Paul's Security Weekly

Paul's Security Weekly

For the latest in computer security news, hacking, and research! We sit around, drink cocktails, and talk security.

Episodes

May 14, 2021 26 min

This week: Dr. Doug talks Elon tweets, Horse Ridge, Frag Attacks, Lots of Ransomware, Fightin' Joe Biden, as well as show Wrap Ups & his Favorite Threat of the Week!

 

Show Notes: https://securityweekly.com/swn122

Visit https://www.securityweekly.com/swn for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Share
Mark as Played

This week, In the first segment, we welcome Damon Small, Technical Director of Security Consulting at NCC Group, for an interview covering the Florida Water Treatment Facility Hack, and the Convergence of OT & IT! Next up, Artisom Holub, Senior Security Analyst and Austin McBride, Data Scientist, from Cisco Umbrella join to talk about some Chart Topping Threats and How Attacks will rage in 2021! In the Enterprise Security News:...

Share
Mark as Played
May 12, 2021 79 min

A flurry of legislative and legal activity is re-shaping the way privacy and cybersecurity professionals conduct business. As a result, in addition to actually carrying out their protection responsibilities, professionals charged with protecting private and confidential data must be also be constantly aware of these evolving regulatory and legal obligations.

 

Show Notes: https://securityweekly.com/scw73

Segment Resources: https:/...

Share
Mark as Played

The shift away from web application security, caused by the pandemic and the focus on remote workforces, resulted in an increased number of web vulnerabilities, as shown in the latest Acunetix by Invicti Web Application Vulnerability Report. In this segment, Ryan will discuss the main results, the trends that might have caused them, and advise how you can protect your organization against vulnerabilities that can negatively impact ...

Share
Mark as Played

This week in the Security Weekly News: Elon, Jerry Lee Lewis, Colonial Pipeline, Net Neutrality redux, Lemon Duck, Rico, & Jason Wood returns for Expert Commentary!

 

Show Notes: https://securityweekly.com/swn121

Visit https://www.securityweekly.com/swn for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Share
Mark as Played
May 11, 2021 74 min

While the vision for app security is relatively clear, executing on that vision is still somewhat of a work in progress. Fast-moving, interdependent pieces—custom code and open source packages, infrastructure and network configurations, user entitlements—make for complex systems. In this episode, we discuss the challenge in addressing each piece independently and consider how consolidated, multi-purpose tools may present an emergin...

Share
Mark as Played
May 7, 2021 192 min

This week, Bob Erdman, Associate Director of Development at Core Security, joins us for an interview to talk about Building a Risk-Based Vulnerability Management Program! Then, Jim Langevin, US Congressman at the US House of Representatives, joins us for a discussion on Biden Administration EO on Cyber! In the Security News, Pingback is back, was it ever really gone?, damn QNAP ransomeware, anti-anti-porn software, Qualcomm vulnera...

Share
Mark as Played

This week in the Security Weekly News Wrap Up Dr. Doug talks: Pings are bad, m'kay, Yahoo Answers, Python ipaddress bugs and the curse of octal, Deepfakes, Qualcom, Spectre, First Horizon Bank, & the show Wrap Ups for this week!

 

Show Notes: https://securityweekly.com/swn120

Visit https://www.securityweekly.com/swn for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebo...

Share
Mark as Played
May 7, 2021 104 min

This week, In the first segment, we welcome Steve Springett, Chair at CycloneDX SBOM Standard, Core Working Group, for a discussion on The Rise of SBOM! Next up, Carlos Morales, CTO Security Services at Neustar, joins for a discussion on how Applications Are Your Lifeblood – Understanding the Changing Attack! In the Enterprise Security News: Code42 enhances Incydr to help identify insider risk related to file uploads to unsanctione...

Share
Mark as Played
May 6, 2021 28 min

Just last month, Virginia became the second state in the U.S. to pass a privacy law – the Consumer Data Protection Act (CDPA). While this doesn’t take effect until 2023, it’s important for businesses to understand what it means for them and start preparing for data security compliance now.

Chris Pin, VP of Security and Privacy at PKWARE, will be discussing:

• How Virginia’s law differs from CCPA and GDPR and the key points companie...

Share
Mark as Played
May 5, 2021 56 min

Graham Keavney, President at Cybersecurity Collaboration Forum, joins us to provide an overview of the Cybersecurity Collaboration Forum and the benefits of CISO peer-to-peer networks. This week, it's my favorite segment, Security Money, where we update you on the latest security funding and performance of the public market. The Security Weekly 25 index is still going strong.

 

Show Notes: https://securityweekly.com/bsw215

Visi...

Share
Mark as Played

Rey Bango will be digging into the developer security training conundrum based on his own experiences with secure coding and security training.

He'll cover:

• The types of security training that work

• The role of security champions

• How the security and development teams can work together to ensure code is create securely from the start

In the AppSec News: Microsoft discloses "BadAlloc" bugs, macOS Gatekeeper logic fa...

Share
Mark as Played

This week Dr. Doug talks Dan Kaminsky, Spectre, Badalloc, Cardassian Overlords, Apple patches, and the notorious Jason Wood returns for Expert Commentary!

 

Show Notes: https://securityweekly.com/swn119

Visit https://www.securityweekly.com/swn for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Share
Mark as Played

In the Security Weekly News Wrap Up for this week: Government intervention in Ransomware, Joe Biden's response to Russia, Passwordstate, AI, Mitre, Chrome, contaminated instruments, and Dr. Doug's Favorite Threat of the Week!

?

Show Notes: https://securityweekly.com/swn118

Visit https://www.securityweekly.com/swn for all the latest episodes!

?

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook:...

Share
Mark as Played
April 30, 2021 205 min

This week, Fleming Shi, CTO of Barracuda Networks, joins us for an interview to talk about Protecting the Hybrid Workforce! Then, Fred Gordy, Director of Cybersecurity at Intelligent Buildings, joins us for a discussion on Smart Building Control System Cybersecurity - The Real World! In the Security News, Penetration testing leaving organizations with too many blind spots, A New PHP Composer Bug Could Enable Widespread Supply-Chain...

Share
Mark as Played
April 30, 2021 109 min

This week, Rickard Carlsson, CEO at Detectify, joins us to talk about collaboration as the modern approach application security. In the Enterprise News for this week: HackerOne Enhances Security Testing Platform, Palo Alto Networks Expands Unit 42 Cybersecurity Consulting Group, Thoma Bravo to take cyber security firm Proofpoint private, BlackRock, Tudor Group Back Cybersecurity Startup Deep Instinct, and more! Authentication and a...

Share
Mark as Played
April 28, 2021 87 min

Richard Struse, Director of The Center for Threat-Informed Defense from MITRE Engenuity joins the SCW crew for a two part interview! -What is threat-informed defense and how does it relate to other aspects of cybersecurity? -The importance of ATT&CK as a lens through which you can view your security posture. -Center for Threat-Informed Defense R&D products aimed at helping defenders better assess the efficacy of the control...

Share
Mark as Played
April 28, 2021 62 min

Cyber accountability is often overlooked by Board of Directors and the C-Suite. They tend to turn a blind eye to their cyber security mandates or avoid the issue. But as Solarwinds, MS Exchange and many other security incidents prove it, it’s not a strategy. In the Leadership and Communications section, Outgunned CISOs navigate complex obstacles to keep rising attacks from turning into breaches, How to write a cyberthreat report ex...

Share
Mark as Played

This week in the Security Weekly News: Dirty emojis, Nvidia zero-days, Shlayer, Cozy Bear, Emotet, Babuk, iOS 14.5, and Jason Wood returns for Expert Commentary!

?

Show Notes: https://securityweekly.com/swn117

Visit https://www.securityweekly.com/swn for all the latest episodes!

?

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Share
Mark as Played
April 27, 2021 73 min

We start with the article about "Researchers Secretly Tried To Add Vulnerabilities to Linux Kernel, Ended Up Getting Banned" and explore its range of issues from ethics to securing huge, distributed software projects. It's hardly novel to point out that bad actors can attempt to introduce subtle and exploitable bugs. More generally, we've also seen impacts from package owners who have revoked their code, like NPM le...

Share
Mark as Played

Chat About Paul's Security Weekly

Advertise With Us

Popular Podcasts

Crime Junkie
Camp Hell: Anneewakee

Camp Hell: Anneewakee

The Anneewakee Treatment Center for Emotionally Disturbed Youth operated in Douglasville, Georgia for over 25 years. Purportedly, it was a place that parents could send their troubled kids for help. But in reality, it was a breeding ground for abuse. This is the story of Anneewakee, as never told before.

The Daily

The Daily

This is what the news should sound like. The biggest stories of our time, told by the best journalists in the world. Hosted by Michael Barbaro. Twenty minutes a day, five days a week, ready by 6 a.m.

For You

    Music, radio and podcasts, all free. Listen online or download the iHeartRadio App.

    Connect

    © 2021 iHeartMedia, Inc.