On February 27, 2024, PCAST (President’s Council of Advisors on Science and Technology) sent a report to the President with recommendations to bolster the resilience and adaptability of the nation’s cyber-physical infrastructure resources. Phil was part of the team that worked on the report and comes on the show to talk about what was recommended and how we implement the suggestions.
This week the crew discusses: When TVs scan your network, bad things can happen, PuTTY is vulnerable, Crush FTP, vulnerabilities that will never be fixed, CVEs are for vulnerabilities silly, you can test for easily guessable passwords too, FlipperZero can steal all your passwords, more XZ style attacks, more reasons why you shouldn't use a smart lock, and your keystrokes are showing!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-826
Version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS) puts greater emphasis on application security than did previous versions of the standard. It also adds a new “customized approach” option that allows merchants and other entities to come up with their own ways to comply with requirements, and which also has implications for application security. Specifically, PCI DSS 4.0 requires that by March 31, 2025, more testing of public-facing applications related to payment processing or other activities be considered “in scope” for compliance. Generally, any system that touches payment-card data is in scope for PCI DSS compliance, whether or not the system or function is public-facing. We'll talk through what organizations should have gotten done by March 31, 2024, and what needs to happen by March 31, 2025.
Segment Resources: https://info.obsglobal.com/pci-4.0-resources
Pioneering the Cyber Battlefield: A Deep Dive with Winn Schwartau, Cybersecurity Luminary
Get ready for an extraordinary episode as we sit down with Winn Schwartau, a true pioneer and luminary in the world of cybersecurity. Winn's impact on the field is nothing short of legendary, and in this podcast interview, we uncover the profound insights and experiences that have shaped his unparalleled career.
Winn Schwartau's journey began long before the mainstream recognition of cybersecurity as a critical discipline. As a thought leader and visionary, he foresaw the digital threats that would come to define our interconnected age. Join us as we delve into the early days of cybersecurity and explore the foresight that led Winn to become a trailblazer in the industry.
An accomplished author, speaker, and strategist, Winn Schwartau has been at the forefront of shaping cybersecurity policies and practices. From his groundbreaking book "Information Warfare" to his influential work on the concept of the "Electronic Pearl Harbor," Winn has consistently pushed the boundaries of conventional thinking in cybersecurity.
In this podcast episode, Winn shares his unique perspective on the evolution of cyber threats, the challenges faced by individuals and organizations, and the urgent need for a paradigm shift in cybersecurity strategy. Prepare to be captivated by the stories and experiences that have fueled Winn's advocacy for a more resilient and secure digital world.
Whether you're a cybersecurity professional, an enthusiast, or simply intrigued by the profound impact of technology on our lives, this conversation with Winn Schwartau promises to be a journey through the past, present, and future of cybersecurity.
Don't miss the chance to gain unparalleled insights from a true cybersecurity luminary. Tune in and discover the wisdom that only Winn Schwartau can bring to the table in this illuminating podcast interview.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-825
Jim joins the Security Weekly crew to discuss all things supply chain! Given the recent events with XZ we still have many topics to explore, especially when it comes to practical advice surrounding supply chain threats.
Ahoi new VM attacks ahead! HTTP/2 floods, USB Hid and run, forwarded email tricks, attackers be scanning, a bunch of nerds write software and give it away for free, your TV is on the Internet, Rust library issue, D-Link strikes again, EV charging station vulnerabilities, and rendering all cybersecurity useless.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-824
As most of you have probably heard there was a scary supply chain attack against the open source compression software called "xz". The security weekly hosts will break down all the details and provide valuable insights.
pfSense switches to Linux (April Fools?), Flipper panic in Oz, Tales from the Krypt, Funding to secure the Internet, Abusing SSH on Windows, Blinding EDR, more hotel hacking, Quantum Bleed, and more!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-823
Jason Healey comes on the show to discuss new ideas on whether the new national cybersecurity strategy is working.
Segment Resources:
The PSW crew discusses some crypto topics, such as post-quantum and GoFetch, new Flipper Zero projects, RFID hacking and hotel locks, BlueDucky, side channel attacks and more!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-822
Josh Corman joins us to explore how we can make things more secure, making companies make things more secure, and making regulations that make us make things more secure! We will also touch on supply chain security and the state of vulnerability tracking and scoring.
We discuss the always controversial Flipper Zero devices the hidden risks in the undersea cables, and the landscape of government oversight, revealing the intricacies of CVE, KEV, and NVD systems that are the linchpins of our digital safety. The conversation takes a turn to the practicalities of risk management and the impact of individuals on the industry, like Daniel from the curl project, striking a chord with the significance of cybersecurity vulnerabilities compared to environmental pollution. We tackle the challenges of vulnerability prioritization and the importance of a comprehensive approach to managing the ever-evolving threats that target our digital infrastructure.
(00:01) Security Practices and Flipper Zero (07:01) Technology and Privacy Concerns in Cars (17:33) Undersea Cables and NVD Issues (27:45) Government Oversight and Funding for Cybersecurity (33:33) Improving Vulnerability Prioritization in Cybersecurity (45:37) Risk Management and CVE Implementation (58:06) Cybersecurity Budget and Risk Management (01:10:48) Unique Challenges in Cybersecurity Industry (01:16:41) Discussion on Open Source and CNAs (01:26:44) Bluetooth Vulnerabilities and Exploits Discussed (01:39:46) Email Security and Compromised Accounts (01:46:23) Cybersecurity Threats and Vulnerabilities (01:52:06) GPU Security Vulnerabilities Explained
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-821
Omkhar Arasaratnam is the General Manager of the Open Source Software Foundation (OpenSSF) and appears on the show to discuss memory safety, why re-writing software isn't always the best option, open-source software supply chains, and more!
Segment Resources:
In the security News end of life routers and exploits, SCCM mis-configurations lead to compromise, apparently you can hack anything with a Flipper Zero, do source code leaks matter?, visibility is important, printer vulnerabilities that no one cares about, friendship gets you firmware, lock hacking continues, VM escapes and risk, and multiple really cool Bluetooth hacking stories.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-820
Public information about exploits and vulnerabilities alone is not enough to inform prioritization, especially with the growing rate and variety of CVEs. Dan DeCloss, founder and CTO of PlexTrac, joins the show to discuss solving the challenges of risk prioritization to drive faster, more strategic assessment cycles. Spoiler: The key is adding context and prioritization to risk-scoring equations.
Segment Resources:
https://plextrac.com/get-ready-to-prioritize-risk-with-our-new-contextual-scoring-engine/?utm_medium=tech_ptr&utm_source=security_weekly
https://plextrac.com/video/priorities/?utm_medium=tech_ptr&utm_source=security_weekly
This segment is sponsored by PlexTrac. Visit https://securityweekly.com/plextrac to learn more about them!
BiaSciLab from DEF CON joins us to discuss DCNextGen! In the security News: MouseJacking still works, CISA recommends a complete rebuild, memory safety and re-writing code, not all doorbells are created equal, putting a firewall in front of your LLM, rugged gear and vulnerabilities, PLCs are not safe, neither are Windows kernels..
Segment Resources:
https://www.defcon.kids
https://www.BiaSciLab.com
https://www.GirlsWhoHack.com
https://www.SecureOpenVote.com
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-819
Jayson joins us to discuss how he is using, and social engineering, AI to help with his security engagements. We also talk about the low-tech tools he employs to get the job done, some tech tools that are in play, and the most important part of any security testing: Talking to people, creating awareness, and great reporting.
The latest attacks against WiFi, its illegal to break encryption, BLE Padlocks are as secure as you think, when command not found attacks, how did your vibrator get infected...with malware, the OT jackpot, the backdoor in a random CSRF library, it’s a vulnerability but there is no CVE, car theft and Canada, Glubteba, and settings things on fire!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-818
Join us in this illuminating podcast episode as we sit down with Wendy Nather, a distinguished thought leader and cybersecurity strategist, who has left an indelible mark on the ever-evolving landscape of digital security.
Wendy's journey in cybersecurity is a narrative woven with expertise, innovation, and a deep understanding of the intersection between technology and risk. With a career that spans strategic roles in both the public and private sectors, Wendy has become a trusted voice in the industry, offering insights that resonate with cybersecurity professionals and enthusiasts alike.
As the Head of Advisory CISOs at Cisco, Wendy Nather brings a unique perspective to our conversation. Explore with us as she shares her experiences navigating the complex cybersecurity challenges faced by organizations today. Wendy's strategic vision has helped shape cybersecurity policies, risk management frameworks, and resilient strategies for a myriad of enterprises.
Dive into Wendy's wealth of knowledge as she discusses the dynamic nature of cyber threats, the importance of proactive cybersecurity measures, and the evolving role of technology in safeguarding our digital future. Her commitment to demystifying complex security concepts and fostering a culture of resilience makes this podcast episode a must-listen for anyone passionate about cybersecurity.
Beyond her corporate role, Wendy is a prolific writer, speaker, and educator, contributing to the collective cybersecurity knowledge base. Join us as we explore her insights on emerging trends, best practices, and the human element in cybersecurity—a facet often overlooked but crucial in building robust defense strategies.
Don't miss this opportunity to gain valuable perspectives from one of the industry's leading minds. Tune in to our podcast and discover the wisdom and foresight that Wendy Nather brings to the world of cybersecurity.
Show Notes: https://securityweekly.com/vault-psw-8
In this segment, we discuss topics related to physical security and social engineering. We also touch on the challenges and strategies for implementing effective security measures. The discussion highlights the importance of understanding the relationship between physical security and social engineering. The panel emphasizes the need for a comprehensive approach to security, acknowledging that social engineering and physical security often go hand in hand. We stress the significance of testing physical security measures and conducting threat assessments to ensure robust protection against potential threats. The conversation touches on the concept of usability versus security, acknowledging that security measures should provide a balance between effective protection and practical usability. We explore the vulnerabilities of certain security technologies, such as biometrics, and underscore the need for continuous evaluation and adaptation of security measures to mitigate emerging threats.
Welcome to a riveting episode of Hacker Heroes, where we sit down with Toby Miller, a distinguished figure in the realm of cybersecurity. Toby brings a wealth of experience and a passion for fortifying digital landscapes against ever-evolving threats.
Armed with a profound understanding of cybersecurity intricacies, Toby has spent years honing his skills in the field. As a seasoned professional, he has not only weathered the storms of the digital frontier but has emerged as a beacon of knowledge and resilience in the face of cyber challenges.
Join us as we delve into Toby's journey, from the early days of his career to his current role as a cybersecurity expert. Gain valuable insights into the dynamic nature of cyber threats, the evolving tactics employed by malicious actors, and the strategies Toby employs to stay one step ahead in the ever-changing cybersecurity landscape.
Toby's expertise extends across a spectrum of cybersecurity domains, including risk management, threat intelligence, and incident response. Discover the mindset that propels him forward in the pursuit of securing digital infrastructures and safeguarding sensitive information.
In this podcast episode, Toby Miller shares anecdotes from the front lines of cybersecurity, offering our listeners a firsthand account of the challenges faced by professionals in the industry. Whether you're a cybersecurity enthusiast, a fellow professional, or someone navigating the digital landscape, Toby's insights are sure to enlighten and inspire.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-817
As a computer-smitten middle-schooler in the former Soviet Union in the 1970s, to his current and prominent role in the cybersecurity research community, Bratus aims to render the increasingly prevalent and perilous software, hardware, and networks in our lives much safer to use. His fascination with computer security started for real in the 1990s as a mathematics graduate student when a computer he was programming and responsible for at Northeastern University in Boston was taken over by a hacker. That experience set him on his life’s mission to learn as much as he can about the vulnerabilities of software and hardware with the goal of learning how to best minimize or eliminate those vulnerabilities. Noting his embrace of the hacker community for its deep and innovative expertise in this context, Bratus’s portfolio at DARPA could help reduce or entirely remove even some of the most stealthy and unexpected vulnerabilities that reside in software and its logical, computational, and mathematical foundations.
Segment Resources:
• Overall Portfolio: https://www.darpa.mil/staff/dr-sergey-bratus
• Safe Documents: https://www.darpa.mil/news-events/2023-06-14
• Enhanced SBOM for Optimized Software Sustainment: https://sam.gov/opp/d0af3e325a594a8191b94e3f80b6bdcd/view
• V-SPELLS program: https://www.theregister.com/2023/08/18/darpalegacybinary_patching/
• Digital Corpora Project: https://www.jpl.nasa.gov/news/jpl-creates-worlds-largest-pdf-archive-to-aid-malware-research
• SocialCyber: https://www.technologyreview.com/2022/07/14/1055894/us-military-sofware-linux-kernel-open-source/
• Weird Machines: https://www.darpa.mil/program/hardening-development-toolchains-against-emergent-execution-engines
• Safe Docs: https://www.darpa.mil/news-events/2023-06-14
• Exploit programming: https://www.usenix.org/publications/login/december-2011-volume-36-number-6/exploit-programming-buffer-ove
In the Security News: - Shim Shady, Up Shims Creek, whatever you want to call it, there’s a vulnerability affecting pretty much all Linux distributions (and other operating systems as well), when your toothbrush attacks the Internet, or some claim, glibc has some vulnerabilities, not all got a CVE, and one is for the algorithm lovers, Google shows some love for Rust, beating Bitlocker in 43 seconds, DEF CON was canceled, then uncancelled, and I’m not even joking this time, and the Government is here to "unhack" your router,
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-816
When an RCE really isn’t, your kernel is vulnerable, calling all Windows 3.11 experts, back to Ebay, Turkish websites and credentials, 10 public exploits for the same vulnerability, hacking Bitcoin ATMs, another vulnerability disclosure timeline gone wrong, Flipper Zero tips and how you should not use it to change traffic lights, Windows 11 S mode, and you’re dead (but like in the movie Hackers dead), and more!
Danny Jenkins, CEO & Co-Founder of ThreatLocker, a cybersecurity firm providing Zero Trust endpoint security, is a leading cybersecurity expert with over two decades of experience building and securing corporate networks, including roles on red and blue teams. He is dedicated to educating industry professionals about the latest cyber threats and frequently speaks on the topics of ransomware and Zero Trust.
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-815
Matt Coose is the founder and CEO of cybersecurity compliance firm Qmulos, previously the director of Federal Network Security for the National Cyber Security Division of the (DHS).
CISOs carry the ultimate burden and weight of compliance and reporting and are often the last buck. Says Coose, best-of-breed is better described as best-to-bleed-the-budget: it’s a bottom-up, tech-first, reactive approach for acquiring technology as opposed to managing risk. Coose shares his top considerations below for how CISOs can navigate the crowded market of cybersecurity tools when cost is highly scrutinized, but regulations keep growing.
Platforms are what every vendor dreams of being called, but no platform does it all, says Coose.
Coose shares what smart CISOs and mature organizations understand, that others don’t:
• There’s no “buying their way out of security issues or into a better risk posture.” They understand the need to evolve to a top-down, risk-driven, inherently business-aligned, dynamically adaptable, and evidence-based security management strategy.
• That looking at technology choices through the lens of risk controls (and the related data provided by technology that implements those controls) enables credible and transparent strategic tech portfolio management decisions that are immune to vendor preferences or the latest market(ing) fads.
• The need for meaningful security and risk measurement and the difference between leading and lagging indicators.
• The original intent of security and regulatory compliance as a model for proactive and consistent risk management (leading indicator), not just a historical reporting and audit function (lagging indicator).
• That managing risk, compliance, and security as distinct and separate functions is not only wasteful and inefficient, but denies the enterprise the ability to cross-leverage significant people, process, and technology investments
In the Security News: Don’t expose your supercomputer, auth bypass and command injection FTW, just patch it, using OSQuery against you, massive credential stuffing, backdoors in Harmony, looking at Android, so basically I am licensing my printer, hacking Tesla, injecting keystrokes over Bluetooth, and remembering the work of David L. Mills.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-814
With a recent increase in government attention on K–12 cybersecurity, there is a pressing need to shed light on the challenges school districts face in implementing necessary security measures. Why? Budgeting constraints pose significant obstacles in meeting recommended cybersecurity standards. Brian Stephens of Funds For Learning will discuss:
Here are links to the most current blog posts about Cybersecurity Notice of Proposed Rulemaking https://www.fundsforlearning.com/news/2023/11/dont-miss-your-chance-to-impact-e-rate-cybersecurity/, Wi-Fi hotspots https://www.fundsforlearning.com/news/2023/11/wi-fi-hotspots-proposed-for-e-rate-program/ and school bus Wi-Fi https://www.k12dive.com/news/fcc-approves-school-bus-wifi-e-rate/697337/. Funds For Learning also facilitated an informational webinar on the Cyberserucrity Notice for Proposed Rulemaking https://fundsforlearning.app.box.com/s/5gp9qr938qtgs0ug92nkgfvrjvtil4sf. Funds For Learning also conducts an annual survey for E-rate applicants to provide their feedback on the E-rate program. The responses are shared with the FCC through the Funds For Learnings annual E-rate Trends Report. https://www.fundsforlearning.com/e-rate-data/trendsreport/. Lastly, here is an article from Brian about cybersecurity and why it should be funded through E-rate https://www.eschoolnews.com/it-leadership/2023/09/29/will-cybersecurity-receive-e-rate-funding/
In the Security News: Bricked Xmas, If you can hack a wrench, PixieFail and disclosure woes, exposing Bigpanzi (more Android supply chain issues, 20 years of OpenWRT, Jamming, traffic lights, and batteries don’t work that well in the extreme cold. All that and more on this episode of Paul’s Security Weekly!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-813
Jared would like to discuss the evolution of purple teaming. Put bluntly, he believes traditional purple team approaches don’t test enough variations of attack techniques, delivering a false sense of detection coverage. He would like to talk about: The shortcomings of red team assessments and why most purple team assessments are too limited. How the testing landscape and requirements have changed (especially as organizations now look to validate vendor tools defense claims). How purple team assessments are evolving with the use of new frameworks like Atomic Testing. And the importance of building and selecting good test cases that cover the many ways attack techniques can be modified.
The Exploit Prediction Scoring System is Awesome, or so some say, Reflections on InfoSec, Why some people don’t trust science, SSH-Snake, Back in the Driver’s seat, I Hacked My Internet Service Provider, States & Congress wrestle with cybersecurity, Combining AI with human brain cells, analyzing linux-firmware, detecting BLE SPAM, and The I in LLM.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-812
Unleashing the Power of Crowdsourced Cybersecurity: A Conversation with Casey Ellis, Founder of Bugcrowd
️Meet Casey Ellis, the visionary entrepreneur who has redefined the landscape of cybersecurity through the groundbreaking platform he built – Bugcrowd. As the Founder and Chief Technology Officer of Bugcrowd, Casey Ellis has not only revolutionized the way organizations approach cybersecurity but has also championed the concept of crowdsourced security testing.
With an innate passion for hacking and a deep understanding of the evolving threat landscape, Casey embarked on a mission to democratize cybersecurity. In our upcoming podcast interview, delve into the dynamic journey of a self-proclaimed hacker turned cybersecurity pioneer.
Casey's brainchild, Bugcrowd, serves as a global community of ethical hackers and security professionals who collaborate to uncover and address vulnerabilities in digital systems. Learn how this innovative approach has empowered organizations across industries to proactively secure their digital assets, embracing the power of the collective in the fight against cyber threats.
A trailblazer in the cybersecurity space, Casey Ellis brings a unique perspective to the podcast as he shares insights on the challenges and triumphs of building Bugcrowd from the ground up. Explore the intersections of technology, security, and community-driven solutions with a leader who has not only disrupted the status quo but has also fostered a culture of continuous improvement and collaboration.
Join us for a riveting conversation as we uncover the secrets behind Bugcrowd's success, the evolving role of ethical hacking in today's digital landscape, and Casey's vision for a more secure and interconnected future. Whether you're a cybersecurity enthusiast, a tech aficionado, or simply curious about the forces shaping our digital world, this podcast episode with Casey Ellis is a must-listen.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/vault-psw-7
Dr. Diffie is a pioneer of public-key cryptography and was VP of Information Security and Cryptography at ICANN. He is author of "Privacy on the Line: The Politics of Wiretapping and Encryption".
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/vault-psw-6
AI generated description fun: "As the glasses are filled and the mood lightens, our veteran guests, each with a legendary tale or two tucked under their virtual belts, embark on a journey through the complex landscape of supply chain security. These old dogs share war stories, anecdotes, and hard-earned wisdom about the evolving challenges and threats that have shaped their illustrious careers. From the early days of computing to the present era of interconnected systems, our panelists delve into the intricacies of securing the supply chain. Expect insights on the timeless art of social engineering, the ever-expanding attack surface, and the unforeseen vulnerabilities that emerge when least expected."
Talking points:
Firmware security is a deeply technical topic that's hard to get started in. In this episode of Below the Surface, Xeno will discuss some past work in firmware security, and how he has organized resources such as a low level timeline (with over 300 talks), and free MOOC classes, to help teach people about firmware security.
Segment Resources: https://ost2.fyi https://darkmentor.com/timeline.html
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!
Show Notes: https://securityweekly.com/psw-811
Mr. Sharpe is a long-time (+30 years) Cybersecurity, Governance, and Digital Transformation expert with real-world operational experience. Mr. Sharpe has run business units and has influenced national policy. He has spent much of his career helping corporations and government agencies create value while mitigating cyber risk. This gives him a pragmatic understanding of the delicate balance between Business realities, Cybersecurity, and Operational Effectiveness. He began his career at NSA, moving into the Management Consulting ranks building practices at Booz Allen and KPMG. He subsequently co-founded two firms with successful exits, including the Hackett Group (NASDAQ HCKT). He has participated in over 20 M&A transactions. He has delivered to clients in over 20 countries on 6 continents.
Analyzing firmware with EMBA, TinyXML, and the ugly supply chain, ignoring vulnerabilities that allow attackers to turn off your vehicle, Android lock screen bypass and running water, LogoFAIL updates, and the confusing severity, you still haven’t patched Log4Shell, the password is 123456, and an amazing Bluetooth hack that affects you!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw-810
Join the Security Weekly crew in a riveting podcast episode where they delve into the fascinating realm of hardware hacking. Picture a dimly lit room resonating with the nostalgic hum of vintage computers, as our hosts explore the latest techniques using hardware, software, and firmware. Whether you're attempting to hack a specific device or crafting a custom creation to achieve a particular goal, this episode covers it all. Discover the intricacies of hardware hacking, including discussions on the tools and devices, such as the Flipper Zero. Uncover the reasons why alternatives might be superior in certain cases, yet explore the nuances of why the Flipper Zero has garnered a mixed reputation. In the midst of the Security News segment, the hosts tackle pressing topics, from the challenges of changing default passwords to the Flipper Zero, the absence of CVEs, deceptive "new" tools, the BIOS logo attack vector, secrets in a $15 router, the quirks of AI, and the intriguing Spectre based on linear address masking. With a blend of humor, mischief, and expert insights, this episode takes you on a journey through the evolving landscape of cybersecurity, reflecting on ethics, vulnerability disclosure practices, and the importance of collaboration in securing the digital frontier.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw-809
What will the future bring with respect to AI and LLMs? Josh has spent some time thinking about this and brings us some great resources. We'll discuss how to get students involved with AI in a safe and ethical manner. How can we use AI to teach people about cybersecurity? What tools are available and where do they fit into our educational systems that must change and adapt to the times? Join us for a fun discussion on what the future looks like with AI and the youth of today.
Segment Resources: https://docs.google.com/document/d/103FLvNRSwBhq-WgCbuykMvweT6lKf2lAASuP8OuuKIw/edit#heading=h.3inodmot2b77
Our good friend Matt Carpenter joins us to share his thoughts on what's going on in the world of AI and LLMs. Matt is also a hacker specializing in hardware and the crew has some amazing hardware hacking topics to discuss (as usual).
Segment Resources: https://garymarcus.substack.com/p/has-sam-altman-gone-full-gary-marcus
We navigate through dangerous cyber terrain, examining real-world examples like the WebP library and the Curl vulnerability. Critical issues in Zyxel firewalls will also be unmasked as we shed light on the urgency of improving vulnerability reporting and cataloging and addressing the often-overlooked problem of overclassifying harmless software bugs.
We then shifted gears to tackle the tricky subject of software vulnerability identification, focusing on a specific CVE that sparked intriguing debates. Learn why pinpointing the source of the vulnerability is vital to effective SBOMs. The journey doesn't end there - we'll uncover a newly discovered Bluetooth vulnerability, aptly named 'BLUFFS', and discuss its potential for exploitation, along with the ingenious solutions proposed by the researchers who unearthed it.
Brace yourself for a riveting finale as we delve into Akamai's recent research on DVR and router attacks, explore the risks of GPS spoofing, and discuss the importance of detection mechanisms. We'll also scrutinize the stereotype of hackers in pop culture, address the importance of handling vulnerabilities in software, and highlight the pressing issue of ransomware targeting healthcare. So buckle up and join us for this critical exploration into the world of software vulnerabilities as we decode the complexities and debunk some security myths.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw-808
Brian Snow spent his first 20 years at NSA doing and directing research that developed cryptographic components and secure systems. Many cryptographic systems serving the U.S. government and military use his algorithms; they provide capabilities not previously available and span a range from nuclear command and control to tactical radios for the battlefield. He created and managed NSA's Secure Systems Design division in the 1980s. He has many patents, awards, and honors attesting to his creativity.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/vault-psw-5
Attackers pursue the shortest path to achieve their goals in your app. With a tri-layered security architecture, you can force hackers to crawl through a triathlon in your app. What’s in the three layers, to detect attacks sooner, slow attackers down, and stop them fast? Let’s take a journey across the three layers and discuss how to gain control of user permissions, secure your cloud computing, and keep your customers and their users safe.
Segment description coming soon!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw-807
Austin spends the majority of his time thinking about ways to abuse LLMs, the impact of the attacks, and the effects on society. He brings a truly unique perspective to the way to use, attack, and verify output from AI LLM models. Whether you are just learning the ins and outs of LLMs or you were an early adopter, this segment is for you!
In the security news: do people still use mainframes? IoT and firmware security, Apple Find my-, Bluetooth is the gift that keeps on giving, to hackers that is, and more!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw-806