SN 902: A Generic WAF Bypass - Pwn2Own Toronto, URSNIF malware, Vivaldi Mastodon support, Bye Bye SHA-1

Security Now (Audio)

English - December 21, 2022 02:39 - 1 hour - 53.6 MB - ★★★★★ - 1.5K ratings
Tech News News Technology twit technology steve gibson leo laporte security spyware malware hacking cyber crime encryption Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed

Previous Episode: SN 901: Apple Encrypts the Cloud - Chrome Passkeys, Telegram malware, SYNC.com outage, Rackspace lawsuits

Next Episode: SN 903: Security Now Best of 2022 - The best moments from throughout the year

Picture of the Week.
A malware operation known as URSNIF.
Pwn2Own Toronto 2022.
Citrix and Fortinet recently released security updates to patch 0-day vulnerabilities.
Patch Tuesday.
Another Uber breach?
Elon Botches 'Bot Blockage.
Vivaldi integrates Mastodon in its desktop browser.
5,200 Dutch government warnings.
CIB: "Coordinated Inauthentic Behavior"
GitHub to require 2FA by the end of next year.
Bye bye SHA-1.
WordFence's VERY useful looking WordPress add-on vulnerability database.
Closing The Loop.
SpinRite.
A Generic WAF Bypass.

Show Notes https://www.grc.com/sn/SN-902-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsor:

plextrac.com/twit