PSW #743 – Matt McGuirk
Full Audio
View Show IndexSegments
1. Understanding WebApp Client-Side Security With Source Defense – Matt McGuirk – PSW #743
This segment will be an opportunity to discuss web application client-side security with subject matter expert Matt McGuirk from Source Defense. Modern web applications have a massive and misunderstood attack surface that exists within the webpages they serve.
Potential discussion topics:
- A visual overview of the problem
- A simulated client-side attack
- How to evaluate client-side risk on a given web site
- What technologies are available to defend against client-side attacks
- Historical case studies of landmark attacks
Segment Resources: "Magecart 101" - a courseware-style overview of the problem for security practioners: https://www.youtube.com/watch?v=T4al8idAE_M
A quick five minute explainer on the problem and Source Defense's solution: https://www.youtube.com/watch?v=f8MO45EQcKY
Source Defense's brand new (as of 5/25/22) "State of the Industry" report for client-side security: https://info.sourcedefense.com/third-party-digital-supply-chain-report-white-paper
This segment is sponsored by Source Defense. Visit https://securityweekly.com/sourcedefense to learn more about them!
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Guest
Matt McGuirk is an expert in JavaScript, web technologies, and both client-side risk and client-side attacks. He has over 15 years of experience in web application development, website administration, and cybersecurity. Additionally, he has provided consultation and analysis to Fortune 50 companies on how best to secure their customer-facing web properties and business critical web applications. Matt lives in the American Northeast with his wife and two dogs.
Host
2. Charitable Ransomware, Year of Linux Malware, Follina MSDT, Twitter Fines, & Bounties – PSW #743
This week in the Security News: Analyzing chat logs with Python, consumer reports for IoT, hypothetically BS, the year of the Linux desktop and the year of Linux malware are the same, do you trust Google to tell you open-source software is secure?, Twitter fines, WSL attack vector, Follina, UK Government still won't pay a bounty, and ransomware that makes you a better person!
Announcements
Security Weekly listeners, save $100 on your RSA Conference 2022 Full Conference Pass! RSA Conference will be live in San Francisco June 6th-9th, 2022. Security Weekly will be there in full force, delivering real-time, live coverage and interviewing some of the event’s top speakers and sponsors. To register using our discount code, please visit https://securityweekly.com/rsac2022 and use the code 52UCYBER. We hope to see you there!
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Hosts
- 1. Karakurt Data Extortion GroupKarakurt actors steal data and threaten to auction it off or release it to the public unless they receive payment of the demanded ransom. CISA, the FBI, Treasury, and FinCEN encourage organizations to review Karakurt Data Extortion Group to learn about Karakurt’s tactics, techniques, and procedures and to apply the recommended mitigations. https://www.cisa.gov/uscert/ncas/alerts/aa22-152a
- 2. Mozilla Releases Security Updates for Firefox, Firefox ESR, and ThunderbirdMozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these Vulnerabilities to take control of an affected systems.
- 3. Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability – Microsoft Security Response CenterWork around - disable MS-DT Run Command Prompt as Administrator. Backup Registry key "reg export HKEY_CLASSES_ROOTms-msdt filename“ Delete the Registry key “reg delete HKEY_CLASSES_ROOTms-msdt /f”
- 4. Microsoft Releases Workaround Guidance for MSDT “Follina” VulnerabilityMicrosoft has released workaround guidance to address a remote code execution (RCE) vulnerability—CVE-2022-30190, known as "Follina"—affecting the Microsoft Support Diagnostic Tool (MSDT) in Windows.
- 5. New Follina Zero-Day in Microsoft Office Puts Businesses at RiskResearchers say they uncovered a new zero-day vulnerability, which has been dubbed "Follina" by security researcher Kevin Beaumont, The document uses the Word remote template feature to retrieve a HTML file from a remote webserver, which in turn uses the ms-msdt MSProtocol URI scheme to load some code and execute some PowerShell." Uses bash on the Mac...
- 6. Follina — a Microsoft Office code execution vulnerabilityKevin Beaumont's write-up of Follina.