This week in the Security News: Attacking RDP (from the inside), NetUSB exposed, the old mailing USB drives trick, a persistent DoS in your doorLock, Signal gets a new CEO, attacking the patching software, where does that QR code go, we heard you liked cryptominers, Pluton will fix that and retiring from a jarring career, & more!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw723
The log4j vulnerability still exists in many environments. Learn how to exploit this vulnerability in our step-by-step guide. Please only use this information for research and testing purposes, and only with permission!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw723
In the leadership and communications section, no, we're not discussing log4j, 2021 recaps or lessons learned, or 2022 new year's resolutions or predictions!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw245
How cloud resources are architected and utilized is different for every organization, but whether cloud native or cloud traditionalist – security risk and complexity are problems. Concerns over account takeover, overprivileged access and the struggle to keep pace with the dynamism of the cloud are driving demand for a better way to secure access. Hear Colby Dyess, Director of Product at Appgate, discuss how the principles of Zero Trust strengthen and simplify access controls across varying cloud architectures. We’ll address everything from users connecting to multi-cloud resources, secure service-to-service communication and running security as code.
This segment is sponsored by Appgate. Visit https://securityweekly.com/appgate to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw245
There's an understandable focus on "shift left" in modern DevOps and appsec discussions. So what does it take to broaden what we call appsec into something effective for modern apps, whether they're on the web, mobile, or cloud? We'll talk about moving on from niche offerings into successful appsec programs.
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw179
The FTC issues a warning about taking log4j seriously, JNDI is elsewhere, cache poisoning shows challenges in normalizing strings, semgrep for refactoring configs with security in mind, the Q4 2021 ThinkstScape quarterly, Salesforce to require MFA
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw179