Security Weekly Podcast Network (Video)

This week in the Enterprise News: Latent AI, Optiv Security Launches Next-Gen Managed XDR, An Intriguing Update to Mandiant Advantage, ReversingLabs raises $56M to combat software supply chain, Morphisec Announces New Incident Response Services, & more! Show Notes: https://securityweekly.com/esw238 Visit https://www.securityweekly.com/esw for all the latest episodes!

As we dig into vulnerability management we uncover both old and new challenges. We still struggle with developing and maintaining an accurate asset inventory. We also, still, struggle to prioritize and execute remediation. There are many new approaches to solving these problems, from ad-hoc scanning to automation of all the things. Get our take on vulnerability management in this segment! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw238

Protecting digital communication and collaboration is critical to both our military and private sector industries in driving mission success. Our ability to secure the local and remote systems we rely on to share and operationalize sensitive and confidential information to and from even the most remote location is vital to national security and our economy. Unfortunately, our adversaries know this and are dedicated to infiltrating, exfiltrating, and disrupting this flow of information. They are highly motivated, well-funded, trained, and equipped, and work relentlessly to find exploitable technical or human vulnerabilities. Join Matt Erickson, VP of Solutions for SpiderOak Mission Systems to discuss the looming threats to federal and private sector communication and collaboration systems, the consequences of failure, and how emerging technologies such as Zero-Trust and Distributed Ledger can harden our defenses and protect our most valuable data. This segment is sponsored by SpiderOak. Visit https://securityweekly.com/spideroak to learn more about them! Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw82

Protecting digital communication and collaboration is critical to both our military and private sector industries in driving mission success. Our ability to secure the local and remote systems we rely on to share and operationalize sensitive and confidential information to and from even the most remote location is vital to national security and our economy. Unfortunately, our adversaries know this and are dedicated to infiltrating, exfiltrating, and disrupting this flow of information. They are highly motivated, well-funded, trained, and equipped, and work relentlessly to find exploitable technical or human vulnerabilities. Join Matt Erickson, VP of Solutions for SpiderOak Mission Systems to discuss the looming threats to federal and private sector communication and collaboration systems, the consequences of failure, and how emerging technologies such as Zero-Trust and Distributed Ledger can harden our defenses and protect our most valuable data. This segment is sponsored by SpiderOak. Visit https://securityweekly.com/spideroak to learn more about them! Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw82

In the Leadership and Communications section for this week, A Chief Executive Officer's Guide to Cybersecurity, Zoom Settlement: An $85M Business Case for Security Investment, CISOs: Do you know what's in your company's products?, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw227

Listen in for a discussion with Jim Routh, former CISO at Aetna, CVS Healthcare, and Mass Mutual, to discuss the 3 mistakes all first time CISOs make. Jim will share the lessons he learned throughout his career and how CISOs can avoid these 3 mistakes, including: 1. Setting Expectations 2. Hiring Talent 3. Retaining Employees Visit https://www.securityweekly.com/bsw for all the latest episodes!a Show Notes: https://securityweekly.com/bsw227

This week in the AppSec News: Hardware hacking for authn bypass and analyzing IoT RNG, Request Smuggling in HTTP/2, Kindle Fuzzing, Kubernetes Hardening, Countering Dependency Confusion, ATO Checklist, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw161

The use of web apps, SPAs, and APIs are growing steadily and traditional scanning methods don't provide enough coverage. The appsec tools need to innovate and become smarter and more contextual in order to test modern apps and APIs at scale. Tom Hudson, Security Research Team Lead at Detectify, will give a peek into how Detectify is innovating to help solve these modern app and API developer challenges. Segment Resources: - Sign up for updates and be the first to know about Detectify API scanning open beta: https://www.detectify.com/api - Blog post announcing Detectify's plans to expand scanner to fuzz public-facing APIs: https://blog.detectify.com/2021/08/03/detectify-fuzzing-public-facing-apis/ This segment is sponsored by Detectify. Visit https://securityweekly.com/detectify to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw161

This week in the Security News: PwnedPiper and vulnerabilities that suck, assless chaps, how non-techy people use ARP, how to and how not to explain the history of crypto, they are still calling about your car warranty, master faces, things that will always be true with IoT vulnerabilities, DNS loopholes, and a toilet that turns human feces into cryptocurrency! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw705

With Eclypsium researchers' discovery of BIOSDisconnect and their upcoming talk and demo at DefCon 29 upon us, the stakes have never been higher when it comes to protecting the foundation of computing at the firmware level. A feature meant to make updating and protecting the firmware easier for users (BIOSConnect) ends up exposing the BIOS to being bricked or implanted with malicious code operating at the highest privilege. Yet another example of the significant vulnerabilities that exist at the firmware level that attackers have been eyeing of late. Segment Resources: https://defcon.org/html/defcon-29/dc-29-speakers.html#shkatov https://eclypsium.com/2021/06/24/biosdisconnect/ https://eclypsium.com/2021/04/14/boothole-how-it-started-how-its-going/ https://eclypsium.com/2020/12/03/trickbot-now-offers-trickboot-persist-brick-profit/ This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw705