Podcasts by Security Now (Audio)
Security Now could be the most important show you watch all week. Security guru Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, joins Leo Laporte every week to guide us through the minefield of ransomware, viruses, cyber espionage, hacking, etc.
Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 21:30 UTC.
Further podcasts by TWiT
Podcast on the topic Neues aus der Technik
All episodes
SN 951: Revisiting Browser Trust - ICANN RDRS, Beeper Mini, TikTok ban, .meme TLD from 2023-12-05T17:55:20
- How masked domain owners can be unmasked through ICANN's new Registration Data Request Service (RDRS)
- WhatsApp's addition of Secret Code for extra privacy protection in Chat Loc... Listen
SN 950: Leo Turns 67 - Fingerprint Security, Do-Not-Track from 2023-11-28T17:50:34
- Adobe Flash Player Updater is (still) desperately trying to update
- Veracrypt password security
- Firefox moves to 120 with a bunch of very nice new features
- Do... Listen
SN 949: Ethernet Turned 50 - Signal funding, X (Twitter) ad fallout, RCS for iPhone, TETRA review from 2023-11-21T18:03:26
- Privacy and Funding Challenges Facing Signal Messaging App
- Loss of Advertisers for Twitter After Controversial Tweet by Elon Musk
- Ransomware Group Files SEC Complaint ... Listen
SN 948: What if a Bit Flipped? - Privacy Badger, Downfall, OpenVPN, Windshield Barnacle, Article 45 from 2023-11-14T18:46:16
- Privacy Badger blocks trackers on news sites and prevents browser exposure to unwanted domains like TikTok and Datadog.
- No major updates on EU's controversial Article 45 in eIDA... Listen
SN 947: Article 45 - Citrix Bleed update, Ace Hardware cyberattack, Bitwarden get Passkeys from 2023-11-07T18:41:38
- Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key
- A quartet of new 0-day vulnerabilities in Exchange Server that Mi... Listen
SN 946: CitrixBleed - iMessage Contact Key Verification, HackerOne bug bounty news, CISA's Logging Made Easy from 2023-10-31T17:53:12
- What caused last week's connection interruption? Router was rebooting intermittently, but why?
- David Redekop of AdamNetworks explained their enterprise network security solution... Listen
SN 945: The Power of Privilege - New cURL vulnerabilities, CVSS 10.0 Cisco Nightmare, So long VBScript! from 2023-10-24T18:26
- How fake drives continue to be sold on Amazon despite negative reviews
- Microsoft is discontinuing support for the VBScript language
- The 30-year old NTLM authentication... Listen
SN 944: Abusing HTTP/2 Rapid Reset - Passkeys, ValiDrive follow-up, 2FA apps, pre-release Spinrite from 2023-10-17T19:57:15
- ValiDrive release follow-up
- Passkeys exportability and phishing risk
- Passkeys for device verification like SSH keys
- Possibility of hobby browsers vs. product... Listen
SN 943: The Top 10 Cybersecurity Misconfigurations - MACE Act Passed, Brave Layoffs, 23andMe Breached from 2023-10-10T18:30
- Steve announces the release of his new freeware utility ValiDrive for detecting fake drive capacities.
- 23andMe claims a recent data breach exposed customer info due to credentia... Listen
SN 942: Encrypting ClientHello - EXIM eMail Servers Exposed, Windows 11 Passkeys, Bing Chat Malware Risk from 2023-10-03T21:03:06
- Exim email server ignored ZDI's responsible disclosure of critical remote code execution flaws for over a year, putting millions of servers at risk.
- Malicious ads are appearing ... Listen
SN 941: We told you so! - NSA hacked Huawei? MS big AI data blunder, ValiDrive update from 2023-09-26T18:18:50
- Apple has quietly removed support for Postscript in macOS Ventura over security concerns with the outdated interpreter language.
- China has formally accused the NSA of hacking an... Listen
SN 867: A Critical Windows RPC RCE - Another Chrome 0-day, MS Patch-Fest, US Nuclear Systems Unhackable? from 2022-04-19T18:00
- Picture of the Week.
- Chrome's 3rd 0-day of 2022.
- Patch Tuesday Redux.
- WordPress once again...
