Security Weekly Podcast Network (Audio)

Medical devices are a special segment of the IoT world where availability and patient safety are paramount. Tamil Mathi explains why many devices need to fail open -- the opposite of what traditional appsec approaches might initially think -- and what makes threat modeling these devices interesting and unique. He also covers how to get started in this space, from where to learn hardware hacking basics to reviewing firmware and movi...

Interview with Anna Pham

Breaking in with ClickFix: Anatomy of a modern endpoint attack

Cybersecurity company Huntress just published a report on a new ClickFix variant they’ve discovered, which they’ve dubbed CrashFix. This technique was developed by KongTuke to serve as the primary lure within a new custom malicious browser extension also created by the group.

In short, the team observed the threat actors using KongTuke’...

In the security news this week:

• Remembering "FX"
• Finding and analyzing Windows drivers
• Network monitoring with Gibson
• the backdoor in your PAM
• The edge is fraying - and attackers have the advantage
• Age verification for Linux?
• Banning AI
• TPMS tracking
• BLE tracking
• weird strings
• Airsnitch
• RESURGE in and on Ivanti
• Attackers using Claude
• Government iPhone hacking kits
• Cisco SD-WAN, Linux, and 2023
• Leakbase leaks
• and Bro, upgrade y...

With the introduction of Agentic AI, autonomous "everything" is all the rage. But we've been burned by automation in the past. Remember the days of Intrusion Prevention Systems and why we never put them into blocking mode? Automation may be the future of security and IT operations, but the path to autonomous "everything" must be earned. How do you build autonomous capabilities with confidence and trust?

Tim Morris, Financial Servic...

As more developers turn to LLMs to generate code, more appsec teams are turning to LLMs to conduct security code reviews. One of the biggest themes in all the discussion around LLMs, agents, and code is speed -- more code created faster. James Wickett shares why speed continues to pose a challenge to appsec teams and why that's often because teams haven't invested enough in foundational appsec principles.

Visit https://www.security...

Interview - Ben Worthy from Airbus Protect

The current state of OT security and business resilience

In this episode of Enterprise Security Weekly, we sit down with Ben Worthy, OT Security Specialist at Airbus Protect, to explore the evolving landscape of business resilience in safety-critical sectors. With over 25 years of experience across aerospace, nuclear, water, oil & gas, and other industries, Ben shares insights on ...

First up is a technical segment called "Paul's Linux Hacks". I finally got around to releasing a bunch of scripts and tutorials for Linux that I've created over the years. We'll go over scripts that can give you a supply chain security report and help you update your Arch-based Linux systems and the tutorial for using Linux KVM/Qemu/Libvirt. Repo is here: https://github.com/pasadoorian/Linux_Hacks

Next up is the security news:

...

Most organizations view security as a cost center, a "check-the-box" expense rather than a strategic investment. This mindset leads to chronic underfunding, reactive, panic-driven decision-making, and high staff turnover. It also hampers innovation, strategic initiatives, and customer trust. What if security was viewed as a business enabler, not a cost center?

Elyse Gunn, CISO at Nasuni, joins Business Security Weekly to discuss ho...

Journalists put a lot of effort into collecting information and protecting their sources, but everyone can benefit from having a digital environment that's more secure and more privacy protecting. Runa Sandvik shares her experience working with journalists and targeted groups to craft plans for how they use their devices and manage their information. And she also makes the point that the burden of security should not be just for us...

Segment 1 - Interview with Tim Morris

Bringing intelligence to assets

You’ve been through 6 CMDB projects in the last decade. None of them came close to the original goals, the CMDB was already out-of-date long before the project had any hopes of completing. Is building an asset inventory just too ambitious a project for most organizations, or is there a better way?

Tim Morris shares a different approach with us today. It ...

AI says that this is the show where we turn coffee into threat intelligence and cigar smoke into packet captures. This week:

• a firmware backdoor living its best life inside Android tablets
• a fresh BeyondTrust RCE that already has scanners circling like seagulls over a french fry.
• Lenovo Vantage reminds us that “preinstalled convenience” is just another way to spell “attack surface.”
• Texas is taking a swing at TP-Link
• supercomp...

The Security Weekly 25 index and the NASDAQ diverge. Funding and acquisitions continue shift to AI. Are security stocks out of favor? Netskope enters the index, but does not replace CyberArk, as Thoma Bravo buys Verint. We’ll dig into all of this and more!

The index is now made up of the following 25 stocks:

SAIL Sailpoint Inc PANW Palo Alto Networks Inc CHKP Check Point Software Technologies Ltd RBRK Rubrik Inc GEN Gen Digital Inc...