loader from loading.io

Effective Operational Outcomes - Ken Dunham - PSW #847

Paul's Security Weekly (Audio)

Release Date: 10/17/2024

Hacking Crosswalks and Attacking Boilers - PSW #871 show art Hacking Crosswalks and Attacking Boilers - PSW #871

Paul's Security Weekly (Audio)

The crosswalk is talking to me man!, don't block my website without due process, Florida is demanding encryption backdoors, attacking boilers and banning HackRF Ones, time to update your flipper zero, using AI to create working exploits, what happens when you combine an RP2350 and an ESP32? Hopefully good hackery things!, more evidence that patching is not enough, auditing the PHP source code, reading the MEGA advisories, threat actors lie about data breaches (you don't say?), the data breach that Hertz, CISA warns of ransomware, some can't get Ahold of data breaches, please don't let people...

info_outline
Govt Unravelling, AI Hijinx, Bot Chaos, Recall, Oracle, Slopesquatting, Tycoon 2FA... - PSW #870 show art Govt Unravelling, AI Hijinx, Bot Chaos, Recall, Oracle, Slopesquatting, Tycoon 2FA... - PSW #870

Paul's Security Weekly (Audio)

Govt Unravelling, AI Hijinx, Bot Chaos, Recall, Oracle, Slopesquatting, Tycoon 2FA, College, who knows, a lot more... On Paul's Security Weekly. Visit for all the latest episodes! Show Notes:

info_outline
You Should Just Patch - PSW #869 show art You Should Just Patch - PSW #869

Paul's Security Weekly (Audio)

In the security news this week: You should really just patch things, the NVD backlog, Android phones with malware pre-installed, so convenient, keyloggers and a creepy pharmacist, snooping on federal workers, someone stole your browser history, NSA director fired, deputy director of NSA also fired, CrushFTP the saga continues, only steal the valid credit cards, another post that vanished from the Internet, hiding in NVRAM, protecting the Linux kernel, you down with MCP?, more EOL IoT, bypassing kernel protections, when are you ready for a pen test, red team and bug bounty, what EDR is really...

info_outline
Not-So-Secure Boot - Rob Allen - PSW #868 show art Not-So-Secure Boot - Rob Allen - PSW #868

Paul's Security Weekly (Audio)

Rob Allen, Chief Product Officer at Threatlocker joins us for an interview segment on using AI in security products: What works and what's not fully baked! Then in the security news, There are more holes in your boot...loader according to Microsoft, related: Secure Boot is in danger and no one is really talking about it (still), Dear Microsoft: I don't want to send you my data, I don't grant you remote access, and I don't want to create a MS account, CrushFTP has to crush some bugs, bypassing unprivileged user namespace restrictions, FBI raids, attackers using your GPU, Find My anything,...

info_outline
SignalGate and How Not To Protect Secrets - PSW #867 show art SignalGate and How Not To Protect Secrets - PSW #867

Paul's Security Weekly (Audio)

How do we handle scope creep for vulnerabilities?, find the bugs before it hits the real world, risk or hype vulnerabilities, RTL-SDR in a browser, using AI to hack AI and protect AI, 73 vulnerabilities of which 0 patches have been issued, Spinning Cats, bypassing WDAC with Teams and JavaScript, Rust will solve all the security problems, did you hear some Signal chats were leaked?, ingress nginx, robot dogs, what happens to your 23andme data?, Oracle's cloud was hacked, despite what Oracle PR says, inside the SCIF, and cvemap to the rescue. Visit for all the latest episodes! Show Notes:

info_outline
Its Not Really A 0-Day - PSW #866 show art Its Not Really A 0-Day - PSW #866

Paul's Security Weekly (Audio)

This week: Compliance, localization, blah blah, the Greatest Cybersecurity Myth Ever Told, trolling Microsoft with a video, Github actions give birth to a supply chain attack, prioritizing security research, I'm tired of 0-Days that are not 0-Days, sticking your head in the sand and believing everything is fine, I'm excited about AI crawlers, but some are not, Room 641A, a real ESP32 vulnerability, do we need a CVE for every default credential?, smart Flipper Zero add-ons, one more reason why people fear firmware updates, no more Windows 10, you should use Linux, and I have a Linux terminal in...

info_outline
AI Is Oversharing and Leaking Data - Sounil Yu - PSW #865 show art AI Is Oversharing and Leaking Data - Sounil Yu - PSW #865

Paul's Security Weekly (Audio)

Sounil Yu joins us to kick things off with AI defenses: Enterprise AI search tools like Copilot for Microsoft 365 lack the in-depth access controls required to ensure that query responses align with the user’s need-to-know boundaries. Without proper controls, these tools accelerate the discovery of improperly secured sensitive files within the organization. Knostic’s solution ensures that enterprise data is safeguarded without slowing down innovation. By automating the detection and remediation of LLM data exposure, Knostic helps organizations mitigate the security, privacy, and compliance...

info_outline
Don't Hack Russia - PSW #864 show art Don't Hack Russia - PSW #864

Paul's Security Weekly (Audio)

Hacking your mattress, Taylor Swift all the time, DNS sinkholes, throwing parties at rental properties, detect jamming, it took 18 years to hack, airtag hacks, undetectable weapons, RIP Skype, Cellebrite targets, upgrade ALL the things, Kali, Raspberry PIs, and M.2 hats, pirating music through a supply chain attack, Cisco small business and why you shouldn't use it, stop hacking Russia, Badbox is back, but it likely never left, and AI still Hallucinates! Visit for all the latest episodes! Show Notes:

info_outline
Zero Days Are Not Just Fiction - PSW #863 show art Zero Days Are Not Just Fiction - PSW #863

Paul's Security Weekly (Audio)

Apple, the UK, and data protection, you can get pwned really fast, Australia says no Kaspersky for you!, the default password is on the Internet, topological qubits, dangerous AI tools, old software is not just old but vulnerable too, tearing down Sonic Walls, CWE is good but could be great, updating your pi-hole, should you watch "Zero Day"? my non-spoiler review will tell you, no more DBX hellow SBAT!, and I love it when chat logs of secret not-so-secret ransomware groups are leaked! Visit for all the latest episodes! Show Notes:

info_outline
Live from ZTW - PSW #862 show art Live from ZTW - PSW #862

Paul's Security Weekly (Audio)

Our thoughts on Zero Trust World, and just a little bit of news. Of course we covered some firmware and UEFI without Paul! Visit for all the latest episodes! Show Notes:

info_outline
 
More Episodes

New security and vulnerability research is published every day. How can security teams get ahead of the curve and build architecture to combat modern threats and threat actors? Tune-in to a lively discussion about the threat landscape and tips on how to stay ahead of the curve.

Segment Resources: https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server

Air gaps are still not air gapped, making old exploits new again, chaining exploits for full compromise, patching is overrated, SBOMs are overrated, VPNs are overrated, getting root with a cigarette lighter, you can be any user you want to be, in-memory Linux malware, the Internet Archive is back, we still don't know who created Bitcoin, unhackable phones, and There's No Security Backdoor That's Only For The "Good Guys" !

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw-847