Application security, Incident response, Threat intelligence, Vulnerability management

Ripple20: Finding Vulnerable Devices & Detecting Attacks – Jeff Costlow – BSW #184

August 17, 2020

Jeff Costlow, Deputy CISO at ExtraHop, will discuss the challenges of detecting and patching Ripple20. Ripple 20 is a series of zero-day vulnerabilities in a widely used low-level TCP/IP software library developed by Treck, Inc. There are two primary attack vectors: Internet Protocol and Domain Name Services. Jeff will discuss ExtraHop's approach to detecting these devices and provide a quick demo of the solution.

This segment is sponsored by ExtraHop Networks.

Visit https://securityweekly.com/ to learn more about them!

Announcements

Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Guest

Jeff Costlow

Deputy CISO at Extrahop

Jeff is a security technologist and leader with over 20 years of deep experience securing information and technology assets as well as years of successful engineering leadership, delivering secure product deployments to thousands of customers. Jeff leads the ExtraHop team towards groundbreaking security and privacy services.

Hosts

Matt Alderman

VP, Product at Living Security

Jason Albuquerque

Chief Operating Officer at Envision Technologies

Paul Asadoorian

Founder at Security Weekly

0offset

https://securityweekly.com

Application security

OpenAI Info Leak, BitCoin ATM Hack, GitHub RSA SSH Key, Measuring AI Security – ASW #234

March 27, 2023

Ferrari refuses ransomware, OpenAI deals with security issues from cacheing, video killed a crypto ATM, GitHub rotates their RSA SSH key, bypassing CloudTrail, terms and techniques for measuring AI security and safety

Application security

Real-life Examples. Benefits, Risk & Security Implications of AI – Frank Catucci – ASW #234

March 27, 2023

With the increased interest and use of AI such as GTP 3/4, ChatGPT, GitHub Copilot, and internal modeling, there comes an array of use cases and examples for increased efficiency, but also inherent security risks that organizations should consider. In this talk, Invicti’s CTO & Head of Security Research Frank Catucci discusses potential use cas...

DevOps

PassTheHash from Outlook, RCE in Modem Chipset, OpenSSH Sandboxes, Curl’s Anniversary – ASW #233

March 20, 2023

Outlook can leak NTLM hashes, potential RCE in a chipset for Wi-Fi calling in phones (and autos!?), the design of OpenSSH's sandboxes, more on the direction of OWASP, celebrating 25 years of Curl.