Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video)

Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and breaking news on the latest hacking techniques, vulnerabilities, and industry trends. Stay informed and secure with the most trusted voices in cybersecurity!

False Claims Act, Google Cloud PQC, Salt Typhoon, AI in SOC, Ivanti Flaws, ICS, DeFi - SWN #453

On this edition of the Security Weekly News: False Claims Act, Google Cloud PQC, Salt Typhoon, AI in SOC, Ivanti Flaws, ICS, DeFi and more! Show Notes: https://securityweekly.com/swn-453

02-21
30:41

Live from ZTW - PSW #862

Our thoughts on Zero Trust World, and just a little bit of news. Of course we covered some firmware and UEFI without Paul! Show Notes: https://securityweekly.com/psw-862

02-20
01:03:29

Say Easy, Do Hard - Data Inventory and Classification, Part 2 - BSW #383

Application, user, and data security are the three core components of every security program, but data is really what attackers want. In order to protect that data, we need to know where it is and what it's used for. Easier said than done. In this Say Easy, Do Hard segment, we tackle data inventory and classification. In part 2, we discuss the steps involved in data inventory and classification, including: Data discovery: Identify all data sources across the organization using data mapping tools. Data profiling: Analyze data attributes to understand its content and characteristics. Data classification: Assign appropriate sensitivity levels to each data set based on predefined criteria. Data tagging: Label data assets with their classification level for easy identification. Data ownership assignment: Determine who is responsible for managing each data set. Show Notes: https://securityweekly.com/bsw-383

02-19
27:49

Say Easy, Do Hard - Data Inventory and Classification, Part 1 - BSW #383

Application, user, and data security are the three core components of every security program, but data is really what attackers want. In order to protect that data, we need to know where it is and what it's used for. Easier said than done. In this Say Easy, Do Hard segment, we tackle data inventory and classification. In part 1, we discuss the challenges of data inventory and classification, including: identifying all data sources within an organization, including databases, applications, cloud storage, physical files, etc., and documenting details like data type, location, and volume categorizing all data based on its sensitivity level, usually using classifications like "public," "internal," "confidential," or "restricted," which determines the necessary security measures to protect it prioritizing security measures and protecting critical information more effectively Show Notes: https://securityweekly.com/bsw-383

02-19
25:50

AI Threat Intelligence, AI Hacking, Data Breaches, Zhong, DOGE, and more - SWN #452

This week in the Security Weekly News: AI Threat Intelligence, AI Hacking, Data Breaches, Zhong, DOGE, and more! Show Notes: https://securityweekly.com/swn-452

02-18
24:54

Top 10 Web Hacking Techniques of 2024 - James Kettle - ASW #318

We're getting close to two full decades of celebrating web hacking techniques. James Kettle shares which was his favorite, why the list is important to the web hacking community, and what inspires the kind of research that makes it onto the list. We discuss why we keep seeing eternal flaws like XSS and SQL injection making these lists year after year and how clever research is still finding new attack surfaces in old technologies. But there's a lot of new web technology still to be examined, from HTTP/2 and HTTP/3 to WebAssembly. Segment Resources: Top 10, 2024: https://portswigger.net/research/top-10-web-hacking-techniques-of-2024 Full nomination list: https://portswigger.net/research/top-10-web-hacking-techniques-of-2024-nominations-open Project overview: https://portswigger.net/research/top-10-web-hacking-techniques Show Notes: https://securityweekly.com/asw-318

02-18
44:57

The dark side of security leadership, will agentic be a thing, OWASP AI resources - ESW #394

In this week's enterprise security news, we've got 5 acquisitions Tines gets funding new tools and DFIR reports to check out A legal precedent that could hurt AI companies AI garbage is in your code repos the dark side of security leadership HIPAA fines are broken Salt Typhoon is having a great time Don't use ChatGPT for legal advice!!!!! All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-394

02-17
51:13

A SecOps Medley: we talk automation, AI, data management, and EDR evaluations - Allie Mellen - ESW #394

We couldn't decide what to talk to Allie about, so we're going with a bit of everything. Don't worry - it's all related and ties together nicely. First, we'll discuss AI and automation in the SOC - Allie is covering this trend closely, and we want to know if she's seeing any results yet here. Next, we'll discover SecOps data management - the blood that delivers oxygen to the SOC muscles. Finally, we'll discuss MITRE's recent EDR evaluations - there was some contention around some vendors claiming to ace the test and we're going to get the tea on what's really going on here! For each of these three topics, these are the blog posts they correspond with if you want to learn more: Generative AI Will Not Fulfill Your Autonomous SOC Hopes (Or Even Your Demo Dreams) If You’re Not Using Data Pipeline Management For Security And IT, You Need To Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes Show Notes: https://securityweekly.com/esw-394

02-17
32:08

Evolving the SOC: Automating Manual Work while Maintaining Quality at Scale - Tim MalcomVetter - ESW #394

We've got a few compelling topics to discuss within SecOps today. First, Tim insists it's possible to automate a large amount of SecOps work, without the use of generative AI. Not only that, but he intends to back it up by tracking the quality of this automated work with an ISO standard unknown to cybersecurity. I've often found useful lessons and wisdom outside security, so I get excited when someone borrows from another, more mature industry to help solve problems in cyber. In this case, we'll be talking about Acceptable Quality Limits (AQL), an ISO standard quality assurance framework that's never been used in cyber. Segment Resources: Introducing AQL for cyber. AQL - How we do it An AQL 'calculator' you can play around with Show Notes: https://securityweekly.com/esw-394

