Security Weekly Podcast Network (Audio)

Fuzzing has been one of the most successful ways to improve software quality. And it demonstrates how improving software quality improves security. Artur Cygan shares his experience in building and applying fuzzers to barcode scanners, smart contracts, and just about any code you can imagine. We go through the useful relationship between unit tests and fuzzing coverage, nudging fuzzers into deeper code paths, and how LLMs can help guide a fuzzer into using better inputs for its testing. Resources https://blog.trailofbits.com/2024/10/31/fuzzing-between-the-lines-in-popular-barcode-software/ https://github.com/crytic/echidna https://github.com/crytic/medusa https://lcamtuf.blogspot.com/2014/11/pulling-jpegs-out-of-thin-air.html Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-336

In fast-paced, shared device environments like healthcare, manufacturing, and other critical industries, traditional access management approaches are falling short, quietly eroding both security and productivity. This episode explores how outdated methods, like shared credentials and clunky logins, create friction, increase risk, and undermine compliance. We’ll discuss what a modern, strategic access management approach looks like and how passwordless authentication solutions are closing the gap between security and usability. To learn more about passwordless authentication in healthcare and other critical industries, check out our whitepapers on the topic: https://security.imprivata.com/putting-complex-passwords-to-work-for-you-wp.html https://www.imprivata.com/resources/whitepapers/passwordless-journey-healthcare This segment is sponsored by Imprivata. Visit https://securityweekly.com/imprivataidv to learn more about them! As digital identities multiply and certificate lifespans shrink, enterprises face growing challenges in securing trust across users, devices, and systems. This session explores why unifying PKI and IAM is essential to closing identity-related trust gaps and how platforms like DigiCert ONE—integrating PKI, DNS, and automation—help eliminate outages, streamline security operations, and future-proof organizations. This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertidv to learn more about them! Identity-related attacks are now the dominant threat vector in cybersecurity, yet most organizations remain hindered by fragmented tools, siloed data, and disconnected teams. “Multiplayer AI” offers a new model for identity security, emphasizing interoperability between human experts and AI agents to create a unified, real-time system of systems. By fostering collaboration through open standards and shared intelligence, enterprises can close security gaps, reduce attacker dwell time, and respond faster—transforming identity security from isolated defense into coordinated resilience. https://www.radiantlogic.com/blog/the-dentity-security-paradox-when-more-tools-create-bigger-blind-spots/ This segment is sponsored by Radiant Logic. Visit https://securityweekly.com/radiantlogicidv to learn more about them! In this era of technological advancements where businesses are going digital and more cloud based while preferring remote work environment, cyber threats are surprising growing at the rate never seen before. This makes Identity and Access Management (IAM) and Privileged Access Management (PAM) no more an optional thing but a core crucial requirement. These are not just IT tools anymore- they are important for the security of people, data, and operations. More and more organizations from different industries are now turning to IAM and PAM as managed services to handle the growing complexity of access control and cybersecurity. Why? Because managing identity internally is becoming harder, more expensive, and riskier. With a trusted managed service partner, businesses gain expert support, 24/7 monitoring, scalability, and peace of mind—all while staying compliant and secure. This segment will explore how IAM and PAM managed services are helping companies reduce risk, simplify operations, and stay ahead of evolving security challenges. Whether you're an IT leader, security professional, or business decision-maker, you’ll learn why outsourcing identity and access management is quickly becoming a smart, strategic move for the modern enterprise https://www.idmexpress.com/blogs https://www.idmexpress.com/post/cyberark-privileged-access-management-pam-implementation https://www.idmexpress.com/iam-products This segment is sponsored by IDMEXPRESS. Visit https://securityweekly.com/idmidv to implement and manage IAM and PAM solutions tailored to your business needs. Duo's biggest announcement since push-MFA. Duo is defining the future of Identity by unveiling a solution that attackers will hate and users will love. This segment is sponsored by Cisco Duo. Visit https://securityweekly.com/duoidv to learn more about them! In this interview, we will explore the power of data-driven identity leadership and how organizations can leverage analytics to enhance their identity security strategies. Hear insights on aligning data with business goals, improving decision-making, and proactively managing risk. Learn how analytics can transform your identity program from reactive to strategic, driving measurable success. This segment is sponsored by Saviynt. Visit https://securityweekly.com/saviyntidv to learn more about them or get a free demo! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-412

The episode kicks off with a humorous look at donuts and cybersecurity. It dives into the dangers of outdated protocols and the emerging threat of click fix attacks. A serious discussion unfolds about the rise of AI-generated code and the geopolitical tensions affecting cyber warfare. Listeners are cautioned about a critical vulnerability in backup software and the outrageous salaries offered to AI coders. The importance of the 3-2-1 backup strategy is highlighted, reminding everyone to stay vigilant against potential security scams.

This week: * The true details around Salt Typhoon are still unknown * The search for a portable pen testing device * Directories named "hacker2" are suspicious * Can a $24 cable compete with a $180 cable? * Hacking Tesla wall chargers * Old Zyxel exploits are new again * Hacking Asus drivers * Stealing KIAs - but not like you may think * Fake articles * Just give everything to LLMs, like Nmap * Retiring Floppy disks * An intern leaked secrets * Discord link hijacking * Cray vs. Raspberry PI * More car hacking with BMW Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-879

In this episode of Business Security Weekly, Mandy Logan, along with guests Peter Hedberg, Summer Craze Fowler, and Ben Carr, delve into the complexities of cyber insurance and the empowerment of Chief Information Security Officers (CISOs). The discussion covers the evolving landscape of cyber insurance, the critical role of underwriting, and the importance of collaboration between CISOs and insurers. The guests share insights on risk assessment, the significance of incident response planning, and the need for CISOs to be recognized as key players in the boardroom. The conversation emphasizes the necessity of building strong relationships with insurers and leveraging data to enhance security measures. This month BeyondTrust released it's 12th annual edition of the Microsoft Vulnerabilities Report. The report reveals a record-breaking year for Microsoft vulnerabilities, and helps organizations understand, identify, and address the risks within their Microsoft ecosystems. Segment Resources: Insights Security Assessment Tool: https://www.beyondtrust.com/products/identity-security-insights/assessment For a copy of the Microsoft Vulnerabilities Threat Report: https://www.beyondtrust.com/resources/whitepapers/microsoft-vulnerability-report Blog re: Report: https://www.beyondtrust.com/blog/entry/microsoft-vulnerabilities-report Stephan will discuss OpenText Core Threat Detection and Response, a new AI-powered solution designed to quickly spot and neutralize threats across an organization’s attack surface without the need to overhaul existing security stacks. He will also provide insights into the most dangerous threats facing enterprises today along with practical steps to mitigate them. https://www.opentext.com/products/core-threat-detection-and-response https://www.prnewswire.com/news-releases/opentext-launches-next-generation-opentext-cybersecurity-cloud-with-ai-powered-threat-detection-and-response-capabilities-302381481.html This segment is sponsored by OpenText. Visit https://securityweekly.com/opentextrsac to learn more about them! This segment is sponsored by BeyondTrust. Visit https://securityweekly.com/beyondtrustrsac to for a copy of the Microsoft Vulnerabilities Threat Report! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-400

AI Zombie Lawyers, Scattered Spider, ASUS, Mainframes, GrayAlpha, Backups, Josh Marpet, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-486

Farshad Abasi, Founder and CEO of Forward Security, shares over 27 years of cybersecurity expertise, emphasizing the importance of effective threat modeling. He argues against lengthy checklists and frameworks like STRIDE, advocating for innovative, developer-engaged strategies instead. The conversation highlights the relevance of user stories and continuous communication in small teams, especially startups. Abasi also reflects on lessons from hyperscaler incidents and the complexities of software deployment and security, all while stressing the role of human insight in tackling modern vulnerabilities.

Rob Allen, Chief Product Officer at ThreatLocker, discusses the urgent issue of insider threats and the importance of endpoint security. Yotam Segev, CEO of Cyera, reveals Cyera's rapid growth and innovative data security solutions showcased at RSAC 2025. Matthew Warner, CEO of Blumira, focuses on adapting cybersecurity measures for small and mid-sized businesses, emphasizing the shift from compliance to operational excellence. Together, they explore the evolving landscape of cybersecurity, hybrid computing, and the necessity of robust data protection strategies.

Dive into the shocking story of a $200,000 Zoom call gone wrong and learn about a zero-click exploit in Microsoft 365. Discover how law enforcement is battling rising cybercrime with a major Interpol operation. The vulnerabilities of IoT devices are explored, shedding light on the urgent need for better security practices. Plus, hear about the European Union's plans to boost cybersecurity independence and tackle challenges posed by state-aligned hackers from China. It's a wild ride through the latest in cybersecurity!

This week: You got a Bad box, again Cameras are expose to the Internet EU and connected devices Hydrophobia NVRAM variables Have you heard about IGEL Linux? SSH and more NVRAM AI skeptics are nuts, and AI doesn't make you more efficient Trump Cybersecurity orders I think I can root my Pixel 6 Decentralized Wordpres plugin manager Threat actor naming conventions I have the phone number linked to your Google account Fortinet flaws exploited in ransomeware attacks (and how lack of information sharing is killing us) retiring floppy disks fault injection for the masses there is no defender AI blackmails Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-878