Podcasts about vulns

  • 45PODCASTS
  • 188EPISODES
  • 49mAVG DURATION
  • 1WEEKLY EPISODE
  • Feb 6, 2024LATEST

POPULARITY

20172018201920202021202220232024


Best podcasts about vulns

Latest podcast episodes about vulns

Application Security Weekly (Video)
Sorting Out Glibc Vulns, Apple's Security Research Device, BoringSSL, Old C Vulns - ASW #272

Application Security Weekly (Video)

Play Episode Listen Later Feb 6, 2024 36:41


Qualys discloses syslog and qsort vulns in glibc, Apple's jailbroken iPhone for security researchers, moving away from OpenSSL, what an ancient vuln in image parsing can teach us today, and more! Show Notes: https://securityweekly.com/asw-272

Paul's Security Weekly TV
Sorting Out Glibc Vulns, Apple's Security Research Device, BoringSSL, Old C Vulns - ASW #272

Paul's Security Weekly TV

Play Episode Listen Later Feb 6, 2024 36:41


Qualys discloses syslog and qsort vulns in glibc, Apple's jailbroken iPhone for security researchers, moving away from OpenSSL, what an ancient vuln in image parsing can teach us today, and more! Show Notes: https://securityweekly.com/asw-272

Critical Thinking - Bug Bounty Podcast
Episode 56: Using Data Science to win Bug Bounty - Mayonaise (aka Jon Colston)

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Feb 1, 2024 107:40


Episode 56: Using Data Science to win Bug Bounty - Mayonaise (aka Jon Colston)Episode 56: In this episode of Critical Thinking - Bug Bounty Podcast, Justin sits down with Jon Colston to discuss how his background in digital marketing and data science has influenced his hunting methodology. We dive into subjects like data sources, automation, working backwards from vulnerabilities, applying conversion funnels to bug bounty, and the mayonaise signature 'Mother of All Bugs' Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------WordFence - Sign up as a researcher! https://ctbb.show/wfSign up for Caido using the referral code CTBBPODCAST for a 10% discount. Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today's Guest:https://hackerone.com/mayonaise?type=userTimestamps:(00:00:00) Introduction(00:12:07) Evolving Hacking Methodologies & B2B Hacking(00:23:57) Data Science + Bug Bounty(00:34:37) 'Lead Generation for Vulns'(00:41:39) Ingredients and Recipes(00:49:45) Keyword Categorization(00:54:30) Manual Processes and Recap(01:07:08) Data Sources(01:19:59) Digital Marketing + Bug Bounty(01:32:22) M.O.A.B.s(01:41:02) Burnout Protection and Dupe Analysis

Application Security Weekly (Video)
Vulns & Secure Design, MiraclePtr Success, Abandoned Projects & Maven, Old "AI Chip" - ASW #271

Application Security Weekly (Video)

Play Episode Listen Later Jan 30, 2024 40:52


Vulns in Jenkins code and Cisco devices that make us think about secure designs, MiraclePtr pulls off a relatively quick miracle, code lasts while domains expire, an "Artificial Intelligence chip" from the 90s, and more! Show Notes: https://securityweekly.com/asw-271

Paul's Security Weekly TV
Vulns & Secure Design, MiraclePtr Success, Abandoned Projects & Maven, Old "AI Chip" - ASW #271

Paul's Security Weekly TV

Play Episode Listen Later Jan 30, 2024 40:52


Vulns in Jenkins code and Cisco devices that make us think about secure designs, MiraclePtr pulls off a relatively quick miracle, code lasts while domains expire, an "Artificial Intelligence chip" from the 90s, and more! Show Notes: https://securityweekly.com/asw-271

Application Security Weekly (Video)
Security in Wrenches, Vulns in Atlassian and GitLab, 2023's Top Web Hacking Tricks - ASW #270

Application Security Weekly (Video)

Play Episode Listen Later Jan 23, 2024 34:26


Vulns throw a wrench in a wrench, more vulns drench Atlassian, vulns send GitLab back to the design bench, voting for the top web hacking techniques of 2023, and more! Show Notes: https://securityweekly.com/asw-270

Paul's Security Weekly TV
Security in Wrenches, Vulns in Atlassian and GitLab, 2023's Top Web Hacking Tricks - ASW #270

Paul's Security Weekly TV

Play Episode Listen Later Jan 23, 2024 34:26


Vulns throw a wrench in a wrench, more vulns drench Atlassian, vulns send GitLab back to the design bench, voting for the top web hacking techniques of 2023, and more! Show Notes: https://securityweekly.com/asw-270

Enterprise Security Weekly (Video)
Ransomware prevention, ransomware stats, SSH vulns, and $1 Chevy Tahoes! - ESW #344

Enterprise Security Weekly (Video)

Play Episode Listen Later Dec 22, 2023 56:12


This week, in the security market, we talk about next NEXT gen anti-virus, how Okta can (apparently) do no wrong, and a VC firm imploding. Then we discuss how smartphones and speakers are allegedly being used to spy on us, and the future of privacy and consumer tech products. The latest SSH vuln is much less concerning than media outlets and academic researchers would have you believe. The Citrixbleed vuln, however is about as bad as vulns can get, and has led to one of the biggest US consumer breaches in a while, with Comcast/XFinity losing all customer records. The SEC backpedals (again!) on requiring breached companies to provide details about how they got breached. And finally, we have some fun with some squirrel stories that you should absolutely check out by going to our show notes, here: https://securityweekly.com/esw344 Show Notes: https://securityweekly.com/esw-344

Paul's Security Weekly TV
Ransomware prevention, ransomware stats, SSH vulns, and $1 Chevy Tahoes! - ESW #344

Paul's Security Weekly TV

Play Episode Listen Later Dec 22, 2023 56:12


This week, in the security market, we talk about next NEXT gen anti-virus, how Okta can (apparently) do no wrong, and a VC firm imploding. Then we discuss how smartphones and speakers are allegedly being used to spy on us, and the future of privacy and consumer tech products. The latest SSH vuln is much less concerning than media outlets and academic researchers would have you believe. The Citrixbleed vuln, however is about as bad as vulns can get, and has led to one of the biggest US consumer breaches in a while, with Comcast/XFinity losing all customer records. The SEC backpedals (again!) on requiring breached companies to provide details about how they got breached. And finally, we have some fun with some squirrel stories that you should absolutely check out by going to our show notes, here: https://securityweekly.com/esw344 Show Notes: https://securityweekly.com/esw-344

Critical Thinking - Bug Bounty Podcast
Episode 50: ­Mathias "Fall in a well" Karlsson - Bug Bounty Prophet

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Dec 21, 2023 144:31


Episode 50: In this episode of Critical Thinking - Bug Bounty Podcast, Justin catches up with hacking master Mathias Karlsson, and talks about burnout, collaboration, and the importance of specialization. Then we dive into the technical details of MXSS and XSLT, character encoding, and give some predictions of what Bug Bounty might look like in the future…Follow us on twitter at: @ctbbpodcastSend us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:------ Ways to Support CTBBPodcast ------Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.Hop on the CTBB Discord!We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today's GuestEpisode ResourcesHow to Differentiate Yourself as a HunterMutateMethodshackaplanetenArticle About Unicode and Character SetsByte Order Mark:Character EncodingsShapeCatcherWAF BypassBountyDashEXPLOITING HTTP'S HIDDEN ATTACK-SURFACETimestamps:(00:00:00) Introduction(00:10:06) Automation Setup and Assetnote Origins(00:16:49) Sharing Tips, and Content Creation(00:22:27) Collaboration and Optimization(00:36:44) Working at Detectify(00:51:45) Bug Bounty Burnout(00:56:15) Early Days of Bug Bounty and Future Predictions(01:19:00) Nerdsnipeability(01:29:38) MXSS and XSLT(01:54:20) Learning through being wrong(02:00:15) Go-to Vulns

Paul's Security Weekly TV
Extracting Data from ChatGPT, Vulns Around AI, Secure AI Guidance, LogoFAIL, BLUFFS - ASW #265

Paul's Security Weekly TV

Play Episode Listen Later Dec 6, 2023 34:47


Repetition extracts data from ChatGPT, more vulns in the software that surrounds AI, guidelines for secure AI, LogoFAIL trips a boot, BLUFFS attack on Bluetooth, CISA's first secure by design alert, Okta's updated breach disclosure, and more! Show Notes: https://securityweekly.com/asw-265

Day[0] - Zero Days for Day Zero
[binary] Samsung Baseband and GPU Vulns

Day[0] - Zero Days for Day Zero

Play Episode Listen Later Dec 6, 2023 33:08


A Samsung special this week, starting off with two Samsung specific vulnerabilities, one in the baseband chip for code execution. And a stack based overflow in the RILD service handler parsing IPC calls from the baseband chip for a denial of service. Lastly a Mali GPU driver use-after-free. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/230.html [00:00:00] Introduction [00:00:27] Humble Tech Book Bundle: Hacking 2023 by No Starch [00:08:15] CVE-2023-21517: Samsung Baseband LTE ESM TFT Heap Buffer Overflow [00:18:10] CVE-2023-30644: Samsung RIL Stack Buffer Overflow [00:24:58] Arm Mali r44p0: UAF by freeing waitqueue with elements on it [00:31:55] A Detailed Look at Pwn2Own Automotive EV Charger Hardware The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

Application Security Weekly (Video)
Extracting Data from ChatGPT, Vulns Around AI, Secure AI Guidance, LogoFAIL, BLUFFS - ASW #265

Application Security Weekly (Video)

Play Episode Listen Later Dec 6, 2023 34:47


Repetition extracts data from ChatGPT, more vulns in the software that surrounds AI, guidelines for secure AI, LogoFAIL trips a boot, BLUFFS attack on Bluetooth, CISA's first secure by design alert, Okta's updated breach disclosure, and more! Show Notes: https://securityweekly.com/asw-265

Late Night Linux
Late Night Linux – Episode 258

Late Night Linux

Play Episode Listen Later Dec 5, 2023 25:48


Our first impressions of two new hot bits of hardware – the Steam Deck OLED, and the Raspberry Pi 5. Plus great news for self-hosted webmail, a call to support open source AI/ML image processing, and a mini KDE Korner.   News Open source email pioneer Roundcube joins the Nextcloud family Vulns expose ownCloud admin... Read More

Late Night Linux All Episodes
Late Night Linux – Episode 258

Late Night Linux All Episodes

Play Episode Listen Later Dec 5, 2023 25:48


Our first impressions of two new hot bits of hardware – the Steam Deck OLED, and the Raspberry Pi 5. Plus great news for self-hosted webmail, a call to support open source AI/ML image processing, and a mini KDE Korner.   News Open source email pioneer Roundcube joins the Nextcloud family Vulns expose ownCloud admin... Read More

Paul's Security Weekly TV
Fried Squid, Flipper Zero BLM Spam, Apple Devices, Signal Vulns? & Android TV Devices - PSW #803

Paul's Security Weekly TV

Play Episode Listen Later Oct 19, 2023 103:36


In the Security News: Fried squid is tasty, but the squid proxy is vulnerable, Flipper zero and other tools can now BLE Spam more than just Apple devices, Cisco IOS vulnerability in the web interface, again, is Signal vulnerable?, WinRAR being exploit, still, Math.Random is not really all that random, get your malware samples, and my inside look into Android TV devices, malware, and the horrors of the supply chain! All that and more on this episode of Paul's Security Weekly! Show Notes: https://securityweekly.com/psw-803

Paul's Security Weekly (Video-Only)
Fried Squid, Flipper Zero BLM Spam, Apple Devices, Signal Vulns? & Android TV Devices - PSW #803

Paul's Security Weekly (Video-Only)

Play Episode Listen Later Oct 19, 2023 103:36


In the Security News: Fried squid is tasty, but the squid proxy is vulnerable, Flipper zero and other tools can now BLE Spam more than just Apple devices, Cisco IOS vulnerability in the web interface, again, is Signal vulnerable?, WinRAR being exploit, still, Math.Random is not really all that random, get your malware samples, and my inside look into Android TV devices, malware, and the horrors of the supply chain! All that and more on this episode of Paul's Security Weekly! Show Notes: https://securityweekly.com/psw-803

Paul's Security Weekly TV
Equifax's Breach, CISA's 1,000 Vulns, Rust's TLS Library, Complexity vs. Design - ASW #256

Paul's Security Weekly TV

Play Episode Listen Later Sep 26, 2023 40:23


A stroll back through the Apache Struts breach of Equifax, CISA's list of Known Exploited Vulnerabilities, Rust's replacement for OpenSSL, Go no longer throws programmers for a loop, complexity vs. design (that leads to better security). Show Notes: https://securityweekly.com/asw-256

Application Security Weekly (Video)
Equifax's Breach, CISA's 1,000 Vulns, Rust's TLS Library, Complexity vs. Design - ASW #256

Application Security Weekly (Video)

Play Episode Listen Later Sep 26, 2023 40:23


A stroll back through the Apache Struts breach of Equifax, CISA's list of Known Exploited Vulnerabilities, Rust's replacement for OpenSSL, Go no longer throws programmers for a loop, complexity vs. design (that leads to better security). Show Notes: https://securityweekly.com/asw-256

Application Security Weekly (Video)
Azure's Eight XSS Vulns, CNCF's Two Security Audits, CISA's OSS Roadmap, Repojacking - ASW #255

Application Security Weekly (Video)

Play Episode Listen Later Sep 19, 2023 34:40


A slew of XSS in Azure's HDInsights, CNCF releases fuzzing and security audits on Kyverno and Dragonfly2, CISA shares a roadmap for security open source software, race conditions and repojacking in GitHub, and more! Show Notes: https://securityweekly.com/asw-255

Paul's Security Weekly TV
Azure's Eight XSS Vulns, CNCF's Two Security Audits, CISA's OSS Roadmap, Repojacking - ASW #255

Paul's Security Weekly TV

Play Episode Listen Later Sep 19, 2023 34:40


A slew of XSS in Azure's HDInsights, CNCF releases fuzzing and security audits on Kyverno and Dragonfly2, CISA shares a roadmap for security open source software, race conditions and repojacking in GitHub, and more! Show Notes: https://securityweekly.com/asw-255

The Virtual CISO Moment
Infosec Wrap Up - July 7, 2023

The Virtual CISO Moment

Play Episode Listen Later Jul 7, 2023 14:45


SecurityWeek Cisco Switch Vulns - https://www.securityweek.com/vulnerability-in-cisco-enterprise-switches-allows-attackers-to-modify-encrypted-traffic/ Bleeping Computer Google Apps Send Data to China - https://www.bleepingcomputer.com/news/security/apps-with-15m-installs-on-google-play-send-your-data-to-china/ vCISO Services Virtual CISO and Information Security Risk Management – https://vcisoservices.com Vulcan What the Death of CentOS Means - https://cybersec.vulcan.io/s/what-the-death-of-centos-means-for-security-9582 Human Error Leading Cause Cloud Data Breaches - https://www.infosecurity-magazine.com/news/human-error-cloud-data-breaches/ Pen Testing and Cost of Cyber Insurance - https://thehackernews.com/2023/07/how-pen-testing-can-soften-blow-on.html Medtech Dive  Vulns in Cardiac Data Systems - https://www.medtechdive.com/news/MDT-Medtronic-cybersecurity-vulnerability-CISA/654480/ BetaNews Cybercrime Third Largest Economy - https://betanews.com/2023/07/06/value-of-cybercrime-equivalent-to-the-third-largest-global-economy --- Send in a voice message: https://podcasters.spotify.com/pod/show/virtual-ciso-moment/message

Paul's Security Weekly TV
LLM Top 10, Simple Vulns, PyPI Requires 2FA, ThinkstScapes Quarterly, Fun w/ Learning - ASW #243

Paul's Security Weekly TV

Play Episode Listen Later Jun 6, 2023 40:39


OWASP has a draft for the LLM Top 10, simple vulns in a modern SaaS app, ancient vuln in a Wordpress plugin, PyPI moves to secure its package manager accounts, ThinkstScape Quarterly research report, having fun with memory variables, DNS, and logins.   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-243 

Application Security Weekly (Video)
LLM Top 10, Simple Vulns, PyPI Requires 2FA, ThinkstScapes Quarterly, Fun w/ Learning - ASW #243

Application Security Weekly (Video)

Play Episode Listen Later Jun 6, 2023 40:39


OWASP has a draft for the LLM Top 10, simple vulns in a modern SaaS app, ancient vuln in a Wordpress plugin, PyPI moves to secure its package manager accounts, ThinkstScape Quarterly research report, having fun with memory variables, DNS, and logins.   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-243 

Day[0] - Zero Days for Day Zero
[bounty] SecurePoint UTM, Chfn, and Docker Named Pipe Vulns

Day[0] - Zero Days for Day Zero

Play Episode Listen Later Apr 25, 2023 37:44


For this week's bug bounty podcast We start off with a bit of a unique auth bypass in a firewall admin panel. We've also got a couple desktop-based software bugs, with a Docker Desktop privilege escalation on windows, and a chfn bug. We've also got a couple escalation techniques, one for Azure environments, and another trick for exploiting semi-controlled file-writes. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/205.html [00:00:00] Introduction [00:00:32] SecurePwn Part 1: Bypassing SecurePoint UTM's Authentication [CVE-2023-22620] [00:08:41] Abusing Linux chfn to Misrepresent etc passwd [CVE-2023-29383] [00:14:39] Breaking Docker Named Pipes SYSTEMatically: Docker Desktop Privilege Escalation – Part 2 [00:22:42] From listKeys to Glory: How We Achieved a Subscription Privilege Escalation and RCE by Abusing Azure Storage Account Keys [00:25:52] Pretalx Vulnerabilities: How to get accepted at every conference [00:34:07] LLM Hacker's Handbook The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

Paul's Security Weekly TV
Reddit Breach, Toyota Bugs, OpenSSL Vulns, Top 10 Web Hacking Techniques of 2022 - ASW #229

Paul's Security Weekly TV

Play Episode Listen Later Feb 15, 2023 44:01


Reddit's breach disclosure, simple vulns in Toyota's web portals, OpenSSL vulns, voting results for Portswigger's top 10 web hacking techniques of 2022, tiny IoT cryptography implementations, real world migration of a million lines of code   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw229

Application Security Weekly (Video)
Reddit Breach, Toyota Bugs, OpenSSL Vulns, Top 10 Web Hacking Techniques of 2022 - ASW #229

Application Security Weekly (Video)

Play Episode Listen Later Feb 14, 2023 44:01


Reddit's breach disclosure, simple vulns in Toyota's web portals, OpenSSL vulns, voting results for Portswigger's top 10 web hacking techniques of 2022, tiny IoT cryptography implementations, real world migration of a million lines of code   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw229

Paul's Security Weekly TV
GetVariable Strikes Again, Linux Santa, AMD Vulns, & Remote Computer Detonation - PSW #770

Paul's Security Weekly TV

Play Episode Listen Later Jan 26, 2023 109:27


This week in the Security News: GetVariable strikes again, attackers could blow up your computer remotely, escaping containers, null-dereferences and faulty evaluations, 31 new CPU vulnerabilities for AMD, a look into Chrome, santa, not-so-secure secure booting, and malware included!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw770

Paul's Security Weekly (Video-Only)
GetVariable Strikes Again, Linux Santa, AMD Vulns, & Remote Computer Detonation - PSW #770

Paul's Security Weekly (Video-Only)

Play Episode Listen Later Jan 26, 2023 109:27


This week in the Security News: GetVariable strikes again, attackers could blow up your computer remotely, escaping containers, null-dereferences and faulty evaluations, 31 new CPU vulnerabilities for AMD, a look into Chrome, santa, not-so-secure secure booting, and malware included!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw770

Day[0] - Zero Days for Day Zero
[bounty] Cloud Bugs and More Vulns in Galaxy App Store

Day[0] - Zero Days for Day Zero

Play Episode Listen Later Jan 24, 2023 29:49


We've got a cloud focused episode this week, starting with a logging bypass in AWS CloudTrail, a SSH Key injection, and cross-tenant data access in Azure Cognitive Search. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/181.html [00:00:00] Introduction [00:00:25] Undocumented API allows CloudTrail bypass [00:06:00] Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434) [00:14:53] SSH key injection in Google Cloud Compute Engine [Google VRP] [00:19:08] Chat Question: Why is Cross-Site Scripting called That [00:22:36] Cross-tenant network bypass in Azure Cognitive Search The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

Paul's Security Weekly TV
CircleCI Breach, Vulns in Auto Sites, Google Speaker Bugs, Office Space, S3 Defaults - ASW #225

Paul's Security Weekly TV

Play Episode Listen Later Jan 11, 2023 38:43


Exposed secrets from CircleCI, web hackers target the auto industry, $100K bounty for making Google smart speakers listen, inspiration from Office Space, AWS making better defaults for S3, resources for learning Rust   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw225

Application Security Weekly (Video)
CircleCI Breach, Vulns in Auto Sites, Google Speaker Bugs, Office Space, S3 Defaults - ASW #225

Application Security Weekly (Video)

Play Episode Listen Later Jan 10, 2023 38:43


Exposed secrets from CircleCI, web hackers target the auto industry, $100K bounty for making Google smart speakers listen, inspiration from Office Space, AWS making better defaults for S3, resources for learning Rust   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw225

Day[0] - Zero Days for Day Zero
[binary] Patch Gaps and Apple Neural Engine Vulns

Day[0] - Zero Days for Day Zero

Play Episode Listen Later Dec 1, 2022 43:49


The end of kASLR bypasses? Probably just click-bait, but the patch gap is real and we discuss that a bit before getting into a couple AI-based corruptions. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/172.html [00:00:00] Introduction [00:01:15] Spot the Vuln - Escape [00:06:00] Humble Tech Book Bundle: The Art of Hacking by No Starch Press [00:11:00] An End to KASLR Bypasses? [00:15:59] Mind the Gap [00:24:36] ANE_ProgramCreate() multiple kernel memory corruption [CVE-2022-32898] [00:34:29] Chat Question: Guides/Techniques to Help With C++ Reverse Engineering [00:36:35] ZinComputeProgramUpdateMutables() OOB write due to double fetch issue [CVE-2022-32932] The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

Paul's Security Weekly (Video-Only)
OpenSSL Vulns, RepoJacking, Authentication Bypass, & Supercharging Your Hacking - PSW #762

Paul's Security Weekly (Video-Only)

Play Episode Listen Later Nov 3, 2022 91:27


In the Security News: last year's open source is tomorrow's vulnerabilities, RepoJacking, I feel like there will always be authenitcation bypass, super charge your hacking, do you have your multipath, RC4 and why not to use it, here's the problem with vulnerability scanners, packages and expired domains, initrd should not be trusted, Apple kernels, oh and did you hear there is a vulnerability in OpenSSL!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw762

Paul's Security Weekly TV
OpenSSL Vulns, RepoJacking, Authentication Bypass, & Supercharging Your Hacking - PSW #762

Paul's Security Weekly TV

Play Episode Listen Later Nov 3, 2022 91:27


In the Security News: last year's open source is tomorrow's vulnerabilities, RepoJacking, I feel like there will always be authenitcation bypass, super charge your hacking, do you have your multipath, RC4 and why not to use it, here's the problem with vulnerability scanners, packages and expired domains, initrd should not be trusted, Apple kernels, oh and did you hear there is a vulnerability in OpenSSL!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw762

Day[0] - Zero Days for Day Zero
[binary] Edge Vulns, a SHA-3 Overflow, and an io_uring Exploit

Day[0] - Zero Days for Day Zero

Play Episode Listen Later Oct 27, 2022 38:31


A few issues this week, including an overflow in SHA-3, yet another io_uring bug, and multiple (questionably exploitable) corruptions in Edge. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/162.html [00:00:00] Introduction [00:00:23] Spot the Vuln - Tricky Notes [00:04:04] Memory corruption vulnerabilities in Edge [00:15:19] SHA-3 Buffer Overflow [00:23:53] A Journey To The Dawn [CVE-2022-1786] [00:36:57] Exploiting Xbox Game Frogger Beyond to Execute Arbitrary Unsigned Code The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

Application Security Weekly (Video)
FortiOS Exploit, Linux Kernel Wi-Fi Vulns, Infosec Communities, Secure Coding - ASW #216

Application Security Weekly (Video)

Play Episode Listen Later Oct 18, 2022 40:41


Exploiting FortiOS with HTTP client headers, mishandling memory in Linux kernel Wi-Fi stack, a field guide to security communities, secure coding resources from the OpenSSF, Linux kernel exploitation   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw216

Paul's Security Weekly TV
FortiOS Exploit, Linux Kernel Wi-Fi Vulns, Infosec Communities, Secure Coding - ASW #216

Paul's Security Weekly TV

Play Episode Listen Later Oct 18, 2022 40:41


Exploiting FortiOS with HTTP client headers, mishandling memory in Linux kernel Wi-Fi stack, a field guide to security communities, secure coding resources from the OpenSSF, Linux kernel exploitation   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw216

Iron Sysadmin Podcast
Episode 126b - Steamdecks, Matrix Vulns, Metas in trouble, and Stadia is going away

Iron Sysadmin Podcast

Play Episode Listen Later Sep 30, 2022 84:10


Welcome to Episode 129b Announcements Patreon Update name_pending197 Jeremy Arinomi Andrew Tatro Bruce Robert David S0l3mn LiNuXsys666 Mark The Mentor Marc Julius Andi J Charles Get your Iron Sysadmin Merch at Teespring! https://teespring.com/stores/ironsysadmin  Support the Iron Sysadmin Podcast AND try out Riverside.fm by using this link: https://riverside.fm/?utm_campaign=campaign_1&utm_medium=affiliate&utm_source=rewardful&via=ironsysadmin  Nate co-hosting Into The Terminal 09/30 at noon est. Chat [unclemarc] Printed a cool stand for it - https://www.thingiverse.com/thing:5363356/files Enabled sshd on the Steam Deck for access via my laptop My son's Deck is sitting over there, we're bringing it to him on Sunday Steam Deck Having fun interviewing for a new TAM for my team [gangrif] https://www.skylightframe.com  Got a “Skylight” frame/calendar. Its pretty neat Also.. trying out the other evil spying device.. Amazon alexa. And finally playing Elden Ring. Very curious about Bone Lab (vr game) [xenophage] Also Watchdogs:Legion, Ni No Kuni, and Secret of Monkey Island ! Kubernetes ! Lots of FFXIV News https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients  https://fakeyou.com/tts/result/TR:mts8v95r5a78s241hyx92pnt3eagr https://www.theverge.com/2022/9/29/23378713/google-stadia-shutting-down-game-streaming-january-2023  Driver: https://github.com/ViGEm/ViGEmBus/releases  Emulator: https://github.com/71/stadiacontroller/releases  Stadia Controllers on Windows: https://theintercept.com/2022/09/28/cia-extinction-woolly-mammoth-dna/  https://www.npr.org/2022/09/20/1124096032/stay-hungry-stay-foolish  https://www.bloomberg.com/news/articles/2022-09-29/meta-announces-hiring-freeze-warns-employees-of-restructuring    Watch us live on the 2nd and 4th Thursday of every month! Subscribe and hit the bell! https://www.youtube.com/IronSysadminPodcast  OR https://twitch.tv/IronSysadminPodcast   Discord Community: https://discord.gg/wmxvQ4c2H6  Find us on Twitter, and Facebook! https://www.facebook.com/ironsysadmin https://www.twitter.com/ironsysadmin Subscribe wherever you find podcasts! And don't forget about our patreon! https://patreon.com/ironsysadmin   Intro and Outro music credit: Tri Tachyon, Digital MK 2http://freemusicarchive.org/music/Tri-Tachyon/ 

Paul's Security Weekly TV
Smart Lock and Simple Vulns, Macros and Secure Defaults, Breaches and Costs - ASW #206

Paul's Security Weekly TV

Play Episode Listen Later Aug 5, 2022 36:58


Multiple vulns in a smart lock, Office Macros finally disabled by default, data breach costs and threat modeling, designing migration paths for 2FA   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw206

Paul's Security Weekly TV
Akamai, PerimeterX HUMAN Merger, Azure Vulns, Blockchain Sec Startups, & Brash CEOs - ESW #282

Paul's Security Weekly TV

Play Episode Listen Later Jul 30, 2022 32:30


In the Enterprise Security News: Blockchain security startups are still raising tons of money, but not in crypto, since it's now worthless. Ha! just kidding. Maybe. Am I? Anvilogic, AppViewX, Sotero, Resourcely, and Push Security all raise rounds JUICY RUMORS! Is Crowdstrike buying Orca? Is Akamai getting bought out by a PE shop? HUMAN and PerimeterX join in a rare cybersecurity merger, Are Azure's vulnerabilities out of control? Zoom brings end-to-end encryption to its cloud phone service, npm says FINE, we'll add some security, Kaseya's CEO is just, telling it like it is, man. The problem must be with you. A robot attacks a child, time to add EMP grenades to your EDC! All that and more!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw282

Paul's Security Weekly TV
Prank Calls, Lazarus APT, WordPress Critical Vulns, CISA Adds 41 Flaws, & Zoom Bugs - PSW #742

Paul's Security Weekly TV

Play Episode Listen Later Jul 6, 2022 104:02


This week in the Security News: Chaining Zoom bugs is possible to hack users in a chat by sending them a message, Microsoft vulnerabilities down for 2021, CISA adds 41 flaws to its Known Exploited Vulnerabilities Catalog, Using NMAP to Assess Hosts in Load Balanced Clusters, Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover, & more!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw742

Paul's Security Weekly TV
Azure Vulns, Vendor Layoff's, Rob Lee, & Bye Bye Internet Explorer - ESW #277

Paul's Security Weekly TV

Play Episode Listen Later Jun 17, 2022 70:59


This week, in the Enterprise News: Vanta raises a $110M Series B to automate SOC 2, ISO, PCI and other compliance efforts Immuta raises a $100M Series E for secure data access (an everything-old-is-new-again market that's exploding) Perimeter 81 raises $100M Series C and becomes a unicorn - You get a VPN! I get a VPN! Everyone gets a VPN! Over a dozen other vendors raise funding! IBM acquires EASM vendor, Randori Another Azure vulnerability allowing tenancy escapes Microsoft's Purview goes beyond DLP and gets into the pre-crime business Half a dozen cybersecurity vendor layoff announcements! We discuss the controversy around Rob Lee's involvement with developing federal standards for critical infrastructure protection and we say farewell (and good riddance) to Internet Explorer… but not really Then, after the news, we're going to air some segments recorded at the RSA conference last week.   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw277

Paul's Security Weekly TV
Windows GPU Display Vulns, NFT Discord Hack, Costa Rica Vs. Hackers, & Initial Access - PSW #741

Paul's Security Weekly TV

Play Episode Listen Later May 21, 2022 77:01


In the Security News for this week: Singapore launches safety rating system for e-commerce sites, Watch Out for Zyxel Firewalls RCE Vulnerability, New Bluetooth hack that can unlock your Tesla, Hackers Compromise a String of NFT Discord Channels, a pentester's attempt to be ‘as realistic as possible' backfires, & more!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw741

Sophos Podcasts
S3 Ep83: Cracking passwords, patching Firefox, and Apple vulns

Sophos Podcasts

Play Episode Listen Later May 18, 2022 26:20


What does the word "non-commensurate" mean? When is cracking passwords legal? Why did Firefox get patched? Which computer needed dropping onto the desk? Why wasn't this 0-day listed in every Apple update? Did Duck get spammed, or was it actually a troll? Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

KLRNRadio
Did It Though? 2.0

KLRNRadio

Play Episode Listen Later May 3, 2022 24:08


hacks pandas vulns klrnradio
KLRNRadio
Did It Though? 2.0

KLRNRadio

Play Episode Listen Later May 3, 2022 24:08


hacks pandas vulns klrnradio
Paul's Security Weekly TV
OAuth Tokens Taken, Vulns in Medical IoT, Scoring a Proactive Security Culture - ASW #193

Paul's Security Weekly TV

Play Episode Listen Later Apr 19, 2022 38:27


OAuth tokens compromised, five flaws in a medical robot, lessons from ASN.1 parsing, XSS and bad UX, proactive security & engineering culture at Chime   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw193

Paul's Security Weekly TV
Vulns in Markdown Parsers, Census II & Open Source Security, iCloud Private Relay - ASW #187

Paul's Security Weekly TV

Play Episode Listen Later Mar 8, 2022 30:44


In the AppSec News: Finding vulns in markdown parsers, Census II and widespread open source dependencies, inside iCloud Private Relay, and cloud pentesting tools!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw187

Paul's Security Weekly
SWN #193 - Ragnar Locker, Linux Vulns, Samsung Code, Nvidia Certs, Adafruit Data Breach, & ICS

Paul's Security Weekly

Play Episode Listen Later Mar 8, 2022 30:11


This week in the Security Weekly News, Dr. Doug talks: Ragnar Locker, more Linux vulnerabilities, Samsung, Nvidia, Adafruit and Ada Lovelace, CrowdStrike, Cloudflare, Ping Coalition, and ICS along with the Expert Commentary of Jason Wood on this edition of the Security Weekly News!   Show Notes: https://securityweekly.com/swn193 Visit https://www.securityweekly.com/swn for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly