SN 907: Credential Reuse – iOS 16.3, ChatGPT creates malware, Bitwarden acquires Passwordless.dev
Picture of the Week.
PayPal Credential Stuffing.
iOS 16.3 : Cloud encryption for all.
InfoSecurity Magazine: "ChatGPT Creates Polymorphic Malware".
CheckPoint Research: OPWNAI : Cybercriminals Starting to Use ChatGPT.
"Meta" fined for the third time.
Bitwarden acquires "Passwordless.dev"....
SN 906: The Rule of Two – Norton Lifelock Data Breach, Chromium and Rust, LastPass
Picture of the Week
About Password Iterations
EBC or CB
Norton Lifelock Troubles
Chrome Follows Microsoft and Firefox
Chromium is Beginning to Rust
BYOVD and Windows Defender Failures
Closing the Loop (feedback)
The Rule of Two
Show notes: https://www.grc.com/sn/sn-906-notes.pdf...
SN 905: 1 – LastPass Aftermath, LastPass vault de-obfuscator, LastPass iteration count folly
Picture of the Week.
LastPass Aftermath.
LastPass Vault De-Obfuscator.
What more do we know this week regarding LastPass?
The most alarming discovery by listeners.
Understanding the scale of GPU-enhanced password cracking.
On the true strength of passwords.
Feedback...
SN 904: Leaving LastPass – How LastPass failed, Steve's next password manager, how to protect yourself
Picture of the Week.
SpinRite.
Leaving LastPass.
Is there reason for concern?
Well known password cracker Jeremi Gosney's LastPass rant.
Steve shares his plan regarding LastPass.
What is Steve's next password manager?
What should LastPass users do to...
SN 903: Security Now Best of 2022 – The best moments from throughout the year
Anatomy of a Log4j Exploit.
Will Russia Disconnect?
FCC Says Kaspersky Labs is a National Security Threat.
Lenovo UEFI Firmware Troubles.
That ""Passkeys"" Thing.
Dis-CONTI-nued: The End of Conti?
Steve's Take on the LastPass Breach.
Hosts: Steve Gibson...
SN 902: A Generic WAF Bypass – Pwn2Own Toronto, URSNIF malware, Vivaldi Mastodon support, Bye Bye SHA-1
Picture of the Week.
A malware operation known as URSNIF.
Pwn2Own Toronto 2022.
Citrix and Fortinet recently released security updates to patch 0-day vulnerabilities.
Patch Tuesday.
Another Uber breach?
Elon Botches 'Bot Blockage.
Vivaldi integrates Mastodon in its...
SN 901: Apple Encrypts the Cloud – Chrome Passkeys, Telegram malware, SYNC.com outage, Rackspace lawsuits
Picture of the Week.
Chrome does Passkeys.
SYNC.COM suffered its first outage.
Medibank reboot.
Totally fake cryptocurrency trading platforms.
Malware on Telegram.
Texas gets in on the TikTok banning.
The LastPass class action lawsuit.
Rackspace had a big...
SN 900: LastPass Again – South Dakota bans TikTok, Anker Eufy Camera debacle, Mozilla yanks trusted root
Picture of the Week.
Don't mess with Australia.
Facebook / Meta fined by Ireland.
REvil's full Medibank dump.
Is nothing sacred?
Mozilla yanks a (no longer) trusted root.
Android Platform Certs Escape.
South Dakota says: No more Tik-Tok....
SN 899: Freebie Bots & Evil Cameras – iSpoofer no more, Boa server vulnerability, CISA on Mastodon
Picture of the Week.
iSpoof you no more.
Here come the Freebie Bots!
Anatomy of the real-time Cryptocurrency heist.
Lookin' for something to do?
Boa server vulnerability.
The dilemma of closed-source Chinese networking products.
The Cyber Defense Index....
SN 898: Wi-Peep – FBI purchased Pegasus, Passkey support directory, Quantum decryption deadline, Firefox 107
Picture of the Week.
Firefox v107 was released last Tuesday.
Google settles for a cool $391.5 million.
Red Hat Signing its ZIP file Packages.
The FBI purchased Pegasus for "research and development purposes".
Greece bought Predator for €7...
SN 897: Memory-Safe Languages – Shennina Framework, Shufflecake, The Helm, LightSpeed vulnerabilities
Picture of the Week.
Patch Tuesday review.
Shennina Framework - Automating Host Exploitation with AI.
GitHub's welcome new feature.
Three LightSpeed vulnerabilities.
Shufflecake: Plausible deniability encrypted Linux volumes.
Australia has decided to get proactive!
Apple's iOS 16.1.1 everyone...
SN 896: Something for Everyone – Dropbox breach, cyber bank heists, Russia goes Linux, OpenSSL flaw update
Picture of the Week.
A minor Dropbox breach.
OpenSSL follow-up.
FTC sued and settled with a repeated offender.
$1.2 billion in reported ransomware payments during 2021.
Akamai's Q3 Threat Report.
Initial Access Brokerages.
How do today's bank heists...
SN 895: After 20 years in GCHQ – Stranger Strings, PayPal passkeys, new TCP/IP RCE in Windows
Picture of the Week.
Windows driver blocklist to be updated next Tuesday.
More Microsoft shenanigans.
An upcoming OpenSSL CRITICAL vulnerability update -- get ready!
A new TCP/IP RCE in Windows.
A study of malicious CVE proof of concept...
SN 894: Data Breach Responsibility – Firefo 106, KataOS and Sparrow, banking malware, CVSS 9.8 updateQ
Picture of the Week.
Firefox 106 is out.
Google's Open Source IoT KataOS and Sparrow.
This Week in CryptoCurrency Craziness.
New Windows 0-day bypasses executable security checks.
Apple's 9th 0-day of the year bites the dust.
The evolutionary...
SN 893: Password Change Automation – Windows Update RSS, malicious kernal drivers, Signal SMS/MMS, ZimaBoard
Picture of the Week.
Microsoft "Won't Fix".
Malicious Kernel Drivers.
Microsoft has finally added an RSS feed for Windows Updates!
Passkeys Dev.
Largest DDoS attack.
Signal will be dropping its SMS/MMS support.
Brute-force protection for Windows local...