Podcasts about secure boot

Rob Allen, Chief Product Officer at Threatlocker joins us for an interview segment on using AI in security products: What works and what's not fully baked! Then in the security news, There are more holes in your boot...loader according to Microsoft, related: Secure Boot is in danger and no one is really talking about it (still), Dear Microsoft: I don't want to send you my data, I don't grant you remote access, and I don't want to create a MS account, CrushFTP has to crush some bugs, bypassing unprivileged user namespace restrictions, FBI raids, attackers using your GPU, Find My anything, protecting GlobalProtect, the exploits will continue until things improve, your call records were not protected, good vs. bad drivers, AI is hacking AI, time traveling attacks, and a bizarre call for security researchers. This segment is sponsored by ThreatLocker. Visit https://www.securityweekly.com/threatlocker to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-868

Rob Allen, Chief Product Officer at Threatlocker joins us for an interview segment on using AI in security products: What works and what's not fully baked! Then in the security news, There are more holes in your boot...loader according to Microsoft, related: Secure Boot is in danger and no one is really talking about it (still), Dear Microsoft: I don't want to send you my data, I don't grant you remote access, and I don't want to create a MS account, CrushFTP has to crush some bugs, bypassing unprivileged user namespace restrictions, FBI raids, attackers using your GPU, Find My anything, protecting GlobalProtect, the exploits will continue until things improve, your call records were not protected, good vs. bad drivers, AI is hacking AI, time traveling attacks, and a bizarre call for security researchers. This segment is sponsored by ThreatLocker. Visit https://www.securityweekly.com/threatlocker to learn more about them! Show Notes: https://securityweekly.com/psw-868

# Title * HN59 - Microsoft AI Discovers 20 Zero-Day Vulnerabilities in Bootloaders! ## Description

Rob Allen, Chief Product Officer at Threatlocker joins us for an interview segment on using AI in security products: What works and what's not fully baked! Then in the security news, There are more holes in your boot...loader according to Microsoft, related: Secure Boot is in danger and no one is really talking about it (still), Dear Microsoft: I don't want to send you my data, I don't grant you remote access, and I don't want to create a MS account, CrushFTP has to crush some bugs, bypassing unprivileged user namespace restrictions, FBI raids, attackers using your GPU, Find My anything, protecting GlobalProtect, the exploits will continue until things improve, your call records were not protected, good vs. bad drivers, AI is hacking AI, time traveling attacks, and a bizarre call for security researchers. This segment is sponsored by ThreatLocker. Visit https://www.securityweekly.com/threatlocker to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-868

Rob Allen, Chief Product Officer at Threatlocker joins us for an interview segment on using AI in security products: What works and what's not fully baked! Then in the security news, There are more holes in your boot...loader according to Microsoft, related: Secure Boot is in danger and no one is really talking about it (still), Dear Microsoft: I don't want to send you my data, I don't grant you remote access, and I don't want to create a MS account, CrushFTP has to crush some bugs, bypassing unprivileged user namespace restrictions, FBI raids, attackers using your GPU, Find My anything, protecting GlobalProtect, the exploits will continue until things improve, your call records were not protected, good vs. bad drivers, AI is hacking AI, time traveling attacks, and a bizarre call for security researchers. This segment is sponsored by ThreatLocker. Visit https://www.securityweekly.com/threatlocker to learn more about them! Show Notes: https://securityweekly.com/psw-868

We had quite a PC-heavy Q&A this month, with multiple questions about Windows 10 and 11 with the former's end-of-support date looming in October, as well as Qs about pronouncing country-code domains, the latest Nvidia 50-series electrical-connector drama, why we haven't seen much Gallium Nitride in PC power supplies yet, ways to get e-books besides Amazon, combatting the dreaded bit rot, and what it would actually mean to print a podcast. Support the Pod! Contribute to the Tech Pod Patreon and get access to our booming Discord, a monthly bonus episode, your name in the credits, and other great benefits! You can support the show at: https://patreon.com/techpod

First up in the news: Linux Mint 22.1 “Xia” released, Parallels can finally run x86 versions of Linux on Apple Silicon, German router maker is latest company to inadvertently clarify the LGPL license, Google and Linux Foundation form Chromium love club In security and privacy: Microsoft patches Windows to eliminate Secure Boot bypass threat, Then in our Wanderings: Joe enjoys prepares his rack , Dale does routing , and Eric shares 80s kid culture with his kid.

Tech & Security Weekly FAQ: January 7th, 2025 1. Why is Apple paying $95 million in a lawsuit about Siri? Apple is settling a lawsuit alleging Siri "unintentionally" recorded private conversations without user consent. The lawsuit claimed these recordings were shared with third parties and used for targeted advertising. While denying wrongdoing, Apple will compensate affected users up to $20 per Siri-enabled device purchased between September 2014 and December 2024 and delete recordings obtained before October 2019. 2. What happened to MyGiftCardSupply's customer data? MyGiftCardSupply, an online gift card store, exposed hundreds of thousands of customers' identity documents due to a publicly accessible storage server with no password protection. This server contained sensitive information like driver licenses, passports, and selfies taken for KYC compliance, putting customers at risk of identity theft. 3. Are Chrome extensions safe to use? Hackers are increasingly targeting Chrome extensions, including popular VPNs and AI tools, by injecting malicious code through updates. This can compromise user data and accounts. Users are advised to carefully review extension permissions, only install extensions from trusted sources, and be cautious of unexpected updates. 4. Is Windows 10 still relevant despite the release of Windows 11? Despite Microsoft's promotion of Windows 11, Windows 10 remains the dominant desktop OS, holding a 62.7% market share. This is partly due to user reluctance to upgrade and a significant increase in Windows 10 installations in the US. However, support for many Windows 10 versions ends in October 2025, pushing users towards either extended security updates or potential vulnerabilities. 5. Why is outdated firmware a concern for medical devices? The Illumina iSeq 100 DNA sequencer and other medical devices use outdated firmware, leaving them vulnerable to malware attacks. Without security features like Secure Boot, malicious code can hide in the firmware, compromising device integrity and potentially patient safety. This highlights the need for manufacturers to prioritize firmware updates and security protocols in medical equipment. 6. How are Chinese hackers evolving their tactics? Chinese hackers, allegedly linked to the military and intelligence, have shifted from corporate espionage to targeting critical US infrastructure, including water utilities, airports, and energy grids. This suggests preparation for potential geopolitical conflicts, particularly concerning Taiwan, aiming to disrupt US response capabilities. The sophistication and potential impact of these attacks raise serious concerns about escalating cyber-warfare between the two countries. 7. Why are New Yorkers saying goodbye to the R46 subway cars? New York City is retiring its iconic R46 subway cars, known for their unique seating arrangement and nostalgic charm. These trains are being replaced by the modern R211 cars, featuring brighter lighting, enhanced accessibility, and longitudinal seating to optimize passenger flow. While some lament the loss of a cultural symbol, the upgrade promises a more efficient and modern transit experience. 8. What does Meta's decision to end fact-checking mean for Facebook and Instagram users? Meta, the parent company of Facebook and Instagram, is ending its fact-checking program and loosening content moderation policies. Zuckerberg claims this aims to promote free speech, but critics argue it will lead to a surge in misinformation and harmful content. This shift raises concerns about the platforms' role in shaping online discourse and their potential impact on political and social issues.

Windows 365 Link is the first Cloud PC device purpose-built for Windows 365. It can connect to your Cloud PC in seconds with a simple sign-in, accessing a familiar Windows Desktop with high-fidelity performance. Windows 365 Link offers seamless setup and streamlined management through Microsoft Intune, ensuring your IT environment is efficiently maintained alongside other PCs. As a stateless and adminless device, it does not store user profile data or install additional software. Optimize your work experience with passwordless authentication, high-performance video conferencing, and support for essential peripherals. Designed with a robust security posture, Windows 365 Link provides data protection with features like Secure Boot, BitLocker encryption, Hypervisor-based Code Integrity, and more. Jalleen Ringer, Partner GPM for Windows Cloud Endpoints, shows how Windows 365 Link is the ideal choice for secure, scalable, and efficient cloud computing.   ► QUICK LINKS: 00:00 - Windows 365 Link—First Cloud PC device purpose-built for Windows 365 00:55 - What it's like to use Windows 365 Link 02:32 - Ports and connectivity 03:18 - Set it up 03:48 - Device management 05:26 - Wrap up   ► Link References Check out https://aka.ms/Windows365Link   ► Unfamiliar with Microsoft Mechanics?  As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast   ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics  • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

In this episode, Andy and Paul, the dynamic duo of the Security Swarm Podcast, delve into the often-overlooked security of the Windows boot process, revealing how recent leaks have compromised its integrity.  Join Andy Syrewicze and Paul Schnackenburg as they break down how the boot process has evolved from the BIOS days to today's sophisticated UEFI system. They explore features like Trusted Boot and Secure Boot, which are designed to stop rootkits and other malware from hijacking the system.   But things aren't as secure as they seem. Recent leaks of platform keys, including the infamous "PKFail" incident, have exposed vulnerabilities that threaten the whole system. Listen on to discover how these vulnerabilities are being exploited by attackers, the potential risks they pose to your system, and what you can do to safeguard your devices.  Do you want to join the conversation? Join us in our Security Lab LinkedIn Group!  Key Takeaways:  The Windows boot process is more complex than you think: It includes multiple phases, from basic hardware checks to kernel initialization and anti-malware checks, all before you even see the login screen.   Secure boot and measured boot aim to protect against rootkits and bootkits: These security features check for trusted components and fingerprint the boot process to detect unauthorized changes.   PKFail exposes a major vulnerability: A leaked test key used across 800 motherboard models allows attackers to bypass secure boot and load malicious software during the boot process as if it were legitimate.   Firmware vulnerabilities are widespread: The boot process isn't the only place where attackers can hide malware. Network cards, storage devices, and other components with firmware can also be compromised.   Rootkits and bootkits are persistent and difficult to remove: They can survive operating system reinstallation and are incredibly difficult to detect and remove, making them highly effective for attackers.   Updating firmware is crucial: You need to keep your firmware updated just like you update your operating system and software to protect yourself from vulnerabilities.   Beware of the dangers of compromised hardware: While less common than other attacks, these vulnerabilities should be addressed seriously. If you suspect a machine is infected, it's often best to discard it entirely.  Timestamps:  (01:27) Overview of Boot Process   (05:39) Breakdown of the Boot Process Steps   (08:44) Secure Boot and its Features   (12:13) The PKFail Leak: Leaked Platform Key Weakens Secure Boot   (17:18) Bootkits and Rootkits - The Types of Attacks   (22:41) Digital Supply Chain Issues and the Leaked Keys   (27:42) Mitigating PK Fail & Updating Firmware   (30:15) Balancing Risk Profile & Protecting Against Other Attacks   (31:39) Why Rootkits are a Major Persistence Threat  Episode Resources:  Github Repo of known compromised devices Ars Technica Article regarding UEFI Malware Intel Boot Guard News -- Hornetsecurity's Advanced Threat Protection (ATP) can help you stay ahead of these threats.  ATP provides:  Threat intelligence: Stay informed about emerging security threats like bootkit and rootkit vulnerabilities.   Advanced detection: Identify and block these highly sophisticated threats before they can compromise your systems.   Real-time protection: Prevent malicious code from executing, even at the boot level.  Don't wait for a breach! Contact Hornetsecurity today to learn how Advanced Threat Protection can help you secure your boot process and protect your organization from the most persistent malware threats. Click here to schedule a free consultation with a Hornetsecurity specialist. 

In der Folge mit der Unglückszahl 13 geht es um diverse Dinge, die unglücklich gelaufen sind, von Linux-Bootloadern, die Microsoft nur teilweise unabsichtlich blockiert hat, bis zur mangelhaften Sicherheit bei "MLOps", also dem KI-Pendant zu DevOps. Zuerst schauen sich Christopher und Sylvester aber eine sehr erfreuliche Diskussion zu OpenSSL an; die Entwickler haben ihre Community um Meinungen zu einer sicherheitsrelevanten Änderung gebeten. Außerdem geht es um die Festnahme von Pavel Durov, den Schöpfer des gar-nicht-so-sicheren Messengers Telegram, und das altehrwürdige Hacker-ezine "Phrack", das in Ausgabe 71 erschienen ist.

Sixty vulnerabilities and exposures disclosed in one week sounds like a lot. We'll explain why it's just business as usual.Sponsored By:Core Contributor Membership: Take $1 a month of your membership for a lifetime!Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices! 1Password Extended Access Management: 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps. Support LINUX UnpluggedLinks:

Neben eurem Feedback besprechen wir auch die Zusammenhänge von UEFI, Secure Boot und Windows-/Linux-Dualboot-Systemen. Das OpenSteetMap-Projekt feiert 20-jähriges Bestehen, während Serpent OS als neue Linux-Distribution erscheint. Vanilla OS wird nach langer Entwicklungszeit in Version 2 veröffentlicht. Debian schraubt am Solver der Paketverwaltung und uBlock Origin stellt die Chrome-Version des beliebten Addons ein. Die Community freut sich über die erste Alpha von Pop!_OS 24.04, die auch den COSMIC-Desktop enthält. Die Fedora-Community stellt mit Ramalama ein weiteres KI-Werkzeug vor während Manjaro an einem Immutable-Ableger arbeitet.

A recent Microsoft Windows update breaks Linux dual-boot - or does it? This week we look into reports of the recent Windows patch-Tuesday update breaking dual-boot, including a deep-dive into the technical details of Secure Boot, SBAT, grub, shim and more, plus we look at a vulnerability in GNOME Shell and the handling of captive portals as well.

We explore the UEFI certificate issue in which secure boot is potentially compromised. Certificates that are included in most UEFI BIOSes have been compromised in ways that could easily be used as an attack vector, a very significant flaw and something that should be on your purview and radar to fix and patch. We're going to talk about what the issue is, why it's important, how secure boot works, and what you can do to mitigate this problem in your own infrastructure. An important episode for anybody running or managing desktops, data centers or any infrastructure of any type. Transcript: https://otter.ai/u/H15Z2NZDom8Hta8gHJn2mQwziFM?utm_source=copy_url

Secure boot is compromised on hundreds of devices, Amazon's desperate attempt to make money from Alexa, and how to decide which open source software on GitHub to trust.   Plug Support us on patreon and get an ad-free RSS feed with early episodes sometimes   News/discussion Secure Boot is completely broken on 200+ models from […]

Secure boot is compromised on hundreds of devices, Amazon's desperate attempt to make money from Alexa, and how to decide which open source software on GitHub to trust.   Plug Support us on patreon and get an ad-free RSS feed with early episodes sometimes   News/discussion Secure Boot is completely broken on 200+ models from... Read More

In Folge 9 von Passwort reden Christopher und Sylvester über eine Reihe von Security-News der letzten Tage: Die weltgrößte Zertifizierungsstelle Let's Encrypt will das Open Certificate Status Protocol (OCSP) loswerden und Secure Boot kämpft, mal wieder, mit Problemen und Schlampereien. Außerdem reden die Hosts über einen neuen Passwort-Check bei GMX und Web.de und die Security von Blockchain- Projekten – anlässlich eines aktuellen besonders teuren Malheurs. Das Urgestein GhostScript macht mit einen Sicherheitsproblem auf sich selbst und vor allem auf den interessanten Charakter des Formats PostScript aufmerksam. * c't-Artikel über Zertifikatswiderrufe: https://heise.de/-9642194 * Folge der c't Auslegungssache zum Thema „Datenlecks verhindern“: https://heise.de/-9762321 * c't-Artikel zu Mailpasswörtern im neuen Outlook: https://www.heise.de/select/ct/2023/28/2331715395648017635 * https://www.web3isgoinggreat.com

The COSMIC desktop is just around the corner. We get the inside scoop from System76 and go hands-on with an early press build.Sponsored By:Core Contributor Membership: Take $1 a month of your membership for a lifetime!Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices! 1Password Extended Access Management: 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps. Support LINUX UnpluggedLinks:

In this episode I cover some more news from the CrowdStrike content update gone wrong, I share details on a significant Secure Boot compromise and a recent Azure outage plus much more! Reference Links: https://www.rorymon.com/blog/major-azure-outage-crowdstrike-fallout-continues-secure-boot-compromised-on-many-devices/

On this week's show, Patrick Gray and Adam Boileau discuss the week's security news, including: The insurance industry's reaction to CrowdStrike's mess Google's Workspace email validation flaw and its consequences for OAuth'd applications Is the VMWare ESX group membership feature a CVE or an FYI? Secureboot continues to under-deliver North Korea's revenue neutral intelligence services And much, much more This episode is sponsored by allowlisting software vendor Airlock Digital. Airlock uses a kernel driver on Windows, so Chief Executive David Cottingham joined to discuss what the CrowdStrike kernel driver bug drama means for security vendors. This episode is also available on Youtube. If you want to ruin the magic of radio and see the faces behind the show, well, now you can! Show notes Business interruption claims will drive insurance losses linked to CrowdStrike IT disruption | Cybersecurity Dive Delta hires David Boies to seek damages from CrowdStrike, Microsoft CrowdStrike disruption direct losses to reach $5.4B for Fortune 500, study finds | Cybersecurity Dive (1145) Why CrowdStrike's Baffling BSOD Disaster Was Avoidable - YouTube CrowdStrike offers a $10 apology gift card to say sorry for outage | TechCrunch Crooks Bypassed Google's Email Verification to Create Workspace Accounts, Access 3rd-Party Services – Krebs on Security Hackers exploit VMware vulnerability that gives them hypervisor admin | Ars Technica Microsoft calls out apparent ESXi vulnerability that some researchers say is a ‘nothing burger' | CyberScoop AMI Platform Key leak undermines Secure Boot on 800+ PC models Chrome will now prompt some users to send passwords for suspicious files | Ars Technica Google Online Security Blog: Improving the security of Chrome cookies on Windows A Senate Bill Would Radically Improve Voting Machine Security | WIRED U.S. told Philippines it made ‘missteps' in secret anti-vax propaganda effort | Reuters Cyber firm KnowBe4 hired a fake IT worker from North Korea | CyberScoop North Korean hacker used hospital ransomware attacks to fund espionage | CyberScoop North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime's Military and Nuclear Programs North Korean hacking group makes waves to gain Mandiant, FBI spotlight | CyberScoop ServiceNow spots sales opportunities post-CrowdStrike outage | Cybersecurity Dive Chaining Three Bugs to Access All Your ServiceNow Data Cyber Supply Chain Risk Management Conference (CySCRM) 2024 | Conference | PNNL

CrowdStrike Outage Has Roots in Microsoft's Antitrust Problems Trump proposes strategic national crypto stockpile at Bitcoin Conference An AI-built vegan cheese went viral. Here's what happened next AT&T February wireless outage blocked more than 92 million calls, agency says Secure Boot is completely broken on 200+ models from 5 big device makers Russia Throttles YouTube Access in Latest Attack on US Social Media (GOOGL) Video game performers to strike over AI concerns EU threatens to fine Meta for saying Facebook is 'free' OpenAI announces SearchGPT, its AI-powered search engine X's new data-sharing experience will train Grok with your Twitter data by default — Here's how to disable it Alexa Is in Millions of Households—and Amazon Is Losing Billions Host: Leo Laporte Guests: Jason Hiner, Owen Thomas, and Parris Lilly Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: motific.ai NetSuite.com/TWIT expressvpn.com/twit panoptica.app 1password.com/twit

CrowdStrike Outage Has Roots in Microsoft's Antitrust Problems Trump proposes strategic national crypto stockpile at Bitcoin Conference An AI-built vegan cheese went viral. Here's what happened next AT&T February wireless outage blocked more than 92 million calls, agency says Secure Boot is completely broken on 200+ models from 5 big device makers Russia Throttles YouTube Access in Latest Attack on US Social Media (GOOGL) Video game performers to strike over AI concerns EU threatens to fine Meta for saying Facebook is 'free' OpenAI announces SearchGPT, its AI-powered search engine X's new data-sharing experience will train Grok with your Twitter data by default — Here's how to disable it Alexa Is in Millions of Households—and Amazon Is Losing Billions Host: Leo Laporte Guests: Jason Hiner, Owen Thomas, and Parris Lilly Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: motific.ai NetSuite.com/TWIT expressvpn.com/twit panoptica.app 1password.com/twit

CrowdStrike Outage Has Roots in Microsoft's Antitrust Problems Trump proposes strategic national crypto stockpile at Bitcoin Conference An AI-built vegan cheese went viral. Here's what happened next AT&T February wireless outage blocked more than 92 million calls, agency says Secure Boot is completely broken on 200+ models from 5 big device makers Russia Throttles YouTube Access in Latest Attack on US Social Media (GOOGL) Video game performers to strike over AI concerns EU threatens to fine Meta for saying Facebook is "free" OpenAI announces SearchGPT, its AI-powered search engine X's new data-sharing experience will train Grok with your Twitter data by default — Here's how to disable it Alexa Is in Millions of Households—and Amazon Is Losing Billions Host: Leo Laporte Guests: Jason Hiner, Owen Thomas, and Parris Lilly Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: motific.ai NetSuite.com/TWIT expressvpn.com/twit panoptica.app 1password.com/twit

CrowdStrike Outage Has Roots in Microsoft's Antitrust Problems Trump proposes strategic national crypto stockpile at Bitcoin Conference An AI-built vegan cheese went viral. Here's what happened next AT&T February wireless outage blocked more than 92 million calls, agency says Secure Boot is completely broken on 200+ models from 5 big device makers Russia Throttles YouTube Access in Latest Attack on US Social Media (GOOGL) Video game performers to strike over AI concerns EU threatens to fine Meta for saying Facebook is "free" OpenAI announces SearchGPT, its AI-powered search engine X's new data-sharing experience will train Grok with your Twitter data by default — Here's how to disable it Alexa Is in Millions of Households—and Amazon Is Losing Billions Host: Leo Laporte Guests: Jason Hiner, Owen Thomas, and Parris Lilly Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: motific.ai NetSuite.com/TWIT expressvpn.com/twit panoptica.app 1password.com/twit

CrowdStrike Outage Has Roots in Microsoft's Antitrust Problems Trump proposes strategic national crypto stockpile at Bitcoin Conference An AI-built vegan cheese went viral. Here's what happened next AT&T February wireless outage blocked more than 92 million calls, agency says Secure Boot is completely broken on 200+ models from 5 big device makers Russia Throttles YouTube Access in Latest Attack on US Social Media (GOOGL) Video game performers to strike over AI concerns EU threatens to fine Meta for saying Facebook is "free" OpenAI announces SearchGPT, its AI-powered search engine X's new data-sharing experience will train Grok with your Twitter data by default — Here's how to disable it Alexa Is in Millions of Households—and Amazon Is Losing Billions Host: Leo Laporte Guests: Jason Hiner, Owen Thomas, and Parris Lilly Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: motific.ai NetSuite.com/TWIT expressvpn.com/twit panoptica.app 1password.com/twit

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: AMI Platform Key leak undermines Secure Boot on 800+ PC models

CrowdStrike Outage Has Roots in Microsoft's Antitrust Problems Trump proposes strategic national crypto stockpile at Bitcoin Conference An AI-built vegan cheese went viral. Here's what happened next AT&T February wireless outage blocked more than 92 million calls, agency says Secure Boot is completely broken on 200+ models from 5 big device makers Russia Throttles YouTube Access in Latest Attack on US Social Media (GOOGL) Video game performers to strike over AI concerns EU threatens to fine Meta for saying Facebook is "free" OpenAI announces SearchGPT, its AI-powered search engine X's new data-sharing experience will train Grok with your Twitter data by default — Here's how to disable it Alexa Is in Millions of Households—and Amazon Is Losing Billions Host: Leo Laporte Guests: Jason Hiner, Owen Thomas, and Parris Lilly Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: motific.ai NetSuite.com/TWIT expressvpn.com/twit panoptica.app 1password.com/twit

Timestamps: 0:00 do that thing you do 0:12 Ryzen 9000 delay and Intel fix 1:45 OpenAI unveils SearchGPT 3:16 Secure Boot breaks 5:19 QUICK BITS INTRO 5:28 Epic Games and AltStore 6:04 Google Pixel 9 leaks 6:42 Wireless Android in W11 File Explorer 7:23 NASA tests space lasers News Sources: https://lmg.gg/YXekY Learn more about your ad choices. Visit megaphone.fm/adchoices

KnowBe4 di not know before they hired a North Korean Hacker!, AL Models are collapsing because they are using their own output, Crowdstrike mess with Delta, Secure Boot broken, My new Mac PC missing my music, Crowdstrike mess we need to improve, Norton 360 and Malwarebytes at the same time, What is the best internet for me?  

Get the latest Patch Tuesday releases, mitigation tips, and learn about custom automations (aka Automox Worklets) that can help you with CVE remediations.

In the podcast episode, Dave Sobel delves deep into Apple's WWDC event, highlighting key announcements and advancements in AI technology. Apple introduced Apple Intelligence, an AI system for their devices, showcasing practical and familiar features like Siri upgrades and integration with OpenAI's Chat GPT. The event also unveiled new AI features across various Apple platforms, emphasizing a user-friendly and personalized approach to AI technology. Notably, the introduction of a calculator app for the iPad received a significant cheer from the audience, showcasing the importance of user-centric features.One of the most intriguing aspects discussed in the episode is Apple's Private Cloud Compute, a privacy-centric AI processing system designed to ensure data privacy and security. The innovative architecture of PCC utilizes Apple Silicon servers with advanced security measures like Secure Enclave and Secure Boot, emphasizing data protection and transparency. The episode highlights how Apple's approach to AI technology differs from other tech giants, focusing on privacy and user empowerment. The integration of PCC with Apple Intelligence showcases a thoughtful solution built around privacy and security.Dave emphasizes the significance of Apple's AI strategy, which seamlessly integrates AI technology into the operating system, making it accessible to all Apple users without additional fees. The episode underscores the role of IT service providers in understanding and leveraging AI features for their customers, emphasizing the importance of advice, guidance, and consulting work in implementing AI technology effectively. Apple's responsible AI principles, focusing on user empowerment, representation, design, and privacy, set a high standard for AI development and transparency, serving as a valuable case study for providers working with customers.In conclusion, the episode highlights the evolving landscape of AI technology and the importance of privacy and user-centric design in AI development. Dave encourages IT service providers to prepare for the integration of Apple's AI technology into their services, emphasizing the need for readiness and understanding of AI features for customer engagement. The episode provides insights into Apple's innovative approach to AI technology and the implications for the tech industry, setting a benchmark for responsible AI development and user privacy. Three things to know today. 00:00 Apple's WWDC 2024 Announcements04:38 A look at Apple's Private Cloud Compute07:17 Apple's AI Framework, and what providers can learn. Supported by:  https://trinitycyber.com/msp4/  All our Sponsors:   https://businessof.tech/sponsors/    Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/ Support the show on Patreon: https://patreon.com/mspradio/ Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessoftech.bsky.social

We're on the ground live at NixCon and SCaLE. We catch up with old friends, and discover how Nix is devouring the Linux world one function at a time.

První díl série na téma „Nelehké soužití software a hardware“ zkoumá příchod Windows 11 a s ním spojené hardwarové požadavky, které posílají do penze mnoho starších zařízení. Ponoříme se do konkrétních technických aspektů spojených s Windows 11, včetně UEFI vs. BIOS, bezpečnostních prvků jako Secure Boot a důležitosti TPM 2.0. Dále se vydáváme na filozofické dobrodružství, zkoumající dualismus těla a duše od starověkých Egypťanů přes Platóna a Aristotela až po moderní neurovědu. Prozkoumáváme analogii mezi tělem a duší jako metaforou pro vztah hardware a software a připomínáme si významnou postavu von Neumanna. Poslechněte si ostatní Wolfcasty, historický přehled naleznete na retronation.cz.

We kick off with a report from BleepingComputer about Ov3r_Stealer malware, a devious program disseminated through Facebook job ads, illustrating the ever-present dangers lurking on social media. Then, we pivot to a strategic cyber assault attributed to Chinese hackers exploiting a FortiGate vulnerability to breach Dutch military defenses, as detailed by The Hacker News. Wrapping up, we delve into the Linux world, confronting a dire remote code execution flaw in the shim bootloader that threatens every distribution supporting Secure Boot, a saga reported by Dark Reading and the NVD. Tune in to decrypt the complexities of cybersecurity in our digital age. Ov3r_Stealer Malware Alert: Read more at BleepingComputer Dutch Military Cyber Breach: Read more at The Hacker News Linux Bootloader Vulnerability Exposed: NVD CVE-2023-40547 & Dark Reading Article

A bit of a game special this week, with a Counter-Strike: Global Offensive vulnerability and an exploit for Factorio. We also have a Linux kernel bug and a Chromecast secure-boot bypass with some hardware hacking mixed in. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/236.html [00:00:00] Introduction [00:00:25] Exploring Counter-Strike: Global Offensive Attack Surface [00:26:22] Exploiting a Factorio Buffer Overflow [00:31:46] io_uring: __io_uaddr_map() handles multi-page region dangerously [00:39:25] Chromecast with Google TV (1080P) Secure-Boot Bypass [00:51:58] exploits.club The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

Dr. Yuriy Bulygin is the CEO and founder of Eclypsium, the digital supply chain security company that helps organizations protect their critical hardware, firmware, and software. Prior to Eclypsium, Yuriy was Chief Threat Researcher and led the Microprocessor Security Analysis team at Intel Corporation, as well as the Advanced Threat Research team at Intel Security. He is also the creator of CHIPSEC, the popular open-source firmware and hardware supply chain security assessment framework. When enterprises started using CHIPSEC to find vulnerabilities, discover compromised firmware, or just poke around hardware systems, Yuriy founded Eclypsium with Alex Bazhaniuk. Since then Eclypsium has been on a mission to protect devices from supply chain risks.In this interview, Yuriy highlights the potential vulnerabilities in the firmware (software running the hardware) in today's digital devices, and the risk posed by threat actors.Using a typical PC as an example, which involves contributions from over 265 suppliers, each with its components and code, he notes the ubiquity of software, and liken the supply chain of such a device to a “Wild West”:“at any point in the supply chain, at any of those links in the supply chain, a compromise may happen”, and “ all of these components and all the code that is developed by those suppliers and vendors has vulnerabilities.”He elaborated that “even if it's OK now … 3 months from now, it can be compromised because of those vulnerabilities.”To give an example, he referenced the recently discovered threat in the wild – “BlackLotus”, an evolution of threats based on open-source frameworks – e.g. Lojax, MosaicRegressor, Moon bounce - discovered in the past 3 to 4 years. He highlighted the characteristics of such threats:• These UEFI compromises allow attackers to compromise equipment remotely, for access or persistent malware installation. • They cannot be removed by reinstalling operating system or reimaging or even replacing the hard drive.• BlackLotus exploitation of the UEFI system vulnerabilities, particularly the Secure Boot - a fundamental security feature adopted by modern operating systems - sets it apart as an advanced threat, marking the first instance of such threats discovered "in the wild."He explained that compromising firmware is attractive for threat actors for many reasons:• Stay hidden: Detection and protection controls operate at the software application level and above, but there is no equivalent for firmware.• Achieve "Persistence" - where traditional mitigation measures cannot remove the malware/threats.• Simplicity – for example, exploiting firmware vulnerabilities to gain access is much simpler than developing a very complicated exploit chain.• Gain high privileges – Remain hidden and persistent while gaining high level of privileges.To mitigate against malicious firmware implants, Yuriy suggested, (a) assess the supply chain risks (e.g. potential vulnerabilities and threats introduced during procurement and deployment), (b) continuous monitoring of system integrity, (c) implement specialized technologies designed for malicious firmware detection. Recorded at Singapore International Cyber Week / Govware 2023 – 18th October 2023, 3pm.#mysecuritytv #govware #sicw

On this week's episode of the podcast I have an update about the recently disclosed Secure Boot vulnerability, a major milestone reached for quantum computing, new org charts templates in Visio and much more! Reference Links: https://www.rorymon.com/blog/secure-boot-vulnerability-may-takes-months-to-patch-keepass-password-leak/

Resulting from a recent ransomware attack, a private key from Intel has been exposed, affecting more than a hundred OEM components and an unknown number of end user products. We explain what happened and its possible implications.

A common business-oriented language. Patch Tuesday. Secure Boot (without the "Secure" part). Apple zero-days. World-readable garage doors. Motherboard malware threats. Original music by Edith Mudge (https://www.edithmudge.com) Email tips@sophos.com Twitter @NakedSecurity

Catch up on the cybersecurity and tech news of the week with Don, Dan, and Sophie as they cover the latest. This week in tech, it’s all about Microsoft as it begins force-installing its Defender app on Windows 10 and 11 users, AI-powered Bing Chats showed up in Windows 11 taskbars, and Mac users no longer need a paid Microsoft 365 subscription to use Outlook. In security news this week, BlackLotus became the first malware to bypass Secure Boot. In this week’s “Who Got Pwned?” segment, Dish Network employees and customers were kicked offline by a likely cyber-attack. Finally, in Behind Bars, suspects likely from the ransomware family known as DoppelPaymer were arrested in Germany and Ukraine along with their equipment.

0:00 this one's a bit confusing 0:13 YouTube updates ad-friendly guidelines 1:24 Meta's GPT competitor leaks 2:20 Black Lotus malware bypasses Secure Boot 3:19 Grammarly 4:03 QUICK BITS 4:10 ChatGPT now in Slack, DuckDuckGo, and more 4:44 Ring continues giving police footage 5:36 Fairphone 2 end-of-life 6:17 Google One expands VPN, dark web monitoring 6:57 Romania hires AI advisor News Sources: https://lmg.gg/OwrQe

On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Why the White House's cybersecurity strategy is actually quite good The LastPass breach was probably DPRK UEFI bootkits are going downmarket, and this is bad GitHub will scan repos for secrets A look at some interesting DJI drone research Much, much more This week's show is brought to you by Airlock Digital. Two of Airlock's founders – Daniel Schell and David Cottingham – are this week's sponsor guests. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that's your thing. * NOTE: We now think LastPass was likely not DPRK. It's complicated and we'll explain why we think we got this wrong in next week's show Show notes Risky Biz News: White House unveils National Cybersecurity Strategy White House looks to put cybersecurity pressure on companies Surveillance oversight board member explores concerns about Section 702 renewal | CyberScoop Secret Service and ICE conducted warrantless stingray surveillance, says watchdog | TechCrunch LastPass Hack: Engineer's Failure to Update Plex Software Led to Massive Data Breach Give Me E2EE or Give Me Death - by Tom Uren Stealthy UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw | Ars Technica GitHub's secret scanning alerts now available for all public repos This Hacker Tool Can Pinpoint a DJI Drone Operator's Exact Location | WIRED Hackers steal gun owners' data from firearm auction website | TechCrunch New ATM Malware 'FiXS' Emerges - SecurityWeek US government warns Royal ransomware is targeting critical infrastructure | TechCrunch Ransomware gang posts breast cancer patient photos from Pennsylvania health network to dark web Hospital Clínic de Barcelona severely impacted by ransomware attack Hackers Release Data Stolen in Oakland Ransomware Attack – NBC Bay Area Salt Labs | Traveling with OAuth - Account Takeover on Booking.com Google adds client-side encryption to Gmail and Calendar. Should you care? | Ars Technica The life-upending flaw that USPS won't fix | TechCrunch Powerful Meta large language model widely available online | CyberScoop We're going teetotal: It's goodbye to The Daily Swig | The Daily Swig

On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Why the White House's cybersecurity strategy is actually quite good The LastPass breach was probably DPRK UEFI bootkits are going downmarket, and this is bad GitHub will scan repos for secrets A look at some interesting DJI drone research Much, much more This week's show is brought to you by Airlock Digital. Two of Airlock's founders – Daniel Schell and David Cottingham – are this week's sponsor guests. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that's your thing. * NOTE: We now think LastPass was likely not DPRK. It's complicated and we'll explain why we think we got this wrong in next week's show Show notes Risky Biz News: White House unveils National Cybersecurity Strategy White House looks to put cybersecurity pressure on companies Surveillance oversight board member explores concerns about Section 702 renewal | CyberScoop Secret Service and ICE conducted warrantless stingray surveillance, says watchdog | TechCrunch LastPass Hack: Engineer's Failure to Update Plex Software Led to Massive Data Breach Give Me E2EE or Give Me Death - by Tom Uren Stealthy UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw | Ars Technica GitHub's secret scanning alerts now available for all public repos This Hacker Tool Can Pinpoint a DJI Drone Operator's Exact Location | WIRED Hackers steal gun owners' data from firearm auction website | TechCrunch New ATM Malware 'FiXS' Emerges - SecurityWeek US government warns Royal ransomware is targeting critical infrastructure | TechCrunch Ransomware gang posts breast cancer patient photos from Pennsylvania health network to dark web Hospital Clínic de Barcelona severely impacted by ransomware attack Hackers Release Data Stolen in Oakland Ransomware Attack – NBC Bay Area Salt Labs | Traveling with OAuth - Account Takeover on Booking.com Google adds client-side encryption to Gmail and Calendar. Should you care? | Ars Technica The life-upending flaw that USPS won't fix | TechCrunch Powerful Meta large language model widely available online | CyberScoop We're going teetotal: It's goodbye to The Daily Swig | The Daily Swig

0:00 James didn't watch Clone Wars 0:12 Google layoffs, ChatGPT fears 1:36 Twitter bans third-party clients 2:58 MSI motherboards Secure Boot issue 4:26 Hetzner 5:12 QUICK BITS 5:24 T-Mobile data breach 5:57 KFC, Taco Bell, Pizza Hut ransomware attack 6:28 RX 6000 GPUs killed by washing? 7:19 Cablemod 12VHPWR cable melts 7:52 Wizards of the Coast apologizes NEWS SOURCES: https://lmg.gg/HcnjR

PSA: Why you must run an ad blocker when using Google https://isc.sans.edu/diary/PSA%3A%20Why%20you%20must%20run%20an%20ad%20blocker%20when%20using%20Google/29438 NortonLifeLock Password Manager Bruteforcing https://webcache.googleusercontent.com/search?q=cache%3A91Bmx_jTJIkJ%3Ahttps%3A%2F%2Fago.vermont.gov%2Fwp-content%2Fuploads%2F2023%2F01%2F2023-01-09-NortonLifeLock-Gen-Digital-Data-Breach-Notice-to-Consumers.pdf&cd=3&hl=de&ct=clnk&gl=de CVE-2023-0179 Linux kernel stack buffer overflow in nftables: PoC and writeup https://seclists.org/oss-sec/2023/q1/20 MSI (in)Secure Boot https://dawidpotocki.com/en/2023/01/13/msi-insecure-boot/

PSA: Why you must run an ad blocker when using Google https://isc.sans.edu/diary/PSA%3A%20Why%20you%20must%20run%20an%20ad%20blocker%20when%20using%20Google/29438 NortonLifeLock Password Manager Bruteforcing https://webcache.googleusercontent.com/search?q=cache%3A91Bmx_jTJIkJ%3Ahttps%3A%2F%2Fago.vermont.gov%2Fwp-content%2Fuploads%2F2023%2F01%2F2023-01-09-NortonLifeLock-Gen-Digital-Data-Breach-Notice-to-Consumers.pdf&cd=3&hl=de&ct=clnk&gl=de CVE-2023-0179 Linux kernel stack buffer overflow in nftables: PoC and writeup https://seclists.org/oss-sec/2023/q1/20 MSI (in)Secure Boot https://dawidpotocki.com/en/2023/01/13/msi-insecure-boot/

Fungible, rounded corners, Xbox Oreos, the AI wave Microsoft invested $1 billion in OpenAI in 2019 Surface Pro X, also from 2019, featured the first-ever NPU in a Surface product Eye contact announced in 2020 - requires NPU Windows Studio Effects announced at hybrid work event in April 2021 - adds Voice clarity, Voice focus, Automatic framing, Portrait blur, and Background blur to Eye contact Windows Dev Kit 2023 (Volterra) arrives in late 2022 with NPU Did Microsoft just soft announce Windows 12? Panos Panay awkwardly joins Lisa Su at AMD announcement at CES. Still, this is potentially huge Let's not forget VALL-E Now, Microsoft is reportedly seeking to expand its OpenAI partnership with $10 billion investment, could lead to 49 percent ownership stake Windows 7 + Windows 8.1 are on a farm chasing rabbits Microsoft issues the final Patch Tuesday updates for Windows 7 and 8.1. They're dead, Jim. And ... oddly, Microsoft added Secure Boot to Windows 7 at the last second Windows 7 was beloved, Windows 8 was reviled, both were horribly misunderstood More Windows First Windows Insider builds of 2023 reveal more UI tinkering Android 13 comes to WSA in the Insider Program Preliminary results (from IDC) confirm what we knew about the PC industry in 2022 Surface + devices After claiming that Surface Duo remained important, rumors of major Surface Duo developments, um, surface - Microsoft to move to folding display design, could add standalone phone And let's not forget this little patent from 2017! Microsoft launches shared device mode for frontline workers Microsoft Microsoft announces Microsoft 365 Basic - what used to be called OneDrive 100 GB Standalone plan Microsoft acquires Fungible for $190 million (estimated) There's a Microsoft education event coming in February Tips and picks Tip of the week: Install Windows Subsystem for Android correctly App pick of the week: BitWarden Enterprise pick of the week: Local Administrator Password Solution V2 Bourbon pick of the week: Angel's Envy Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsor: cachefly.com

Fungible, rounded corners, Xbox Oreos, the AI wave Microsoft invested $1 billion in OpenAI in 2019 Surface Pro X, also from 2019, featured the first-ever NPU in a Surface product Eye contact announced in 2020 - requires NPU Windows Studio Effects announced at hybrid work event in April 2021 - adds Voice clarity, Voice focus, Automatic framing, Portrait blur, and Background blur to Eye contact Windows Dev Kit 2023 (Volterra) arrives in late 2022 with NPU Did Microsoft just soft announce Windows 12? Panos Panay awkwardly joins Lisa Su at AMD announcement at CES. Still, this is potentially huge Let's not forget VALL-E Now, Microsoft is reportedly seeking to expand its OpenAI partnership with $10 billion investment, could lead to 49 percent ownership stake Windows 7 + Windows 8.1 are on a farm chasing rabbits Microsoft issues the final Patch Tuesday updates for Windows 7 and 8.1. They're dead, Jim. And ... oddly, Microsoft added Secure Boot to Windows 7 at the last second Windows 7 was beloved, Windows 8 was reviled, both were horribly misunderstood More Windows First Windows Insider builds of 2023 reveal more UI tinkering Android 13 comes to WSA in the Insider Program Preliminary results (from IDC) confirm what we knew about the PC industry in 2022 Surface + devices After claiming that Surface Duo remained important, rumors of major Surface Duo developments, um, surface - Microsoft to move to folding display design, could add standalone phone And let's not forget this little patent from 2017! Microsoft launches shared device mode for frontline workers Microsoft Microsoft announces Microsoft 365 Basic - what used to be called OneDrive 100 GB Standalone plan Microsoft acquires Fungible for $190 million (estimated) There's a Microsoft education event coming in February Tips and picks Tip of the week: Install Windows Subsystem for Android correctly App pick of the week: BitWarden Enterprise pick of the week: Local Administrator Password Solution V2 Bourbon pick of the week: Angel's Envy Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsor: cachefly.com

Fungible, rounded corners, Xbox Oreos, the AI wave Microsoft invested $1 billion in OpenAI in 2019 Surface Pro X, also from 2019, featured the first-ever NPU in a Surface product Eye contact announced in 2020 - requires NPU Windows Studio Effects announced at hybrid work event in April 2021 - adds Voice clarity, Voice focus, Automatic framing, Portrait blur, and Background blur to Eye contact Windows Dev Kit 2023 (Volterra) arrives in late 2022 with NPU Did Microsoft just soft announce Windows 12? Panos Panay awkwardly joins Lisa Su at AMD announcement at CES. Still, this is potentially huge Let's not forget VALL-E Now, Microsoft is reportedly seeking to expand its OpenAI partnership with $10 billion investment, could lead to 49 percent ownership stake Windows 7 + Windows 8.1 are on a farm chasing rabbits Microsoft issues the final Patch Tuesday updates for Windows 7 and 8.1. They're dead, Jim. And ... oddly, Microsoft added Secure Boot to Windows 7 at the last second Windows 7 was beloved, Windows 8 was reviled, both were horribly misunderstood More Windows First Windows Insider builds of 2023 reveal more UI tinkering Android 13 comes to WSA in the Insider Program Preliminary results (from IDC) confirm what we knew about the PC industry in 2022 Surface + devices After claiming that Surface Duo remained important, rumors of major Surface Duo developments, um, surface - Microsoft to move to folding display design, could add standalone phone And let's not forget this little patent from 2017! Microsoft launches shared device mode for frontline workers Microsoft Microsoft announces Microsoft 365 Basic - what used to be called OneDrive 100 GB Standalone plan Microsoft acquires Fungible for $190 million (estimated) There's a Microsoft education event coming in February Tips and picks Tip of the week: Install Windows Subsystem for Android correctly App pick of the week: BitWarden Enterprise pick of the week: Local Administrator Password Solution V2 Bourbon pick of the week: Angel's Envy Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsor: cachefly.com