Application security, Remote access, Vulnerability management, Incident response

We Don’t Give A Font – PSW #673

This week, we welcome back Sven Morgenroth, Security Researcher from Netsparker, to talk about Abusing JWT (JSON Web Tokens)! Dan DeCloss, CEO & President of Plextrac joins us in the following segment to show us how to use Proactive Security Using Runbooks! In the Security News, Deception Technology: No Longer Only A Fortune 2000 Solution, New Chrome Zero-Day Under Active Attacks Update Your Browser, Pornhub Has Been Blocked In Thailand, 3 actively exploited zero days on iOS, and Someone Just Emptied Out a $1 Billion Bitcoin Wallet!

Visit https://securityweekly.com/netsparker to learn more about them!

Visit https://securityweekly.com/plextrac to learn more about them!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

View Show Index

Full Audio

Segments

1. Abusing JWT (JSON Web Tokens) – Sven Morgenroth – PSW #673

Learn how JWTs are implemented, both the correct way and the insecure way. Spoiler alert, most implement them insecurely. Sven will also show you some of the common attacks against JWTs, for use in your next penetration test, bug bounty, or conversation with your developers!

This segment is sponsored by Netsparker.

Visit https://securityweekly.com/netsparker to learn more about them!

Sponsored By

Netsparker

Announcements

  • Tomorrow is the big day! The virtual doors open for the first-ever Security Weekly Unlocked virtual event at 10:30am and the last round table should end around 9:30pm! We have an outstanding line-up of presenters, who will be answering questions LIVE in our Discord server during their presentations! Make sure you register for this FREE event before it's too late! Visit https://securityweekly.com/unlocked to view the line-up and register!

Guest

Sven Morgenroth
Sven Morgenroth
Security Researcher at Netsparker

Sven Morgenroth is a security researcher at Netsparker. He found filter bypasses for Chrome’s XSS auditor and several web application firewalls. He likes to exploit vulnerabilities in creative ways and has hacked his smart TV without even leaving his bed. Sven writes about web application security and documents his research on the Netsparker blog.

Hosts

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
Doug White
Doug White
Professor at Roger Williams University
Lee Neely
Lee Neely
Information Assurance APL at Lawrence Livermore National Laboratory
Tyler Robinson
Tyler Robinson
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

2. Proactive Security Using Runbooks – Dan DeCloss – PSW #673

Runbooks can be a game changer when it comes to executing proactive security assessments and tabletop exercises. This segment will highlight how to use runbooks to enhance your proactive security assessment program and highlight their different use cases.

This segment is sponsored by PlexTrac.

Visit https://securityweekly.com/plextrac to learn more about them!

Sponsored By

PlexTrac

Announcements

  • Join Amit Bareket, Co-founder & CEO of Perimeter 81 & Paul Asadoorian for a technical deep-dive into the problems inherent in legacy VPN technology. Together they will explore solutions for the modern workforce & how momentum toward perimeter-less architecture is helping redefine the future of cybersecurity. Register Now by visiting https://securityweekly.com/perimeter81

Guest

Dan DeCloss
Dan DeCloss
Founder / CEO & President at PlexTrac

Dan has over 15 years of experience in cybersecurity. Dan started his career in the Department of Defense and then moved on to consulting where he worked for various companies. Prior to PlexTrac, Dan was the Director of Cybersecurity for Scentsy where he and his team built the security program out of its infancy into a best-in-class program. Dan has a master’s degree in Computer Science from the Naval Postgraduate School with an emphasis in Information Security. Additionally, Dan holds the OSCP and CISSP certifications.

Hosts

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
Doug White
Doug White
Professor at Roger Williams University
Joff Thyer
Joff Thyer
Security Analyst at Black Hills Information Security
Lee Neely
Lee Neely
Information Assurance APL at Lawrence Livermore National Laboratory
Tyler Robinson
Tyler Robinson
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

3. Multiple iOS 0-Days, Intel Malware Defense, & Windows 0-Day Under Attack – PSW #673

In the Security News, Deception Technology: No Longer Only A Fortune 2000 Solution, Windows 10 zero-day could allow hackers to seize control of your computer, A Nameless Hiker and the Case the Internet Can't Crack, New Chrome Zero-Day Under Active Attacks, PornHub Has Been Blocked In Thailand, 3 actively exploited zero days on iOS, and Someone Just Emptied Out a $1 Billion Bitcoin Wallet!

Announcements

  • Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

  • Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Hosts

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
  1. 1. WordPress Pushes Out Multiple Flawed Security Updates -
  2. 2. Ryuk ransomware behind one third of all ransomware attacks in 2020 – Help Net Security
  3. 3. 6 Cybersecurity Lessons From 2020
  4. 4. State threat-sharing center warns of multiple PHP vulnerabilities – CyberScoop
  5. 5. Changing Cybersecurity Culture
  6. 6. Games in Microsoft Store Can Be Abused for Privilege Escalation on Windows
  7. 7. What Keyboard Trackers Are For – Latest Hacking News
  8. 8. Deception Technology: No Longer Only A Fortune 2000 Solution
  9. 9. Git LFS vulnerability allows attackers to compromise targets’ Windows systems (CVE-2020-27955) – Help Net Security
  10. 10. Cisco Zero-Day in AnyConnect Secure Mobility Client Remains Unpatched
  11. 11. California Proposition 24 Passes – Schneier on Security
  12. 12. GitHub denies getting hacked
  13. 13. Hackers are exploiting unpatched VoIP flaws to compromise business accounts
  14. 14. Customers Are Demanding Privacy
  15. 15. Deloitte’s ‘Test your Hacker IQ’ site fails itself after exposing database user name, password in config file
  16. 16. Pornhub Has Been Blocked In Thailand, And People Aren’t Happy - https://flip.it/wDg4zJ
  17. 17. One Clear Message From Voters This Election? More Privacy - https://flip.it/CREsbo
  18. 18. Russian authorities make rare arrest of malware author - https://flip.it/6hn7vv
  19. 19. Massachusetts voters pass a right-to-repair measure, giving them unprecedented access to their car data – TechCrunch - https://flip.it/w17LQA
  20. 20. Back to Basics: Make Cocktails Normal Again – The Bulwark - https://flip.it/nSiYNu
  21. 21. Google to GitHub: Time’s up – this unfixed ‘high-severity’ security bug affects developers - https://flip.it/mCnpwd
  22. 22. New Chrome Zero-Day Under Active Attacks – Update Your Browser
  23. 23. Mark Cuban: The World’s First Trillionaire Is Learning This Skill and Discovering How to Use It in Now Unimaginable Ways - https://flip.it/-eDJbP
  24. 24. Windows 10 zero-day could allow hackers to seize control of your computer - https://flip.it/89.bLv
  25. 25. A Nameless Hiker and the Case the Internet Can’t Crack - https://flip.it/fLuD4x
  26. 26. Hacker group uses Solaris zero-day to breach corporate networks - https://flip.it/UzXovQ
  27. 27. Google patches second Chrome zero-day in two weeks - https://flip.it/eH0Y0a
Doug White
Doug White
Professor at Roger Williams University
Joff Thyer
Joff Thyer
Security Analyst at Black Hills Information Security
Lee Neely
Lee Neely
Information Assurance APL at Lawrence Livermore National Laboratory
Tyler Robinson
Tyler Robinson
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element
prestitial ad