Attackers are targeting the systems that control access. This includes Active Directory, Azure AD, and recently Okta. Once they have access to identity, attackers can move onto systems that provide access to data and persistence. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw735
This week in the Security News: Military intelligence, Chrome updates, an exploit for the firewall, racing the kernel, creepy spyware goes away?, weaponizing security complexity, same old tricks, the largest crypto hack, suing journalists, targeting your battery backup, the teenager behind Lapsus$, spring exploits just in time for spring, and hacking your Honda Civic, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw734...
With an alarming increase in K-12 cybersecurity attacks, districts are considering new ways to protect their students and staff. With the need to increase the cybersecurity talent pipeline, the solution to the problem is much larger than just increasing protective technology measures to keep schools safe. Schools must also be proactive in training the next generation of cybersecurity experts. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly...
Mark is currently involved in building a security operations center for a large organization with an established infrastructure and teams already in place. In this chat, we'll explore the state of the SOC today, the challenges of building one, the reality versus expectations roles, what is SOAR'ing and not, and more. Tangential paths will likely be followed, as information security is fun to talk about in general! Segment Resources: http://www.securitybsides.com https://www.bsidesdc.org Visit ht...
Check out our latest interview with our good friend Dave Kennedy! When not pumping iron Dave is hard at work understanding and implementing C2 infrastructure. TrevorC2 is a really cool framework that allows for some pretty stealthy C2 communications. Tune-in to learn more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw733...
In the Security News: insiders inside NASA, BIND is in a bind again, Lapsus$ is on a tear, ripping at Microsoft and Okta, anonymous hacks printers, The UEFI security rabbit hole goes DEEP, Microtik and Tickbot, Browser-in-the-Browser attacks, Nestle gets attacked for not wanting to hurt babies, just another sabotage, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw733...
With all of your focus and investment on 3rd party risk management, there is likely still a blind-side that remains unaddressed. It is an area that should be moved to the top of your priority list - both for its potential to cause material losses in the form of response costs and fines and judgements, and for the ease in which it can be mitigated. It is a risk introduced by the 3rd party vendors you rely upon (and the nth parties they work with) to power and enhance your website. The threat of J...
In the Security News: Secret Keys in Samsung Source Code, Conti (tries) to go legit, Cracking crypto keys with a 300 year old algorithm, CISA’s must patch list, FTC fines CafePress over Data Breach, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw732
Teleseer makes cyberspace easy to see, just like watching security footage. It lets users builds interactive network maps in seconds with data they already have. We can inventory thousands of assets or protocols and show their connections in a multi-layer map. No installing agents, no scanning. Teleseer gives you the visibility to make smart cyber decisions faster. Segment Resources: https://teleseer.com https://cyberspatial.com https://www.youtube.com/c/cyberspatial Visit https://www.securitywe...
G Mark's Law states "Half of what you know about security will be obsolete in 18 months." But sometimes you have to let go to move forward. If you're the smartest person in the room, chances are you're not the boss. Let's talk about that and other dilemmas in our security career journey! Segment Resources: https://www.cisotradecraft.com https://www.gmarkhardy.com Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw732...
This Security News segment will include a discussion with OSHEAN CEO David Marble about the upcoming Security Conference to be held at Bryant University on March 15th. This week in the Security News: Dirty pipes, UEFI firmware flaws, strange social engineering, command Amazon devices to hack themselves, TLStorms, article 45.2 and why its a bad idea, misconfiguration leads to compromise, 10 signs of a poor leader, when power supplies attack, attacking SATCOMs, and the campus master key Segment Re...
Unix-like systems are growing rapidly. Sometimes we forget to learn from the past and sometimes the past haunts us. We talk about how the rapid change in Unix-like systems affected it's security state. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw731
In a world with rapidly-changing technology, it can be tempting to constantly reach for the newest, shiniest security tools/techniques at both the program management and engineering levels. But even given unusual circumstances like startup hypergrowth or Web3 applications, sometimes we should focus on more basic issues. We can learn a lot about where to start with some of these basics when thinking about recent current events, especially related to widely-reported vulnerabilities or specific sec...
Rich joins us to discuss the differences in managing security policies between on-premises network environments and the cloud and the impacts that has on companies that are 100% cloud-based. He’ll also be discussing the additional considerations that these organizations need to consider if they are considering SASE and SD-WAN to expand network access for their users. This segment is sponsored by FireMon. Visit https://securityweekly.com/firemon to learn more about them! Visit https://www.securit...
If you are amongst the legions transitioning into a cybersecurity career, mock interviews serve as critical preparation for your job hunt. Alissa has delivered over 50 of these practice sessions over the last 4 months. Get some pointers from her on how to stand out from the crowd of entry-level applicants. Segment Resources: Alissa's class with Antisyphon InfoSec Training **Advanced Endpoint Investigations** - https://www.antisyphontraining.com/advanced-endpoint-investigations-w-alissa-torres/ V...
In the Security News for this week: Was it Russia?, Blocking software updates, crowd-sourced attacks, protecting FPGAs, moving Linux to modern C, Nvidia hit, the split of cyber criminals, Namecheap banning, Anonymous declares war, the Alan framework, and leaving your Docker port exposed, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw730...
Josh Corman joins to describe, in vivid detail, some of his experiences working for CISA, as a fed, & from the frontlines. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw729
Chris will tell the tale on how an electrical engineer got sucked backwards into the infosec abyss. Also, Chris will share some war stories about what he's seen...and be open to questions from Paul that his viewers will enjoy. Beware of dad jokes. Segment Resources: Presentations: https://www.slideshare.net/chrissistrunk Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw729...
In the Security News for this week: Unskilled hacker linked to years of attacks on aviation, transport sectors, The Elite Hackers of the FSB, Bionic Eyes Go Dark, Herpaderping, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw729
This week in the Security News: To steal or collect a bug bounty, print bombing an NFL team, Webkit strikes again, hackers be framing, TIPC Linux kernels, is that an Airtag in your pocket or?, It was Russia unless it wasn't Russia, Cassandra and Magento, how not to redact, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw728...
Yes, this is possible! We have incoporated into our vulhub-lab project a way to run Windows inside a Docker Container that is running on Linux. We didn't invent this technique but we will show you how to do it! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw728
Michael joins us to discuss the importance of information sharing, how to convey cybersecurity practice and topics to senior leaders, cybersecurity regulation, myths surrounding militarizing cyberspace, and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw728
Qualys researcher, Wheel, will discuss the discovery of the 12 year old Linux vulnerability in PolicyKit - which Qualys had dubbed, PwnKit. Wheel will provide an overview of the vulnerability and then dive into a technical discussion of the research. Segment Resources: https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034 Visit https://www.securityweekly.com/psw for all the latest episodes! Sh...
In the Security News for this week: Microsoft to block VBA macros by default (in some Office applications), Russia arrests it’s 3rd hacking group, The ‘Metaverse’ of security challenges, $323 Million in crypto stolen from the “Wormhole”, & a rapping influencer allegedly launders $4.5 billion worth of stolen crypto, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw727...
We have spent decades tackling security threats with technology, and we are failing badly. We need to look and learn from other industries and see how they have improved their industry. In particular the airline safety and automobile safety industries have a lot that we can learn from. Things such as breach disclosures, accountability, root cause analysis with openly shared results, focused training, industry norms for checklists, certification of products, and regulations have all improved thes...
This week in the Security News: Temporary phones, webcam hacks that are so much more, bags of cash, patch Wordpress plugins and patch them some more, crowd-sourced-government-funded vulnerability scanning, hiding deep in UEFI and bouncing off the moon, even more UEFI vulnerabilities, if Samaba were a fruit it would be....well vulnerable for one thing, charming kittens, fingerprinting you right in the GPU, Let's not Encrypt, your S3 bucket is showing again, and can you hack the latest wearable se...
In this Technical Segment, Paul walks through Linux Post Exploitation! Github: https://github.com/SecurityWeekly/vulhub-lab Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw726
Discussing every-day-carry items that are utilized during covert entry assessments. Also discussing the concealment of these tools, and which tools we use for various assessment types. Segment Resources: # Blog website : www.wehackpeople.com # Employer's website : www.darkwolfsolutions.com # Link for EDC - Covert Entry Wallet : https://wehackpeople.wordpress.com/2019/10/10/lock-pick-concealment-edc-wallet/ # Link for other EDC items I use : https://wehackpeople.wordpress.com/2020/09/14/covert-en...
This week in the Security News: More QR codes you shouldn't trust, race conditions in Rust, encrypting railways, Pwnkit - the latest Linux exploit, tricking researchers into crashing, cybersecurity is broken?, the best cybersecurity research paper, evil Favicons, escaping Kubernetes, pimping your cubicle and someone who actually recovered their crypto wallet! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw725...
Ubiquiti has become a crown favorite for WiFi (and many other solutions). Learn how to do some basic security, update the software, change passwords and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw725
