Security Now (MP3)

Picture of the Week. HP = "Huge Pile" The ".ZIP" TLD — What could possibly go wrong? PyPI gets more serious about security AND privacy. "No logs saved anywhere"??? Twitter in the EU? Bitwarden's support for Passkeys. A €1.2 billion fine will grab your attention. Editing WhatsApp messages. A new Google Bug Bounty. SpinRite. Brave's Brilliant Off the Record Request. Show Notes: https://www.grc.com/sn/SN-925-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: cs.co/twit drata.com/twit Melissa.com/twit

Picture of the Week. Tracker Follow-Up. Automatic IoT device updating. HP 9020e - error code 83C0000B. Section 230 Stands. The KeePass Vulnerability. Apple joins Samsung, Amazon and Verizon in banning ChatGPT. Google's Privacy Sandbox moves forward. The FBI heavily misused FISA powers. Supply Chain Nightmare. SpinRite. VCaaS – Voice Cloning as a Service. Show Notes: https://www.grc.com/sn/SN-924-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow athleticgreens.com/securitynow lookout.com

Picture of the Week. SpinRite. Location Tracker Behavior. Formal definitions from the specification. Bluetooth LE devices have MAC addresses and therein lies a problem. All devices are serialized. And now, that "pairing registry". Privacy considerations. Show Notes: https://www.grc.com/sn/SN-923-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit GO.ACILEARNING.COM/TWIT

Picture of the Week. Google & Passkeys. TP-Link routers DO auto-update. US Marshals Service: Where's the backup?? T-Mobile keeps getting breached. Chrome: No more LOCK icon. Apple's new "Rapid Security Response" system. Elon Musk, making friends wherever he goes... A quick Mastodon aside. Here come the fake AI-generated "news" sites. Russia to replace "American" TCP/IP with "Russian Internet". Vint Serf's 3 mistakes. Detecting Unwanted Location Trackers. Show Notes: https://www.grc.com/sn/SN-922-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsor: kolide.com/securitynow

Picture of the Week. The Encryption Debate. Age does matter... Age Verification. WhatsApp: Rather be blocked in UK than weaken security. Exposing Side-Channel Monitoring. Closing the Loop. A new UDP reflection attack vector. Google Authenticator Updated. Does Israel use NSO Group commercial spyware? A Russian OS? TP-Link routers compromised. A pre-release security audit. Another Intel side-channel attack. Windows users: Don't remove cURL! AI comes to VirusTotal.  Show Notes    https://www.grc.com/sn/SN-921-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT joindeleteme.com/twittv drata.com/twit

Picture of the Week. Lockdown Mode seen succeeding. A growing black market for ChatGPT accounts. Decommissioned Corporate Routers Leak Secrets. Jaguar Tooth: Cisco router vulnerabilities. Security Research Legal Defense Fund. A quick Firefox fix. Kubernetes security audit. Google Chrome zero-day. An End-to-End Encryption Proposal. Show Notes https://www.grc.com/sn/SN-920-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: athleticgreens.com/securitynow lookout.com

Picture of the Week. Patch Tuesday Review. Risky Business News. Google Assured Open Source Software. WhatsApp Improvements. Bad Security? Go to jail! Forced Entry. Show Notes https://www.grc.com/sn/SN-919-Notes.pdf   Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: meraki.cisco.com/twit bitwarden.com/twit GO.ACILEARNING.COM/TWIT

Picture of the Week. Microsoft and Fortra go on the offensive. Can ChatGPT keep a secret? Apple updates their OS's. Wordpress under attack... again. Mozilla's Site Breach Monitor. Another ChatGPT investigation. Samsung handsets reaching EoL. Less access for loan apps. The right to be forgotten. SpinRite. A Dangerous Interpretation. Show Notes: https://www.grc.com/sn/SN-918-Notes.pdf   Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: joindeleteme.com/twittv meraki.cisco.com/twit kolide.com/securitynow

Picture of the Week So... Not an attack, then? AI Overlord Hysteria Italy says NO to ChatGPT It's illegal... How much will that be? The U.S. FDA & medical device security Hack the Pentagon Firefox 3dr-party DLL check-up Microsoft's Extortion? The Silver Ships Zombie Software Show Notes: https://www.grc.com/sn/sn-917-notes.pdf   Hosts: Steve Gibson and Ant Pruitt Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow canary.tools/twit - use code: TWIT meraki.cisco.com/twit

Picture of the Week. Synacktiv wins this year's CanSecWest Pwn2Own GitHub: Mistakes happen DDoS for Hire. . .Or Not 144,000 malicious packages published No iPhones For Russian Presidential Staff I NUIT Edge Gets Crypto Microsoft's Email Extortion Show Notes: https://www.grc.com/sn/sn-916-notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com kolide.com/securitynow Melissa.com/twit

Picture of the Week. Multiple Exploitable Samsung 0-Days. A good idea for NPM. The TikTok Tick Tock. Google pushes for 90-day TLS certificate life. CHESS is safe. CISA has begun scanning! Flying Trojan Horses. Show Notes: https://www.grc.com/sn/SN-915-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit GO.ACILEARNING.COM/TWIT expressvpn.com/securitynow

Picture of the Week. Another Malicious Chrome Extension. Germany to join the Huawei & ZTE ban. Putting "phishing" into perspective. The Polynonce attack. Plex's RCE now in CISA's KEV. Sci-Fi: Andor. Sony Sues Quad9. Show Notes: https://www.grc.com/sn/SN-914-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: fortra.com bitwarden.com/twit plextrac.com/twit

Picture of the Week. DDoS'ing Fosstodon. DDoS for Hire takedowns. TikTok Insanity. Illegal Warrantless Surveillance. Strategic Objective 3.3. GitHub Secret Scanning. CISA's Covert Red-Team. What's left? What's old is new again. TCG TPM vulnerabilities. WordPress "All In One SEO". Russia fines Wikipedia. A Fowl Incident. Show Notes: https://www.grc.com/sn/SN-913-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT drata.com/twit kolide.com/securitynow

Picture of the Week. Windows 11? ... anyone? As Plain as Ever. Edge's new built-in VPN? LastPass Incident Update. Signal says NO to the UK. More PyPI troubles. The QNAP bug bounty program. SpinRite. The NSA @ Home. Show Notes: https://www.grc.com/sn/SN-912-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsor: kolide.com/securitynow

GoneDaddy, Section 230, NPM malware, Hyundai Kia mess, Meta Verified Picture of the Week. GoneDaddy. Section 230. No Blue, No SMS-based 2FA. Bitwarden gets Argon. "Meta Verified". Emsisoft Fake Code Signing. Attacks breaking records. More Mirai. NPM malware. Patch Tuesday. Samsung announces "Message Guard". The Hyundai & Kia mess. A Clever Regurgitator. Show Notes https://www.grc.com/sn/sn-911-notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit GO.ACILEARNING.COM/TWIT

Picture of the Week ESXiArgs follow-up ChatGPT's Malicious Use Google Security Key Giveaway Brave goes HTTPS-by-default 1Password Makes Another Passkeys Move Russian Patriotic Hackers Amazon to FINALLY Secure Its AWS S3 Instances More Anti-Chinese Camera Removals Microsoft to embed Adobe Acrobat PDF reader into Edge Password Exhaustion One Time Passowrd OTPAuth Password Exhaustion Ascon Show Notes https://www.grc.com/sn/sn-910-notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit plextrac.com/twit fortra.com

Picture of the Week. The European Union's Internet Surveillance Proposal. 30,000 patient records online? .DEV is always HTTPS! Google changes Chrome's release strategy. Russia shoots the messenger. A fool and his Crypto... QNAP is back. CVSS severity discrepancy. Closing the Loop. How ESXi Fell. Show Notes: https://www.grc.com/sn/SN-909-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit barracuda.com/securitynow canary.tools/twit - use code: TWIT

Android to start blocking old and unsafe apps. Microsoft to block Internet sourced Excel add-ins. An example of saying "no" even when it may hurt. Hacked Wormhole funds on the move. Kevin Rose Hacked. Facebook will be moving more users into E2EE. iOS 6.3 and FIDO. Scan thy Citizenry. The Hive ransomware organization takedown. Errata. Closing the Loop. SpinRite. Data Operand Independent Timing. Show Notes: https://www.grc.com/sn/SN-908-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Melissa.com/twit kolide.com/securitynow

Picture of the Week. PayPal Credential Stuffing. iOS 16.3 : Cloud encryption for all. InfoSecurity Magazine: "ChatGPT Creates Polymorphic Malware". CheckPoint Research: OPWNAI : Cybercriminals Starting to Use ChatGPT. "Meta" fined for the third time. Bitwarden acquires "Passwordless.dev". Closing the Loop. SpinRite. Credential Reuse. Show Notes: https://www.grc.com/sn/SN-907-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: GO.ACILEARNING.COM/TWIT expressvpn.com/securitynow drata.com/twit

Picture of the Week About Password Iterations EBC or CB Norton Lifelock Troubles Chrome Follows Microsoft and Firefox Chromium is Beginning to Rust BYOVD and Windows Defender Failures Closing the Loop (feedback) The Rule of Two Show notes: https://www.grc.com/sn/sn-906-notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: plextrac.com/twit bitwarden.com/twit barracuda.com/securitynow

Picture of the Week. LastPass Aftermath. LastPass Vault De-Obfuscator. What more do we know this week regarding LastPass? The most alarming discovery by listeners. Understanding the scale of GPU-enhanced password cracking. On the true strength of passwords. Feedback from listeners regarding LastPass. Show Notes https://www.grc.com/sn/SN-905-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: tanium.com/twit drata.com/twit

Picture of the Week. SpinRite. Leaving LastPass. Is there reason for concern? Well known password cracker Jeremi Gosney's LastPass rant. Steve shares his plan regarding LastPass. What is Steve's next password manager? What should LastPass users do to protect themselves? Show Notes https://www.grc.com/sn/SN-904-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: fortra.com canary.tools/twit - use code: TWIT

Anatomy of a Log4j Exploit. Will Russia Disconnect? FCC Says Kaspersky Labs is a National Security Threat. Lenovo UEFI Firmware Troubles. That ""Passkeys"" Thing. Dis-CONTI-nued: The End of Conti? Steve's Take on the LastPass Breach. Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow kolide.com/securitynow

Picture of the Week. A malware operation known as URSNIF. Pwn2Own Toronto 2022. Citrix and Fortinet recently released security updates to patch 0-day vulnerabilities. Patch Tuesday. Another Uber breach? Elon Botches 'Bot Blockage. Vivaldi integrates Mastodon in its desktop browser. 5,200 Dutch government warnings. CIB: "Coordinated Inauthentic Behavior" GitHub to require 2FA by the end of next year. Bye bye SHA-1. WordFence's VERY useful looking WordPress add-on vulnerability database. Closing The Loop. SpinRite. A Generic WAF Bypass. Show Notes https://www.grc.com/sn/SN-902-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsor: plextrac.com/twit

Picture of the Week. Chrome does Passkeys. SYNC.COM suffered its first outage. Medibank reboot. Totally fake cryptocurrency trading platforms. Malware on Telegram. Texas gets in on the TikTok banning. The LastPass class action lawsuit. Rackspace had a big embarrassing problem. Rackspace is now facing at least three class action lawsuits. Another country goes on the offensive. Closing The Loop. SpinRite. Miscellany. Apple Encrypts the Cloud. Show Notes https://www.grc.com/sn/SN-901-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: barracuda.com/securitynow bitwarden.com/twit expressvpn.com/securitynow

Picture of the Week. Don't mess with Australia. Facebook / Meta fined by Ireland. REvil's full Medibank dump. Is nothing sacred? Mozilla yanks a (no longer) trusted root. Android Platform Certs Escape. South Dakota says: No more Tik-Tok. Albania blames its IT staff. Good news on the memory safe languages front. Black Hat USA 2022. Another Chrome 0-day bites the dust. Anker's Eufy Camera debacle. An amazing-looking WiFi-6 router... $119. Elon really said this. Closing the Loop. SpinRite. LastPass Again.   Show Notes https://www.grc.com/sn/SN-900-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: itpro.tv/securitynow canary.tools/twit - use code: TWIT plextrac.com/twit

Picture of the Week. iSpoof you no more. Here come the Freebie Bots! Anatomy of the real-time Cryptocurrency heist. Lookin' for something to do? Boa server vulnerability. The dilemma of closed-source Chinese networking products. The Cyber Defense Index. Malicious Docker Hub images. Since we've been tracking 0-days for a while. CISA on Mastodon. Miscellany. Closing The Loop. SpinRite. Show Notes https://www.grc.com/sn/SN-899-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow plextrac.com/twit nordlayer.com/twit

Picture of the Week. Firefox v107 was released last Tuesday. Google settles for a cool $391.5 million. Red Hat Signing its ZIP file Packages. The FBI purchased Pegasus for "research and development purposes". Greece bought Predator for €7 million. A passkeys support directory. Quantum decryption deadline. Attorneys General ask the FTC for online privacy regulation. Closing The Loop. SpinRite. Wi-Peep. Show Notes https://www.grc.com/sn/SN-898-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: tanium.com/twit barracuda.com/securitynow Secureworks.com/twit

Picture of the Week. Patch Tuesday review. Shennina Framework - Automating Host Exploitation with AI. GitHub's welcome new feature. Three LightSpeed vulnerabilities. Shufflecake: Plausible deniability encrypted Linux volumes. Australia has decided to get proactive! Apple's iOS 16.1.1 everyone file sharing time-limits to 10 minutes in China. A couple of Decentralized Finance notes because I can't help myself. "The Helm" was unable to survive COVID-19. Elon meets Twitter. Closing The Loop. SpinRite. Memory-Safe Languages. Show Notes - https://www.grc.com/sn/SN-897-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit expressvpn.com/securitynow grammarly.com/tone

Picture of the Week. A minor Dropbox breach. OpenSSL follow-up. FTC sued and settled with a repeated offender. $1.2 billion in reported ransomware payments during 2021. Akamai's Q3 Threat Report. Initial Access Brokerages. How do today's bank heists work? De-Fi De-struction De-jour. Russia moves to Linux. We're The Red Cross. Don't attack us, please! Where there's a will, there's a way. From China with Love. The UK's NCSC scan plan. Miscellany. Closing The Loop. SpinRite. We invite you to read our show notes at https://www.grc.com/sn/SN-896-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT drata.com/twit

Picture of the Week. Windows driver blocklist to be updated next Tuesday. More Microsoft shenanigans. An upcoming OpenSSL CRITICAL vulnerability update -- get ready! A new TCP/IP RCE in Windows. A study of malicious CVE proof of concept exploits in GitHub. "Stranger Strings" : An exploitable flaw in SQLite. PayPal to add support for Passkeys. A browser exploitation tutorial! Kathleen Booth: July 9th, 1922 – September 29, 2022. Closing The Loop. SpinRite. After 20 years in GCHQ. We invite you to read our show notes at https://www.grc.com/sn/SN-895-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: nordlayer.com/twit kolide.com/securitynow itpro.tv/securitynow

Picture of the Week. Firefox 106 is out. Google's Open Source IoT KataOS and Sparrow. This Week in CryptoCurrency Craziness. New Windows 0-day bypasses executable security checks. Apple's 9th 0-day of the year bites the dust. The evolutionary demise of banking malware. VMWare's Critical CVSS 9.8 Update. Closing The Loop. Miscellany. Data Breach Responsibility. We invite you to read our show notes at https://www.grc.com/sn/SN-894-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit Secureworks.com/twit barracuda.com/securitynow

Picture of the Week. Microsoft "Won't Fix". Malicious Kernel Drivers. Microsoft has finally added an RSS feed for Windows Updates! Passkeys [dot] Dev. Largest DDoS attack. Signal will be dropping its SMS/MMS support. Brute-force protection for Windows local admin accounts. Other than that... SpinRite. Closing The Loop. xchg rax, rax and "xorpd" ZimaBoard Goodness. Password Change Automation. We invite you to read our show notes at https://www.grc.com/sn/SN-893-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: wwt.com/twit canary.tools/twit - use code: TWIT expressvpn.com/securitynow

Picture of the Week. Breach of Customer Information Meta-targeted Malware Uber's Chief Security Officer Found Guilty More Cryptocurrency Chaos The UK to drop GDPR Summer Internship with the NSA Many Incident Responders are Stressed Out Microsoft's newest dual 0-day Exchange Fumbles SpinRite news ZimaBoard Closing the Loop Source Port Randomization We invite you to read our show notes at https://www.grc.com/sn/SN-892-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Secureworks.com/twit newrelic.com/securitynow bitwarden.com/twit

Picture of the Week. (What Could Possibly Go Wrong) Microsoft Teams - Unecessarily Insecure Roskomnadzor blocks Soundcloud Microsoft Exchange Server Under Attack Again I'm (Still) Not a Robot! Google TAG History Closing the Loop Poisoning Akamai We invite you to read our show notes at https://www.grc.com/sn/SN-891-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: ziprecruiter.com/securitynow itpro.tv/securitynow kolide.com/securitynow

Picture of the Week. Can't have it both ways. Denmark has become the fourth EU member to rule that the use of Google Analytics is illegal. Rockstar Games hacker is busted! Mozilla says: No fair! Vivaldi, Manifest V3, webRequest, and ad blockers. Sticky Chrome vulnerabilities. SMB authentication rate limiter now on by default in Windows Insider. US bill to secure FOSS software. Iran vs Albania. Closing The Loop. The Silver Ships. SpinRite. DarkNet Politics. We invite you to read our show notes at https://www.grc.com/sn/SN-890-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: grammarly.com/securitynow Secureworks.com/twit drata.com/twit

Picture of the Week. This is Patch News-Day. Lloyd's of London backing away from Cyber-Insurance. Uber Oops! Rockstar Games: Grand Theft Auto 6 Massive Leak. LastPass Breach Update. A CVSS 9.8 for WordPress. What cost, Security? Use-after-freedom: Google's "MiraclePtr" Closing The Loop. Spell-Jacking. We invite you to read our show notes at https://www.grc.com/sn/SN-889-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: barracuda.com/securitynow bitwarden.com/twit tanium.com/twit

Picture of the Week.  Cyberwarfare: Albania vs Iran.  Crypto Heist — this or that.  The White House "Tech Platform Accountability" Listening Session.  Changes to the Dutch Intelligence Law.  Another QNAP mess.  D-Link's being taken over by MooBot.  Sci-Fi Discovery: "The Silver Ships".  Closing The Loop.  The EvilProxy Service.  We invite you to read our show notes at https://www.grc.com/sn/SN-888-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow canary.tools/twit - use code: TWIT newrelic.com/securitynow

Picture of the Week.  Google's (newest) Open Source Software Vulnerability Rewards Program.  Did TikTok leak 2.05 BILLION User Records?  An urgent Chrome update patches new 0-day flaw.  Permission-less Browser Clipboard Write.  Nearly 1/3 of the packages in PyPI trigger an automatic code execution upon download.  A Quantum Hype Bubble?  All of the BlackHat 2022 Presentation Slides PDFs.  Csurf NPM library mistake.  SpinRite.  Closing The Loop.  Sci-Fi Discovery: "The Silver Ships"  Embedding AWS Credentials. We invite you to read our show notes at https://www.grc.com/sn/SN-887-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Picture of the Week.  LastPass Breached.  The US Federal Trade Commission filed a lawsuit against data broker Kochava.  The US Federal Communications Commission launched an investigation into mobile carriers' geolocation data practices.  California, here I come!  A conversation with a Ransomware Attacker.  DuckDuckGo's Privacy-Enhanced eMail Forwarding.  Another IoT mess care of "Hikvision"  SpinRite.  Closing The Loop.  Wacky Data Exfiltration.    We invite you to read our show notes at https://www.grc.com/sn/SN-886-Notes.pdf Hosts: Steve Gibson and Leo Laporte Sponsors: Secureworks.com/twit grammarly.com/securitynow

VIDEO of the Week Crashing Laptop Computers With Janet Jackson RealTek SoC flaw affects many millions of IoT devices 46 Million RPS - requests per second Chrome's 5th 0-Day of 2022 Apple: Not to be left behind... RubyGems to require MFA Closing The Loop: Domain Name Ownership Closing The Loop: Growing in Cybersecurity The Bumblebee Loader We invite you to read our show notes at https://www.grc.com/sn/SN-885-Notes.pdf Hosts: Leo Laporte and Steve Gibson Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT barracuda.com/securitynow Melissa.com/twit

Picture of the Week.  Patch Flashback Tuesday.  Facebook is cautiously creeping toward default E2E encryption.  VNC's inherent insecurity.  The need to control domain names.  And speaking of backup: Cyotek WebCopy.  Google's Ryan Sleevi Retweeted Jens Axboe.  SandSara Update from Ed Cano.  Closing The Loop.  SpinRite.  TLS Private Key Leakage.    We invite you to read our show notes at https://www.grc.com/sn/SN-883-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit newrelic.com/securitynow Secureworks.com/twit