Paul's Security Weekly

11 Tons of Typewriters - PSW #667

Paul's Security Weekly - Fri, 09/18/2020 - 5:00pm

This week, we welcome we welcome Mike Ware, Senior Director of Technology at Synopsys, to talk about the Key Findings From The Newly Released BSIMM11 Report! In our second segment, we welcome James Spiteri, Solutions Architect and Cyber Security Specialist Global Solutions Lead at Elastic, to discuss how Elastic Security Opens Public Detections Rules Repo! In the Security News, Three Cybersecurity Lessons from a 1970s KGB Key Logger, MFA Bypass Bugs Opened Microsoft 365 to Attack, How Hackers Can Pick Your LocksJust By Listening, U.S. House Passes IoT Cybersecurity Bill, the Largest Hacking Campaign Since 2015 Targeted Magento Stores Via Unpatched Bug, and 5 Security Lessons Humans Can Learn From Their Dogs!

 

Show Notes: https://wiki.securityweekly.com/psw667

Visit https://securityweekly.com/elastic to learn more about them!

Visit https://securityweekly.com/synopsys to learn more about them!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

QAnon Shut Down, Mozi Botnet, & Trump Bans TikTok - Wrap Up - SWN #66

Paul's Security Weekly - Fri, 09/18/2020 - 2:49pm

This week, Dr. Doug discusses Microsoft OneFuzz, Tik Tok, QAnon, Mozi, and more news from the sunny shores of Venus!

 

Show Notes: https://wiki.securityweekly.com/swn66

Visit https://www.securityweekly.com/swn for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Pointing Fingers - ESW #199

Paul's Security Weekly - Thu, 09/17/2020 - 5:00am

This week, first we talk Enterprise News, discussing Acunetix new data retention policies, 5 things you should ask your web app pen test provider, Microsoft's open source tool for sniffing out Windows 10 bugs, Datadog unveils support for distributed tracing for AWS Step Functions via AWS X-Ray, and Gravwell's Data Fusion platform breaks the mold of legacy data ingestion engines! In our second segment, we welcome Ferruh Mavituna, CEO of Netsparker, to discuss Current Security Needs Of Modern Enterprise Companies! In our final segment, we welcome Jimmy Mesta, Director of Security Research at Signal Sciences, to discuss Securing Enterprise Digital Transformations!

 

Show Notes: https://securityweekly.com/esw199

Visit https://securityweekly.com/netsparker to learn more about them!

Visit https://securityweekly.com/signalsciences to learn more about them!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Wrong Movie - SCW #43

Paul's Security Weekly - Wed, 09/16/2020 - 5:00pm

This week, we welcome David King, Founding Member and Owner at Cyber Support Alliance and Governing Goliath Media, to discuss How We Lost the Cybersecurity War (and What Happens Next), in this two part interview!

 

Show Notes: https://wiki.securityweekly.com/scw43

Visit https://www.securityweekly.com/scw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Zoom Rolls Out 2FA, Fancy Bear Returns, & Massive Mailfire Leak - SWN #65

Paul's Security Weekly - Tue, 09/15/2020 - 4:40pm

This week, Dr. Doug talks Candiru fish, Office Phishing attacks with a twist, Fancy Bear, Zhenhua data leaks, TikTok and Oracle, and Big Eyed Beans from Venus! Jason Wood returns for Expert Commentary on a Russian hacker selling a how-to video on exploiting unsupported Magento installations to skim credit card details for $5,000!

 

Show Notes: https://wiki.securityweekly.com/swn65

Visit https://www.securityweekly.com/swn for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Deep Cover - BSW #187

Paul's Security Weekly - Tue, 09/15/2020 - 2:00pm

This week, we welcome back John Loucaides, VP of Research & Development at Eclypsium, to discuss Cracks in the Foundation: Understanding the New Endpoint Challenge! In the Leadership and Communications section, we're playing 3 questions - Does Your Board Really Understand Your Cyber Risks?, How can the C-suite support CISOs in improving cybersecurity?, Think You're Spending Enough on Security?, and more!

 

Show Notes: https://wiki.securityweekly.com/bsw187

Visit https://securityweekly.com/eclypsium to learn more about them!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

The Wire Stripper - ASW #121

Paul's Security Weekly - Mon, 09/14/2020 - 5:00pm

This week, we welcome Frank Catucci, Sr. Director GTP of Application Security at Gartner, to discuss The People & Process of DevOps! In the Application Security News, BLURtooth vulnerability lets attackers overwrite Bluetooth authentication keys, Microsoft Patch Tuesday, Sept. 2020 Edition, XSS->Fix->Bypass: 10000$ bounty in Google Maps, Academics find crypto bugs in 306 popular Android apps, none get patched, using CRYLOGGER to detect crypto misuses dynamically, Remote Code Execution as SYSTEM/root via Backblaze, and more!

 

Show Notes: https://wiki.securityweekly.com/asw121

Visit https://www.securityweekly.com/asw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

One Hell of a Show - PSW #666

Paul's Security Weekly - Fri, 09/11/2020 - 5:00pm

This week, we welcome we welcome David Asraf, C++ Developer at Vicarius, and Roi Cohen, Co-Founder & VP Sales at Vicarius, to discuss The Patchless Horseman! In our second segment, we welcome back Sumedh Thakar, President and Chief Product Officer at Qualys, to talk about Building Security Into the DevOps Lifecycle! In the Security News, Cisco Patches Critical Vulnerability in Jabber for Windows, Expert found multiple critical issues in MoFi routers, TeamTNT Gains Full Remote Takeover of Cloud Instances, Bluetooth Bug Opens Devices to Man-in-the-Middle Attacks, Former NSA chief General Keith Alexander is now on Amazon’s board, and the Legality of Security Research is to be Decided in a US Supreme Court Case!

 

Show Notes: https://wiki.securityweekly.com/psw666

Visit https://securityweekly.com/qualys to learn more about them!

Visit https://securityweekly.com/vicarius to learn more about them!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Insider Threats, BLURtooth Flaw, & More 0-Days - Wrap Up - SWN #64

Paul's Security Weekly - Fri, 09/11/2020 - 1:52pm

This week, Dr. Doug talks Cisco patching Jabber Flaw, Insider Threats are huge, BLURtooth, Apple COVID-19 opt ins, and pretty much everyone is trying to interfere with the election!

 

Show Notes: https://wiki.securityweekly.com/swn64

Visit https://www.securityweekly.com/swn for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

The Impossible Traveler - ESW #198

Paul's Security Weekly - Wed, 09/09/2020 - 5:00pm

This week, first we talk Enterprise News, discussing how Yubico Delivers New Security Key the YubiKey 5C NFC, ManageEngine ADSelfService Plus now supports MFA for VPNs to protect remote workforce, Sysdig partners with VulnDB to strengthen vulnerability intelligence reporting, 3 Signs it’s Time for a Penetration Test, and CrowdStrike Expands Support for AWS Workloads and Container Deployments! In our second segment, we welcome Corey Williams, VP Marketing/Idaptive by CyberArk at CyberArk, to talk about Exploring Identity Security and Its Role in the Modern Enterprise! In our final segment, we welcome Bradon Rogers, SVP of Global Pre-Sales Engineering at Mimecast, to discuss Cloud Based Cyber Resiliency!

 

Show Notes: https://securityweekly.com/esw198

Visit https://securityweekly.com/mimecast to learn more about them!

Visit https://securityweekly.com/cyberark to learn more about them!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

The Dark Side - SCW #42

Paul's Security Weekly - Tue, 09/08/2020 - 6:00pm

This week, we welcome Oleg Shomonko, Head of Business Development, Co-founder at Ekran System for an interview! Ekran System is a universal insider threat protection platform that combines three essential insider security controls: activity monitoring, access management, and identity management. Functionality is provided in a single universal software platform delivering light-weight agents for all types of endpoints. This segment is sponsored by Ekran System.

 

Show Notes: https://wiki.securityweekly.com/scw42

Visit https://securityweekly.com/ekran to learn more about them!

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

WhatsApp Bugs, Argentina Ransomware, & Cisco Jabber RCE - SWN #63

Paul's Security Weekly - Tue, 09/08/2020 - 4:58pm

This week, Dr. Doug talks Security Weekly sold to Cyber Risk Alliance, Argentina and Newcastle ransomwared, Cisco Jabber, the NSA wants to educate you, and Jason Wood returns for Expert Commentary on how Creepy ‘Geofence’ Finds Anyone Who Went Near a Crime Scene!

 

Show Notes: https://wiki.securityweekly.com/swn63

Visit https://www.securityweekly.com/swn for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

The Squeegee Guy - PSW #665

Paul's Security Weekly - Fri, 09/04/2020 - 5:00am

This week, we welcome Fredrick "Flee" Lee, Chief Security Officer at Gusto, to discuss Lovable Security: Be a Data Custodian, Not a Data Owner! In our second segment, we welcome Justin Armstrong, Security Architect at MEDITECH, to talk about Cybersecurity & Patient Safety! In the Security News, The NSA Makes Its Powerful Cybersecurity Tool Open Source, The bizarre reason Amazon drivers are hanging phones in trees near Whole Foods, Elon Musk Confirms Serious Russian Bitcoin Ransomware Attack On Tesla, Foiled By The FBI, Attackers are exploiting two zero-day flaws in Cisco enterprise-grade routers, and the FBI is investigating after an alarmed pilot tells the LAX tower: We just passed a guy in a jet pack!

 

Show Notes: https://wiki.securityweekly.com/psw665

Visit https://www.securityweekly.com/psw for all the latest episodes!

 

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Tesla Dodges Attack, 'Sepulcher' Malware, & Snowden Vindicated? - Wrap Up - SWN #62

Paul's Security Weekly - Thu, 09/03/2020 - 8:00pm

This week, Dr. Doug talks Snowden Vindicated? Hermain Cain tweets from beyond the grave, APT TA413, Iranian cats again, Carolyn Meinel, hard coded credentials, and KryptoCibule!

 

Show Notes: https://wiki.securityweekly.com/swn62

Visit https://www.securityweekly.com/swn for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Absolute Nightmare - ESW #197

Paul's Security Weekly - Thu, 09/03/2020 - 7:30pm

This week, first we talk Enterprise News, discussing Proofpoint's $300 Million buyback program, LogRhythmn Power Users share their use cases, Bitdefender Enhances MDR Service to Increase Proactive Protection and Advanced Detection, Anchore Unveils Enterprise 2.4 With Expanded & Updated Capabilities, and Auth0's new bot detection! In our second segment, we air two pre recorded interviews from Security Weekly Virtual Hacker Summer Camp with Corey Bodzin from Deepwatch, and Michael Sanders from Extrahop! In our final segment, we air two more pre-recorded interviews from Security Weekly Virtual Hacker Summer Camp with Ian McShane of Crowdstrike, and Michael Borohovski from Synopsys!

 

Show Notes: https://securityweekly.com/esw197

Visit https://securityweekly.com/crowdstrike for a totally free trial!

Visit https://securityweekly.com/synopsys to learn more about them! V

isit https://www.deepwatch.com/lens-score/ to try deepwatch Lens Score for free!

Visit https://securityweekly.com/extrahop to learn more about them!

For a free trial of Reveal(x)360 visit: www.extrahop.com/swbh

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Pound Sand - SCW #41

Paul's Security Weekly - Wed, 09/02/2020 - 5:00pm

This week, we welcome Priya Chaudhry, Jedi Warrior Princess, at ChaudhryLaw PLLC (Criminal Defense Trial Lawyer), to discuss the Uber Indictments in a special two part interview!

 

Show Notes: https://wiki.securityweekly.com/scw41

Visit https://www.securityweekly.com/scw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Across State Lines - BSW #186

Paul's Security Weekly - Wed, 09/02/2020 - 5:00am

This week, we welcome Carlos Becerra, Co-Founder at CB Universal, to discuss Role of the CISO, Why Do You Need a vCISO? In the Leadership and Communications section, the lucky 7's have it: 7 Keys to Effective Leadership in Our New Normal, The 7 elements of an enterprise cybersecurity culture, 7 Quotes from Military Leaders to Help You Win at Life, and more!

 

Show Notes: https://wiki.securityweekly.com/bsw186

Visit https://www.securityweekly.com/bsw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Charming Kitten, Slack RCE, & KryptoCibule Malware - SWN #61

Paul's Security Weekly - Tue, 09/01/2020 - 5:00pm

This week, Dr. Doug talks Tesla, Slack, Charming Kitten returns, KryptoCibule, and Tweets from the great beyond! In the Expert Commentary, we welcome Ian McShane, VP, Product Marketing at CrowdStrike, to discuss remote work/return to office, and the challenges therein!

 

Show Notes: https://wiki.securityweekly.com/swn61

Visit https://securityweekly.com/crowdstrike to learn more about them!

 

Visit https://www.securityweekly.com/swn for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Little Bit Too High - ASW #120

Paul's Security Weekly - Tue, 09/01/2020 - 4:00pm

This week, we welcome Marc Tremsal, Director of Product Management of Security at Datadog, to discuss Detecting Threats & Avoiding Misconfigs In The Cloud-Age! In the Application Security News, A Tale of Escaping a Hardened Docker container, Four More Bugs Patched in Microsoft’s Azure Sphere IoT Platform, Upgrading GitHub to Ruby 2.7, Upgrading GitHub to Ruby 2.7, Redefining What CISO Success Looks Like, and Lessons from Uber: Be crystal clear on the law and your bug bounty policies!

 

Show Notes: https://wiki.securityweekly.com/asw120

Visit https://securityweekly.com/datadog to learn more about them!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Floppies Are Burning In The Driveway - PSW #664

Paul's Security Weekly - Sat, 08/29/2020 - 5:00am

This week, first we talk Security News! We'll be discussing how a Google Researcher Reported 3 Flaws in Apache Web Server Software, Medical Data Leaked on GitHub Due to Developer Errors, Experts hacked 28,000 unsecured printers to raise awareness of printer security issues, Tesla Is Cracking Down On Performance-Enhancing Hacks For The Model 3, Former Uber CSO Charged Over Alleged Breach Cover-Up, and Researchers Sound Alarm Over Malicious AWS Community AMIs! In our second segment, we air two pre recorded interviews from Security Weekly's Virtual Hacker Summer Camp, with Ferruh Mavituna, CEO of Netsparker, and Paul Battista, CEO and Founder of Polarity! In our final segment, we air one more pre recorded interview with Roi Cohen, Co-Founder and VP of Sales at Vicarius, and Shani Dodge, C++ Developer at Vicarius, discussing Predicting Vulnerabilities in Compiled Code!

 

Show Notes: https://wiki.securityweekly.com/psw664

Visit https://securityweekly.com/vicarius to learn more about them!

Take the Polarity Challenge! Get your free community edition by visiting: www.polarity.io/sw

Visit https://securityweekly.com/netsparker to get a trial of the best dynamic application scanning solution on the market!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Pages