Paul's Security Weekly (Audio)

This week, we get un-curmudgeoned by Mandy, spending a bunch of time talking about regulations, compliance, and even the US federal government's commitment to cybersecurity internally and with the community at large. We even dive into some Microsoft patches, hacking defunct eScooters, and a lively discussion on ADS-B spoofing! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-911

In the security news: Rainbow tables for everyone Lilygo releases a new T-Display that looks awesome AI generated malware for real Detecting BadUSB when its not a dongle A telnetd vulnerability Google Fast Pair and how I took control of your headset Should we make CVE noise? Exploiting the Fortinet patch DIY data diode Bambu NFC reader for your Flipper Payloads in PNG files Don't leave the lab door open - amazing research and new tool release Fixing your breadboards Finding vulnerabilities in AI using AI Then, Rob Allen from ThreatLocker joins us to discuss default allow...

In the security news: KVMs are a hacker's dream Hacking an e-scooter Flipper Zero alternatives The best authentication bypass Pwning Claude Code ForiSIEM, vulnerabilities, and exploits Microsoft patches and Secure Boot fun Making Windows great, again? Breaching the Breach Forum Congressional Emails unsolicited Instagram password reset requests - Is Meta doing enough to secure the platform? LLMs are HIPAA compliant? Threat actors target LLM honeypots Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-909

This week in the security news: Supply chain attacks and XSS PS5 leaked keys Claude tips for security pros No Flipper Zeros allowed, or Raspberry PIs for that matter Kimwolf and your local network Linux is good now Removing unremovable apps without root Detecting lag catches infiltrators Defending your KVM Fixing some of the oldest code Deleting websites live on stage in costume It was a honeypot FCC is letting telecoms off easy Don't buy a Haribo power bank Ransomeware scum Fortinet vulns CISA warns about NVRs Patching MongoDB Visit https://www.securityweekly.com/psw for all...

Our field is booming! Cybersecurity jobs are projected to grow 33 percent through 2033, far outpacing the average 4 percent growth across all jobs. (And yes, those stats could be made up, but they sound nice, eh?) Yet newcomers often feel paralyzed by where to start. The truth? There's no single "right path," but there are proven strategies that work. The field needs people at all levels, and you don't need a four-year degree to break in. We'll discuss all the details, including a list of projects for beginners in Cybersecurity, plus plenty of non-technical suggestions! Visit https://www.securityweekly...

The crew makes suggestions for building a hacking lab today! We will tackle: What is recommended today to build a lab, given the latest advancements in tech Hardware hacking devices and gadgets that are a must-have Which operating systems should you learn Virtualization technology that works well for a lab build Using AI to help build your lab Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-906

This week in the security news: Linux process injection Threat actors need training too A Linux device "capable of practically anything" The Internet of webcams Hacking cheap devices Automating exploitation with local AI models Lame C2 Smallest SSH backdoor Your RDP is on the Internet These are not the high severity bugs you were looking for Low hanging fruit Your TV is spying on you, again no such thing as "offensive security" MCPs and RCEs Browser extensions collecting your AI chats And flooding TikTok with AI influencers Visit https://www.securityweekly.com/psw for all the latest...

This week in our technical segment, you will learn how to build a MITM proxy device using Kali Linux, some custom scripts, and a Raspberry PI! In the security news: Hacking Smart BBQ Probes China uses us as a proxy LOLPROX and living off the Hypervisor Are we overreating to React4Shell? Prolific Spyware vendors EDR evaluations and tin foil hats Compiling to Bash! How e-waste became a conference badge Overflows via underflows and reporting to CERT Users are using AI to complete mandatory infosec training! AI in your IDE is not a good idea Cybercrime is on...

This week we welcome Ed Skoudis to talk about the holiday hack challenge (https://sans.org/HolidayHack). In the security news: Oh Asus Dashcam botnets Weird CVEs being issued CodeRED, but not the worm Free IP checking Internet space junk and IoT Decade old Linux kernel vulnerabilities Breaking out of Claude code Malicious LLMs Hacker on a plan gets 7 years Putting passwords into random websites NPM supply chains strike again LLMs will never be intelligent   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-903

Tune in for some hands-on tips on how to use Claude code to create some amazing and not-so-amazing software. Paul will walk you through what worked and what didn't as he 100% vibe-coded a Python Flask application. The discussion continues with the crew discussing the future of vibe coding and how AI may better help in creating and securing software. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-902

In the security news: Cloudflare was down, it was not good Logitech breached The largest data breach in history? Fortinet Fortiweb - the saga continues Hacking Linux through your malware scanner, oh the irony I never stopped hating systemd The ASUS exploit that never existed If iRobot fails, can we deploy our own hacker bot army? Firmware encryption is a bitch Threat actors deply Claude Code Remembering the Viasat hack and why we can't have nice things Hacking re-entry sensors Sending signals in the wrong direction A File Format Uncracked for 20 Years And 2026 is the year of the...

This week: Minecraft on your lightbulb Sonicwall breached, who's next? Ditch Android, install Linux Hacking your face Thermostat freedom Pen test fails HackRF hacking times 2 Going around EDR Hackers in your printer Chinese data breach NFC relays and PCI Constructive construction hacks FlipperZero firmware update ICS, PLCs, and attacks Bayesian Swiss Cheese, taste good? Do you want to hack back? Keeping secrets Enforcing CMMC OWASP top ten gets a make over Android Spyware makes a LANDFALL Gemini's deep research into your documents Slopguard and AI datacenters in space! Visit https://www.securityweekly.com/psw for all the...

This week: Reversing keyboard firmware Ghost networks Invasion of the face changers Ghost tapping and whole lot of FUD AI doesn't code securely, but Aardvark can secure code De-Googling Thermostats Dodgy Android TV boxes can run Debian HackRF vs. Honda Cyberslop AI paper Turning to the darkside Poisoning the watering hole Nagios vulnerabilities VPNs are a target Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-899

In the security news this week: Cybersecurity is dead, and AI killed it Exploiting the patching system Apple makes it easier for spyware Who is patching Cisco ASA? Shove that DMCA somewhere HTTPS - a requirement Russia wants to own all the exploits Abandonware challenges Reversing at its hardest with Lua Hacking team is back, and leetspeak malware When you forget to authenticate your API Jamming with cool tech GoSpoof and After 35 Years, a Solution to the CIA's Kryptos Puzzle Has Been Found! Visit https://www.securityweekly.com/psw for all the latest episodes! Show...

In the security news: When in doubt, blame DNS, you're almost always correct How to Make Windows 11 great, or at least suck less CSRF is the least of your problems Shady exploits Linux security table stakes (not steaks) The pill camera Give AI access to your UART Security products that actually try to be secure? Firmware vulnerabilities, lots of them Teams is spying on you More details on PolarEdge VSCode, marketplaces, and developers at risk Cisco SNMP flaw used to deploy malware The 90's called, they want their exploits back This segment is sponsored by ThreatLocker. Visit...

First up is a technical segment on UEFI shells: determining if they contain dangerous functionality that allows attackers to bypass Secure Boot. Then in the security news: Your vulnerability scanner is your weakest link Scams that almost got me The state of EDR is not good You don't need to do that on a phone or Raspberry PI Hash cracking and exploits Revisiting LG WebOS Hardening Docker images Hacking Moxa NPort Shoddy academic research The original sin of computing Bodycam hacking A new OS for ESP32 The AI bubble is going to burt Mobile VPNs are...

This week we kick things off with a special interview: Kieran Human from Threat Locker talks about EDR bypasses and other special projects. In the security news: Hacking TVs Flushable wipes are not the only problem People just want to spy on their pets, except the devices can be hacked Linux EDR is for the birds What does my hat say we love exploits and hashes ESP32s in your router RF signal generator on a PI Zero Mic-E-Mouse and other things that will probably never happen, until they do Hacking with money Uninitialized variables and other things...

In addition to some fun news, we get a Mary Ann Davidson as a surprise guest. We even get a great quote from her of "You're never going to have enough cybersecurity people to defend what was never built to be defensible.". Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-894

Broadcom, LastPass, Brickstone, SEO Poisoning, QR codes, H1B visas, Distributed Computing, and More... Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-893

This week's technical segment is all about the T-Lora Pager from Lilygo, and really cool Meshtastic device that can also be used for some hacking tasks! In the security news: Your safe is not safe Cisco ASA devices are under attack VMScape HybridPetya and UEFI attacks in the wild Eveything is a Linux terminal Hackers turns 30 Hosting websites on disposable vapes NPM worms and token stealing Attackers make mistakes too AI podcasts Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-892