Security Weekly Podcast Network (Audio)
Technology
For the Security News, we officially welcome Bill Swearingen to our expert panel of PSW hosts, and discuss the news including hacking shenanigans, QNAP, recovering crypto currency, Android malware, and more!
Then in a pre-recorded segment: Sonar Vulnerability Researchers Thomas Chauchefoin and Paul Gerste conducted research on the security of Visual Studio Code — the most popular code editor out there — which was presented at DEF CON 31 in August. The pair uncovered a few ways for attackers to gain code execution on a victim's computer if they clicked on a specially crafted link or opened a malicious folder in Visual Studio Code, bypassing existing mitigations like Workspace Trust. Developers tend to trust their IDEs and do not expect such security issues to exist. As developers have access to source code and production systems, they make for very interesting targets for threat actors. Important to note is that the security concepts that the two are able to demonstrate apply not just to Visual Studio Code, but to most other code editors. This is also the story of how the researchers got an unexpected $30,000 bounty from Microsoft for these bugs, by mistake!
Segment Resources:
BLOG POSTS Securing Developer Tools: Argument Injection in Visual Studio Code (https://www.sonarsource.com/blog/securing-developer-tools-argument-injection-in-vscode/) Securing Developer Tools: Git Integrations (https://www.sonarsource.com/blog/securing-developer-tools-git-integrations/)
CVEs CVE-2023-36742 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36742) CVE-2022-30129 (https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2022-30129) CVE-2021-43891 (https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2021-43891)
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw-804
Real Edge Computing Use Cases from the AT&T Cybersecurity Insights Report - Theresa Lanowitz, Mark Freifeld - BSW #330
Cybertruck, Okta, Google, Black Basta, Zoom, Unitronics, Aaran Leyland, and More - SWN #345
Non-profits need security too & Cybercrime is booming - Keith Jarvis, Kelley Misata - ESW #341
AI & LLMs - Josh More, Matthew Carpenter - PSW #808
Starting with Appsec -- Is It More of a Position or a Process? - ASW #264
Chimera, Aliquippa, FNF, Lazarus, DARPA, Namedrop, Google, Aaran Leyland, and More - SWN #344
1% Leadership - Andy Ellis - BSW #329
Spying & Cyber Warfare - SDL - SWN Vault
Breaking into Cyber – Perspective from a High School - Tim Cathcart - ESW Vault
Interview with Brian Snow - PSW Vault
Travel Security - SDL - SWN Vault
Building Security from Scratch: One Year as CISO at a Start-up - Guillaume Ross - BSW Vault
Platform Firmware Security - Maggie Jauregui - ASW Vault
Cashwarp vs. Reptar, Rackspace, BlackCat, Bots, Aaran Leyland and More - SWN #343
Exploring the Intersection of Security for Edge Computing and Endpoint - Theresa Lanowitz, Mani Keerthi Nagothu - ESW #340
3 Layers of App Security to Keep Hackers Out, Let Customers In - Aviad Mizrachi - PSW #807
How 2023 Changed Application Security and What’s to Come in 2024 - Karl Triebes - ASW #263
Cybertruck, Solarwinds, Bitcoin, Docker, Ducktail, Experian, More News and Jason Wood - SWN #342
Say Easy, Do Hard - Cyber Risk Management - BSW #328
Aidan Holland, Kelly Shortridge - ESW #339
Create your
podcast in
minutes
It is Free
Insight Story: Tech Trends Unpacked
Zero-Shot
Fast Forward by Tomorrow Unlocked: Tech past, tech future
The Unbelivable Truth - Series 1 - 26 including specials and pilot
A Prairie Home Companion: News from Lake Wobegon