…
continue reading
For the latest in computer security news, hacking, and research! We sit around, drink beer, and talk security. Our show will feature technical segments that show you how to use the latest tools and techniques. Special guests appear on the show to enlighten us and change your perspective on information security. Note: This is only Paul's Security Weekly, a 2-hour show recorded once per week.
…
continue reading
1
AI in Cyber & Addressing Analyst Burnout - Kayla Williams - PSW #844
2:59:14
2:59:14
Play later
Play later
Lists
Like
Liked
2:59:14
This week in the security news, Dr. Doug and Larry explore various technological advancements and their implications with a healthy dose of nostalgia, particularly focusing on health monitoring through Wi-Fi signals, the misconceptions surrounding 5G connectivity, the importance of understanding internet speed needs, and the cybersecurity threats f…
…
continue reading
1
Exploding Pagers - Tod Beardsley - PSW #843
2:53:37
2:53:37
Play later
Play later
Lists
Like
Liked
2:53:37
Apple drops a lawsuit to avoid exposing secrets, what does it mean for the security industry if MS locks down the kernel?, exploding pagers, more things from the past: Adobe Flash exploits, robots get rid of your data, PKFail is still a thing, Android TV malware is back: now with conspiracy theories, DMA attacks, gamers are not nation-state attacke…
…
continue reading
1
Recent Cyber Security Laws & Regulations - Lee Kim - PSW #842
3:04:37
3:04:37
Play later
Play later
Lists
Like
Liked
3:04:37
Lee comes on the show to discuss: EU CRA - https://en.wikipedia.org/wiki/CyberResilienceAct - its impact on bringing products to market and the challenges of enforcing such laws that require products to be "Secure" Recent legislation on disputes for federal agency fines - Chevron deference rule - supreme court decision, uncertainty, more or less cl…
…
continue reading
1
Hacker Heroes - Mark Loveless - PSW Vault
1:32:39
1:32:39
Play later
Play later
Lists
Like
Liked
1:32:39
Exploring the Hacking Landscape with Mark Loveless, AKA SimpleNomad Dive into the intricate world of cybersecurity with our featured guest, Mark Loveless, widely known by his handle SimpleNomad. With a rich history in the realm of information security, Mark is a seasoned professional, researcher, and thought leader. Mark's journey spans decades, ma…
…
continue reading
1
Building AI BOMs - Helen Oakley - PSW #841
3:01:47
3:01:47
Play later
Play later
Lists
Like
Liked
3:01:47
Larry and Helen walk us through the AI supply chain landscape. Learn what goes into building and using AI models and the dangers that could lurk within. Segment Resources: Community efforts on AIBOM topic: https://github.com/aibom-squad This week: I want all the firmware, its not just TP-Link, CVEs for malware, BLE and your health, faking your own …
…
continue reading
1
How do we patch the right things? - Josh Bressers - PSW #840
2:58:57
2:58:57
Play later
Play later
Lists
Like
Liked
2:58:57
Every week here on the show we talk about vulnerabilities and exploits. Typically we recommend that organizations remediate these vulnerabilities in some way. But how? And more importantly, which ones? Some tools we have to help us are actually not all that helpful at time, such as: Mitre Att&ck - Don't get me wrong, this is a great project and Ada…
…
continue reading
1
Cybersecurity Myths - Eugene Spafford - PSW #839
3:08:31
3:08:31
Play later
Play later
Lists
Like
Liked
3:08:31
Early on in his career Spaf was working with microcode and continued to work on technical projects. As time went on he realized that focusing on the non-technical work, such as policies and shaping our thinking, would help move the needle. Borrowing concepts from his book on the subject, we will delve into some cybersecurity myths such as: Are user…
…
continue reading
1
Downgrades and Attacking Security Things & Things Not to Miss at BH/DC - Trent Lo - PSW #838
3:07:57
3:07:57
Play later
Play later
Lists
Like
Liked
3:07:57
This week, Downgrade attacks, bootloader fun, check your firmware before you wreck your firmware, you've got mail server issues, Ivanti is the new Rhianna, you should update your BIOS, Openwrt dominates, and attacking the security tools for fun and profit! Learn what is most interesting at hacker summer camp this year! Visit https://www.securitywee…
…
continue reading
1
PK Fail - John Loucaides - PSW #837
3:22:11
3:22:11
Play later
Play later
Lists
Like
Liked
3:22:11
John is one of the foremost experts in UEFI and joins us to talk about PK Fail! What happens when a vendor in the supply chain accidentally loses a key? It's one of the things that keeps me up at night. Well, now my nightmare scenario has come true as a key has been leaked. Learn how and why and what you can do about it in this segment! Hacking tra…
…
continue reading
1
MS Patch Tuesday: Which Vulnerabilities Really Need Prioritizing. - Douglas McKee - PSW #836
3:04:36
3:04:36
Play later
Play later
Lists
Like
Liked
3:04:36
Doug and the Security Weekly crew talk about vulnerabilities, are we patching the right things? This is the burning question. We will try to answer it. Segment Resources: https://blog.sonicwall.com/en-us/2024/04/patch-tuesday-which-vulnerabilities-really-need-prioritizing/ Segment description coming soon!The Crowdstrike incident: what happened and …
…
continue reading
1
3D Printing For Hackers - David Johnson - PSW #835
3:01:58
3:01:58
Play later
Play later
Lists
Like
Liked
3:01:58
Thinking about getting a 3D printer or have one and need a good primer? Check out this segment, we live 3D print a Captain Crunch whistle and talk all about 3D printing for hackers! Segment Resources: Slides used in this segment: https://files.scmagazine.com/wp-content/uploads/2024/07/3D-Printing-for-Hackers.pdf Major 3D Printer Websites: https://v…
…
continue reading
1
RFID hacking & More Vulnerability Shenanigans - Iceman - PSW #834
3:30:33
3:30:33
Play later
Play later
Lists
Like
Liked
3:30:33
Bats in your headset, Windows Wifi driver vulnerabilities, Logitech's dongles, lighthttpd is heavy with vulnerabilities, node-ip's not vulnerability, New Intel CPU non-attacks, Blast Radius, Flipper Zero alternatives, will OpenSSH be exploited, emergency Juniper patches, and the D-Link botnet grows. Iceman comes on the show to talk about RFID and N…
…
continue reading
1
Hacker Heroes - Joe Grand - PSW Vault
1:43:58
1:43:58
Play later
Play later
Lists
Like
Liked
1:43:58
Exploring the Hardware Hacking Realm with Joe Grand, AKA Kingpin Joe Grand, also known by his hacker pseudonym "Kingpin," stands as a prominent figure in the cybersecurity landscape. With an extensive background in hardware hacking, reverse engineering, and embedded systems, Joe has carved a niche for himself as a respected authority in the field. …
…
continue reading
1
Do We Need Penetration Testing and Vulnerability Scanning? - Josh Bressers, Adrian Sanabria - PSW #833
2:51:52
2:51:52
Play later
Play later
Lists
Like
Liked
2:51:52
This may be controversial, however, we've been privately discussing how organizations benefit from penetration testing and vulnerability scanning. Do you still need these services as a critical part of your security program? Can't you just patch stuff that is missing patches? Tune in for a lively debate! Zyxl NAS devices are under attack and the ex…
…
continue reading
1
Hacker Heroes - Dave Aitel - PSW Vault
1:29:24
1:29:24
Play later
Play later
Lists
Like
Liked
1:29:24
Exploring the Strategic Minds in Cybersecurity: A Conversation with Dave Aitel Welcome to an enlightening episode of our podcast, where we sit down with Dave Aitel, a prominent figure in the cybersecurity landscape. With a robust background in offensive security and an extensive career spanning various facets of the industry, Dave brings a wealth o…
…
continue reading
1
GenAI, Security, and More Lies - Aubrey King - PSW #832
2:54:18
2:54:18
Play later
Play later
Lists
Like
Liked
2:54:18
We will discuss LLM security in general and some of the issues covered in the OWASP Top 10 for LLMs! Segment Resources: https://genai.owasp.org/ Skyrocketing IoT vulnerabilities, bricked computers?, MACBORG!, raw dogging source code, PHP strikes again and again, if you have a Netgear WNR614 replace it now, Arm Mali, new OpenSSH feature, weird headp…
…
continue reading
1
Whose Vulnerability Is It Anyway? - Josh Bressers - PSW #831
2:43:47
2:43:47
Play later
Play later
Lists
Like
Liked
2:43:47
Josh comes on the show to discuss all things related to vulnerability tracking and scoring, including the current issues with various systems and organizations including NIST, CVE, Mitre, CVSS, NVD, and more! Segment Resources: NVD blog post Josh wrote: https://anchore.com/blog/navigating-the-nvd-quagmire/ Josh's Latest post: https://opensourcesecu…
…
continue reading
1
Hacker Heroes - Josh Corman - PSW Vault
1:10:35
1:10:35
Play later
Play later
Lists
Like
Liked
1:10:35
Making The World A More Secure Place: Joshua Corman's Journey and Insights Welcome to an insightful podcast episode featuring Joshua Corman, a prominent figure in the realm of cybersecurity. With a wealth of experience and a keen understanding of the evolving threat landscape, Joshua has established himself as a thought leader and influencer in the…
…
continue reading
1
Pen Testing As A Service - Seemant Sehgal - PSW #830
2:52:21
2:52:21
Play later
Play later
Lists
Like
Liked
2:52:21
The Security Weekly crew and special guest Seemant Sehgal explore what PTaaS involves, how it differs from traditional penetration testing, and why it's becoming a crucial service for companies of all sizes to protect their digital assets. We'll discuss the how PTaaS is using the latest technologies (e.g machine learning), the benefits of having a …
…
continue reading
1
The Impacts Of Cryptocurrency - Nicholas Weaver - PSW #829
3:12:50
3:12:50
Play later
Play later
Lists
Like
Liked
3:12:50
Has cryptocurrency done more harm than good? Our guest for this segment has some interesting views on its impacts! Vulnrichment (I just like saying that word), Trustworthy Computing Memo V2, SSID confusion, the Flipper Zero accessory for Dads, the state of exploitation, Hackbat, Raspberry PI Connect, leaking VPNs, exploiting faster?, a new Outlook …
…
continue reading
1
Corporate Ransomware Deep Dive - Jeremiah Grossman, Mikko Hypponen - PSW #828
1:56:15
1:56:15
Play later
Play later
Lists
Like
Liked
1:56:15
In this RSAC 2024 South Stage Keynote, Mikko Hyppönen will look back at the past decade of ransomware evolution and explore how newer innovations, like AI, are shaping its future. Illuminating the Cybersecurity Path: A Conversation with Jeremiah Grossman Join us for a compelling episode featuring Jeremiah Grossman, a prominent figure in the cyberse…
…
continue reading
The Security Weekly crew discusses some of the latest articles and research in cryptography and some background relevant subtopics including the race against quantum computing, key management, creating your own crypto, selecting the right crypto and more! https://www.globalsecuritymag.com/keysight-introduces-testing-capabilities-to-strengthen-post-…
…
continue reading
1
Advising The President On Cyber-Physical Resilience - Philip Venables - PSW #826
2:50:30
2:50:30
Play later
Play later
Lists
Like
Liked
2:50:30
On February 27, 2024, PCAST (President’s Council of Advisors on Science and Technology) sent a report to the President with recommendations to bolster the resilience and adaptability of the nation’s cyber-physical infrastructure resources. Phil was part of the team that worked on the report and comes on the show to talk about what was recommended a…
…
continue reading
1
PCI 4.0 - Winn Schwartau - PSW #825
2:07:44
2:07:44
Play later
Play later
Lists
Like
Liked
2:07:44
Version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS) puts greater emphasis on application security than did previous versions of the standard. It also adds a new “customized approach” option that allows merchants and other entities to come up with their own ways to comply with requirements, and which also has implications for a…
…
continue reading
1
Digging Into Supply Chain Security - James McMurry - PSW #824
3:00:28
3:00:28
Play later
Play later
Lists
Like
Liked
3:00:28
Jim joins the Security Weekly crew to discuss all things supply chain! Given the recent events with XZ we still have many topics to explore, especially when it comes to practical advice surrounding supply chain threats. Ahoi new VM attacks ahead! HTTP/2 floods, USB Hid and run, forwarded email tricks, attackers be scanning, a bunch of nerds write s…
…
continue reading
1
XZ - Backdoors and The Fragile Supply Chain - PSW #823
2:52:20
2:52:20
Play later
Play later
Lists
Like
Liked
2:52:20
As most of you have probably heard there was a scary supply chain attack against the open source compression software called "xz". The security weekly hosts will break down all the details and provide valuable insights. https://blog.qualys.com/vulnerabilities-threat-research/2024/03/29/xz-utils-sshd-backdoor https://gynvael.coldwind.pl/?id=782 http…
…
continue reading
1
Are we winning? - Jason Healey - PSW #822
3:00:55
3:00:55
Play later
Play later
Lists
Like
Liked
3:00:55
Jason Healey comes on the show to discuss new ideas on whether the new national cybersecurity strategy is working. Segment Resources: DEFRAG Hacker Film Festival short documentary (https://youtu.be/NYvHWcQsIRE) on hackers and their favorite films. For educational purposes only, as we don’t have the rights to the clips. YouTube link to Wargames even…
…
continue reading
1
Securing All The Things - Josh Corman - PSW #821
3:08:27
3:08:27
Play later
Play later
Lists
Like
Liked
3:08:27
Josh Corman joins us to explore how we can make things more secure, making companies make things more secure, and making regulations that make us make things more secure! We will also touch on supply chain security and the state of vulnerability tracking and scoring. We discuss the always controversial Flipper Zero devices the hidden risks in the u…
…
continue reading
1
Memory Safety, Re-Writing Software, and OSS Supply Chains - Omkhar Arasaratnam - PSW #820
2:48:36
2:48:36
Play later
Play later
Lists
Like
Liked
2:48:36
Omkhar Arasaratnam is the General Manager of the Open Source Software Foundation (OpenSSF) and appears on the show to discuss memory safety, why re-writing software isn't always the best option, open-source software supply chains, and more! Segment Resources: https://openssf.org/blog/2024/02/26/openssf-supports-efforts-to-build-more-secure-and-meas…
…
continue reading
1
Facing the Reality of Risk Prioritization - Bianca Lewis (BiaSciLab), Dan DeCloss - PSW #819
3:05:15
3:05:15
Play later
Play later
Lists
Like
Liked
3:05:15
Public information about exploits and vulnerabilities alone is not enough to inform prioritization, especially with the growing rate and variety of CVEs. Dan DeCloss, founder and CTO of PlexTrac, joins the show to discuss solving the challenges of risk prioritization to drive faster, more strategic assessment cycles. Spoiler: The key is adding cont…
…
continue reading
1
Social Engineering: AI & Living Off The Land - Jayson E. Street - PSW #818
2:53:31
2:53:31
Play later
Play later
Lists
Like
Liked
2:53:31
Jayson joins us to discuss how he is using, and social engineering, AI to help with his security engagements. We also talk about the low-tech tools he employs to get the job done, some tech tools that are in play, and the most important part of any security testing: Talking to people, creating awareness, and great reporting. The latest attacks agai…
…
continue reading
1
Illuminating Cybersecurity Wisdom: Insights from a Thought Leader - Wendy Nather - PSW Vault
1:05:54
1:05:54
Play later
Play later
Lists
Like
Liked
1:05:54
Join us in this illuminating podcast episode as we sit down with Wendy Nather, a distinguished thought leader and cybersecurity strategist, who has left an indelible mark on the ever-evolving landscape of digital security. Wendy's journey in cybersecurity is a narrative woven with expertise, innovation, and a deep understanding of the intersection …
…
continue reading
1
Physical Security and Social Engineering - Hacker Heroes: Toby Miller - PSW #817
2:03:07
2:03:07
Play later
Play later
Lists
Like
Liked
2:03:07
In this segment, we discuss topics related to physical security and social engineering. We also touch on the challenges and strategies for implementing effective security measures. The discussion highlights the importance of understanding the relationship between physical security and social engineering. The panel emphasizes the need for a comprehe…
…
continue reading
1
You Can’t Defend What You Can’t Define - Sergey Bratus - PSW #816
3:01:54
3:01:54
Play later
Play later
Lists
Like
Liked
3:01:54
As a computer-smitten middle-schooler in the former Soviet Union in the 1970s, to his current and prominent role in the cybersecurity research community, Bratus aims to render the increasingly prevalent and perilous software, hardware, and networks in our lives much safer to use. His fascination with computer security started for real in the 1990s …
…
continue reading
1
Identifying Bad By Defining Good - Danny Jenkins - PSW #815
2:57:21
2:57:21
Play later
Play later
Lists
Like
Liked
2:57:21
When an RCE really isn’t, your kernel is vulnerable, calling all Windows 3.11 experts, back to Ebay, Turkish websites and credentials, 10 public exploits for the same vulnerability, hacking Bitcoin ATMs, another vulnerability disclosure timeline gone wrong, Flipper Zero tips and how you should not use it to change traffic lights, Windows 11 S mode,…
…
continue reading
1
What Smart CISOs and Mature Orgs Get That Others Don’t About Cyber Compliance - Matt Coose - PSW #814
3:15:35
3:15:35
Play later
Play later
Lists
Like
Liked
3:15:35
Matt Coose is the founder and CEO of cybersecurity compliance firm Qmulos, previously the director of Federal Network Security for the National Cyber Security Division of the (DHS). CISOs carry the ultimate burden and weight of compliance and reporting and are often the last buck. Says Coose, best-of-breed is better described as best-to-bleed-the-b…
…
continue reading
1
K-12 Cybersecurity - Brian Stephens - PSW #813
2:51:29
2:51:29
Play later
Play later
Lists
Like
Liked
2:51:29
With a recent increase in government attention on K–12 cybersecurity, there is a pressing need to shed light on the challenges school districts face in implementing necessary security measures. Why? Budgeting constraints pose significant obstacles in meeting recommended cybersecurity standards. Brian Stephens of Funds For Learning will discuss: The…
…
continue reading
1
The Evolution of Purple Teaming - Jared Atkinson - PSW #812
2:52:33
2:52:33
Play later
Play later
Lists
Like
Liked
2:52:33
Jared would like to discuss the evolution of purple teaming. Put bluntly, he believes traditional purple team approaches don’t test enough variations of attack techniques, delivering a false sense of detection coverage. He would like to talk about: The shortcomings of red team assessments and why most purple team assessments are too limited. How th…
…
continue reading
1
Hacker Heroes - Casey Ellis - PSW Vault
1:15:40
1:15:40
Play later
Play later
Lists
Like
Liked
1:15:40
Unleashing the Power of Crowdsourced Cybersecurity: A Conversation with Casey Ellis, Founder of Bugcrowd ️Meet Casey Ellis, the visionary entrepreneur who has redefined the landscape of cybersecurity through the groundbreaking platform he built – Bugcrowd. As the Founder and Chief Technology Officer of Bugcrowd, Casey Ellis has not only revolutioni…
…
continue reading
1
Interview with Dr. Whitfield Diffie - PSW Vault
43:52
43:52
Play later
Play later
Lists
Like
Liked
43:52
Dr. Diffie is a pioneer of public-key cryptography and was VP of Information Security and Cryptography at ICANN. He is author of "Privacy on the Line: The Politics of Wiretapping and Encryption". Visit https://www.securityweekly.com/psw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: ht…
…
continue reading
1
Supply Chain & Firmware Security - Xeno Kovah - PSW #811
1:52:15
1:52:15
Play later
Play later
Lists
Like
Liked
1:52:15
AI generated description fun: "As the glasses are filled and the mood lightens, our veteran guests, each with a legendary tale or two tucked under their virtual belts, embark on a journey through the complex landscape of supply chain security. These old dogs share war stories, anecdotes, and hard-earned wisdom about the evolving challenges and thre…
…
continue reading
1
Embracing AI - Alex Sharpe - PSW #810
2:56:55
2:56:55
Play later
Play later
Lists
Like
Liked
2:56:55
Mr. Sharpe is a long-time (+30 years) Cybersecurity, Governance, and Digital Transformation expert with real-world operational experience. Mr. Sharpe has run business units and has influenced national policy. He has spent much of his career helping corporations and government agencies create value while mitigating cyber risk. This gives him a pragm…
