Paul's Security Weekly (podcast-only)

This week, we kick off the show with a technical segment, all about working with OpenVAS! Next up, we welcome Patrick Wardle, founder of Objective-See, to talk Trends in Mac Malware and Apple Security!! In the Security News: Some describe T-Mobile security as not good, if kids steal bitcoin just sue the parents, newsflash: unpatched vulnerabilities are exploited, insiders planting malware, LEDs can spy on you, hacking infusion pumps, PRISM variants, 1Password vulnerabilities, plugging in a mouse gives you admin,& more!   Show Notes: https://securityweekly.com/psw708 Visit https://www.securityweekly.com/psw for all the latest episodes!   Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we jump straight Into the Security News for this week: Buffer overflows galore, how not to do Kerberos, no patches, no problem, all your IoTs belong to Kalay, the old pen test vs. vulnerability scan, application security and why you shouldn't do it on a shoe string budget, vulnerability disclosure miscommunication, tractor loads of vulnerabilities, The HolesWarm..malware, T-Mobile breach, and All you need is....Love? No, next-generation identity and access management with zero-trust architecture is what you need!!!! Next up, we have a pre-recorded interview featuring Qualys Researcher “Wheel”, who joined Lee and I to discuss Sequoia: A Local Privilege Escalation Vulnerability in Linux’s Filesystem Layer!!! Lastly, a segment from Black Hat 2021 featuring Sonali Shah, Chief Product Officer at Invicti Security, all about Shifting Left, and how YOU can make it right!   Show Notes: https://securityweekly.com/psw707 Segment Resources: https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/se

This week, we kick off the show with an interview featuring Joe Gray, Senior OSINT Specialist at Qomplx, where we talk OSINT & Social Engineering ! Next up, we welcome Kyle Avery, a Penetration Tester for Black Hills Information Security, to delve into Offensive Operations with Mythic! In the Security News for this week: Accenture gets Lockbit, $600 million in cryptocurrency is stolen, and they've started returning it, Lee and Jeff's data is leaked (among other senior citizens), authentication bypass via path traversal, downgrade attacks, Apple's backdoor, super duper secure mode, re-defining end-to-end encryption and how that doesn't work out, pen testers file suit against Dallas County Sherrif's department, Fingerprinting Windows, & double secret quadrupal extortion!   Show Notes: https://securityweekly.com/psw706 Visit https://www.securityweekly.com/psw for all the latest episodes!   Follow us on Twitter: https://twitter.com/securityweekly Follow us on Facebook: https://facebook.com/secweekly

This week, we kick off the show with an interview featuring Rick Farina, & Rick Mellendick Board Members at RF Hackers Sanctuary, to talk about RF Village at DefCon! Next up, we.0 welcome Scott Scheferman, Principal Strategist, & Yuriy Bulygin, CEO of Eclypsium, to discuss how The Stakes are Raised when Protecting the Foundation of Computing!! In the Security News: PwnedPiper and vulnerabilities that suck, assless chaps, how non-techy people use ARP, how to and how not to explain the history of crypto, they are still calling about your car warranty, master faces, things that will always be true with IoT vulnerabilities, DNS loopholes, and a toilet that turns human feces into cryptocurrency! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw705

This week, we kick off the show with an interview featuring Alyssa Miller, BISO at S&P Global, to talk about the how the “B” in BISO is for Business! Next up, we welcome Michael Welch, Managing Director at Morgan Franklin, to discuss Cyber-Physical Attacks!! In the Security News, From a stolen laptop to inside the company network, the essential tool for hackers called "Discord", fixin' your highs, hacking DEF CON, an 11-year-old can show you how to get an RTX 30 series, broadcasting your password, to fuzz or not to fuzz, a real shooting war, evil aerobics instructors, the return of the PunkSpider, No Root for you!   Show Notes: https://securityweekly.com/psw704 Visit https://www.securityweekly.com/pswfor all the latest episodes!   Follow us on Twitter: https://twitter.com/securityweekly Follow us on Facebook: https://facebook.com/secweekly

This week, we kick off the show with an interview featuring Jeff Tinsley, CEO of RealMe, to talk about The Online Safety and Security as it Pertains to Dating Apps and Online Marketplaces! Next up, we welcome Gordon Draper, Founder and CEO of CyberMarket.com, to talk about the Democratisation and Globalisation of CyberSecurity Consulting! In the Security News, Trust no one, its all about the information, so many Windows vulnerabilities and exploits, so. many., Saudi Aramco data for sale, Sequoia, a perfectly named Linux vulnerability, is Microsoft a national security threat?, Pegasus and clickless exploits for iOS, homoglyph domain takedowns, when DNS configuration goes wrong and a backdoor in your backdoor!   Show Notes: https://securityweekly.com/psw703 Segment Resources: https://www.cybermarket.com There is a blog at https://www.cybermarket.com/homes/blog where an article to help people to start up their own cybersecurity consultancy can be found.   Visit https://www.securityweekly.com/psw for all the late

This week, we kick off the show with an interview featuring Scott Scheferman, Principal Strategist at Eclypsium, to talk about The BIOS Disconnect and vulnerabilities affecting the BIOSConnect feature within the Dell Client BIOS! Next up, we welcome Jack Rhysider, Podcaster and Host of the Darknet Diaries Podcast, to discuss the The Journey from a Network Security Engineer to a Podcast Host! In the Security News, the White House Announces a Ransomware Task Force, how much money Microsoft has paid out to security researchers last year, Amazon rolls out encryption for Ring doorbells, how a backdoor in popular KiwiSDR product gave root to a project developer for years, Trickbot Malware Returns with a new VNC Module to Spy on its Victims, and some of the absolute funniest quotes about cyber security & tech in 2021!   Show Notes: https://securityweekly.com/psw702 Segment Resources: https://eclypsium.com/2021/06/24/biosdisconnect/ Visit https://securityweekly.com/eclypsium to learn more about them! https://dark

This week, we kick off the show with an interview featuring Rob Shavelle, Co-Founder and CEO of Abine & DeleteMe, to talk about New Security Threats Stemming from PII Online! Then, Haseeb Awan, CEO of EFANI Inc, joins to discuss the The Rise of Sim Swapping! In the Security News, LinkedIn breach exposes user data, Why MTTR is Bad for SecOps, 3 Things Every CISO Wishes You Understood, USA as a Cyber Power, is ignorance bliss for hackers?, flaws let you hack an ATM by waving your phone, and more!   Show Notes: https://securityweekly.com/psw701 Visit https://www.securityweekly.com/psw for all the latest episodes!   Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we kick off the show with an interview featuring Jim O'Gorman, Chief Content and Strategy Officer at Offensive Security, to talk Career Pathing and Advice from Offensive Security! Then, Thomas Lonardo, an Associate Professor at Roger Williams University, joins to discuss the recent US Supreme Court Case ruling of Van Buren v. US! In the Security News, Windows 11, Drive-by RCE, Cookies for sale, McAfee has passed away, 30 Million Dell Devices at risk, & more!   Show Notes: https://securityweekly.com/psw700 Segment Resources: Visit https://securityweekly.com/offSec to learn more about them! https://www.supremecourt.gov/opinions/20pdf/19-783_k53l.pdf: Prosecuting Computer Crimes DOJ,: https://www.justice.gov/sites/default/files/criminal-ccips/legacy/2015/01/14/ccmanual.pdf "Computer Crime and Intellectual Property Section DOJ": https://www.justice.gov/criminal-ccips/ccips-documents-and-reports   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.co

This week, we welcome Brian Joe, Director of Security Product Marketing at Fastly, to discuss Avoiding the Silo: Bridging the Divide Between Security + Dev Teams! In the Security News: Jeff, Larry, & Doug adjust to our Adrian Overlord! Ransomware galore, Ransomware Poll Results, Windows 11 & Windows 10's End-Of-Life, Drones that hunt for human screams, & more! In our final segment, we air a pre-recorded interview with Timur Guvenkaya, Security Engineer at Invicti Security, to show us what Web Cache Poisoning is all about!   Show Notes: https://securityweekly.com/psw699 Segment Resources: Visit https://securityweekly.com/fastly to learn more about them! Visit https://securityweekly.com/netsparker to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we kick off the show with an interview featuring Gene Erik, Senior Product Officer at Xcape, Inc, to talk OpenWRT for Enterprise and Labs! Then, Rob Gurzeev, CEO and Co-Founder of CyCognito joins for a technical segment all about Protecting the Attack Surface! In the Security News, Microsoft patches 6 Zero-Days under active attack, US seizes $2.3 million Colonial Pipeline paid to ransomware attackers, the largest password compilation of all time leaked online with 8.4 billion entries, how to pwn a satellite, one Fastly customer triggered internet meltdown, and I got 99 problems, but my NAC ain't one!   Show Notes: https://securityweekly.com/psw698 Segment Resources: Visit https://securityweekly.com/cycognito to learn more about them! Company Website Link: https://xcapeinc.com/ Topic Link: https://openwrt.org/ Commercial Product for Topic Link: https://www.gl-inet.com/ Personal CI/CD Projects Link: https://gitlab.com/fossdevops Personal GitLab Link: https://gitlab.com/geneerik   Visit https://www.se

