Wednesday, August 10, 2022
Security Weekly

SWN #230 – TA428, Microsoft, Lazarus, GwisinLocker, Burger King, & Gaming Fraud

This week Dr. Doug talks: Body Blows, TA428, Microsoft, Lazarus, GwisinLocker, Burger King, Fraud in China, Nomad and Solana, and is joined by Jason Wood on the Security Weekly News!   Visit https://www.securityweekly.com/swn for all the latest episodes! Follow...
Security Weekly

BSW #272 – Saša Zdjelar

In the leadership and communications section, The Number 1 Growth Killer is Leadership Debt, How to Talk to Your Board & C-Suite About Cybersecurity, 5 ways to unite security and compliance, and more!   Zero Trust is the security...
Security Weekly

ASW #207 – Chen Gour Arie

In today's high-tech industries, security is struggling to keep up with rapidly changing production systems and the chaos that agile development introduces into workflows. Application security (AppSec) teams are fighting an uphill battle to gain visibility and control over...
Security Weekly

SWN #229 – Lemons, Logic Errors, CISA, DuckDuckGo, Dark Utilities, CCTV, & Sharpext – Wrap Up

Naughty lemons, logic errors, CISA, DuckDuckGo, Dark Utilities, CCTV, Sharpext, and show wrap-ups on the Security Weekly News.   Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes:...
Security Weekly

ESW #283 – Anthony James, Evgeniy Kharam

In the Enterprise Security News: BlackRock drops $250M into Acronis, Talon raises a massive $100M Series A to make Enterprise Browsers a thing, Cybrary raises $25M, Ghost Security comes out of stealth, Netskope acquires Infiot, Thoma Bravo acquires Ping...
Security Weekly

BSW #271 – Neal Bridges

Neal Bridges, CISO at Query.AI and well-known cybersecurity influencer, breaks down the key differences between the CISO role at a startup vs. an enterprise. He also provides best practices to be successful in this changing role.   In the...
Security Weekly

PSW #750 – Guy Bruneau

Guy will go through some of his career choices that eventually led to 25 years in a long and fun career in information and cybersecurity. Infosec has been a fascinating and challenging field which anyone can learn through training...
Security Weekly

ASW #206 – Manish Gupta

In our first segment, we are joined by Manish Gupt, the CEO and Co-Founder of ShiftLeft for A discussion of how the changes and advancements in static application security testing (SAST) and intelligent software composition analysis (SCA) have helped...
Security Weekly

SWN #228 – Encryption, Microsoft, Lockbit 3.0, Twitter keys, Outlook News & Russ Beauchemin

This week Dr. Doug talks: Tears in the Rain, Encryption, Microsoft, LockBit 3.0, Twitter keys, Outlook crashes, 911, and Russ Beauchemin on the Security Weekly News!   Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly...
Security Weekly

SWN #227 – Necrobots, Class Action, Paul, Github, Robin Banks, & Net Neutrality – Wrap-Up

Necrobots, Class Action, Paul Speaks, Github, Robin Banks, net neutrality, and show wrap-ups on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/swn227
Security Weekly

ESW #282 – Jamie Moles, Dixon Styres, Tim Morris, Paul Kelly

In the Enterprise Security News: Blockchain security startups are still raising tons of money, but not in crypto, since it’s now worthless. Ha! just kidding. Maybe. Am I? Anvilogic, AppViewX, Sotero, Resourcely, and Push Security all raise rounds JUICY...
Security Weekly

ESW #275 – Bill Bernard, Paul Lanzi

In our research, 85% of security professionals attribute preventable business impacts to insufficient response practices. In this segment, Bill will discuss the key challenges slowing down response times, such as staffing challenges, alert quality, and organizational culture as primary...
Security Weekly

PSW #749 – Larry Pesce

We’ve heard about the recent abuses for Apple’s AirTags used in tracking and stalking issues in recent months. While tools exist for detection under the Apple ecosystem, limited options exist for Android and none under Linux. We’ll explore the...
Security Weekly

ASW #199 – Nikhil Gupta

Nikhil will be discussing the pain points that leaders in the application security space are facing, which can cover how software development has evolved, as well as how this has impacted development teams and security teams as well as...
Security Weekly

BSW #264 – Dan Neault

In the Leadership and Communications section, Uber CISO's trial underscores the importance of truth, transparency, and trust, 4 Leadership Strategies to Help Women Advance in the Tech Industry, 5 Best Predictors of Employee Turnover and What Leaders Should Do...
Security Weekly

BSW #263 – Jerry Layden, Kevin Powers

Boards and CEOs are asking what their cyber risk posture is, and they aren't getting clear answers. Reports produced from assessments oftentimes are built on stale data rather than real-time compliance and risk data. How should C-levels be thinking...
Security Weekly

SWN #226 – Costa Rica, UEFI, LinkedIn, Ducktail, Tmobile, Prestashop, aNews & David Monnier

Killer Robots, UEFI, LinkedIn, Ducktail, Costa Rica, Tmobile, Prestashop, we also have a special guest, David Monnier from Team Cymru.   Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly  ...
Security Weekly

BSW #270 – Doug Landoll

In the leadership and communications section, 5 Cybersecurity Questions CFOs Should Ask CISOs, How Leaders Can Escape Their Echo Chambers, 10 Cybersecurity Compliance Statistics That Show Why You Must Up Your Cybersecurity Game, and more!   Most current security...
Security Weekly

ASW #205 – Ferruh Mavituna

Vuln in an Atlassian Confluence app, "Dirty Dancing" in OAuth flows, security audits of sigstore and slf4j, flaws in fleet management app, conducting tabletop exercises.   Pressured by the speed of innovation, organizations are struggling to achieve the continuous...
Security Weekly

ESW #281 – Aubrey Turner

Passwordless authentication is all the rage. And rightly so, given its promise of driving engagement and boosting productivity via more secure and frictionless user experiences. However, the path to passwordless often leads to more questions than answers. Don’t fret!...

Phishers who breached Twilio and fooled Cloudflare could easily get you, too

Enlarge (credit: Getty Images) At least two security-sensitive companies—Twilio and Cloudflare—were targeted in a phishing attack by an advanced threat actor who had possession of home phone numbers of not...
Brian Krebs

Microsoft Patch Tuesday, August 2022 Edition

Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows....

One of 5G's Biggest Features Is a Security Minefield

New research found troubling vulnerabilities in the 5G platforms carriers offer to wrangle embedded device data.
The Register

Patch Tuesday: Yet another Microsoft RCE bug under active exploit

Oh, and that critical VMware auth bypass vuln? Miscreants found it, too August Patch Tuesday clicks off the week of hacker summer camp in Las Vegas this year, so it's basically a code cracker's holiday too. …