Security Now
SN 794: Cicada - Ongoing WordPress Attack, RCS Gets End-to-End Encryption
Ongoing WordPress attack, RCS gets End-to-end encryption.
- Chrome moves to release 87.
- Explicit Publication of Privacy Practices.
- Firefox 83 gets HTTPS-only Mode.
- Mozilla seeks consultation on implementing DNS-over-HTTPS.
- The comical announcement strategy of the Egregor Ransomware.
- Large-scale attacks targeting Epsilon Framework Themes in WordPress.
- Cybercrime gang installs hidden e-commerce stores on WordPress sites.
- 245,000 Windows systems still vulnerable to BlueKeep RDP bug.
- Google's Rich Communication Services is getting E2EE via Signal.
- Cicada, a Chinese state-sponsored advanced persistent threat group.
We invite you to read our show notes at https://www.grc.com/sn/SN-794-Notes.pdf
Hosts: Steve Gibson and Jason Howell
Download or subscribe to this show at https://twit.tv/shows/security-now.
You can submit a question to Security Now! at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
SN 793: SAD DNS - Malicious Android Apps, Ransomware-as-a-Service
Malicious Android apps, ransomware-as-a-service.
- Where do most malicious Android apps come from?
- SAD DNS is a revival of the classic DNS cache poisoning attack
- How many Ransomware-as-a-Service (RaaS) operations are there?
- Ragnar Locker ransomware gang takes out a Facebook ad
- Two more new 0-days revealed in Chrome
- Last Tuesday, Microsoft fixed 112 known vulnerabilities in Microsoft products
We invite you to read our show notes at https://www.grc.com/sn/SN-793-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
You can submit a question to Security Now! at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
SN 792: NAT Firewall Bypass - SlipStream NAT Firewall Bypass, MS Police Use Ring Doorbell Cams
SlipStream NAT firewall bypass, MS Police use Ring doorbell cams.
- Let's Encrypt's cross-signed root expires next year
- Chrome updates on Windows, macOS, Linux, and Android to remove 0-day vulnerability
- Mattel, Compel, Capcom, and Campari fall to ransomware attacks
- iOS 14.2 fixes three 0-day vulnerabilities
- Introducing the Tianfu Cup: China's version of the Pwn2Own hacker competition
- November's Patch Tuesday
- The Great Encryption Dilemma hits Europe
- Ring Doorbells to be tapped in a trial by local Police
- WordPress plugins are a hot mess for security
- SlipStream NAT Firewall Bypass
We invite you to read our show notes at https://www.grc.com/sn/SN-792-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
You can submit a question to Security Now! at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
SN 791: Google's Root Program - Google One VPN, WordPress Update Fail, Windows 7 0-Day
Google One VPN, WordPress update fail, Windows 7 0-Day.
- A new 0-day in Win7 through Win10
- A public service reminder from Microsoft
- Google One adding an Android VPN
- Vulnonym: Stop the Naming Madness!
- WordPress fumbles an important update
- Chrome's Root Program
We invite you to read our show notes at https://www.grc.com/sn/SN-791-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
You can submit a question to Security Now! at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors: