Difference between revisions of "ASWEpisode94"

From Security Weekly Wiki
Jump to navigationJump to search
(Created page with "''Recorded February 3, 2020 at G-Unit Studios in Rhode Island!'' == Episode Audio == <!-- <div align="center"> {{#widget:SoundCloud |id=651835745 |width=75% |height=100 |colo...")
Line 28: Line 28:
===== Featured Flaws & Big Breaches =====
===== Flaws, Breaches, & Threats =====
* [https://www.microsoft.com/en-us/msrc/bounty-xbox Xbox Bounty Program] unlocks achievements for security researchers.
* [https://www.securityweek.com/magento-234-patches-critical-code-execution-vulnerabilities Magento 2.3.4 Patches Critical Code Execution Vulnerabilities] that include deserialization and path traversal.
* [https://research.checkpoint.com/2020/remote-cloud-execution-critical-vulnerabilities-in-azure-cloud-infrastructure-part-i/ Remote Cloud Execution – Critical Vulnerabilities in Azure Cloud Infrastructure] covers SSRF and [https://research.checkpoint.com/2020/remote-cloud-execution-critical-vulnerabilities-in-azure-cloud-infrastructure-part-ii/ part two] covers RCE in the Azure Stack.
* [https://www.zdnet.com/article/rce-in-opensmtpd-library-impacts-bsd-and-linux-distros/ RCE in OpenSMTPD library impacts BSD and Linux distros] that sneaks shell commands into an [https://www.qualys.com/2020/01/28/cve-2020-7247/lpe-rce-opensmtpd.txt invalid local part of an address].
===== Cloud, Code & Controls =====
===== Cloud, Code & Controls =====
Line 35: Line 39:
===== Food for Thought =====
===== Food for Thought =====
* [https://www.zdnet.com/article/fintechs-divided-on-screen-scraping-ban/ Fintechs divided on screen scraping ban]
* [https://github.com/ukncsc/zero-trust-architecture/ Zero trust architecture design principles] from the UK National Cyber Security Center.

Revision as of 03:51, 3 February 2020

Recorded February 3, 2020 at G-Unit Studios in Rhode Island!

Episode Audio


  • Mike Shema
    is the Product Security Lead of Square.
  • John Kinsella
    is the Vice President of Container Security for Qualys.
  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Announcements

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
    • OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
    • We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
    • Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.



    Flaws, Breaches, & Threats
    Cloud, Code & Controls
    Learning & Tools
    Food for Thought

    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+