Security Now (Video)
188 episodes - English - Latest episode: 6 days ago - ★★★★★ - 80 ratingsCybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week.
Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
SN 970: GhostRace - AT&T Breach Update, Cookie Notices, Router Buttons
April 17, 2024 00:13 - 1 hour - 1.44 GB VideoAn update on the AT&T data breach 340,000 social security numbers leaked Cookie Notice Compliance The GDPR does enforce some transparency Physical router buttons Wifi enabled button pressers Netsecfish disclosure of Dlink NAS vulnerability Chrome bloat SpinRite update GhostRace Show Notes - https://www.grc.com/sn/SN-970-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at h...
SN 969: Minimum Viable Secure Product - Dlink NAS Backdoor, Privnote, Crowdefense
April 10, 2024 00:18 - 1 hour - 1.42 GB VideoOut-of-support DLink NAS devices contain hard coded backdoor credentials Privnote is not so "Priv" Crowdfense is willing to pay millions Engineers Pinpoint Cause of Voyager 1 Issue, Are Working on Solution SpinRite Update Minimum Viable Secure Product Show Notes - https://www.grc.com/sn/SN-969-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You ca...
SN 968: A Cautionary Tale - XZ Outbreak, AT&T Data Breach
April 03, 2024 00:48 - 1 hour - 1.35 GB VideoA near-Universal (Local) Linux Elevation of Privilege vulnerability TechCrunch informed AT&T of a 5 year old data breach Signal to get very useful cloud backups Telegram to allow restricted incoming HP exits Russia ahead of schedule Advertisers are heavier users of Ad Blockers than average Americans! The Google Incognito Mode Lawsuit Canonical fights malicious Ubuntu store apps Spinrite update A Cautionary Tale Show Notes - https://www.grc.com/sn/SN-968-Notes.pdf Hosts: Steve Gib...
SN 967: GoFetch - Apple vs. DOJ, ".INTERNAL" TLD
March 27, 2024 01:22 - 2 hours - 1.56 GB VideoApple vs U.S. DOJ G.M.'s Unbelievably Horrible Driver Data Sharing Ends Super Sushi Samurai Apple has effectively abandoned HomeKit Secure Routers The forthcoming ".INTERNAL" TLD The United Nations vs AI. Telegram now blocked throughout Spain Vancouver Pwn2Own 2024 China warns of incoming hacks Annual Tax Season Phishing Deluge SpinRite update Authentication without a phone Are Passkeys quantum safe? GoFetch: The Unpatchable vulnerability in Apple chips Show Notes - https://ww...
SN 966: Morris The Second - Voyager 1, The Web Turns 35
March 20, 2024 00:03 - 2 hours - 1.65 GB VideoVoyager 1 update The Web turned 35 and Dad is disappointed Automakers sharing driving data with insurance companies A flaw in Passkey thinking Passkeys vs 2fa Sharing accounts with Passkeys Passkeys vs. Passwords/MFA Workaround to sites that block anonymous email addresses Open Bounty programs on HackerOne Steve on Twitter Ways to disclose bugs publicly Security by obscurity Something you have/know/are vs Passkeys Passkeys vs TOTP Inspecting Chrome extensions Passkey transpor...
SN 965: Passkeys vs. 2FA - Unhelpful CERT, VMware patch, Signal 7.0 Beta
March 13, 2024 00:47 - 2 hours - 1.84 GB VideoVMware needs immediate patching Midnight Blizzard still on the offensive China is quietly "de-American'ing" their networks Signal Version 7.0, now in beta Meta, WhatsApp, and Messenger -meets- the EU's DMA The Change Healthcare cyberattack SpinRite update Telegram's end-to-end encryption KepassXC now supports passkeys Login accelerators Sites start rejecting @duck.com emails Tool to detect chrome extensions change owners Sortest SN title Passkeys vs 2FA Show Notes - https://ww...
SN 964: PQ3 - Voyager 1's fate, Apple's post-quantum iMessage protocol
March 06, 2024 00:13 - 2 hours - 1.7 GB Video"Death, Lonely Death" by Doug Muir, about the decades-old Voyager 1 explorer Cory Doctorow's Visions of the Future Humble Book Bundle CTRL-K shortcut for search on a browser Direct bootable image downloading for GRC's servers Closing the loop on compromised emails Taco Bell's passwordless app A solution for Bcrypt's password length limit of 72 bytes Data as the missing piece for law enforcement and privacy advocates The token solution for email-only login Apple's Password Manager ...
SN 963: Web portal? Yes please! - Firefox v123, LockBit Disrupted
February 28, 2024 01:48 - 2 hours - 1.6 GB VideoNevada attempts to block Meta's end-to-end encryption for minors. A survey of security breaches Edge's Super-Duper Secure Mode moves into Chrome DoorDash dashes our privacy Avast charged $16.5 million for selling user browsing data No charge for extra logging! European Parliament's IT service has found traces of spyware on the smartphones of its security and defense subcommittee members LockBit RaaS group disrupted Firefox v123 The ScreenConnect Authentication Bypass SpinRite upda...
SN 962: The Internet Dodged a Bullet - Wyze Breach, Patch Tuesday, KeyTrap
February 21, 2024 02:02 - 2 hours - 1.72 GB VideoWyze breach Microsoft patch Tuesday fixes 15 remote code execution flaws Why are there password restrictions? The Canadian Flipper Zero Ban Security on the old internet Using Old Passwords Passwordless login TOTP as a second factor German ISP using default router passwords Email encryption in transit pfSense Tailscale integration DuckDuckGo's email protection integration with Bitwarden The KeyTrap Vulnerability Show Notes - https://www.grc.com/sn/SN-962-Notes.pdf Hosts: Steve ...
SN 961: Bitlocker: Chipped or Cracked? - Honeypots, Toothbrush Botnet, Bitlocker Cracked
February 14, 2024 01:54 - 2 hours - 1.58 GB VideoToothbrush Botnet "There are too many damn Honeypots!" Remotely accessing your home network securely Going passwordless as an ecommerce site Facebook "old password" reminders Browsers on iOS More UPnP Issues A password for every website? "Free" accounts Keeping phones plugged in Running your own email server in 2024 iOS app sizes SpinRite 6.1 running on an iMac SpinRite update Bitlocker's encryption cracked in minutes Show Notes - https://www.grc.com/sn/SN-961-Notes.pdf Host...
SN 960: Unforeseen Consequences - CISA's "Secure by Design" Initiative, Fastly's BoringSSL
February 07, 2024 02:11 - 2 hours - 1.59 GB VideoCISA's "Secure by Design" Initiative The GNU C Library Flaw Fastly CDN switches from OpenSSL to BoringSSL Roskomnadzor asserts itself Google updates Android's Password Manager Firefox gets post-quantum crypto Get your TOTP tokens from LastPass Inflated iOS app data LearnDMARC Sync mobile app bug SpinRite and Windows Defender Crypto signing camera Analog hole in digital camera authentication iOS and Google's Topics The gathering of the Stephvens Programmable Logic Controllers ...
SN 959: Stamos on "Microsoft Security" - HP Printer Bricking, Mercedes Benz Source Code
January 31, 2024 02:28 - 2 hours - 1.75 GB VideoiOS to allow native Chromium and Firefox engines. An OS immune to ransomware? HP back in the doghouse over "anti-virus" printer bricking The mother of all breaches New "Thou shall not delete those chats" rules Fewer ransoms are being paid Verified Camera Images More on the $15/month flashlight app What happens when apps change publishers Microsoft hating on Firefox Credit Karma is storing 1GB of data on the iPhone Staying on Windows 7 Sci-Fi recommendations Windows 7 and HSTS s...
SN 958: A Week of News and Listener Views - HSS Breach, CISA's Policing Results
January 24, 2024 02:37 - 2 hours - 1.73 GB VideoMicrosoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack US Health and Human Services Breached Firefox vs "The Competition" Brave reduces its anti-fingerprinting protections CISA's proactive policing results one year later Longer Life For Samsung Updates Google Incognito Mode "Misunderstanding" Show Doc Not showing images on iOS Safari Generated AI Media Authentication Which computer languages to learn? Flashlight app subscription Google's Privacy Sandbox ...
SN 957: The Protected Audience API - Hacked Washing Machine, Quantum Crypto Troubles
January 17, 2024 01:27 - 1 hour - 1.35 GB VideoWhat would an IoT device look like that HAD been taken over? And speaking of DDoS attacks Trouble in the Quantum Crypto world The Browser Monoculture Question about the Apple backdoor Getting into infosec proton drive vs sync SpinRite update The Protected Audience API Show Notes - https://www.grc.com/sn/SN-957-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit...
SN 956: The Inside Tracks - 23andME Mess, Ukraine Telecom Hack, LastPass
January 10, 2024 02:14 - 1 hour - 1.45 GB VideoMore on Apple's hardware backdoor Russian Hacking of Ukranian cameras Russian hackers were inside Ukraine telecoms giant for months Things are still a mess at 23andMe CoinsPaid was the victim of another cyberattack Crypto Hacking in 2023 Mandiant Twitter scam Defining "cyber warfare" LastPass is making some changes Windows Watch Google settles $5 billion lawsuit Return Oriented Programming Shutting Down Edge Root Certificates Credit freezing SpinRite Update Show Notes - http...
SN 955: The Mystery of CVE-2023-38606 - SpinRite Update, Nebula Mesh, Apple's Backdoor
January 03, 2024 02:20 - 1 hour - 1.44 GB VideoSpinRite 6.1 update Pruning Root Certificates A solution to Schrodinger's Bowl DNS Benchmark and anti-virus tools Nebula Mesh SpinRite 7 is coming The Mystery of CVE-2023-38606 Show Notes - https://www.grc.com/sn/SN-955-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps ...
SN 954: Best of 2023 - Security Now's Best Moments of 2023
December 26, 2023 18:30 - 1 hour - 1.25 GB VideoLeo looks back at the year's top security stories of 2023. Steve's Next Password Manager After the LastPass Hack CHESS is Safe Here Come the Fake AI-generated "News" Sites How Bad Guys Use Satellites Microsoft's "Culture of Toxic Obfuscation" Steve announces his commitment to SN Apple Says No NSA's Decade of Huawei Hacking ValiDrive announcement Host: Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at http...
SN 953: Active Listening - KOSA, Cloudflare's Numbers, SpinRite Update
December 20, 2023 02:10 - 2 hours - 1.54 GB VideoChild protection legislation in the US Meta pushes back on the $200 billion FTC fine for COPPA violation Age verification on the internet Google moving from 3rd party cookies to topics A look at Cloudflare's metrics SpinRite update Cox Media admits that it spys on you Show Notes - https://www.grc.com/sn/SN-953-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.t...
SN 952: Quantum Computing Breakthrough - The Clear/Deep/Dark Web, Quad 9 victory, Telegram Flaw
December 13, 2023 02:24 - 2 hours - 1.59 GB VideoThe government collection of push notification metadata Facebook Messenger sets end to end encryption as the default Iran's Cyber Av3ngers Cisco's Talos Top 10 cyber security exploits this year Over 30% of apps are still using a using a vulnerable version the Log4J library Quad 9 speaks on their legal victory against Sony What are the "Clear Web", "Dark Web", and "Deep Web"? A Flaw in Telegram Xfinity Mobile wants you to accept a root CA, DO NOT Hardware VPN alternative A breakthr...
SN 921: OSB OMG and Other News! - Age verification, Google Authenticator E2EE, VirusTotal AI, cURL
May 03, 2023 01:35 - 2 hours - 1.56 GB VideoPicture of the Week. The Encryption Debate. Age does matter... Age Verification. WhatsApp: Rather be blocked in UK than weaken security. Exposing Side-Channel Monitoring. Closing the Loop. A new UDP reflection attack vector. Google Authenticator Updated. Does Israel use NSO Group commercial spyware? A Russian OS? TP-Link routers compromised. A pre-release security audit. Another Intel side-channel attack. Windows users: Don't remove cURL! AI comes to VirusTotal. Show Notes...
SN 920: An End-to-End Encryption Proposal - Wipe those routers, Lockdown Mode, ChatGPT black market
April 25, 2023 18:49 - 2 hours - 1.59 GB VideoPicture of the Week. Lockdown Mode seen succeeding. A growing black market for ChatGPT accounts. Decommissioned Corporate Routers Leak Secrets. Jaguar Tooth: Cisco router vulnerabilities. Security Research Legal Defense Fund. A quick Firefox fix. Kubernetes security audit. Google Chrome zero-day. An End-to-End Encryption Proposal. Show Notes https://www.grc.com/sn/SN-920-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/sec...
SN 919: Forced Entry - Patch Tuesday, Google Assured Open Source Software, WhatsApp Improvements
April 18, 2023 18:04 - 1 hour - 1.34 GB VideoPicture of the Week. Patch Tuesday Review. Risky Business News. Google Assured Open Source Software. WhatsApp Improvements. Bad Security? Go to jail! Forced Entry. Show Notes https://www.grc.com/sn/SN-919-Notes.pdf Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, tra...
SN 918: A Dangerous Interpretation - H26FORGE, Privatized ChatGPT, Mozilla Site Breach Monitor
April 11, 2023 18:57 - 2 hours - 1.59 GB VideoPicture of the Week. Microsoft and Fortra go on the offensive. Can ChatGPT keep a secret? Apple updates their OS's. Wordpress under attack... again. Mozilla's Site Breach Monitor. Another ChatGPT investigation. Samsung handsets reaching EoL. Less access for loan apps. The right to be forgotten. SpinRite. A Dangerous Interpretation. Show Notes: https://www.grc.com/sn/SN-918-Notes.pdf Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/show...
SN 917: Zombie Software - ChatGPT Ban, Hacking the Pentagon
April 04, 2023 18:25 - 1 hour - 1.42 GB VideoPicture of the Week So... Not an attack, then? AI Overlord Hysteria Italy says NO to ChatGPT It's illegal... How much will that be? The U.S. FDA & medical device security Hack the Pentagon Firefox 3dr-party DLL check-up Microsoft's Extortion? The Silver Ships Zombie Software Show Notes: https://www.grc.com/sn/sn-917-notes.pdf Hosts: Steve Gibson and Ant Pruitt Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at h...
SN 916: Microsoft's Email Extortion - Pwn2Own, Edge Crypto Wallet
March 29, 2023 01:05 - 1 hour - 1.25 GB VideoPicture of the Week. Synacktiv wins this year's CanSecWest Pwn2Own GitHub: Mistakes happen DDoS for Hire. . .Or Not 144,000 malicious packages published No iPhones For Russian Presidential Staff I NUIT Edge Gets Crypto Microsoft's Email Extortion Show Notes: https://www.grc.com/sn/sn-916-notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can s...
SN 915: Flying Trojan Horses - Exynos 0-days, TikTok Tick Tock, 90-day TLS cert life, CHESS is safe!
March 22, 2023 01:40 - 2 hours - 1.56 GB VideoPicture of the Week. Multiple Exploitable Samsung 0-Days. A good idea for NPM. The TikTok Tick Tock. Google pushes for 90-day TLS certificate life. CHESS is safe. CISA has begun scanning! Flying Trojan Horses. Show Notes: https://www.grc.com/sn/SN-915-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at t...
SN 914: Sony Sues Quad9 - Polynonce attack, Germany Huawei ban, Plex Media Server defect, Andor review
March 15, 2023 02:02 - 2 hours - 1.64 GB VideoPicture of the Week. Another Malicious Chrome Extension. Germany to join the Huawei & ZTE ban. Putting "phishing" into perspective. The Polynonce attack. Plex's RCE now in CISA's KEV. Sci-Fi: Andor. Sony Sues Quad9. Show Notes: https://www.grc.com/sn/SN-914-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now...
SN 913: A Fowl Incident - DDoS'ing Fosstodon, Strategic Objective 3.3, CISA's Covert Red-Team
March 08, 2023 02:44 - 1 hour - 1.39 GB VideoPicture of the Week. DDoS'ing Fosstodon. DDoS for Hire takedowns. TikTok Insanity. Illegal Warrantless Surveillance. Strategic Objective 3.3. GitHub Secret Scanning. CISA's Covert Red-Team. What's left? What's old is new again. TCG TPM vulnerabilities. WordPress "All In One SEO". Russia fines Wikipedia. A Fowl Incident. Show Notes: https://www.grc.com/sn/SN-913-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/secur...
SN 912: The NSA @ Home - LastPass hack details, Signal says no to UK, more PyPI troubles, QNAP bug bounty
March 01, 2023 02:02 - 1 hour - 1.34 GB VideoPicture of the Week. Windows 11? ... anyone? As Plain as Ever. Edge's new built-in VPN? LastPass Incident Update. Signal says NO to the UK. More PyPI troubles. The QNAP bug bounty program. SpinRite. The NSA @ Home. Show Notes: https://www.grc.com/sn/SN-912-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Securit...
SN 885: The Bumblebee Loader - RTL819x Exploit, RubyGems Update, Chrome's Fifth 0-Day of 2022
August 24, 2022 01:54 - 1 hour - 1.33 GB VideoVIDEO of the Week Crashing Laptop Computers With Janet Jackson RealTek SoC flaw affects many millions of IoT devices 46 Million RPS - requests per second Chrome's 5th 0-Day of 2022 Apple: Not to be left behind... RubyGems to require MFA Closing The Loop: Domain Name Ownership Closing The Loop: Growing in Cybersecurity The Bumblebee Loader We invite you to read our show notes at https://www.grc.com/sn/SN-885-Notes.pdf Hosts: Leo Laporte and Steve Gibson Download or subscribe to t...
SN 884: TLS Private Key Leakage - BIG patch Tuesday, Facebook E2E encryption, VNC insecurity, Cyotek WebCopy
August 17, 2022 03:14 - 1 hour - 1.57 GB VideoPicture of the Week. Patch Flashback Tuesday. Facebook is cautiously creeping toward default E2E encryption. VNC's inherent insecurity. The need to control domain names. And speaking of backup: Cyotek WebCopy. Google's Ryan Sleevi Retweeted Jens Axboe. SandSara Update from Ed Cano. Closing The Loop. SpinRite. TLS Private Key Leakage. We invite you to read our show notes at https://www.grc.com/sn/SN-884-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this ...
SN 883: The Maker's Schedule - VirusTotal, Daniel Bernstein sues the NSA, Win 11 might damage encrypted data
August 10, 2022 02:40 - 1 hour - 1.49 GB VideoPicture of the Week. Crypto is Hard. VirusTotal: Deception at a scale. Windows 11 might damage encrypted data. Microsoft Defender External Attack Surface Management. Closing The Loop. Daniel Bernstein sues the NSA. The Maker's Schedule. We invite you to read our show notes at https://www.grc.com/sn/SN-883-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/cl...
SN 882: Rowhammer's Nine Lives - TLS-Anvil, Chrome cookies stick around, Atlassian Confluence under attack
August 03, 2022 03:16 - 2 hours - 1.64 GB VideoPicture of the Week. Atlassian's "Confluence" under attack. LS-Anvil. Google delays Chrome's cookie phase-out again. Attacker responding to loss of Office Macros. SpinRite. Closing The Loop. RIP: Nichelle Nichols. "The Dropout" on Hulu and "WeCrashed" on AppleTV+. Winamp releases new version after four years in development. Rowhammer's Nine Lives. We invite you to read our show notes at https://www.grc.com/sn/SN-882-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subs...
SN 881: The MV720 - MS Office VBA macros, Win 11 security changes, start button failure
July 27, 2022 03:39 - 2 hours - 1.52 GB VideoPicture of the Week. Patch Tuesday Redux Redux. Windows 11 Start button failure. The continuing saga of Windows VBA macros. Windows 11 now blocks RDP brute-force attacks by default. Black Hat and DefCon coming soon. SpinRite. pfSense and TailScale. Closing The Loop. The MV720. We invite you to read our show notes at https://www.grc.com/sn/SN-881-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes a...
SN 880: RetBleed - Facebook encrypted URLs, cracking Lockdown Mode, ClearView AI resistance, Roskomnadzor
July 20, 2022 02:15 - 1 hour - 1.54 GB VideoPicture of the Week. The Rolling Pwn, take II. The great IPv4 Address Space Depletion. Confronting Reality in Cyberspace: Foreign Policy for a Fragmented Internet. Facebook has started encrypting its link URLs. Crack iOS 16's "Lockdown Mode", earn $2 million. ClearView AI faces some new headwind. Ransomware gangs are getting into the searchable database game, too... Roskomnadzor strikes again! Last Tuesday's Patches. SpinRite. Closing The Loop. RetBleed. We invite you to read o...
SN 879: The Rolling Pwn - OpenSSL patch, iOS Lockdown Mode, Yubikey's to Ukraine, Office Macros re-enabled
July 13, 2022 02:23 - 2 hours - 1.75 GB VideoPicture of the Week. OpenSSL's Patch For Heap Memory Corruption Vulnerability. NIST Announces First Four Quantum-Resistant Cryptographic Algorithms. Yubico donated 30,000 Yubikeys to Ukraine. Apple's new extreme "Lockdown Mode". Microsoft to re-enable Office Macros. This Is the Code the FBI Used to Wiretap the World. Closing The Loop. The Rolling Pwn. We invite you to read our show notes at https://www.grc.com/sn/SN-879-Notes.pdf Hosts: Steve Gibson and Leo Laport...
