Security Weekly Podcast Network (Video)

The log4j vulnerability still exists in many environments. Learn how to exploit this vulnerability in our step-by-step guide. Please only use this information for research and testing purposes, and only with permission! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw723

In the leadership and communications section, no, we're not discussing log4j, 2021 recaps or lessons learned, or 2022 new year's resolutions or predictions! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw245

How cloud resources are architected and utilized is different for every organization, but whether cloud native or cloud traditionalist – security risk and complexity are problems. Concerns over account takeover, overprivileged access and the struggle to keep pace with the dynamism of the cloud are driving demand for a better way to secure access. Hear Colby Dyess, Director of Product at Appgate, discuss how the principles of Zero Trust strengthen and simplify access controls across varying cloud architectures. We'll address everything from users connecting to multi-cloud resources, secure service-to-service communication and running security as code. This segment is sponsored by Appgate. Visit https://securityweekly.com/appgate to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw245

There's an understandable focus on "shift left" in modern DevOps and appsec discussions. So what does it take to broaden what we call appsec into something effective for modern apps, whether they're on the web, mobile, or cloud? We'll talk about moving on from niche offerings into successful appsec programs. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw179

The FTC issues a warning about taking log4j seriously, JNDI is elsewhere, cache poisoning shows challenges in normalizing strings, semgrep for refactoring configs with security in mind, the Q4 2021 ThinkstScape quarterly, Salesforce to require MFA Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw179

In our final security weekly segment of the year, we're wrapping up by reminiscing about 2021's biggest, craziest, and most interesting stories. We'll chat about our favorite interviews of the year. Finally, we're sharing our hopes for 2022. What could make it better? Will it be the year we break free from ransomware? Will cyber insurance providers drop all their policyholders? All this, and cryptic hints from Adrian and Tyler! It has been a crazy year and we're looking forward to keeping you informed throughout 2022 as well! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw255

In the Enterprise Security News for this week, ZeroFox has a $1.4 billion dollar blank check, Corellium raises a $25m series A, GreyNoise makes its data free to help out Log4j sufferers, AWS suffers its third outage in a month (coincidentally hindering GreyNoise's efforts), Ditching Unicorns for Dragons, Yet another easy way to become domain admin, thanks Microsoft, New report finds that current phishing training isn't effective and is even potentially harmful, & more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw255

The greatest exploit in the world, throw some more logs on the log4j fire, lock picking with a zip tie, hacking metal detectors, please disclose your vulnerabilities here, bugs in Wifi and Bluetooth have an interesting relationship, not-so-secret backdoors, taking over domain controllers, and interesting precopulatory behavior in darkling beetles! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw722

John joins us to talk about what its like to run scans of the Internet on a regular basis. We'll talk about some trends, such as what is more exposed, what is less exposed, and how select segments of devices impact the security of Internet, such as printers, medial devices, SMB, RDP and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw722

Log4j, solar winds, tesla hacks, and the wave of high profile appsec problems aren't going to go away with current approaches like SAST and SCA. Why? They are: -40 years old, with little innovation -Haven't solved the problem. In this segment, we talk about fully autonomous application security. Vetted by DARPA in the Cyber Grand Challenge, the approach is different: -Prove bugs, rather than trying to list all of them. -Zero false positives, which leads to better autonomy. Segment Resources: Article on competition: https://www.darpa.mil/about-us/timeline/cyber-grand-challenge Technical article on approach: https://spectrum.ieee.org/mayhem-the-machine-that-finds-software-vulnerabilities-then-patches-them Example vulns discovered: https://forallsecure.com/blog/forallsecure-uncovers-critical-vulnerabilities-in-das-u-boot https://github.com/forallsecure/vulnerabilitieslab Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw255