Podcasts by Security Now (Audio)

Security Now (Audio)

Security Now could be the most important show you watch all week. Security guru Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, joins Leo Laporte every week to guide us through the minefield of ransomware, viruses, cyber espionage, hacking, etc.

Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 21:30 UTC.

Further podcasts by TWiT

Podcast on the topic Neues aus der Technik

All episodes

Security Now (Audio)
SN 951: Revisiting Browser Trust - ICANN RDRS, Beeper Mini, TikTok ban, .meme TLD from 2023-12-05T17:55:20

  • How masked domain owners can be unmasked through ICANN's new Registration Data Request Service (RDRS)
  • WhatsApp's addition of Secret Code for extra privacy protection in Chat Loc...

    Listen
Security Now (Audio)
SN 950: Leo Turns 67 - Fingerprint Security, Do-Not-Track from 2023-11-28T17:50:34

  • Adobe Flash Player Updater is (still) desperately trying to update
  • Veracrypt password security
  • Firefox moves to 120 with a bunch of very nice new features
  • Do...

    Listen
Security Now (Audio)
SN 949: Ethernet Turned 50 - Signal funding, X (Twitter) ad fallout, RCS for iPhone, TETRA review from 2023-11-21T18:03:26

  • Privacy and Funding Challenges Facing Signal Messaging App
  • Loss of Advertisers for Twitter After Controversial Tweet by Elon Musk
  • Ransomware Group Files SEC Complaint ...

    Listen
Security Now (Audio)
SN 948: What if a Bit Flipped? - Privacy Badger, Downfall, OpenVPN, Windshield Barnacle, Article 45 from 2023-11-14T18:46:16

  • Privacy Badger blocks trackers on news sites and prevents browser exposure to unwanted domains like TikTok and Datadog.
  • No major updates on EU's controversial Article 45 in eIDA...

    Listen
Security Now (Audio)
SN 947: Article 45 - Citrix Bleed update, Ace Hardware cyberattack, Bitwarden get Passkeys from 2023-11-07T18:41:38

  • Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key
  • A quartet of new 0-day vulnerabilities in Exchange Server that Mi...

    Listen
Security Now (Audio)
SN 946: CitrixBleed - iMessage Contact Key Verification, HackerOne bug bounty news, CISA's Logging Made Easy from 2023-10-31T17:53:12

  • What caused last week's connection interruption? Router was rebooting intermittently, but why?
  • David Redekop of AdamNetworks explained their enterprise network security solution...

    Listen
Security Now (Audio)
SN 945: The Power of Privilege - New cURL vulnerabilities, CVSS 10.0 Cisco Nightmare, So long VBScript! from 2023-10-24T18:26

  • How fake drives continue to be sold on Amazon despite negative reviews
  • Microsoft is discontinuing support for the VBScript language
  • The 30-year old NTLM authentication...

    Listen
Security Now (Audio)
SN 944: Abusing HTTP/2 Rapid Reset - Passkeys, ValiDrive follow-up, 2FA apps, pre-release Spinrite from 2023-10-17T19:57:15

  • ValiDrive release follow-up
  • Passkeys exportability and phishing risk
  • Passkeys for device verification like SSH keys
  • Possibility of hobby browsers vs. product...

    Listen
Security Now (Audio)
SN 943: The Top 10 Cybersecurity Misconfigurations - MACE Act Passed, Brave Layoffs, 23andMe Breached from 2023-10-10T18:30

  • Steve announces the release of his new freeware utility ValiDrive for detecting fake drive capacities.
  • 23andMe claims a recent data breach exposed customer info due to credentia...

    Listen
Security Now (Audio)
SN 942: Encrypting ClientHello - EXIM eMail Servers Exposed, Windows 11 Passkeys, Bing Chat Malware Risk from 2023-10-03T21:03:06

  • Exim email server ignored ZDI's responsible disclosure of critical remote code execution flaws for over a year, putting millions of servers at risk.
  • Malicious ads are appearing ...

    Listen
Security Now (Audio)
SN 941: We told you so! - NSA hacked Huawei? MS big AI data blunder, ValiDrive update from 2023-09-26T18:18:50

  • Apple has quietly removed support for Postscript in macOS Ventura over security concerns with the outdated interpreter language.
  • China has formally accused the NSA of hacking an...

    Listen
Security Now (Audio)
SN 867: A Critical Windows RPC RCE - Another Chrome 0-day, MS Patch-Fest, US Nuclear Systems Unhackable? from 2022-04-19T18:00

  • Picture of the Week.
  • Chrome's 3rd 0-day of 2022.
  • Patch Tuesday Redux.
  • WordPress once again...
  • Apache Struts Framework needs a critical update.
  • ...

