SN 925: Brave's Brilliant Off the Record Request – .ZIP TLD, Bitwarden Passkey support, PyPi
Picture of the Week.
HP = "Huge Pile"
The ".ZIP" TLD — What could possibly go wrong?
PyPI gets more serious about security AND privacy.
"No logs saved anywhere"???
Twitter in the EU?
Bitwarden's support for Passkeys.
A...
SN 924: VCaaS – Voice Cloning as a Service – HP printer update, KeePass vulnerability, SpinRite bug
Picture of the Week.
Tracker Follow-Up.
Automatic IoT device updating.
HP 9020e - error code 83C0000B.
Section 230 Stands.
The KeePass Vulnerability.
Apple joins Samsung, Amazon and Verizon in banning ChatGPT.
Google's Privacy Sandbox moves forward.
The FBI...
SN 923: Location Tracker Behavior – Diving deep into Google and Apple's tracker spec, SpinRite update
Picture of the Week.
SpinRite.
Location Tracker Behavior.
Formal definitions from the specification.
Bluetooth LE devices have MAC addresses and therein lies a problem.
All devices are serialized.
And now, that "pairing registry".
Privacy considerations.
Show Notes: https://www.grc.com/sn/SN-923-Notes.pdf
Hosts:...
SN 922: Detecting Unwanted Location Trackers – Google Passkeys, Chrome lock icon, AI news sites, Vint Cerf
Picture of the Week.
Google & Passkeys.
TP-Link routers DO auto-update.
US Marshals Service: Where's the backup??
T-Mobile keeps getting breached.
Chrome: No more LOCK icon.
Apple's new "Rapid Security Response" system.
Elon Musk, making friends wherever he...
SN 921: OSB OMG and Other News! – Age verification, Google Authenticator E2EE, VirusTotal AI, cURL
Picture of the Week.
The Encryption Debate.
Age does matter...
Age Verification.
WhatsApp: Rather be blocked in UK than weaken security.
Exposing Side-Channel Monitoring.
Closing the Loop.
A new UDP reflection attack vector.
Google Authenticator Updated.
Does Israel...
SN 920: An End-to-End Encryption Proposal – Wipe those routers, Lockdown Mode, ChatGPT black market
Picture of the Week.
Lockdown Mode seen succeeding.
A growing black market for ChatGPT accounts.
Decommissioned Corporate Routers Leak Secrets.
Jaguar Tooth: Cisco router vulnerabilities.
Security Research Legal Defense Fund.
A quick Firefox fix.
Kubernetes security audit.
Google...
SN 919: Forced Entry – Patch Tuesday, Google Assured Open Source Software, WhatsApp Improvements
Picture of the Week.
Patch Tuesday Review.
Risky Business News.
Google Assured Open Source Software.
WhatsApp Improvements.
Bad Security? Go to jail!
Forced Entry.
Show Notes https://www.grc.com/sn/SN-919-Notes.pdf
Hosts: Steve Gibson and Jason Howell
Download or subscribe to...
SN 918: A Dangerous Interpretation – H26FORGE, Privatized ChatGPT, Mozilla Site Breach Monitor
Picture of the Week.
Microsoft and Fortra go on the offensive.
Can ChatGPT keep a secret?
Apple updates their OS's.
Wordpress under attack... again.
Mozilla's Site Breach Monitor.
Another ChatGPT investigation.
Samsung handsets reaching EoL.
Less access for...
SN 917: Zombie Software – ChatGPT Ban, Hacking the Pentagon
Picture of the Week
So... Not an attack, then?
AI Overlord Hysteria
Italy says NO to ChatGPT
It's illegal... How much will that be?
The U.S. FDA & medical device security
Hack the Pentagon
Firefox 3dr-party DLL check-up...
SN 916: Microsoft's Email Extortion – Pwn2Own, Edge Crypto Wallet
Picture of the Week.
Synacktiv wins this year's CanSecWest Pwn2Own
GitHub: Mistakes happen
DDoS for Hire. . .Or Not
144,000 malicious packages published
No iPhones For Russian Presidential Staff
I NUIT
Edge Gets Crypto
Microsoft's Email Extortion
Show...
SN 915: Flying Trojan Horses – Exynos 0-days, TikTok Tick Tock, 90-day TLS cert life, CHESS is safe!
Picture of the Week.
Multiple Exploitable Samsung 0-Days.
A good idea for NPM.
The TikTok Tick Tock.
Google pushes for 90-day TLS certificate life.
CHESS is safe.
CISA has begun scanning!
Flying Trojan Horses.
Show Notes: https://www.grc.com/sn/SN-915-Notes.pdf
...
SN 914: Sony Sues Quad9 – Polynonce attack, Germany Huawei ban, Plex Media Server defect, Andor review
Picture of the Week.
Another Malicious Chrome Extension.
Germany to join the Huawei & ZTE ban.
Putting "phishing" into perspective.
The Polynonce attack.
Plex's RCE now in CISA's KEV.
Sci-Fi: Andor.
Sony Sues Quad9.
Show Notes: https://www.grc.com/sn/SN-914-Notes.pdf
Hosts:...
SN 913: A Fowl Incident – DDoS'ing Fosstodon, Strategic Objective 3.3, CISA's Covert Red-Team
Picture of the Week.
DDoS'ing Fosstodon.
DDoS for Hire takedowns.
TikTok Insanity.
Illegal Warrantless Surveillance.
Strategic Objective 3.3.
GitHub Secret Scanning.
CISA's Covert Red-Team.
What's left?
What's old is new again.
TCG TPM vulnerabilities.
WordPress "All In One...
SN 912: The NSA @ Home – LastPass hack details, Signal says no to UK, more PyPI troubles, QNAP bug bounty
Picture of the Week.
Windows 11? ... anyone?
As Plain as Ever.
Edge's new built-in VPN?
LastPass Incident Update.
Signal says NO to the UK.
More PyPI troubles.
The QNAP bug bounty program.
SpinRite.
The NSA @ Home....
SN 911: A Clever Regurgitator – GoneDaddy, Section 230, NPM malware, Hyundai Kia mess, Meta Verified
GoneDaddy, Section 230, NPM malware, Hyundai Kia mess, Meta Verified
Picture of the Week.
GoneDaddy.
Section 230.
No Blue, No SMS-based 2FA.
Bitwarden gets Argon.
"Meta Verified".
Emsisoft Fake Code Signing.
Attacks breaking records.
More Mirai.
NPM malware.
Patch...
Ukraine war blurs lines between cyber-crims and state-sponsored attackers
This RomCom is no laughing matter A change in the deployment of the RomCom malware strain has illustrated the blurring distinction between cyberattacks motivated by money and those fueled by geopolitics, in this case Russia's illegal invasion of Ukraine,...
We need to refine and secure AI, not turn our backs on the technology
While the potential poisoning of ChatGPT raises some concerns, we need to take this threat as an opportunity to better refine and secure emerging AI models.
Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2023-28771 (CVSS score: 9.8), the issue relates to a command injection flaw impacting...
Urgent WordPress Update Fixes Critical Flaw in Jetpack Plugin on Million of Sites
WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that’s installed on over five million sites.
The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since version 2.0,...
Dark Pink cyber-spies add info stealers to their arsenal, notch up more victims
Not to be confused with K-Pop sensation BLACKPINK, gang pops military, govt and education orgs Dark Pink, a suspected nation-state-sponsored cyber-espionage group, has expanded its list of targeted organizations, both geographically and by sector, and has carried out at...
