Secure Coding as Critical Thinking Instead of Vulnspotting - Matias Madou - ASW #357
Secure code should be grounded more in concepts like secure by default and secure by design than by "spot the vuln" thinking. Matias Madou shares his experience in secure coding training and the importance of teaching critical thinking. He also discusses why critical thinking is so closely related to threat modeling and how LLMs can be a tool for helping developers get beyond the superficial advice of, "Think like an attacker." Show Notes: https://securityweekly.com/asw-357
--------
1:03:41
--------
1:03:41
Year of the (Clandestine) Linux Desktop, topic, and the news - Rob Allen - ESW #433
Segment 1: Interview with Rob Allen It's the Year of the (Clandestine) Linux Desktop! As if EDR evasions weren't enough, attackers are now employing yet another method to hide their presence on enterprise systems: deploying tiny Linux VMs. Attackers are using Hyper-V and/or WSL to deploy tiny (120MB disk space and 256MB memory) Linux VMs to host a custom reverse shell and reverse proxy. In this segment, we'll discuss strategies and mitigations to battle this novel technique with Rob Allen from Threatlocker. Segment Resources: Pro-Russian Hackers Use Linux VMs to Hide in Windows Russian Hackers Abuse Hyper-V to Hide Malware in Linux VMs Qilin ransomware abuses WSL to run Linux encryptors in Windows This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Segment 2: Topic - Threat Modeling Humanoid Robots We're entering the age of human-shaped robots, so it seems like a good time to talk about the fact that they ALREADY HAVE CVEs assigned to them. I guess this isn't a terrible thing - John Connor might have had an easier time if he could simply hack the terminators from a distance... Resources https://www.unitree.com/H2 (watch the video!) China's humanoid robots get factory jobs as UBTech's model scores US$112 million in orders The big reveal: Xpeng founder unzips humanoid robot to prove it's not human Exploit Allows for Takeover of Fleets of Unitree Robots - Security researchers find a wormable vulnerability 100-page Paper: The Cybersecurity of a Humanoid Robot 5-page Paper: Cybersecurity AI: Humanoid Robots as Attack Vectors Amazingly, $300 smart vacuums have some of the same exact vulnerabilities and backdoors built into them as the $16,000 humanoid robots! The Day My Smart Vacuum Turned Against Me Segment 3: Weekly News Finally, in the enterprise security news, A $435M venture round A $75M seed round a few acquisitions the producer of the movie Half Baked bought a spyware company AI isn't going well, or is it? maybe we just need to adopt it more slowly and deliberately? ad-blockers are enterprise best practices firewalls and VPNs are security risks, according to insurance claims could you power an entire house with disposable vapes? All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-433
--------
1:56:50
--------
1:56:50
Augustus De Morgan, Doordash, Fortiweb, Typosquatting, Vista, Ransomware, AI, More... - SWN #529
Augustus De Morgan, Doordash, Fortiweb, Typosquatting, Vista, Ransomware, AI, Josh, Rob, Aaran, Jason, Dr. Scott, Rocky, Uh., and More on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-529
--------
28:45
--------
28:45
Going Around EDR - PSW #900
This week: Minecraft on your lightbulb Sonicwall breached, who's next? Ditch Android, install Linux Hacking your face Thermostat freedom Pen test fails HackRF hacking times 2 Going around EDR Hackers in your printer Chinese data breach NFC relays and PCI Constructive construction hacks FlipperZero firmware update ICS, PLCs, and attacks Bayesian Swiss Cheese, taste good? Do you want to hack back? Keeping secrets Enforcing CMMC OWASP top ten gets a make over Android Spyware makes a LANDFALL Gemini's deep research into your documents Slopguard and AI datacenters in space! Show Notes: https://securityweekly.com/psw-900
--------
2:06:22
--------
2:06:22
Securing Model Context Protocol as Companies Plan to Replace Entry Roles with AI - Rahul Parwani - BSW #421
As AI revolutionizes how we work, it has created a new attack surface with new technologies. One of those new technologies is Model Context Protocol (MCP). MCP has emerged as the standard for connecting AI to external tools, but its flexibility has created security challenges. How do we secure MCP? Rahul Parwani, Head of Product, Security Solutions at Airia, joins Business Security Weekly to discuss the challenges of MCP and how to secure this new protocol. Rahul will cover how Aria's solutions help you secure your AI development by: Centralizing Access Control Enforcing Security Policies Maintaining Compliance Enabling Rapid Response This segment is sponsored by Airia. Visit https://securityweekly.com/airia to learn more about them! In the leadership and communications segment, CISO Burnout – Epidemic, Endemic, or Simply Inevitable?, If Trust Is So Important, Why Aren't We Measuring It?, Over one-third of companies plan to replace entry roles with AI, survey says, and more! Show Notes: https://securityweekly.com/bsw-421
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape.
Tune in for in-depth panel discussions, expert guest interviews, and breaking news on the latest hacking techniques, vulnerabilities, and industry trends. Stay informed and secure with the most trusted voices in cybersecurity!
México