Security Now (Audio)

Picture of the Week. Emergency mid-cycle update for Active Directory. Clearview AI -vs- {Illinois, Australia, Canada and the United Kingdom}. Clearview AI in Ukraine. Pwn2Own Vancouver 2022. The DoJ takes a welcome step back. Sometimes, unlocking can be too convenient. Closing The Loop. Dis-CONTI-nued: The End of Conti? We invite you to read our show notes at https://www.grc.com/sn/SN-872-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: barracuda.com/securitynow plextrac.com/twit NetFoundry.io/TWIT

Picture of the Week. An "eventful" Patch Tuesday. Patch Tuesday. Apple patched a 0-day. Google's "Open Source Maintenance Crew". Conti suggests overthrowing the new Costa Rican government. Policing the Google Play Store. The situation has grown more dire for F5 systems' BIG-IP boxes. Errata. Closing The Loop. SpinRite. The New EU Surveillance State. We invite you to read our show notes at https://www.grc.com/sn/SN-871-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT expressvpn.com/securitynow cloud.jumpcloud.com/securitynow

Picture of the Week.  Google updates Android to patch an actively exploited vulnerability.  Connecticut's recently passed data privacy bill became law last Wednesday.  Ransomware victim snapshot.  US State Department offering $10 million reward for information about Conti members.  The worst threat the US faces...  The White House and Quantum Computers.  The ongoing threat from predictable DNS queries.  F5 Networks Remote RCE warning and exploitation.  Closing The Loop.  Sci-Fi.  That "Passkeys" Thing. We invite you to read our show notes at https://www.grc.com/sn/SN-870-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: zentrysecurity.com/twit kolide.com/securitynow privacy.com/securitynow

Picture of the Week. DoD DIB-VDP Pilot Overview. The OpenSSF and the Package Analysis project. Connecticut moves toward state privacy protections. Closing The Loop. Global Privacy Control. We invite you to read our show notes at https://www.grc.com/sn/SN-869-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: plextrac.com/twit bitwarden.com/twit itpro.tv/securitynow promo code SN30

Picture of the Week. CISA's Known Exploited Vulnerabilities Catalog. Lenovo UEFI Firmware Troubles. Everscale Blockchain Wallet. Java 15, 16, 17, and 18 received MUST UPDATES last week. Closing The Loop. Sci-Fi. SpinRite. The 0-Day Explosion. We invite you to read our show notes at https://www.grc.com/sn/SN-868-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: NetFoundry.io/TWIT barracuda.com/securitynow grammarly.com/twit

Picture of the Week. Chrome's 3rd 0-day of 2022. Patch Tuesday Redux. WordPress once again... Apache Struts Framework needs a critical update. Are America's nuclear systems so old they're un-hackable? Closing The Loop. SpinRite. A Critical Windows RPC RCE. We invite you to read our show notes at https://www.grc.com/sn/SN-867-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: cloud.jumpcloud.com/securitynow canary.tools/twit - use code: TWIT zentrysecurity.com/twit

Picture of the Week. Could NGINX have a 0-day? Microsoft's new Autopatch system. Another instance of Russian Protest in JavaScript's repository. End-of-service life for some popular Windows editions. Miscellany. Closing The Loop. Spring4Shell. We invite you to read our show notes at https://www.grc.com/sn/SN-866-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow plextrac.com/twit ZipRecruiter.com/securitynow

Picture of the Week. 0-Day Watch. Spring Forward (Java: Spring4Shell) QNAP and the OpenSSL DoS vulnerability. Sophos has a 9.8. CISA orders federal civilian agencies to patch the Sophos vulnerability. Browser-in-the-browser. The supply-chain attacks on NPM have been growing. FinFisher bites the dust. A LAPSUS$ in judgment. Not so Wyze. Closing The Loop. Port Knocking. We invite you to read our show notes at https://www.grc.com/sn/SN-865-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit itpro.tv/securitynow promo code SN30 kolide.com/securitynow

Picture of the Week. A high severity 0-day vulnerability update for Chrome. An interview with the CTO of a large Ukraine ISP, Ukrtelecom. NPM under attack, again. Honda says, nothing to worry about... The U.S., the FCC, Kaspersky Labs and Chinese Telecoms. Closing The Loop. Targeted Exploitation. We invite you to read our show notes at https://www.grc.com/sn/SN-864-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: grammarly.com/securitynow NetFoundry.io/TWIT wwt.com/twit

Picture of the Week. Report Cybercrime: It's the Law. A software supply chain compromise. Browser in the Browser. TrickBot, MicroTik & Microsoft. The Infinite Loop OpenSSL Bug. CISA Alert AA22-074A. The Windows Local Privilege Escalation that Microsoft seems unable to fix. Use After Free. We invite you to read our show notes at https://www.grc.com/sn/SN-863-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: barracuda.com/securitynow Melissa.com/twit plextrac.com/twit