Paul's Security Weekly 3u6i2d

This week, we have the pleasure to welcome back Keith Hoodlet, Senior Manager, Application Experience at Thermo Fisher Scientific, and former Host of Application Security Weekly, to discuss how Security Is a Feature! In the Application Security News, China's top hacking contest turns months of effort into 15 minutes of exploits, an injection flaw in GitHub Actions, understanding post-compromise activity in exploits targeting Solaris and VoIP, security and quality challenges in integrating software from multiple vendors, and CVE naming turns into wibbly wobbly timey wimey stuff!   Show Notes: https://wiki.securityweekly.com/asw129 Visit https://www.securityweekly.com/asw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome back Sven Morgenroth, Security Researcher from Netsparker, to talk about Abusing JWT (JSON Web Tokens)! Dan DeCloss, CEO & President of Plextrac s us in the following segment to show us how to use Proactive Security Using Runbooks! In the Security News, Deception Technology: No Longer Only A Fortune 2000 Solution, New Chrome Zero-Day Under Active Attacks Update Your Browser, Pornhub Has Been Blocked In Thailand, 3 actively exploited zero days on iOS, and Someone Just Emptied Out a $1 Billion Bitcoin Wallet!   Show Notes: https://wiki.securityweekly.com/psw673 Visit https://securityweekly.com/netsparker to learn more about them! Visit https://securityweekly.com/plextrac to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Dr. Doug Talks Billion USD Bitcoin Mystery Solved, Russian Bears Doxed, Oracle, Zoom Snooping, and Drugs, all this and show wrap ups on the Security Weekly News Wrap Up!   Show Notes: https://securityweekly.com/swn80 Visit https://www.securityweekly.com/swn for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we start off the show with an Interview with Mike Gruen, VP of Engineering & CISO from Cybrary, to discuss The Benefits of Online On-Demand Training For Teams! In our second segment, we welcome Kevin O'Brien, Co-Founder and CEO of GreatHorn, to talk about Massive Cyberattack Spreading Across 68% of Organizations! In our final segment, we welcome Mike Campfield, VP of Global Security Programs from ExtraHop, s us for a technical segment on Why Network Detection & Response Belongs In Your 2021 Strategy!   Show Notes: https://securityweekly.com/esw205 Visit https://securityweekly.com/GreatHorn to learn more about them! Visit https://cybrary.it/solved to learn more about them! Visit https://securityweekly.com/extrahop to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Frank Macreery, Co-Founder and CTO at Aptible, to talk about Cloud Computing Compliance: Intelligent vs. Basic Automations, this this special two part interview!   Show Notes: https://wiki.securityweekly.com/scw50 Visit https://securityweekly.com/aptible to learn more about them!   Visit https://www.securityweekly.com/scw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Marie Ketner, Director of Product at Cybrary, to talk about How to Develop Your Cybersecurity Skills! In the Leadership and Communications section, The Dark Side Of Authentic Leadership, Why CISOs must be students of the business, Top IT certifications and degrees to help you advance your career, and more!   Show Notes: https://securityweekly.com/bsw194 Visit https://cybrary.it/solved to learn more about them!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Dr. Doug talks Election Day jitters, Zero Days in Microsoft, Maze, Kimsuky, and it's Jersey Baby in Montana! Jason Woods returns for Expert Commentary on Ransomware in Action & Their communications & use of Legitimate Services!   Show Notes: https://securityweekly.com/swn79 Visit https://www.securityweekly.com/swn for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Alfred Chung, Sr. Product Manager at Signal Sciences, to discuss Azure App Service & Cloud-Native Signal Sciences Deployments! In the Application Security News, Lax IoT security exposes smart-irrigation systems, Adobe Flash goes truly end of line in one last update, confidential computing gets a turbo boost with Nitro, link previews show security and privacy problems, and security theatre gets an encore!   Show Notes: https://wiki.securityweekly.com/asw128 Visit https://securityweekly.com/signalsciences to learn more about them!   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome back Shani Dodge and Roi Cohen from Vicarius to apply what we learned in the previous segment and actually prioritize our vulnerabilities and remediation the right way. Paul Battista, CEO & Founder of Polarity s us in the following segment to show us how to use and customize augmented reality to speed up security analysis! In the Security News, the KashmirBlack botnet is behind attacks on CMSs such as WordPress, Joomla, and Drupal, Cybercriminals are Coming After Your Coffee, irrigation systems and door openers are vulnerable to attacks, if you have Oracle WebLogic exposed to the Internet you are likely already pwned, who needs Internet Explorer any longer? and why isn't MFA more popular?!   Show Notes: https://wiki.securityweekly.com/psw672 Visit https://securityweekly.com/vicarius to learn more about them! Visit https://securityweekly.com/polarity to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week in the Enterprise News, Blackpoint Cyber introduces insurance for customers and MSPs, Qualys Extends Integration with Microsoft Azure Defender, GrammaTech CodeSentry now identifies third party code vulnerabilities, AttackIQ integrates with Microsoft Azure Sentinel, Aqua Security announces Kubernetes-native security capabilities and funding updates from Artic Wolf, StackHawk, Eagle Eye Networks and more! In our second segment, we welcome Jeff Capone, Co-Founder and CEO of SecureCircle to discuss Conditional Data Access for Endpoints! In our final segment, Alexi Papaleonardos, Cloud Incident Response Manager at Crowdstrike s us to discuss Attacking and Defending Cloud Infrastructure!   Show Notes: https://securityweekly.com/esw204 Visit https://securityweekly.com/crowdstrike to learn more about them! Visit https://securityweekly.com/securecircle to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Dr. Doug talks Dorsey, Zuckerberg, and Pichai in the Senate hotseat, KashmirBlack, Healthcare under assault, typosquatting, WebLogic, bug bounties, and the NSA strikes back, all this and show wrap ups on the Security Weekly News Wrap Up!   Show Notes: https://securityweekly.com/swn78 Visit https://www.securityweekly.com/swn for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we have the pleasure of welcoming Frank Price, VP of Product at CyberGRX, to discuss Third Party Risk Assessment: What's in Your Supply Chain? In our second segment, we welcome Alain Espinosa, Director of Security Operations at Online Business Systems, to talk about Logging, Monitoring, and SIEM, Oh My!   Show Notes: https://wiki.securityweekly.com/scw49 Visit https://securityweekly.com/cybergrx to learn more about them!   Visit https://www.securityweekly.com/scw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Matt Ashburn, Federal Engagement Lead at Authentic8, to talk about Scale Your SOC: Protecting Against Browser-Based Threats! In the Leadership and Communications section, Cybersecurity, a risk to all board of directors, Is The Cybersecurity Industry Selling Lemons? Apparently Lots Of Important CISOs Think it Is, 4 critical strategies for tech leaders in Gartner's CIO agenda, and more!   Show Notes: https://securityweekly.com/bsw193 Visit https://securityweekly.com/authentic8 to learn more about them!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Dr. Doug talks IoT, Southern Comfort, Winston Privacy, backdoor wars, KashmirBlack, healthcare keeps getting hit, and Roger Hale from BigID s us for Expert Commentary!   Show Notes: https://securityweekly.com/swn77 Visit https://securityweekly.com/bigid to learn more about them!   Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Cesar Rodriguez, Head of Developer Advocacy at Accurics, to talk about Cyber Resiliency Through Self-Healing Cloud Infrastructure! In the Application Security News, NSA publishes list of top vulnerabilities currently targeted by Chinese hackers, Nvidia Warns Gamers of Severe GeForce Experience Flaws, Addressing cybersecurity risk in industrial IoT and OT, Firefox 'Site Isolation' feature enters testing, expected next year, Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser, and Exit Stage Left: Eradicating Security Theater!   Show Notes: https://wiki.securityweekly.com/asw127 Visit https://securityweekly.com/accurics to learn more about them!   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome back Corey Thuen from Gravwell, to talk about Sysmon Endpoint Monitoring complete with Clipboard Voyeurism! Next up, Scott Scheferman, the Principal Cyber Strategist at Eclypsium, s us to talk about how Hackers Are Hitting Below The Belt! In the Security News, testing firm NSS Labs closes up shop, stringing vulnerabilities together to pwn the Discord desktop app, a Wordpress plugin aimed at protecting Wordpress does the opposite, the FDA approves the use of a new tool for medical device vulnerability scoring, and 8 new hot, steamy, moist cybersecurity certifications!   Show Notes: https://wiki.securityweekly.com/psw671 Visit https://securityweekly.com/gravwell to learn more about them! Visit https://securityweekly.com/eclypsium to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, first we talk Enterprise News, discussing how Palo Alto Networks announces cloud native security platform, Akamai launches new API security tool, SentinelOne secures patent for unique approach to uncovering exploits in their initial payload stage, Splunk helps security teams modernize and unify their security operations in the cloud, and Agile1 Predictive Analytics Risk Scoring helps orgs identify, prioritize and quantify cybersecurity risks! In our second segment, we welcome Ed Bellis, Co-Founder and CTO at Kenna Security, to discuss Prioritization to Prediction Vulnerability Research Series! In our final segment, we welcome back Corey Bodzin, CTO at deepwatch, to talk about deepwatch Lens Score and Series B!   Show Notes: https://securityweekly.com/esw203 Visit https://securityweekly.com/deepwatch to learn more about them! Visit https://securityweekly.com/kennasecurity to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Dr. Doug wraps up all the shows from this week, and talks about Twitter hacks, Oracle patches, Sandworm, Singapore facial recognition, and Donald Trump says we don't need security!   Show Notes: https://securityweekly.com/swn76 Visit https://www.securityweekly.com/swn for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Steve Schlarman, Integrated Risk Management Strategist at RSA Security, to discuss Integrated Risk Management & Operational Resiliency! In our second segment, we welcome David Mundhenk, Principal Security Consultant at Herjavec Group, and Ivan Tsarynny, Co-Founder and CEO at Feroot Security, to talk about How Backdoors Lead To Breaches & GRC Compliance Issues!   Show Notes: https://wiki.securityweekly.com/scw48 Visit https://securityweekly.com/rsasecurity to learn more about them!   Visit https://www.securityweekly.com/scw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week we update you on the Security Weekly 25 Index! In the Leadership and Communications segment, 96% of Cybersecurity Professionals are Happy With Their Roles, 4 Tips for Effective Virtual Collaboration, What’s Really Happening in Infosec Hiring Now?, 5 Signs That Point to a Schism in Cybersecurity, Tactical vs Strategic: CISOs and Boards Narrow Communication Gap, and CISO Stressbusters: 7 tips for weathering the cybersecurity storms!   Show Notes: https://securityweekly.com/bsw192 Visit https://www.securityweekly.com/bsw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly