Security Now (Audio)
215 episodes - English - Latest episode: 12 days ago - ★★★★★ - 1.5K ratingsCybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week.
Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
SN 884: TLS Private Key Leakage - BIG patch Tuesday, Facebook E2E encryption, VNC insecurity, Cyotek WebCopy
August 17, 2022 03:14 - 1 hour - 51.9 MBPicture of the Week. Patch Flashback Tuesday. Facebook is cautiously creeping toward default E2E encryption. VNC's inherent insecurity. The need to control domain names. And speaking of backup: Cyotek WebCopy. Google's Ryan Sleevi Retweeted Jens Axboe. SandSara Update from Ed Cano. Closing The Loop. SpinRite. TLS Private Key Leakage. We invite you to read our show notes at https://www.grc.com/sn/SN-884-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this ...
SN 883: The Maker's Schedule - VirusTotal, Daniel Bernstein sues the NSA, Win 11 might damage encrypted data
August 10, 2022 02:40 - 1 hour - 50.9 MBPicture of the Week. Crypto is Hard. VirusTotal: Deception at a scale. Windows 11 might damage encrypted data. Microsoft Defender External Attack Surface Management. Closing The Loop. Daniel Bernstein sues the NSA. The Maker's Schedule. We invite you to read our show notes at https://www.grc.com/sn/SN-883-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/cl...
SN 882: Rowhammer's Nine Lives - TLS-Anvil, Chrome cookies stick around, Atlassian Confluence under attack
August 03, 2022 03:16 - 2 hours - 60.9 MBPicture of the Week. Atlassian's "Confluence" under attack. LS-Anvil. Google delays Chrome's cookie phase-out again. Attacker responding to loss of Office Macros. SpinRite. Closing The Loop. RIP: Nichelle Nichols. "The Dropout" on Hulu and "WeCrashed" on AppleTV+. Winamp releases new version after four years in development. Rowhammer's Nine Lives. We invite you to read our show notes at https://www.grc.com/sn/SN-882-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subs...
SN 881: The MV720 - MS Office VBA macros, Win 11 security changes, start button failure
July 27, 2022 03:39 - 2 hours - 56.5 MBPicture of the Week. Patch Tuesday Redux Redux. Windows 11 Start button failure. The continuing saga of Windows VBA macros. Windows 11 now blocks RDP brute-force attacks by default. Black Hat and DefCon coming soon. SpinRite. pfSense and TailScale. Closing The Loop. The MV720. We invite you to read our show notes at https://www.grc.com/sn/SN-881-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes a...
SN 880: RetBleed - Facebook encrypted URLs, cracking Lockdown Mode, ClearView AI resistance, Roskomnadzor
July 20, 2022 02:15 - 1 hour - 53.2 MBPicture of the Week. The Rolling Pwn, take II. The great IPv4 Address Space Depletion. Confronting Reality in Cyberspace: Foreign Policy for a Fragmented Internet. Facebook has started encrypting its link URLs. Crack iOS 16's "Lockdown Mode", earn $2 million. ClearView AI faces some new headwind. Ransomware gangs are getting into the searchable database game, too... Roskomnadzor strikes again! Last Tuesday's Patches. SpinRite. Closing The Loop. RetBleed. We invite you to read o...
SN 879: The Rolling Pwn - OpenSSL patch, iOS Lockdown Mode, Yubikey's to Ukraine, Office Macros re-enabled
July 13, 2022 02:23 - 2 hours - 61.8 MBPicture of the Week. OpenSSL's Patch For Heap Memory Corruption Vulnerability. NIST Announces First Four Quantum-Resistant Cryptographic Algorithms. Yubico donated 30,000 Yubikeys to Ukraine. Apple's new extreme "Lockdown Mode". Microsoft to re-enable Office Macros. This Is the Code the FBI Used to Wiretap the World. Closing The Loop. The Rolling Pwn. We invite you to read our show notes at https://www.grc.com/sn/SN-879-Notes.pdf Hosts: Steve Gibson and Leo Laport...
SN 878: The ZuoRAT - 0-Day Chrome, Firefox v102, HackerOne
July 06, 2022 02:27 - 1 hour - 50.8 MBPicture of the week. Chrome's fourth zero-day of 2022. Mozilla's new Firefox privacy-enhancing feature. HackerOne discloses a malicious insider incident. Closing the loop. The ZuoRAT. We invite you to read our show notes at https://www.grc.com/sn/SN-878-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security...
SN 877: The "Hertzbleed" Attack - 3rd Party FIDO2, Log4Shell, '311" Proposal
June 28, 2022 21:57 - 2 hours - 56.7 MBPicture of the Week. Errata: Firefox's "Total Cookie Protection" 3rd Party FIDO2 Authenticators Germany's not buying the EU's proposal which subverts encryption The Conti Gang have finally pulled the last plug Log4J and Log4Shell is alive and well The '311' emergency number proposal 56 Insecure-By-Design Vulnerabilities "Long Story Short" Closing The Loop The "Hertzbleed" Attack We invite you to read our show notes at https://www.grc.com/sn/SN-877-Notes.pdf Hosts: Steve Gibson a...
SN 876: Microsoft's Patchy Patches - 3rd Party Authenticators, MS-DFSNM, Safari Regression, Firefox Cookies
June 22, 2022 01:00 - 2 hours - 62.4 MBPicture of the Week. Double Decryption (Last week's key-strength puzzler). 3rd Party Authenticators. Firefox: Total Cookie Protection. We keep breaking DDoS attack records. MS-DFSNM. An Apple Safari regression. One Million WordPress sites force-updated. High-Severity RCE in Fastjson Library. Miscellany. Closing The Loop. Microsoft's Patchy Patches. We invite you to read our show notes at https://www.grc.com/sn/SN-876-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download o...
SN 875: The PACMAN Attack - WebAuthn, Passkeys at WWDC, Free Kali Linux Pen Test Course, Proof of Simulation
June 15, 2022 01:30 - 2 hours - 55.2 MBPicture of the Week. Apple's Passkeys presentation at WWDC 2022. WebAuthn. FREE Penetration Testing course with Kali Linux. Proof of Simulation. A valid use for facial recognition: The Smart Pet Door! Closing The Loop. The PACMAN Attack. We invite you to read our show notes at https://www.grc.com/sn/SN-875-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/c...
SN 874: Passkeys, Take 2 - ServiceNSW Responds, Follina, Windows Search URL, UNISOC Chip Vulnerability
June 08, 2022 00:30 - 1 hour - 49.6 MBPicture of the Week. ServiceNSW Responds. ExpressVPN pulls the plug in India. And speaking of pulling the plug. "Follina" under active exploitation. And a Windows Search URL schema can be abused, too. "Critical UNISOC Chip Vulnerability Affects Millions of Android Smartphones". Ransomware sanctions are causing trouble. Conti spotted compromising motherboard firmware. Errata. Closing the Loop. Passkeys, Take 2. We invite you to read our show notes at https://www.grc.com/sn/SN-874...
SN 873: DuckDuckGone? - Digital Driver's License, MS Office 0-day, GhostTouch, Vodafone TrustPiD
June 01, 2022 01:00 - 2 hours - 57.3 MBPicture of the Week. New South Wales DDL — Digital Driver's License. The latest Microsoft Office 0-day remote code execution vulnerability. GhostTouch. Vodafone's new TrustPiD. Closing the Loop. DuckDuckGone? We invite you to read our show notes at https://www.grc.com/sn/SN-873-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a ques...
SN 872: Dis-CONTI-nued: The End of Conti? - Clearview AI in Ukraine, Vancouver Pwn2Own, Voyager 1
May 25, 2022 00:30 - 1 hour - 54.5 MBPicture of the Week. Emergency mid-cycle update for Active Directory. Clearview AI -vs- {Illinois, Australia, Canada and the United Kingdom}. Clearview AI in Ukraine. Pwn2Own Vancouver 2022. The DoJ takes a welcome step back. Sometimes, unlocking can be too convenient. Closing The Loop. Dis-CONTI-nued: The End of Conti? We invite you to read our show notes at https://www.grc.com/sn/SN-872-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://...
SN 871: The New EU Surveillance State - Eventful Patch Tuesday, Open Source Maintenance Crew, BIG-IP Boxes
May 18, 2022 00:00 - 1 hour - 53.5 MBPicture of the Week. An "eventful" Patch Tuesday. Patch Tuesday. Apple patched a 0-day. Google's "Open Source Maintenance Crew". Conti suggests overthrowing the new Costa Rican government. Policing the Google Play Store. The situation has grown more dire for F5 systems' BIG-IP boxes. Errata. Closing The Loop. SpinRite. The New EU Surveillance State. We invite you to read our show notes at https://www.grc.com/sn/SN-871-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or s...
SN 870: That "Passkeys" Thing - White House and Quantum Computers, Android 0-day, Ransomware snapshot
May 11, 2022 03:00 - 2 hours - 57.5 MBPicture of the Week. Google updates Android to patch an actively exploited vulnerability. Connecticut's recently passed data privacy bill became law last Wednesday. Ransomware victim snapshot. US State Department offering $10 million reward for information about Conti members. The worst threat the US faces... The White House and Quantum Computers. The ongoing threat from predictable DNS queries. F5 Networks Remote RCE warning and exploitation. Closing The Loop. Sci-Fi. ...
SN 869: Global Privacy Control - DoD DIB-VDP, OpenSSF's Package Analysis Project, Connecticut Privacy
May 04, 2022 00:30 - 1 hour - 49.8 MBPicture of the Week. DoD DIB-VDP Pilot Overview. The OpenSSF and the Package Analysis project. Connecticut moves toward state privacy protections. Closing The Loop. Global Privacy Control. We invite you to read our show notes at https://www.grc.com/sn/SN-869-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now!...
SN 868: The 0-Day Explosion - Lenovo EUFI Firmware, Everscale Blockchain Wallet, Major Java Update
April 27, 2022 01:00 - 1 hour - 54.9 MBPicture of the Week. CISA's Known Exploited Vulnerabilities Catalog. Lenovo UEFI Firmware Troubles. Everscale Blockchain Wallet. Java 15, 16, 17, and 18 received MUST UPDATES last week. Closing The Loop. Sci-Fi. SpinRite. The 0-Day Explosion. We invite you to read our show notes at https://www.grc.com/sn/SN-868-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twi...
SN 867: A Critical Windows RPC RCE - Another Chrome 0-day, MS Patch-Fest, US Nuclear Systems Unhackable?
April 20, 2022 01:00 - 1 hour - 52.3 MBPicture of the Week. Chrome's 3rd 0-day of 2022. Patch Tuesday Redux. WordPress once again... Apache Struts Framework needs a critical update. Are America's nuclear systems so old they're un-hackable? Closing The Loop. SpinRite. A Critical Windows RPC RCE. We invite you to read our show notes at https://www.grc.com/sn/SN-867-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT ...
SN 866: Spring4Shell - Patch Tuesday, Microsoft's Autopatch System, NGINX 0-Day
April 13, 2022 00:30 - 1 hour - 44 MBPicture of the Week. Could NGINX have a 0-day? Microsoft's new Autopatch system. Another instance of Russian Protest in JavaScript's repository. End-of-service life for some popular Windows editions. Miscellany. Closing The Loop. Spring4Shell. We invite you to read our show notes at https://www.grc.com/sn/SN-866-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twi...
SN 865: Port Knocking - Wyze Gets Spanked, FinFisher Bites the Dust, Spring4Shell, LAPSUS$ Update
April 06, 2022 00:30 - 2 hours - 55.9 MBPicture of the Week. 0-Day Watch. Spring Forward (Java: Spring4Shell) QNAP and the OpenSSL DoS vulnerability. Sophos has a 9.8. CISA orders federal civilian agencies to patch the Sophos vulnerability. Browser-in-the-browser. The supply-chain attacks on NPM have been growing. FinFisher bites the dust. A LAPSUS$ in judgment. Not so Wyze. Closing The Loop. Port Knocking. We invite you to read our show notes at https://www.grc.com/sn/SN-865-Notes.pdf Hosts: Steve Gibson and Leo La...
SN 864: Targeted Exploitation - Ukrainian ISP Challenges, Kaspersky Labs Banned in the US, Chrome 0-Day
March 30, 2022 00:00 - 1 hour - 53.9 MBPicture of the Week. A high severity 0-day vulnerability update for Chrome. An interview with the CTO of a large Ukraine ISP, Ukrtelecom. NPM under attack, again. Honda says, nothing to worry about... The U.S., the FCC, Kaspersky Labs and Chinese Telecoms. Closing The Loop. Targeted Exploitation. We invite you to read our show notes at https://www.grc.com/sn/SN-864-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-no...
SN 863: Use After Free - OpenSSL Bug, Cybercrime Reporting Law, Node.js Supply Chain Compromise
March 23, 2022 01:00 - 1 hour - 52.9 MBPicture of the Week. Report Cybercrime: It's the Law. A software supply chain compromise. Browser in the Browser. TrickBot, MicroTik & Microsoft. The Infinite Loop OpenSSL Bug. CISA Alert AA22-074A. The Windows Local Privilege Escalation that Microsoft seems unable to fix. Use After Free. We invite you to read our show notes at https://www.grc.com/sn/SN-863-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get...
SN 862: QWACs on? or QWACs off? - Patch Tuesday Recap, NVIDIA Hacked, EUFI Firmware Flaw, ProtonMail
March 15, 2022 23:00 - 1 hour - 52.3 MBPicture of the Week. Patch Tuesday for the Industry. Android, too. Firefox emergency update. HP's major UEFI firmware patch-fest. The NVIDIA breach. ProtonMail gets it right. Linux Blues. Russia's New CA. The state of WordPress security. Sci-Fi update. QWACs on? or QWACs off? We invite you to read our show notes at https://www.grc.com/sn/SN-862-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ...
SN 861: Rogue Nation Cyber Consequences - Russia vs. Ukraine, Crypto, StarLink, Namecheap, Telegram
March 09, 2022 01:00 - 1 hour - 47.9 MBPicture of the Week. The Russians are coming. Ukrainian "Cyber Unit Technologies" is paying for attacks on Russia. StarLink in Ukraine. Russia blocks access to Facebook, Twitter, foreign news outlets. Google has become proactive. Namecheap says "no more". Telegram's use explodes. Microsoft also shuts down in Russia. Coinbase. Russia releases the IP addresses and Domains of DDoS attacks. Russia to permit software piracy. Will Russia Disconnect?. We invite you to read our show no...
SN 860: Trust Dies in Darkness - Samsung's TrustZone Keymaster Design, Daxin, Windows 11 compatibility
March 02, 2022 03:23 - 2 hours - 56.1 MBPicture of the Week. Honor among thieves? Daxin. Whither or Wither: Log4j / Log4Shell. "418 I'm a teapot" Will the US attack? Windows 11 Compatibility. Closing the Loop. SpinRite News. Trust Dies in Darkness. We invite you to read our show notes at https://www.grc.com/sn/SN-860-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You c...
SN 859: A BGP Routing Attack - UpdraftPlus, Xenomorph, Ukranian DDoS, The Bobiverse Trilogy
February 23, 2022 02:00 - 1 hour - 50.8 MBPicture of the Week. The "UpdraftPlus" WordPress Plug-In. "Xenomorph" Decrypting "The Hive" Un-Pixelating redacted text. No Internet For You!! If at first you don't succeed... Ukrainian DDoS Attacks. The Bobiverse trilogy. SpinRite News. A BGP Routing Attack. We invite you to read our show notes at https://www.grc.com/sn/SN-859-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club ...
SN 858: InControl - PHP Everywhere, Magento Emergency, Project Zero Stats, Goodbye WMIC, SeriousSAM
February 16, 2022 02:30 - 1 hour - 49.5 MBPicture of the Week. A high-severity 0-day in Chrome. Apple updates against another 0-day. CISA thinks this Apple vulnerability is quite serious. Which brings us back to "SeriousSAM" as it's being called. The CISA Top 16 list. Last Tuesday was the industry's monthly Patch extravaganza. The Magento Emergency. "PHP Everywhere" Google's Vulnerability Reward Program for 2021. Google's Project Zero Stats. Bye bye WMIC. InControl. We invite you to read our show notes at https://www.g...
SN 857: The Inept Panda - China Olympics, SAMBA CVS 9.9 Vulnerability, Microsoft Office 3rd Party Macros
February 09, 2022 02:00 - 2 hours - 56.4 MBPicture of the Week. China's Olympics: Leave your tech at home. We have a serious CVS 9.9 remote code execution vulnerability in SAMBA. Living off the Land. The suspension of the ms-appinstaller:// protocol scheme handler. Soon: Internet-sourced macros WILL NOT RUN in Office apps! Never11? The Inept Panda. We invite you to read our show notes at https://www.grc.com/sn/SN-857-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/s...
SN 856: The “Topics” API - PwnKit Tech Details, DrawnApart, Zerodium Bug Bounties, Log4Shell Hits Ubiquiti
February 02, 2022 03:37 - 2 hours - 68 MBPicture of the Week. Apple eliminates 0-days from iOS and macOS. Qualys published technical details for PwnKit. Log4Shell hits Ubiquiti. New bug bounties posted by Zerodium. "DrawnApart": A device identification technique based on remote GPU fingerprinting. Sorting Windows Folders to the TOP! Closing the Loop. SpinRite. The "Topics" API. We invite you to read our show notes at https://www.grc.com/sn/SN-856-Notes.pdf Hosts: Steve Gibson and Jason Howell Download or subscribe to ...
SN 856: The "Topics" API - PwnKit Tech Details, DrawnApart, Zerodium Bug Bounties, Log4Shell Hits Ubiquiti
February 02, 2022 03:37 - 2 hours - 68 MBPicture of the Week. Apple eliminates 0-days from iOS and macOS. Qualys published technical details for PwnKit. Log4Shell hits Ubiquiti. New bug bounties posted by Zerodium. "DrawnApart": A device identification technique based on remote GPU fingerprinting. Sorting Windows Folders to the TOP! Closing the Loop. SpinRite. The "Topics" API. We invite you to read our show notes at https://www.grc.com/sn/SN-856-Notes.pdf Hosts: Steve Gibson and Jason Howell Download or subscribe to th...
SN 855: Inside the NetUSB Hack - Log4J Update, Cyber-Insurance and Ransomware, EU Bug Bounty Programs
January 26, 2022 01:00 - 1 hour - 50 MBPicture of the Week. Log4J News. Who pays for RansomWare attack recovery? The rising cost of cyber-insurance. Another very dangerous WordPress add-on. And a supply-chain attack on a popular WordPress add-on provider. Does WordPress make sense anymore? The European Union plans to fund some bug bounty programs. The "MoonBounce" EFI Bootkit. Closing the Loop. Inside the NetUSB Hack. We invite you to read our show notes at https://www.grc.com/sn/SN-855-Notes.pdf Hosts: Steve Gibson ...
SN 854: Anatomy of a Log4j Exploit - Buggy KCode, WordPress Security
January 19, 2022 01:09 - 1 hour - 54.4 MBPicture of the Week "Hack the Pentagon" with Log4j Open Source Software Security Summit Microsoft's January Patch Tuesday Review: The GOOD News Microsoft's January Patch Tuesday Review: The Not So Good News Check Your Router Firmware Updates Chrome to Implement PNA Three High Severity Flaws in WordPress Add-ons Closing the Loop: Listener feedback SpinRite Anatomy of a Log4j Exploit We invite you to read our show notes at https://www.grc.com/sn/SN-854-Notes.pdf Hosts: Steve Gibso...
SN 853: URL Parsing Vulnerabilities - US CISA on Log4J, WordPress Security Update, What Is a Pluton
January 12, 2022 02:00 - 1 hour - 50.9 MBPicture of the Week. The US CISA Log4J status update. The H2 Database Console vulnerability. The Federal Trade Commission gets into the act! Chrome fixed 37 known problems last week. The Privacy-first Brave browser. WordPress 5.8.3 security update. What, exactly, is a "Pluton"? The first of Dennis Taylor's three Bobiverse novels. SpinRite. URL Parsing Vulnerabilities. We invite you to read our show notes at https://www.grc.com/sn/SN-853-Notes.pdf Hosts: Steve Gibson and Leo Lapo...
SN 852: December 33rd - Log4j Update, RSA Postponed, Hack the DHS Expanded, Cyber Insurance Cost Rising
January 05, 2022 01:00 - 1 hour - 50 MBPicture of the Week. Log4j's 5th update. Microsoft's Log4j scanner triggers false positives. Chinese government is annoyed with Alibaba. "Hack the DHS" Bug Bounty Expanded. COVID postpones the RSA Conference. DuckDuckGo continues to grow. The cost of cyber insurance will likely be rising or perhaps terminated. "The Matrix Resurrections" what a disappointment! SpinRite. December 33rd. We invite you to read our show notes at https://www.grc.com/sn/SN-852-Notes.pdf Hosts: Steve Gib...
SN 851: Best of 2021 - The Year's Best Stories on Security Now
December 28, 2021 17:02 - 1 hour - 43.3 MBLeo Laporte walks through some of the highlights of the show and most impactful stories of 2021. Stories include: SolarWinds Hack Detailed By Microsoft Crispy Subtitles from Lay's Remembering Dan Kaminsky REvil Hacks Apple Supplier Quanta Computer The "Doom" CAPTCHA How Colonial Pipeline Was Breached When John McAfee Called Steve Gibson T-Mobile Subscribers: Do This Now "Internet Anonymity" is an Oxymoron Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at h...
SN 850: It's a Log4j Christmas - Another Chrome 0-Day, Cloud Clipboard Disabled, Wi-Fi/Bluetooth Leakage
December 22, 2021 02:00 - 2 hours - 56.1 MBPicture of the Week. Google's 16th exploited Chrome 0-day of the year. Firefox refuses to do Microsoft.com! Firefox disabled Microsoft's Cloud Clipboard. Weaknesses in all cellular networks since 2G. Cross Wi-Fi / Bluetooth leakage. "The Matrix Resurrections" aka "The Matrix 4". SpinRite. It's a Log4j Christmas. We invite you to read our show notes at https://www.grc.com/sn/SN-850-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/...
SN 849: Log4j & Log4Shell - Apple AirTag Abuse, Amazon Outage and Cloud Dependence, New WordPress Threats
December 15, 2021 02:00 - 1 hour - 51.6 MBPicture of the Week. Amazon outage and cloud dependence. AirTag Abuse. Windows 11 vs Your Browser of Choice. WordPress once again in the crosshairs. Closing the Loop. Sci-Fi. SpinRite. Log4j & Log4Shell. We invite you to read our show notes at https://www.grc.com/sn/SN-849-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a ques...
SN 848: XSinator - NSS Has a Bug, Botnet on the Blockchain, HP's Vulnerable Printers, Microsoft Edge Relief
December 08, 2021 02:00 - 1 hour - 53.4 MBPicture of the Week. Tavis finds a bad bug in NSS. Cheap Smartwatches for kids and babies? Additional VPN vendors just say no to Roskomnadzor! Windows 11 loosens its grip on Edge. RTF Templates being used to inject malicious content. A Malicious Botnet uses the Bitcoin Blockchain. HP's has been shipping vulnerable printers for 8 years. Sci-Fi. SpinRite. XSinator. We invite you to read our show notes at https://www.grc.com/sn/SN-848-Notes.pdf Hosts: Steve Gibson and Leo Laporte ...
