Security Now

Subscribe to Security Now feed Security Now
Cybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.
Updated: 20 hours 16 min ago

SN 1022: The Windows Sandbox - Short-life Certs, Ransomware Payout Stats

Tue, 04/22/2025 - 11:07pm
  • Enabling Firefox's Tab Grouping.
  • Recalled Recall Re-Rolls out.
  • The crucial CVE program nearly died. It's been given new life.
  • China confesses to hacking the US (blames our stance on Taiwan).
  • CISA says what Oracle still refuses to.
  • Brute force attacks on the (rapid) rise.
  • An AI/ML Python package rates a 9.8 (again!)
  • The CA/Browser forum passed short-life certs. :(
  • A wonderful crosswalk hack hits Silicon Valley.
  • Android to add force restarting ahead of schedule. Maybe.
  • The EFF is never happy. But especially now, about Florida.
  • Interesting research into ransomware payouts.
  • Windows Sandbox: The amazing gem hidden inside all Windows 10 & 11!

Show Notesb - https://www.grc.com/sn/SN-1022-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

Categories: Security Now

SN 1021: Device Bound Session Credentials - Hotpatching in Win 11, Apple vs. UK

Tue, 04/15/2025 - 10:55pm
  • Android to get "Lockdown Mode".
  • What's in the new editions of Chrome and Firefox?
  • Why did Apple silently re-enable automatic updates?
  • My new iPhone 16, Chinese tariffs and electronics.
  • Dynamic "hotpatching" coming to Win11 Enterprise & Edu.
  • Why is it so difficult for Oracle to fess up?
  • Another multi-year breach inside US Treasury.
  • An Apple -vs- the UK update.
  • "Thundermail" (Can't someone come up with a better name?)
  • The (in)Security of Programmable Logic Controllers.
  • When LLM's write code and hallucinate non-existent packages.
  • Wordpress core security and PHP gets an important audit.
  • Device-Bound Session Credentials update session cookie technology

Show Notes - https://www.grc.com/sn/SN-1021-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

Categories: Security Now

SN 1020: Multi-Perspective Issuance Corroboration - IoT Done Right, France Phishes, Gmails E2EE

Tue, 04/08/2025 - 10:57pm
  • Canon printer driver vulnerabilities enable Windows kernel exploitation.
  • Astonishing cyber-security awareness from a household appliance manufacturer.
  • France tries to hook 2.5 million school children with a Phishing test.
  • Wordpress added an abuse prone feature in 2022. Guess what happened?
  • Oracle? Is there something you'd like to tell us?
  • Utah's governor just signed the App Store Accountability Act. Now what?
  • AI bots hungry for new data are DDoSing FOSS projects.
  • No Microsoft Account? No Microsoft Windows 11.
  • Gmail claims it now offers E2EE. It kinda sorta does. Somewhat.
  • A dreaded CVSS 10.0 was discovered in Apache Parquet.
  • A bunch of terrific listener feedback.
  • What's Multi-Perspective Issuance Corroboration and why must all certificate authorities now do it?

Show Notes - https://www.grc.com/sn/SN-1020-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

Categories: Security Now

SN 1019: EU OS - Troy Hunt Phished, Ransomware List, InControl

Tue, 04/01/2025 - 11:15pm
  • Kuala Lumpur International Airport says no to a ransom attack, switches to whiteboard.
  • A tired and jet-lagged Troy Hunt got Phished then listed himself on his own site.
  • Cloudflare completely pulls the plug on port 80 (HTTP) API access.
  • Malware is switching to obscure languages to avoid detection. FORTH, anyone?
  • Password reuse doesn't appear to be dropping. Cloudflare has numbers.
  • A listener shares his log of malicious Microsoft login attempts. Why no geofencing?
  • 23andMe down for the count (reminder).
  • A sobering Ransomware attack & victim listing website. Gulp!
  • "InControl" keeps VR planes aloft.
  • And the European Union gets serious about a switch to Linux

Show Notes - https://www.grc.com/sn/SN-1019-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

Categories: Security Now