From Paul's Security Weekly
Recorded June 10, 2019 at G-Unit Studios in Rhode Island!
- Register for our upcoming webcasts with ISC2 by going to securityweekly.com/webcasts . If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand. Also, you can now submit your suggestions for guests in our recently released guest suggestion form! Go to securityweekly.com/guests and enter your suggestions!
- Security Weekly is returning to Vegas this August for BlackHat and DefCon! If you would like to request a briefing or sponsor an interview on-site at BlackHat, please go to securityweekly.com/booking and submit your request!
- Some of you told us that you are overwhelmed by the amount of content we distribute! To help you get selected topics you're interested in, join our new listener interest list! Sign up for a list and select your interests by visiting: securityweekly.com/subscribe and clicking the button to join the list! You can also now submit your suggestions for guests in our recently released guest suggestion form! Go to securityweekly.com/guests and enter your suggestions!
- Security Weekly will be at Hacker Halted in Atlanta, GA this October 10th-11th! EC-Council is offering our listeners a 15% discount to sit for any of their Bootcamp Courses or Workshops! Visit Securityweekly.com/hackerhalted to register now!
Interview: Tanya Janca, Microsoft
Topic: DevSecOps and Securing Software Supply Chains
Bugs, Breaches, and More!
- "Waiting for the worms to come." -- Pink Floyd and RDP's CVE-2019-0708. Even the NSA warns about the population of exposed systems.
- A patch commands attention for mail servers
- Lookout finds a massive out-of-app adware
- NFC shows a capacity for attack against nearby Android devices
If you build it, they will come
- In macOS Catalina and iOS 13, Apples finds a way to find devices and not lose privacy
- iOS App Transport Security has strong benefits, but weak adoption
Learning & Tools
Food for Thought
- There’s a significant disconnect between DevOps capabilities and DevSecOps readiness
- Two misconfigurations and bug take down Google services, whose postmortem follows principles they extol