Join our AppSec experts—Merlyn, Malcolm, MegaZone, and host Chase Abbott—as they dig into some of the latest stories shaking up the cybersecurity world. This week's AppSec Now explores an active campaign targeting Amazon EC2 instance metadata via SSRF vulnerabilities, and why that's a wider-reaching problem than you might think. We discuss Oracle's controversial handling of their cloud breach and the impact of trust in the disclosure process. Also in the mix: malicious NPM packages deployed by North Korean hackers, a sneaky Golang malware employing "click-fix" tactics for crypto theft, and a critical Apache Parquet remote code execution bug rated CVSS 10.0—but how worried should we really be? 🔗 Relevant Links Here:https://community.f5.com/kb/security-insights/oracle-hack-north-korean-hackers-critical-flaw-in-apache/34070800:00 Introduction04:01 F5 Labs: AWS EC2 SSRF10:44 Oracle Cloud Breach16:44 Verizon iOS App Exposure20:23 BeaverTail Malware via NPM24:43 Golang Ghost Malware28:34 Apache Parquet RCE - CVSS 10 !!!34:12 Outro

Ver todos los episodios