Security Weekly Podcast Network (Audio)

Fuzzing has been one of the most successful ways to improve software quality. And it demonstrates how improving software quality improves security. Artur Cygan shares his experience in building and applying fuzzers to barcode scanners, smart contracts, and just about any code you can imagine. We go through the useful relationship between unit tests and fuzzing coverage, nudging fuzzers into deeper code paths, and how LLMs can help ...

In fast-paced, shared device environments like healthcare, manufacturing, and other critical industries, traditional access management approaches are falling short, quietly eroding both security and productivity. This episode explores how outdated methods, like shared credentials and clunky logins, create friction, increase risk, and undermine compliance. We’ll discuss what a modern, strategic access management approach looks like ...

This week: * The true details around Salt Typhoon are still unknown * The search for a portable pen testing device * Directories named "hacker2" are suspicious * Can a $24 cable compete with a $180 cable? * Hacking Tesla wall chargers * Old Zyxel exploits are new again * Hacking Asus drivers * Stealing KIAs - but not like you may think * Fake articles * Just give everything to LLMs, like Nmap * Retiring Floppy disks * An intern lea...

Segment description coming soon!

This month BeyondTrust released it's 12th annual edition of the Microsoft Vulnerabilities Report. The report reveals a record-breaking year for Microsoft vulnerabilities, and helps organizations understand, identify, and address the risks within their Microsoft ecosystems. Segment Resources: Insights Security Assessment Tool: https://www.beyondtrust.com/products/identity-security-insights/assessmen...

What makes a threat modeling process effective? Do you need a long list of threat actors? Do you need a long list of terms? What about a short list like STRIDE? Has an effective process ever come out of a list? Farshad Abasi joins our discussion as we explain why the answer to most of those questions is No and describe the kinds of approaches that are more conducive to useful threat models.

Resources:

• https://www.eurekadevsec...

Segment 1 - Interview with Rob Allen from Threatlocker

Segment 2 - Topic: Growing Trend - Edge Computing and Hybrid Cloud

Segment 3 - Interviews from RSAC 2025

Cyera

Cyera is the fastest-growing data security company in history, empowering companies to classify, secure, and manage their data, wherever it is, and leverage the power of the industry’s first AI native,unified Data Security Platform. Yotam Seg...

This week:

• You got a Bad box, again
• Cameras are expose to the Internet
• EU and connected devices
• Hydrophobia
• NVRAM variables
• Have you heard about IGEL Linux?
• SSH and more NVRAM
• AI skeptics are nuts, and AI doesn't make you more efficient
• Trump Cybersecurity orders
• I think I can root my Pixel 6
• Decentralized Wordpres plugin manager
• Threat actor naming conventions
• I have the phone number linked to your Google account
• Fortinet fla...

This week, it’s time for security money. The index is up, but the previous quarterly results were brutal.

In the leadership and communications segment, Get out of the audit committee: Why CISOs need dedicated board time, Quietly Burning Out? What To Do When Your Leadership Starts Lacking, How to rethink leadership to energize disengaged employees, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show ...

CISA has been championing Secure by Design principles. Many of the principles are universal, like adopting MFA and having opinionated defaults that reduce the need for hardening guides. Matthew Rogers talks about how the approach to Secure by Design has to be tailored for Operational Technology (OT) systems. These systems have strict requirements on safety and many of them rely on protocols that are four (or more!) decades old. He ...

Segment 1 - Enterprise Security News, Live at IDV

This week, in the enterprise security news,

1. Acquisitions
2. potential IPOs
3. Terminator Salvation in real life
4. First $1B one-employee business?
5. Mikko puts in his notice
6. Pitch Black in real life, and more!

Segment 2 - Interview with Dr. Tina Srivastava

The #1 cause of data breaches is stolen credentials. What if we didn’t store credentials anymore? We explore ...

Two parts to this episode:

• Tech Segment: Updating Linux Systems - Beyond apt-get upgrade * Custom scripts for ensuring your Linux systems are up-to-date * topgrade - tutorial for using topgrade to update Linux systems on various Linux distributions

• Discussion Topic: Anti-Malware and/or EDR on Linux Platforms * PCI calls for scanning Linux systems * What tools exist for analyzing Linux systems? (AIDE, uac, chkrootkit) * Best...

During times of volatility, business leaders often don’t know what they are able to change or even what they should change. At precisely these times, business leaders become risk leaders and need to quickly learn how to identify what is within their control and what isn’t — to not only survive but thrive.

Alla Valente, Principal Analyst at Forrester Research, joins Business Security Weekly to discuss how to Regain Control Over Busi...

The recent popularity of MCPs is surpassed only by the recent examples deficiencies of their secure design. The most obvious challenge is how MCPs, and many more general LLM use cases, have erased two decades of security principles behind separating code and data. We take a look at how developers are using LLMs to generate code and continue our search for where LLMs are providing value to appsec. We also consider what indicators we...