SN 876: Microsoft's Patchy Patches – 3rd Party Authenticators, MS-DFSNM, Safari Regression, Firefox Cookies
Picture of the Week.
Double Decryption (Last week's key-strength puzzler).
3rd Party Authenticators.
Firefox: Total Cookie Protection.
We keep breaking DDoS attack records.
MS-DFSNM.
An Apple Safari regression.
One Million WordPress sites force-updated.
High-Severity RCE in Fastjson Library....
SN 875: The PACMAN Attack – WebAuthn, Passkeys at WWDC, Free Kali Linux Pen Test Course, Proof of Simulation
Picture of the Week.
Apple's Passkeys presentation at WWDC 2022.
WebAuthn.
FREE Penetration Testing course with Kali Linux.
Proof of Simulation.
A valid use for facial recognition: The Smart Pet Door!
Closing The Loop.
The PACMAN Attack.
We...
SN 874: Passkeys, Take 2 – ServiceNSW Responds, Follina, Windows Search URL, UNISOC Chip Vulnerability
Picture of the Week.
ServiceNSW Responds.
ExpressVPN pulls the plug in India.
And speaking of pulling the plug.
"Follina" under active exploitation.
And a Windows Search URL schema can be abused, too.
"Critical UNISOC Chip Vulnerability Affects Millions...
SN 873: DuckDuckGone? – Digital Driver's License, MS Office 0-day, GhostTouch, Vodafone TrustPiD
Picture of the Week.
New South Wales DDL — Digital Driver's License.
The latest Microsoft Office 0-day remote code execution vulnerability.
GhostTouch.
Vodafone's new TrustPiD.
Closing the Loop.
DuckDuckGone?
We invite you to read our show notes at https://www.grc.com/sn/SN-873-Notes.pdf...
SN 872: Dis-CONTI-nued: The End of Conti? – Clearview AI in Ukraine, Vancouver Pwn2Own, Voyager 1
Picture of the Week.
Emergency mid-cycle update for Active Directory.
Clearview AI -vs- {Illinois, Australia, Canada and the United Kingdom}.
Clearview AI in Ukraine.
Pwn2Own Vancouver 2022.
The DoJ takes a welcome step back.
Sometimes, unlocking can be...
SN 871: The New EU Surveillance State – Eventful Patch Tuesday, Open Source Maintenance Crew, BIG-IP Boxes
Picture of the Week.
An "eventful" Patch Tuesday.
Patch Tuesday.
Apple patched a 0-day.
Google's "Open Source Maintenance Crew".
Conti suggests overthrowing the new Costa Rican government.
Policing the Google Play Store.
The situation has grown more dire...
SN 870: That "Passkeys" Thing – White House and Quantum Computers, Android 0-day, Ransomware snapshot
Picture of the Week.
Google updates Android to patch an actively exploited vulnerability.
Connecticut's recently passed data privacy bill became law last Wednesday.
Ransomware victim snapshot.
US State Department offering $10 million reward for information about Conti members. ...
SN 869: Global Privacy Control – DoD DIB-VDP, OpenSSF's Package Analysis Project, Connecticut Privacy
Picture of the Week.
DoD DIB-VDP Pilot Overview.
The OpenSSF and the Package Analysis project.
Connecticut moves toward state privacy protections.
Closing The Loop.
Global Privacy Control.
We invite you to read our show notes at https://www.grc.com/sn/SN-869-Notes.pdf
Hosts: Steve...
SN 868: The 0-Day Explosion – Lenovo EUFI Firmware, Everscale Blockchain Wallet, Major Java Update
Picture of the Week.
CISA's Known Exploited Vulnerabilities Catalog.
Lenovo UEFI Firmware Troubles.
Everscale Blockchain Wallet.
Java 15, 16, 17, and 18 received MUST UPDATES last week.
Closing The Loop.
Sci-Fi.
SpinRite.
The 0-Day Explosion.
We invite you...
SN 867: A Critical Windows RPC RCE – Another Chrome 0-day, MS Patch-Fest, US Nuclear Systems Unhackable?
Picture of the Week.
Chrome's 3rd 0-day of 2022.
Patch Tuesday Redux.
WordPress once again...
Apache Struts Framework needs a critical update.
Are America's nuclear systems so old they're un-hackable?
Closing The Loop.
SpinRite.
A Critical Windows RPC...
SN 866: Spring4Shell – Patch Tuesday, Microsoft's Autopatch System, NGINX 0-Day
Picture of the Week.
Could NGINX have a 0-day?
Microsoft's new Autopatch system.
Another instance of Russian Protest in JavaScript's repository.
End-of-service life for some popular Windows editions.
Miscellany.
Closing The Loop.
Spring4Shell.
We invite you to read...
SN 865: Port Knocking – Wyze Gets Spanked, FinFisher Bites the Dust, Spring4Shell, LAPSUS$ Update
Picture of the Week.
0-Day Watch.
Spring Forward (Java: Spring4Shell)
QNAP and the OpenSSL DoS vulnerability.
Sophos has a 9.8.
CISA orders federal civilian agencies to patch the Sophos vulnerability.
Browser-in-the-browser.
The supply-chain attacks on NPM have been...
SN 864: Targeted Exploitation – Ukrainian ISP Challenges, Kaspersky Labs Banned in the US, Chrome 0-Day
Picture of the Week.
A high severity 0-day vulnerability update for Chrome.
An interview with the CTO of a large Ukraine ISP, Ukrtelecom.
NPM under attack, again.
Honda says, nothing to worry about...
The U.S., the FCC, Kaspersky...
SN 863: Use After Free – OpenSSL Bug, Cybercrime Reporting Law, Node.js Supply Chain Compromise
Picture of the Week.
Report Cybercrime: It's the Law.
A software supply chain compromise.
Browser in the Browser.
TrickBot, MicroTik & Microsoft.
The Infinite Loop OpenSSL Bug.
CISA Alert AA22-074A.
The Windows Local Privilege Escalation that Microsoft seems...
SN 862: QWACs on? or QWACs off? – Patch Tuesday Recap, NVIDIA Hacked, EUFI Firmware Flaw, ProtonMail
Picture of the Week.
Patch Tuesday for the Industry.
Android, too.
Firefox emergency update.
HP's major UEFI firmware patch-fest.
The NVIDIA breach.
ProtonMail gets it right.
Linux Blues.
Russia's New CA.
The state of WordPress security.
Sci-Fi update....
Oracle spent 6 months to fix ‘Mega’ flaws in the Fusion Middleware
Researchers disclose technical details of a critical flaw in Fusion Middleware, tracked as CVE-2022–21445, that Oracle took six months to patch.
Security researchers have published technical details of a critical Fusion Middleware vulnerability, tracked as CVE-2022–21445, that was reported to...
Multiple malicious packages in PyPI repository found stealing AWS secrets
Researchers discovered multiple malicious Python packages in the official PyPI repository stealing AWS credentials and other info.
Sonatype researchers discovered multiple Python packages in the official PyPI repository that have been developed to steal secrets (i.e. AWS credentials and environment...
The Post-Roe Privacy Nightmare Has Arrived
Plus: Microsoft details Russia’s Ukraine hacking campaign, Meta’s election integrity efforts dwindle, and more.
How to Move Your WhatsApp Chats Across Devices and Apps
It's never been easier to switch between iPhone and Android—and to get your messages out of the Meta ecosystem entirely.
We’re now truly in the era of ransomware as pure extortion without the encryption
Why screw around with cryptography and keys when just stealing the info is good enough Feature US and European cops, prosecutors, and NGOs recently convened a two-day workshop in the Hague to discuss how to respond to the growing...
