Security Weekly Podcast Network (Audio)
Technology
We look into the supply chain saga of the XZ Utils backdoor. It's a wild story of a carefully planned long con to add malicious code to a commonly used package that many SSH connections rely on. It hits themes from social engineering and abuse of trust to obscuring the changes and suppressing warnings. It also has a few lessons about software development, the social and economic dynamics of open source, and strategies for patching software.
It's an exciting topic partially because so much other appsec is boring. And that boring stuff is important to get right first. We also talk about what parts of this that orgs should be worried about and what types of threats they should be prioritizing instead.
Segment Resources:
OWASP leaks resumes, defining different types of prompt injection, a secure design example in device-bound sessions, turning an ASVS requirement into practice, Ivanti has its 2000s-era Microsoft moment, HTTP/2 CONTINUATION flood, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-280
A CISO’s Perspective, Defending Against AI & Ransomware Evolution - Kris Lahiri, Jim Broome, Mike Lyborg - ESW Vault
Securing Backups - SWN Vault
Achieving Cyber Resilience, External Cybersecurity & Risk Reduction - Margarita Barrero, Andy Grolnick, Alexandre Sieira - ESW Vault
Exploring the latest FortiGuard Labs Threat Report - Derek Manky - ESW Vault
Hacker Heroes - Josh Corman - PSW Vault
Securing Shadow Apps & Protecting Data - Guy Guzner, Pranava Adduri - ASW Vault
Collecting Bounties and Building Communities - Ben Sadeghipour - ASW Vault
College Degrees - SWN Vault
Shifting Third Party Risk & What You Need to Know About PCI DSS 4.0 - Lynn Marks, Paul Valente - BSW Vault
The VC Perspective: Embracing Uncertainty & Staying the Course - Alberto Yépez - BSW Vault
This Week: short on funding, long on research and analysis & RSAC Interviews - ESW #363
Pen Testing As A Service - Seemant Sehgal - PSW #830
SWN #388- Big Tech, Fighting a Junta, Keylogger in Microsoft , APT Hackers, Free Laundry, Joshua Marpet & more
Node.js Secure Coding - Oliver Tavakoli, Chris Thomas, Liran Tal - ASW #286
Security Money: Rubrick Saves The Index As It Continues To Climb - Jim Simpson, Theresa Lanowitz - BSW #351
Microsoft, North Korea, Santander, CISA, Deepfakes, Aaran Leyland & More - SWN #387
Post-RSAC, Our Heads Are Spinning, and Big News Keeps on Coming! Plus On-Site Interviews from RSAC - ESW #362
The Impacts Of Cryptocurrency - Nicholas Weaver - PSW #829
3000 Years Ago, Dell, Robocalls, PyPI, Cinterion, Cacti, Chat-GPT, Josh Marpet... - SWN #386
Inside the OWASP Top 10 for LLM Applications - Sandy Dunn, Mike Fey, Josh Lemos - ASW #285
Create your
podcast in
minutes
It is Free
Insight Story: Tech Trends Unpacked
Zero-Shot
Fast Forward by Tomorrow Unlocked: Tech past, tech future
The Unbelivable Truth - Series 1 - 26 including specials and pilot
Lex Fridman Podcast