Cobalt Strike and WebLogic; SaltSack; Adobe; Twilio NPM Brandjacking; GitHub Workflows
If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/7238.mp3
SANS Daily Network Security Podcast (Stormcast) for Wednesday, November 4th 2020
00:00
My Next Class
| Application Security: Securing Web Apps, APIs, and Microservices | Washington | Jul 11th - Jul 16th 2022 |
| Application Security: Securing Web Apps, APIs, and Microservices | Online | Jul 11th - Jul 16th 2022 |
Attackers Exploiting WebLogic Servers to Install Cobalt Strike
https://isc.sans.edu/forums/diary/Attackers+Exploiting+WebLogic+Servers+via+CVE202014882+to+install+Cobalt+Strike/26752
New SaltStack Vulnerabilities
https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
Adobe Releases Acrobat/Reader Update
https://helpx.adobe.com/security/products/acrobat/apsb20-67.html
Malicious Twilio NPM Package
https://www.npmjs.com/advisories/1574
GitHub Workflow Injection Vulnerabilities
https://bugs.chromium.org/p/project-zero/issues/detail?id=2070&can=2&q=&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary&cells=ids
https://isc.sans.edu/forums/diary/Attackers+Exploiting+WebLogic+Servers+via+CVE202014882+to+install+Cobalt+Strike/26752
New SaltStack Vulnerabilities
https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
Adobe Releases Acrobat/Reader Update
https://helpx.adobe.com/security/products/acrobat/apsb20-67.html
Malicious Twilio NPM Package
https://www.npmjs.com/advisories/1574
GitHub Workflow Injection Vulnerabilities
https://bugs.chromium.org/p/project-zero/issues/detail?id=2070&can=2&q=&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary&cells=ids
iTunes
MP3 Download
RSS Feed
Google
Stitcher
Podbean
Amazon Echo
YouTube
Spreaker
iOS App
Spotify
Discussion
New Discussions closed for all Podcasts older than two(2) weeks
Please send your comments to our Contact Form
| Application Security: Securing Web Apps, APIs, and Microservices | Washington | Jul 11th - Jul 16th 2022 |
| Application Security: Securing Web Apps, APIs, and Microservices | Online | Jul 11th - Jul 16th 2022 |
| Application Security: Securing Web Apps, APIs, and Microservices | Tokyo | Aug 29th - Sep 3rd 2022 |
| Application Security: Securing Web Apps, APIs, and Microservices | Online | Japan Standard Time | Aug 29th - Sep 3rd 2022 |
| Intrusion Detection In-Depth | Riyadh | Oct 8th - Oct 13th 2022 |
| Intrusion Detection In-Depth | Online | Arabian Standard Time | Oct 8th - Oct 13th 2022 |
| Application Security: Securing Web Apps, APIs, and Microservices | San Francisco | Dec 5th - Dec 10th 2022 |
| Application Security: Securing Web Apps, APIs, and Microservices | Online | US Pacific | Dec 5th - Dec 10th 2022 |
https://www.sans.edu
