Network Security News Summary for Tuesday January 10th, 2023
SANS Internet Storm Center's Daily Network Security News Podcast · Johannes B. Ullrich
January 10, 20236m 3s
Audio is streamed directly from the publisher (traffic.libsyn.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
CircleCI Config File Hunt; AWS S3 Encryption; MatrixSSL RCE; Auth0 JWT Library Vulnerablity New Year Old Tricks: Hunting for CircleCI Configuration Files https://isc.sans.edu/diary/New%20year%2C%20old%20tricks%3A%20Hunting%20for%20CircleCI%20configuration%20files/29416 Amazon S3 Encrypts New Objects By Default https://aws.amazon.com/blogs/aws/amazon-s3-encrypts-new-objects-by-default/ MatrixSSL Buffer Overflow https://github.com/matrixssl/matrixssl/security/advisories/GHSA-fmwc-gwc5-2g29 Auth0 JsonWebToken Vulnerability CVE-2022-23529 https://unit42.paloaltonetworks.com/jsonwebtoken-vulnerability-cve-2022-23529/ keywords: auth0; jsonwebtoken; jwt; matrixssl; amazone; s3; encryption; cricleci; configuration