SN 943: The Top 10 Cybersecurity Misconfigurations - MACE Act Passed, Brave Layoffs, 23andMe Breached - a podcast by TWiT

• Steve announces the release of his new freeware utility ValiDrive for detecting fake drive capacities.


• 23andMe claims a recent data breach exposed customer info due to credential stuffing attacks.


• Key stats from Microsoft's 2023 Digital Defense Report on cyberattacks, including increased attacks on open source software, growth in business email compromise, and more password attacks.


• Brave lays off 9% of its staff amid the tough economic climate, despite its efforts to diversify revenue with new search features.


• Google Docs exports replace links with tracking redirects, enabling Google to monitor clicked links from exported documents.


• The MOVEit breach impacted Sony, exposing employee and family data.


• Firefox 118 now supports Encrypted ClientHello for hiding site requests from network surveillance.


• Google will provide 7 years of updates for its new Pixel phones, up from 5 years previously.


• The MACE Act passed overwhelmingly in Congress, allowing agencies more flexibility in cybersecurity hiring.


• Median dwell time for ransomware dropped to less than 1 day, with human-driven attacks deploying it faster.


• Steve digs into the top 10 cybersecurity misconfigurations outlined in the new NSA/CISA advisory.

Show notes: https://www.grc.com/sn/SN-943-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• GO.ACILEARNING.COM/TWIT


• drata.com/twit


• lookout.com

Further episodes of Security Now (Audio)

Further podcasts by TWiT

Website of TWiT