The Jacaranda FM News team is based in Gauteng – but covers local and international news of the day, providing the latest developments online and on-air. News bulletins run from 5am to 7pm weekdays, and from 7am to 6pm on weekends and public holidays. Tune into Jacaranda FM, or log on to www.jacarandafm.com, for the news you need to know.. now.
…
continue reading
Content provided by MySecurity Media. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by MySecurity Media or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Similar to Cyber Security Weekly Podcast
The economy and the markets are "under surveillance" as we cover the latest in finance, economics and investment. Listen to Jonathan Ferro, Lisa Abramowicz and Annmarie Hordern for the top interviews from Bloomberg Surveillance Television. And join Tom Keene and Paul Sweeney for the best conversations from Bloomberg Surveillance Radio. Watch Surveillance TV LIVE each mornings: http://bit.ly/3P7nstQ. Watch Surveillance Radio LIVE weekday mornings: http://bit.ly/3vTiACF.
…
continue reading
Bloomberg Daybreak delivers today's top stories, with context, in just 15 minutes. Get informed from Bloomberg's 2,700 journalists and analysts in 120 countries.
…
continue reading
A daily dose of irreverent, offbeat, and informative takes on business & tech news. Hosted by Jon Weigell, Juliet Bennett Rylah, Mark Dent, Ben Berkley, Sara Friedman and Rob Litterst from The Hustle.
…
continue reading
An independent podcast examining what the U.S. Congress is doing with our money and in our names. www.congressionaldish.com Follow @JenBriney on Twitter
…
continue reading
Welcome to Crimetown, a series produced by Marc Smerling and Zac Stuart-Pontier in partnership with Gimlet Media. Each season, we investigate the culture of crime in a different city. In Season 2, Crimetown heads to the heart of the Rust Belt: Detroit, Michigan. From its heyday as Motor City to its rebirth as the Brooklyn of the Midwest, Detroit’s history reflects a series of issues that strike at the heart of American identity: race, poverty, policing, loss of industry, the war on drugs, an ...
…
continue reading
An occasional series revisiting conversations and ideas from Reasons to be Cheerful (2017-2024), formerly hosted by ex-Labour Party leader Ed Miliband, and Sony Award-winning radio presenter Geoff Lloyd. Hosted on Acast. See acast.com/privacy for more information.
…
continue reading
Tempers fly as the newsmakers of the week face-off in this award-winning show. Anchored by Sanket Upadhyay, this weekly program has politicians battlling wits with a live audience.
…
continue reading
Join Larry Mantle weekdays for lively and in-depth discussions of Los Angeles and Southern California news, politics, science, entertainment, the arts and more. More AirTalk at www.kpcc.org.
…
continue reading
The day's biggest news dissected by the day's newsmakers. Diverse opinions from across the political spectrum. The show that makes you decide, are you the Left, Right or the Centre?
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
Episode 364 - Software supply chain risks
Manage episode 364663808 series 2494686
Content provided by MySecurity Media. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by MySecurity Media or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Jane Lo, Singapore Correspondent speaks with Yakir Kadkoda, Security Researcher and Ilay Goldman, Security Researcher with Aqua Security
Yakir Kadkoda combines his expertise in vulnerability research with a focus on discovering and analyzing new security threats and attack vectors in cloud native environments, supply chain security, and CI/CD processes. Prior to joining Aqua, Yakir worked as a red teamer.
Ilay Goldman specializes in discovering and analyzing novel security threats and attack vectors in cloud native environments, supply chain security, and CI/CD processes. Additionally, Ilay conducts research on open-source security and vulnerabilities. Prior to joining Aqua, he worked as a red teamer.
In this interview at Black Hat Asia, Yakir and Ilay explain the complexity of a modern software supply chain, and the dependency of a typical software development cycle on open-source code, and the wide array of tools and platforms.
They note that in this supply chain ecosystem, there are many vulnerable tools and platforms trusted by majority of developers.
To highlight some examples of these vulnerabilities, Yakir and Ilay divide the development flow of many organizations into different phases – Integrated Development Environments (IDEs), Source Code Managers (SCMs), Continuous Integration/ Development (CI/CD), Package management and more.
They point out, for instance, the potential of malicious IDE extensions that may be inadvertently trusted by developers, or how threat attackers could compromise accesses to package manager platforms to impersonate malicious packages.
They also share how they found tens of thousands of tokens of open source projects that have been leaked by CI/CD platforms, which could be exploited for lateral movement.
Wrapping up, they advise that software developers practice security-by-design – that whilst “security takes time”, fixing the problem later may incur even more costs and time.
