Paul's Security Weekly

This week, we welcome Julian Zottl, Cyber and Information Operations SME at Raytheon, to talk about defending against advanced adversaries! In the second segment, we welcome Federico Simonetti, CTO of Xiid Corporation, to talk about how to fix identity and access management! In the Security News, Singapore passes an anti-fake news law, WhatsApp Vulnerability Exploited to Infect Phones with Israeli Spyware, major security issues found in Cisco routers, and Microsoft Releases Security...

This week, we welcome Ferruh Mavituna, CEO and Founder at our sponsor Netsparker, to talk about centralization of web application security in large enterprises! In the Enterprise News, Atos launches a new unified cloud identity and access management solution, ExtraHop announces new panorama partner program, SysDig and In-Q-Tel partnership to provide U.S. government agencies with the SysDig Cloud Native VSP, and LogRhythm releases a Cloud Based NextGen SIEM platform! In our final segment,...

This week, we welcome Jon Fredrickson, Information Security Officer at Blue Cross & Blue Shield of Rhode Island! In the Leadership and Communications segment, Transformational leadership style inspires 'moonshot goals', How to Deal With Information Overload, The surprising secret of success: it's not about winning, and more! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode128 Visit https://www.securityweekly.com/bsw for all the latest episodes! Visit our website:...

This week, hacking the unhackable eyeDisk USB stick, how to brick all Samsung mobile phones, how Twitter shared user location data through advertising, a 0-Day flaw used to install spyware on phones, and a Linux kernel flaw allows remote code execution! In the expert commentary, we welcome Marcin Szary, CTO at Secfense, to talk about Web Authentication! To learn more about Secfense, visit: https://securityweekly.com/secfense Full Show Notes:...

This week, Derek Weeks joins us to talk about DevSecOps and Securing Software Supply Chains! Derek is the VP and DevOps Advocate at Sonatype! In the Application News, Chrome constrains the cookies and Edge pushes privacy, Windows builds a sandbox for Linux, Android Q for more quarantined code with more LLVM features, Steve Singh stepping down as Docker CEO, and Verizon releases its 2019 DBIR! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode61 Visit...

This week, we welcome back Lesley Carhart, Principal Threat Analyst at Dragos Inc., to talk about moving from IT security to OT security, DFIR in ICS, and more! In the second segment, we welcome Chris Sanders, Founder of Applied Network Defense & Director of the Rural Technology Fund, to talk about delivering high quality IT training and donating scholarships and equipment to further education in schools! In the Security News, the top 5 mistakes that create field days for hackers,...

This week, we welcome Nik Whitfield, CEO at Panaseer, to talk about Continuous Controls Monitoring! In the Enterprise news, Secureworks launches new cybersecurity analytics app, StackRox Kubernetes Security Platform Receives Red Hat Container Certification, SIEM Solutions Firm Exabeam Raises $75 Million, and Serverless monitoring startup Espagon expands to cover broader microservices TechCrunch, and more! In our final segment, we have a Security Industry Briefings Update, where we talk...

This week, Matt, Jason, and Paul do a recap on the Global Cyber Innovation Summit that was held in Baltimore last week! In the Leadership and Communications segment, How to build a startup, You Don't Have To Be Nice To Be Respected. Boeing and the Importance of Encouraging Employees to Speak Up, and more! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode127 Visit https://www.securityweekly.com/bsw for all the latest episodes! Visit our website:...

This week, software flaw exposed most dell computers to remote hacking, Israel neutralizes cyber attack by blowing up a building with hackers, an expert that found hundreds of vulnerable Jenkins plugins, a bug in Mirai code allows crashing C2 servers, and how researchers discovered a highly stealthy Microsoft Exchange Backdoor! In the expert commentary, the return of Jason Wood from Paladin Security, joins us to talk about how Japan is developing a computer virus to fight cyber...

This week, we welcome Sven Morgenroth, Security Researcher at Netsparker to talk about securing our applications, web applications, and how we can make it easier to build applications! In the AppSec News, Firefox gives more scrutiny to add-ons but Firefox also forgot to give more scrutiny to a cert, Path traversals trampled by ransomware, Secure Software Design: The Next Frontier In Cybersecurity, Trust the Stack, Not the People, VRT adds a CAN, and MDM, parental controls, and...

This week, we welcome Philip Niedermair, CEO at the National Cyber Group, to discuss the National Cyber Education Program! In our second interview, we welcome back Josh Abraham, Staff Engineer at Praetorian, to talk about the MITRE attack framework for attackers! In the Security News, how Tenable experts found 15 flaws in wireless penetration systems, Julian Assange refused exfiltration to the US, PoC exploits for old SAP config flaws increase risk of attacks, and how 1.75 million dollars...

This week, we welcome Jay Prassl, CEO of Automox joins us to discuss Patch Management struggles and how to overcome them! In our second interview, we're joined by Josh Abraham in studio, who is a Staff Engineer at Praetorian, to talk about the MITRE attack framework for defenders! In the Enterprise news, ThreatConnects new features make creating security playbook's easier, SolarWinds adds password management to security portfolio, Checkpoint Systems announces HALO IoT platform, and...

This week, we welcome Craig Sandman, President and Co Founder of Symbol Security, a Cyber Security SaaS company with a mission to reduce corporate risk through Security Awareness Education! Craig will discuss Security Awareness, Education, and Training! In the Leadership and Communications segment, 5 Myths about Strategy, The making of a technology leader, Want Fewer Employees to Quit? Listen to Them, and more! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode126 Visit...

This week, how a politicians' kids accessed his laptop through facial recognition, critical flaws in WordPress and Qualcomm chips, how 2 million IoT security cameras and baby monitors are vulnerable to takeover, and how a new Emotet variant uses connected devices as proxy C2 servers! In the expert commentary, the return of Jason Wood from Paladin Security, joins us to talk about how Microsoft is telling IT admins to nix 'obsolete' password reset practices! Full Show Notes:...

This week, we welcome Larry Maccherone, Senior Director of Comcast, to talk about the world of SecOps vs. DevSecOps! In the Application Security News, Software update gums up fingerprints, a counterproductive security practice expires thanks to well-considered guidelines, Docker Hub breach response, a path to hacking Ruby Gems, 5 Security Challenges to API Protection, and more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode59 Visit https://www.securityweekly.com/asw for...

This week, we welcome Haroon Meer, CEO and Researcher at our sponsor Thinkst, to talk about why hackers should create companies, and some of the technical details behind Thinkts' tool Canary! In the second segment, we welcome Gururaj Pandarangi, CEO and Co-Founder of Cloudneeti, to talk about how their SaaS product is delivering continuous cloud security and compliance assurance to businesses! In the Security News, serious vulnerabilities found in fujifilm x-ray devices, facebook could be...

This week, Paul Asadoorian is joined by Matt Alderman, as we interview Francis Dinha, the CEO of OpenVPN! In the Enterprise News, ShieldX adds lateral movement prevention to the Elastic Security Platform for AWS, Tenable Integrates with Google Cloud Security Command Center, Capsule8 to help Google Cloud SCC members consolidate findings and speed up response, and Evident and Okta partnership simplifies identity verification and reduces risk for businesses! In the final segment, Security...

This week, we welcome Adam Fletcher, Chief Information Security Officer for Blackstone! In the Leadership and Communications segment, 5 Ways to Find Natural Leaders for Your Team, Business Wisdom Learned From Bomb Squad Experts And Their Commanders, Why Rest Is Essential To High Performance, 4 Ways Working Dads Can Make More Time for Family, and more! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode125 Please join Adam and other CISOs at the Global Cyber Innovation Summit by...

This week, we welcome Thomas Hatch, the creator of the Salt open source software project, and is the CTO of SaltStack, the company behind Salt! In the Application Security News, Breach at IT outsourcer Wipro, SCP serves the file it wants, Confluence Path traverses to RCE, another Local PrivEsc on Windows, easier sandboxing for C and C++ APIs, and Computer Science plus Ethics! To learn more about SaltStack, visit: https://securityweekly.com/saltstack Full Show Notes:...

This week, a weather channel that was knocked off air by a malicious attack, how bad bots make up 20 percent of web traffic, ransomware ravages municipalities nationwide, a flaw in Shopify API exposed revenue and traffic data of thousands of stores, and how attackers are weaponizing more vulnerabilities than ever before! In the expert commentary, we welcome Itai Tevet, CEO of Intezer, to talk about Linus threats, recent Mirai variants, and general code reuse in the cyber space! To learn...