Monday, January 30, 2023
Security Weekly

SWN #269 – Empathy, Bitwarden, Lexmark, Exchange, Dragonbridge, & Derek Johnson Talks About Hive

This week Dr. Doug discusses: Empathy, hacking back, typosquatting, Bitwarden, Lexmark, Exchange, Russians, Iranians, Dragonbridge, Derek Johnson talks about Hive and more on the Security Weekly News.   Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter:...
Security Weekly

ESW #303 – What Makes A Good Breach Response?

What makes a good breach response? What makes a bad one? Could we objectively measure them? How would we break down and rate a company’s breach response performance?   This is the first in our 2 segment Enterprise News...
Security Weekly

PSW #770 – Brian Behlendorf

This week in the Security News: GetVariable strikes again, attackers could blow up your computer remotely, escaping containers, null-dereferences and faulty evaluations, 31 new CPU vulnerabilities for AMD, a look into Chrome, santa, not-so-secure secure booting, and malware included!...
Security Weekly

ASW #226 – Marudhamaran Gunasekaran

Breach disclosures from T-Mobile and PayPal, SSRF in Azure services, Google Threat Horizons report, integer overflows and more, Rust in Chromium, ML for web scanning, Top 10 web hacking techniques of 2022 Developers write code. Ideally, secure code. But...
Security Weekly

BSW #291 – Doug Hubbard

Richard Seiersen and our guest, Doug Hubbard, are finishing the second edition of How to Measure Anything in Cybersecurity Risk. Doug is here to share the success of the first edition and preview the second edition. With more insights,...
Security Weekly

SWN #268 – Chick-Fil-A, Onenote, Xlls, Vastflux, Tmobile, Chatgpt, Ukraine, Lots Of Microsoft

This Week Dr. Doug talks: Chick-Fil-A, OneNote, XLLs, VastFlux, Tmobile, ChatGPT, Ukraine, Microsoft, Jason Wood, and More on the Security Weekly News.   Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn268 Follow us on Twitter: https://www.twitter.com/securityweekly Like...
Security Weekly

Throwback Episode – Andrew Morris – ESW 264

There's a LOT of noise in the security industry. We've catalogued over 10,000 cybersecurity products and each of the companies behind these products has a marketing team, a twitter account, a blog, and a ton of content to blast...
Security Weekly

Throwback Episode – Gary McGraw – PSW 366

We're aren't recording this holiday week, so enjoy this PSW throwback episode! Main host Paul Asadoorian selected this episode to share as it's still relevant to the hacker community today. PSW366 was recorded June of 2016 with Gary McGraw. 
Security Weekly

Throwback Episode – The 3 Mistakes All First Time CISOs Make That No One Tells You – BSW 227

We're aren't recording this holiday week, so enjoy this BSW throwback episode! Main host Matt Alderman selected this episode to share as it's still relevant to the InfoSec business community today.    This week, we welcome Jim Routh, Former...
Security Weekly

Throwback Episode – Dev(Sec)Ops Scanning Challenges & Tips – ASW 170

We're aren't recording this holiday week, so enjoy this ASW throwback episode! Main host Mike Shema selected this episode to share as it's still relevant to the AppSec community today.    This week, we welcome Nuno Loureiro, CEO at...
Security Weekly

SWN #267 – Frozen, Fortinet, Scattered Spider, Routers, Apf, Telegram, & Cwp

Dr. Doug talks: Frozen, Fortinet, Scattered Spider, Cisco, Juniper, Apache no more, Telegram, Control Web Panel, and more on the Security Weekly News!   Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on...
Security Weekly

ESW #302 – Brian Contos, Isabelle Roccia

Europe is a global driver for privacy rules and digital legislation. Which means it is also a force to be reckoned with when it comes to enforcement. With privacy and security being so intertwined, this conversation will focus on...
Security Weekly

PSW #769 – Kate Stewart

Over the last few years, the trend to use Open Source has been migrating into safety-critical applications, such as automotive and medical, which introduces system-level analysis considerations. In a similar fashion, these components are now being considered for the...
Security Weekly

ASW #225 – Dan Moore

Exposed secrets from CircleCI, web hackers target the auto industry, $100K bounty for making Google smart speakers listen, inspiration from Office Space, AWS making better defaults for S3, resources for learning Rust   This segment will discuss options for...
Security Weekly

SWN #266 – Codeql, Kinsing, Bit Buckets, Win 7 Is Dead, Spynote, Vall-E, & Aaran Leyland

CodeQL, Kinsing, Bit Buckets, Win 7 is dead, Spynote, Vall-E, Aaran Leyland and More on the Security Weekly News.   Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show...
Security Weekly

BSW #290 – Tim Brown

In the leadership and communications section, The CISO Role is Broken, Five Cybersecurity Resolutions CISOs Can Actually Keep In 2023, Are Cyber Attacks at Risk of Becoming ‘Uninsurable’?, and more! SolarWinds has been on the journey of Secure by...
Security Weekly

SWN #265 – Virtual Smells, Werfault, 2012, ChatGPT, Captcha, Rust Hyper, & Qualcomm

This week in the Security News: Virtual Smells, Werfault, Server 2012, ChatGPT, Captcha, Rust Hyper, Qualcomm, and more on the Security Weekly News!   Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on...
Security Weekly

ESW #301 – David Hunt, Jerry Bell

If you’ve ever worked on a red or purple team, you know scaling engagements to production is an intensive, unwieldy process. Technology pitfalls may exist, but the fundamental problem is this: the process of writing, testing, deploying, and verifying...
Security Weekly

PSW #768 – Robert Martin

In the Security News: The Roblox prison yard, password manager problems, PyTorch gets torched with a supply chain attack, Oppenheimer cleared, Puckungfu, spice up your persistence with PHP, turning Google home into a wiretap device, Nintendo 3DS remote code...
Security Weekly

ASW #224 – Keith Hoodlet

How do you mature a team responsible for securing software? What are effective ways to prioritize investments? We'll discuss a set of posts on building talent, building capabilities, and what mature teams look like. Segment resources: - https://securing.dev/categories/essentials/  ...

GitHub says hackers cloned code-signing certificates in breached repository

Enlarge GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom. Code-signing certificates place...
Security Affairs

QNAP addresses a critical flaw impacting its NAS devices

Taiwanese vendor QNAP is warning customers to install QTS and QuTS firmware updates to address a critical flaw impacting its NAS devices. QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that...
The Register

Chromebook SH1MMER exploit promises admin jailbreak

Schools' laptops are out if this one gets around, but beware bricking Users of enterprise-managed Chromebooks now, for better or worse, have a way to break the shackles of administrative control through an exploit called SHI1MMER.…

MusicLM: Google AI generates music in various genres at 24 kHz

Enlarge / An AI-generated image of an exploding ball of music. (credit: Ars Technica) On Thursday, researchers from Google announced a new generative AI model called MusicLM that can create...

Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine

The incidents are the latest indication of the growing popularity of dangerous disk wipers, created to disrupt and degrade critical infrastructure and other organizations.