ASW Episode36

From Paul's Security Weekly
Jump to: navigation, search

Application Security Weekly #36

Recorded October 22nd, 2018 at G-Unit Studios in Rhode Island!

Episode Audio


April Wright
is a Preventative Security Specialist at
  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .

  • Annoucements:

    • If you are interested in quality over quantity and having meaningful conversations instead of just a badge scan, join us April 1-3, at Disney's Contemporary Resort for InfoSec World 2019 where you can connect and network with like-minded individuals in search of actionable information. Use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass.
    • One of our illustrious co-hosts, Patrick Laverty, will be co-presenting "Pentesting: Tips, Tricks and Stories" with Aaron Herndon at BSides CT 2019! Ticket sales are open until the day of the show (Saturday, November 3rd) for $20. Go to to register now!
    • Join us for our Webcast with Signal Sciences entitled Which way should you shift testing in the SDLC? This webcast will be held November 8th @3-4pm EST. Go to to register now!
    • Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at:


    Bugs, Breaches, and More!

    1.) jQuery Plugin that has been Exploited for Years is Finally getting Patched

    2.) Flaw in LibSSH leaves Thousands of Servers at Risk

    3.) Remote Code Implantation flaw found in Medtronic Cardiac Programmers

    If you Build It, They Will Come

    1.) Turns Out - Facebook could in fact use data Collected from its new in-home Video Conferencing device, "Portal"

    2.) Hackers hide Cryptocurrency malware in Adobe Flash updates

    3.) The Government is (finally) rolling out Two-Factor Authentication for Federal Agency domains

    Learning & Tools

    1.) Embedding Meterpreter in Android APKs

    2.) LibSSH Scanner: a script for identifying CVE-2018-10933 in your environment

    3.) RDPY: RDP Security Tool for Testing Remote Desktop Protocol in your environment

    Food for Thought

    1.) The Cybersecurity Hiring Gap

    2.) The FDA is Embracing Ethical Hackers

    3.) Disney is helping Women from across their company to become Developers

    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+