))
For the latest in computer security news, hacking, and research! We sit around, drink beer, and talk security. Our show will feature technical segments that show you how to use the latest tools and techniques. Special guests appear on the show to enlighten us and change your perspective on information security. Note: This is only Paul's Security Weekly, a 2-hour show recorded once per week.
…
continue reading
If you're looking for a bunch of us security nerds to get together and talk shop, then Paul’s Security Weekly is for you. This show features interviews with folks in the security community; technical segments, which are just that, very technical; and security news, which is an open discussion forum for the hosts to express their opinions about the latest security headlines, breaches, new exploits and vulnerabilities, “not” politics, “cyber” policies and more. The topics vary greatly and the ...
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
1
Do We Need Penetration Testing and Vulnerability Scanning? - Josh Bressers, Adrian Sanabria - PSW #833
2:51:52
2:51:52
Play later
Play later
Lists
Like
Liked
2:51:52
This may be controversial, however, we've been privately discussing how organizations benefit from penetration testing and vulnerability scanning. Do you still need these services as a critical part of your security program? Can't you just patch stuff that is missing patches? Tune in for a lively debate! Zyxl NAS devices are under attack and the ex…
…
continue reading
1
Do We Need Penetration Testing and Vulnerability Scanning? - Adrian Sanabria, Josh Bressers - PSW #833
1:00:55
1:00:55
Play later
Play later
Lists
Like
Liked
1:00:55
This may be controversial, however, we've been privately discussing how organizations benefit from penetration testing and vulnerability scanning. Do you still need these services as a critical part of your security program? Can't you just patch stuff that is missing patches? Tune in for a lively debate! Show Notes: https://securityweekly.com/psw-8…
…
continue reading
1
Analyzing the CrowdStrike Incident and Its Ripple Effects - SWN #399
42:23
42:23
Play later
Play later
Lists
Like
Liked
42:23
In this episode of Security Weekly News, Dr. Doug White and Josh Marpet delve into the widespread impact of the recent CrowdStrike and Microsoft technical issue, which disrupted various industries, including airlines, DMVs, and hospitals. They discuss the interconnectedness of modern systems, the reliance on automatic updates, and the critical need…
…
continue reading
1
Analyzing the CrowdStrike Incident and Its Ripple Effects - SWN #399
42:17
42:17
Play later
Play later
Lists
Like
Liked
42:17
In this episode of Security Weekly News, Dr. Doug White and Josh Marpet delve into the widespread impact of the recent CrowdStrike and Microsoft technical issue, which disrupted various industries, including airlines, DMVs, and hospitals. They discuss the interconnectedness of modern systems, the reliance on automatic updates, and the critical need…
…
continue reading
1
Rumored Wiz Deal Would be HISTORIC (if it happens), redefining shared responsibility - ESW #368
54:43
54:43
Play later
Play later
Lists
Like
Liked
54:43
In this week's enterprise security news, Google is rumored to be considering acquiring Wiz for $23 BILLION ThreatConnect acquires Polarity XBOW and Sola Security are interesting new companies we’ll discuss What does “shared responsibility” actually mean? Palo Alto probably isn’t going to buy your startup Snowflake-related breaches continue getting …
…
continue reading
1
Jump-starting SOC Analyst Careers, Addressing Cybersecurity Industry Challenges, and Historic Rumors in Enterprise Security - ESW #368
2:06:23
2:06:23
Play later
Play later
Lists
Like
Liked
2:06:23
In this episode of Enterprise Security Weekly, we revisit the insightful book "Jump-start Your SOC Analyst Career" with authors Jarrett Rodrick and Tyler Wall, exploring updates on career paths, opportunities, and the industry's reality. We delve into the myths versus the truths about cybersecurity careers, discussing the viability of high salaries…
…
continue reading
1
What's wrong with the cybersecurity industry and what we can do about it - Richard Hollis - ESW #368
36:47
36:47
Play later
Play later
Lists
Like
Liked
36:47
On this segment, we're going to zoom all the way out to discuss one of my favorite topics: what's fundamentally wrong with this industry? I believe we're at an inflection point: security teams have budget, staff, and more sway at the board level than ever. The cybersecurity market is doing great - growing at an astonishing rate with cyber startups …
…
continue reading
1
Book Discussion: Jump-start Your SOC Analyst Career - Jarrett Rodrick, Tyler Wall - ESW #368
34:39
34:39
Play later
Play later
Lists
Like
Liked
34:39
Three years after we last discussed this book on episode #221, Jarrett Rodrick returns, joined by co-author Tyler Wall to discuss an update of the book. We talk opportunities and layoffs. Career paths and experience. Degrees, certifications, and home labs. We talk about who cybersecurity is the right field for, and the pros and cons of the industry…
…
continue reading
Find new flaws in UEFI using STASE, combining vulnerabilities to exploit Sonicwall Devices, remote BMC exploits, Netgear patches, and not a lot of information, 22 minutes before exploited, if the secrets were lost, we'd all be in screwed, Exim has not been replaced by something better and its vulnerable, CISA's red team reports, and attackers use d…
…
continue reading
Find new flaws in UEFI using STASE, combining vulnerabilities to exploit Sonicwall Devices, remote BMC exploits, Netgear patches, and not a lot of information, 22 minutes before exploited, if the secrets were lost, we'd all be in screwed, Exim has not been replaced by something better and its vulnerable, CISA's red team reports, and attackers use d…
…
continue reading
1
3D Printing For Hackers - David Johnson - PSW #835
1:03:50
1:03:50
Play later
Play later
Lists
Like
Liked
1:03:50
Thinking about getting a 3D printer or have one and need a good primer? Check out this segment, we live 3D print a Captain Crunch whistle and talk all about 3D printing for hackers! Segment Resources: Slides used in this segment: https://files.scmagazine.com/wp-content/uploads/2024/07/3D-Printing-for-Hackers.pdf Major 3D Printer Websites: https://v…
…
continue reading
1
3D Printing For Hackers - David Johnson - PSW #835
1:03:50
1:03:50
Play later
Play later
Lists
Like
Liked
1:03:50
Thinking about getting a 3D printer or have one and need a good primer? Check out this segment, we live 3D print a Captain Crunch whistle and talk all about 3D printing for hackers! Segment Resources: Slides used in this segment: https://files.scmagazine.com/wp-content/uploads/2024/07/3D-Printing-for-Hackers.pdf Major 3D Printer Websites: https://v…
…
continue reading
1
3D Printing For Hackers - David Johnson - PSW #835
3:01:58
3:01:58
Play later
Play later
Lists
Like
Liked
3:01:58
Thinking about getting a 3D printer or have one and need a good primer? Check out this segment, we live 3D print a Captain Crunch whistle and talk all about 3D printing for hackers! Segment Resources: Slides used in this segment: https://files.scmagazine.com/wp-content/uploads/2024/07/3D-Printing-for-Hackers.pdf Major 3D Printer Websites: https://v…
…
continue reading
1
3D Printing For Hackers - David Johnson - PSW #835
3:01:58
3:01:58
Play later
Play later
Lists
Like
Liked
3:01:58
Thinking about getting a 3D printer or have one and need a good primer? Check out this segment, we live 3D print a Captain Crunch whistle and talk all about 3D printing for hackers! Segment Resources: Slides used in this segment: https://files.scmagazine.com/wp-content/uploads/2024/07/3D-Printing-for-Hackers.pdf Major 3D Printer Websites: https://v…
…
continue reading
1
A 2024 Appsec Report, Preparing for the AIxCC, Secure Design and Post-Quantum Crypto - ASW #291
35:58
35:58
Play later
Play later
Lists
Like
Liked
35:58
Cloudflare's 2024 appsec report, reasoning about the Cyber Reasoning Systems for the upcoming AIxCC semifinals at DEF CON, lessons in secure design from post-quantum cryptography, and more! Show Notes: https://securityweekly.com/asw-291
…
continue reading
1
Floppy Disks, Exim, Kaspersky, Darkgate, AT&T, Josh Marpet and more... - SWN #398
29:20
29:20
Play later
Play later
Lists
Like
Liked
29:20
Floppy Disks, Exim, Kaspersky, Darkgate, AT&T, Josh Marpet, and more are on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-398
…
continue reading
1
Floppy Disks, Exim, Kaspersky, Darkgate, AT&T, Josh Marpet and more... - SWN #398
29:20
29:20
Play later
Play later
Lists
Like
Liked
29:20
Floppy Disks, Exim, Kaspersky, Darkgate, AT&T, Josh Marpet, and more are on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-398
…
continue reading
1
Producing Secure Code by Leveraging AI - Stuart McClure - ASW #291
1:09:02
1:09:02
Play later
Play later
Lists
Like
Liked
1:09:02
How can LLMs be valuable to developers as an assistant in finding and fixing insecure code? There are a lot of implications in trusting AI or LLMs to not only find vulns, but in producing code that fixes an underlying problem without changing an app's intended behavior. Stuart McClure explains how combining LLMs with agents and RAGs helps make AI-i…
…
continue reading
1
Producing Secure Code by Leveraging AI - Stuart McClure - ASW #291
33:06
33:06
Play later
Play later
Lists
Like
Liked
33:06
How can LLMs be valuable to developers as an assistant in finding and fixing insecure code? There are a lot of implications in trusting AI or LLMs to not only find vulns, but in producing code that fixes an underlying problem without changing an app's intended behavior. Stuart McClure explains how combining LLMs with agents and RAGs helps make AI-i…
…
continue reading
1
Board and CEO Understanding of CyberSecurity as CISOs Grapple with the C-Suite - BSW #356
30:55
30:55
Play later
Play later
Lists
Like
Liked
30:55
In the leadership and communications section, The Board’s understanding of cybersecurity, What does your CEO need to know about cybersecurity?, As CISOs grapple with the C-suite, job satisfaction takes a hit, and more! Show Notes: https://securityweekly.com/bsw-356
…
continue reading
1
Solving the Complexities of Cyber Insurance for SMBs - Brian Fritton - BSW #356
35:29
35:29
Play later
Play later
Lists
Like
Liked
35:29
Cyber insurance underwriting is all over the map. With such a variation in application requirements, how should small and medium businesses prepare to receive the best policy for the price? Brian Fritton joins Business Security Weekly to discuss a systematic approach to preparing for cyber insurance. By working with the underwriters, this approach …
…
continue reading
1
Solving the Complexities of Cyber Insurance for SMBs - Brian Fritton - BSW #356
1:06:15
1:06:15
Play later
Play later
Lists
Like
Liked
1:06:15
Cyber insurance underwriting is all over the map. With such a variation in application requirements, how should small and medium businesses prepare to receive the best policy for the price? Brian Fritton joins Business Security Weekly to discuss a systematic approach to preparing for cyber insurance. By working with the underwriters, this approach …
…
continue reading
1
Autobahn, APT 40, Meliorator, RADIUS, AT&T, Apple, Josh Marpet, and More... - SWN #397
34:19
34:19
Play later
Play later
Lists
Like
Liked
34:19
Wir fahren auf der AutoBahn, APT 40, Meliorator, RADIUS, AT&T, Apple, Josh Marpet, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-397
…
continue reading
1
Autobahn, APT 40, Meliorator, RADIUS, AT&T, Apple, Josh Marpet, and More... - SWN #397
34:19
34:19
Play later
Play later
Lists
Like
Liked
34:19
Wir fahren auf der AutoBahn, APT 40, Meliorator, RADIUS, AT&T, Apple, Josh Marpet, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-397
…
continue reading
1
Joiners, Movers, Leavers, and Failures: Why is Identity Management Still Struggling? - Henrique Teixeira - ESW #367
1:31:28
1:31:28
Play later
Play later
Lists
Like
Liked
1:31:28
I'm always thrilled to chat with ex-analysts, and Henrique Teixeira can cover a lot of ground with us on the topic of identity management and governance. The more I talk to folks about IAM/IGA, the more I'm shocked at how little has changed. If anything, it seems like we've gone backwards a bit, with the addition of cloud SaaS, mobile devices, and …
…
continue reading
1
More Vulnerability Shenanigans - PSW #834
2:21:14
2:21:14
Play later
Play later
Lists
Like
Liked
2:21:14
Bats in your headset, Windows Wifi driver vulnerabilities, Logitech's dongles, lighthttpd is heavy with vulnerabilities, node-ip's not vulnerability, New Intel CPU non-attacks, Blast Radius, Flipper Zero alternatives, will OpenSSH be exploited, emergency Juniper patches, and the D-Link botnet grows. Show Notes: https://securityweekly.com/psw-834…
…
continue reading
1
More Vulnerability Shenanigans - PSW #834
2:21:14
2:21:14
Play later
Play later
Lists
Like
Liked
2:21:14
Bats in your headset, Windows Wifi driver vulnerabilities, Logitech's dongles, lighthttpd is heavy with vulnerabilities, node-ip's not vulnerability, New Intel CPU non-attacks, Blast Radius, Flipper Zero alternatives, will OpenSSH be exploited, emergency Juniper patches, and the D-Link botnet grows. Show Notes: https://securityweekly.com/psw-834…
…
continue reading
1
Rockyou2024 is a scam, Google has a whoopsie, and AI is giving folks indigestion - ESW #367
58:01
58:01
Play later
Play later
Lists
Like
Liked
58:01
In this week's enterprise security news, Seed rounds are getting huge Lots of funding for niche security vendors Rapid7 acquires Noetic Cyber but Rapid7 is also rumored to sell itself! Slack battles infostealers The loss of Chevron deference impacts cyber Should cybersecurity put up a no vacancy sign? Figma and Google both make some embarrassing mi…
…
continue reading
1
Joiners, Movers, Leavers, and Failures: Why is Identity Management Still Struggling? - Henrique Teixeira - ESW #367
33:10
33:10
Play later
Play later
Lists
Like
Liked
33:10
I'm always thrilled to chat with ex-analysts, and Henrique Teixeira can cover a lot of ground with us on the topic of identity management and governance. The more I talk to folks about IAM/IGA, the more I'm shocked at how little has changed. If anything, it seems like we've gone backwards a bit, with the addition of cloud SaaS, mobile devices, and …
…
continue reading
Iceman comes on the show to talk about RFID and NFC hacking including the tools, techniques, and hardware. We'll also talk about the ethics behind the disclosure of vulnerabilities and weaknesses in these systems that are used in everything from building access to cars. Segment Resources: Youtube channel - https://www.youtube.com/@iceman1001 Proxma…
…
continue reading
