what they are worth to a consultancy as being sold out for a daily rate compared to what they get paid. There are a number of consultants who are leaving consultancies to start the next generation of independent / boutique consultancies but they don't have a sales pipeline and sales staff like their old consultancie...
Jul 23, 2021•51 min
Safety in online dating spaces is an issue the dating industry has grappled with for some time; with the surge of dating app usage during the pandemic, the demand for dating apps to take responsibility and ensure safer online interactions is at an all-time high. RealMe is a technology platform that hopes to solve this problem on dating apps (and other online marketplaces) by providing in-app background checks that aggregate publicly available information on criminal records, sex offender status,...
Jul 23, 2021•1 hr 2 min
The White House announces a Ransomware Task Force, how much money Microsoft has paid out to security researchers last year, Amazon rolls out encryption for Ring doorbells, how a backdoor in popular KiwiSDR product gave root to a project developer for years, Trickbot Malware returns with a new VNC Module to spy on its victims, and some of the absolute funniest quotes about cyber security & tech in 2021! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://...
Jul 17, 2021•1 hr 16 min
In this segment of Paul's Security Weekly, Paul and crew interview Jack Rhysider about how he got his start in Information Security, the projects and careers he worked on over the years, and how he transitioned from a Network Security Engineer to the host of Darknet Diaries Podcast. Segment Resources: https://darknetdiaries.com/ Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw702...
Jul 16, 2021•1 hr 1 min
Eclypsium researchers identified vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS. This disconnect impacted 129 Dell models of consumer and business laptops, desktops, and tablets, including devices protected by Secure Boot and Dell Secured-core PCs. With cyber-attacks on the rise, firmware security, while often overlooked, might be the next battleground for attackers who continue to target enterprise VPNs and other network devices. Segment Resources: https://eclypsium.c...
Jul 16, 2021•1 hr 3 min
This week in the Security News: LinkedIn breach exposes user data, Why MTTR is Bad for SecOps, 3 Things Every CISO Wishes You Understood, USA as a Cyber Power, is ignorance bliss for hackers, flaws let you hack an ATM by waving your phone, PrintNightmare, Bitcoins from Banks and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw701...
Jul 03, 2021•1 hr 12 min
80% of SIM-Swap attacks are successful. This could lead to greater financial loss and loss of social status since this is where hackers latch onto. The statistics are true and spreading like a wildfire. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw701
Jul 02, 2021•50 min
Deep dive on the data broker industry, and how new threats are stemming from the widespread availability of employee/personal information publicly for sale at data broker websites. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw701
Jul 02, 2021•51 min
In the Security News for this week Paul and the crew talk: Windows 11, Drive-by RCE, Cookies for sale, McAfee has passed away, 30 Million Dell Devices at risk, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw700
Jun 26, 2021•1 hr 17 min
Brief history and purpose of the CFAA. Discussion of the majority and dissenting "Van Buren" opinion. Implications for the computer forensic and security profession. Segment Resources: https://www.supremecourt.gov/opinions/20pdf/19-783_k53l.pdf Prosecuting Computer Crimes DOJ,: https://www.justice.gov/sites/default/files/criminal-ccips/legacy/2015/01/14/ccmanual.pdf "Computer Crime and Intellectual Property Section DOJ": https://www.justice.gov/criminal-ccips/ccips-documents-and-reports Visit ht...
Jun 25, 2021•1 hr 2 min
Offensive Security expert Jim O'Gorman talks through his own career progression and training, revealing what it takes to be successful in infosec. He also covers key learning tracks and gives concrete examples of job roles available to those who prove themselves through industry certifications and other means. This segment is sponsored by Offensive Security. Visit https://securityweekly.com/offSec to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Sho...
Jun 25, 2021•57 min
This presentation will cover how incorrect implementation of caching mechanism within web application might lead to the Web Cache Poisoning vulnerability that can potentially affect all the users using the web application. Segment Resources: www.netsparker.com This segment is sponsored by Netsparker. Visit https://securityweekly.com/netsparker to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw699...
Jun 21, 2021•1 hr 6 min
This week in the Security News: Jeff, Larry, & Doug adjust to our Adrian Overlord! Ransomware galore, Ransomware Poll Results, Windows 11 & Windows 10's End-Of-Life, Drones that hunt for human screams, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw699
Jun 18, 2021•1 hr 8 min
Too often, developers and security teams have a siloed relationship. That separation can lead to inefficiencies and gaps in security across software development, ultimately leading to anything from bad user experiences to hits to the bottom line. How can teams bridge that gap, and evolve from gatekeepers of their own projects, to partners working in harmony toward a shared goal? In this podcast, Brian Joe will focus on the most overlooked factors in evaluating an organization’s InfoSec posture a...
Jun 18, 2021•1 hr 10 min
This week, In the Security News Paul & the crew discuss: Microsoft Patches 6 Zero-Days Under Active Attack, US seizes $2.3 million Colonial Pipeline paid to ransomware attackers, the largest password compilation of all time leaked online with 8.4 billion entries, How to pwn a satellite, One Fastly customer triggered internet meltdown, and I got 99 problems, but my NAC ain't one, and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly...
Jun 12, 2021•1 hr 36 min
What does it mean to protect the attack surface? What's the difference between attack surface protection vs. attack surface management? Rob Gurzeev, CEO and Founder at Cycognito, joins us to discuss why attack surface monitoring needs to run across the entire infrastructure. It's not just about open ports, but finding the assets that are exposed or exploitable, or abandoned, that create the greatest risk. This segment is sponsored by CyCognito. Visit https://securityweekly.com/cycognito to learn...
Jun 11, 2021•58 min
OpenWRT is a mature and well supported project. It is supported on many hardware platforms and available as production-level products. OpenWRT has developed into a platform that is filled with enterprise level features, making it a successful product for enterprise uses. Due to the fact that it will run on many IoT platforms, including home gateways, and has an easy-to-use web interface, it is also a great platform to use to start building a lab. Segment Resources: Company Website Link: xcapeinc...
Jun 11, 2021•57 min
This week In the Security News, Paul and the Crew talk: Establishing Confidence in IoT Device Security: How do we get there?, JBS hack latest escalation of Russia-based aggression ahead of June 16 Putin summit, why Vulnerability Management is the Key to Stopping Attacks, Overcoming Compliance Issues in Cloud Computing, Attack on meat supplier came from REvil, ransomware’s most cutthroat gang, WordPress Plugins Are Responsible for 98% of All Vulnerabilities, and more! Visit https://www.securitywe...
Jun 05, 2021•1 hr 34 min
Over the past year, organizations have rapidly accelerated their digital transformation by leveraging technologies such as cloud and container that support the shift to IoT and a remote workforce. Implementing these technologies has led to considerable growth in the number of IT assets deployed within the enterprise. Traditionally, IT oversees the management of these assets and focuses on administration responsibilities like inventory, software support, and license oversight. Sumedh will discuss...
Jun 04, 2021•50 min
We've let the compliance world drive security for so long there are folks that literally have no idea what 'reasonably secure' looks or feels like because they've never seen it before. Segment Resources: phobos.io/orbital Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw697
Jun 04, 2021•1 hr
This week in the Security Weekly News, Paul and the Crew Talk: Nagios exploits, hacking a Boeing 747, bypass container image scanning, unpatchable new vulnerability in Apple M1 chips, stop blaming employees (Especially interns), spying on mac users, don't tip off the attackers, security researcher plows John Deere, when FragAttacks, security by design, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw696...
May 29, 2021•1 hr 24 min
Rick Howard joins to talk about his Cybersecurity Canon project, the rock and roll hall of fame for Cybersecurity literature! The Cybersecurity Canon Committee has announced it's hall of winners for 2021. Segment Resources: https://icdt.osu.edu/cybercanon Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw696...
May 28, 2021•53 min
Training is critical but it is tough to break away from the day to day. Polarity is running free 15 minute training sessions that leverage our community edition to leave you with a new ability to automate search and save time. Examples include, how to write basic regular expressions, how to find exploit code faster, basics of cyberchef, or how to read a malware sandbox report. Segment Resources: Sign up page: https://polarity.io/ctt/ Past 15min session with GreyNoise: https://youtu.be/sEWQbRU4Du...
May 28, 2021•46 min
Join Qualys researcher Wheel for a discussion on the team's recent discovery and disclosure of multiple critical vulnerabilities in the Exim mail server. This includes discussion of the vulnerabilities that can be chained together to obtain full remote unauthenticated code execution and gain root privileges. Segment Resources: https://blog.qualys.com/vulnerabilities-research/2021/05/04/21nails-multiple-vulnerabilities-in-exim-mail-server Visit https://www.securityweekly.com/psw for all the lates...
May 22, 2021•45 min
Five years after Sounil Yu originally introduced the Cyber Defense Matrix at the 2016 RSA conference, he just wrapped up the third workshop based on the framework. CDM has its own website, is an official OWASP project and has a forthcoming book. We talk to Sounil today to learn more about where the CDM came from, why people find it so useful and where it might be headed in the future. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw...
May 21, 2021•57 min
This week in the Security News: Is the cyber NTSB a good thing?, Russian virtual keyboard for the win, information should be free, hang on while I unplug the Internet, security MUST be taken seriously, poison the water hole to poison the water, bombing hackers, how industry best practices have failed us?, publishing exploits is still a good thing regardless of what the studies say, and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly....
May 21, 2021•1 hr 28 min