This week, we welcome Dan Tentler, Executive Founder at Phobos Group, to discuss Attack Surface Discovery and Enumeration! In the second segment, we welcome back Sumedh Thakar, CEO at Qualys, to talk about Digital Transformation's Impact On IT Asset Visibility! In the Security News, Paul and the Crew talk: Establishing Confidence in IoT Device Security: How do we get there?, JBS hack latest escalation of Russia-based aggression ahead of June 16 Putin summit, why Vulnerability Management is the Key to Stopping Attacks, Overcoming Compliance Issues in Cloud Computing, Attack on meat supplier came from REvil, ransomware’s most cutthroat gang, WordPress Plugins Are Responsible for 98% of All Vulnerabilities, and more!   Show Notes: https://securityweekly.com/psw697 Segment Resources: View the CyberSecurity Asset Management video: https://vimeo.com/551723071/7cc671fc38 Read our CEO’s blog on CyberSecurity Asset Management: https://blog.qualys.com/qualys-insights/2021/05/18/reinventing-asset-management-for-securit

This week, Paul Battista, CEO of Polarity, joins us for an interview to talk about Polarity’s Power-up Sessions! Then, Rick Howard the CSO of The CyberWire, joins us to talk about the CyberSecurity Canon! In the Security News: Nagios exploits, hacking a Boeing 747, bypass container image scanning, unpatchable new vulnerability in Apple M1 chips, stop blaming employees (Especially interns), spying on mac users, don't tip off the attackers, security researcher plows John Deere, when FragAttacks, & security by design!   Show Notes: https://securityweekly.com/psw696 Segment Resources: Sign up page: https://polarity.io/ctt/ Past 15min session with GreyNoise: https://youtu.be/sEWQbRU4Duc Teaser for future session on searching malware sandboxes: https://youtu.be/qo3GxeVSdGg Teaser for future session on searching for exploit code: https://youtu.be/mGcA8_8dPfg Teaser for future session on searching for YARA rules: https://youtu.be/Fx8d_fIeFy8 https://icdt.osu.edu/cybercanon   Visit https://www.securityweekly.com/p

This week, we kick off the show with the Security News: Is the cyber NTSB a good thing?, Russian virtual keyboard for the win, information should be free, hang on while I unplug the Internet, security MUST be taken seriously, poison the water hole to poison the water, bombing hackers, how industry best practices have failed us?, publishing exploits is still a good thing regardless of what the studies say, & more! Then, we have a Technical Segment featuring our own Adrian Sanabria, & Sounil Yu from JupiterOne! Then we wrap up the show with a pre-recorded interview with ‘Wheel’ on the “21 Nails“ Exim Mail Server Vulns!   Show Notes: https://securityweekly.com/psw695 Segment Resources: https://blog.qualys.com/vulnerabilities-research/2021/05/04/21nails-multiple-vulnerabilities-in-exim-mail-server   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securitywee

This week, Alex Chaveriat, Chief Innovation Officer at Tuik Security Group, joins us for an interview where he tells us "How Hacking Naked Changed His Life"! Then, I will take you through attack surface mapping with AMASS! In the Security News, President Biden issues a 34-page executive order on Cybersecurity, Did you hear about the pipeline hack?, New/Old Wifi vulnerabilities, get this Apple didn't want to talk about a malware attack that exposed users, fake Amazon review database, why ad-hoc scanning is not enough, distroless linux, wormable windows bug, codered 2.0 perhaps?, the cryptowars continue and more!   Show Notes: https://securityweekly.com/psw694 Segment Resources: https://youtube.com/alexchaveriat Visit https://www.securityweekly.com/psw for all the latest episodes!   Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Bob Erdman, Associate Director of Development at Core Security, joins us for an interview to talk about Building a Risk-Based Vulnerability Management Program! Then, Jim Langevin, US Congressman at the US House of Representatives, joins us for a discussion on Biden Administration EO on Cyber! In the Security News, Pingback is back, was it ever really gone?, damn QNAP ransomeware, anti-anti-porn software, Qualcomm vulnerabilities, spreading pandas on Discord, the always popular Chinese APTs, exploits you should be concerned about, job expectations, westeal your crypto currency, quick and dirty python (without lists), new spectre attacks, Github says don't post evil malware and more!   Show Notes: https://securityweekly.com/psw693 Segment Resources: https://www.coresecurity.com/blog/how-mature-your-vulnerability-management-program https://www.coresecurity.com/blog/when-use-pen-test-and-when-use-vulnerability-scan https://www.digitaldefense.com/blog/infographic-risk-based-vulnerability-management/

This week, Fleming Shi, CTO of Barracuda Networks, joins us for an interview to talk about Protecting the Hybrid Workforce! Then, Fred Gordy, Director of Cybersecurity at Intelligent Buildings, joins us for a discussion on Smart Building Control System Cybersecurity - The Real World! In the Security News, Penetration testing leaving organizations with too many blind spots, A New PHP Composer Bug Could Enable Widespread Supply-Chain Attacks, Apple AirDrop Vulnerability Exposes Users’ Personal Information, Darkside Ransomware gang aims at influencing the stock price of their victims, Security firm Kaspersky believes it found new CIA malware, and a Hacker leaks 20 million alleged BigBasket user records for free! All that and more on this episode of Paul's Security Weekly!   Show Notes: https://securityweekly.com/psw692 Segment Resources: Visit https://securityweekly.com/barracuda to learn more about them! Intelligent Buildings - https://www.intelligentbuildings.com/   Visit https://www.securityweekly.com/psw for

Kevin and the CYBER.ORG team are currently finalizing nationwide K-12 cybersecurity learning standards with the goal of having all 50 states adopt them. Expected in the fall, these standards will ensure that all students have equal access to standardized K-12 cybersecurity education. This conversation will introduce Wickr to the PSW listeners. Joel Wallenstrom will discuss the importance of end-to-end encrypted collaboration and communication as it relates to enterprise and federal space. This week in the Security News, U.S Formally Attributes SolarWinds Attack to Russian Intelligence Agency, FBI Clears ProxyLogon Web Shells from Hundreds of Orgs, Justice Dept. Creates Task Force to Stop Ransomware Spread, Facebook faces mass legal action over data leak, and more!   Show Notes: https://securityweekly.com/psw691 Segment Resources: https://cyber.org/standards https://cyber.org/about-us/our-impact https://cyber.org/news/k-12-cybersecurity-learning-standards-review-session-completed https://www.businesswire.com

This week, Lennart Koopmann, the CTO of Graylog, Inc, joins us for an interview to talk about Nzyme, a Free and Open WiFi Defense System. Then, Dutch Schwartz, Principal Security Specialist at Amazon Web Services, joins us for a discussion on the Lessons Learned When Migrating from On Prem to Cloud! In the Security News, Polish blogger sued after revealing security issue in encrypted messenger, The Facebook dump and Have I Been Pwned, Child tweets gibberish from a highly sensitive Twitter account, LinkedIn and more_eggs, APTs targeting Fortinet, SAP Applications Are Under Active Attack again, Is your dishwasher trying to kill you?, Ubiquiti All But Confirms Breach Response Iniquity, Cyber Threat Analysis, 11 Useful Security Tips for AWS and other stuff too, Signal Adds Cryptocurrency Support and Not everyone is a fan, Zoom 0-click exploit, when firmware attacks, attackers blowing up Discord! Register for Joff's Fun Regular Expressions class here: https://bit.ly/JoffReLife   Show Notes: https://securityweekly.

This week, Nick Percoco, Chief Security Officer at Kraken, joins us for an interview to discuss The Intersection of Cybersecurity and Cryptocurrency. Robert Lemos, Cybersecurity and Data Journalist, joins us for a discussion on Cybersecurity and Journalism! In the Security News, npm netmask library has a critical bug, when AI attacks, firmware attacks on the rise, Microsoft Hololens and order 66, a real executive order 13694, The Ubiquity breach saga, the FreeBSD and wireguard saga, is the cloud more secure? Hopefully for PHP it is, software updates limit muscle car to 3 HP, a brand new Windows 95 easter egg just in time for, well, easter, and aging wine in space, does it make a difference?   Show Notes: https://securityweekly.com/psw689 https://www.kraken.com/en-us/features/security/kraken-security-labs https://blog.kraken.com/security-labs/   Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: htt