Paul’s Security Weekly (Video)
Technology
We discuss the always controversial Flipper Zero devices the hidden risks in the undersea cables, and the landscape of government oversight, revealing the intricacies of CVE, KEV, and NVD systems that are the linchpins of our digital safety. The conversation takes a turn to the practicalities of risk management and the impact of individuals on the industry, like Daniel from the curl project, striking a chord with the significance of cybersecurity vulnerabilities compared to environmental pollution. We tackle the challenges of vulnerability prioritization and the importance of a comprehensive approach to managing the ever-evolving threats that target our digital infrastructure.
(00:01) Security Practices and Flipper Zero (07:01) Technology and Privacy Concerns in Cars (17:33) Undersea Cables and NVD Issues (27:45) Government Oversight and Funding for Cybersecurity (33:33) Improving Vulnerability Prioritization in Cybersecurity (45:37) Risk Management and CVE Implementation (58:06) Cybersecurity Budget and Risk Management (01:10:48) Unique Challenges in Cybersecurity Industry (01:16:41) Discussion on Open Source and CNAs (01:26:44) Bluetooth Vulnerabilities and Exploits Discussed (01:39:46) Email Security and Compromised Accounts (01:46:23) Cybersecurity Threats and Vulnerabilities (01:52:06) GPU Security Vulnerabilities Explained
Show Notes: https://securityweekly.com/psw-821
Hidden Buttons, Dumb Password Rules, BLE Relay Attack, & Stealthy UEFI - PSW #775
Ask Our PSW Hosts Anything! - PSW #775
ChatGPT Articles, What the Zimbra, Burp Plugins, & Vocal Passports - PSW #774
Phishing Attack & Defense - Asaf Cidon - PSW #774
TikTok Thefts, Typo Squatting is Lame, Stealing from the TPM, & Codebreaking Letters - PSW #773
Zero Trust ≠ Zero Risk: Leveraging Risk Techniques for Zero Trust Acceleration - Ron Woerner - PSW #773
The RIGHT Software, Docker vs. Root, CORS, Vuln Risk Scoring, & Cisco Attacks - PSW #772
Linux and FOSS Supply Chain Issues - Hal Pomeranz - PSW #772
Super(conductive) Graphene, Yandex Leak, No Fly Lists, & Thinkpad Servers - PSW #771
The Power of Purple Teaming: Using Runbooks to Standardize and Collaborate - Dan DeCloss - PSW #771
GetVariable Strikes Again, Linux Santa, AMD Vulns, & Remote Computer Detonation - PSW #770
How Do We Raise the Floor for Software Quality? - Brian Behlendorf - PSW #770
Real Time Linux, RSA Encryption, Sec vs. Compliance, Cold River, & ChatGPT - PSW #769
Other Considerations for Applying Security into Critical Infrastructure Systems - Kate Stewart - PSW #769
Roblox Prison, 3DS RCE, Puckungfu, Google Home Wiretaps, & Lastpass Hack - PSW #768
Software Supply Chain Security & MITRE's System of Trust - Robert Martin - PSW #768
Holiday Security News & The Holiday Hack Challenge 2022! - PSW #767
Hacker Trivia - PSW #767
How To Get Started in Information Security - PSW #767
Is Penetration Testing Dead? - PSW #767
Create your
podcast in
minutes
It is Free
Insight Story: Tech Trends Unpacked
Zero-Shot
Fast Forward by Tomorrow Unlocked: Tech past, tech future
The Unbelivable Truth - Series 1 - 26 including specials and pilot
Lex Fridman Podcast