Security Weekly Podcast Network (Video)

Mario Vuksan, CEO and Co-Founder of ReversingLabs discusses modern digital objects, made up of layers of structured code and data, are central to the exchange or storage of information and are becoming increasingly complex. This interview is sponsored by ReversingLabs. To learn more about them, visit: https://www.reversinglabs.com/ Chris Wysopal, Co-Founder, CTO & CISO of Veracode, discusses how DevSecOps has moved security front and center in modern development. Yet security and development teams are driven by different metrics, making it challenging to align on objectives. The move to microservices-driven architecture and the use of containers and serverless has shifted the dynamics of how developers build, test, and deploy code. This interview is sponsored by Veracode. To learn more about them, visit: https://www.veracode.com/ Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw194

Attivo Networks Announces New Integration with IBM Security Resilient, GreatHorn improves email security with better visibility and intelligent protection, Elite Intelligence Ascends to the Cloud With Recorded Future and Microsoft Azure, Thycotic Releases Privileged Access Management Capabilities for the New Reality of Cloud and Remote Work, Datadog has acquired Undefined Labs, a testing and observability company for developer workflows, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw194

The discussion continues with Jeanette Manfra. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/scw38

Government agencies are running in antiquated, fortress-based government clouds under the guise this is the only option for superior security and compliance. However, security and compliance don't have to be a blocker to innovation; they can be part of the transformation. Jeanette will discuss how Google Cloud is enabling this transformation with Assured Workloads for Government by simplifying the compliance configuration process and providing seamless platform compatibility between government and commercial cloud environments. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/scw38

In this segment, we discuss the importance of automating the Vulnerability Management Program and discuss Qualys VMDR which takes vulnerability management to the next level bringing detection and response to vulnerability management. For your free trial of Qualys VMDR, visit: https://securityweekly.com/qualys Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw661

How hackers could spy on satellite internet traffic with just $300 of home TV equipment, Smart locks opened with nothing more than a MAC address, 17-Year-Old 'Mastermind' and 2 Others Behind the Biggest Twitter Hack Arrested, Flaw in popular NodeJS express-fileupload module allows DoS attacks and code injection, and how Netgear Won't Patch 45 Router Models Vulnerable to a Serious Flaw! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw661

Chad talks about the DomainTools COVID research (and how they stumbled on the CovidLock Android ransomware), mapping the Reopen Campaigns in more detail. He will then touch on some of the work he is doing that will be released that maps Twitter hunting into a nice, observable dashboard for the lazy. This segment is sponsored by DomainTools. Visit http://domaintools.com/ to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw661

MITRE ATT&CK seems to be the "next big thing". Every time I hear about it I can't help but wonder, "how do you prevent all these attacks in the first place? Shouldn't that be the end game?" To that end, I set out to map all the recommended "Mitigations" for all the "Techniques" detailed in ATT&CK to see how many are already addressed by what is required in the Payment Card Industry Data Security Standard (PCI DSS). My hypothesis was all of them. The results were interesting and a little surprising, and I'm still trying to figure out how to best use the results and subsequently ATT&CK itself. I will present my findings in the briefing and hopefully generate a discussion about what to do with the results. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw193

Tanium offering new cybersecurity service through a partnership with Google Cloud, CyberArk launches open-source Shadow Admin identification tool for Azure and AWS, Threat Stack Cloud Security Platform extends security observability to AWS Fargate tasks, Polyrize announces its SaaS-based security platform, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw193

The recent shift to a remote work environment has created new challenges for many businesses and government institutions with profound impacts on organizational security models. Users are no longer protected by the many layers of security found on-premise in the corporate network. Organizations must adapt security policies to support a massive influx of inbound connections. Security teams must consider how to adapt core security concepts like Zero Trust to include remote work environments that include corporate laptops, BYOD devices, and home networking gear. Join our conversation as we discuss how much trust you can put in your devices as well as what organizations are doing to assess and verify device integrity down to the firmware and hardware level. Eclypsium will also discuss the #BootHoleVulnerability research they disclosed last week. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! To learn more about securing devices down to the firmware and hardware level, visit: https://eclypsium.com/ Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw193