The Talk of the Apple Community
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
ProgramZERO aumenta la tua produttività personale e aziendale grazie a strumenti digitali. #Evernote ma non solo.
…
continue reading
Immutability refers to the incapability for modification or erasure. Join solutions architects Stefan Ferrari and Ian Hall from CMS Distribution in their discussion of all things Enterprise Technology. CMS is a value-added technology distributor, meaning our in-house team of solutions experts act as a technical resource for clients who lack the infrastructure and knowledge to configure complex requirements. In the spirit of exceeding expectations, we are thrilled to be sharing some of our ex ...
…
continue reading
1
Advising The President On Cyber-Physical Resilience - Philip Venables - PSW #826
2:50:30
2:50:30
Play later
Play later
Lists
Like
Liked
2:50:30
On February 27, 2024, PCAST (President’s Council of Advisors on Science and Technology) sent a report to the President with recommendations to bolster the resilience and adaptability of the nation’s cyber-physical infrastructure resources. Phil was part of the team that worked on the report and comes on the show to talk about what was recommended a…
…
continue reading
1
Autonomous - I don't think that word means what you think it means - Adam Shostack, Ely Kahn - ESW #359
1:57:31
1:57:31
Play later
Play later
Lists
Like
Liked
1:57:31
A clear pattern with startups getting funding this week are "autonomous" products and features. Automated detection engineering Autonomously map and predict malicious infrastructure ..."helps your workforce resolve their own security issues autonomously" automated remediation automated compliance management & reporting I'll believe it when I see it…
…
continue reading
1
Robofly, CRUSHFTP, Github, Palo Alto, MITRE, Fancy Bear, Deepfakes, Aaran Leyland... - SWN #380
37:02
37:02
Play later
Play later
Lists
Like
Liked
37:02
Robofly, CRUSHFTP, Github, Palo Alto, MITRE, Fancy Bear, Deepfakes, Aaran Leyland, and more, on this Edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-380
…
continue reading
1
Sustainable Funding of Open Source Tools - Mark Curphey, Simon Bennetts - ASW #282
1:17:57
1:17:57
Play later
Play later
Lists
Like
Liked
1:17:57
How can open source projects find a funding model that works for them? What are the implications with different sources of funding? Simon Bennetts talks about his stewardship of Zed Attack Proxy and its journey from OWASP to OpenSSF to an Open Source Fellowship with Crash Override. Mark Curphy adds how his experience with OWASP and the appsec commu…
…
continue reading
1
What does DoD’s CMMC Requirement Mean for American Businesses - Edward Tuorinsky, Mike Lyborg - BSW #347
1:04:41
1:04:41
Play later
Play later
Lists
Like
Liked
1:04:41
Since 2016, we been hearing about the impending impact of CMMC. But so far, it's only been words. That looks to be changing. Edward Tourinsky, Founder & Managing Principal at DTS, joins Business Security Weekly to discuss the coming impact of CMMC v3. Edward will cover: The background of CMMC Standardization of CMMC CMMC v3 changes and implementati…
…
continue reading
1
Win 95, LastPass, Kubernetes, Sandworm, Bloomtech, Frontier, 911, Aaran Leyland... - SWN #379
34:41
34:41
Play later
Play later
Lists
Like
Liked
34:41
Win 95, Cheat Lab, LastPass, Kubernetes, Sandworm, Bloomtech, Frontier, 911, Aaran Leyland, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-379
…
continue reading
1
From Hackers to Streakers - How Counterintelligence Teams are Protecting the NFL - Joe McMann - ESW #358
1:47:19
1:47:19
Play later
Play later
Lists
Like
Liked
1:47:19
Protecting a normal enterprise environment is already difficult. What must it be like protecting a sports team? From the stadium to merch sales to protecting team strategies and even the players - securing an professional sports team and its brand is a cybersecurity challenge on a whole different level. In this interview, we'll talk to Joe McMann a…
…
continue reading
1
PCI 4.0 - Winn Schwartau - PSW #825
2:07:44
2:07:44
Play later
Play later
Lists
Like
Liked
2:07:44
Version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS) puts greater emphasis on application security than did previous versions of the standard. It also adds a new “customized approach” option that allows merchants and other entities to come up with their own ways to comply with requirements, and which also has implications for a…
…
continue reading
1
Duo, Steganography, Roku, Palo Alto, Putty, Cerebral, IPOs, SanDisk, & Josh Marpet - SWN #378
33:35
33:35
Play later
Play later
Lists
Like
Liked
33:35
Duo, Steganography, Roku, Palo Alto, Putty, Cerebral, IPOs, SanDisk, Josh Marpet, and more, on this Edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-378
…
continue reading
1
Demystifying Security Engineering Career Tracks - Karan Dwivedi - ASW #281
1:03:23
1:03:23
Play later
Play later
Lists
Like
Liked
1:03:23
There are as many paths into infosec as there are disciplines within infosec to specialize in. Karan Dwivedi talks about the recent book he and co-author Raaghav Srinivasan wrote about security engineering. There's an appealing future to security taking on engineering roles and creating solutions to problems that orgs face. We talk about the breadt…
…
continue reading
1
From Idea to Success: How to Operationalize a Startup from Zero to Exit - Seth Spergel - BSW #346
55:40
55:40
Play later
Play later
Lists
Like
Liked
55:40
Startup founders dream of success, but it's much harder than it looks. As a former founder, I know the challenges of cultivating an idea, establishing product market fit, growing revenue, and finding the right exit. Trust me, it doesn't always end well. In this interview, we welcome Seth Spergel, Managing Partner at Merlin Ventures, to discuss how …
…
continue reading
1
Combadges, SISENSE, Microsoft, CISA, Lastpass, Palo Alto, Broadband, Aaran and More - SWN #377
30:44
30:44
Play later
Play later
Lists
Like
Liked
30:44
Combadges, SISENSE, Microsoft, Malware Next-Gen, Lastpass, Palo Alto, Broadband, Aaran Leyland, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-377
…
continue reading
1
Understanding KillNet and Recent Waves of DDoS Attacks - Michael Smith - ESW #357
1:42:25
1:42:25
Play later
Play later
Lists
Like
Liked
1:42:25
In the days when Mirai emerged and took down DynDNS, along with what seemed like half the Internet, DDoS was as active a topic in the headlines as it was behind the scenes (check out Andy Greenberg's amazing story on Mirai on Wired). We don't hear about DDoS attacks as much anymore. What happened? Well, they didn't go away. DDoS attacks are a more …
…
continue reading
1
Digging Into Supply Chain Security - James McMurry - PSW #824
3:00:28
3:00:28
Play later
Play later
Lists
Like
Liked
3:00:28
Jim joins the Security Weekly crew to discuss all things supply chain! Given the recent events with XZ we still have many topics to explore, especially when it comes to practical advice surrounding supply chain threats. Ahoi new VM attacks ahead! HTTP/2 floods, USB Hid and run, forwarded email tricks, attackers be scanning, a bunch of nerds write s…
…
continue reading
1
Dronepocalypse, Microsoft, DLINK, Home Depot, Phishing, NIST, VenomRat, Josh Marpet - SWN #376
35:45
35:45
Play later
Play later
Lists
Like
Liked
35:45
Dronepocalypse, Privacy, Microsoft, DLINK, Home Depot, Phishing, NIST, VenomRat, Josh Marpet, and more, are on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-376
