Amazon EC2 SSRF Breach, Oracle Cloud Breach & Malicious NPM Packages Exposed
Description
Join our AppSec experts—Merlyn, Malcolm, MegaZone, and host Chase Abbott—as they dig into some of the latest stories shaking up the cybersecurity world. This week's AppSec Now explores an active campaign targeting Amazon EC2 instance metadata via SSRF vulnerabilities, and why that's a wider-reaching problem than you might think. We discuss Oracle's controversial handling of their cloud breach and the impact of trust in the disclosure process.
Also in the mix: malicious NPM packages deployed by North Korean hackers, a sneaky Golang malware employing "click-fix" tactics for crypto theft, and a critical Apache Parquet remote code execution bug rated CVSS 10.0—but how worried should we really be?
🔗 Relevant Links Here:https://community.f5.com/kb/security-insights/oracle-hack-north-korean-hackers-critical-flaw-in-apache/340708
00:00 Introduction
04:01 F5 Labs: AWS EC2 SSRF
10:44 Oracle Cloud Breach
16:44 Verizon iOS App Exposure
20:23 BeaverTail Malware via NPM
24:43 Golang Ghost Malware
28:34 Apache Parquet RCE - CVSS 10 !!!
34:12 Outro
United States