    Listen
Security Now (Audio)
SN 866: Spring4Shell - Patch Tuesday, Microsoft's Autopatch System, NGINX 0-Day from 2022-04-12T17:30

  • Picture of the Week.
  • Could NGINX have a 0-day?
  • Microsoft's new Autopatch system.
  • Another instance of Russian Protest in JavaScript's repository.
  • En...

    Listen
Security Now (Audio)
SN 865: Port Knocking - Wyze Gets Spanked, FinFisher Bites the Dust, Spring4Shell, LAPSUS$ Update from 2022-04-05T17:30

  • Picture of the Week.
  • 0-Day Watch.
  • Spring Forward (Java: Spring4Shell)
  • QNAP and the OpenSSL DoS vulnerability.
  • Sophos has a 9.8.
  • CISA orde...

    Listen
Security Now (Audio)
SN 864: Targeted Exploitation - Ukrainian ISP Challenges, Kaspersky Labs Banned in the US, Chrome 0-Day from 2022-03-29T17:00

  • Picture of the Week.
  • A high severity 0-day vulnerability update for Chrome.
  • An interview with the CTO of a large Ukraine ISP, Ukrtelecom.
  • NPM under attack, a...

    Listen
Security Now (Audio)
SN 863: Use After Free - OpenSSL Bug, Cybercrime Reporting Law, Node.js Supply Chain Compromise from 2022-03-22T18:00

  • Picture of the Week.
  • Report Cybercrime: It's the Law.
  • A software supply chain compromise.
  • Browser in the Browser.
  • TrickBot, MicroTik & Microsof...

    Listen
Security Now (Audio)
SN 862: QWACs on? or QWACs off? - Patch Tuesday Recap, NVIDIA Hacked, EUFI Firmware Flaw, ProtonMail from 2022-03-15T16:00

  • Picture of the Week.
  • Patch Tuesday for the Industry.
  • Android, too.
  • Firefox emergency update.
  • HP's major UEFI firmware patch-fest.
  • The NVI...

    Listen
Security Now (Audio)
SN 861: Rogue Nation Cyber Consequences - Russia vs. Ukraine, Crypto, StarLink, Namecheap, Telegram from 2022-03-08T17:00

  • Picture of the Week.
  • The Russians are coming.
  • Ukrainian "Cyber Unit Technologies" is paying for attacks on Russia.
  • StarLink in Ukraine.
  • Russia bloc...

    Listen
Security Now (Audio)
SN 860: Trust Dies in Darkness - Samsung's TrustZone Keymaster Design, Daxin, Windows 11 compatibility from 2022-03-01T19:23:04

  • Picture of the Week. 
  • Honor among thieves? 
  • Daxin. 
  • Whither or Wither: Log4j / Log4Shell. 
  • "418 I'm a teapot" 
  • Will the US attack? 
  • ...

    Listen
Security Now (Audio)
SN 859: A BGP Routing Attack - UpdraftPlus, Xenomorph, Ukranian DDoS, The Bobiverse Trilogy from 2022-02-22T18:00

  • Picture of the Week.
  • The "UpdraftPlus" WordPress Plug-In.
  • "Xenomorph"
  • Decrypting "The Hive"
  • Un-Pixelating redacted text.
  • No Internet For ...

    Listen
Security Now (Audio)
SN 858: InControl - PHP Everywhere, Magento Emergency, Project Zero Stats, Goodbye WMIC, SeriousSAM from 2022-02-15T18:30

  • Picture of the Week.
  • A high-severity 0-day in Chrome.
  • Apple updates against another 0-day.
  • CISA thinks this Apple vulnerability is quite serious.
  • W...

    Listen
Security Now (Audio)
SN 857: The Inept Panda - China Olympics, SAMBA CVS 9.9 Vulnerability, Microsoft Office 3rd Party Macros from 2022-02-08T18:00

  • Picture of the Week.
  • China's Olympics: Leave your tech at home.
  • We have a serious CVS 9.9 remote code execution vulnerability in SAMBA.
  • Living off the Land.<...

    Listen
Security Now (Audio)
SN 856: The "Topics" API - PwnKit Tech Details, DrawnApart, Zerodium Bug Bounties, Log4Shell Hits Ubiquiti from 2022-02-01T19:37:38

  • Picture of the Week.
  • Apple eliminates 0-days from iOS and macOS.
  • Qualys published technical details for PwnKit.
  • Log4Shell hits Ubiquiti. New bug bounties pos...

    Listen
Security Now (Audio)
SN 855: Inside the NetUSB Hack - Log4J Update, Cyber-Insurance and Ransomware, EU Bug Bounty Programs from 2022-01-25T17:00

  • Picture of the Week.
  • Log4J News.
  • Who pays for RansomWare attack recovery?
  • The rising cost of cyber-insurance.
  • Another very dangerous WordPress add-...

    Listen
Security Now (Audio)
SN 854: Anatomy of a Log4j Exploit - Buggy KCode, WordPress Security from 2022-01-18T17:09:27

  • Picture of the Week
  • "Hack the Pentagon" with Log4j
  • Open Source Software Security Summit
  • Microsoft's January Patch Tuesday Review: The GOOD News
  • Mic...

    Listen
Security Now (Audio)
SN 853: URL Parsing Vulnerabilities - US CISA on Log4J, WordPress Security Update, What Is a Pluton from 2022-01-11T18:00

  • Picture of the Week.
  • The US CISA Log4J status update.
  • The H2 Database Console vulnerability.
  • The Federal Trade Commission gets into the act!
  • Chrome...

    Listen
Security Now (Audio)
SN 852: December 33rd - Log4j Update, RSA Postponed, Hack the DHS Expanded, Cyber Insurance Cost Rising from 2022-01-04T17:00

  • Picture of the Week.
  • Log4j's 5th update.
  • Microsoft's Log4j scanner triggers false positives.
  • Chinese government is annoyed with Alibaba.
  • "Hack the ...

    Listen
Security Now (Audio)
SN 851: Best of 2021 - The Year's Best Stories on Security Now from 2021-12-28T09:02

Leo Laporte walks through some of the highlights of the show and most impactful stories of 2021. Stories include:

  • SolarWinds Hack Detailed By Microsoft
  • Crispy Subtitles fr...

    Listen
Security Now (Audio)
SN 850: It's a Log4j Christmas - Another Chrome 0-Day, Cloud Clipboard Disabled, Wi-Fi/Bluetooth Leakage from 2021-12-21T18:00


  • Picture of the Week.

  • Google's 16th exploited Chrome 0-day of the year.

  • Firefox refuses to do Microsoft.com!

  • Firefox disabled Microsoft's Cloud Cl...

    Listen
Security Now (Audio)
SN 849: Log4j & Log4Shell - Apple AirTag Abuse, Amazon Outage and Cloud Dependence, New WordPress Threats from 2021-12-14T18:00


  • Picture of the Week.

  • Amazon outage and cloud dependence.

  • AirTag Abuse.

  • Windows 11 vs Your Browser of Choice.

  • WordPress once again in...

    Listen
Security Now (Audio)
SN 848: XSinator - NSS Has a Bug, Botnet on the Blockchain, HP's Vulnerable Printers, Microsoft Edge Relief from 2021-12-07T18:00


  • Picture of the Week.

  • Tavis finds a bad bug in NSS.

  • Cheap Smartwatches for kids and babies?

  • Additional VPN vendors just say no to Roskomnadzor! Listen
Security Now (Audio)
SN 847: Bogons Begone! - 0-Day Windows Exploit, Major MediaTek Flaw, Super Duper Secure Mode from 2021-11-30T17:00


  • Picture of the Week.

  • "Super Duper Secure Mode"

  • 37% of the world's smartphones are vulnerable.

  • The RAT Dispenser.

  • The Entirely Predic...

    Listen
Security Now (Audio)
SN 846: HTTP Request Smuggling - NetGear Routers 0-Day, The Most Brute Forced Passwords, GoDaddy Breach from 2021-11-23T17:30


  • Picture of the Week.

  • An idea whose time has passed...

  • The stats of brute force password attacks.

  • The Most Common Passwords.

  • GoDaddy ...

    Listen
Security Now (Audio)
SN 845: Blacksmith - Patch Tuesday's 55 Flaws, The Zen of Code, Ryuk Ransomware Gang from 2021-11-16T17:30


  • Picture of the week.

  • ~10,000 VPN/Firewall appliances from Palo Alto Networks vulnerable.

  • The 0-Patch Guys Produce a Micropatch

  • This brings me to ...

    Listen
Security Now (Audio)
SN 844: Bluetooth Fingerprinting - Pwn2Own Austin, Unpatched GitLab Servers, Cisco's DEFAULT SSH Key from 2021-11-09T18:00


  • Picture of the Week.

  • Lots of welcome progress on the ransomware front.

  • Pwn2Own Austin: Last Tuesday-Thursday largest ever 3-day Fall 2021 Pwn2Own.

  • Listen
Security Now (Audio)
SN 843: Trojan Source - Chrome 0-days, Windows 11 confusion, VoIP DDos attacks, Dune from 2021-11-02T18:18:10


Chrome 0-days, Windows 11 confusion, VoIP DDoS attacks, Dune


  • More 0-days for Chrome.

  • Two naughty Firefox add-ons have been caught abusing an extension API. Listen
Security Now (Audio)
SN 842: The More Things Change... - Gummy Browsers Attack, What Happened to REvil, Comms Hub, Win 11 Fixes from 2021-10-26T17:00


  • Picture of the Week.

  • A sneak peak at November 9th upcoming Win11 fixes.

  • Leo gets his wish!! REvil WAS recently re-taken down by Law Enforcement!

  • ...

    Listen
Security Now (Audio)
SN 841: Minh Duong's Epic Rickroll - REvil Gone for Good? Tianfu Cup 2021, Patch Tuesday Aftermath from 2021-10-19T17:00


  • Picture of the week.

  • Windows 11 Watch - Don't update to Windows 11 unless you need to.

  • Patch Tuesday - PrintNightmare fix to fix the previous print nightmare ...

    Listen
Security Now (Audio)
SN 840: 0-Day Angst - Windows 11 Watch, Google's Universal 2SV, Twitch Hack, Patch Tuesday from 2021-10-12T17:00


  • Picture of the week.

  • Windows 11 Watch: "AllowUpgradesWithUnsupportedTPMOrCPU"

  • AMD processors running some apps up to 15% slower.

  • The Windows 10 t...

    Listen
Security Now (Audio)
SN 839: “Something Went Wrong” - Windows 11 Released, New Android Trojan, Windows Explorer Memory Leak from 2021-10-05T17:00


  • Picture of the Week.

  • Another two, in-the-wild, true 0-days found and fixed in Chrome.

  • Windows 11 arrives.

  • A known memory leak in Windows Explorer...

    Listen
Security Now (Audio)
SN 838: autodiscover.fiasco - Epik Confirms Hack, Apple Annoys Bug Reporters, Chrome's 12th 0-Day in 2021 from 2021-09-28T16:30


  • Picture of the Week.

  • Chrome's 12th 0-day this year.

  • Next up on this week's 0-day Watch... is Apple.

  • Apple appears to be annoying their bug report...

    Listen
Security Now (Audio)
SN 837: Cobalt Strike - Android Auto-Revokes Permissions, DDoS on VoIP.ms, Patch Tuesday, Was GRC Pwned? from 2021-09-21T16:00


  • Picture of the week.

  • The DDoS attack on VoIP.ms.

  • Patch Tuesday's Mixed Blessing.

  • Android to auto-reset app permissions on many more devices.
  • ...

    Listen
Security Now (Audio)
SN 836: The M?ris Botnet - 0-Day Attack on Office Docs, WFH and Security, Return of REvil from 2021-09-14T17:00


  • Picture of the Week.

  • A new worrisome 0-day attack against Office documents.

  • Work From Home (WFH) — No problem?

  • "Attacks only ever get better" Listen
Security Now (Audio)
SN 835: TPM v1.2 vs 2.0 - BlueTooth Troubles, Internet Anonymity, Apple CSAM, Light Chaser from 2021-09-07T18:00


  • Picture of the Week.

  • The Razor mouse & keyboard.

  • The wishful phrase "Internet Anonymity" is an oxymoron.

  • And speaking of Apple's client-side ...

    Listen
Security Now (Audio)
SN 834: Life: Hanging by a PIN - Credit Freeze vs. Credit Lock, SSD Bait & Switch, ProxyToken, Windows 11 from 2021-08-31T17:00


  • Picture of the Week.

  • Credit Freeze vs Credit Lock.

  • T-Mobile hacker speaks!

  • Where will Windows 11 run?

  • ProxyToken.

  • Tails...

    Listen
Security Now (Audio)
SN 833: Microsoft's Reasoned Neglect - T-Mobile's Major Data Leak, Razer Mouse Hack, Overlay Networks from 2021-08-24T17:00


  • Picture of the week.

  • Firefox soon to be blocking mixed-content downloads by default.

  • The news from T-Mobile is all bad.

  • Introducing ProxyLogon's ...

    Listen
Security Now (Audio)
SN 832: Microsoft's Culpable Negligence - Firefox Update, Magniber, Merger of Avast and NortonLifeLock from 2021-08-17T17:30


  • Picture of the week.

  • Firefox Update.

  • Facebook finally adds end-to-end encryption to Messenger.

  • Exploitation of PrintNightmare has begun.

  • Listen
Security Now (Audio)
SN 831: Apple's CSAM Mistake - Flawed Random Number Generator, Super Duper Secure Mode, TCP Stack Error from 2021-08-10T18:00


  • Picture of the week.

  • "You're Doing IoT RNG"

  • The Pulse Secure VPN remains in trouble.

  • And Cisco, too...

  • Flaws found in another popula...

    Listen
Security Now (Audio)
SN 830: The BlackMatter Interview - Bad News for Firefox, DarkSide Returns, Tailscale, Google to Assume HTTPS from 2021-08-03T17:30


  • Picture of the Week.

  • Mozilla's Firefox Monthly Active Users (MAU) slowly but steadily drops.

  • Google to finally assume HTTPS.

  • The evolution of "In...

    Listen
Security Now (Audio)
SN 829: SeriousSAM & PetitPotam - Kaseya Universal Decryptor, Window's Process Hacker, Chrome 92 from 2021-07-27T17:00


  • Picture of the Week.

  • Faster and more efficient phishing detection in Chrome 92.

  • A Universal Decryptor for all Kaseya victims.

  • The printer driver ...

    Listen
Security Now (Audio)
SN 828: REvil Vanishes! - Chrome Zero-Day Vulnerability, iOS WiFi SSID Bug, Patch Tuesday Review from 2021-07-20T17:00


  • Picture of the week

  • Browser News
    • The attacks on Google Chrome continue.

    • Firefox special-cases anti-tracking for "Login With" functions.

    <...

    Listen
Security Now (Audio)
SN 827: REvil's Clever Crypto - Microsoft Fails to Patch PrintNightmare & Sodinokibi Malware's Crypto Design from 2021-07-13T17:30


  • Picture of the Week

  • The "PrintNightmare Continues"

  • Kaseya - Not nearly as bad as it could have been

  • Ransomwhere site

  • Microsoft Offic...

    Listen
Security Now (Audio)
SN 826: The Kaseya Saga - Microsoft PrintNightmare, WD's MyCloud OS3 Troubles, SpinRite in a BMW from 2021-07-06T17:30


  • Picture of the Week.

  • "PrintNightmare" is NOT CVE-2021-1675.

  • The Authentication Dilemma.

  • Western Digital steps up.

  • WD's MyCloud OS3 T...

    Listen
Security Now (Audio)
SN 825: Halfway Through 2021 - Google's FLoC, $600M Ransomware Attack, Where Will Windows 11 Run? from 2021-06-29T17:30


  • Picture of the week

  • Google's FLoC has landed with a hard thud and is now-delayed

  • The high cost of Ireland's recovery from the Conti ransomware attack

  • Listen
Security Now (Audio)
SN 824: Avaddon Ransonomics - Chrome 0-Day, Big Spinrite Update, iOS Wi-Fi Bug, Economics of Ransomware from 2021-06-22T18:00


  • Picture of the Week.

  • Another day, another Chrome 0-day.

  • Ransomware perpetrators are increasingly purchasing access.

  • A weird bug in iOS Wi-Fi. Listen
Security Now (Audio)
SN 823: TLS Confusion Attacks - TikTok Privacy, iOS 14.5 Tracking Permission, Industry-Wide Patch Tuesday from 2021-06-15T18:00


  • Picture of the week.

  • Being #1 is a mixed blessing.

  • Industry wide patch Tuesday.

  • TikTok Quietly Updated Its Privacy Policy to Collect Users' Biome...

    Listen
Security Now (Audio)
SN 822: Extrinsic Password Managers - Great CyberSecurity Awakening of 2021, NAT vs IPv6, Tavis Ormandy from 2021-06-08T18:00


  • Picture of the week.

  • The Great CyberSecurity Awakening of 2021.

  • Firefox will soon auto-update on Windows even when it's not running.

  • Edge takes i...

    Listen
Security Now (Audio)
SN 821: Epsilon Red - Chrome 91, Emsisoft's Ransomware Decryption Tool, Revisiting Amazon Sidewalk from 2021-06-01T18:00


  • Photo of the Week.

  • Chrome advances to 91.

  • Emsisoft has created their own ransomware decryption tool.

  • Stepping off the Sidewalk.

  • Just...

    Listen
Security Now (Audio)
SN 820: The Dark Escrow - Firefox Fission, Doom CAPTCHA, Conti and CNA Financial Ransomware from 2021-05-25T17:30


  • Picture of the Week.

  • Firefox finally achieves sustained "Fission".

  • Conti ransomware.

  • CNA Financial pays up big.

  • When they say IoT do...

    Listen
Security Now (Audio)
SN 819: The WiFi Frag Attacks - DarkSide Follow-Up, DarkTracer, Patch Tuesday, The Frontiers Saga from 2021-05-18T19:00


  • Picture of the week.

  • DarkSide Follow-Up.

  • Follow The Money.

  • Toshiba Attacked by DarkSide.

  • Ransomware topics off-limits here.

  • Listen
Security Now (Audio)
SN 818: News From the Darkside - Exim Email Server, Tor's Exit Nodes, TsuNAME, Project Hail Mary from 2021-05-11T17:00


  • Picture of the week.

