Paul's Security Weekly

Diversity & Culture - SCW #10

Paul's Security Weekly - Fri, 12/13/2019 - 3:30pm

This week, we welcome Laura Jones, Author of a children's book titled Cyber Ky & Tekkie Guy Manage the Risk of Being Online. She focuses on children being as 'appropriately informed' as they are comfortable with using technology! In the Security and Compliance News, Equifax nears 'historic' data breach settlement that could cost up to $3.5B, Maryland Again Amends its Data Breach Notification Law, Hidden Complexity is Biggest Threat to Compliance, Data Security Remains Top IT Concern for Small Businesses and Others, A Compliance Carol: A visit from the Ghost of Compliance Past, and more!

 

Show Notes: https://wiki.securityweekly.com/SCWEpisode10

Visit https://www.securityweekly.com/scw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Life Is Wonderful - ESW #165

Paul's Security Weekly - Thu, 12/12/2019 - 5:00pm

This week, we talk Enterprise News, to talk about Barracuda launching Cloud Security Guardian integration with Amazon Detective, Sophos launches new cloud-based threat intelligence and analysis platform, Accenture launches Cloud Native solution to help clients, and 10 notable Cybersecurity acquisitions of 2019, Pt. 2! In our second segment, we welcome James Carder, Chief Security Officer & Vice President at LogRhythm, to discuss Measuring and Maturing Security Operations Maturity! In our final segment, we welcome Jamie Butler, Tech Lead at Elastic Security, to talk about how improving security requires reducing complexity!

 

Show Notes: https://wiki.securityweekly.com/ESWEpisode165

To learn more about Elastic, visit: https://securityweekly.com/elastic

To learn more about LogRhythm, visit: https://securityweekly.com/logrhythm

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Keys to the Kingdom - BSW #155

Paul's Security Weekly - Wed, 12/11/2019 - 5:00am

This week, we welcome John Ramsey, Chief Information Security Officer at National Student Clearinghouse, to discuss Security in Education! In the Leadership and Communication Segment, In-depth protection is a matter of basic hygiene, 4 strategies to find time for yourself, Enterprises muddled over cloud security responsibilities, and Screw Productivity Hacks: My morning routine is getting up late!

 

Show Notes: https://wiki.securityweekly.com/BSWEpisode155

Visit https://www.securityweekly.com/bsw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

HNN #245 - December 10, 2019

Paul's Security Weekly - Tue, 12/10/2019 - 4:57pm

This week, How Panasonic is using internet honeypots to improve IoT device security, A new Windows 10 ransomware threat?, 'Hackable' karaoke and walkie talkie toys found by Which?, Linux Bug Opens Most VPNs to Hijacking, New Office 365 Feature Provides Detailed Information on Email Attack Campaigns, and Google Confirms Critical Android 8, 9 And 10 Permanent Denial Of Service Threat! In the expert commentary, we welcome Tyler Robinson, Managing Director of Network Operations at Nisos, Inc, to discuss Sophos Uncovering New Version of Snatch Ransomware!

 

Show Notes: https://wiki.securityweekly.com/HNNEpisode245

Visit https://www.securityweekly.com/hnn for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly 

Dad Jokes - ASW #88

Paul's Security Weekly - Tue, 12/10/2019 - 5:00am

This week, we welcome Allan Friedman, Director of Cybersecurity Initiatives at the NTIA US Department of Commerce, to talk about the Software Bill of Materials! In the Application Security News, GitHub Seeks Security Dominance With Developers, IoT and Agile Framework Partners in Efficacy, WhiteSource acquires & open sources Renovate dependency update toolset, and Java vs. Python: Which should you choose?

 

Show Notes: https://wiki.securityweekly.com/ASWEpisode88

Visit https://www.securityweekly.com/asw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

 

The Casting Couch - PSW #629

Paul's Security Weekly - Fri, 12/06/2019 - 5:00pm

This week, we welcome Eric Brown, Senior Security Analyst at LogRhythm, to talk about the Outlook on Phishing in 2020! In our second segment, we welcome back Micah Hoffman, Principal Investigator at Spotlight Infosec, to discuss OSINT in Cyber! In the Security News, HackerOne breach lets outside hacker read customers private bug reports, Two malicious Python libraries caught stealing SSH and GPG keys, Smash-and-grab car thieves use Bluetooth to target cars containing tech gadgets, and If You Bought a Smart TV on Black Friday, the FBI Has a Warning for You!

 

Show Notes: https://wiki.securityweekly.com/PSWEpisode629

To learn more about LogRhythm, visit: https://securityweekly.com/logrhythm

Visit https://www.securityweekly.com/psw for all the latest episodes!

 

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Just Magic - ESW #164

Paul's Security Weekly - Thu, 12/05/2019 - 5:00am

This week, we talk Enterprise Security News, discussing How Mimecast Challenges Shadow IT for Cloud App Usage on Mobile and Desktop Devices, CloudKnox Security Announces Integration with AWS IAM Access Analyzer, Morphisec Achieves AWS Security Competency Status for Cloud Server Workload Protection, and more! In our second segment, we welcome back Ferruh Mavituna, CEO and Founder at Netsparker, as he'll be talking about how to start building a web security program and a realistic approach to starting a web security program in enterprises! In the final segment, we welcome Heather Paunet, VP of Product at Untangle, to talk about how Untangle will be releasing an SD-WAN Router, which has advanced routing capabilities and provides the ability for a business to build a comprehensive, secure Software-Defined Networking!

 

Show Notes: https://wiki.securityweekly.com/ESWEpisode164

To learn more about Netsparker, visit: https://securityweekly.com/netsparker

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter Visit https://www.securityweekly.com/esw

Like us on Facebook: https://www.facebook.com/secweekly 

Frozen Orange Juice - SCW #9

Paul's Security Weekly - Wed, 12/04/2019 - 5:00pm

This week, we welcome Mathieu Gorge, CEO at Vigitrust for an interview! In the Security and Compliance News, Sale of 4 Million Stolen Cards Tied to Breaches at 4 Restaurant Chains, Sentara Hospitals to pay $2.2M HIPAA settlement for undisclosed data breaches, Privacy Regs Changing the Face of Cybersecurity, TrueDialog Leaks 600GB of Personal Data, Affecting Millions, CFTC Fines Goldman Sachs $1 Million for Failing to Record Calls, Global Cops Shut 31,000 Domains in IP Crackdown, and more!

 

Show Notes: https://wiki.securityweekly.com/SCWEpisode9

Visit https://www.securityweekly.com/scw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

All You Need Is Flow - BSW #154

Paul's Security Weekly - Wed, 12/04/2019 - 5:00am

This week, we welcome Ward Cobleigh, Senior Product Manager at VIAVI Solutions! In the Leadership and Communications segment, Companies Need to Rethink What Cybersecurity Leadership Is, What Companies That Are Good at Innovation Get Right, Staff in smaller businesses bogged down by poor communications, Why You Should Be Sending More Video Emails And How To Record Them, Enterprises muddled over cloud security responsibilities, and Top tech conferences to attend in 2020!

 

Show Notes: https://wiki.securityweekly.com/BSWEpisode154

To learn more about VIAVI Solutions, visit: https://securityweekly.com/viavi

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

 

HNN #244 - December 3, 2019

Paul's Security Weekly - Tue, 12/03/2019 - 4:25pm

This week, Microsoft OAuth Flaw Opens Azure Accounts to Takeover, Vulnerabilities Disclosed in Kaspersky, Trend Micro Products, Critical Code Execution Vulnerability Found in GoAhead Web Server, and StrandHogg Vulnerability Allows Malware to Pose as Legitimate Android Apps! In the expert commentary, we welcome back Adam Gordon from ITPro.TV, to discuss DevSecOps and the Culture Clash in Organizations!

 

Show Notes: https://wiki.securityweekly.com/HNNEpisode244

To learn more about ITPro.TV, visit: https://securityweekly.com/itpro

 

Visit https://www.securityweekly.com/hnn for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Low Hanging Fruit - ASW #87

Paul's Security Weekly - Tue, 12/03/2019 - 5:00am

This week, we welcome Sandy Carielli, Principal Analyst at Forrester Research, to discuss the impact of good and bad bots on enterprises and how it is both a security and customer experience problem! In the Application Security News, Analysis of Jira Bug Stresses Impact of SSRF in Public Cloud, DevSecOps Adoption and the Web Security Myth, Facebook, Twitter profiles slurped by mobile apps using malicious SDKs, Firefox gets tough on tracking tricks that sneakily sap your privacy, and Decoding the Modern Enterprise Software Spaghetti!

 

Show Notes: https://wiki.securityweekly.com/ASWEpisode87

Visit https://www.securityweekly.com/asw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

The Response Line - ESW #163

Paul's Security Weekly - Thu, 11/28/2019 - 5:00am

This week, we talk Enterprise News, to talk about how Cloudflare Open-Sources its Network Vulnerability Scanner, Qualys brings its Market Leading Vulnerability Management Solution to the next level, and some acquisition and funding updates from Palo Alto, Cymulate, Detectify, and Perimeter 81! In our second segment, we welcome Ken Belva, CEO, and Founder of OpCode41, to talk about IoT Crusher, Testing for Default & Weak Credentials! In our final segment, we air a Pre-Recorded interview with Brenden O'Conner, Information Security Program Manager at Root Insurance, to discuss Patch Management!

 

Show Notes: https://wiki.securityweekly.com/ESWEpisode163

Visit https://www.securityweekly.com/esw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

The Magical Formula - SCW #8

Paul's Security Weekly - Wed, 11/27/2019 - 5:00pm

This week, we welcome Russell Mosley and Jim Nitterauer, to discuss security and compliance specifically for small businesses where they have been involved with audit and compliance including NIST 800-171, 800-53 (FISMA) and SOC, and how to achieve decent security and meet compliance requirements with limited staff and resources!

 

Show Notes: https://wiki.securityweekly.com/SCWEpisode8

Visit https://www.securityweekly.com/scw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Level of Separation - BSW #153

Paul's Security Weekly - Wed, 11/27/2019 - 5:00am

This week, we welcome Nate Fick, GM of Elastic Security and former CEO of Endgame, to discuss Elastic's resource-based pricing! In the Leadership and Communications segment, Why Business Leaders Need to Understand Their Algorithms, How to Do a Digital Detox: 3 Easy Steps for Success, How Remote Workers Make Work Friends, and more!

 

Show Notes: https://wiki.securityweekly.com/BSWEpisode153

To learn more about Elastic Security, visit: https://securityweekly.com/elastic

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

HNN #243 - November 26, 2019

Paul's Security Weekly - Tue, 11/26/2019 - 3:28pm

This week, PoC exploit code for Apache Solr RCE flaw is available online, Some Fortinet products used hardcoded keys and weak encryption for communications, Critical Flaws in VNC Threaten Industrial Environments, Twitter allows users to use 2FA without a phone number, and Smash-and-grab car thieves use Bluetooth to target cars containing tech gadgets! In the expert commentary, we welcome back Jason Wood from Paladin Security, to discuss an Iranian hacking crew that is targeting Industrial Control Systems!

 

Show Notes: https://wiki.securityweekly.com/HNNEpisode243

Visit https://www.securityweekly.com/hnn for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Snarky Ways - ASW #86

Paul's Security Weekly - Tue, 11/26/2019 - 12:00pm

This week, we welcome Tim Mackey, Principal Security Strategist at Synopsys! In the Application Security News, $1M Google Hacking Prize, 1.2B Records Exposed in Massive Server Leak, How Attackers Could Hijack Your Android Camera to Spy on You, XSS in GMail s AMP4Email via DOM Clobbering, and more!

 

Show Notes: https://wiki.securityweekly.com/ASWEpisode86

To learn more about Synopsys, visit: https://securityweekly.com/synopsys

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Drinking Brake Fluid - PSW #628

Paul's Security Weekly - Fri, 11/22/2019 - 5:00pm

This week, we welcome Peter Liebert, CEO at Liebert Security, to discuss The Next Generation of SOCs: DevSecOps, Automation and breaking the model! In our second segment, we welcome back our friend Dave Kennedy, Founder and CEO of TrustedSec & Binary Defense, to discuss the Coalfire Incident and DerbyCon Communities! In the Security News, Disney Plus Blames Past Hacks for User Accounts Sold Online, Why Multifactor Authentication Is Now a Hacker Target, How the Linux kernel balances the risks of public bug disclosure, a critical flaw in Jetpack exposes millions of WordPress sites, and Amazon tells senators it isn't to blame for Capital One breach!

 

Show Notes: https://wiki.securityweekly.com/PSWEpisode628

To learn more about TrustedSec, visit: https://trustedsec.com/securityweekly

Visit https://www.securityweekly.com/psw for all the latest episodes!

 

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly  

Hot Mess - ESW #162

Paul's Security Weekly - Thu, 11/21/2019 - 5:00am

This week, we talk Enterprise News, discussing how Sysdig supports Google Cloud Run for Anthos to secure serverless workloads in production, StackRox Kubernetes Security Platform 3.0 Introduces Advanced Features and New Workflows for Configuration and Vulnerability Management, and some acquisition and funding updates from CyberCube, 1Password, Docker, WhiteSource, and more! In our second segment, we welcome Reuven Harrison, Chief Technology Officer at Tufin, to discuss the Cloud, Containers, and Microservices! In our final segment, we welcome Jorge Salamero, Director of Product Marketing at Sysdig, to discuss the challenges of implementing security in Kubernetes Environments!

 

Show Notes: https://wiki.securityweekly.com/ESWEpisode162

To learn more about Sysdig, visit: https://securityweekly.com/sysdig

To learn more about Sysdig, visit: https://securityweekly.com/tufin

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly 

We Don't Do PCI - SCW #7

Paul's Security Weekly - Wed, 11/20/2019 - 5:00pm

This week, we talk about the 2019 Verizon Payment Security Report! Why is PCI Compliance Decreasing? Why is it decreasing? What's missing? What needs to change? In the Security and Compliance News, Is My PCI Compliance Good Enough to Serve as a Network Cybersecurity Audit?, Getting Prepared for New York s Expanded Security Breach and Data Security Requirements, Virginia Builds New Model for Quantifying Cybersecurity Risk, Five Cyber Program Elements Financial Services Firms Must Cover To Stay Compliant, and more!

 

Show Notes: https://wiki.securityweekly.com/SCWEpisode7

Visit https://www.securityweekly.com/scw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Shady Things - BSW #152

Paul's Security Weekly - Wed, 11/20/2019 - 5:00am

This week, we welcome Scott Petry, CEO at Authentic8, to discuss challenges with the browser and securing web sessions! In the Leadership and Communications segment, CISOs left in compromising position as organizations tout cyber robustness, How To Get More Out Of Your Team, 8 Steps To Convert Your Commute Time To Me Time, and more!

 

Show Notes: https://wiki.securityweekly.com/BSWEpisode152

Visit https://www.securityweekly.com/bsw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Pages