Security Now (Video)
209 episodes - English - Latest episode: 5 days ago - ★★★★★ - 82 ratingsCybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week.
Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
SN 826: The Kaseya Saga - Microsoft PrintNightmare, WD's MyCloud OS3 Troubles, SpinRite in a BMW
July 07, 2021 00:30 - 1 hour - 1.52 GB VideoPicture of the Week. "PrintNightmare" is NOT CVE-2021-1675. The Authentication Dilemma. Western Digital steps up. WD's MyCloud OS3 Troubles. SpinRite. Miscellany & Closing The Loop. The Kaysea Saga. We invite you to read our show notes at https://www.grc.com/sn/SN-826-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question t...
SN 825: Halfway Through 2021 - Google's FLoC, $600M Ransomware Attack, Where Will Windows 11 Run?
June 30, 2021 00:30 - 1 hour - 1.34 GB VideoPicture of the week Google's FLoC has landed with a hard thud and is now-delayed The high cost of Ireland's recovery from the Conti ransomware attack Who is responsible for damage and data loss following the remote wiping of many Western Digital My Book NAS devices? The story behind an important Edge update Where will Windows 11 run? The passing of an industry legend Steve's favorite web browser keyboard shortcut and his favorite website cloning tool We invite you to read our show n...
SN 824: Avaddon Ransonomics - Chrome 0-Day, Big Spinrite Update, iOS Wi-Fi Bug, Economics of Ransomware
June 23, 2021 01:00 - 2 hours - 1.86 GB VideoPicture of the Week. Another day, another Chrome 0-day. Ransomware perpetrators are increasingly purchasing access. A weird bug in iOS Wi-Fi. An Early Preview of Windows 11. The Security Now! Podcast has found a new purpose... SpinRite. Avaddon Ransonomics. We invite you to read our show notes at https://www.grc.com/sn/SN-824-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWi...
SN 823: TLS Confusion Attacks - TikTok Privacy, iOS 14.5 Tracking Permission, Industry-Wide Patch Tuesday
June 16, 2021 01:00 - 2 hours - 1.92 GB VideoPicture of the week. Being #1 is a mixed blessing. Industry wide patch Tuesday. TikTok Quietly Updated Its Privacy Policy to Collect Users' Biometric Data. iOS 14.5 requires apps to obtain explicit tracking permission. The ANOM sting operation. "Windows 10" — the last Windows ever? Project Hail Mary. SpinRite: The Curious Data Recovery Adventure. TLS Confusion Attacks. We invite you to read our show notes at https://www.grc.com/sn/SN-823-Notes.pdf Hosts: Steve Gibson and Leo Lapo...
SN 822: Extrinsic Password Managers - Great CyberSecurity Awakening of 2021, NAT vs IPv6, Tavis Ormandy
June 09, 2021 01:00 - 2 hours - 1.87 GB VideoPicture of the week. The Great CyberSecurity Awakening of 2021. Firefox will soon auto-update on Windows even when it's not running. Edge takes its own approach to HTTPS switching. Three new ransomware victims. We believe we know how Colonial Pipeline was breached. The FBI strikes back... but how, exactly? WordPress force installs Jetpack security update on 5 million sites. WordPress Fancy Product Designer. GitHub Updates its formal posting policy. NAT vs IPv6. Project Hail Mary ...
SN 821: Epsilon Red - Chrome 91, Emsisoft's Ransomware Decryption Tool, Revisiting Amazon Sidewalk
June 02, 2021 01:00 - 2 hours - 1.71 GB VideoPhoto of the Week. Chrome advances to 91. Emsisoft has created their own ransomware decryption tool. Stepping off the Sidewalk. Just another phishing attack. The Great Encryption Struggle. Hail Mary. Epsilon Red. We invite you to read our show notes at https://www.grc.com/sn/SN-821-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submi...
SN 820: The Dark Escrow - Firefox Fission, Doom CAPTCHA, Conti and CNA Financial Ransomware
May 26, 2021 00:30 - 1 hour - 1.47 GB VideoPicture of the Week. Firefox finally achieves sustained "Fission". Conti ransomware. CNA Financial pays up big. When they say IoT do they mean us? "Mean Time to Inventory" The "Doom" CAPTCHA. The "Helios" screensaver. Closing the Loop. The Dark Escrow. We invite you to read our show notes at https://www.grc.com/sn/SN-820-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT a...
SN 819: The WiFi Frag Attacks - DarkSide Follow-Up, DarkTracer, Patch Tuesday, The Frontiers Saga
May 19, 2021 02:00 - 1 hour - 1.62 GB VideoPicture of the week. DarkSide Follow-Up. Follow The Money. Toshiba Attacked by DarkSide. Ransomware topics off-limits here. "DarkTracer: DarkWeb Criminal Intelligence" Please Leak our Stolen Data! Patch Tuesday Review. A review of the first book of "The Frontiers Saga" 60 Minutes/UAP: Unidentified Aerial Phenomena. Closing the Loop. The WiFi Frag Attacks. We invite you to read our show notes at https://www.grc.com/sn/SN-819-Notes.pdf Hosts: Steve Gibson and Leo Laporte Downlo...
SN 818: News From the Darkside - Exim Email Server, Tor's Exit Nodes, TsuNAME, Project Hail Mary
May 12, 2021 00:00 - 1 hour - 1.65 GB VideoPicture of the week. TsuNAME - "DNS Configuration Flaw Lets Attackers Take Down DNS Servers" Huh Google? Tor's Exit Nodes. 21 Nails in Exim's coffin. Project Hail Mary: A Novel. Closing the loop. SpinRite update. News from the Darkside. We invite you to read our show notes at https://www.grc.com/sn/SN-818-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv...
SN 817: The Ransomware Task Force - Scripps Health, REvil Hacks Quanta Computer, Emotet Botnet, QNAP
May 05, 2021 01:00 - 2 hours - 1.96 GB VideoPicture of the Week. REvil hacks Apple supplier Quanta Computer. World-famous Scripps Health taken down. The Big Emotet Botnet Takedown. Emotet's 4,324,770 eMail addresses. Have I Been Pwned domain-wide notifications. QNAP. Gravity NNTP Newsreader updated to v3.0.11.0 Just a bit more about Dan Kaminsky. Closing the Loop. The Ransomware Task Force. We invite you to read our show notes at https://www.grc.com/sn/SN-817-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or sub...
SN 816: The Mystery of AS8003 - Remembering Dan Kaminski, Project Zero, Unethical Security Research
April 28, 2021 00:30 - 2 hours - 1.79 GB VideoRemembering Dan Kaminski. Week before last was Patch Tuesday. Google's Project Zero responds to today's patch latency reality. Baking security into IoT UNethical security research. CloudFlare refuses to knuckle under to Patent Trolls. Closing The Loop. The Mystery of AS8003. We invite you to read our show notes at https://www.grc.com/sn/SN-816-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-...
SN 816: The Mystery of AS8003 - Remembering Dan Kaminsky, Project Zero, Unethical Security Research
April 28, 2021 00:30 - 2 hours - 1.79 GB VideoRemembering Dan Kaminsky. Week before last was Patch Tuesday. Google's Project Zero responds to today's patch latency reality. Baking security into IoT UNethical security research. CloudFlare refuses to knuckle under to Patent Trolls. Closing The Loop. The Mystery of AS8003. We invite you to read our show notes at https://www.grc.com/sn/SN-816-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-...
SN 815: Homogeneity Attacks - Is FLoC All That Bad?, Humble Bundle For Programmers, Chrome 90
April 21, 2021 01:00 - 2 hours - 1.72 GB VideoClub TWiT details. Picture of the Week. The Vivaldi Project's take on FLoC. Chrome continues to be THE high-value target. We're at Chrome v90. Exchange Server Web Shells removed, with DOJ Permission. WordPress joins the "FLoC No!" chorus. It's Humble Bundle Book Time. Closing the Loop. A quick SpinRite progress report. Homogeneity Attacks. We invite you to read our show notes at https://www.grc.com/sn/SN-815-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe t...
SN 814: PwnIt And OwnIt - Why Port 10080 is Blocked, FLoC Rollout, PHP GIT Hack Revisited, CISCO Router Problems
April 14, 2021 00:30 - 2 hours - 1.74 GB VideoPicture of the week. The Slips keep Streaming. Are You FLoC'ed? The PHP GIT Hack, revisited. CISCO abandons old routers having problems. Failure to Patch. PwnIt And OwnIt. We invite you to read our show notes at https://www.grc.com/sn/SN-814-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (inclu...
SN 813: A Spy in Our Pocket - Ubiquity Coverup, Facebook Data Dump, Malicious Call of Duty Cheats
April 07, 2021 00:00 - 2 hours - 1.78 GB VideoUbiquity coverup, Facebook data dump, malicious Call of Duty cheats. The Ubiquiti Coverup. Facebook's 533,313,128 Million User Whoopsie! Don't mess with our water! Android moves to limit inter-app visibility. Beware malicious "Call of Duty: Warzone" cheats. QNAP — Just Say No! Listener Feedback. A Spy in Our Pocket. We invite you to read our show notes at https://www.grc.com/sn/SN-813-Notes.pdf Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://t...
SN 812: GIT Me Some PHP - Spectre Returns to Linux, API Security, OpenSSL Flaws, SolarWinds
March 31, 2021 00:30 - 1 hour - 1.01 GB VideoSpectre returns to Linux, API Security, OpenSSL flaws, SolarWinds. Picture of the week. ProxyLogon Update. Spectre returns to Linux. OpenSSL fixes several high-severity flaws. SolarWinds keeps finding new critical problems within its own code. Cloudflare's recent moves. A focus on API Security. SpinRite update. The curious case of the PHP's Git Server Hack. We invite you to read our show notes at https://www.grc.com/sn/SN-812-Notes.pdf Hosts: Steve Gibson and Leo Laporte Downl...
SN 811: What the FLoC? - Automatic Fix for Exchange Server Flaw, Firefox 87 Features, MyBB Patch
March 24, 2021 00:00 - 2 hours - 1.35 GB VideoAutomatic fix for Exchange Server flaw, Firefox 87 features, MyBB patch. Dave's Garage on YouTube. The latest update on the ProxyLogon fiasco is from Microsoft. Black Kingdom Ransomware. Firefox will be adopting a new privacy-enhancing Referrer Policy. This Week in Remote Code Execution Disasters. MyBB gets patched. CAID is able. What the FLoC? "Federated Learning of Cohorts" We invite you to read our show notes at https://www.grc.com/sn/SN-811-Notes.pdf Hosts: Steve Gibson and L...
SN 810: ProxyLogon - New Chrome 0-Day, Patch Tuesday Redux, Spectre Comes to Chrome
March 17, 2021 01:00 - 2 hours - 1.14 GB VideoNew Chrome 0-Day, Patch Tuesday Redux, Spectre Comes to Chrome. Chrome closes another 0-day. This v89 of Chrome also lost some weight. Spectre comes to Chrome! Prime+Probe: A new browser tracking side-channel. Patch Tuesday Redux. BSODs when attempting to print. Free code signing for the Open Source community. JPL's Perseverance Rover. Feedback. Spinrite. ProxyLogon. We invite you to read our show notes at https://www.grc.com/sn/SN-810-Notes.pdf Hosts: Steve Gibson and Leo Lap...
SN 809: Hafnium - Dependency Confusion, Intel Side Channel Attacks, Crispy Subtitles From Lay's
March 10, 2021 01:30 - 1 hour - 1.12 GB VideoDependency confusion, Intel Side Channel Attacks, Crispy Subtitles from Lay's. Picture of the week. 47 fixes in Chrome 89.0.4389.72. Crispy Subtitles from Lay's. Google funds Linux kernel security developers. WinAmp gets a huge update! "Intel Side Channel Attacks on the CPU On-Chip Ring Interconnect Are Practical" Dependency Confusion! Listener feedback. Hafnium. We invite you to read our show notes at https://www.grc.com/sn/SN-809-Notes.pdf Hosts: Steve Gibson and Leo Laporte ...
SN 808: CNAME Collusion - Seven Exchange 0-Days, Firefox Enhanced Tracking Protection, SolarWinds Password
March 03, 2021 01:00 - 2 hours - 1.31 GB VideoSeven Exchange 0-days, Firefox Enhanced Tracking Protection, SolarWinds Password. Chrome to default to trying HTTPS first when not specified. Firefox's "Enhanced Tracking Protection" just neutered 3rd-party cookies! As easy as "SolarWinds123". Rockwell Automation's CVE-2021-22681 is a CRITICAL 10 out of 10. VMware's vCenter troubles. SpinRite update. Microsoft issues emergency patches for 4 exploited 0-days in Exchange. CNAME Collusion. We invite you to read our show notes at http...
SN 807: Dependency Confusion - SHAREit's Security Update, Solorigate, Brave's "Private Window With Tor"
February 23, 2021 23:30 - 2 hours - 1.25 GB VideoSHAREit's security update, Solorigate, Brave's "Private Window with Tor". SHAREit Follow-up This Week in Web Browser Tracking Brave's "Private Window with Tor" was not so private Tracking with eMail Beacons Microsoft's final "Solorigate" update "Good App goes Bad for Profit" SpinRite: RS shows VERY obvious improvement after one pass of SR 6 Dependency Confusion We invite you to read our show notes at https://www.grc.com/sn/SN-807-Notes.pdf Hosts: Steve Gibson and Leo Laporte Do...
SN 806: C.O.M.B. - Florida Water Supply Hack Update, Major Patch Tuesday, Android SHAREit Vulnerability
February 17, 2021 01:30 - 2 hours - 1.22 GB VideoFlorida water supply hack update, Major patch Tuesday, Android SHAREit vulnerability. Pic of the week. New info in the Oldsmar, Florida water supply attack. Major Patch Tuesday update. Adobe released critical updates to three versions each of its Acrobat and Reader. Android SHAREit. The Rise of The Web Shells. This week's WordPress Mess: Responsive Menu plugin. SpinRite drive discovery video. What is C.O.M.B.? We invite you to read our show notes at https://www.grc.com/sn/SN-806-...
SN 805: SCADA Scandal - Defender Thinks Chrome is Malware, Plex Media Servers in DDoS Attacks
February 10, 2021 01:30 - 2 hours - 1.42 GB VideoDefender thinks Chrome is malware, Plex Media Servers in DDoS attacks. Picture of the Week. Google has been busy with Chrome. Google Chrome Heap Buffer Overflow Vulnerability Exploited. A unique use of Chrome's "sync" feature for command & control and data exfiltration. Defender thinks Chrome is Malware. More Critical WordPress Plug-in Problems. Plex Media servers SSDP protocol being used in DDoS attacks. Three more NEW vulnerabilities discovered in SolarWinds' software. Closing t...
SN 804: NAT Slipstreaming 2.0 - SUDO Was Pseudo Secure, BigNox Supply-Chain Attack, iMessage in a Sandbox
February 03, 2021 02:30 - 2 hours - 1.28 GB VideoSUDO was pseudo secure, BigNox supply-chain attack, iMessage in a sandbox. Picture of the Week. Chrome rescinding another CA's root cert. An urgent update to the recently released GnuPG. An interesting supply-chain attack "BigNox". Apple quietly put iMessage in a sandbox in iOS 14. For the past 10 years, "SUDO" was only pseudo secure. SpinRite: February 1st Progress Report. NAT Slipstreaming 2.0. We invite you to read our show notes at https://www.grc.com/sn/SN-804-Notes.pdf Host...
SN 803: Comparative Smartphone Security - Browser Password Managers, Adobe Flash Repercussions, SolarWinds
January 27, 2021 02:00 - 2 hours - 1.35 GB VideoBrowser password managers, Adobe Flash repercussions, SolarWinds. Chrome and Edge have beefed-up their built-in password managers. The random repercussions associated with the end of Adobe Flash. A new trend emerging with post-ransomware DDOS attacks. SolarWinds attack details continue to emerge. Malwarebytes was also attacked. It seems that wherever we look, we find problems. The Expanse is GOOD sci-fi. Comparative Smartphone Security: Which mobile OS is better? We invite you to ...
SN 802: Where the Plaintext Is - 2021's First Patch Tuesday, Titan Security Key Side-Channel Attack, WhatsApp
January 20, 2021 01:30 - 1 hour - 976 MB Video2021's first Patch Tuesday, Titan Security Key side-channel attack, WhatsApp. When is Chrome not Chromium? A major DuckDuckGo milestone. Project Zero in the wild. First Patch Tuesday of 2021. ZeroLogon Drop Dead. NSA warns against outsourcing DoH services. A Side-Channel in Titan. The "PayPal Football" WhatsApp's decision to bring its data into Facebook. We invite you to read our show notes at https://www.grc.com/sn/SN-802-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download...
SN 801: Out With The Old - SolarWinds Smoking Gun, Signal Influx of WhatsApp Users, Male Chastity Cage
January 13, 2021 02:00 - 2 hours - 1.27 GB VideoSolarWinds smoking gun, Signal influx of WhatsApp users, male chastity cage. Firefox and Chromium updates address remote system take over bugs. Tenable researchers reported a critical Chromium bug. What Firefox's backspace key does and should do. How Ryuk malware operations netted $150 million via cryptocurrency exchange. Intel: A triumph of marketing over technology. The strange case of the Male Chastity Cage. A SolarWinds smoking gun? "Sunburst backdoor." A class action lawsuit f...
SN 800: SolarBlizzard - SolarWinds' Orion Software, Swatting Goes IoT, PHP Zend Framework Vulnerability
January 06, 2021 02:00 - 1 hour - 1.17 GB VideoSolarWinds' Orion software, swatting goes IoT, PHP Zend Framework vulnerability. Chrome struggles with A/V pre-scan file locking. Zyxel security products protected by a single redundant password. How Swatters are using IoT devices to increase the terror. A new serious problem in the PHP Zend Framework on WordPress. Bitcoin woes as value reaches new peaks. ReadSpeed, SSD's, and SpinRite. A new flaw discovered in SolarWinds' Orion software. We invite you to read our show notes at htt...
SN 799: Sunburst & Supernova - Ransomware Task Force, Chrome 87, Firefox Caches, Preserving Flash Video
December 30, 2020 01:30 - 1 hour - 1.22 GB VideoRansomware Task Force, Chrome 87, Firefox caches, preserving Flash video. Chrome 87 backs away from Insecure Form Warnings. Firefox to begin partitioning its caches. Browsers say no to Kazakhstan again. Announcing the RTF - The Ransomware Task Force. 5 million WordPress sites in critical danger. Treck's TCP/IO stack strikes again! Preserving Flash content online. SpinRite: ReadSpeed is ready! InitDisk is at release 5. Numerous updates on SolarWind, Sunburst, and Supernova. We in...
SN 798: Best of 2020 - The Year's Best Stories on Security Now
December 22, 2020 19:00 - 1 hour - 921 MB VideoLeo Laporte walks through some of the highlights of the show and most impactful stories of 2020. Stories include: Clearview AI face scanning. The "EARN IT" act. Zoom security issues. Why contact tracing apps won't work. How to prevent the next Twitter hack Ring's autonomous flying home security webcam. Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. ...
SN 797: SolarWinds - Chrome Throttling Ads, Google Outage, 2020 Pwnie Awards, JavaScript's 25th Birthday
December 16, 2020 03:00 - 2 hours - 1.45 GB VideoChrome throttling ads, Google outage, 2020 Pwnie Awards, JavaScript's 25th birthday. Chrome's heavy ad intervention. Adrozek. Ransomware: "Double Extortion." A 0-click wormable vulnerability in D-Link VPN servers. Google suffered an outage. Amnesia:33. Zero-day in WordPress SMTP plugin. The 2020 Pwnie Awards. The end of Flash. JavaScript is celebrating its 25th birthday. InitDisk release 4 published. A deep look at the SolarWinds hack. We invite you to read our show notes at h...
SN 796: Amazon Sidewalk - Google Play Core Library, iOS Zero-Click Radio Proximity Exploit, Apple M1 Chip
December 09, 2020 02:00 - 2 hours - 1.52 GB VideoGoogle Play Core Library, iOS zero-click radio proximity exploit, Apple M1 chip. Ransomware news regarding Foxconn, Egregor, and K12 Inc. The Apple iPhone zero-click radio proximity vulnerability. Oblivious DoH (ODoH). Google Play Core Library problems. The mysterious power of Apple's M1 Arm processor chip. InitDisk release 2 published. SpinRite update. Amazon Sidewalk. We invite you to read our show notes at https://www.grc.com/sn/SN-796-Notes.pdf Hosts: Steve Gibson and Leo Lap...
SN 795: DNS Consolidation - Generic Smart Doorbells, Tesla Model X Key Fobs, Critical Drupal Flaw, Spotify
December 02, 2020 03:00 - 2 hours - 1.43 GB VideoGeneric smart doorbells, Tesla Model X key fobs, critical Drupal flaw, Spotify. Chrome Omnibox becomes more Omni. Chrome's open tabs search. Ransomware news involving Delaware County, Canon, US Fertility, Ritzau, Baltimore County Public Schools, and Banijay group SAS. Drupal's security advisory titled "Drupal core - Critical - Arbitrary PHP code execution." The revenge of cheap smart doorbells. Tesla Key Fob Hack #3. CA's adapt to single-year certs. Nearly 50,000 Fortinet VPN crede...
SN 794: Cicada - Ongoing WordPress Attack, RCS Gets End-to-End Encryption
November 25, 2020 01:30 - 1 hour - 1.06 GB VideoOngoing WordPress attack, RCS gets End-to-end encryption. Chrome moves to release 87. Explicit Publication of Privacy Practices. Firefox 83 gets HTTPS-only Mode. Mozilla seeks consultation on implementing DNS-over-HTTPS. The comical announcement strategy of the Egregor Ransomware. Large-scale attacks targeting Epsilon Framework Themes in WordPress. Cybercrime gang installs hidden e-commerce stores on WordPress sites. 245,000 Windows systems still vulnerable to BlueKeep RDP bug. Go...
SN 793: SAD DNS - Malicious Android Apps, Ransomware-as-a-Service
November 18, 2020 03:29 - 1 hour - 1.31 GB VideoMalicious Android apps, ransomware-as-a-service. Where do most malicious Android apps come from? SAD DNS is a revival of the classic DNS cache poisoning attack How many Ransomware-as-a-Service (RaaS) operations are there? Ragnar Locker ransomware gang takes out a Facebook ad Two more new 0-days revealed in Chrome Last Tuesday, Microsoft fixed 112 known vulnerabilities in Microsoft products We invite you to read our show notes at https://www.grc.com/sn/SN-793-Notes.pdf Hosts: Steve ...
SN 792: NAT Firewall Bypass - SlipStream NAT Firewall Bypass, MS Police Use Ring Doorbell Cams
November 11, 2020 02:30 - 1 hour - 1.25 GB VideoSlipStream NAT firewall bypass, MS Police use Ring doorbell cams. Let's Encrypt's cross-signed root expires next year Chrome updates on Windows, macOS, Linux, and Android to remove 0-day vulnerability Mattel, Compel, Capcom, and Campari fall to ransomware attacks iOS 14.2 fixes three 0-day vulnerabilities Introducing the Tianfu Cup: China's version of the Pwn2Own hacker competition November's Patch Tuesday The Great Encryption Dilemma hits Europe Ring Doorbells to be tapped in a tr...
SN 791: Google's Root Program - Google One VPN, WordPress Update Fail, Windows 7 0-Day
November 04, 2020 02:00 - 1 hour - 1.13 GB VideoGoogle One VPN, WordPress update fail, Windows 7 0-Day. A new 0-day in Win7 through Win10 A public service reminder from Microsoft Google One adding an Android VPN Vulnonym: Stop the Naming Madness! WordPress fumbles an important update Chrome's Root Program We invite you to read our show notes at https://www.grc.com/sn/SN-791-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Secu...
SN 790: Top 25 Vulnerabilities - Chrome 0-Day, Edge for Linux, WordPress Loginizer
October 28, 2020 01:00 - 1 hour - 1.1 GB VideoChrome 0-Day, Edge for Linux, WordPress Loginizer. Top 25 Vulnerabilities Critical 0-day in Chrome Chrome 86 is now blocking slippery notifications Site Isolation coming soon to Firefox Microsoft's Chredge for Linux WordPress Loginizer vulnerability We invite you to read our show notes at https://www.grc.com/sn/SN-790-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now!...
SN 789: Anatomy of a Ryuk Attack - Zoom End-to-End Encryption, Windows 10 God Mode, Manifest v3
October 21, 2020 00:30 - 1 hour - 1.11 GB VideoZoom end-to-end encryption, Windows 10 god mode, Manifest v3. Last Wednesday, Zoom announced that THIS week their 30-evaluation of end-to-end encrypted video conferencing would begin How to enable Windows 10 "God Mode" Edge to be updated with browser extensions "Manifest v3" Last Tuesday Microsoft issued fixes for 87 security vulnerabilities - so, yeah, it was a slow month... Your SonicWall Network Security Appliance (NSA) MUST be patched now! Microsoft's two out-of-cycle patches An...
SN 788: Well Known URI's - Carnival Cruise Hack, ZeroLogon, Five Eyes vs Encryption
October 14, 2020 01:00 - 2 hours - 1.38 GB VideoCarnival Cruise hack, ZeroLogon, Five Eyes vs Encryption. Chrome gets 86'd! Carnival Cruise Line Hack The largest company you've never heard of gets hit by ransomware hackers No connection logs? In France, you go to jail! Hacking the Apple ZeroLogon, the FBI, DHS and our forthcoming election security The revenge of DNT, as GPC, now enhanced with legislation The Anti-E2EE drumbeat beats yet again We invite you to read our show notes at https://www.grc.com/sn/SN-788-Notes.pdf Hosts...
SN 787: Why Win7 Lives On - Android Security, Windows 7 Security, Microsoft Defender
October 07, 2020 01:00 - 1 hour - 1.16 GB VideoAndroid Security, Windows 7 Security, Microsoft Defender. Google to get even more proactive about Android security Why are people sticking with Windows 7? And Google funds a JavaScript research engine Microsoft Defender gets in Vitro Updating WSL 2 (Windows Subsystem for Linux v2) completely bypasses the hosting Windows 10 firewall Most Microsoft Exchange Servers remain unpatched after 9 eight months! Cloudflare has just added a free web API firewall service for all customers US De...
SN 786: ZeroLogon++ - Amazon Flying Security Cam, ZeroLogon on GitHub, Ransomware Roundup
September 30, 2020 01:00 - 2 hours - 1.3 GB VideoAmazon flying security cam, ZeroLogon on GitHub, ransomware roundup. What could possibly go wrong: Amazon/Ring's autonomous flying home security webcam Evil ransomware gang deposited $1 million of bitcoin in a hacker recruitment drive Over this past weekend, Universal Health Services was hit by a huge Ryuk ransomware One week ago, there were three ZeroLogon exploits on GitHub. Today there are more than fit on the first page of search results Security Fixes in Chrome's v85.0.4183.121 R...
SN 785: Formal Verification - iOS 14 & Android 11 Security Features, DuckDuckGo Gets Big
September 23, 2020 03:53 - 1 hour - 1.34 GB VideoiOS 14 & Android 11 security features, DuckDuckGo gets big. The most important iOS 14 privacy & security features All of Android 11's new privacy & security features DuckDuckGo usage growth goes exponential LAN attack bug fixed in Firefox 79 for Android Goodbye Forever Firefox Send and Notes... Oh, how we loved ye Microsoft's catastrophic Zerologon vulnerability Why we're headed toward formal verification of security protocols We invite you to read our show notes at https://www.grc...
SN 784: BlindSide & BLURtooth - Chrome vs Abusive Ads, Patch Tuesday Palooza
September 16, 2020 00:00 - 1 hour - 1.04 GB VideoChrome vs abusive ads, patch Tuesday palooza. BlindSide and BLURtooth Chrome gets tough on abusive ads The last hurrah for IE & Flash exploits Chromium Edge on Win10: Forcing the issue Edge enables "Ask me..." for each download Patch Tuesday Palooza! Excessive SSD Defragging also fixed The WordPress File Manager flaw... two weeks downstream Zoom... now with 2FA New Raccoon attack We invite you to read our show notes at https://www.grc.com/sn/SN-784-Notes.pdf Hosts: Steve Gibson...
SN 783: IoT Isolation Strategies - Isolate Your IoT Devices, Threema Goes Open-Source
September 09, 2020 02:54 - 2 hours - 1.32 GB VideoIsolate your IoT devices, Threema goes open-source. IoT Isolation Strategies DoH coming to Chrome for Android Bye Bye Drive-By Downloads Threema goes Open-Source WordPress File Manage 0-day flaw Facebook's new VDP — Vulnerability Disclosure Policy Facebook's new "WhatsApp Security Advisories" page The Tor Project Membership Program Intel's latest microcode patches We invite you to read our show notes at https://www.grc.com/sn/SN-783-Notes.pdf Hosts: Steve Gibson and Leo Laporte ...
SN 782: I Know What You Did Last Summer - Russian Tries to Hack Tesla, Web Browser History Research
September 02, 2020 01:00 - 1 hour - 968 MB VideoRussian tries to hack Tesla, web browser history research. Chrome 85 security features Russian Attempts to Cyber Attack Tesla More EMV Standard monetary transaction method problems Watch this video on Covid testing I Know What You Did Last Summer: research on web browsing histories We invite you to read our show notes at https://www.grc.com/sn/SN-782-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can su...
SN 781: SpiKey - Ransomware Hits Jack Daniel's, Iranian Script-Kiddies, How Ransomware Happens
August 26, 2020 01:30 - 2 hours - 1.07 GB VideoRansomware hits Jack Daniel's, Iranian Script-Kiddies, how ransomware happens. SpiKey: using the sound of a key to determine its shape What do The University of Utah, Jack Daniel's Whiskey, and Carnival Cruise Lines all have in common? Ransomware A Remote Code Execution in Chrome's WebGL How ransomware happens: email phishing, remote desktop protocol compromise, and software vulnerability Emergency Windows update! Iranian script-kiddies using RDP to deploy Dharma ransomware The Zero...
SN 780: Microsoft's 0-Day Folly - Microsoft Acts Badly, Canon Ransomware, Mozilla Tries to Pivot
August 19, 2020 00:30 - 2 hours - 1.47 GB VideoMicrosoft acts badly, Canon ransomware, Mozilla tries to pivot. When Microsoft doesn't act responsibly: Parts 1 and 2 Snap Your Dragon / "Achilles: Small Chip, Big Peril" 3rd largest Patch Tuesday ever Mozilla pivoting to VPN, future uncertain The other ransomware shoe drops at Canon Software glitch in California's COVID case reporting Threema gets E2EE Video Calls We invite you to read our show notes at https://www.grc.com/sn/SN-780-Notes.pdf Hosts: Steve Gibson and Leo Laporte ...
SN 779: Geneva - Great Firewall Of China, Black Hat/DEFCON 2020, Have I Been Pwned
August 12, 2020 01:00 - 2 hours - 1.19 GB VideoGreat Firewall Of China, Black Hat/DEFCON 2020, Have I Been Pwned. It's Patch Tuesday! News from Black Hat / DEFCON 2020 Generalizing Speculative Execution Vulnerabilities Canon hit by the Maze ransomware A vBulletin Emergency DoH for Win10 Troy Hunt Hasn't Been Pwned Geneva: China's Great Firewall Tightens We invite you to read our show notes at https://www.grc.com/sn/SN-779-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/sho...
SN 778: BootHole - Twitter Hackers Arrested, Garmin Hackers Get Ransom
August 05, 2020 03:00 - 2 hours - 1.11 GB VideoTwitter hackers arrested, Garmin hackers get ransom. Vitamin D fights death by Covid Firefox is now at v79 Twitter hackers arrested Garmin hackers rewarded Tor and Dr. Krawetz Dropping 0Days Blocking Tor Connections the Smart Way Enabling Zoom Meeting Hacking Another SHA-1 Deprecation QNAP and QSnatch BootHole We invite you to read our show notes at https://www.grc.com/sn/SN-778-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv...