It is said that a good question has one right answer, but that a great question has many right answers. With many voices offering personal answers to complex questions, The 4 Questions podcast provides a platform to learn about and from people doing extraordinary and everyday things. Regardless of whether one is committed to organized religion, spirituality, searching, atheist, agnostic, “done with it,” or something else entirely, this podcast is for anyone. Host | Rabbi Adam Grossman Prod ...
…
continue reading
Celebrate "Bon Appétit's" first-ever 'Culture Issue' at this event featuring Editor-in-Chief Adam Rapoport, Creative Director Alex Grossman, and photographers Peden + Munk. They'll discuss how the issue was shot using iPhone and share their tips and tricks for capturing beautiful food images with your iPhone.
…
continue reading
Fuel your day with a moment of motivation with bestselling author and motivational speaker Adam Davis. It's not theory, it's life experience. Reinforce your faith, live a life undefeated. For this we know; in life, there is death. In victory, there is defeat. But with faith, we are immortalized and undefeated. Semper Invictus, Warrior.
…
continue reading
The podcast about the biggest moments in communications with the people who were behind them.
…
continue reading
Smart People Should Build Things
…
continue reading
Quarter Four covers the intersection between business and sports, providing listeners an inside look into the psychology of what makes individuals successful on and off the field.
…
continue reading
A podcast about life, wellness, becoming a better person — and everything in between. Join entrepreneur, dreamer, family-man, and CEO/Owner of Direct CBD Online John Wiesehan III every month as he talks about how he's gotten where he is in life with the role models he continues to use for inspiration.
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Hunting podcast for the South. We talk tactics, strategy, biology, stories and more for all kinds of southern wild game on public land, private, leases, and hunt clubs. We strive to be entertaining and informational for hunters from across the globe with a focus on whitetail deer and turkey.
…
continue reading
Conversations on governance with leading social scientists around the world. Run by the Centre for the Study of Governance and Society at King’s College London.
…
continue reading
1
A CISO’s Perspective, Defending Against AI & Ransomware Evolution - Kris Lahiri, Jim Broome, Mike Lyborg - ESW Vault
46:35
46:35
Play later
Play later
Lists
Like
Liked
46:35
In this interview, join Swimlane Chief Information Security Officer, Mike Lyborg, and host Akira Brand as we discuss the value of cybersecurity marketplaces from a CISO perspective. Through insightful discussions, unpack the connection between outcomes-driven solutions and tangible business KPIs. This segment is sponsored by Swimlane. Visit https:/…
…
continue reading
Check out this episode from the Secure Digital Life Vault, hand picked by main host Doug White! This segment was originally published on June 14, 2017. Doug and Russ talk about different types of backups, how they work and out-of-band strategies. Show Notes: https://securityweekly.com/vault-swn-14
…
continue reading
1
Achieving Cyber Resilience, External Cybersecurity & Risk Reduction - Margarita Barrero, Andy Grolnick, Alexandre Sieira - ESW Vault
48:15
48:15
Play later
Play later
Lists
Like
Liked
48:15
Organizations today are overwhelmed with the sheer magnitude of potential cybersecurity threats and there is plenty of vendor buzz around AI in Security products, but what is the reality? Threat detection and incident response (TDIR) strategy and execution have never been more critical and are essential in maintaining cyber resilience and strengthe…
…
continue reading
1
Exploring the latest FortiGuard Labs Threat Report - Derek Manky - ESW Vault
40:53
40:53
Play later
Play later
Lists
Like
Liked
40:53
As a special treat for this week's vault episode, we set up a conversation with Derek Manky to discuss Fortinet's FortiGuard Labs Threat Report. This is a bi-annual report put out by FortiGuard Labs, and in my opinion, it just keeps getting better and better. The report is chock full of actionable information and insights. It answered all my questi…
…
continue reading
1
Hacker Heroes - Josh Corman - PSW Vault
1:10:35
1:10:35
Play later
Play later
Lists
Like
Liked
1:10:35
Making The World A More Secure Place: Joshua Corman's Journey and Insights Welcome to an insightful podcast episode featuring Joshua Corman, a prominent figure in the realm of cybersecurity. With a wealth of experience and a keen understanding of the evolving threat landscape, Joshua has established himself as a thought leader and influencer in the…
…
continue reading
1
Securing Shadow Apps & Protecting Data - Guy Guzner, Pranava Adduri - ASW Vault
30:32
30:32
Play later
Play later
Lists
Like
Liked
30:32
With hundreds or thousands of SaaS apps to secure with no traditional perimeter, Identity becomes the focal point for SaaS Security in the modern enterprise. Yet with Shadow IT, now recast as Business-Led IT, quickly becoming normal practice, it’s more complicated than trying to centralize all identities with an Identity Provider (IdP) for Single S…
…
continue reading
1
Collecting Bounties and Building Communities - Ben Sadeghipour - ASW Vault
36:23
36:23
Play later
Play later
Lists
Like
Liked
36:23
Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on April 18, 2023. We talk with Ben about the rewards, hazards, and fun of bug bounty programs. Then we find out different ways to build successful and welcoming communities. Show Notes: https://securityweekly.com/vault-asw-9…
…
continue reading
Check out this episode from the Secure Digital Life Vault, hand picked by main host Doug White! This segment was originally published on June 8, 2017. Doug and Russ swim the warm waters of academia, college degrees, types of degrees, and whether or not you need one. Show Notes: https://securityweekly.com/vault-swn-13…
…
continue reading
1
The VC Perspective: Embracing Uncertainty & Staying the Course - Alberto Yépez - BSW Vault
35:58
35:58
Play later
Play later
Lists
Like
Liked
35:58
Check out this interview from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on June 27, 2022. Forgepoint Capital’s Co-Founder and Managing Director, Alberto Yépez, explains what the current economic challenges mean for innovation and the future of the cybersecurity market. Hear his perspective on what …
…
continue reading
1
Shifting Third Party Risk & What You Need to Know About PCI DSS 4.0 - Lynn Marks, Paul Valente - BSW Vault
29:26
29:26
Play later
Play later
Lists
Like
Liked
29:26
Explore how to transform your third party risk program from a business bottleneck to a business driver. Discover how evidence-based security documentation and AI can streamline risk assessments, completing them in days not months. This data-driven approach will reduce TPRM backlog and allow your security team to move faster, identify risk proactive…
…
continue reading
1
This Week: short on funding, long on research and analysis & RSAC Interviews - ESW #363
2:39:17
2:39:17
Play later
Play later
Lists
Like
Liked
2:39:17
Only one funding announcement this week, so we dive deep into Thoma Bravo's past and present portfolio. They recently announced a sale of Venafi to Cyberark and no one is quite sure how much of a hand they had in the LogRhythm/Exabeam merger, and whether or not they sold their stake in the process. We also have a crazy stat Ross Haleliuk spotted in…
…
continue reading
1
Pen Testing As A Service - Seemant Sehgal - PSW #830
2:52:21
2:52:21
Play later
Play later
Lists
Like
Liked
2:52:21
The Security Weekly crew and special guest Seemant Sehgal explore what PTaaS involves, how it differs from traditional penetration testing, and why it's becoming a crucial service for companies of all sizes to protect their digital assets. We'll discuss the how PTaaS is using the latest technologies (e.g machine learning), the benefits of having a …
…
continue reading
1
SWN #388- Big Tech, Fighting a Junta, Keylogger in Microsoft , APT Hackers, Free Laundry, Joshua Marpet & more
24:23
24:23
Play later
Play later
Lists
Like
Liked
24:23
Big Tech, Fighting a Junta, Keylogger in Microsoft , APT Hackers, Free Laundry, Joshua Marpet & more on this edition of the Security Weekly News! Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-388
…
continue reading
1
Node.js Secure Coding - Oliver Tavakoli, Chris Thomas, Liran Tal - ASW #286
1:09:05
1:09:05
Play later
Play later
Lists
Like
Liked
1:09:05
Secure coding education should be more than a list of issues or repeating generic advice. Liran Tal explains his approach to teaching developers through examples that start with exploiting known vulns and end with discussions on possible fixes. Not only does this create a more engaging experience, but it also relies on code that looks familiar to d…
…
continue reading
1
Security Money: Rubrick Saves The Index As It Continues To Climb - Jim Simpson, Theresa Lanowitz - BSW #351
56:01
56:01
Play later
Play later
Lists
Like
Liked
56:01
This week, it’s time for security money, our quarterly review of the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter. This quarter, Rubrick's IPO saves the index, as Cisco finishes the acquisition of Splunk. The index is now made up of the following 25 pure play cybersecurity public com…
…
continue reading
1
Microsoft, North Korea, Santander, CISA, Deepfakes, Aaran Leyland & More - SWN #387
32:00
32:00
Play later
Play later
Lists
Like
Liked
32:00
Microsoft, North Korea, Santander, CISA, Deepfakes, Aaran Leyland & more on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-387
…
continue reading
1
Post-RSAC, Our Heads Are Spinning, and Big News Keeps on Coming! Plus On-Site Interviews from RSAC - ESW #362
2:27:32
2:27:32
Play later
Play later
Lists
Like
Liked
2:27:32
Suddenly SIEMs are all over the news! In a keynote presentation, Crowdstrike CEO George Kurtz talked about the company's "next-gen" SIEM. Meanwhile, Palo Alto, who was taken to task by some for not having an active presence on the RSAC expo floor, hits the headlines for acquiring IBM's SIEM product, just to shut it down! Meanwhile, LogRhythm and Ex…
…
continue reading
1
The Impacts Of Cryptocurrency - Nicholas Weaver - PSW #829
3:12:50
3:12:50
Play later
Play later
Lists
Like
Liked
3:12:50
Has cryptocurrency done more harm than good? Our guest for this segment has some interesting views on its impacts! Vulnrichment (I just like saying that word), Trustworthy Computing Memo V2, SSID confusion, the Flipper Zero accessory for Dads, the state of exploitation, Hackbat, Raspberry PI Connect, leaking VPNs, exploiting faster?, a new Outlook …
…
continue reading
1
3000 Years Ago, Dell, Robocalls, PyPI, Cinterion, Cacti, Chat-GPT, Josh Marpet... - SWN #386
36:58
36:58
Play later
Play later
Lists
Like
Liked
36:58
3000 Years Ago, Dell, Robocalls, PyPI, Cinterion, Cacti, Chat-GPT, Windows, Josh Marpet, and more, on this Edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-386
…
continue reading
1
Inside the OWASP Top 10 for LLM Applications - Sandy Dunn, Mike Fey, Josh Lemos - ASW #285
1:06:40
1:06:40
Play later
Play later
Lists
Like
Liked
1:06:40
Everyone is interested in generative AIs and LLMs, and everyone is looking for use cases and apps to apply them to. Just as the early days of the web inspired the original OWASP Top 10 over 20 years ago, the experimentation and adoption of LLMs has inspired a Top 10 list of their own. Sandy Dunn talks about why the list looks so familiar in many wa…
…
continue reading
1
Identity Resilience: The Next Frontier in Security - Hed Kovetz, Ray Zadjmool, Jeff Margolies - BSW #350
1:01:22
1:01:22
Play later
Play later
Lists
Like
Liked
1:01:22
In today's enterprises, the Identity Access Management (IAM) System is the key to a business' critical operations. But that IAM environment is more vulnerable than most security executives realize. Segment Resources: https://www.mightyid.com/articles/the-r-in-itdr-the-missing-piece-in-identity-threat-detection-and-response https://www.mightyid.com/…
…
continue reading
1
Easy Passwords, BIG-IP, Ascension, Lockbit, Google, Poland, ZScaler, Aaran Leyland... - SWN #385
36:57
36:57
Play later
Play later
Lists
Like
Liked
36:57
Easy Passwords, BIG-IP, Ascension, Lockbit, Google, Poland, ZScaler, Aaran Leyland, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-385
…
continue reading
1
Executive Interviews from RSAC! - ESW #361
2:09:12
2:09:12
Play later
Play later
Lists
Like
Liked
2:09:12
Tune in to hear 9 executive interviews from RSA Conference 2024, featuring speakers from Zscaler, Open Systems, Aryaka, OpenText, Hive Pro, Critical Start, Anomali, Cyware, and Pentera! Find individual descriptions for each interview on the show notes. Show Notes: https://securityweekly.com/esw-361
…
continue reading
1
Corporate Ransomware Deep Dive - Jeremiah Grossman, Mikko Hypponen - PSW #828
1:56:15
1:56:15
Play later
Play later
Lists
Like
Liked
1:56:15
In this RSAC 2024 South Stage Keynote, Mikko Hyppönen will look back at the past decade of ransomware evolution and explore how newer innovations, like AI, are shaping its future. Illuminating the Cybersecurity Path: A Conversation with Jeremiah Grossman Join us for a compelling episode featuring Jeremiah Grossman, a prominent figure in the cyberse…
…
continue reading
1
Tetris, APT42, Kimsuky, Android, ChatRTX, MITRE, Computer Dating, Josh Marpet, More - SWN #384
37:44
37:44
Play later
Play later
Lists
Like
Liked
37:44
Tetris, APT42, Kimsuky, Android, ChatRTX, MITRE, Computer Dating, Josh Marpet, and more, on this Edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-384
…
continue reading
1
AI & Hype & Security (Oh My!) & Hacking AI Bias - Caleb Sima, Keith Hoodlet - ASW #284
1:04:57
1:04:57
Play later
Play later
Lists
Like
Liked
1:04:57
A lot of AI security has nothing to do with AI -- things like data privacy, access controls, and identity are concerns for any new software and in many cases AI concerns look more like old-school API concerns. But...there are still important aspects to AI safety and security, from prompt injection to jailbreaking to authenticity. Caleb Sima explain…
…
continue reading
1
Say Easy, Do Hard - Train How You Fight, Part 1 - Malcolm Harkins - BSW #349
1:00:29
1:00:29
Play later
Play later
Lists
Like
Liked
1:00:29
Inspired by my co-host Jason Albuquerque, this quarter's Say Easy, Do Hard segment is Train How You Fight. In part 1, we discuss the importance of training for a cyber incident. However, lots of organizations do not take it seriously, causing mistakes during an actual cyber incident. How will the lack of preparation impact your organization during …
…
continue reading
1
Weird Al, Docker, OT, Gitlab, Credit Monitoring, Dropbox, Cisco, AI, Aaran Leyland... - SWN #383
35:15
35:15
Play later
Play later
Lists
Like
Liked
35:15
Weird Al, Docker, OT, Gitlab, Credit Monitoring, Dropbox, Cisco, AI, Aaran Leyland, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-383
…
continue reading
1
Preparation: The Less Shiny Side of Incident Response - Joe Gross - ESW #360
1:57:07
1:57:07
Play later
Play later
Lists
Like
Liked
1:57:07
It's the most boring part of incident response. Skip it at your peril, however. In this interview, we'll talk to Joe Gross about why preparing for incident response is so important. There's SO MUCH to do, we'll spend some time breaking down the different tasks you need to complete long before an incident occurs. Resources 5 Best Practices for Build…
…
continue reading
The Security Weekly crew discusses some of the latest articles and research in cryptography and some background relevant subtopics including the race against quantum computing, key management, creating your own crypto, selecting the right crypto and more! https://www.globalsecuritymag.com/keysight-introduces-testing-capabilities-to-strengthen-post-…
…
continue reading
1
AI, Okta, Chrome, Quantum, Kaiser Permanente, FTC, FCC, NCSC, Josh Marpet, and more. - SWN #382
37:17
37:17
Play later
Play later
Lists
Like
Liked
37:17
AI, Okta, Chrome, Quantum, Kaiser Permanente, FTC, FCC, NCSC, Josh Marpet, and more, are on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-382
…
continue reading
1
Why Companies Continue to Struggle with Supply Chain Security - Melinda Marks - ASW #283
1:19:42
1:19:42
Play later
Play later
Lists
Like
Liked
1:19:42
Companies deploy tools (usually lots of tools) to address different threats to supply chain security. Melinda Marks shares some of the chaos those companies still face when trying to prioritize investments, measure risk, and scale their solutions to keep pace with their development. Not only are companies still figuring out supply chain, but now th…
…
continue reading
1
Meet Silver SAML: Golden SAML in the Cloud - Eric Woodruff - BSW #348
59:35
59:35
Play later
Play later
Lists
Like
Liked
59:35
A hybrid workforce requires hybrid identity protection. But what are the threats facing a hybrid workforce? As identity becomes the new perimeter, we need to understand the attacks that can allow attackers access to our applications. Eric Woodruff, Product Technical Specialist at Semperis, joins Business Security Weekly to discuss those attacks, in…
…
continue reading
1
TikTok, Flowmon, Cisco, Brokewell, RuggedCom, Deepfakes, Non-Competes, Aaran Leyland - SWN #381
38:11
38:11
Play later
Play later
Lists
Like
Liked
38:11
TikTok, Flowmon, Arcane Door, Brokewell, RuggedCom, Deepfakes, Non-Competes, Aaran Leyland, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-381
…
continue reading
1
Advising The President On Cyber-Physical Resilience - Philip Venables - PSW #826
2:50:30
2:50:30
Play later
Play later
Lists
Like
Liked
2:50:30
On February 27, 2024, PCAST (President’s Council of Advisors on Science and Technology) sent a report to the President with recommendations to bolster the resilience and adaptability of the nation’s cyber-physical infrastructure resources. Phil was part of the team that worked on the report and comes on the show to talk about what was recommended a…
…
continue reading
1
Autonomous - I don't think that word means what you think it means - Adam Shostack, Ely Kahn - ESW #359
1:57:31
1:57:31
Play later
Play later
Lists
Like
Liked
1:57:31
A clear pattern with startups getting funding this week are "autonomous" products and features. Automated detection engineering Autonomously map and predict malicious infrastructure ..."helps your workforce resolve their own security issues autonomously" automated remediation automated compliance management & reporting I'll believe it when I see it…
…
continue reading
1
Robofly, CRUSHFTP, Github, Palo Alto, MITRE, Fancy Bear, Deepfakes, Aaran Leyland... - SWN #380
37:02
37:02
Play later
Play later
Lists
Like
Liked
37:02
Robofly, CRUSHFTP, Github, Palo Alto, MITRE, Fancy Bear, Deepfakes, Aaran Leyland, and more, on this Edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-380
…
continue reading
1
Sustainable Funding of Open Source Tools - Mark Curphey, Simon Bennetts - ASW #282
1:17:57
1:17:57
Play later
Play later
Lists
Like
Liked
1:17:57
How can open source projects find a funding model that works for them? What are the implications with different sources of funding? Simon Bennetts talks about his stewardship of Zed Attack Proxy and its journey from OWASP to OpenSSF to an Open Source Fellowship with Crash Override. Mark Curphy adds how his experience with OWASP and the appsec commu…
…
continue reading
1
What does DoD’s CMMC Requirement Mean for American Businesses - Edward Tuorinsky, Mike Lyborg - BSW #347
1:04:41
1:04:41
Play later
Play later
Lists
Like
Liked
1:04:41
Since 2016, we been hearing about the impending impact of CMMC. But so far, it's only been words. That looks to be changing. Edward Tourinsky, Founder & Managing Principal at DTS, joins Business Security Weekly to discuss the coming impact of CMMC v3. Edward will cover: The background of CMMC Standardization of CMMC CMMC v3 changes and implementati…
…
continue reading
1
Win 95, LastPass, Kubernetes, Sandworm, Bloomtech, Frontier, 911, Aaran Leyland... - SWN #379
34:41
34:41
Play later
Play later
Lists
Like
Liked
34:41
Win 95, Cheat Lab, LastPass, Kubernetes, Sandworm, Bloomtech, Frontier, 911, Aaran Leyland, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-379
…
continue reading
1
From Hackers to Streakers - How Counterintelligence Teams are Protecting the NFL - Joe McMann - ESW #358
1:47:19
1:47:19
Play later
Play later
Lists
Like
Liked
1:47:19
Protecting a normal enterprise environment is already difficult. What must it be like protecting a sports team? From the stadium to merch sales to protecting team strategies and even the players - securing an professional sports team and its brand is a cybersecurity challenge on a whole different level. In this interview, we'll talk to Joe McMann a…
…
continue reading
1
PCI 4.0 - Winn Schwartau - PSW #825
2:07:44
2:07:44
Play later
Play later
Lists
Like
Liked
2:07:44
Version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS) puts greater emphasis on application security than did previous versions of the standard. It also adds a new “customized approach” option that allows merchants and other entities to come up with their own ways to comply with requirements, and which also has implications for a…
…
continue reading
1
Duo, Steganography, Roku, Palo Alto, Putty, Cerebral, IPOs, SanDisk, & Josh Marpet - SWN #378
33:35
33:35
Play later
Play later
Lists
Like
Liked
33:35
Duo, Steganography, Roku, Palo Alto, Putty, Cerebral, IPOs, SanDisk, Josh Marpet, and more, on this Edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-378
…
continue reading
1
Demystifying Security Engineering Career Tracks - Karan Dwivedi - ASW #281
1:03:23
1:03:23
Play later
Play later
Lists
Like
Liked
1:03:23
There are as many paths into infosec as there are disciplines within infosec to specialize in. Karan Dwivedi talks about the recent book he and co-author Raaghav Srinivasan wrote about security engineering. There's an appealing future to security taking on engineering roles and creating solutions to problems that orgs face. We talk about the breadt…
…
continue reading
1
From Idea to Success: How to Operationalize a Startup from Zero to Exit - Seth Spergel - BSW #346
55:40
55:40
Play later
Play later
Lists
Like
Liked
55:40
Startup founders dream of success, but it's much harder than it looks. As a former founder, I know the challenges of cultivating an idea, establishing product market fit, growing revenue, and finding the right exit. Trust me, it doesn't always end well. In this interview, we welcome Seth Spergel, Managing Partner at Merlin Ventures, to discuss how …
…
continue reading
1
Combadges, SISENSE, Microsoft, CISA, Lastpass, Palo Alto, Broadband, Aaran and More - SWN #377
30:44
30:44
Play later
Play later
Lists
Like
Liked
30:44
Combadges, SISENSE, Microsoft, Malware Next-Gen, Lastpass, Palo Alto, Broadband, Aaran Leyland, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-377
…
continue reading
1
Understanding KillNet and Recent Waves of DDoS Attacks - Michael Smith - ESW #357
1:42:25
1:42:25
Play later
Play later
Lists
Like
Liked
1:42:25
In the days when Mirai emerged and took down DynDNS, along with what seemed like half the Internet, DDoS was as active a topic in the headlines as it was behind the scenes (check out Andy Greenberg's amazing story on Mirai on Wired). We don't hear about DDoS attacks as much anymore. What happened? Well, they didn't go away. DDoS attacks are a more …
…
continue reading
1
Digging Into Supply Chain Security - James McMurry - PSW #824
3:00:28
3:00:28
Play later
Play later
Lists
Like
Liked
3:00:28
Jim joins the Security Weekly crew to discuss all things supply chain! Given the recent events with XZ we still have many topics to explore, especially when it comes to practical advice surrounding supply chain threats. Ahoi new VM attacks ahead! HTTP/2 floods, USB Hid and run, forwarded email tricks, attackers be scanning, a bunch of nerds write s…
…
continue reading
1
Dronepocalypse, Microsoft, DLINK, Home Depot, Phishing, NIST, VenomRat, Josh Marpet - SWN #376
35:45
35:45
Play later
Play later
Lists
Like
Liked
35:45
Dronepocalypse, Privacy, Microsoft, DLINK, Home Depot, Phishing, NIST, VenomRat, Josh Marpet, and more, are on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-376
…
continue reading
1
Lessons That The XZ Utils Backdoor Spells Out - Farshad Abasi - ASW #280
1:00:18
1:00:18
Play later
Play later
Lists
Like
Liked
1:00:18
We look into the supply chain saga of the XZ Utils backdoor. It's a wild story of a carefully planned long con to add malicious code to a commonly used package that many SSH connections rely on. It hits themes from social engineering and abuse of trust to obscuring the changes and suppressing warnings. It also has a few lessons about software devel…
…
continue reading