Net Neutrality Redux, Elon Musk, Colonial Pipeline, & Lemon Duck Botnet – SWN #121
This week in the Security Weekly News: Elon, Jerry Lee Lewis, Colonial Pipeline, Net Neutrality redux, Lemon Duck, Rico, & Jason Wood returns for Expert Commentary! Show Notes: https://securityweekly.com/swn121 Visit https://www.securityweekly.com/swn for all the latest episodes! Follow...
Talking Heads – ASW #150
While the vision for app security is relatively clear, executing on that vision is still somewhat of a work in progress. Fast-moving, interdependent pieces—custom code and open source packages, infrastructure and network configurations, user entitlements—make for complex systems. In...
Dusty Corners – PSW #693
This week, Bob Erdman, Associate Director of Development at Core Security, joins us for an interview to talk about Building a Risk-Based Vulnerability Management Program! Then, Jim Langevin, US Congressman at the US House of Representatives, joins us for...
Bad Pings, Yahoo Answer Babbies, Python Bugs, & Spectre Attacks – Wrap Up – SWN #120
This week in the Security Weekly News Wrap Up Dr. Doug talks: Pings are bad, m'kay, Yahoo Answers, Python ipaddress bugs and the curse of octal, Deepfakes, Qualcom, Spectre, First Horizon Bank, & the show Wrap Ups for this...
Tyler Has Visitors – ESW #226
This week, In the first segment, we welcome Steve Springett, Chair at CycloneDX SBOM Standard, Core Working Group, for a discussion on The Rise of SBOM! Next up, Carlos Morales, CTO Security Services at Neustar, joins for a discussion...
Enforcement Body – SCW #72
Just last month, Virginia became the second state in the U.S. to pass a privacy law – the Consumer Data Protection Act (CDPA). While this doesn’t take effect until 2023, it’s important for businesses to understand what it means...
Limitless – BSW #215
Graham Keavney, President at Cybersecurity Collaboration Forum, joins us to provide an overview of the Cybersecurity Collaboration Forum and the benefits of CISO peer-to-peer networks. This week, it's my favorite segment, Security Money, where we update you on the...
Alert Your Star Destroyers – ASW #149
Rey Bango will be digging into the developer security training conundrum based on his own experiences with secure coding and security training. He'll cover: • The types of security training that work • The role of security champions •...
Dan Kaminsky, 'BadAlloc' Flaws, Apple 0-Days, & Spectre Defenses Shattered – SWN #119
This week Dr. Doug talks Dan Kaminsky, Spectre, Badalloc, Cardassian Overlords, Apple patches, and the notorious Jason Wood returns for Expert Commentary! Show Notes: https://securityweekly.com/swn119 Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly...
Passwordstate Backdoor, Gov't Tackles Ransomware, & BinD Updates – Wrap Up – SWN #118
In the Security Weekly News Wrap Up for this week: Government intervention in Ransomware, Joe Biden's response to Russia, Passwordstate, AI, Mitre, Chrome, contaminated instruments, and Dr. Doug's Favorite Threat of the Week! Show Notes: https://securityweekly.com/swn118 Visit https://www.securityweekly.com/swn...
Vulcan Mind Meld – PSW #692
This week, Fleming Shi, CTO of Barracuda Networks, joins us for an interview to talk about Protecting the Hybrid Workforce! Then, Fred Gordy, Director of Cybersecurity at Intelligent Buildings, joins us for a discussion on Smart Building Control System...
Between the Two Tylers – ESW #225
This week, Rickard Carlsson, CEO at Detectify, joins us to talk about collaboration as the modern approach application security. In the Enterprise News for this week: HackerOne Enhances Security Testing Platform, Palo Alto Networks Expands Unit 42 Cybersecurity Consulting...
Boil the Ocean – SCW #71
Richard Struse, Director of The Center for Threat-Informed Defense from MITRE Engenuity joins the SCW crew for a two part interview! -What is threat-informed defense and how does it relate to other aspects of cybersecurity? -The importance of ATT&CK...
Skin in the Game – BSW #214
Cyber accountability is often overlooked by Board of Directors and the C-Suite. They tend to turn a blind eye to their cyber security mandates or avoid the issue. But as Solarwinds, MS Exchange and many other security incidents prove...
Emotet Nukes Itself, Nvidia 0-Days, Babuk D.C Attack, & iOS 14.5 – SWN #117
This week in the Security Weekly News: Dirty emojis, Nvidia zero-days, Shlayer, Cozy Bear, Emotet, Babuk, iOS 14.5, and Jason Wood returns for Expert Commentary! Show Notes: https://securityweekly.com/swn117 Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us...
Minimum Safe Distance – ASW #148
We start with the article about "Researchers Secretly Tried To Add Vulnerabilities to Linux Kernel, Ended Up Getting Banned" and explore its range of issues from ethics to securing huge, distributed software projects. It's hardly novel to point out...
Curmudgeon Pills – PSW #691
Kevin and the CYBER.ORG team are currently finalizing nationwide K-12 cybersecurity learning standards with the goal of having all 50 states adopt them. Expected in the fall, these standards will ensure that all students have equal access to standardized...
Lots of Zero Days, SonicWall Vulns, The FBI, The Professor, & The Rest – Wrap Up – SWN #116
Just sit right back and you'll hear a tale, Lots of Zero Days, CodeCov, FBI Hack backs, Cozy Bear, Mystery Science Theatre, the Professor and the rest, here on Security Weekly Wrap Up Island! Show Notes: https://securityweekly.com/swn116 Visit...
Hall of Shame – ESW #224
This week, we welcome Jeff Deininger, a Principal Cloud Security Engineer, joins us and will use a simulated attack to demonstrate how advanced threat detection works with commonplace architectural elements to deny attackers the crucial traction needed to establish...
The Other Guy – SCW #70
This week, we welcome Chris Hughes, Principal Cybersecurity Engineer at Rise8, to talk about Compliance Innovations in the Cloud. Cloud has and continues to disrupt many traditional business processes, activities and IT paradigms. Compliance will also be revolutionized by...
Alert: Hackers Exploit Adobe Reader 0-Day Vulnerability in the Wild
Adobe has released Patch Tuesday updates for the month of May with fixes for multiple vulnerabilities spanning 12 different products, including a zero-day flaw affecting Adobe Reader that's actively exploited in the wild.
The list of updated applications includes Adobe Experience Manager,...
Beijing twirls ban-hammer at 84 more apps it says need to stop slurping excess data
Online lending apps and more given fifteen days to ‘rectify’ behaviour China’s Central Cyberspace Affairs Commission has named 84 apps it says breach local privacy laws and given their developers 15 days to “rectify” their code.…
SAP Patches High-Severity Flaws in Business One, NetWeaver Products
SAP has released a total of six new security notes on its May 2021 Security Patch Day, along with updates for five other security notes, including three rated Hot News.
read more
South Korea orders urgent review of energy infrastructure cybersecurity
No prizes for guessing why, as Colonial Pipeline outage stretches patience and looks like lasting a week South Korea’s Ministry of Trade, Energy and Infrastructure has ordered a review of the cybersecurity preparedness of the nation’s energy infrastructure.…
Ransomware Gang Threatens Release of DC Police Records
A Russian-speaking ransomware syndicate that stole data from the Washington, D.C., police department says negotiations over payment have broken down, with it rejecting a $100,000 payment, and it will release sensitive information that could put lives at risk if...
