Hak5 | OWASP Oopsies and Calling XZ What It Is - ThreatWire @hak5 | Uploaded 5 months ago | Updated 3 hours ago
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️
Support ThreatWire → https://patreon.com/threatwire
@endingwithali →
Twitch: https://twitch.tv/endingwithali
Twitter: https://twitter.com/endingwithali
YouTube: https://youtube.com/@endingwithali
Everywhere else: https://links.ali.dev
@0xTib3rius
Twitter: https://twitter.com/0xTib3rius
Twitch: https://www.twitch.tv/0xTib3rius
YouTube: https://www.youtube.com/Tib3rius
Everywhere else: https://tib3rius.com/
@TracketPacer
Twitter: https://twitter.com/TracketPacer
YouTube: https://www.youtube.com/c/tracketpacer
TikTok: https://www.tiktok.com/@tracketpacer
Everywhere else: https://www.tracketpacer.com/
[❗] Join the book club on Patreon→ https://patreon.com/threatwire
0:00 Intro
0:11 - Backdoor in XZ-Utils
4:46 - OWASP Oopsies
5:30 - UPDATE: NVD has broken its silence
8:14 - UPDATE: AT&T Finally Admits The L
8:57 - OUTRO
LINKS
🔗 Story 1: Backdoor in XZ-Utils
https://mastodon.social/@AndresFreundTec/112180406142695845
https://www.wiz.io/blog/cve-2024-3094-critical-rce-vulnerability-found-in-xz-utils
https://bsky.app/profile/filippo.abyssdomain.expert/post/3kowjkx2njy2b
https://www.mail-archive.com/xz-devel@tukaani.org/msg00566.html
https://www.openwall.com/lists/oss-security/2024/03/29/4
https://boehs.org/node/everything-i-know-about-the-xz-backdoor#fnref2
https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27
🔗 Story 2: OWASP Oopsies
https://twitter.com/owasp/status/1774851614752313460
https://www.bleepingcomputer.com/news/security/owasp-discloses-data-breach-caused-by-wiki-misconfiguration/
https://owasp.org/blog/2024/03/29/OWASP-data-breach-notification.html
🔗 Story 3: UPDATE: NVD has broken its silence
https://www.first.org/conference/vulncon2024/
https://www.infosecurity-magazine.com/news/nist-unveils-new-nvd-consortium/?&web_view=true
https://sos-vo.org/news/nist-unveils-new-consortium-operate-its-national-vulnerability-database
https://nvd.nist.gov/general/news/nvd-program-transition-announcement
🔗 Story 4: UPDATE: AT&T Finally Admits The L
https://www.securityweek.com/att-says-data-on-73-million-customers-leaked-on-dark-web/
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️
Support ThreatWire → https://patreon.com/threatwire
@endingwithali →
Twitch: https://twitch.tv/endingwithali
Twitter: https://twitter.com/endingwithali
YouTube: https://youtube.com/@endingwithali
Everywhere else: https://links.ali.dev
@0xTib3rius
Twitter: https://twitter.com/0xTib3rius
Twitch: https://www.twitch.tv/0xTib3rius
YouTube: https://www.youtube.com/Tib3rius
Everywhere else: https://tib3rius.com/
@TracketPacer
Twitter: https://twitter.com/TracketPacer
YouTube: https://www.youtube.com/c/tracketpacer
TikTok: https://www.tiktok.com/@tracketpacer
Everywhere else: https://www.tracketpacer.com/
[❗] Join the book club on Patreon→ https://patreon.com/threatwire
0:00 Intro
0:11 - Backdoor in XZ-Utils
4:46 - OWASP Oopsies
5:30 - UPDATE: NVD has broken its silence
8:14 - UPDATE: AT&T Finally Admits The L
8:57 - OUTRO
LINKS
🔗 Story 1: Backdoor in XZ-Utils
https://mastodon.social/@AndresFreundTec/112180406142695845
https://www.wiz.io/blog/cve-2024-3094-critical-rce-vulnerability-found-in-xz-utils
https://bsky.app/profile/filippo.abyssdomain.expert/post/3kowjkx2njy2b
https://www.mail-archive.com/xz-devel@tukaani.org/msg00566.html
https://www.openwall.com/lists/oss-security/2024/03/29/4
https://boehs.org/node/everything-i-know-about-the-xz-backdoor#fnref2
https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27
🔗 Story 2: OWASP Oopsies
https://twitter.com/owasp/status/1774851614752313460
https://www.bleepingcomputer.com/news/security/owasp-discloses-data-breach-caused-by-wiki-misconfiguration/
https://owasp.org/blog/2024/03/29/OWASP-data-breach-notification.html
🔗 Story 3: UPDATE: NVD has broken its silence
https://www.first.org/conference/vulncon2024/
https://www.infosecurity-magazine.com/news/nist-unveils-new-nvd-consortium/?&web_view=true
https://sos-vo.org/news/nist-unveils-new-consortium-operate-its-national-vulnerability-database
https://nvd.nist.gov/general/news/nvd-program-transition-announcement
🔗 Story 4: UPDATE: AT&T Finally Admits The L
https://www.securityweek.com/att-says-data-on-73-million-customers-leaked-on-dark-web/
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
