Thursday, October 1, 2020
Security Now

SN 786: ZeroLogon++ – Amazon Flying Security Cam, ZeroLogon on GitHub, Ransomware Roundup

Amazon flying security cam, ZeroLogon on GitHub, ransomware roundup. What could possibly go wrong: Amazon/Ring's autonomous flying home security webcam Evil ransomware gang deposited $1 million of bitcoin in a hacker recruitment drive Over this past weekend, Universal Health Services was hit...
Security Now

SN 785: Formal Verification – iOS 14 & Android 11 Security Features, DuckDuckGo Gets Big

iOS 14 & Android 11 security features, DuckDuckGo gets big. The most important iOS 14 privacy & security features All of Android 11's new privacy & security features DuckDuckGo usage growth goes exponential LAN attack bug fixed in Firefox 79 for Android Goodbye Forever...
Security Now

SN 784: BlindSide & BLURtooth – Chrome vs Abusive Ads, Patch Tuesday Palooza

Chrome vs abusive ads, patch Tuesday palooza. BlindSide and BLURtooth Chrome gets tough on abusive ads The last hurrah for IE & Flash exploits Chromium Edge on Win10: Forcing the issue Edge enables "Ask me..." for each download Patch Tuesday Palooza! Excessive SSD Defragging also fixed The...
Security Now

SN 783: IoT Isolation Strategies – Isolate Your IoT Devices, Threema Goes Open-Source

Isolate your IoT devices, Threema goes open-source. IoT Isolation Strategies DoH coming to Chrome for Android Bye Bye Drive-By Downloads Threema goes Open-Source WordPress File Manage 0-day flaw Facebook's new VDP — Vulnerability Disclosure Policy Facebook's new "WhatsApp Security Advisories" page The Tor Project Membership Program Intel's latest...
Security Now

SN 782: I Know What You Did Last Summer – Russian Tries to Hack Tesla, Web Browser History Research

Russian tries to hack Tesla, web browser history research. Chrome 85 security features Russian Attempts to Cyber Attack Tesla More EMV Standard monetary transaction method problems Watch this video on Covid testing I Know What You Did Last Summer: research on web browsing histories We...
Security Now

SN 781: SpiKey – Ransomware Hits Jack Daniel’s, Iranian Script-Kiddies, How Ransomware Happens

Ransomware hits Jack Daniel's, Iranian Script-Kiddies, how ransomware happens. SpiKey: using the sound of a key to determine its shape What do The University of Utah, Jack Daniel's Whiskey, and Carnival Cruise Lines all have in common? Ransomware A Remote Code Execution...
Security Now

SN 780: Microsoft’s 0-Day Folly – Microsoft Acts Badly, Canon Ransomware, Mozilla Tries to Pivot

Microsoft acts badly, Canon ransomware, Mozilla tries to pivot. When Microsoft doesn't act responsibly: Parts 1 and 2 Snap Your Dragon / "Achilles: Small Chip, Big Peril" 3rd largest Patch Tuesday ever Mozilla pivoting to VPN, future uncertain The other ransomware shoe drops at...
Security Now

SN 779: Geneva – Great Firewall Of China, Black Hat/DEFCON 2020, Have I Been Pwned

Great Firewall Of China, Black Hat/DEFCON 2020, Have I Been Pwned. It's Patch Tuesday! News from Black Hat / DEFCON 2020 Generalizing Speculative Execution Vulnerabilities Canon hit by the Maze ransomware A vBulletin Emergency DoH for Win10 Troy Hunt Hasn't Been Pwned Geneva: China's Great Firewall...
Security Now

SN 778: BootHole – Twitter Hackers Arrested, Garmin Hackers Get Ransom

Twitter hackers arrested, Garmin hackers get ransom.Vitamin D fights death by CovidFirefox is now at v79Twitter hackers arrestedGarmin hackers rewardedTor and Dr. KrawetzDropping 0DaysBlocking Tor Connections the Smart WayEnabling Zoom Meeting HackingAnother SHA-1 DeprecationQNAP and QSnatchBootHoleWe invite you to...
Security Now

SN 777: rwxrwxrwx – Garmin Outage, Twitter Hack Update, GnuTLS

F5 Networks "Big-IP" devices in Big-TroubleTwitter bitcoin hack updateGnuTLS vs OpenSSLThe Garmin outage then and nowCisco's latest troubleSurprising SpinRite resultsWe invite you to read our show notes at https://www.grc.com/sn/SN-777-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to...
Security Now

SN 776: A Tale of Two Counterfeits – Twitter Hack, Cloudflare Outage, Zoom’s Vanity URL Flaw

Here's how Twitter was hacked. How can we prevent the next Twitter hack?Cloudflare outage takes out huge swath of American internet, including Down Detector. All internet got sent to Atlanta.Zoom's vanity URL flaw: when is a "zero day" not...
Security Now

SN 775: Tsunami

EARN IT is still evil, Google tsunami.Mozilla suspends "Send" due to persistent malware abuseZoom fixed a new RCE affecting Windows 7 and earlier systemsThe EARN IT bill, take II is still just as bad as the originalGoogle bans ads...
Security Now

SN 774: 123456

Boston bans face recognition, bad passwords.Boston bans facial recognition123456 is still the most popular passwordiOS 14 catches Linked-In, Tik Tok, and others red handed!US-CERT notes two Emergency Windows UpdatesHackerOne shares their top 10 public bug bounty programsSony launches PlayStation...
Security Now

SN 773: Ripple20 Too

Congress wants to kill encryption & face recognition.New information about Ripple20The Facial Recognition and Biometric Technology Moratorium Act wants to kill face recognitionThe Lawful Access to Encrypted Data Act wants to kill encryptionMichigan State's legislative House passed the "Microchip...
Security Now

SN 772: Ripple20

Ripple20: a set of 19 TCP/IP vulnerabilities that could let remote attackers gain control over your deviceRussian government lifts its failed ban on TelegramZoom: everybody gets optional end to end encryptionGoogle removed 106 malicious Chrome extensions collecting sensitive user...

#DTXNOW: Managing Uncertainty to Build Lasting Resilience in Security Teams

#DTXNOW: Managing Uncertainty to Build Lasting Resilience in Security Teams IT and security teams must learn how to navigate to uncertain environments in order to build lasting resilience, according to Jordan Schroeder, deputy MD & managing CISO at Hefestis, speaking...

InterPlanetary Storm: Cross-platform P2P botnet infects computers and IoT devices

IoT botnets have come a long way since Mirai showed its devastating potential in 2016 with distributed denial-of-server attacks that exceeded in strength anything seen before then. Myriad malware programs now infect poorly secured or vulnerable routers, IP cameras,...
The Register

Huawei’s UK code reviewers say the company is still crap at basic software security

Last year telcos scrambled to plug 'critical user-facing vuln' in Chinese network kit UK.gov security researchers examining Huawei source code have so far verified just eight firmware binaries out of more than 60 used across Britain's mobile phone networks,...
ZDNet

With API attacks rising, Cloudflare launches a free API security tool

Claudflare launches API Shield, a new service to protect web APIs against attacks.
IBM Security

Integrating Security Awareness Training Into Employee Onboarding

Training your team on security awareness is an essential part of a successful security program. And, new employee onboarding is an optimal time to introduce your staff to your security best practices. This is in large part due to the...