Paul's Security Weekly (Audio)
524 episodes - English - Latest episode: 7 days ago - ★★★★★ - 12 ratingsFor the latest in computer security news, hacking, and research! We sit around, drink beer, and talk security. Our show will feature technical segments that show you how to use the latest tools and techniques. Special guests appear on the show to enlighten us and change your perspective on information security. Note: This is only Paul's Security Weekly, a 2-hour show recorded once per week.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
Digging Into Supply Chain Security - James McMurry - PSW #824
April 11, 2024 16:18 - 3 hours - 157 MBJim joins the Security Weekly crew to discuss all things supply chain! Given the recent events with XZ we still have many topics to explore, especially when it comes to practical advice surrounding supply chain threats. Ahoi new VM attacks ahead! HTTP/2 floods, USB Hid and run, forwarded email tricks, attackers be scanning, a bunch of nerds write software and give it away for free, your TV is on the Internet, Rust library issue, D-Link strikes again, EV charging station vulnerabilities, an...
XZ - Backdoors and The Fragile Supply Chain - PSW #823
April 04, 2024 23:04 - 2 hours - 160 MBAs most of you have probably heard there was a scary supply chain attack against the open source compression software called "xz". The security weekly hosts will break down all the details and provide valuable insights. https://blog.qualys.com/vulnerabilities-threat-research/2024/03/29/xz-utils-sshd-backdoor https://gynvael.coldwind.pl/?id=782 https://isc.sans.edu/diary/The+xzutils+backdoor+in+security+advisories+by+national+CSIRTs/30800 https://lcamtuf.substack.com/p/technologist-...
Are we winning? - Jason Healey - PSW #822
March 28, 2024 16:22 - 3 hours - 176 MBJason Healey comes on the show to discuss new ideas on whether the new national cybersecurity strategy is working. Segment Resources: DEFRAG Hacker Film Festival short documentary (https://youtu.be/NYvHWcQsIRE) on hackers and their favorite films. For educational purposes only, as we don’t have the rights to the clips. YouTube link to Wargames event with Jen Easterly, Matt Devost, Amelia Koran and Kevin Huyck (head of ops for NORAD) (https://youtu.be/iqx6STDYJ7c?si=73WQtSG4RnCGsBcT). ...
Securing All The Things - Josh Corman - PSW #821
March 21, 2024 20:23 - 3 hours - 194 MBJosh Corman joins us to explore how we can make things more secure, making companies make things more secure, and making regulations that make us make things more secure! We will also touch on supply chain security and the state of vulnerability tracking and scoring. We discuss the always controversial Flipper Zero devices the hidden risks in the undersea cables, and the landscape of government oversight, revealing the intricacies of CVE, KEV, and NVD systems that are the linchpins of our ...
Memory Safety, Re-Writing Software, and OSS Supply Chains - Omkhar Arasaratnam - PSW #820
March 14, 2024 17:42 - 2 hours - 156 MBOmkhar Arasaratnam is the General Manager of the Open Source Software Foundation (OpenSSF) and appears on the show to discuss memory safety, why re-writing software isn't always the best option, open-source software supply chains, and more! Segment Resources: https://openssf.org/blog/2024/02/26/openssf-supports-efforts-to-build-more-secure-and-measurable-software/ https://www.whitehouse.gov/wp-content/uploads/2024/02/Final-ONCD-Technical-Report.pdf In the security News end of life ro...
Facing the Reality of Risk Prioritization - Bianca Lewis (BiaSciLab), Dan DeCloss - PSW #819
March 07, 2024 18:30 - 3 hours - 160 MBPublic information about exploits and vulnerabilities alone is not enough to inform prioritization, especially with the growing rate and variety of CVEs. Dan DeCloss, founder and CTO of PlexTrac, joins the show to discuss solving the challenges of risk prioritization to drive faster, more strategic assessment cycles. Spoiler: The key is adding context and prioritization to risk-scoring equations. Segment Resources: https://plextrac.com/get-ready-to-prioritize-risk-with-our-new-contextu...
Social Engineering: AI & Living Off The Land - Jayson E. Street - PSW #818
March 01, 2024 00:12 - 2 hours - 156 MBJayson joins us to discuss how he is using, and social engineering, AI to help with his security engagements. We also talk about the low-tech tools he employs to get the job done, some tech tools that are in play, and the most important part of any security testing: Talking to people, creating awareness, and great reporting. The latest attacks against WiFi, its illegal to break encryption, BLE Padlocks are as secure as you think, when command not found attacks, how did your vibrator get in...
Illuminating Cybersecurity Wisdom: Insights from a Thought Leader - Wendy Nather - PSW Vault
February 21, 2024 23:00 - 1 hour - 30.2 MBJoin us in this illuminating podcast episode as we sit down with Wendy Nather, a distinguished thought leader and cybersecurity strategist, who has left an indelible mark on the ever-evolving landscape of digital security. Wendy's journey in cybersecurity is a narrative woven with expertise, innovation, and a deep understanding of the intersection between technology and risk. With a career that spans strategic roles in both the public and private sectors, Wendy has become a trusted voice i...
Physical Security and Social Engineering - Hacker Heroes: Toby Miller - PSW #817
February 15, 2024 10:00 - 2 hours - 120 MBIn this segment, we discuss topics related to physical security and social engineering. We also touch on the challenges and strategies for implementing effective security measures. The discussion highlights the importance of understanding the relationship between physical security and social engineering. The panel emphasizes the need for a comprehensive approach to security, acknowledging that social engineering and physical security often go hand in hand. We stress the significance of testi...
You Can’t Defend What You Can’t Define - Sergey Bratus - PSW #816
February 08, 2024 17:44 - 3 hours - 168 MBAs a computer-smitten middle-schooler in the former Soviet Union in the 1970s, to his current and prominent role in the cybersecurity research community, Bratus aims to render the increasingly prevalent and perilous software, hardware, and networks in our lives much safer to use. His fascination with computer security started for real in the 1990s as a mathematics graduate student when a computer he was programming and responsible for at Northeastern University in Boston was taken over by a ...
Identifying Bad By Defining Good - Danny Jenkins - PSW #815
February 01, 2024 22:30 - 2 hours - 203 MBWhen an RCE really isn’t, your kernel is vulnerable, calling all Windows 3.11 experts, back to Ebay, Turkish websites and credentials, 10 public exploits for the same vulnerability, hacking Bitcoin ATMs, another vulnerability disclosure timeline gone wrong, Flipper Zero tips and how you should not use it to change traffic lights, Windows 11 S mode, and you’re dead (but like in the movie Hackers dead), and more! Danny Jenkins, CEO & Co-Founder of ThreatLocker, a cybersecurity firm providing...
What Smart CISOs and Mature Orgs Get That Others Don’t About Cyber Compliance - Matt Coose - PSW #814
January 25, 2024 22:00 - 3 hours - 186 MBMatt Coose is the founder and CEO of cybersecurity compliance firm Qmulos, previously the director of Federal Network Security for the National Cyber Security Division of the (DHS). CISOs carry the ultimate burden and weight of compliance and reporting and are often the last buck. Says Coose, best-of-breed is better described as best-to-bleed-the-budget: it’s a bottom-up, tech-first, reactive approach for acquiring technology as opposed to managing risk. Coose shares his top considerations...
K-12 Cybersecurity - Brian Stephens - PSW #813
January 18, 2024 18:42 - 2 hours - 222 MBWith a recent increase in government attention on K–12 cybersecurity, there is a pressing need to shed light on the challenges school districts face in implementing necessary security measures. Why? Budgeting constraints pose significant obstacles in meeting recommended cybersecurity standards. Brian Stephens of Funds For Learning will discuss: The financial constraints K–12 schools face and the critical role of funding from federal and state governments in addressing cybersecurity concerns...
