 
Picture of the Week. 
Firefox 106 is out. 
Google's Open Source IoT KataOS and Sparrow. 
This Week in CryptoCurrency Craziness. 
New Windows 0-day bypasses executable security checks. 
Apple's 9th 0-day of the year bites the dust. 
The evolutionary demise of banking malware. 
VMWare's Critical CVSS 9.8 Update. 
Closing The Loop. 
Miscellany. 
Data Breach Responsibility. 
We invite you to read our show notes at https://www.grc.com/sn/SN-894-Notes.pdf 
Hosts: Steve Gibson and Leo Laporte 
Download or subscribe to this show at https://twit.tv/shows/security-now. 
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit 
You can submit a question to Security Now! at the GRC Feedback Page. 
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
drata.com/twit
Secureworks.com/twit
barracuda.com/securitynow


SN 894: Data Breach Responsibility - Firefox 106, KataOS and Sparrow, banking malware, CVSS 9.8 update

Cybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week.

Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.

Technology

Tech News

Podcasting

Gadgets

Software How-To

 
Picture of the Week. 
Most to least common 4-digit pins. 
Enhanced LORAN. 
Passkeys. 
Microsoft's Head in the Clouds. 
Show Notes - https://www.grc.com/sn/SN-974-Notes.pdf 
Hosts: Steve Gibson and Leo Laporte 
Download or subscribe to this show at https://twit.tv/shows/security-now. 
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit 
You can submit a question to Security Now at the GRC Feedback Page. 
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
1bigthink.com
zscaler.com/zerotrustAI
kolide.com/securitynow
joindeleteme.com/twit promo code TWIT


SN 974: Microsoft's Head in the Clouds - 4-Digit Pins, Long Range Navigation, Microsoft

 
The vulnerability of GPS 
Is the sky falling on all VPN systems? 
Multi-user Passkeys, YubiKeys? 
The iCloud Keychain 
The UK and Google's Topics 
Show Notes - https://www.grc.com/sn/SN-973-Notes.pdf 
Hosts: Steve Gibson and Leo Laporte 
Download or subscribe to this show at https://twit.tv/shows/security-now. 
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit 
You can submit a question to Security Now at the GRC Feedback Page. 
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
Melissa.com/twit
kolide.com/securitynow
lookout.com
bitwarden.com/twit


SN 973: Not So Fast - GPS Vulnerabilites, VPN Flaw

 
GCHQ: No more default passwords for consumer IoT devices! 
What happened with Chrome and 3rd-party cookies? 
Race conditions and multi-threading 
GM "accidentally" enrolled millions into "OnStar Smart Driver +" program 
Steve recommends Ryk Brown's "Frontiers Saga" 
SpinRite update 
Passkeys: A Shattered Dream? 
Show Notes - https://www.grc.com/sn/SN-972-Notes.pdf 
Hosts: Steve Gibson and Leo Laporte 
Download or subscribe to this show at https://twit.tv/shows/security-now. 
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit 
You can submit a question to Security Now at the GRC Feedback Page. 
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
business.eset.com/twit
vanta.com/SECURITYNOW
1bigthink.com
lookout.com


SN 972: Passkeys: A Shattered Dream? - IoT Default Passwords, Passkeys

 
What do you call "Stuxnet on steroids"?? 
Voyager 1 update 
Android 15 to quarantine apps 
Thunderbird & Microsoft Exchange 
China bans Western encrypted messaging apps 
Gentoo says "no" to AI 
Cars collecting diving data 
Freezing your credit 
Investopedia 
Computer Science Abstractions 
Lazy People vs. Secure Systems 
Actalis issues free S/MIME certificates 
PIN Encryption 
DRAM and GhostRace 
AT&T; Phishing Scam 
Race Conditions and Multi-core processors 
An Alternative to the Current Credit System 
SpinRite Updates 
Chat (out of) Control 
Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf 
Hosts: Steve Gibson and Leo Laporte 
Download or subscribe to this show at https://twit.tv/shows/security-now. 
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit 
You can submit a question to Security Now at the GRC Feedback Page. 
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
canary.tools/twit - use code: TWIT
lookout.com
kolide.com/securitynow
zscaler.com/zerotrustAI


SN 971: Chat (out of) Control - Fuxnet, Android Quarantine, Gentoo

 
An update on the AT&T; data breach 
340,000 social security numbers leaked 
Cookie Notice Compliance 
The GDPR does enforce some transparency 
Physical router buttons 
Wifi enabled button pressers 
Netsecfish disclosure of Dlink NAS vulnerability 
Chrome bloat 
SpinRite update 
GhostRace 
Show Notes - https://www.grc.com/sn/SN-970-Notes.pdf 
Hosts: Steve Gibson and Leo Laporte 
Download or subscribe to this show at https://twit.tv/shows/security-now. 
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit 
You can submit a question to Security Now at the GRC Feedback Page. 
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
kolide.com/securitynow
bitwarden.com/twit
vanta.com/SECURITYNOW
1bigthink.com


SN 894: Data Breach Responsibility - Firefox 106, KataOS and Sparrow, banking malware, CVSS 9.8 update

Download our free app to listen on your phone