Paul's Security Weekly (podcast-only)

This week, we start the show off with an interview featuring Michael Daniel, President & CEO, Cyber Threat Alliance! Next up, A tech segment walking through Running Windows Inside Containers On Linux! In the Security News for this week: To steal or collect a bug bounty, print bombing an NFL team, Webkit strikes again, hackers be framing, TIPC Linux kernels, is that an Airtag in your pocket, It was Russia unless it wasn't Russia, Cassandra and Magento, and how not to redact!   Show Notes: https://securityweekly.com/psw728 Visit https://www.securityweekly.com/psw for all the latest episodes!   Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we start the show off with Brian Honan, the CEO of BH Consulting joins to discuss why Cybersecurity is Not Just a Technical Problem! In the Security News for this week: Microsoft to block VBA macros by default (in some Office applications), Russia arrests it’s 3rd hacking group, The ‘Metaverse’ of security challenges, $323 Million in crypto stolen from the “Wormhole”, & a rapping influencer allegedly launders $4.5 billion worth of stolen crypto!! Next up, Qualys’ Wheel joins to discuss Uncovering a Major Linux PolicyKit security vulnerability: Pwnkit!   Show Notes: https://securityweekly.com/psw727 Segment Resources: Security Industry Failing to Establish Trust https://threatpost.com/security-industry-failing-to-establish-trust/128321/ Treat infosec fails like plane crashes' – but hopefully with less death and twisted metal https://www.theregister.com/2017/11/24/infosec_disasters_learning_op/ IoT security: Lessons we can learn from the evolution of road safety https://www.helpnetsecurity.com/

This week, we start the show off with an interview with Brent White, Principal Security Consultant at Dark Wolf Solutions! Next up, we have a technical segment where I walk through Linux Post Exploitation! In the Final Segment, Temporary phones, webcam hacks that are so much more, bags of cash, patch Wordpress plugins and patch them some more, crowd-sourced-government-funded vulnerability scanning, hiding deep in UEFI and bouncing off the moon, even more UEFI vulnerabilities, if Samaba were a fruit it would be....well vulnerable for one thing, charming kittens, fingerprinting you right in the GPU, Let's not Encrypt, your S3 bucket is showing again, and can you hack the latest wearable sex toys intended to delay things?!   Show Notes: https://securityweekly.com/psw726 Segment Resources: # Blog website : www.wehackpeople.com # Employer's website : www.darkwolfsolutions.com # Link for EDC - Covert Entry Wallet : https://wehackpeople.wordpress.com/2019/10/10/lock-pick-concealment-edc-wallet/ # Link for other EDC

This week, we start the show off with an interview with Jimmy Sanders, CISO at Netflix, to talk about Cracks in the Castle! Next up, we have a technical segment where I walk through Securing Ubiquiti WiFi Systems! In the Final Segment, it’s the Security News: More QR codes you shouldn't trust, race conditions in Rust, encrypting railways, Pwnkit - the latest Linux exploit, tricking researchers into crashing, cybersecurity is broken?, the best cybersecurity research paper, evil Favicons, escaping Kubernetes, pimping your cubicle and someone who actually recovered their crypto wallet!   Show Notes: https://securityweekly.com/psw725 Visit https://www.securityweekly.com/psw for all the latest episodes!   Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we start the show off with an interview with Neal O’Farrel, Founder of The PsyberResilience Project, to talk about Cyber Resilience & Cybersecurity Mental Health! Next up, it’s the Security News: Malware targets Ukraine, I wonder where that's coming from?, evil Google Docs comments, Russia grabs REvil, funding a dictatorship, Zoom zero clicks, When 9-year olds launch DDoS attacks, 5G interference, and when your Mom steals your brownies.! In the Final Segment, we air a Technical Segment showing you how to Use WPScan To Find Wordpress Vulnerabilities!   Show Notes: https://securityweekly.com/psw724 Visit https://www.securityweekly.com/psw for all the latest episodes!   Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly  

This week, we kick off the show with a tech segment walking through the Log4j Vuln, step by step! Then, Dragos Ruiu, creator of Pwn2Own, joins for an interview! In the Security News: Attacking RDP (from the inside), NetUSB exposed, the old mailing USB drives trick, a persisten DoS in your doorLock, Signal gets a new CEO, attacking the patching software, where does that QR code go, we heard you liked cryptominers, Pluton will fix that, and retiring from a jarring career!   Show Notes: https://securityweekly.com/psw723 Visit https://www.securityweekly.com/psw for all the latest episodes!   Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we kick off the show with an interview featuring Deviant Ollam, Physical Penetration Specialist, at Red Team Alliance, where we delve into Lock Picking & Physical Security! Then, John Matherly, creator of SHODAN, joins for a segment about The State Of Internet Exposed Services!! In the Security News: The greatest exploit in the world, throw some more logs on the log4j fire, lock picking with a zip tie, hacking metal detectors, please disclose your vulnerabilities here, bugs in Wifi and Bluetooth have an interesting relationship, not-so-secret backdoors, taking over domain controllers, and interesting precopulatory behavior in darkling beetles!   Show Notes: https://securityweekly.com/psw722 Visit https://www.securityweekly.com/psw for all the latest episodes!   Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we kick off the show with an interview featuring Ed Skoudis, SANS Fellow and Counter Hack Founder, where we talk about the holiday hack challenge! Then, Sinan Eren, VP of Zero Trust Access & ZTNA Engineering at Barracuda Networks, joins for an segment walking through What to Expect in 2022 for security!! In the Security News: Printing Shellz, the exploit is in the link, 42 CVEs, time to update all of your browsers again, Microsoft App spoofing vulnerability, stealing credit cards in Wordpress, using block chain for C2, MangeEngine 0day, oh and did you hear about the log4j vulnerability!   Show Notes: https://securityweekly.com/psw721 Segment Resources: www.holidayhackchallenge.com www.counterhack.com www.sans.edu Barracuda research on Ransomware trends and remote code execution vulns: https://blog.barracuda.com/2021/08/12/threat-spotlight-ransomware-trends/ https://blog.barracuda.com/2021/10/13/threat-spotlight-remote-code-execution-vulnerabilities/ Visit https://securityweekly.com/barracuda

This week, we kick off the show with an interview featuring Shailesh Athalye, Senior Vice President of Product Management at Qualys joins to discuss why Cybersecurity is an Unfair Game! Then, we jump straight into the Security News for this week: Stop hiding your secrets in plain sight, Detecting Wildcard DNS Abuse, $5 setup that hacks biometrics, Managing passwords with pen and paper, Windows 10 Zero Days, & why The Matrix (might be) the best hacker movie!! Finally, we close out the show with a special pre-recorded interview featuring Sven Morgenroth, Security Researcher at Netsparker, where we discussed Auth Vulnerabilities!   Show Notes: https://securityweekly.com/psw720 Segment Resources: Visit https://securityweekly.com/invicti https://www.qualys.com/cloud-platform/ Visit https://securityweekly.com/qualys to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitte

This week, we kick off the show with a technical segment where we walk through creating vulnerable Docker Containers – On Purpose! Then, Derek Rook from Senior Director Purple Team atTeradata, & SANS Certified Instructor joins to discuss technologies to build CTFs as well as what types of things to consider while doing so!! In the Security News: The FBI is spamming you, hacking exists in the mind, Beg Bounties, nasty top-level domains, MosesStaff, why own one npm package when you can own them all, how much is your 0day worth, upnp strikes again, when patches break exploits in weird ways, records exposed in stripchat leak, can we just block ICMP?, trojans in your IDA, suing Satoshi Nakamoto, paying to be in the mile high club, it was cilantro, and sexy VR furniture!   Show Notes: https://securityweekly.com/psw719 Visit https://www.securityweekly.com/psw for all the latest episodes!   Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.c

This week, we kick off the show with an interview featuring Lodrina Cherne, and Martijn Grooten join to discuss the Realworld capabilities of Stalkerware! Then, Sachin Mahajan from Inguardians joins to delve MAVSH!! In the Security News: NPM hijacked again, hardcoding your keys, PAN-ODay, more Nmap in your python or python in your nmap, put your Docker API to rest, Busybox will own your box, Microsoft says its a feature not a vulnerability, SBDCs, TIPC Linux kernel vulnerability, patches that don't fix everything, truckloads of GPUs and “are you high”?   Show Notes: https://securityweekly.com/psw718 Segment Resources: http://mav.sh/ https://github.com/0xkayn/Valkyrie https://www.youtube.com/watch?v=CJZ2gCLopyU   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we kick off the show with an interview featuring Doug Burks, CEO of Security Onion Solutions, who joins to discuss Peel Back the Layers of Your Enterprise with Security Onion 2! Then, I'm going to continue guiding you through Scanning For Default Creds With Python!! In the Security News: LOLbins that make you LOL, over exposing your medical records, Shrootless gets past SIP, 73.6% of statistics are made up and other such lies, we love Signal, if an 0day drops on the Internet how many people have it?, fake Harvard students, uses for an Apple cleaning cloth, Bidi override characters, who owns my house?, who owns your printer?, and the return of Clippy!   Show Notes: https://securityweekly.com/psw717 Segment Resources: https://securityonion.net https://github.com/Security-Onion-Solutions/securityonion https://securityonion.net/discuss   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twi

This week, we kick off the show with an interview featuring Roger Grimes, Data-Driven Defense Evangelist, KnowBe4, who joins to discuss the Evolution and Maturity of the Cybersecurity Industry! Then, Matt Linton, Chaos Specialist at Google, joins to talk about What Exactly Is an Incident Commander, Anyway! In the Security News: Its still not illegal to look at HTML source code, Nobelium strikes again, npm infections, gas is cheap in Iran, if you can get it, Google Tensor, going beyond the transport layer with HTTPS, buying a power plan, EBCIDIC and GDPR, how children can infect parents, signing your rootkit, dates are hard, something smells funny and bird poop in your antenna!   Show Notes: https://securityweekly.com/psw716 Visit https://www.securityweekly.com/psw for all the latest episodes!   Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we kick off the show with an interview featuring Maxime Lamothe-Brassard, the CEO of LimaCharlie, who joins to discuss the Evolution and Maturity of the Cybersecurity Industry! Then, I walk through Scanning For Default Credentials With Python!! In the Security News: More security advice for non-profits, faster 0-day exploits, ban all the things, you are still phishable, how to treat security researchers, what the heck is cyber hygiene?, Gummy browsers, the Internet is safe now, a particular kind of crack is open-source, sysmon: Now for Linux, Windows 11 and lies, and cocaine Hippos!!!!! All that and more, on this episode of Paul’s Security Weekly! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/psw715  

This week, we kick off the show with an interview featuring Zach Wasserman, CTO & Co-Founder of Fleet, who joins us to discuss Open Source Endpoint Security with OSquery & Fleet! Then, Sven Morgenroth, Security Researcher at Invicti, joins us for a technical segment on GraphQL!! In the Security News: Following the ransomware money, the Mystery Snail, school cybersecurity is the law, sue anyone, just not security researchers, "hacking" a flight school,, refusing bug bounties in favor of disclosure, Apple still treats researchers like dog poo, prosecuting people for reading HTML, giving up on security and a high school hacking prank that never wants to give you up and won't let you down!   Show Notes: https://securityweekly.com/psw714 Segment Resources: Visit https://securityweekly.com/invicti to learn more about them! https://osquery.io https://fleetdm.com   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hun

This week, we kick off the show with an interview featuring Dan DeCloss, the Founder of PlexTrac, for a segment all about Survey Says: Improve Your Security Posture by Purple Teaming! Then, a segment aimed at getting YOU Up and Running With The Security Onion!! In the Security News: Brushing that data breach under the rug? Get sued by the US Government!, all your text messages belong to someone else, beware of the Python in your ESXi, Twitch leaks, when LANtennas attack, zero-trust fixes everything, recalled insulin pumps, Apache -day, you iPhone is always turned on, and Apple pay hacked!   Show Notes: https://securityweekly.com/psw713 Visit https://securityweekly.com/plextrac to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Mehul Revankar, VP Product Management and Engineering, VMDR at Qualys, to discuss Defense Strategies to Combat Sophisticated Ransomware! In the Security News, Microsoft adds automated mitigations for Exchange servers, Senior US cyber officials support mandatory breach reporting, 2021 has broken the record for 0days, but maybe that's a good thing? Speaking of which, Apple patches some 0days, Lithuania warns against using Huawei and Xiaomi phones, the FCC pays companies to ditch Huawei and ZTE gear, the latest on Cybercrime, UK researchers find a way to pickpocket Apple Pay, and more!   Show Notes: https://securityweekly.com/psw712 Segment Resources: www.qualys.com/vmdr Visit https://securityweekly.com/qualys to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com

This week, we kick off the show with an interview featuring Mike Cohen, from Rapid 7, and Wes Lambert from Security Onion Solutions, for a segment all about Velociraptor & Digging Deeper! Then, we attempt to confirm or deny that Nzyme performs “intelligent device fingerprinting and behavioral analytics to detect rogue actors”!! In the Security News: What to do with your old hardware, renting your phone, "persistently execute system software in the context of Windows", sensational headline: ransomware could cause a food shortage, could someone please schedule the year of the Linux desktop?, public-key crypto explained?, malware attacks Windows through Linux, Microsoft Exchange Auotdiscovery bug leaks 100k creds, and toilets that can identify you, er, from the bottom... & more!   Show Notes: https://securityweekly.com/psw711 Segment Resources: Please visit our documentation site where you can learn about Velociraptor https://docs.velociraptor.app/   Visit https://www.securityweekly.com/psw for all the l

This week, we kick off the show with an interview featuring Sinan Eren, VP of Zero Trust Access at Barracuda Networks, to discuss The State of Network Security in 2021! Then, we welcome Justin Collins from the People Empowerer for Product Security Team at Gusto, for a segment focusing on Brakeman! In the Security News: Anonymous hacks Epik (with a K), Fuzzing Close-Source Javascript Engines,ForcedEntry, 8 Websites that can replace computer software,REvil decryptor key released, Microsoft fixes Critical vulnerability in Linux App, Drone accidentally delivers drug paraphernalia to high schoolers, & more!   Show Notes: https://securityweekly.com/psw710 https://github.com/presidentbeef/brakeman Visit https://securityweekly.com/barracuda to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.face

This week, we kick off the show with a technical segment, all about working with NMAP Vuln Scanning & Flan! In the Security News: Lightning cables that steal passwords, Malicious Code in your VRAM, creating a “TJ Hooper” for infosec, Linux 5.14, “Unhackable Wii” has been hacked, Hackers vs. Dictators & more!!! Finally, we have a pre-recorded interview featuring Benjamin Mussle, Senior Security Researcher at Acunetix, who joined to discuss I-Frame security!   Show Notes: https://securityweekly.com/psw709 Visit https://securityweekly.com/acunetixto learn more about them!   Visit https://www.securityweekly.com/pswfor all the latest episodes! Visit https://securityweekly.com/acmto sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly