SN 947: Article 45 - Citrix Bleed update, Ace Hardware cyberattack, Bitwarden get Passkeys

Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key
A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix
Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable
Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity
CVSS version 4 released with new metrics for better granularity and clarity of vulnerability scores
Ace Hardware suffered a cyberattack impacting servers and systems
Google abandons controversial "Web DRM" proposal to let sites restrict browser extensions
Analysis of "BadCandy" malware infecting vulnerable Cisco routers
Bitwarden password manager adds support for FIDO2 passkeys in browser extension
Rescuing a severely degraded SSD and bringing it back to life with SpinRite
Feedback from listeners on IPv6 adoption, factors for choosing crypto primes, installing Windows 11, and more
The brewing battle in the EU over proposed eIDAS regulation Article 45 that could ban security checks on root certificates and undermine encrypted web traffic

Show Notes - https://www.grc.com/sn/SN-947-Notes.pdf

 

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors: