Podcasts about insecure deserialization

In this informative Podcast, we dive into the concept of insecure deserialization, shedding light on its meaning, risks, and effective mitigation strategies. Insecure deserialization refers to handling untrusted data during deserialization, which can lead to various security vulnerabilities. Whether you are a developer, security professional, or simply curious about cybersecurity, understanding and addressing insecure deserialization is crucial to safeguarding your applications. #insecuredeserialization #deserializationvulnerabilities #mitigationstrategies #applicationsecurity #cybersecurity #remotecodeexecution #dataintegrity #dosattacks #securecoding

CISA, FBI, and the Multi-State Information Sharing and Analysis Center are releasing this joint Cybersecurity Advisory to provide IT infrastructure defenders with TTPs, IOCs, and methods to detect and protect against recent exploitation against Microsoft Internet Information Services web servers. AA23-074A Alert, Technical Details, and Mitigations AA23-074A STIX XML MAR-10413062-1.v1 Telerik Vulnerability in U.S. Government IIS Server Telerik: Exploiting .NET JavaScriptSerializer Deserialization (CVE-2019-18935) ACSC Advisory 2020-004 Bishop Fox CVE-2019-18935: Remote Code Execution via Insecure Deserialization in Telerik UI Volexity Threat Research: XE Group GitHub: Proof-of-Concept Exploit for CVE-2019-18935 Microsoft: Configure Logging in IIS GitHub: CVE-2019-18935 No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center's DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov  To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office.

CISA, FBI, and the Multi-State Information Sharing and Analysis Center are releasing this joint Cybersecurity Advisory to provide IT infrastructure defenders with TTPs, IOCs, and methods to detect and protect against recent exploitation against Microsoft Internet Information Services web servers. AA23-074A Alert, Technical Details, and Mitigations AA23-074A STIX XML MAR-10413062-1.v1 Telerik Vulnerability in U.S. Government IIS Server Telerik: Exploiting .NET JavaScriptSerializer Deserialization (CVE-2019-18935) ACSC Advisory 2020-004 Bishop Fox CVE-2019-18935: Remote Code Execution via Insecure Deserialization in Telerik UI Volexity Threat Research: XE Group GitHub: Proof-of-Concept Exploit for CVE-2019-18935 Microsoft: Configure Logging in IIS GitHub: CVE-2019-18935 No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center's DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov  To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office.

The open web application security project is a recognized entity that helps developers identify critical security vulnerabilities to build secure web applications. In this video I will go through the 10 vulnerabilities and explain each one and give examples and anecdotes from real life examples. 0:00 Building Secure Backends 2:30 Injection 4:50 Broken Authentication 6:43 Sensitive Data Exposure 11:00 XML External Entities (XXE) 13:45 Broken Access Control 17:00 Security Misconfiguration 19:00 XSS 22:45 Insecure Deserialization. 24:48 Using Components with Known Vulnerabilities. 26:00 Insufficient Logging & Monitoring. Resources https://owasp.org/www-project-top-ten/ Cards 2:50 SQL Injection https://www.youtube.com/watch?v=Azo9tDUtC9s 4:20 Best practices building REST https://www.youtube.com/watch?v=6zHWU7zBep0&list=PLQnljOFTspQUybacGRk1b_p13dgI-SmcZ&index=4 8:30 TLS playlist youtube.com/playlist?list=PLQnljOFTspQW4yHuqp_Opv853-G_wAiH- 15:00 HTTP Smuggling https://www.youtube.com/watch?v=PFllH0QccCs 19:22 XSS https://www.youtube.com/watch?v=pD6C1-zSxIM 25:10 OpenSSL Crash https://youtu.be/aDPQ0_MyRnc --- Send in a voice message: https://anchor.fm/hnasr/message

Sponsor by SEC Playground แบบสอบถามเพื่อปรับปรุง Chill Chill Security Channel: https://forms.gle/e5K396JAox2rZFp19 Music by https://www.bensound.com/ --- Support this podcast: https://anchor.fm/chillchillsecurity/support

Sponsor by SEC Playground แบบสอบถามเพื่อปรับปรุง Chill Chill Security Channel: https://forms.gle/e5K396JAox2rZFp19 Music by https://www.bensound.com/ --- Support this podcast: https://anchor.fm/chillchillsecurity/support

Sponsor by SEC Playground Music by https://www.bensound.com/ --- Support this podcast: https://anchor.fm/chillchillsecurity/support

Sponsor by SEC Playground Music by https://www.bensound.com/ --- Support this podcast: https://anchor.fm/chillchillsecurity/support