- Apache Struts Framework needs a critical update. ... Listen
SN 866: Spring4Shell - Patch Tuesday, Microsoft's Autopatch System, NGINX 0-Day from 2022-04-12T17:30
- Picture of the Week.
- Could NGINX have a 0-day?
- Microsoft's new Autopatch system.
- Another instance of Russian Protest in JavaScript's repository.
- En... Listen
SN 865: Port Knocking - Wyze Gets Spanked, FinFisher Bites the Dust, Spring4Shell, LAPSUS$ Update from 2022-04-05T17:30
- Picture of the Week.
- 0-Day Watch.
- Spring Forward (Java: Spring4Shell)
- QNAP and the OpenSSL DoS vulnerability.
- Sophos has a 9.8.
- CISA orde... Listen
SN 864: Targeted Exploitation - Ukrainian ISP Challenges, Kaspersky Labs Banned in the US, Chrome 0-Day from 2022-03-29T17:00
- Picture of the Week.
- A high severity 0-day vulnerability update for Chrome.
- An interview with the CTO of a large Ukraine ISP, Ukrtelecom.
- NPM under attack, a... Listen
SN 863: Use After Free - OpenSSL Bug, Cybercrime Reporting Law, Node.js Supply Chain Compromise from 2022-03-22T18:00
- Picture of the Week.
- Report Cybercrime: It's the Law.
- A software supply chain compromise.
- Browser in the Browser.
- TrickBot, MicroTik & Microsof... Listen
SN 862: QWACs on? or QWACs off? - Patch Tuesday Recap, NVIDIA Hacked, EUFI Firmware Flaw, ProtonMail from 2022-03-15T16:00
- Picture of the Week.
- Patch Tuesday for the Industry.
- Android, too.
- Firefox emergency update.
- HP's major UEFI firmware patch-fest.
- The NVI... Listen
SN 861: Rogue Nation Cyber Consequences - Russia vs. Ukraine, Crypto, StarLink, Namecheap, Telegram from 2022-03-08T17:00
- Picture of the Week.
- The Russians are coming.
- Ukrainian "Cyber Unit Technologies" is paying for attacks on Russia.
- StarLink in Ukraine.
- Russia bloc... Listen
SN 860: Trust Dies in Darkness - Samsung's TrustZone Keymaster Design, Daxin, Windows 11 compatibility from 2022-03-01T19:23:04
- Picture of the Week.
- Honor among thieves?
- Daxin.
- Whither or Wither: Log4j / Log4Shell.
- "418 I'm a teapot"
- Will the US attack? ... Listen
SN 859: A BGP Routing Attack - UpdraftPlus, Xenomorph, Ukranian DDoS, The Bobiverse Trilogy from 2022-02-22T18:00
- Picture of the Week.
- The "UpdraftPlus" WordPress Plug-In.
- "Xenomorph"
- Decrypting "The Hive"
- Un-Pixelating redacted text.
- No Internet For ... Listen
SN 858: InControl - PHP Everywhere, Magento Emergency, Project Zero Stats, Goodbye WMIC, SeriousSAM from 2022-02-15T18:30
- Picture of the Week.
- A high-severity 0-day in Chrome.
- Apple updates against another 0-day.
- CISA thinks this Apple vulnerability is quite serious.
- W... Listen
SN 857: The Inept Panda - China Olympics, SAMBA CVS 9.9 Vulnerability, Microsoft Office 3rd Party Macros from 2022-02-08T18:00
- Picture of the Week.
- China's Olympics: Leave your tech at home.
- We have a serious CVS 9.9 remote code execution vulnerability in SAMBA.
- Living off the Land.<... Listen
SN 856: The "Topics" API - PwnKit Tech Details, DrawnApart, Zerodium Bug Bounties, Log4Shell Hits Ubiquiti from 2022-02-01T19:37:38
- Picture of the Week.
- Apple eliminates 0-days from iOS and macOS.
- Qualys published technical details for PwnKit.
- Log4Shell hits Ubiquiti. New bug bounties pos... Listen
SN 855: Inside the NetUSB Hack - Log4J Update, Cyber-Insurance and Ransomware, EU Bug Bounty Programs from 2022-01-25T17:00
- Picture of the Week.
- Log4J News.
- Who pays for RansomWare attack recovery?
- The rising cost of cyber-insurance.
- Another very dangerous WordPress add-... Listen
SN 854: Anatomy of a Log4j Exploit - Buggy KCode, WordPress Security from 2022-01-18T17:09:27
- Picture of the Week
- "Hack the Pentagon" with Log4j
- Open Source Software Security Summit
- Microsoft's January Patch Tuesday Review: The GOOD News
- Mic... Listen
SN 853: URL Parsing Vulnerabilities - US CISA on Log4J, WordPress Security Update, What Is a Pluton from 2022-01-11T18:00
- Picture of the Week.
- The US CISA Log4J status update.
- The H2 Database Console vulnerability.
- The Federal Trade Commission gets into the act!
- Chrome... Listen
SN 852: December 33rd - Log4j Update, RSA Postponed, Hack the DHS Expanded, Cyber Insurance Cost Rising from 2022-01-04T17:00
- Picture of the Week.
- Log4j's 5th update.
- Microsoft's Log4j scanner triggers false positives.
- Chinese government is annoyed with Alibaba.
- "Hack the ... Listen
SN 851: Best of 2021 - The Year's Best Stories on Security Now from 2021-12-28T09:02
Leo Laporte walks through some of the highlights of the show and most impactful stories of 2021. Stories include:
- SolarWinds Hack Detailed By Microsoft
- Crispy Subtitles fr... Listen
SN 850: It's a Log4j Christmas - Another Chrome 0-Day, Cloud Clipboard Disabled, Wi-Fi/Bluetooth Leakage from 2021-12-21T18:00
- Picture of the Week.
- Google's 16th exploited Chrome 0-day of the year.
- Firefox refuses to do Microsoft.com!
- Firefox disabled Microsoft's Cloud Cl... Listen
SN 849: Log4j & Log4Shell - Apple AirTag Abuse, Amazon Outage and Cloud Dependence, New WordPress Threats from 2021-12-14T18:00
- Picture of the Week.
- Amazon outage and cloud dependence.
- AirTag Abuse.
- Windows 11 vs Your Browser of Choice.
- WordPress once again in... Listen
SN 848: XSinator - NSS Has a Bug, Botnet on the Blockchain, HP's Vulnerable Printers, Microsoft Edge Relief from 2021-12-07T18:00
- Picture of the Week.
- Tavis finds a bad bug in NSS.
- Cheap Smartwatches for kids and babies?
- Additional VPN vendors just say no to Roskomnadzor! Listen
SN 847: Bogons Begone! - 0-Day Windows Exploit, Major MediaTek Flaw, Super Duper Secure Mode from 2021-11-30T17:00
- Picture of the Week.
- "Super Duper Secure Mode"
- 37% of the world's smartphones are vulnerable.
- The RAT Dispenser.
- The Entirely Predic... Listen
SN 846: HTTP Request Smuggling - NetGear Routers 0-Day, The Most Brute Forced Passwords, GoDaddy Breach from 2021-11-23T17:30
- Picture of the Week.
- An idea whose time has passed...
- The stats of brute force password attacks.
- The Most Common Passwords.
- GoDaddy ... Listen
SN 845: Blacksmith - Patch Tuesday's 55 Flaws, The Zen of Code, Ryuk Ransomware Gang from 2021-11-16T17:30
- Picture of the week.
- ~10,000 VPN/Firewall appliances from Palo Alto Networks vulnerable.
- The 0-Patch Guys Produce a Micropatch
- This brings me to ... Listen
SN 844: Bluetooth Fingerprinting - Pwn2Own Austin, Unpatched GitLab Servers, Cisco's DEFAULT SSH Key from 2021-11-09T18:00
- Picture of the Week.
- Lots of welcome progress on the ransomware front.
- Pwn2Own Austin: Last Tuesday-Thursday largest ever 3-day Fall 2021 Pwn2Own.
SN 843: Trojan Source - Chrome 0-days, Windows 11 confusion, VoIP DDos attacks, Dune from 2021-11-02T18:18:10
Chrome 0-days, Windows 11 confusion, VoIP DDoS attacks, Dune
- More 0-days for Chrome.
- Two naughty Firefox add-ons have been caught abusing an extension API. Listen
SN 842: The More Things Change... - Gummy Browsers Attack, What Happened to REvil, Comms Hub, Win 11 Fixes from 2021-10-26T17:00
- Picture of the Week.
- A sneak peak at November 9th upcoming Win11 fixes.
- Leo gets his wish!! REvil WAS recently re-taken down by Law Enforcement!
- ... Listen
SN 841: Minh Duong's Epic Rickroll - REvil Gone for Good? Tianfu Cup 2021, Patch Tuesday Aftermath from 2021-10-19T17:00
- Picture of the week.
- Windows 11 Watch - Don't update to Windows 11 unless you need to.
- Patch Tuesday - PrintNightmare fix to fix the previous print nightmare ... Listen
SN 840: 0-Day Angst - Windows 11 Watch, Google's Universal 2SV, Twitch Hack, Patch Tuesday from 2021-10-12T17:00
- Picture of the week.
- Windows 11 Watch: "AllowUpgradesWithUnsupportedTPMOrCPU"
- AMD processors running some apps up to 15% slower.
- The Windows 10 t... Listen
SN 839: “Something Went Wrong” - Windows 11 Released, New Android Trojan, Windows Explorer Memory Leak from 2021-10-05T17:00
- Picture of the Week.
- Another two, in-the-wild, true 0-days found and fixed in Chrome.
- Windows 11 arrives.
- A known memory leak in Windows Explorer... Listen
SN 838: autodiscover.fiasco - Epik Confirms Hack, Apple Annoys Bug Reporters, Chrome's 12th 0-Day in 2021 from 2021-09-28T16:30
- Picture of the Week.
- Chrome's 12th 0-day this year.
- Next up on this week's 0-day Watch... is Apple.
- Apple appears to be annoying their bug report... Listen
SN 837: Cobalt Strike - Android Auto-Revokes Permissions, DDoS on VoIP.ms, Patch Tuesday, Was GRC Pwned? from 2021-09-21T16:00
- Picture of the week.
- The DDoS attack on VoIP.ms.
- Patch Tuesday's Mixed Blessing.
- Android to auto-reset app permissions on many more devices. ... Listen
SN 836: The M?ris Botnet - 0-Day Attack on Office Docs, WFH and Security, Return of REvil from 2021-09-14T17:00
- Picture of the Week.
- A new worrisome 0-day attack against Office documents.
- Work From Home (WFH) — No problem?
- "Attacks only ever get better" Listen
SN 835: TPM v1.2 vs 2.0 - BlueTooth Troubles, Internet Anonymity, Apple CSAM, Light Chaser from 2021-09-07T18:00
- Picture of the Week.
- The Razor mouse & keyboard.
- The wishful phrase "Internet Anonymity" is an oxymoron.
- And speaking of Apple's client-side ... Listen
SN 834: Life: Hanging by a PIN - Credit Freeze vs. Credit Lock, SSD Bait & Switch, ProxyToken, Windows 11 from 2021-08-31T17:00
- Picture of the Week.
- Credit Freeze vs Credit Lock.
- T-Mobile hacker speaks!
- Where will Windows 11 run?
- ProxyToken.
- Tails... Listen
SN 833: Microsoft's Reasoned Neglect - T-Mobile's Major Data Leak, Razer Mouse Hack, Overlay Networks from 2021-08-24T17:00
- Picture of the week.
- Firefox soon to be blocking mixed-content downloads by default.
- The news from T-Mobile is all bad.
- Introducing ProxyLogon's ... Listen
SN 832: Microsoft's Culpable Negligence - Firefox Update, Magniber, Merger of Avast and NortonLifeLock from 2021-08-17T17:30
- Picture of the week.
- Firefox Update.
- Facebook finally adds end-to-end encryption to Messenger.
- Exploitation of PrintNightmare has begun.
Listen
SN 831: Apple's CSAM Mistake - Flawed Random Number Generator, Super Duper Secure Mode, TCP Stack Error from 2021-08-10T18:00
- Picture of the week.
- "You're Doing IoT RNG"
- The Pulse Secure VPN remains in trouble.
- And Cisco, too...
- Flaws found in another popula... Listen
SN 830: The BlackMatter Interview - Bad News for Firefox, DarkSide Returns, Tailscale, Google to Assume HTTPS from 2021-08-03T17:30
- Picture of the Week.
- Mozilla's Firefox Monthly Active Users (MAU) slowly but steadily drops.
- Google to finally assume HTTPS.
- The evolution of "In... Listen
SN 829: SeriousSAM & PetitPotam - Kaseya Universal Decryptor, Window's Process Hacker, Chrome 92 from 2021-07-27T17:00
- Picture of the Week.
- Faster and more efficient phishing detection in Chrome 92.
- A Universal Decryptor for all Kaseya victims.
- The printer driver ... Listen
SN 828: REvil Vanishes! - Chrome Zero-Day Vulnerability, iOS WiFi SSID Bug, Patch Tuesday Review from 2021-07-20T17:00
- Picture of the week
- Browser News
- The attacks on Google Chrome continue.
- Firefox special-cases anti-tracking for "Login With" functions.
SN 827: REvil's Clever Crypto - Microsoft Fails to Patch PrintNightmare & Sodinokibi Malware's Crypto Design from 2021-07-13T17:30
- Picture of the Week
- The "PrintNightmare Continues"
- Kaseya - Not nearly as bad as it could have been
- Ransomwhere site
- Microsoft Offic... Listen
SN 826: The Kaseya Saga - Microsoft PrintNightmare, WD's MyCloud OS3 Troubles, SpinRite in a BMW from 2021-07-06T17:30
- Picture of the Week.
- "PrintNightmare" is NOT CVE-2021-1675.
- The Authentication Dilemma.
- Western Digital steps up.
- WD's MyCloud OS3 T... Listen
SN 825: Halfway Through 2021 - Google's FLoC, $600M Ransomware Attack, Where Will Windows 11 Run? from 2021-06-29T17:30
- Picture of the week
- Google's FLoC has landed with a hard thud and is now-delayed
- The high cost of Ireland's recovery from the Conti ransomware attack
Listen
SN 824: Avaddon Ransonomics - Chrome 0-Day, Big Spinrite Update, iOS Wi-Fi Bug, Economics of Ransomware from 2021-06-22T18:00
- Picture of the Week.
- Another day, another Chrome 0-day.
- Ransomware perpetrators are increasingly purchasing access.
- A weird bug in iOS Wi-Fi. Listen
SN 823: TLS Confusion Attacks - TikTok Privacy, iOS 14.5 Tracking Permission, Industry-Wide Patch Tuesday from 2021-06-15T18:00
- Picture of the week.
- Being #1 is a mixed blessing.
- Industry wide patch Tuesday.
- TikTok Quietly Updated Its Privacy Policy to Collect Users' Biome... Listen
SN 822: Extrinsic Password Managers - Great CyberSecurity Awakening of 2021, NAT vs IPv6, Tavis Ormandy from 2021-06-08T18:00
- Picture of the week.
- The Great CyberSecurity Awakening of 2021.
- Firefox will soon auto-update on Windows even when it's not running.
- Edge takes i... Listen
SN 821: Epsilon Red - Chrome 91, Emsisoft's Ransomware Decryption Tool, Revisiting Amazon Sidewalk from 2021-06-01T18:00
- Photo of the Week.
- Chrome advances to 91.
- Emsisoft has created their own ransomware decryption tool.
- Stepping off the Sidewalk.
- Just... Listen
SN 820: The Dark Escrow - Firefox Fission, Doom CAPTCHA, Conti and CNA Financial Ransomware from 2021-05-25T17:30
- Picture of the Week.
- Firefox finally achieves sustained "Fission".
- Conti ransomware.
- CNA Financial pays up big.
- When they say IoT do... Listen
SN 819: The WiFi Frag Attacks - DarkSide Follow-Up, DarkTracer, Patch Tuesday, The Frontiers Saga from 2021-05-18T19:00
- Picture of the week.
- DarkSide Follow-Up.
- Follow The Money.
- Toshiba Attacked by DarkSide.
- Ransomware topics off-limits here.
Listen
SN 818: News From the Darkside - Exim Email Server, Tor's Exit Nodes, TsuNAME, Project Hail Mary from 2021-05-11T17:00
- Picture of the week.
- TsuNAME - "DNS Configuration Flaw Lets Attackers Take Down DNS Servers"
- Huh Google?
- Tor's Exit Nodes.
- 21 Nails ... Listen
SN 817: The Ransomware Task Force - Scripps Health, REvil Hacks Quanta Computer, Emotet Botnet, QNAP from 2021-05-04T18:00
- Picture of the Week.
- REvil hacks Apple supplier Quanta Computer.
- World-famous Scripps Health taken down.
- The Big Emotet Botnet Takedown.
Listen
SN 816: The Mystery of AS8003 - Remembering Dan Kaminski, Project Zero, Unethical Security Research from 2021-04-27T19:30
- Remembering Dan Kaminski.
- Week before last was Patch Tuesday.
- Google's Project Zero responds to today's patch latency reality.
- Baking security in... Listen
SN 816: The Mystery of AS8003 - Remembering Dan Kaminsky, Project Zero, Unethical Security Research from 2021-04-27T17:30
- Remembering Dan Kaminsky.
- Week before last was Patch Tuesday.
- Google's Project Zero responds to today's patch latency reality.
- Baking security in... Listen
SN 815: Homogeneity Attacks - Is FLoC All That Bad?, Humble Bundle For Programmers, Chrome 90 from 2021-04-20T18:00
- Club TWiT details.
- Picture of the Week.
- The Vivaldi Project's take on FLoC.
- Chrome continues to be THE high-value target.
- We're at C... Listen
SN 814: PwnIt And OwnIt - Why Port 10080 is Blocked, FLoC Rollout, PHP GIT Hack Revisited, CISCO Router Problems from 2021-04-13T17:30
- Picture of the week.
- The Slips keep Streaming.
- Are You FLoC'ed?
- The PHP GIT Hack, revisited.
- CISCO abandons old routers having probl... Listen
SN 813: A Spy in Our Pocket - Ubiquity Coverup, Facebook Data Dump, Malicious Call of Duty Cheats from 2021-04-06T17:00
Ubiquity coverup, Facebook data dump, malicious Call of Duty cheats.
- The Ubiquiti Coverup.
- Facebook's 533,313,128 Million User Whoopsie!
- Don't mes... Listen
SN 812: GIT Me Some PHP - Spectre Returns to Linux, API Security, OpenSSL Flaws, SolarWinds from 2021-03-30T17:30
Spectre returns to Linux, API Security, OpenSSL flaws, SolarWinds.
- Picture of the week.
- ProxyLogon Update.
- Spectre returns to Linux.
- ... Listen
SN 811: What the FLoC? - Automatic Fix for Exchange Server Flaw, Firefox 87 Features, MyBB Patch from 2021-03-23T17:00
Automatic fix for Exchange Server flaw, Firefox 87 features, MyBB patch.
- Dave's Garage on YouTube.
- The latest update on the ProxyLogon fiasco is from Microsoft... Listen
SN 810: ProxyLogon - New Chrome 0-Day, Patch Tuesday Redux, Spectre Comes to Chrome from 2021-03-16T18:00
New Chrome 0-Day, Patch Tuesday Redux, Spectre Comes to Chrome.
- Chrome closes another 0-day.
- This v89 of Chrome also lost some weight.
- Spectre com... Listen
SN 809: Hafnium - Dependency Confusion, Intel Side Channel Attacks, Crispy Subtitles From Lay's from 2021-03-09T18:30
Dependency confusion, Intel Side Channel Attacks, Crispy Subtitles from Lay's.
- Picture of the week.
- 47 fixes in Chrome 89.0.4389.72.
- Crispy Subtit... Listen
SN 808: CNAME Collusion - Seven Exchange 0-Days, Firefox Enhanced Tracking Protection, SolarWinds Password from 2021-03-02T19:00
Seven Exchange 0-days, Firefox Enhanced Tracking Protection, SolarWinds Password.
- Chrome to default to trying HTTPS first when not specified.
- Firefox's "Enhanc... Listen
SN 807: Dependency Confusion - SHAREit's Security Update, Solorigate, Brave's "Private Window With Tor" from 2021-02-23T17:30
SHAREit's security update, Solorigate, Brave's "Private Window with Tor".
- SHAREit Follow-up
- This Week in Web Browser Tracking
- Brave's "Private Win... Listen
SN 806: C.O.M.B. - Florida Water Supply Hack Update, Major Patch Tuesday, Android SHAREit Vulnerability from 2021-02-16T19:30
Florida water supply hack update, Major patch Tuesday, Android SHAREit vulnerability.
- Pic of the week.
- New info in the Oldsmar, Florida water supply attack. Listen
SN 805: SCADA Scandal - Defender Thinks Chrome is Malware, Plex Media Servers in DDoS Attacks from 2021-02-09T19:30
Defender thinks Chrome is malware, Plex Media Servers in DDoS attacks.
- Picture of the Week.
- Google has been busy with Chrome.
- Google Chrome Heap B... Listen
SN 804: NAT Slipstreaming 2.0 - SUDO Was Pseudo Secure, BigNox Supply-Chain Attack, iMessage in a Sandbox from 2021-02-02T20:30
SUDO was pseudo secure, BigNox supply-chain attack, iMessage in a sandbox.
- Picture of the Week.
- Chrome rescinding another CA's root cert.
- An urgen... Listen
SN 792: NAT Firewall Bypass - SlipStream NAT Firewall Bypass, MS Police Use Ring Doorbell Cams from 2021-01-31T22:10:42.023393
SlipStream NAT firewall bypass, MS Police use Ring doorbell cams.
- Let's Encrypt's cross-signed root expires next year
- Chrome updates on Windows, macOS, Linux, and Android ... Listen
SN 791: Google's Root Program - Google One VPN, WordPress Update Fail, Windows 7 0-Day from 2021-01-31T22:10:42.023393
Google One VPN, WordPress update fail, Windows 7 0-Day.
- A new 0-day in Win7 through Win10
- A public service reminder from Microsoft
- Google One adding an Android VP... Listen
SN 790: Top 25 Vulnerabilities - Chrome 0-Day, Edge for Linux, WordPress Loginizer from 2021-01-31T22:10:42.023393
Chrome 0-Day, Edge for Linux, WordPress Loginizer.
- Top 25 Vulnerabilities
- Critical 0-day in Chrome
- Chrome 86 is now blocking slippery notifications
- Site ... Listen
SN 789: Anatomy of a Ryuk Attack - Zoom End-to-End Encryption, Windows 10 God Mode, Manifest v3 from 2021-01-31T22:10:42.023393
Zoom end-to-end encryption, Windows 10 god mode, Manifest v3.
- Last Wednesday, Zoom announced that THIS week their 30-evaluation of end-to-end encrypted video conferencing would beg... Listen
SN 788: Well Known URI's - Carnival Cruise Hack, ZeroLogon, Five Eyes vs Encryption from 2021-01-31T22:10:42.023393
Carnival Cruise hack, ZeroLogon, Five Eyes vs Encryption.
- Chrome gets 86'd!
- Carnival Cruise Line Hack
- The largest company you've never heard of gets hit by ransom... Listen
SN 787: Why Win7 Lives On - Android Security, Windows 7 Security, Microsoft Defender from 2021-01-31T22:10:42.023393
Android Security, Windows 7 Security, Microsoft Defender.
- Google to get even more proactive about Android security
- Why are people sticking with Windows 7?
- And Goo... Listen
SN 786: ZeroLogon++ - Amazon Flying Security Cam, ZeroLogon on GitHub, Ransomware Roundup from 2021-01-31T22:10:42.023393
Amazon flying security cam, ZeroLogon on GitHub, ransomware roundup.
- What could possibly go wrong: Amazon/Ring's autonomous flying home security webcam
- Evil ransomware gan... Listen
SN 785: Formal Verification - iOS 14 & Android 11 Security Features, DuckDuckGo Gets Big from 2021-01-31T22:10:42.023393
iOS 14 & Android 11 security features, DuckDuckGo gets big.
- The most important iOS 14 privacy & security features
- All of Android 11's new privacy & security fe... Listen
SN 784: BlindSide & BLURtooth - Chrome vs Abusive Ads, Patch Tuesday Palooza from 2021-01-31T22:10:42.023393
Chrome vs abusive ads, patch Tuesday palooza.
- BlindSide and BLURtooth
- Chrome gets tough on abusive ads
- The last hurrah for IE & Flash exploits
- Chromi... Listen
SN 783: IoT Isolation Strategies - Isolate Your IoT Devices, Threema Goes Open-Source from 2021-01-31T22:10:42.023393
Isolate your IoT devices, Threema goes open-source.
- IoT Isolation Strategies
- DoH coming to Chrome for Android
- Bye Bye Drive-By Downloads
- Threema goes Ope... Listen
SN 793: SAD DNS - Malicious Android Apps, Ransomware-as-a-Service from 2021-01-31T22:10:42.023393
Malicious Android apps, ransomware-as-a-service.
- Where do most malicious Android apps come from?
- SAD DNS is a revival of the classic DNS cache poisoning attack
- Ho... Listen
SN 803: Comparative Smartphone Security - Browser Password Managers, Adobe Flash Repercussions, SolarWinds from 2021-01-26T20:00
Browser password managers, Adobe Flash repercussions, SolarWinds.
- Chrome and Edge have beefed-up their built-in password managers.
- The random repercussions ass... Listen
SN 802: Where the Plaintext Is - 2021's First Patch Tuesday, Titan Security Key Side-Channel Attack, WhatsApp from 2021-01-19T19:30
2021's first Patch Tuesday, Titan Security Key side-channel attack, WhatsApp.
- When is Chrome not Chromium?
- A major DuckDuckGo milestone.
- Project Z... Listen
SN 801: Out With The Old - SolarWinds Smoking Gun, Signal Influx of WhatsApp Users, Male Chastity Cage from 2021-01-12T19:00
SolarWinds smoking gun, Signal influx of WhatsApp users, male chastity cage.
- Firefox and Chromium updates address remote system take over bugs.
- Tenable researc... Listen
SN 800: SolarBlizzard - SolarWinds' Orion Software, Swatting Goes IoT, PHP Zend Framework Vulnerability from 2021-01-05T19:00
SolarWinds' Orion software, swatting goes IoT, PHP Zend Framework vulnerability.
- Chrome struggles with A/V pre-scan file locking.
- Zyxel security products prote... Listen
SN 799: Sunburst & Supernova - Ransomware Task Force, Chrome 87, Firefox Caches, Preserving Flash Video from 2020-12-29T18:30
Ransomware Task Force, Chrome 87, Firefox caches, preserving Flash video.
- Chrome 87 backs away from Insecure Form Warnings.
- Firefox to begin partitioning its c... Listen
SN 798: Best of 2020 - The Year's Best Stories on Security Now from 2020-12-22T12:00
Leo Laporte walks through some of the highlights of the show and most impactful stories of 2020. Stories include:
- Clearview AI face scanning.
- The "EARN IT" act... Listen
SN 797: SolarWinds - Chrome Throttling Ads, Google Outage, 2020 Pwnie Awards, JavaScript's 25th Birthday from 2020-12-15T20:00
Chrome throttling ads, Google outage, 2020 Pwnie Awards, JavaScript's 25th birthday.
- Chrome's heavy ad intervention.
- Adrozek.
- Ransomware: "Double ... Listen
SN 796: Amazon Sidewalk - Google Play Core Library, iOS Zero-Click Radio Proximity Exploit, Apple M1 Chip from 2020-12-08T19:00
Google Play Core Library, iOS zero-click radio proximity exploit, Apple M1 chip.
- Ransomware news regarding Foxconn, Egregor, and K12 Inc.
- The Apple iPhone zero... Listen
SN 795: DNS Consolidation - Generic Smart Doorbells, Tesla Model X Key Fobs, Critical Drupal Flaw, Spotify from 2020-12-01T20:00
Generic smart doorbells, Tesla Model X key fobs, critical Drupal flaw, Spotify.
- Chrome Omnibox becomes more Omni.
- Chrome's open tabs search.
- Ranso... Listen
SN 794: Cicada - Ongoing WordPress Attack, RCS Gets End-to-End Encryption from 2020-11-24T18:30
Ongoing WordPress attack, RCS gets End-to-end encryption.
- Chrome moves to release 87.
- Explicit Publication of Privacy Practices.
- Firefox 83 gets H... Listen