02-16
31:58

Bad Romance, Kimsuky, Red Mike, Ivanti, Nvidia, C code, Postgre, Aaran Leyland... - SWN #451

Tunnel of Love, Kimsuky, Red Mike, Ivanti, Nvidia, C code, Postgre, Aaran Leyland, and More, on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-451

02-14
33:15

Prompt Injection, CISA, Patch Tuesday - PSW #861

You can install Linux in your PDF, just upload everything to AI, hackers behind the forum, TP-Link's taking security seriously, patche Tuesday for everyone including Intel, AMD, Microsoft, Fortinet, and Ivanti, hacking your space heater for fun and fire, Cybertrucks on fire (or not), if you could just go ahead and get rid of the buffer overflows, steam deck hacking and not what you think, Prompt Injection and Delayed Tool Invocation, new to me Ludus, Contec patient monitors are just insecure, Badbox carries on, the compiler saved me, and Telnet command injection! Show Notes: https://securityweekly.com/psw-861

02-13
02:05:09

Speak the Same Language, as Cybersecurity is Everyone's Responsibility - BSW #382

This week, we tackle a ton of leadership and communications articles: Why CISOs and Boards Must Speak the Same Language on Cybersecurity, The Hidden Costs of Not Having a Strong Cybersecurity Leader, Why Cybersecurity Is Everyone’s Responsibility, Leadership is an Action, not a Position, and more! Show Notes: https://securityweekly.com/bsw-382

02-12
54:07

PlayStation, KerioControl, SEC SimSWAP, 8base, Copilot, AI, Bird, Josh Marpet... - SWN #450

PlayStation, KerioControl, SEC SimSWAP, 8base, Copilot, AI, Robert Bird, Josh Marpet, and more on the Security Weekly News. Show Notes: https://securityweekly.com/swn-450

02-11
30:10

Unforgivable Vulns, DeepSeek iOS App Security Flaws, Memory Safety Standards - ASW #317

Identifying and eradicating unforgivable vulns, an unforgivable flaw (and a few others) in DeepSeek's iOS app, academics and industry looking to standardize principles and practices for memory safety, and more! Show Notes: https://securityweekly.com/asw-317

02-11
35:52

Code Scanning That Works With Your Code - Scott Norberg - ASW #317

Code scanning is one of the oldest appsec practices. In many cases, simple grep patterns and some fancy regular expressions are enough to find many of the obvious software mistakes. Scott Norberg shares his experience with encountering code scanners that didn't find the .NET vuln classes he needed to find and why that led him to creating a scanner from scratch. We talk about some challenges in testing tools, making smart investments in engineering time, and why working with .NET's compiler made his decisions easier. Segment Resources: -https://github.com/ScottNorberg-NCG/CodeSheriff.NET Show Notes: https://securityweekly.com/asw-317

02-11
37:01

Breach details need to be transparent and kids need cybersecurity education - ESW #393

This week, in the enterprise security news, Semgrep raises a lotta money CYE acquires Solvo Sophos completes the Secureworks acquisition SailPoint prepares for IPO Summarizing the 2024 cybersecurity market Lawyers that specialize in keeping breach details secret Scientists torture AI Make sure to offboard your S3 buckets extinguish fires with bass All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-393

02-10
48:10

Inside look and lessons from a Recent APT Attack on a U.S. Aerospace Company - John Dwyer - ESW #393

Listeners of the show are probably aware (possibly painfully aware) that I spend a lot of time analyzing breaches to understand how failures occurred. Every breach story contains lessons organizations can learn from to avoid suffering the same fate. A few details make today's breach story particularly interesting: It was a Chinese APT Maybe the B or C team? They seemed to be having a hard time Their target was a blind spot for both the defender AND the attacker Segment Resources: https://www.binarydefense.com/resources/blog/shining-a-light-in-the-dark-how-binary-defense-uncovered-an-apt-lurking-in-shadows-of-it/ https://www.theregister.com/2024/09/18/chinesespiesfoundonushqfirm_network/ Show Notes: https://securityweekly.com/esw-393

02-10
31:32

The groundbreaking technology addressing employment scams and deepfakes - Aaron Painter - ESW #393

Spoiler: it's probably in your pocket or sitting on the table in front of you, right now! Modern smartphones are conveniently well-suited for identity verification. They have microphones, cameras, depth sensors, and fingerprint readers in some cases. With face scanning quickly becoming the de facto technology used for identity verification, it was a no-brainer for Nametag to build a solution around mobile devices to address employment scams. Segment Resources: Company website Aaron's book, Loyal Show Notes: https://securityweekly.com/esw-393

02-09
30:04

AI Cheese, CISA, Scaryware, Kimsuky Returns, Backups, Encryption, Jason Wood... - SWN #449

AI Cheese, CISA, Scaryware, Kimsuky Returns, Backups, Encryption, Jason Wood, and More, on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-449

02-07
35:02

Deepseek, AMD, and Forgotten Buckets - PSW #860

Deepseek troubles, AI models explained, AMD CPU microcode signature validation, what happens when you leave an AWS S3 bucket laying around, 3D printing tips, and the malware that never was on Ethernet to USB adapters. Show Notes: https://securityweekly.com/psw-860

02-06
02:06:54

Recommend Channels