From Paul's Security Weekly
Recorded June 10, 2019 at G-Unit Studios in Rhode Island!
- We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcasts by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand
- We need your help in a survey we are running for research purposes for an upcoming webcast. How mature is your process automation for your various security capabilities? Please visit securityweekly.com/fivestagesofautomationmaturity to submit your responses to our 5 Stages of Automation Maturity Survey! We'll share the results in a webcast in November!
Interview: Tanya Janca, Microsoft
Topic: DevSecOps and Securing Software Supply Chains
Bugs, Breaches, and More!
- "Waiting for the worms to come." -- Pink Floyd and RDP's CVE-2019-0708. Even the NSA warns about the population of exposed systems.
- A patch commands attention for mail servers
- Lookout finds a massive out-of-app adware
- NFC shows a capacity for attack against nearby Android devices
If you build it, they will come
- In macOS Catalina and iOS 13, Apples finds a way to find devices and not lose privacy
- iOS App Transport Security has strong benefits, but weak adoption
Learning & Tools
Food for Thought
- There’s a significant disconnect between DevOps capabilities and DevSecOps readiness
- Two misconfigurations and bug take down Google services, whose postmortem follows principles they extol