Security Weekly Podcast Network (Video)
Technology
We look into the supply chain saga of the XZ Utils backdoor. It's a wild story of a carefully planned long con to add malicious code to a commonly used package that many SSH connections rely on. It hits themes from social engineering and abuse of trust to obscuring the changes and suppressing warnings. It also has a few lessons about software development, the social and economic dynamics of open source, and strategies for patching software.
It's an exciting topic partially because so much other appsec is boring. And that boring stuff is important to get right first. We also talk about what parts of this that orgs should be worried about and what types of threats they should be prioritizing instead.
Segment Resources:
Show Notes: https://securityweekly.com/asw-280
The VC Perspective: Embracing Uncertainty & Staying the Course - Alberto Yépez - BSW Vault
Secure Code From the Start, Security Validation & Platformization - Maxime Lamothe-Brassard, Volkan Ertürk, Chris Hatter - ESW #363
Gold Pressed Latinum, VBScript, ORBS, Rockwell, Chrome, SKY, Aaran Leyland, and More - SWN #389
Unified Identity Security, Identity is Under Attack & Identity is Security - Andre Durand, David Bradbury, Wendy Wu - ESW #363
This Week: short on funding, long on research and analysis - ESW #363
Exploits Make You More Secure - PSW #830
Pen Testing As A Service - Seemant Sehgal - PSW #830
Unpacking XDR & Business Applications - Chris Thomas, Oliver Tavakoli - ASW #286
Big Tech, Fighting a Junta, Keylogger in Microsoft, APT Hackers, Free Laundry, Josh - SWN #388
Node.js Secure Coding - Liran Tal - ASW #286
2024 Cyber Resilience Trends & Leveling the Cybersecurity Playing Field - Theresa Lanowitz, Jim Simpson - BSW #351
Security Money: Rubrick Saves The Index As It Continues To Climb - BSW #351
AI SOC Solutions, Revamp Your Cybersecurity, & Nightwing Introduction - Jon Check, Ricardo Villadiego, Jim McDonough - ESW #362
Microsoft, North Korea, Santander, CISA, Deepfakes, Aaran Leyland & More - SWN #387
Vulnrichment, Hardware Hacking, VPNs - PSW #829
Flexxon Server Defender, Unforeseen Innovation Outcomes, & Security through Data - Jeetu Patel, Amit Sinha, Camellia Chan - ESW #362
The Impacts Of Cryptocurrency - Nicholas Weaver - PSW #829
Post-RSAC, Our Heads Are Spinning, and Big News Keeps on Coming! - ESW #362
The Enterprise Browser & AI in Securing Software and Supply Chains - Mike Fey, Josh Lemos - ASW #285
3000 Years Ago, Dell, Robocalls, PyPI, Cinterion, Cacti, Chat-GPT, Josh Marpet... - SWN #386
Create your
podcast in
minutes
It is Free
Insight Story: Tech Trends Unpacked
Zero-Shot
Fast Forward by Tomorrow Unlocked: Tech past, tech future
The Unbelivable Truth - Series 1 - 26 including specials and pilot
Acquired