Wednesday, May 12, 2021
Security Weekly

Net Neutrality Redux, Elon Musk, Colonial Pipeline, & Lemon Duck Botnet – SWN #121

This week in the Security Weekly News: Elon, Jerry Lee Lewis, Colonial Pipeline, Net Neutrality redux, Lemon Duck, Rico, & Jason Wood returns for Expert Commentary!   Show Notes: https://securityweekly.com/swn121 Visit https://www.securityweekly.com/swn for all the latest episodes!   Follow...
Security Weekly

Talking Heads – ASW #150

While the vision for app security is relatively clear, executing on that vision is still somewhat of a work in progress. Fast-moving, interdependent pieces—custom code and open source packages, infrastructure and network configurations, user entitlements—make for complex systems. In...
Security Weekly

Dusty Corners – PSW #693

This week, Bob Erdman, Associate Director of Development at Core Security, joins us for an interview to talk about Building a Risk-Based Vulnerability Management Program! Then, Jim Langevin, US Congressman at the US House of Representatives, joins us for...
Security Weekly

Bad Pings, Yahoo Answer Babbies, Python Bugs, & Spectre Attacks – Wrap Up – SWN #120

This week in the Security Weekly News Wrap Up Dr. Doug talks: Pings are bad, m'kay, Yahoo Answers, Python ipaddress bugs and the curse of octal, Deepfakes, Qualcom, Spectre, First Horizon Bank, & the show Wrap Ups for this...
Security Weekly

Tyler Has Visitors – ESW #226

This week, In the first segment, we welcome Steve Springett, Chair at CycloneDX SBOM Standard, Core Working Group, for a discussion on The Rise of SBOM! Next up, Carlos Morales, CTO Security Services at Neustar, joins for a discussion...
Security Weekly

Enforcement Body – SCW #72

Just last month, Virginia became the second state in the U.S. to pass a privacy law – the Consumer Data Protection Act (CDPA). While this doesn’t take effect until 2023, it’s important for businesses to understand what it means...
Security Weekly

Limitless – BSW #215

Graham Keavney, President at Cybersecurity Collaboration Forum, joins us to provide an overview of the Cybersecurity Collaboration Forum and the benefits of CISO peer-to-peer networks. This week, it's my favorite segment, Security Money, where we update you on the...
Security Weekly

Alert Your Star Destroyers – ASW #149

Rey Bango will be digging into the developer security training conundrum based on his own experiences with secure coding and security training. He'll cover: • The types of security training that work • The role of security champions •...
Security Weekly

Dan Kaminsky, 'BadAlloc' Flaws, Apple 0-Days, & Spectre Defenses Shattered – SWN #119

This week Dr. Doug talks Dan Kaminsky, Spectre, Badalloc, Cardassian Overlords, Apple patches, and the notorious Jason Wood returns for Expert Commentary!   Show Notes: https://securityweekly.com/swn119 Visit https://www.securityweekly.com/swn for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly...
Security Weekly

Passwordstate Backdoor, Gov't Tackles Ransomware, & BinD Updates – Wrap Up – SWN #118

In the Security Weekly News Wrap Up for this week: Government intervention in Ransomware, Joe Biden's response to Russia, Passwordstate, AI, Mitre, Chrome, contaminated instruments, and Dr. Doug's Favorite Threat of the Week!   Show Notes: https://securityweekly.com/swn118 Visit https://www.securityweekly.com/swn...
Security Weekly

Vulcan Mind Meld – PSW #692

This week, Fleming Shi, CTO of Barracuda Networks, joins us for an interview to talk about Protecting the Hybrid Workforce! Then, Fred Gordy, Director of Cybersecurity at Intelligent Buildings, joins us for a discussion on Smart Building Control System...
Security Weekly

Between the Two Tylers – ESW #225

This week, Rickard Carlsson, CEO at Detectify, joins us to talk about collaboration as the modern approach application security. In the Enterprise News for this week: HackerOne Enhances Security Testing Platform, Palo Alto Networks Expands Unit 42 Cybersecurity Consulting...
Security Weekly

Boil the Ocean – SCW #71

Richard Struse, Director of The Center for Threat-Informed Defense from MITRE Engenuity joins the SCW crew for a two part interview! -What is threat-informed defense and how does it relate to other aspects of cybersecurity? -The importance of ATT&CK...
Security Weekly

Skin in the Game – BSW #214

Cyber accountability is often overlooked by Board of Directors and the C-Suite. They tend to turn a blind eye to their cyber security mandates or avoid the issue. But as Solarwinds, MS Exchange and many other security incidents prove...
Security Weekly

Emotet Nukes Itself, Nvidia 0-Days, Babuk D.C Attack, & iOS 14.5 – SWN #117

This week in the Security Weekly News: Dirty emojis, Nvidia zero-days, Shlayer, Cozy Bear, Emotet, Babuk, iOS 14.5, and Jason Wood returns for Expert Commentary!   Show Notes: https://securityweekly.com/swn117 Visit https://www.securityweekly.com/swn for all the latest episodes!   Follow us...
Security Weekly

Minimum Safe Distance – ASW #148

We start with the article about "Researchers Secretly Tried To Add Vulnerabilities to Linux Kernel, Ended Up Getting Banned" and explore its range of issues from ethics to securing huge, distributed software projects. It's hardly novel to point out...
Security Weekly

Curmudgeon Pills – PSW #691

Kevin and the CYBER.ORG team are currently finalizing nationwide K-12 cybersecurity learning standards with the goal of having all 50 states adopt them. Expected in the fall, these standards will ensure that all students have equal access to standardized...
Security Weekly

Lots of Zero Days, SonicWall Vulns, The FBI, The Professor, & The Rest – Wrap Up – SWN #116

Just sit right back and you'll hear a tale, Lots of Zero Days, CodeCov, FBI Hack backs, Cozy Bear, Mystery Science Theatre, the Professor and the rest, here on Security Weekly Wrap Up Island!   Show Notes: https://securityweekly.com/swn116 Visit...
Security Weekly

Hall of Shame – ESW #224

This week, we welcome Jeff Deininger, a Principal Cloud Security Engineer, joins us and will use a simulated attack to demonstrate how advanced threat detection works with commonplace architectural elements to deny attackers the crucial traction needed to establish...
Security Weekly

The Other Guy – SCW #70

This week, we welcome Chris Hughes, Principal Cybersecurity Engineer at Rise8, to talk about Compliance Innovations in the Cloud. Cloud has and continues to disrupt many traditional business processes, activities and IT paradigms. Compliance will also be revolutionized by...
The Hacker News

Alert: Hackers Exploit Adobe Reader 0-Day Vulnerability in the Wild

Adobe has released Patch Tuesday updates for the month of May with fixes for multiple vulnerabilities spanning 12 different products, including a zero-day flaw affecting Adobe Reader that's actively exploited in the wild. The list of updated applications includes Adobe Experience Manager,...
The Register

Beijing twirls ban-hammer at 84 more apps it says need to stop slurping excess data

Online lending apps and more given fifteen days to ‘rectify’ behaviour China’s Central Cyberspace Affairs Commission has named 84 apps it says breach local privacy laws and given their developers 15 days to “rectify” their code.…
SecurityWeek

SAP Patches High-Severity Flaws in Business One, NetWeaver Products

SAP has released a total of six new security notes on its May 2021 Security Patch Day, along with updates for five other security notes, including three rated Hot News. read more
The Register

South Korea orders urgent review of energy infrastructure cybersecurity

No prizes for guessing why, as Colonial Pipeline outage stretches patience and looks like lasting a week South Korea’s Ministry of Trade, Energy and Infrastructure has ordered a review of the cybersecurity preparedness of the nation’s energy infrastructure.…
SecurityWeek

Ransomware Gang Threatens Release of DC Police Records

A Russian-speaking ransomware syndicate that stole data from the Washington, D.C., police department says negotiations over payment have broken down, with it rejecting a $100,000 payment, and it will release sensitive information that could put lives at risk if...