1,997 episodes

For the latest in computer security news, hacking, and research! We sit around, drink beer, and talk security. Our show will feature technical segments that show you how to use the latest tools and techniques. Special guests appear on the show to enlighten us and change your perspective on information security.

Paul's Security Weekly paul@securityweekly.com

    • Technology
    • 4.4 • 195 Ratings

For the latest in computer security news, hacking, and research! We sit around, drink beer, and talk security. Our show will feature technical segments that show you how to use the latest tools and techniques. Special guests appear on the show to enlighten us and change your perspective on information security.

    ESW #290 - Will Lin, James Norrie

    ESW #290 - Will Lin, James Norrie

    Cybersecurity is now battling a human problem just as much, if not more, than a technical one. According to Verizon’s 2021 Data Breach Security Report, 85% of successful cyberattacks now involve a human element. Combine that with the fact that even the very best technology can only thwart about 93% of attacks and that leaves a large hole in an organization’s basic security hygiene. This has led to a growing demand for ongoing educational programs that rely on behavioral science to measure and manage cybersecurity risk as a distinctly different solution from generic, one-size-fits-all training programs.
     
    In the enterprise security news, SentinelOne and Crowdstrike reinvest in the security market, Malwarebytes raises $100M, Ox Security raises a $34M Seed round??? Jamf acquires ZecOps, New startups looking to improve Code Reviews…Outsource questionnaires…provide consumer privacy awareness…Federal security funding for state and local governments, New software supply chain attacks, Microsoft Windows slaps your hand when you try to update passwords.txt, and stick around until the end, when we talk about a New Jersey Deli with a $100M market cap!
     
    This is a recurring segment, in which we bring on a VC to provide an investor’s point-of-view on all this activity. It’s hard to imagine a better investor to join us than Will Lin, co-founder of Forgepoint, one of the few VC firms that exclusively invests in cybersecurity startups.
    We'll discuss:
    - How, the last time we had Will on (20 episodes ago, ESW 270), we were asking about huge valuations and potential market resets/corrections. Well, it seems that day arrived. What now?
    - Crowdstrike and SentinelOne are active investors with their own funds now. Is this a new trend, or are we just now noticing it? What does it mean for the larger market and for founders looking to raise?
    - We've had guests on to discuss enterprise browsers, and DSPM - what hot markets should we target next?
     
    Visit https://www.securityweekly.com/esw for all the latest episodes!
    Follow us on Twitter: https://www.twitter.com/securityweekly
    Like us on Facebook: https://www.facebook.com/secweekly
     
    Show Notes: https://securityweekly.com/esw290

    • 2 hr 14 min
    SWN #243 - Optimus Prime, Hard Drives, Exchange, Witchetty, TLP, DOD, Wrap Up

    SWN #243 - Optimus Prime, Hard Drives, Exchange, Witchetty, TLP, DOD, Wrap Up

    This week, Dr. Doug discusses: Optimus Prime, Hard Drives, Exchange, Witchetty, TLP, DOD, EIEIO, as well as the show Wrap-Ups and his Threat of the Week!
     
    Visit https://www.securityweekly.com/swn for all the latest episodes!
    Follow us on Twitter: https://www.twitter.com/securityweekly
    Like us on Facebook: https://www.facebook.com/secweekly
     
    Show Notes: https://securityweekly.com/swn243

    • 28 min
    PSW #757 - Ev Kontsevoy, Casey Ellis

    PSW #757 - Ev Kontsevoy, Casey Ellis

    Hackers rarely break through crypto or exploit fancy zero days. Most of the time they simply login using stolen credentials. Managing passwords, keys and other forms of secrets does not work at scale. In this segment we’ll look into a more radical approach to infrastructure security: getting rid of secrets entirely and moving to access control based on physical properties of humans and machines.
    This segment is sponsored by Teleport. Visit https://securityweekly.com/teleport to learn more about them!
     
    This week, we're joined by Casey Ellis to discuss a Telco breach from a land down under, UK government sits out bug bounty boom but welcomes vulnerability disclosure, Karakurt Data Extortion Group, Microsoft Releases Workaround for ‘One-Click’ 0Day Under Active Attack, being caught with your pants down, & more!
     
    Visit https://www.securityweekly.com/psw for all the latest episodes!
    Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
    Follow us on Twitter: https://www.twitter.com/securityweekly
    Like us on Facebook: https://www.facebook.com/secweekly
     
    Show Notes: https://securityweekly.com/psw757

    • 3 hr 15 min
    BSW #278 - Fleming Shi

    BSW #278 - Fleming Shi

    New fourth-annual research report analyzes ransomware attack patterns that occurred between August 2021 and July 2022 In the past 12 months, Barracuda researchers identified and analyzed 106 highly publicized ransomware attacks and found the dominant targets are still five key industries: education, municipalities, healthcare, infrastructure, and financial. Researchers also saw a spike in the number of service providers that have been hit with a ransomware attack. The volume of ransomware threats detected spiked between January and June of this year to more than 1.2 million per month. Most ransomware attacks don’t make headlines, though. Many victims choose not to disclose when they get hit, and the attacks are often sophisticated and extremely hard to handle for small businesses. To get a closer look at how ransomware is affecting smaller businesses, the report details three examples that researchers have seen through Barracuda SOC-as-a-Service, the anatomy of each attack, and the solutions that can help stop these attacks.
    Segment Resources:
    Read the full Threat Spotlight blog post: https://blog.barracuda.com/2022/08/24/threat-spotlight-the-untold-stories-of-ransomware/
    This segment is sponsored by Barracuda Networks. Visit https://securityweekly.com/barracuda to learn more about them!
    In the leadership and communications section, Attention CISOs: The Board Doesn’t Care About Buzzwords, The Best Managers Are Leaders — and Vice Versa, Firing Your Entire Cybersecurity Team? Are You Sure?, and more!
    Visit https://www.securityweekly.com/bsw for all the latest episodes!
    Follow us on Twitter: https://www.twitter.com/secweekly
    Like us on Facebook: https://www.facebook.com/secweekly
    Show Notes: https://securityweekly.com/bsw278

    • 1 hr
    ASW #213 - Janet Worthington

    ASW #213 - Janet Worthington

    Applications are the most frequent external attack vector for companies. However, application security can improve only if developers either code securely or remediate existing security flaws — unfortunately, many don’t receive training with proper security know-how. In this session, we will talk about the state of application security education and what you can do to secure what you sell.
    Segment Resources: - https://www.forrester.com/blogs/school-is-in-session-but-appsec-is-still-on-vacation/?ref_search=3502061_1663615159889 https://www.wisporg.com/events-calendar/2022/11/8/security-amp-risk-conference-forrester https://www.veracode.com/events/hacker-games https://blogs.microsoft.com/blog/2021/10/28/america-faces-a-cybersecurity-skills-crisis-microsoft-launches-national-campaign-to-help-community-colleges-expand-the-cybersecurity-workforce/
    Wiz reveals authorization bypass in Oracle Cloud, Python 15-year old path traversal flaw, Prototype Pollution in Chrome, PS4 flaw reappears in PS5, Why security products fail
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Follow us on Twitter: https://www.twitter.com/secweekly
    Like us on Facebook: https://www.facebook.com/secweekly
    Show Notes: https://securityweekly.com/asw213

    • 1 hr 22 min
    SWN #242 - SmartScreen, Erbium, Graphite, Russian Cyber War, Metador, WhatsApp, & RSOCKS

    SWN #242 - SmartScreen, Erbium, Graphite, Russian Cyber War, Metador, WhatsApp, & RSOCKS

    This week Dr. Doug talks: Darth Vader, SmartScreen, Erbium, Graphite, Russia, Metador, Whatsapp, RSocks, and is joined by the illustrious Jason Wood on the Security Weekly News!
    Visit https://www.securityweekly.com/swn for all the latest episodes!
    Follow us on Twitter: https://www.twitter.com/secweekly
    Show Notes: https://securityweekly.com/swn242

    • 30 min

Customer Reviews

4.4 out of 5
195 Ratings

195 Ratings

ndfootball5489 ,

Great Podcast With an Entertaining Crew

These guys are great to listen to! Not only are they knowledgable, but they are just fun to listen to as a group. Sometimes as you expect with personalities in this field/industry, sometimes the things they say are cringeworthy but hilarious at the same time. When I first found the podcast, about a year ago, I went on a binge listening streak like it was a Friday Netflix Original night! It has become a weekly ritual to listen to the podcast on the way to work. The information I have learned, in regards to a wide arrange of issues such as, attack surfaces, malware, web security, privacy issues, encryption, networking, etc.., has made me stronger at my every day role in the industry.

Cheers to another 10 years Gentlmen!

BearsQB ,

Big head Kaplan

Ridiculous takes and false bravado from Kap hurts show....if dude kept it less about him and more about Cubs, show would improve. Gordon has Cubs colored glasses and can’t see reality. Oh well

labsrcool ,

Bad start

Tag line for the show “packets aren’t the only thing being sniffed” is so unprofessional and inappropriate that I never make it past that part to actually listen to the content.

You Might Also Like

Johannes B. Ullrich
CyberWire, Inc.
CISO Series
TWiT
CyberWire Inc.
Graham Cluley & Carole Theriault