This week on the podcast we discuss the first update to the OWASP Top 10 since 2017. OWASP servers as an excellent resource for improving web application security so we're excited to run through the latest refresh of their top security weaknesses. We also discuss phishing attacks that abuse Internationalized Domain Names (IDNs) in emails and a critical vulnerability in … [Read more...]
Azure Linux VMs Vulnerable Due to Pre-Installed Agents
Update 1: OMI agent is not installed on Azure FireboxV/Cloud instances (September 17th, 2021): We reviewed our FireboxV/Cloud instance for Azure and confirmed that the OMI agent cannot be installed on the image. We recommend reviewing the additional guidance Microsoft published on September 16th, 2021 for securing the OMI affected resources/tools. Original Post … [Read more...]
ProxyWare
This week on the podcast we cover ProxyWare, a form of malware that monetizes your internet access for the benefit of the attacker. After that, we discuss ChaosDB, a vulnerability that could have enabled any Azure user to gain full access to any other user's CosmosDB instance. Finally, we end with a discussion of location tracking vulnerabilities and how a few popular dating … [Read more...]
Stop Following Me – Rewind
This week on the podcast we dig back in the archives to 2019 where we discussed how web servers manage to track users across sites using browser fingerprinting methods. Even though some improvements like removing third-party cookies have been made to limit tracking, plenty of additional fingerprinting options still remain. … [Read more...]
PolyNetwork Heist
This week on the podcast we cover one of the largest cryptocurrency heists in history, with a surprising twist of an ending! Before that we'll chat about the latest T-Mobile data breach and what we can learn about protecting user identity. We end the episode with a discussion about one of the latest episodes of Last Week Tonight with John Oliver, watchable here … [Read more...]
