We Don’t Give A Font – PSW #673
Full Audio
View Show IndexSegments
1. Abusing JWT (JSON Web Tokens) – Sven Morgenroth – PSW #673
Learn how JWTs are implemented, both the correct way and the insecure way. Spoiler alert, most implement them insecurely. Sven will also show you some of the common attacks against JWTs, for use in your next penetration test, bug bounty, or conversation with your developers!
This segment is sponsored by Netsparker.
Visit https://securityweekly.com/netsparker to learn more about them!
Announcements
Tomorrow is the big day! The virtual doors open for the first-ever Security Weekly Unlocked virtual event at 10:30am and the last round table should end around 9:30pm! We have an outstanding line-up of presenters, who will be answering questions LIVE in our Discord server during their presentations! Make sure you register for this FREE event before it's too late! Visit https://securityweekly.com/unlocked to view the line-up and register!
Guest
Sven Morgenroth is a security researcher at Netsparker. He found filter bypasses for Chrome’s XSS auditor and several web application firewalls. He likes to exploit vulnerabilities in creative ways and has hacked his smart TV without even leaving his bed. Sven writes about web application security and documents his research on the Netsparker blog.
Hosts
2. Proactive Security Using Runbooks – Dan DeCloss – PSW #673
Runbooks can be a game changer when it comes to executing proactive security assessments and tabletop exercises. This segment will highlight how to use runbooks to enhance your proactive security assessment program and highlight their different use cases.
This segment is sponsored by PlexTrac.
Visit https://securityweekly.com/plextrac to learn more about them!
Announcements
Join Amit Bareket, Co-founder & CEO of Perimeter 81 & Paul Asadoorian for a technical deep-dive into the problems inherent in legacy VPN technology. Together they will explore solutions for the modern workforce & how momentum toward perimeter-less architecture is helping redefine the future of cybersecurity. Register Now by visiting https://securityweekly.com/perimeter81
Guest
Dan has over 15 years of experience in cybersecurity. Dan started his career in the Department of Defense and then moved on to consulting where he worked for various companies. Prior to PlexTrac, Dan was the Director of Cybersecurity for Scentsy where he and his team built the security program out of its infancy into a best-in-class program. Dan has a master’s degree in Computer Science from the Naval Postgraduate School with an emphasis in Information Security. Additionally, Dan holds the OSCP and CISSP certifications.
Hosts
3. Multiple iOS 0-Days, Intel Malware Defense, & Windows 0-Day Under Attack – PSW #673
In the Security News, Deception Technology: No Longer Only A Fortune 2000 Solution, Windows 10 zero-day could allow hackers to seize control of your computer, A Nameless Hiker and the Case the Internet Can't Crack, New Chrome Zero-Day Under Active Attacks, PornHub Has Been Blocked In Thailand, 3 actively exploited zero days on iOS, and Someone Just Emptied Out a $1 Billion Bitcoin Wallet!
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Hosts
- 1. WordPress Pushes Out Multiple Flawed Security Updates
- 2. Ryuk ransomware behind one third of all ransomware attacks in 2020 – Help Net Security
- 3. 6 Cybersecurity Lessons From 2020
- 4. State threat-sharing center warns of multiple PHP vulnerabilities – CyberScoop
- 5. Changing Cybersecurity Culture
- 6. Games in Microsoft Store Can Be Abused for Privilege Escalation on Windows
- 7. What Keyboard Trackers Are For – Latest Hacking News
- 8. Deception Technology: No Longer Only A Fortune 2000 Solution
- 9. Git LFS vulnerability allows attackers to compromise targets’ Windows systems (CVE-2020-27955) – Help Net Security
- 10. Cisco Zero-Day in AnyConnect Secure Mobility Client Remains Unpatched
- 11. California Proposition 24 Passes – Schneier on Security
- 12. GitHub denies getting hacked
- 13. Hackers are exploiting unpatched VoIP flaws to compromise business accounts
- 14. Customers Are Demanding Privacy
- 15. Deloitte’s ‘Test your Hacker IQ’ site fails itself after exposing database user name, password in config file
- 16. Pornhub Has Been Blocked In Thailand, And People Aren’t Happyhttps://flip.it/wDg4zJ
- 17. One Clear Message From Voters This Election? More Privacyhttps://flip.it/CREsbo
- 18. Russian authorities make rare arrest of malware authorhttps://flip.it/6hn7vv
- 19. Massachusetts voters pass a right-to-repair measure, giving them unprecedented access to their car data – TechCrunchhttps://flip.it/w17LQA
- 20. Back to Basics: Make Cocktails Normal Again – The Bulwarkhttps://flip.it/nSiYNu
- 21. Google to GitHub: Time’s up – this unfixed ‘high-severity’ security bug affects developershttps://flip.it/mCnpwd
- 22. New Chrome Zero-Day Under Active Attacks – Update Your Browser
- 23. Mark Cuban: The World’s First Trillionaire Is Learning This Skill and Discovering How to Use It in Now Unimaginable Wayshttps://flip.it/-eDJbP
- 24. Windows 10 zero-day could allow hackers to seize control of your computerhttps://flip.it/89.bLv
- 25. A Nameless Hiker and the Case the Internet Can’t Crackhttps://flip.it/fLuD4x
- 26. Hacker group uses Solaris zero-day to breach corporate networkshttps://flip.it/UzXovQ
- 27. Google patches second Chrome zero-day in two weekshttps://flip.it/eH0Y0a