Paul's Security Weekly (Video)

I want ALL The Firmware - PSW #841

29 Aug 2024

Contributed by Lukas

This week: I want all the firmware, its not just TP-Link, CVEs for malware, BLE and your health, faking your own death, serial ports, stealthy Linux m...

Building AI BOMs - Helen Oakley - PSW #841

29 Aug 2024

Contributed by Lukas

Larry and Helen walk us through the AI supply chain landscape. Learn what goes into building and using AI models and the dangers that could lurk withi...

Vulnerabilities, Vulnerabilities Everywhere - PSW #840

22 Aug 2024

Contributed by Lukas

This week: YAVD: Yet Another Vulnerable Driver, why bring your own when one already exists, backdoors in MIFARE Classic, wireless hacking tips, AMD si...

How do we patch the right things? - PSW #840

22 Aug 2024

Contributed by Lukas

Every week here on the show we talk about vulnerabilities and exploits. Typically we recommend that organizations remediate these vulnerabilities in s...

LPE FTW - PSW #839

15 Aug 2024

Contributed by Lukas

This week: Option ROMS are a novel way to compromise a system at the lowest level, Sinkclose opens AMD processors up to attacks, at home in your firmw...

Cybersecurity Myths - Eugene Spafford - PSW #839

15 Aug 2024

Contributed by Lukas

Early on in his career Spaf was working with microcode and continued to work on technical projects. As time went on he realized that focusing on the n...

Things Not to Miss at BH/DC/Bsides - PSW #838

08 Aug 2024

Contributed by Lukas

Learn what is most interesting at hacker summer camp this year! Show Notes: https://securityweekly.com/psw-838

Downgrades and Attacking Security Things - PSW #838

08 Aug 2024

Contributed by Lukas

This week, Downgrade attacks, bootloader fun, check your firmware before you wreck your firmware, you've got mail server issues, Ivanti is the new Rhi...

It's Always DNS - PSW #837

01 Aug 2024

Contributed by Lukas

Hacking traffic lights (for real this time), the Docker API strikes again, access Github deleted data, using EDR to elevate privileges on Windows, com...

PK Fail - John Loucaides - PSW #837

01 Aug 2024

Contributed by Lukas

John is one of the foremost experts in UEFI and joins us to talk about PK Fail! What happens when a vendor in the supply chain accidentally loses a ke...

Crowdstrike: The Aftermath - PSW #836

25 Jul 2024

Contributed by Lukas

Segment description coming soon!The Crowdstrike incident: what happened and what we can do better, people forget what 0-Day really means, shutting off...

MS Patch Tuesday: Which Vulnerabilities Really Need Prioritizing. - Douglas McKee - PSW #836

25 Jul 2024

Contributed by Lukas

Doug and the Security Weekly crew talk about vulnerabilities, are we patching the right things? This is the burning question. We will try to answer it...

Vulnerability Chains - PSW #835

18 Jul 2024

Contributed by Lukas

Find new flaws in UEFI using STASE, combining vulnerabilities to exploit Sonicwall Devices, remote BMC exploits, Netgear patches, and not a lot of inf...

3D Printing For Hackers - David Johnson - PSW #835

18 Jul 2024

Contributed by Lukas

Thinking about getting a 3D printer or have one and need a good primer? Check out this segment, we live 3D print a Captain Crunch whistle and talk all...

More Vulnerability Shenanigans - PSW #834

12 Jul 2024

Contributed by Lukas

Bats in your headset, Windows Wifi driver vulnerabilities, Logitech's dongles, lighthttpd is heavy with vulnerabilities, node-ip's not vulnerability, ...

RFID hacking - Iceman - PSW #834

11 Jul 2024

Contributed by Lukas

Iceman comes on the show to talk about RFID and NFC hacking including the tools, techniques, and hardware. We'll also talk about the ethics behind the...

Hacker Heroes - Joe Grand - PSW Vault

03 Jul 2024

Contributed by Lukas

Exploring the Hardware Hacking Realm with Joe Grand, AKA Kingpin Joe Grand, also known by his hacker pseudonym "Kingpin," stands as a prominent figure...

Hack all the things, patch all the things - PSW #833

27 Jun 2024

Contributed by Lukas

Zyxl NAS devices are under attack and the exploit is pretty simple, A new UEFI vulnerability with a name that some people don't like, that time you se...

Do We Need Penetration Testing and Vulnerability Scanning? - Adrian Sanabria, Josh Bressers - PSW #833

27 Jun 2024

Contributed by Lukas

This may be controversial, however, we've been privately discussing how organizations benefit from penetration testing and vulnerability scanning. Do ...

Hacker Heroes - Dave Aitel - PSW Vault

19 Jun 2024

Contributed by Lukas

Exploring the Strategic Minds in Cybersecurity: A Conversation with Dave Aitel Welcome to an enlightening episode of our podcast, where we sit down wi...

Bricking PCs and IoT Hacking - PSW #832

13 Jun 2024

Contributed by Lukas

Skyrocketing IoT vulnerabilities, bricked computers?, MACBORG!, raw dogging source code, PHP strikes again and again, if you have a Netgear WNR614 rep...

GenAI, Security, and More Lies - Aubrey King - PSW #832

13 Jun 2024

Contributed by Lukas

We will discuss LLM security in general and some of the issues covered in the OWASP Top 10 for LLMs! Segment Resources: https://genai.owasp.org/ Sho...

Routers, Breaches, and Vulnerabilities - PSW #831

06 Jun 2024

Contributed by Lukas

This week: Take on the upstream, how hard is it to patch end-of-life software, hack millions of routers, take over millions of routers, 0-days, and no...

Whose Vulnerability Is It Anyway? - Josh Bressers - PSW #831

06 Jun 2024

Contributed by Lukas

Josh comes on the show to discuss all things related to vulnerability tracking and scoring, including the current issues with various systems and orga...

Hacker Heroes - Josh Corman - PSW Vault

04 Jun 2024

Contributed by Lukas

Making The World A More Secure Place: Joshua Corman's Journey and Insights Welcome to an insightful podcast episode featuring Joshua Corman, a promine...

Exploits Make You More Secure - PSW #830

23 May 2024

Contributed by Lukas

An exploit that makes you more secure, pardon the interruption, water heater company in hot water, IoT devices are vulnerable, Squeege and RDP scrapin...

Pen Testing As A Service - Seemant Sehgal - PSW #830

22 May 2024

Contributed by Lukas

The Security Weekly crew and special guest Seemant Sehgal explore what PTaaS involves, how it differs from traditional penetration testing, and why it...

Vulnrichment, Hardware Hacking, VPNs - PSW #829

17 May 2024

Contributed by Lukas

Vulnrichment (I just like saying that word), Trustworthy Computing Memo V2, SSID confusion, the Flipper Zero accessory for Dads, the state of exploita...

The Impacts Of Cryptocurrency - Nicholas Weaver - PSW #829

16 May 2024

Contributed by Lukas

Has cryptocurrency done more harm than good? Our guest for this segment has some interesting views on its impacts! Show Notes: https://securityweekly....

Hacker Heroes - Jeremiah Grossman - PSW #828

09 May 2024

Contributed by Lukas

Illuminating the Cybersecurity Path: A Conversation with Jeremiah Grossman Join us for a compelling episode featuring Jeremiah Grossman, a prominent f...

Corporate Ransomware Deep Dive - Mikko Hypponen - PSW #828

08 May 2024

Contributed by Lukas

In this RSAC 2024 South Stage Keynote, Mikko Hyppönen will look back at the past decade of ransomware evolution and explore how newer innovations, li...

ChatGPT Writes Exploits - PSW #827

02 May 2024

Contributed by Lukas

ChatGPT writes exploits, banning default and weak passwords, forget vulnerabilities just get rid of malware, IR blasting for fun and not profit, creat...

Kicking Off With Crypto - PSW #827

02 May 2024

Contributed by Lukas

The Security Weekly crew discusses some of the latest articles and research in cryptography and some background relevant subtopics including the race ...

Your TV Is Scanning You - PSW #826

25 Apr 2024

Contributed by Lukas

This week the crew discusses: When TVs scan your network, bad things can happen, PuTTY is vulnerable, Crush FTP, vulnerabilities that will never be fi...

Advising The President On Cyber-Physical Resilience - Philip Venables - PSW #826

24 Apr 2024

Contributed by Lukas

On February 27, 2024, PCAST (President's Council of Advisors on Science and Technology) sent a report to the President with recommendations to bolster...

Hacker Heroes - Winn Schwartau - PSW #825

18 Apr 2024

Contributed by Lukas

Pioneering the Cyber Battlefield: A Deep Dive with Winn Schwartau, Cybersecurity Luminary Get ready for an extraordinary episode as we sit down with W...

PCI 4.0 - PSW #825

17 Apr 2024

Contributed by Lukas

Version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS) puts greater emphasis on application security than did previous versions of ...

Why Is Your TV & NAS On The Internet? - PSW #824

11 Apr 2024

Contributed by Lukas

Ahoi new VM attacks ahead! HTTP/2 floods, USB Hid and run, forwarded email tricks, attackers be scanning, a bunch of nerds write software and give it ...

Digging Into Supply Chain Security - James McMurry - PSW #824

11 Apr 2024

Contributed by Lukas

Jim joins the Security Weekly crew to discuss all things supply chain! Given the recent events with XZ we still have many topics to explore, especiall...

It's A Minifilter! - PSW #823

04 Apr 2024

Contributed by Lukas

pfSense switches to Linux (April Fools?), Flipper panic in Oz, Tales from the Krypt, Funding to secure the Internet, Abusing SSH on Windows, Blinding ...

XZ - Backdoors and The Fragile Supply Chain - PSW #823

04 Apr 2024

Contributed by Lukas

As most of you have probably heard there was a scary supply chain attack against the open source compression software called "xz". The security weekly...

Crypto, Bluetooth Vulns, Unsafe Locks - PSW #822

28 Mar 2024

Contributed by Lukas

The PSW crew discusses some crypto topics, such as post-quantum and GoFetch, new Flipper Zero projects, RFID hacking and hotel locks, BlueDucky, side ...

Are we winning? - Jason Healey - PSW #822

28 Mar 2024

Contributed by Lukas

Jason Healey comes on the show to discuss new ideas on whether the new national cybersecurity strategy is working. Segment Resources: DEFRAG Hacker F...

A Dive into Vulnerabilities and Compliance - PSW #821

21 Mar 2024

Contributed by Lukas

We discuss the always controversial Flipper Zero devices the hidden risks in the undersea cables, and the landscape of government oversight, revealing...

Securing All The Things - Josh Corman - PSW #821

21 Mar 2024

Contributed by Lukas

Josh Corman joins us to explore how we can make things more secure, making companies make things more secure, and making regulations that make us make...

Printers Are "Not Nice" - PSW #820

14 Mar 2024

Contributed by Lukas

In the security News end of life routers and exploits, SCCM mis-configurations lead to compromise, apparently you can hack anything with a Flipper Zer...

Memory Safety, Re-Writing Software, and OSS Supply Chains - Omkhar Arasaratnam - PSW #820

14 Mar 2024

Contributed by Lukas

Omkhar Arasaratnam is the General Manager of the Open Source Software Foundation (OpenSSF) and appears on the show to discuss memory safety, why re-wr...

DCNextGen, Memory Safety And More! - PSW #819

07 Mar 2024

Contributed by Lukas

BiaSciLab from DEF CON joins us to discuss DCNextGen! In the security News: MouseJacking still works, CISA recommends a complete rebuild, memory safet...

Facing the Reality of Risk Prioritization - Dan DeCloss - PSW #819

07 Mar 2024

Contributed by Lukas

Public information about exploits and vulnerabilities alone is not enough to inform prioritization, especially with the growing rate and variety of CV...

Malware In Strange Places, Overheating, LockBit - PSW #818

29 Feb 2024

Contributed by Lukas

The latest attacks against WiFi, its illegal to break encryption, BLE Padlocks are as secure as you think, when command not found attacks, how did you...

Social Engineering: AI & Living Off The Land - Jayson E. Street - PSW #818

29 Feb 2024

Contributed by Lukas

Jayson joins us to discuss how he is using, and social engineering, AI to help with his security engagements. We also talk about the low-tech tools he...

Illuminating Cybersecurity Wisdom: Insights from a Thought Leader - Wendy Nather - PSW Vault

21 Feb 2024

Contributed by Lukas

Join us in this illuminating podcast episode as we sit down with Wendy Nather, a distinguished thought leader and cybersecurity strategist, who has le...

Navigating the Cybersecurity Frontier: Insights from a Seasoned Professional - Toby Miller - PSW #817

15 Feb 2024

Contributed by Lukas

Welcome to a riveting episode of Hacker Heroes, where we sit down with Toby Miller, a distinguished figure in the realm of cybersecurity. Toby brings ...

Panel: Physical Security and Social Engineering - PSW #817

15 Feb 2024

Contributed by Lukas

In this segment, we discuss topics related to physical security and social engineering. We also touch on the challenges and strategies for implementin...

Shim Shady and Algorithm Lovers - PSW #816

09 Feb 2024

Contributed by Lukas

In the Security News: - Shim Shady, Up Shims Creek, whatever you want to call it, there's a vulnerability affecting pretty much all Linux distribution...

You Can't Defend What You Can't Define - Sergey Bratus - PSW #816

08 Feb 2024

Contributed by Lukas

As a computer-smitten middle-schooler in the former Soviet Union in the 1970s, to his current and prominent role in the cybersecurity research communi...

Identifying Bad By Defining Good - Danny Jenkins - PSW #815

01 Feb 2024

Contributed by Lukas

Danny Jenkins, CEO & Co-Founder of ThreatLocker, a cybersecurity firm providing Zero Trust endpoint security, is a leading cybersecurity expert with o...

CVE, CVSS, EPSS Falls Short - PSW #815

01 Feb 2024

Contributed by Lukas

When an RCE really isn't, your kernel is vulnerable, calling all Windows 3.11 experts, back to Ebay, Turkish websites and credentials, 10 public explo...

MS Breach, printers, Android hacking - PSW #814

25 Jan 2024

Contributed by Lukas

In the Security News: Don't expose your supercomputer, auth bypass and command injection FTW, just patch it, using OSQuery against you, massive creden...

What Smart CISOs and Mature Orgs Get That Others Don't About Cyber Compliance - Matt Coose - PSW #814

25 Jan 2024

Contributed by Lukas

Matt Coose is the founder and CEO of cybersecurity compliance firm Qmulos, previously the director of Federal Network Security for the National Cyber ...

Bigpanzi, PixieFAIL, Dark Xmas - PSW #813

18 Jan 2024

Contributed by Lukas

In the Security News: Bricked Xmas, If you can hack a wrench, PixieFail and disclosure woes, exposing Bigpanzi (more Android supply chain issues, 20 y...

K-12 Cybersecurity - Brian Stephens - PSW #813

18 Jan 2024

Contributed by Lukas

With a recent increase in government attention on K–12 cybersecurity, there is a pressing need to shed light on the challenges school districts face...

We're Old Now - PSW #812

11 Jan 2024

Contributed by Lukas

The Exploit Prediction Scoring System is Awesome, or so some say, Reflections on InfoSec, Why some people don't trust science, SSH-Snake, Back in the ...

The Evolution of Purple Teaming - Jared Atkinson - PSW #812

11 Jan 2024

Contributed by Lukas

Jared would like to discuss the evolution of purple teaming. Put bluntly, he believes traditional purple team approaches don't test enough variations ...

Hacker Heroes - Casey Ellis - PSW Vault

03 Jan 2024

Contributed by Lukas

Unleashing the Power of Crowdsourced Cybersecurity: A Conversation with Casey Ellis, Founder of Bugcrowd ️Meet Casey Ellis, the visionary entreprene...

Interview with Dr. Whitfield Diffie - PSW Vault

27 Dec 2023

Contributed by Lukas

Dr. Diffie is a pioneer of public-key cryptography and was VP of Information Security and Cryptography at ICANN. He is author of "Privacy on the Line:...

Learning About Firmware Security - Xeno Kovah - PSW #811

21 Dec 2023

Contributed by Lukas

Firmware security is a deeply technical topic that's hard to get started in. In this episode of Below the Surface, Xeno will discuss some past work in...

Supply Chain - PSW #811

20 Dec 2023

Contributed by Lukas

AI generated description fun: "As the glasses are filled and the mood lightens, our veteran guests, each with a legendary tale or two tucked under the...

LogoFAIL, Default Passwords and Android Hacking - PSW #810

14 Dec 2023

Contributed by Lukas

Analyzing firmware with EMBA, TinyXML, and the ugly supply chain, ignoring vulnerabilities that allow attackers to turn off your vehicle, Android lock...

Embracing AI - Alex Sharpe - PSW #810

14 Dec 2023

Contributed by Lukas

Mr. Sharpe is a long-time (+30 years) Cybersecurity, Governance, and Digital Transformation expert with real-world operational experience. Mr. Sharpe ...

Holiday News Edition Featuring Special Guests - PSW #809

09 Dec 2023

Contributed by Lukas

In the Security News: If we still can't change default passwords, we all lose, The Flipper Zero, NO CVE FOR YOU, New tools that are not new at all, Th...

Vulnerability Management and Disclosure - PSW #809

09 Dec 2023

Contributed by Lukas

I like how ChatGPT describes this segment: "Picture a dimly lit room filled with the nostalgic hum of old computers and the subtle clinking of ice in ...

Hardware Hacking - PSW #809

09 Dec 2023

Contributed by Lukas

The Security Weekly crew dives into a discussion on the latest hardware hacking techniques, including the hardware/software/firmware used to conduct v...

Vulnerability Reporting, Zyxel, GPS Spoofing - PSW #808

30 Nov 2023

Contributed by Lukas

We navigate through dangerous cyber terrain, examining real-world examples like the WebP library and the Curl vulnerability. Critical issues in Zyxel ...

AI, LLMs and Some Hardware Hacking - Matthew Carpenter - PSW #808

30 Nov 2023

Contributed by Lukas

Our good friend Matt Carpenter joins us to share his thoughts on what's going on in the world of AI and LLMs. Matt is also a hacker specializing in ha...

AI and LLMs - Think of the Children - Josh More - PSW #808

30 Nov 2023

Contributed by Lukas

What will the future bring with respect to AI and LLMs? Josh has spent some time thinking about this and brings us some great resources. We'll discuss...

Interview with Brian Snow - PSW Vault

22 Nov 2023

Contributed by Lukas

Brian Snow spent his first 20 years at NSA doing and directing research that developed cryptographic components and secure systems. Many cryptographic...

SSH Under Attack, IoT Routers, BLE Spam, & Patching a House of Cards - PSW #807

16 Nov 2023

Contributed by Lukas

In the Security News: SSH under attack, IoT routers have vulnerabilities, the BLE Spam attacks still work against iPhones, there is a longer story beh...

3 Layers of App Security to Keep Hackers Out, Let Customers In - Aviad Mizrachi - PSW #807

16 Nov 2023

Contributed by Lukas

Attackers pursue the shortest path to achieve their goals in your app. With a tri-layered security architecture, you can force hackers to crawl throug...

Firmware, Mainframes, Security and Risk - PSW #806

09 Nov 2023

Contributed by Lukas

Do people still use mainframes? IoT and firmware security, Apple Find my, Bluetooth is the gift that keeps on giving, to hackers that is, and more! Sh...

Testing AI Before It Comes To Get You - Austin Carson - PSW #806

09 Nov 2023

Contributed by Lukas

Austin spends the majority of his time thinking about ways to abuse LLMs, the impact of the attacks, and the effects on society. He brings a truly uni...

Source Code Revealed, Resume Prompt Injection, iPhones Be Updating, & Florida Man - PSW #805

02 Nov 2023

Contributed by Lukas

In the Security News: If an exploit falls in the forest do I still need to patch?, Reflections on trusting trust: the source code revealed, prompt inj...

Trustworthy AI for National Security - Kathleen Fisher - PSW #805

01 Nov 2023

Contributed by Lukas

AI/ML is providing significant benefits in a wide range of application domains but also provides adversaries with a new attack surface. Learn about DA...

VSCode Vulnerabilities - Thomas Chauchefoin, Paul Gerste - PSW #804

26 Oct 2023

Contributed by Lukas

Sonar Vulnerability Researchers Thomas Chauchefoin and Paul Gerste conducted research on the security of Visual Studio Code — the most popular code ...

Shenanigans and more - PSW #804

26 Oct 2023

Contributed by Lukas

We officially welcome Bill Swearingen to our expert panel of PSW hosts, and discuss the news including hacking shenanigans, QNAP, recovering crypto cu...

Fried Squid, Flipper Zero BLM Spam, Apple Devices, Signal Vulns? & Android TV Devices - PSW #803

19 Oct 2023

Contributed by Lukas

In the Security News: Fried squid is tasty, but the squid proxy is vulnerable, Flipper zero and other tools can now BLE Spam more than just Apple devi...

Meet the Cyber Mercenary who can Overthrow a Government - Chris Rock - PSW #803

19 Oct 2023

Contributed by Lukas

Chris Rock is a Cyber Mercenary who has worked in the Middle East, US and Asia for the last 30 years working for both government and private organizat...

Android TVs (Malware Included), Patch Netscaler, Fixing Legacy Auth, & GNOME Bugs! - PSW #802

12 Oct 2023

Contributed by Lukas

In the Security News: Windows 11 tries to fix legacy authentication, Rapid resets and the world's largest DDoS attack, we finally get to see the cURL ...

Getting Started With Reverse Engineering Hardware - PSW #802

12 Oct 2023

Contributed by Lukas

Resources we mentioned: * The Hardware Hackers Handbook is a great start * Do a badge challenge: https://www.cyberark.com/resources/threat-research-b...

Fake Dead Grandma's, No Flipper Zero, Looney Tunables, & $20 Mil For Zero Days - PSW #801

05 Oct 2023

Contributed by Lukas

In the Security News: No Flipper Zero for you!, your glibc is hanging out and other Looney Tunables, and it vulnerable, for no reasons, other than the...

Malware Trends - Anuj Soni - PSW #801

05 Oct 2023

Contributed by Lukas

Anuj joins us to discuss recent trends in malware. What are the malware authors up to lately? What are the latest techniques for reverse engineering m...

The Right Skills For The Job - Kayla Williams - PSW #800

28 Sep 2023

Contributed by Lukas

Just what are the right skills to have or acquire to work in cybersecurity today? Kayla and the Security Weekly crew talk about it in this segment. We...

Snowden Revelations, Cult of The Dead Cow Saves The Internet, & Stealing Your Pixels - PSW #800

28 Sep 2023

Contributed by Lukas

This week, First up its the Security News: libwebp or die: we unravel some of the details behind the webp vulnerability first fixed by Apple and Googl...

Ncurses & Bad Things, LVFS is NOT a Backdoor, Physical Proximity, & Oh, Fortinet! - PSW #799

21 Sep 2023

Contributed by Lukas

In the Security News: LVFS is not a backdoor, attackers are in physical proximity, when you need to re-cast risk, oh Fortinet, pre-installed backdoors...

AI Attacks and LLM Security Matters - Nathan Hamiel - PSW #799

21 Sep 2023

Contributed by Lukas

Nathan comes on the show to discuss LLMs, such as ChatGPT, the issues we face today and in the future. Learn about prompt injection attacks, jailbreak...

Cisco 0-Day, Chrome Vulnerability, MGM Shut Down, & More! - PSW #798

14 Sep 2023

Contributed by Lukas

Lots in the Security News this week. Stay tuned! Show Notes: https://securityweekly.com/psw-798 

Ransomware Infection Vectors - Ryan Chapman - PSW #798

14 Sep 2023

Contributed by Lukas

Ryan has his finger on the pulse of ransomware and response. We discuss how the initial infections are occurring, how they've changed over time, and w...

Interview with Dr. Gene Spafford - Eugene Spafford - PSW Vault

06 Sep 2023

Contributed by Lukas

Check out this interview from the PSW Vault, hand picked by main host Paul Asadoorian! This segment was originally published on February 4, 2013. Dr. ...

WinRAR Deets, A WIFI Worm, Inside McFlurries, & Jeff's Book Review - PSW #797

31 Aug 2023

Contributed by Lukas

In the Security News: How not to send all your browser data to Google, apparently Microsoft needs pressure to apply certain fixes, the mutli-hundred-b...

Incident Response: Clouds, SMBs, and more! - Amanda Berlin - PSW #797

30 Aug 2023

Contributed by Lukas

Amanda joins us to discuss aspects of incident response, including how to get the right data to support findings related to an incident, SMB challenge...