SN 854: Anatomy of a Log4j Exploit – Buggy KCode, WordPress Security
Picture of the Week
"Hack the Pentagon" with Log4j
Open Source Software Security Summit
Microsoft's January Patch Tuesday Review: The GOOD News
Microsoft's January Patch Tuesday Review: The Not So Good News
Check Your Router Firmware Updates
Chrome to Implement PNA
Three High Severity Flaws in...
SN 853: URL Parsing Vulnerabilities – US CISA on Log4J, WordPress Security Update, What Is a Pluton
Picture of the Week.
The US CISA Log4J status update.
The H2 Database Console vulnerability.
The Federal Trade Commission gets into the act!
Chrome fixed 37 known problems last week.
The Privacy-first Brave browser.
WordPress 5.8.3 security update.
What, exactly, is a "Pluton"?
The first of Dennis...
SN 852: December 33rd – Log4j Update, RSA Postponed, Hack the DHS Expanded, Cyber Insurance Cost Rising
Picture of the Week.
Log4j's 5th update.
Microsoft's Log4j scanner triggers false positives.
Chinese government is annoyed with Alibaba.
"Hack the DHS" Bug Bounty Expanded.
COVID postpones the RSA Conference.
DuckDuckGo continues to grow.
The cost of cyber insurance will likely be rising or perhaps terminated.
"The...
SN 851: Best of 2021 – The Year's Best Stories on Security Now
Leo Laporte walks through some of the highlights of the show and most impactful stories of 2021. Stories include:
SolarWinds Hack Detailed By Microsoft
Crispy Subtitles from Lay's
Remembering Dan Kaminsky
REvil Hacks Apple Supplier Quanta Computer
The "Doom" CAPTCHA
How Colonial Pipeline Was...
SN 850: It's a Log4j Christmas – Another Chrome 0-Day, Cloud Clipboard Disabled, Wi-Fi/Bluetooth Leakage
Picture of the Week.
Google's 16th exploited Chrome 0-day of the year.
Firefox refuses to do Microsoft.com!
Firefox disabled Microsoft's Cloud Clipboard.
Weaknesses in all cellular networks since 2G.
Cross Wi-Fi / Bluetooth leakage.
"The Matrix Resurrections" aka "The Matrix 4".
SpinRite.
It's a Log4j Christmas.
We invite...
SN 849: Log4j & Log4Shell – Apple AirTag Abuse, Amazon Outage and Cloud Dependence, New WordPress Threats
Picture of the Week.
Amazon outage and cloud dependence.
AirTag Abuse.
Windows 11 vs Your Browser of Choice.
WordPress once again in the crosshairs.
Closing the Loop.
Sci-Fi.
SpinRite.
Log4j & Log4Shell.
We invite you to read our show notes at https://www.grc.com/sn/SN-849-Notes.pdf
Hosts: Steve Gibson and Leo Laporte...
SN 848: XSinator – NSS Has a Bug, Botnet on the Blockchain, HP's Vulnerable Printers, Microsoft Edge Relief
Picture of the Week.
Tavis finds a bad bug in NSS.
Cheap Smartwatches for kids and babies?
Additional VPN vendors just say no to Roskomnadzor!
Windows 11 loosens its grip on Edge.
RTF Templates being used to inject malicious content.
A Malicious Botnet uses the...
SN 847: Bogons Begone! – 0-Day Windows Exploit, Major MediaTek Flaw, Super Duper Secure Mode
Picture of the Week.
"Super Duper Secure Mode"
37% of the world's smartphones are vulnerable.
The RAT Dispenser.
The Entirely Predictable 0-Day Windows Exploit.
"The Frontiers Saga: Fringe Worlds"
Closing the Loop.
Bogons Begone!
We invite you to read our show notes at https://www.grc.com/sn/SN-847-Notes.pdf
Hosts:...
SN 846: HTTP Request Smuggling – NetGear Routers 0-Day, The Most Brute Forced Passwords, GoDaddy Breach
Picture of the Week.
An idea whose time has passed...
The stats of brute force password attacks.
The Most Common Passwords.
GoDaddy Breached Bigtime!
A heads-up about NetGear routers.
HTTP Request Smuggling.
We invite you to read our show notes at https://www.grc.com/sn/SN-846-Notes.pdf
Hosts: Steve Gibson and...
SN 845: Blacksmith – Patch Tuesday's 55 Flaws, The Zen of Code, Ryuk Ransomware Gang
Picture of the week.
~10,000 VPN/Firewall appliances from Palo Alto Networks vulnerable.
The 0-Patch Guys Produce a Micropatch
This brings me to "The Zen of Code"
November's Patch Tuesday
November broke something, but don't ask me what...
Windows 11 received KB5007215
December promises to be Christmas...
SN 844: Bluetooth Fingerprinting – Pwn2Own Austin, Unpatched GitLab Servers, Cisco's DEFAULT SSH Key
Picture of the Week.
Lots of welcome progress on the ransomware front.
Pwn2Own Austin: Last Tuesday-Thursday largest ever 3-day Fall 2021 Pwn2Own.
Windows 11 snipping tool, its emoji picker, and other parts are failing.
Trouble being created by unpatched GitLab servers.
More supply chain...
SN 843: Trojan Source – Chrome 0-days, Windows 11 confusion, VoIP DDos attacks, Dune
Chrome 0-days, Windows 11 confusion, VoIP DDoS attacks, Dune
More 0-days for Chrome.
Two naughty Firefox add-ons have been caught abusing an extension API.
Windows 11 News: Can we print yet?
A new Local Privilege Escalation affecting all versions of Windows.
Ask your...
SN 842: The More Things Change… – Gummy Browsers Attack, What Happened to REvil, Comms Hub, Win 11 Fixes
Picture of the Week.
A sneak peak at November 9th upcoming Win11 fixes.
Leo gets his wish!! REvil WAS recently re-taken down by Law Enforcement!
Microsoft: "We're Excited to Announce the Launch of Comms Hub!"
Microsoft: "Windows update expiration policy explained"
And while we're...
SN 841: Minh Duong's Epic Rickroll – REvil Gone for Good? Tianfu Cup 2021, Patch Tuesday Aftermath
Picture of the week.
Windows 11 Watch - Don't update to Windows 11 unless you need to.
Patch Tuesday - PrintNightmare fix to fix the previous print nightmare fix that broke other things.
Point and Print feature is the problem, not a...
SN 840: 0-Day Angst – Windows 11 Watch, Google's Universal 2SV, Twitch Hack, Patch Tuesday
Picture of the week.
Windows 11 Watch: "AllowUpgradesWithUnsupportedTPMOrCPU"
AMD processors running some apps up to 15% slower.
The Windows 10 taskbar on Windows 11.
Microsoft is disagreeing... with themselves.
We have an update on the Windows Explorer RAM leak I mentioned previously...
VirtualBox and Windows...
Linux Servers at Risk of RCE Due to Critical CWP Bugs
The two flaws in Control Web Panel – a popular web hosting management software used by 200K+ servers – allow code execution as root on Linux servers.
AT&T announces multi-gigabit fiber: $110 a month for 2Gbps, $180 for 5Gbps
Enlarge (credit: Getty Images | zf L)
AT&T has started offering 2Gbps and 5Gbps symmetrical Internet speeds over its fiber-to-the-home network, the telecom company announced today. The multi-gigabit speeds are...
Registration for the (ISC)² Entry-Level Cybersecurity Certification Exam Pilot Program Is Now Open
New certification validates students' and career changers' foundational skills and helps kickstart their cybersecurity careers.
DC, 3 States Sue Google Saying it Invades Users' Privacy
The District of Columbia and three states are suing Google for allegedly deceiving consumers and invading their privacy by making it nearly impossible for them to stop their location from being tracked.
read more
A flaw in Rust Programming language could allow to delete files and directories
The maintainers of the Rust programming language fixed a high-severity flaw that could allow attackers to delete files and directories from a vulnerable system.
The maintainers of the Rust programming language have released a security update for a high-severity...
