BrakeSec Education podcast

Player FM - Internet Radio Done Right

Ditambah fifty minggu yang lalu

Innhold levert av Bryan Brake, Amanda Berlin, and Brian Boettcher. Alt podcastinnhold, inkludert episoder, grafikk og podcastbeskrivelser, lastes opp og leveres direkte av Bryan Brake, Amanda Berlin, and Brian Boettcher eller deres podcastplattformpartner. Hvis du tror at noen bruker det opphavsrettsbeskyttede verket ditt uten din tillatelse, kan du følge prosessen skissert her https://no.player.fm/legal.

The Agile Brand with Greg Kihlström®

1
#644: AI-augmented human recommendations for retail customers with Noah Zamansky, Stitch Fix 27:12

for 1 day siden27:12

Spill senere

Lister

Lik

Likt

27:12

We are here at eTail Palm Springs and seeing and hearing the latest and greatest in e-commerce and retail. Question: Do you need to choose between AI and human recommendations as a customer? Why not have both? After all, don’t each have their strengths? AI in the retail experience is all the rage these days, but today I’m talking with someone from a brand that has been incorporating AI-personalized experiences and shopping combined with expert human recommendations for over 14 years, and continues to innovate today. Today we’re going to talk about how AI-based personalization plus human creativity and input makes an amazing customer experience at Stitch Fix. To help me discuss this topic, I’d like to welcome Noah Zamansky, Vice President of Product and Client Experience at Stitch Fix. About Noah Zamansky Noah Zamansky serves as the Vice President of Product and Client Experience at Stitch Fix, where he leads cross-functional teams spanning Product, Design, Engineering, Algorithms, and Platform Development. A seasoned leader, Noah has a proven track record of shaping product vision and strategy, designing exceptional user experiences, and spearheading the launch of new business ventures. Before joining Stitch Fix, Noah held the role of Senior Director of Product Management at eBay, overseeing Fashion and Vertical Experiences. Resources Stitch Fix: https://www.stitchfix.com eTail Palm Springs: https://etailwest.wbresearch.com/ Connect with Greg on LinkedIn: https://www.linkedin.com/in/gregkihlstrom Listen to The Agile Brand without the ads. Learn more here: https://bit.ly/3ymf7hd Don't miss a thing: get the latest episodes, sign up for our newsletter and more: https://www.theagilebrand.show Check out The Agile Brand Guide website with articles, insights, and Martechipedia, the wiki for marketing technology: https://www.agilebrandguide.com The Agile Brand podcast is brought to you by TEKsystems. Learn more here: https://www.teksystems.com/versionnextnow The Agile Brand is produced by Missing Link—a Latina-owned strategy-driven, creatively fueled production co-op. From ideation to creation, they craft human connections through intelligent, engaging and informative content. https://www.missinglink.company…

BrakeSec Education Podcast explicit

Del

Serier hjem•Feed

A podcast about the world of Cybersecurity, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security professionals need to know, or refresh the memories of seasoned veterans.

459 episoder

BrakeSec Education Podcast explicit

updated for 11 dager siden

Del

Serier hjem•Feed

459 episoder

Wszystkie odcinki

1
steam distributes malware in game form, RDP open from DOGE servers, hacking a supply chain for 50K 1:01:47

for 11 dager siden1:01:47

1:01:47

Youtube VOD: https://www.youtube.com/watch?v=zu_smyQGvG4 https://lcamtuf.substack.com/p/how-security-teams-fail https://cyberintel.substack.com/p/doge-exposes-once-secret-government https://x.com/SteamDB/status/1889610974484705314 – supply chain issues can crop up anywhere… are you blocking people from steam and popular software downloads online? https://www.landh.tech/blog/20250211-hack-supply-chain-for-50k/ https://medium.com/@cyberengage.org/rethinking-incident-response-from-picerl-to-dair-7b153a76e044 https://www.youtube.com/watch?v=3HRkKznJoZA <- 100 digits of pi https://www.youtube.com/watch?v=rz4Dd1I_fX0 <- periodic table song Additional information / pertinent LInks (Would you like to know more?): https://www.socvel.com/quiz/ https://xphantom.nl/posts/Offensive-Security-Lab/ Show points of Contact: Amanda Berlin: https://www.linkedin.com/in/amandaberlin/ Brian Boettcher: https://www.linkedin.com/in/bboettcher96/ Bryan Brake: https://linkedin.com/in/brakeb Brakesec Website: https://www.brakeingsecurity.com Youtube channel: https://youtube.com/@brakeseced discord: https://discord.gg/brakesec Twitch Channel: https://twitch.tv/brakesec Music: https://chillhop.ffm.to/creatorcred "Flex" by Jeremy Blake Courtesy of Youtube media library…

1
Tanya Janca Talks secure coding, Semgrep Academy, and community building, and more! 1:27:18

for 39 weeks siden1:27:18

1:27:18

Check out the BrakeSecEd Twitch at https://twitch.tv/brakesec Join the Discord! https://discord.gg/brakesec #youtube VOD (in 1440p): https://www.youtube.com/watch?v=axQWGyd79NM Questions and topics: Bsides Vancouver discussion Semgrep Community and Academy Building communities What are ‘secure guardrails’ Reducing barriers between security and developers How to sell security to devs: “hey, if you want to see us less, buy/use this?” “Security is your barrier, but we have goals that we can’t reach without your help.” https://wehackpurple.com/devsecops-worst-practices-artificial-gates/ How are you seeing things like AI being used to help with DevOps or is it just making things more complicated? Not just helping write code, but infrastructure Ops, software inventories, code repo hygiene, etc? OWASP PNW https://www.appsecpnw.org/ Alice and Bob coming next year! Additional information / pertinent LInks (Would you like to know more?): shehackpurple.ca Semgrep (https://semgrep.dev/) https://aliceandboblearn.com/ https://academy.semgrep.dev/ (free training) Netflix ‘paved roads’: https://netflixtechblog.com/how-we-build-code-at-netflix-c5d9bd727f15 https://en.wikipedia.org/wiki/Nudge_theory https://www.perforce.com/blog/qac/what-is-linting https://www.youtube.com/watch?v=FSPTiw8gSEU https://techhq.com/2024/02/air-canada-refund-for-customer-who-used-chatbot/ Show points of Contact: Amanda Berlin: @infosystir @hackershealth Brian Boettcher: @boettcherpwned Bryan Brake: https://linkedin.com/in/brakeb Brakesec Website: https://www.brakeingsecurity.com Youtube channel: https://youtube.com/@BrakeSecEd Twitch Channel: https://twitch.tv/brakesec…

1
Josh Grossman - building Appsec programs, bridging security and developer gaps 1:16:22

for 46 weeks siden1:16:22

1:16:22

Youtube VOD: https://youtu.be/G3PxZFmDyj4 #appsec, #owasp, #ASVS, #joshGrossman, #informationsecurity, #SBOM, #supplychain, #podcast, #twitch, #brakesec, #securecoding, #Codeanalysis Questions and topics: 1. The background to the topic, why is it something that interests you? How do you convince developers to take your course? 2. What do you think the root cause of the gap is? 3. Who is causing the gaps? (‘go fast’ culture, overzealous security, GRC requirements, basically everyone?) 4. Where do gaps begin? Is it the ‘need’ to ‘move fast’? 5. What can devs do to involve security in their process? Sprint planning? SCA tools? 6. How have you seen this go wrong at organizations? 7. How important is it to have security early in the product development process? 8. What sort of challenges do you think mainstream security people face in AppSec scenarios? 9. How does Product Security differ from Application Security? (what if the product is an application?) 10. What are the key development concepts that security people need to be familiar with to effectively get involved in AppSec/ProdSec? 11.. How do you suggest a security team approach AppSec/ProdSec? Leadership buy-in Effective/valuable processes Tools should achieve a goal 12. SBOM - NTIA is asking for it, How to get dev teams to care. 13. Key takeaways? Additional information / pertinent LInks (Would you like to know more?): BlackHat Training: https://www.blackhat.com/us-24/training/schedule/index.html#accelerated-appsec--hacking-your-product-security-programme-for-velocity-and-value-virtual-37218 https://www.walkme.com/blog/leadership-buy-in/ https://www.bouncesecurity.com/ https://www.teamgantt.com/blog/raci-chart-definition-tips-and-example https://www.cisa.gov/sbom SCA Tools https://chpk.medium.com/top-10-software-composition-analysis-sca-tools-for-devsecops-85bd3b7512dd https://semgrep.dev/ https://www.linkedin.com/in/joshcgrossman https://owasp.org/www-project-application-security-verification-standard/ https://github.com/OWASP/ASVS/tree/master/5.0 https://owasp.org/www-project-cyclonedx/ https://joshcgrossman.com/ PyCon talk about custom security testing: https://www.youtube.com/watch?v=KuNZzDjvMlg Michal's Black Hat course - Accurate and Scalable: Web Application Bug Hunting: https://www.blackhat.com/us-24/training/schedule/index.html#accurate-and-scalable-web-application-bug-hunting-37210 https://www.blackhat.com/us-24/training/schedule/index.html#accurate-and-scalable-web-application-bug-hunting-372101705524544 ASVS website: https://owasp.org/asvs Lightning talk I did recently about OWASP: https://www.bouncesecurity.com/eventspast#f86548cb37cb2a82728b1762bd1b7aee Show points of Contact: Amanda Berlin: @infosystir @hackershealth Brian Boettcher: @boettcherpwned Bryan Brake: https://linkedin.com/in/brakeb Brakesec Website: https://www.brakeingsecurity.com Youtube channel: https://youtube.com/@brakeseced Twitch Channel: https://twitch.tv/brakesec…

1
Managing messaging with management, becoming a CISO with Mary Gardner from Goldiknox 1:22:56

for 47 weeks siden1:22:56

1:22:56

Disclaimer: The views, information, or opinions expressed on this program are solely the views of the individuals involved and by no means represent absolute facts. Opinions expressed by the host and guests can change at any time based on new information and experiences and do not represent views of past, present, or future employers. Recorded: 08 Apr 2024 Youtube VOD: https://www.youtube.com/watch?v=K8qApvsFtqw Show Topic Summary: If you want to get in the mind of a board member, I submit to you my discussion with Mary Gardner we did last night on #brakesec #education . Join Mary and I as we discuss the functions of a board, messaging to various levels of leadership and teams, and what it takes to make that leap to being a CISO. And when you're done, and you need someone to help your org get more mature, contact the team at GoldiKnox . #cybersecurity #informationsecurity #ciso #leadership #GRC Questions and topics: https://hbr.org/2023/05/boards-are-having-the-wrong-conversations-about-cybersecurity “Just 69% of responding board members see eye-to-eye with their chief information security officers (CISOs). Fewer than half (47%) of members serve on boards that interact with their CISOs regularly, and almost a third of them only see their CISOs at board presentations. “ They obviously have different priorities, so what brings everyone to the table to discuss? Are they even worried about security? Tactical goals vs. org goals and aligning them What are boards most worried about these days? Staying relevant in the face of AI? What tech will protext them from the newest threats? GRC is forced security, security is completely optional, Compliance requires some sort of security Additional information / pertinent LInks (Would you like to know more?): Research organizations (gartner, forrester, etc) https://goldiknox.com/ https://www.linkedin.com/pulse/board-needs-help-planning-cybersecurity-start-here-daniel-briley-k7xzc https://hbr.org/2022/11/is-your-board-prepared-for-new-cybersecurity-regulations https://www.justice.gov/usao-ndca/pr/former-chief-security-officer-uber-sentenced-three-years-probation-covering-data Show points of Contact: Amanda Berlin: @infosystir @hackershealth Brian Boettcher: @boettcherpwned Bryan Brake: https://linkedin.com/in/brakeb Brakesec Website: https://www.brakeingsecurity.com Youtube channel: https://youtube.com/@brakeseced Twitch Channel: https://twitch.tv/brakesec Discord: https://discord.gg/brakesec…

1
p2-accidentalCISO, building trust in new places 1:13:51

for 1 year siden1:13:51

1:13:51

Full Youtube VOD: https://www.youtube.com/watch?v=uX7odQTBkyQ Questions and topics: Let’s talk about Mindful Business Podcast What’s the topics you cover? Topic #1: discuss your experiences when you were a new leader. What worked? What didn't? What would you have done differently? Do you emulate your manager's style? What have been your go-to management resources? What is a good piece of advice that you’ve been given or that you impart to others that relates to leadership? Topic #2: building/Operating SaaS products (we can discuss securing them, what functions should be table stakes (data structures, logging, etc) Topic #3: What are bare minimums for building ‘secure’ Saas products in your particular field? And how do you balance security with a positive user experience (i. e. getting customers to buy into MFA/OAUTH, OTA updates Topic #4: Do many SaaS products get over-integrated? Is the need for integration override best practices in security? Additional information / pertinent LInks (Would you like to know more?): Twitter/Mastodon: https://twitter.com/AccidentalCISO https://infosec.exchange/@accidentalciso The Mindful Business Security Show: https://www.mindfulsmbshow.com/ https://twitter.com/mindfulsmbshow Show points of Contact: Amanda Berlin: @infosystir @hackershealth Brian Boettcher: @boettcherpwned Bryan Brake: https://linkedin.com/in/brakeb Brakesec Website: https://www.brakeingsecurity.com Youtube channel: https://youtube.com/@brakeseced Twitch Channel: https://twitch.tv/brakesec…

1
AccidentalCISO on BrakeSecEd, talking Leadership, SaaS development, and Appsec 29:35

for 1 year siden29:35

29:35

1
1st show of 2024! Our 10th Anniversary... 59:35

for 1 year siden59:35

59:35

It's our 10th anniversary and the first show of our 2024 season! Amanda was on "7 minute security" https://7minsec.com/projects/podcast Check out the complete VOD at https://youtu.be/vbmEtkxhAMg Explicit language warning www.brakeingsecurity.com https://twitch.tv/brakesec https://bit.ly/brakesecyt

1
Brakesec Call to Action 2023 2:51

for 1 year siden2:51

2:51

Youtube Video: https://youtu.be/IUDPlQaQg8M https://forms.gle/rf145MoN7cskwMjf8 is the link to the survey. Your information (should you choose to identify yourself) will not be shared outside of the BrakeSec Team. Thank all of you for listening and for your input. RSS feed for the audio podcast is at https://www.brakeingsecurity.com/rss website: https://www.brakeingsecurity.com…

1
How to get more headcount, BLUFFs Vulnerability, and Ranty Clause debuts! 1:19:11

for 1 year siden1:19:11

1:19:11

Show Topic Summary: Ms. Berlin proposes a question of how to gather more headcount with metrics, we discuss the BLUFFS bluetooth vulnerability, and “Ranty Claus” talks about CISA’s remarks of putting the onus on device product makers to remove choice for customers and implement secure defaults. #youtube VOD: https://www.youtube.com/watch?v=emcAzTx9z0c Questions and topics: https://cyberscoop.com/cisa-goldstein-secure-by-design/ https://hackaday.com/2023/12/02/update-on-the-bluffs-bluetooth-vulnerability/ Additional information / pertinent LInks (Would you like to know more?): https://cyberscoop.com/jen-easterly-secure-by-design/ https://www.cisa.gov/resources-tools/resources/stop-passing-buck-cybersecurity Examples of companies forcing changes https://www.bleepingcomputer.com/news/microsoft/microsoft-will-roll-out-mfa-enforcing-policies-for-admin-portal-access/ https://github.com/aya-rs/aya - eBPF implementation in Rust https://ossfortress.io/ https://www.darkreading.com/endpoint-security/critical-logofail-bugs-secure-boot-bypass-millions-pcs Show points of Contact: Amanda Berlin: @infosystir @hackershealth Brian Boettcher: @boettcherpwned Bryan Brake: @bryanbrake on Mastodon.social, https://linkedin.com/in/brakeb Brakesec Website: https://www.brakeingsecurity.com Twitter: @brakesec Youtube channel: https://youtube.com/c/BDSPodcast Twitch Channel: https://twitch.tv/brakesec…

1
25Oct - okta breached (again), Energy company hit by supply chain attack, and you can help hire the best people 45:53

for 1 year siden45:53

45:53

Subscribe on Twitch using Amazon Prime and watch us live: https://twitch.tv/brakesec Check out our VODs on Youtube: https://www.youtube.com/@BrakeSecEd Join the BrakeSecEd discord: https://discord.gg/brakesec News: https://www.darkreading.com/remote-workforce/1password-latest-victim-okta-customer-service-breach https://www.documentcloud.org/documents/24075435-bhi-notice https://www.bleepingcomputer.com/news/security/us-energy-firm-shares-how-akira-ransomware-hacked-its-systems/ https://www.bleepingcomputer.com/news/security/ransomware-isnt-going-away-the-problem-is-only-getting-worse/ https://www.shacknews.com/article/137505/ransomware-group-capcom-2020-arrested https://www.bleepingcomputer.com/news/security/flipper-zero-can-now-spam-android-windows-users-with-bluetooth-alerts/ https://www.nasdaq.com/articles/three-cybersecurity-sectors-that-resist-economic-downturns…

1
Nicole Sundin - CPO at Axio - SEC compliance, usable security, setting up risk mgmt programs 1:06:08

for 1 year siden1:06:08

1:06:08

Disclaimer: The views, information, or opinions expressed on this program are solely the views of the individuals involved and by no means represent absolute facts. Opinions expressed by the host and guests can change at any time, and do not represent views of past, present, or future employers. Guest Bio: Nicole is the Chief Product Officer at Axio. Nicole has spent her career building awareness around the benefits of usable security and human-centered security as a way to increase company revenue and create a seamless user experience. Youtube VOD Link: https://youtube.com/live/tFaAB9an47g Questions and topics: Usable security: is it an oxymoron? What determines if the security is ‘usable’ or no? We sacrifice security for a better UX, what can be done to alleviate that? Or is it some sort of sliding scale in “poor UX, amazing security or awesome UX, poor security” Examples of poor UX for ‘people’: MFA, and password managers. SEC updates and ‘material events’ and how that would affect security, IR, and other company reporting functions. Also, additional documentation (Regulation S-K Item 106) https://www.linkedin.com/posts/nicole-sundin-5225a1149_sec-adopts-rules-on-cybersecurity-risk-management-activity-7090065804083290112-ISD8 Are companies ready to talk about their cybersecurity? Can the SEC say “you’re not doing enough?” What is ‘enough’? Are we heading toward yet another audit needed for public companies, similar to SOX? When does an 8-K get publicly disclosed? Materiality is based on a “reasonable investor”? So, you don’t need to announce that until you’re certain, and it’s based on what you can collect? Cyber Risk Management and some good examples of how to set up a proper cyber risk organization Additional Links: https://csrc.nist.gov/CSRC/media/Projects/usable-cybersecurity/images-media/Is%20Usable%20Security%20an%20Oxymoron.pdf http://web.mit.edu/Saltzer/www/publications/protection/Basic.html https://www.sec.gov/news/press-release/2023-139 https://www.sec.gov/news/statement/munter-statement-assessing-materiality-030922 https://www.pwc.com/us/en/services/consulting/cybersecurity-risk-regulatory/sec-final-cybersecurity-disclosure-rules.html https://www.nasa.gov/centers/ames/research/technology-onepagers/hc-computing.html https://securityscorecard.com/blog/what-is-cyber-security-performance-management/…

1
John Aron, letters of marque, what does a "junior" job look like with AI? 1:25:21

for 1 year siden1:25:21

1:25:21

Disclaimer: The views, information, or opinions expressed on this program are solely the views of the individuals involved and by no means represent absolute facts. Opinions expressed by the host and guests can change at any time, and do not represent views of past, present, or future employers. Guest Bio: John is the CEO of Aronetics. An avid climber and runner, John has spoken at many conferences about topics like ZeroTrust, BIOS/UEFI security, communication security, and malware. Aronetics is a technology-enabled service provider. Youtube VOD: https://youtube.com/live/5dIVTwVZLAU Linkedin VOD: https://www.linkedin.com/video/live/urn:li:ugcPost:7101738254823030784 Show Topic Summary: John joins us to discuss “letters of Marque” in an effort for hackers to ‘hack back’... the overreliance on automation, and communication siloes. We also talk about what a ‘junior position’ in infosec looks like with AI doing all the “Level 1 SOC Analyst” type roles normally given to someone fresh to the security industry. Questions and topics: Is infosec over reliant on automation? Automation comes with its own challenges. Documentation woes Automation is usually found in userland Aronetics’ Thor provides defense and counter-offense tamper-proof technology digitally tied to Letter of Marque - good idea, or geopolitical disaster waiting to happen? Siloes and communication -best ways to overcome those in an org and outside? How do we overcome siloing? Overcoming security challenges?Identity management - 2FA is everywhere, there’s already ways around 2FA, so what now? 3FA? Biometrics? Make everyone carry around physical tokens that we can lose? Blog post: https://www.aronetics.com/post-quantum-cryptography/ What do we need to protect against? Nation states with quantum computers? Rubber hose cryptography? Crime thrives in areas of low visibility. https://www.aronetics.com/unknown/ https://www.aronetics.com/inside-the-breach/ (threat detection - the crime thrives in low vis areas) Show points of Contact: Brakesec Website: https://www.brakeingsecurity.com Youtube channel: https://youtube.com/c/BDSPodcast Twitch Channel: https://twitch.tv/brakesec Amanda Berlin: @infosystir@infosec.exchange (Mastodon) @hackershealth Brian Boettcher: @boettcherpwned Bryan Brake: @bryanbrake on Mastodon.social…

1
Megan Roddie - co-author of "Practical Threat Detecion Engineering" 1:46:53

for 2 years siden1:46:53

1:46:53

Disclaimer: The views, information, or opinions expressed on this program are solely the views of the individuals involved and by no means represent absolute facts. Opinions expressed by the host and guests can change at any time, and do not represent views of past, present, or future employers. Buy here: https://subscription.packtpub.com/book/security/9781801076715 Amazon Link: https://packt.link/megan Youtube VOD: https://www.youtube.com/watch?v=p1_jQa9OQ2w Show Topic Summary: Megan Roddie is currently working as a Senior Security Engineer at IBM. Along with her work at IBM, she works with the SANS Institute as a co-author of FOR509, presents regularly at security conferences, and serves as CFO of Mental Health Hackers. Megan has two Master's degrees, one in Digital Forensics and the other in Information Security Engineering, along with many industry certifications in a wide range of specialties. When Megan is not fighting cybercrime, she is an active competitor in Muay Thai/Kickboxing. She is a co-author of “Practical Threat Detection Engineering” from Packt publishing, on sale now in print and e-book. Buy here: https://subscription.packtpub.com/book/security/9781801076715 https://packt.link/megan ← Amazon redirect link that publisher uses if you want something easier on the notes Questions and topics: Of the 3 models, which do you find you use more and why? (PoP, ATT&CK, kill chain) What kind of orgs have ‘detection engineering’ teams? What roles are involved here, and can other teams (like IR) be involved or share a reverse role there? Lab setup requires an agent… any agent for ingestion or something specific? How does Fleet or data ingestion work for Iot/Embedded device testing? Anything you suggest? How important is it to normalize your log output for ingestion? (app, web, server all tell the story) Additional information / pertinent LInks (Would you like to know more?): Unified Kill Chain: https://www.unifiedkillchain.com/ ATT&CK: https://attack.mitre.org/ D3FEND matrix BrakeSec show from 2021: https://brakeingsecurity.com/2021-023-d3fend-framework-dll-injection-types-more-solarwinds-infections Pyramid of Pain: https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html https://www.securitymagazine.com/articles/98486-435-million-the-average-cost-of-a-data-breach https://medium.com/@gary.j.katz (per Megan, ‘it’s basically Chapter 11 of the book’) Show points of Contact: Amanda Berlin: @infosystir @hackershealth Brian Boettcher: @boettcherpwned Bryan Brake: @bryanbrake on Mastodon.social, Twitter, bluesky Brakesec Website: https://www.brakeingsecurity.com Twitter: @brakesec Youtube channel: https://youtube.com/c/BDSPodcast Twitch Channel: https://twitch.tv/brakesec…

1
meeting new people, walking on your keyboard causes issues, even google gets phone numbers wrong. 1:20:11

for 2 years siden1:20:11

1:20:11

Check out our sponsor (BLUMIRA) at https://blumira.com/brake youtube channel link: https://youtube.com/c/BDSPodcast Full video on our youtube Channel! https://www.youtube.com/watch?v=BkBeLuM_urk https://www.rapid7.com/blog/post/2023/07/11/cve-2023-29298-adobe-coldfusion-access-control-bypass/ https://www.darkreading.com/remote-workforce/hacker-infected-foiled-by-own-infostealer https://therecord.media/cisa-warnings-adobe-microsoft-citrix-vulnerabilities https://www.itsecurityguru.org/2023/07/18/millions-of-keyboard-walk-patterns-found-in-compromised-passwords/ https://therecord.media/airline-customer-support-phone-number-fraud-google https://twitter.com/Shmuli/status/1680669938468499458 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884 https://www.jdsupra.com/legalnews/tabletop-exercises-as-risk-mitigation-5278057/ https://www.darkreading.com/vulnerabilities-threats/linux-ransomware-poses-significant-threat-to-critical-infrastructure https://bevyengine.org/ - Rust game engine https://godotengine.org/ - a more mature Rust game engine https://flappybird.io/ - which I suck at, BTW Intro/outro music: "Flex" by Jeremy Blake Courtesy of YouTube Music Library (used with proper permissions)…

1
Bsides Seattle and Austin, SecureBoot patch, and more 1:12:36

for 2 years siden1:12:36

1:12:36

BrakeSec Show Outline – No Guest Show Topic Summary (less than 300 words) Bsides Seattle and Bsides Austin Youtube VOD: https://youtube.com/live/UGRaRSYj7kc Questions and potential sub-topics (5 minimum): Bsides Seattle update and Bsides Austin Patching the unpatchable https://en.wikipedia.org/wiki/Parkerian_Hexad Power and influence (is power bad? Is influence?) 5. https://deliverypdf.ssrn.com/delivery.php?ID=357001027119125105074103081006094117005092014048001013007086030071009081068110103025024041103038045036033080107020112080097022024073029064061065125002071028013110008011045013116002084024000066075067001126004101003027004086091007025096080019022003104&EXT=pdf&INDEX=TRUE (A Theory of Creepy: Technology, Privacy and Shifting Social Norms) (contact info for people to reach out later): Additional information / pertinent Links (would you like to know more?): (contact info for people to reach out later): https://www.bleepingcomputer.com/news/security/microsoft-shares-guidance-to-detect-blacklotus-uefi-bootkit-attacks/ https://www.bleepingcomputer.com/news/security/malware-dev-claims-to-sell-new-blacklotus-windows-uefi-bootkit/ Show Points of Contact: Amanda Berlin: @infosystir @hackershealth Brian Boettcher: @boettcherpwned Bryan Brake: @bryanbrake @bryanbrake@mastodon.social Website: https://www.brakeingsecurity.com Twitch: https://twitch.tv/brakesec Youtube: https://www.youtube.com/c/BDSPodcast Email: bds.podcast@gmail.com…

Velkommen til Player FM!

Player FM scanner netter for høykvalitets podcaster som du kan nyte nå. Det er den beste podcastappen og fungerer på Android, iPhone og internett. Registrer deg for å synkronisere abonnement på flere enheter.