Thursday, July 19, 2018

SN 671: STARTTLS Everywhere

This week we discuss another worrisome trend in malware, another fitness tracking mapping incident and mistake, something to warn our friends and family to ignore, the value of periodically auditing previously-granted web app permissions, when malware gets picky about...

SN 670: Wi-Fi Protected Access v3

This week we discuss the interesting case of a VirusTotal upload... or was it?, newly discovered problems with our 4G LTE... and even what follows, another new EFF encryption initiative, troubles with Spectre and Meltdown in some browsers, the...

SN 669: Cellular Location Privacy

This week we examine some new side-channel worries and vulnerabilities, did Mandiant "hack back" on China?, more trouble with browsers, the big Google Firebase mess, sharing a bit of my dead system resurrection, and a look at the recent...

SN 668: Lazy FPU State Restore

This week we examine a rather "mega" patch Tuesday, a nifty hack of Win10's Cortana, Microsoft's official "when do we patch" guidelines, the continuing tweaking of web browser behavior for our sanity, a widespread Windows 10 rootkit, the resurgence...

SN 667: Zippity Do… or Don’t

This week we update again on VPNFilter, look at another new emerging threat, check in on Drupalgeddon2, examine a very troubling remote Android vulnerability under active wormable exploitation, take stock of Cisco's multiple firmware backdoors, look at a new...

SN 666: Certificate Transparency

This week we discuss yesterday's further good privacy news from Apple, the continuation of VPNFilter, an extremely clever web browser cross-site information leakage side-channel attack, Microsoft Research's fork of OpenVPN for security in a post-quantum world, Microsoft drops the...

SN 665: VPNFilter

This week we discuss Oracle's planned end of serialization, Ghostery's GDPR faux paus, the emergence of a clever new banking Trojan, Amazon Echo and the case of the Fuzzy Match, more welcome movement from Mozilla, yet another steganographic hideout,...

SN 664: SpectreNG Revealed

This week we examine the recent flaws discovered in the secure Signal messaging app for desktops, the rise in DNS router hijacking, another seriously flawed consumer router family, Microsoft Spectre patches for Win10's April 2018 feature update, the threat...

SN 663: Ultra-Clever Attacks

This week we will examine two incredibly clever, new (and bad) attacks named eFail and Throwhammer. But first we catchup on the rest of the past week's security and privacy news, including the evolution of UPnProxy, a worrisome flaw...

SN 662: Spectre – NextGen

This week we begin by updating the status of several ongoing security stories: Russia vs Telegram, DrupalGeddon2, and the return of RowHammer. We will conclude with MAJOR new bad news related to Spectre. We also have a new cryptomalware,...

SN 661: Securing Connected Things

Windows 10 got a new spring in its step, Microsoft further patches Intel microcode, even the UK's NHS plans to update, another hack of modern connected autos, Oracle's botched WebLogic patch, an interesting BSOD-on-demand Windows hack, a PDF credentials...

SN 660: Azure Sphere

This week we discuss Drupalgeddon2 continuing to unfold right on plan, the Orangeworm takes aim at medical equipment and companies, the FDA moves forward on requiring device updates, Microsoft leads a new Cybersecurity Tech Accord, another instance of loud...

SN 659: Never a Dull Moment

This week we discuss AMD's release of their long-awaited Spectre variant 2 microcode patches, the end of Telegram messenger in Russia, the on-time arrival of Drupalgeddon2, Firefox and TLS v1.3, the new and widespread UPnProxy attacks, Microsoft's reversal on...

SN 658: Deprecating TLS 1.0 & 1.1

This week we discuss Intel's big Spectre microcode announcement, Telegram is not long for Russia, the US law enforcement's continuing push for "lawful decryption", more state-level net neutrality news, Win10's replacement for "Disk Cleanup", a bug bounty policy update,...

SN 657: ProtonMail

This week we discuss "DrupalGeddon2", Cloudflare's new DNS offering, a reminder about GRC's DNS Benchmark, Microsoft's Meltdown meltdown, the persistent iOS QR Code flaw and its long-awaited v11.3 update, another VPN user IP leak, more bug bounty news, an...

Why the Best Defense Is a Good Offensive Security Strategy

When many people think about offensive security, they picture a mysterious figure wearing a hoodie, sitting behind a black-and-green terminal, diligently typing away as he probes enterprise networks. But the cybersecurity world has evolved well beyond this Hollywood hacker...

Google hit with $5.1b fine in EU’s Android antitrust case

This could mean the end of free Android. In the meantime, Google plans to appeal.

Privacy Advocates Say Kelsey Smith Act Gives Police Too Much Power

This bill making its way through Congress would allow law enforcement to more easily uncover location data for cell phones from mobile carriers in an emergency.

IDG Contributor Network: Hack like a CISO

I have written several times over the last couple of years about how the role of today’s CISOs have changed and are now more tuned to support business activities and the management of enterprise risk. Serving an organization as...

Cisco patches critical vulnerabilities in Policy Suite

One of the worst security flaws permits attackers to act as root and execute arbitrary code.