SN 878: The ZuoRAT - 0-Day Chrome, Firefox v102, HackerOne
July 06, 2022 02:27 - 1 hour - 1.54 GB VideoPicture of the week. Chrome's fourth zero-day of 2022. Mozilla's new Firefox privacy-enhancing feature. HackerOne discloses a malicious insider incident. Closing the loop. The ZuoRAT. We invite you to read our show notes at https://www.grc.com/sn/SN-878-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security...
SN 877: The "Hertzbleed" Attack - 3rd Party FIDO2, Log4Shell, '311" Proposal
June 28, 2022 21:57 - 2 hours - 1.93 GB VideoPicture of the Week. Errata: Firefox's "Total Cookie Protection" 3rd Party FIDO2 Authenticators Germany's not buying the EU's proposal which subverts encryption The Conti Gang have finally pulled the last plug Log4J and Log4Shell is alive and well The '311' emergency number proposal 56 Insecure-By-Design Vulnerabilities "Long Story Short" Closing The Loop The "Hertzbleed" Attack We invite you to read our show notes at https://www.grc.com/sn/SN-877-Notes.pdf Hosts: Steve Gibson a...
SN 876: Microsoft's Patchy Patches - 3rd Party Authenticators, MS-DFSNM, Safari Regression, Firefox Cookies
June 22, 2022 01:00 - 2 hours - 1.79 GB VideoPicture of the Week. Double Decryption (Last week's key-strength puzzler). 3rd Party Authenticators. Firefox: Total Cookie Protection. We keep breaking DDoS attack records. MS-DFSNM. An Apple Safari regression. One Million WordPress sites force-updated. High-Severity RCE in Fastjson Library. Miscellany. Closing The Loop. Microsoft's Patchy Patches. We invite you to read our show notes at https://www.grc.com/sn/SN-876-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download o...
SN 875: The PACMAN Attack - WebAuthn, Passkeys at WWDC, Free Kali Linux Pen Test Course, Proof of Simulation
June 15, 2022 01:30 - 2 hours - 1.66 GB VideoPicture of the Week. Apple's Passkeys presentation at WWDC 2022. WebAuthn. FREE Penetration Testing course with Kali Linux. Proof of Simulation. A valid use for facial recognition: The Smart Pet Door! Closing The Loop. The PACMAN Attack. We invite you to read our show notes at https://www.grc.com/sn/SN-875-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/c...
SN 874: Passkeys, Take 2 - ServiceNSW Responds, Follina, Windows Search URL, UNISOC Chip Vulnerability
June 08, 2022 00:30 - 1 hour - 1.45 GB VideoPicture of the Week. ServiceNSW Responds. ExpressVPN pulls the plug in India. And speaking of pulling the plug. "Follina" under active exploitation. And a Windows Search URL schema can be abused, too. "Critical UNISOC Chip Vulnerability Affects Millions of Android Smartphones". Ransomware sanctions are causing trouble. Conti spotted compromising motherboard firmware. Errata. Closing the Loop. Passkeys, Take 2. We invite you to read our show notes at https://www.grc.com/sn/SN-874...
SN 873: DuckDuckGone? - Digital Driver's License, MS Office 0-day, GhostTouch, Vodafone TrustPiD
June 01, 2022 01:00 - 2 hours - 1.65 GB VideoPicture of the Week. New South Wales DDL — Digital Driver's License. The latest Microsoft Office 0-day remote code execution vulnerability. GhostTouch. Vodafone's new TrustPiD. Closing the Loop. DuckDuckGone? We invite you to read our show notes at https://www.grc.com/sn/SN-873-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a ques...
SN 872: Dis-CONTI-nued: The End of Conti? - Clearview AI in Ukraine, Vancouver Pwn2Own, Voyager 1
May 25, 2022 00:30 - 1 hour - 1.59 GB VideoPicture of the Week. Emergency mid-cycle update for Active Directory. Clearview AI -vs- {Illinois, Australia, Canada and the United Kingdom}. Clearview AI in Ukraine. Pwn2Own Vancouver 2022. The DoJ takes a welcome step back. Sometimes, unlocking can be too convenient. Closing The Loop. Dis-CONTI-nued: The End of Conti? We invite you to read our show notes at https://www.grc.com/sn/SN-872-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://...
SN 871: The New EU Surveillance State - Eventful Patch Tuesday, Open Source Maintenance Crew, BIG-IP Boxes
May 18, 2022 00:00 - 1 hour - 1.54 GB VideoPicture of the Week. An "eventful" Patch Tuesday. Patch Tuesday. Apple patched a 0-day. Google's "Open Source Maintenance Crew". Conti suggests overthrowing the new Costa Rican government. Policing the Google Play Store. The situation has grown more dire for F5 systems' BIG-IP boxes. Errata. Closing The Loop. SpinRite. The New EU Surveillance State. We invite you to read our show notes at https://www.grc.com/sn/SN-871-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or s...
SN 870: That "Passkeys" Thing - White House and Quantum Computers, Android 0-day, Ransomware snapshot
May 11, 2022 03:00 - 2 hours - 1.75 GB VideoPicture of the Week. Google updates Android to patch an actively exploited vulnerability. Connecticut's recently passed data privacy bill became law last Wednesday. Ransomware victim snapshot. US State Department offering $10 million reward for information about Conti members. The worst threat the US faces... The White House and Quantum Computers. The ongoing threat from predictable DNS queries. F5 Networks Remote RCE warning and exploitation. Closing The Loop. Sci-Fi. ...
SN 869: Global Privacy Control - DoD DIB-VDP, OpenSSF's Package Analysis Project, Connecticut Privacy
May 04, 2022 00:30 - 1 hour - 1.43 GB VideoPicture of the Week. DoD DIB-VDP Pilot Overview. The OpenSSF and the Package Analysis project. Connecticut moves toward state privacy protections. Closing The Loop. Global Privacy Control. We invite you to read our show notes at https://www.grc.com/sn/SN-869-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now!...
SN 868: The 0-Day Explosion - Lenovo EUFI Firmware, Everscale Blockchain Wallet, Major Java Update
April 27, 2022 01:00 - 2 hours - 1.58 GB VideoPicture of the Week. CISA's Known Exploited Vulnerabilities Catalog. Lenovo UEFI Firmware Troubles. Everscale Blockchain Wallet. Java 15, 16, 17, and 18 received MUST UPDATES last week. Closing The Loop. Sci-Fi. SpinRite. The 0-Day Explosion. We invite you to read our show notes at https://www.grc.com/sn/SN-868-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twi...
SN 867: A Critical Windows RPC RCE - Another Chrome 0-day, MS Patch-Fest, US Nuclear Systems Unhackable?
April 20, 2022 01:00 - 1 hour - 1.47 GB VideoPicture of the Week. Chrome's 3rd 0-day of 2022. Patch Tuesday Redux. WordPress once again... Apache Struts Framework needs a critical update. Are America's nuclear systems so old they're un-hackable? Closing The Loop. SpinRite. A Critical Windows RPC RCE. We invite you to read our show notes at https://www.grc.com/sn/SN-867-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT ...
SN 866: Spring4Shell - Patch Tuesday, Microsoft's Autopatch System, NGINX 0-Day
April 13, 2022 00:30 - 1 hour - 1.21 GB VideoPicture of the Week. Could NGINX have a 0-day? Microsoft's new Autopatch system. Another instance of Russian Protest in JavaScript's repository. End-of-service life for some popular Windows editions. Miscellany. Closing The Loop. Spring4Shell. We invite you to read our show notes at https://www.grc.com/sn/SN-866-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twi...
SN 865: Port Knocking - Wyze Gets Spanked, FinFisher Bites the Dust, Spring4Shell, LAPSUS$ Update
April 06, 2022 00:30 - 2 hours - 1.59 GB VideoPicture of the Week. 0-Day Watch. Spring Forward (Java: Spring4Shell) QNAP and the OpenSSL DoS vulnerability. Sophos has a 9.8. CISA orders federal civilian agencies to patch the Sophos vulnerability. Browser-in-the-browser. The supply-chain attacks on NPM have been growing. FinFisher bites the dust. A LAPSUS$ in judgment. Not so Wyze. Closing The Loop. Port Knocking. We invite you to read our show notes at https://www.grc.com/sn/SN-865-Notes.pdf Hosts: Steve Gibson and Leo La...