Thursday, August 22, 2019
Security Weekly

No Spoilers – BSW #140

This week, we welcome Jessica Johnson and Amber Pedroncelli to discuss Hacker Halted and the Global CISO Forum! In the Leadership and Communications segment, 3 Traits Of Successful Entrepreneurs, 4 Ways To Gain Power And Use It For Good,...
Security Weekly

HNN #230 – August 20, 2019

This week, 61 impacted versions of Apache Struts let off security advisories, a hacker publicly releases Jailbreak for iOS version 12.4, Chrome users ignoring warnings to change breached passwords, an unpatchable security flaw found in popular SoC boards, and...
Security Weekly

The Dark Data – ASW #73

This week, in the Application Security News, HTTP/2 Denial of Service Advisory with seven vulns that affects the protocol implemented by several vendors, SSH certificate authentication for GitHub Enterprise Cloud works well with tools like Sharkey and BLESS, Polaris...
Security Weekly

It Gets Really Hot! – PSW #616

This week, we welcome Tony Punturiero, Community Manager at Offensive Security, to talk about the journey of turning from a Blue Teamer to a Red Teamer, and kick starting an InfoSec community! In the Security News, BlackHat USA 2019...
Security Weekly

The Shady Stuff – ESW #149

This week, Paul and Matt Alderman interview Mehul Revankar, Senior Product manager at SaltStack, to discuss the Sec and Ops Challenge! In the Enterprise Security News, Signal Sciences Rolls New Application Security Product, A10 Networks brings zero-day automated protection...
Security Weekly

Highly Rated Leaders – BSW #139

This week, in the Leadership and Communications segment, how our brains decide when to trust, Warren Buffet's "2 List strategy", lack of IT leadership fuels IoT trial failures, and more! In our second segment, we air a Pre-Recorded interview...
Security Weekly

Highly Distributed – ASW #72

This week, Mike Shema and Matt Alderman discuss Hacker Summer Camp as the Security Weekly team has returned from Las Vegas all in one piece! In the Application Security News, From Equifax to Capital One: The problem with web...
Security Weekly

That’s An Illusion – ESW #148

This week, we are LIVE from BlackHat 2019, as we welcome John Smith, Principal Sales Engineer of Security at ExtraHop, to discuss Network Detection & Response! In our second segment, we welcome Joe Gillespie, Enterprise Account Executive at Netsparker,...
Security Weekly

Nobody Move! – PSW #615

This week, from BlackHat 2019, we welcome back Gabriel Gumbs, Chief Innovation Officer at Spirion! Gabe talks about his role at the company, and shares some stories of his endeavors in the world of security! In the second segment,...
Security Weekly

Let’s Unzip the Fly – PSW #614

This week, we welcome Sam Straka, Technical Product Manager at LogRhythm, to talk about LogRhythm's Next Gen SIEM Platform orchestration! In our second segment, we welcome Doug Coburn, Director of Professional Services at Signal Sciences, to talk about how...
Security Weekly

Let It Go – ESW #147

This week, Paul, Matt, and John discuss how Microsoft acquires BlueTalon to bolster data governance offerings, Arduino selects Auth0 as standardized login for open source ecosystem, new code-signing solution released by Venafi, and ExtraHop issues warning about phoning home...
Security Weekly

Earn Your Stripes – Business Security Weekly #138

This week, we welcome Todd Fitzgerald, Managing Director/CISO/Cybersecurity Leadership Author at CISO SPOTLIGHT, LLC, to discuss his book, the CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers! In the Leadership and Communications segment, Leading with Trust, Portrait...
Security Weekly

Hack Naked News #229 – July 30, 2019

This week, a rare steganography hack can compromise fully patched websites, the Louisiana governor declares state of emergency after a local ransomware outbreak, Google found a way to remotely attack Apple iOS devices by sending a boobytrapped iMessage, and...
Security Weekly

Off Guard – Application Security Weekly #71

This week, in the Application Security News, Rare Steganography Hack Can Compromise Fully Patched Websites, Bug Bounties Continue to Rise as Google Boosts its Payouts, Snyk Acquires DevSecCon to Boost DevSecOps Community, and much more! In our second segment,...
Security Weekly

Well Lubricated – Paul’s Security Weekly #613

This week, we welcome Troels Oerting, Head of the Global Centre for Cybersecurity at the World Economic Forum, to discuss Integrity through Prevention, and protection and prosecution via people, technology, and processes! In the Security News, a phishing scheme...
Security Weekly

We’re Not Investment Bankers – Enterprise Security Weekly #146

This week, Matt and Paul discuss how Synopsys and Ixia announce a collaboration to enable scalable networking SoC validation, Digital Shadows announces significant updates to its SearchLight platform, Check Point introduces high-performance security gateways, and nine steps to lock...
Security Weekly

Dropping Conspiracy Theories – Business Security Weekly #137

This week, we welcome Ajit Sancheti, CEO at Preempt, to discuss Securing Identity with Conditional Access! In the Leadership and Communications segment, 8 Sales Skills You Need to Learn, The Trust Crisis, Five Management Lessons From the Apollo Moon...
Security Weekly

Hack Naked News #228 – July 23, 2019

This week, a bug in NVIDIAs Tegra Chipset opens doors to Malicious Code Execution, hackers publish a list of phished Discord creds, Equifax to pay up to $700 Million in 2017 data breach settlement, several vulnerabilities found in Comodo...
Security Weekly

Help Us! – Application Security Weekly #70

This week, we welcome Ian Eyberg, CEO of NanoVMs! In the Application Security News, detecting malware in package manager repositories, Attacking SSL VPN, Solving Digital Transformation Cybersecurity Concerns With DevSecOps, How I Could Have Hacked Any Instagram Account, Tracking...
Security Weekly

Dirty Looks – Paul’s Security Weekly #612

This week, we welcome Katie Nickels, ATT&CK Threat Intelligence Lead at the MITRE Corporation, to talk about the MITRE ATT&CK Framework! In our second segment, a security roundtable discussion on Vulnerability Management, Patching, Hunt Teaming, Asset Management, and System...

Ready or Not, Here Comes FIDO: How to Prepare for Success

Planning and Preparation Are Key to Successfully Adopting FIDO Standards for “Simpler, Stronger Authentication” read more

Amazon, Microsoft, May be Putting World at Risk of Killer AI, Says Report

Amazon, Microsoft and Intel are among leading tech companies that could spearhead a global AI arms race, according to a report that surveyed major players from the sector about their stance on lethal autonomous weapons. read more
The Register

The Joy of Six… critical security patches: Cisco small biz switches open to hijacking via web UI

Turn it on, download these fixes, crank it up – and rip the KNOB off Cisco has emitted a fresh round of software updates to address security holes in its network switches and controllers.…

New FISMA Report Shows Progress, Gaps in Federal Cybersecurity

No major incidents mixed with continuing gaps in implementation paint an improving, but still muddy, picture of cybersecurity in the federal government.

A botnet has been cannibalizing other hackers’ web shells for more than a year

Neutrino botnet is hijacking servers by taking over other hackers' PHP and Java web shells.