Difference between revisions of "ASWEpisode92"

From Security Weekly Wiki
Jump to navigationJump to search
Line 28: Line 28:
  
 
===== Featured Flaws & Big Breaches =====
 
===== Featured Flaws & Big Breaches =====
 +
* [https://threatpost.com/poc-exploits-published-for-microsoft-crypto-bug/151931/ PoC Exploits Published For Microsoft Crypto Bug] that [https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF NSA disclosed].
 +
* [https://www.nytimes.com/reuters/2020/01/15/business/15reuters-pratt-whitney.html Pratt & Whitney Expects GTF Engine Software Update on A220 Jet in Spring] -- when the "things" in IoT are airplanes...
  
 
===== Cloud, Code & Controls =====
 
===== Cloud, Code & Controls =====
 +
* [https://blog.chromium.org/2020/01/building-more-private-web-path-towards.html Building a more private web: A path towards making third party cookies obsolete] and making the [https://wicg.github.io/ua-client-hints/#user-agent User-Agent less revealing] about the user.
  
 
===== Learning & Tools =====
 
===== Learning & Tools =====
 +
* [https://www.microsoft.com/security/blog/2020/01/16/introducing-microsoft-application-inspector/ Introducing Microsoft Application Inspector] that you can [https://github.com/Microsoft/ApplicationInspector check out] for yourself.
  
 
===== Food for Thought =====
 
===== Food for Thought =====
 +
* [https://www.csoonline.com/article/3512974/vulnerability-management-requires-good-people-and-patching-skills.html Vulnerability management requires good people and patching skills]
 +
* [https://devops.com/devsecops-10-best-practices-to-embed-security-into-devops/ DevSecOps: 10 Best Practices to Embed Security into DevOps] are more like 10 verbs related to DevOps responsibilities.
  
 
{{SocialMedia}}
 
{{SocialMedia}}

Revision as of 22:23, 19 January 2020

Recorded January 20, 202 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Mike Shema
    is the Product Security Lead of Square.
  • John Kinsella
    is the Vice President of Container Security for Qualys.
  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Announcements

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
    • OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
    • We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
    • Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.


    Interview:



    News

    Featured Flaws & Big Breaches
    Cloud, Code & Controls
    Learning & Tools
    Food for Thought


    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+