Security Now

Subscribe to Security Now feed Security Now
Cybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.
Updated: 6 hours 22 min ago

SN 1019: EU OS - Troy Hunt Phished, Ransomware List, InControl

Tue, 04/01/2025 - 11:15pm
  • Kuala Lumpur International Airport says no to a ransom attack, switches to whiteboard.
  • A tired and jet-lagged Troy Hunt got Phished then listed himself on his own site.
  • Cloudflare completely pulls the plug on port 80 (HTTP) API access.
  • Malware is switching to obscure languages to avoid detection. FORTH, anyone?
  • Password reuse doesn't appear to be dropping. Cloudflare has numbers.
  • A listener shares his log of malicious Microsoft login attempts. Why no geofencing?
  • 23andMe down for the count (reminder).
  • A sobering Ransomware attack & victim listing website. Gulp!
  • "InControl" keeps VR planes aloft.
  • And the European Union gets serious about a switch to Linux

Show Notes - https://www.grc.com/sn/SN-1019-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

Categories: Security Now

SN 1018: The Quantum Threat - ESP32 Backdoor Update, RCS E2EE

Tue, 03/25/2025 - 10:42pm
  • The dangers of doing things you don't understand.
  • Espressif responds to the claims of an ESP32 backdoor.
  • A widely leveraged mistake Microsoft stubbornly refuses to correct.
  • A disturbingly simple remote takeover of Apache Tomcat servers.
  • A 10/10 vulnerability affecting some ASUS, ASRock and HPE motherboards.
  • Google snapped up another cloud security firm but paid a price!
  • RCS messaging to soon get full end-to-end encryption (done right!).
  • How did an AI Crypto Chatbot lose $105,000? ...and what is an AI Crypto Chatbot?
  • Looks like Oracle may take stewardship of TikTok to keep it in-country.
  • Whoops! 23andMe is sinking — don't let them take your genetics with them!
  • The White House says "the cyber guys should stay!"
  • AI project failure rates are on the rise. Anyone surprised?
  • Listener feedback, and a very interesting update on just how looming is the threat from quantum computing?

Show Notes - https://www.grc.com/sn/SN-1018-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

Categories: Security Now

SN 1017: Is YOUR System Vulnerable to RowHammer? - Telegram's Crypto, Twitter Outage, FBI Warning

Tue, 03/18/2025 - 10:38pm
  • An analysis of Telegram Messenger's crypto.
  • A beautiful statement of the goal of modern crypto design.
  • Who was behind Twitter's recent outage trouble?
  • An embedded Firefox root certificate expired. Who was surprised?
  • AI-generated Github repos, voice cloning, Patch Tuesday and an Apple 0-day.
  • The FBI warns of another novel attack vector that's seeing a lot of action.
  • Google weighs in on the Age Verification controversy.
  • In a vacuum, Kazakhstan comes up with their own solution.
  • Was Google also served an order from the UK? Can they say?
  • A serious PHP vulnerability you need to know you don't have.
  • A bunch of great listener feedback, some Sci-Fi content reviews and...
  • A new tool allows YOU to test YOUR PCs for their RowHammer susceptibility

Show Notes - https://www.grc.com/sn/SN-1017-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

Categories: Security Now

SN 1016: The Bluetooth Backdoor - North Korean Texans, Apple Pushes Back

Tue, 03/11/2025 - 10:59pm
  • Utah passes age verification requirement for app stores.
  • The inside story on fake North Korean employees. Is that a Texas accent?
  • An update on the ongoing Bybit cryptoheist saga.
  • The industry may be making some changes in the wake of the Bybit attack.
  • Apple pushes back legally against the UK's secret order.
  • Did someone crack Passkeys?
  • The UK launches a legal salvo at an innocent security researcher.
  • The old data breach we witnessed that just keeps on giving.
  • A bit more Bybit postmortem forensic news.
  • A lesson to learn from a clever and effective ransomware attack.
  • And what about that Bluetooth Backdoor discovery everyone is talking about?

Show Notes - https://www.grc.com/sn/SN-1016-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

Categories: Security Now