Threats, Beers, and No Silver Bullets. Listen to Talos security experts as they bring their hot takes on current security topics and Talos research to the table. Along the way, Mitch, Matt and a rotating chair of special guests will talk about anything (and we mean anything) that's on their minds, from the latest YouTube trends to Olympic curling etiquette. New episodes every other Thursday.
…
continue reading
…
continue reading
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
…
continue reading
A weekly podcast of all things application security related. Hosted by Ken Johnson and Seth Law.
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
If you're looking for a bunch of us security nerds to get together and talk shop, then Paul’s Security Weekly is for you. This show features interviews with folks in the security community; technical segments, which are just that, very technical; and security news, which is an open discussion forum for the hosts to express their opinions about the latest security headlines, breaches, new exploits and vulnerabilities, “not” politics, “cyber” policies and more. The topics vary greatly and the ...
…
continue reading
Are you seeking to live a delicious & expressive life? To trust in the wisdom of your body by awakening & connecting to the delights of your life force & potential? The Sensuality Empowerment Show is dedicated to empowering people to move away from their vulnerability, shame AND teach people to ignite self expression, embody self love and own your magic!! Sharon interviews inspiring local and global leaders, subject matter experts in their field, to bring awareness & great insight or discuss ...
…
continue reading
Seth and Ken return with analysis of recent research that shows LLMs exploiting known CVEs. And no, it's not completely autonomous yet. This is followed by a breakdown of DataDog's State of DevSecOps article, backing up our gut feel of current industry needs and failures.
…
continue reading
1
Crypto, Bluetooth Vulns, Unsafe Locks - PSW #822
1:55:35
1:55:35
Play later
Play later
Lists
Like
Liked
1:55:35
The PSW crew discusses some crypto topics, such as post-quantum and GoFetch, new Flipper Zero projects, RFID hacking and hotel locks, BlueDucky, side channel attacks and more! Show Notes: https://securityweekly.com/psw-822
…
continue reading
1
How GenAI Can Improve SecOps - Ely Kahn - ESW #359
30:18
30:18
Play later
Play later
Lists
Like
Liked
30:18
We've talked about generative AI in a general sense on our podcast for years, but we haven't done many deep dives into specific security use cases. That ends with this interview, as we discuss how generative AI can improve SecOps with Ely Kahn. Some of the use cases are obvious, while others were a complete surprise to me. Check out this episode if…
…
continue reading
This week the crew discusses: When TVs scan your network, bad things can happen, PuTTY is vulnerable, Crush FTP, vulnerabilities that will never be fixed, CVEs are for vulnerabilities silly, you can test for easily guessable passwords too, FlipperZero can steal all your passwords, more XZ style attacks, more reasons why you shouldn't use a smart lo…
…
continue reading
1
Autonomous - I don't think that word means what you think it means - ESW #359
43:35
43:35
Play later
Play later
Lists
Like
Liked
43:35
A clear pattern with startups getting funding this week are "autonomous" products and features. Automated detection engineering Autonomously map and predict malicious infrastructure ..."helps your workforce resolve their own security issues autonomously" automated remediation automated compliance management & reporting I'll believe it when I see it…
…
continue reading
This week the crew discusses: When TVs scan your network, bad things can happen, PuTTY is vulnerable, Crush FTP, vulnerabilities that will never be fixed, CVEs are for vulnerabilities silly, you can test for easily guessable passwords too, FlipperZero can steal all your passwords, more XZ style attacks, more reasons why you shouldn't use a smart lo…
…
continue reading
1
Advising The President On Cyber-Physical Resilience - Philip Venables - PSW #826
1:00:46
1:00:46
Play later
Play later
Lists
Like
Liked
1:00:46
On February 27, 2024, PCAST (President’s Council of Advisors on Science and Technology) sent a report to the President with recommendations to bolster the resilience and adaptability of the nation’s cyber-physical infrastructure resources. Phil was part of the team that worked on the report and comes on the show to talk about what was recommended a…
…
continue reading
1
Advising The President On Cyber-Physical Resilience - Philip Venables - PSW #826
1:00:46
1:00:46
Play later
Play later
Lists
Like
Liked
1:00:46
On February 27, 2024, PCAST (President’s Council of Advisors on Science and Technology) sent a report to the President with recommendations to bolster the resilience and adaptability of the nation’s cyber-physical infrastructure resources. Phil was part of the team that worked on the report and comes on the show to talk about what was recommended a…
…
continue reading
1
Special Edition: Chris Krebs, Alex Stamos and Patrick Gray
45:26
45:26
Play later
Play later
Lists
Like
Liked
45:26
In this special edition of the Risky Business podcast Patrick Gray chats with former Facebook CSO Alex Stamos and founding CISA director Chris Krebs about sovereignty and technology. China and Russia are doing their level best to yeet American tech from their supply chains – hardware, software and cloud services. They’ll be rebuilding these supply …
…
continue reading
1
Special Edition: Chris Krebs, Alex Stamos and Patrick Gray
45:26
45:26
Play later
Play later
Lists
Like
Liked
45:26
In this special edition of the Risky Business podcast Patrick Gray chats with former Facebook CSO Alex Stamos and founding CISA director Chris Krebs about sovereignty and technology. China and Russia are doing their level best to yeet American tech from their supply chains – hardware, software and cloud services. They’ll be rebuilding these supply …
…
continue reading
1
XZ & Open Source, PuTTY's Private Keys, LeakyCLI, LLMs Writing Exploits - ASW #282
38:28
38:28
Play later
Play later
Lists
Like
Liked
38:28
CISA chimes in on the XZ Utils backdoor, PuTTY's private keys and maintaining a secure design, LeakyCLI and maintaining secure secrets in CSPs, LLMs and exploit generation, and more! Show Notes: https://securityweekly.com/asw-282
…
continue reading
1
Robofly, CRUSHFTP, Github, Palo Alto, MITRE, Fancy Bear, Deepfakes, Aaran Leyland... - SWN #380
37:02
37:02
Play later
Play later
Lists
Like
Liked
37:02
Robofly, CRUSHFTP, Github, Palo Alto, MITRE, Fancy Bear, Deepfakes, Aaran Leyland, and more, on this Edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-380
…
continue reading
1
Sustainable Funding of Open Source Tools - Simon Bennetts, Mark Curphey - ASW #282
39:29
39:29
Play later
Play later
Lists
Like
Liked
39:29
How can open source projects find a funding model that works for them? What are the implications with different sources of funding? Simon Bennetts talks about his stewardship of Zed Attack Proxy and its journey from OWASP to OpenSSF to an Open Source Fellowship with Crash Override. Mark Curphy adds how his experience with OWASP and the appsec commu…
…
continue reading
1
Unraveling the "Materiality" Mystery: A CISO's Guide to SEC Compliance - Mike Lyborg - BSW #347
29:45
29:45
Play later
Play later
Lists
Like
Liked
29:45
The new SEC Cyber Security Rules require organizations to be ready to report cyber incidents. But what do you actually need to do? Mike Lyborg, Chief Information Security Officer at Swimlane, joins Business Security Weekly to discuss how to prepare. In this interview he'll discuss the key element of your preparation, including: Quantification Mater…
…
continue reading
1
What does DoD’s CMMC Requirement Mean for American Businesses - Edward Tuorinsky - BSW #347
35:07
35:07
Play later
Play later
Lists
Like
Liked
35:07
Since 2016, we been hearing about the impending impact of CMMC. But so far, it's only been words. That looks to be changing. Edward Tourinsky, Founder & Managing Principal at DTS, joins Business Security Weekly to discuss the coming impact of CMMC v3. Edward will cover: The background of CMMC Standardization of CMMC CMMC v3 changes and implementati…
…
continue reading
1
Win 95, LastPass, Kubernetes, Sandworm, Bloomtech, Frontier, 911, Aaran Leyland... - SWN #379
34:47
34:47
Play later
Play later
Lists
Like
Liked
34:47
Win 95, Cheat Lab, LastPass, Kubernetes, Sandworm, Bloomtech, Frontier, 911, Aaran Leyland, and More, on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-379
…
continue reading
1
Crazy money and crazy outcomes - cybersecurity acquisitions in all shapes and sizes - ESW #358
1:06:27
1:06:27
Play later
Play later
Lists
Like
Liked
1:06:27
This week, Adrian and Tyler discuss some crazy rumors - is it really possible that a cloud security startup valued at over $8 billion in November 2021 just got bought for $200 million??? Some healthy funding for Cyera and Cohesity ($300m and $150m, respectively) Onum, Alethea, Sprinto, Andesite AI, StrikeReady, YL-Backed Miggo, Nymiz, Salvador Tech…
…
continue reading
1
From Hackers to Streakers - How Counterintelligence Teams are Protecting the NFL - Joe McMann - ESW #358
41:09
41:09
Play later
Play later
Lists
Like
Liked
41:09
Protecting a normal enterprise environment is already difficult. What must it be like protecting a sports team? From the stadium to merch sales to protecting team strategies and even the players - securing an professional sports team and its brand is a cybersecurity challenge on a whole different level. In this interview, we'll talk to Joe McMann a…
…
continue reading
1
Hacker Heroes - Winn Schwartau - PSW #825
1:05:47
1:05:47
Play later
Play later
Lists
Like
Liked
1:05:47
Pioneering the Cyber Battlefield: A Deep Dive with Winn Schwartau, Cybersecurity Luminary Get ready for an extraordinary episode as we sit down with Winn Schwartau, a true pioneer and luminary in the world of cybersecurity. Winn's impact on the field is nothing short of legendary, and in this podcast interview, we uncover the profound insights and …
…
continue reading
1
Hacker Heroes - Winn Schwartau - PSW #825
1:05:47
1:05:47
Play later
Play later
Lists
Like
Liked
1:05:47
Pioneering the Cyber Battlefield: A Deep Dive with Winn Schwartau, Cybersecurity Luminary Get ready for an extraordinary episode as we sit down with Winn Schwartau, a true pioneer and luminary in the world of cybersecurity. Winn's impact on the field is nothing short of legendary, and in this podcast interview, we uncover the profound insights and …
…
continue reading
Version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS) puts greater emphasis on application security than did previous versions of the standard. It also adds a new “customized approach” option that allows merchants and other entities to come up with their own ways to comply with requirements, and which also has implications for a…
…
continue reading
Version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS) puts greater emphasis on application security than did previous versions of the standard. It also adds a new “customized approach” option that allows merchants and other entities to come up with their own ways to comply with requirements, and which also has implications for a…
…
continue reading
1
Risky Business #745 – Tales from the PANageddon
58:10
58:10
Play later
Play later
Lists
Like
Liked
58:10
On this week’s show Patrick and Adam discuss the week’s security news, including: Palo Alto’s firewalls have a ../ bad day Sisense’s bucket full of creds gets kicked over United Healthcare draws the ire of congress FISA 702 reauthorisation finally moves forward Apple warns about “mercenary exploitation” but what’s the India link? And much, much, mo…
…
continue reading
1
Risky Business #745 – Tales from the PANageddon
58:10
58:10
Play later
Play later
Lists
Like
Liked
58:10
On this week’s show Patrick and Adam discuss the week’s security news, including: Palo Alto’s firewalls have a ../ bad day Sisense’s bucket full of creds gets kicked over United Healthcare draws the ire of congress FISA 702 reauthorisation finally moves forward Apple warns about “mercenary exploitation” but what’s the India link? And much, much, mo…
…
continue reading
1
Arg Parsing in Rust, End of Life Hardware, CSRB & MS, Chrome’s V8 Sandbox - ASW #281
28:12
28:12
Play later
Play later
Lists
Like
Liked
28:12
A Rust advisory highlights the perils of parsing and problems of inconsistent approaches, D-Link (sort of) deals with end of life hardware, CSRB recommends practices and processes for Microsoft, Chrome’s V8 Sandbox increases defense, and more! Show Notes: https://securityweekly.com/asw-281
…
continue reading
1
Duo, Steganography, Roku, Palo Alto, Putty, Cerebral, IPOs, SanDisk, & Josh Marpet - SWN #378
33:39
33:39
Play later
Play later
Lists
Like
Liked
33:39
Duo, Steganography, Roku, Palo Alto, Putty, Cerebral, IPOs, SanDisk, Josh Marpet, and more, on this Edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-378
…
continue reading
**Video may be required**: this episode is focused on demonstrating uses of LLMs against various code. As such, listeners may want to watch the stream to see these uses rather than just listening. Also, Seth and Ken talk briefly at the beginning of the episode about a new tldr;sec project (thanks Clint!) called awesome secure defaults that lists ou…
…
continue reading
1
Demystifying Security Engineering Career Tracks - Karan Dwivedi - ASW #281
35:17
35:17
Play later
Play later
Lists
Like
Liked
35:17
There are as many paths into infosec as there are disciplines within infosec to specialize in. Karan Dwivedi talks about the recent book he and co-author Raaghav Srinivasan wrote about security engineering. There's an appealing future to security taking on engineering roles and creating solutions to problems that orgs face. We talk about the breadt…
…
continue reading