Cybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.
…
continue reading
المحتوى المقدم من Security Weekly Productions. يتم تحميل جميع محتويات البودكاست بما في ذلك الحلقات والرسومات وأوصاف البودكاست وتقديمها مباشرةً بواسطة Security Weekly Productions أو شريك منصة البودكاست الخاص بهم. إذا كنت تعتقد أن شخصًا ما يستخدم عملك المحمي بحقوق الطبع والنشر دون إذنك، فيمكنك اتباع العملية الموضحة هنا https://ar.player.fm/legal.
مشابه لـSecurity Weekly Podcast Network (Audio)
Explore true stories of the dark side of the Internet with host Jack Rhysider as he takes you on a journey through the chilling world of hacking, data breaches, and cyber crime.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Daily update on current cyber security threats
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Agile for Humans™ is a weekly podcast dedicated to the individuals and interactions that make agile work. The goal is to help create safe and collaborative working environments where people are empowered to do their best work.
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Player FM - تطبيق بودكاست
انتقل إلى وضع عدم الاتصال باستخدام تطبيق Player FM !
انتقل إلى وضع عدم الاتصال باستخدام تطبيق Player FM !
))
Something For Everybody - ASW #180
Manage episode 318106300 series 70666
المحتوى المقدم من Security Weekly Productions. يتم تحميل جميع محتويات البودكاست بما في ذلك الحلقات والرسومات وأوصاف البودكاست وتقديمها مباشرةً بواسطة Security Weekly Productions أو شريك منصة البودكاست الخاص بهم. إذا كنت تعتقد أن شخصًا ما يستخدم عملك المحمي بحقوق الطبع والنشر دون إذنك، فيمكنك اتباع العملية الموضحة هنا https://ar.player.fm/legal.
This isn't a story about NPM even though it's inspired by NPM. Twice. The maintainer of the "colors" NPM library intentionally changed the library's behavior from its expected functionality to printing garbage messages. The library was exhibiting the type of malicious activity that typically comes from a compromised package. Only this time users of the library, which easily number in the thousands, discovered this was sabotage by the package maintainer himself. This opens up a broader discussion on supply chain security than just provenance. How do we ensure open source tools receive the investments they need -- security or otherwise? For that matter, how do we ensure internal tools receive the investments they need? Log4j was just one recent example of seeing old code appear in surprising places.
Scams and security flaws in (so-called) web3 and when decentralization looks centralized, SSRF from a URL parsing problem, vuln in AWS Glue, 10 vulns used for CI/CD compromises!
Show Notes: https://securityweekly.com/asw180
Segment resources:
- https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/
- https://www.zdnet.com/article/when-open-source-developers-go-bad/
- https://www.zdnet.com/article/log4j-after-white-house-meeting-google-calls-for-list-of-critical-open-source-projects/
- https://www.theregister.com/2022/01/17/open_source_closed_wallets_big/
- https://blog.google/technology/safety-security/making-open-source-software-safer-and-more-secure/
- https://docs.linuxfoundation.org/lfx/security/onboarding-your-project
- https://arstechnica.com/information-technology/2016/03/rage-quit-coder-unpublished-17-lines-of-javascript-and-broke-the-internet/
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
2779 حلقات
مشاركة
Manage episode 318106300 series 70666
المحتوى المقدم من Security Weekly Productions. يتم تحميل جميع محتويات البودكاست بما في ذلك الحلقات والرسومات وأوصاف البودكاست وتقديمها مباشرةً بواسطة Security Weekly Productions أو شريك منصة البودكاست الخاص بهم. إذا كنت تعتقد أن شخصًا ما يستخدم عملك المحمي بحقوق الطبع والنشر دون إذنك، فيمكنك اتباع العملية الموضحة هنا https://ar.player.fm/legal.
This isn't a story about NPM even though it's inspired by NPM. Twice. The maintainer of the "colors" NPM library intentionally changed the library's behavior from its expected functionality to printing garbage messages. The library was exhibiting the type of malicious activity that typically comes from a compromised package. Only this time users of the library, which easily number in the thousands, discovered this was sabotage by the package maintainer himself. This opens up a broader discussion on supply chain security than just provenance. How do we ensure open source tools receive the investments they need -- security or otherwise? For that matter, how do we ensure internal tools receive the investments they need? Log4j was just one recent example of seeing old code appear in surprising places.
Scams and security flaws in (so-called) web3 and when decentralization looks centralized, SSRF from a URL parsing problem, vuln in AWS Glue, 10 vulns used for CI/CD compromises!
Show Notes: https://securityweekly.com/asw180
Segment resources:
- https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/
- https://www.zdnet.com/article/when-open-source-developers-go-bad/
- https://www.zdnet.com/article/log4j-after-white-house-meeting-google-calls-for-list-of-critical-open-source-projects/
- https://www.theregister.com/2022/01/17/open_source_closed_wallets_big/
- https://blog.google/technology/safety-security/making-open-source-software-safer-and-more-secure/
- https://docs.linuxfoundation.org/lfx/security/onboarding-your-project
- https://arstechnica.com/information-technology/2016/03/rage-quit-coder-unpublished-17-lines-of-javascript-and-broke-the-internet/
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
2779 حلقات
Wszystkie odcinki
×
مرحبًا بك في مشغل أف ام!
يقوم برنامج مشغل أف أم بمسح الويب للحصول على بودكاست عالية الجودة لتستمتع بها الآن. إنه أفضل تطبيق بودكاست ويعمل على أجهزة اندرويد والأيفون والويب. قم بالتسجيل لمزامنة الاشتراكات عبر الأجهزة.
مشابه لـSecurity Weekly Podcast Network (Audio)
Cybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.
…
continue reading
Explore true stories of the dark side of the Internet with host Jack Rhysider as he takes you on a journey through the chilling world of hacking, data breaches, and cyber crime.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Daily update on current cyber security threats
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Agile for Humans™ is a weekly podcast dedicated to the individuals and interactions that make agile work. The goal is to help create safe and collaborative working environments where people are empowered to do their best work.
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Player FM - تطبيق بودكاست
انتقل إلى وضع عدم الاتصال باستخدام تطبيق Player FM !
انتقل إلى وضع عدم الاتصال باستخدام تطبيق Player FM !
