Thursday, June 1, 2023
Security Weekly

Career Ladders In Information Security – Marc French – BSW Vault

Check out this interview from the BSW VAULT, hand picked by main host Matt Alderman! This segment was originally published on June 8, 2020.  Marc French has more than 25 years of technology experience in engineering, operations, product management,...
Security Weekly

Career Ladders In Information Security – Marc French – BSW Vault

Check out this interview from the BSW VAULT, hand picked by main host Matt Alderman! This segment was originally published on June 8, 2020. Marc French has more than 25 years of technology experience in engineering, operations, product management,...
Security Weekly

SWN #301 – Brain Implants, Volt Typhoon, CosmicEnergy, OAuth, ILoveYou , Aaran Leyland, and More

Ferret Legging, Elon's Brain Implants, Volt Typhoon, CosmicEnergy, OAuth, ILoveYou (and that's not just the Molly talking), Aaran Leyland, and More on this episode of the Security Weekly News.   Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on...
Security Weekly

ESW #319 – Amitai Ratzon, Steve Ragan, Deepika Chauhan, Thomas Kinsella, Jon Check

On this edition of the ESW news, we're all over the place! Funding and acquisitions are a little sad right now, but AI and TikTok bans raise our spirits. The hosts are split on feelings about the new .zip...
Security Weekly

Generative AI Security Implications – Liam Mayron – PSW #786

Liam Mayron from Fastly comes on the show to talk about his unique path into information security, the security implications of generative AI, advances in technologies to protect web applications, detecting bots, and enabling better MSP services! This segment...
Security Weekly

SWN #300 – Space, Naughty Cell Phones, HP, ASUS, Meta, Google, Gil Kirkpatrick and more

Space, the final frontier, Naughty Cell Phones, HP, ASUS, Meta, Google, Gil Kirkpatrick, and more on this edition of the Security Weekly News.   Segment Resources:  https://www.darkreading.com/cloud/microsoft-azure-vms-highjacked-in-cloud-cyberattack   This segment is sponsored by Semperis. Visit https://securityweekly.com/semperis to learn more about...
Security Weekly

ASW #242 – Ten Things I Hate About Lists

The OWASP Top 10 dates back to 2003, when appsec was just settling on terms like cross-site scripting and SQL injection. It's a list that everyone knows about and everyone talks about. But is it still the right model...
Security Weekly

BSW #307 – Matt Radolec

You can rebuild infrastructure. But you can’t un-breach data – Data sits at the core of an organization and is often the most open and vulnerable. This is why data security is the most important and urgent security problem...
Security Weekly

SWN #299 – Wemo Vulnerability, EXSI Threats, Critical Cisco Flaws, IAM, Malware, and More

$10M reward, a serious wemo vulnerability, EXSI threats, critical Cisco flaws, millions of smart phones with preinstalled malware and Bill Brenner   Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly  ...
Security Weekly

ESW #318 – Mickey Bresman, Dave Merkel, Michaël Lakhal, Ashley Leonard, Jason Rolleston, Eve Maler

This week, we discuss fundings, acquisitions (TWO DSPM exits!), the ongoing market downturn/weirdness, and surprise - LLM-based AIs! We spend a fair amount of time talking about the importance of breach transparency - we need to be able to...
Security Weekly

PSW #785 – Kevin Johnson

Kevin Johnson joins us to discuss pen testing, automated testing, why AI testing is not pen testing!   In the security news: How AI Knows Things No One Told It, Dragos Employee Gets Hacked, VMProtect Source Code Leaks, CISA...
Security Weekly

SWN #298 – ChatGPT, PentestGPT, BurpGPT, Cyber Resilience Act's Poison Pill & Malicious Actors

This week in the Security News, Aaran Leyland joins remotely to dish out the latest news: Cyber Resilience Act contains a poison pill, a powerful backdoor, Malicious Actors and Jason Wood - Valued Co-Host OR Malicious Actor? All that...
Security Weekly

ASW #241 – Asaf Ashkenazi, Chris Eng, Jeff Martin

What happens to an app's security after six months? What about a year or two years? A Secure SDLC needs to maintain security throughout an app's lifetime, but too often the rate of new flaws can outpace the rate...
Security Weekly

BSW #306 – Mayeuresh Ektare, Molly McLain Sterling, Lenny Zeltser

Medtronic's Security Ambassador program has seen tremendous growth and engagement in recent years. Learn how they gave their program a shot of adrenaline and haven't looked back since.   Cybersecurity teams today are inundated with tools that provide an...
Security Weekly

SWN #297 – Terminators, Joe Sullivan, Dragos, ESXi, Microsoft, Greatness, Jessica Davis and More

Singing Terminators, Gmail, Joe Sullivan, Dragos, ESXi, Microsoft, Greatness, Jessica Davis, and More on this episode of the Security Weekly News.   Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly  ...
Security Weekly

ESW #317 – Brian Kenyon, Rhett Dillingham, Antonio Sanchez, Deepen Desai

We are nearly half way through 2023, and we're seeing some new trends surface in the cyber landscape. These include generative artificial intelligence, which was everywhere at RSA Conference this year, as well as automation across security operations and...
Security Weekly

PSW #784 – Paula Januszkiewicz

In this talk, Paula Januszkiewicz, renowned cybersecurity expert with years of experience in the field, shares her insights on critical tasks that must be included in any successful penetration testing checklist. She will offer the listeners a sneak peek...
Security Weekly

SWN #296 – Chat GPT, QR codes, Boot Guard, Akira, SuperCare, Jason Wood, and More News

Poisonous Parsley and Chat GPT, QR codes, Boot Guard, Akira, Wanted Posters, SuperCare, VPNS, Jason Wood, and more on this edition of the Security Weekly News.   Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like...
Security Weekly

ASW #240 – Kelly Shortridge, Eric Fourrier, Richard Yew

What does software resilience mean? Why is status quo application security unfit for the modern era of software? How can we move from security theater to security chaos engineering? This segment answers these questions and more. Segment Resources: Book...
Security Weekly

BSW #305 – Alla Valente, Joe Payne, Jim Broome, Cody Scott

Each year, Forrester tracks the top systemic risks — external events that impact your firm and customers but are out of your control — facing organizations. The impacts of climate change are both short-term, in the form of severe...
The Hacker News

Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-28771 (CVSS score: 9.8), the issue relates to a command injection flaw impacting...
The Hacker News

Urgent WordPress Update Fixes Critical Flaw in Jetpack Plugin on Million of Sites

WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that’s installed on over five million sites. The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since version 2.0,...
The Register

Dark Pink cyber-spies add info stealers to their arsenal, notch up more victims

Not to be confused with K-Pop sensation BLACKPINK, gang pops military, govt and education orgs Dark Pink, a suspected nation-state-sponsored cyber-espionage group, has expanded its list of targeted organizations, both geographically and by sector, and has carried out at...
The Register

Feds, you’ll need a warrant for that cellphone border search

Here's a story with a twist A federal district judge has ruled that authorities must obtain a warrant to search an American citizen's cellphone at the border, barring exigent circumstances.…
Graham Cluley

Smashing Security podcast #324: .ZIP domains, AI lies, and did social media inflame a riot?

height="315" class="aligncenter size-full wp-image-292324" /> ChatGPT hallucinations cause turbulence in court, a riot in Wales may have been ignited on social media, and do you think .MOV is a good top-level domain for "a website that moves you"? All this and...