Code comments cause SAML conundrum. [Research Saturday]

FromCyberWire Daily

Start listening View podcast show

Code comments cause SAML conundrum. [Research Saturday]

FromCyberWire Daily

ratings:

Length:

19 minutes

Released:

Mar 24, 2018

Format:

Podcast episode

Description

Researchers at Duo Security recently unearthed a new vulnerability class that affects SAML-based single sign-on (SSO) systems. This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim user’s password.
Kelby Ludwig is a Senior Application Security Engineer at Duo security, and he takes us through his discoveries.

Released:

Mar 24, 2018

Format:

Podcast episode

More Episodes from CyberWire Daily

Skip carousel

Encore: Welcome to New York, it's been waitin' for you. [Research Saturday] by CyberWire Daily
21 min listen
Deep dive into the 2024 Incident Response Report with Unit 42's Michael "Siko" Sikorski [Threat Vector] by CyberWire Daily
43 min listen
Encore: The curious case of the missing IcedID. [Only Malware in the Building] by CyberWire Daily
22 min listen
The Supreme Court is bringing a judicial shakeup. by CyberWire Daily
33 min listen
Take a trip down regreSSHion lane. by CyberWire Daily
35 min listen
A swift fix for a serious router bug. by CyberWire Daily
28 min listen
The current state of IAM: A Rick-the-toolman episode. by CyberWire Daily
16 min listen
Encore: Carole Theriault: Constantly learning new things. [Media] [Career Notes] by CyberWire Daily
8 min listen
APT36's cyber blitz on India. [Research Saturday] by CyberWire Daily
21 min listen
Solution Spotlight: Progress on the National Cyber Workforce and Education Strategy. [Special Edition] by CyberWire Daily
36 min listen
TeamViewer and APT29 go toe to toe. by CyberWire Daily
29 min listen
2024 Cyber Talent Study by N2K and WiCyS. [Special Edition] by CyberWire Daily
44 min listen
E-commerce or E-spying? by CyberWire Daily
30 min listen
LockBit picks a brawl with banks. by CyberWire Daily
34 min listen
U.S. and China dance the telecom tango. by CyberWire Daily
34 min listen
The claim heard ‘round the world. by CyberWire Daily
36 min listen
Encore: Sal Aurigemma: How things work. [Education] [Career Notes] by CyberWire Daily
8 min listen
Piercing the through the fog. [Research Saturday] by CyberWire Daily
19 min listen
U.S. tightens the cybersecurity belt. by CyberWire Daily
35 min listen
Cyberattack leaves dealerships feeling stuck in neutral. by CyberWire Daily
31 min listen
T-Minus Overview- Our Moon [T-Minus Radio Program] by CyberWire Daily
30 min listen
Servers seized, terrorists teased. by CyberWire Daily
36 min listen
Scattered Spider hacker snagged in Spain. by CyberWire Daily
37 min listen
The current state of XDR: A Rick-the-toolman episode. by CyberWire Daily
19 min listen
Encore: Rosa Smothers: Secure the planet. [Intelligence] [Career Notes] by CyberWire Daily
7 min listen
Exploring the mechanics of Infostealer malware. [Research Saturday] by CyberWire Daily
29 min listen
A hacking keeps you humble. by CyberWire Daily
39 min listen
Whistleblower warns of profit over protection. by CyberWire Daily
34 min listen
COATHANGER isn’t hanging up just quite yet. by CyberWire Daily
31 min listen
Hijacking your heritage. by CyberWire Daily
34 min listen

Related podcast episodes

Skip carousel

Downloading cracked software. [Research Saturday] by CyberWire Daily
17 min listen
Security Modeling Tools: In this podcast, Julien Delange discusses security modeling tools that his team developed and how to use them to capture vulnerabilities and their propagation path in an architecture. by Software Engineering Institute (SEI) Podcast Series
24 min listen
EasyJailbreak: A Unified Framework for Jailbreaking Large Language Models: Jailbreak attacks are crucial for identifying and mitigating the security vulnerabilities of Large Language Models (LLMs). They are designed to bypass safeguards and elicit prohibited outputs. However, due to significant differences among various jai... by Papers Read on AI
20 min listen
October 20, 2020: US files charges against high profile attackers A new browser wants to look at social media algorithms Microsoft Exchange and OWA are increasingly malware targets Thanks to our episode sponsor, SecureLayer7. Getting rid of vulnerabilities within the... by Cyber Security Headlines
7 min listen
VSCode Vulnerabilities - Thomas Chauchefoin, Paul Gerste - PSW #804: For the Security News, we officially welcome Bill Swearingen to our expert panel of PSW hosts, and discuss the news including hacking shenanigans, QNAP, recovering crypto currency, Android malware, and more! Then in a pre-recorded segment: Sonar... by Security Weekly Podcast Network (Audio)
178 min listen
Prompt Injection Attacks with SVAM's Devansh: In this episode, we dive deep into the world of prompt injection attacks in Large Language Models (LLMs) with the Devansh, AI Solutions Lead at SVAM. We discuss the attacks, existing vulnerabilities, real-world examples, and the strategies attackers ... by Partially Redacted: Data, AI, Security, and Privacy
48 min listen
A dark side to LLMs. [Research Saturday] by CyberWire Daily
18 min listen
Are you running what you think you're running? [Research Saturday]: Built into virtually every hardware device, firmware is lower-level software that is programmed to ensure that hardware functions properly. As software security has been significantly hardened over the past two decades, hackers have responded by... by CyberWire Daily
16 min listen
Modern Threat Detection at Google: Guest: , Security Engineering Manager in the Detection and Response team @ Google Topics: What is special about detecting modern threats in modern environments? How does the Google team turn the knowledge of threats into detection logic? Run... by Cloud Security Podcast by Google
24 min listen
Attacker Tradecraft with Simuland by The Azure Security Podcast
42 min listen
Incorporating Supply-Chain Risk and DevSecOps into a Cybersecurity Strategy: Organizations are turning to DevSecOps to produce code faster and at lower cost, but the reality is that much of the code is actually coming from the software supply chain through code libraries, open source, and third-party components where reuse is... by Software Engineering Institute (SEI) Podcast Series
32 min listen
January 27, 2021: Google’s Threat Analysis Group warns of social engineering hack aimed at security researchers Verizon outage started in Brooklyn TikTok fixes flaws allowing theft of private user information And now our sponsor Nucleus Security brings you “The Top... by Cyber Security Headlines
7 min listen
December 1, 2020: Baltimore schools struggling with ransomware UK tightens restrictions on Huawei 5G equipment ZeroLogon now detected by Windows Defender Thanks to our episode sponsor, SecureLayer7. Getting rid of vulnerabilities within the systems can be quite an... by Cyber Security Headlines
6 min listen
From chip-to-cloud: End-to-end security for your IoT solution: IoT security: There are billions of devices with many potential hardware and software vulnerabilities. In this episode of Cloud Talk, we sit down with two security experts who explain how to get started with securing your IoT solution. The episode also examines the importance of implementing identity management, building threat models and testing communication paths. by Cloud Talk
37 min listen
Social engineering: MINEBRIDGE RAT embedded to look like job résumés. [Research Saturday] by CyberWire Daily
17 min listen
Data Driven Software Assurance: In 2012, SEI researchers began investigating vulnerabilities reported to the SEI's CERT Division. A research project was launched to investigate design-related vulnerabilities and quantify their effects. by Software Engineering Institute (SEI) Podcast Series
30 min listen
Snake Oilers: Sublime Security, Vulncheck and Devicie: Tune your email detections, get vuln intel and manage your devices! by Risky Business
20 min listen
Safeguarding Against Recent Vulnerabilities Related to Rust: What can the recently discovered vulnerabilities related to Rust tell us about the security of the language? In this podcast from the Carnegie Mellon University Software Engineering Institute, David Svoboda discusses two vulnerabilities, their... by Software Engineering Institute (SEI) Podcast Series
26 min listen
VSCode Vulnerabilities - Thomas Chauchefoin, Paul Gerste - PSW #804: Sonar Vulnerability Researchers Thomas Chauchefoin and Paul Gerste conducted research on the security of Visual Studio Code — the most popular code editor out there — which was presented at DEF CON 31 in August. The pair uncovered a few ways for... by Security Weekly Podcast Network (Video)
51 min listen
The Evolution & Future of XDR & the SOC - Scott Crawford - ESW #254: Like our interview with Allie Mellen last week (episode 253, check it out also), we have another analyst roundtable here (all ESW hosts are former analysts), discussing one of the hottest new cybersecurity categories - XDR. This discussion will touch... by Security Weekly Podcast Network (Video)
37 min listen
The Evolution & Future of XDR & the SOC - Scott Crawford - ESW #254 by Enterprise Security Weekly (Video)
37 min listen
20: Hygiene for a computing pandemic by FOSS and Crafts
20 min listen
21 Nails: Behind the Scenes Discussion of Qualys Exim Vulnerability Discovery - Wheel - PSW #695: Join Qualys researcher Wheel for a discussion on the team's recent discovery and disclosure of multiple critical vulnerabilities in the Exim mail server. This includes discussion of the vulnerabilities that can be chained together to obtain full... by Security Weekly Podcast Network (Video)
45 min listen
Week in Review: January 25 through 29, 2021: This week’s Cyber Security Headlines Week in Review, January 25-29, 2021, is hosted by with our guest, , Deputy CISO, . Thanks to our sponsor, Nucleus Security All this week on our daily news podcast, Nucleus Security has been sharing some... by Cyber Security Headlines
25 min listen
Exploring the mechanics of Infostealer malware. [Research Saturday] by CyberWire Daily
29 min listen
September 15, 2021: Apple issues urgent updates to fix new zero-day linked to Pegasus spyware Update Google Chrome to patch 2 new zero-day flaws under attack New Zloader attacks disable Windows Defender to evade detection Thanks to our episode sponsor, Sonrai is gaelic... by Cyber Security Headlines
8 min listen
Apple Device Enrollment Program vulnerabilities explored. [Research Saturday]: Apple Device Enrollment Program vulnerabilities explored. [Research Saturday] by CyberWire Daily
20 min listen
August 30, 2021: “Worst cloud vulnerability you can imagine” discovered in Microsoft Azure Work from home increased worldwide phishing attacks T-Mobile hacker brute-forced his way through the network Thanks to our episode sponsor, Semperis Do you know your Active... by Cyber Security Headlines
8 min listen
PSW #759 - Ismael Valenzuela: As Vice President of Threat Research & Intelligence at BlackBerry, Ismael Valenzuela leads threat research, intelligence, and defensive innovation. Ismael has participated as a security professional in numerous projects around the world for over... by Security Weekly Podcast Network (Audio)
197 min listen
Threat hunting: How MDR secures your business by Lock and Code
60 min listen

Discover this podcast and so much more

Code comments cause SAML conundrum. [Research Saturday]

Code comments cause SAML conundrum. [Research Saturday]

Description

More Episodes from CyberWire Daily

Related podcast episodes