Saturday, January 19, 2019
Security Now

SN 697: Zerodium

The implications of the recent increase in bounty for the purchase of 0-day vulnerabilities. The intended and unintended consequences of last week's Windows Patch Tuesday.Speaking of unintended consequences, the US Government shutdown has had some, too!A significant privacy failure...
Security Now

SN 696: Here Comes 2019!

The NSA announces the forthcoming release of an internal powerful reverse-engineering tool for examining and understanding other people's code.Emergency out-of-cycle patches from both Adobe and Microsoft.PewDiePie hacker strikes again.Prolific 0-day dropper SandboxEscaper ruffles some feathers.A new effort by the...
Security Now

SN 695: Our Best of 2018

The Best of Security Now from 2018! Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and...
Security Now

SN 694: The SQLite RCE Flaw

Rhode Island's response to Google's recent API flawSignal's response to Australia's anti-encryption legislationThe return of PewDiePieUS border agents retaining traveler's private dataThis Week in Android HijinksConfusion surrounding the Windows v5 releaseAnother Facebook API mistakeThe 8th annual most common passwords...
Security Now

SN 693: Internal Bug Discovery

Australia's recently passed anti-encryption legislationDetails of a couple more mega-breaches including a bit of Marriott follow-upA welcome call for legislation from MicrosoftA new twist on online advertising click fraudThe DHS is interested in deanonymizing cryptocurrencies beyond BitcoinThe changing landscape...
Security Now

SN 692: GPU RAM Image Leakage

Another Lenovo SuperFish-style local security certificate screw upThe Marriott breach and several other new, large and high-profile secure breach incidentsThe inevitable evolution of exploitation of publicly exposed UPnP router servicesThe emergence of "Printer Spam"How well does ransomware pay? We...
Security Now

SN 691: ECCploit

Yesterday, the US Supreme Court heard Apple's argument about why a class action lawsuit against their monopoly App Store should not be allowed to proceed. How could this affect iOS security?Google and Mozilla are looking to remove support for...
Security Now

SN 690: Are Passwords Immortal?

All the action at last week's Pwn2Own Mobile hacking contestThe final word on processor mis-design in the Meltdown/Spectre eraA workable solution for unsupported Intel firmware upgrades for hostile environmentsA forthcoming Firefox breach alert featureThe expected takeover of exposed Docker-offering...
Security Now

SN 689: Self-Decrypting Drives

Last month's Patch Tuesday, this monthA GDPR-inspired lawsuit filed by Privacy InternationalCheck these two router ports to protect against a new botnet that's making the roundsAnother irresponsibly disclosed zero-day, this time in Virtual BoxCloudFlare's release of a very cool...
Security Now

SN 688: PortSmash

A close look at the impact and implication of the new "PortSmash" attack against Intel (and almost certainly other) processors. The new "BleedingBit" Bluetooth flaws JavaScript is no longer optional with Google A new Microsoft Edge browser 0-dayWindows...
Security Now

SN 687: Securing the Vending Machine

More Zero-day exploits in Windows 10, publicly exposed Docker Engine APIs, Google's plan to fix Android, the DoD is expanding its existing "Hack the Pentagon" bug-bounty program to include hardware assets, the going rate for DDoS-for-Hire, and Steve has...
Security Now

SN 686: Libssh’s Big Whoopsie!

This week a widely used embedded OS (FreeRTOS) is in the doghouse, as are at least eight D-Link routers which have serious problems most of which D-Link has stated will never be patched. We look at five new problems...
Security Now

SN 685: Good Samaritans?

This week we observe the untimely death of Microsoft's co-founder Paul Allen, revisit the controversial Bloomberg China supply chain hacking report, catch up on Microsoft's October patching fiasco, follow-up on Facebook's privacy breach, look at the end of TLS...
Security Now

SN 684: The Supply Chain

An October Surprise of a different sort - Windows 10 update deletes users' filesA security researcher has massively weaponzied the existing MicroTik vulnerability and released it as a proof-of-conceptA clever voicemail WhatsApp OTP bypassWhat happened with that recent Google+...
Security Now

SN 683: The Facebook Breach

This week we discuss yet another treat from Cloudflare, the growing legislative battle over Net Neutrality, the rise of Python malware, Cisco's update report on the VPNFilter malware, still more Chrome controversy and some placating, the rapid exploitation of...

Websites can steal browser data via extensions APIs

Researcher finds nearly 200 Chrome, Firefox, and Opera extensions vulnerable to attacks from malicious sites.
Security Affairs

6 Reasons We Need to Boost Cybersecurity Focus in 2019

Paying attention to cybersecurity is more important than ever in 2019. But, some companies are still unwilling to devote the necessary resources to securing their infrastructures against cyberattacks, and naive individuals think they’re immune to the tactics of cybercriminals,...

Fortnite Vulnerabilities Allow Hackers To Take Over Gamers’ Accounts, Data And In-Game Currency

Cybersecurity researchers today shared details of vulnerabilities that could have affected any player of the hugely popular online battle game, Fortnite. If exploited, the vulnerability would have given an attacker full access to a user’s account and their personal information  as well...

DNC Accuses Russia, ACLU Sues ICE, and More Security News This Week

Trump dominated security headlines this week, but there's plenty of other news to catch up on.

Bulgaria Extradites Russian Hacker to US: Embassy

Bulgaria has extradited a Russian indicted by a US court for mounting a complex hacking scheme to the United States, the Russian embassy in Washington said Saturday. read more