Mar 15, 2020 Application Security This Week for March 15 SMBv3 is borked. Block port 445. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200005 Sometimes I hate the human race. Someone built a fake COVID-19 map and is using it to spread malware. https://www.grahamcluley.com/coronavirus-map-used-to-spread-malware/ Not an appsec thing but NordVPN got popped - again. https://www.theregister.co.uk/2020/03/06/nordvpn_no_auth_needed_view_user_payments/ Really need exploit on file upload in web applications that allows NTLMv2 hash theft. http://www.mannulinux.org/2020/03/abusing-file-system-functions-in-web.html?m=1 Another neat finding from a bug bounty with CSRF in a JSON web service. https://medium.com/@secureITmania/how-i-exploit-the-json-csrf-with-method-override-technique-71c0a9a7f3b0 Stay safe - and healthy - folks.