Federico Simonetti is the CTO of Xiid Corporation. Federico comes on the show to discuss How To Fix Identity & Access Management. Full Show Notes: https://wiki.securityweekly.com/Episode604 Follow us on Twitter: https://www.twitter.com/securityweekly

Julian Zottl is the Cyber and Information Operations SME at Raytheon. Julian joins us on the show to talk about side-channel attacks! Full Show Notes: https://wiki.securityweekly.com/Episode604 Follow us on Twitter: https://www.twitter.com/securityweekly

The top 5 mistakes that create field days for hackers, WordPress 5.2 brings new security features, a discontinued Insulin pump with security a security flaw in high demand, and how to communicate privately in the age of digital policing! Full Show Notes: https://wiki.securityweekly.com/Episode603 Follow us on Twitter: https://www.twitter.com/securityweekly

Chris Sanders is the Founder of Applied Network Defense & Rural Technology Fund. He is also the Director of the Rural Technology Fund, a non-profit that donates scholarships and equipment to public schools to further technical education in rural and high poverty areas. Full Show Notes: https://wiki.securityweekly.com/Episode603 Follow us on Twitter: https://www.twitter.com/securityweekly

Lesley Carhart is the Principal Threat Analyst at Dragos Inc.. Lesley has been performing digital forensics and incident response on unconventional systems and advanced adversary attacks for over a decade. Lesley will be discussing her transition from IT security to OT security, DFIR in ICS - What is it like doing forensics in this environment? Firmware? Micro-code?, and much more! Full Show Notes: https://wiki.securityweekly.com/Episode603 Follow us on Twitter: https://www.twitter.com/securityweekly

In the Security News, how Tenable experts found 15 flaws in wireless penetration systems, Julian Assange refused exfiltration to the US, PoC exploits for old SAP config flaws increase risk of attacks, and how 1.75 million dollars was stolen from a Church through a phishing attack! Full Show Notes: https://wiki.securityweekly.com/Episode602 Follow us on Twitter: https://www.twitter.com/securityweekly

Josh Abraham is in studio! He is a Staff Engineer at Praetorian, and he is going to talk about the MITRE attack framework for attackers! Full Show Notes: https://wiki.securityweekly.com/Episode602 Follow us on Twitter: https://www.twitter.com/securityweekly

We welcome Philip Niedermair from National Cyber Group. Philip is the CEO at National Cyber Group and he joins us to discuss the National Cyber Education Program! Full Show Notes: https://wiki.securityweekly.com/Episode602 Follow us on Twitter: https://www.twitter.com/securityweekly

Serious vulnerabilities found in Fujifilm x-ray devices, Facebook could be fined 5 billion over privacy violations, preinstalled malware on bootleg streaming devices, hackers using SIM swapping to steal cryptocurrency, and how a 29 year old computer scientist created the algorithm that took the first ever picture of a black hole! Full Show Notes: https://wiki.securityweekly.com/Episode601 Follow us on Twitter: https://www.twitter.com/securityweekly

Haroon Meer is the CEO and Researcher at Thinkst. He is coming on the show to talk about why hackers should create companies, and some of the technical details behind Thinkst' tool Canary! To get started with Canary, visit: https://securityweekly.com/canary Full Show Notes: https://wiki.securityweekly.com/Episode601 Follow us on Twitter: https://www.twitter.com/securityweekly

Guru Pandurangi is the CEO and Founder of Cloudneeti, to talk about how their SaaS product is delivering continuous cloud security and compliance assurance to businesses migrating or using cloud providers such as Azure, AWS, Office365, to develop and host their applications! To learn more about Cloudneeti, visit: https://securityweekly.com/cloudneeti Full Show Notes: https://wiki.securityweekly.com/Episode601 Follow us on Twitter: https://www.twitter.com/securityweekly

In the news, Bitcoin mining ban considered by China's economic planner, Yahoo strikes $117.5 million data breach settlement, Serious flaws leave WPA3 vulnerable to hacks that steal Wi-Fi passwords, WikiLeaks Founder Julian Assange arrested and charged in US with computer hacking conspiracy, and How HTML5 Ping Is Used in DDoS Attacks. Full Show Notes: https://wiki.securityweekly.com/Episode600 Follow us on Twitter: https://www.twitter.com/securityweekly

Merissa Villalobos is the North America Talent Acquisition Leader for NCC Group, a global security consulting firm and has been recruiting in security for 10 years. She got her start in Virginia, at a Federal Government contractor, filling roles for the intelligence community and various Government Agencies. Jessica Gulick leads Katzcy Consulting, a growth hacker company that helps tech firms grow through strategy, market research, and digital marketing. With 20+ years in cybersecurity, she is a seasoned cybersecurity manager, marketer, consultant, and expert with a substantial network of technical and executive peers. Full Show Notes: https://wiki.securityweekly.com/Episode600 Follow us on Twitter: https://www.twitter.com/securityweekly

Gabriel Gumbs is the VP of Product Management at Spirion where his focus is on the strategy and technology propelling Spirion’s rapidly-growing security platform. A cybersecurity industry veteran with a 19 year tenure in CyberSecurity, he has spent much of that time as a security practitioner, aligning security innovations with business objectives for Fortune 100 organizations. Gabriel is an information security thought leader, privacy advocate and public speaker. Full Show Notes: https://wiki.securityweekly.com/Episode600 Follow us on Twitter: https://www.twitter.com/securityweekly

In the Security News, Attackers exploiting IMAP to bypass MFA on O365 and G-Suite accounts, Vietnam's OceanLotus Group Ramps up hacking car companies, UC Browser violates Google Play Store Rules, & how Russia is spoofing GPS Signals on a massive scale! Full Show Notes: https://wiki.securityweekly.com/Episode599 Follow us on Twitter: https://www.twitter.com/securityweekly

In the Technical Segment, we welcome back our friend Chris Brenton, Chief Operating Officer at Active Countermeasures, to discuss why threat hunting is the missing link between our protection tools and our response tools, and will take a deep dive into the AI Hunter! To learn more about Active Countermeasures and to get the slides for the Technical Segment today, visit: https://securityweekly.com/acm Full Show Notes: https://wiki.securityweekly.com/Episode599 Follow us on Twitter: https://www.twitter.com/securityweekly

This week, we welcome back Mary Beth Borgwing, President and Founder of of the Cyber Social Club, to talk about Uniting Women in Cyber! Full Show Notes: https://wiki.securityweekly.com/Episode599 Follow us on Twitter: https://www.twitter.com/securityweekly

In the Security News, how Android Q will come with improved privacy protections, hacked tornado sirens taken offline ahead of a major storm, and how Putty released an update that fixed 8 new security flaws! Full Show Notes: https://wiki.securityweekly.com/Episode598 Follow us on Twitter: https://www.twitter.com/securityweekly

In this segment, we run a Technical Demo with our sponsor DomainTools, all about Domain Investigation with DomainTools Iris! To learn more about DomainTools, visit: https://securityweekly.com/domaintools Full Show Notes: https://wiki.securityweekly.com/Episode598 Follow us on Twitter: https://www.twitter.com/securityweekly

Marcus Carey is the Founder & CEO at Threatcare. Navy Cryptologist turned cybersecurity entrepreneur, Marcus Carey is Currently working as founder and CEO of cybersecurity company Threatcare. He joins us talk about the book that he Co-Authored, "Tribe of Hackers"! Full Show Notes: https://wiki.securityweekly.com/Episode598 Follow us on Twitter: https://www.twitter.com/securityweekly

We interview Carsten Williams, Co-Founder and CEO at VMRay, discussing malware sandboxing! Carsten is the original developer of CWSandbox, a commercial malware analysis suite that was later renamed to GFI Sandbox, and now Threat Analyzer by ThreatTrack Security. To learn more about VMRay, visit: https://securityweekly.com/vmray Full Show Notes: https://wiki.securityweekly.com/Episode597 Follow us on Twitter: https://www.twitter.com/securityweekly

New WordPress flaw lets unauthenticated remote attackers hack sites, Tesla allegedly spied on and ran a smear campaign on a whistleblower, Facebook and Instagram suffer most severe outage ever, a man drives 3,300 miles to talk to YouTube about a deleted video, and what do sexy selfies, search warrants, and tax files have in common? Full Show Notes: https://wiki.securityweekly.com/Episode597 Follow us on Twitter: https://www.twitter.com/securityweekly

We welcome Peter Smith, Founder and CEO of Edgewise to talk about the evolution of Zero Trust! Smith, Edgewise Founder and CEO, is a serial entrepreneur who built and deployed Harvard University’s first NAC system before it became a security category. Peter brings a security practitioner’s perspective to Edgewise with more than ten years of expertise as an infrastructure and security architect of data centers. To learn more about Edgwise, visit: https://securityweekly.com/edgewise/ Full Show Notes: https://wiki.securityweekly.com/Episode597 Follow us on Twitter: https://www.twitter.com/securityweekly

YouTube controversy on ALL fronts, Cisco SOHO wireless VPN firewalls and routers open to attack, Ring doorbell flaw opens door to spying, bot plagues, free hacking toolkits, and everything you need to know about the Huawei controversy! Full Show Notes: https://wiki.securityweekly.com/Episode596 Follow us on Twitter: https://www.twitter.com/securityweekly

David Marble is the President & CEO at OSHEAN. David joins us to talk about what to expect at at this years Rhode Island Cybersecurity Exchange Day! This conference will be held on March 13th 2019 from 9am to 3pm at Salve Regina University, w/ a featured keynote by our Founder and CTO, Paul Asadoorian! Full Show Notes: https://wiki.securityweekly.com/Episode596 Follow us on Twitter: https://www.twitter.com/securityweekly

Allan Liska is the Senior Solutions Architect at Recorded Future. Allan talks about threat intelligence – no longer just for the secret squirrels among us. While the term can elicit reactions ranging from exasperated sigh to flashbacks of security buzzword bingo circa 2015, Recorded Future is delivering on the industry promise – actionable intelligence for all security pros. Get Trending Threat Insights Delivered to Your Inbox, at: https://securityweekly.com/recordedfuture Full Show Notes: https://wiki.securityweekly.com/Episode596 Follow us on Twitter: https://www.twitter.com/securityweekly

In the Security News, password managers leaking data in memory, security analysts are only human, Splunk changes position of Russian customers, Google admits error over hidden microphone, and a nasty code-execution bug in WinRAR threatened millions of users for 14 years! Full Show Notes: https://wiki.securityweekly.com/Episode595 Follow us on Twitter: https://www.twitter.com/securityweekly

Steve Brown, Keynote Speaker at SecureWorld Boston 2019 to discuss his talk about Building Your Strategic Roadmap for the Next Wave of Digital Transformation! Full Show Notes: https://wiki.securityweekly.com/Episode595 Follow us on Twitter: https://www.twitter.com/securityweekly

Marcello Salvati, Security Analyst at our sponsor Black Hills Information Security, to give some updates on his Post Exploitation Tool SILENTRINITY! Sign up for the BHIS Mailing List to receive updates about upcoming webcasts, blogs, and open-source tools from our testers at: https://securityweekly.com/bhis Full Show Notes: https://wiki.securityweekly.com/Episode595 Follow us on Twitter: https://www.twitter.com/securityweekly

Why it's way too easy to sell counterfeit goods on amazon, how to defend against the runC container vulnerability, creating a dream team for the new age of cyber security, how you can get a windows 95 emulator for Windows 10, Linux, or MAC, DEF CON goes to Washington, and InfoSec institutes top podcasts that take your computer skills to the next level! Full Show Notes: https://wiki.securityweekly.com/Episode594 Follow us on Twitter: https://www.twitter.com/securityweekly

There are quite a few choices for selecting open-source and inexpensive hardware to build your network and provide tools to monitor for security events. In this segment we'll discuss some of the options, the pros and cons of each, limitations, and really cool features! Includes coverage of Qotom hardware, how to procure enterprise-grade switches, the right cabling, and OPNSense and pfSense. Full Show Notes: https://wiki.securityweekly.com/Episode594 Follow us on Twitter: https://www.twitter.com/securityweekly

Harry Sverdlove, Chief Technology Officer of Edgewise for an interview, to talk about The Future of Firewalls! To learn more about Edgewise, visit: https://www.securityweekly.com/edgewise Full Show Notes: https://wiki.securityweekly.com/Episode594 Follow us on Twitter: https://www.twitter.com/securityweekly

Connie Mastovich is the Sr. Security Compliance Analyst at Reclamere and she will be speaking at InfoSec World 2019. Connie's talk will be about "The Dark Web 2.0: How It Is Evolving, and How Can We Protect Ourselves?" Connie teases her talk and explains how to protect ourselves, our clients, and the information that we handle daily. Full Show Notes: https://wiki.securityweekly.com/Episode593 Follow us on Twitter: https://www.twitter.com/securityweekly

DetectionLab is a collection of Vagrant and Packer scripts that allows you to automate the creation of a small active directory network that is pre-loaded with endpoint security tooling and logging best practices with a single command. It's cross-platform and the only requirements to bring up the lab are are Virtualbox / VMware and Vagrant. Full Show Notes: https://wiki.securityweekly.com/Episode593 Follow us on Twitter: https://www.twitter.com/securityweekly

5G networks must be secured from hackers and bad actors, zero-day vulnerability highlights the responsible disclosure dilemma, a flaw in multiple airline systems exposes passenger data, security bugs in video chat tools enable remote attackers, and an original World War 2 German message decrypts to go on display at the National Museum of Computing! Full Show Notes: https://wiki.securityweekly.com/Episode593 Follow us on Twitter: https://www.twitter.com/securityweekly

In the Security News, 5 tips for access control from an ethical hacker, Japan is to hunt down Citizens insecure IoT devices, kid tracking watches allow attackers to monitor real time location data, and Imperva mitigate a DDoS attack generated 500 million packets per second! Full Show Notes: https://wiki.securityweekly.com/Episode592 Follow us on Twitter: https://www.twitter.com/securityweekly

In our second segment, the Security Weekly hosts will discuss the Future of Security, such as major changes, evolving threats, and security culture! Full Show notes: https://wiki.securityweekly.com/Episode592 Follow us on Twitter: https://www.twitter.com/securityweekly

Benjamin Daniel Mussleris the Senior Security Researcher at Acunetix. Benjamin will come on the show to talk about Web App Scanning with authentication. Full Show Notes: https://wiki.securityweekly.com/Episode592 Follow us on Twitter: https://www.twitter.com/securityweekly

Two code execution flaws patched in Drupal, 773 million records exposed in massive data breach, prices for zero-day exploits are rising, new attacks target recent PHP framework vulnerability, and Microsoft launches a new Azure DevOps Bug Bounty program! Full Show Notes: https://wiki.securityweekly.com/Episode590 Follow us on Twitter: https://www.twitter.com/securityweekly

Joff will demonstrate some syntax with PowerShell useful for transferring data into a network while pen testing. The technical segment assumes that the pen testing is able to directly use PowerShell from the console itself, although the techniques can be adapted for different purposes. To learn more about BHIS, visit: https://securityweekly.com/bhis Full Show Notes: https://wiki.securityweekly.com/Episode590 Follow us on Twitter: https://www.twitter.com/securityweekly

Dr. Eric Cole is the leading cybersecurity expert in the world, known as the go-to for major political and business power players. Full Show Notes: https://wiki.securityweekly.com/Episode590 Follow us on Twitter: https://www.twitter.com/securityweekly

Why Hyatt Is Launching a Public Bug Bounty Program, Amazon Key partners with myQ, Web vulnerabilities up, IoT flaws down, enterprise iPhones will soon be able to use security dongles, and how El Chapo's IT manager cracked his encrypted chats and brought him down! Full Show Notes: https://wiki.securityweekly.com/Episode589 Follow us on Twitter: https://www.twitter.com/securityweekly

Kory Findley talks about his Github project pktrecon. Internal network segment reconnaissance using packets captured from broadcast and service discovery protocol traffic. pktrecon is a tool for internal network segment reconnaissance using broadcast and service discovery protocol traffic. Individual pieces of data collected from these protocols include hostnames, IPv4 and IPv6 addresses, router addresses, gateways and firewalls, Windows OS fingerprints, and much more. This data is correlated and normalized with attackers in mind, and provides an effective method of initiating an engagement and obtaining as much target data as possible before resorting to more active methods. Full Show Notes: https://wiki.securityweekly.com/Episode589 Follow us on Twitter: https://www.twitter.com/securityweekly

Bryson is the Founder and CEO of SCYTHE and Founder of GRIMM. He comes on the show to talk about Attack Simulation. To learn more about SCYTHE.io, go to: https://www.scythe.io/securityweekly Full Show Notes: https://wiki.securityweekly.com/Episode589 Follow us on Twitter: https://www.twitter.com/securityweekly

Cellular carriers are implementing services to identify cell scam leveraging, New Android Malware uses motion sensor to avoid detection, Linux Malware disables security software to mine cryptocurrency, and how a Hacker threatened a family using a Nest Camera to broadcast a fake missile attack alert! Full Show Notes: https://wiki.securityweekly.com/Episode591 Follow us on Twitter: https://www.twitter.com/securityweekly

Hijacking smart TV's to promote PewDiePie, hackers attempt to sell stolen 9/11 documents, turning your house into a DOOM level with a Roomba, and hopefully you're over that New Year's hangover, because there's an Adobe PDF app patch to install! Full Show Notes: https://wiki.securityweekly.com/Episode588 Follow us on Twitter: https://www.twitter.com/securityweekly

In our second segment, the Security Weekly hosts talks about some of our favorite hacker movies, influencers in the community, and what software and devices make appearances in our labs! Full Show Notes: https://wiki.securityweekly.com/Episode591 Follow us on Twitter: https://www.twitter.com/securityweekly

The Security Weekly crew has a lively topic discussion on the following: Security Breaches, Privacy, Vulnerability Disclosure, Evaluating Security Solutions, and Compliance. Full Show Notes: https://wiki.securityweekly.com/Episode588 Follow us on Twitter: https://www.twitter.com/securityweekly