In the Security News, If software got a security grade, most would get an F, SolarWinds hackers got some source code, new old bugs in the Linux kernel, hack stuff and get blown up, stop hacking "beer", weekly Chrome zero day, Mirai lives, long live Marai, how attackers could intercept your text messages, and rigging the election, the Homecoming Queen election that is.   Register to attend Joff Thyer's upcoming Wild West Hacking Fest course "Enterprise Attacker Emulation and C2 Implant Development": http://bit.ly/JoffsC2Class   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw687

Dan will run through some customer testimonials on how they are using Plextrac effectively to get the real work done in security! This segment is sponsored by PlexTrac.   Visit https://securityweekly.com/plextrac to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw687

Assaf Dahan, Sr Director, Head of Threat Research at Cybereason, discusses current trends in ransomware research. What happens when we're not watching or watching the wrong indicators? And threat actor handoff off pillaging to Cyber Merenaries.   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw686

Microsoft Exchange had some vulnerabilities, how could you not hear about them?, Russians try to throttle Twitter, silicon valley security camera company has been breached and we get to see what it looks like as they make Teslas in China, Did I mention that there was an Exchange hack?, free tool release to help secure the supply chain (but not Russians with bags of cash), the best practices aren't always the best, advanced Linux malware and how not to encrypt C2 and hide files, and network-based multi-domain macro-segmentation situational awareness for compliance, & more!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw686

David has been studying the structure, size and scope of illicit markets for over 10 years. He has come to realize just how fragmented illicit markets are, how a few select vendors often control most of the sales, and how important social bonds are even in the context of anonymous illicit markets.   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw686

This week, In the Security News, Calling all people who know how to patch MS Exchange servers, we need you, Rockwell Automation PLC flaws and what you can't do about it, a book review I agree with, be careful what you expose at home, yet another Chrome 0day, jailbreak your iPhone, the cybersecurity consolidation, and taking back the term "Hacker", for real this time!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw685

Paul recently built a new PC for daily work and security-related tasks. It's a monster PC! The build was researched heavily, and in this segment, Paul will share all the tips and tricks to you can build the same or similar PC!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw685

Phillip will discuss his passion for offensive cybersecurity education, mentoring, and getting started in pentesting. He co-authored a book based on his conference talk "The Pentester Blueprint: Starting a Career as an Ethical Hacker." He will also talk about his community involvement with the Innocent Lives Foundation, The Pwn School Project, and Hacking is NOT a Crime.   His book: https://www.wiley.com/en-us/The+Pentester+BluePrint%3A+Starting+a+Career+as+an+Ethical+Hacker-p-9781119684305 The Pwn School Project meetup: https://pwnschool.com/  INE (https://ine.com), Phillip's employer offers a free starter pass for training in four different areas of technology; Penetration Testing Student, Getting started in networking, Azure fundamentals, first steps in data science with Python: https://checkout.ine.com/starter-pass   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw685

This week In the Security News, Nvidia tries to throttle cryptocurrency mining, Digging deeper into the SolarWinds breach, now with executive orders, NASA's secret message on Mars, vulnerabilities in Python and Node.js, hacking TVs and AV gear, nation state hacking galore, patch your VMWare vCenter, and is a password manager worth your money!?!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw684

Bryan will talk about how and why he wire-tapped the US Secret Service and FBI, how he used his Marine Corps training, cyber abilities, social engineering, and OSINT to rescue his foster daughter from being trafficked. Bryan will then explain what he does with Cyemptive, his day job.   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw684

Peter will tell the story behind the story of his new book "Confessions of a CIA Spy - The Art of Human Hacking" including key highlights from the book regarding data protection. Peter's new book is available on Amazon: https://amazon.com   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw684

“Wheel” was part of the team that discovered the heap overflow vulnerability in SUDO, Baron Samedit (CVE-2021-3156), that impacted major Unix-like operating systems included Linux, macOS, AIX and Solaris. He’ll provide an overview of the vulnerability and then dive into a technical discussion of the research.   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw683

This week in the Security News, Police Playing copyrighted music to stop video of them being posted online, Border agents can search phones freely under new circuit court ruling, Microsoft warns enterprises of new 'dependency confusion' attack, Old security vulnerability left in millions of IoT devices, A 'Simple And Yet Robust' Hand Cipher, Zero Trust in the Real World , Clubhouse And Its Privacy & Security Risks, Google launches Open Source Vulnerabilities database, Hacker Tries to Poison Water Supply , Cyberpunk 2077 makers CD Projekt hit by ransomware hack, Multiple Security Updates Affecting TCP/IP, Microsoft’s Remote Desktop Web Access Vulnerability, & more!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw683

In this segment we'll unpack "Zero Trust", what does it mean and how can it be applied as a concept to information security today? It certainly begs the question what and who do you trust? Often without too much thought, we trust software, machines, and people. Each time you run an "apt upgrade" (using sudo!), you are implying trust. When you deploy that enterprise monitoring software (*cough* Solarwinds *cough*), you have to trust it, but to what degree? Tune in to find out more!   This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscaler to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw683

Security in a Complex World, Huawei’s HarmonyOS embodies “Fake it till you make it”, Hackers Infiltrating the World of Online Gaming, Sloppy patches breed zero-day exploits, Dutch researcher hacks prepaid vending machines, When was the last time you said: "Hey, that web app on that IoT/network device was really secure!"? Test Amber Alert accidentally sent out warning of Chucky from the Child’s Play horror movies, Major Vulnerabilities Discovered in Realtek RTL8195A Wi-Fi Module, New Linux malware steals SSH credentials from supercomputers, From Microsoft: how not to run Docker in Azure Functions.   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw682

Bill will provide insight on best practices for internet safety, for work from home, family-friendly internet habits which leads to the conversation of secure chats/files, & more!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw682

Small federal contractors are being required to become compliant with a new standard, CMMC. They've never had to do the level of security and compliance maturity that it requires! What do they do? Who can they talk to?   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw682

In the Security News, why privacy is like bubble wrap, South African government releases its own browser just to re-enable flash support, former Lulzsec hacker releases VPN zero-day used to hack hacking team, how a researcher broke into Microsoft VS code’s Github, & how criminals use a deceased employee’s account to wreak havoc!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw681

Today’s segment will discuss effective assessments, the maturity of your security posture, and the composition of your team. Specific topics in the episode include the what, when, and how of conducting assessments, addressing the cybersecurity talent shortage, and facilitating automated assessments. Lastly, we’ll discuss what makes you feel ready for what’s headed your way.   This segment is sponsored by PlexTrac. Visit https://securityweekly.com/plextrac to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw681

What is XDR? How do we know the security protections we're investing in are working? All this and Paul's CBD Pineapple Pizza Drink on this week's show.   This segment is sponsored by Kenna Security. Visit https://securityweekly.com/kennasecurity to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw681

In the Security News, How two authors became part of WRT54G hacking history, European police and German law enforcement have taken down the illegal "DarkMarket" online marketplace, 70 unpatched Cisco vulnerabilities and why these are not a big deal, Adobe is blocking Flash content, most containers still run as root, watching private videos on YouTube is more like silent films, and get a free bag of weed when you get your vaccine!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw680

Ubiquiti network gear has become a favorite among tech enthusiasts, but various Ubiquiti products have had some serious vulnerabilities in recent history. Listen in as we discuss hack, secure, and learn with Ubiquiti gear. We'll also discuss Ubiquiti's data breach announced Jan. 11and what that could mean to the security of your network.   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw680

Ryan Noon joins Paul, and the rest of the PSW team, this week to chat through the importance of resilience in everything companies do to protect cloud-stored data and IP, unpack growing enterprise demand for a "digital seatbelt," and explain why Material takes a fresh approach to email security: building products with the assumption that bad actors will successfully hack inboxes.   This segment is sponsored by Material Security. Visit https://securityweekly.com/materialsecurity to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw680

In the Security News, Nissan Source code leaked, how the shady 0-Day sales game is evolving, Hack the Army 3.0 announced, creating your own custom encryption in python, FBI warns of swatting attacks targeting your smart device, & the rise of Uncaptcha3!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw679

-What are we seeing from infosec graduates as they come into the enterprise to begin their careers? -How has data privacy changed since 2014? -Is the cloud a solution, or creates more problems? -How does the changing model of application architecture and security testing improve things? (DevOps, "shift left" testing, IAST, etc.)   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw679

The way we identify, prioritize, and mitigate software vulnerabilities was built in the reverse order. Why did it happen? Could a new remediation strategy finally form an alliance between IT and security teams?   This segment is sponsored by Vicarius. Visit https://securityweekly.com/vicarius to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw679

In the Security News, How suspected Russian hackers outed their massive cyberattack, Millions of Unpatched IoT, OT Devices Threaten Critical Infrastructure, Zodiac Killer Cipher Solved, a Security Researcher states ‘solarwinds123’ Password Left Firm Vulnerable in 2019, Why the Weakest Links Matter, and a 26-Year-Old Turns ‘Mistake’ of Being Added to an Honors Geometry Class to Becoming a Rocket Scientist!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw678

SolarWinds is just the latest example of how the enterprise software supply chain, when compromised, can be used successfully by attackers. These coordinated and well-managed attacks prey on trust, so how can we trust our enterprise software?   This segment is sponsored by Edgewise Networks. Visit https://securityweekly.com/edgewise to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw678

In this world of countless vulnerabilities, we need to find a way to identify threats. Prioritizing known vulnerabilities is a step in the right direction but definitely not enough. There is a need for a customized identifying threat process.   This segment is sponsored by Vicarius. Visit https://securityweekly.com/vicarius to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw678

Hacking matters. The term hacking has gotten away from us over the years. I believe we've reclaimed it, to a certain extent. The goal of this panel is to discuss all things hacking culture. What does it mean to be a hacker and how do we preserve the hacking ideology?   This segment is sponsored by Innocent Lives Foundation. Show Notes: https://securityweekly.com/psw677   Visit https://securityweekly.com/ilf to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! 

We often hear that offensive security techniques are "sexier" than defensive blue team techniques. In this panel discussion, we attempt to level the playing field (on so many levels...) between attackers and defenders. Keeping the evil attackers out of our networks and systems is a daunting task that requires creative thinking and creative solutions.   This segment is sponsored by RiskSense. Show Notes: https://securityweekly.com/psw677   Visit https://securityweekly.com/risksense to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes!

Join us for a lively discussion surrounding the topic of penetration testing. Sure, we've called out differences between vulnerability scanning and penetration testing. Moving past this particular issue, we'll explore how to effectively use penetration testing in your environments.   This segment is sponsored by Core Security, A Help Systems Company. Visit https://securityweekly.com/coresecurity to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw677

Ed Skoudis returns to talk to us about the Holiday Hack Challenge! Then, in the Security News, Thousands of unsecured medical records were exposed online, Advanced Persistent Threat Actors Targeting U.S. Think Tanks, WarGames for real: How one 1983 exercise nearly triggered WWIII , The Supreme Court will hear its first big CFAA case, TrickBoot feature allows TrickBot to run UEFI attacks, and Cyber Command deployed personnel to Estonia to protect elections against Russian threat!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw676

Ensure all your data is secure, without impacting the business.   This segment is sponsored by SecureCircle. Visit https://securityweekly.com/securecircle to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw676

More computers, more software, and faster development cycles lead to more vulnerabilities. The security and IT teams are put under immense pressure to tackle the growing number of vulnerabilities with the same old tools that can’t keep up with the requirements. New technologies emerged to bridge that gap and allow the security team to solve the whole problem, end-to-end, in a seamless manner.   This segment is sponsored by Vicarius. Visit https://securityweekly.com/vicarius to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw676

In the Security News, Verizon has suggestions on how to make DNS more secure, Microsoft is trying to fix another Kerberos vulnerability, Bumble made some security blunders, why trying to write an article about rebooting your router was a terrible idea, popping shells on Linux via the file manager, Trump fired Krebs, backdoors on your TV and why PHP is still a really bad idea!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw675

Michael takes us through some of the common AI and ML methods of data science and how they apply to our InfoSec problems.   This segment is sponsored by Kenna Security. Visit https://securityweekly.com/kennasecurity to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw675

Jamie and Karsten join us for a discussion about recent attack trends, threat actors, and campaigns carried out by malicious threat actors. Everything from gift card scams to the latest techniques used by attacks for successful phishing campaigns!   This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecast to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw675

In the Security News, not all cyberattacks are created equal, Google patches two more Chrome zero days, What does threat intelligence really mean, Cobalt Strike leaked source code, DNS cache poisoning is back, and Zebras & Dots!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw674

Sumedh and Badri discuss challenges associated with container Security & DevOps need for visibility into containers. Qualys' new approach to runtime security.   This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw674

Attackers have repeatedly demonstrated that they can evade perimeter defenses to compromise a system inside the network. Once they get in, they must break out from that beachhead, conduct discovery, credential theft, lateral movement, privilege escalation, and data collection activities. Suppose they go looking for locally stored files or network shares and instead see nothing of value? What if they query Active Directory and don’t get real credentials in the responses? What if they look for ports or services to attack, and instead, their connections get redirected to systems with no value? If they can’t see and access data or accounts that move them forward, they can’t attack anything of value. Learn how deception and concealment technology can deny, detect, and disrupt attackers when they first enter the network.   This segment is sponsored by Attivo Networks. Visit https://securityweekly.com/attivonetworks to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw674

In the Security News, Deception Technology: No Longer Only A Fortune 2000 Solution, Windows 10 zero-day could allow hackers to seize control of your computer, A Nameless Hiker and the Case the Internet Can't Crack, New Chrome Zero-Day Under Active Attacks, PornHub Has Been Blocked In Thailand, 3 actively exploited zero days on iOS, and Someone Just Emptied Out a $1 Billion Bitcoin Wallet!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw673

Runbooks can be a game changer when it comes to executing proactive security assessments and tabletop exercises. This segment will highlight how to use runbooks to enhance your proactive security assessment program and highlight their different use cases.   This segment is sponsored by PlexTrac. Visit https://securityweekly.com/plextrac to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw673

Learn how JWTs are implemented, both the correct way and the insecure way. Spoiler alert, most implement them insecurely. Sven will also show you some of the common attacks against JWTs, for use in your next penetration test, bug bounty, or conversation with your developers!   This segment is sponsored by Netsparker. Visit https://securityweekly.com/netsparker to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw673

In the Security News, the KashmirBlack botnet is behind attacks on CMSs such as WordPress, Joomla, and Drupal, Cybercriminals are Coming After Your Coffee, irriation systems and door openers are vulnerable to attacks, if you have Oracle WebLogic exposed to the Internet you are likely already pwned, who needs Internet Explorer any longer? and why isn't MFA more popular?!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw672

Polarity uses computer vision that works like augmented reality for your data. It's not a new dashboard to search or a new portal to manage. Polarity augments your existing workflows, enriching your view as you do your work so you can see the story in your data without sacrificing thoroughness or speed. We'll be talking about how analysts are using Polarity to balance thoroughness and speed.   This segment is sponsored by Polarity. Visit https://securityweekly.com/polarity to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw672

Only integrating vulnerability characteristics to determine risk leaves half the prioritization canvas empty. Observing and analyzing user interaction and other surrounding software characteristics provide the rich contextual clues to complete the picture.   This segment is sponsored by Vicarius. Visit https://securityweekly.com/vicarius to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw672

In the Security News, Testing firm NSS Labs closes up shop, stringing vulnerabilities together to pwn the Discord desktop app, a Wordpress plugin aimed at protecting Wordpress does the opposite, the FDA approves the use of a new tool for medical device vulnerability scoring, 8 new hot, steamy, moist cybersecurity certifications, and 5 things you can do to secure your home office without hiring an expert!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw671