SN 808: CNAME Collusion - Seven Exchange 0-Days, Firefox Enhanced Tracking Protection, SolarWinds Password

Security Now (Audio)

English - March 03, 2021 01:00 - 2 hours - 57.9 MB - ★★★★★ - 1.5K ratings
Tech News News Technology twit technology steve gibson leo laporte security spyware malware hacking cyber crime encryption Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed

Previous Episode: SN 807: Dependency Confusion - SHAREit's Security Update, Solorigate, Brave's "Private Window With Tor"

Next Episode: SN 809: Hafnium - Dependency Confusion, Intel Side Channel Attacks, Crispy Subtitles From Lay's

Seven Exchange 0-days, Firefox Enhanced Tracking Protection, SolarWinds Password.

Chrome to default to trying HTTPS first when not specified.
Firefox's "Enhanced Tracking Protection" just neutered 3rd-party cookies!
As easy as "SolarWinds123".
Rockwell Automation's CVE-2021-22681 is a CRITICAL 10 out of 10.
VMware's vCenter troubles.
SpinRite update.
Microsoft issues emergency patches for 4 exploited 0-days in Exchange.
CNAME Collusion.

We invite you to read our show notes at https://www.grc.com/sn/SN-808-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

privacy.com/securitynow
Melissa.com/twit
itpro.tv/securitynow promo code SN30