Security Weekly Podcast Network (Video)

This week on the Application Security News, Dependency confusion for internal packages, Chrome pulls down the Great Suspender, Microsoft highlights web shells, some strategies on scaling AppSec, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw140

Linux is all over the place (sometimes surprising), why is targeting it different? What types of attacks are used? How can we defend against attacks on Linux? We can incorporate recent attacks against SUDO as a timely reference. This segment is sponsored by Capsule8. Visit https://securityweekly.com/capsule8 to learn more about them! To register for Capsule8's upcoming webcast "Preparing Linux Hosts for Unexpected Threats" visit https://attendee.gotowebinar.com/register/1056145103342240783?source=SW. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw140

"Wheel" was part of the team that discovered the heap overflow vulnerability in SUDO, Baron Samedit (CVE-2021-3156), that impacted major Unix-like operating systems included Linux, macOS, AIX and Solaris. He'll provide an overview of the vulnerability and then dive into a technical discussion of the research. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw683

This week in the Security News, Police Playing copyrighted music to stop video of them being posted online, Border agents can search phones freely under new circuit court ruling, Microsoft warns enterprises of new 'dependency confusion' attack, Old security vulnerability left in millions of IoT devices, A 'Simple And Yet Robust' Hand Cipher, Zero Trust in the Real World , Clubhouse And Its Privacy & Security Risks, Google launches Open Source Vulnerabilities database, Hacker Tries to Poison Water Supply , Cyberpunk 2077 makers CD Projekt hit by ransomware hack, Multiple Security Updates Affecting TCP/IP, Microsoft's Remote Desktop Web Access Vulnerability, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw683

In this segment we'll unpack "Zero Trust", what does it mean and how can it be applied as a concept to information security today? It certainly begs the question what and who do you trust? Often without too much thought, we trust software, machines, and people. Each time you run an "apt upgrade" (using sudo!), you are implying trust. When you deploy that enterprise monitoring software (*cough* Solarwinds *cough*), you have to trust it, but to what degree? Tune in to find out more! This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscaler to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw683

Kelley will discuss his investment thesis in security, his opinions on the cybersecurity investment market in general. He will also review some good and bad investments, stories from the real world, and what companies he likes going forward. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw216

HD has been focused on research related to network discovery and IT asset inventory for the past three years. This work has led to new techniques for device fingerprinting and topology mapping that show enterprise networks in an entirely new light. He will walk through some visualizations of public IP networks (all of Greece, Iceland, etc.) and highlight the weird and unexpected stuff you can find through clever unauthenticated scans. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw216

A new Open-source tool helps discover public Azure blobs, A New Eclypsium Integration with Kenna.VM, Armis Raises $125 Million, Okta launches its new open-source design system, Enterprise selfie biometrics solutions from Ping Identity, Bitglass announces technical integrations between SD-WAN providers and its SASE offering, Cisco AppDynamics strengthens security posture, RSA NetWitness Detect AI claims to provide advanced analytics for actionable threat detection, Jetstack Secure delivers protection and visibility of machine identities, Obsidian SaaS security solution now available on AWS Marketplace, and SentinelOne Acquires Scalyr, & more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw216

Our co-host, Priya Chaudry will enlighten us on several other topics of interest to our community. There might be a mention of Solarwinds, Southwest Airlines, HIQ Labs, and more. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw61

We welcome our resident legal expert and co-host Priya Chaudry to catch us up on the status of the Supreme Court case concerning the Computer Fraud and Abuse Act (CFAA) and some other legal topics. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw61