Security Now

SN 794: Cicada - Ongoing WordPress Attack, RCS Gets End-to-End Encryption

Security Now - Tue, 11/24/2020 - 8:30pm

Ongoing WordPress attack, RCS gets End-to-end encryption.

  • Chrome moves to release 87.
  • Explicit Publication of Privacy Practices.
  • Firefox 83 gets HTTPS-only Mode.
  • Mozilla seeks consultation on implementing DNS-over-HTTPS.
  • The comical announcement strategy of the Egregor Ransomware.
  • Large-scale attacks targeting Epsilon Framework Themes in WordPress.
  • Cybercrime gang installs hidden e-commerce stores on WordPress sites.
  • 245,000 Windows systems still vulnerable to BlueKeep RDP bug.
  • Google's Rich Communication Services is getting E2EE via Signal.
  • Cicada, a Chinese state-sponsored advanced persistent threat group.

We invite you to read our show notes at https://www.grc.com/sn/SN-794-Notes.pdf

Hosts: Steve Gibson and Jason Howell

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Categories: Security Now

SN 793: SAD DNS - Malicious Android Apps, Ransomware-as-a-Service

Security Now - Tue, 11/17/2020 - 10:29pm

Malicious Android apps, ransomware-as-a-service.

  • Where do most malicious Android apps come from?
  • SAD DNS is a revival of the classic DNS cache poisoning attack
  • How many Ransomware-as-a-Service (RaaS) operations are there?
  • Ragnar Locker ransomware gang takes out a Facebook ad
  • Two more new 0-days revealed in Chrome
  • Last Tuesday, Microsoft fixed 112 known vulnerabilities in Microsoft products

We invite you to read our show notes at https://www.grc.com/sn/SN-793-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Categories: Security Now

SN 792: NAT Firewall Bypass - SlipStream NAT Firewall Bypass, MS Police Use Ring Doorbell Cams

Security Now - Tue, 11/10/2020 - 9:30pm

SlipStream NAT firewall bypass, MS Police use Ring doorbell cams.

  • Let's Encrypt's cross-signed root expires next year
  • Chrome updates on Windows, macOS, Linux, and Android to remove 0-day vulnerability
  • Mattel, Compel, Capcom, and Campari fall to ransomware attacks
  • iOS 14.2 fixes three 0-day vulnerabilities
  • Introducing the Tianfu Cup: China's version of the Pwn2Own hacker competition
  • November's Patch Tuesday
  • The Great Encryption Dilemma hits Europe
  • Ring Doorbells to be tapped in a trial by local Police
  • WordPress plugins are a hot mess for security
  • SlipStream NAT Firewall Bypass

We invite you to read our show notes at https://www.grc.com/sn/SN-792-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Categories: Security Now

SN 791: Google's Root Program - Google One VPN, WordPress Update Fail, Windows 7 0-Day

Security Now - Tue, 11/03/2020 - 9:00pm

Google One VPN, WordPress update fail, Windows 7 0-Day.

  • A new 0-day in Win7 through Win10
  • A public service reminder from Microsoft
  • Google One adding an Android VPN
  • Vulnonym: Stop the Naming Madness!
  • WordPress fumbles an important update
  • Chrome's Root Program

We invite you to read our show notes at https://www.grc.com/sn/SN-791-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Categories: Security Now