Welcome to the latest episode of AppSec Now, a DevCentral podcast dedicated to the ever-evolving world of application security. In this episode, Chase takes the reins while Aubrey is away, joined by Malcolm Heath, a principal researcher at F5 Labs, and the illustrious MegaZone, a principal security engineer on the SIRT team.

We dive deep into the recent Apache Camel remote code execution vulnerability, discussing the initial panic and the eventual revelation that it was a medium-severity CVE with narrow impact. We also explore the ongoing debate on government backdoors in end-to-end encryption, with insights on the recent stances of Signal and Apple. Finally, we shed light on the recent DDoS attack on X (formerly Twitter), attributed to Dark Storm, and discuss the complexities of attributing such attacks. Stay informed and up-to-date with the latest trends and threats in the AppSec world!

References: https://community.f5.com/kb/security-insights/appsec-camels-typhoons-and-backdoors/340217

00:00 Introduction

00:59 Apache Camel RCE

10:09 Silk Typhoon

16:11 Government Encryption Backdoors

25:51 X (Twitter) DDoS

30:25 VulnCon Comin' Up!

32:16 Outro