Nathan comes on the show to discuss LLMs, such as ChatGPT, the issues we face today and in the future. Learn about prompt injection attacks, jailbreaking, LLMs for threat actors, and more! In the Security News: LVFS is not a backdoor, attackers are in physical proximity, when you need to re-cast risk, oh Fortinet, pre-installed backdoors again, deep down the rabbit hole, the buffer overflow is in your BIOS!, what is 345gs5662d34?, a cone is all you need, we are compliant because we said so but we lied, 10 years of updates, Microsoft looks at ncurses and finds bad things, they also lost 38TB of data (Microsoft that is), when MFA isn’t really MFA, China and Russia are cyber attacking things, and MGM and Caesars are in hot water, All that and more on this episode of Paul’s Security Weekly! Visit https://www.securityweekly.com/psw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/psw-799

Ryan has his finger on the pulse of ransomware and response. We discuss how the initial infections are occurring, how they've changed over time, and where they are going in the future! Segment Resources: For folks to see my recent presentations: for528.com/playlist For folks to see the recordings of our recent Ransomware Summit: https://for528.com/summit23 For folks to watch my recent (free) ransomware workshop: https://for528.com/workshop23  Materials: https://for528.com/workshop Lots in the Security News this week. Stay tuned! Visit https://www.securityweekly.com/psw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/psw Show Notes: https://securityweekly.com/psw-798

Check out this interview from the PSW Vault, hand picked by main host Paul Asadoorian! This segment was originally published on February 4, 2013. Dr. Spafford is one of the senior, most recognized leaders in the field of computing. He has an on-going record of accomplishment as a senior advisor and consultant on issues of security and intelligence, education, cybercrime and computing policy to a number of major companies, law enforcement organizations, academic and government agencies... [With] over three decades of experience as a researcher and instructor, Professor Spafford has worked in software engineering, reliable distributed computing, host and network security, digital forensics, computing policy, and computing curriculum design. Dr. Spafford is a professor with an appointment in Computer Science at Purdue University, where he has been a member of the faculty since 1987. Spaf's new book, Cybersecurity Myths and Misperceptions, is available at https://informit.com/cybermyths  Visit https://www.securityweekly.com/psw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly  Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/vault-psw-4 

Amanda joins us to discuss aspects of incident response, including how to get the right data to support findings related to an incident, SMB challenges, cloud event logging, and more! Amanda works for Blumira and is the co-author of "Defensive Security Handbook: Best Practices for Securing Infrastructure." In the Security News: How not to send all your browser data to Google, apparently Microsoft needs pressure to apply certain fixes, the mutli-hundred-billion-dollar-a-year industry that tries to secure everything above the firmware, security through obscrurity doesn’t work, should you hire cybersecurity consultants, pen testing is key for compliance, defense contractor leaks, inside a McFlurry machine, Barracuda is still chasing hackers, why Linux is more secure than windows, more details on WinRar and middle-out compression, a Wifi worm?, CVE-2020-19909 is almost everything that is wrong with CVE, Tacos, and hacking through a Fire stick! All that and more on this episode of Paul’s Security Weekly!  Visit https://www.securityweekly.com/psw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/psw-797

Jared has a long, and outstanding, history in cybersecurity. Today, he works for Microsoft helping them run and respond to bug bounty reports. The scale is massive and I think we can all learn a thing or two about vulnerability management and bug bounties! Segment Resources: https://www.microsoft.com/en-us/msrc/bounty?rtc=1 https://www.microsoft.com/en-us/msrc https://msrc.microsoft.com/report/vulnerability/new https://www.microsoft.com/en-us/msrc/bounty https://msrc.microsoft.com/blog/ https://jobs.careers.microsoft.com/global/en/search?q=msrc&l=en_us&pg=1&pgSz=20&o=Relevance&flt=true https://www.microsoft.com/bluehat/  In the Security News: Lora projects are popular, simple checksums are not enough, WinRAR: shareware or native OS?, ATM software is vulnerable, attackers could learn from security researchers (but lets hope they don’t), NoFilter and behavior by design, Apple vs. A security researcher: there are no winners, sneaky npm packages, faster Nmap scans, kali on more phones, more LOl drivers, comparing security benchmarks to the real world, tunnelcrack and why VPNs are over-hyped, Ubuntu has lost its mind, and there’s a Python in the sheets! All that and more on this episode of Paul’s Security Weekly! Visit https://www.securityweekly.com/psw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly  Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/psw-796