Paul's Security Weekly (Video)

Security Weekly Productions
  • 0.0 (0)
  • TECHNOLOGY
  • UPDATED WEEKLY
Paul's Security Weekly (Video) Podcast

If you're looking for a bunch of us cybersecurity nerds to get together and talk shop, then Paul’s Security Weekly is for you. This show features interviews with folks in the cybersecurity community; technical segments, which are just that, very technical; and cybersecurity news, which is an open discussion forum for the hosts to express their opinions about the latest cybersecurity headlines, breaches, new exploits and vulnerabilities, “not” politics, “cyber” policies and more. The topics vary greatly and the atmosphere is relaxed and very conversational. This is a longer show, typically 2+ hours, for those with a long commute. Hosted by Paul Asadoorian, Larry Pesce, Jeff Man, Mandy Logan, Josh Marpet, Lee Neely, Sam Bowne, Tyler Robinson, and other guest co-hosts!

  1. Exploding Pagers - PSW #843

    10 HR AGO

    Exploding Pagers - PSW #843

    Apple drops a lawsuit to avoid exposing secrets, what does it mean for the security industry if MS locks down the kernel?, exploding pagers, more things from the past: Adobe Flash exploits, robots get rid of your data, PKFail is still a thing, Android TV malware is back: now with conspiracy theories, DMA attacks, gamers are not nation-state attackers, the story of a .MOBI Whois server, a better bettercap, and when not to trust video baby monitors. Show Notes: https://securityweekly.com/psw-843

    1h 58m
  2. Wifi Vulns, Yubikeys, and Firmware - PSW #842

    12 SEPT

    Wifi Vulns, Yubikeys, and Firmware - PSW #842

    Don't tell the FCC there is a new Flipper firmware release, unpatchable?, argv[0] and sneaking past defenses, protect your registries, someone solved my UART RX problem, PKFail update, legal threats against security researchers documented, EDR bypass whack-a-mole continues, emulating PIs, VScode moonlights as a spy, Want to clone a YubiKey? All you need is $11,000, some fancy gear, and awkwardly close proximity to your victim, and Telegram’s encryption: it’s kinda like putting a 'Keep Out' sign but leaving the door unlocked. Show Notes: https://securityweekly.com/psw-842

    2h 2m
  3. Recent Cyber Security Laws & Regulations - Lee Kim - PSW #842

    12 SEPT

    Recent Cyber Security Laws & Regulations - Lee Kim - PSW #842

    Lee comes on the show to discuss: EU CRA - https://en.wikipedia.org/wiki/CyberResilienceAct - its impact on bringing products to market and the challenges of enforcing such laws that require products to be "Secure" Recent legislation on disputes for federal agency fines - Chevron deference rule - supreme court decision, uncertainty, more or less clarity - proven in the first court case? opens to more litigation -https://www.nrdc.org/stories/what-happens-if-supreme-court-ends-chevron-deference Breach disclosure laws - mandatory disclosure rules from the SEC - https://www.sec.gov/newsroom/press-releases/2024-31 Defcon cease and desist - “Copyright Act, the Defend Trade Secret Acts, the Computer Fraud and Abuse Act, and the Digital Millennium Copyright Act” - https://securityledger.com/2024/08/a-digital-lock-maker-tried-to-squash-a-def-con-talk-it-happened-anyway-heres-why/ Show Notes: https://securityweekly.com/psw-842

    1h 2m
  4. Hacker Heroes - Mark Loveless - PSW Vault

    4 SEPT

    Hacker Heroes - Mark Loveless - PSW Vault

    Exploring the Hacking Landscape with Mark Loveless, AKA SimpleNomad Dive into the intricate world of cybersecurity with our featured guest, Mark Loveless, widely known by his handle SimpleNomad. With a rich history in the realm of information security, Mark is a seasoned professional, researcher, and thought leader. Mark's journey spans decades, marked by a commitment to uncovering vulnerabilities and understanding the ever-changing threat landscape. As a prominent figure in the cybersecurity community, he has contributed significantly to the field, sharing insights, research findings, and expertise. Join us in this podcast interview as Mark reflects on his experiences, discusses the evolution of cybersecurity challenges, and shares his perspectives on emerging trends. With a deep understanding of both offensive and defensive security, Mark brings a unique perspective to the conversation, offering valuable insights into the strategies and tactics employed by cybersecurity professionals. As a respected voice in the industry, Mark Loveless has not only witnessed the evolution of cybersecurity but has actively shaped its trajectory through his contributions to research, writing, and speaking engagements. This episode provides a rare opportunity to gain knowledge from a cybersecurity veteran and explore the nuances of an ever-expanding digital landscape. Tune in to discover the wisdom and experiences that have defined Mark Loveless's career and gain a deeper understanding of the complexities and challenges inherent in the world of cybersecurity. Show Notes: https://securityweekly.com/vault-psw-12

    1h 33m
  5. I want ALL The Firmware - PSW #841

    29 AUG

    I want ALL The Firmware - PSW #841

    This week: I want all the firmware, its not just TP-Link, CVEs for malware, BLE and your health, faking your own death, serial ports, stealthy Linux malware, call this number, finding all the Wordpress plugin vulnerabilities! Show Notes: https://securityweekly.com/psw-841

    2h 0m
  6. Building AI BOMs - Helen Oakley - PSW #841

    29 AUG

    Building AI BOMs - Helen Oakley - PSW #841

    Larry and Helen walk us through the AI supply chain landscape. Learn what goes into building and using AI models and the dangers that could lurk within. Segment Resources: Community efforts on AIBOM topic: https://github.com/aibom-squad Show Notes: https://securityweekly.com/psw-841

    1h 2m
  7. Vulnerabilities, Vulnerabilities Everywhere - PSW #840

    22 AUG

    Vulnerabilities, Vulnerabilities Everywhere - PSW #840

    This week: YAVD: Yet Another Vulnerable Driver, why bring your own when one already exists, backdoors in MIFARE Classic, wireless hacking tips, AMD sinkclose vulnerability will keep running, you down with SLDP yea you know me, Phrack!, IoTGoats, Pixel vulnerabilities, leaking variables, a DEF CON talk that was not cancelled, Telnet is still a thing, More CNAs, and the last thing Flint Michigan needed was a ransomware attack! Show Notes: https://securityweekly.com/psw-840

    1h 57m
  8. How do we patch the right things? - PSW #840

    22 AUG

    How do we patch the right things? - PSW #840

    Every week here on the show we talk about vulnerabilities and exploits. Typically we recommend that organizations remediate these vulnerabilities in some way. But how? And more importantly, which ones? Some tools we have to help us are actually not all that helpful at time, such as: Mitre Att&ck - Don't get me wrong, this is a great project and Adam and team is doing a great job. However, its not a complete picture as we can't possibly know about every attack vector (or can we?). People seem to think if they cover everything in the framework they will be secure. You can't cover everything in the framework because each technique can be utilized by an attack in a hundred different ways. CVSS - Anyone can apply a score, but who is correct? Good that we have a way to score things, but then people will just use this as a basis for what they patch and what they do not. Also, chaining vulnerabilities is a thing, but we seem to lack any way to assign a score to multiple vulnerabilities at once (different from a technique). Also, some things don't get a CVE, how are you tracking, assessing risk, and patching these? CISA KEV - Again, love the project and Tod is doing amazing work. However, what about things that do not get a CVE? Also, how do you track every incident of an attacker doing something in the wild? Also, there is frequency, just because something got exploited once, does that mean you need to patch it right away? How are we tracking how often something is exploited as it is not just a binary "yes, its exploited" or "no, it is not". EPSS - I do like the concept and Wade and Jay are doing amazing work. However, there seems to be a "gut reaction" thing going on where we do see things being exploited, but the EPSS score is low. How can we get better at predicting? We certainly have enough data, but are we collecting the right data to support a model that can tell us what the attackers will do next? Show Notes: https://securityweekly.com/psw-840

    1h 3m
See All (1.1K)

About

If you're looking for a bunch of us cybersecurity nerds to get together and talk shop, then Paul’s Security Weekly is for you. This show features interviews with folks in the cybersecurity community; technical segments, which are just that, very technical; and cybersecurity news, which is an open discussion forum for the hosts to express their opinions about the latest cybersecurity headlines, breaches, new exploits and vulnerabilities, “not” politics, “cyber” policies and more. The topics vary greatly and the atmosphere is relaxed and very conversational. This is a longer show, typically 2+ hours, for those with a long commute. Hosted by Paul Asadoorian, Larry Pesce, Jeff Man, Mandy Logan, Josh Marpet, Lee Neely, Sam Bowne, Tyler Robinson, and other guest co-hosts!

Information

  • Creator
    Security Weekly Productions
  • Years Active
    2019 - 2024
  • Episodes
    1.1K
  • Rating
    Clean
  • Copyright
    © 2024 CyberRisk Alliance
  • Show Website
    Paul's Security Weekly (Video)

You Might Also Like

To listen to explicit episodes, sign in.

Stay up to date with this show

Sign in or sign up to follow shows, save episodes and get the latest updates.
Select a country or region

Africa, Middle East, and India

Asia Pacific

Europe

Latin America and the Caribbean

The United States and Canada