Player FM - Internet Radio Done Right
Checked 2d ago
اضافه شده در five سال پیش
محتوای ارائه شده توسط Security Weekly Productions. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط Security Weekly Productions یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
Player FM - برنامه پادکست
با برنامه Player FM !
با برنامه Player FM !
Dysentery, TP-Link, Piracy, Calendar Scams, Tencent, TikTok, Aaran Leyland and More.. - SWN #439
Manage episode 456707859 series 2591184
محتوای ارائه شده توسط Security Weekly Productions. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط Security Weekly Productions یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
Dysentery, TP-Link, Piracy, Calendar Scams, Tencent, TikTok, Aaran Leyland, and More, on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-439
3109 قسمت
Manage episode 456707859 series 2591184
محتوای ارائه شده توسط Security Weekly Productions. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط Security Weekly Productions یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
Dysentery, TP-Link, Piracy, Calendar Scams, Tencent, TikTok, Aaran Leyland, and More, on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-439
3109 قسمت
Todos los episodios
×1 Boards Stepping Up, as CISOs Build Stronger Bonds with Legal and Safeguard Leadership - BSW #378 36:18
In the leadership and communications segment, New Year, New Cyber Threats: How Boards Are Stepping Up (or Not), Why CISOs should build stronger bonds with the legal function in 2025, New Managers: You Don’t Need to Know It All, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-378…
1 Smishing, Beyond Trust, CryptoReligion, Aviatrix, Azure, Josh Marpet, and more... - SWN #442 39:15
Smishing, Beyond Trust, CryptoReligion, Aviatrix, Azure, Little Red Books, AI Abuse, Josh Marpet, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-442
1 Discussing Useful Security Requirements with Developers - Ixchel Ruiz - ASW #313 1:07:41
1:07:41
پخش در آینده
پخش در آینده
لیست ها
پسندیدن
دوست داشته شد
1:07:41There's a pernicious myth that developers don't care about security. In practice, they care about code quality. What developers don't care for is ambiguous requirements. Ixchel Ruiz shares her experience is discussing software designs, the challenges in prioritizing dev efforts, and how to help open source project maintainers with their issue backlog. Segment resources: https://github.com/ossf/scorecard https://www.commonhaus.org/ https://www.hackergarten.net/ Design lessons from PyPI's Quarantine capability, effective ways for appsec to approach phishing, why fishshell is moving to Rust component by component (and why that's a good thing!), what behaviors the Cyber Trust Mark might influence, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-313…
1 How threat-informed defense benefits each security team member - Frank Duff, Nathan Sportsman - ESW #389 2:00:38
2:00:38
پخش در آینده
پخش در آینده
لیست ها
پسندیدن
دوست داشته شد
2:00:38We're thrilled to have Frank Duff on to discuss threat-informed defense. As one of the MITRE folks that helped create MITRE ATT&CK and ATT&CK evaluations, Frank has been working on how best to define and communicate attack language for many years now. The company he founded, Tidal Cyber is in a unique position to both leverage what MITRE has built with ATT&CK and help enterprises operationalize it. Segment Resources: Tidal Cyber website Tidal Cyber Community Edition We're a fan of hacker lore and history here at Security Weekly. In fact, Paul's Security Weekly has interviewed some of the most notable (and notorious) personalities from both the business side of the industry and the hacker community. We're very excited to share this new effort to document hacker history through in-person interviews. The series is called "Where Warlocks Stay Up Late", and is the creation of Nathan Sportsman and other folks at Praetorian . The timing is crucial, as a lot of the original hackers and tech innovators are getting older, and we've already lost a few. References: Check out the Where the Warlocks Stay Up Late website and subscribe to get notified of each episode as it is released Check out the anthropological hacker map and relive your misspent youth! In this latest Enterprise Security Weekly episode, we explored some significant cybersecurity developments, starting with Veracode’s acquisition of Phylum, a company specializing in detecting malicious code in open-source libraries. The acquisition sparked speculation that it might be more about Veracode staying relevant in a rapidly evolving market rather than a strategic growth move, especially given the rising influence of AI-driven code analysis tools. We also covered One Password's acquisition of a UK-based shadow IT detection firm, raising interesting questions about their expansion into access management. Notably, the deal involved celebrity investors like Matthew McConaughey and Ashton Kutcher, suggesting a trend where Hollywood influence intersects with cybersecurity branding. A major highlight was the Cyber Haven breach, where a compromised Chrome extension update led to stolen credentials. The attack was executed through a phishing campaign disguised as a Google policy violation warning. To their credit, Cyber Haven responded swiftly, pulling the extension within two hours and maintaining transparency throughout. This incident underscored broader concerns around the poor security of browser extensions, an issue that continues to be exploited due to lax marketplace oversight. We also reflected on Corey Doctorow's concept of "Enshittification," critiquing platforms that prioritize profit and engagement metrics over genuine user experiences. His decision to disable vanity metrics resonated, especially considering how often engagement numbers are inflated in corporate settings. The episode wrapped with a thoughtful discussion on how CISOs can say "no" more effectively, emphasizing "yes, but" strategies and the importance of consistency. We also debated the usability frustrations of "magic links" for authentication, arguing that simpler alternatives like passkeys or multi-factor codes could offer a better balance between security and convenience. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-389…
1 Robot Dogs, Ivanti, SonicWall, Banshee, Telegram, Motorola, Aaran Leyland, and more. - SWN #441 39:03
Bad Cameras, Robot Dogs, Ivanti, SonicWall, Banshee, Telegram, Motorola, Aaran Leyland, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-441
1 Threat Actors With A Thousand Names - PSW #856 2:07:18
2:07:18
پخش در آینده
پخش در آینده
لیست ها
پسندیدن
دوست داشته شد
2:07:18DNA sequencer vulnerabilities, threat actor naming conventions, new CNAs and problems, backdoors are not secrets (again), The RP2350 is hacked!, they know where your car is, treasury department hacked, what if someone hacked license plate cameras? Tenable CEO passes away, and very awkwardly, a Nessus plugin update causes problems, who needs fact-checking anyhow (And how people steal stuff and put it on Facebook), when you are breached, make sure you tell the victims how to be more secure, Salt Typhoon - still no real details other than more people were hacked and they are using the word sanctions a lot, Bitlocker bypassed again, Siri recorded you, and Apple pays, and yes, you can't print on Tuesdays! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-856…
1 Organizations Must Adapt To Safeguard Data In Evolving Environments - Lamont Orange - BSW #377 57:45
Data is the fastest growing enterprise attack surface, and is projected to surpass 181 Zettabytes in 2025. Couple data growth with the growing demands of Artificial Intelligence, and the attack surface expands even more. How should organizations adapt their security programs to safeguard their data? Lamont Orange, Chief Information Security Officer at Cyera, joins Business Security Weekly to help you solve your biggest data security challenges. By starting with inventory and classification, data access review can help you answer your biggest data security questions, including: what data you have, where it's stored, who, or what, can access it, and which data risks exist. In the leadership and communications segment, The Business of Cybersecurity: The CISO’s Role in Alignment and Pervasive Governance, CISO Priorities for 2025: Budget Wisely, How Do I Position Myself to Influence Senior Leadership?, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-377…
1 Ättestupa, Moxa, Typhoons, WordPress, Likert Scales, Algol, Josh Marpet, and more... - SWN #440 29:11
Ättestupa, Moxa, Typhoons, WordPress, Likert Scales, Algol, Josh Marpet, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-440
1 DefectDojo and Bringing Quality Appsec Tools to Small Appsec Teams - Greg Anderson - ASW #312 1:07:10
1:07:10
پخش در آینده
پخش در آینده
لیست ها
پسندیدن
دوست داشته شد
1:07:10All appsec teams need quality tools and all developers benefit from appsec guidance that's focused on meaningful results. Greg Anderson shares his experience in bringing the OWASP DefectDojo project to life and maintaining its value for over a decade. He reminds us that there are tons of appsec teams with low budgets and few members that need tools to help them bring useful insights to developers. Segment Resources: https://owasp.org/www-project-defectdojo/ Three-quarters of CISOs surveyed reported being "overwhelmed" by the growing number of tools and their alerts: https://www.darkreading.com/cloud-security/cisos-throwing-cash-tools-detect-breaches As many as one-fifth of all cybersecurity alerts turn out to be false positives. Among 800 IT professionals surveyed, just under half of them stated that approximately 40% of the alerts they receive are false positives: https://www.securitymagazine.com/articles/97260-one-fifth-of-cybersecurity-alerts-are-false-positives 91% of organizations knowingly released vulnerable applications, 57% of vulnerabilities are left unresolved by developers, 32% of CISOs deploy vulnerable code in the hopes it won’t be discovered, 56% of developers struggle to prioritize vulnerability fixes: https://info.checkmarx.com/future-of-application-security-2024 Curl removes a Rust backend, double clickjacking revives an old vuln, a new tool for working with HTTP/3, a brief reminder to verify JWT signatures, design lessons from recursion, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-312…
Rob Allen and Doug talk about Endpoint security and how important it is to secure your endpoints going into the new year. Show Notes: https://securityweekly.com/vault-swn-26
Our old friend Russ Beauchemin and Doug talk about the future of AI and what it may mean when AI is smarter than us all. Show Notes: https://securityweekly.com/vault-swn-25
Check out this episode from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on January 3, 2023. With the current macro economic head winds, 2023 budgets are either frozen or are flat. Where should CISOs focus these limited budgets to maximize the most out of their security program? In this segment, we invite Jon Fredrickson, Chief Risk Officer at Blue Cross Blue Shield of Rhode Island, to debate what should be in your minimum viable security program. This segment is part 2 and focuses on the minimum viable security vendors for our top 6 capabilities: Asset Management Patch Management IAM/MFA/PIM/PAM EDR/MDR/XDR Backup/Recovery Risk Management Show Notes: https://securityweekly.com/vault-bsw-16…
Josh Marpet and Doug talk about how Tariffs work and how you maybe should get ready for higher prices to replace equipment in the coming years if new rounds of tariffs are imposed on foreign goods and components. Show Notes: https://securityweekly.com/vault-swn-24
1 Hacker Heroes - Haroon Meer - PSW Vault 1:16:41
1:16:41
پخش در آینده
پخش در آینده
لیست ها
پسندیدن
دوست داشته شد
1:16:41Unraveling Cybersecurity Complexity: A Conversation with Haroon Meer Haroon Meer, an influential figure in the world of cybersecurity, takes center stage in this podcast interview. With a deep reservoir of knowledge and a track record of tackling complex security challenges, Haroon has established himself as a key player in the InfoSec domain. As the founder of Thinkst Applied Research, Haroon brings a wealth of practical experience to the table. Join us as we explore his professional journey, from early forays into cybersecurity to pioneering innovations that have reshaped how organizations approach security. Haroon Meer's insights go beyond the theoretical, offering a pragmatic understanding of cybersecurity issues and solutions. Dive into the intricacies of threat landscapes, security architectures, and the evolving dynamics of cyber threats as Haroon shares his perspectives on the current state of cybersecurity. With a focus on practicality and a knack for simplifying complex concepts, Haroon Meer's interview is a must-listen for anyone interested in the nuances of cybersecurity. Gain a deeper understanding of the challenges faced by security professionals and uncover valuable takeaways that can enhance your approach to securing digital environments. Join us as we explore the mind of a cybersecurity luminary, unraveling the layers of InfoSec intricacies with Haroon Meer in this enlightening podcast episode. Show Notes: https://securityweekly.com/vault-psw-14…
Josh Marpet and Doug talk about Compliance and Privacy for about 30 minutes but it could have been a lot more. Show Notes: https://securityweekly.com/vault-swn-23
به Player FM خوش آمدید!
Player FM در سراسر وب را برای یافتن پادکست های با کیفیت اسکن می کند تا همین الان لذت ببرید. این بهترین برنامه ی پادکست است که در اندروید، آیفون و وب کار می کند. ثبت نام کنید تا اشتراک های شما در بین دستگاه های مختلف همگام سازی شود.