This week, we welcome Jeremy Miller, CEO of the SecOps Cyber Institute, and Philip Niedermair, CEO of the National Cyber Group, to talk about Fighting the Cyber War with Battlefield Tactics! In our second segment, we talk Security News, discussing How to encrypt AWS RDS MySQL replica set with zero downtime and zero data loss, how Cybercriminals are using Google reCAPTCHA to hide their phishing, the NSA shares a list of vulnerabilities commonly exploited to plant web shells, Using Pythons pickling to explain Insecure Deserialization, and how Half a Million Zoom Accounts were Compromised by Credential Stuffing and Sold on the Dark Web! In our final segment, the crew talks accomplishing asset management, vulnerability management, prioritization of remediation, with a Deep Dive demonstration of the Qualys VMDR end-to-end solution!   Show Notes: https://wiki.securityweekly.com/PSWEpisode649 To learn more about Qualys and VMDR, please visit: https://securityweekly.com/qualys Link to the Cyberspace Solarium Commission (CSC): https://www.solarium.gov/   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

In the Security News, Half a Million Zoom Accounts Compromised by Credential Stuffing, Sold on Dark Web, Scammers pounce as stimulus checks start flowing, NSA shares list of vulnerabilities commonly exploited to plant web shells, Using Pythons pickling to explain Insecure Deserialization, How to encrypt AWS RDS MySQL replica set with zero downtime and zero data loss, 9 Skills That Separate Beginners From Intermediate Python Programmers, Hackers are exploiting a Sophos firewall zero-day, and more!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode649

In the Security News, Half a Million Zoom Accounts Compromised by Credential Stuffing, Sold on Dark Web, Scammers pounce as stimulus checks start flowing, NSA shares list of vulnerabilities commonly exploited to plant web shells, Using Pythons pickling to explain Insecure Deserialization, How to encrypt AWS RDS MySQL replica set with zero downtime and zero data loss, 9 Skills That Separate Beginners From Intermediate Python Programmers, Hackers are exploiting a Sophos firewall zero-day, and more!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode649

This week, we welcome Jeremy Miller, CEO of the SecOps Cyber Institute, and Philip Niedermair, CEO of the National Cyber Group, to talk about Fighting the Cyber War with Battlefield Tactics! In our second segment, we talk Security News, discussing How to encrypt AWS RDS MySQL replica set with zero downtime and zero data loss, how Cybercriminals are using Google reCAPTCHA to hide their phishing, the NSA shares a list of vulnerabilities commonly exploited to plant web shells, Using Pythons pickling to explain Insecure Deserialization, and how Half a Million Zoom Accounts were Compromised by Credential Stuffing and Sold on the Dark Web! In our final segment, the crew talks accomplishing asset management, vulnerability management, prioritization of remediation, with a Deep Dive demonstration of the Qualys VMDR end-to-end solution!   Show Notes: https://wiki.securityweekly.com/PSWEpisode649 To learn more about Qualys and VMDR, please visit: https://securityweekly.com/qualys Link to the Cyberspace Solarium Commission (CSC): https://www.solarium.gov/   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Aleksei Tiurin, Senior Security Researcher at Acunteix for a Technical Segment on Insecure Deserialization in Java/JVM! In our second Technical Segment, we welcome Matt Toussain, Security Analyst at Black Hills Information Security to talk about RAS! In the security news, Bleedingbit Vulnerabilities, Cisco Zero-Day exploited in the wild, Researchers find Flaws in chips used in hospitals, US Governments network infected with Russian Malware, and the Weird Trick that turns your Google Home Hub into a Doorstep!   Full Show Notes: https://wiki.securityweekly.com/Episode581 Visit https://www.securityweekly.com/psw for all the latest episodes!   →Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!! →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Aleksei Tiurin, Senior Security Researcher at Acunteix for a Technical Segment on Insecure Deserialization in Java/JVM! In our second Technical Segment, we welcome Matt Toussain, Security Analyst at Black Hills Information Security to talk about RAS! In the security news, Bleedingbit Vulnerabilities, Cisco Zero-Day exploited in the wild, Researchers find Flaws in chips used in hospitals, US Governments network infected with Russian Malware, and the Weird Trick that turns your Google Home Hub into a Doorstep!   Full Show Notes: https://wiki.securityweekly.com/Episode581 Visit https://www.securityweekly.com/psw for all the latest episodes!   →Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!! →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly

Bill Sempf joins to talk insecure deserialization. We do a deep dive and contextual review of the generalities of deserialization, and the specifics of how it applies to “.NET”. Bill gets into his journey to understand these types of vulnerabilities and provides some hints and tips for how you can look for them in your [...] The post Insecure Deserialization (S03E03) – Application Security PodCast appeared first on Security Journey Podcasts.