Security Weekly Podcast Network (Audio‪)‬ Security Weekly Productions

There are as many paths into infosec as there are disciplines within infosec to specialize in. Karan Dwivedi talks about the recent book he and co-author Raaghav Srinivasan wrote about security engineering. There's an appealing future to security taking on engineering roles and creating solutions to problems that orgs face. We talk about the breadth and depth of security engineering and ways to build the skills that will help you in your appsec career.
Segment resources:
https://kickstartseceng.com A Rust advisory highlights the perils of parsing and problems of inconsistent approaches, D-Link (sort of) deals with end of life hardware, CSRB recommends practices and processes for Microsoft, Chrome’s V8 Sandbox increases defense, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-281

Startup founders dream of success, but it's much harder than it looks. As a former founder, I know the challenges of cultivating an idea, establishing product market fit, growing revenue, and finding the right exit. Trust me, it doesn't always end well.
In this interview, we welcome Seth Spergel, Managing Partner at Merlin Ventures, to discuss how to accelerate that journey to lead to a successful outcome. Seth will share Merlin Venture's approach to helping startups tackle the largest markets in the world, including US enterprises and federal. He will also share what success looks like.
Segment Resources:
 https://merlin.vc/advice-for-young-startups-eyeing-federal-what-kind-of-tech-does-the-u-s-government-need/
https://merlin.vc/we-have-liftoff/
 https://merlin.vc/portfolio/
 https://merlin.vc/dig-security-talon-cyber-security-acquired-by-palo-alto-networks/
https://innovationisrael.org.il/en/digital-reports/
In the leadership and communications section, Navigating Legal Challenges of Generative AI for the Board, Winds of Warning? SEC Charges Threaten to Disrupt Role of CISO, 6 Common Leadership Styles — and How to Decide Which to Use When, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-346

Combadges, SISENSE, Microsoft, Malware Next-Gen, Lastpass, Palo Alto, Broadband, Aaran Leyland, and More, on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-377

In the days when Mirai emerged and took down DynDNS, along with what seemed like half the Internet, DDoS was as active a topic in the headlines as it was behind the scenes (check out Andy Greenberg's amazing story on Mirai on Wired). We don't hear about DDoS attacks as much anymore. What happened?
Well, they didn't go away. DDoS attacks are a more common and varied tool of cybercriminals than ever. Today, Michael Smith is going to catch us up on the state of DDoS attacks in 2024, and we'll focus particularly on one cybercrime actor, KillNet.
Segment Resources:
Understanding DDoS Attacks: What is a DDoS Attack and How Does it Work? - I know the title makes this blog post sound rather basic, but it will get you up to speed on all the latest DDoS types, actors, and terminology pretty quickly! What is An Application-Layer DDoS Attack, and How Do I Defend Against Them? 2023 DDoS Statistics and Trends https://en.wikipedia.org/wiki/Killnet This week, Tyler and Adrian discuss Cyera's $300M Series C, which lands them a $1.4B valuation! But is that still a unicorn? Aileen Lee of Cowboy Ventures, who coined the term back in 2013, recently wrote a piece celebrating the 10th anniversary of the term, and revisiting what it means. We HIGHLY recommend checking it out: https://www.cowboy.vc/news/welcome-back-to-the-unicorn-club-10-years-later
They discuss a few other companies that have raised funding or just come out of stealth, including Scrut Automation, Allure Security, TrojAI, Knostic, Prompt Armor.
They discuss Eclipsium's binary analysis tooling, and what the future of fully automated security analysis could look like.
Wiz acquired Gem, and Veracode acquired Longbow. Adrian LOVES Longbow's website, BTW.
They discuss a number of essays, some of which are a must read:
Daniel Miessler's Efficient Security Principle Subsalt's series on data privacy challenges Lucky vs Repeatable, a must-read from Morgan Housel AI has Flown the Coop, the latest from our absent co-host, Katie Teitler-Santullo Customer love by Ross Haleliuk and Rami McCarthy We briefly cover some other fun - reverse typosquatting, AI models with built-in RCE, and Microsoft having YET ANOTHER breach.
We wrap up discussing Air Canada's short-lived AI-powered support chatbot.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-357

Jim joins the Security Weekly crew to discuss all things supply chain! Given the recent events with XZ we still have many topics to explore, especially when it comes to practical advice surrounding supply chain threats.
Ahoi new VM attacks ahead! HTTP/2 floods, USB Hid and run, forwarded email tricks, attackers be scanning, a bunch of nerds write software and give it away for free, your TV is on the Internet, Rust library issue, D-Link strikes again, EV charging station vulnerabilities, and rendering all cybersecurity useless.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-824

Dronepocalypse, Privacy, Microsoft, DLINK, Home Depot, Phishing, NIST, VenomRat, Josh Marpet, and more, are on this edition of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-376