• Picture of the Week.
• iSpoof you no more.
• Here come the Freebie Bots!
• Anatomy of the real-time Cryptocurrency heist.
• Lookin' for something to do?
• Boa server vulnerability.
• The dilemma of closed-source Chinese networking products.
• The Cyber Defense Index.
• Malicious Docker Hub images.
• Since we've been tracking 0-days for a while.
• CISA on Mastodon.
• Miscellany.
• Closing The Loop.
• SpinRite.

Show Notes https://www.grc.com/sn/SN-899-Notes.pdf
 

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• kolide.com/securitynow
• plextrac.com/twit
• nordlayer.com/twit

• Picture of the Week.
• Firefox v107 was released last Tuesday.
• Google settles for a cool $391.5 million.
• Red Hat Signing its ZIP file Packages.
• The FBI purchased Pegasus for "research and development purposes".
• Greece bought Predator for €7 million.
• A passkeys support directory.
• Quantum decryption deadline.
• Attorneys General ask the FTC for online privacy regulation.
• Closing The Loop.
• SpinRite.
• Wi-Peep.

Show Notes https://www.grc.com/sn/SN-898-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• tanium.com/twit
• barracuda.com/securitynow
• Secureworks.com/twit

• Picture of the Week.
• Patch Tuesday review.
• Shennina Framework - Automating Host Exploitation with AI.
• GitHub's welcome new feature.
• Three LightSpeed vulnerabilities.
• Shufflecake: Plausible deniability encrypted Linux volumes.
• Australia has decided to get proactive!
• Apple's iOS 16.1.1 everyone file sharing time-limits to 10 minutes in China.
• A couple of Decentralized Finance notes because I can't help myself.
• "The Helm" was unable to survive COVID-19.
• Elon meets Twitter.
• Closing The Loop.
• SpinRite.
• Memory-Safe Languages.

Show Notes - https://www.grc.com/sn/SN-897-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• bitwarden.com/twit
• expressvpn.com/securitynow
• grammarly.com/tone

• Picture of the Week.
• A minor Dropbox breach.
• OpenSSL follow-up.
• FTC sued and settled with a repeated offender.
• $1.2 billion in reported ransomware payments during 2021.
• Akamai's Q3 Threat Report.
• Initial Access Brokerages.
• How do today's bank heists work?
• De-Fi De-struction De-jour.
• Russia moves to Linux.
• We're The Red Cross. Don't attack us, please!
• Where there's a will, there's a way.
• From China with Love.
• The UK's NCSC scan plan.
• Miscellany.
• Closing The Loop.
• SpinRite.

We invite you to read our show notes at https://www.grc.com/sn/SN-896-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• canary.tools/twit - use code: TWIT
• drata.com/twit

• Picture of the Week.
• Windows driver blocklist to be updated next Tuesday.
• More Microsoft shenanigans.
• An upcoming OpenSSL CRITICAL vulnerability update -- get ready!
• A new TCP/IP RCE in Windows.
• A study of malicious CVE proof of concept exploits in GitHub.
• "Stranger Strings" : An exploitable flaw in SQLite.
• PayPal to add support for Passkeys.
• A browser exploitation tutorial!
• Kathleen Booth: July 9th, 1922 – September 29, 2022.
• Closing The Loop.
• SpinRite.
• After 20 years in GCHQ.

We invite you to read our show notes at https://www.grc.com/sn/SN-895-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• nordlayer.com/twit
• kolide.com/securitynow
• itpro.tv/securitynow

• Picture of the Week.
• Firefox 106 is out.
• Google's Open Source IoT KataOS and Sparrow.
• This Week in CryptoCurrency Craziness.
• New Windows 0-day bypasses executable security checks.
• Apple's 9th 0-day of the year bites the dust.
• The evolutionary demise of banking malware.
• VMWare's Critical CVSS 9.8 Update.
• Closing The Loop.
• Miscellany.
• Data Breach Responsibility.

We invite you to read our show notes at https://www.grc.com/sn/SN-894-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• drata.com/twit
• Secureworks.com/twit
• barracuda.com/securitynow

• Picture of the Week.
• Microsoft "Won't Fix".
• Malicious Kernel Drivers.
• Microsoft has finally added an RSS feed for Windows Updates!
• Passkeys [dot] Dev.
• Largest DDoS attack.
• Signal will be dropping its SMS/MMS support.
• Brute-force protection for Windows local admin accounts.
• Other than that...
• SpinRite.
• Closing The Loop.
• xchg rax, rax and "xorpd"
• ZimaBoard Goodness.
• Password Change Automation.

We invite you to read our show notes at https://www.grc.com/sn/SN-893-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• wwt.com/twit
• canary.tools/twit - use code: TWIT
• expressvpn.com/securitynow

• Picture of the Week.
• Breach of Customer Information
• Meta-targeted Malware
• Uber's Chief Security Officer Found Guilty
• More Cryptocurrency Chaos
• The UK to drop GDPR
• Summer Internship with the NSA
• Many Incident Responders are Stressed Out
• Microsoft's newest dual 0-day Exchange Fumbles
• SpinRite news
• ZimaBoard
• Closing the Loop
• Source Port Randomization

We invite you to read our show notes at https://www.grc.com/sn/SN-892-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• Secureworks.com/twit
• newrelic.com/securitynow
• bitwarden.com/twit

• Picture of the Week. (What Could Possibly Go Wrong)
• Microsoft Teams - Unecessarily Insecure
• Roskomnadzor blocks Soundcloud
• Microsoft Exchange Server Under Attack Again
• I'm (Still) Not a Robot!
• Google TAG History
• Closing the Loop
• Poisoning Akamai

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• ziprecruiter.com/securitynow
• itpro.tv/securitynow
• kolide.com/securitynow

• Picture of the Week.
• Can't have it both ways.
• Denmark has become the fourth EU member to rule that the use of Google Analytics is illegal.
• Rockstar Games hacker is busted!
• Mozilla says: No fair!
• Vivaldi, Manifest V3, webRequest, and ad blockers.
• Sticky Chrome vulnerabilities.
• SMB authentication rate limiter now on by default in Windows Insider.
• US bill to secure FOSS software.
• Iran vs Albania.
• Closing The Loop.
• The Silver Ships.
• SpinRite.
• DarkNet Politics.

We invite you to read our show notes at https://www.grc.com/sn/SN-890-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• grammarly.com/securitynow
• Secureworks.com/twit
• drata.com/twit

• Picture of the Week.
• This is Patch News-Day.
• Lloyd's of London backing away from Cyber-Insurance.
• Uber Oops!
• Rockstar Games: Grand Theft Auto 6 Massive Leak.
• LastPass Breach Update.
• A CVSS 9.8 for WordPress.
• What cost, Security?
• Use-after-freedom: Google's "MiraclePtr"
• Closing The Loop.
• Spell-Jacking.

We invite you to read our show notes at https://www.grc.com/sn/SN-889-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• barracuda.com/securitynow
• bitwarden.com/twit
• tanium.com/twit

• Picture of the Week.
• Cyberwarfare: Albania vs Iran.
• Crypto Heist — this or that.
• The White House "Tech Platform Accountability" Listening Session.
• Changes to the Dutch Intelligence Law.
• Another QNAP mess.
• D-Link's being taken over by MooBot.
• Sci-Fi Discovery: "The Silver Ships".
• Closing The Loop.
• The EvilProxy Service.

We invite you to read our show notes at https://www.grc.com/sn/SN-888-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• expressvpn.com/securitynow
• canary.tools/twit - use code: TWIT
• newrelic.com/securitynow

• Picture of the Week.
• Google's (newest) Open Source Software Vulnerability Rewards Program.
• Did TikTok leak 2.05 BILLION User Records?
• An urgent Chrome update patches new 0-day flaw.
• Permission-less Browser Clipboard Write.
• Nearly 1/3 of the packages in PyPI trigger an automatic code execution upon download.
• A Quantum Hype Bubble?
• All of the BlackHat 2022 Presentation Slides PDFs.
• Csurf NPM library mistake.
• SpinRite.
• Closing The Loop.
• Sci-Fi Discovery: "The Silver Ships"
• Embedding AWS Credentials.

We invite you to read our show notes at https://www.grc.com/sn/SN-887-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• itpro.tv/securitynow promo code SN30
• kolide.com/securitynow

• Picture of the Week.
• LastPass Breached.
• The US Federal Trade Commission filed a lawsuit against data broker Kochava.
• The US Federal Communications Commission launched an investigation into mobile carriers' geolocation data practices.
• California, here I come!
• A conversation with a Ransomware Attacker.
• DuckDuckGo's Privacy-Enhanced eMail Forwarding.
• Another IoT mess care of "Hikvision"
• SpinRite.
• Closing The Loop.
• Wacky Data Exfiltration.

We invite you to read our show notes at https://www.grc.com/sn/SN-886-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• Secureworks.com/twit
• grammarly.com/securitynow

• VIDEO of the Week
• Crashing Laptop Computers With Janet Jackson
• RealTek SoC flaw affects many millions of IoT devices
• 46 Million RPS - requests per second
• Chrome's 5th 0-Day of 2022
• Apple: Not to be left behind...
• RubyGems to require MFA
• Closing The Loop: Domain Name Ownership
• Closing The Loop: Growing in Cybersecurity
• The Bumblebee Loader

We invite you to read our show notes at https://www.grc.com/sn/SN-885-Notes.pdf

Hosts: Leo Laporte and Steve Gibson

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• canary.tools/twit - use code: TWIT
• barracuda.com/securitynow
• Melissa.com/twit