Security Weekly Podcast Network (Video)

Wiz reveals authorization bypass in Oracle Cloud, Python 15-year old path traversal flaw, Prototype Pollution in Chrome, PS4 flaw reappears in PS5, Why security products fail Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw213

Applications are the most frequent external attack vector for companies. However, application security can improve only if developers either code securely or remediate existing security flaws — unfortunately, many don't receive training with proper security know-how. In this session, we will talk about the state of application security education and what you can do to secure what you sell. Segment Resources: https://www.forrester.com/blogs/school-is-in-session-but-appsec-is-still-on-vacation/?ref_search=3502061_1663615159889 https://www.wisporg.com/events-calendar/2022/11/8/security-amp-risk-conference-forrester https://www.veracode.com/events/hacker-games https://blogs.microsoft.com/blog/2021/10/28/america-faces-a-cybersecurity-skills-crisis-microsoft-launches-national-campaign-to-help-community-colleges-expand-the-cybersecurity-workforce/ Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw213

In the Enterprise Security News, Fortanix raises a $90 series C for data security, Cyrebro raises a $40M series C for MSSP SOC solutions, Dig Security raises a $34M series A (yes, this is a repeat from last week, but we didn't get a chance to talk about it), Internet 2.0 gets funded??? (probably not what you think), How to hire and build your cybersecurity team, The NSA gives some bad advice on securing software, Courtroom Drama, & Oracle makes a really bad whoopsie! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw289

Based on what we know so far (which is limited and could change), the Uber breach appears to be a classic example of how penetration testers and criminals alike break into large organizations. In this segment, we'll discuss how the attack happened. We'll go over the controls that failed, why they failed, and what Uber could have done to prevent or detect this attack. For those listening live, questions are welcome! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw289

Data Security Posture Management (DSPM) is not your dad's DLP. This new category has emerged to tackle one of the toughest areas of security: protecting data. Today, Jonathan Roizin from Flow Security helps us understand what this new security category is all about and how it differs from the OG, false positive heavy DLP we'd all rather forget. Segment Resources: Flow's blog post - "5 Key Takeaways About DSPM From the Gartner® Hype Cycle™ For Data Security, 2022": https://www.flowsecurity.com/gartner-dspm/ Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw289

In the Security News: Bloodhound's blind spots, Interactable Giraffe, don't use open-source, it has too many vulnerabilities, MFA fatigue, tamper protection, use-after-freedom, how not to do software updates, hacking gamers, stealing Teslas, safer Linux, trojan putty, there's money in your account, game leak makes history, GPS jammers, Uber blames LAPSUS, spying on your monitor from a zoom call, next-generation IPS with AI and ML for zero-day exploit detection, 3D printed meat, and what to do when the highway is covered with what is usually kept in the nightstand... Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw756

Sinan Eren, the VP of Zero Trust at Barracuda joins to discuss various aspects of MFA Fatigue & Authentication with the PSW crew! Segment Resources: https://assets.barracuda.com/assets/docs/dms/NetSec_Report_The_State_of_IIoT_final.pdf This segment is sponsored by Barracuda Networks. Visit https://securityweekly.com/barracuda to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw756

In the leadership and communications section, Cybersecurity's Too Important To Have A Dysfunctional Team, In a Crisis, Great Leaders Prioritize Listening, White House Announces Stricter Cybersecurity Guidelines and Rules, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw277

Appsec dimensions of the Uber breach, Rust creates a security team, MiraclePtr addresses C++ heap mistakes for Chrome, a critical reading of the NSA/CISA Supply Chain guidance, talking about careers Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw212

Paul will discuss a risk-based approach to security that prioritizes fixing the most critical issues that will reduce risk in your organization. He'll walk through a three-step cycle that continuously monitors the threat landscape, enables quick response, and measures the metrics that company leadership cares about. Segment Resources: https://blog.qualys.com/qualys-insights/2022/05/31/transitioning-to-a-risk-based-approach-to-cybersecurity https://blog.qualys.com/qualys-insights/2022/07/26/aflac-completes-successful-poc-of-qualys-vmdr-2-0-with-trurisk www.qualys.com/vmdr This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw277