Talkin' Bout [Infosec] News

ORIGINALLY AIRED ON SEPTEMBER 13, 2021

Articles discussed in this episode:

00:00 – BHIS – Talkin’ Bout [infosec] News 2021-09-13

02:59 – Story # 1: https://cyberworkx.in/2021/08/31/authentication-bypass-vulnerability-in-exchange-server/

04:43 – Story # 1b: https://techcommunity.microsoft.com/t5/exchange-team-blog/how-to-update-ad-schema-to-address-cve-2021-34470-if-exchange-is/ba-p/2617083

07:22 – Story # 2: https://cyberworkx.in/2021/09/08/microsoft-warns-of-new-zeroday-vulnerability-hunting-down-windows-users/

13:16 – Story # 3: https://therecord.media/ghostscript-zero-day-allows-full-server-compromises/

17:28 – Story # 3b: https://xkcd.com/2347/

22:03 – Story # 4: https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/

30:15 – Story # 5: https://venturebeat.com/2021/09/11/8-orgs-with-web-apps-for-file-uploads-have-adequate-cybersecurity/

33:21 – Story # 5b: https://stackoverflow.com/questions/1732348/regex-match-open-tags-except-xhtml-self-contained-tags/1732454#1732454

34:15 – Story # 6: https://www.bleepingcomputer.com/news/security/hackers-leak-passwords-for-500-000-fortinet-vpn-accounts/

39:32 – Story # 7: https://www.bleepingcomputer.com/news/security/revil-ransomwares-servers-mysteriously-come-back-online/

Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment.

https://www.blackhillsinfosec.com/services/cyber-range/

Show Notes

ORIGINALLY AIRED ON SEPTEMBER 13, 2021 Articles discussed in this episode: 00:00 – BHIS – Talkin’ Bout [infosec] News 2021-09-13 02:59 – Story # 1: https://cyberworkx.in/2021/08/31/authentication-bypass-vulnerability-in-exchange-server/ 04:43 – Story # 1b: https://techcommunity.microsoft.com/t5/exchange-team-blog/how-to-update-ad-schema-to-address-cve-2021-34470-if-exchange-is/ba-p/2617083 07:22 – Story # 2: https://cyberworkx.in/2021/09/08/microsoft-warns-of-new-zeroday-vulnerability-hunting-down-windows-users/ 13:16 – Story # 3: https://therecord.media/ghostscript-zero-day-allows-full-server-compromises/ 17:28 – Story # 3b: https://xkcd.com/2347/ 22:03 – Story # 4: https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/ 30:15 – Story # 5: https://venturebeat.com/2021/09/11/8-orgs-with-web-apps-for-file-uploads-have-adequate-cybersecurity/ 33:21 – Story # 5b: https://stackoverflow.com/questions/1732348/regex-match-open-tags-except-xhtml-self-contained-tags/1732454#1732454 34:15 – Story # 6: https://www.bleepingcomputer.com/news/security/hackers-leak-passwords-for-500-000-fortinet-vpn-accounts/ 39:32 – Story # 7: https://www.bleepingcomputer.com/news/security/revil-ransomwares-servers-mysteriously-come-back-online/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/
  • (00:00) - BHIS - Talkin' Bout [infosec] News 2021-09-13
  • (02:59) - Story # 1: https://cyberworkx.in/2021/08/31/authentication-bypass-vulnerability-in-exchange-server/
  • (04:43) - Story # 1b: https://techcommunity.microsoft.com/t5/exchange-team-blog/how-to-update-ad-schema-to-address-cve-2021-34470-if-exchange-is/ba-p/2617083
  • (07:22) - Story # 2: https://cyberworkx.in/2021/09/08/microsoft-warns-of-new-zeroday-vulnerability-hunting-down-windows-users/
  • (13:16) - Story # 3: https://therecord.media/ghostscript-zero-day-allows-full-server-compromises/
  • (17:28) - Story # 3b: https://xkcd.com/2347/
  • (22:03) - Story # 4: https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/
  • (30:15) - Story # 5: https://venturebeat.com/2021/09/11/8-orgs-with-web-apps-for-file-uploads-have-adequate-cybersecurity/
  • (33:21) - Story # 5b: https://stackoverflow.com/questions/1732348/regex-match-open-tags-except-xhtml-self-contained-tags/1732454#1732454
  • (34:15) - Story # 6: https://www.bleepingcomputer.com/news/security/hackers-leak-passwords-for-500-000-fortinet-vpn-accounts/
  • (39:32) - Story # 7: https://www.bleepingcomputer.com/news/security/revil-ransomwares-servers-mysteriously-come-back-online/

What is Talkin' Bout [Infosec] News?

A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
Join us live on YouTube, Monday's at 4:30PM ET