Security Now (Video)
229 episodes - English - Latest episode: 5 days ago - ★★★★★ - 124 ratingsCybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week.
Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
SN 849: Log4j & Log4Shell - Apple AirTag Abuse, Amazon Outage and Cloud Dependence, New WordPress Threats
December 15, 2021 02:00 - 1 hour - 1.45 GB VideoPicture of the Week. Amazon outage and cloud dependence. AirTag Abuse. Windows 11 vs Your Browser of Choice. WordPress once again in the crosshairs. Closing the Loop. Sci-Fi. SpinRite. Log4j & Log4Shell. We invite you to read our show notes at https://www.grc.com/sn/SN-849-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a ques...
SN 848: XSinator - NSS Has a Bug, Botnet on the Blockchain, HP's Vulnerable Printers, Microsoft Edge Relief
December 08, 2021 02:00 - 1 hour - 1.55 GB VideoPicture of the Week. Tavis finds a bad bug in NSS. Cheap Smartwatches for kids and babies? Additional VPN vendors just say no to Roskomnadzor! Windows 11 loosens its grip on Edge. RTF Templates being used to inject malicious content. A Malicious Botnet uses the Bitcoin Blockchain. HP's has been shipping vulnerable printers for 8 years. Sci-Fi. SpinRite. XSinator. We invite you to read our show notes at https://www.grc.com/sn/SN-848-Notes.pdf Hosts: Steve Gibson and Leo Laporte ...
SN 847: Bogons Begone! - 0-Day Windows Exploit, Major MediaTek Flaw, Super Duper Secure Mode
December 01, 2021 01:00 - 2 hours - 1.79 GB VideoPicture of the Week. "Super Duper Secure Mode" 37% of the world's smartphones are vulnerable. The RAT Dispenser. The Entirely Predictable 0-Day Windows Exploit. "The Frontiers Saga: Fringe Worlds" Closing the Loop. Bogons Begone! We invite you to read our show notes at https://www.grc.com/sn/SN-847-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtw...
SN 846: HTTP Request Smuggling - NetGear Routers 0-Day, The Most Brute Forced Passwords, GoDaddy Breach
November 24, 2021 01:30 - 1 hour - 1.62 GB VideoPicture of the Week. An idea whose time has passed... The stats of brute force password attacks. The Most Common Passwords. GoDaddy Breached Bigtime! A heads-up about NetGear routers. HTTP Request Smuggling. We invite you to read our show notes at https://www.grc.com/sn/SN-846-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a qu...
SN 845: Blacksmith - Patch Tuesday's 55 Flaws, The Zen of Code, Ryuk Ransomware Gang
November 17, 2021 01:30 - 1 hour - 1.46 GB VideoPicture of the week. ~10,000 VPN/Firewall appliances from Palo Alto Networks vulnerable. The 0-Patch Guys Produce a Micropatch This brings me to "The Zen of Code" November's Patch Tuesday November broke something, but don't ask me what... Windows 11 received KB5007215 December promises to be Christmas for Printing and more! US detains crypto-exchange exec for helping Ryuk ransomware gang launder profits How do you defraud web-based advertisers? Closing The Loop SpinRite Blacksmi...
SN 844: Bluetooth Fingerprinting - Pwn2Own Austin, Unpatched GitLab Servers, Cisco's DEFAULT SSH Key
November 10, 2021 02:00 - 2 hours - 1.63 GB VideoPicture of the Week. Lots of welcome progress on the ransomware front. Pwn2Own Austin: Last Tuesday-Thursday largest ever 3-day Fall 2021 Pwn2Own. Windows 11 snipping tool, its emoji picker, and other parts are failing. Trouble being created by unpatched GitLab servers. More supply chain attacks. If it's Tuesday... Cisco's DEFAULT SSH key. U.S. Federal agencies have been ordered to patch hundreds of actively exploited flaws. Closing The Loop. SpinRite. Bluetooth Fingerprinting. ...
SN 843: Trojan Source - Chrome 0-days, Windows 11 confusion, VoIP DDos attacks, Dune
November 03, 2021 02:18 - 1 hour - 1.54 GB VideoChrome 0-days, Windows 11 confusion, VoIP DDoS attacks, Dune More 0-days for Chrome. Two naughty Firefox add-ons have been caught abusing an extension API. Windows 11 News: Can we print yet? A new Local Privilege Escalation affecting all versions of Windows. Ask your AI. And speaking of the PC Health Check. Stand back for the Adobe Security Patch Tsunami. The VoIP DDoS attacks continue. Closing The Loop. SpinRite. "Trojan Source" Hosts: Steve Gibson and Jason Howell Download ...
SN 842: The More Things Change... - Gummy Browsers Attack, What Happened to REvil, Comms Hub, Win 11 Fixes
October 27, 2021 01:00 - 2 hours - 1.69 GB VideoPicture of the Week. A sneak peak at November 9th upcoming Win11 fixes. Leo gets his wish!! REvil WAS recently re-taken down by Law Enforcement! Microsoft: "We're Excited to Announce the Launch of Comms Hub!" Microsoft: "Windows update expiration policy explained" And while we're on the subject of Windows Updates... Windows XP's 20th Anniversary. Last Tuesday the 19th, Zerodium tweeted... The "Devastating" Gummy Browsers attack! User-Agent Parser NPM package maliciously altered. C...
SN 841: Minh Duong's Epic Rickroll - REvil Gone for Good? Tianfu Cup 2021, Patch Tuesday Aftermath
October 20, 2021 01:00 - 2 hours - 1.76 GB VideoPicture of the week. Windows 11 Watch - Don't update to Windows 11 unless you need to. Patch Tuesday - PrintNightmare fix to fix the previous print nightmare fix that broke other things. Point and Print feature is the problem, not a bug. On Windows 11, installing printers might also fail when using the Internet Printing Protocol (IPP) in organizations sharing an IPP printer using printer connections. "While Microsoft provided a fix in their September 2021 update, the patch resulted in ...
SN 840: 0-Day Angst - Windows 11 Watch, Google's Universal 2SV, Twitch Hack, Patch Tuesday
October 13, 2021 01:00 - 1 hour - 1.61 GB VideoPicture of the week. Windows 11 Watch: "AllowUpgradesWithUnsupportedTPMOrCPU" AMD processors running some apps up to 15% slower. The Windows 10 taskbar on Windows 11. Microsoft is disagreeing... with themselves. We have an update on the Windows Explorer RAM leak I mentioned previously... VirtualBox and Windows HyperVisors don't get along. Dropped UDP packets with network optimization. Patch Tuesday. The Joy of the (new!) Default: Excel 4.0 macros to be disabled. Google warns Gmail...
SN 839: “Something Went Wrong” - Windows 11 Released, New Android Trojan, Windows Explorer Memory Leak
October 06, 2021 01:00 - 2 hours - 1.77 GB VideoPicture of the Week. Another two, in-the-wild, true 0-days found and fixed in Chrome. Windows 11 arrives. A known memory leak in Windows Explorer. Ransomware and cyber warfare. On the topic of thwarting SIM swapping attacks... A widespread Android Trojan is making someone a bunch of money! There's a problem with Apple Pay and Visa. Foundation update. SpinRite update. "Something Went Wrong" We invite you to read our show notes at https://www.grc.com/sn/SN-839-Notes.pdf Hosts: Ste...
SN 838: autodiscover.fiasco - Epik Confirms Hack, Apple Annoys Bug Reporters, Chrome's 12th 0-Day in 2021
September 29, 2021 00:30 - 1 hour - 1.59 GB VideoPicture of the Week. Chrome's 12th 0-day this year. Next up on this week's 0-day Watch... is Apple. Apple appears to be annoying their bug reporters. Epik Confirms Hack, Gigabytes of Data on Offer. Microsoft gets Windows 11 ready for release with a new "Release" build. Newly updated PC Health Check tool. Windows 10 emergency update "might" resolve some Patch Tuesday troubles. Is this Cert valid? A shaky Foundation. autodiscover.fiasco. We invite you to read our show notes at http...
SN 837: Cobalt Strike - Android Auto-Revokes Permissions, DDoS on VoIP.ms, Patch Tuesday, Was GRC Pwned?
September 22, 2021 00:00 - 1 hour - 1.59 GB VideoPicture of the week. The DDoS attack on VoIP.ms. Patch Tuesday's Mixed Blessing. Android to auto-reset app permissions on many more devices. BREAKING: FBI held back ransomware decryption key from businesses to run operation targeting hackers. Google patched the 9th & 10th ITW 0-days in Chrome this year. Was GRC Pwned? Sci-Fi to look forward to. My work on SpinRite is progressing. Cobalt Strike. We invite you to read our show notes at https://www.grc.com/sn/SN-837-Notes.pdf Hosts:...
SN 836: The Mēris Botnet - 0-Day Attack on Office Docs, WFH and Security, Return of REvil
September 15, 2021 00:00 - 2 hours - 1.9 GB VideoPicture of the Week. A new worrisome 0-day attack against Office documents. Work From Home (WFH) — No problem? "Attacks only ever get better" The return of REvil — Apparently, vacation's over. Closing the Loop. I have this next piece under "Science Fiction" — but is it fiction??? The Mēris Botnet. We invite you to read our show notes at https://www.grc.com/sn/SN-836-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security...
SN 835: TPM v1.2 vs 2.0 - BlueTooth Troubles, Internet Anonymity, Apple CSAM, Light Chaser
September 08, 2021 01:00 - 2 hours - 1.86 GB VideoPicture of the Week. The Razor mouse & keyboard. The wishful phrase "Internet Anonymity" is an oxymoron. And speaking of Apple's client-side image matching... BlueTooth has new troubles. Attackers Can Remotely Disable Fortress Wi-Fi Home Security Alarms. Closing the Loop. "Light Chaser" by Peter F. Hamilton and Gareth L. Powell. TPM v1.2 vs 2.0. We invite you to read our show notes at https://www.grc.com/sn/SN-835-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscri...
SN 834: Life: Hanging by a PIN - Credit Freeze vs. Credit Lock, SSD Bait & Switch, ProxyToken, Windows 11
September 01, 2021 00:00 - 1 hour - 1.48 GB VideoPicture of the Week. Credit Freeze vs Credit Lock. T-Mobile hacker speaks! Where will Windows 11 run? ProxyToken. Tailscale Open Source? SSD Bait & Switch. SpinRite. Life: Hanging by a PIN. We invite you to read our show notes at https://www.grc.com/sn/SN-834-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Securi...
SN 833: Microsoft's Reasoned Neglect - T-Mobile's Major Data Leak, Razer Mouse Hack, Overlay Networks
August 25, 2021 00:00 - 1 hour - 1.62 GB VideoPicture of the week. Firefox soon to be blocking mixed-content downloads by default. The news from T-Mobile is all bad. Introducing ProxyLogon's kissing cousin, ProxyShell. The Razer mouse hack. A critical ThroughTek SDK flaw enables IoT spying. Overlay Networks. Closing the Loop. Microsoft's Reasoned Neglect. We invite you to read our show notes at https://www.grc.com/sn/SN-833-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/s...
SN 832: Microsoft's Culpable Negligence - Firefox Update, Magniber, Merger of Avast and NortonLifeLock
August 18, 2021 00:30 - 1 hour - 1.24 GB VideoPicture of the week. Firefox Update. Facebook finally adds end-to-end encryption to Messenger. Exploitation of PrintNightmare has begun. And "Magniber" Ransomware Uses PrintNightmare. Crypto-mining botnet modifies CPU configurations to increase its mining power. NortonLifeLock and Avast are merging their users. ASUS updates 207 motherboard BIOSes! Errata. Closing the Loop. Microsoft's Culpable Negligence. We invite you to read our show notes at https://www.grc.com/sn/SN-832-Notes...
SN 831: Apple's CSAM Mistake - Flawed Random Number Generator, Super Duper Secure Mode, TCP Stack Error
August 11, 2021 01:00 - 1 hour - 1.53 GB VideoPicture of the week. "You're Doing IoT RNG" The Pulse Secure VPN remains in trouble. And Cisco, too... Flaws found in another popular embedded TCP/IP library. Microsoft Edge gets "Super Duper Secure Mode" Closing the Loop. Apple's CSAM Mistake. We invite you to read our show notes at https://www.grc.com/sn/SN-831-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://...
SN 830: The BlackMatter Interview - Bad News for Firefox, DarkSide Returns, Tailscale, Google to Assume HTTPS
August 04, 2021 00:30 - 2 hours - 1.96 GB VideoPicture of the Week. Mozilla's Firefox Monthly Active Users (MAU) slowly but steadily drops. Google to finally assume HTTPS. The evolution of "Initial Access Brokers". DarkSide Returns. "A Microsoft July 2021 Recap" Tailscale. Closing the Loop. SpinRite. The BlackMatter Interview. We invite you to read our show notes at https://www.grc.com/sn/SN-830-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get epis...
SN 829: SeriousSAM & PetitPotam - Kaseya Universal Decryptor, Window's Process Hacker, Chrome 92
July 28, 2021 00:00 - 1 hour - 1.54 GB VideoPicture of the Week. Faster and more efficient phishing detection in Chrome 92. A Universal Decryptor for all Kaseya victims. The printer driver used by millions of HP, Samsung and Xerox Printers is exploitable. Windows' Process Hacker. "GoLang" gains supply chain security features at GitHub. Closing the Loop. SeriousSAM & PetitPotam. We invite you to read our show notes at https://www.grc.com/sn/SN-829-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this s...
SN 828: REvil Vanishes! - Chrome Zero-Day Vulnerability, iOS WiFi SSID Bug, Patch Tuesday Review
July 21, 2021 00:00 - 1 hour - 1.43 GB VideoPicture of the week Browser News The attacks on Google Chrome continue. Firefox special-cases anti-tracking for "Login With" functions. Security News iOS WiFi SSID bug We still can't awaken from the "PrintNightmare" It's not a bug, it's a feature! Patch Tuesday Review Update Acrobat and Reader Rolling your own Crypto Pegasus Errata Windows Extended APIs REvil Vanishes We invite you to read our show notes at https://www.grc.com/sn/SN-828-Notes.pdf Hosts: Steve Gibson and Leo ...
SN 827: REvil's Clever Crypto - Microsoft Fails to Patch PrintNightmare & Sodinokibi Malware's Crypto Design
July 14, 2021 00:30 - 1 hour - 1.64 GB VideoPicture of the Week The "PrintNightmare Continues" Kaseya - Not nearly as bad as it could have been Ransomwhere site Microsoft Office Users: There's a new malware-protection bypass Ransomware negotiators are now in high demand Microsoft seemingly enforces the new Windows 11 Start menu Stay tuned for SpinRite v6.1 beta REvil's Clever Crypto We invite you to read our show notes at https://www.grc.com/sn/SN-827-Notes.pdf Hosts: Steve Gibson and Mikah Sargent Download or subscribe t...
SN 826: The Kaseya Saga - Microsoft PrintNightmare, WD's MyCloud OS3 Troubles, SpinRite in a BMW
July 07, 2021 00:30 - 1 hour - 1.52 GB VideoPicture of the Week. "PrintNightmare" is NOT CVE-2021-1675. The Authentication Dilemma. Western Digital steps up. WD's MyCloud OS3 Troubles. SpinRite. Miscellany & Closing The Loop. The Kaysea Saga. We invite you to read our show notes at https://www.grc.com/sn/SN-826-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question t...
SN 825: Halfway Through 2021 - Google's FLoC, $600M Ransomware Attack, Where Will Windows 11 Run?
June 30, 2021 00:30 - 1 hour - 1.34 GB VideoPicture of the week Google's FLoC has landed with a hard thud and is now-delayed The high cost of Ireland's recovery from the Conti ransomware attack Who is responsible for damage and data loss following the remote wiping of many Western Digital My Book NAS devices? The story behind an important Edge update Where will Windows 11 run? The passing of an industry legend Steve's favorite web browser keyboard shortcut and his favorite website cloning tool We invite you to read our show n...
SN 824: Avaddon Ransonomics - Chrome 0-Day, Big Spinrite Update, iOS Wi-Fi Bug, Economics of Ransomware
June 23, 2021 01:00 - 2 hours - 1.86 GB VideoPicture of the Week. Another day, another Chrome 0-day. Ransomware perpetrators are increasingly purchasing access. A weird bug in iOS Wi-Fi. An Early Preview of Windows 11. The Security Now! Podcast has found a new purpose... SpinRite. Avaddon Ransonomics. We invite you to read our show notes at https://www.grc.com/sn/SN-824-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWi...
SN 823: TLS Confusion Attacks - TikTok Privacy, iOS 14.5 Tracking Permission, Industry-Wide Patch Tuesday
June 16, 2021 01:00 - 2 hours - 1.92 GB VideoPicture of the week. Being #1 is a mixed blessing. Industry wide patch Tuesday. TikTok Quietly Updated Its Privacy Policy to Collect Users' Biometric Data. iOS 14.5 requires apps to obtain explicit tracking permission. The ANOM sting operation. "Windows 10" — the last Windows ever? Project Hail Mary. SpinRite: The Curious Data Recovery Adventure. TLS Confusion Attacks. We invite you to read our show notes at https://www.grc.com/sn/SN-823-Notes.pdf Hosts: Steve Gibson and Leo Lapo...
SN 822: Extrinsic Password Managers - Great CyberSecurity Awakening of 2021, NAT vs IPv6, Tavis Ormandy
June 09, 2021 01:00 - 2 hours - 1.87 GB VideoPicture of the week. The Great CyberSecurity Awakening of 2021. Firefox will soon auto-update on Windows even when it's not running. Edge takes its own approach to HTTPS switching. Three new ransomware victims. We believe we know how Colonial Pipeline was breached. The FBI strikes back... but how, exactly? WordPress force installs Jetpack security update on 5 million sites. WordPress Fancy Product Designer. GitHub Updates its formal posting policy. NAT vs IPv6. Project Hail Mary ...
SN 821: Epsilon Red - Chrome 91, Emsisoft's Ransomware Decryption Tool, Revisiting Amazon Sidewalk
June 02, 2021 01:00 - 2 hours - 1.71 GB VideoPhoto of the Week. Chrome advances to 91. Emsisoft has created their own ransomware decryption tool. Stepping off the Sidewalk. Just another phishing attack. The Great Encryption Struggle. Hail Mary. Epsilon Red. We invite you to read our show notes at https://www.grc.com/sn/SN-821-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submi...
SN 820: The Dark Escrow - Firefox Fission, Doom CAPTCHA, Conti and CNA Financial Ransomware
May 26, 2021 00:30 - 1 hour - 1.47 GB VideoPicture of the Week. Firefox finally achieves sustained "Fission". Conti ransomware. CNA Financial pays up big. When they say IoT do they mean us? "Mean Time to Inventory" The "Doom" CAPTCHA. The "Helios" screensaver. Closing the Loop. The Dark Escrow. We invite you to read our show notes at https://www.grc.com/sn/SN-820-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT a...
SN 819: The WiFi Frag Attacks - DarkSide Follow-Up, DarkTracer, Patch Tuesday, The Frontiers Saga
May 19, 2021 02:00 - 1 hour - 1.62 GB VideoPicture of the week. DarkSide Follow-Up. Follow The Money. Toshiba Attacked by DarkSide. Ransomware topics off-limits here. "DarkTracer: DarkWeb Criminal Intelligence" Please Leak our Stolen Data! Patch Tuesday Review. A review of the first book of "The Frontiers Saga" 60 Minutes/UAP: Unidentified Aerial Phenomena. Closing the Loop. The WiFi Frag Attacks. We invite you to read our show notes at https://www.grc.com/sn/SN-819-Notes.pdf Hosts: Steve Gibson and Leo Laporte Downlo...
SN 818: News From the Darkside - Exim Email Server, Tor's Exit Nodes, TsuNAME, Project Hail Mary
May 12, 2021 00:00 - 1 hour - 1.65 GB VideoPicture of the week. TsuNAME - "DNS Configuration Flaw Lets Attackers Take Down DNS Servers" Huh Google? Tor's Exit Nodes. 21 Nails in Exim's coffin. Project Hail Mary: A Novel. Closing the loop. SpinRite update. News from the Darkside. We invite you to read our show notes at https://www.grc.com/sn/SN-818-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv...
SN 817: The Ransomware Task Force - Scripps Health, REvil Hacks Quanta Computer, Emotet Botnet, QNAP
May 05, 2021 01:00 - 2 hours - 1.96 GB VideoPicture of the Week. REvil hacks Apple supplier Quanta Computer. World-famous Scripps Health taken down. The Big Emotet Botnet Takedown. Emotet's 4,324,770 eMail addresses. Have I Been Pwned domain-wide notifications. QNAP. Gravity NNTP Newsreader updated to v3.0.11.0 Just a bit more about Dan Kaminsky. Closing the Loop. The Ransomware Task Force. We invite you to read our show notes at https://www.grc.com/sn/SN-817-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or sub...
SN 816: The Mystery of AS8003 - Remembering Dan Kaminski, Project Zero, Unethical Security Research
April 28, 2021 00:30 - 2 hours - 1.79 GB VideoRemembering Dan Kaminski. Week before last was Patch Tuesday. Google's Project Zero responds to today's patch latency reality. Baking security into IoT UNethical security research. CloudFlare refuses to knuckle under to Patent Trolls. Closing The Loop. The Mystery of AS8003. We invite you to read our show notes at https://www.grc.com/sn/SN-816-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-...
SN 816: The Mystery of AS8003 - Remembering Dan Kaminsky, Project Zero, Unethical Security Research
April 28, 2021 00:30 - 2 hours - 1.79 GB VideoRemembering Dan Kaminsky. Week before last was Patch Tuesday. Google's Project Zero responds to today's patch latency reality. Baking security into IoT UNethical security research. CloudFlare refuses to knuckle under to Patent Trolls. Closing The Loop. The Mystery of AS8003. We invite you to read our show notes at https://www.grc.com/sn/SN-816-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-...
SN 815: Homogeneity Attacks - Is FLoC All That Bad?, Humble Bundle For Programmers, Chrome 90
April 21, 2021 01:00 - 2 hours - 1.72 GB VideoClub TWiT details. Picture of the Week. The Vivaldi Project's take on FLoC. Chrome continues to be THE high-value target. We're at Chrome v90. Exchange Server Web Shells removed, with DOJ Permission. WordPress joins the "FLoC No!" chorus. It's Humble Bundle Book Time. Closing the Loop. A quick SpinRite progress report. Homogeneity Attacks. We invite you to read our show notes at https://www.grc.com/sn/SN-815-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe t...
SN 814: PwnIt And OwnIt - Why Port 10080 is Blocked, FLoC Rollout, PHP GIT Hack Revisited, CISCO Router Problems
April 14, 2021 00:30 - 2 hours - 1.74 GB VideoPicture of the week. The Slips keep Streaming. Are You FLoC'ed? The PHP GIT Hack, revisited. CISCO abandons old routers having problems. Failure to Patch. PwnIt And OwnIt. We invite you to read our show notes at https://www.grc.com/sn/SN-814-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (inclu...
SN 813: A Spy in Our Pocket - Ubiquity Coverup, Facebook Data Dump, Malicious Call of Duty Cheats
April 07, 2021 00:00 - 2 hours - 1.78 GB VideoUbiquity coverup, Facebook data dump, malicious Call of Duty cheats. The Ubiquiti Coverup. Facebook's 533,313,128 Million User Whoopsie! Don't mess with our water! Android moves to limit inter-app visibility. Beware malicious "Call of Duty: Warzone" cheats. QNAP — Just Say No! Listener Feedback. A Spy in Our Pocket. We invite you to read our show notes at https://www.grc.com/sn/SN-813-Notes.pdf Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://t...
SN 812: GIT Me Some PHP - Spectre Returns to Linux, API Security, OpenSSL Flaws, SolarWinds
March 31, 2021 00:30 - 1 hour - 1.01 GB VideoSpectre returns to Linux, API Security, OpenSSL flaws, SolarWinds. Picture of the week. ProxyLogon Update. Spectre returns to Linux. OpenSSL fixes several high-severity flaws. SolarWinds keeps finding new critical problems within its own code. Cloudflare's recent moves. A focus on API Security. SpinRite update. The curious case of the PHP's Git Server Hack. We invite you to read our show notes at https://www.grc.com/sn/SN-812-Notes.pdf Hosts: Steve Gibson and Leo Laporte Downl...
SN 811: What the FLoC? - Automatic Fix for Exchange Server Flaw, Firefox 87 Features, MyBB Patch
March 24, 2021 00:00 - 2 hours - 1.35 GB VideoAutomatic fix for Exchange Server flaw, Firefox 87 features, MyBB patch. Dave's Garage on YouTube. The latest update on the ProxyLogon fiasco is from Microsoft. Black Kingdom Ransomware. Firefox will be adopting a new privacy-enhancing Referrer Policy. This Week in Remote Code Execution Disasters. MyBB gets patched. CAID is able. What the FLoC? "Federated Learning of Cohorts" We invite you to read our show notes at https://www.grc.com/sn/SN-811-Notes.pdf Hosts: Steve Gibson and L...
SN 810: ProxyLogon - New Chrome 0-Day, Patch Tuesday Redux, Spectre Comes to Chrome
March 17, 2021 01:00 - 2 hours - 1.14 GB VideoNew Chrome 0-Day, Patch Tuesday Redux, Spectre Comes to Chrome. Chrome closes another 0-day. This v89 of Chrome also lost some weight. Spectre comes to Chrome! Prime+Probe: A new browser tracking side-channel. Patch Tuesday Redux. BSODs when attempting to print. Free code signing for the Open Source community. JPL's Perseverance Rover. Feedback. Spinrite. ProxyLogon. We invite you to read our show notes at https://www.grc.com/sn/SN-810-Notes.pdf Hosts: Steve Gibson and Leo Lap...
SN 809: Hafnium - Dependency Confusion, Intel Side Channel Attacks, Crispy Subtitles From Lay's
March 10, 2021 01:30 - 1 hour - 1.12 GB VideoDependency confusion, Intel Side Channel Attacks, Crispy Subtitles from Lay's. Picture of the week. 47 fixes in Chrome 89.0.4389.72. Crispy Subtitles from Lay's. Google funds Linux kernel security developers. WinAmp gets a huge update! "Intel Side Channel Attacks on the CPU On-Chip Ring Interconnect Are Practical" Dependency Confusion! Listener feedback. Hafnium. We invite you to read our show notes at https://www.grc.com/sn/SN-809-Notes.pdf Hosts: Steve Gibson and Leo Laporte ...
SN 808: CNAME Collusion - Seven Exchange 0-Days, Firefox Enhanced Tracking Protection, SolarWinds Password
March 03, 2021 01:00 - 2 hours - 1.31 GB VideoSeven Exchange 0-days, Firefox Enhanced Tracking Protection, SolarWinds Password. Chrome to default to trying HTTPS first when not specified. Firefox's "Enhanced Tracking Protection" just neutered 3rd-party cookies! As easy as "SolarWinds123". Rockwell Automation's CVE-2021-22681 is a CRITICAL 10 out of 10. VMware's vCenter troubles. SpinRite update. Microsoft issues emergency patches for 4 exploited 0-days in Exchange. CNAME Collusion. We invite you to read our show notes at http...
SN 807: Dependency Confusion - SHAREit's Security Update, Solorigate, Brave's "Private Window With Tor"
February 23, 2021 23:30 - 2 hours - 1.25 GB VideoSHAREit's security update, Solorigate, Brave's "Private Window with Tor". SHAREit Follow-up This Week in Web Browser Tracking Brave's "Private Window with Tor" was not so private Tracking with eMail Beacons Microsoft's final "Solorigate" update "Good App goes Bad for Profit" SpinRite: RS shows VERY obvious improvement after one pass of SR 6 Dependency Confusion We invite you to read our show notes at https://www.grc.com/sn/SN-807-Notes.pdf Hosts: Steve Gibson and Leo Laporte Do...
SN 806: C.O.M.B. - Florida Water Supply Hack Update, Major Patch Tuesday, Android SHAREit Vulnerability
February 17, 2021 01:30 - 2 hours - 1.22 GB VideoFlorida water supply hack update, Major patch Tuesday, Android SHAREit vulnerability. Pic of the week. New info in the Oldsmar, Florida water supply attack. Major Patch Tuesday update. Adobe released critical updates to three versions each of its Acrobat and Reader. Android SHAREit. The Rise of The Web Shells. This week's WordPress Mess: Responsive Menu plugin. SpinRite drive discovery video. What is C.O.M.B.? We invite you to read our show notes at https://www.grc.com/sn/SN-806-...
SN 805: SCADA Scandal - Defender Thinks Chrome is Malware, Plex Media Servers in DDoS Attacks
February 10, 2021 01:30 - 2 hours - 1.42 GB VideoDefender thinks Chrome is malware, Plex Media Servers in DDoS attacks. Picture of the Week. Google has been busy with Chrome. Google Chrome Heap Buffer Overflow Vulnerability Exploited. A unique use of Chrome's "sync" feature for command & control and data exfiltration. Defender thinks Chrome is Malware. More Critical WordPress Plug-in Problems. Plex Media servers SSDP protocol being used in DDoS attacks. Three more NEW vulnerabilities discovered in SolarWinds' software. Closing t...
SN 804: NAT Slipstreaming 2.0 - SUDO Was Pseudo Secure, BigNox Supply-Chain Attack, iMessage in a Sandbox
February 03, 2021 02:30 - 2 hours - 1.28 GB VideoSUDO was pseudo secure, BigNox supply-chain attack, iMessage in a sandbox. Picture of the Week. Chrome rescinding another CA's root cert. An urgent update to the recently released GnuPG. An interesting supply-chain attack "BigNox". Apple quietly put iMessage in a sandbox in iOS 14. For the past 10 years, "SUDO" was only pseudo secure. SpinRite: February 1st Progress Report. NAT Slipstreaming 2.0. We invite you to read our show notes at https://www.grc.com/sn/SN-804-Notes.pdf Host...
SN 803: Comparative Smartphone Security - Browser Password Managers, Adobe Flash Repercussions, SolarWinds
January 27, 2021 02:00 - 2 hours - 1.35 GB VideoBrowser password managers, Adobe Flash repercussions, SolarWinds. Chrome and Edge have beefed-up their built-in password managers. The random repercussions associated with the end of Adobe Flash. A new trend emerging with post-ransomware DDOS attacks. SolarWinds attack details continue to emerge. Malwarebytes was also attacked. It seems that wherever we look, we find problems. The Expanse is GOOD sci-fi. Comparative Smartphone Security: Which mobile OS is better? We invite you to ...
SN 802: Where the Plaintext Is - 2021's First Patch Tuesday, Titan Security Key Side-Channel Attack, WhatsApp
January 20, 2021 01:30 - 1 hour - 976 MB Video2021's first Patch Tuesday, Titan Security Key side-channel attack, WhatsApp. When is Chrome not Chromium? A major DuckDuckGo milestone. Project Zero in the wild. First Patch Tuesday of 2021. ZeroLogon Drop Dead. NSA warns against outsourcing DoH services. A Side-Channel in Titan. The "PayPal Football" WhatsApp's decision to bring its data into Facebook. We invite you to read our show notes at https://www.grc.com/sn/SN-802-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download...
SN 801: Out With The Old - SolarWinds Smoking Gun, Signal Influx of WhatsApp Users, Male Chastity Cage
January 13, 2021 02:00 - 2 hours - 1.27 GB VideoSolarWinds smoking gun, Signal influx of WhatsApp users, male chastity cage. Firefox and Chromium updates address remote system take over bugs. Tenable researchers reported a critical Chromium bug. What Firefox's backspace key does and should do. How Ryuk malware operations netted $150 million via cryptocurrency exchange. Intel: A triumph of marketing over technology. The strange case of the Male Chastity Cage. A SolarWinds smoking gun? "Sunburst backdoor." A class action lawsuit f...