Monday, September 23, 2019
Security Now

SN 732: SIM Jacking

This Week's StoriesSIMjacker allows attackers to hijack any phone just by sending it an SMS message.Here comes iOS "Lucky" 13!Chrome follows Mozilla to DoH with a twist.Want to enable DoH in Chrome right now? You can, right now, if...
Security Now

SN 731: DeepFakes

This week's stories:Get rich quick spotting deepfakes!A forced two-day recess of all schools in Flagstaff, ArizonaThe case of a ransomware operator being too greedyApple's controversial response to Google's discovery of Chinese iOS hacksZerodium's new payout schedule and what it...
Security Now

SN 730: The Ransomware Epidemic

This Week's Stories:Google expands its bug bounty programNew bug bounty millionairesGoogle's Project Zero group dropped a bomb on iOSRansomware attacks on local governments and businesses are on the riseWe invite you to read our show notes at https://www.grc.com/sn/SN-730-Notes.pdf ...
Security Now

SN 729: Next Gen Ad Privacy

• Texas Ransomware Update• Remember that Kazakhstan cert?• The mixed-blessing of "wide open" source projects• RubyGems is in trouble again• Chrome to add data breach notification• iOS v12.4 updated quickly to 12.4.1• Next-gen ad privacyWe invite you to read...
Security Now

SN 728: The KNOB is Broken

• Last Tuesday was another busy and important patch Tuesday• And speaking of Patch Tuesday... 3rd-Party A/V Strikes Again!• Kaspersky facilitates independent web tracking• So, what the heck is "CTF" ??• 23 Government agencies in Texas were hit with...
Security Now

SN 727: BlackHat & DefCon

This Week's Stories• BlackHat and Def Con 2019• Microsoft dangles $300,000 for Azure hacks at BlackHat...• Hotel chaos from Germany's Chaos Computer Club• 40 dangerous drivers• Google's battle to allow its Incognito users' Incognitoness to be Incognito• Microsoft ranks...
Security Now

SN 726: Steve’s File Sync Journey

This week's stories• A widespread false alarm about Facebook's planned subversion of end-to-end encryption• Still more municipality Ransomware attacks• Anti-encryption saber rattling among the Five Eyes nations• Microsoft's discovery of Russian-backed IoT compromise• Chrome 76's changes• Black Hat and...
Security Now

SN 725: Urgent/11

This Week's Stories- Marcus Hutchins ... is Free!- U.S. Attorney General Bill Barr on "warrant proof data encryption"- What malware is the most popular underground?- This Week in Ransomware- Your NAS is Grass!- 11 vulnerabilities in VxWorks' TCP/IP stack...
Security Now

SN 724: Hide Your RDP Now!

This Week's Stories• Welcome to Kazakhstan! Please check your privacy at the border.• Mozilla marking all non-HTTPS pages as "not secure"• Chrome Incognito Mode getting a bit more incognito• A forthcoming "super Incognito mode" for Firefox• Rust-TLS outperforms OpenSSL...
Security Now

SN 723: Encrypting DNS

• Bullet points from last Tuesday's monthly Windows patches as well• Notes from the end of Windows 7• Laporte County Under Ransomware Attack• The mixed blessing of fining companies for self-reporting• A survey of enterprise malware headaches• Some Mozilla/...
Security Now

SN 722: Gem Hack & Ghost Protocol

This Week's Stories• Mozilla's privacy-enhancing DNS over HTTPS support• Facial recognition and automobile license plate scanners• The future of satellite-based Internet services• How a Ruby code repository was hacked• The UK GCHQ's proposal for adding "ghost" participants into private...
Security Now

SN 721: Exposed Cloud Databases

• Ransomware in Florida and elsewhere• The "Going Dark" anti-encryption debate• A BlueKeep Proof of Concept demo produced by the guys at SophosLabs• Massive publicly-exposed databases• Chinese IoT manufacturer logs a million+ customer devices into a 2+ billion record...
Security Now

SN 720: Bug Bounty Business

• Update on the Linux TCP SACK Kernel panic• Hackers exploit a Firefox flaw and attack Coinbase• Google corrects a flaw with Nestcam• An elegant solution to OpenSSH key theft via Rowhammer attacks• Update on the BlueKeep RDP vulnerability•...
Security Now

SN 719: Exim Under Siege

• A new DRAM problem called "RAMBleed"• A bad Linux TCP SACK server kernel crashing flaw• Last week's patch Tuesday• A Bluetooth surprise• Another useless warning about the BlueKeep vulnerability• Microsoft misses a 90-day Tavis Ormandy deadline• Good news...
Security Now

SN 718: Update Exim Now!

• SandboxEscaper drops another 0-day• The still-not-yet-widely-exploited BlueKeep vulnerability• GoldBrute Botnet pounding on RDP servers (but not yet using BlueKeep)• The FBI issued an interesting advisory about not trusting secure sites just because they're secure• VLC receives 33 security...
SC Magazine

Ning Wang – Offensive Security

Ning WangCEO Offensive Security Why Nominated: Ning Wang is a rising star has worked to break the boundaries in the security industry, so that people can see that anyone is capable of starting a career in cybersecurity and advancing it –...
SC Magazine

Dani Martínez – IOActive

Dani MartínezSecurity ConsultantIOActive Why nominated: Dani Martínez proved to be a self-starter, beginning his career in IT he soon developed an interest in cybersecurity and began taking online courses in his spare time. Martínez also dove write in and began a cybersecurity blog...
SC Magazine

Maurice Stebila – Harman, a Samsung Company

Maurice StebilaDigital Security,Compliance and Privacy OfficerHarman, a Samsung Company Why nominated: Maurice Stebila has spent more than 30 years in the automotive, manufacturing and financial services industry supporting two of the world’s largest companies – EDS/General Motors and Harman by Samsung...
SC Magazine

Ed Adams – Security Innovation

Ed AdamsPresident and CEOSecurity Innovation Why Nominated: A highly respected veteran of the cybersecurity industry, Security Innovation CEO Ed Adams has taken on several new leadership roles in the year or so. Last April, he was named to board of directors of...
SC Magazine

David Archer – Galois

David ArcherPrincipal scientistGalois Why Nominated: Archer, an advocate for preserving privacy of data even when it’s used in decision-making both within the U.S. at all levels of government as well as internationally, directs research in privacy-preserving information technologies. Profile:  David Archer is all...