Difference between revisions of "ASW Episode62"

From Security Weekly Wiki
Jump to navigationJump to search
Line 16: Line 16:
  
 
===== Bugs, Breaches, and More! =====
 
===== Bugs, Breaches, and More! =====
 +
* [https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-expressway-traversal Cisco Expressway goes off path] and a Cisco IOS XE vuln [https://www.tenable.com/blog/thrangrycat-vulnerabilities-in-cisco-secure-boot-and-cisco-ios-xe-cve-2019-1649-cve-2019-1862 goes for emojis]
 +
* [https://www.cyberus-technology.de/posts/2019-05-14-zombieload.html More erosion of CPU data boundaries]
 +
* [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708 RDP patches a pre-auth problem] and even [https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708 resuccitates a patch process for XP]
 +
* [https://support.apple.com/en-us/HT210118 iOS fixes several vulns] including some for SQLite, which has always been [https://sqlite.org/testing.html well-tested software]
 +
* [https://security.googleblog.com/2019/05/titan-keys-update.html Bluetooth grows fangs], a lot [https://www.usenix.org/system/files/sec19fall_stute_prepub.pdf of them]
  
 
===== If you build it, they will come =====
 
===== If you build it, they will come =====
 +
* [https://github.com/Microsoft/AttackSurfaceAnalyzer Microsoft's Attack Surface Analyzer gives DevSecOps teams more data]
  
 
===== Learning & Tools =====
 
===== Learning & Tools =====
 +
* [https://iapp.org/news/a/interface-design-the-who-what-where-rule/ Clear design goals for better privacy and security]
  
 
===== Food for Thought =====
 
===== Food for Thought =====
 +
* [https://googleprojectzero.blogspot.com/p/0day.html Project Zero shares some wild data]
  
  
 
{{SocialMedia}}
 
{{SocialMedia}}

Revision as of 20:48, 19 May 2019

Recorded May 20, 2019 at G-Unit Studios in Rhode Island!

Hosts

  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • John Kinsella
    is the Vice President of Container Security for Qualys.
  • Mike Shema
    is the Product Security Lead of Square.
  • Announcements

    • John Strand will be teaching Active Defense and Cyber Deception at Black Hat 2019.  Please register here!  Register Now @ [1].
    • We just released our 2019 Security Weekly 25 Index Survey. Please go to securityweekly.com and click the Survey link to help us understand who's evaluating, using, or formerly used any of the Security Weekly 25 companies. The results will be summarized and presented back to all responders in a private webcast.

    Interview: Cody Wood, Signal Sciences

    Cody Wood
    is the AppSec Product Support Engineer at Signal Sciences.

    JDirt miner turned application security fanatic. Often straddling multiple departments and roles, the appsec bug bit Cody in Houston, TX at the Threat Research Center working for Whitehat Security. Cody has also worked for brief periods in both builder and breaker roles. At Signal Sciences, he currently focuses on researching and expanding Signal Sciences' vulnerability specific rules coverage.


    News

    Bugs, Breaches, and More!
    If you build it, they will come
    Learning & Tools
    Food for Thought


    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+