Эпизоды
-
This week, we dive into the world of Meshtastic and LoRa—two technologies empowering secure, long-range, and infrastructure-free communication. We'll talk about the origins of Meshtastic, how LoRa radio works, and why mesh networking is revolutionizing off-grid messaging for adventurers, hackers, emergency responders, and privacy advocates alike. We break down the available hardware, walk you through firmware installation, and share real-world use cases of LoRa to create decentralized, encrypted networks. Whether you’re a hacker, a prepper, or just curious about the future of resilient communication, this episode is packed with insights and practical tips you won’t want to miss!
This segment is sponsored by ThreatLocker. Visit https://www.securityweekly.com/threatlocker to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-881
-
This conversation explores the intersection of cybersecurity and emerging technologies, focusing on innovative hacking techniques, the evolution of vulnerability management, and the critical importance of asset discovery. The discussion also delves into the implications of cyber warfare, the persistent threat of default passwords, and the integration of open source tools in enhancing security measures. The conversation delves into various aspects of cybersecurity, focusing on aircraft tracking, data filtering, the evolution of vulnerability management, and the role of AI in enhancing security measures. The speakers discuss the challenges posed by default credentials and the shared responsibility model in cloud infrastructure. They also explore the limitations of AI in cybersecurity and the potential for future advancements, particularly in localized LLMs. The conversation delves into the intersection of technology, cybersecurity, and privacy, exploring the implications of AI on energy demands, vulnerabilities in telecom infrastructure, the complexities of network maintenance, and the challenges of ransomware negotiations. The discussion also touches on privacy concerns related to data tracking by major tech companies like Meta and Apple, as well as the evolving landscape of legal implications in the face of cyber threats.
This segment is sponsored by runZero. Get complete visibility across your total attack surface in literally minutes - no agents, no authentication required. Start a free trial or access the free Community Edition at https://securityweekly.com/runzero.
HD Moore joins us to discuss finding all the things and how vulnerability management has changed. In the security news:
Hacking from a light bulb Reverse engineering, the easy ways Detecting Jitter FCC probes into Cyber Trust Mark Bluetooth Jamming New Wifi Apple features: What could go wrong? Just turn off the Internet for the entire country Meta's Localhost tracking Hacking printers, for realz this time Are we not patching 2023 CVEs? Cleaning up legacy drivers One of the Best Hackers in the Country is an AI BotVisit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-880
-
Пропущенные эпизоды?
-
This week: * The true details around Salt Typhoon are still unknown * The search for a portable pen testing device * Directories named "hacker2" are suspicious * Can a $24 cable compete with a $180 cable? * Hacking Tesla wall chargers * Old Zyxel exploits are new again * Hacking Asus drivers * Stealing KIAs - but not like you may think * Fake articles * Just give everything to LLMs, like Nmap * Retiring Floppy disks * An intern leaked secrets * Discord link hijacking * Cray vs. Raspberry PI * More car hacking with BMW
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-879
-
This week:
You got a Bad box, again Cameras are expose to the Internet EU and connected devices Hydrophobia NVRAM variables Have you heard about IGEL Linux? SSH and more NVRAM AI skeptics are nuts, and AI doesn't make you more efficient Trump Cybersecurity orders I think I can root my Pixel 6 Decentralized Wordpres plugin manager Threat actor naming conventions I have the phone number linked to your Google account Fortinet flaws exploited in ransomeware attacks (and how lack of information sharing is killing us) retiring floppy disks fault injection for the masses there is no defender AI blackmailsVisit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-878
-
Two parts to this episode:
Tech Segment: Updating Linux Systems - Beyond apt-get upgrade * Custom scripts for ensuring your Linux systems are up-to-date * topgrade - tutorial for using topgrade to update Linux systems on various Linux distributions
Discussion Topic: Anti-Malware and/or EDR on Linux Platforms * PCI calls for scanning Linux systems * What tools exist for analyzing Linux systems? (AIDE, uac, chkrootkit) * Best Anti-Malware for Linux - Commercial tools, open-source, both, none? * ClamAV - fa-notify and the dangers
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-877
-
In the security news:
Vicious Trap - The malware hiding in your router Hacking your car WSL is open-source, but why? Using AI to find vulnerabilities - a case study Why you should not build your own password manager The inside scoop behind Lumma Infostealer Hacking a smart grill Hardcoded credentials on end of life routers and "Alphanetworks" SIM swapping is still happening LoRa for C2 Russian drones use Telegram Flipper Zero mod for the LOLZ Signal blocks Recall CISA loses more peopleVisit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-876
-
This week in the security news:
Malware-laced printer drivers Unicode steganography Rhode Island may sue Deloitte for breach. They may even win. Japan's active cyber defense law Stop with the ping LLMs replace Stack Overflow - ya don't say? Aggravated identity theft is aggravating Ivanti DSM and why you shouldn't use it EDR is still playing cat and mouse with malware There's a cellular modem in your solar gear Don't slack on securing Slack XSS in your mail SIM swapping and the SEC Ivanti and libraries Supercomputers in space!Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-875
-
This week in the security news:
Android catches up to iOS with its own lockdown mode Just in case, there is a new CVE foundation Branch privilege injection attacks My screen is vulnerable The return of embedded devices to take over the world - 15 years later Attackers are going after MagicINFO Hacking Starlink Mitel SIP phones can be hacked Reversing with Hopper Supercharge your Ghidra with AI Pretending to be an anti-virus to bypass anti-virus macOS RCE - perfect colors End of life routers are a hackers dream, and how info sharing sucks Ransomware in your CPU Disable ASUS DriverHub Age verification and privacy concernsVisit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-874
-
Security news for this week:
RDP and credentials that are not really revoked, and some RDP bitmap caching fun Some magic info on MagicINFO Vulnerability Management Zombies There is a backdoor in your e-commerce Airborne: vulnerabilities in AirPlay Bring your own installer - crafty EDR bypass The Signal clone used by US government officials: shocker: has been hacked AI slop vulnerability reporting Bricking iPhones with a single line of code Hacking planet technology Vibe hacking for the win? Cybersecurity CEO arrested for deploying malware Hello my perverted friend FastCGI - fast, but vulnerableVisit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-873
-
The PSW crew discusses tips, tricks, and traps for using AI and LLMs. We discuss a wide range of AI-related topics, including how to utilize AI tools for writing, coding, data analysis, website design, and more! Some key takeaways include:
AI has rapidly shifted from novelty to an essential tool in security and other fields. Paid AI versions offer significant advantages for professionals. Legal, ethical, and copyright questions around AI-generated content remain unresolved. Human skills, critical thinking, communication, and adaptability are more important than ever. AI is a powerful assistant, but not a replacement for expertise, creativity, or judgment. Fact-checking AI outputs and understanding bias are critical in the age of generative AI.This episode offers a comprehensive, practical, and philosophical look at how AI is reshaping security, education, and society, providing both optimism and caution for the future.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-872
-
The crosswalk is talking to me man!, don't block my website without due process, Florida is demanding encryption backdoors, attacking boilers and banning HackRF Ones, time to update your flipper zero, using AI to create working exploits, what happens when you combine an RP2350 and an ESP32? Hopefully good hackery things!, more evidence that patching is not enough, auditing the PHP source code, reading the MEGA advisories, threat actors lie about data breaches (you don't say?), the data breach that Hertz, CISA warns of ransomware, some can't get Ahold of data breaches, please don't let people take control of your PC over Zoom and Paul's hot takes on: 4chan hack, the CVE program, and Microsoft Recall!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-871
-
In the security news this week: You should really just patch things, the NVD backlog, Android phones with malware pre-installed, so convenient, keyloggers and a creepy pharmacist, snooping on federal workers, someone stole your browser history, NSA director fired, deputy director of NSA also fired, CrushFTP the saga continues, only steal the valid credit cards, another post that vanished from the Internet, hiding in NVRAM, protecting the Linux kernel, you down with MCP?, more EOL IoT, bypassing kernel protections, when are you ready for a pen test, red team and bug bounty, what EDR is really missing, and based on this story you should just patch everything all the time!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-869
-
Rob Allen, Chief Product Officer at Threatlocker joins us for an interview segment on using AI in security products: What works and what's not fully baked! Then in the security news, There are more holes in your boot...loader according to Microsoft, related: Secure Boot is in danger and no one is really talking about it (still), Dear Microsoft: I don't want to send you my data, I don't grant you remote access, and I don't want to create a MS account, CrushFTP has to crush some bugs, bypassing unprivileged user namespace restrictions, FBI raids, attackers using your GPU, Find My anything, protecting GlobalProtect, the exploits will continue until things improve, your call records were not protected, good vs. bad drivers, AI is hacking AI, time traveling attacks, and a bizarre call for security researchers.
This segment is sponsored by ThreatLocker. Visit https://www.securityweekly.com/threatlocker to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-868
-
How do we handle scope creep for vulnerabilities?, find the bugs before it hits the real world, risk or hype vulnerabilities, RTL-SDR in a browser, using AI to hack AI and protect AI, 73 vulnerabilities of which 0 patches have been issued, Spinning Cats, bypassing WDAC with Teams and JavaScript, Rust will solve all the security problems, did you hear some Signal chats were leaked?, ingress nginx, robot dogs, what happens to your 23andme data?, Oracle's cloud was hacked, despite what Oracle PR says, inside the SCIF, and cvemap to the rescue.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-867
-
This week: Compliance, localization, blah blah, the Greatest Cybersecurity Myth Ever Told, trolling Microsoft with a video, Github actions give birth to a supply chain attack, prioritizing security research, I'm tired of 0-Days that are not 0-Days, sticking your head in the sand and believing everything is fine, I'm excited about AI crawlers, but some are not, Room 641A, a real ESP32 vulnerability, do we need a CVE for every default credential?, smart Flipper Zero add-ons, one more reason why people fear firmware updates, no more Windows 10, you should use Linux, and I have a Linux terminal in my pocket, now what?
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-866
-
Sounil Yu joins us to kick things off with AI defenses: Enterprise AI search tools like Copilot for Microsoft 365 lack the in-depth access controls required to ensure that query responses align with the user’s need-to-know boundaries. Without proper controls, these tools accelerate the discovery of improperly secured sensitive files within the organization. Knostic’s solution ensures that enterprise data is safeguarded without slowing down innovation. By automating the detection and remediation of LLM data exposure, Knostic helps organizations mitigate the security, privacy, and compliance risks associated with AI chatbots and enterprise search tools.
In the security news: The controversial pick for National Cyber Director, the not-so-controversial pick to lead CISA, complete with funding cuts, the controversial ESP32 backdoor that is not a backdoor but hidden features, Dark Storm takes down X, interesting use cases for LoRa, using AI to get your dream job, details on the biggest crypto heist in history, an EDR bypass and a 404 error, slipping through the cracks in CVSS, old school vulnerability disclosure in 2025, Rayhunter, a pen test that should not have been, JTAG and your Flipper Zero, a Linux webcam was used for what now?, and "Spatial-Domain Wireless Jamming with Reconfigurable Intelligent Surfaces"!
Segment Resources: * https://www.knostic.ai/blog/enterprise-ai-search-tools-addressing-the-risk-of-data-leakage * https://www.knostic.ai/what-we-do
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-865
-
Hacking your mattress, Taylor Swift all the time, DNS sinkholes, throwing parties at rental properties, detect jamming, it took 18 years to hack, airtag hacks, undetectable weapons, RIP Skype, Cellebrite targets, upgrade ALL the things, Kali, Raspberry PIs, and M.2 hats, pirating music through a supply chain attack, Cisco small business and why you shouldn't use it, stop hacking Russia, Badbox is back, but it likely never left, and AI still Hallucinates!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-864
-
Apple, the UK, and data protection, you can get pwned really fast, Australia says no Kaspersky for you!, the default password is on the Internet, topological qubits, dangerous AI tools, old software is not just old but vulnerable too, tearing down Sonic Walls, CWE is good but could be great, updating your pi-hole, should you watch "Zero Day"? my non-spoiler review will tell you, no more DBX hellow SBAT!, and I love it when chat logs of secret not-so-secret ransomware groups are leaked!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-863
-
Our thoughts on Zero Trust World, and just a little bit of news. Of course we covered some firmware and UEFI without Paul!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-862
- Показать больше
