POPULARITY
Qualys discloses syslog and qsort vulns in glibc, Apple's jailbroken iPhone for security researchers, moving away from OpenSSL, what an ancient vuln in image parsing can teach us today, and more! Show Notes: https://securityweekly.com/asw-272
Qualys discloses syslog and qsort vulns in glibc, Apple's jailbroken iPhone for security researchers, moving away from OpenSSL, what an ancient vuln in image parsing can teach us today, and more! Show Notes: https://securityweekly.com/asw-272
Episode 56: Using Data Science to win Bug Bounty - Mayonaise (aka Jon Colston)Episode 56: In this episode of Critical Thinking - Bug Bounty Podcast, Justin sits down with Jon Colston to discuss how his background in digital marketing and data science has influenced his hunting methodology. We dive into subjects like data sources, automation, working backwards from vulnerabilities, applying conversion funnels to bug bounty, and the mayonaise signature 'Mother of All Bugs' Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------WordFence - Sign up as a researcher! https://ctbb.show/wfSign up for Caido using the referral code CTBBPODCAST for a 10% discount. Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today's Guest:https://hackerone.com/mayonaise?type=userTimestamps:(00:00:00) Introduction(00:12:07) Evolving Hacking Methodologies & B2B Hacking(00:23:57) Data Science + Bug Bounty(00:34:37) 'Lead Generation for Vulns'(00:41:39) Ingredients and Recipes(00:49:45) Keyword Categorization(00:54:30) Manual Processes and Recap(01:07:08) Data Sources(01:19:59) Digital Marketing + Bug Bounty(01:32:22) M.O.A.B.s(01:41:02) Burnout Protection and Dupe Analysis
Vulns in Jenkins code and Cisco devices that make us think about secure designs, MiraclePtr pulls off a relatively quick miracle, code lasts while domains expire, an "Artificial Intelligence chip" from the 90s, and more! Show Notes: https://securityweekly.com/asw-271
Vulns in Jenkins code and Cisco devices that make us think about secure designs, MiraclePtr pulls off a relatively quick miracle, code lasts while domains expire, an "Artificial Intelligence chip" from the 90s, and more! Show Notes: https://securityweekly.com/asw-271
Vulns throw a wrench in a wrench, more vulns drench Atlassian, vulns send GitLab back to the design bench, voting for the top web hacking techniques of 2023, and more! Show Notes: https://securityweekly.com/asw-270
Vulns throw a wrench in a wrench, more vulns drench Atlassian, vulns send GitLab back to the design bench, voting for the top web hacking techniques of 2023, and more! Show Notes: https://securityweekly.com/asw-270
This week, in the security market, we talk about next NEXT gen anti-virus, how Okta can (apparently) do no wrong, and a VC firm imploding. Then we discuss how smartphones and speakers are allegedly being used to spy on us, and the future of privacy and consumer tech products. The latest SSH vuln is much less concerning than media outlets and academic researchers would have you believe. The Citrixbleed vuln, however is about as bad as vulns can get, and has led to one of the biggest US consumer breaches in a while, with Comcast/XFinity losing all customer records. The SEC backpedals (again!) on requiring breached companies to provide details about how they got breached. And finally, we have some fun with some squirrel stories that you should absolutely check out by going to our show notes, here: https://securityweekly.com/esw344 Show Notes: https://securityweekly.com/esw-344
This week, in the security market, we talk about next NEXT gen anti-virus, how Okta can (apparently) do no wrong, and a VC firm imploding. Then we discuss how smartphones and speakers are allegedly being used to spy on us, and the future of privacy and consumer tech products. The latest SSH vuln is much less concerning than media outlets and academic researchers would have you believe. The Citrixbleed vuln, however is about as bad as vulns can get, and has led to one of the biggest US consumer breaches in a while, with Comcast/XFinity losing all customer records. The SEC backpedals (again!) on requiring breached companies to provide details about how they got breached. And finally, we have some fun with some squirrel stories that you should absolutely check out by going to our show notes, here: https://securityweekly.com/esw344 Show Notes: https://securityweekly.com/esw-344
Episode 50: In this episode of Critical Thinking - Bug Bounty Podcast, Justin catches up with hacking master Mathias Karlsson, and talks about burnout, collaboration, and the importance of specialization. Then we dive into the technical details of MXSS and XSLT, character encoding, and give some predictions of what Bug Bounty might look like in the future…Follow us on twitter at: @ctbbpodcastSend us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:------ Ways to Support CTBBPodcast ------Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.Hop on the CTBB Discord!We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today's GuestEpisode ResourcesHow to Differentiate Yourself as a HunterMutateMethodshackaplanetenArticle About Unicode and Character SetsByte Order Mark:Character EncodingsShapeCatcherWAF BypassBountyDashEXPLOITING HTTP'S HIDDEN ATTACK-SURFACETimestamps:(00:00:00) Introduction(00:10:06) Automation Setup and Assetnote Origins(00:16:49) Sharing Tips, and Content Creation(00:22:27) Collaboration and Optimization(00:36:44) Working at Detectify(00:51:45) Bug Bounty Burnout(00:56:15) Early Days of Bug Bounty and Future Predictions(01:19:00) Nerdsnipeability(01:29:38) MXSS and XSLT(01:54:20) Learning through being wrong(02:00:15) Go-to Vulns
Repetition extracts data from ChatGPT, more vulns in the software that surrounds AI, guidelines for secure AI, LogoFAIL trips a boot, BLUFFS attack on Bluetooth, CISA's first secure by design alert, Okta's updated breach disclosure, and more! Show Notes: https://securityweekly.com/asw-265
A Samsung special this week, starting off with two Samsung specific vulnerabilities, one in the baseband chip for code execution. And a stack based overflow in the RILD service handler parsing IPC calls from the baseband chip for a denial of service. Lastly a Mali GPU driver use-after-free. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/230.html [00:00:00] Introduction [00:00:27] Humble Tech Book Bundle: Hacking 2023 by No Starch [00:08:15] CVE-2023-21517: Samsung Baseband LTE ESM TFT Heap Buffer Overflow [00:18:10] CVE-2023-30644: Samsung RIL Stack Buffer Overflow [00:24:58] Arm Mali r44p0: UAF by freeing waitqueue with elements on it [00:31:55] A Detailed Look at Pwn2Own Automotive EV Charger Hardware The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9
Repetition extracts data from ChatGPT, more vulns in the software that surrounds AI, guidelines for secure AI, LogoFAIL trips a boot, BLUFFS attack on Bluetooth, CISA's first secure by design alert, Okta's updated breach disclosure, and more! Show Notes: https://securityweekly.com/asw-265
Our first impressions of two new hot bits of hardware – the Steam Deck OLED, and the Raspberry Pi 5. Plus great news for self-hosted webmail, a call to support open source AI/ML image processing, and a mini KDE Korner. News Open source email pioneer Roundcube joins the Nextcloud family Vulns expose ownCloud admin... Read More
Our first impressions of two new hot bits of hardware – the Steam Deck OLED, and the Raspberry Pi 5. Plus great news for self-hosted webmail, a call to support open source AI/ML image processing, and a mini KDE Korner. News Open source email pioneer Roundcube joins the Nextcloud family Vulns expose ownCloud admin... Read More
In the Security News: Fried squid is tasty, but the squid proxy is vulnerable, Flipper zero and other tools can now BLE Spam more than just Apple devices, Cisco IOS vulnerability in the web interface, again, is Signal vulnerable?, WinRAR being exploit, still, Math.Random is not really all that random, get your malware samples, and my inside look into Android TV devices, malware, and the horrors of the supply chain! All that and more on this episode of Paul's Security Weekly! Show Notes: https://securityweekly.com/psw-803
In the Security News: Fried squid is tasty, but the squid proxy is vulnerable, Flipper zero and other tools can now BLE Spam more than just Apple devices, Cisco IOS vulnerability in the web interface, again, is Signal vulnerable?, WinRAR being exploit, still, Math.Random is not really all that random, get your malware samples, and my inside look into Android TV devices, malware, and the horrors of the supply chain! All that and more on this episode of Paul's Security Weekly! Show Notes: https://securityweekly.com/psw-803
A stroll back through the Apache Struts breach of Equifax, CISA's list of Known Exploited Vulnerabilities, Rust's replacement for OpenSSL, Go no longer throws programmers for a loop, complexity vs. design (that leads to better security). Show Notes: https://securityweekly.com/asw-256
A stroll back through the Apache Struts breach of Equifax, CISA's list of Known Exploited Vulnerabilities, Rust's replacement for OpenSSL, Go no longer throws programmers for a loop, complexity vs. design (that leads to better security). Show Notes: https://securityweekly.com/asw-256
A slew of XSS in Azure's HDInsights, CNCF releases fuzzing and security audits on Kyverno and Dragonfly2, CISA shares a roadmap for security open source software, race conditions and repojacking in GitHub, and more! Show Notes: https://securityweekly.com/asw-255
A slew of XSS in Azure's HDInsights, CNCF releases fuzzing and security audits on Kyverno and Dragonfly2, CISA shares a roadmap for security open source software, race conditions and repojacking in GitHub, and more! Show Notes: https://securityweekly.com/asw-255
SecurityWeek Cisco Switch Vulns - https://www.securityweek.com/vulnerability-in-cisco-enterprise-switches-allows-attackers-to-modify-encrypted-traffic/ Bleeping Computer Google Apps Send Data to China - https://www.bleepingcomputer.com/news/security/apps-with-15m-installs-on-google-play-send-your-data-to-china/ vCISO Services Virtual CISO and Information Security Risk Management – https://vcisoservices.com Vulcan What the Death of CentOS Means - https://cybersec.vulcan.io/s/what-the-death-of-centos-means-for-security-9582 Human Error Leading Cause Cloud Data Breaches - https://www.infosecurity-magazine.com/news/human-error-cloud-data-breaches/ Pen Testing and Cost of Cyber Insurance - https://thehackernews.com/2023/07/how-pen-testing-can-soften-blow-on.html Medtech Dive Vulns in Cardiac Data Systems - https://www.medtechdive.com/news/MDT-Medtronic-cybersecurity-vulnerability-CISA/654480/ BetaNews Cybercrime Third Largest Economy - https://betanews.com/2023/07/06/value-of-cybercrime-equivalent-to-the-third-largest-global-economy --- Send in a voice message: https://podcasters.spotify.com/pod/show/virtual-ciso-moment/message
OWASP has a draft for the LLM Top 10, simple vulns in a modern SaaS app, ancient vuln in a Wordpress plugin, PyPI moves to secure its package manager accounts, ThinkstScape Quarterly research report, having fun with memory variables, DNS, and logins. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-243
OWASP has a draft for the LLM Top 10, simple vulns in a modern SaaS app, ancient vuln in a Wordpress plugin, PyPI moves to secure its package manager accounts, ThinkstScape Quarterly research report, having fun with memory variables, DNS, and logins. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-243
For this week's bug bounty podcast We start off with a bit of a unique auth bypass in a firewall admin panel. We've also got a couple desktop-based software bugs, with a Docker Desktop privilege escalation on windows, and a chfn bug. We've also got a couple escalation techniques, one for Azure environments, and another trick for exploiting semi-controlled file-writes. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/205.html [00:00:00] Introduction [00:00:32] SecurePwn Part 1: Bypassing SecurePoint UTM's Authentication [CVE-2023-22620] [00:08:41] Abusing Linux chfn to Misrepresent etc passwd [CVE-2023-29383] [00:14:39] Breaking Docker Named Pipes SYSTEMatically: Docker Desktop Privilege Escalation – Part 2 [00:22:42] From listKeys to Glory: How We Achieved a Subscription Privilege Escalation and RCE by Abusing Azure Storage Account Keys [00:25:52] Pretalx Vulnerabilities: How to get accepted at every conference [00:34:07] LLM Hacker's Handbook The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9
Reddit's breach disclosure, simple vulns in Toyota's web portals, OpenSSL vulns, voting results for Portswigger's top 10 web hacking techniques of 2022, tiny IoT cryptography implementations, real world migration of a million lines of code Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw229
Reddit's breach disclosure, simple vulns in Toyota's web portals, OpenSSL vulns, voting results for Portswigger's top 10 web hacking techniques of 2022, tiny IoT cryptography implementations, real world migration of a million lines of code Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw229
This week in the Security News: GetVariable strikes again, attackers could blow up your computer remotely, escaping containers, null-dereferences and faulty evaluations, 31 new CPU vulnerabilities for AMD, a look into Chrome, santa, not-so-secure secure booting, and malware included! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw770
This week in the Security News: GetVariable strikes again, attackers could blow up your computer remotely, escaping containers, null-dereferences and faulty evaluations, 31 new CPU vulnerabilities for AMD, a look into Chrome, santa, not-so-secure secure booting, and malware included! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw770
We've got a cloud focused episode this week, starting with a logging bypass in AWS CloudTrail, a SSH Key injection, and cross-tenant data access in Azure Cognitive Search. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/181.html [00:00:00] Introduction [00:00:25] Undocumented API allows CloudTrail bypass [00:06:00] Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434) [00:14:53] SSH key injection in Google Cloud Compute Engine [Google VRP] [00:19:08] Chat Question: Why is Cross-Site Scripting called That [00:22:36] Cross-tenant network bypass in Azure Cognitive Search The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9
Exposed secrets from CircleCI, web hackers target the auto industry, $100K bounty for making Google smart speakers listen, inspiration from Office Space, AWS making better defaults for S3, resources for learning Rust Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw225
Exposed secrets from CircleCI, web hackers target the auto industry, $100K bounty for making Google smart speakers listen, inspiration from Office Space, AWS making better defaults for S3, resources for learning Rust Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw225
The end of kASLR bypasses? Probably just click-bait, but the patch gap is real and we discuss that a bit before getting into a couple AI-based corruptions. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/172.html [00:00:00] Introduction [00:01:15] Spot the Vuln - Escape [00:06:00] Humble Tech Book Bundle: The Art of Hacking by No Starch Press [00:11:00] An End to KASLR Bypasses? [00:15:59] Mind the Gap [00:24:36] ANE_ProgramCreate() multiple kernel memory corruption [CVE-2022-32898] [00:34:29] Chat Question: Guides/Techniques to Help With C++ Reverse Engineering [00:36:35] ZinComputeProgramUpdateMutables() OOB write due to double fetch issue [CVE-2022-32932] The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9
In the Security News: last year's open source is tomorrow's vulnerabilities, RepoJacking, I feel like there will always be authenitcation bypass, super charge your hacking, do you have your multipath, RC4 and why not to use it, here's the problem with vulnerability scanners, packages and expired domains, initrd should not be trusted, Apple kernels, oh and did you hear there is a vulnerability in OpenSSL! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw762
In the Security News: last year's open source is tomorrow's vulnerabilities, RepoJacking, I feel like there will always be authenitcation bypass, super charge your hacking, do you have your multipath, RC4 and why not to use it, here's the problem with vulnerability scanners, packages and expired domains, initrd should not be trusted, Apple kernels, oh and did you hear there is a vulnerability in OpenSSL! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw762
A few issues this week, including an overflow in SHA-3, yet another io_uring bug, and multiple (questionably exploitable) corruptions in Edge. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/162.html [00:00:00] Introduction [00:00:23] Spot the Vuln - Tricky Notes [00:04:04] Memory corruption vulnerabilities in Edge [00:15:19] SHA-3 Buffer Overflow [00:23:53] A Journey To The Dawn [CVE-2022-1786] [00:36:57] Exploiting Xbox Game Frogger Beyond to Execute Arbitrary Unsigned Code The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9
Exploiting FortiOS with HTTP client headers, mishandling memory in Linux kernel Wi-Fi stack, a field guide to security communities, secure coding resources from the OpenSSF, Linux kernel exploitation Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw216
Exploiting FortiOS with HTTP client headers, mishandling memory in Linux kernel Wi-Fi stack, a field guide to security communities, secure coding resources from the OpenSSF, Linux kernel exploitation Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw216
Welcome to Episode 129b Announcements Patreon Update name_pending197 Jeremy Arinomi Andrew Tatro Bruce Robert David S0l3mn LiNuXsys666 Mark The Mentor Marc Julius Andi J Charles Get your Iron Sysadmin Merch at Teespring! https://teespring.com/stores/ironsysadmin Support the Iron Sysadmin Podcast AND try out Riverside.fm by using this link: https://riverside.fm/?utm_campaign=campaign_1&utm_medium=affiliate&utm_source=rewardful&via=ironsysadmin Nate co-hosting Into The Terminal 09/30 at noon est. Chat [unclemarc] Printed a cool stand for it - https://www.thingiverse.com/thing:5363356/files Enabled sshd on the Steam Deck for access via my laptop My son's Deck is sitting over there, we're bringing it to him on Sunday Steam Deck Having fun interviewing for a new TAM for my team [gangrif] https://www.skylightframe.com Got a “Skylight” frame/calendar. Its pretty neat Also.. trying out the other evil spying device.. Amazon alexa. And finally playing Elden Ring. Very curious about Bone Lab (vr game) [xenophage] Also Watchdogs:Legion, Ni No Kuni, and Secret of Monkey Island ! Kubernetes ! Lots of FFXIV News https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients https://fakeyou.com/tts/result/TR:mts8v95r5a78s241hyx92pnt3eagr https://www.theverge.com/2022/9/29/23378713/google-stadia-shutting-down-game-streaming-january-2023 Driver: https://github.com/ViGEm/ViGEmBus/releases Emulator: https://github.com/71/stadiacontroller/releases Stadia Controllers on Windows: https://theintercept.com/2022/09/28/cia-extinction-woolly-mammoth-dna/ https://www.npr.org/2022/09/20/1124096032/stay-hungry-stay-foolish https://www.bloomberg.com/news/articles/2022-09-29/meta-announces-hiring-freeze-warns-employees-of-restructuring Watch us live on the 2nd and 4th Thursday of every month! Subscribe and hit the bell! https://www.youtube.com/IronSysadminPodcast OR https://twitch.tv/IronSysadminPodcast Discord Community: https://discord.gg/wmxvQ4c2H6 Find us on Twitter, and Facebook! https://www.facebook.com/ironsysadmin https://www.twitter.com/ironsysadmin Subscribe wherever you find podcasts! And don't forget about our patreon! https://patreon.com/ironsysadmin Intro and Outro music credit: Tri Tachyon, Digital MK 2http://freemusicarchive.org/music/Tri-Tachyon/
Multiple vulns in a smart lock, Office Macros finally disabled by default, data breach costs and threat modeling, designing migration paths for 2FA Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw206
In the Enterprise Security News: Blockchain security startups are still raising tons of money, but not in crypto, since it's now worthless. Ha! just kidding. Maybe. Am I? Anvilogic, AppViewX, Sotero, Resourcely, and Push Security all raise rounds JUICY RUMORS! Is Crowdstrike buying Orca? Is Akamai getting bought out by a PE shop? HUMAN and PerimeterX join in a rare cybersecurity merger, Are Azure's vulnerabilities out of control? Zoom brings end-to-end encryption to its cloud phone service, npm says FINE, we'll add some security, Kaseya's CEO is just, telling it like it is, man. The problem must be with you. A robot attacks a child, time to add EMP grenades to your EDC! All that and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw282
This week in the Security News: Chaining Zoom bugs is possible to hack users in a chat by sending them a message, Microsoft vulnerabilities down for 2021, CISA adds 41 flaws to its Known Exploited Vulnerabilities Catalog, Using NMAP to Assess Hosts in Load Balanced Clusters, Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw742
This week, in the Enterprise News: Vanta raises a $110M Series B to automate SOC 2, ISO, PCI and other compliance efforts Immuta raises a $100M Series E for secure data access (an everything-old-is-new-again market that's exploding) Perimeter 81 raises $100M Series C and becomes a unicorn - You get a VPN! I get a VPN! Everyone gets a VPN! Over a dozen other vendors raise funding! IBM acquires EASM vendor, Randori Another Azure vulnerability allowing tenancy escapes Microsoft's Purview goes beyond DLP and gets into the pre-crime business Half a dozen cybersecurity vendor layoff announcements! We discuss the controversy around Rob Lee's involvement with developing federal standards for critical infrastructure protection and we say farewell (and good riddance) to Internet Explorer… but not really Then, after the news, we're going to air some segments recorded at the RSA conference last week. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw277
In the Security News for this week: Singapore launches safety rating system for e-commerce sites, Watch Out for Zyxel Firewalls RCE Vulnerability, New Bluetooth hack that can unlock your Tesla, Hackers Compromise a String of NFT Discord Channels, a pentester's attempt to be ‘as realistic as possible' backfires, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw741
What does the word "non-commensurate" mean? When is cracking passwords legal? Why did Firefox get patched? Which computer needed dropping onto the desk? Why wasn't this 0-day listed in every Apple update? Did Duck get spammed, or was it actually a troll? Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity
OAuth tokens compromised, five flaws in a medical robot, lessons from ASN.1 parsing, XSS and bad UX, proactive security & engineering culture at Chime Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw193
In the AppSec News: Finding vulns in markdown parsers, Census II and widespread open source dependencies, inside iCloud Private Relay, and cloud pentesting tools! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw187
This week in the Security Weekly News, Dr. Doug talks: Ragnar Locker, more Linux vulnerabilities, Samsung, Nvidia, Adafruit and Ada Lovelace, CrowdStrike, Cloudflare, Ping Coalition, and ICS along with the Expert Commentary of Jason Wood on this edition of the Security Weekly News! Show Notes: https://securityweekly.com/swn193 Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly