Security Now (Audio)Author: TWiT
03 Dec 2020

Security Now (Audio)

Download, listen or watch all podcasts

Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 21:30 UTC.

  • Listen

    SN 795: DNS Consolidation - Generic Smart Doorbells, Tesla Model X Key Fobs, Critical Drupal Flaw, Spotify

    Generic smart doorbells, Tesla Model X key fobs, critical Drupal flaw, Spotify.

    • Chrome Omnibox becomes more Omni.
    • Chrome's open tabs search.
    • Ransomware news involving Delaware County, Canon, US Fertility, Ritzau, Baltimore County Public Schools, and Banijay group SAS.
    • Drupal's security advisory titled "Drupal core - Critical - Arbitrary PHP code execution."
    • The revenge of cheap smart doorbells.
    • Tesla Key Fob Hack #3.
    • CA's adapt to single-year certs.
    • Nearly 50,000 Fortinet VPN credentials posted online.
    • More than 300,000 Spotify accounts hacked.
    • MobileIron MDM CVSS 9.8 RCE.
    • The Salvation Trilogy.
    • Spinrite update.
    • DNS Consolidation.

    We invite you to read our show notes at https://www.grc.com/sn/SN-795-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    You can submit a question to Security Now! at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:


  • Posted on 02 Dec 2020

    download
  • Listen

    SN 794: Cicada - Ongoing WordPress Attack, RCS Gets End-to-End Encryption

    Ongoing WordPress attack, RCS gets End-to-end encryption.

    • Chrome moves to release 87.
    • Explicit Publication of Privacy Practices.
    • Firefox 83 gets HTTPS-only Mode.
    • Mozilla seeks consultation on implementing DNS-over-HTTPS.
    • The comical announcement strategy of the Egregor Ransomware.
    • Large-scale attacks targeting Epsilon Framework Themes in WordPress.
    • Cybercrime gang installs hidden e-commerce stores on WordPress sites.
    • 245,000 Windows systems still vulnerable to BlueKeep RDP bug.
    • Google's Rich Communication Services is getting E2EE via Signal.
    • Cicada, a Chinese state-sponsored advanced persistent threat group.

    We invite you to read our show notes at https://www.grc.com/sn/SN-794-Notes.pdf

    Hosts: Steve Gibson and Jason Howell

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    You can submit a question to Security Now! at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:


  • Posted on 25 Nov 2020

    download
  • Listen

    SN 793: SAD DNS - Malicious Android Apps, Ransomware-as-a-Service

    Malicious Android apps, ransomware-as-a-service.

    • Where do most malicious Android apps come from?
    • SAD DNS is a revival of the classic DNS cache poisoning attack
    • How many Ransomware-as-a-Service (RaaS) operations are there?
    • Ragnar Locker ransomware gang takes out a Facebook ad
    • Two more new 0-days revealed in Chrome
    • Last Tuesday, Microsoft fixed 112 known vulnerabilities in Microsoft products

    We invite you to read our show notes at https://www.grc.com/sn/SN-793-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    You can submit a question to Security Now! at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:


  • Posted on 18 Nov 2020

    download
  • Listen

    SN 792: NAT Firewall Bypass - SlipStream NAT Firewall Bypass, MS Police Use Ring Doorbell Cams

    SlipStream NAT firewall bypass, MS Police use Ring doorbell cams.

    • Let's Encrypt's cross-signed root expires next year
    • Chrome updates on Windows, macOS, Linux, and Android to remove 0-day vulnerability
    • Mattel, Compel, Capcom, and Campari fall to ransomware attacks
    • iOS 14.2 fixes three 0-day vulnerabilities
    • Introducing the Tianfu Cup: China's version of the Pwn2Own hacker competition
    • November's Patch Tuesday
    • The Great Encryption Dilemma hits Europe
    • Ring Doorbells to be tapped in a trial by local Police
    • WordPress plugins are a hot mess for security
    • SlipStream NAT Firewall Bypass

    We invite you to read our show notes at https://www.grc.com/sn/SN-792-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    You can submit a question to Security Now! at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:


  • Posted on 11 Nov 2020

    download
  • Listen

    SN 791: Google's Root Program - Google One VPN, WordPress Update Fail, Windows 7 0-Day

    Google One VPN, WordPress update fail, Windows 7 0-Day.

    • A new 0-day in Win7 through Win10
    • A public service reminder from Microsoft
    • Google One adding an Android VPN
    • Vulnonym: Stop the Naming Madness!
    • WordPress fumbles an important update
    • Chrome's Root Program

    We invite you to read our show notes at https://www.grc.com/sn/SN-791-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    You can submit a question to Security Now! at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:


  • Posted on 04 Nov 2020

    download

Follow Playlisto