Application Security This Week for June 7

Another great Server Side Request Forgery find.  I found this on a test again in May folks, it's a real thing.  Just because your analyst doesn't have time to write the exploit doesn't mean it isn't real.


Spoofing attacks on contact tracing.  Man, the bad guys will stop at nothing.  Insane.


Two MORE remote code execution vulns in Zoom.  Now, don't think I am picking on them, but this is why we should be careful up front - you never know when you are gonna go viral! I think the devs at Zoom are doing an AWESOME job fixing these as they show up.


The fantastic Google Project Zero wrote a neat instrumentation library that is ACTUALLY lightweight for Windows 32 and 64.  You should use it to instrument only modules of interest, and it adds very little overhead. I haven't played with it yet but I am very excited to (when I have two minutes to rub together).


Hope you are all safe. Weird stuff going on, and us in tech are well positioned to make changes in the world.  Stop and think before you choose a direction.


Comments are closed