From Paul's Security Weekly
Recorded June 10, 2019 at G-Unit Studios in Rhode Island!
- Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020 and click the register button to register with our discount code!
- Attend RSA Conference 2020, February 24-28 and join thousands of security professionals, forward-thinking innovators and solution providers for five days of actionable learning, inspiring conversation and breakthrough ideas. Register before January 24 and save $900 on a Full Conference Pass. Save an extra $150 by going to securityweekly.com/rsac2020 and use our code to register!
- Our next webcast is February 13th with Sri Sundaralingam, Vice President, Product and Solutions Marketing at ExtraHop where we will discuss Cloud Native Network Detection and Response! Register for our upcoming webcasts by visiting securityweekly.com, selecting the webcast drop down from the top menu bar and clicking registration.
Interview: Tanya Janca, Microsoft
Topic: DevSecOps and Securing Software Supply Chains
Bugs, Breaches, and More!
- "Waiting for the worms to come." -- Pink Floyd and RDP's CVE-2019-0708. Even the NSA warns about the population of exposed systems.
- A patch commands attention for mail servers
- Lookout finds a massive out-of-app adware
- NFC shows a capacity for attack against nearby Android devices
If you build it, they will come
- In macOS Catalina and iOS 13, Apples finds a way to find devices and not lose privacy
- iOS App Transport Security has strong benefits, but weak adoption
Learning & Tools
Food for Thought
- There’s a significant disconnect between DevOps capabilities and DevSecOps readiness
- Two misconfigurations and bug take down Google services, whose postmortem follows principles they extol