Paul’s Security Weekly (Audio)
Technology
Is there still a network or has it slipped away from us entirely? What about efforts for localization because people do not trust the cloud, its providers or its reliability (ala Twitter vs. the Fediverse?). Do you still need actual hardware firewalls? What about VPNs? How long will these devices still be around as everyone goes to the cloud and SDWAN technologies? And what about identity? If you can nail identity, doesn't that set you up to be a cloud-first organization? Join us for a discussion with Sinan and the security weekly hosts as we tackle these questions!
This segment is sponsored by Barracuda. Visit https://securityweekly.com/barracuda to learn more about them!
Eclypsium's research team has discovered 3 vulnerabilities in BMCs. Nate Warfield comes on the show to tell the full story! This has garnered much attention in the press:
* Original research post: https://eclypsium.com/2022/12/05/supply-chain-vulnerabilities-put-server-ecosystem-at-risk/
* https://www.securityweek.com/security-flaws-ami-bmc-can-expose-many-data-centers-clouds-attacks
* https://thehackernews.com/2022/12/new-bmc-supply-chain-vulnerabilities.html
* https://therecord.media/three-vulnerabilities-found-in-popular-baseboard-software/
* https://www.bleepingcomputer.com/news/security/severe-ami-megarac-flaws-impact-servers-from-amd-arm-hpe-dell-others/
* https://duo.com/decipher/trio-of-megarac-bmc-flaws-could-have-long-range-effects
* https://www.csoonline.com/article/3682137/flaws-in-megarac-baseband-management-firmware-impact-many-server-brands.html
In the Security News: ping of death returns, remembering when the Internet disconnected if your Mom picked up the phone, a 500-year-old cipher is cracked, VLC is always up-to-date, SIM swapper goes to prison, Rust is more secure but your supply chain is not, if you pwn the developer you win, you have too many security tools, Chrome zero days are not news, Log4Shell what changed?, Hive social again, ChatGPT, there's a vulnerability in your SDK, and it takes 3 exploits to pwn Linux, All that, and more, on this episode of Paul’s Security Weekly!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw766
Hacker Heroes - Josh Corman - PSW Vault
Pen Testing As A Service - Seemant Sehgal - PSW #830
The Impacts Of Cryptocurrency - Nicholas Weaver - PSW #829
Corporate Ransomware Deep Dive - Jeremiah Grossman, Mikko Hypponen - PSW #828
Kicking Off With Crypto - PSW #827
Advising The President On Cyber-Physical Resilience - Philip Venables - PSW #826
PCI 4.0 - Winn Schwartau - PSW #825
Digging Into Supply Chain Security - James McMurry - PSW #824
XZ - Backdoors and The Fragile Supply Chain - PSW #823
Are we winning? - Jason Healey - PSW #822
Securing All The Things - Josh Corman - PSW #821
Memory Safety, Re-Writing Software, and OSS Supply Chains - Omkhar Arasaratnam - PSW #820
Facing the Reality of Risk Prioritization - Bianca Lewis (BiaSciLab), Dan DeCloss - PSW #819
Social Engineering: AI & Living Off The Land - Jayson E. Street - PSW #818
Illuminating Cybersecurity Wisdom: Insights from a Thought Leader - Wendy Nather - PSW Vault
Physical Security and Social Engineering - Hacker Heroes: Toby Miller - PSW #817
You Can’t Defend What You Can’t Define - Sergey Bratus - PSW #816
Identifying Bad By Defining Good - Danny Jenkins - PSW #815
What Smart CISOs and Mature Orgs Get That Others Don’t About Cyber Compliance - Matt Coose - PSW #814
K-12 Cybersecurity - Brian Stephens - PSW #813
Create your
podcast in
minutes
It is Free
Insight Story: Tech Trends Unpacked
Zero-Shot
Fast Forward by Tomorrow Unlocked: Tech past, tech future
The Unbelivable Truth - Series 1 - 26 including specials and pilot
Lex Fridman Podcast