Application Isolation

Drupalgeddon, USPS, & JavaScript – Application Security Weekly #41

November 28, 2018
Hackers use Drupalgeddon 2 and Dirty COW exploits to take over web servers, second WordPress hacking campaign underway, USPS took a year to fix a vulnerability that exposed all 60 million users' data, this JavaScript can snoop on other Browser Tabs to work out what you're visiting, and more!

News

Bugs, Breaches, and More!
1.) Hackers use Drupalgeddon 2 and Dirty COW exploits to take over web servers 2.) Second WordPress hacking campaign underway, this one targeting AMP for WP plugin 3.) USPS Took a year to fix a vulnerability that exposed all 60 million users' data
If you Build It, They Will Come
1.) Rowhammer attacks can now bypass ECC memory protections 2.) This JavaScript can snoop on other Browser Tabs to work out what you're visiting 3.) Yet another memory leak in ImageMagick
Learning & Tools[
1.) SwiftnessX: A cross-platform note-taking & target-tracking app for Pentesting 2.) Serpico - a Pentesting Report Generation and Collaboration Tool:web 3.) The Big List of Naughty Strings
Food for Thought
1.) Digital Ocean Survey: Developer Trends in the Cloud - Open Source Edition 2.) The internet is evolving: HTTP will no longer use TCP 3.) CommitStrip: One final detail Full Show Notes Follow us on Twitter: https://www.twitter.com/securityweekly

Hosts

[caption id="attachment_210" align="alignleft" width="120"]Keith Hoodlet Keith Hoodlet - Application Security Manager, Thermo Fisher Scientific.[/caption] [caption id="attachment_210" align="alignleft" width="120"]Paul Asadorian Paul Asadorian - CEO, Security Weekly.[/caption] [audio src="http://traffic.libsyn.com/sw-all/Drupalgeddon_USPS__JavaScript_-_Application_Security_Weekly_41_converted.mp3" ]
prestitial ad