View More PSW Episodes

We Don’t Give A Font – PSW #673

This week, we welcome back Sven Morgenroth, Security Researcher from Netsparker, to talk about Abusing JWT (JSON Web Tokens)! Dan DeCloss, CEO & President of Plextrac joins us in the following segment to show us how to use Proactive Security Using Runbooks! In the Security News, Deception Technology: No Longer Only A Fortune 2000 Solution, New Chrome Zero-Day Under Active Attacks Update Your Browser, Pornhub Has Been Blocked In Thailand, 3 actively exploited zero days on iOS, and Someone Just Emptied Out a $1 Billion Bitcoin Wallet! Visit https://securityweekly.com/netsparker to learn more about them! Visit https://securityweekly.com/plextrac to learn more about them! Visit https://www.s...

This episode is sponsored by
Full Show Notes
Segment One

Abusing JWT (JSON Web Tokens) – Sven Morgenroth – PSW #673

Learn how JWTs are implemented, both the correct way and the insecure way. Spoiler alert, most implement them insecurely. Sven will also show you some of the common attacks against JWTs, for use in your next penetration test, bug bounty, or conversation with your developers!

This segment is sponsored by Netsparker.

Visit https://securityweekly.com/netsparker to learn more about them!

Guest
Security Researcher at Netsparker

Sven Morgenroth is a security researcher at Netsparker. He found filter bypasses for Chrome’s XSS auditor and several web application firewalls. He likes to exploit vulnerabilities in creative ways and has hacked his smart TV without even leaving his bed. Sven writes about web application security and documents his research on the Netsparker blog.

Announcements

  • Tomorrow is the big day! The virtual doors open for the first-ever Security Weekly Unlocked virtual event at 10:30am and the last round table should end around 9:30pm! We have an outstanding line-up of presenters, who will be answering questions LIVE in our Discord server during their presentations! Make sure you register for this FREE event before it's too late! Visit https://securityweekly.com/unlocked to view the line-up and register!

Segment Two

Proactive Security Using Runbooks – Dan DeCloss – PSW #673

Runbooks can be a game changer when it comes to executing proactive security assessments and tabletop exercises. This segment will highlight how to use runbooks to enhance your proactive security assessment program and highlight their different use cases.

This segment is sponsored by PlexTrac.

Visit https://securityweekly.com/plextrac to learn more about them!

Guest
Founder / CEO & President at PlexTrac
http://plextrac.com/

Dan has over 15 years of experience in cybersecurity. Dan started his career in the Department of Defense and then moved on to consulting where he worked for various companies. Prior to PlexTrac, Dan was the Director of Cybersecurity for Scentsy where he and his team built the security program out of its infancy into a best-in-class program. Dan has a master’s degree in Computer Science from the Naval Postgraduate School with an emphasis in Information Security. Additionally, Dan holds the OSCP and CISSP certifications.

Announcements

  • Join Amit Bareket, Co-founder & CEO of Perimeter 81 & Paul Asadoorian for a technical deep-dive into the problems inherent in legacy VPN technology. Together they will explore solutions for the modern workforce & how momentum toward perimeter-less architecture is helping redefine the future of cybersecurity. Register Now by visiting https://securityweekly.com/perimeter81

Segment Three

Multiple iOS 0-Days, Intel Malware Defense, & Windows 0-Day Under Attack – PSW #673

In the Security News, Deception Technology: No Longer Only A Fortune 2000 Solution, Windows 10 zero-day could allow hackers to seize control of your computer, A Nameless Hiker and the Case the Internet Can't Crack, New Chrome Zero-Day Under Active Attacks, PornHub Has Been Blocked In Thailand, 3 actively exploited zero days on iOS, and Someone Just Emptied Out a $1 Billion Bitcoin Wallet!

Announcements

  • Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

  • Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

List of Articles

Paul Asadoorian

  1. WordPress Pushes Out Multiple Flawed Security Updates
  2. Ryuk ransomware behind one third of all ransomware attacks in 2020 – Help Net Security
  3. 6 Cybersecurity Lessons From 2020
  4. State threat-sharing center warns of multiple PHP vulnerabilities – CyberScoop
  5. Changing Cybersecurity Culture
  6. Games in Microsoft Store Can Be Abused for Privilege Escalation on Windows
  7. What Keyboard Trackers Are For – Latest Hacking News
  8. Deception Technology: No Longer Only A Fortune 2000 Solution
  9. Git LFS vulnerability allows attackers to compromise targets’ Windows systems (CVE-2020-27955) – Help Net Security
  10. Cisco Zero-Day in AnyConnect Secure Mobility Client Remains Unpatched
  11. California Proposition 24 Passes – Schneier on Security
  12. GitHub denies getting hacked
  13. Hackers are exploiting unpatched VoIP flaws to compromise business accounts
  14. Customers Are Demanding Privacy
  15. Deloitte’s ‘Test your Hacker IQ’ site fails itself after exposing database user name, password in config file
  16. Pornhub Has Been Blocked In Thailand, And People Aren’t Happy
    https://flip.it/wDg4zJ
  17. One Clear Message From Voters This Election? More Privacy
    https://flip.it/CREsbo
  18. Russian authorities make rare arrest of malware author
    https://flip.it/6hn7vv
  19. Massachusetts voters pass a right-to-repair measure, giving them unprecedented access to their car data – TechCrunch
    https://flip.it/w17LQA
  20. Back to Basics: Make Cocktails Normal Again – The Bulwark
    https://flip.it/nSiYNu
  21. Google to GitHub: Time’s up – this unfixed ‘high-severity’ security bug affects developers
    https://flip.it/mCnpwd
  22. New Chrome Zero-Day Under Active Attacks – Update Your Browser
  23. Mark Cuban: The World’s First Trillionaire Is Learning This Skill and Discovering How to Use It in Now Unimaginable Ways
    https://flip.it/-eDJbP
  24. Windows 10 zero-day could allow hackers to seize control of your computer
    https://flip.it/89.bLv
  25. A Nameless Hiker and the Case the Internet Can’t Crack
    https://flip.it/fLuD4x
  26. Hacker group uses Solaris zero-day to breach corporate networks
    https://flip.it/UzXovQ
  27. Google patches second Chrome zero-day in two weeks
    https://flip.it/eH0Y0a
Show More

Stay in the Know, No Smoke and Mirrors – Join Our Newsletter

Get expert insights and technical breakdowns straight to your inbox.
Join Now

Related Episodes

Related Content

You can skip this ad in 5 seconds