Paul's Security Weekly

Dirty Looks - Paul's Security Weekly #612

Paul's Security Weekly - Sat, 07/20/2019 - 5:00am

This week, we welcome Katie Nickels, ATT&CK Threat Intelligence Lead at the MITRE Corporation, to talk about the MITRE ATT&CK Framework! In our second segment, a security roundtable discussion on Vulnerability Management, Patching, Hunt Teaming, Asset Management, and System Hardening! In the Security News, Lenovo confirms 36TB Data Leak security vulnerability, Slack resets passwords after 2015 data breach, why BlueKeep hasn't reeked havoc yet, and why you don't need a burner at a hacking conference!

 

To learn more about MITRE ATT&CK, visit: https://attack.mitre.org

Full Show Notes: https://wiki.securityweekly.com/Episode612

Visit https://www.securityweekly.com/psw for all the latest episodes!

 

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Heavily Focused - Enterprise Security Weekly #145

Paul's Security Weekly - Fri, 07/19/2019 - 5:00am

This week, in the Enterprise News, we discuss how the ThreatConnect Platform now supports MITRE ATT&CK framework, Aqua Security deepens strategic relationship with Microsoft to accelerate Azure deployments, DefenseStorm raises $15 Million to invest in employees and innovation, and Signal Sciences integrates with Datadog to provide Real-Time security threat insights! In our second segment, we welcome David Harding, SVP & Chief Technology Officer at Imageware Systems Inc., to talk about how Identity Authentication is more important now than ever before! In our final segment, we welcome Jared Haggerty, Director of Content and Curation for Databerry, to talk about where the security of business is and where it's headed going forward!

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode145

Visit https://www.securityweekly.com/esw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

The End Result - Business Security Weekly #136

Paul's Security Weekly - Wed, 07/17/2019 - 5:00am

This week, we welcome Eric McAlpine, Co-founder and Managing Partner at Momentum Cyber! In our second segment, we bring you our "Security Money" segment to review the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter!

 

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode136

Visit https://www.securityweekly.com/bsw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Hack Naked News #227 - July 16, 2019

Paul's Security Weekly - Tue, 07/16/2019 - 4:01pm

This week, the Zoom RCE flaw is affecting RingCentral and Zhumu, a researcher releases PoC code for critical Atlassian Crowd RCE flaw, thousands of legacy Lenovo storage devices exposed millions of files, unusual Linux ransomware targets NAS servers, and how hacked hair straighteners can threaten your home! In the expert commentary, we welcome our CEO Matt Alderman, to discuss Facebook's $5 Billion dollar FTC fine!

 

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode227

Visit https://www.securityweekly.com/hnn for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Paving the Road - Application Security Weekly #69

Paul's Security Weekly - Tue, 07/16/2019 - 5:00am

This week, we welcome Gururaj Pandurangi, Founder and CEO of Cloudneeti, to discuss Security in Multi-Cloud Environments! In the Application Security News, yes, the Zoom thing, 50 ways to leak your data in 1,300 popular Android apps access data, without proper permissions, GE Aviation exposed internal configs via open Jenkins instance, and more!

 

To learn more about Cloudneeti, visit: https://securityweekly.com/cloudneeti

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode69

 

Visit our website: https://www.securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Blow Stuff Up! - Paul's Security Weekly #611

Paul's Security Weekly - Mon, 07/15/2019 - 12:30pm

This week, we welcome Ben Ten, Team Lead of Defense and Countermeasures at TrustedSec, to talk about Purple Teaming and avoiding detection! In the Security News, Zoom's RCE Vulnerability is affecting over 700,000 companies, how YouTube is trying to ban hacking videos, 1TB of police body cam footage is available online, and how the U.S. Cyber Command warns of Outlook flaw exploited by Iranian Hackers! In our final segment, we air a pre recorded interview with Reinhard Hochrieser, CMO at Jumio, to discuss today's state of security demands and the need for Biometric Authentication!

 

To learn more about TrustedSec, visit: https://securityweekly.com/trustedsec

Full Show Notes: https://wiki.securityweekly.com/Episode611

Visit https://www.securityweekly.com/psw for all the latest episodes!

 

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Homegrown - Enterprise Security Weekly #144

Paul's Security Weekly - Fri, 07/12/2019 - 5:00am

This week, John and Matt will discuss Threat Hunting! In the Enterprise News, Is Broadcom buying Symantec?, Chronicle will join Google Cloud, PingID to Support FIDO-Compliant Biometric Authentication and Security Keys, and BeyondTrust Simplifies Endpoint Privilege Management with PAM Platform Integration! In our third segment, we interview Craig Taylor, Co-Founder and CISO at Cyberhoot, to discuss Security Awareness Training!

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode144

Visit https://www.securityweekly.com/esw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Practical Intelligence - Business Security Weekly #135

Paul's Security Weekly - Wed, 07/10/2019 - 5:00am

This week, we welcome Mark Brown, Senior Director of Standards Connect at ANSI! In the Leadership and Communications segment, Life Lessons of Ben Franklin, A Lesson in Leadership, How to Start a Speech: The Best (and Worst) Speech Openers, and more!

 

To learn more about ANSI, visit: https://securityweekly.com/ansi

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode135

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Hack Naked News #226 - July 9, 2019

Paul's Security Weekly - Tue, 07/09/2019 - 5:29pm

This week, US Cyber Command warns of Iran-linked hackers exploiting Outlook, New "WannaHydra" malware a triple threat to Android, British Airways slapped with record $230M fine, Apple Patches iMessage Bug That Bricks iPhones with Out-of-Date Software, and more! Jason Wood joins us for expert commentary on Firms That Promised High-Tech Ransomware Solutions Almost Always Just Pay the Hackers!

 

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode226

Visit https://www.securityweekly.com/hnn for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Wise Words - Application Security Weekly #68

Paul's Security Weekly - Tue, 07/09/2019 - 5:00am

This week, Mike Shema, John Kinsella, and Matt Alderman talk Cloud Native from an application perspective! In the Application Security News, WordPress Plugin WP Statistics Patches XSS Flaw, Three RCEs in Android's Media framework, Nine Best Practices For Integrating Application Security Testing Into DevOps, 6 Traits That Define DevSecOps, and much more!

 

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode68

Visit https://www.securityweekly.com/asw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Simple Man - Business Security Weekly #134

Paul's Security Weekly - Wed, 07/03/2019 - 12:00pm

This week, we welcome back Edna Conway, Chief Security Officer at CISCO! Edna will be discussing Global Value Chain at Cisco! In the Leadership and Communications segment, MasterCard CTO reveals must-have executive leadership traits, 10 Presentation Ideas That Will Radically Improve Your Presentation Skills, 7 tech skills managers hunt for, and more!

 

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode134

Visit https://www.securityweekly.com/hnn for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Hack Naked News #225 - July 2, 2019

Paul's Security Weekly - Tue, 07/02/2019 - 3:04pm

This week, A Crypto Flaw in Yubico Security Keys, Facebook's Lawyers say You Have No Right to Privacy, Two Cloud Services, PCM and Attunity, Have Breaches, and Two Florida Cities Pay Over $1M in Ransomware Attacks in Less Than a Week! Jason Wood joins us for expert commentary on Trump Officials Weighing a Crackdown on End-to-End Encryption!

 

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode225

Visit https://www.securityweekly.com/hnn for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Everybody Learns Differently - Application Security Weekly #67

Paul's Security Weekly - Tue, 07/02/2019 - 12:00pm

This week, Mike Shema, John Kinsella, & Matt Alderman discuss security training for Devs! In the Application Security News, GKE improves authentication with Workload Identity, AWS reinforce reveals traffic tools and security solutions that improve support for DevOps, Brief history of Trusted Execution Environments, From the Enterprise's Project: How to Explain Service Mesh in Plain English, and Developers and Security Teams Under Pressure to Collaborate!

 

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode67

Visit https://www.securityweekly.com/asw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Man Purse of Dongles - Paul's Security Weekly #610

Paul's Security Weekly - Sat, 06/29/2019 - 5:00am

This week, we welcome Don Pezet, Co-Founder and Edutainer at our sponsor ITProTV, to discuss the new CySA+ and PenTest+ certifications! In the second segment, we welcome Kathleen Smith, CMO at CyberSecJobs.com and ClearedJobs.net, to talk about tools to hack your career and tips to help your career search! In the Security News, a massive DHS data breach raises questions about Oregon's cybersecurity protocols, The fake French minister in a silicone mask who stole millions, a police officer rewarded 585 thousand dollars after colleagues snooped her DMV data, and nearly 100 drivers following Google Maps detour got stuck in a muddy field!

 

To learn more about ITProTV, visit: https://securityweekly.com/itprotv

Slides: https://www.slideshare.net/CyberSecJobs/cyber-security-community-volunteering-survey-results-2018

Full Show Notes: https://wiki.securityweekly.com/Episode610

 

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Cash Cows - Enterprise Security Weekly #143

Paul's Security Weekly - Thu, 06/27/2019 - 5:00am

This week, Matt and John join Paul to discuss the Enterprise Security News, in which CyberArk opens integration ecosystem to community contributions, ExtraHop Announces Reveal(x) Cloud, McAfee announced updates to McAfee MVISION Cloud for Amazon Web Services, and Elastic expands cybersecurity push in new version of software suite! In our second segment, we welcome Sai Chavali, Security Strategist at ObserveIT to talk about Email Data Exfiltration, and why Prevention is ideal, but Detection and Response is a must! In our final segment, we welcome Britta Glade, Director of Content and Curation of RSA Conference, and Linda Gray, Director and Chief of Operations for RSAC APJ, to discuss what's coming new this year for the RSA Conference APJ!

 

To learn more about ObserveIT, visit: https://securityweekly.com/observeit

To learn more about RSAC APJ, visit: https://www.rsaconference.com/events/ap19

Full Show Notes: https://wiki.securityweekly.com/ES_Episode143

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

How Low Can You Go - Business Security Weekly #133

Paul's Security Weekly - Wed, 06/26/2019 - 5:00am

This week, we interview Tom Garrubba, Senior Director/CISO at Santa Fe Group/Shared Assessments! In the Leadership and Communications segment, CEOs Share Their Most Helpful (and Unconventional) Career Advice, 3 Lessons From Emerging Leaders On The Power of Differing Perspectives, New breed of security vendor spells trouble for pure play firms, and more!

 

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode133

Visit https://www.securityweekly.com/bsw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Hack Naked News #224 - June 25, 2019

Paul's Security Weekly - Tue, 06/25/2019 - 4:29pm

This week, cryptomining malware that launches Linux VMs on Windows and macOS, Oracle patches another actively-exploded WebLogic 0-day, LokiBot and NanoCore malware distributed in ISO image files, and an anonymous hacker that was exposed after dropping a USB drive while throwing a Molotov cocktail! In the expert commentary, we welcome Tyler Hudak, Practice Lead of Incident Response to talk about TrickBot malware!

 

Learn more about TrustedSec, visit: https://securityweekly.com/trustedsec

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode224

 

Visit https://www.securityweekly.com/hnn for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Breaking Down the Walls - Application Security Weekly #66

Paul's Security Weekly - Tue, 06/25/2019 - 5:00am

This week, Matt, John, and Mike discuss a guide to API Security! They also discuss Public vs. Private APIs, and if the best practice should be segregation of the two! In the Application Security News, Mozilla pushes a patch onto an Array, Netflix shares a stream of patches, Breach to bankruptcy for healthcare company, Osquery becomes a foundational tool, Avoiding DevOps dangers, and Assigning DevOps directions!

 

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode66

Visit https://www.securityweekly.com/asw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly