Latest in AppSec: Apache Camel RCE, X DDoS, Silk Typhoon and Encryption Debates

Welcome to the latest episode of AppSec Now, a DevCentral podcast dedicated to the ever-evolving world of application security. In this episode, Chase takes the reins while Aubrey is away, joined by Malcolm Heath, a principal researcher at F5 Labs, and the illustrious MegaZone, a principal security engineer on the SIRT team. We dive deep into the recent Apache Camel remote code execution vulnerability, discussing the initial panic and the eventual revelation that it was a medium-severity CVE with narrow impact. We also explore the ongoing debate on government backdoors in end-to-end encryption, with insights on the recent stances of Signal and Apple. Finally, we shed light on the recent DDoS attack on X (formerly Twitter), attributed to Dark Storm, and discuss the complexities of attributing such attacks. Stay informed and up-to-date with the latest trends and threats in the AppSec world! References: https://community.f5.com/kb/security-insights/appsec-camels-typhoons-and-backdoors/340217 00:00 Introduction 00:59 Apache Camel RCE 10:09 Silk Typhoon 16:11 Government Encryption Backdoors 25:51 X (Twitter) DDoS 30:25 VulnCon Comin' Up! 32:16 Outro