This week, In the first segment, we welcome Damon Small, Technical Director of Security Consulting at NCC Group, for an interview covering the Florida Water Treatment Facility Hack, and the Convergence of OT & IT! Next up, Artisom Holub, Senior Security Analyst and Austin McBride, Data Scientist, from Cisco Umbrella join to talk about some Chart Topping Threats and How Attacks will rage in 2021! In the Enterprise Security News:...

A flurry of legislative and legal activity is re-shaping the way privacy and cybersecurity professionals conduct business. As a result, in addition to actually carrying out their protection responsibilities, professionals charged with protecting private and confidential data must be also be constantly aware of these evolving regulatory and legal obligations.

Show Notes: https://securityweekly.com/scw73

Segment Resources: https:/...

The shift away from web application security, caused by the pandemic and the focus on remote workforces, resulted in an increased number of web vulnerabilities, as shown in the latest Acunetix by Invicti Web Application Vulnerability Report. In this segment, Ryan will discuss the main results, the trends that might have caused them, and advise how you can protect your organization against vulnerabilities that can negatively impact ...

While the vision for app security is relatively clear, executing on that vision is still somewhat of a work in progress. Fast-moving, interdependent pieces—custom code and open source packages, infrastructure and network configurations, user entitlements—make for complex systems. In this episode, we discuss the challenge in addressing each piece independently and consider how consolidated, multi-purpose tools may present an emergin...

This week, Bob Erdman, Associate Director of Development at Core Security, joins us for an interview to talk about Building a Risk-Based Vulnerability Management Program! Then, Jim Langevin, US Congressman at the US House of Representatives, joins us for a discussion on Biden Administration EO on Cyber! In the Security News, Pingback is back, was it ever really gone?, damn QNAP ransomeware, anti-anti-porn software, Qualcomm vulnera...

This week in the Security Weekly News Wrap Up Dr. Doug talks: Pings are bad, m'kay, Yahoo Answers, Python ipaddress bugs and the curse of octal, Deepfakes, Qualcom, Spectre, First Horizon Bank, & the show Wrap Ups for this week!

Show Notes: https://securityweekly.com/swn120

Visit https://www.securityweekly.com/swn for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebo...

This week, In the first segment, we welcome Steve Springett, Chair at CycloneDX SBOM Standard, Core Working Group, for a discussion on The Rise of SBOM! Next up, Carlos Morales, CTO Security Services at Neustar, joins for a discussion on how Applications Are Your Lifeblood – Understanding the Changing Attack! In the Enterprise Security News: Code42 enhances Incydr to help identify insider risk related to file uploads to unsanctione...

Just last month, Virginia became the second state in the U.S. to pass a privacy law – the Consumer Data Protection Act (CDPA). While this doesn’t take effect until 2023, it’s important for businesses to understand what it means for them and start preparing for data security compliance now.

Chris Pin, VP of Security and Privacy at PKWARE, will be discussing:

• How Virginia’s law differs from CCPA and GDPR and the key points companie...

Graham Keavney, President at Cybersecurity Collaboration Forum, joins us to provide an overview of the Cybersecurity Collaboration Forum and the benefits of CISO peer-to-peer networks. This week, it's my favorite segment, Security Money, where we update you on the latest security funding and performance of the public market. The Security Weekly 25 index is still going strong.

Show Notes: https://securityweekly.com/bsw215

Visi...

Rey Bango will be digging into the developer security training conundrum based on his own experiences with secure coding and security training.

He'll cover:

• The types of security training that work

• The role of security champions

• How the security and development teams can work together to ensure code is create securely from the start

In the AppSec News: Microsoft discloses "BadAlloc" bugs, macOS Gatekeeper logic fa...

In the Security Weekly News Wrap Up for this week: Government intervention in Ransomware, Joe Biden's response to Russia, Passwordstate, AI, Mitre, Chrome, contaminated instruments, and Dr. Doug's Favorite Threat of the Week!

?

Show Notes: https://securityweekly.com/swn118

Visit https://www.securityweekly.com/swn for all the latest episodes!

?

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook:...

This week, Fleming Shi, CTO of Barracuda Networks, joins us for an interview to talk about Protecting the Hybrid Workforce! Then, Fred Gordy, Director of Cybersecurity at Intelligent Buildings, joins us for a discussion on Smart Building Control System Cybersecurity - The Real World! In the Security News, Penetration testing leaving organizations with too many blind spots, A New PHP Composer Bug Could Enable Widespread Supply-Chain...

This week, Rickard Carlsson, CEO at Detectify, joins us to talk about collaboration as the modern approach application security. In the Enterprise News for this week: HackerOne Enhances Security Testing Platform, Palo Alto Networks Expands Unit 42 Cybersecurity Consulting Group, Thoma Bravo to take cyber security firm Proofpoint private, BlackRock, Tudor Group Back Cybersecurity Startup Deep Instinct, and more! Authentication and a...

Richard Struse, Director of The Center for Threat-Informed Defense from MITRE Engenuity joins the SCW crew for a two part interview! -What is threat-informed defense and how does it relate to other aspects of cybersecurity? -The importance of ATT&CK as a lens through which you can view your security posture. -Center for Threat-Informed Defense R&D products aimed at helping defenders better assess the efficacy of the control...

Cyber accountability is often overlooked by Board of Directors and the C-Suite. They tend to turn a blind eye to their cyber security mandates or avoid the issue. But as Solarwinds, MS Exchange and many other security incidents prove it, it’s not a strategy. In the Leadership and Communications section, Outgunned CISOs navigate complex obstacles to keep rising attacks from turning into breaches, How to write a cyberthreat report ex...

We start with the article about "Researchers Secretly Tried To Add Vulnerabilities to Linux Kernel, Ended Up Getting Banned" and explore its range of issues from ethics to securing huge, distributed software projects. It's hardly novel to point out that bad actors can attempt to introduce subtle and exploitable bugs. More generally, we've also seen impacts from package owners who have revoked their code, like NPM le...