Security Now

SN 808: CNAME Collusion - Seven Exchange 0-Days, Firefox Enhanced Tracking Protection, SolarWinds Password

Security Now - Tue, 03/02/2021 - 8:00pm

Seven Exchange 0-days, Firefox Enhanced Tracking Protection, SolarWinds Password.

  • Chrome to default to trying HTTPS first when not specified.
  • Firefox's "Enhanced Tracking Protection" just neutered 3rd-party cookies!
  • As easy as "SolarWinds123".
  • Rockwell Automation's CVE-2021-22681 is a CRITICAL 10 out of 10.
  • VMware's vCenter troubles.
  • SpinRite update.
  • Microsoft issues emergency patches for 4 exploited 0-days in Exchange.
  • CNAME Collusion.

We invite you to read our show notes at https://www.grc.com/sn/SN-808-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Categories: Security Now

SN 807: Dependency Confusion - SHAREit's Security Update, Solorigate, Brave's "Private Window With Tor"

Security Now - Tue, 02/23/2021 - 6:30pm

SHAREit's security update, Solorigate, Brave's "Private Window with Tor".

  • SHAREit Follow-up
  • This Week in Web Browser Tracking
  • Brave's "Private Window with Tor" was not so private
  • Tracking with eMail Beacons
  • Microsoft's final "Solorigate" update
  • "Good App goes Bad for Profit"
  • SpinRite: RS shows VERY obvious improvement after one pass of SR 6
  • Dependency Confusion

We invite you to read our show notes at https://www.grc.com/sn/SN-807-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Categories: Security Now

SN 806: C.O.M.B. - Florida Water Supply Hack Update, Major Patch Tuesday, Android SHAREit Vulnerability

Security Now - Tue, 02/16/2021 - 8:30pm

Florida water supply hack update, Major patch Tuesday, Android SHAREit vulnerability.

  • Pic of the week.
  • New info in the Oldsmar, Florida water supply attack.
  • Major Patch Tuesday update.
  • Adobe released critical updates to three versions each of its Acrobat and Reader.
  • Android SHAREit.
  • The Rise of The Web Shells.
  • This week's WordPress Mess: Responsive Menu plugin.
  • SpinRite drive discovery video.
  • What is C.O.M.B.?

We invite you to read our show notes at https://www.grc.com/sn/SN-806-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Categories: Security Now

SN 805: SCADA Scandal - Defender Thinks Chrome is Malware, Plex Media Servers in DDoS Attacks

Security Now - Tue, 02/09/2021 - 8:30pm

Defender thinks Chrome is malware, Plex Media Servers in DDoS attacks.

  • Picture of the Week.
  • Google has been busy with Chrome.
  • Google Chrome Heap Buffer Overflow Vulnerability Exploited.
  • A unique use of Chrome's "sync" feature for command & control and data exfiltration.
  • Defender thinks Chrome is Malware.
  • More Critical WordPress Plug-in Problems.
  • Plex Media servers SSDP protocol being used in DDoS attacks.
  • Three more NEW vulnerabilities discovered in SolarWinds' software.
  • Closing the Loop.
  • SpinRite: "Discovering System's Mass Storage Devices..."
  • SCADA Scandal: Hacker's attempts to adjust chemicals in Oldsmar water supply.

We invite you to read our show notes at https://www.grc.com/sn/SN-805-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Categories: Security Now