…
continue reading
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
…
continue reading
Threats, Beers, and No Silver Bullets. Listen to Talos security experts as they bring their hot takes on current security topics and Talos research to the table. Along the way, Mitch, Matt and a rotating chair of special guests will talk about anything (and we mean anything) that's on their minds, from the latest YouTube trends to Olympic curling etiquette. New episodes every other Thursday.
…
continue reading
The Application Security Weekly podcast delivers interviews and news from the worlds of AppSec, DevOps, DevSecOps, and all the other ways people find and fix software flaws. Join hosts Mike Shema, John Kinsella, and Akira Brand on a journey through modern security practices for apps, clouds, containers, and more.
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
In the ever-evolving world of cybersecurity, keeping updated on the latest developments is crucial. The Cybersecurity Digest is your curated source for the most recent cybersecurity updates. Our goal is to bring you a comprehensive roundup of news, ensuring you’re well-informed and ahead of the curve. Stay Informed to Stay Secure.
…
continue reading
Are you seeking to live a delicious & expressive life? To trust in the wisdom of your body by awakening & connecting to the delights of your life force & potential? The Sensuality Empowerment Show is dedicated to empowering people to move away from their vulnerability, shame AND teach people to ignite self expression, embody self love and own your magic!! Sharon interviews inspiring local and global leaders, subject matter experts in their field, to bring awareness & great insight or discuss ...
…
continue reading
A free podcast about cybersecurity, vulnerability management, and the CVE Program.
…
continue reading
Emagine the Future is a cybersecurity and technology podcast aimed to offer ambitious technology and national security professionals with actionable insights and unique stories from proven industry leaders. Each week, we release conversations with experts from the intelligence, defense, civilian, and private sectors where we discuss current events, career and skill development, technology and national security, and the future. Obtain the edge you need to stay current, to accelerate your deve ...
…
continue reading
1
Chrome Vulns, Cisco Catastrophes, and Ransomware Revelations: Your Friday Cybersecurity Digest
16:50
16:50
Play later
Play later
Lists
Like
Liked
16:50
Cybersecurity Digest for 19 July 2024: Today we discuss: Yet Another Chrome Vulnerability Dual Critical Cisco Vulnerabilities; Including A Max Severity Vulnerability Life360 Data Breach Ivanti EMM Vulnerability New Novel Email Vulnerabilites\ A Report on Fin7 SOC Radar’s Global Ransomware Report CISA Adds 3 new vulns to its KEV Articles Referenced …
…
continue reading
1
Polyfill Empties Trust, regreSSHion, CocoaPods Vulns & Secure Design, LLM Bughunters - ASW #290
34:30
34:30
Play later
Play later
Lists
Like
Liked
34:30
Polyfill loses trust after CDN misuse, an OpenSSH flaw reappears, how to talk about secure design from some old CocoaPods vulns, using LLMs to find bugs, Burp Proxy gets more investment, and more! Show Notes: https://securityweekly.com/asw-290
…
continue reading
1
Identity Security Posture Management - Dor Fledel - BSW #358
30:06
30:06
Play later
Play later
Lists
Like
Liked
30:06
Identity, the security threat that keeps on giving. For the 17th year in a row, identity is one of the top threats identified in the Verizon DBIR. Why? Dor Fledel, Senior Director of Product Management at Okta and Co-Founder of Spera, joins Business Security Weekly to discuss the challenges of identity and how to solve them. From numerous disparate…
…
continue reading
1
AI Ruining the Internet, Crowdstrike Post Mortem, Wiz Walks - ESW #369
53:01
53:01
Play later
Play later
Lists
Like
Liked
53:01
This week, on Enterprise Security Weekly, we've got: Identity Security gets more funding Wiz walks away BlackHat Announces Startup Spotlight Finalists Crowdstrike post mortem Simple Security Tricks are the Best Security Tricks Splitting the CISO role Web scraping for AI is out of control SEC vs Solarwinds Vaping the Internet Show Notes: https://sec…
…
continue reading
1
Can the latest wave of AI innovation deliver for security operations teams? - ESW #369
33:25
33:25
Play later
Play later
Lists
Like
Liked
33:25
Edward Wu thinks so! Understandably so, as his startup, Dropzone.ai is making a big bet on generative AI to change the face (and pace) of security operations. We'll talk about what has changed here, and I have so many questions: after many generations of AI/ML technology in security, is the current gen really that dramatically different? Dropzone i…
…
continue reading
1
Twitter, the DOJ, DarkSeoul, Fake Employees, PlugX, Stargazer Ghost, Aaran Leyland... - SWN #401
31:56
31:56
Play later
Play later
Lists
Like
Liked
31:56
Twitter Opt-In, the DOJ, DarkSeoul, Fake Employees, PlugX, Stargazer Ghost, Aaran Leyland, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-401
…
continue reading
1
Generative AI (as used by defenders AND attackers) will Drive SOC Evolution - Greg Notch - ESW #369
30:17
30:17
Play later
Play later
Lists
Like
Liked
30:17
The emergence of generative AI has caused us to rethink things on two fronts: how we consume threat detection data, as defenders how we need to shift our thinking and approaches to prepare for attackers' newfound GenAI capabilities But wait - is GenAI even useful for defenders or attackers? We'll dive deep into the state of AI as it pertains to sec…
…
continue reading
1
Phishing Scams for CrowdStrike Customers Continue, GitHub Vulnerabilities, and North Korea’s Ransomware Shift
25:07
25:07
Play later
Play later
Lists
Like
Liked
25:07
Cybersecurity Digest for 26 July 2024Today we discuss the following items:Notable NewsCrowdstrike Post Incident Report: Falcon Content Update Remediation and Guidance Hub | CrowdStrikeCrowdstrike Phishing Campaigns: Malicious Inauthentic Falcon Crash Reporter Installer Distributed to German Entity (crowdstrike.com)Malware Distributed Using Falcon S…
…
continue reading
1
Crowdstrike: The Aftermath - PSW #836
1:59:49
1:59:49
Play later
Play later
Lists
Like
Liked
1:59:49
Segment description coming soon!The Crowdstrike incident: what happened and what we can do better, people forget what 0-Day really means, shutting off the heat in January, honeypot evasion and non-functional exploits, what not to use to read eMMC, what if we don't patch DoS related vulnerabilities, a CVSS 10 deserves its own category, port shadow a…
…
continue reading
1
MS Patch Tuesday: Which Vulnerabilities Really Need Prioritizing - Douglas McKee - PSW #836
1:05:12
1:05:12
Play later
Play later
Lists
Like
Liked
1:05:12
Doug and the Security Weekly crew talk about vulnerabilities, are we patching the right things? This is the burning question. We will try to answer it. Segment Resources: https://blog.sonicwall.com/en-us/2024/04/patch-tuesday-which-vulnerabilities-really-need-prioritizing/ Show Notes: https://securityweekly.com/psw-836…
…
continue reading
1
Telegram EvilVideo, PlayRansomWare targets ESXi, and a North Korean Infiltration Attempt
19:23
19:23
Play later
Play later
Lists
Like
Liked
19:23
Cybersecurity Digest for 24 July 2024 Today we discuss the following items: Crowdstrike Stealer: Threat Actor Uses Fake Recovery Manual to Deliver Unidentified Stealer (crowdstrike.com) ESET’s EvilVideo Discovery Cursed tapes: Exploiting the EvilVideo vulnerability on Telegram for Android (welivesecurity.com) TrendMicro’s Playransomware Targeting E…
…
continue reading
1
SAPwned, Squarespace Domain Hijacks, AIs Fixing Code, Infosec Investments - ASW #292
28:57
28:57
Play later
Play later
Lists
Like
Liked
28:57
SAPwned demonstrates tenets of tenant isolation, a weak login flow puts Squarespace domains at risk, how AIs might (or might not) be useful for fixing code, getting buy-in for infosec investments, and more! Show Notes: https://securityweekly.com/asw-292
…
continue reading
1
Risky Business #756 -- Move fast and break everything
58:52
58:52
Play later
Play later
Lists
Like
Liked
58:52
The Risky Biz main show returns from a break to the traditional internet-melting mess that happens whenever Patrick Gray takes a holiday. Pat and Adam Boileau talk through the week’s security news, including: Oh Crowdstrike, no, oh no, honey, no AT&T stored call records on Snowflake and you’ll never guess what happened next Squarespace buys Google …
…
continue reading
1
Risky Business #756 -- Move fast and break everything
58:52
58:52
Play later
Play later
Lists
Like
Liked
58:52
The Risky Biz main show returns from a break to the traditional internet-melting mess that happens whenever Patrick Gray takes a holiday. Pat and Adam Boileau talk through the week’s security news, including: Oh Crowdstrike, no, oh no, honey, no AT&T stored call records on Snowflake and you’ll never guess what happened next Squarespace buys Google …
…
continue reading
1
SAPwned, Squarespace Domain Hijacks, AIs Fixing Code, Infosec Investments - ASW #292
28:57
28:57
Play later
Play later
Lists
Like
Liked
28:57
SAPwned demonstrates tenets of tenant isolation, a weak login flow puts Squarespace domains at risk, how AIs might (or might not) be useful for fixing code, getting buy-in for infosec investments, and more! Show Notes: https://securityweekly.com/asw-292
…
continue reading
1
Risk Management Insights: What CEOs and Boards Really Need - Jeff Recor - BSW #357
32:39
32:39
Play later
Play later
Lists
Like
Liked
32:39
Security is a risk management discipline. No one understand that more than Jeff Recor. Jeff has built risk management practices for Deloitte, Grant Thornton, and Accenture and has recently formed his own risk consulting practice. In this unscripted interview, Jeff will share his insights on the evolution of security as a risk management discipline,…
…
continue reading
1
Where Generative AI Can Actually Help Security (And Where It Doesn't) - Allie Mellen, Farshad Abasi - ASW #292
36:04
36:04
Play later
Play later
Lists
Like
Liked
36:04
Generative AI has produced impressive chatbots and content generation, but however fun or impressive those might be, they don't always translate to value for appsec. Allie brings some realistic expectations to how genAI is used by attackers and can be useful to defenders. Segment resources: https://www.forrester.com/blogs/generative-ai-will-not-ful…
…
continue reading
1
Where Generative AI Can Actually Help Security (And Where It Doesn't) - Allie Mellen, Farshad Abasi - ASW #292
36:04
36:04
Play later
Play later
Lists
Like
Liked
36:04
Generative AI has produced impressive chatbots and content generation, but however fun or impressive those might be, they don't always translate to value for appsec. Allie brings some realistic expectations to how genAI is used by attackers and can be useful to defenders. Segment resources: https://www.forrester.com/blogs/generative-ai-will-not-ful…
…
continue reading
1
Killer Robots, Crowdstrike, Southwest, Play, FrostyGoop, Josh Marpet and More - SWN #400
34:16
34:16
Play later
Play later
Lists
Like
Liked
34:16
Elon's Killer Robots, Crowdstrike and More Crowdstrike, Southwest, Play, FrostyGoop, Josh Marpet, and more, on this Edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-400
…
continue reading
1
Closing CISO-CEO Communication Gap Requires a Common Business Language - Sumedh Thakar - BSW #357
39:09
39:09
Play later
Play later
Lists
Like
Liked
39:09
Back in April, we covered a story on episode #348 titled "CISO-CEO communication gaps continue to undermine cybersecurity". In that article, Sumedh Thakar, the CEO at Qualys, stated "CISOs must translate technical risks into business impact for CEOs." But he didn't say how. So, we invited him on the show to explain. In this episode, Sumedh walks us…
…
continue reading
1
CrowdStrike Catastrophe, GTA6 Beta Scam, and FractalID Data Breach
15:51
15:51
Play later
Play later
Lists
Like
Liked
15:51
Cybersecurity Digest for 22 July 2024 Today we discuss the following items: Crowdstrike Issue: Falcon Content Update Remediation and Guidance Hub | CrowdStrike Helping our customers through the CrowdStrike outage - The Official Microsoft Blog New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints - Microsoft Community Hub Thre…
…
continue reading
1
Analyzing the CrowdStrike Incident and Its Ripple Effects - SWN #399
42:23
42:23
Play later
Play later
Lists
Like
Liked
42:23
