AI Trolley Problems, Rhode Island Drivers, and Kohlbergian Post Conventionalism - SWN #509
Security Weekly Podcast Network (Video)
Josh Marpet and Doug White talk about AI Ethics, Issues, and Compliance. AI Trolley problems, Rhode Island Drivers, and Post Conventionalism. Show Notes:
info_outline
Lasagna DoS, AI Slop, Hacker Ultimatums - PSW #890
Security Weekly Podcast Network (Video)
In the secure news: Automakers respond to Flipper Zero attacks More on the unconfirmed Elastic EDR 0-Day When Secure Boot does its job too well Crazy authenitcation bypass Hacker ultimatums AI Slop Impatient hackers Linux ISOs are malware Attackers love drivers Hacking Amazon's Eero, the hard way Exploits will continue until security improves The Salesloft breach TP-Link Zero Days US DoD using Russian software? The Lasagna DoS attack Show Notes:
info_outline
Security Money: The Index Dips and 20 Years of Cybersecurity Consolidation - Ross Haleliuk - BSW #411
Security Weekly Podcast Network (Video)
The cybersecurity industry is undergoing a consolidation wave that is moving far faster than many realize. This isn’t at all about CISOs wanting fewer tools as much as some would like to think - the changes are happening at the macro level. Ross Haleliuk joins BSW to present the most comprehensive illustration ever made of how our industry has consolidated over the past 20 years, showing how 200 companies turned into just 11. Then we cover our quarterly Security Money segment. The markets are on a high, but the Security Weekly 25 index dips. What's up? We'll dig into the latest earnings and...
info_outline
Rinoa Poison, Scambaiter Extraordinaire - Rinoa Poison - SWN #508
Security Weekly Podcast Network (Video)
I talk to Rinoa Poison about scambaiting, identity, and all sorts of things. Check it out. Show Notes:
info_outline
AI, APIs, and the Next Cyber Battleground: Black Hat 2025 - Michael Callahan, Idan Plotnik, Josh Lemos, Chris Boehm - ASW #346
Security Weekly Podcast Network (Video)
In this must-see BlackHat 2025 interview, Doug White sits down with Michael Callahan, CMO at Salt Security, for a high-stakes conversation about Agentic AI, Model Context Protocol (MCP) servers, and the massive API security risks reshaping the cyber landscape. Broadcast live from the CyberRisk TV studio at Mandalay Bay, Las Vegas, the discussion pulls back the curtain on how autonomous AI agents and centralized MCP hubs could supercharge productivity—while also opening the door to unprecedented supply chain vulnerabilities. From “shadow MCP servers” to the concept of an “API fabric,”...
info_outline
Dave Lewis talks M&A due diligence, TBD topic, the weekly news - Dave Lewis - ESW #422
Security Weekly Podcast Network (Video)
Interview with Dave Lewis on Security's Role in M&A Due Diligence In this episode, Dave Lewis from 1Password discusses the critical importance of security in mergers and acquisitions, from due diligence through integration. He explores common pitfalls, essential security assessments, and practical strategies for security leaders to protect organizational value throughout the M&A process. Topic: The Challenge of Breach Transparency Every industry concerned with safety has a process for publishing the details of accidents, incidents, and failures. Cybersecurity has yet to reach this...
info_outline
Astro Oblivion, FreePBX, GitHub, OWASP, Promptlock, Claude Aaran Leyland - SWN #507
Security Weekly Podcast Network (Video)
Porn bombing the celestial zoom room and Astro Oblivion, FreePBX, GitHub, OWASP, Promptlock, Claude Aaran Leyland, and More, on this edition of the Security Weekly News. Show Notes:
info_outline
Hackers Steal Your Car and Vulnerabilities - Rob Allen - PSW #889
Security Weekly Podcast Network (Video)
Rob Allen joins us to discuss the importance of security research teams, and some cool stuff they've worked on. Then, in the Security News: Flipper Zero, unlocking cars: The saga continues The one where they stole the vulnerabilities ESP32 Bus Pirates AI will weaponize everything, maybe What are in-the-wild exploits? Docker and security boundaries, and other such lies AI-powered ransomeware BadCAM, BadUSB, and novel defenses 5G sniffers Jeff breaks down all the breach reports AI in your browser is a bad idea And How to rob a hotel - a nod to the way hacking used to be This segment is...
info_outline
vCISO Benefits as the CISO Becomes Strategic and the Board's Responsible for Security - Brian Haugli - BSW #410
Security Weekly Podcast Network (Video)
Securing top-tier cybersecurity leadership is not just a necessity but a significant challenge, especially when working within budget constraints. Should you hire a full-time CISO or outsource to a vCISO provider? Brian Haugli, CEO at SideChannel, joins BSW to discuss how organizations can hire a Virtual CISO (vCISO) to benefit from their expertise without the costs and resource requirements of a full-time hire. Brian will share: Current vCISO trends What to look for in vCISO services Who fits/doesn't fit as a vCISO vCISOs can be an effective solution for organizations that need to enhance...
info_outline
Naughty RBG, Docker, RDP, SBOMS, Kullback-Leibler, Oneflip, Youtube, Josh Marpet... - SWN #506
Security Weekly Podcast Network (Video)
Naughty RBG, Docker, RDP, SBOMS, Kullback-Leibler, Oneflip, Youtube, Josh Marpet, and more on the Security Weekly News. Show Notes:
info_outlineInterview with Harish Peri from Okta
Oktane Preview: building frameworks to secure our Agentic AI future
Like it or not, Agentic AI and protocols like MCP and A2A are getting pushed as the glue to take business process automation to the next level. Giving agents the power and access they need to accomplish these lofty goals is going to be challenging, from a security perspective.
How do put AI agents in the position to perform broad tasks autonomously without granting them all the privileges? How do we avoid making AI agents a gold mine for attackers - the first place they stop once they hack into our companies? These are some examples of the questions Okta aims to answer at this year’s Oktane event, and we aim to kick off the conversations a little early - with this interview!
Segment Resources:
- Check out securityweekly.com/oktane for all our live coverage during the event this year!
- More information about the event and how you can attend can be found here: https://www.okta.com/oktane/
- AI at Work 2025: Securing the AI-powered workforce
Topic - Indirect Prompt Injection Getting Out of Hand
Reports of indirect prompt injection issues have been around for a while. Of particular note was Michael Bargury's Living off Microsoft Copilot presentation from Black Hat USA 2024. Simply sending an email to a Copilot user could make bad stuff happen.
Now, at Black Hat 2025, we've got more: the ability to plunder any data resource connected to ChatGPT (they call these integrations "Connectors") from Tamir Ishay Sharbat at Zenity Labs. The research is titled AgentFlayer: ChatGPT Connectors 0click Attack.
Looks like Google Jules is also vulnerable to what the Embrace the Red blog is calling invisible prompts. Sourcegraph's Amp Code is also vulnerable to the same attack, which encodes instructions to make them invisible.
What's really going to ruffle feathers is the fact that all these companies know this stuff is possible, but don't seem to be able to figure out how to prevent it. Ideally, we'd want to be able to distinguish between intended instruction and instructions injected via attachments or some other means outside of the prompt box. I guess that's easier said than done?
News
Finally, in the enterprise security news,
- Drones are coming for you… to help?
- One of the most powerful botnets ever goes down
- Phishing training is still pointless
- Microsoft sets an alarm on its phone for 8 years from now to do post-quantum stuff
- vulns galore in commercial ZTNA apps
- GenAI projects are struggling to make it to production
- Adblockers could be made illegal - in Germany
- Windows is getting native Agentic support
- Automating bug discovery AND remediation?
- Public service announcement: time is running out for Windows 10
All that and more, on this episode of Enterprise Security Weekly.
Show Notes: https://securityweekly.com/esw-421