2024-03-05 Weekly News — Episode 212
Watch the video version on YouTube at https://youtube.com/live/Vg81ar7GfW4?feature=share
Hosts:
Thanks to our Sponsor - Ortus Solutions
The makers of ColdBox, CommandBox, ForgeBox, TestBox and all your favorite box-es out there.
A few ways to say thanks back to Ortus Solutions:
Patreon Support (phenomenal)
We have 46 patreons:
https://www.patreon.com/ortussolutions.
News and Announcements
Whitehouse Mandate - Press Release: Future Software Should Be Memory Safe
Leaders in Industry Support White House Call to Address Root Cause of Many of the Worst Cyber Attacks
Today, the White House Office of the National Cyber Director (ONCD) released a report calling on the technical community to proactively reduce the attack surface in cyberspace. ONCD makes the case that technology manufacturers can prevent entire classes of vulnerabilities from entering the digital ecosystem by adopting memory safe programming languages. ONCD is also encouraging the research community to address the problem of software measurability to enable the development of better diagnostics that measure cybersecurity quality.
Full Report: https://www.whitehouse.gov/wp-content/uploads/2024/02/Final-ONCD-Technical-Report.pdf
Blog Post: https://www.whitehouse.gov/oncd/briefing-room/2024/02/26/press-release-technical-report/
Three Recent Lucee Vulnerabilities
Last week, Harsh Jaiswal and Rahul Maini from ProjectDiscovery released some impressive security research on multiple vulnerabilities in Lucee (and Mura CMS and Masa CMS). Their blog post is a must-read, and I'm not going to rehash their steps from research to discovery to exploitation. Instead, I'm going to look at these vulnerabilities through a defensive lens.
https://www.hoyahaxa.com/2024/02/thinking-defensively-about-three-recent.html
One Reason Why Your ColdFusion Server May Still Be Vulnerable Even With the Latest Security Updates Installed
Next Tuesday is Adobe Patch Tuesday. Will there be new ColdFusion security updates? I have no idea. But even if there are no new patches released, and your ColdFusion servers already have the latest updates installed, you may still be missing an important step in keeping them secure.
https://www.hoyahaxa.com/2024/03/one-reason-why-your-coldfusion-server.html
ICYMI : CF Summit East Announced
Adobe and Carahsoft would like to officially invite you to our interactive Adobe ColdFusion Summit East 2024. This event is an unparalleled experience featuring a gathering of professionals, developers, and thought leaders in the dynamic realm of ColdFusion technology.
.css-j9qmi7{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;font-weight:700;margin-bottom:1rem;margin-top:2.8rem;width:100%;-webkit-box-pack:start;-ms-flex-pack:start;-webkit-justify-content:start;justify-content:start;padding-left:5rem;}@media only screen and (max-width: 599px){.css-j9qmi7{padding-left:0;-webkit-box-pack:center;-ms-flex-pack:center;-webkit-justify-content:center;justify-content:center;}}.css-j9qmi7 svg{fill:#27292D;}.css-j9qmi7 .eagfbvw0{-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;color:#27292D;}
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations.
The Nikki Glaser Podcast
Every week comedian and infamous roaster Nikki Glaser provides a fun, fast-paced, and brutally honest look into current pop-culture and her own personal life.
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.