Digging Into Supply Chain Security - James McMurry - PSW #824
Paul's Security Weekly
by Security Weekly Productions
4d ago
Jim joins the Security Weekly crew to discuss all things supply chain! Given the recent events with XZ we still have many topics to explore, especially when it comes to practical advice surrounding supply chain threats. Ahoi new VM attacks ahead! HTTP/2 floods, USB Hid and run, forwarded email tricks, attackers be scanning, a bunch of nerds write software and give it away for free, your TV is on the Internet, Rust library issue, D-Link strikes again, EV charging station vulnerabilities, and rendering all cybersecurity useless. Visit https://www.securityweekly.com/psw for all the latest episode ..read more
Visit website
XZ - Backdoors and The Fragile Supply Chain - PSW #823
Paul's Security Weekly
by Security Weekly Productions
4d ago
As most of you have probably heard there was a scary supply chain attack against the open source compression software called "xz". The security weekly hosts will break down all the details and provide valuable insights. https://blog.qualys.com/vulnerabilities-threat-research/2024/03/29/xz-utils-sshd-backdoor https://gynvael.coldwind.pl/?id=782 https://isc.sans.edu/diary/The+xzutils+backdoor+in+security+advisories+by+national+CSIRTs/30800 https://lcamtuf.substack.com/p/technologist-vs-spy-the-xz-backdoor https://github.com/amlweems/xzbot https://unit42.paloaltonetworks.com/threat-brief-xz-util ..read more
Visit website
Are we winning? - Jason Healey - PSW #822
Paul's Security Weekly
by Security Weekly Productions
1w ago
Jason Healey comes on the show to discuss new ideas on whether the new national cybersecurity strategy is working. Segment Resources: DEFRAG Hacker Film Festival short documentary (https://youtu.be/NYvHWcQsIRE) on hackers and their favorite films. For educational purposes only, as we don’t have the rights to the clips. YouTube link to Wargames event with Jen Easterly, Matt Devost, Amelia Koran and Kevin Huyck (head of ops for NORAD) (https://youtu.be/iqx6STDYJ7c?si=73WQtSG4RnCGsBcT). https://www.lawfaremedia.org/article/which-cyber-regulations-fit-which-sectors https://www.lawfaremedia.org/ar ..read more
Visit website
Securing All The Things - Josh Corman - PSW #821
Paul's Security Weekly
by Security Weekly Productions
3w ago
Josh Corman joins us to explore how we can make things more secure, making companies make things more secure, and making regulations that make us make things more secure! We will also touch on supply chain security and the state of vulnerability tracking and scoring. We discuss the always controversial Flipper Zero devices the hidden risks in the undersea cables, and the landscape of government oversight, revealing the intricacies of CVE, KEV, and NVD systems that are the linchpins of our digital safety. The conversation takes a turn to the practicalities of risk management and the impact of i ..read more
Visit website
Memory Safety, Re-Writing Software, and OSS Supply Chains - Omkhar Arasaratnam - PSW #820
Paul's Security Weekly
by Security Weekly Productions
1M ago
Omkhar Arasaratnam is the General Manager of the Open Source Software Foundation (OpenSSF) and appears on the show to discuss memory safety, why re-writing software isn't always the best option, open-source software supply chains, and more! Segment Resources: https://openssf.org/blog/2024/02/26/openssf-supports-efforts-to-build-more-secure-and-measurable-software/ https://www.whitehouse.gov/wp-content/uploads/2024/02/Final-ONCD-Technical-Report.pdf In the security News end of life routers and exploits, SCCM mis-configurations lead to compromise, apparently you can hack anything with a Flippe ..read more
Visit website
Facing the Reality of Risk Prioritization - Bianca Lewis (BiaSciLab), Dan DeCloss - PSW #819
Paul's Security Weekly
by Security Weekly Productions
1M ago
Public information about exploits and vulnerabilities alone is not enough to inform prioritization, especially with the growing rate and variety of CVEs. Dan DeCloss, founder and CTO of PlexTrac, joins the show to discuss solving the challenges of risk prioritization to drive faster, more strategic assessment cycles. Spoiler: The key is adding context and prioritization to risk-scoring equations.   Segment Resources: https://plextrac.com/get-ready-to-prioritize-risk-with-our-new-contextual-scoring-engine/?utm_medium=tech_ptr&utm_source=security_weekly  https://plextrac.com/video ..read more
Visit website
Social Engineering: AI & Living Off The Land - Jayson E. Street - PSW #818
Paul's Security Weekly
by Security Weekly Productions
1M ago
Jayson joins us to discuss how he is using, and social engineering, AI to help with his security engagements. We also talk about the low-tech tools he employs to get the job done, some tech tools that are in play, and the most important part of any security testing: Talking to people, creating awareness, and great reporting. The latest attacks against WiFi, its illegal to break encryption, BLE Padlocks are as secure as you think, when command not found attacks, how did your vibrator get infected...with malware, the OT jackpot, the backdoor in a random CSRF library, it’s a vulnerability but the ..read more
Visit website
Illuminating Cybersecurity Wisdom: Insights from a Thought Leader - Wendy Nather - PSW Vault
Paul's Security Weekly
by Security Weekly
1M ago
Join us in this illuminating podcast episode as we sit down with Wendy Nather, a distinguished thought leader and cybersecurity strategist, who has left an indelible mark on the ever-evolving landscape of digital security. Wendy's journey in cybersecurity is a narrative woven with expertise, innovation, and a deep understanding of the intersection between technology and risk. With a career that spans strategic roles in both the public and private sectors, Wendy has become a trusted voice in the industry, offering insights that resonate with cybersecurity professionals and enthusiasts alike. As ..read more
Visit website
Physical Security and Social Engineering - Hacker Heroes: Toby Miller - PSW #817
Paul's Security Weekly
by Security Weekly
2M ago
In this segment, we discuss topics related to physical security and social engineering. We also touch on the challenges and strategies for implementing effective security measures. The discussion highlights the importance of understanding the relationship between physical security and social engineering. The panel emphasizes the need for a comprehensive approach to security, acknowledging that social engineering and physical security often go hand in hand. We stress the significance of testing physical security measures and conducting threat assessments to ensure robust protection against pote ..read more
Visit website
You Can’t Defend What You Can’t Define - Sergey Bratus - PSW #816
Paul's Security Weekly
by Security Weekly
2M ago
As a computer-smitten middle-schooler in the former Soviet Union in the 1970s, to his current and prominent role in the cybersecurity research community, Bratus aims to render the increasingly prevalent and perilous software, hardware, and networks in our lives much safer to use. His fascination with computer security started for real in the 1990s as a mathematics graduate student when a computer he was programming and responsible for at Northeastern University in Boston was taken over by a hacker. That experience set him on his life’s mission to learn as much as he can about the vulnerabiliti ..read more
Visit website

Follow Paul's Security Weekly on FeedSpot

Continue with Google
Continue with Apple
OR