Latest in AppSec: Apache Camel RCE, X DDoS, Silk Typhoon, and Encryption Debates
Description
Welcome to the latest episode of AppSec Now, a DevCentral podcast dedicated to the ever-evolving world of application security. In this episode, Chase takes the reins while Aubrey is away, joined by Malcolm Heath, a principal researcher at F5 Labs, and the illustrious MegaZone, a principal security engineer on the SIRT team.
We dive deep into the recent Apache Camel remote code execution vulnerability, discussing the initial panic and the eventual revelation that it was a medium-severity CVE with narrow impact. We also explore the ongoing debate on government backdoors in end-to-end encryption, with insights on the recent stances of Signal and Apple. Finally, we shed light on the recent DDoS attack on X (formerly Twitter), attributed to Dark Storm, and discuss the complexities of attributing such attacks. Stay informed and up-to-date with the latest trends and threats in the AppSec world!
References: https://community.f5.com/kb/security-insights/appsec-camels-typhoons-and-backdoors/340217
00:00 Introduction
00:59 Apache Camel RCE
10:09 Silk Typhoon
16:11 Government Encryption Backdoors
25:51 X (Twitter) DDoS
30:25 VulnCon Comin' Up!
32:16 Outro
United States