SN 847: Bogons Begone! - 0-Day Windows Exploit, Major MediaTek Flaw, Super Duper Secure Mode
December 01, 2021 01:00 - 2 hours - 59.2 MBPicture of the Week. "Super Duper Secure Mode" 37% of the world's smartphones are vulnerable. The RAT Dispenser. The Entirely Predictable 0-Day Windows Exploit. "The Frontiers Saga: Fringe Worlds" Closing the Loop. Bogons Begone! We invite you to read our show notes at https://www.grc.com/sn/SN-847-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtw...
SN 846: HTTP Request Smuggling - NetGear Routers 0-Day, The Most Brute Forced Passwords, GoDaddy Breach
November 24, 2021 01:30 - 1 hour - 53.6 MBPicture of the Week. An idea whose time has passed... The stats of brute force password attacks. The Most Common Passwords. GoDaddy Breached Bigtime! A heads-up about NetGear routers. HTTP Request Smuggling. We invite you to read our show notes at https://www.grc.com/sn/SN-846-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a qu...
SN 845: Blacksmith - Patch Tuesday's 55 Flaws, The Zen of Code, Ryuk Ransomware Gang
November 17, 2021 01:30 - 1 hour - 50.6 MBPicture of the week. ~10,000 VPN/Firewall appliances from Palo Alto Networks vulnerable. The 0-Patch Guys Produce a Micropatch This brings me to "The Zen of Code" November's Patch Tuesday November broke something, but don't ask me what... Windows 11 received KB5007215 December promises to be Christmas for Printing and more! US detains crypto-exchange exec for helping Ryuk ransomware gang launder profits How do you defraud web-based advertisers? Closing The Loop SpinRite Blacksmi...
SN 844: Bluetooth Fingerprinting - Pwn2Own Austin, Unpatched GitLab Servers, Cisco's DEFAULT SSH Key
November 10, 2021 02:00 - 2 hours - 58.9 MBPicture of the Week. Lots of welcome progress on the ransomware front. Pwn2Own Austin: Last Tuesday-Thursday largest ever 3-day Fall 2021 Pwn2Own. Windows 11 snipping tool, its emoji picker, and other parts are failing. Trouble being created by unpatched GitLab servers. More supply chain attacks. If it's Tuesday... Cisco's DEFAULT SSH key. U.S. Federal agencies have been ordered to patch hundreds of actively exploited flaws. Closing The Loop. SpinRite. Bluetooth Fingerprinting. ...
SN 843: Trojan Source - Chrome 0-days, Windows 11 confusion, VoIP DDos attacks, Dune
November 03, 2021 02:18 - 1 hour - 50.3 MBChrome 0-days, Windows 11 confusion, VoIP DDoS attacks, Dune More 0-days for Chrome. Two naughty Firefox add-ons have been caught abusing an extension API. Windows 11 News: Can we print yet? A new Local Privilege Escalation affecting all versions of Windows. Ask your AI. And speaking of the PC Health Check. Stand back for the Adobe Security Patch Tsunami. The VoIP DDoS attacks continue. Closing The Loop. SpinRite. "Trojan Source" Hosts: Steve Gibson and Jason Howell Download ...
SN 842: The More Things Change... - Gummy Browsers Attack, What Happened to REvil, Comms Hub, Win 11 Fixes
October 27, 2021 01:00 - 2 hours - 56.1 MBPicture of the Week. A sneak peak at November 9th upcoming Win11 fixes. Leo gets his wish!! REvil WAS recently re-taken down by Law Enforcement! Microsoft: "We're Excited to Announce the Launch of Comms Hub!" Microsoft: "Windows update expiration policy explained" And while we're on the subject of Windows Updates... Windows XP's 20th Anniversary. Last Tuesday the 19th, Zerodium tweeted... The "Devastating" Gummy Browsers attack! User-Agent Parser NPM package maliciously altered. C...
SN 841: Minh Duong's Epic Rickroll - REvil Gone for Good? Tianfu Cup 2021, Patch Tuesday Aftermath
October 20, 2021 01:00 - 2 hours - 57.8 MBPicture of the week. Windows 11 Watch - Don't update to Windows 11 unless you need to. Patch Tuesday - PrintNightmare fix to fix the previous print nightmare fix that broke other things. Point and Print feature is the problem, not a bug. On Windows 11, installing printers might also fail when using the Internet Printing Protocol (IPP) in organizations sharing an IPP printer using printer connections. "While Microsoft provided a fix in their September 2021 update, the patch resulted in ...
SN 840: 0-Day Angst - Windows 11 Watch, Google's Universal 2SV, Twitch Hack, Patch Tuesday
October 13, 2021 01:00 - 1 hour - 54.1 MBPicture of the week. Windows 11 Watch: "AllowUpgradesWithUnsupportedTPMOrCPU" AMD processors running some apps up to 15% slower. The Windows 10 taskbar on Windows 11. Microsoft is disagreeing... with themselves. We have an update on the Windows Explorer RAM leak I mentioned previously... VirtualBox and Windows HyperVisors don't get along. Dropped UDP packets with network optimization. Patch Tuesday. The Joy of the (new!) Default: Excel 4.0 macros to be disabled. Google warns Gmail...
SN 839: “Something Went Wrong” - Windows 11 Released, New Android Trojan, Windows Explorer Memory Leak
October 06, 2021 01:00 - 2 hours - 55.8 MBPicture of the Week. Another two, in-the-wild, true 0-days found and fixed in Chrome. Windows 11 arrives. A known memory leak in Windows Explorer. Ransomware and cyber warfare. On the topic of thwarting SIM swapping attacks... A widespread Android Trojan is making someone a bunch of money! There's a problem with Apple Pay and Visa. Foundation update. SpinRite update. "Something Went Wrong" We invite you to read our show notes at https://www.grc.com/sn/SN-839-Notes.pdf Hosts: Ste...
SN 838: autodiscover.fiasco - Epik Confirms Hack, Apple Annoys Bug Reporters, Chrome's 12th 0-Day in 2021
September 29, 2021 00:30 - 1 hour - 52.6 MBPicture of the Week. Chrome's 12th 0-day this year. Next up on this week's 0-day Watch... is Apple. Apple appears to be annoying their bug reporters. Epik Confirms Hack, Gigabytes of Data on Offer. Microsoft gets Windows 11 ready for release with a new "Release" build. Newly updated PC Health Check tool. Windows 10 emergency update "might" resolve some Patch Tuesday troubles. Is this Cert valid? A shaky Foundation. autodiscover.fiasco. We invite you to read our show notes at http...
SN 837: Cobalt Strike - Android Auto-Revokes Permissions, DDoS on VoIP.ms, Patch Tuesday, Was GRC Pwned?
September 22, 2021 00:00 - 1 hour - 52.9 MBPicture of the week. The DDoS attack on VoIP.ms. Patch Tuesday's Mixed Blessing. Android to auto-reset app permissions on many more devices. BREAKING: FBI held back ransomware decryption key from businesses to run operation targeting hackers. Google patched the 9th & 10th ITW 0-days in Chrome this year. Was GRC Pwned? Sci-Fi to look forward to. My work on SpinRite is progressing. Cobalt Strike. We invite you to read our show notes at https://www.grc.com/sn/SN-837-Notes.pdf Hosts:...
SN 836: The Mēris Botnet - 0-Day Attack on Office Docs, WFH and Security, Return of REvil
September 15, 2021 00:00 - 2 hours - 62.3 MBPicture of the Week. A new worrisome 0-day attack against Office documents. Work From Home (WFH) — No problem? "Attacks only ever get better" The return of REvil — Apparently, vacation's over. Closing the Loop. I have this next piece under "Science Fiction" — but is it fiction??? The Mēris Botnet. We invite you to read our show notes at https://www.grc.com/sn/SN-836-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security...