Security Weekly Podcast Network (Video)

Interview Segment - Rob Allen - Clickfix "Clickfix" attacks aren't new, but they're certainly more common these days. Rob Allen joins us to help us understand what they are, why they work on your employees, and how to stop them! We tie it into infostealers and ransomware actors. Plenty of practical recommendations for how to spot and prevent these attacks in your environment, don't miss it! This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Interview Segment - Rob Allen - Zero Trust World Threatlocker's 6th annual Zero Trust World event is happening next month! This three day event runs from March 4th through the 6th once again in sunny Orlando, Florida. This year's event is packed with hands-on hacking workshops, competitions, prizes, and keynotes from Marcus Hutchins, and Linus and Luke from Linus Tech Tips. Security Weekly will be there as well, doing live interviews and recording an episode of ESW live! This segment is sponsored by ThreatLocker's annual Zero Trust World. Visit https://securityweekly.com/ztw to learn more about the conference and register with discount code ZTW26ESW! News Segment For this week's enterprise news, we discuss OpenClaw! funding! acquisitions! testing out AI models' offensive security capabilities more openclaw! the need for more transparency and testing in the vendor space A photobooth service leaks drunken pictures of wedding parties The salty snack that helps server uptime All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-445

The smell of victory, Bongo Fury, Sysmon, Antiques, Looker, Openclaw, Kimwolf, Josh Marpet, and More on this episode of the Security Weekly News. Show Notes: https://securityweekly.com/swn-553

In the security news this week: Residential proxy abuse is everywhere this week: from Google's takedown of IPIDEA to massive Citrix NetScaler scanning and the Badbox 2.0 botnet Supply chain fun time: Notepad++ updates were hijacked Attackers set their sights on: Ivanti EPMM, Dell Unity storage, Fortinet VPNs/firewalls, and ASUSTOR NAS devices Russian state hackers went after Poland's grid Is ICE on a surveillance shopping spree and into hacking anti-ICE apps? Ukraine's war-time Starlink problem is turning into a policy and controls experiment The AI security theme is alive and well with exposed LLM endpoints, OpenClaw/Moltbot/Moltbook fiasco, and letting anyone hijack agents Signed forensic driver for Windows is still an EDR killer The Trump administration's rollback of software security attestation National Cyber Director Sean Cairncross says: "less regulation, more cooperation." Finally, there are some "only in infosec" human stories: * pen testers arrested in Iowa now getting a settlement, * a Google engineer convicted over stolen AI IP, * Booz Allen losing Treasury work over intentional insider leaks, * and an "AI psychosis" saga at an adult-content platform. Show Notes: https://securityweekly.com/psw-912

For decades, leadership was judged by outputs such as profit, speed, and results. But the real competitive advantage now lies beneath the surface of your P&L: Your culture, trust, and psychology driving every decision, including cybersecurity. Hacia Atherton, the author of The Billion Dollar Blind$pot, joins Business Security Weekly to discuss the invisible human costs — fear, burnout, disengagement — quietly draining performance. She will discuss the silent costs of outdated leadership and gives you a playbook to fix them for good, including: Self Leadership Psychological Success with Emotional Mastery Co-designing a Culture to Thrive Leaders need to turn emotional intelligence into a measurable business strategy. Because emotional intelligence isn't optional anymore, it's operational. Segment Resources: https://www.haciaatherton.com/ https://www.haciaatherton.com/billion-dollar-blindspot https://www.instagram.com/hacia.atherton/ In the leadership and communications segment, CEOs and CISOs differ on AI's security value and risks, How to strategically balance cybersecurity investments, Succeeding as an Outsider in a Legacy Culture, and more! Show Notes: https://securityweekly.com/bsw-433

DBII, Notepad++, Covenant, Fancy Bear, CTFs, Firefox, AI Slop, Josh Marpet, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-552

Everyone is turning to LLMs to generate code, including attackers. Thus, it's no great surprise that there are now examples of malware generated by LLMs. We discuss the implications of more malware with Rob Allen and what it means for orgs that want to protect themselves from ransomware. Resources https://www.bleepingcomputer.com/news/security/voidlink-cloud-malware-shows-clear-signs-of-being-ai-generated/ https://research.checkpoint.com/2026/voidlink-early-ai-generated-malware-framework/ https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools/ This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Show Notes: https://securityweekly.com/asw-368

Segment 1: Interview with Warwick Webb From Initial Entry to Resilience: Understanding Modern Attack Flows Modern cyberattacks don't unfold as isolated alerts--they move as coordinated attack flows that exploit gaps between tools, teams, and time. In this episode, Warwick Webb, Vice President of Managed Detection and Response at SentinelOne, breaks down how today's breaches often begin invisibly, progress undetected through siloed security stacks, and accelerate faster than human response alone can handle. He'll discuss how unified platforms, machine-speed detection powered by global threat intelligence, and expert-led response change the equation--turning fragmented signals into clear attack narratives. The conversation concludes with how organizations can move beyond incident response to build resilience, readiness, and continuous improvement through post-attack analysis. Listeners will leave with a clearer understanding of how attacks actually unfold in the real world—and what it takes to move from reactive alert handling to true attack-flow-driven defense. Segment Resources: Wayfinder MDR Solution Brief 451 MDR Report Managed Defense Redefined Blog This segment is sponsored by SentinelOne. Visit https://securityweekly.com/sentinelone to learn more about them! Segments 2 and 3: The Weekly News In this week's enterprise security news, we've got funding free tools! the CISO's craft agentic browsers tech companies are building cyber units? giving AI agents access to your entire life lots of dumpster fires in the industry today Cisco killed Kenna the state of AI in the SOC homemade EMP guns! don't try this at home All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-444

The AI Grief Counselor Sketch, Fortinet, BSODs, WINRAR, Montreaux, Big Iron, Memory Prices, Josh Marpet, and More on this episode of the Security Weekly News. Show Notes: https://securityweekly.com/swn-551

This week, we get un-curmudgeoned by Mandy, spending a bunch of time talking about regulations, compliance, and even the US federal government's commitment to cybersecurity internally and with the community at large. We even dive into some Microsoft patches, hacking defunct eScooters, and a lively discussion on ADS-B spoofing! Show Notes: https://securityweekly.com/psw-911

The top social engineering attacks involve manipulating human psychology to gain access to sensitive information or systems. The most prevalent methods include various forms of phishing, pretexting, and baiting, which are often used as initial entry points for more complex attacks like business email compromise (BEC) and ransomware deployment. How do you control what users click on? Even with integrated email solutions, like Microsoft 365, you can't control what they click on. They see a convincing email, are in a rush, or are simply distracted. Next thing you know, they enter their credentials, approve the MFA prompt—and just like that, the cybercriminals get in with full access to users' accounts. Is there anyway to stop this? Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss how ThreatLocker Cloud Control leverages built-in intelligence to assess whether a connection from a protected device originates from a trusted network. By only allowing users from IP addresses and networks deemed trusted by ThreatLocker to get in—phishing and token theft attacks are rendered useless. So, no matter how successful cybercriminals are with their phishing attacks and token thefts—all their efforts are useless now. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In the leadership and communications segment, Finance and security leaders are at odds over cyber priorities, and it's harming enterprises, The Importance of Strong Leadership in IT and Cybersecurity Teams, How CIOs [and CISOs] can retain talent as pay growth slows, and more! Show Notes: https://securityweekly.com/bsw-432