Pipes, Thorium, Excel, Weird Ports, ATM Hillbilly Cannibal Attack, Lambdas, National Guard, AIs, Aaran Leyland, and More on this episode of the Security Weekly News.

Visit https://www.securityweekly.com/swn for all the latest episodes!

Show Notes: https://securityweekly.com/swn-499

In the security news:

• Hacking washing machines, good clean fun!
• Hacking cars via Bluetooth
• More Bluetooth hacking with Breaktooth
• Making old vulnerabilities great again: exploiting abandoned hardware
• Clorox and Cognizant point fingers
• AI generated Linux malware
• Attacking Russian airports
• When user verification data leaks
• Turns out you CAN steal cars with a Flipper Zero, so we're told
• The UEFI vulnerabilities - the hits keep coming
• Hijacking Discord invites
• The Raspberry PI laptop
• The new Hack RF One Pro
• Security appliances still fail to be secure
• Person Re-Identification via Wi-Fi

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw-885

In the leadership and communications section, The CISO code of conduct: Ditch the ego, lead for real, The books shaping today’s cybersecurity leaders, How to Succeed in Your Career When Change Is a Constant, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-406

Popup Porn, LoveSense, Tea, Fire Ant, Scatterede Spider, AI Pricing, Josh Marpet, and more on the Security Weekly News.

Visit https://www.securityweekly.com/swn for all the latest episodes!

Show Notes: https://securityweekly.com/swn-498

A successful strategy in appsec is to build platforms with defaults and designs that ease the burden of security choices for developers. But there's an important difference between expecting (or requiring!) developers to use a platform and building a platform that developers embrace. Julia Knecht shares her experience in building platforms with an attention to developer needs, developer experience, and security requirements. She brings attention to the product management skills and feedback loops that make paved roads successful -- as well as the areas where developers may still need or choose their own alternatives. After all, the impact of a paved road isn't in its creation, it's in its adoption.

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw-341

Breach analysis is one of my favorite topics to dive into and I’m thrilled Dimitri is joining us today to reveal some of the insights he’s pulled out of this GitHub Actions incident. It isn’t an overstatement to say that some of the lessons to be learned from this incident represent fundamental changes to how we architect development environments.

Why are we talking about it now, 4 months after it occurred? In the case of the Equifax breach, the most useful details about the breach didn’t get released to the public until 18 months after the incident. It takes time for details to come out, but in my experience, the learning opportunities are worth the wait.

Triggered by an op-ed from Dave Kennedy, the discussion of whether the US should launch more visible offensive cyber operations starts up again. There are a lot of factors and nuances to discuss here, and a lot of us have opinions here. We'll see if we can do any of it justice in 15 minutes.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-417

Total Recall, Steam, Storm-2063, Unmarker, Altair, Josh Marpet, and More on this episode of the Security Weekly News.

Visit https://www.securityweekly.com/swn for all the latest episodes!

Show Notes: https://securityweekly.com/swn-497

We chat with Material Security about protecting G Suite and MS365. How else are you monitoring the most commonly used cloud environments and applications?

In the security news:

• Google Sues Badbox operators
• Authenticated or Unauthenticated, big difference and my struggle to get LLMs to create exploits for me
• Ring cameras that were not hacked
• Malicous AURs
• Killing solar farms
• Weak passwords are all it takes
• Microsoft's UEFI keys are expiring
• Kali Linux and Raspberry PI Wifi updates
• Use lots of electricity, get a visit from law enforcement
• Sharepoint, vulnerabilities, nuclear weapons, and why you should use the cloud
• The time to next exploit is short
• Sonicwall devices are getting exploited
• How not to vibe code
• SMS blasters

This segment is sponsored by Material Security. Visit https://securityweekly.com/materialsecurity to see purpose-built Google Workspace and Office 365 security in action!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw-884