Security Weekly Podcast Network (Audio)

This week, in the enterprise security news, Cribl, Zafran, and US states raise funding Cisco, Check Point, Salesforce, and Absolute Software acquire cybersecurity startups AI Security products are picking up steam You probably shouldn’t be too worried about Yubikey cloning Instead, you should be more worried about malicious npm packages! The White House wants to fix BGP SolarWinds has shady stuff in its source code, AGAIN The challenge of bringing security to small business Scams are getting quicker and more effective how not to run a phishing test and AI assistants rickroll paying customers! We are a month away from Oktane -- the biggest identity event of the year. Okta is bringing thousands of identity industry thought leaders, IT and security executives, and other tech leaders together on October 15-17 to discuss the changing landscape for security and identity, how organizations are putting identity first, new Okta products, and more. Harish Peri, Senior Vice President of Product Marketing, joins Enterprise Security Weekly to discuss what people should expect from Oktane this year, the conversations that will take place at the event and why it’s important for security professionals to attend/tune in. This segment is sponsored by Oktane. Visit https://securityweekly.com/oktane2024 and use discount code OKTNSC24 to pay only $100 for your full conference pass! Ever wondered what it's like to be responsible for the cybersecurity of a sports team? How about when that sports team is one of the world's most successful Formula One teams? I can't describe how excited we are to share this interview. This interview is basically two huge F1 nerds who happen to also be cybersecurity veterans asking everything they've always wanted to know about what it takes to secure an F1 team. For the folks out there that aren't familiar with this sport, Formula One is arguably the fastest, most watched, and most international automotive racing sport today. In the 2024 season, the racing series will feature ten teams traveling to 24 race tracks located in 21 different countries. Also, did you know that only two countries get more than one race? Italy gets to host two Grand Prix, and the United States gets to host three. A HUGE thanks to Keeper Security and Darren Guccione for making this interview possible. This isn't a sponsored interview, but it was Keeper's PR team that pitched the idea for this interview to us, and as F1 fans, we're super grateful they did! Segment Resources: Keeper Press Release on the Partnership Williams Press Release on the Partnership Some more details from Keeper on why they chose to sponsor automotive racing Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-375

Lee comes on the show to discuss: EU CRA - https://en.wikipedia.org/wiki/CyberResilienceAct - its impact on bringing products to market and the challenges of enforcing such laws that require products to be "Secure" Recent legislation on disputes for federal agency fines - Chevron deference rule - supreme court decision, uncertainty, more or less clarity - proven in the first court case? opens to more litigation -https://www.nrdc.org/stories/what-happens-if-supreme-court-ends-chevron-deference Breach disclosure laws - mandatory disclosure rules from the SEC - https://www.sec.gov/newsroom/press-releases/2024-31 Defcon cease and desist - “Copyright Act, the Defend Trade Secret Acts, the Computer Fraud and Abuse Act, and the Digital Millennium Copyright Act” - https://securityledger.com/2024/08/a-digital-lock-maker-tried-to-squash-a-def-con-talk-it-happened-anyway-heres-why/ Don't tell the FCC there is a new Flipper firmware release, unpatchable?, argv[0] and sneaking past defenses, protect your registries, someone solved my UART RX problem, PKFail update, legal threats against security researchers documented, EDR bypass whack-a-mole continues, emulating PIs, VScode moonlights as a spy, Want to clone a YubiKey? All you need is $11,000, some fancy gear, and awkwardly close proximity to your victim, and Telegram’s encryption: it’s kinda like putting a 'Keep Out' sign but leaving the door unlocked. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-842

AI Trucks, Solid Concrete, Sonicwall, Progress, Rust, Apple, and more, on this Edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-412

Considerations in paying down tech debt, make Rust work on bare metal, ECDSA side-channel in Yubikeys, trade-offs in deploying SSO quickly, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-298

Cybersecurity resilience, different from cyber resilience, is critical as threats grow in frequency and complexity. With digital innovation driving business, cybersecurity resilience is essential for maintaining stakeholder trust and compliance. But where do you start? Theresa Lanowitz, Chief Evangelist at LevelBlue, joins Business Security Weekly to discuss how to align cybersecurity and the business, including the need to: fundamentally shift you mindset and approach to acheiving operational excellence in cybersecurity prioritize IT and building security into everything you do prioritize proactive investment over funding emergencies leverage external expertise for success This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelblue to learn more about them! In the leadership and communications segment, Blind Spots in the C-Suite & Boardroom, Evolving Cybersecurity: Aligning Strategy with Business Growth, How to Lead Like a Coach, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-363

Check out this episode from the SWN Vault, hand picked by main host Doug White! This SDL episode was initially published on August 9, 2017. Doug explains the basics of how IP Addresses work, with help from Doug in an alternate dimension. Beware of the terminator! Show Notes: https://securityweekly.com/vault-swn-20

Check out this episode from the ESW Vault, hand picked by main host Adrian Sanabria! This episode was initially published on April 21 2023. Quantum computers are scaling rapidly. Soon, they will be powerful enough to solve previously unsolvable problems. But they come with a global challenge: fully-realized quantum computers will be able to break some of the most widely-used security protocols in the world. Dr. Vadim Lyubashevsky will discuss how quantum-safe cryptography protects against this potential future. Segment Resources: IBM Quantum Safe: https://www.ibm.com/quantum/quantum-safe IBM scientists help develop NIST’s quantum-safe standards: https://research.ibm.com/blog/nist-quantum-safe-protocols Government and industry experts recommend moving to quantum-safe cryptography: https://research.ibm.com/blog/economist-quantum-safe-replay Show Notes: https://securityweekly.com/vault-esw-16

Exploring the Hacking Landscape with Mark Loveless, AKA SimpleNomad Dive into the intricate world of cybersecurity with our featured guest, Mark Loveless, widely known by his handle SimpleNomad. With a rich history in the realm of information security, Mark is a seasoned professional, researcher, and thought leader. Mark's journey spans decades, marked by a commitment to uncovering vulnerabilities and understanding the ever-changing threat landscape. As a prominent figure in the cybersecurity community, he has contributed significantly to the field, sharing insights, research findings, and expertise. Join us in this podcast interview as Mark reflects on his experiences, discusses the evolution of cybersecurity challenges, and shares his perspectives on emerging trends. With a deep understanding of both offensive and defensive security, Mark brings a unique perspective to the conversation, offering valuable insights into the strategies and tactics employed by cybersecurity professionals. As a respected voice in the industry, Mark Loveless has not only witnessed the evolution of cybersecurity but has actively shaped its trajectory through his contributions to research, writing, and speaking engagements. This episode provides a rare opportunity to gain knowledge from a cybersecurity veteran and explore the nuances of an ever-expanding digital landscape. Tune in to discover the wisdom and experiences that have defined Mark Loveless's career and gain a deeper understanding of the complexities and challenges inherent in the world of cybersecurity. Show Notes: https://securityweekly.com/vault-psw-12

Check out this episode from the SWN Vault, hand picked by main host Doug White! This SDL episode was initially published on November 8, 2017. What is encryption anyway? Doug and Russel explain symmetric encryption, asymmetric encryption, and how crypto gets broken! Show Notes: https://securityweekly.com/vault-swn-19

Check out this episode from the BSW Vault, hand picked by main host Matt Alderman! This episode was initially published on November 29, 2022. Todd Fitzgerald, author of CISO Compass and host of CISO Stories, joins BSW to share his top leadership lessons from the first 100 episodes of CISO Stories. Todd interviews CISOs and gains insights into their challenges and how they are solving them. Don't miss this recap! View CISO Stories podcast episodes here: https://www.scmagazine.com/podcast-show/the-ciso-stories-podcast Show Notes: https://securityweekly.com/vault-bsw-13