Talkin’ About Infosec News – 9/17/2021





ORIGINALLY AIRED ON SEPTEMBER 13, 2021

Articles discussed in this episode:

00:00 – BHIS – Talkin’ Bout [infosec] News 2021-09-13

02:59 – Story # 1: https://cyberworkx.in/2021/08/31/authentication-bypass-vulnerability-in-exchange-server/

04:43 – Story # 1b: https://techcommunity.microsoft.com/t5/exchange-team-blog/how-to-update-ad-schema-to-address-cve-2021-34470-if-exchange-is/ba-p/2617083

07:22 – Story # 2: https://cyberworkx.in/2021/09/08/microsoft-warns-of-new-zeroday-vulnerability-hunting-down-windows-users/

13:16 – Story # 3: https://therecord.media/ghostscript-zero-day-allows-full-server-compromises/

17:28 – Story # 3b: https://xkcd.com/2347/

22:03 – Story # 4: https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/

30:15 – Story # 5: https://venturebeat.com/2021/09/11/8-orgs-with-web-apps-for-file-uploads-have-adequate-cybersecurity/

33:21 – Story # 5b: https://stackoverflow.com/questions/1732348/regex-match-open-tags-except-xhtml-self-contained-tags/1732454#1732454

34:15 – Story # 6: https://www.bleepingcomputer.com/news/security/hackers-leak-passwords-for-500-000-fortinet-vpn-accounts/

39:32 – Story # 7: https://www.bleepingcomputer.com/news/security/revil-ransomwares-servers-mysteriously-come-back-online/


Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment.

https://www.blackhillsinfosec.com/services/cyber-range/