Security Weekly Podcast Network (Audio) Angry Iguana, Squid Bot, Bruted, 0Auth, Dragon Medical, Clippy 2.0, CISA, Josh Marpet - SWN #460
Mar 18, 2025
In this discussion, cybersecurity expert Josh Marpet shares insights into the latest threats like ransomware and the malicious BruteD tool. He humorously critiques the integration of AI in medicine and its implications for cybersecurity. The dangers of OAuth vulnerabilities, including phishing risks, are dissected, highlighting the need for robust security measures. Marpet also advocates for automating third-party risk management to alleviate the burden on security professionals, addressing the ongoing challenges in a rapidly evolving digital landscape.
AI Snips
Chapters
Transcript
Episode notes
Network Device Security
- Don't neglect network device security; test passwords and use multi-factor authentication.
- Consider IP filtering and avoid default or easily guessed passwords.
OAuth App Security
- Be cautious with OAuth apps, especially those impersonating familiar tools.
- These apps can steal credentials by requesting seemingly harmless permissions.
Tomcat Security
- Review Tomcat configurations, especially if running in file-based session storage mode.
- Disable PUT requests if possible or ensure proper data stream validation to prevent arbitrary file writes.