…
continue reading
1
Lessons That The XZ Utils Backdoor Spells Out - Farshad Abasi - ASW #280
1:00:18
1:00:18
Play later
Play later
Lists
Like
Liked
1:00:18
We look into the supply chain saga of the XZ Utils backdoor. It's a wild story of a carefully planned long con to add malicious code to a commonly used package that many SSH connections rely on. It hits themes from social engineering and abuse of trust to obscuring the changes and suppressing warnings. It also has a few lessons about software devel…
…
continue reading
1
MacVoices #24099: MVL - The AT&T Hack; India Wants Apple To Unlock An iPhone
22:04
22:04
Play later
Play later
Lists
Like
Liked
22:04
Another week, another hack. The MacVoices Live! panel of Chuck Joiner, Dave Ginsburg, Brian Flanigan-Arthurs, Marty Jencius, Eric Bolden, Jeff Gamet, and Guy Serle discuss AT&T’s loss of customer data that has a bit of history to it, as well as a request from India to unlock an iPhone of a political figure. (Spoiler: they said no.) [embed]http://tr…
…
continue reading
1
MacVoices #24098: MVL - Agreeing To Disagree About App Store Fees
29:22
29:22
Play later
Play later
Lists
Like
Liked
29:22
Chuck Joiner, David Ginsburg, Ben Roethig, Jim Rea, Marty Jencius, Brian Flanigan-Arthurs, Web Bixby, Mark Fuccio, and Jeff Gamet conclude a MacVoices Live! conversation about how Apple’s App Store fee critics are charging pretty much the same thing for similar services. That led to a debate over how free apps on the App Store fit into the equation…
…
continue reading
1
MacVoices #24097: MVL - China's Chip Ban; Inflection Team Goes to Microsoft
12:17
12:17
Play later
Play later
Lists
Like
Liked
12:17
The MacVoices Live! crew of Chuck Joiner, David Ginsburg, Ben Roethig, Jim Rea, Marty Jencius, Brian Flanigan-Arthurs, Web Bixby, Mark Fuccio, and Jeff Gamet have a few thoughts on China’s banning of Intel and AMD chips in government computers, and the way Microsoft “acquired” the Inflection team. A simple hiring, or a dodge around the regulators? …
…
continue reading
1
Understanding the Cybersecurity Ecosystem - Ross Haleliuk - BSW #345
1:00:53
1:00:53
Play later
Play later
Lists
Like
Liked
1:00:53
In this discussion, we focus on vendor/tool challenges in infosec, from a security leader's perspective. To quote our guest, Ross, "running a security program is often confused with shopping". You can't buy an effective security program any more than you can buy respect, or a black belt in kung fu (there might be holes in these examples, but you ho…
…
continue reading
1
SEXi, Powerhost, Acuity, Layerslider, JSOutProx, Byakugan, Josh Marpet, and More - SWN #375
33:04
33:04
Play later
Play later
Lists
Like
Liked
33:04
SEXi, AI Dreams, Powerhost, Acuity, Layerslider, JSOutProx, Byakugan, Josh Marpet, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-375
…
continue reading
1
XZ - Backdoors and The Fragile Supply Chain - PSW #823
2:52:20
2:52:20
Play later
Play later
Lists
Like
Liked
2:52:20
As most of you have probably heard there was a scary supply chain attack against the open source compression software called "xz". The security weekly hosts will break down all the details and provide valuable insights. https://blog.qualys.com/vulnerabilities-threat-research/2024/03/29/xz-utils-sshd-backdoor https://gynvael.coldwind.pl/?id=782 http…
…
continue reading
1
Getting Vulnerability Management Back on the Rails - Patrick Garrity - ESW #356
1:57:23
1:57:23
Play later
Play later
Lists
Like
Liked
1:57:23
NVD checked out, then they came back? Maybe? Should the xz backdoor be treated as a vulnerability? Is scan-driven vulnerability management obsolete when it comes to alerting on emerging threats? What were some of the takeaways from the first-ever VulnCon? EPSS is featured in over 100 security products, but is it properly supported by those that ben…
…
continue reading
1
MacVoices #24096: MVL - The DOJ Legal Action Against Apple (2)
33:10
33:10
Play later
Play later
Lists
Like
Liked
33:10
The MacVoices Live! discussion of the DOJ’s action against Apple continues as Chuck Joiner, David Ginsburg, Ben Roethig, Jim Rea, Marty Jencius, Brian Flanigan-Arthurs, Web Bixby, Mark Fuccio, and Jeff Gamet examine some of the more unusual aspects of the pleadings, what Apple’s response will be, and how the media is addressing the developments. (P…
…
continue reading
1
MacVoices #24095: MVL - The DOJ Legal Action Against Apple (1)
31:35
31:35
Play later
Play later
Lists
Like
Liked
31:35
MacVoices Live! digs into the DOJ action against Apple to try to understand what is behind it. Chuck Joiner, David Ginsburg, Ben Roethig, Jim Rea, Marty Jencius, Brian Flanigan-Arthurs, Web Bixby, Mark Fuccio, and Jeff Gamet consider the made-up categories of the iPhone market, the questionable quality of the complaint as a competent legal document…
…
continue reading
1
Lena, XZ, WallEscape, AT&T, OWASP, Google, Microsoft, AI, Josh Marpet, and More - SWN #374
32:57
32:57
Play later
Play later
Lists
Like
Liked
32:57
Lena, XZ, WallEscape, AT&T, OWASP, Google, Microsoft, AI, Josh Marpet, and more, on this Edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-374
…
continue reading
1
Infosec Myths, Mistakes, and Misconceptions - Adrian Sanabria - ASW #279
1:00:57
1:00:57
Play later
Play later
Lists
Like
Liked
1:00:57
Sometimes infosec problems can be summarized succinctly, like "patching is hard". Sometimes a succinct summary sounds convincing, but is based on old data, irrelevant data, or made up data. Adrian Sanabria walks through some of the archeological work he's done to dig up the source of some myths. We talk about some of our favorite (as in most dislik…
…
continue reading
1
CISO Soul Searching: Navigating the Evolving Role of the CISO - Harold Rivas - BSW #344
56:52
56:52
Play later
Play later
Lists
Like
Liked
56:52
Harold Rivas has held multiple CISO roles. In his current CISO role, he's championing Trellix's overall mission to address the issues CISOs face every day, encouraging information sharing and collaborative discussions among the CISO community to help address challenges and solve real problems together - part of this is through Trellix's Mind of the…
…
continue reading
1
MacVoices #24094: MVL - More Switcher Evidence; LinkedIn's Gaming Motivations
22:18
22:18
Play later
Play later
Lists
Like
Liked
22:18
Chuck Joiner, Brian Flanigan-Arthurs, Eric Bolden, Marty Jencius, Jim Rea, Jeff Gamet, and David Ginsburg wrap up a MacVoices Live! discussion by talking about the latest report on switching to the Mac, as well as what might be behind LinkedIn’s announcement that they are adding gaming to their platform. This edition of MacVoices is supported by Ma…
…
continue reading
1
Why cyber hygiene requires curious talent - Clea Ostendorf - ESW #355
1:45:43
1:45:43
Play later
Play later
Lists
Like
Liked
1:45:43
Many years ago, I fielded a survey focused on the culture of cybersecurity. One of the questions asked what initially drew folks to cybersecurity as a career. The most common response was a deep sense of curiosity. Throughout my career, I noticed another major factor in folks that brought a lot of value to security teams: diversity. Diversity of pe…
…
continue reading
1
Electric Sheep, Exchange, Darcula, NuGet, Rockwell, FTX, Aaran Leyland, and More - SWN #373
37:13
37:13
Play later
Play later
Lists
Like
Liked
37:13
AI Dreams of Electric Sheep, Exchange, Darcula, NuGet, Rockwell, FTX, Aaran Leyland, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-373
…
continue reading
Charlotte Henry and Chuck Joiner celebrate a year of the TV+ Talk collaboration by looking at how Apple TV+ has evolved since its beginnings, their original content moving to other services, a recent article citing the quality of the service, and more. Show Notes: Chapters: 00:00 TV Plus Talk Anniversary Reflections 01:46 Apple TV+ Quality Recognit…
…
continue reading
1
MacVoices #24092: MacVoices Update - 2024-03
10:38
10:38
Play later
Play later
Lists
Like
Liked
10:38
The 2024-03 MacVoices Update includes an explanation of why there are monthly updates, an evolution of MacVoices Live! for our non-live listeners and viewers, why MacVoices Magazine is picking up steam again, and the monthly Support Report. Show Notes: Support: Become a MacVoices Patron on Patreon http://patreon.com/macvoices Enjoy this episode? Ma…
…
continue reading
1
Are we winning? - Jason Healey - PSW #822
3:00:55
3:00:55
Play later
Play later
Lists
Like
Liked
3:00:55
Jason Healey comes on the show to discuss new ideas on whether the new national cybersecurity strategy is working. Segment Resources: DEFRAG Hacker Film Festival short documentary (https://youtu.be/NYvHWcQsIRE) on hackers and their favorite films. For educational purposes only, as we don’t have the rights to the clips. YouTube link to Wargames even…
…
continue reading
1
MacVoices #24091: MVL - Roku's Onerous Terms; Apple, Google, and AI; AirTags Under Fire…Again
The privacy theme rolls on as Chuck Joiner, Brian Flanigan-Arthurs, Eric Bolden, Marty Jencius, Jim Rea, Jeff ...
27:17
27:17
Play later
Play later
Lists
Like
Liked
27:17
The privacy theme rolls on as Chuck Joiner, Brian Flanigan-Arthurs, Eric Bolden, Marty Jencius, Jim Rea, Jeff Gamet, and David Ginsburg look at the almost unbelievable Terms of Service in the most recent Roku update and how it applies to which Roku device/channel/app. Then, the MacVoices panel delivers some initial thoughts on what appears to be a …
…
continue reading
1
MacVoices #24090: MVL - Would You Rent An Printer That HP Monitors?
36:16
36:16
Play later
Play later
Lists
Like
Liked
36:16
Our privacy theme continues as the MacVoices Live! panel looks at HP’s new option to rent a printer. Is that a good idea given the seemingly onerous contract terms, let alone the possible privacy concerns over an always-connected-to-the-Internet printer? Chuck Joiner, Brian Flanigan-Arthurs, Eric Bolden, Marty Jencius, Jim Rea, Jeff Gamet, and Davi…
…
continue reading
1
Patrick Stewart, Colorama, Strelastealer, CVSS scores, CHUDS, Josh Marpet, and more - SWN #372
30:05
30:05
Play later
Play later
Lists
Like
Liked
30:05
Patrick Stewart, Colorama, Strelastealer, CVSS scores, CHUDS, Josh Marpet, and more, on this Edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-372
…
continue reading
1
Apps Gone Wild: Re-thinking App and Identity Security for SaaS - Guy Guzner - BSW #343
1:03:21
1:03:21
Play later
Play later
Lists
Like
Liked
1:03:21
With hundreds or thousands of SaaS apps to secure with no traditional perimeter, Identity becomes the focal point for SaaS Security in the modern enterprise. Yet with Shadow IT, now recast as Business-Led IT, quickly becoming normal practice, it’s more complicated than trying to centralize all identities with an Identity Provider (IdP) for Single S…
…
continue reading
1
MacVoices #24089: MVL - A Personal Hacking Story
19:10
19:10
Play later
Play later
Lists
Like
Liked
19:10
Chuck Joiner, Brian Flanigan-Arthurs, Eric Bolden, Marty Jencius, and Jim Rea discuss the hacking of a panel member’s Instagram account, along with what appeared to be an attack on his Facebook account. They discuss scams, other personal experiences with compromises, and a couple information pieces that caught their attention. This edition of MacVo…
…
continue reading