Paul's Security Weekly (Audio‪)‬ Security Weekly Productions

The Security Weekly crew and special guest Seemant Sehgal explore what PTaaS involves, how it differs from traditional penetration testing, and why it's becoming a crucial service for companies of all sizes to protect their digital assets. We'll discuss the how PTaaS is using the latest technologies (e.g machine learning), the benefits of having a third-party service, and real-world scenarios where PTaaS has successfully thwarted potential security breaches. PTaaS can be a game-changer in enhancing your organization’s security posture!
This segment is sponsored by Breachlock. Visit https://securityweekly.com/breachlock to learn more about them!
An exploit that makes you more secure, pardon the interruption, water heater company in hot water, IoT devices are vulnerable, Squeege and RDP scraping, free laundry for everyone!, Wifi routers and Apple Air tags, North Koreans fill US IT positions, taking out drones, the NVD backlog, IBM is no longer a security company?, and DNSBombs!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-830

Has cryptocurrency done more harm than good? Our guest for this segment has some interesting views on its impacts!
Vulnrichment (I just like saying that word), Trustworthy Computing Memo V2, SSID confusion, the Flipper Zero accessory for Dads, the state of exploitation, Hackbat, Raspberry PI Connect, leaking VPNs, exploiting faster?, a new Outlook 0-Day?, updating Linux, and a 16-year-old vulnerability.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-829

In this RSAC 2024 South Stage Keynote, Mikko Hyppönen will look back at the past decade of ransomware evolution and explore how newer innovations, like AI, are shaping its future.
 
Illuminating the Cybersecurity Path: A Conversation with Jeremiah Grossman
Join us for a compelling episode featuring Jeremiah Grossman, a prominent figure in the cybersecurity landscape. As a recognized expert, Jeremiah has played a pivotal role in shaping the discourse around web security and risk management.
Jeremiah's journey in cybersecurity is marked by a series of influential roles, including Chief of Security Strategy at SentinelOne and Founder of WhiteHat Security. With a focus on web application security, he has been a driving force in advocating for innovative approaches to protect organizations from cyber threats.
In this episode, we explore Jeremiah's vast experience and delve into his insights on the ever-evolving cybersecurity challenges. From his early days as a hacker to his current position as a sought-after industry thought leader, Jeremiah shares valuable perspectives on the strategies and philosophies that underpin effective cybersecurity practices.
As a pioneer in the field, Jeremiah has contributed significantly to the development of best practices for identifying and mitigating web-related vulnerabilities. Tune in to gain a deeper understanding of the evolving threat landscape and the proactive measures organizations can take to secure their digital assets.
Whether you're a cybersecurity professional, tech enthusiast, or someone eager to comprehend the complexities of online security, this podcast with Jeremiah Grossman promises to be an illuminating exploration of the past, present, and future of cybersecurity.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-828

The Security Weekly crew discusses some of the latest articles and research in cryptography and some background relevant subtopics including the race against quantum computing, key management, creating your own crypto, selecting the right crypto and more!
https://www.globalsecuritymag.com/keysight-introduces-testing-capabilities-to-strengthen-post-quantum.html https://malware.news/t/reversinglabs-hashing-algorithm/81418 https://www.bleepingcomputer.com/news/security/google-chromes-new-post-quantum-cryptography-may-break-tls-connections/ https://www.finextra.com/newsarticle/44060/hsbc-and-paypal-tackle-quantum-safe-cryptography-in-payments https://blog.trailofbits.com/2024/04/26/announcing-two-new-lms-libraries/ https://blog.cryptographyengineering.com/2024/04/16/a-quick-post-on-chens-algorithm/ ChatGPT writes exploits, banning default and weak passwords, forget vulnerabilities just get rid of malware, IR blasting for fun and not profit, creating fake people, shattered dreams and passkey, and removing chips.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-827

On February 27, 2024, PCAST (President’s Council of Advisors on Science and Technology) sent a report to the President with recommendations to bolster the resilience and adaptability of the nation’s cyber-physical infrastructure resources. Phil was part of the team that worked on the report and comes on the show to talk about what was recommended and how we implement the suggestions.
This week the crew discusses: When TVs scan your network, bad things can happen, PuTTY is vulnerable, Crush FTP, vulnerabilities that will never be fixed, CVEs are for vulnerabilities silly, you can test for easily guessable passwords too, FlipperZero can steal all your passwords, more XZ style attacks, more reasons why you shouldn't use a smart lock, and your keystrokes are showing!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-826

Version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS) puts greater emphasis on application security than did previous versions of the standard. It also adds a new “customized approach” option that allows merchants and other entities to come up with their own ways to comply with requirements, and which also has implications for application security. Specifically, PCI DSS 4.0 requires that by March 31, 2025, more testing of public-facing applications related to payment processing or other activities be considered “in scope” for compliance. Generally, any system that touches payment-card data is in scope for PCI DSS compliance, whether or not the system or function is public-facing. We'll talk through what organizations should have gotten done by March 31, 2024, and what needs to happen by March 31, 2025.
Segment Resources: https://info.obsglobal.com/pci-4.0-resources
Pioneering the Cyber Battlefield: A Deep Dive with Winn Schwartau, Cybersecurity Luminary
Get ready for an extraordinary episode as we sit down with Winn Schwartau, a true pioneer and luminary in the world of cybersecurity. Winn's impact on the field is nothing short of legendary, and in this podcast interview, we uncover the profound insights and experiences that have shaped his unparalleled career.
Winn Schwartau's journey began long before the mainstream recognition of cybersecurity as a critical discipline. As a thought leader and visionary, he foresaw the digital threats that would come to define our interconnected age. Join us as we delve into the early days of cybersecurity and explore the foresight that led Winn to become a trailblazer in the industry.
An accomplished author, speaker, and strategist, Winn Schwartau has been at the forefront of shaping cybersecurity policies and practices. From his groundbreaking book "Information Warfare" to his influential work on the concept of the "Electronic Pearl Harbor," Winn has consistently pushed the boundaries of conventional thinking in cybersecurity.
In this podcast episode, Winn shares his unique perspective on the evolution of cyber threats, the challenges faced by individuals and organizations, and the urgent need for a paradigm shift in cybersecurity strategy. Prepare to be captivated by the stories and experiences that have fueled Winn's advocacy for a more resilient and secure digital world.
Whether you're a cybersecurity professional, an enthusiast, or simply intrigued by the profound impact of technology on our lives, this conversation with Winn Schwartau promises to be a journey through the past, present, and future of cybersecurity.
Don't miss the chance to gain unparalleled insights from a true cybersecurity luminary. Tune in and discover the wisdom that only Winn Schwartau can bring to the table in this illuminating podcast interview.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-825