Login
This week, Clearview app lets strangers find your information through Facial Recognition, Travelex begins reboot as VPN bug persists, ADP users hit by Phishing Scam, Exposed Telnet ports lead to over 500,000 IoT devices credentials stolen, and over 1000 local governments reported they were hit by ransomware in 2019! In the Expert Commentary, we welcome Jason Wood of Paladin Security, to talk about how the FBI is to inform election officials about hacking attempts!
ย
Show Notes: https://wiki.securityweekly.com/SWNEpisode5
Visit https://www.securityweekly.com/swn for all the latest episodes!
ย
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in our first segment, Mike, Matt, and John, discuss Protecting Data in Apps and Protecting Apps from Data! In the Application Security News, PoC Exploits Published For Microsoft Crypto Bug disclosed by NSA, Introducing Microsoft Application Inspector, Vulnerability management requires good people and patching skills, and DevSecOps: 10 Best Practices to Embed Security into DevOps are more like 10 verbs related to DevOps responsibilities!
ย
Show Notes: https://wiki.securityweekly.com/ASWEpisode92
Visit https://www.securityweekly.com/asw for all the latest episodes!
ย
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, in the Security News, A Powerful GPG collision attack spells the end for SHA-1, an unpatched Citrix Flaw now has PoC Exploits, a Lottery hacker gets 9 months for his 5 cut of the loot, Windows 10 has a security flaw so severe the NSA disclosed it, and PayPal patches a high severity password vulnerability! In our second segment, we welcome Ryan Speers & Jeff Spielberg of River Loop Security, to talk about Embedded Product Security: Left of Ship! In our final segment, we will be airing our Hacker Culture Roundtable, recorded from the Security Weekly Christmas Extravaganza, with a boatload of hosts from the Security Weekly Family!
ย
Show Notes: https://wiki.securityweekly.com/PSWEpisode635
Visit https://www.securityweekly.com/psw for all the latest episodes!
ย
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Highlights from the Security Weekly shows this week, including dealing with personalities and compliance, Windows 10 exploits, alert fatigue in your SoC, security for startups, Windows 10 exploits, Tik Tok backdoors, lottery hack, 5G (in)security and more!
ย
Show Notes: https://wiki.securityweekly.com/SWNEpisode4
Visit https://www.securityweekly.com/swn for all the latest episodes!
ย
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to talk about How to Create Easy and Open Integrations with VMRays REST API, Zimperium integrates with Microsoft Defender Advanced Threat Protection EDR, PacketViper Deception360 now available for Microsoft Azure, Up Your Vulnerability Prioritization Game with Tenable Lumin for Tenable.sc, and Say Goodbye to Windows Server 2008 and Hello to Azure?! In our second segment, we welcome Mark Orlando, Founder, and CEO of Bionic, to discuss Outdated Defense Approaches and the need to revisit traditional thinking about security operations in the Enterprise! In our final segment, we welcome Ward Cobleigh, Product Line Manager at VIAVI Solutions, to discuss VISA Security Alerts - What we can learn, and what we can do!
ย
Show Notes: https://wiki.securityweekly.com/ESWEpisode168
To learn more about VIAVI Solutions, visit: https://securityweekly.com/viavi
ย
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Al Ghous, VP and Head of Security at ServiceMax, to discuss Startup Security - It s Everyone s Business! In the Leadership Articles, Unexpected Companies Produce Some of the Best CEOs, Security Think Tank: Hero or villain? Creating a no-blame culture, The Guy Who Invented Inbox Zero Says We're All Doing It Wrong, Enterprise-scale companies adopting Azure over AWS, and more!
ย
Show Notes: https://wiki.securityweekly.com/BSWEpisode158
Visit https://www.securityweekly.com/bsw for all the latest episodes!
ย
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Ben Rothke, Senior Information Security Specialist for Tapad, to talk about the Multiple Personalities we encounter during Compliance and Audit Engagements! In the Security and Compliance news, A Risk Assessment Path to Real-Time Assurance, Culture, Integrity and the Board's Role in Guarding Corporate Reputation, Skills For the Compliance Professional in the 2020s, Four Compliance Insights For 2020 and Beyond, Compliance Officer Burnout, Why You Should Draft a Compliance Mission Statement, and more!
ย
Show Notes: https://wiki.securityweekly.com/SCWEpisode13
Visit https://www.securityweekly.com/scw for all the latest episodes!
ย
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Tesla goes Pwn2Own again this year, GRU "hacks" a Ukranian gas company at the heart of scandals in DC, Microsoft has officially ended support for Windows 7 and Server 2008, and a nasty bug in Firefox, Citrix exploits are being well...exploited, and the return of Emotet! In the Expert Commentary, we welcome Jason Wood of Paladin Security, to talk about The State of 5G Security!
ย
Show Notes: https://wiki.securityweekly.com/SWNEpisode3
Visit https://www.securityweekly.com/swn for all the latest episodes!
ย
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Hillel Solow, CTO at Check Point, to discuss The Evolution of DevSecOps and AppSec Trends in 2020! In the Application Security News, Policy and Disclosure: 2020 Edition, A look back & forward for bug bounties over the past decade, 4 Ring Employees Fired For Spying on Customers, Exploit Fully Breaks SHA-1, Lowers the Attack Bar, The Open Source Licence Debate: Comprehension Consternations & Stipulation Frustrations, Synopsys Buys Tinfoil, and Rotate Your Amazon RDS, Aurora, and Amazon DocumentDB (with MongoDB compatibility) Certificates!
ย
ย
Show Notes: https://wiki.securityweekly.com/ASWEpisode91
Visit https://www.securityweekly.com/asw for all the latest episodes!
ย
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
ย
Welcome to the first-ever Security Weekly News Wrap up for the week of January 5th, 2020. We have a massive amount of content here on Security Weekly every week, and Doug White is here to try and sum it all up for you, so you can just hit the high points for the week. So, stick around, and we'll cover all the shows and all the top stories of the week!
ย
Show Notes: https://wiki.securityweekly.com/SWNEpisode2
Visit https://www.securityweekly.com/swn for all the latest episodes!
ย
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Dan DeCloss, President and CEO at PlexTrac, to talk about How to Improve Penetration Testing Outcomes with Purple Teaming! In our second segment, we welcome Ambuj Kumar, CEO, and Co-Founder of Fortanix, to discuss The Keys to Your Kingdom: Protecting Data in Hybrid and Multiple Public Clouds! In the Security News, Car hacking hits the streets, Four Ring employees fired for spying on customers, MITRE presents ATT&CK for ICS, and Las Vegas suffers cyberattack on the first day of CES!
ย
Show Notes: https://wiki.securityweekly.com/PSWEpisode634
Visit https://www.securityweekly.com/psw for all the latest episodes!
ย
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to talk about Tapplock introducing new enterprise fingerprint scanning padlock accessories, Protecting corporations without sacrificing performance with Cloudflare, as well as their acquisition of S2 Systems, Pulse Secure, and SecureWave enter a partnership, Mimecast acquires Segasec, and more! In our second segment, we discuss Docker Container Security - Vulnerable Upon Inception! In our final segment, we welcome back Britta Glade, Director of Content and Curation for RSAC, and Linda Gray, Senior Director and General Manager for RSAC, to discuss what to expect at the world's largest cybersecurity conference in San Francisco!
ย
Show Notes: https://wiki.securityweekly.com/ESWEpisode167
To register for RSAC 2020 using our discount code or to book an interview with Security Weekly on-site at RSA Conference visit: https://securityweekly.com/rsac2020
ย
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
This week on Security and Compliance Weekly, we welcome Ian Amit, CSO at Cimpress, to discuss utilizing quantitative (vs qualitative) metrics in a security program, maturing it from a technical novelty to something a business can align with and see value from, and understanding where security fits into risk management!
ย
Show Notes: https://wiki.securityweekly.com/SCWEpisode12
Visit https://www.securityweekly.com/scw for all the latest episodes!
ย
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week on Business Security Weekly, Matt Alderman, Paul Asadoorian and Jason Albuquerque discuss the best and worst companies and performance of 2019 including Amazon, Apple, Lululemon, Facebook, Boeing, and Pacific Gas and Light! In the Leadership and Communications segment, 5 CIO and IT leadership trends for 2020, First Look: Leadership Books for January 2020, The Right Way to Form New Habits, and 5 Questions You Can Ask to Learn About Company Culture in a Job Interview and more!
ย
Show Notes: https://wiki.securityweekly.com/BSWEpisode157
Visit https://www.securityweekly.com/bsw for all the latest episodes!
ย
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Happy New Year and welcome to the first episode ever of Security Weekly News! It's another year of malware, exploits, and fun here on the Security Weekly Network, with your host, Doug White! Ransomware, TikTok, and in the Expert Commentary, we welcome Jason Wood of Paladin Security, to talk about Iranian Cyber Threats: Practical Advice for Security Professionals!
ย
Show Notes: https://wiki.securityweekly.com/SWNEpisode1
Visit https://www.securityweekly.com/swn for all the latest episodes!
ย
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week on Application Security Weekly, Mike Shema and Matt Alderman discuss Privacy by Design - The 7 Foundational Principles! In the Application Security News, Featured Flaws and Big Breaches, Cloud, Code and Controls (Python is dead. Long live Python!), Learning and Tools (Breaking Down the OWASP API Security Top 10), and Food for Thought (Facebook will stop mining contacts with your 2FA number, 6 Security Team Goals for DevSecOps in 2020, 7 security incidents that cost CISOs their jobs)!
ย
Show Notes: https://wiki.securityweekly.com/ASWEpisode90
Visit https://www.securityweekly.com/asw for all the latest episodes!
ย
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Kavya Pearlman, CEO at XR Safety Initiative, to talk about Who is going to protect the Brave New Virtual Worlds, and HOW?! In our second segment, we welcome Chris Painter, Commissioner at the Global Commission on the Stability of Cyberspace, to discuss Diplomacy, Norms, and Deterrence in Cyberspace! In the security news, mysterious Drones are Flying over Colorado, 7 Tips for Maximizing Your SOC, The Most Dangerous People on the Internet This Decade, North Korean Hackers Stole 'Highly Sensitive Information' from Microsoft Users, Critical Vulnerabilities Impact Ruckus Wi-Fi Routers, & The Coolest Hacks of 2019!
ย
Show Notes: https://wiki.securityweekly.com/PSWEpisode633
Visit https://www.securityweekly.com/psw for all the latest episodes!
ย
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome you with our Roundtable Discussion on DevOps and Securing Applications, where we'll cover how to navigate the wide variety of options for securing modern applications and the processes used to build and deploy software today! Next up we debate one of Information Security's long-standing debates: Security vs. Compliance! The final segment in this episode assembles a panel of experts to discuss The History of Security and what we can learn from the past!
ย
Show Notes: https://wiki.securityweekly.com/PSWEpisode632
Visit https://www.securityweekly.com/psw for all the latest episodes!
ย
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we kick things off with the Blue Team Roundtable, to discuss defensive techniques that actually work, and ones that don't! In the second segment, we'll switch teams and transition to The State of Penetration Testing Roundtable, where we'll discuss the evolution of Penetration Testing, and how to get the most value from the different types of assessments! In our final segment, we welcome back long-time friend of the show Ed Skoudis, to discuss this year's Counterhack Holiday Hack Challenge, a holiday tradition here at Security Weekly, and one of the community's favorite hacking challenges!
ย
Show Notes: https://wiki.securityweekly.com/PSWEpisode631
Visit https://www.securityweekly.com/psw for all the latest episodes!
ย
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to talk about how MITRE updates ATT&CK for the cloud, Ping Identity builds and matures Zero Trust Infrastructures, SaltStack integrates with ServiceNow to deliver Closed-Loop IT and Security Automation, and some acquisition updates from Fortinet, CyberSponse, Guardsquare, Zimperium, and more! In our second segment, we discuss Unifying DevOps and SecOps, exploring the people and process challenges of DevSecOps and Where to integrate Security Seamlessly in the DevOps Pipeline! In our final segment, we welcome Jason Rolleston, Chief Product Officer at Kenna Security, and Michael Roytman, Chief Data Scientist at Kenna Security, to discuss Risk-Based Vulnerability Management and Threat and Vulnerability Management!
ย
Show Notes: https://wiki.securityweekly.com/ESWEpisode166
Visit https://www.securityweekly.com/esw for all the latest episodes!
ย
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweeklyย
This week, we are joined in studio by Steve Levinson, Vice President of Online Business Systems Risk, Security, & Privacy practice (full disclosure - he s also my boss!). We ll talk about the Security & Compliance divide from the compliance side, and hopefully, gain some insight into why I m so passionate (or dispassionate about) PCI!
ย
To learn more about Online Business Systems, visit: https://securityweekly.com/online
Show Notes: https://wiki.securityweekly.com/SCWEpisode11
ย
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Montana TV stations hit by cyber attack, Ransomware crisis in US schools, a deep dive into Phobos Ransomware, Cybersecurity salary survey reveals variance across industries and geolocations in 2020, and Ring smart camera claims they were not hacked!! In the expert commentary, we welcome Paul Asadoorian, CTO and Founder of Security Weekly, to discuss why you should be careful who you do business with!
ย
Show Notes: https://wiki.securityweekly.com/HNNEpisode246
Visit https://www.securityweekly.com/hnn for all the latest episodes!
ย
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Martin Bally, CISO at American Axle & Manufacturing! In the Leadership and Communications segment, Why Crowdsourcing Often Leads to Bad Ideas, Do You Need Charisma to Be a Great Public Speaker?, Fight the skills gap with a great upskilling and reskilling strategy, and more!
ย
Show Notes: https://wiki.securityweekly.com/BSWEpisode156
Visit https://www.securityweekly.com/bsw for all the latest episodes!
ย
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Dave Ferguson, Director of Product Management and WAS at Qualys! Dave will discuss the issue of latent vulnerabilities and how they may linger in your custom-coded web applications and APIs, presenting an enticing target for attackers. In the Application Security News, GitLab Doles Out Half a Million Bucks to White Hats, How can we integrate security into the DevOps pipelines?, Go passwordless to strengthen security and reduce costs - and design your app to support these types of workflows, including account recovery.
ย
Show Notes: https://wiki.securityweekly.com/ASWEpisode89
To learn more, visit: https://securityweekly.com/qualys
ย
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Jorge Salamero, Director of Product Marketing at Sysdig, to talk about Runtime Protection for Containers! In our second segment, we welcome back the Legend himself John Strand, to talk about Backdoors & Breaches, an Incident Response Card Game! In the security news, Your Smart Christmas Lights Are Safer Than They Were Last Year, Intels SGX coughs up crypto keys when scientists tweak CPU voltage, Hackers Can Block iPhones and iPads Via AirDrop Attack, How hackers are breaking into Ring Cameras, and Bloomberg accidentally created an Alexa Fleshlight!
ย
Show Notes: https://wiki.securityweekly.com/PSWEpisode630
To learn more about BHIS, visit: https://securityweekly.com/bhis
To learn more about Sysdig, visit: https://securityweekly.com/sysdig
ย
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Laura Jones, Author of a children's book titled Cyber Ky & Tekkie Guy Manage the Risk of Being Online. She focuses on children being as 'appropriately informed' as they are comfortable with using technology! In the Security and Compliance News, Equifax nears 'historic' data breach settlement that could cost up to $3.5B, Maryland Again Amends its Data Breach Notification Law, Hidden Complexity is Biggest Threat to Compliance, Data Security Remains Top IT Concern for Small Businesses and Others, A Compliance Carol: A visit from the Ghost of Compliance Past, and more!
ย
Show Notes: https://wiki.securityweekly.com/SCWEpisode10
Visit https://www.securityweekly.com/scw for all the latest episodes!
ย
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to talk about Barracuda launching Cloud Security Guardian integration with Amazon Detective, Sophos launches new cloud-based threat intelligence and analysis platform, Accenture launches Cloud Native solution to help clients, and 10 notable Cybersecurity acquisitions of 2019, Pt. 2! In our second segment, we welcome James Carder, Chief Security Officer & Vice President at LogRhythm, to discuss Measuring and Maturing Security Operations Maturity! In our final segment, we welcome Jamie Butler, Tech Lead at Elastic Security, to talk about how improving security requires reducing complexity!
ย
Show Notes: https://wiki.securityweekly.com/ESWEpisode165
To learn more about Elastic, visit: https://securityweekly.com/elastic
To learn more about LogRhythm, visit: https://securityweekly.com/logrhythm
ย
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome John Ramsey, Chief Information Security Officer at National Student Clearinghouse, to discuss Security in Education! In the Leadership and Communication Segment, In-depth protection is a matter of basic hygiene, 4 strategies to find time for yourself, Enterprises muddled over cloud security responsibilities, and Screw Productivity Hacks: My morning routine is getting up late!
ย
Show Notes: https://wiki.securityweekly.com/BSWEpisode155
Visit https://www.securityweekly.com/bsw for all the latest episodes!
ย
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, How Panasonic is using internet honeypots to improve IoT device security, A new Windows 10 ransomware threat?, 'Hackable' karaoke and walkie talkie toys found by Which?, Linux Bug Opens Most VPNs to Hijacking, New Office 365 Feature Provides Detailed Information on Email Attack Campaigns, and Google Confirms Critical Android 8, 9 And 10 Permanent Denial Of Service Threat! In the expert commentary, we welcome Tyler Robinson, Managing Director of Network Operations at Nisos, Inc, to discuss Sophos Uncovering New Version of Snatch Ransomware!
ย
Show Notes: https://wiki.securityweekly.com/HNNEpisode245
Visit https://www.securityweekly.com/hnn for all the latest episodes!
ย
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweeklyย
This week, we welcome Allan Friedman, Director of Cybersecurity Initiatives at the NTIA US Department of Commerce, to talk about the Software Bill of Materials! In the Application Security News, GitHub Seeks Security Dominance With Developers, IoT and Agile Framework Partners in Efficacy, WhiteSource acquires & open sources Renovate dependency update toolset, and Java vs. Python: Which should you choose?
ย
Show Notes: https://wiki.securityweekly.com/ASWEpisode88
Visit https://www.securityweekly.com/asw for all the latest episodes!
ย
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
ย
This week, we welcome Eric Brown, Senior Security Analyst at LogRhythm, to talk about the Outlook on Phishing in 2020! In our second segment, we welcome back Micah Hoffman, Principal Investigator at Spotlight Infosec, to discuss OSINT in Cyber! In the Security News, HackerOne breach lets outside hacker read customers private bug reports, Two malicious Python libraries caught stealing SSH and GPG keys, Smash-and-grab car thieves use Bluetooth to target cars containing tech gadgets, and If You Bought a Smart TV on Black Friday, the FBI Has a Warning for You!
ย
Show Notes: https://wiki.securityweekly.com/PSWEpisode629
To learn more about LogRhythm, visit: https://securityweekly.com/logrhythm
Visit https://www.securityweekly.com/psw for all the latest episodes!
ย
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise Security News, discussing How Mimecast Challenges Shadow IT for Cloud App Usage on Mobile and Desktop Devices, CloudKnox Security Announces Integration with AWS IAM Access Analyzer, Morphisec Achieves AWS Security Competency Status for Cloud Server Workload Protection, and more! In our second segment, we welcome back Ferruh Mavituna, CEO and Founder at Netsparker, as he'll be talking about how to start building a web security program and a realistic approach to starting a web security program in enterprises! In the final segment, we welcome Heather Paunet, VP of Product at Untangle, to talk about how Untangle will be releasing an SD-WAN Router, which has advanced routing capabilities and provides the ability for a business to build a comprehensive, secure Software-Defined Networking!
ย
Show Notes: https://wiki.securityweekly.com/ESWEpisode164
To learn more about Netsparker, visit: https://securityweekly.com/netsparker
ย
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter Visit https://www.securityweekly.com/esw
Like us on Facebook: https://www.facebook.com/secweeklyย
This week, we welcome Mathieu Gorge, CEO at Vigitrust for an interview! In the Security and Compliance News, Sale of 4 Million Stolen Cards Tied to Breaches at 4 Restaurant Chains, Sentara Hospitals to pay $2.2M HIPAA settlement for undisclosed data breaches, Privacy Regs Changing the Face of Cybersecurity, TrueDialog Leaks 600GB of Personal Data, Affecting Millions, CFTC Fines Goldman Sachs $1 Million for Failing to Record Calls, Global Cops Shut 31,000 Domains in IP Crackdown, and more!
ย
Show Notes: https://wiki.securityweekly.com/SCWEpisode9
Visit https://www.securityweekly.com/scw for all the latest episodes!
ย
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Ward Cobleigh, Senior Product Manager at VIAVI Solutions! In the Leadership and Communications segment, Companies Need to Rethink What Cybersecurity Leadership Is, What Companies That Are Good at Innovation Get Right, Staff in smaller businesses bogged down by poor communications, Why You Should Be Sending More Video Emails And How To Record Them, Enterprises muddled over cloud security responsibilities, and Top tech conferences to attend in 2020!
ย
Show Notes: https://wiki.securityweekly.com/BSWEpisode154
To learn more about VIAVI Solutions, visit: https://securityweekly.com/viavi
ย
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
ย
This week, Microsoft OAuth Flaw Opens Azure Accounts to Takeover, Vulnerabilities Disclosed in Kaspersky, Trend Micro Products, Critical Code Execution Vulnerability Found in GoAhead Web Server, and StrandHogg Vulnerability Allows Malware to Pose as Legitimate Android Apps! In the expert commentary, we welcome back Adam Gordon from ITPro.TV, to discuss DevSecOps and the Culture Clash in Organizations!
ย
Show Notes: https://wiki.securityweekly.com/HNNEpisode244
To learn more about ITPro.TV, visit: https://securityweekly.com/itpro
ย
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Sandy Carielli, Principal Analyst at Forrester Research, to discuss the impact of good and bad bots on enterprises and how it is both a security and customer experience problem! In the Application Security News, Analysis of Jira Bug Stresses Impact of SSRF in Public Cloud, DevSecOps Adoption and the Web Security Myth, Facebook, Twitter profiles slurped by mobile apps using malicious SDKs, Firefox gets tough on tracking tricks that sneakily sap your privacy, and Decoding the Modern Enterprise Software Spaghetti!
ย
Show Notes: https://wiki.securityweekly.com/ASWEpisode87
Visit https://www.securityweekly.com/asw for all the latest episodes!
ย
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to talk about how Cloudflare Open-Sources its Network Vulnerability Scanner, Qualys brings its Market Leading Vulnerability Management Solution to the next level, and some acquisition and funding updates from Palo Alto, Cymulate, Detectify, and Perimeter 81! In our second segment, we welcome Ken Belva, CEO, and Founder of OpCode41, to talk about IoT Crusher, Testing for Default & Weak Credentials! In our final segment, we air a Pre-Recorded interview with Brenden O'Conner, Information Security Program Manager at Root Insurance, to discuss Patch Management!
ย
Show Notes: https://wiki.securityweekly.com/ESWEpisode163
Visit https://www.securityweekly.com/esw for all the latest episodes!
ย
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Russell Mosley and Jim Nitterauer, to discuss security and compliance specifically for small businesses where they have been involved with audit and compliance including NIST 800-171, 800-53 (FISMA) and SOC, and how to achieve decent security and meet compliance requirements with limited staff and resources!
ย
Show Notes: https://wiki.securityweekly.com/SCWEpisode8
Visit https://www.securityweekly.com/scw for all the latest episodes!
ย
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Nate Fick, GM of Elastic Security and former CEO of Endgame, to discuss Elastic's resource-based pricing! In the Leadership and Communications segment, Why Business Leaders Need to Understand Their Algorithms, How to Do a Digital Detox: 3 Easy Steps for Success, How Remote Workers Make Work Friends, and more!
ย
Show Notes: https://wiki.securityweekly.com/BSWEpisode153
To learn more about Elastic Security, visit: https://securityweekly.com/elastic
ย
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, PoC exploit code for Apache Solr RCE flaw is available online, Some Fortinet products used hardcoded keys and weak encryption for communications, Critical Flaws in VNC Threaten Industrial Environments, Twitter allows users to use 2FA without a phone number, and Smash-and-grab car thieves use Bluetooth to target cars containing tech gadgets! In the expert commentary, we welcome back Jason Wood from Paladin Security, to discuss an Iranian hacking crew that is targeting Industrial Control Systems!
ย
Show Notes: https://wiki.securityweekly.com/HNNEpisode243
Visit https://www.securityweekly.com/hnn for all the latest episodes!
ย
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Tim Mackey, Principal Security Strategist at Synopsys! In the Application Security News, $1M Google Hacking Prize, 1.2B Records Exposed in Massive Server Leak, How Attackers Could Hijack Your Android Camera to Spy on You, XSS in GMail s AMP4Email via DOM Clobbering, and more!
ย
Show Notes: https://wiki.securityweekly.com/ASWEpisode86
To learn more about Synopsys, visit: https://securityweekly.com/synopsys
ย
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
This week, we welcome Peter Liebert, CEO at Liebert Security, to discuss The Next Generation of SOCs: DevSecOps, Automation and breaking the model! In our second segment, we welcome back our friend Dave Kennedy, Founder and CEO of TrustedSec & Binary Defense, to discuss the Coalfire Incident and DerbyCon Communities! In the Security News, Disney Plus Blames Past Hacks for User Accounts Sold Online, Why Multifactor Authentication Is Now a Hacker Target, How the Linux kernel balances the risks of public bug disclosure, a critical flaw in Jetpack exposes millions of WordPress sites, and Amazon tells senators it isn't to blame for Capital One breach!
ย
Show Notes: https://wiki.securityweekly.com/PSWEpisode628
To learn more about TrustedSec, visit: https://trustedsec.com/securityweekly
Visit https://www.securityweekly.com/psw for all the latest episodes!
ย
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweeklyย ย
This week, we talk Enterprise News, discussing how Sysdig supports Google Cloud Run for Anthos to secure serverless workloads in production, StackRox Kubernetes Security Platform 3.0 Introduces Advanced Features and New Workflows for Configuration and Vulnerability Management, and some acquisition and funding updates from CyberCube, 1Password, Docker, WhiteSource, and more! In our second segment, we welcome Reuven Harrison, Chief Technology Officer at Tufin, to discuss the Cloud, Containers, and Microservices! In our final segment, we welcome Jorge Salamero, Director of Product Marketing at Sysdig, to discuss the challenges of implementing security in Kubernetes Environments!
ย
Show Notes: https://wiki.securityweekly.com/ESWEpisode162
To learn more about Sysdig, visit: https://securityweekly.com/sysdig
To learn more about Sysdig, visit: https://securityweekly.com/tufin
ย
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweeklyย
This week, we talk about the 2019 Verizon Payment Security Report! Why is PCI Compliance Decreasing? Why is it decreasing? What's missing? What needs to change? In the Security and Compliance News, Is My PCI Compliance Good Enough to Serve as a Network Cybersecurity Audit?, Getting Prepared for New York s Expanded Security Breach and Data Security Requirements, Virginia Builds New Model for Quantifying Cybersecurity Risk, Five Cyber Program Elements Financial Services Firms Must Cover To Stay Compliant, and more!
ย
Show Notes: https://wiki.securityweekly.com/SCWEpisode7
Visit https://www.securityweekly.com/scw for all the latest episodes!
ย
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Scott Petry, CEO at Authentic8, to discuss challenges with the browser and securing web sessions! In the Leadership and Communications segment, CISOs left in compromising position as organizations tout cyber robustness, How To Get More Out Of Your Team, 8 Steps To Convert Your Commute Time To Me Time, and more!
ย
Show Notes: https://wiki.securityweekly.com/BSWEpisode152
Visit https://www.securityweekly.com/bsw for all the latest episodes!
ย
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Vulnerabilities in Android Camera Apps Exposed Millions of Users to Spying, what to do if surveillance has you worried, GitHub launches Security Lab to boost open source security, Disney+ Credentials Land in Dark Web Hours After Service Launch, and 146 security flaws uncovered in pre-installed Android apps! In the expert commentary, we welcome Bob Erdman, Sr. Manager of Product Management at Core Security, a HelpSystems Company, to talk about Effective Phishing Campaigns!
ย
Show Notes: https://wiki.securityweekly.com/HNNEpisode242
To learn more about Core Security, a HelpSystems company, visit: https://securityweekly.com/helpsystems
ย
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Pawan Shankar, Senior Product Marketing Manager of Sysdig, to announce the launch of Sysdig Secure 3.0! In the Application Security News, Mirantis' Docker Enterprise acquisition a lifeline as industry shifts to Kubernetes, Attackers' Costs Increasing as Businesses Focus on Security, Soft Skills: 6 Nontechnical Traits CISOs Need to Succeed, and Three Ways Developers Can Worry Less About Security!
ย
Show Notes: https://wiki.securityweekly.com/ASWEpisode85
To learn more about Sysdig, visit: https://securityweekly.com/sysdig
ย
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Dr. Kevin Harris, Program Director for Information Systems Security and Information Technology Management at the American Public University System, to talk about The Ethics of Surveillance! In our second segment, we welcome back Bryson Bort, Founder, and CEO of SCYTHE, to demonstrate how to safely simulate ransomware and a multi-staged APT with lateral movement in your production environment! In the Security News, US-CERT Warns of Remotely Exploitable Bugs in Medical Devices, McDonalds Hamburgler Account Attack, No, YouTube isn't planning to jettison your unprofitable channel, McDonalds Hamburgler Account Attack, and how Memes could be our secret weapon against pesky bots!
ย
Show Notes: https://wiki.securityweekly.com/PSWEpisode627
To learn more about SCYTHE, visit: https://scythe.io/securityweekly
Visit https://www.securityweekly.com/psw for all the latest episodes!
ย
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweeklyย ย
The hosts of Security and Compliance Weekly answer questions like what is a security program and what is a compliance program?, Aren't they the same thing?, What are some differences?, Where do they overlap or how should they work together?, Do they compete for the same budget?, and more! In the Security and Compliance News, Payment Security Compliance Declines - 1 in 3 Companies Make the Grade, RMC Agrees to $3M HIPAA Settlement Over Mobile Device Encryption, How Emerging Technologies Are Disrupting the Banking Compliance Landscape, and much more!
ย
Show Notes: https://wiki.securityweekly.com/SCWEpisode6
Visit https://www.securityweekly.com/scw for all the latest episodes!
ย
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we discuss part 1 of how Artificial Intelligence and Machine Learning can be used for Compliance, including: - What is Artificial Intelligence (AI) and Machine Learning (ML)? - What are the roles of AI/ML for Compliance? - Example: Gaming In the Security and Compliance News, What does your business need to know about the California Consumer Privacy Act (CCPA)?, California AG: No CCPA Safe Harbor for GDPR Compliance, Canada data breach tally soars since new privacy laws arrived, Marijuana Compliance and the quandary for brokers and dealers, and more!
ย
Show Notes: https://wiki.securityweekly.com/SCWEpisode5
Visit https://www.securityweekly.com/scw for all the latest episodes!
ย
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, discussing how STEALTHbits releases real-time threat detection and response platform StealthDEFEND 2.2, Bitdefender GravityZone enhanced with new endpoint defense capabilities, Tenable to Secure Enterprise Cloud Environments with Microsoft Azure Integration, and Aqua Security buys CloudSploit to expand into cloud security posture management! In our second segment, we welcome Baber Amin, CTO West at Ping Identity, to discuss Zero Trust Architecture! In our final segment, we welcome Ward Cobleigh, Sr. Product Manager at VIAVI Solutions, to discuss Threat Detection: The Network Scavenger Hunt!
ย
Show Notes: https://wiki.securityweekly.com/ESWEpisode161
To learn more about VIAVI, visit: https://securityweekly.com/viavi
To learn more about Ping Identity, visit: https://securityweekly.com/ping
ย
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Ron Ross, a Fellow at the National Institute of Standards and Technology! His focus areas include cybersecurity, systems security engineering, and risk management. Dr. Ross leads the Federal Information Security Modernization Act (FISMA) Implementation Project, which includes the development of security standards and guidelines for the federal government, contractors, and the United States' critical infrastructure!
ย
Show Notes: https://wiki.securityweekly.com/SCWEpisode4
Visit https://www.securityweekly.com/scw for all the latest episodes!
ย
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we air pre-recorded interviews from the 2019 NACD Blue Ribbon Commission Initiative! But first, in the Security and Compliance News, What is the Board's Role in Effective Risk Management?, CEOs could get jail time for violating privacy bill, California Amends Breach Notification Law, 5 Updates from PCI SSC That You Need to Know, and more!
ย
Show Notes: https://wiki.securityweekly.com/SCWEpisode3
Visit https://www.securityweekly.com/scw for all the latest episodes!
ย
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, in the first segment, Mike, Matt, and John talk Security Testing! In the Application Security News, Pwn2Own Tokyo Roundup: Amazon Echo, Routers, Smart TVs Fall to Hackers, Robinhood Traders Discovered a Glitch That Gave Them 'Infinite Leverage', Bugcrowd Pays Out Over $500K in Bounties in One Week, GWP-ASan: Sampling heap memory error detection in-the-wild, and more!
ย
Show Notes: https://wiki.securityweekly.com/ASWEpisode84
Visit https://www.securityweekly.com/asw for all the latest episodes!
ย
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, BlueKeep freakout had little impact on patching, Experts warn of spike in TCP DDoS reflection attacks targeting Amazon and others, Nvidia patches graphics products and GeForce Experience update tool, hackers breach ZoneAlarm's forum site, and how Apple is to fix Siri bug that exposed parts of encrypted emails! In the expert commentary, we welcome Dan DeCloss, Founder and CEO of PlexTrac, to talk about Communicating Vulnerabilities!
ย
To learn more about PlexTrac, visit: https://securityweekly.com/plextrac
Show Notes: https://wiki.securityweekly.com/HNNEpisode241
ย
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Brendon Macaraeg, Sr. Director of Product Marketing at Signal Sciences, to discuss how to develop an effective AppSec security program! In the Leadership and Communications segment, The CIO role, from IT operator to business strategist, 5 questions with Cisco's CISO, Gartner's strategic tech trends for 2020, and more!
ย
Show Notes: https://wiki.securityweekly.com/BSWEpisode151
To learn more about Signal Sciences, visit: https://signalsciences.com/psw
ย
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Peter Smith, Founder and CEO of Edgewise for an interview! In our second segment, we welcome back Kevin Finisterre & Josh Valentine, to talk about their project Arcade Hustle, and the things they ve learned during their into to the arcade scene!! In the Security News, Who is responsible for Active Directory security within your organization?, Apple publishes new technical details on privacy features, How to ensure online safety with DNS over HTTPS, and Amazons Ring Video Doorbell could open the door of your home to hackers!
ย
Show Notes: https://wiki.securityweekly.com/PSWEpisode626
To learn more about Edgewise, visit: https://securityweekly.com/edgewise
To learn more about Arcade Hustle, visit: https://github.com/ArcadeHustle
ย
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Alexander Niejelow, Senior Vice President, Cybersecurity Coordination and Advocacy at Mastercard for an interview! In the Security and Compliance News, New York s Breach Law Amendments and New Security Requirements, Cybersecurity, The C-Suite, & The Boardroom: The Rising Specter Of Director & Officer Liability, Kaiser says data breach exposed information on nearly 1,000 Sacramento-area patients, Companies Still Not Prepared to Comply with GDPR and Potential EU Data Breaches, The Human Factor of Cyber Security, and more!
ย
Show Notes: https://wiki.securityweekly.com/SCWEpisode2
Visit https://www.securityweekly.com/scw for all the latest episodes!
ย
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we bring to you our brand new show, Security and Compliance Weekly, hosted by Jeff Man, and Co-Hosted by Scott Lyons, Josh Marpet, and Matt Alderman! In the first segment, Jeff and the hosts talk about PCI and how it affects the state of the union! In the Security and Compliance News, Important security notice about your DoorDash account, How PCI DSS compliance milestones can be a GDPR measuring stick, Companies vastly overestimating their GDPR readiness, only 28% achieving compliance, When Compliance Isn't Enough: A Case for Integrated Risk Management, and much more!
ย
Show Notes: https://wiki.securityweekly.com/SCWEpisode1
Visit https://www.securityweekly.com/scw for all the latest episodes!
ย
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, talking about how Trustwave offers threat detection and response for Microsoft Azure, LogRhythm offers migration service to Splunk customers to address security challenges, CrowdStrikes Falcon security platform lands on AWS, and how GitLab plans to ban hires in China and Russia due to espionage concerns! In our second segment, we welcome back Adrian Sanabria, Advocate at Thinkst, to discuss Enterprise Deception and how Thinkst is helping in the security space! In our final segment, we welcome Tim Callan, Senior Fellow at Sectigo, to talk about Quantum Computing & what its arrival means for IT, traditional computing, and infosec!
ย
Show Notes: https://wiki.securityweekly.com/ESWEpisode160
To learn more about Thinkst, visit: https://securityweekly.com/canary
ย
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
FreshRSS