Application Security Weekly Episode #127 - October 26, 2020

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Cyber Resiliency Through Self-Healing Cloud Infrastructure - 12:30 PM-01:00 PM

Sponsored By

• 

Visit https://securityweekly.com/accurics for more information!

Announcements

• Join Amit Bareket, Co-founder & CEO of Perimeter 81 & Paul Asadoorian for a technical deep-dive into the problems inherent in legacy VPN technology. Together they will explore solutions for the modern workforce & how momentum toward perimeter-less architecture is helping redefine the future of cybersecurity. Register Now by visiting https://securityweekly.com/perimeter81

• Would you like to have all of your favorite Security Weekly content at your fingertips? Do you want to hear from Sam & Andrea when we have upcoming webcasts & technical trainings? Have a question for one of our illustrious hosts, someone from the Security Weekly team, or wish you could “hang” out with the Security Weekly crew & community? Subscribe on your favorite podcast catcher, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe

Description

With the increased development velocity in cloud environments, cyber resilience is now more important than ever. To achieve cyber resiliency, security needs to be codified through the development life-cycle and security controls need to be implemented through self-healing infrastructure.

This segment is sponsored by Accurics.

Visit https://securityweekly.com/accurics to learn more about them!

Guest(s)

Cesar Rodriguez

• 

  Cesar Rodriguez is Head of Developer Advocacy at Accurics
  

Cesar is the Head of Developer Advocacy at Accurics and has spent the last 10+ years working in the cloud security space, securing both private cloud in the military industry and public cloud in the financial sector. He is passionate about contributing to the developer community through open source projects (Terrascan), blogs, and participating in local meetups.

Hosts

• 

  John Kinsella - Vice President of Container Security at Qualys
• 

  Matt Alderman - CEO at Security Weekly
• 

  Mike Shema - Product Security Lead at Square

2. Nvidia GeForce Experience Flaws, Firefox 'Site Isolation', & Chrome 0-Day Bug - 01:00 PM-01:30 PM

Announcements

• Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. This 1 day virtual event wraps up with the 15th anniversary edition of Paul’s Security Weekly live on Youtube! Visit https://securityweekly.com/unlocked to view the agenda and register for free!

• Learn how to build an integrated security platform in our webcast on October 28th! On November 5th, we’ll show you how to build proper metrics and KPIs! Learn why you should stop trying to discover and classify data in our webcast on November 12th! Visit https://securityweekly.com/webcasts to see what we have coming up! Or visit securityweekly.com/ondemand to view our previously recorded webcasts!

Description

NSA publishes list of top vulnerabilities currently targeted by Chinese hackers, Nvidia Warns Gamers of Severe GeForce Experience Flaws, Addressing cybersecurity risk in industrial IoT and OT, Firefox 'Site Isolation' feature enters user testing, expected next year, Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser, and Exit Stage Left: Eradicating Security Theater!

Hosts

John Kinsella's Content:

• 

Articles

Matt Alderman's Content:

• 

Articles

• Botnet Infects Hundreds of Thousands of Websites
• Docker Hub Image Retention Policy Delayed, Subscription Updates

Mike Shema's Content:

• 

Articles

• NSA publishes list of top vulnerabilities currently targeted by Chinese hackers that should be a guide to your patch management strategy and a reference of flaws to understand and avoid for your DevOps team.
• Nvidia Warns Gamers of Severe GeForce Experience Flaws and adds another page to the book of strange choices for software installation.
• Addressing cybersecurity risk in industrial IoT and OT sounds a lot like addressing risk in software in general. We'll see what the truth and consequences bring...
• Firefox 'Site Isolation' feature enters user testing, expected next year, and shows how effective architecture choices can be in mitigating flaws as well as the long path to seeing those changes come to life. It's a good reminder to see how developers have made implementation and architecture choices to defeat speculative attacks in Safari and Google.
• Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser shows how secure architectures are still weakened by software dependencies.
• Exit Stage Left: Eradicating Security Theater from processes and policies in how we build secure software. Check out the video as well.