This week:

• Minecraft on your lightbulb
• Sonicwall breached, who's next?
• Ditch Android, install Linux
• Hacking your face
• Thermostat freedom
• Pen test fails
• HackRF hacking times 2
• Going around EDR
• Hackers in your printer
• Chinese data breach
• NFC relays and PCI
• Constructive construction hacks
• FlipperZero firmware update
• ICS, PLCs, and attacks
• Bayesian Swiss Cheese, taste good?
• Do you want to hack back?
• Keeping secrets
• Enforcing CMMC
• OWASP top ten gets a make over
• Android Spyware makes a LANDFALL
• Gemini's deep research into your documents
• Slopguard
• and AI datacenters in space!

Show Notes: https://securityweekly.com/psw-900

This week:

• Reversing keyboard firmware
• Ghost networks
• Invasion of the face changers
• Ghost tapping and whole lot of FUD
• AI doesn't code securely, but Aardvark can secure code
• De-Googling Thermostats
• Dodgy Android TV boxes can run Debian
• HackRF vs. Honda
• Cyberslop AI paper
• Turning to the darkside
• Poisoning the watering hole
• Nagios vulnerabilities
• VPNs are a target

Show Notes: https://securityweekly.com/psw-899

In the security news this week:

• Cybersecurity is dead, and AI killed it
• Exploiting the patching system
• Apple makes it easier for spyware
• Who is patching Cisco ASA?
• Shove that DMCA somewhere
• HTTPS - a requirement
• Russia wants to own all the exploits
• Abandonware challenges
• Reversing at its hardest with Lua
• Hacking team is back, and leetspeak malware
• When you forget to authenticate your API
• Jamming with cool tech
• GoSpoof
• and After 35 Years, a Solution to the CIA's Kryptos Puzzle Has Been Found!

Show Notes: https://securityweekly.com/psw-898

In the security news:

• When in doubt, blame DNS, you're almost always correct
• How to Make Windows 11 great, or at least suck less
• CSRF is the least of your problems
• Shady exploits
• Linux security table stakes (not steaks)
• The pill camera
• Give AI access to your UART
• Security products that actually try to be secure?
• Firmware vulnerabilities, lots of them
• Teams is spying on you
• More details on PolarEdge
• VSCode, marketplaces, and developers at risk
• Cisco SNMP flaw used to deploy malware
• The 90's called, they want their exploits back

This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!

Show Notes: https://securityweekly.com/psw-897

First up is a technical segment on UEFI shells: determining if they contain dangerous functionality that allows attackers to bypass Secure Boot.

Then in the security news:

• Your vulnerability scanner is your weakest link
• Scams that almost got me
• The state of EDR is not good
• You don't need to do that on a phone or Raspberry PI
• Hash cracking and exploits
• Revisiting LG WebOS
• Hardening Docker images
• Hacking Moxa NPort
• Shoddy academic research
• The original sin of computing
• Bodycam hacking
• A new OS for ESP32
• The AI bubble is going to burt
• Mobile VPNs are not always secure

Show Notes: https://securityweekly.com/psw-896

This week we kick things off with a special interview: Kieran Human from Threat Locker talks about EDR bypasses and other special projects. In the security news:

• Hacking TVs
• Flushable wipes are not the only problem
• People just want to spy on their pets, except the devices can be hacked
• Linux EDR is for the birds
• What does my hat say
• we love exploits and hashes
• ESP32s in your router
• RF signal generator on a PI Zero
• Mic-E-Mouse and other things that will probably never happen, until they do
• Hacking with money
• Uninitialized variables and other things the compiler should catch
• Breaking out of the shell
• Hacking with sound, for real, not just another side channel attack
• Bring back 2G
• When the game engine gets hacked
• Oracle 0-days

This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!

Show Notes: https://securityweekly.com/psw-895

In addition to some fun news, we get a Mary Ann Davidson as a surprise guest. We even get a great quote from her of "You're never going to have enough cybersecurity people to defend what was never built to be defensible.".

Show Notes: https://securityweekly.com/psw-894

Broadcom, LastPass, Brickstone, SEO Poisoning, QR codes, H1B visas, Distributed Computing, and More...

Show Notes: https://securityweekly.com/psw-893

This week's technical segment is all about the T-Lora Pager from Lilygo, and really cool Meshtastic device that can also be used for some hacking tasks! In the security news:

• Your safe is not safe
• Cisco ASA devices are under attack
• VMScape
• HybridPetya and UEFI attacks in the wild
• Eveything is a Linux terminal
• Hackers turns 30
• Hosting websites on disposable vapes
• NPM worms and token stealing
• Attackers make mistakes too
• AI podcasts

Show Notes: https://securityweekly.com/psw-892

This week:

• Americans Can't Hack It
• Copy and paste to get malware
• Pixel 5 web servers - because you can
• How they got in and why security is hard
• Vulnerability management is failing - is it dead yet?
• Exploiting hacker tools
• Bluetooth spending spree!
• How to defend your car
• IoT security solutions and other such lies
• Exploiting IBM i (formerly AS/400)
• Vibe coding vulnerabilities
• Plex is hacked again
• Bill's emoji
• ICE spies on phones
• Hackers be hackin' FreePBX

Show Notes: https://securityweekly.com/psw-891