Security Weekly Podcast Network (Audio)

It's a topic we discuss often on Business Security Weekly: CISO Burnout. It's real, but how should you manage it?

Dr. Yonesy Núñez, Global Cybersecurity Executive at Chain Bridge Bank and former Managing Director, Chief Cybersecurity Risk Officer, and Chief Information Security Officer at The Depository Trust & Clearing Corporation (DTCC), joins Business Security Weekly to share his personal insights. An advocate of CISO Health and...

Secure code should be grounded more in concepts like secure by default and secure by design than by "spot the vuln" thinking. Matias Madou shares his experience in secure coding training and the importance of teaching critical thinking. He also discusses why critical thinking is so closely related to threat modeling and how LLMs can be a tool for helping developers get beyond the superficial advice of, "Think like an attacker."

Vis...

Segment 1: Interview with Rob Allen

It’s the Year of the (Clandestine) Linux Desktop!

As if EDR evasions weren’t enough, attackers are now employing yet another method to hide their presence on enterprise systems: deploying tiny Linux VMs. Attackers are using Hyper-V and/or WSL to deploy tiny (120MB disk space and 256MB memory) Linux VMs to host a custom reverse shell and reverse proxy.

In this segment, we’ll discuss strat...

This week:

• Minecraft on your lightbulb
• Sonicwall breached, who's next?
• Ditch Android, install Linux
• Hacking your face
• Thermostat freedom
• Pen test fails
• HackRF hacking times 2
• Going around EDR
• Hackers in your printer
• Chinese data breach
• NFC relays and PCI
• Constructive construction hacks
• FlipperZero firmware update
• ICS, PLCs, and attacks
• Bayesian Swiss Cheese, taste good?
• Do you want to hack back?
• Keeping secrets
• Enforcing CMMC
• ...

As AI revolutionizes how we work, it has created a new attack surface with new technologies. One of those new technologies is Model Context Protocol (MCP). MCP has emerged as the standard for connecting AI to external tools, but its flexibility has created security challenges. How do we secure MCP?

Rahul Parwani, Head of Product, Security Solutions at Airia, joins Business Security Weekly to discuss the challenges of MCP and how to...

Miles Davis, Jimmy Buffet, 10/8 time, Lost Phones, Phishing, Whisper Leak, Quantum Route Redirect, AI Galore, Rob Allen, and more on the Security Weekly News.

Segment Resources: https://www.bleepingcomputer.com/news/security/how-a-ransomware-gang-encrypted-nevada-governments-systems/

This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!

Visit https://www.securityweekly.c...

Just how bad can things get if someone clicks on a link? Rob Allen joins us again to talk about ransomware, why putting too much attention on clicking links misses the larger picture of effective defenses, and what orgs can do to prepare for an influx of holiday-infused ransomware targeting.

Segment resources

• https://www.bleepingcomputer.com/news/security/how-a-ransomware-gang-encrypted-nevada-governments-systems/
• https://ww...

Segment 1: OT Security Doesn’t Have to be a Struggle

OT/ICS/SCADA systems are often off limits to cybersecurity folks, and exempt from many controls. Attackers don’t care how fragile these systems are, however. For attackers aiming to disrupt operations, fragile but critical systems fit criminals’ plans nicely.

In this interview, we discuss the challenge of securing OT systems with Todd Peterson and Joshua Hay from Junto S...

This week:

• Reversing keyboard firmware
• Ghost networks
• Invasion of the face changers
• Ghost tapping and whole lot of FUD
• AI doesn't code securely, but Aardvark can secure code
• De-Googling Thermostats
• Dodgy Android TV boxes can run Debian
• HackRF vs. Honda
• Cyberslop AI paper
• Turning to the darkside
• Poisoning the watering hole
• Nagios vulnerabilities
• VPNs are a target

Visit https://www.securityweekly.com/psw for all the latest...

What's the biggest attack vector for breaches besides all of the human related ones (i.e., social engineering, phishing, compromised credentials, etc.)? You might think vulnerabilities, but it's actually misconfiguration. The top breach attack vectors are stolen or compromised credentials, phishing, and misconfigurations, which often work together. So why is it so hard to properly configure your systems?

Rob Allen, Chief Product Of...

Pull requests are a core part of collaboration, whether in open or closed source. GitHub has documented some of the security consequences of misconfiguring how PRs can trigger actions. But what happens when repo owners don't read the docs? Bar Kaduri and Roi Nisimi walk through their experience in reading docs, finding vulns, demonstrating exploits, and working with repo owners to improve their security. Their work highlights the c...

Segment 1: Interview with Joel Burleson-Davis

Frontline workers can’t afford to be slowed down by manual, repetitive logins, especially in mission-critical industries where both security and productivity are crucial. This segment will explore how inefficient login methods erode productivity, while workarounds like shared credentials increase risk, highlighting why passwordless authentication is emerging as a game-changer f...

AI Cheating?, O, Canada, npms, passkeys, Exchange, Solaris, the amazing Rob Allen of Threatlocker, and More on this edition of the Security Weekly News.

Segment Resources:

Ingram Micro Working Through Ransomware Attack by SafePay Group | MSSP Alert: https://www.msspalert.com/news/ingram-micro-working-through-ransomware-attack-by-safepay-group

This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker ...

In the security news this week:

• Cybersecurity is dead, and AI killed it
• Exploiting the patching system
• Apple makes it easier for spyware
• Who is patching Cisco ASA?
• Shove that DMCA somewhere
• HTTPS - a requirement
• Russia wants to own all the exploits
• Abandonware challenges
• Reversing at its hardest with Lua
• Hacking team is back, and leetspeak malware
• When you forget to authenticate your API
• Jamming with cool tech
• GoSpoof
• and Afte...

Organizations that successfully earn and keep the trust of their customers, employees, and partners experience better business outcomes, more engagement, and competitive differentiation. But what does that trust look like and who's responsible for building and maintaining that trust?

Jeff Pollard, Vice-President, Principal Analyst on the Security and Risk Team at Forrester Research, joins Business Security Weekly to discuss the eme...