…
continue reading
1
Holiday Extravaganza - Supply Chain, Hardware Hacking, Vulnerabilities, News - PSW #809
3:07:27
3:07:27
Play later
Play later
Lists
Like
Liked
3:07:27
Join the Security Weekly crew in a riveting podcast episode where they delve into the fascinating realm of hardware hacking. Picture a dimly lit room resonating with the nostalgic hum of vintage computers, as our hosts explore the latest techniques using hardware, software, and firmware. Whether you're attempting to hack a specific device or crafti…
…
continue reading
1
AI & LLMs - Josh More, Matthew Carpenter - PSW #808
2:58:31
2:58:31
Play later
Play later
Lists
Like
Liked
2:58:31
What will the future bring with respect to AI and LLMs? Josh has spent some time thinking about this and brings us some great resources. We'll discuss how to get students involved with AI in a safe and ethical manner. How can we use AI to teach people about cybersecurity? What tools are available and where do they fit into our educational systems t…
…
continue reading
1
Interview with Brian Snow - PSW Vault
1:01:04
1:01:04
Play later
Play later
Lists
Like
Liked
1:01:04
Brian Snow spent his first 20 years at NSA doing and directing research that developed cryptographic components and secure systems. Many cryptographic systems serving the U.S. government and military use his algorithms; they provide capabilities not previously available and span a range from nuclear command and control to tactical radios for the ba…
…
continue reading
1
3 Layers of App Security to Keep Hackers Out, Let Customers In - Aviad Mizrachi - PSW #807
2:50:50
2:50:50
Play later
Play later
Lists
Like
Liked
2:50:50
Attackers pursue the shortest path to achieve their goals in your app. With a tri-layered security architecture, you can force hackers to crawl through a triathlon in your app. What’s in the three layers, to detect attacks sooner, slow attackers down, and stop them fast? Let’s take a journey across the three layers and discuss how to gain control o…
…
continue reading
1
Testing AI Before It Comes To Get You - Austin Carson - PSW #806
2:57:07
2:57:07
Play later
Play later
Lists
Like
Liked
2:57:07
Austin spends the majority of his time thinking about ways to abuse LLMs, the impact of the attacks, and the effects on society. He brings a truly unique perspective to the way to use, attack, and verify output from AI LLM models. Whether you are just learning the ins and outs of LLMs or you were an early adopter, this segment is for you! In the se…
…
continue reading
1
Trustworthy AI for National Security - Kathleen Fisher - PSW #805
3:06:09
3:06:09
Play later
Play later
Lists
Like
Liked
3:06:09
AI/ML is providing significant benefits in a wide range of application domains but also provides adversaries with a new attack surface. Learn about DARPA's efforts to help evaluate AI/ML and work towards a trust model that will allow us to use these valuable tools safely. Segment Resources: Identifying and Mitigating the Security Risks of Generativ…
…
continue reading
1
VSCode Vulnerabilities - Thomas Chauchefoin, Paul Gerste - PSW #804
2:57:53
2:57:53
Play later
Play later
Lists
Like
Liked
2:57:53
For the Security News, we officially welcome Bill Swearingen to our expert panel of PSW hosts, and discuss the news including hacking shenanigans, QNAP, recovering crypto currency, Android malware, and more! Then in a pre-recorded segment: Sonar Vulnerability Researchers Thomas Chauchefoin and Paul Gerste conducted research on the security of Visua…
…
continue reading
1
Meet the Cyber Mercenary Who Can Overthrow a Government - Chris Rock - PSW #803
2:47:53
2:47:53
Play later
Play later
Lists
Like
Liked
2:47:53
Chris Rock is a Cyber Mercenary who has worked in the Middle East, US and Asia for the last 30 years working for both government and private organizations. ˇHe is the Chief Information Security Officer and co-founder of SIEMonster. Chris has presented three times at the largest hacking conference in the world, DEFCON in Las Vegas on controversial v…
…
continue reading