Paul’s Security Weekly Episode #688 – March 25, 2021
Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe
1. Taming Vulnerability Overload – 06:00 PM-06:45 PM
Sponsored By

Visit https://securityweekly.com/ for more information!
Announcements
-
Our next live webcast will be on April 29th at 11am ET where you will learn how to prepare for modern ransomware attacks! Visit https://securityweekly.com/webcasts to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand
Description
Visit https://securityweekly.com/ for more information!
Announcements
-
Our next live webcast will be on April 29th at 11am ET where you will learn how to prepare for modern ransomware attacks! Visit https://securityweekly.com/webcasts to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand
Description
Almost weekly, hackers discover and exploit vulnerabilities in popular programs like SolarWinds and Microsoft Exchange Server, impacting thousands. While it would be great to eradicate these vulnerabilities in the programs themselves, it is unlikely to happen any time soon. That’s why patching vulnerabilities quickly is important, yet even when patches are available, companies often fail to patch promptly. We’ll discuss barriers companies face that delay patching and Qualys’ experience with creating free services that help companies detect specific vulnerabilities and patching remotely for events like the SolarWinds and Microsoft Exchange incidents. The session will include a brief demo of Qualys free 60-day service to detect, prioritize, and patch vulnerable Exchange servers, and to detect environments missing compensating controls.
This segment is sponsored by Qualys.
Visit https://securityweekly.com/ to learn more about them!
Guest(s)
|
Mehul Revankar – VP Product Management and Engineering, VMDR at Qualys @MehulRevankar Mehul is a cybersecurity professional with over 15 years of experience in Vulnerability Management, Policy Compliance and Security Operations. He leads the product management and engineering functions for VMDR (Vulnerability Management, Detection and Response) at Qualys. Before joining Qualys, Mehul led development of vulnerability and patch management products at SaltStack, and prior to that he led multiple research teams at Tenable. |
Hosts
Doug White @dougwhitephd Professor at Roger Williams University |
Jeff Man @MrJeffMan Sr. InfoSec Consultant at Online Business Systems |
Lee Neely @lelandneely Senior Cyber Analyst at Lawrence Livermore National Laboratory |
Paul Asadoorian @securityweekly Founder at Security Weekly |
2. Open Redirects – An Underestimated Vulnerability – 07:00 PM-07:45 PM
Sponsored By

Visit https://securityweekly.com/netsparker for more information!
Announcements
-
Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
Description
Visit https://securityweekly.com/netsparker for more information!
Announcements
-
Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
Description
Learn what redirects are, the different types, how they work and how they are exploited by attackers. Oh, also learn how to defend against redirect attacks!
Sven’s Slide Deck – Open Redirects: https://securityweekly.com/wp-content/uploads/2021/03/Netsparker-Sven-Morgenroth-3-25-21-Open-Redirect.pdf
This segment is sponsored by Netsparker.
Visit https://securityweekly.com/netsparker to learn more about them!
Presenter(s)
|
Sven Morgenroth – Security Researcher at Netsparker @asdizzle_ Sven Morgenroth is a security researcher at Netsparker. He found filter bypasses for Chrome’s XSS auditor and several web application firewalls. He likes to exploit vulnerabilities in creative ways and has hacked his smart TV without even leaving his bed. Sven writes about web application security and documents his research on the Netsparker blog. |
Hosts
Doug White @dougwhitephd Professor at Roger Williams University |
Jeff Man @MrJeffMan Sr. InfoSec Consultant at Online Business Systems |
Joff Thyer @joff_thyer Security Analyst at Black Hills Information Security |
Lee Neely @lelandneely Senior Cyber Analyst at Lawrence Livermore National Laboratory |
Paul Asadoorian @securityweekly Founder at Security Weekly |
3. DOOM Exploit, iPhone Deep Fakes, & 11 0-Days Infect Devices – 08:00 PM-09:30 PM
Announcements
-
Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, and join our Discord Server!
-
If you missed Security Weekly Unlocked, you can now access all of the content on-demand, whether you registered before the live event or not, by visiting https://securityweekly.com/unlocked and clicking either the button to register or the button to login!
Description
This week in the Security News: Doom exploit wins an award, a puzzle honors Alan Turing, anyone can create a deepfake, Jabber bugs, unquoted service paths, Nim malware, Deadly sins of secure coding, & are we living in the toughest time of Cybersecurity?
Register to attend Joff Thyer’s upcoming Wild West Hacking Fest course “Enterprise Attacker Emulation and C2 Implant Development”: http://bit.ly/JoffsC2Class
Hosts
Doug White @dougwhitephd
Professor at Roger Williams University |
|
Jeff Man @MrJeffMan
Sr. InfoSec Consultant at Online Business Systems |
|
Joff Thyer @joff_thyer
Security Analyst at Black Hills Information Security |
Lee Neely @lelandneely
Senior Cyber Analyst at Lawrence Livermore National Laboratory |
|
Paul Asadoorian @securityweekly
Founder at Security Weekly |
|