- 1 Application Security Weekly Episode #121 - September 14, 2020
- 2 1. The People & Process of DevOps - 12:30 PM-01:00 PM
- 3 2. RCE via BACKBLAZE, Microsoft Patch Tuesday, & CRYLOGGER - 01:00 PM-01:30 PM
Application Security Weekly Episode #121 - September 14, 2020
Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe
1. The People & Process of DevOps - 12:30 PM-01:00 PM
BSides Boston is back in action for their 10 year anniversary! The conference will be held on Saturday, September 26th & tickets are only $10! You can get yours at https://bsidesbos.org! Some of the Security Weekly team will be in our own channel on the BSides Boston Discord server answering questions and possibly doing some contests!
Join the Security Weekly Mailing List for webcast/virtual training announcements and to receive your personal invite to our Discord server by visiting https://securityweekly.com/subscribe and clicking the button to join the list!
Developer friendly appsec; the people, process and culture of DevSecOps. The basics for some and struggles for others.
Frank Catucci is Sr. Director GTP - Application Security at Gartner
Frank Catucci is a global application security leader with over 15 years of diverse experience which grants him the unique ability to see and lead information and application security with a unique, complete and holistic approach. Frank is currently leading efforts within application security and devsecops with groundbreaking security research, techniques and completeness of vision, as a pioneer and leader of application security and devsecops advancement.
John Kinsella - Vice President of Container Security at Qualys Matt Alderman - CEO at Security Weekly Mike Shema - Product Security Lead at Square
2. RCE via BACKBLAZE, Microsoft Patch Tuesday, & CRYLOGGER - 01:00 PM-01:30 PM
Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
Security Weekly is ramping up our webcast/technical training schedule for the rest of 2020! In September you can Find out Why Traditional Data Security Can’t Be Zero Trust, and Learn how to reduce the blast radius of your cloud infrastructure. Visit https://securityweekly.com/webcasts to see what we have coming up! Or visit securityweekly.com/ondemand to view our previously recorded webcasts!
BLURtooth vulnerability lets attackers overwrite Bluetooth authentication keys, Microsoft Patch Tuesday, Sept. 2020 Edition, Academics find crypto bugs in 306 popular Android apps, none get patched, using CRYLOGGER to detect crypto misuses dynamically, Remote Code Execution as SYSTEM/root via Backblaze, and more!
John Kinsella's Content:
Matt Alderman's Content:
Mike Shema's Content:
- Announcing new reward amounts for abuse risk researchers who identify product abuse within the scope of Google's bug bounty program. There's a lot more to product security than the OWASP Top 10.
- Microsoft Patch Tuesday, Sept. 2020 Edition continues the pace of large amounts of bugs that must be patched.
- XSS->Fix->Bypass: 10000$ bounty in Google Maps finds a very relevant vector for very old-school CDATA and SVG techniques.
- Academics find crypto bugs in 306 popular Android apps, none get patched, using CRYLOGGER to detect crypto misuses dynamically.
- Remote Code Execution as SYSTEM/root via Backblaze due to basic crypto misuse.
- BLURtooth vulnerability lets attackers overwrite Bluetooth authentication keys, showing yet another danger of crypto misuse, as if to prove how prevalent these problems can still be.
- Kids' Smartwatches Are a Security Nightmare Despite Years of Warnings and have a slew of vulns, including crypto flaws, documented by researchers in their paper, a concise video, and a twitter thread.
- 4 top vulnerabilities ransomware attackers exploited in 2020 that are very old and sort of new and absolutely should be patched by now.