SN 947: Article 45 - Citrix Bleed update, Ace Hardware cyberattack, Bitwarden get Passkeys

Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key

A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix

Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable

Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity

CVSS version 4 released with new metrics for better granularity and clarity of vulnerability scores

Ace Hardware suffered a cyberattack impacting servers and systems

Google abandons controversial "Web DRM" proposal to let sites restrict browser extensions

Analysis of "BadCandy" malware infecting vulnerable Cisco routers

Bitwarden password manager adds support for FIDO2 passkeys in browser extension

Rescuing a severely degraded SSD and bringing it back to life with SpinRite

Feedback from listeners on IPv6 adoption, factors for choosing crypto primes, installing Windows 11, and more

The brewing battle in the EU over proposed eIDAS regulation Article 45 that could ban security checks on root certificates and undermine encrypted web traffic

Show Notes - https://www.grc.com/sn/SN-947-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

lookout.com

canary.tools/twit - use code: TWIT

Melissa.com/twit