The Evolution of Purple Teaming - Jared Atkinson - PSW #812
January 11, 2024 19:13 - 2 hours - 227 MBJared would like to discuss the evolution of purple teaming. Put bluntly, he believes traditional purple team approaches don’t test enough variations of attack techniques, delivering a false sense of detection coverage. He would like to talk about: The shortcomings of red team assessments and why most purple team assessments are too limited. How the testing landscape and requirements have changed (especially as organizations now look to validate vendor tools defense claims). How purple team ...
Hacker Heroes - Casey Ellis - PSW Vault
January 03, 2024 21:00 - 1 hour - 33 MBUnleashing the Power of Crowdsourced Cybersecurity: A Conversation with Casey Ellis, Founder of Bugcrowd ️Meet Casey Ellis, the visionary entrepreneur who has redefined the landscape of cybersecurity through the groundbreaking platform he built – Bugcrowd. As the Founder and Chief Technology Officer of Bugcrowd, Casey Ellis has not only revolutionized the way organizations approach cybersecurity but has also championed the concept of crowdsourced security testing. With an innate passion ...
Interview with Dr. Whitfield Diffie - PSW Vault
December 27, 2023 21:00 - 43 minutes - 20.8 MBDr. Diffie is a pioneer of public-key cryptography and was VP of Information Security and Cryptography at ICANN. He is author of "Privacy on the Line: The Politics of Wiretapping and Encryption". Visit https://www.securityweekly.com/psw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/vault-psw-6
Supply Chain & Firmware Security - Xeno Kovah - PSW #811
December 20, 2023 23:00 - 1 hour - 99.1 MBAI generated description fun: "As the glasses are filled and the mood lightens, our veteran guests, each with a legendary tale or two tucked under their virtual belts, embark on a journey through the complex landscape of supply chain security. These old dogs share war stories, anecdotes, and hard-earned wisdom about the evolving challenges and threats that have shaped their illustrious careers. From the early days of computing to the present era of interconnected systems, our panelists delve...
Embracing AI - Alex Sharpe - PSW #810
December 14, 2023 19:20 - 2 hours - 240 MBMr. Sharpe is a long-time (+30 years) Cybersecurity, Governance, and Digital Transformation expert with real-world operational experience. Mr. Sharpe has run business units and has influenced national policy. He has spent much of his career helping corporations and government agencies create value while mitigating cyber risk. This gives him a pragmatic understanding of the delicate balance between Business realities, Cybersecurity, and Operational Effectiveness. He began his career at NSA, m...
Holiday Extravaganza - Supply Chain, Hardware Hacking, Vulnerabilities, News - PSW #809
December 06, 2023 00:00 - 3 hours - 245 MBJoin the Security Weekly crew in a riveting podcast episode where they delve into the fascinating realm of hardware hacking. Picture a dimly lit room resonating with the nostalgic hum of vintage computers, as our hosts explore the latest techniques using hardware, software, and firmware. Whether you're attempting to hack a specific device or crafting a custom creation to achieve a particular goal, this episode covers it all. Discover the intricacies of hardware hacking, including discussions...
AI & LLMs - Josh More, Matthew Carpenter - PSW #808
November 30, 2023 22:33 - 2 hours - 232 MBWhat will the future bring with respect to AI and LLMs? Josh has spent some time thinking about this and brings us some great resources. We'll discuss how to get students involved with AI in a safe and ethical manner. How can we use AI to teach people about cybersecurity? What tools are available and where do they fit into our educational systems that must change and adapt to the times? Join us for a fun discussion on what the future looks like with AI and the youth of today. Segment Resou...
Interview with Brian Snow - PSW Vault
November 22, 2023 21:00 - 1 hour - 29.3 MBBrian Snow spent his first 20 years at NSA doing and directing research that developed cryptographic components and secure systems. Many cryptographic systems serving the U.S. government and military use his algorithms; they provide capabilities not previously available and span a range from nuclear command and control to tactical radios for the battlefield. He created and managed NSA's Secure Systems Design division in the 1980s. He has many patents, awards, and honors attesting to his crea...
3 Layers of App Security to Keep Hackers Out, Let Customers In - Aviad Mizrachi - PSW #807
November 16, 2023 22:50 - 2 hours - 160 MBAttackers pursue the shortest path to achieve their goals in your app. With a tri-layered security architecture, you can force hackers to crawl through a triathlon in your app. What’s in the three layers, to detect attacks sooner, slow attackers down, and stop them fast? Let’s take a journey across the three layers and discuss how to gain control of user permissions, secure your cloud computing, and keep your customers and their users safe. Segment description coming soon! Visit https://...
Testing AI Before It Comes To Get You - Austin Carson - PSW #806
November 09, 2023 22:00 - 2 hours - 167 MBAustin spends the majority of his time thinking about ways to abuse LLMs, the impact of the attacks, and the effects on society. He brings a truly unique perspective to the way to use, attack, and verify output from AI LLM models. Whether you are just learning the ins and outs of LLMs or you were an early adopter, this segment is for you! In the security news: do people still use mainframes? IoT and firmware security, Apple Find my-, Bluetooth is the gift that keeps on giving, to hackers t...
Trustworthy AI for National Security - Kathleen Fisher - PSW #805
November 02, 2023 21:00 - 3 hours - 174 MBAI/ML is providing significant benefits in a wide range of application domains but also provides adversaries with a new attack surface. Learn about DARPA's efforts to help evaluate AI/ML and work towards a trust model that will allow us to use these valuable tools safely. Segment Resources: Identifying and Mitigating the Security Risks of Generative AI paper (co-authored by Kathleen): https://arxiv.org/abs/2308.14840 DARPA’s AI Forward, which will include AI Exploration opportunities an...
VSCode Vulnerabilities - Thomas Chauchefoin, Paul Gerste - PSW #804
October 26, 2023 22:00 - 2 hours - 163 MBFor the Security News, we officially welcome Bill Swearingen to our expert panel of PSW hosts, and discuss the news including hacking shenanigans, QNAP, recovering crypto currency, Android malware, and more! Then in a pre-recorded segment: Sonar Vulnerability Researchers Thomas Chauchefoin and Paul Gerste conducted research on the security of Visual Studio Code — the most popular code editor out there — which was presented at DEF CON 31 in August. The pair uncovered a few ways for attacker...
Meet the Cyber Mercenary Who Can Overthrow a Government - Chris Rock - PSW #803
October 20, 2023 14:14 - 2 hours - 216 MBChris Rock is a Cyber Mercenary who has worked in the Middle East, US and Asia for the last 30 years working for both government and private organizations. ˇHe is the Chief Information Security Officer and co-founder of SIEMonster. Chris has presented three times at the largest hacking conference in the world, DEFCON in Las Vegas on controversial vulnerabilities. Chris is also the author of the Baby Harvest, a book based on criminals and terrorists using virtual babies and fake deaths for fi...
Getting Started With Reverse Engineering Hardware - PSW #802
October 12, 2023 21:00 - 3 hours - 181 MBIn our first segment: the PSW hosts drop valuable insight on how to start your own journey into reverse engineering hardware! Resources we mentioned: The Hardware Hackers Handbook is a great start Do a badge challenge: https://www.cyberark.com/resources/threat-research-blog/an-introduction-to-hardware-hacking Take some classes Do some Arduino stuff: https://www.arduino.cc/ Take free courses on electrical engineering: https://ocw.mit.edu/courses/6-01sc-introduction-to-electrical-en...
Malware Trends - Anuj Soni - PSW #801
October 05, 2023 22:45 - 2 hours - 232 MBAnuj joins us to discuss recent trends in malware. What are the malware authors up to lately? What are the latest techniques for reverse engineering malware? Learn about the latest tools and techniques from Anuj! Anuj is a Principal Threat Researcher at Blackberry, where he performs malware research and reverse engineering. He has more than 15 years of experience in malware analysis and incident response. Anuj also brings his problem-solving abilities to his position as a SANS Certified Inst...
The Right Skills For The Job - Kayla Williams - PSW #800
September 28, 2023 21:00 - 2 hours - 166 MBThis week, First up its the Security News: libwebp or die: we unravel some of the details behind the webp vulnerability first fixed by Apple and Google, then, hopefully by everyone else, attackers can steal your pixels using your GPU, someone cough China cough has been hacking Cisco routers, Kia boys are still a problem, How the Cult of the Dead Cow plans to save the internet, how iOS updates could break glucose monitors, spamming the CVE database, and when a medium is really a high! Just ...
AI Attacks and LLM Security Matters - Nathan Hamiel - PSW #799
September 21, 2023 21:00 - 3 hours - 199 MBNathan comes on the show to discuss LLMs, such as ChatGPT, the issues we face today and in the future. Learn about prompt injection attacks, jailbreaking, LLMs for threat actors, and more! In the Security News: LVFS is not a backdoor, attackers are in physical proximity, when you need to re-cast risk, oh Fortinet, pre-installed backdoors again, deep down the rabbit hole, the buffer overflow is in your BIOS!, what is 345gs5662d34?, a cone is all you need, we are compliant because we said so...
Ransomware Infection Vectors - Ryan Chapman - PSW #798
September 14, 2023 21:00 - 3 hours - 179 MBRyan has his finger on the pulse of ransomware and response. We discuss how the initial infections are occurring, how they've changed over time, and where they are going in the future! Segment Resources: For folks to see my recent presentations: for528.com/playlist For folks to see the recordings of our recent Ransomware Summit: https://for528.com/summit23 For folks to watch my recent (free) ransomware workshop: https://for528.com/workshop23 Materials: https://for528.com/workshop ...
Interview with Dr. Gene Spafford - Eugene Spafford - PSW Vault
September 06, 2023 21:00 - 56 minutes - 78.2 MBCheck out this interview from the PSW Vault, hand picked by main host Paul Asadoorian! This segment was originally published on February 4, 2013. Dr. Spafford is one of the senior, most recognized leaders in the field of computing. He has an on-going record of accomplishment as a senior advisor and consultant on issues of security and intelligence, education, cybercrime and computing policy to a number of major companies, law enforcement organizations, academic and government agencies... [Wi...
Incident Response: Clouds, SMBs, & More! - Amanda Berlin - PSW #797
August 31, 2023 21:00 - 3 hours - 196 MBAmanda joins us to discuss aspects of incident response, including how to get the right data to support findings related to an incident, SMB challenges, cloud event logging, and more! Amanda works for Blumira and is the co-author of "Defensive Security Handbook: Best Practices for Securing Infrastructure." In the Security News: How not to send all your browser data to Google, apparently Microsoft needs pressure to apply certain fixes, the mutli-hundred-billion-dollar-a-year industry that tri...
Managing Bug Bounty Programs At Scale - Dr. Jared DeMott - PSW #796
August 24, 2023 21:00 - 3 hours - 199 MBJared has a long, and outstanding, history in cybersecurity. Today, he works for Microsoft helping them run and respond to bug bounty reports. The scale is massive and I think we can all learn a thing or two about vulnerability management and bug bounties! Segment Resources: https://www.microsoft.com/en-us/msrc/bounty?rtc=1 https://www.microsoft.com/en-us/msrc https://msrc.microsoft.com/report/vulnerability/new https://www.microsoft.com/en-us/msrc/bounty https://msrc.microsoft.com/...
Defending Public Infrastructure While At War - Antranig Vartanian - PSW #795
August 18, 2023 14:32 - 3 hours - 201 MBThe 2020 Armenian war with Azerbaijan called into action over 100 volunteer incident responders from across the country (and the globe) into action. Our guest for this segment was one of the leads during the 40-day conflict and helped organize teams that responded to everything from websites being attacked and country-wide Internet outages. In the Security News: You should read the NIST CSF, JTAG hacking the original Xbox, tricked into sharing your password, attacking power management softwa...
Incident Response Readiness - Gerard Johansen - PSW #794
August 10, 2023 21:00 - 3 hours - 201 MBJust how prepared are you for the next cybersecurity incident? Depending on the definition, security incidents likely happen daily at most enterprises. Because we can't prevent everything, the key to success is to be in a constant state of readiness. This means regular training with a focus on preparation. Gerard will walk us through tips and tricks to keep our incident response teams in tip-top condition. In the Security News: Hacking your Tesla to enable heated seats (and so much more), Th...
Incident Response Stories - Bill Swearingen - PSW #793
August 03, 2023 21:00 - 3 hours - 187 MBOur good friend Bill Swearingen joins us to talk about some of the incident response work he's been doing lately. Many people have it wrong, you don't need to be a cybersecurity ninja to respond to a security incident. Its about knowing who does what in your organization and executing a plan. Bill has put together a a set of free resources to help the community with incident response as well! Vistit the Awesome Incident Response project here: https://github.com/hevnsnt/Awesome_Incident_Respo...
Post-Breach: The Hardening Continues - Sean Metcalf - PSW #792
August 01, 2023 13:54 - 3 hours - 223 MBOnce an incident has occurred and you've responded, then what? Join us for a chat with Sean Metcalf on what we can do to ensure our infrastructure remains resilient after a security incident. Segment description coming soon! Visit https://www.securityweekly.com/psw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/psw-792
Security Certification - Rohit Misuriya, Sumit Siddharth - PSW #791
July 20, 2023 21:00 - 3 hours - 189 MBThis week, up first is the Security News: Microsoft lost its keys, LOL drivers, If you were the CSO, try to keep employees happy but remove their accounts when they leave, gaming device finds a missing child, $3 brute forcing, undocumented instructions are sometimes the best instructions, remote code on your Oscilloscope, fuzzing satellites, routers are great places to hide, typos lead to information leaks of US military emails, pwning yourself, pwning security researchers, getting pwned by ...
Getting Control Of Your Security Data Pipeline - JP Bourget - PSW #790
July 13, 2023 21:00 - 2 hours - 158 MBGetting the correct data in the right place for incident response is challenging. JP comes on the show to talk about how he is helping companies with these challenges, getting control of the security data pipeline while helping save costs! In the security news: Someone is going to get hurt, slow migrations, hiding on the Internet is hard, more Fortinet vulnerabilities, BLackLotus source code, the difficulties with roots of trust, stealthy rootkits, patching made easy?, rowhammer and gaslight...
Thoughts From A Security Legend - Dan Geer - PSW Vault
July 05, 2023 17:55 - 39 minutes - 15.8 MBWelcome to another edition of a Paul's Security Weekly Vault episode! This episode was previously recorded on April 5, 2012 and features an interview with none other than Dan Geer. Unfortunately there is no video for this episode, but the content is still relevant today. Dan Geer is a renowned cybersecurity expert and visionary. With a wealth of knowledge and experience in the field, Dan has made significant contributions to our understanding of information security and its implications. ...
Adversary Emulation w/ Carlos Perez - PSW #789
June 29, 2023 21:00 - 2 hours - 168 MBIn this segment we welcome Carlos Perez back to the show! Carlos will discuss the different types of penetration testing, including adversary emulation, and a cool method we can use to cover our tracks on Windows systems. In the security news: You got so many CVEs you need your own, dedicated, vulnerability scanner, melting your neighbors with hacking, The FDA’s SBOM and OSS, when the vulnerability scanner has a vulnerability, violating CISA directives at scale, make 2FA a little easier with...
Penetration Testing Stories w/ Emilie St-Pierre - PSW #788
June 22, 2023 21:00 - 3 hours - 186 MBEmilie comes on the show to talk about penetration testing and share her knowledge and stories! In the Security News: There is no national cyber director, time to move away from MoveIT, update Microsoft IIS at least every 6 years, your security system is not secure, for that matter neither is your smart pet feeder, identity management is hard, at least for some, spies using spy gadgets to spy on spies, go ahead and just replace your hardware, secure boot is hard, bypassing the BIOS password ...
Interview with Bill Cheswick - PSW VAULT
June 14, 2023 18:10 - 47 minutes - 65 MBCheck out this interview from the PSW VAULT, hand picked by main host Paul Asadoorian! This segment was originally published on April 9, 2013. Bill Cheswick logged into his first computer in 1968. Seven years later, he was graduated from Lehigh University in 1975 with a degree resembling Computer Science. Ches has worked on (and against) operating system security for over 35 years. He is probably best known for "Firewalls and Internet Security; Repelling the Wily Hacker", co-authored w...
L0pht Heavy Industries Panel - PSW Vault
June 07, 2023 15:46 - 1 hour - 27.3 MBCheck out this interview from the PSW VAULT, hand picked by main host Paul Asadoorian! This segment was originally published on October 18, 2015. L0pht Heavy Industries was a hacker collective active between 1992 and 2000 and located in the Boston, Massachusetts area. We learn about the history of the L0pht and the future. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/vault-psw-1
Crazy Chronicles: Hilarious Penetration Tester Stories & Unbelievable Security News - PSW #787
June 02, 2023 17:19 - 3 hours - 188 MBPenetration Tester stories, dumb and funny stuff that's crazier than movies. Segment Resources: https://www.cyberpointllc.com/index.php https://www.cyberpointllc.com/srt.php In the security news: keystroke logs are stored in plain-text (and other atrocities in software used in schools), WPBT is the gift that keeps on giving and this time it's Gigabyte, PCI DSS 4.0 (drink!), immutable linux desktops, one packet exploits, neat linux malware, sock puppets, a must read new book about hacks...
Generative AI Security Implications - Liam Mayron - PSW #786
May 25, 2023 20:20 - 3 hours - 243 MBLiam Mayron from Fastly comes on the show to talk about his unique path into information security, the security implications of generative AI, advances in technologies to protect web applications, detecting bots, and enabling better MSP services! This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them! In the Security News: a cross-platform, post-exploit, red teaming framework, cover your backups, your voice should never be your passport,...
PSW #785 - Kevin Johnson
May 18, 2023 19:18 - 2 hours - 167 MBKevin Johnson joins us to discuss pen testing, automated testing, why AI testing is not pen testing! In the security news: How AI Knows Things No One Told It, Dragos Employee Gets Hacked, VMProtect Source Code Leaks, CISA Vulnerabilities, SHA-1 is a Shambles, Microsoft Scans Inside Password Protected Files, Geacon Brings Cobalt Strike Compatability to MacOS, Google Launches Tools to Identify Misleading & AI Images, Cyberstalkers Use New Windows Feature to Spy on iPhones, Texas A&M Prof...
PSW #784 - Paula Januszkiewicz
May 11, 2023 16:17 - 2 hours - 169 MBIn this talk, Paula Januszkiewicz, renowned cybersecurity expert with years of experience in the field, shares her insights on critical tasks that must be included in any successful penetration testing checklist. She will offer the listeners a sneak peek into her pentesting trick book, discuss the special tools she is using, and highlight the importance of diversifying your pentester's toolkit. This episode is a must-listen for anyone interested in mastering the art of penetration testing. ...
PSW #783 - Rob Fuller
May 04, 2023 06:47 - 2 hours - 165 MBRob "Mubix" Fuller comes on the show to talk about penetration testing, what's changed over the years? He'll also discuss "Jurassic Malware" and creating games in your BIOS. This week in the Security News: 5-year old vulnerabilities, hijacking packages, EV charging apps that could steal stuff, do we even need software packages, selling hacking tools and ethics, I hate it when vendors fix stuff, HTTPS lock status, no pornhub for you! Visit https://www.securityweekly.com/psw for a...