This week, Paul is joined by Matt Alderman in the absence of John Strand, to discuss The Evolution of Vulnerability Management, and where we stand today in areas such as Applications, Infrastructure, and Mobile! In the Enterprise Security News, Cisco unlocks IoT potential with Intent-Based Networking, Qualys extends cloud platform with patch management, Tenable announces general availability of Predictive Prioritization, Lacework announces security support for Azure and Multicloud environments, and more!
Β
Full Show Notes: https://wiki.securityweekly.com/ES_Episode126
Visit https://www.securityweekly.com/esw for all the latest episodes!
Β
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit http://securityweekly.com/esw for all the latest episodes!
This week, Paul is joined by Joff Thyer to interview Tim Eades, CEO of vArmour, to talk about basic flow of problem, solution, and value! In the Application Security News, many popular iPhone apps secretly record your screen without asking, MongoDB databases still being held for ransom, most of the Fortune 100 still use flawed software that led to the Equifax breach, and a Chrome extension with millions of users is now serving popup ads!
Β
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode50
Visit https://www.securityweekly.com/asw for all the latest episodes!
Β
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, your Lenovo X is watching you & sharing information, a client-side DNS attack emerges from academic research, a macOS vulnerability leaks safari data, hackers hit VFEmail & wipe US servers and backups, and a check-in system flaw puts major airlines at risk! Jason Wood from Paladin Security joins us for expert commentary on how fraudsters are scamming teenage 'money mules' on Instagram and Snapchat!
Β
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode207
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Β
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Ed Moyle, General Manager and Chief Content Officer at Prelude Institute! Ed is on the Advisory Board for InfoSec World and joins us to talk about InfoSec World 2019 and its upcoming plans, where he'll be giving a talk titled "Cryptocurrency Lessons for Enterprise Blockchain"! In the Leadership and Communications segment, keep your employees and youβll keep your customers, why leadership development is superficial and how to fix it, simple techniques to overcome negative emotions when negotiating with others, and more!
Β
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode117
Visit https://infosecworld.misti.com/ and use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Β
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Keith and Paul start the show with the Application Security News, discussing concerns about WordPressβ new βWhite Screen of Deathβ, Google Chrome changes could βdestroyβ ad-blockers, Mozilla is adding and ad-blocker to Firefox Focus 9.0, websites can steal browser data via extensions APIs, and a Fortnite security issue would have granted hackers access to accounts! In the second segment, Keith and Paul interview Jing Xie, Product Manager at Venafi, to talk about Static Analysis, Secure Code Signing, and more!!
Β
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode48
Visit https://www.securityweekly.com/asw for all the latest episodes!
Β
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Chris Long, Security Engineer at Palantir for our Technical Segment to talk about DetectionLab, a collection of Vagrant and Packer scripts that allow you to automate the creation of networks! In the Security News, 5G networks must be secured from hackers and bad actors, Zero-Day vulnerability highlights the responsible disclosure dilemma, a flaw in multiple airline systems exposes passenger data, security bugs in video chat tools enable remote attackers, and an original World War II German message decrypts to go on display at the National Museum of Computing! In our final segment, we air a Pre Recorded interview with InfoSec World Speaker Connie Mastovich, the Sr. Security Compliance Analyst at Reclamere to talk about the Dark Web!
Β
Full Show Notes: https://wiki.securityweekly.com/Episode593 Visit https://infosecworld.misti.com/ and use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass. Visit https://www.securityweekly.com/psw for all the latest episodes! To learn more about DetectionLab, visit: https://detectionlab.network
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul and John interview Randall Trzeciak, the Director of the CERT Insider Threat Center at Carnegie Mellon University's Software Engineering Institute! Randall will also be speaking at InfoSec World 2019 about "An Effective Insider Threat Program" on Saturday, March 30th @ 9:00 am! In the Enterprise Security News, RSA Conference announces finalists for Innovation Sandbox Contest 2019, DigiCert announces all-in-one digital certificate management solution, Google's new Chrome extension warns you about stolen passwords, Signal Sciences raises 35$ Million to accelerate market expansion and tech innovation, and Palo Alto is in talks to buy Information Security firm Demisto!
Β
Full Show Notes: https://wiki.securityweekly.com/ES_Episode125
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
VisitΒ https://infosecworld.misti.com/Β and use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass!Β
Β
Like us on Facebook: https://www.facebook.com/secweekly
Visit http://securityweekly.com/esw for all the latest episodes!
This week, roughly 500,000 Ubiquiti devices may be affected by a flaw already exploited in the wild, Outlaw Shellbot infects Linux servers to mine for Monero, Apple's Siri shortcuts feature vulnerable to abuse, Google's new Chrome extension warns you about stolen passwords, and Google patches critical .png image bug! David Pearson from Awake Security joins us for expert commentary on recent news around Japan performing an IoT pentest on their public IPs!
Β
To learn more about Awake Security, visit: https://securityweekly.com/awake
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode206
Β
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Keith and Paul discuss the current state of privacy and software development! They discuss how Facebook pays teens to install VPN that spies on them, how Apple blocks Facebook from running its internal iOS apps, and more! In the Application Security News, Three UK customer details exposed in homepage blunder, Microsoft cloud services see global authentication outage, the age of surveillance capitalism, the rise of DevXOps, and much more!
Β
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode49
Visit https://www.securityweekly.com/asw for all the latest episodes!
Β
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome David Kennedy, Founder and CEO at TrustedSec, to discuss why it's important to be investing in the right technology and resources! In our second segment, we welcome Sandra Toms, Vice President and Curator, and Britta Glade, Director of Content and Curation from RSA Conference, to preview what's new at RSA Conference 2019!
Β
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode116
To learn more about TrustedSec, visit: https://www.securityweekly.com/trustedsec
Go to https://rsaconference.com/securityweekly-us19 to register now using the discount code 5U9SWFD to receive $100 off a full conference pass!
Β
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Benjamin Daniel Mussler, Senior Security Researcher at Acunetix to talk about Web App Scanning with Authentication! In our second segment, the Security Weekly hosts will discuss the Future of Security, such as major changes, evolving threats, and security culture! In the Security News, 5 tips for access control from an ethical hacker, Japan is to hunt down citizens insecure IoT devices, kid tracking watches allow attackers to monitor real time location data, and Imperva mitigated a DDoS attack that generated 500 million packets per second!
Β
Full Show Notes: https://wiki.securityweekly.com/Episode592
Visit https://www.securityweekly.com/psw for all the latest episodes!
To learn more about Acunetix, visit: https://www.acunetix.com/securityweekly/
Β
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Matt and Paul interview Shreyans Mehta, Chief Technology Officer at Cequence Security to talk about Advanced Bot Protection! In the Leadership and Communications segment, Cybersecurity isn't just for tech people anymore, The Weird Approach to leadership, 4 things to do before a tough conversation, and more!
Β
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode115
Visit https://www.securityweekly.com/bsw for all the latest episodes!
To find out more about Cequence Security visit: https://securityweekly.com/cequence
Β
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, I am joined by Matt Alderman and John Strand to interview Andrew Peterson, Founder and CEO of Signal Sciences, to talk about prioritizing bugs, functionality, and security fixes! In the Enterprise Security News, we will discuss how Cynets Platform approach tames cyber security issues, Salt Security launches API protection platform, Yubicos 2019 state of password and authentication security report, and we have some acquisition and funding updates from ReSec, Medigate, Cato Networks, Sophos, and DarkBytes!
Β
Full Show Notes: https://wiki.securityweekly.com/ES_Episode124
Visit https://www.securityweekly.com/esw for all the latest episodes!
If you want to learn more about Signal Sciences, visit: https://www.signalsciences.com/psw
Β
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, a tool that finds vulnerable robots on the Internet, a new exploit that threatens over 9,000 Cisco routers, apple turns of group FaceTime after an eavesdropping bug, wordpress sites under attack via Zero-Day in abandoned plugin, and OpenBMC caught with 'pantsdown' over a new security flaw! Jason Wood from Paladin Security joins us for expert commentary on Abusing Exchange: One API call away from Domain Admin!
Β
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode205
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Β
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Chris Morales, the Head of Security Analytics at Vectra for an interview to talk about Machine Learning! In our second segment, the Security Weekly hosts talks about some of our favorite hacker movies, influencers in the community, and what software and devices make appearances in our labs! In the Security News, cellular carriers are implementing services to identify cell scam leveraging, new Android malware uses motion sensor to avoid detection, Linux malware disables security software to mine cryptocurrency, and how a hacker threatened a family using a Nest camera to broadcast a fake missile attack alert!
Β
Full Show Notes: https://wiki.securityweekly.com/Episode591
Visit https://www.securityweekly.com/psw for all the latest episodes!
Β
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, I am joined by Jeff Man for the Enterprise News, to talk about Ping Identity offering advanced API cyber protection, AppDynamics keeps expanding monitoring vision, eSentire announces managed endpoint defense powered by Carbon Black, and Juniper Networks signs a deal with IBMs! In the Technical Segment, we will discuss some Open-Source and Free Collaboration Security Tools for Project Planning, Ticketing Systems, Remote System Monitoring, RSS feeds, and Documentation!
Β
Full Show Notes: https://wiki.securityweekly.com/ES_Episode123
Visit https://www.securityweekly.com/esw for all the latest episodes!
Β
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week on Application Security Weekly, Matt Alderman takes the reigns and is joined by Co-Host James Wickett, who is the Head of Research at Signal Sciences! They talk about the human element of application security training and testing! In the Application Security News, Oracle patches 284 vulnerabilities, a bug in Twitter Android app exposed protected tweets, four tips for better API Security in 2019, and more!
Β
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode47
Visit https://www.securityweekly.com/asw for all the latest episodes!
Β
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, a flaw in MySQL could allow rogue servers to steal files, a state agency exposes 3TB of data including FBI info, how cybercriminals clean their dirty money, a critical RCE flaw in Linux APT allows remote attackers to hack systems, and how to protect against a new breed of cyber attack! Jason Wood from Paladin Security joins us for expert commentary on how attackers used a LinkedIn job ad and Skype call to breach a bank's defense!
Β
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode204
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Β
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Matt and Paul interview Zane Lackey, Co-Founder and Chief Security Officer at Signal Sciences! In the Leadership and Communications segment, customer surveys are no substitute for actually talking to customers, CEOs most concerned about Cybersecurity in 2019, the open workspace, doesn't work, and more!
Β
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode114
Visit https://www.securityweekly.com/bsw for all the latest episodes!
For more information about Signal Sciences, visit:Β https://www.signalsciences.com/psw
Β
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Dr. Eric Cole, the Founder and CEO of Secure Anchor Consulting for an interview! In the Technical segment, our very own Joff Thyer will be demonstrating some syntax with PowerShell useful for transferring data into a network while pen testing! In the Security News, two code execution flaws patched in Drupal, 773 million records exposed in massive data breach, prices for Zero-Day Exploits are rising, new attacks target recent PHP Framework Vulnerability, Microsoft launches a new Azure DevOps Bug Bounty program, and more!
Β
Full Show Notes: https://wiki.securityweekly.com/Episode590
Visit https://www.securityweekly.com/psw for all the latest episodes!
For more information about Black Hills Information Security, visit:Β securityweekly.com/bhis
Β
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul is joined by Matt Alderman to discuss some mergers, acquisitions, and partnerships, such as TokenEx partnering with SureCloud, Check Point acquires ForceNock, Zix agrees to acquire AppRiver for $275 million, and more! In this second segment, they discuss some security product launches and announcements from Trustwave, NopSec, ConnectGuard, Pulse Secure, Synopsys, and more!
Β
Full Show Notes: https://wiki.securityweekly.com/ES_Episode122
Visit https://www.securityweekly.com/esw for all the latest episodes!
Β
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Keith and Paul interview Rey Bango, Security Advocate for Microsoft! Rey is focused on helping the community build secure systems & being a voice for researchers within MS! In the Application Security News, Another server security lapse at NASA exposed staff and project data, CRLF Injection Into PHPβs cURL Options, System Down: A systemd-journald exploit, GitHub now gives free users unlimited private repositories, Twitter is broken, Government shutdown: TLS certificates not renewed, many websites are down, and much more!
Β
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode46
Visit https://www.securityweekly.com/asw for all the latest episodes!
Β
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, US Government shutdown leaves dozens of .gov sites vulnerable, Firefox 69 to disable Adobe Flash, an unpatched vCard flaw could leave your PCs open to attackers, Tesla's contest Pwn2Own could win you a Model 3, and how building site cranes are easier to hack than garage door openers! Jason Wood from Paladin Security joins us for expert commentary on how the Boston Hospital Attacker was sentenced to 10 years in prison, and more on this episode of Hack Naked News!
Β
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode203
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Β
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Matt and Paul introduce a new quarterly segment to review the money of security, including public companies, IPOs, funding rounds, and acquisitions from the previous quarter! We've also created our own index to track public security companies called the Security Weekly 25, so let's understand how the security market is doing! In the Leadership Articles, Matt and Paul discuss how to be present, manage time, and avoid distractions, why your gut instinct is usually wrong, the 5 most efficient ways to get your work done, the creative difference between multitasking and multi-focus, and more!
Β
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode113
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Β
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Bryson Bort, the Founder and CEO of SCYTHE to talk about Attack Simulation! In the Technical Segment, Kory Findley will be presenting a tool he created entitled βpktreconβ, for internal network segment reconnaissance using broadcast and service discovery protocol traffic! In the Security News, why Hyatt Is launching a public bug bounty program, Amazon Key partners with myQ, web vulnerabilities up, IoT flaws down, enterprise iPhones will soon be able to use security dongles, how El Chapo's IT manager cracked his encrypted chats and brought him down, and more!
Β
Full Show Notes: https://wiki.securityweekly.com/Episode589
Visit https://www.securityweekly.com/psw for all the latest episodes!
For more information about SCYTHE, visit:Β https://www.scythe.io/securityweekly
Β
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Tony Cole, Chief Technology Officer at Attivo Networks for an interview! Tony joins us to discuss the cyber deception in the enterprises today, and gives a brief history of deception and its applicability to cybersecurity! In the Enterprise News, Neustar bolsters fraud detection capabilities with Trustid, almost half of containers in production have vulnerabilities, BlackBerry offers its security technology to IoT device makers, and Radware to acquire ShieldSquare for expansion of its cloud security portfolio!
Β
Full Show Notes: https://wiki.securityweekly.com/ES_Episode121
Visit https://www.securityweekly.com/esw for all the latest episodes!
Β
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Keith and Paul interview Ken Johnson, Application Security Engineer at GitHub! Ken joins us to discuss approaching AppSec the right way, "running a scanner without context", getting the right context/importance of context, and how to figure what's real and what's legit! In the Application Security News, Wormable stored XSS on WordPress.org, a security lapse revealed private complaints from Silicon Valley employees, hackers hijack thousands of Chromecasts to warn of latest security bug, a linting tool for checking accessibility, speed, and security, host websites on GitHub, and more!
Β
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode45
Visit https://www.securityweekly.com/asw for all the latest episodes!
Β
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Ethereum hit by Double Spend attack, NSA to release reverse engineering tool for free, a Skype glitch allowed Android Authentication Bypass, Zerodium offers $2 Million for remote iOS jailbreaks, and tens of thousands of hot tubs are exposed to hacking! Our CEO Matt Alderman joins us for expert commentary on how Container Security lags amidst DevOps enthusiasm, and more!
Β
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode202
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Β
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Matt and Paul interview Tim Callahan, Global Chief Security Officer of Aflac, to discuss communicating threat intelligence to executives and the board! In the Leadership Articles, Matt and Paul discuss how to moderate a panel discussion, the secret to leading organizational change is empathy, DevOps explained, 5 cloud computing predictions for 2019, and the top 3 things CIOs lose sleep over!
Β
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode112
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Β
Visit our website: https://www.securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Dameon Welch-Abernathy, or βPhoneboyβ, a Cyber Security Evangelist at Check Point Software Technologies for an interview! Dameon joins us to discuss how to help people in the security community, a topic near and dear to our hearts! In the Technical Segment, the Security Weekly crew accompanied by Dameon holds a discussion on Breaches, Privacy, Compliance, and more! In the Security News, the worst hacks of 2018, hijacking smart TV's to promote PewDiePie, hackers attempt to sell stolen 9/11 documents, and turning your house into a DOOM level with a Roomba! All that and more, on this episode of Paul's Security Weekly!
Β
Full Show Notes: https://wiki.securityweekly.com/Episode588
Visit https://www.securityweekly.com/psw for all the latest episodes!
Β
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly