Wednesday, December 11, 2019
Security Weekly

Keys to the Kingdom – BSW #155

This week, we welcome John Ramsey, Chief Information Security Officer at National Student Clearinghouse, to discuss Security in Education! In the Leadership and Communication Segment, In-depth protection is a matter of basic hygiene, 4 strategies to find time for...
Security Weekly

HNN #245 – December 10, 2019

This week, How Panasonic is using internet honeypots to improve IoT device security, A new Windows 10 ransomware threat?, 'Hackable' karaoke and walkie talkie toys found by Which?, Linux Bug Opens Most VPNs to Hijacking, New Office 365 Feature...
Security Weekly

Dad Jokes – ASW #88

This week, we welcome Allan Friedman, Director of Cybersecurity Initiatives at the NTIA US Department of Commerce, to talk about the Software Bill of Materials! In the Application Security News, GitHub Seeks Security Dominance With Developers, IoT and Agile...
Security Weekly

The Casting Couch – PSW #629

This week, we welcome Eric Brown, Senior Security Analyst at LogRhythm, to talk about the Outlook on Phishing in 2020! In our second segment, we welcome back Micah Hoffman, Principal Investigator at Spotlight Infosec, to discuss OSINT in Cyber!...
Security Weekly

Just Magic – ESW #164

This week, we talk Enterprise Security News, discussing How Mimecast Challenges Shadow IT for Cloud App Usage on Mobile and Desktop Devices, CloudKnox Security Announces Integration with AWS IAM Access Analyzer, Morphisec Achieves AWS Security Competency Status for Cloud...
Security Weekly

Frozen Orange Juice – SCW #9

This week, we welcome Mathieu Gorge, CEO at Vigitrust for an interview! In the Security and Compliance News, Sale of 4 Million Stolen Cards Tied to Breaches at 4 Restaurant Chains, Sentara Hospitals to pay $2.2M HIPAA settlement for...
Security Weekly

All You Need Is Flow – BSW #154

This week, we welcome Ward Cobleigh, Senior Product Manager at VIAVI Solutions! In the Leadership and Communications segment, Companies Need to Rethink What Cybersecurity Leadership Is, What Companies That Are Good at Innovation Get Right, Staff in smaller businesses...
Security Weekly

HNN #244 – December 3, 2019

This week, Microsoft OAuth Flaw Opens Azure Accounts to Takeover, Vulnerabilities Disclosed in Kaspersky, Trend Micro Products, Critical Code Execution Vulnerability Found in GoAhead Web Server, and StrandHogg Vulnerability Allows Malware to Pose as Legitimate Android Apps! In the...
Security Weekly

Low Hanging Fruit – ASW #87

This week, we welcome Sandy Carielli, Principal Analyst at Forrester Research, to discuss the impact of good and bad bots on enterprises and how it is both a security and customer experience problem! In the Application Security News, Analysis...
Security Weekly

The Response Line – ESW #163

This week, we talk Enterprise News, to talk about how Cloudflare Open-Sources its Network Vulnerability Scanner, Qualys brings its Market Leading Vulnerability Management Solution to the next level, and some acquisition and funding updates from Palo Alto, Cymulate, Detectify,...
Security Weekly

The Magical Formula – SCW #8

This week, we welcome Russell Mosley and Jim Nitterauer, to discuss security and compliance specifically for small businesses where they have been involved with audit and compliance including NIST 800-171, 800-53 (FISMA) and SOC, and how to achieve decent...
Security Weekly

Level of Separation – BSW #153

This week, we welcome Nate Fick, GM of Elastic Security and former CEO of Endgame, to discuss Elastic's resource-based pricing! In the Leadership and Communications segment, Why Business Leaders Need to Understand Their Algorithms, How to Do a Digital...
Security Weekly

HNN #243 – November 26, 2019

This week, PoC exploit code for Apache Solr RCE flaw is available online, Some Fortinet products used hardcoded keys and weak encryption for communications, Critical Flaws in VNC Threaten Industrial Environments, Twitter allows users to use 2FA without a...
Security Weekly

Snarky Ways – ASW #86

This week, we welcome Tim Mackey, Principal Security Strategist at Synopsys! In the Application Security News, $1M Google Hacking Prize, 1.2B Records Exposed in Massive Server Leak, How Attackers Could Hijack Your Android Camera to Spy on You, XSS...
Security Weekly

Drinking Brake Fluid – PSW #628

This week, we welcome Peter Liebert, CEO at Liebert Security, to discuss The Next Generation of SOCs: DevSecOps, Automation and breaking the model! In our second segment, we welcome back our friend Dave Kennedy, Founder and CEO of TrustedSec...
Security Weekly

Hot Mess – ESW #162

This week, we talk Enterprise News, discussing how Sysdig supports Google Cloud Run for Anthos to secure serverless workloads in production, StackRox Kubernetes Security Platform 3.0 Introduces Advanced Features and New Workflows for Configuration and Vulnerability Management, and some...
Security Weekly

We Don’t Do PCI – SCW #7

This week, we talk about the 2019 Verizon Payment Security Report! Why is PCI Compliance Decreasing? Why is it decreasing? What's missing? What needs to change? In the Security and Compliance News, Is My PCI Compliance Good Enough to...
Security Weekly

Shady Things – BSW #152

This week, we welcome Scott Petry, CEO at Authentic8, to discuss challenges with the browser and securing web sessions! In the Leadership and Communications segment, CISOs left in compromising position as organizations tout cyber robustness, How To Get More...
Security Weekly

HNN #242 – November 19, 2019

This week, Vulnerabilities in Android Camera Apps Exposed Millions of Users to Spying, what to do if surveillance has you worried, GitHub launches Security Lab to boost open source security, Disney+ Credentials Land in Dark Web Hours After Service...
Security Weekly

Notoriously Targeted – ASW #85

This week, we welcome back Pawan Shankar, Senior Product Marketing Manager of Sysdig, to announce the launch of Sysdig Secure 3.0! In the Application Security News, Mirantis' Docker Enterprise acquisition a lifeline as industry shifts to Kubernetes, Attackers' Costs...
SC Magazine

Pensacola confirms ransomware attack

Pensacola officials confirmed that an ongoing cyberattack that began early Saturday morning is a ransomware attack. While the city did not release any additional details, the Pensacola News Journal said city spokeswoman Kaycee Lagarde confirmed the attack included a ransom, something that...

Trickbot Operators Now Selling Attack Tools to APT Actors

North Korea's Lazarus Group - of Sony breach and WannaCry fame - is among the first customers.
Brian Krebs

The Great $50M African IP Address Heist

A top executive at the nonprofit entity responsible for doling out chunks of Internet addresses to businesses and other organizations in Africa has resigned his post following accusations that he secretly operated several companies which sold tens of millions...

Intel Issues Fix for ‘Plundervolt’ SGX Flaw

Researchers were able to extract AES encryption key using SGX's voltage-tuning function.
TechRepublic

How to stop spam calls right now

Spam calls drive us all crazy. Here are four ways to stop robocalls and other unsolicited phone calls.