Listen Now

Picture of the Week. Crypto is Hard. VirusTotal: Deception at a scale. Windows 11 might damage encrypted data. Microsoft Defender External Attack Surface Management. Closing The Loop. Daniel Bernstein sues the NSA. The Maker's Schedule. We invite you to read our show notes at https://www.grc.com/sn/SN-883-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow expressvpn.com/securitynow drata.com/twit

Picture of the Week. Atlassian's "Confluence" under attack. LS-Anvil. Google delays Chrome's cookie phase-out again. Attacker responding to loss of Office Macros. SpinRite. Closing The Loop. RIP: Nichelle Nichols. "The Dropout" on Hulu and "WeCrashed" on AppleTV+. Winamp releases new version after four years in development. Rowhammer's Nine Lives. We invite you to read our show notes at https://www.grc.com/sn/SN-882-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: tanium.com/twit itpro.tv/securitynow use code: SN30 grammarly.com/securitynow

Picture of the Week. Patch Tuesday Redux Redux. Windows 11 Start button failure. The continuing saga of Windows VBA macros. Windows 11 now blocks RDP brute-force attacks by default. Black Hat and DefCon coming soon. SpinRite. pfSense and TailScale. Closing The Loop. The MV720. We invite you to read our show notes at https://www.grc.com/sn/SN-881-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Melissa.com/twit bitwarden.com/twit barracuda.com/securitynow

Picture of the Week. The Rolling Pwn, take II. The great IPv4 Address Space Depletion. Confronting Reality in Cyberspace: Foreign Policy for a Fragmented Internet. Facebook has started encrypting its link URLs. Crack iOS 16's "Lockdown Mode", earn $2 million. ClearView AI faces some new headwind. Ransomware gangs are getting into the searchable database game, too... Roskomnadzor strikes again! Last Tuesday's Patches. SpinRite. Closing The Loop. RetBleed. We invite you to read our show notes at https://www.grc.com/sn/SN-880-Notes.pdf Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: newrelic.com/securitynow drata.com/twit wwt.com/twit

 Picture of the Week.   OpenSSL's Patch For Heap Memory Corruption Vulnerability.   NIST Announces First Four Quantum-Resistant Cryptographic Algorithms.   Yubico donated 30,000 Yubikeys to Ukraine.   Apple's new extreme "Lockdown Mode".   Microsoft to re-enable Office Macros.   This Is the Code the FBI Used to Wiretap the World.   Closing The Loop.   The Rolling Pwn. We invite you to read our show notes at https://www.grc.com/sn/SN-879-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow tanium.com/twit canary.tools/twit - use code: TWIT

 Picture of the week.  Chrome's fourth zero-day of 2022.  Mozilla's new Firefox privacy-enhancing feature.  HackerOne discloses a malicious insider incident.  Closing the loop.  The ZuoRAT. We invite you to read our show notes at https://www.grc.com/sn/SN-878-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: ZipRecruiter.com/securitynow itpro.tv/securitynow promo code SN30 tanium.com/twit

Picture of the Week. Errata: Firefox's "Total Cookie Protection" 3rd Party FIDO2 Authenticators Germany's not buying the EU's proposal which subverts encryption The Conti Gang have finally pulled the last plug Log4J and Log4Shell is alive and well The '311' emergency number proposal 56 Insecure-By-Design Vulnerabilities "Long Story Short" Closing The Loop The "Hertzbleed" Attack We invite you to read our show notes at https://www.grc.com/sn/SN-877-Notes.pdf Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit barracuda.com/securitynow Melissa.com/twit

Picture of the Week. Double Decryption (Last week's key-strength puzzler). 3rd Party Authenticators. Firefox: Total Cookie Protection. We keep breaking DDoS attack records. MS-DFSNM. An Apple Safari regression. One Million WordPress sites force-updated. High-Severity RCE in Fastjson Library. Miscellany. Closing The Loop. Microsoft's Patchy Patches. We invite you to read our show notes at https://www.grc.com/sn/SN-876-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: privacy.com/securitynow newrelic.com/securitynow expressvpn.com/securitynow

Picture of the Week. Apple's Passkeys presentation at WWDC 2022. WebAuthn. FREE Penetration Testing course with Kali Linux. Proof of Simulation. A valid use for facial recognition: The Smart Pet Door! Closing The Loop. The PACMAN Attack. We invite you to read our show notes at https://www.grc.com/sn/SN-875-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: plextrac.com/twit NetFoundry.io/TWIT canary.tools/twit - use code: TWIT

Picture of the Week. ServiceNSW Responds. ExpressVPN pulls the plug in India. And speaking of pulling the plug. "Follina" under active exploitation. And a Windows Search URL schema can be abused, too. "Critical UNISOC Chip Vulnerability Affects Millions of Android Smartphones". Ransomware sanctions are causing trouble. Conti spotted compromising motherboard firmware. Errata. Closing the Loop. Passkeys, Take 2. We invite you to read our show notes at https://www.grc.com/sn/SN-874-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: itpro.tv/securitynow promo code SN30 cloud.jumpcloud.com/securitynow bitwarden.com/twit