Podcasts about spring4shell

Grab a cup of coffee and join Ryan Kovar, Audra Streetman, and Mick Baccio for another episode of Coffee Talk with SURGe. You can watch the episode livestream here.    This week the team discussed the takedown of Hydra, the U.S. State Department's new Bureau of Cyberspace and Digital Policy, and a coordinated phishing campaign aimed at targeting U.S. election officials in the lead up to the 2022 midterm elections. Mick and Ryan both competed in a 60 second charity challenge to explain the current situation regarding the Spring4Shell vulnerability. They also discussed the recent arrest of teenagers in connection with the Lapsus$ criminal hacking group and the importance of ethics in cybersecurity.

In cybersecurity, there isn't an ethical dilemma for bad actors, but there is for good ones making and improving open source code that bad actors can use too. Marcus Sailler schools Doc Searls and Katherine Druckman about that dilemma, and how he deals with it as Head of Offensive Security in the private sector after a long military career. Hosts: Doc Searls and Katherine Druckman Guest: Marcus Sailler Download or subscribe to this show at https://twit.tv/shows/floss-weekly Think your open source project should be on FLOSS Weekly? Email floss@twit.tv. Thanks to Lullabot's Jeff Robbins, web designer and musician, for our theme music. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: bitwarden.com/twit kolide.com/floss

In cybersecurity, there isn't an ethical dilemma for bad actors, but there is for good ones making and improving open source code that bad actors can use too. Marcus Sailler schools Doc Searls and Katherine Druckman about that dilemma, and how he deals with it as Head of Offensive Security in the private sector after a long military career. Hosts: Doc Searls and Katherine Druckman Guest: Marcus Sailler Download or subscribe to this show at https://twit.tv/shows/floss-weekly Think your open source project should be on FLOSS Weekly? Email floss@twit.tv. Thanks to Lullabot's Jeff Robbins, web designer and musician, for our theme music. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: bitwarden.com/twit kolide.com/floss

In cybersecurity, there isn't an ethical dilemma for bad actors, but there is for good ones making and improving open source code that bad actors can use too. Marcus Sailler schools Doc Searls and Katherine Druckman about that dilemma, and how he deals with it as Head of Offensive Security in the private sector after a long military career. Hosts: Doc Searls and Katherine Druckman Guest: Marcus Sailler Download or subscribe to this show at https://twit.tv/shows/floss-weekly Think your open source project should be on FLOSS Weekly? Email floss@twit.tv. Thanks to Lullabot's Jeff Robbins, web designer and musician, for our theme music. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: bitwarden.com/twit kolide.com/floss

In cybersecurity, there isn't an ethical dilemma for bad actors, but there is for good ones making and improving open source code that bad actors can use too. Marcus Sailler schools Doc Searls and Katherine Druckman about that dilemma, and how he deals with it as Head of Offensive Security in the private sector after a long military career. Hosts: Doc Searls and Katherine Druckman Guest: Marcus Sailler Download or subscribe to this show at https://twit.tv/shows/floss-weekly Think your open source project should be on FLOSS Weekly? Email floss@twit.tv. Thanks to Lullabot's Jeff Robbins, web designer and musician, for our theme music. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: bitwarden.com/twit kolide.com/floss

In today's podcast we cover four crucial cyber and technology topics, including: 1.Researchers find new group abusing Atlassian, other flaws to mine crypto 2.Cisco fixes flaw in routers that could allow disruption if abused 3.German Chamber of Commerce hit with cyber attack 4.Taiwan experiences DDoS attacks during Pelosi visit I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

Edward Wu, senior principal data scientist at ExtraHop, joins Dave to discuss the company's research, "A Technical Analysis of How Spring4Shell Works." ExtraHop first noticed chatter from social media in March of 2022 on a new remote code execution (RCE) vulnerability and immediately started tracking the issue. In the research, it describes how the exploit works and breaks down how the ExtraHop team came to identify the Spring4Shell vulnerability. The research describes the severity of the vulnerability, saying, "The impact of an RCE in this framework could have a serious impact similar to Log4Shell." The research can be found here: How the Spring4Shell Zero-Day Vulnerability Works

Edward Wu, senior principal data scientist at ExtraHop, joins Dave to discuss the company's research, "A Technical Analysis of How Spring4Shell Works." ExtraHop first noticed chatter from social media in March of 2022 on a new remote code execution (RCE) vulnerability and immediately started tracking the issue. In the research, it describes how the exploit works and breaks down how the ExtraHop team came to identify the Spring4Shell vulnerability. The research describes the severity of the vulnerability, saying, "The impact of an RCE in this framework could have a serious impact similar to Log4Shell." The research can be found here: How the Spring4Shell Zero-Day Vulnerability Works

Danno, Kito, Ian and Josh talk with fellow Java Champion and industry veteran Matt Raible about the good ol' days of his blog Raible Designs, Java web frameworks, and AppFuse, as well as JHipster, Spring4Shell, Okta, Capacitor, KubeSeal, MicroFrontends, and more.  We Thank DataDog for sponsoring this podcast! https://www.pubhouse.net/datadog *UI / Web* Webpack Module Federation https://webpack.js.org/concepts/module-federation/ *Server Side Java* Spring4Shell  https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement https://tanzu.vmware.com/security/cve-2022-22965 GlassFish 7 Milestone 3 Released https://github.com/eclipse-ee4j/glassfish/releases/tag/7.0.0-M3 Jakarta EE Starter https://start.jakarta.ee/ *IDEs and Tools* NetBeans 13 Is Released https://netbeans.apache.org/download/nb13/ Snyk.io https://snyk.io/ *Security* KubeSeal https://github.com/bitnami-labs/sealed-secrets Sealed Secrets https://fluxcd.io/docs/guides/sealed-secrets/   *Topics* Twitter war between JS and Java https://twitter.com/JavaScript/status/1510000324366389252 https://twitter.com/JavaScript/status/1509540700983078919 JHipster https://www.jhipster.tech/ Java 18 Released  https://www.infoworld.com/article/3630510/jdk-18-the-new-features-in-java-18.html *Matt's History in the Community* Raible Designs https://raibledesigns.com/ Raible Designs | JSF still sucks? https://raibledesigns.com/rd/entry/jsf_still_sucks AppFuse is a full-stack framework for building web applications on the JVM. Open source since 2003. https://github.com/appfuse/appfuse The JHipster Mini-Book 5.0 https://www.infoq.com/minibooks/jhipster-mini-book-5 Sign In Widget in Capacitor  https://github.com/capacitor-community/http/issues/45#issuecomment-786586655 *Other* The Flix Programming Language https://flix.dev/ *Picks* Stand Stand https://search.brave.com/search?q=stand+stand&source=desktop Dark Reader  https://darkreader.org/ Safari + Plex + Picture In Picture!  https://www.plex.tv/ ByteCode view in IntelliJ IDEA  https://intellij-support.jetbrains.com/hc/en-us/community/posts/360000140004-How-can-I-open-bytecode-viewer- The Drop Out  https://www.hulu.com/series/the-dropout-13988f84-f1c8-40dd-a73c-4e71ab4bbe63 *Other Pubhouse Network podcasts* Breaking into Open Source https://www.pubhouse.net/breaking-into-open-source OffHeap https://www.javaoffheap.com/ Java Pubhouse https://www.javapubhouse.com/ *Events* JAVA ONE IS BACK https://blogs.oracle.com/javamagazine/post/javaone-2022 Jakarta Tech Days (all year) https://jakarta.ee/community/events/ DevNexus 2022 - April 11-13, 2022 - Atlanta, GA, USA https://devnexus.com/ Devoxx France - April 20-22, Paris France https://www.devoxx.fr/ JFokus - May 2-4,2022 - Stockholm, Sweden  https://www.jfokus.se/ Software Design and Development -  May 16-20, 2022 - London, UK https://sddconf.com/ EuroStar Conference June 7-10, 2022 - Copenhagen, Denmark Agile2022 - July 18-20, 2022 - Nashville, TX , USA https://www.agilealliance.org/agile2022/ NFJS - USA https://nofluffjuststuff.com/ Northern Virginia Software Symposium April 22 - 23, 2022 https://nofluffjuststuff.com/reston Central Ohio Software Symposium Apr 29 - May 1, 2022 https://nofluffjuststuff.com/columbus Central Iowa Software Symposium May 13 - 14, 2022 https://nofluffjuststuff.com/desmoines ArchConf Central June 6 - 9, 2022 https://archconf.com/ Great Lakes Software Symposium June 10 - 12, 2022 https://nofluffjuststuff.com/chicago ÜberConf July 12 - 15, 2022 https://uberconf.com/      

Danno, Kito, Ian and Josh talk with fellow Java Champion and industry veteran Matt Raible about the good ol' days of his blog Raible Designs, Java web frameworks, and AppFuse, as well as JHipster, Spring4Shell, Okta, Capacitor, KubeSeal,...

In this episode, we talk with Jacob Ansari, a Security Advocate at Schellman, where he leads the firm's security best practices advocacy. He develops and leads educational efforts on security practices, emerging threats, and security industry developments for both internal and external audiences. Jacob shares his experiences as a CISO and assessor as we talk with Jacob about topics such as: What is a Security Advocate? What it means to promote good security practices High-profile vulnerabilities such as Spring4Shell and Log4J Threats and concerns around cyber regarding the Russia/Ukraine conflict Jacob also shares his thoughts on what's most critical for companies building applications in the cloud as well as interesting updates around the area of compliance.The Security on Cloud podcast is brought to you by Anitian, the leading cloud security and compliance automation provider delivering the fastest path to security and compliance in the cloud.

Richard Ford, Chief Technology Officer at Praetorian joins Tech Transforms to talk about the cyber security threat landscape. Red team versus Blue team is a common and effective threat protection practice, but what could cyber security experts gain from team Purple? Listen in as Carolyn and Mark learn about the importance of managing your attack surface, implementing multi-factor authentication, and protecting against cyber phishing attacks. Episode Table of Contents[00:30] Our Biggest Cybersecurity Threat in the Last Quarter [07:39] Which Is Easier: Defense or Offense [16:40] Why Do We Need Single Sign-on [24:54] The Team Purple Idea Episode Links and Resources Our Biggest Cybersecurity Threat in the Last QuarterCarolyn: So today our guest is actually an old friend, https://www.linkedin.com/in/dr-ford/ (Richard Ford), who is https://www.praetorian.com/ (Chief Technology Officer at Praetorian). For over 25 years, Richard has been able to design and implement NextGen product strategies and provide customers with the best threat detection available. Today, we're going to talk to Richard about the cyber threat landscape and what a good defense looks like. Richard: Hi, it's nice to be back on a call with you Carolyn, and Mark, it's good to see you. Carolyn: Yes, really good to have you today. So let's just jump right in. I want to know what your view is, what are our biggest cybersecurity threats? What does the cyber security threat landscape look like and how do we defend ourselves from it? So there's like three-part question there. Richard: So, we're starting with an easy question. I think the threat landscape is incredibly messy and I think that the most important part to think about is change. So if you think about just the last quarter or two that we've gone through you had, like log4shell someone we're all running around looking for log4j vulnerabilities. Then it's Spring4Shell, which wasn't as serious, but was still pretty nasty if you were impacted. The problem, we have this tremendous rate of change so the thing that was important to you yesterday may not be the thing that's important to you today. It's unlikely to be the thing that's most important for you tomorrow. So when we think about the threat landscape, the first thing to say is, if I give you an answer, it's like looking at a single, still image from a movie and telling you've watched the movie, right?Cyber Security Threat LandscapeRichard: Then as soon as we go click, you know that threat landscape will change. With that said, I do think there are some common themes that keep coming back, right? So there's a threat we have around being desperately short of people. There's a threat around, we don't know what assets we have. Even if we did know what assets we have, we don't know what they're running. Then the business conditions are driving us forward so quickly that it's difficult to keep security on the front burner. It sometimes drops to the back burner so we don't think about security as much. Perhaps, as how do I meet these business objectives that we have. I think this has created this sort of very unpleasant, perfect storm that will keep us well on our toes. I don't know, for the next couple of decades, it feels like. Carolyn: So when you say that we're constantly moving forward, changing, at the same time, I mean, are we still dealing with like SolarWinds? So as we're having to look to the future, we're still dealing with all the shit that's happened even a year, two years ago. Is that true, or like, are we good? We took care of it? Richard: No, it's definitely correct right, so all vulnerabilities never really go away. So you have all those things sort of trailing behind you like the comet has a tail, and new stuff coming at you. I think to be a successful CISO or to operate the business successfully, what you need to be really good at is prioritization. So it's about dealing with what is the biggest risk for you right now. Cyber...

Triden Group's Security Squad #podcast is back and ready to talk about everything cybersecurity! This week the squad covers the latest on the #Spring4Shell #vulnerability and the findings of #CSA's latest #SaaS Security Report. Now on #YouTube, #Spotify, and #Applepodcasts. #TridenGroup #SecuritySquad #CyberSecurity

On this week's episode of IoT: The Internet of Threats podcast, host Eric Greenwald discusses recent news in product and supply-chain cybersecurity with Nick and Sam, the Vidovich brothers. He interviews Joshua Corman, former Chief Strategist at CISA COVID Task Force and Founder of I am The Cavalry.   News Roundup:   This week's Weekly News Roundup covers: Assessing the difference between Spring4Shell and Log4j vulnerabilities New draft, bipartisan legislation that would require SBOMs for medical devices   Interview with Josh Corman:   Josh has worked in security for many years. His background includes a lot of in-depth work in cyber and physical security for medical devices.   Josh is also widely known as the godfather of the Software Bill of Materials (SBOM).    All of this experience led to his recent work with the government as the Chief Strategist for the CISA COVID Task Force.   On the episode, Josh and Eric discuss the key functions of a product security team and the critical leadership role of the Chief Product Security Officer.   Josh and Eric also discuss: How a world increasingly dependent on digital infrastructure can be protected Trends and forces that have made product security roles increasingly important General principles for prioritizing and accurately interpreting the severity of threat reports Guidance for teams that lack sufficient resources How to buy down more risk with fewer resources Connect with Josh Corman: https://www.linkedin.com/in/joshcorman/   Learn more about I am The Cavalry at https://iamthecavalry.org/   Read up on the Health Care Industry Cybersecurity Task Force here: https://www.phe.gov/Preparedness/planning/CyberTF/Pages/default.aspx   Thank you for listening to this episode of IoT: The Internet of Threats podcast, powered by Finite State — the leading product security solution provider for connected devices and embedded systems.   If you enjoyed this episode, click subscribe to stay connected and leave a review to get the word out about the podcast. To learn more about building out a robust product security program, protecting your connected devices, and complying with emerging supply-chain cybersecurity regulations and technical standards, visit https://finitestate.io/.

This month we take a deep dive into the most recent Java related vulnerability, and ask what the situation was with this, how it got confused with another vulnerability, and how significant it is to the wider threat landscape - or was it just riding on the memory of Log4J?We also look at the April patches from Microsoft, and two lots of fixes from VMware.Spring4Shell FAQ: Spring Framework Remote Code Execution Vulnerability Microsoft's April 2022 Patch Tuesday Addresses 117 CVEsVMware vCenter Server Sensitive Information Disclosure Vulnerability VMware Patches Multiple Vulnerabilities in Workspace ONE, Identity and Lifecycle Manager and vRealize Threat Landscape Retrospective 2021 Download Follow along for more from Tenable Research:Subscribe to the blogFollow Tenable's Zero Day team on Medium

Picture of the Week. Could NGINX have a 0-day? Microsoft's new Autopatch system. Another instance of Russian Protest in JavaScript's repository. End-of-service life for some popular Windows editions. Miscellany. Closing The Loop. Spring4Shell. We invite you to read our show notes at https://www.grc.com/sn/SN-866-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow plextrac.com/twit ZipRecruiter.com/securitynow

Picture of the Week. Could NGINX have a 0-day? Microsoft's new Autopatch system. Another instance of Russian Protest in JavaScript's repository. End-of-service life for some popular Windows editions. Miscellany. Closing The Loop. Spring4Shell. We invite you to read our show notes at https://www.grc.com/sn/SN-866-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow plextrac.com/twit ZipRecruiter.com/securitynow

Picture of the Week. Could NGINX have a 0-day? Microsoft's new Autopatch system. Another instance of Russian Protest in JavaScript's repository. End-of-service life for some popular Windows editions. Miscellany. Closing The Loop. Spring4Shell. We invite you to read our show notes at https://www.grc.com/sn/SN-866-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow plextrac.com/twit ZipRecruiter.com/securitynow

Picture of the Week. Could NGINX have a 0-day? Microsoft's new Autopatch system. Another instance of Russian Protest in JavaScript's repository. End-of-service life for some popular Windows editions. Miscellany. Closing The Loop. Spring4Shell. We invite you to read our show notes at https://www.grc.com/sn/SN-866-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow plextrac.com/twit ZipRecruiter.com/securitynow

Picture of the Week. Could NGINX have a 0-day? Microsoft's new Autopatch system. Another instance of Russian Protest in JavaScript's repository. End-of-service life for some popular Windows editions. Miscellany. Closing The Loop. Spring4Shell. We invite you to read our show notes at https://www.grc.com/sn/SN-866-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow plextrac.com/twit ZipRecruiter.com/securitynow

Picture of the Week. Could NGINX have a 0-day? Microsoft's new Autopatch system. Another instance of Russian Protest in JavaScript's repository. End-of-service life for some popular Windows editions. Miscellany. Closing The Loop. Spring4Shell. We invite you to read our show notes at https://www.grc.com/sn/SN-866-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow plextrac.com/twit ZipRecruiter.com/securitynow

Picture of the Week. Could NGINX have a 0-day? Microsoft's new Autopatch system. Another instance of Russian Protest in JavaScript's repository. End-of-service life for some popular Windows editions. Miscellany. Closing The Loop. Spring4Shell. We invite you to read our show notes at https://www.grc.com/sn/SN-866-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow plextrac.com/twit ZipRecruiter.com/securitynow

Cloud Security News this week 12 April 2022 Brought to you this week by Teleport To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News

This episode features an interview with Kelly White, founder of RiskRecon, sharing the risk factors that have the highest correlation with successful ransomware attacks. Plus, RH-ISAC's intel team shares the work that was done to confirm the proof of concept of the Spring4Shell vulnerability. Thank you to Fortinet for their sponsorship of the RH-ISAC Podcast.   

Spring: It isn't just about Spring4Shell. https://isc.sans.edu/forums/diary/Spring+It+isnt+just+about+Spring4Shell+Spring+Cloud+Function+Vulnerabilities+are+being+probed+too/28538/ Microsoft Windows Autopatch https://techcommunity.microsoft.com/t5/windows-it-pro-blog/get-current-and-stay-current-with-windows-autopatch/ba-p/3271839 More npm protestware https://github.com/Yaffle/EventSource/commit/de137927e13d8afac153d2485152ccec48948a7a Raspberry Pi Update https://www.raspberrypi.com/news/raspberry-pi-bullseye-update-april-2022/

Spring: It isn't just about Spring4Shell. https://isc.sans.edu/forums/diary/Spring+It+isnt+just+about+Spring4Shell+Spring+Cloud+Function+Vulnerabilities+are+being+probed+too/28538/ Microsoft Windows Autopatch https://techcommunity.microsoft.com/t5/windows-it-pro-blog/get-current-and-stay-current-with-windows-autopatch/ba-p/3271839 More npm protestware https://github.com/Yaffle/EventSource/commit/de137927e13d8afac153d2485152ccec48948a7a Raspberry Pi Update https://www.raspberrypi.com/news/raspberry-pi-bullseye-update-april-2022/

This week, Dr. Doug talks: Sandworm, Protestware, FancyBear, Eyeball McSqueezy, Quantum, Spring4Shell, PacketStreamer, Bad Tax Software, and autonomous crime, all this and Russ Beauchemin on this edition of the Security Weekly News!   Show Notes: https://securityweekly.com/swn203 Visit https://www.securityweekly.com/swn for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Dr. Doug talks: Sandworm, Protestware, FancyBear, Eyeball McSqueezy, Quantum, Spring4Shell, PacketStreamer, Bad Tax Software, and autonomous crime, all this and Russ Beauchemin on this edition of the Security Weekly News!   Show Notes: https://securityweekly.com/swn203 Visit https://www.securityweekly.com/swn for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Dr. Doug talks: Sandworm, Protestware, FancyBear, Eyeball McSqueezy, Quantum, Spring4Shell, PacketStreamer, Bad Tax Software, and autonomous crime, all this and Russ Beauchemin on this edition of the Security Weekly News!   Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn203

[Referências do Episódio] - RCE no Nginx (Será?) - https://github.com/AgainstTheWest/NginxDay#readme e https://twitter.com/Gi7w0rm/status/1512789855197093891 - Sobre o uso do conti contra empresas rusas - https://www.bleepingcomputer.com/news/security/hackers-use-contis-leaked-ransomware-to-attack-russian-companies/ - Um bom panorama histórico sobre o vazamento do Conti - https://www.wired.com/story/conti-ransomware-russia/ - Meta infostealer - https://www.bleepingcomputer.com/news/security/new-meta-information-stealer-distributed-in-malspam-campaign/ - Exploits para a Spring4Shell em uso pela Mirai - https://www.trendmicro.com/en_us/research/22/d/cve-2022-22965-analyzing-the-exploitation-of-spring4shell-vulner.html - Uso do FORCEDENTRY contra membros da Comissão Européia - https://www.reuters.com/technology/exclusive-senior-eu-officials-were-targeted-with-israeli-spyware-sources-2022-04-11/ [Ficha técnica] Roteiro e apresentação: Carlos Cabral Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia Projeto gráfico: Julian Prieto

VIDEO: Útoky s využitím Spring4Shell zasáhly už každou šestou zranitelnou organizaci - SecurityCast#103 - YouTube

Hello folks, I thought I uploaded the show from Thursday, sorry about that. Notes are below. Hello folks, on today's podcast, we're going to cover Explaining Spring4Shell: The Internet security disaster that wasn't as our main topic. We will cover some of the other landscape as well as any other topics the public has to offer. Note that today's program was done on Thursday to account for an event I attended the day before. We should be able to return to a Wednesday schedule next week. Enjoy the program and thanks so much for listening!

This week Jeremy, Josh, Brett and the person in the upper left hand corner reconvene to discuss another week's worth of news in the world of personal computer hardware and software. You won't want to miss it.AMD overclocking surprises, SK Hynix is going to buy ARM now?, Intel and AMD and an interesting patent observation, ray traced DOOM and the return of Monkey Island!, and the 12900KS edition is now available.A full list of the topics discussed in this video are helpfully provided in the list of time stamps below.Timestamps:00:00 Intro00:51 Burger of the Week03:05 AMD automatically overclocking your CPU?06:15 Did Intel actually copy AMD's CPU patent?10:22 Core i9-12900KS goes on sale13:47 AMD buys Pensando20:43 Ramblings about a 12th Gen Core i3/i5 review26:14 Now SK Hynix wants to buy Arm?31:29 Podcast Sponsor: Kolide32:54 Noctua releases NH-D12L low-profile dual tower cooler36:16 The return of Monkey Island37:46 DOOM gets ray traced!39:19 Killing Floor Humble Bundle40:50 Apple doesn't seem to care about security on "older" MacOS versions43:46 Spring is here! And by that we mean Spring4Shell is here!45:07 VLC hacked?46:27 Jeremy reviews Distant Worlds 255:23 Picks of the Week1:06:37 Outro★ Support this podcast on Patreon ★

Nesse episódio trouxemos as notícias e novidades do mundo da programação que nos chamaram atenção dos dias 02/04 a 08/04! Breakpoint: A escolha da história é realizada via enquete no Código Fonte TV no YouTube. Nessa semana o tema foi: "Por que o Código Fonte TV ainda não tem curso?". CallStack: A TRACTIAN é a startup responsável pela criação de uma solução de monitoramento online de ativos que une sensores IoT e software de inteligência artificial. Ela está em busca de talentos para trabalhar com criação e manutenção de APIs em NodeJS e Typescript. Com conhecimento em bancos SQL ou noSQL, Mongodb e outras linguagens de Back-End como C++ e Python. Você pode conhecer mais a TRACTIAN, suas oportunidade, além de se candidatar através do link https://codft.me/tractian. Hosts: Somos Gabriel Fróes e Vanessa Weber, um casal de programadores que dá as caras desde 2016 no canal Código Fonte TV no YouTube. Links: Novo Canal do Compilado no YouTube: https://codft.me/canalcompilado Receba as Notícias do Compilado no Email: compilado.codigofonte.com.br

Nesse episódio trouxemos as notícias e novidades do mundo da programação que nos chamaram atenção dos dias 02/04 a 08/04! Breakpoint: A escolha da história é realizada via enquete no Código Fonte TV no YouTube. Nessa semana o tema foi: "Por que o Código Fonte TV ainda não tem curso?". CallStack: A TRACTIAN é a startup responsável pela criação de uma solução de monitoramento online de ativos que une sensores IoT e software de inteligência artificial. Ela está em busca de talentos para trabalhar com criação e manutenção de APIs em NodeJS e Typescript. Com conhecimento em bancos SQL ou noSQL, Mongodb e outras linguagens de Back-End como C++ e Python. Você pode conhecer mais a TRACTIAN, suas oportunidade, além de se candidatar através do link https://codft.me/tractian. Hosts: Somos Gabriel Fróes e Vanessa Weber, um casal de programadores que dá as caras desde 2016 no canal Código Fonte TV no YouTube. Links: Novo Canal do Compilado no YouTube: https://codft.me/canalcompilado Receba as Notícias do Compilado no Email: compilado.codigofonte.com.br

This episode features discussion on the Spring4Shell vulnerability, Supply Chain Integrity Month and an explosive North American electricity sector tabletop exercise

ShadowTalk host Chris alongside Ivan and Austin bring you the latest in threat intelligence. This week they cover: * Spring4Shell: The Internet security disaster that wasn't * New Borat remote access malware is no laughing matter * FIN7 hackers evolve toolset, work with multiple ransomware gangs ***Resources from this week's podcast*** Intelligence Collection Plans: Preparation Breeds Success https://www.digitalshadows.com/blog-and-research/intelligence-collection-plans-preparation-breeds-success/ Team A Vs Team B: What Is Motivating Lapsus$? https://www.digitalshadows.com/blog-and-research/team-a-vs-team-b-what-is-motivating-lapsus/ Five Things We Learned From The Conti Chat Logs https://www.digitalshadows.com/blog-and-research/five-things-we-learned-from-the-conti-chat-logs/ Explaining Spring4Shell: The Internet security disaster that wasn't https://arstechnica.com/information-technology/2022/04/explaining-spring4shell-the-internet-security-disaster-that-wasnt/ New Borat remote access malware is no laughing matter https://www.bleepingcomputer.com/news/security/new-borat-remote-access-malware-is-no-laughing-matter/ FIN7 hackers evolve toolset, work with multiple ransomware gangs https://www.bleepingcomputer.com/news/security/fin7-hackers-evolve-toolset-work-with-multiple-ransomware-gangs/ Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don't forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Bu hafta Tuğba Öztürk ve Murat Lostar, bir Java framework'ü olan Spring'de keşfedilen kritik güvenlik açığını ve sosyal medya hesaplarını çalan zararlı yazılım FFDroider'ı ele alıyor. Açık kaynaklı bir Java framework'ü olan Spring'te CVE-2022-22965 kodlu kritik bir güvenlik açığı keşfedildi. Uzaktan kod çalıştırmaya neden olan açık, Spring framework'ünün 5.3.0'dan 5.3.17'ye, 5.2.0'dan 5.2.19'a kadar olan sürümlerini etkiliyor. FFDroider adlı zararlı yazılımın, tarayıcılardaki kimlik bilgileri ve çerezler vasıtasıyla Facebook, Twitter ve Instagram hesaplarını ele geçirebildiği tespit edildi. Sosyal medya hesapları ele geçirildikten sonra, kripto para dolandırıcılığı yapmak ve kötü amaçlı yazılım dağıtmak için kullanılabiliyor. Görüntülü yayına https://www.youtube.com/siberingunlugu üzerinden ulaşabilirsiniz. Keyifli dinlemeler

Sponsor by SEC Playground แบบสอบถามเพื่อปรับปรุง Chill Chill Security Channel: https://forms.gle/e5K396JAox2rZFp19 Music by https://www.bensound.com/ --- Support this podcast: https://anchor.fm/chillchillsecurity/support

On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss some of the research published by Symantec’s Threat Hunter team over the past couple of weeks, including a new Cicada/APT10 espionage campaign targeting government organizations and NGOs in multiple countries worldwide. We discuss the new Verblecon malware, which is being deployed in sophisticated campaigns that appear to have the relatively low-reward goal of cryptocurrency mining as their main objective. We also talk about the Spring4Shell vulnerability that briefly caused a lot of consternation last week, and give an update about the latest information that has emerged about the cyber activity that has been seen targeting organizations in Ukraine.

Cloud Security News this week 30 March 2022 To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News

Vetle (@bordplate), Melvin (@Flangvik) og Martin (@Mrtn9) planla å "winge" episoden uten show notes, men endte opp med å lage show notes i pre-showet. Deretter snakkes det om Defcon før nyhetsseksjonen kickes i gang med enda mer Lapsus$. Deretter går det i Spring4Shell, Passvarsel.no og hvor rike alle i sikkerhet er.

Picture of the Week. 0-Day Watch. Spring Forward (Java: Spring4Shell) QNAP and the OpenSSL DoS vulnerability. Sophos has a 9.8. CISA orders federal civilian agencies to patch the Sophos vulnerability. Browser-in-the-browser. The supply-chain attacks on NPM have been growing. FinFisher bites the dust. A LAPSUS$ in judgment. Not so Wyze. Closing The Loop. Port Knocking. We invite you to read our show notes at https://www.grc.com/sn/SN-865-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit itpro.tv/securitynow promo code SN30 kolide.com/securitynow

There's a maneuver lull in Russia's hybrid war against Ukraine, but fire and cyber ops continue. The US provides cyber assistance to Ukraine. The Cicada call of Stone Panda. Phony e-commerce sites seek to harvest banking credentials. CISA offers some advice and some guidance. Hydra Market sanctioned. Awais Rashid from Bristol University on anonymous communication systems. Our guest is Armaan Mahbod of DTEX Systems with a look at supermalicious insiders. And the most popular password is... For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/66 Selected reading. Russian military ‘weeks' from being ready for new push as war takes its toll (The Telegraph) Russia's failure to take down Kyiv was a defeat for the ages (AP NEWS) U.S. Cyber Command providing cyber expertise and intelligence in Ukraine's fight against Russia (FedScoop)  Cyber Command chief: U.S. has 'stepped up' to protect Ukraine's networks (The Record by Recorded Future)  How Ukraine has defended itself against cyberattacks – lessons for the US (FIU News)  Cicada: Chinese APT Group Widens Targeting in Recent Espionage Activity (Symantec)  Fake e‑shops on the prowl for banking credentials using Android malware (WeLiveSecurity)  CISA adds Spring4Shell vulnerability, Apple zero-days to exploited catalog (The Record by Recorded Future)  LifePoint Informatics Patient Portal (CISA)  Rockwell Automation ISaGRAF (CISA)  Johnson Controls Metasys (CISA)  Philips Vue PACS (Update A) (CISA) Treasury Sanctions Russia-Based Hydra, World's Largest Darknet Market, and Ransomware-Enabling Virtual Currency Exchange Garantex (U.S. Department of the Treasury) Most Common Passwords 2022 - Is Yours on the List? (CyberNews)

On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Why Spring4Shell isn't all hype How Viasat actually got owned Russian war crimes likely extend to coercing sysadmis Why lighter fluid and a box of matches is more effective than cyber in Belarus Much, much more This week's sponsor interview is with Bernard Brantley, Corelight's Chief Information Security Officer. Corelight makes a network sensor you can use to plug in to your SIEM, among other things. It's based on Zeek, the open source network sensor that Corelight maintains. Corelight is absolutely the industry standard for this sort of thing. And they've just become the standard for something else, too: Microsoft Defender for IoT can now accept Corelight feeds. Bernard fills us in on that. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes Explaining Spring4Shell: The Internet security disaster that wasn't | Ars Technica VMware sprung by Spring4shell vulnerability - Security - iTnews Viasat confirms report of wiper malware used in Ukraine cyberattack - The Record by Recorded Future VIASAT incident: from speculation to technical details. AcidRain | A Modem Wiper Rains Down on Europe - SentinelOne EXCLUSIVE Hackers who crippled Viasat modems in Ukraine are still active- company official | Reuters Kevin Collier on Twitter: "In a Zoom presser earlier today, UKR Telecom CIO Kirill Goncharuk said the hack on his ISP started with compromised credentials from an employee in a territory Russia recently occupied. Declined to address the potential implication that the employee was physically coerced." / Twitter Ukrainian CERT details Russia-linked phishing attacks targeting government officials - The Record by Recorded Future The Belarus ‘railway rebels', who dare stop Vladimir Putin's invasion in its tracks German wind turbine maker shut down after cyberattack - The Record by Recorded Future Hacker accessed 319 crypto- and finance-related Mailchimp accounts, company said - The Record by Recorded Future Trezor cryptocurrency wallets targeted with phishing attacks following Mailchimp compromise | The Daily Swig Two alleged Lapsus$ teens appear in London court IT giant Globant discloses hack after Lapsus$ leaks 70GB of stolen data | Ars Technica Notorious hacking group FIN7 adds ransomware to its repertoire NSA employee indicted for mishandling Top Secret information - The Record by Recorded Future Debate erupts at news the White House may scale back DOD cyber-ops authorities Legislators rail against potential rollback of flexible DOD cyber powers ‘Dangerous' EU web authentication plan threatens to undercut browser-led certification system, detractors claim | The Daily Swig Trend Micro warns of active attacks against Apex Central console | The Daily Swig Apple releases fixes for two zero-days affecting Macs, iPhones and iPads - The Record by Recorded Future Zyxel patches critical vulnerability that can allow Firewall and VPN hijacks | Ars Technica GitLab addresses critical account hijack bug | The Daily Swig Ola Finance DeFi platform hacked, nearly $5 million stolen - The Record by Recorded Future Bank that lacked basic security suffers predictable fate • The Register Corelight Announces Integration for Microsoft Defender for IoT as a Data Source for the Platform

Picture of the Week. 0-Day Watch. Spring Forward (Java: Spring4Shell) QNAP and the OpenSSL DoS vulnerability. Sophos has a 9.8. CISA orders federal civilian agencies to patch the Sophos vulnerability. Browser-in-the-browser. The supply-chain attacks on NPM have been growing. FinFisher bites the dust. A LAPSUS$ in judgment. Not so Wyze. Closing The Loop. Port Knocking. We invite you to read our show notes at https://www.grc.com/sn/SN-865-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit itpro.tv/securitynow promo code SN30 kolide.com/securitynow

Picture of the Week. 0-Day Watch. Spring Forward (Java: Spring4Shell) QNAP and the OpenSSL DoS vulnerability. Sophos has a 9.8. CISA orders federal civilian agencies to patch the Sophos vulnerability. Browser-in-the-browser. The supply-chain attacks on NPM have been growing. FinFisher bites the dust. A LAPSUS$ in judgment. Not so Wyze. Closing The Loop. Port Knocking. We invite you to read our show notes at https://www.grc.com/sn/SN-865-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit itpro.tv/securitynow promo code SN30 kolide.com/securitynow

Picture of the Week. 0-Day Watch. Spring Forward (Java: Spring4Shell) QNAP and the OpenSSL DoS vulnerability. Sophos has a 9.8. CISA orders federal civilian agencies to patch the Sophos vulnerability. Browser-in-the-browser. The supply-chain attacks on NPM have been growing. FinFisher bites the dust. A LAPSUS$ in judgment. Not so Wyze. Closing The Loop. Port Knocking. We invite you to read our show notes at https://www.grc.com/sn/SN-865-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit itpro.tv/securitynow promo code SN30 kolide.com/securitynow

Picture of the Week. 0-Day Watch. Spring Forward (Java: Spring4Shell) QNAP and the OpenSSL DoS vulnerability. Sophos has a 9.8. CISA orders federal civilian agencies to patch the Sophos vulnerability. Browser-in-the-browser. The supply-chain attacks on NPM have been growing. FinFisher bites the dust. A LAPSUS$ in judgment. Not so Wyze. Closing The Loop. Port Knocking. We invite you to read our show notes at https://www.grc.com/sn/SN-865-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit itpro.tv/securitynow promo code SN30 kolide.com/securitynow

Picture of the Week. 0-Day Watch. Spring Forward (Java: Spring4Shell) QNAP and the OpenSSL DoS vulnerability. Sophos has a 9.8. CISA orders federal civilian agencies to patch the Sophos vulnerability. Browser-in-the-browser. The supply-chain attacks on NPM have been growing. FinFisher bites the dust. A LAPSUS$ in judgment. Not so Wyze. Closing The Loop. Port Knocking. We invite you to read our show notes at https://www.grc.com/sn/SN-865-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit itpro.tv/securitynow promo code SN30 kolide.com/securitynow

On Security Now, Leo Laporte and Steve Gibson examine a critical Java framework flaw that's been named "Spring4Shell" because it's mildly reminiscent of Java's recent "Log4J" problem. For this story and more, check out Security Now: https://twit.tv/sn/865 Hosts: Steve Gibson and Leo Laporte You can find more about TWiT and subscribe to our podcasts at https://podcasts.twit.tv/

Germany takes down world's largest darknet market Anonymous leaks personal details of Russian soldiers CISA adds Spring4Shell to list of exploited vulnerabilities Thanks to our episode sponsor, Code42 Cybersecurity teams are facing unprecedented challenges when it comes to protecting sensitive corporate data from exposure, leak and theft.   In fact, the Code42 Annual Data Exposure Report revealed there's a 1 in 3 chance that your company will lose IP when an employee quits. To learn more about stopping data leaks with Insider Risk Management visit Code42.com/showme. For the stories behind the headlines, visit CISOseries.com

Picture of the Week. 0-Day Watch. Spring Forward (Java: Spring4Shell) QNAP and the OpenSSL DoS vulnerability. Sophos has a 9.8. CISA orders federal civilian agencies to patch the Sophos vulnerability. Browser-in-the-browser. The supply-chain attacks on NPM have been growing. FinFisher bites the dust. A LAPSUS$ in judgment. Not so Wyze. Closing The Loop. Port Knocking. We invite you to read our show notes at https://www.grc.com/sn/SN-865-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit itpro.tv/securitynow promo code SN30 kolide.com/securitynow

On Security Now, Leo Laporte and Steve Gibson examine a critical Java framework flaw that's been named "Spring4Shell" because it's mildly reminiscent of Java's recent "Log4J" problem. For this story and more, check out Security Now: https://twit.tv/sn/865 Hosts: Steve Gibson and Leo Laporte You can find more about TWiT and subscribe to our podcasts at https://podcasts.twit.tv/

En este programa hablamos con Ruben Fernandez, CISO del Grupo DIA, compañía internacional del sector de la distribución alimentación, productos de hogar, belleza y salud. Con Ruben analizamos cuál es el día a día de un responsable de ciberseguridad y como es la seguridad de una compañía como DIA. En nuestro apartado de noticias hablamos la fuga de información que afectó a Iberdrola en la que se vieron expuestos datos de 1,3 millones de datos de carácter personal. También hablamos de la vulnerabilidad que ha estado ocupando a todos los equipos de seguridad los últimos días Spring4shell. Por último compartimos un aviso emitido por la Guardia Civil de una campaña que de phishing que suplanta a la Agencia Tributaria reclamando una cantidad. Además, como en anteriores programas, los especialistas de Netskope nos acercaron la Píldora SASE. Ese nuevo paradigma que proveyendo de seguridad desde la nube, esta revolucionando la forma de entender la seguridad para los usuarios y empresas. En esta ocasión nos acompañó Samuel Bonete Regional Sales Manager de Netskope. Samu compartió con todos nosotros la importancia de estar alerta frente infecciones que tienen su origen o punto de inicio en los ficheros ofimáticos. En la entrevista con Ruben compartió varias ideas interesantes sobre el día a día de un CISO como son la importancia de centrarse en las áreas estratégicas de la ciberseguridad, es importante conocer las áreas estratégicas de la compañía e ir delegando las operaciones diarias de la tecnología de seguridad en departamentos de operaciones o en empresas especializadas. También compartió la importancia de realizar BIAs a la hora de hacer inversiones en ciberseguridad. Twitter: @ciberafterwork Instagram @ciberafterwork +info: https://psaneme.com/ https://bitlifemedia.com/ Noticias: https://www.rtve.es/n/2326270/ https://www.tarlogic.com/es/blog/vulnerabilidad-spring4shell-cve-2022-22965-cve-2022-22963/ Píldora SASE: https://www.netskope.com/ https://www.netskope.com/es/blog/office-documents-and-cloud-apps-perfect-for-malware-delivery DIA https://diacorporate.com/

[Referências do Episódio] - Nova campanha do APT10 - https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-china-ngo-government-attacks - Tentativas de exploração da Spring4Shell detectadas pela Microsoft -https://www.bleepingcomputer.com/news/security/microsoft-detects-spring4shell-attacks-across-its-cloud-services/ - Nova versão do crypter 3LOSH ganha popularidade - https://blog.talosintelligence.com/2022/04/asyncrat-3losh-update.html - Ataque recente do Armagedon na Ucrânia - https://cert.gov.ua/article/39138 - Fechamento do Hydra Market - https://www.wired.com/story/hydra-market-shutdown/ [Ficha técnica] Roteiro e apresentação: Carlos Cabral Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia Projeto gráfico: Julian Prieto

In this week's episode, I cover more details on the LAPSU$ a on cyber gang, info on the recently disclosed Spring4Shell Vulnerability, Citrix DaaS announcement and more! Reference Links: https://www.rorymon.com/blog/episode-224-citrix-daas-announcement-spring4shell-chrome-v100-citrix-issues-more/

A pair of Kens. A quick discussion on Spring4Shell and how the exploit takes advantage of Java's dynamic configuration options along with a data binding aka mass assignment vulnerabilities. Ken Toler (@relotnek) joins the show to discus the current web3 security landscape and how security can be involved in cryptocurrency projects. "There is a place for you in crypto" - @relotnek

Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/spring4shell-pear-bugs-and-gitlab-hardcoded-passwords.html This week we have some fun with some bugs that really shouldn't have passed code-review, we of course talk about Spring4Shell/SpringShell and dive into the decade long history of that bug, and a bit of discussion about triaging more subtle bugs. [00:00:29] [Stripe] CSRF token validation system is disabled [00:09:42] GitLab Account Takeover with Hardcoded Password [00:21:22] Spring4Shell: Security Analysis of the latest Java RCE '0-day' vulnerabilities in Spring [00:37:49] PHP Supply Chain Attack on PEAR [00:52:16] Finding bugs that doesn't exists The DAY[0] Podcast episodes are streamed live on Twitch (@dayzerosec) twice a week: Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. The Video archive can be found on our Youtube channel: https://www.youtube.com/c/dayzerosec You can also join our discord: https://discord.gg/daTxTK9 Or follow us on Twitter (@dayzerosec) to know when new releases are coming.

Kontynuujemy specjalną edycję naszego podcastu w nowej formule codziennych raportów. Od poniedziałku do piątku relacjonujemy dla Was najważniejsze wydarzenia z zakresu działań podejmowanych w cyberprzestrzeni. W dzisiejszym odcinku wystąpili Piotr Kępski i Cyprian Gutkowski. Dzisiejsze tematy: Numery ksiąg wieczystych były widoczne w Geoportalu Kradzież danych z VGTRK (Russian Television and Radio) i firmy Korolevskiy; Źródło More

Spring4Shell Patch, Mailchimp Hack, Hydra is Down, China & Cyber Bureau   Cybersecurity News CyberHub Podcast April 5th, 2022   Today's Headlines and the latest #cybernews from the desk of the #CISO: Hacker accessed 319 crypto- and finance-related Mailchimp accounts, company said VMware patches Spring4Shell RCE flaw in multiple products CISA Warns of Active Exploitation of Critical Spring4Shell Vulnerability Germany takes down Hydra, world's largest darknet market Researchers Trace Widespread Espionage Attacks Back to Chinese 'Cicada' Hackers State Department launches new cyber bureau   Story Links: https://therecord.media/hacker-accessed-319-crypto-and-finance-related-mailchimp-accounts-company-said/ https://www.bleepingcomputer.com/news/security/vmware-patches-spring4shell-rce-flaw-in-multiple-products/ https://thehackernews.com/2022/04/cisa-warns-of-active-exploitation-of.html https://www.bleepingcomputer.com/news/legal/germany-takes-down-hydra-worlds-largest-darknet-market/ https://thehackernews.com/2022/04/researchers-trace-widespread-espionage.html https://therecord.media/state-department-launched-new-cyber-bureau/   “The Microsoft Doctrine” by James Azar now on Substack https://jamesazar.substack.com/p/the-microsoft-doctrine   The Practitioner Brief is sponsored by: KnowBe4: https://info.knowbe4.com/phishing-security-test-cyberhub  ****** Find James Azar Host of CyberHub Podcast, CISO Talk, Goodbye Privacy, Digital Debate, and Other Side of Cyber James on Linkedin: https://www.linkedin.com/in/james-azar-a1655316/ Telegram: CyberHub Podcast ****** Sign up for our newsletter with the best of CyberHub Podcast delivered to your inbox once a month: http://bit.ly/cyberhubengage-newsletter ****** Website: https://www.cyberhubpodcast.com Youtube: https://www.youtube.com/c/TheCyberHubPodcast Rumble:  https://rumble.com/c/c-1353861 Facebook: https://www.facebook.com/CyberHubpodcast/ Linkedin: https://www.linkedin.com/company/cyberhubpodcast/ Twitter: https://twitter.com/cyberhubpodcast Instagram: https://www.instagram.com/cyberhubpodcast Listen here: https://linktr.ee/cyberhubpodcast   The Hub of the Infosec Community. Our mission is to provide substantive and quality content that's more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.   Thank you for watching and Please Don't forget to Like this video and Subscribe to my Channel!   #cybernews #infosec #cybersecurity #cyberhubpodcast #practitionerbrief #cisotalk #ciso #infosecnews #infosec #infosecurity #cybersecuritytips #podcast #technews #tinkertribe #givingback #securitytribe #securitygang #informationsecurity

Spring4Shell Impact, Apple and Gitlab Patch, Android Malware and CISA Must Patch   Cybersecurity News CyberHub Podcast April 4th, 2022   Today's Headlines and the latest #cybernews from the desk of the #CISO: Vendors Assessing Impact of Spring4Shell Vulnerability Apple releases fixes for two zero-days affecting Macs, iPhones and iPads GitLab Patches Critical Account Takeover Vulnerability Newly found Android malware records audio, tracks your location CISA adds seven bugs to Known Exploited Vulnerabilities Catalog   Story Links: https://www.securityweek.com/vendors-assessing-impact-spring4shell-vulnerability https://therecord.media/apple-releases-fixes-for-two-zero-days-affecting-macs-iphones-and-ipads/ https://www.securityweek.com/gitlab-patches-critical-account-takeover-vulnerability https://www.bleepingcomputer.com/news/security/newly-found-android-malware-records-audio-tracks-your-location/ https://therecord.media/cisa-adds-seven-bugs-to-known-exploited-vulnerabilities-catalog/   “The Microsoft Doctrine” by James Azar now on Substack https://jamesazar.substack.com/p/the-microsoft-doctrine   The Practitioner Brief is sponsored by: KnowBe4: https://info.knowbe4.com/phishing-security-test-cyberhub  ****** Find James Azar Host of CyberHub Podcast, CISO Talk, Goodbye Privacy, Digital Debate, and Other Side of Cyber James on Linkedin: https://www.linkedin.com/in/james-azar-a1655316/ Telegram: CyberHub Podcast ****** Sign up for our newsletter with the best of CyberHub Podcast delivered to your inbox once a month: http://bit.ly/cyberhubengage-newsletter ****** Website: https://www.cyberhubpodcast.com Youtube: https://www.youtube.com/c/TheCyberHubPodcast Rumble:  https://rumble.com/c/c-1353861 Facebook: https://www.facebook.com/CyberHubpodcast/ Linkedin: https://www.linkedin.com/company/cyberhubpodcast/ Twitter: https://twitter.com/cyberhubpodcast Instagram: https://www.instagram.com/cyberhubpodcast Listen here: https://linktr.ee/cyberhubpodcast   The Hub of the Infosec Community. Our mission is to provide substantive and quality content that's more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.   Thank you for watching and Please Don't forget to Like this video and Subscribe to my Channel!   #cybernews #infosec #cybersecurity #cyberhubpodcast #practitionerbrief #cisotalk #ciso #infosecnews #infosec #infosecurity #cybersecuritytips #podcast #technews #tinkertribe #givingback #securitytribe #securitygang #informationsecurity  

Java Spring sovelluskehykseen liittyvä "Spring4Shell" haavoittuvuushttps://isc.sans.edu/forums/diary/Java+Springtime+Confusion+What+Vulnerability+are+We+Talking+About/28500/https://nvd.nist.gov/vuln/detail/CVE-2010-1622LunaSec.io kirjoitus Springin haavoittuvuudestahttps://www.lunasec.io/docs/blog/spring-rce-vulnerabilities/Viasatiin kohdistettu kyberhyökkäyshttps://therecord.media/viasat-confirms-report-of-wiper-malware-used-in-ukraine-cyberattack/Väärennettyjen "Emergency Data Requests" hyväksikäyttöhttps://krebsonsecurity.com/2022/03/hackers-gaining-power-of-subpoena-via-fake-emergency-data-requests/Ville Kontisen opinnäytetyö siitä sähköpostien väärentämisen estävien teknologioiden käytöstähttps://www.theseus.fi/handle/10024/355293

Eddy sagt dir, was du als Anwender über Spring4Shell und Sicherheitsmängel in Corona-Testzentren wissen musst. Wir sprechen über verdächtige Sätze in Release Notes von Apple und reden über Firmenläufe und Traueranzeigen. Schalte ein beim CyberAwareness Podcast mit dem Frosch! Eddys Tipps von Montag bis Freitag auf Twitter und jeden Sonntag als Podcast. Eddy auf Twitter: https://twitter.com/eddy_infosec Unser Blogbeitrag über Mängel bei Corona-Test-Zertifikaten: https://infoeddy.de/datenschutz-und-informationssicherheit-im-corona-testzentrum-wie-baue-ich-mir-die-perfekte-ee25c585e5d6

Hello everyone! This episode will be about last week's high-profile vulnerabilities in Spring. Let's figure out what happened. Of course, it's amazing how fragmented the software development world has become. Now there are so many technologies, programming languages, libraries and frameworks! It becomes very difficult to keep them all in sight. Especially if it's not the stack you use every day. Entropy keeps growing every year. Programmers are relying more and more on off-the-shelf libraries and frameworks, even where it may not be fully justified. And vulnerabilities in these off-the-shelf components lead to huge problems. So it was in the case of a very critical Log4Shell vulnerability, so it may be in the case of Spring vulnerabilities. Watch the video version of this episode on my YouTube channel. Read the full text of this episode with all links on avleonov.com blog.

Eric rides a bike and eats a burger. Jon eagerly awaits bees. A few follow ups to Okta, Lapsus, Cryptocurrency losses and a Ukraine hacker. The FBI goes after BEC scams, Exxon mines bitcoin with excess gas, forged Legal requests and a new exploit, logo pending. Eric find CRISPR cows interesting and Jon is looking forward to buying books in the Kindle app. 0:00 - Introduction 10:03 - More Okta 11:09 - Lapsus Mastermind 13:01 - $625 million more... 14:22 - Ukraine Hacker 17:35 - FBI BEC News 19:05 - Excess Gas Bitcoin Mining 21:39 - Forged Legal Requests 29:12 - Spring4Shell 34:22 - CRISPR Cows 37:04 - Apple Reader App News

Did Spring4Shell set the internet on fire again? Not so fast. In a special episode of Wicked Good Development we dissect the zero-day RCE vulnerability in the Spring Framework dubbed Spring4Shell or Springshell. From comparisons to Log4j to how to remediate it and what versions on vulnerable, the experts on today's show break down what we know so far about this new vulnerability. And most importantly, how to determine if you're affected.

Attempting to evolve rules of cyber conduct during a hot hybrid war. Waiting for major Russian cyber operations. Viasat terminals were hit by wiper malware. Patches and detection scripts for Spring4shell. Warning of ransomware threat to local governments. Emergency data requests under Senatorial scrutiny. NSA employee charged with mishandling classified material. Andrea Little Limbago from Interos on Bots, Warriors and Trolls. Rick Howard speaks with Maretta Morovitz on cyber deception. And no April Foolin' here For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/63 Selected reading. Russia's War Lacks a Battlefield Commander, U.S. Officials Say (New York Times)  Putin may be self-isolating from his military advisers, says White House (The Telegraph)  Confronting Russian Cyber Censorship (Wilson Center)  Zelensky Fires Two Generals (Wall Street Journal)  French intelligence chief Vidaud fired over Russian war failings (BBC News)  Cyber War Talks Heat Up at UN With Russia at Table (Bloomberg.com) Foreign Ministry statement on continued cyberattack by the “collective West” (Ministry of Foreign Affairs of the Russian Federation)  New Protestware Found Lurking in Highly Popular NPM Package (Checkmarx.com) Russia targeting Ukraine, countries opposing war in cyberspace (Jerusalem Post) Conti Leaks: Examining the Panama Papers of Ransomware (Trellix)  British intelligence agencies: Moscow continuously attacks Ukraine in cyberspace (The Times Hub) AcidRain | A Modem Wiper Rains Down on Europe (SentinelOne) SentinelOne finds ties between Viasat hack and Russian actor (SC Magazine) ExtraHop CEO: Expect a Russian cyber response to sanctions (Register) Treasury sanctions Russian research center blamed for Trisis malware (CyberScoop)  Treasury Targets Sanctions Evasion Networks and Russian Technology Companies Enabling Putin's War (U.S. Department of the Treasury) Evgeny Viktorovich Gladkikh – Rewards For JusticeArtboard 4Artboard 4 (Rewards for Justice)  Spring confirms ‘Spring4Shell' zero-day, releases patched update (The Record by Recorded Future)  Spring4Shell (CVE-2022-22965): Are you vulnerable to this Zero Day? (Cyber Security Works)  Ransomware Attacks Straining Local US Governments and Public Services (IC3)  Senate's Wyden Probes Use of Forged Legal Requests by Hackers (Bloomberg)  NSA Employee Charged with Mishandling Classified Material (Military.com) National Security Agency Employee Indicted for Willful Transmission and Retention of National Defense Information (US Department of Justice)  National Security Agency Employee Facing Federal Indictment for Willful Transmission and Retention of National Defense Information (US Department of Justice)

In this episode of the Security Weekly News: Information overload, Zlib, spring4shell, Apple, Honda Keyless, Rockwell PLCs, Elon Musk's dastardly plans, and National Backup Day, all this as well as the show Wrap Ups for this week! Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn200  

In this episode of the Security Weekly News: Information overload, Zlib, spring4shell, Apple, Honda Keyless, Rockwell PLCs, Elon Musk's dastardly plans, and National Backup Day, all this as well as the show Wrap Ups for this week! Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn200  

In this episode of the Security Weekly News: Information overload, Zlib, spring4shell, Apple, Honda Keyless, Rockwell PLCs, Elon Musk's dastardly plans, and National Backup Day, all this as well as the show Wrap Ups for this week!   Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn200

Russian cyber operators collect against domestic targets. More details on the Viasat hack. Ukrainian hacktivists say they can interfere with Russian geolocation. Spring4shell is another remote-code-execution problem. The Remcos Trojan is seeing a resurgence. Malicious links distributed via Calendly. Johannes Ullrich from SANS on attack surface detection. Our guest is Fleming Shi from Barracuda on cybersecurity champions. Phishing with “emergency data requests.” Lapsus$ may be back from vacation. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/62 Selected reading. Vladimir Putin is being lied to by his advisers, says GCHQ (The Telegraph)  U.S. intelligence suggests that Putin's advisers misinformed him on Ukraine. (New York Times)  White House: Intel shows Putin misled by advisers on Ukraine (AP NEWS)  Russian troops sabotaging their own equipment and refusing orders in Ukraine, UK spy chief says (CNBC)  Phishing campaign targets Russian govt dissidents with Cobalt Strike (BleepingComputer)  KA-SAT Network cyber attack overview (Viasat.com)  Tracking cyber activity in Eastern Europe (Google) Ukrainian Hackers Take Aim at Russian Artillery, Navigation Signals (Defense One)  Russian efforts in Ukraine have not yet spilled over into cyberattacks on US, says lawmaker (C4ISRNet) New Spring Framework RCE Vulnerability Confirmed - What to do? (Sonatype)  New Spring4Shell Zero-Day Vulnerability Confirmed: What it is and how to be prepared (Contrast Security) Spring Core on JDK9+ is vulnerable to remote code execution (Praetorian)  Spring4Shell: No need to panic, but mitigations are advised (Help Net Security)  Remcos Trojan: Analyzing the Attack Chain (Morphisec)  Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests (Bloomberg)  Fresh Phish: Phishers Schedule Victims on Calendar App (INKY)  Lapsus$ claims Globant as its latest breach victim (TechCrunch)

Spring4Shell, Okta Breach update, National Emergency Extended and China, Russia and Iran   Cybersecurity News CyberHub Podcast March 31st, 2022   Today's Headlines and the latest #cybernews from the desk of the #CISO: Spring4Shell: Spring Flaws Lead to Confusion, Concerns of New Log4Shell-Like Threat Sitel blames Okta breach on ‘legacy' network from acquisition China, Iran, North Korea, Russia and others using Ukraine invasion in phishing attacks US national emergency extended due to elevated malicious cyber activity A Sinister Way to Beat Multifactor Authentication Is on the Rise   Story Links: https://www.securityweek.com/spring4shell-spring-flaws-lead-confusion-concerns-new-log4shell-threat https://thehackernews.com/2022/03/unpatched-java-spring-framework-0-day.html https://therecord.media/sitel-blames-okta-breach-on-legacy-network-from-acquisition/ https://therecord.media/china-iran-north-korea-russia-and-others-using-ukraine-invasion-in-phishing-attacks-google/ https://www.bleepingcomputer.com/news/security/us-national-emergency-extended-due-to-elevated-malicious-cyber-activity/ https://www.wired.com/story/multifactor-authentication-prompt-bombing-on-the-rise/   “The Microsoft Doctrine” by James Azar now on Substack https://jamesazar.substack.com/p/the-microsoft-doctrine   The Practitioner Brief is sponsored by: KnowBe4: https://info.knowbe4.com/phishing-security-test-cyberhub  ****** Find James Azar Host of CyberHub Podcast, CISO Talk, Goodbye Privacy, Digital Debate, and Other Side of Cyber James on Linkedin: https://www.linkedin.com/in/james-azar-a1655316/ Telegram: CyberHub Podcast ****** Sign up for our newsletter with the best of CyberHub Podcast delivered to your inbox once a month: http://bit.ly/cyberhubengage-newsletter ****** Website: https://www.cyberhubpodcast.com Youtube: https://www.youtube.com/c/TheCyberHubPodcast Rumble:  https://rumble.com/c/c-1353861 Facebook: https://www.facebook.com/CyberHubpodcast/ Linkedin: https://www.linkedin.com/company/cyberhubpodcast/ Twitter: https://twitter.com/cyberhubpodcast Instagram: https://www.instagram.com/cyberhubpodcast Listen here: https://linktr.ee/cyberhubpodcast   The Hub of the Infosec Community. Our mission is to provide substantive and quality content that's more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.   Thank you for watching and Please Don't forget to Like this video and Subscribe to my Channel!   #cybernews #infosec #cybersecurity #cyberhubpodcast #practitionerbrief #cisotalk #ciso #infosecnews #infosec #infosecurity #cybersecuritytips #podcast #technews #tinkertribe #givingback #securitytribe #securitygang #informationsecurity

Opnieuw een grote kwetsbaarheid in veelgebruikte software. Het lek heet Spring4Shell, en het Nationaal Cybersecurity Centrum geeft over Spring4Shell de hoogste mogelijke waarschuwing af, schrijft het FD.  Ook in de Tech Update:  Nieuw pakket regels voor crypto in Brussel Truth Social gaat niet lekker    See omnystudio.com/listener for privacy information.

[Referências do Episódio] - CVE-2022-22963 no Spring Cloud - https://tanzu.vmware.com/security/cve-2022-22963 - Spring4Shell - https://www.cyberkendra.com/2022/03/springshell-rce-0-day-vulnerability.html - Condições para a exploraçÃo da Spring4Shell - https://twitter.com/wdormann/status/1509280535071309827?s=20&t=0m7R1YTB4HjykU9mxhpMSg - Um panorama sobre as duas falhas no Spring - https://isc.sans.edu/forums/diary/Java+Springtime+Confusion+What+Vulnerability+are+We+Talking+About/28500/ - Campanhas recentes no contexto da guerra - https://blog.google/threat-analysis-group/tracking-cyber-activity-eastern-europe/ - Comunicado da Viasat sobre os ataques do dia 24/02 - https://www.viasat.com/about/newsroom/blog/ka-sat-network-cyber-attack-overview/ - CVE-2022-0778 em produtos da QNAP - https://www.bleepingcomputer.com/news/security/qnap-warns-severe-openssl-bug-affects-most-of-its-nas-devices/ - Novo vazamento do Lapsus$ - https://threatpost.com/lapsus-back-from-vacation/179156/ e https://www.prnewswire.com/news-releases/globant-official-update-301514040.html - Ataque ao TRF-3 - https://g1.globo.com/sp/sao-paulo/noticia/2022/03/30/tribunal-federal-da-3a-regiao-em-sao-paulo-e-alvo-de-ataque-hacker-e-tem-trabalhos-suspensos-nesta-quarta.ghtml [Ficha técnica] Roteiro e apresentação: Carlos Cabral Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia Projeto gráfico: Julian Prieto

Cloud Posse holds public "Office Hours" every Wednesday at 11:30am PST to answer questions on all things related to DevOps, Terraform, Kubernetes, CICD. Basically, it's like an interactive "Lunch & Learn" session where we get together for about an hour and talk shop. These are totally free and just an opportunity to ask us (or our community of experts) any questions you may have. You can register here: https://cloudposse.com/office-hoursJoin the conversation: https://slack.cloudposse.com/Find out how we can help your company:https://cloudposse.com/quizhttps://cloudposse.com/accelerate/Learn more about Cloud Posse:https://cloudposse.comhttps://github.com/cloudpossehttps://sweetops.com/https://newsletter.cloudposse.comhttps://podcast.cloudposse.com/[00:00:00] Intro[00:01:33] Docker founder launches Dagger, a new DevOps platformhttps://techcrunch.com/2022/03/30/docker-founder-launches-dagger-a-new-devops-platform/[00:07:14] Google Docs gets “Markdown” Support (autocorrect)https://www.theverge.com/2022/3/29/23002138/google-docs-markdown-support-formatting-update[00:07:50] Pretty “diffs” of structure data and codehttps://github.com/Wilfred/difftastic[00:09:17] Helmfile seeks a new home (dedicated org)https://github.com/roboll/helmfile/issues/1824[00:10:34] Terraform 1.2 Alpha Release - better custom error messages and conditionshttps://github.com/hashicorp/terraform/releases/tag/v1.2.0-alpha-20220328[00:11:12] GitHub explains outage string in incidents updatehttps://www.theregister.com/2022/03/24/github_outage_details/[00:12:38] AWS Close Account API Endpoint (no terraform support yet)https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.htmlhttps://github.com/hashicorp/terraform-provider-aws/issues/23930[00:15:09] Google Cloud Alters the “Deal”; prices go up https://www.lastweekinaws.com/blog/google-cloud-alters-the-deal/[00:18:03] Amazon RDS now supports Internet Protocol Version 6 (IPv6) on RDS Service APIshttps://aws.amazon.com/about-aws/whats-new/2022/03/amazon-rds-internet-protocol-version-6-ipv6-rds-service-apis/[00:18:58] Amazon EC2 Auto Scaling instance lifecycle states are now available via the Instance Metadata Servicehttps://aws.amazon.com/about-aws/whats-new/2022/03/amazon-ec2-auto-scaling-lifecycle-instance-metadata/[00:19:53] AWS Lambda now allows customers to configure up to 10 GB of ephemeral storage for Lambda functionshttps://aws.amazon.com/about-aws/whats-new/2022/03/aws-lambda-configure-ephemeral-storage/[00:22:04] AWS Proton support for Terraform Open Source is now Generally Availablehttps://aws.amazon.com/about-aws/whats-new/2022/03/aws-proton-terraform-open-source/[00:24:33] Do you know of any services or people who provide career mentoring for DevOps people? [00:34:14] What do you do when you need something that hasn't been implemented in provider terraform-provider-aws yet? [00:40:29] Spring4Shell[00:42:41] What do you give developers playground environments?[00:52:14] Tracking main on Terraform when you have all environments in one repo[01:02:43] Outro #officehours,#cloudposse,#sweetops,#devops,#sre,#terraform,#kubernetes,#awsSupport the show (https://cloudposse.com/office-hours/)