In the Security News for this week: Raspberry Pi Pico W Adds Wireless, Apple expands commitment to protect users from mercenary spyware, UK health authorities slammed for WhatsApp use in pandemic, Three UEFI Firmware flaws found in tens of Lenovo Notebook models, & a Hack Allows Drone Takeover Via ‘ExpressLRS’ Protocol! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw747...
Jul 14, 2022•1 hr 58 min
Andy will explain the origin story of BloodHound, as well as where the project is today and where it's going in the future. Andy will also share his current research surrounding Azure attack paths. Segment Resources: https://github.com/BloodHoundAD/BloodHound https://medium.com/p/82667d17187a Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw747...
Jul 14, 2022•1 hr 11 min
This week in the Security News: Chaining Zoom bugs is possible to hack users in a chat by sending them a message, Microsoft vulnerabilities down for 2021, CISA adds 41 flaws to its Known Exploited Vulnerabilities Catalog, Using NMAP to Assess Hosts in Load Balanced Clusters, Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw742...
Jul 06, 2022•1 hr 44 min
John will go through his mostly random career choices that led to a long and fun career in information/cybersecurity - and how that ties into today's demand to secure the increase complex supply web of chains. Segment Resources: SANS Cyberstart initiative - https://www.cyberstartamerica.org/ Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw742...
Jul 06, 2022•1 hr 11 min
In the Security News for this week: ICS training bill, 5 myths, VoIP devices and ransomware, miracle exploits, UnRAR and Zimbra, guess what the most common weakness is, security at the device level is NOT simple, keys to the kingdom, and HP says Destructive firmware attacks pose a significant threat to businesses! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw746...
Jun 30, 2022•2 hr
Veteran cybersecurity journalist and author Joseph Menn, now at the Washington Post, talks about his books and the best reporting on hacking and defense today. Since he began writing on the subject in 1999, Menn has broken some of the biggest stories in the industry and written two of most widely read books in the Cybersecurity Canon. Segment Resources: https://www.amazon.com/Joseph-Menn/e/B001HD1MF6%3Fref=dbs_a_mng_rwt_scns_share https://www.washingtonpost.com/technology/2022/05/01/russia-cyber...
Jun 30, 20220
In the Security News for this week: appliances with holes, gamification and its pitfalls, false rocket sirens, PHP strikes again, new laws we may actually agree with, hacking jacuzzis, Icefall and the state of ICS security, Adobe is blocking anti-virus, Mega is Mega insecure, Microcorruption CTF and DIY NSA playset! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw745...
Jun 23, 2022•1 hr 57 min
Many people think security is too difficult to learn because it is such a big field, and constantly growing. But it's endlessly fascinating and surprising, once you learn some fundamentals and get used to feeling stupid. My task is to help people get started, and learn how to appreciate this complex and challenging topic. Segment Resources: https://samsclass.info/ https://infosecdecoded.com/ Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly....
Jun 23, 2022•1 hr 6 min
This week in the Security News: Big DDOS, tracking smartphones, play Doom in your BIOS, hertzbleed, Apple M1 vulnerability, who will buy NSO, spoof your location data, building system attacks, and a hacker's revenge! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw744
Jun 16, 2022•1 hr 43 min
Michigan has a group of volunteers who assist local governments and public services with incident response. The program is relatively mature, and will be presented (along with those of Ohio and Wisconsin) at the upcoming National Governors Association Cybersecurity Summit. Come hear the interview and scoop the governors! Segment Resources: Our home page http://micybercorps.org Our supporting legislation https://www.legislature.mi.gov/documents/mcl/pdf/mcl-Act-132-of-2017.pdf Our partner organiza...
Jun 16, 2022•59 min
This week in the Security News: Analyzing chat logs with Python, consumer reports for IoT, hypothetically BS, the year of the Linux desktop and the year of Linux malware are the same, do you trust Google to tell you open-source software is secure?, Twitter fines, WSL attack vector, Follina, UK Government still won't pay a bounty, and ransomware that makes you a better person! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw743...
Jun 03, 2022•1 hr 51 min
This segment will be an opportunity to discuss web application client-side security with subject matter expert Matt McGuirk from Source Defense. Modern web applications have a massive and misunderstood attack surface that exists within the webpages they serve. Potential discussion topics: - A visual overview of the problem - A simulated client-side attack - How to evaluate client-side risk on a given web site - What technologies are available to defend against client-side attacks - Historical ca...
Jun 03, 2022•59 min
In the Security News for this week: Singapore launches safety rating system for e-commerce sites, Watch Out for Zyxel Firewalls RCE Vulnerability, New Bluetooth hack that can unlock your Tesla, Hackers Compromise a String of NFT Discord Channels, a pentester’s attempt to be ‘as realistic as possible’ backfires, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw741...
May 20, 2022•1 hr 17 min
In this segment Saumil Shah joins us for a discussion on Firmware Security, complete with a fascinating first-hand demonstration! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw741
May 19, 2022•59 min
The past year has been filled with incredible changes in the cyber security landscape from ICS, Mobile, Cloud, and increased threats from Ransomware. This discussion will focus on crucial and quick discussions surrounding the cyber landscape that has changed quickly and forced organizations to consider revamping many of their policies and preparations. Join us for a humorous, and insightful journey back over the past year filled with examples for practitioners, organizations, and those just star...
May 19, 2022•57 min
In the Security News for this week: Colonial Pipeline facing $1,000,000 fine, cybercrime tracking bill signed into law, Lincoln College Set to Close After Crippling Cyberattack, Nvidia’s LHR limiter bypassed, & North Carolina Becomes the First State to Prohibit Public Entities from Paying Ransoms! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw740...
May 12, 2022•1 hr 44 min
In-depth look at destructive malware and other threats the Barracuda team has been monitoring that you need to be aware of. This segment is sponsored by Barracuda Networks. Visit https://securityweekly.com/barracuda to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw740...
May 12, 2022•56 min
In the Security News for this week: Lessons from Star Wars on threats, more than just your thermal exhaust port, Pegasus spotted again, Python replaces JavaScript?, Read-Only containers, no problem for malware, breaking out of captive portals, its always DNS, except when its not DNS, but this time its DNS and uClibc, you are ordered to block these sites, ransomeware still hurts, DoD contractors remain vulnerable, hiding in network appliances, QUIETEXIT, & more! Visit https://www.securityweek...
May 05, 2022•2 hr 14 min
Especially ICS represents a significant exposure to property and business operations. A scientific research-based approach to loss prevention for traditional property perils can be applied to help protect companies from cyber risk to keep their businesses more resilient. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw739...
May 05, 2022•1 hr
This week in the Security News: Java’s “psychic paper”, Musk’s plans for Twitter’s algorithm, Bossware, What Google is getting wrong about expired domains, & NFT Tweet Auctions, Silk Road Seizures, 0-Days, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw738
Apr 29, 2022•1 hr 16 min
Marcus Sachs, the Deputy Director for Research at the McCrary Institute for Cyber and Critical Infrastructure Security, joins to discuss his cryptography collection, service for the US Army & Government, Antique Typewriters, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw738
Apr 28, 2022•1 hr 10 min
The need to communicate, collaborate and do business on a global level has created a proliferation of cloud based applications and services. Email. Cloud Storage. Messaging platforms. CRM. Digital Apps and Services. Organizations continue to add new cloud channels to support their business needs. But with new channels come new security blind spots that must be addressed. In this session we'll discuss: Cyber attack trends in the collaboration channel ecosystem The (yet) unsolved challenges of ema...
Apr 28, 2022•54 min
Logitech’s Lift is a vertical mouse that’s easier to grasp, CISA warns of attackers now exploiting Windows Print Spooler bug, Google tracked 58,exploited zero-day security holes in 2021, For Russian tech firms, QNAP urges customers to disable UPnP port forwarding on routers Putin’s crackdown ended their global ambitions, & Hackers can infect >100 Lenovo models with unremovable malware. Are you patched? Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https...
Apr 22, 2022•1 hr 9 min
Considering that history has always had foreign legions, from Lord Byron fighting in Greece (well fighting might be a bit much), to For Whom the Bell Tolls, to the Flying Tigers, to the Layfayette Escadrille, foreign fighters have often entered war zones for a wide variety of reasons. Today, well, you can join up to a virtual cause and fight for whatever cause you are seeking and fight from the comfort of your own gaming chair. No selling your estates and dashing off to attack Lepanto, although ...
Apr 21, 2022•1 hr
John Alfred is a retired Police Officer that directed a Computer Crimes unit for years. This segment will discuss how that unit got developed, what kinds of skills might be useful to develop in your own units, and what sorts of mistakes are often made trying to operate computer crimes units! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw737...
Apr 21, 2022•1 hr 1 min
This week in the Security News: Hackers have found a clever new way to steal your Microsoft 365 credentials, Former Ethereum Developer Virgil Griffith Sentenced to 5+ Years in Prison for North Korea Trip, An update to Raspberry Pi OS Bullseye, Bearded Barbie hackers catfish high ranking Israeli officials, & Nginxday! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw736...
Apr 15, 2022•1 hr 26 min
Amanda Berlin joins us to discuss what she’s been up to since her last appearance on the show. It’s only been a couple of years, but a lot has changed in that time. Tune in to hear about what changes the pandemic brought to the vision and operations of Mental Health Hackers, and how they pivoted to a virtual environment during this time. The crew talks about their experience going from traveling to 15-20+ conferences a year, down to hardly any conferences during Covid, and what their future plan...
Apr 14, 2022•1 hr
Mike Wilkes CISO at SecurityScorecard joins us to discuss third party risk research! This segment is sponsored by Security Scorecard. Visit https://securityweekly.com/securityscorecard to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw736...
Apr 14, 2022•59 min
In the Security News for this week: Ransomware that was a breeze, getting an eyeful while charging your electric vehicle, scanning for secrets, find my iPhone is useful, WTF Apple moments and why I run Linux, Wyze is not very wise, stopping teen hackers, ranking endpoint detection, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw735...
Apr 08, 2022•1 hr 9 min
Jay comes on the show to talk about container and Kubernetes architecture and security (or lack thereof). Segment Resources: Peirates, a Kubernetes penetration testing tool: https://www.inguardians.com/peirates/ Free Kubernetes workshops: https://inguardians.com/kubernetes/ DEF CON Kubernetes CTF https://containersecurityctf.com/ Jay's Black Hat Kubernetes Attack and Defense Training https://www.blackhat.com/us-22/training/schedule/index.html#abusing-and-protecting-kubernetes-linux-and-container...
Apr 07, 2022•1 hr 12 min
