Security Weekly Podcast Network (Video)

Let's be honest: people can frustrate us. They don't always do the things we'd like, and they often do some things we'd rather they didn't. New research from the National Cybersecurity Alliance reveals insights about the public's attitudes and beliefs about security. We'll explore the 2022 Oh Behave! Cybersecurity Attitudes and Behaviors Report and some of the findings may surprise you! We'll also give you practical, actionable advice on how you can better communicate to influence the behavior change you want to see. Segment Resources: https://staysafeonline.org https://staysafeonline.org/programs/cybersecurity-awareness-month/teach-others-how-to-stay-safe-online/ https://staysafeonline.org/programs/hbcu-see-yourself-in-cyber/ https://staysafeonline.org/programs/events/convene-clearwater-2023/ Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw299

Estonia is a small country in the Baltics; however, it has been at the forefront of technology for many years. This session traces Estonia's journey from independence in 1991 to its current use of digital identities for the systems that allow citizens to vote, check online banking, e-residency, and tax returns. I'll share lessons learned and key takeaways from incidents that happened along the way, examine what the future holds, and discuss the impact of incorporating AI into a digital society. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw299

In the Security News: ping of death returns, remembering when the Internet disconnected if your Mom picked up the phone, a 500-year-old cipher is cracked, VLC is always up-to-date, SIM swapper goes to prison, Rust is more secure but your supply chain is not, if you pwn the developer you win, you have too many security tools, Chrome zero days are not news, Log4Shell what changed?, Hive social again, ChatGPT, there's a vulnerability in your SDK, and it takes 3 exploits to pwn Linux, All that, and more, on this episode of Paul's Security Weekly! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw766

Eclypsium's research team has discovered 3 vulnerabilities in BMCs. Nate Warfield comes on the show to tell the full story! This has garnered much attention in the press: * Original research post: https://eclypsium.com/2022/12/05/supply-chain-vulnerabilities-put-server-ecosystem-at-risk/ * https://www.securityweek.com/security-flaws-ami-bmc-can-expose-many-data-centers-clouds-attacks * https://thehackernews.com/2022/12/new-bmc-supply-chain-vulnerabilities.html * https://therecord.media/three-vulnerabilities-found-in-popular-baseboard-software/ * https://www.bleepingcomputer.com/news/security/severe-ami-megarac-flaws-impact-servers-from-amd-arm-hpe-dell-others/ * https://duo.com/decipher/trio-of-megarac-bmc-flaws-could-have-long-range-effects * https://www.csoonline.com/article/3682137/flaws-in-megarac-baseband-management-firmware-impact-many-server-brands.html Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw766

Is there still a network or has it slipped away from us entirely? What about efforts for localization because people do not trust the cloud, its providers or its reliability (ala Twitter vs. the Fediverse?). Do you still need actual hardware firewalls? What about VPNs? How long will these devices still be around as everyone goes to the cloud and SDWAN technologies? And what about identity? If you can nail identity, doesn't that set you up to be a cloud-first organization? Join us for a discussion with Sinan and the security weekly hosts as we tackle these questions! This segment is sponsored by Barracuda. Visit https://securityweekly.com/barracuda to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw766

In the leadership and communications section, 5 top qualities you need to become a next-gen CISO, Ego Is the Enemy of Good Leadership, How To Explain Things Better, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw287

Android platform certs leaked, SQL injection to leaked credentials to cross-tenant access in IBM's Cloud Database, hacking cars through web-based APIs, technical and social considerations when getting into bug bounties, a brief note on memory safety in Android Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw222

The U.S. is at an inflection point in terms of cyber threats; Critical infrastructure attacks are growing more frequent and consequential, and the White House recently called the cyber talent gap of nearly 770,000 open positions a "national security challenge." Kelly Rozumalski, SVP at Booz Allen Hamilton leading the firm's national cyber defense business, joins BSW to discuss why upskilling and reskilling are key to closing the cyber talent gap at the federal level and how a collective defense posture across government and private sector can enable us to better secure U.S. critical infrastructure. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw287

Finding the balance between productivity and security is most successful when it leads to security solutions that help users rather than blames them for security failures. We'll talk about the security decisions that go into handling potentially malicious files so that users can stay calm and carry on. This segment is sponsored by Votiro. Visit https://securityweekly.com/votiro to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw222

In the enterprise security news, Funding announcements take a bit of a break, We explore a few new vendors and organizations that have come to our attention recently, Wiz researchers annoy yet another cloud service by pointing out ridiculous vulnerabilities - IBM Cloud, this time, Docker Hub has tons of shady stuffs going on, EU strengthens cybersecurity with new legislation, The US Department of Defense releases Zero Trust strategy (no more Five Eyes?), Microsoft 365… outlawed in the EU?, Ransomware makes up the majority of all UK government crisis management meetings, AI can now tell kids bedtime stories, what could go wrong? Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw298