Ongoing WordPress attack, RCS gets End-to-end encryption. 
Chrome moves to release 87.
Explicit Publication of Privacy Practices.
Firefox 83 gets HTTPS-only Mode.
Mozilla seeks consultation on implementing DNS-over-HTTPS.
The comical announcement strategy of the Egregor Ransomware.
Large-scale attacks targeting Epsilon Framework Themes in WordPress.
Cybercrime gang installs hidden e-commerce stores on WordPress sites.
245,000 Windows systems still vulnerable to BlueKeep RDP bug.
Google's Rich Communication Services is getting E2EE via Signal.
Cicada, a Chinese state-sponsored advanced persistent threat group.
We invite you to read our show notes at https://www.grc.com/sn/SN-794-Notes.pdf 
Hosts: Steve Gibson and Jason Howell 
Download or subscribe to this show at https://twit.tv/shows/security-now. 
You can submit a question to Security Now! at the GRC Feedback Page. 
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
manscaped.com/twit
extrahop.com/SECURITYNOW
barracuda.com/securitynow


SN 794: Cicada - Ongoing WordPress Attack, RCS Gets End-to-End Encryption

Cybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week.

Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.

Technology

Tech News

Podcasting

Gadgets

Software How-To

 
What do you call "Stuxnet on steroids"?? 
Voyager 1 update 
Android 15 to quarantine apps 
Thunderbird & Microsoft Exchange 
China bans Western encrypted messaging apps 
Gentoo says "no" to AI 
Cars collecting diving data 
Freezing your credit 
Investopedia 
Computer Science Abstractions 
Lazy People vs. Secure Systems 
Actalis issues free S/MIME certificates 
PIN Encryption 
DRAM and GhostRace 
AT&T; Phishing Scam 
Race Conditions and Multi-core processors 
An Alternative to the Current Credit System 
SpinRite Updates 
Chat (out of) Control 
Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf 
Hosts: Steve Gibson and Leo Laporte 
Download or subscribe to this show at https://twit.tv/shows/security-now. 
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit 
You can submit a question to Security Now at the GRC Feedback Page. 
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
canary.tools/twit - use code: TWIT
lookout.com
kolide.com/securitynow
zscaler.com/zerotrustAI


SN 971: Chat (out of) Control - Fuxnet, Android Quarantine, Gentoo

 
An update on the AT&T; data breach 
340,000 social security numbers leaked 
Cookie Notice Compliance 
The GDPR does enforce some transparency 
Physical router buttons 
Wifi enabled button pressers 
Netsecfish disclosure of Dlink NAS vulnerability 
Chrome bloat 
SpinRite update 
GhostRace 
Show Notes - https://www.grc.com/sn/SN-970-Notes.pdf 
Hosts: Steve Gibson and Leo Laporte 
Download or subscribe to this show at https://twit.tv/shows/security-now. 
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit 
You can submit a question to Security Now at the GRC Feedback Page. 
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
kolide.com/securitynow
bitwarden.com/twit
vanta.com/SECURITYNOW
1bigthink.com


SN 970: GhostRace - AT&T Breach Update, Cookie Notices, Router Buttons

Out-of-support DLink NAS devices contain hard coded backdoor credentials 
Privnote is not so "Priv" 
Crowdfense is willing to pay millions 
Engineers Pinpoint Cause of Voyager 1 Issue, Are Working on Solution 
SpinRite Update 
Minimum Viable Secure Product 
Show Notes - https://www.grc.com/sn/SN-969-Notes.pdf 
Hosts: Steve Gibson and Leo Laporte 
Download or subscribe to this show at https://twit.tv/shows/security-now. 
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit 
You can submit a question to Security Now at the GRC Feedback Page. 
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
zscaler.com/zerotrustAI
business.eset.com/twit
lookout.com
joindeleteme.com/twit promo code TWIT


SN 969: Minimum Viable Secure Product - Dlink NAS Backdoor, Privnote, Crowdefense

 
A near-Universal (Local) Linux Elevation of Privilege vulnerability 
TechCrunch informed AT&T; of a 5 year old data breach 
Signal to get very useful cloud backups 
Telegram to allow restricted incoming 
HP exits Russia ahead of schedule 
Advertisers are heavier users of Ad Blockers than average Americans! 
The Google Incognito Mode Lawsuit 
Canonical fights malicious Ubuntu store apps 
Spinrite update 
A Cautionary Tale 
Show Notes - https://www.grc.com/sn/SN-968-Notes.pdf 
Hosts: Steve Gibson and Leo Laporte 
Download or subscribe to this show at https://twit.tv/shows/security-now. 
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit 
You can submit a question to Security Now at the GRC Feedback Page. 
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
1bigthink.com
kolide.com/securitynow
Melissa.com/twit
vanta.com/SECURITYNOW


SN 968: A Cautionary Tale - XZ Outbreak, AT&T Data Breach

 
Apple vs U.S. DOJ 
G.M.'s Unbelievably Horrible Driver Data Sharing Ends 
Super Sushi Samurai 
Apple has effectively abandoned HomeKit Secure Routers 
The forthcoming ".INTERNAL" TLD 
The United Nations vs AI. 
Telegram now blocked throughout Spain 
Vancouver Pwn2Own 2024 
China warns of incoming hacks 
Annual Tax Season Phishing Deluge 
SpinRite update 
Authentication without a phone 
Are Passkeys quantum safe? 
GoFetch: The Unpatchable vulnerability in Apple chips 
Show Notes - https://www.grc.com/sn/SN-967-Notes.pdf 
Hosts: Steve Gibson and Leo Laporte 
Download or subscribe to this show at https://twit.tv/shows/security-now. 
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit 
You can submit a question to Security Now at the GRC Feedback Page. 
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
zscaler.com/zerotrustAI
bitwarden.com/twit
canary.tools/twit - use code: TWIT
panoptica.app
kolide.com/securitynow


SN 794: Cicada - Ongoing WordPress Attack, RCS Gets End-to-End Encryption

Download our free app to listen on your phone