SN 945: The Power of Privilege - New cURL vulnerabilities, CVSS 10.0 Cisco Nightmare, So long VBScript!
Security Now (Video)
English - October 25, 2023 01:26 - 2 hours - 1.67 GB Video - ★★★★★ - 82 ratingsTech News News Technology twit technology steve gibson leo laporte security spyware malware hacking cyber crime encryption Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
How fake drives continue to be sold on Amazon despite negative reviews
Microsoft is discontinuing support for the VBScript language
The 30-year old NTLM authentication protocol will eventually be removed from Windows
Two new vulnerabilities found in cURL
A new Cisco router vulnerability rated CVSS 10.0 was used to hack over 40,000 devices
Debate over whether "lib" should rhyme with "vibe" or "air"
Instructions for accessing the SpinRite 6.1 pre-release version
Feedback on passkey exportability and server IP address encryption
A listener asks if ransomware can encrypt already encrypted files
How Privacy Badger un-rewrites Google's search result links
The NSA and CISA warn about the power of privilege and the dangers of account misconfigurations like privilege creep, elevated service account permissions, and non-essential use of elevated accounts
Show Notes - https://www.grc.com/sn/SN-945-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
drata.com/twit
joindeleteme.com/twit promo code TWIT
canary.tools/twit - use code: TWIT