SN 705: SPOILER
0-day exploit bidding warNSA releases Ghidra v9Firefox's adds Tor privacyA pair of nasty 0-daysA worrisome breach at CitrixThe risk of claiming to be an unhackable aftermarket car alarmA new and interesting "Windows developers chatting with users" idea at MicrosoftA...
SN 704: Careers in Bug Hunting
The increasing feasibility of making a sustainable career out of hunting for software bugsA newly available improvement in Spectre mitigation performance and who can try it nowAdobe's ColdFusion emergency and patch,More problems with A/V and self-signed certsA Docker vulnerability...
SN 703: Out in the Wild
A number of ongoing out-in-the-wild attacks Another early-warned Drupal vulnerability A 19-year old flaw in an obscure decompress for the "ACE" archive formatMicrosoft reveals an abuse of HTTP/2 protocol which is DoSing its IIS servers.Mozilla faces a dilemma about...
SN 702: Authenticity on the Internet
Last week's doozy of a patch Tuesday for both Microsoft and AdobeAn interesting twist coming to Windows 7 and Server 2008 security updates Eight mining apps pulled from the Windows StoreAnother positive security initiative from GoogleElectric scooters being hackedChipping...
SN 701: Adiantum
Apple's most recent v12.1.4 iOS update and the two 0-day vulnerabilities it closedWorrisome new Android image-display vulnerabilityAn interesting "reverse RDP" attackThe new LibreOffice & OpenOffice vulnerabilityMicrosoft's research into the primary source of software vulnerabilitiesMaryJo gets an early peek at...
SN 700: 700 and Counting!
Chrome gets "spell-check for URLs"Catch up on your Linux patch up!Performance enhancements for Chrome and FireFox.Facebook must really like being in the doghouse. The Japanese government takes on IoT security. Ubiquity routers are in trouble again.Chrome "Never Slow" mode...
SN 699: Browser Extension Security
The expressive power of the social media friends we keepThe persistent DNS hijacking campaign which has the US Government quite concernedLast week's iOS and macOS updates (and doubtless another one very soon!)A valiant effort to take down malware distribution...
SN 698: Which Mobile VPN Client?
Which is the right VPN client for Android, and which should you avoid at all costs?A very worrisome WiFi bug affecting billions of devicesHack a Tesla Model 3 at Pwn2OwnRussia's ongoing, failing and flailing efforts to control the InternetThe...
SN 697: Zerodium
The implications of the recent increase in bounty for the purchase of 0-day vulnerabilities. The intended and unintended consequences of last week's Windows Patch Tuesday.Speaking of unintended consequences, the US Government shutdown has had some, too!A significant privacy failure...
SN 696: Here Comes 2019!
The NSA announces the forthcoming release of an internal powerful reverse-engineering tool for examining and understanding other people's code.Emergency out-of-cycle patches from both Adobe and Microsoft.PewDiePie hacker strikes again.Prolific 0-day dropper SandboxEscaper ruffles some feathers.A new effort by the...
SN 695: Our Best of 2018
The Best of Security Now from 2018!
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
You can submit a question to Security Now! at the GRC Feedback Page.
For 16kbps versions, transcripts, and...
SN 694: The SQLite RCE Flaw
Rhode Island's response to Google's recent API flawSignal's response to Australia's anti-encryption legislationThe return of PewDiePieUS border agents retaining traveler's private dataThis Week in Android HijinksConfusion surrounding the Windows v5 releaseAnother Facebook API mistakeThe 8th annual most common passwords...
SN 693: Internal Bug Discovery
Australia's recently passed anti-encryption legislationDetails of a couple more mega-breaches including a bit of Marriott follow-upA welcome call for legislation from MicrosoftA new twist on online advertising click fraudThe DHS is interested in deanonymizing cryptocurrencies beyond BitcoinThe changing landscape...
SN 692: GPU RAM Image Leakage
Another Lenovo SuperFish-style local security certificate screw upThe Marriott breach and several other new, large and high-profile secure breach incidentsThe inevitable evolution of exploitation of publicly exposed UPnP router servicesThe emergence of "Printer Spam"How well does ransomware pay? We...
SN 691: ECCploit
Yesterday, the US Supreme Court heard Apple's argument about why a class action lawsuit against their monopoly App Store should not be allowed to proceed. How could this affect iOS security?Google and Mozilla are looking to remove support for...
Norwegian aluminum producer Norsk Hydro hit by an unspecified cyberattack
Norwegian aluminum producer Norsk Hydro was hit by a cyber attack which began Monday evening and escalated into the night.
The Norwegian National Security Authority (NSM) declined to comment on what type of attack it was but said the extent...
Glitch exposes Sprint customer data to other users
A bug
has allowed some Sprint customers to see the personal data of other customers from
their online accounts.
The information visible includes names, cell phone numbers as well as calls made by other users and, and a Tech Crunch report cited...
6 Ways Mature DevOps Teams Are Killing It in Security
New survey shows where "elite" DevOps organizations are better able to incorporate security into application security.
Ransomware drops the Lillehammer on Norsk Hydro: Aluminium giant forced into manual mode after systems scrambled
Norway the power and metals wrangler could have seen this one coming Norwegian power and metals giant Norsk Hydro is battling an extensive ransomware infection on its computers.…
Old Tech Spills Digital Dirt on Past Owners
Researcher buys old computers, flash drives, phones and hard drives and finds only two properly wiped devices out of 85 examined.
