Security news for this week:
- RDP and credentials that are not really revoked, and some RDP bitmap caching fun
- Some magic info on MagicINFO
- Vulnerability Management Zombies
- There is a backdoor in your e-commerce
- Airborne: vulnerabilities in AirPlay
- Bring your own installer - crafty EDR bypass
- The Signal clone used by US government officials: shocker: has been hacked
- AI slop vulnerability reporting
- Bricking iPhones with a single line of code
- Hacking planet technology
- Vibe hacking for the win?
- Cybersecurity CEO arrested for deploying malware
- Hello my perverted friend
- FastCGI - fast, but vulnerable
Chapters:
0:00 Opening and introductions 2:43 Panel introductions and conference recaps 4:46 Conference announcements and Corncon discussion 8:05 RSAC 2025 recap and vulnerability management trends 15:44 RDP credential revocation flaw in Windows 11 34:57 Apple AirPlay "wormable" vulnerabilities and third-party device risks 44:10 Signal clone breach used by US officials (TeleMessage incident) 55:38 Supply chain attack: Magento extensions backdoor 66:12 "Hello my perverted friend": Sextortion scam analysis 72:10 Security culture and phishing awareness at home 75:25 Digital signage vulnerabilities: Samsung MagicInfo 81:41 Threat hunting tradecraft and blue team operations 88:38 AI slop in vulnerability reporting and vibe hacking 98:59 Apple notification DoS and sandbox bypass 101:24 VMware licensing controversy and alternatives 107:14 CEO arrested for planting malware in hospital systems 116:06 FastCGI vulnerabilities in embedded/IoT systems 122:12 Rooting Android phones and device locking 124:08 Closing and outro
Show Notes: https://securityweekly.com/psw-873
Senaste avsnitt
En liten tjänst av I'm With Friends. Finns även på engelska.