Recorded 11th May 2023, 11am, Black Hat Asia 2023, Singapore Marina Bay Sands
#BHasia #mysecuritytv #supplychain #cybersecurity
50 episodes
Share
Manage episode 364663808 series 2494686
Content provided by MySecurity Media. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by MySecurity Media or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Jane Lo, Singapore Correspondent speaks with Yakir Kadkoda, Security Researcher and Ilay Goldman, Security Researcher with Aqua Security
Yakir Kadkoda combines his expertise in vulnerability research with a focus on discovering and analyzing new security threats and attack vectors in cloud native environments, supply chain security, and CI/CD processes. Prior to joining Aqua, Yakir worked as a red teamer.
Ilay Goldman specializes in discovering and analyzing novel security threats and attack vectors in cloud native environments, supply chain security, and CI/CD processes. Additionally, Ilay conducts research on open-source security and vulnerabilities. Prior to joining Aqua, he worked as a red teamer.
In this interview at Black Hat Asia, Yakir and Ilay explain the complexity of a modern software supply chain, and the dependency of a typical software development cycle on open-source code, and the wide array of tools and platforms.
They note that in this supply chain ecosystem, there are many vulnerable tools and platforms trusted by majority of developers.
To highlight some examples of these vulnerabilities, Yakir and Ilay divide the development flow of many organizations into different phases – Integrated Development Environments (IDEs), Source Code Managers (SCMs), Continuous Integration/ Development (CI/CD), Package management and more.
They point out, for instance, the potential of malicious IDE extensions that may be inadvertently trusted by developers, or how threat attackers could compromise accesses to package manager platforms to impersonate malicious packages.
They also share how they found tens of thousands of tokens of open source projects that have been leaked by CI/CD platforms, which could be exploited for lateral movement.
Wrapping up, they advise that software developers practice security-by-design – that whilst “security takes time”, fixing the problem later may incur even more costs and time.
Recorded 11th May 2023, 11am, Black Hat Asia 2023, Singapore Marina Bay Sands
#BHasia #mysecuritytv #supplychain #cybersecurity
50 episodes
All episodes
×
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Similar to Cyber Security Weekly Podcast
The Jacaranda FM News team is based in Gauteng – but covers local and international news of the day, providing the latest developments online and on-air. News bulletins run from 5am to 7pm weekdays, and from 7am to 6pm on weekends and public holidays. Tune into Jacaranda FM, or log on to www.jacarandafm.com, for the news you need to know.. now.
…
continue reading
The economy and the markets are "under surveillance" as we cover the latest in finance, economics and investment. Listen to Jonathan Ferro, Lisa Abramowicz and Annmarie Hordern for the top interviews from Bloomberg Surveillance Television. And join Tom Keene and Paul Sweeney for the best conversations from Bloomberg Surveillance Radio. Watch Surveillance TV LIVE each mornings: http://bit.ly/3P7nstQ. Watch Surveillance Radio LIVE weekday mornings: http://bit.ly/3vTiACF.
…
continue reading
Bloomberg Daybreak delivers today's top stories, with context, in just 15 minutes. Get informed from Bloomberg's 2,700 journalists and analysts in 120 countries.
…
continue reading
A daily dose of irreverent, offbeat, and informative takes on business & tech news. Hosted by Jon Weigell, Juliet Bennett Rylah, Mark Dent, Ben Berkley, Sara Friedman and Rob Litterst from The Hustle.
…
continue reading
An independent podcast examining what the U.S. Congress is doing with our money and in our names. www.congressionaldish.com Follow @JenBriney on Twitter
…
continue reading
Welcome to Crimetown, a series produced by Marc Smerling and Zac Stuart-Pontier in partnership with Gimlet Media. Each season, we investigate the culture of crime in a different city. In Season 2, Crimetown heads to the heart of the Rust Belt: Detroit, Michigan. From its heyday as Motor City to its rebirth as the Brooklyn of the Midwest, Detroit’s history reflects a series of issues that strike at the heart of American identity: race, poverty, policing, loss of industry, the war on drugs, an ...
…
continue reading
An occasional series revisiting conversations and ideas from Reasons to be Cheerful (2017-2024), formerly hosted by ex-Labour Party leader Ed Miliband, and Sony Award-winning radio presenter Geoff Lloyd. Hosted on Acast. See acast.com/privacy for more information.
…
continue reading
Tempers fly as the newsmakers of the week face-off in this award-winning show. Anchored by Sanket Upadhyay, this weekly program has politicians battlling wits with a live audience.
…
continue reading
Join Larry Mantle weekdays for lively and in-depth discussions of Los Angeles and Southern California news, politics, science, entertainment, the arts and more. More AirTalk at www.kpcc.org.
…
continue reading
The day's biggest news dissected by the day's newsmakers. Diverse opinions from across the political spectrum. The show that makes you decide, are you the Left, Right or the Centre?
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
