Listen Now

SolarWinds smoking gun, Signal influx of WhatsApp users, male chastity cage. Firefox and Chromium updates address remote system take over bugs. Tenable researchers reported a critical Chromium bug. What Firefox's backspace key does and should do. How Ryuk malware operations netted $150 million via cryptocurrency exchange. Intel: A triumph of marketing over technology. The strange case of the Male Chastity Cage. A SolarWinds smoking gun? "Sunburst backdoor." A class action lawsuit filed by shareholders of SolarWinds stock. The "Krebs Stamos Group" Zyxel security endpoints under attack. WhatsApp revises their privacy policy. Signal sees a mass influx of WhatsApp users. Out with the old: A look at the history of SpinRite code. We invite you to read our show notes at https://www.grc.com/sn/SN-801-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: WWT.COM/TWIT barracuda.com/securitynow

SolarWinds' Orion software, swatting goes IoT, PHP Zend Framework vulnerability. Chrome struggles with A/V pre-scan file locking. Zyxel security products protected by a single redundant password. How Swatters are using IoT devices to increase the terror. A new serious problem in the PHP Zend Framework on WordPress. Bitcoin woes as value reaches new peaks. ReadSpeed, SSD's, and SpinRite. A new flaw discovered in SolarWinds' Orion software. We invite you to read our show notes at https://www.grc.com/sn/SN-800-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsor: itpro.tv/securitynow promo code SN30

Ransomware Task Force, Chrome 87, Firefox caches, preserving Flash video. Chrome 87 backs away from Insecure Form Warnings. Firefox to begin partitioning its caches. Browsers say no to Kazakhstan again. Announcing the RTF - The Ransomware Task Force. 5 million WordPress sites in critical danger. Treck's TCP/IO stack strikes again! Preserving Flash content online. SpinRite: ReadSpeed is ready! InitDisk is at release 5. Numerous updates on SolarWind, Sunburst, and Supernova. We invite you to read our show notes at https://www.grc.com/sn/SN-799-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Leo Laporte walks through some of the highlights of the show and most impactful stories of 2020. Stories include: Clearview AI face scanning. The "EARN IT" act. Zoom security issues. Why contact tracing apps won't work. How to prevent the next Twitter hack Ring's autonomous flying home security webcam. Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Chrome throttling ads, Google outage, 2020 Pwnie Awards, JavaScript's 25th birthday. Chrome's heavy ad intervention. Adrozek. Ransomware: "Double Extortion." A 0-click wormable vulnerability in D-Link VPN servers. Google suffered an outage. Amnesia:33. Zero-day in WordPress SMTP plugin. The 2020 Pwnie Awards. The end of Flash. JavaScript is celebrating its 25th birthday. InitDisk release 4 published. A deep look at the SolarWinds hack. We invite you to read our show notes at https://www.grc.com/sn/SN-797-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: barracuda.com/securitynow WWT.COM/TWIT canary.tools/twit - use code: TWIT

Google Play Core Library, iOS zero-click radio proximity exploit, Apple M1 chip. Ransomware news regarding Foxconn, Egregor, and K12 Inc. The Apple iPhone zero-click radio proximity vulnerability. Oblivious DoH (ODoH). Google Play Core Library problems. The mysterious power of Apple's M1 Arm processor chip. InitDisk release 2 published. SpinRite update. Amazon Sidewalk. We invite you to read our show notes at https://www.grc.com/sn/SN-796-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Wasabi.com offer code SECURITYNOW Melissa.com/twit itpro.tv/securitynow promo code SN30

Generic smart doorbells, Tesla Model X key fobs, critical Drupal flaw, Spotify. Chrome Omnibox becomes more Omni. Chrome's open tabs search. Ransomware news involving Delaware County, Canon, US Fertility, Ritzau, Baltimore County Public Schools, and Banijay group SAS. Drupal's security advisory titled "Drupal core - Critical - Arbitrary PHP code execution." The revenge of cheap smart doorbells. Tesla Key Fob Hack #3. CA's adapt to single-year certs. Nearly 50,000 Fortinet VPN credentials posted online. More than 300,000 Spotify accounts hacked. MobileIron MDM CVSS 9.8 RCE. The Salvation Trilogy. Spinrite update. DNS Consolidation. We invite you to read our show notes at https://www.grc.com/sn/SN-795-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow LastPass.com/twit WWT.COM/TWIT

Ongoing WordPress attack, RCS gets End-to-end encryption. Chrome moves to release 87. Explicit Publication of Privacy Practices. Firefox 83 gets HTTPS-only Mode. Mozilla seeks consultation on implementing DNS-over-HTTPS. The comical announcement strategy of the Egregor Ransomware. Large-scale attacks targeting Epsilon Framework Themes in WordPress. Cybercrime gang installs hidden e-commerce stores on WordPress sites. 245,000 Windows systems still vulnerable to BlueKeep RDP bug. Google's Rich Communication Services is getting E2EE via Signal. Cicada, a Chinese state-sponsored advanced persistent threat group. We invite you to read our show notes at https://www.grc.com/sn/SN-794-Notes.pdf Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: manscaped.com/twit extrahop.com/SECURITYNOW barracuda.com/securitynow

Malicious Android apps, ransomware-as-a-service. Where do most malicious Android apps come from? SAD DNS is a revival of the classic DNS cache poisoning attack How many Ransomware-as-a-Service (RaaS) operations are there? Ragnar Locker ransomware gang takes out a Facebook ad Two more new 0-days revealed in Chrome Last Tuesday, Microsoft fixed 112 known vulnerabilities in Microsoft products We invite you to read our show notes at https://www.grc.com/sn/SN-793-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT extrahop.com/SECURITYNOW WWT.COM/TWIT