Security Weekly Podcast Network (Audio) Folgen

Pull requests are a core part of collaboration, whether in open or closed source. GitHub has documented some of the security consequences of misconfiguring how PRs can trigger actions. But what happens when repo owners don't read the docs? Bar Kaduri and Roi Nisimi walk through their experience in reading docs, finding vulns, demonstrating exploits, and working with repo owners to improve their security. Their work highlights the challenges in maintaining good security guidance, figuring out secure defaults, and how so many orgs still struggle with triaging external security reports -- something that's becoming even more challenging when orgs are being flooded with low-quality reports from LLMs. Segment Resources: https://orca.security/resources/blog/pull-request-nightmare-github-actions-rce/ https://orca.security/resources/blog/pull-request-nightmare-part-2-exploits/ Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-355

Segment 1: Interview with Joel Burleson-Davis Frontline workers can’t afford to be slowed down by manual, repetitive logins, especially in mission-critical industries where both security and productivity are crucial. This segment will explore how inefficient login methods erode productivity, while workarounds like shared credentials increase risk, highlighting why passwordless authentication is emerging as a game-changer for frontline access to shared devices. Joel Burleson-Davis, Chief Technology Officer of Imprivata, will share how organizations can adopt frictionless and secure access management to improve both security and frontline efficiency at scale. Segment Resources: Putting Complex Passwords to Work For You This segment is sponsored by Imprivata. Visit https://securityweekly.com/imprivata to learn more about them! Topic Segment: The Economics of AI Agents Vendors are finding, after integrating agents into their processes, that agentic AI can get expensive very quickly. Of course, this isn't surprising when your goal is "review all my third party contracts and fill out questionnaires for me" and the pricing is X DOLLARS for 1M TOKENS blah blah context window, max model thinking model blah blah. No one knows what the conversion is from "review my contracts" to millions of tokens, so everyone is left to just test it out and see what the bill is at the end of the month. As we saw with Cloud when adoption started increasing in the early 2010s, we are naturally entering the era of AI cost optimization. In this segment, we'll discuss what that means, how it affects the market, and how it affects the use of AI in cybersecurity. Jackie mentions this story from Wired in the segment: https://www.wired.com/story/ai-bubble-will-burst/ News Segment Finally, in the enterprise security news, we’ve got funding and acquisitions 7 red flags you’re doing cloud wrong security standards for open source projects post mortems of attacks on open source supply chain some analysis on current and historic AWS outages a deep dive some dumpster fires and how much would you pay for a robot that puts away the dishes? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-431

AI Cheating?, O, Canada, npms, passkeys, Exchange, Solaris, the amazing Rob Allen of Threatlocker, and More on this edition of the Security Weekly News. Segment Resources: Ingram Micro Working Through Ransomware Attack by SafePay Group | MSSP Alert: https://www.msspalert.com/news/ingram-micro-working-through-ransomware-attack-by-safepay-group This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-525