SN 801: Out With The Old – SolarWinds Smoking Gun, Signal Influx of WhatsApp Users, Male Chastity Cage
SolarWinds smoking gun, Signal influx of WhatsApp users, male chastity cage.
Firefox and Chromium updates address remote system take over bugs.
Tenable researchers reported a critical Chromium bug.
What Firefox's backspace key does and should do.
How Ryuk malware operations netted $150...
SN 800: SolarBlizzard – SolarWinds' Orion Software, Swatting Goes IoT, PHP Zend Framework Vulnerability
SolarWinds' Orion software, swatting goes IoT, PHP Zend Framework vulnerability.
Chrome struggles with A/V pre-scan file locking.
Zyxel security products protected by a single redundant password.
How Swatters are using IoT devices to increase the terror.
A new serious problem in the...
SN 800: SolarBlizzard – SolarWinds' Orion Software, Swatting Goes IoT, PHP Zend Framework Vulnerability
SolarWinds' Orion software, swatting goes IoT, PHP Zend Framework vulnerability.
Chrome struggles with A/V pre-scan file locking.
Zyxel security products protected by a single redundant password.
How Swatters are using IoT devices to increase the terror.
A new serious problem in the...
SN 799: Sunburst & Supernova – Ransomware Task Force, Chrome 87, Firefox Caches, Preserving Flash Video
Ransomware Task Force, Chrome 87, Firefox caches, preserving Flash video.
Chrome 87 backs away from Insecure Form Warnings.
Firefox to begin partitioning its caches.
Browsers say no to Kazakhstan again.
Announcing the RTF - The Ransomware Task Force.
5 million WordPress sites in...
SN 798: Best of 2020 – The Year's Best Stories on Security Now
Leo Laporte walks through some of the highlights of the show and most impactful stories of 2020. Stories include:
Clearview AI face scanning.
The "EARN IT" act.
Zoom security issues.
Why contact tracing apps won't work.
How to prevent the next Twitter hack
Ring's...
SN 797: SolarWinds – Chrome Throttling Ads, Google Outage, 2020 Pwnie Awards, JavaScript's 25th Birthday
Chrome throttling ads, Google outage, 2020 Pwnie Awards, JavaScript's 25th birthday.
Chrome's heavy ad intervention.
Adrozek.
Ransomware: "Double Extortion."
A 0-click wormable vulnerability in D-Link VPN servers.
Google suffered an outage.
Amnesia:33.
Zero-day in WordPress SMTP plugin.
The 2020 Pwnie Awards.
The end of Flash.
JavaScript is celebrating...
SN 796: Amazon Sidewalk – Google Play Core Library, iOS Zero-Click Radio Proximity Exploit, Apple M1 Chip
Google Play Core Library, iOS zero-click radio proximity exploit, Apple M1 chip.
Ransomware news regarding Foxconn, Egregor, and K12 Inc.
The Apple iPhone zero-click radio proximity vulnerability.
Oblivious DoH (ODoH).
Google Play Core Library problems.
The mysterious power of Apple's M1 Arm processor...
SN 795: DNS Consolidation – Generic Smart Doorbells, Tesla Model X Key Fobs, Critical Drupal Flaw, Spotify
Generic smart doorbells, Tesla Model X key fobs, critical Drupal flaw, Spotify.
Chrome Omnibox becomes more Omni.
Chrome's open tabs search.
Ransomware news involving Delaware County, Canon, US Fertility, Ritzau, Baltimore County Public Schools, and Banijay group SAS.
Drupal's security advisory titled...
SN 794: Cicada – Ongoing WordPress Attack, RCS Gets End-to-End Encryption
Ongoing WordPress attack, RCS gets End-to-end encryption.
Chrome moves to release 87.
Explicit Publication of Privacy Practices.
Firefox 83 gets HTTPS-only Mode.
Mozilla seeks consultation on implementing DNS-over-HTTPS.
The comical announcement strategy of the Egregor Ransomware.
Large-scale attacks targeting Epsilon Framework Themes in WordPress.
Cybercrime...
SN 793: SAD DNS – Malicious Android Apps, Ransomware-as-a-Service
Malicious Android apps, ransomware-as-a-service.
Where do most malicious Android apps come from?
SAD DNS is a revival of the classic DNS cache poisoning attack
How many Ransomware-as-a-Service (RaaS) operations are there?
Ragnar Locker ransomware gang takes out a Facebook ad
Two more new...
SN 792: NAT Firewall Bypass – SlipStream NAT Firewall Bypass, MS Police Use Ring Doorbell Cams
SlipStream NAT firewall bypass, MS Police use Ring doorbell cams.
Let's Encrypt's cross-signed root expires next year
Chrome updates on Windows, macOS, Linux, and Android to remove 0-day vulnerability
Mattel, Compel, Capcom, and Campari fall to ransomware attacks
iOS 14.2 fixes three...
SN 791: Google's Root Program – Google One VPN, WordPress Update Fail, Windows 7 0-Day
Google One VPN, WordPress update fail, Windows 7 0-Day.
A new 0-day in Win7 through Win10
A public service reminder from Microsoft
Google One adding an Android VPN
Vulnonym: Stop the Naming Madness!
WordPress fumbles an important update
Chrome's Root Program
We invite you to...
SN 790: Top 25 Vulnerabilities – Chrome 0-Day, Edge for Linux, WordPress Loginizer
Chrome 0-Day, Edge for Linux, WordPress Loginizer.
Top 25 Vulnerabilities
Critical 0-day in Chrome
Chrome 86 is now blocking slippery notifications
Site Isolation coming soon to Firefox
Microsoft's Chredge for Linux
WordPress Loginizer vulnerability
We invite you to read our show notes at https://www.grc.com/sn/SN-790-Notes.pdf
Hosts:...
SN 789: Anatomy of a Ryuk Attack – Zoom End-to-End Encryption, Windows 10 God Mode, Manifest v3
Zoom end-to-end encryption, Windows 10 god mode, Manifest v3.
Last Wednesday, Zoom announced that THIS week their 30-evaluation of end-to-end encrypted video conferencing would begin
How to enable Windows 10 "God Mode"
Edge to be updated with browser extensions "Manifest v3"
Last...
SN 788: Well Known URI's – Carnival Cruise Hack, ZeroLogon, Five Eyes vs Encryption
Carnival Cruise hack, ZeroLogon, Five Eyes vs Encryption.
Chrome gets 86'd!
Carnival Cruise Line Hack
The largest company you've never heard of gets hit by ransomware hackers
No connection logs? In France, you go to jail!
Hacking the Apple
ZeroLogon, the FBI, DHS and...
Joker's Stash, The Largest Carding Marketplace, Announces Shutdown
Joker's Stash, the largest dark web marketplace notorious for selling compromised payment card data, has announced plans to shut down its operations on February 15, 2021.
In a message board post on a Russian-language underground cybercrime forum, the operator of...
Iconic BugTraq security mailing list shuts down after 27 years
BugTraq launched in November 1993 and it was one of the first mailing lists dedicated to disclosing vulnerabilities.
Weekly Update 226
Presently sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe onlineA little bit of a change of pace this week with the video being solely on the events unfolding around removing content, people...
FIN11 e-crime group shifted to CL0P ransomware and big game hunting
The financially motivated FIN11, which increasingly incorporated CL0P ransomware into their operations in 2020, appeared to rely on low-effort volume techniques like spamming malware for initial entry, but put a substantial amount of effort into each follow-up compromise.
“Several...
Joker's Stash, the internet's largest carding forum, is shutting down
Joker's Stash to shut down on February 15, 2021.
