SN 697: Zerodium
The implications of the recent increase in bounty for the purchase of 0-day vulnerabilities. The intended and unintended consequences of last week's Windows Patch Tuesday.Speaking of unintended consequences, the US Government shutdown has had some, too!A significant privacy failure...
SN 696: Here Comes 2019!
The NSA announces the forthcoming release of an internal powerful reverse-engineering tool for examining and understanding other people's code.Emergency out-of-cycle patches from both Adobe and Microsoft.PewDiePie hacker strikes again.Prolific 0-day dropper SandboxEscaper ruffles some feathers.A new effort by the...
SN 695: Our Best of 2018
The Best of Security Now from 2018!
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
You can submit a question to Security Now! at the GRC Feedback Page.
For 16kbps versions, transcripts, and...
SN 694: The SQLite RCE Flaw
Rhode Island's response to Google's recent API flawSignal's response to Australia's anti-encryption legislationThe return of PewDiePieUS border agents retaining traveler's private dataThis Week in Android HijinksConfusion surrounding the Windows v5 releaseAnother Facebook API mistakeThe 8th annual most common passwords...
SN 693: Internal Bug Discovery
Australia's recently passed anti-encryption legislationDetails of a couple more mega-breaches including a bit of Marriott follow-upA welcome call for legislation from MicrosoftA new twist on online advertising click fraudThe DHS is interested in deanonymizing cryptocurrencies beyond BitcoinThe changing landscape...
SN 692: GPU RAM Image Leakage
Another Lenovo SuperFish-style local security certificate screw upThe Marriott breach and several other new, large and high-profile secure breach incidentsThe inevitable evolution of exploitation of publicly exposed UPnP router servicesThe emergence of "Printer Spam"How well does ransomware pay? We...
SN 691: ECCploit
Yesterday, the US Supreme Court heard Apple's argument about why a class action lawsuit against their monopoly App Store should not be allowed to proceed. How could this affect iOS security?Google and Mozilla are looking to remove support for...
SN 690: Are Passwords Immortal?
All the action at last week's Pwn2Own Mobile hacking contestThe final word on processor mis-design in the Meltdown/Spectre eraA workable solution for unsupported Intel firmware upgrades for hostile environmentsA forthcoming Firefox breach alert featureThe expected takeover of exposed Docker-offering...
SN 689: Self-Decrypting Drives
Last month's Patch Tuesday, this monthA GDPR-inspired lawsuit filed by Privacy InternationalCheck these two router ports to protect against a new botnet that's making the roundsAnother irresponsibly disclosed zero-day, this time in Virtual BoxCloudFlare's release of a very cool...
SN 688: PortSmash
A close look at the impact and implication of the new "PortSmash" attack against Intel (and almost certainly other) processors. The new "BleedingBit" Bluetooth flaws JavaScript is no longer optional with Google A new Microsoft Edge browser 0-dayWindows...
SN 687: Securing the Vending Machine
More Zero-day exploits in Windows 10, publicly exposed Docker Engine APIs, Google's plan to fix Android, the DoD is expanding its existing "Hack the Pentagon" bug-bounty program to include hardware assets, the going rate for DDoS-for-Hire, and Steve has...
SN 686: Libssh’s Big Whoopsie!
This week a widely used embedded OS (FreeRTOS) is in the doghouse, as are at least eight D-Link routers which have serious problems most of which D-Link has stated will never be patched. We look at five new problems...
SN 685: Good Samaritans?
This week we observe the untimely death of Microsoft's co-founder Paul Allen, revisit the controversial Bloomberg China supply chain hacking report, catch up on Microsoft's October patching fiasco, follow-up on Facebook's privacy breach, look at the end of TLS...
SN 684: The Supply Chain
An October Surprise of a different sort - Windows 10 update deletes users' filesA security researcher has massively weaponzied the existing MicroTik vulnerability and released it as a proof-of-conceptA clever voicemail WhatsApp OTP bypassWhat happened with that recent Google+...
SN 683: The Facebook Breach
This week we discuss yet another treat from Cloudflare, the growing legislative battle over Net Neutrality, the rise of Python malware, Cisco's update report on the VPNFilter malware, still more Chrome controversy and some placating, the rapid exploitation of...
Websites can steal browser data via extensions APIs
Researcher finds nearly 200 Chrome, Firefox, and Opera extensions vulnerable to attacks from malicious sites.
6 Reasons We Need to Boost Cybersecurity Focus in 2019
Paying attention to cybersecurity is more important than ever in 2019. But, some companies are still unwilling to devote the necessary resources to securing their infrastructures against cyberattacks, and naive individuals think they’re immune to the tactics of cybercriminals,...
Fortnite Vulnerabilities Allow Hackers To Take Over Gamers’ Accounts, Data And In-Game Currency
Cybersecurity researchers today shared details of vulnerabilities that could have affected any player of the hugely popular online battle game, Fortnite. If exploited, the vulnerability would have given an attacker full access to a user’s account and their personal information as well...
DNC Accuses Russia, ACLU Sues ICE, and More Security News This Week
Trump dominated security headlines this week, but there's plenty of other news to catch up on.
Bulgaria Extradites Russian Hacker to US: Embassy
Bulgaria has extradited a Russian indicted by a US court for mounting a complex hacking scheme to the United States, the Russian embassy in Washington said Saturday.
read more