  • TsuNAME - "DNS Configuration Flaw Lets Attackers Take Down DNS Servers"

  • Huh Google?

  • Tor's Exit Nodes.

  • 21 Nails ...

    Listen
Security Now (Audio)
SN 817: The Ransomware Task Force - Scripps Health, REvil Hacks Quanta Computer, Emotet Botnet, QNAP from 2021-05-04T18:00


  • Picture of the Week.

  • REvil hacks Apple supplier Quanta Computer.

  • World-famous Scripps Health taken down.

  • The Big Emotet Botnet Takedown.

  • Listen
Security Now (Audio)
SN 816: The Mystery of AS8003 - Remembering Dan Kaminski, Project Zero, Unethical Security Research from 2021-04-27T19:30


  • Remembering Dan Kaminski.

  • Week before last was Patch Tuesday.

  • Google's Project Zero responds to today's patch latency reality.

  • Baking security in...

    Listen
Security Now (Audio)
SN 816: The Mystery of AS8003 - Remembering Dan Kaminsky, Project Zero, Unethical Security Research from 2021-04-27T17:30


  • Remembering Dan Kaminsky.

  • Week before last was Patch Tuesday.

  • Google's Project Zero responds to today's patch latency reality.

  • Baking security in...

    Listen
Security Now (Audio)
SN 815: Homogeneity Attacks - Is FLoC All That Bad?, Humble Bundle For Programmers, Chrome 90 from 2021-04-20T18:00


  • Club TWiT details.

  • Picture of the Week.

  • The Vivaldi Project's take on FLoC.

  • Chrome continues to be THE high-value target.

  • We're at C...

    Listen
Security Now (Audio)
SN 814: PwnIt And OwnIt - Why Port 10080 is Blocked, FLoC Rollout, PHP GIT Hack Revisited, CISCO Router Problems from 2021-04-13T17:30


  • Picture of the week.

  • The Slips keep Streaming.

  • Are You FLoC'ed?

  • The PHP GIT Hack, revisited.

  • CISCO abandons old routers having probl...

    Listen
Security Now (Audio)
SN 813: A Spy in Our Pocket - Ubiquity Coverup, Facebook Data Dump, Malicious Call of Duty Cheats from 2021-04-06T17:00


Ubiquity coverup, Facebook data dump, malicious Call of Duty cheats.


  • The Ubiquiti Coverup.

  • Facebook's 533,313,128 Million User Whoopsie!

  • Don't mes...

    Listen
Security Now (Audio)
SN 812: GIT Me Some PHP - Spectre Returns to Linux, API Security, OpenSSL Flaws, SolarWinds from 2021-03-30T17:30


Spectre returns to Linux, API Security, OpenSSL flaws, SolarWinds.


  • Picture of the week.

  • ProxyLogon Update.

  • Spectre returns to Linux.

  • ...

    Listen
Security Now (Audio)
SN 811: What the FLoC? - Automatic Fix for Exchange Server Flaw, Firefox 87 Features, MyBB Patch from 2021-03-23T17:00


Automatic fix for Exchange Server flaw, Firefox 87 features, MyBB patch.


  • Dave's Garage on YouTube.

  • The latest update on the ProxyLogon fiasco is from Microsoft...

    Listen
Security Now (Audio)
SN 810: ProxyLogon - New Chrome 0-Day, Patch Tuesday Redux, Spectre Comes to Chrome from 2021-03-16T18:00


New Chrome 0-Day, Patch Tuesday Redux, Spectre Comes to Chrome.


  • Chrome closes another 0-day.

  • This v89 of Chrome also lost some weight.

  • Spectre com...

    Listen
Security Now (Audio)
SN 809: Hafnium - Dependency Confusion, Intel Side Channel Attacks, Crispy Subtitles From Lay's from 2021-03-09T18:30


Dependency confusion, Intel Side Channel Attacks, Crispy Subtitles from Lay's.


  • Picture of the week.

  • 47 fixes in Chrome 89.0.4389.72.

  • Crispy Subtit...

    Listen
Security Now (Audio)
SN 808: CNAME Collusion - Seven Exchange 0-Days, Firefox Enhanced Tracking Protection, SolarWinds Password from 2021-03-02T19:00


Seven Exchange 0-days, Firefox Enhanced Tracking Protection, SolarWinds Password.


  • Chrome to default to trying HTTPS first when not specified.

  • Firefox's "Enhanc...

    Listen
Security Now (Audio)
SN 807: Dependency Confusion - SHAREit's Security Update, Solorigate, Brave's "Private Window With Tor" from 2021-02-23T17:30


SHAREit's security update, Solorigate, Brave's "Private Window with Tor".


  • SHAREit Follow-up

  • This Week in Web Browser Tracking

  • Brave's "Private Win...

    Listen
Security Now (Audio)
SN 806: C.O.M.B. - Florida Water Supply Hack Update, Major Patch Tuesday, Android SHAREit Vulnerability from 2021-02-16T19:30


Florida water supply hack update, Major patch Tuesday, Android SHAREit vulnerability.


  • Pic of the week.

  • New info in the Oldsmar, Florida water supply attack. Listen
Security Now (Audio)
SN 805: SCADA Scandal - Defender Thinks Chrome is Malware, Plex Media Servers in DDoS Attacks from 2021-02-09T19:30


Defender thinks Chrome is malware, Plex Media Servers in DDoS attacks.


  • Picture of the Week.

  • Google has been busy with Chrome.

  • Google Chrome Heap B...

    Listen
Security Now (Audio)
SN 804: NAT Slipstreaming 2.0 - SUDO Was Pseudo Secure, BigNox Supply-Chain Attack, iMessage in a Sandbox from 2021-02-02T20:30


SUDO was pseudo secure, BigNox supply-chain attack, iMessage in a sandbox.


  • Picture of the Week.

  • Chrome rescinding another CA's root cert.

  • An urgen...

    Listen
Security Now (Audio)
SN 792: NAT Firewall Bypass - SlipStream NAT Firewall Bypass, MS Police Use Ring Doorbell Cams from 2021-01-31T22:10:42.023393

SlipStream NAT firewall bypass, MS Police use Ring doorbell cams.

  • Let's Encrypt's cross-signed root expires next year
  • Chrome updates on Windows, macOS, Linux, and Android ...

    Listen
Security Now (Audio)
SN 791: Google's Root Program - Google One VPN, WordPress Update Fail, Windows 7 0-Day from 2021-01-31T22:10:42.023393

Google One VPN, WordPress update fail, Windows 7 0-Day.

  • A new 0-day in Win7 through Win10
  • A public service reminder from Microsoft
  • Google One adding an Android VP...

    Listen
Security Now (Audio)
SN 790: Top 25 Vulnerabilities - Chrome 0-Day, Edge for Linux, WordPress Loginizer from 2021-01-31T22:10:42.023393

Chrome 0-Day, Edge for Linux, WordPress Loginizer.

  • Top 25 Vulnerabilities
  • Critical 0-day in Chrome
  • Chrome 86 is now blocking slippery notifications
  • Site ...

    Listen
Security Now (Audio)
SN 789: Anatomy of a Ryuk Attack - Zoom End-to-End Encryption, Windows 10 God Mode, Manifest v3 from 2021-01-31T22:10:42.023393

Zoom end-to-end encryption, Windows 10 god mode, Manifest v3.

  • Last Wednesday, Zoom announced that THIS week their 30-evaluation of end-to-end encrypted video conferencing would beg...

    Listen
Security Now (Audio)
SN 788: Well Known URI's - Carnival Cruise Hack, ZeroLogon, Five Eyes vs Encryption from 2021-01-31T22:10:42.023393

Carnival Cruise hack, ZeroLogon, Five Eyes vs Encryption.

  • Chrome gets 86'd!
  • Carnival Cruise Line Hack
  • The largest company you've never heard of gets hit by ransom...

    Listen
Security Now (Audio)
SN 787: Why Win7 Lives On - Android Security, Windows 7 Security, Microsoft Defender from 2021-01-31T22:10:42.023393

Android Security, Windows 7 Security, Microsoft Defender.

  • Google to get even more proactive about Android security
  • Why are people sticking with Windows 7?
  • And Goo...

    Listen
Security Now (Audio)
SN 786: ZeroLogon++ - Amazon Flying Security Cam, ZeroLogon on GitHub, Ransomware Roundup from 2021-01-31T22:10:42.023393

Amazon flying security cam, ZeroLogon on GitHub, ransomware roundup.

  • What could possibly go wrong: Amazon/Ring's autonomous flying home security webcam
  • Evil ransomware gan...

    Listen
Security Now (Audio)
SN 785: Formal Verification - iOS 14 & Android 11 Security Features, DuckDuckGo Gets Big from 2021-01-31T22:10:42.023393

iOS 14 & Android 11 security features, DuckDuckGo gets big.

  • The most important iOS 14 privacy & security features
  • All of Android 11's new privacy & security fe...

    Listen
Security Now (Audio)
SN 784: BlindSide & BLURtooth - Chrome vs Abusive Ads, Patch Tuesday Palooza from 2021-01-31T22:10:42.023393

Chrome vs abusive ads, patch Tuesday palooza.

  • BlindSide and BLURtooth
  • Chrome gets tough on abusive ads
  • The last hurrah for IE & Flash exploits
  • Chromi...

    Listen
Security Now (Audio)
SN 783: IoT Isolation Strategies - Isolate Your IoT Devices, Threema Goes Open-Source from 2021-01-31T22:10:42.023393

Isolate your IoT devices, Threema goes open-source.

  • IoT Isolation Strategies
  • DoH coming to Chrome for Android
  • Bye Bye Drive-By Downloads
  • Threema goes Ope...

    Listen
Security Now (Audio)
SN 793: SAD DNS - Malicious Android Apps, Ransomware-as-a-Service from 2021-01-31T22:10:42.023393

Malicious Android apps, ransomware-as-a-service.

  • Where do most malicious Android apps come from?
  • SAD DNS is a revival of the classic DNS cache poisoning attack
  • Ho...

    Listen
Security Now (Audio)
SN 803: Comparative Smartphone Security - Browser Password Managers, Adobe Flash Repercussions, SolarWinds from 2021-01-26T20:00


Browser password managers, Adobe Flash repercussions, SolarWinds.


  • Chrome and Edge have beefed-up their built-in password managers.

  • The random repercussions ass...

    Listen
Security Now (Audio)
SN 802: Where the Plaintext Is - 2021's First Patch Tuesday, Titan Security Key Side-Channel Attack, WhatsApp from 2021-01-19T19:30


2021's first Patch Tuesday, Titan Security Key side-channel attack, WhatsApp.


  • When is Chrome not Chromium?

  • A major DuckDuckGo milestone.

  • Project Z...

    Listen
Security Now (Audio)
SN 801: Out With The Old - SolarWinds Smoking Gun, Signal Influx of WhatsApp Users, Male Chastity Cage from 2021-01-12T19:00


SolarWinds smoking gun, Signal influx of WhatsApp users, male chastity cage.


  • Firefox and Chromium updates address remote system take over bugs.

  • Tenable researc...

    Listen
Security Now (Audio)
SN 800: SolarBlizzard - SolarWinds' Orion Software, Swatting Goes IoT, PHP Zend Framework Vulnerability from 2021-01-05T19:00


SolarWinds' Orion software, swatting goes IoT, PHP Zend Framework vulnerability.


  • Chrome struggles with A/V pre-scan file locking.

  • Zyxel security products prote...

    Listen
Security Now (Audio)
SN 799: Sunburst & Supernova - Ransomware Task Force, Chrome 87, Firefox Caches, Preserving Flash Video from 2020-12-29T18:30


Ransomware Task Force, Chrome 87, Firefox caches, preserving Flash video.


  • Chrome 87 backs away from Insecure Form Warnings.

  • Firefox to begin partitioning its c...

    Listen
Security Now (Audio)
SN 798: Best of 2020 - The Year's Best Stories on Security Now from 2020-12-22T12:00


Leo Laporte walks through some of the highlights of the show and most impactful stories of 2020. Stories include:


  • Clearview AI face scanning.

  • The "EARN IT" act...

    Listen
Security Now (Audio)
SN 797: SolarWinds - Chrome Throttling Ads, Google Outage, 2020 Pwnie Awards, JavaScript's 25th Birthday from 2020-12-15T20:00


Chrome throttling ads, Google outage, 2020 Pwnie Awards, JavaScript's 25th birthday.


  • Chrome's heavy ad intervention.

  • Adrozek.

  • Ransomware: "Double ...

    Listen
Security Now (Audio)
SN 796: Amazon Sidewalk - Google Play Core Library, iOS Zero-Click Radio Proximity Exploit, Apple M1 Chip from 2020-12-08T19:00


Google Play Core Library, iOS zero-click radio proximity exploit, Apple M1 chip.


  • Ransomware news regarding Foxconn, Egregor, and K12 Inc.

  • The Apple iPhone zero...

    Listen
Security Now (Audio)
SN 795: DNS Consolidation - Generic Smart Doorbells, Tesla Model X Key Fobs, Critical Drupal Flaw, Spotify from 2020-12-01T20:00


Generic smart doorbells, Tesla Model X key fobs, critical Drupal flaw, Spotify.


  • Chrome Omnibox becomes more Omni.

  • Chrome's open tabs search.

  • Ranso...

    Listen
Security Now (Audio)
SN 794: Cicada - Ongoing WordPress Attack, RCS Gets End-to-End Encryption from 2020-11-24T18:30


Ongoing WordPress attack, RCS gets End-to-end encryption.


  • Chrome moves to release 87.

  • Explicit Publication of Privacy Practices.

  • Firefox 83 gets H...

    Listen