Tuesday, August 3, 2021
Security Now

SN 829: SeriousSAM & PetitPotam – Kaseya Universal Decryptor, Window's Process Hacker, Chrome 92

Picture of the Week. Faster and more efficient phishing detection in Chrome 92. A Universal Decryptor for all Kaseya victims. The printer driver used by millions of HP, Samsung and Xerox Printers is exploitable. Windows' Process Hacker. "GoLang" gains supply chain security features at...
Security Now

SN 828: REvil Vanishes! – Chrome Zero-Day Vulnerability, iOS WiFi SSID Bug, Patch Tuesday Review

Picture of the week Browser NewsThe attacks on Google Chrome continue. Firefox special-cases anti-tracking for "Login With" functions. Security NewsiOS WiFi SSID bug We still can't awaken from the "PrintNightmare"It's not a bug, it's a feature! Patch Tuesday Review Update Acrobat and Reader Rolling your own...
Security Now

SN 827: REvil's Clever Crypto – Microsoft Fails to Patch PrintNightmare & Sodinokibi Malware's Crypto Design

Picture of the Week The "PrintNightmare Continues" Kaseya - Not nearly as bad as it could have been Ransomwhere site Microsoft Office Users: There's a new malware-protection bypass Ransomware negotiators are now in high demand Microsoft seemingly enforces the new Windows 11 Start menu Stay tuned...
Security Now

SN 826: The Kaseya Saga – Microsoft PrintNightmare, WD's MyCloud OS3 Troubles, SpinRite in a BMW

Picture of the Week. "PrintNightmare" is NOT CVE-2021-1675. The Authentication Dilemma. Western Digital steps up. WD's MyCloud OS3 Troubles. SpinRite. Miscellany & Closing The Loop. The Kaysea Saga. We invite you to read our show notes at https://www.grc.com/sn/SN-826-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe...
Security Now

SN 825: Halfway Through 2021 – Google's FLoC, $600M Ransomware Attack, Where Will Windows 11 Run?

Picture of the week Google's FLoC has landed with a hard thud and is now-delayed The high cost of Ireland's recovery from the Conti ransomware attack Who is responsible for damage and data loss following the remote wiping of many Western Digital...
Security Now

SN 824: Avaddon Ransonomics – Chrome 0-Day, Big Spinrite Update, iOS Wi-Fi Bug, Economics of Ransomware

Picture of the Week. Another day, another Chrome 0-day. Ransomware perpetrators are increasingly purchasing access. A weird bug in iOS Wi-Fi. An Early Preview of Windows 11. The Security Now! Podcast has found a new purpose... SpinRite. Avaddon Ransonomics. We invite you to read our show notes...
Security Now

SN 823: TLS Confusion Attacks – TikTok Privacy, iOS 14.5 Tracking Permission, Industry-Wide Patch Tuesday

Picture of the week. Being #1 is a mixed blessing. Industry wide patch Tuesday. TikTok Quietly Updated Its Privacy Policy to Collect Users' Biometric Data. iOS 14.5 requires apps to obtain explicit tracking permission. The ANOM sting operation. "Windows 10" — the last Windows ever? Project...
Security Now

SN 822: Extrinsic Password Managers – Great CyberSecurity Awakening of 2021, NAT vs IPv6, Tavis Ormandy

Picture of the week. The Great CyberSecurity Awakening of 2021. Firefox will soon auto-update on Windows even when it's not running. Edge takes its own approach to HTTPS switching. Three new ransomware victims. We believe we know how Colonial Pipeline was breached. The FBI strikes...
Security Now

SN 821: Epsilon Red – Chrome 91, Emsisoft's Ransomware Decryption Tool, Revisiting Amazon Sidewalk

Photo of the Week. Chrome advances to 91. Emsisoft has created their own ransomware decryption tool. Stepping off the Sidewalk. Just another phishing attack. The Great Encryption Struggle. Hail Mary. Epsilon Red. We invite you to read our show notes at https://www.grc.com/sn/SN-821-Notes.pdf Hosts: Steve Gibson and Leo...
Security Now

SN 820: The Dark Escrow – Firefox Fission, Doom CAPTCHA, Conti and CNA Financial Ransomware

Picture of the Week. Firefox finally achieves sustained "Fission". Conti ransomware. CNA Financial pays up big. When they say IoT do they mean us? "Mean Time to Inventory" The "Doom" CAPTCHA. The "Helios" screensaver. Closing the Loop. The Dark Escrow. We invite you to read our show notes at...
Security Now

SN 819: The WiFi Frag Attacks – DarkSide Follow-Up, DarkTracer, Patch Tuesday, The Frontiers Saga

Picture of the week. DarkSide Follow-Up. Follow The Money. Toshiba Attacked by DarkSide. Ransomware topics off-limits here. "DarkTracer: DarkWeb Criminal Intelligence" Please Leak our Stolen Data! Patch Tuesday Review. A review of the first book of "The Frontiers Saga" 60 Minutes/UAP: Unidentified Aerial Phenomena. Closing the Loop. The WiFi Frag...
Security Now

SN 818: News From the Darkside – Exim Email Server, Tor's Exit Nodes, TsuNAME, Project Hail Mary

Picture of the week. TsuNAME - "DNS Configuration Flaw Lets Attackers Take Down DNS Servers" Huh Google? Tor's Exit Nodes. 21 Nails in Exim's coffin. Project Hail Mary: A Novel. Closing the loop. SpinRite update. News from the Darkside. We invite you to read our show notes at...
Security Now

SN 817: The Ransomware Task Force – Scripps Health, REvil Hacks Quanta Computer, Emotet Botnet, QNAP

Picture of the Week. REvil hacks Apple supplier Quanta Computer. World-famous Scripps Health taken down. The Big Emotet Botnet Takedown. Emotet's 4,324,770 eMail addresses. Have I Been Pwned domain-wide notifications. QNAP. Gravity NNTP Newsreader updated to v3.0.11.0 Just a bit more about Dan Kaminsky. Closing the Loop. The Ransomware...
Security Now

SN 816: The Mystery of AS8003 – Remembering Dan Kaminsky, Project Zero, Unethical Security Research

Remembering Dan Kaminsky. Week before last was Patch Tuesday. Google's Project Zero responds to today's patch latency reality. Baking security into IoT UNethical security research. CloudFlare refuses to knuckle under to Patent Trolls. Closing The Loop. The Mystery of AS8003. We invite you to read our show...
Security Now

SN 815: Homogeneity Attacks – Is FLoC All That Bad?, Humble Bundle For Programmers, Chrome 90

Club TWiT details. Picture of the Week. The Vivaldi Project's take on FLoC. Chrome continues to be THE high-value target. We're at Chrome v90. Exchange Server Web Shells removed, with DOJ Permission. WordPress joins the "FLoC No!" chorus. It's Humble Bundle Book Time. Closing the Loop. A quick...
TechRepublic

Beef up security in Firefox with Fission

Jack Wallen shows you how to enable Fission. Firefox developers understand web browser security is at a premium, so they've rolled out a site isolation feature.
TechRepublic

Cybersecurity professionals: Positive reinforcement works wonders with users

The blame game is not working; experts suggest using positive reinforcement to improve employee attitude and performance.
SecurityWeek

Google Patches High-Risk Android Security Flaws

Google this week pushed out a security-themed Android update with fixes for more than 30 security flaws that expose mobile users to a range of malicious hacker attacks. The latest Android update provides documentation on 33 security bugs, some serious...

Awful transaction and timing: AT&T finally ditches DirecTV

Enlarge (credit: Getty Images | Ronald Martinez) AT&T has completed its spinoff of DirecTV after six years of mismanagement in which nearly 10 million customers ditched the company's pay-TV services. AT&T bought DirecTV for $49 billion ($67 billion including...
SecurityWeek

Mismanagement Driving Cybersecurity Skills Gap: Research

“To some extent, this data supports the theory that the cybersecurity skills shortage is related to mismanagement rather than a dearth of qualified candidates or advanced skills.” read more