Monday, January 24, 2022
Security Now

SN 854: Anatomy of a Log4j Exploit – Buggy KCode, WordPress Security

Picture of the Week "Hack the Pentagon" with Log4j Open Source Software Security Summit Microsoft's January Patch Tuesday Review: The GOOD News Microsoft's January Patch Tuesday Review: The Not So Good News Check Your Router Firmware Updates Chrome to Implement PNA Three High Severity Flaws in...
Security Now

SN 853: URL Parsing Vulnerabilities – US CISA on Log4J, WordPress Security Update, What Is a Pluton

Picture of the Week. The US CISA Log4J status update. The H2 Database Console vulnerability. The Federal Trade Commission gets into the act! Chrome fixed 37 known problems last week. The Privacy-first Brave browser. WordPress 5.8.3 security update. What, exactly, is a "Pluton"? The first of Dennis...
Security Now

SN 852: December 33rd – Log4j Update, RSA Postponed, Hack the DHS Expanded, Cyber Insurance Cost Rising

Picture of the Week. Log4j's 5th update. Microsoft's Log4j scanner triggers false positives. Chinese government is annoyed with Alibaba. "Hack the DHS" Bug Bounty Expanded. COVID postpones the RSA Conference. DuckDuckGo continues to grow. The cost of cyber insurance will likely be rising or perhaps terminated. "The...
Security Now

SN 851: Best of 2021 – The Year's Best Stories on Security Now

Leo Laporte walks through some of the highlights of the show and most impactful stories of 2021. Stories include: SolarWinds Hack Detailed By Microsoft Crispy Subtitles from Lay's Remembering Dan Kaminsky REvil Hacks Apple Supplier Quanta Computer The "Doom" CAPTCHA How Colonial Pipeline Was...
Security Now

SN 850: It's a Log4j Christmas – Another Chrome 0-Day, Cloud Clipboard Disabled, Wi-Fi/Bluetooth Leakage

Picture of the Week. Google's 16th exploited Chrome 0-day of the year. Firefox refuses to do Microsoft.com! Firefox disabled Microsoft's Cloud Clipboard. Weaknesses in all cellular networks since 2G. Cross Wi-Fi / Bluetooth leakage. "The Matrix Resurrections" aka "The Matrix 4". SpinRite. It's a Log4j Christmas. We invite...
Security Now

SN 849: Log4j & Log4Shell – Apple AirTag Abuse, Amazon Outage and Cloud Dependence, New WordPress Threats

Picture of the Week. Amazon outage and cloud dependence. AirTag Abuse. Windows 11 vs Your Browser of Choice. WordPress once again in the crosshairs. Closing the Loop. Sci-Fi. SpinRite. Log4j & Log4Shell. We invite you to read our show notes at https://www.grc.com/sn/SN-849-Notes.pdf Hosts: Steve Gibson and Leo Laporte...
Security Now

SN 848: XSinator – NSS Has a Bug, Botnet on the Blockchain, HP's Vulnerable Printers, Microsoft Edge Relief

Picture of the Week. Tavis finds a bad bug in NSS. Cheap Smartwatches for kids and babies? Additional VPN vendors just say no to Roskomnadzor! Windows 11 loosens its grip on Edge. RTF Templates being used to inject malicious content. A Malicious Botnet uses the...
Security Now

SN 847: Bogons Begone! – 0-Day Windows Exploit, Major MediaTek Flaw, Super Duper Secure Mode

Picture of the Week. "Super Duper Secure Mode" 37% of the world's smartphones are vulnerable. The RAT Dispenser. The Entirely Predictable 0-Day Windows Exploit. "The Frontiers Saga: Fringe Worlds" Closing the Loop. Bogons Begone! We invite you to read our show notes at https://www.grc.com/sn/SN-847-Notes.pdf Hosts:...
Security Now

SN 846: HTTP Request Smuggling – NetGear Routers 0-Day, The Most Brute Forced Passwords, GoDaddy Breach

Picture of the Week. An idea whose time has passed... The stats of brute force password attacks. The Most Common Passwords. GoDaddy Breached Bigtime! A heads-up about NetGear routers. HTTP Request Smuggling. We invite you to read our show notes at https://www.grc.com/sn/SN-846-Notes.pdf Hosts: Steve Gibson and...
Security Now

SN 845: Blacksmith – Patch Tuesday's 55 Flaws, The Zen of Code, Ryuk Ransomware Gang

Picture of the week. ~10,000 VPN/Firewall appliances from Palo Alto Networks vulnerable. The 0-Patch Guys Produce a Micropatch This brings me to "The Zen of Code" November's Patch Tuesday November broke something, but don't ask me what... Windows 11 received KB5007215 December promises to be Christmas...
Security Now

SN 844: Bluetooth Fingerprinting – Pwn2Own Austin, Unpatched GitLab Servers, Cisco's DEFAULT SSH Key

Picture of the Week. Lots of welcome progress on the ransomware front. Pwn2Own Austin: Last Tuesday-Thursday largest ever 3-day Fall 2021 Pwn2Own. Windows 11 snipping tool, its emoji picker, and other parts are failing. Trouble being created by unpatched GitLab servers. More supply chain...
Security Now

SN 843: Trojan Source – Chrome 0-days, Windows 11 confusion, VoIP DDos attacks, Dune

Chrome 0-days, Windows 11 confusion, VoIP DDoS attacks, Dune More 0-days for Chrome. Two naughty Firefox add-ons have been caught abusing an extension API. Windows 11 News: Can we print yet? A new Local Privilege Escalation affecting all versions of Windows. Ask your...
Security Now

SN 842: The More Things Change… – Gummy Browsers Attack, What Happened to REvil, Comms Hub, Win 11 Fixes

Picture of the Week. A sneak peak at November 9th upcoming Win11 fixes. Leo gets his wish!! REvil WAS recently re-taken down by Law Enforcement! Microsoft: "We're Excited to Announce the Launch of Comms Hub!" Microsoft: "Windows update expiration policy explained" And while we're...
Security Now

SN 841: Minh Duong's Epic Rickroll – REvil Gone for Good? Tianfu Cup 2021, Patch Tuesday Aftermath

Picture of the week. Windows 11 Watch - Don't update to Windows 11 unless you need to. Patch Tuesday - PrintNightmare fix to fix the previous print nightmare fix that broke other things. Point and Print feature is the problem, not a...
Security Now

SN 840: 0-Day Angst – Windows 11 Watch, Google's Universal 2SV, Twitch Hack, Patch Tuesday

Picture of the week. Windows 11 Watch: "AllowUpgradesWithUnsupportedTPMOrCPU" AMD processors running some apps up to 15% slower. The Windows 10 taskbar on Windows 11. Microsoft is disagreeing... with themselves. We have an update on the Windows Explorer RAM leak I mentioned previously... VirtualBox and Windows...

Linux Servers at Risk of RCE Due to Critical CWP Bugs

The two flaws in Control Web Panel – a popular web hosting management software used by 200K+ servers – allow code execution as root on Linux servers.

AT&T announces multi-gigabit fiber: $110 a month for 2Gbps, $180 for 5Gbps

Enlarge (credit: Getty Images | zf L) AT&T has started offering 2Gbps and 5Gbps symmetrical Internet speeds over its fiber-to-the-home network, the telecom company announced today. The multi-gigabit speeds are...

Registration for the (ISC)² Entry-Level Cybersecurity Certification Exam Pilot Program Is Now Open

New certification validates students' and career changers' foundational skills and helps kickstart their cybersecurity careers.
SecurityWeek

DC, 3 States Sue Google Saying it Invades Users' Privacy

The District of Columbia and three states are suing Google for allegedly deceiving consumers and invading their privacy by making it nearly impossible for them to stop their location from being tracked. read more
Security Affairs

A flaw in Rust Programming language could allow to delete files and directories

The maintainers of the Rust programming language fixed a high-severity flaw that could allow attackers to delete files and directories from a vulnerable system. The maintainers of the Rust programming language have released a security update for a high-severity...