In this episode of Security Weekly News, Dr. Doug White and Josh Marpet delve into the widespread impact of the recent CrowdStrike and Microsoft technical issue, which disrupted various industries, including airlines, DMVs, and hospitals. They discuss the interconnectedness of modern systems, the reliance on automatic updates, and the critical need…
…
continue reading
1
Rumored Wiz Deal Would be HISTORIC (if it happens), redefining shared responsibility - ESW #368
54:43
54:43
Play later
Play later
Lists
Like
Liked
54:43
In this week's enterprise security news, Google is rumored to be considering acquiring Wiz for $23 BILLION ThreatConnect acquires Polarity XBOW and Sola Security are interesting new companies we’ll discuss What does “shared responsibility” actually mean? Palo Alto probably isn’t going to buy your startup Snowflake-related breaches continue getting …
…
continue reading
1
What's wrong with the cybersecurity industry and what we can do about it - Richard Hollis - ESW #368
36:47
36:47
Play later
Play later
Lists
Like
Liked
36:47
On this segment, we're going to zoom all the way out to discuss one of my favorite topics: what's fundamentally wrong with this industry? I believe we're at an inflection point: security teams have budget, staff, and more sway at the board level than ever. The cybersecurity market is doing great - growing at an astonishing rate with cyber startups …
…
continue reading
1
Book Discussion: Jump-start Your SOC Analyst Career - Jarrett Rodrick, Tyler Wall - ESW #368
34:39
34:39
Play later
Play later
Lists
Like
Liked
34:39
Three years after we last discussed this book on episode #221, Jarrett Rodrick returns, joined by co-author Tyler Wall to discuss an update of the book. We talk opportunities and layoffs. Career paths and experience. Degrees, certifications, and home labs. We talk about who cybersecurity is the right field for, and the pros and cons of the industry…
…
continue reading
Find new flaws in UEFI using STASE, combining vulnerabilities to exploit Sonicwall Devices, remote BMC exploits, Netgear patches, and not a lot of information, 22 minutes before exploited, if the secrets were lost, we'd all be in screwed, Exim has not been replaced by something better and its vulnerable, CISA's red team reports, and attackers use d…
…
continue reading
1
3D Printing For Hackers - David Johnson - PSW #835
1:03:50
1:03:50
Play later
Play later
Lists
Like
Liked
1:03:50
Thinking about getting a 3D printer or have one and need a good primer? Check out this segment, we live 3D print a Captain Crunch whistle and talk all about 3D printing for hackers! Segment Resources: Slides used in this segment: https://files.scmagazine.com/wp-content/uploads/2024/07/3D-Printing-for-Hackers.pdf Major 3D Printer Websites: https://v…
…
continue reading
1
MuddyWater’s Cyber Onslaught, AT&T Pays, Trello Leak, and Sys01 Malvertising Campaign
15:16
15:16
Play later
Play later
Lists
Like
Liked
15:16
Cybersecurity Digest for 17 July 2024: Today we discuss: MuddyWater’s Latest Cyber Onslaught and a sneaky backdoor! AT&T Pays Hackers – Was it Worth it? An Update on RiteAid’s Data Breach SEXi Ransomware group rebrands…. Meet APT INC! mSpy Breach SYS01 Stealer Malware: Malvertising across Social Media 15 Million Trello Email Addresses Leaked Google…
…
continue reading
1
Risky Biz Soap Box: Mike Wiacek on lazy mode threat hunting
31:20
31:20
Play later
Play later
Lists
Like
Liked
31:20
This Soap Box edition of the show is with Mike Wiacek, the CEO and Founder of Stairwell. Stairwell is a platform that creates something similar to an NDR, but for file analysis instead of network traffic. The idea is you get a copy of every unique file in your environment to the Stairwell platform, via a file forwarding agent. You get an inventory …
…
continue reading
1
Risky Biz Soap Box: Mike Wiacek on lazy mode threat hunting
31:20
31:20
Play later
Play later
Lists
Like
Liked
31:20
This Soap Box edition of the show is with Mike Wiacek, the CEO and Founder of Stairwell. Stairwell is a platform that creates something similar to an NDR, but for file analysis instead of network traffic. The idea is you get a copy of every unique file in your environment to the Stairwell platform, via a file forwarding agent. You get an inventory …
…
continue reading