DevOps

Application News – Application Security Weekly #50

February 12, 2019

 

 

In the Application Security News, Many popular iPhone apps secretly record your screen without asking, MongoDB databases still being held for ransom, Most of the Fortune 100 still use flawed software that led to the Equifax breach, and a Chrome extension with millions of users is now serving popup ads!

News

Bugs, Breaches, and More!

1.) Most of the Fortune 100 still use flawed software that led to the Equifax breach

2.) MongoDB databases still being held for ransom, two years after attacks started

3.) Thousands of industrial refrigerators can be remotely defrosted, thanks to default passwords

If you build it, they will come

1.) Many popular iPhone apps secretly record your screen without asking

2.) Apple tells app developers to disclose or remove screen recording code

3.) Chrome extension with millions of users is now serving popup ads

Learning & Tools

1.) VSCode Theme Colors

2.) Learn to use JSON Web Tokens for Authentication

3.) How to Break Up with Your Phone

Food for Thought

1.) Facebook broad data collection ruled illegal by German anti-trust office

2.) Investors and entrepreneurs need to address the mental health crisis in startups

3.) CommitStrip: Let it be known

Full Show Notes

Follow us on Twitter: https://www.twitter.com/securityweekly

Hosts

[caption id="attachment_210" align="alignleft" width="120"]Joff Thyer Joff Thyer - Security Analyst, Black Hills Information Security.[/caption] [caption id="attachment_210" align="alignleft" width="120"]Paul Asadorian Paul Asadorian - CEO, Security Weekly.[/caption]

 

 

 

 

 

Announcements

  • RSA Conference 2019 is coming up March 4 - 8 in San Francisco! Go to rsaconference.com/securityweekly-us19 to register now using the discount code 5U9SWFD to receive $100 off a full conference pass! If you are interested in booking an interview or briefing with Security Weekly, please go to securityweekly.com/conferencerequest to submit your request!
  • Join us April 1-3, at Disney's Contemporary Resort for InfoSec World 2019 where you can connect and network with like-minded individuals in search of actionable information. Visit https://infosecworld.misti.com/ and use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass. If you are interested in booking an interview or briefing with Security Weekly, please go to securityweekly.com/conferencerequest to submit your request!
  • Registration is now open for the first Security Weekly webcast of 2019! You can register for our "Rise Above Complex Workflows: Practical Ways To Accelerate Incident Response" webcast now by going to securityweekly.com/webcasts

 

[audio src="http://traffic.libsyn.com/sw-all/Application_News_-_Application_Security_Weekly_50_converted.mp3" ]

prestitial ad