Security Weekly Podcast Network (Audio)

On this podcast, we've often struggled with whether or not to include stories and discussion on identity verification. Is identity verification cybersecurity proper, or cybersecurity adjacent as part of fraud prevention? As always, when we're unsure, we find folks to talk to and learn more. Today, we'll be learning about weak points in the identity verification chain from Rob O'Farrell. He'll also be helping us to understand what identity verification is, and why it's important to cybersecurity overall. As more and more of the world is digitized (especially the lagging healthcare industry in the US), reliable identity verification seems more important every day. Segment Resources: Living Information Security: An Integrated Approach to ISO-27001 The Foundations of Identity Verification: Trust and Its Pillars IBS Intelligence Podcasts Ep552: Is self-sovereign identity the next step in secure ID management? Are We Being Lax with Fraud? What is telemetry data and why is it important to cybersecurity? Why is it such a pain to collect, store and use? How do we improve our ability to gather and benefit from this data? Today, Tucker Callaway, the CEO of Mezmo joins us to answer all these questions and help us understand the future of the SIEM and other cybersecurity data tools. On this week's news segment, we pick up where we left off with Doug running the show last week. We discuss current early stage categories, AD canarytokens, and low hanging vulns. We talk about why cybersecurity is important, but not nearly as unique or special as some might have you think. The goal of patching faster than exploits can be used - is it a fool's errand? Also, pickleball - the country's fastest growing sport, is causing chaos across the nation. Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw-343

Tesla, TikTok, Karakurt, VISS, Volt Typhoon, Cozy Bear, GambleForce, Aaran Leyland, and More News on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/swn-349

Mr. Sharpe is a long-time (+30 years) Cybersecurity, Governance, and Digital Transformation expert with real-world operational experience. Mr. Sharpe has run business units and has influenced national policy. He has spent much of his career helping corporations and government agencies create value while mitigating cyber risk. This gives him a pragmatic understanding of the delicate balance between Business realities, Cybersecurity, and Operational Effectiveness. He began his career at NSA, moving into the Management Consulting ranks building practices at Booz Allen and KPMG. He subsequently co-founded two firms with successful exits, including the Hackett Group (NASDAQ HCKT). He has participated in over 20 M&A transactions. He has delivered to clients in over 20 countries on 6 continents. Analyzing firmware with EMBA, TinyXML, and the ugly supply chain, ignoring vulnerabilities that allow attackers to turn off your vehicle, Android lock screen bypass and running water, LogoFAIL updates, and the confusing severity, you still haven’t patched Log4Shell, the password is 123456, and an amazing Bluetooth hack that affects you! Visit https://www.securityweekly.com/psw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/psw-810

Cybertruck, Viagra, Struts, Atlassian, Log4Shell, Pharmacies, Security Clearances, Naughty Bots, Jason Wood, and more on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/swn-348

We have a lot of questions about standards. How do standards emerge? How do standards encourage adoption? How do they stay relevant as development patterns change and security threats evolve? We have standards for web appsec (HTML, HTTP), all sorts of protocols, and all sorts of authentication (OAuth, OpenID). Learning how these standards come about can also inform how your own org documents designs and decisions. Segment resources https://datatracker.ietf.org/doc/html/rfc3552 https://identiverse.com/video/the-butterfly-effect-of-standards-development/ https://sphericalcowconsulting.com https://datatracker.ietf.org/doc/html/rfc6919 In the news, benchmarking prompt injection scanners, using generative AI to jailbreak generative AI, Meta's benchmark for LLM risks, tapping a protocol to hack Magic the Gathering, and more!   Visit https://securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/asw-266

Materiality, Disclosure, and Evidence...  New terms for cybersecurity professionals to understand under the new SEC Regulations for Cybersecurity.  And the Solarwinds indictment is just the beginning. Join the BSW crew as they tackle each of these new terms in preparation for SEC enforcement which starts this week. In the leadership and communications section, Steve Katz, World's First CISO, Dies in Hospice Care, Top CISO Communities to Join in 2024, Workplace Culture 101: How to Create Positivity at Work, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/bsw-331

Q*, Water Wars, Unitronics, SLAM, Bluetooth, Cold Fusion, Google Drive, Push notifications, Aaran Leyland, and More News on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/swn-347

Surprise Cam Nudes, Staples, Turtle, Apple, 23andme, P2Pinfect, Sellafield, Gmail, Jason Wood, and more on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/swn-346

Bob Ackerman argues that, from an investment perspective, cybersecurity is like life sciences - a complex, nuanced field that is difficult field to invest in part-time. So his firm, Allegis Cyber, became one of the first to focus exclusively on investing in cyber startups. In this segment, we'll discuss one of Allegis's recent investments, SixMap, and Bob's other investment/accelerator vehicle, Data Tribe. Data Tribe sources investments from national intelligence, with examples like Dragos that came through this program. This week in the enterprise news, we explore the harsh realities of the startup world with a look at recent failures and shutdowns, investigating the factors leading to these setbacks. Meanwhile, Carbon Black makes headlines by breaking away from VMware in what seems like a divestiture within an acquisition, raising questions about the future of the company. We'll also discuss the European Space Agency's venture into cybersecurity for the space industry, revealing that even the vastness of outer space isn't immune to digital threats. Tune in for all this and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/esw-342

Join the Security Weekly crew in a riveting podcast episode where they delve into the fascinating realm of hardware hacking. Picture a dimly lit room resonating with the nostalgic hum of vintage computers, as our hosts explore the latest techniques using hardware, software, and firmware. Whether you're attempting to hack a specific device or crafting a custom creation to achieve a particular goal, this episode covers it all. Discover the intricacies of hardware hacking, including discussions on the tools and devices, such as the Flipper Zero. Uncover the reasons why alternatives might be superior in certain cases, yet explore the nuances of why the Flipper Zero has garnered a mixed reputation. In the midst of the Security News segment, the hosts tackle pressing topics, from the challenges of changing default passwords to the Flipper Zero, the absence of CVEs, deceptive "new" tools, the BIOS logo attack vector, secrets in a $15 router, the quirks of AI, and the intriguing Spectre based on linear address masking. With a blend of humor, mischief, and expert insights, this episode takes you on a journey through the evolving landscape of cybersecurity, reflecting on ethics, vulnerability disclosure practices, and the importance of collaboration in securing the digital frontier. Visit https://www.securityweekly.com/psw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/psw-809