Security Weekly Podcast Network (Audio)

First up is a technical segment called "Paul's Linux Hacks". I finally got around to releasing a bunch of scripts and tutorials for Linux that I've created over the years. We'll go over scripts that can give you a supply chain security report and help you update your Arch-based Linux systems and the tutorial for using Linux KVM/Qemu/Libvirt. Repo is here: https://github.com/pasadoorian/Linux_Hacks

Next up is the security news:

...

Most organizations view security as a cost center, a "check-the-box" expense rather than a strategic investment. This mindset leads to chronic underfunding, reactive, panic-driven decision-making, and high staff turnover. It also hampers innovation, strategic initiatives, and customer trust. What if security was viewed as a business enabler, not a cost center?

Elyse Gunn, CISO at Nasuni, joins Business Security Weekly to discuss ho...

Journalists put a lot of effort into collecting information and protecting their sources, but everyone can benefit from having a digital environment that's more secure and more privacy protecting. Runa Sandvik shares her experience working with journalists and targeted groups to craft plans for how they use their devices and manage their information. And she also makes the point that the burden of security should not be just for us...

Segment 1 - Interview with Tim Morris

Bringing intelligence to assets

You’ve been through 6 CMDB projects in the last decade. None of them came close to the original goals, the CMDB was already out-of-date long before the project had any hopes of completing. Is building an asset inventory just too ambitious a project for most organizations, or is there a better way?

Tim Morris shares a different approach with us today. It ...

AI says that this is the show where we turn coffee into threat intelligence and cigar smoke into packet captures. This week:

• a firmware backdoor living its best life inside Android tablets
• a fresh BeyondTrust RCE that already has scanners circling like seagulls over a french fry.
• Lenovo Vantage reminds us that “preinstalled convenience” is just another way to spell “attack surface.”
• Texas is taking a swing at TP-Link
• supercomp...

The Security Weekly 25 index and the NASDAQ diverge. Funding and acquisitions continue shift to AI. Are security stocks out of favor? Netskope enters the index, but does not replace CyberArk, as Thoma Bravo buys Verint. We’ll dig into all of this and more!

The index is now made up of the following 25 stocks:

SAIL Sailpoint Inc PANW Palo Alto Networks Inc CHKP Check Point Software Technologies Ltd RBRK Rubrik Inc GEN Gen Digital Inc...

A major premise of appsec is figuring out effective ways to answer the question, "What security flaws are in this code?" The nature of the question doesn't really change depending on who or what wrote the code. In other words, LLMs writing code really just means there's mode code to secure. So, what about using LLMs to find security flaws? Just how effective and efficient are they?

We talk with Adrian Sanabria and John Kinsella abo...

Segment 1: Interview with Mathias Katz

What if you had enterprise-grade network security protections traveling with your users' laptops? What if it could be built into the laptop, but still stay safe even if the laptop OS and firmware were entirely compromised?

Mathias and his company, Byos have built such a thing, and BOY do we have some questions for him.

Segment 2: Interview with Wolfgang Goerlich

Addressing th...

In the security news:

• Viral AI prompts
• Things to do in your home security lab
• I can open your garage door
• They call me DKnife
• Beyondtrust RCE
• Cool AI device
• Robots need your body
• Meta is just full of scams, phishing, and malware
• Claude Opus 4.6 found more than 500 high-severity vulnerabilities
• Arista next gen firewalls and command injection
• Secure Boot updates
• The RCE AMD won't fix and why the article went away
• End of support ...

Quantum security has gone from being a theoretical idea filed away for some unknown future date to an urgent requirement driven by quantum computing advances and government and industry guidance. The thought of nation-state adversaries with a quantum computer that can conduct harvest-now-decrypt later attacks and forge digital signatures makes the threat more real than ever to executives, who have started to ask security leaders, “...

When it comes to agents and MCPs, the interesting security discussion isn't that they need strong authentication and authorization, but what that authn/z story should look like, where does it get implemented, and who implements it. Dan Moore shares the useful parallels in securing APIs that should be brought into the world of MCPs -- especially because so many are still interacting with APIs.

Resources

• https://stackoverflow.b...

Interview Segment - Rob Allen - Clickfix

"Clickfix" attacks aren't new, but they're certainly more common these days. Rob Allen joins us to help us understand what they are, why they work on your employees, and how to stop them! We tie it into infostealers and ransomware actors. Plenty of practical recommendations for how to spot and prevent these attacks in your environment, don't miss it!

This segment is sponsored by Thr...