SWN #269 – Empathy, Bitwarden, Lexmark, Exchange, Dragonbridge, & Derek Johnson Talks About Hive
This week Dr. Doug discusses: Empathy, hacking back, typosquatting, Bitwarden, Lexmark, Exchange, Russians, Iranians, Dragonbridge, Derek Johnson talks about Hive and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter:...
ESW #303 – What Makes A Good Breach Response?
What makes a good breach response? What makes a bad one? Could we objectively measure them? How would we break down and rate a company’s breach response performance? This is the first in our 2 segment Enterprise News...
PSW #770 – Brian Behlendorf
This week in the Security News: GetVariable strikes again, attackers could blow up your computer remotely, escaping containers, null-dereferences and faulty evaluations, 31 new CPU vulnerabilities for AMD, a look into Chrome, santa, not-so-secure secure booting, and malware included!...
ASW #226 – Marudhamaran Gunasekaran
Breach disclosures from T-Mobile and PayPal, SSRF in Azure services, Google Threat Horizons report, integer overflows and more, Rust in Chromium, ML for web scanning, Top 10 web hacking techniques of 2022 Developers write code. Ideally, secure code. But...
BSW #291 – Doug Hubbard
Richard Seiersen and our guest, Doug Hubbard, are finishing the second edition of How to Measure Anything in Cybersecurity Risk. Doug is here to share the success of the first edition and preview the second edition. With more insights,...
SWN #268 – Chick-Fil-A, Onenote, Xlls, Vastflux, Tmobile, Chatgpt, Ukraine, Lots Of Microsoft
This Week Dr. Doug talks: Chick-Fil-A, OneNote, XLLs, VastFlux, Tmobile, ChatGPT, Ukraine, Microsoft, Jason Wood, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn268 Follow us on Twitter: https://www.twitter.com/securityweekly Like...
Throwback Episode – Andrew Morris – ESW 264
There's a LOT of noise in the security industry. We've catalogued over 10,000 cybersecurity products and each of the companies behind these products has a marketing team, a twitter account, a blog, and a ton of content to blast...
Throwback Episode – Gary McGraw – PSW 366
We're aren't recording this holiday week, so enjoy this PSW throwback episode! Main host Paul Asadoorian selected this episode to share as it's still relevant to the hacker community today. PSW366 was recorded June of 2016 with Gary McGraw.
Throwback Episode – The 3 Mistakes All First Time CISOs Make That No One Tells You – BSW 227
We're aren't recording this holiday week, so enjoy this BSW throwback episode! Main host Matt Alderman selected this episode to share as it's still relevant to the InfoSec business community today. This week, we welcome Jim Routh, Former...
Throwback Episode – Dev(Sec)Ops Scanning Challenges & Tips – ASW 170
We're aren't recording this holiday week, so enjoy this ASW throwback episode! Main host Mike Shema selected this episode to share as it's still relevant to the AppSec community today. This week, we welcome Nuno Loureiro, CEO at...
SWN #267 – Frozen, Fortinet, Scattered Spider, Routers, Apf, Telegram, & Cwp
Dr. Doug talks: Frozen, Fortinet, Scattered Spider, Cisco, Juniper, Apache no more, Telegram, Control Web Panel, and more on the Security Weekly News! Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on...
ESW #302 – Brian Contos, Isabelle Roccia
Europe is a global driver for privacy rules and digital legislation. Which means it is also a force to be reckoned with when it comes to enforcement. With privacy and security being so intertwined, this conversation will focus on...
PSW #769 – Kate Stewart
Over the last few years, the trend to use Open Source has been migrating into safety-critical applications, such as automotive and medical, which introduces system-level analysis considerations. In a similar fashion, these components are now being considered for the...
ASW #225 – Dan Moore
Exposed secrets from CircleCI, web hackers target the auto industry, $100K bounty for making Google smart speakers listen, inspiration from Office Space, AWS making better defaults for S3, resources for learning Rust This segment will discuss options for...
SWN #266 – Codeql, Kinsing, Bit Buckets, Win 7 Is Dead, Spynote, Vall-E, & Aaran Leyland
CodeQL, Kinsing, Bit Buckets, Win 7 is dead, Spynote, Vall-E, Aaran Leyland and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show...
BSW #290 – Tim Brown
In the leadership and communications section, The CISO Role is Broken, Five Cybersecurity Resolutions CISOs Can Actually Keep In 2023, Are Cyber Attacks at Risk of Becoming ‘Uninsurable’?, and more! SolarWinds has been on the journey of Secure by...
SWN #265 – Virtual Smells, Werfault, 2012, ChatGPT, Captcha, Rust Hyper, & Qualcomm
This week in the Security News: Virtual Smells, Werfault, Server 2012, ChatGPT, Captcha, Rust Hyper, Qualcomm, and more on the Security Weekly News! Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on...
ESW #301 – David Hunt, Jerry Bell
If you’ve ever worked on a red or purple team, you know scaling engagements to production is an intensive, unwieldy process. Technology pitfalls may exist, but the fundamental problem is this: the process of writing, testing, deploying, and verifying...
PSW #768 – Robert Martin
In the Security News: The Roblox prison yard, password manager problems, PyTorch gets torched with a supply chain attack, Oppenheimer cleared, Puckungfu, spice up your persistence with PHP, turning Google home into a wiretap device, Nintendo 3DS remote code...
ASW #224 – Keith Hoodlet
How do you mature a team responsible for securing software? What are effective ways to prioritize investments? We'll discuss a set of posts on building talent, building capabilities, and what mature teams look like. Segment resources: - https://securing.dev/categories/essentials/ ...
GitHub says hackers cloned code-signing certificates in breached repository
Enlarge
GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom.
Code-signing certificates place...
QNAP addresses a critical flaw impacting its NAS devices
Taiwanese vendor QNAP is warning customers to install QTS and QuTS firmware updates to address a critical flaw impacting its NAS devices.
QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that...
Chromebook SH1MMER exploit promises admin jailbreak
Schools' laptops are out if this one gets around, but beware bricking Users of enterprise-managed Chromebooks now, for better or worse, have a way to break the shackles of administrative control through an exploit called SHI1MMER.…
MusicLM: Google AI generates music in various genres at 24 kHz
Enlarge / An AI-generated image of an exploding ball of music. (credit: Ars Technica)
On Thursday, researchers from Google announced a new generative AI model called MusicLM that can create...
Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine
The incidents are the latest indication of the growing popularity of dangerous disk wipers, created to disrupt and degrade critical infrastructure and other organizations.
