Win 10 exploit, Tik Tok, Lottery Hacker – SWN #4



Highlights from the Security Weekly shows this week, including dealing with personalities and compliance, Windows 10 exploits, alert fatigue in your SoC, security for startups, Windows 10 exploits, Tik Tok backdoors, lottery hacke, 5G (in)security and more!

Visit for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Win 10 exploit, Tik Tok, Lottery Hacker

Show Summaries from this week
  • On Security and Compliance Weekly, Matt, Scott Lyons, and Josh Marpet talked with Ben Rothke. Ben manages information security at Tapad. this show was focused on all the different personalities you run into when you are doing compliance and audit engagements. From my perspective those include angry people with guns and tasers but maybe it was just me.
  • On Enterprise Security Weekly, Paul, John Strang and Matt talked with Markk Orland of Bionic Cyber. The discussion focused on rethinking security operations in the enterprise. Specifically, defenders really struggle with bias, alert fatiugue, turnover, etc. which results in serious problems. Does good security really just mean creating a monitoring team and investing in products? We see this problem over and over so maybe it’s time to rethink some of these approaches.
  • Also on Enterprise Security Weekly, a second interview with Ward Cobleigh from VIAVI Solutions focused on VISA security alerts. They talked about the need for ongoing network monitoring and how to react quickly when there are indicators of compromise. I really like the idea that we should focus not just on the fact that an alert happened but how we can start to identify the scope of the breach.
  • On Business Security Weekly, Matt, Jason and Paul interviewed Al Ghous from Service Max. The conversation focused on the issues of startup security. Startups are often being run on a small budget with even more limitations on resources that can be dedicated to security hygiene. This creates an issue for the startup as Enterprises may not want to do business with non compliant small firms. Al talks about a framework to empower startups with reasonable security controls and how that can be implemented in the limited budget of startups. That site is
  • On Security Weekly News, Jason’s expert commentary focused on 5G security and the issues surrounding a sort of “rolling” standard for all this since not everyone will be on board on day 1 with any new standard.
  • on Paul’s Security Weekly, Paul, Larry, Lee, Jeff, and Tyler had an tech segent with Ryan Speers and Jeff Spielberg from River Loop Security. This segment was about “shifting security left.” This is the data from 10 years finding that it is more expensive to respond to a single vulnerability disclosuer that it is to do an end to end embedded secure design process. Basically, they are looking at how you can start identifying security issues in the development chain (particularly in regards to IoT) since the patching time cycle is so long for firmware. They also began airing the hacker culture roundtable from the xmas show with all the hosts discussing this (and special guests). Definitely worth watching that pre recorded from the now legendary xmas show if you missed it live last year.
Security News Summary


Doug White
Doug White – Professor



  • Our next webcast is February 13th with Sri Sundaralingam, Vice President, Product and Solutions Marketing at ExtraHop where we will discuss Cloud Native Network Detection and Response! Register for our upcoming webcasts by visiting, selecting the webcast drop down from the top menu bar and clicking registration.