文章讨论了勒索软件攻击通常利用旧漏洞成功入侵的问题,并指出应用安全团队需加强配置和采用默认安全策略。此外还涉及卫星通信监控、AI模型中毒、后量子加密及浏览器安全等议题。 2025-10-21 09:0:0 Author: sites.libsyn.com(查看原文) 阅读量:4 收藏
Oct 21, 2025
Ransomware attacks typically don't care about memory safety and dependency scanning, they often target old, unpatched vulns and too often they succeed. Rob Allen shares some of the biggest cases he's seen, what they have in common, and what appsec teams could do better to help them. Too much software still requires custom configuration to make it more secure. And too few software makers are embracing secure by default, let alone secure by design.
In the news, passively monitoring geosynchronous satellite communications on the cheap, successful LLM poisoning of any size model with a single size dose, security engineering lessons from Signal's post-quantum crypto work, improving security for JavaScript in the browser, and more!
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-353
如有侵权请联系:admin#unsafe.sh