SN 940: When Hashes Collide – Secure-wipe best practices, browser identity segregation, bye bye Twitter (X)
Last week's news about evidence of LastPass vault decryption targeting cryptocurrency keys, and the UK's backing down on its encryption monitoring legislation.
How hardware security modules (HSMs) allow cryptographic operations like code signing without exposing private keys.
Browser...
SN 939: LastMess – Online Safety Bill, Microsoft Outlook breach details, auto brand data privacy
UK government appears to back down on demands to break encryption in Online Safety Bill
Microsoft reveals how China-based hackers acquired secret key used to breach Outlook accounts
Multiple flaws allowed key to improperly leave highly secure environment...
SN 938: Apple Says No – Topics coming to Android, Apple security research, browser extension vulnerabilities
Steve provides an update on ValiDrive, his new freeware utility for testing USB drives. It identifies bogus mass storage drives and performance differences between drives.
There has been another sighting of Google's Topics API, this time on Android...
SN 937: The Man in the Middle – WinRAR v6.23, fake flash drives, Voyager2 antenna, Google Topics
Picture of the Week: Steve shares a funny "what we say vs what we mean" image about tech support conversations.
WinRAR v6.23 fixes: Steve explains that updating to the latest WinRAR is more important than initially thought, with...
SN 936: When Heuristics Backfire – OpenSUSE, SanDisk and Western Digital, 8Base, TSSHOCK
OpenSUSE goes private.
Android to get satellite comms.
SanDisk and Western Digital in hot water.
You're asking for it: YouTube children's privacy.
Whoopsie! 8Base.
Where the money is.
The TSSHOCK vulnerability.
BitForge.
A Quantum resilient security key.
Removed...
SN 935: “Topics” Arrives – Firefox multi-account containers, DuckDuckGo email alias, satellite crowding
Picture of the Week.
Security Now!'s 18th birthday!
Closing the Loop.
Firefox Multi-Account Containers.
A question about Full Disk Encryption on SSD's.
Should I run SpinRite before I back up my drives to a NAS?
Overly complex password...
SN 934: Revisiting Global Privacy Control – Voyager 2, MS Security, keyboard acoustic side-channel attacks
Picture of the Week.
NASA "shouted" at Voyager.
Another view of Microsoft.
What about this Chinese attack?
AI meets Keyboard Acoustic Side-Channel attacks.
Closing the Loop.
Revisiting Global Privacy Control.
Show Notes: https://www.grc.com/sn/SN-934-Notes.pdf
Hosts: Steve Gibson and Leo...
SN 933: TETRA:BURST – Satellite Turla, Android tracker tech, VirusTotal 2023 report, open source in Russia
Picture of the Week.
Satellite Turla: APT Command and Control in the Sky.
OS 17 to further crack down on device fingerprinting.
Android to start warning of "unknown trackers".
The 7th branch of the US military.
Russia criminalizes...
SN 932: Satellite Insecurity, Part 2 – Apple vs EU, Cyber Resilience Act, Web Environment Integrity
Picture of the Week.
R.I.P. Kevin Mitnick.
Apple says: "Thanks, but we'd rather leave."
Web Environment Integrity.
Web Analytics under the spotlight.
More progress on the IoT security front.
The "Expeditionary cyber force".
Ransomware payouts being made much...
SN 931: Satellite Insecurity, Part 1 – Kaspersky on MS flaw, WormGPT, Bitcoin addresses, Twitter DM change
Picture of the Week.
Kaspersky on Microsoft's Patch Tuesday.
As the worm turns: WormGPT.
Microsoft revokes 100+ malicious drivers.
MOVEit Update.
Does Dun & Bradstreet know you?
No Threads for you! (or EU!)
All Bitcoin addresses look alike....
SN 930: Rowhammer Indelible Fingerprinting – MOVEit SQLi flaw, China’s OpenKylin v1, Firefox 115, Syncthing
Picture of the Week.
Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software.
And as for MOVEit...
What's a "Rug Pull" ??
"Avast, ye Matey"
China's OpenKylin v1.
TootRoot!
Firefox 115.
Did Russia Disconnect?
Use some honey...
SN 929: Operation Triangulation – DuckDuckBrowse, KasperskyOS Phone, Cyber Force, MOVEit
Picture of the Week.
Catching Leo up to speed from last week.
DuckDuckBrowse.
And an updated Tor Browser.
Opera, now enhanced with "AI".
The KasperskyOS Phone.
The cost of doing business in Russia.
Slowly turn the wheels of...
SN 928: The Massive MOVEit Maelstrom – Patch Tuesday, SpinRite 7.1, MOVEit
Picture of the Week.
Patch Tuesday.
Does EVERYTHING leak??
Closing the Loop.
SpinRite gets version 7.1!
The Massive MOVEit Maelstrom.
Show Notes: https://www.grc.com/sn/SN-928-Notes.pdf
Hosts: Steve Gibson and Jason Howell
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get...
SN 927: Scanning the Internet – IoT DDoS rising, who pays for Cryptomining, WWDC security announcements
Picture of the Week.
Cryptomining Rude Surprise Billing.
Musk's Twitter is refusing to pay for Cloud Services.
IoT DDoS rapidly rising.
H1CA found executing code on client machines.
Apple's WWDC Redux.
France takes a different approach...
Russia: Scanners...
SN 926: Windows Platform Binary Table – OWASP, Tor anti-DoS protection, Mandatory SMB Signing on Win 11
Picture of the Week.
Another week of silence from HP.
Mandatory "SMB Signing" coming to Windows 11.
OWASP.
Did Apple help the NSA attack the Kremlin?
Kaspersky's analysis of this iPhone attack and compromise.
The Trifecta Jackpot!
Who...
Almost US 900 Schools Breached Via MOVEit
National Student Clearinghouse reveals more details of incident
Don’t Get Burned by CAPTCHAs: A Recipe for Accurate Bot Protection
Traditional CAPTCHAs, such as reCAPTCHA, no longer protect online businesses adequately. Real users hate them. Bots bypass them. It's time to upgrade.
New Report Uncovers Three Distinct Clusters of China-Nexus Attacks on Southeast Asian Government
An unnamed Southeast Asian government has been targeted by multiple China-nexus threat actors as part of espionage campaigns targeting the region over extended periods of time.
"While this activity occurred around the same time and in some instances even simultaneously...
T-mobile exposes some customer data – but don’t call it a breach
PLUS: Trojan hidden in PoC; cyber insurance surge; pig butchering's new cuts; and the week's critical vulns Infosec in brief T-Mobile has had another bad week on the infosec front – this time stemming from a system glitch that...
Cisco Disrupts Observability & Cybersecurity Markets with Splunk Acquisition
Cisco's acquisition of Splunk benefits Cisco's ongoing b shift towards more software and subscription-based services, but will cause churn in the market,
