Paul's Security Weekly

Super Stoked - ESW #172

Paul's Security Weekly - Fri, 02/14/2020 - 5:00pm

This week, we talk Enterprise News, to talk about Salt Security API Protection Explained, Thycotic Leads the Way for Cloud-based Privileged Access Management, ZeroFOX launches AI-powered Advanced Email Protection for Google and Microsoft platforms, Elastic Stack 7.6 delivers automated threat analysis and response, and 12,000+ Jenkins servers can be exploited to launch, amplify DDoS attacks! In our second segment, we welcome David Waugh, Chief Revenue Officer at Managed Methods, to discuss how K-12 schools are victims of lateral phishing campaigns! In our final segment, we welcome Jeff Deininger, Principal Sales Engineer for the Cloud at ExtraHop, to discuss How to Secure Cloud Workloads & Reduce Friction with Cloud-Native Network Detection & Response!

 

Show Notes: https://wiki.securityweekly.com/ESWEpisode172

Visit https://www.securityweekly.com/esw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Mission, Goals, & Objectives - BSW #162

Paul's Security Weekly - Wed, 02/12/2020 - 5:00am

This week, we welcome Dr. Mike Lloyd, CTO at RedSeal, to discuss The Critical Role of Basic Cyber Hygiene! In the Leadership and Communication Segment, 5 things successful people don't care about, 11 books that will change the way you think about Leadership, how IBM wants to be the next Microsoft starting with the CEO, and more!

 

Show Notes: https://wiki.securityweekly.com/BSWEpisode162

To find out more and try Redseal, please visit: https://securityweekly.com/redseal

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Big Pet Peeves - SCW #17

Paul's Security Weekly - Tue, 02/11/2020 - 5:00pm

This week, Jeff and the crew discuss What is Risk-Based Security? How does compliance and/or security programs/points-of-view help or hinder risk-based security efforts? How can we change this? In the Security & Compliance News, Back to the basics What is the cost of non-PCI Compliance?, Endpoint Security the Foundation to Cybersecurity, Facebook settles data breach class-action lawsuit, CCPA cited in Hanna Andersson/Salesforce breach lawsuit, and Hanna Andersson Notice of Data Breach to Consumers!

 

Show Notes: https://wiki.securityweekly.com/SCWEpisode17

Visit https://www.securityweekly.com/scw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

CIA, Equifax, ATT&CK for ICS - SWN #11

Paul's Security Weekly - Tue, 02/11/2020 - 4:15pm

The CIA spying? NASA could have used a USB charger? Election technology not very secure? ICS is a threat and the return of the Equifax monster from beyond the grave!

 

Show Notes: https://wiki.securityweekly.com/SWNEpisode11

Visit https://www.securityweekly.com/swn for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

The Toothbrush of Trust - ASW #95

Paul's Security Weekly - Tue, 02/11/2020 - 5:00am

This week, Mike and John interview Shaun Lamb about strategies for how to best design applications so they are "secure by default" and have fewer incidents and vulnerabilities, and more! In the Application Security News, Dropbox bug bounty program has paid out over $1,000,000, Report Pins Cloud Security Woes on Flawed DevOps Processes, Ghost in the shell: Investigating web shell attacks, An Incident Impacting your Account Identity, and more!

 

Show Notes: https://wiki.securityweekly.com/ASWEpisode95

Visit https://www.securityweekly.com/asw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Hacking Philips, Iowa Caucus, & Kryptos Key - Wrap Up - SWN #10

Paul's Security Weekly - Mon, 02/10/2020 - 9:00am

This week, Doug White gives you the latest updates across all of Security Weekly's shows, from malware to hacking air-gapped computers, Ashley Madison, Katelyn Bowden and the BADASSARMY, Security Through Obscurity in Iowa, and highlights from the show notes from the week of February 2, 2020!

 

Show Notes: https://wiki.securityweekly.com/SWNEpisode10

Visit https://www.securityweekly.com/swn for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

 

Come Hang Out! - PSW #638

Paul's Security Weekly - Sun, 02/09/2020 - 7:00pm

This week, we welcome Katelyn Bowden, CEO of BADASS, (Battling Against Demeaning and Abusive Selfie Sharing), to talk about her journey, and how she started BADASS! In our second segment, we present you with a Technical Segment to talk about Adventures in AWS Computing! In the Security News, Google shares private videos with the wrong users, how to get hacked through a Philips Hue smart hub, Buggy Iowa Caucus App is actually Buggy? No way!, how US cities have handled their fight against cybercrime attacks, and how someone sabotaged their boss with ransomware from the dark web!

 

Show Notes: https://wiki.securityweekly.com/PSWEpisode638

Visit https://www.securityweekly.com/psw for all the latest episodes!

 

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

The Greatest Exposures - ESW #171

Paul's Security Weekly - Sun, 02/09/2020 - 5:00pm

This week, in the Enterprise Security News, Preempt Security Becomes First in Industry to do Real-Time Threat Detection for Encrypted Authentication Protocol Traffic, Actionable Searching and Data Download with Vulnerability Management Dashboards, Companies and employees embrace BYOD but with compliance and risk challenges! In our second segment, we interview Wilson Bautista, Founder of Jun Cyber, to talk about leadership, DevOps and Security working together to provide security for the business! In our final segment, we welcomeMalcolm Harkins, Chief Security & Trust Officer at Cymatic, to discuss the security profits from the insecurity of computing thus at a macro economic level has no real economic incentive to solve many of the risk issues we face!

 

Show Notes: https://wiki.securityweekly.com/ESWEpisode171

Visit https://www.securityweekly.com/esw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Double-Edged Swords - BSW #161

Paul's Security Weekly - Wed, 02/05/2020 - 5:00am

This week, we welcome David Starobinksi, Professor, Department of Electrical and Computer Engineering at Boston University, to discuss the changes in network communications in both the wireless and IoT world! In the Leadership and Communications segment, 9 Quotes By NBA Legend Kobe Bryant That Might Impact Our Lives Forever, How to Build Trust with Business Partners from Other Cultures, and For zero trust to work, machines and humans require identities, and more!

 

Show Notes: https://wiki.securityweekly.com/BSWEpisode161

Visit https://www.securityweekly.com/bsw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Squished & Vaporized - SCW #16

Paul's Security Weekly - Tue, 02/04/2020 - 5:00pm

This week, we welcome Chris Roberts, CSS of Attivo Networks! You are hedging your bets, hoping that someone else gets breached first, don't believe it's as big as an issue as people make out, keeping your insurance companies happy, telling your board "we're ok" and, basically avoiding looking in the mirror. We interview Chris Roberts to talk about bridging the gap in the learning process that companies only follow when they are breached!

 

Show Notes: https://wiki.securityweekly.com/SCWEpisode16

Visit https://www.securityweekly.com/scw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Iowa Wins, Zero Hedge, & Dark Web Breaches - SWN #9

Paul's Security Weekly - Tue, 02/04/2020 - 4:26pm

This week, Everyone wins in Iowa, Twitter has conspiracy theories? No way! Hackers steal billions and don't get caught, Iowa Election Apps secured by "obscurity", and the top 24 passwords found on the Dark Web. In the Expert Commentary, we welcome back Jason Wood, to talk about a New Iranian Campaign Tailored to US Companies Utilizes an Updated Toolset!

 

Show Notes: https://wiki.securityweekly.com/SWNEpisode9

Visit https://www.securityweekly.com/swn for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Totally Thrilled - ASW #94

Paul's Security Weekly - Tue, 02/04/2020 - 5:00am

This week, Mike, John, and Matt review the presentation given by Clint Gilber at AppSec Cali, An Opinionated Guide to Scaling Your Company's Security! In the Application Security News, Xbox Bounty Program, Magento 2.3.4 Patches Critical Code Execution Vulnerabilities, Remote Cloud Execution - Critical Vulnerabilities in Azure Cloud Infrastructure, RCE in OpenSMTPD library impacts BSD and Linux distros, Fintechs divided on screen scraping ban, and Zero trust architecture design principles!

 

Show Notes: https://wiki.securityweekly.com/ASWEpisode94

Visit https://www.securityweekly.com/asw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

What Could Go Wrong - PSW #637

Paul's Security Weekly - Fri, 01/31/2020 - 5:00pm

This week, we welcome Gene Kim, Founder, Researcher, and Author of the Phoenix Project and The Unicorn Project, to talk about his goals and aspirations in The Unicorn Project, take a deep dive into the Five Ideals, and how DevOps will be a major player for decades to come! In our second segment, we welcome back Peter Smith, CEO, and Co-Founder of Edgewise, to talk about Stopping Python Backdoor Attacks, and how similar attacks have managed to evade traditional network security defenses and propagate inside their target environments! In the Security News, NHS alerted to severe vulns in GE health equipment, Ragnarok Ransomware targets Citrix ADC & disables Windows Defender, suspected Magecart hackers arrested in Indonesia, Wawa breach data was found for sale, and a mega-breach that exposed more than 250 million users!

 

Show Notes: https://wiki.securityweekly.com/PSWEpisode637

Visit https://www.securityweekly.com/psw for all the latest episodes!

 

To learn more about Edgewise, visit: https://securityweekly.com/edgewise

Visit https://securit Visit https://www.securityweekly.com/psw for all the latest episodes!

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Corona Virus, Ragnarok Ransomware, Coalfire Outcome - Wrap Up - SWN #8

Paul's Security Weekly - Fri, 01/31/2020 - 1:49pm

DEFCON is canceled from Coronavirus, Ragnarok Ransomware Runs Ragged Rapidly, Avast suddenly stops selling your data to third parties and shutters Jumpshot, Charges against Coalfire Red Team dropped in Dallas County, and 20 Board Members realize that Cybersecurity is more than just some guy named Ned in the Basement!

 

Show Notes: https://wiki.securityweekly.com/SWNEpisode8

Visit https://www.securityweekly.com/swn for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

The Insider Threat - ESW #170

Paul's Security Weekly - Thu, 01/30/2020 - 5:00pm

This week, we talk Enterprise News, to talk about New Cisco and AppDynamics integration bridges IT and DevOps for app management, Citrix and FireEye Mandiant Launch Indicator of Compromise Scanner, Sophos Introduces Intercept X for Mobile, Optimizing Your IT Spend as You Move to the Cloud, and more! In our second segment, we will deliver a Technical Segment on Migrating Legacy Apps to the Cloud Pt. 1! In our final segment, we welcome Steven Bay, Director of Security Operations at Security On-Demand, to discuss Edward Snowden and the Insider Threat!

 

Show Notes: https://wiki.securityweekly.com/ESWEpisode170

Visit https://www.securityweekly.com/esw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Get the Mop - SCW #15

Paul's Security Weekly - Thu, 01/30/2020 - 11:00am

This week, Jeff, Scott, Josh, and Matt talk about Cyber Insurance! They'll dive into some topics such as Relationship and dilution of responsibility between brokers, underwriters, and reinsurance companies, Cost of Cyber Insurance, and much more! In the Security and Compliance News, Dallas County Acquires Cyber Insurance through ICAP, Ransomware Claims Driving Up Cyber Insurance Costs, Cowbell Cyber Demystifies Cyber Insurance with Cowbell Prime 100, The Cold Truth About Your Cyber Insurance, and more!

 

Show Notes: https://wiki.securityweekly.com/SCWEpisode15

Visit https://www.securityweekly.com/scw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Own Your Voice - BSW #160

Paul's Security Weekly - Wed, 01/29/2020 - 5:00am

This week, we welcome Michael Figueroa, Independent Executive Security Advisor, to discuss the challenges of CISOs and the differences between large enterprises and small businesses! In the Leadership and Communications segment, Board members find cybersecurity risk an existential threat, When Community Becomes Your Competitive Advantage, The Little Things That Make Employees Feel Appreciated, Don't Stay in Your Lane: The Secret to Developing Your Career, and more!

 

Like us on Facebook: https://www.facebook.com/secweekly

Visit https://www.securityweekly.com/bsw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

NFL Hacked, Ransomware Spikes, & Clearview - SWN #7

Paul's Security Weekly - Tue, 01/28/2020 - 5:36pm

This week, How all vehicles are on the road to being hackable, Misinformation on the internet regarding the Corona virus? No way!, Jersey police are barred from using Clearview, CDC report on the Coronavirus, and Coveware reports said that ransomware payments increased over 100% in Q4 of 2019! In the Expert Commentary, we welcome Jason Wood of Paladin Security, to talk about how Leaked Documents Expose the Secretive Market for Your Web Browsing Data!

 

Show Notes: https://wiki.securityweekly.com/SWNEpisode7

Visit https://www.securityweekly.com/swn for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Running Out of Fingers - ASW #93

Paul's Security Weekly - Tue, 01/28/2020 - 5:00am

This week, we welcome John Butler, Solutions Engineer at Guardsquare, to discuss Dynamically Protecting Mobile Applications with RASP! In the Application Security News, Insecure configurations expose GE Healthcare devices to attacks demonstrate more simple flaws with high impacts, NSA Offers Guidance on Mitigating Cloud Vulnerabilities, Enumerating Docker Registries with go-pillage-registries for pentesters searching for useful information, and more!

 

Like us on Facebook: https://www.facebook.com/secweekly

To request a demo with Guardsquare, please visit: https://securityweekly.com/guardsquare

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Something Sanitary - PSW #636

Paul's Security Weekly - Mon, 01/27/2020 - 12:00pm

This week, we welcome Dug Song, Co-Founder and General Manager of Duo Security at Cisco, to discuss the vision and culture behind Duo Security, and talk about his journey from when he began his start in Information Security! In our second segment, we welcome Mike Godwin, Distinguished Senior Fellow at R Street Institute, to talk about Digital Rights and Privacy! In the Security News, Microsoft Security Shocker As 250 Million Customer Records Exposed Online, the NSA Offers Guidance on Mitigating Cloud Flaws, Multiple Vulnerabilities Found in AMD ATI Radeon Graphics Cards, Brazil prosecutes Glenn Greenwald in an attack on press freedom, and Cybersecurity Lessons Learned from 'The Rise of Skywalker'!

 

Show Notes: https://wiki.securityweekly.com/PSWEpisode636

Visit https://www.securityweekly.com/psw for all the latest episodes!

 

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Pages