SN 786: ZeroLogon++ – Amazon Flying Security Cam, ZeroLogon on GitHub, Ransomware Roundup
Amazon flying security cam, ZeroLogon on GitHub, ransomware roundup.
What could possibly go wrong: Amazon/Ring's autonomous flying home security webcam
Evil ransomware gang deposited $1 million of bitcoin in a hacker recruitment drive
Over this past weekend, Universal Health Services was hit...
SN 785: Formal Verification – iOS 14 & Android 11 Security Features, DuckDuckGo Gets Big
iOS 14 & Android 11 security features, DuckDuckGo gets big.
The most important iOS 14 privacy & security features
All of Android 11's new privacy & security features
DuckDuckGo usage growth goes exponential
LAN attack bug fixed in Firefox 79 for Android
Goodbye Forever...
SN 784: BlindSide & BLURtooth – Chrome vs Abusive Ads, Patch Tuesday Palooza
Chrome vs abusive ads, patch Tuesday palooza.
BlindSide and BLURtooth
Chrome gets tough on abusive ads
The last hurrah for IE & Flash exploits
Chromium Edge on Win10: Forcing the issue
Edge enables "Ask me..." for each download
Patch Tuesday Palooza!
Excessive SSD Defragging also fixed
The...
SN 783: IoT Isolation Strategies – Isolate Your IoT Devices, Threema Goes Open-Source
Isolate your IoT devices, Threema goes open-source.
IoT Isolation Strategies
DoH coming to Chrome for Android
Bye Bye Drive-By Downloads
Threema goes Open-Source
WordPress File Manage 0-day flaw
Facebook's new VDP — Vulnerability Disclosure Policy
Facebook's new "WhatsApp Security Advisories" page
The Tor Project Membership Program
Intel's latest...
SN 782: I Know What You Did Last Summer – Russian Tries to Hack Tesla, Web Browser History Research
Russian tries to hack Tesla, web browser history research.
Chrome 85 security features
Russian Attempts to Cyber Attack Tesla
More EMV Standard monetary transaction method problems
Watch this video on Covid testing
I Know What You Did Last Summer: research on web browsing histories
We...
SN 781: SpiKey – Ransomware Hits Jack Daniel’s, Iranian Script-Kiddies, How Ransomware Happens
Ransomware hits Jack Daniel's, Iranian Script-Kiddies, how ransomware happens.
SpiKey: using the sound of a key to determine its shape
What do The University of Utah, Jack Daniel's Whiskey, and Carnival Cruise Lines all have in common? Ransomware
A Remote Code Execution...
SN 780: Microsoft’s 0-Day Folly – Microsoft Acts Badly, Canon Ransomware, Mozilla Tries to Pivot
Microsoft acts badly, Canon ransomware, Mozilla tries to pivot.
When Microsoft doesn't act responsibly: Parts 1 and 2
Snap Your Dragon / "Achilles: Small Chip, Big Peril"
3rd largest Patch Tuesday ever
Mozilla pivoting to VPN, future uncertain
The other ransomware shoe drops at...
SN 779: Geneva – Great Firewall Of China, Black Hat/DEFCON 2020, Have I Been Pwned
Great Firewall Of China, Black Hat/DEFCON 2020, Have I Been Pwned.
It's Patch Tuesday!
News from Black Hat / DEFCON 2020
Generalizing Speculative Execution Vulnerabilities
Canon hit by the Maze ransomware
A vBulletin Emergency
DoH for Win10
Troy Hunt Hasn't Been Pwned
Geneva: China's Great Firewall...
SN 778: BootHole – Twitter Hackers Arrested, Garmin Hackers Get Ransom
Twitter hackers arrested, Garmin hackers get ransom.Vitamin D fights death by CovidFirefox is now at v79Twitter hackers arrestedGarmin hackers rewardedTor and Dr. KrawetzDropping 0DaysBlocking Tor Connections the Smart WayEnabling Zoom Meeting HackingAnother SHA-1 DeprecationQNAP and QSnatchBootHoleWe invite you to...
SN 777: rwxrwxrwx – Garmin Outage, Twitter Hack Update, GnuTLS
F5 Networks "Big-IP" devices in Big-TroubleTwitter bitcoin hack updateGnuTLS vs OpenSSLThe Garmin outage then and nowCisco's latest troubleSurprising SpinRite resultsWe invite you to read our show notes at https://www.grc.com/sn/SN-777-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to...
SN 776: A Tale of Two Counterfeits – Twitter Hack, Cloudflare Outage, Zoom’s Vanity URL Flaw
Here's how Twitter was hacked. How can we prevent the next Twitter hack?Cloudflare outage takes out huge swath of American internet, including Down Detector. All internet got sent to Atlanta.Zoom's vanity URL flaw: when is a "zero day" not...
SN 775: Tsunami
EARN IT is still evil, Google tsunami.Mozilla suspends "Send" due to persistent malware abuseZoom fixed a new RCE affecting Windows 7 and earlier systemsThe EARN IT bill, take II is still just as bad as the originalGoogle bans ads...
SN 774: 123456
Boston bans face recognition, bad passwords.Boston bans facial recognition123456 is still the most popular passwordiOS 14 catches Linked-In, Tik Tok, and others red handed!US-CERT notes two Emergency Windows UpdatesHackerOne shares their top 10 public bug bounty programsSony launches PlayStation...
SN 773: Ripple20 Too
Congress wants to kill encryption & face recognition.New information about Ripple20The Facial Recognition and Biometric Technology Moratorium Act wants to kill face recognitionThe Lawful Access to Encrypted Data Act wants to kill encryptionMichigan State's legislative House passed the "Microchip...
SN 772: Ripple20
Ripple20: a set of 19 TCP/IP vulnerabilities that could let remote attackers gain control over your deviceRussian government lifts its failed ban on TelegramZoom: everybody gets optional end to end encryptionGoogle removed 106 malicious Chrome extensions collecting sensitive user...
#DTXNOW: Managing Uncertainty to Build Lasting Resilience in Security Teams
#DTXNOW: Managing Uncertainty to Build Lasting Resilience in Security Teams
IT and security teams must learn how to navigate to uncertain environments in order to build lasting resilience, according to Jordan Schroeder, deputy MD & managing CISO at Hefestis, speaking...
InterPlanetary Storm: Cross-platform P2P botnet infects computers and IoT devices
IoT botnets have come a long way since Mirai showed its devastating potential in 2016 with distributed denial-of-server attacks that exceeded in strength anything seen before then. Myriad malware programs now infect poorly secured or vulnerable routers, IP cameras,...
Huawei’s UK code reviewers say the company is still crap at basic software security
Last year telcos scrambled to plug 'critical user-facing vuln' in Chinese network kit UK.gov security researchers examining Huawei source code have so far verified just eight firmware binaries out of more than 60 used across Britain's mobile phone networks,...
With API attacks rising, Cloudflare launches a free API security tool
Claudflare launches API Shield, a new service to protect web APIs against attacks.
Integrating Security Awareness Training Into Employee Onboarding
Training your team on security awareness is an essential part of a successful security program. And, new employee onboarding is an optimal time to introduce your staff to your security best practices.
This is in large part due to the...
