Security Now!

SN 950: Leo Turns 67 - Fingerprint Security, Do-Not-Track

Hinzugefügt: 29. November 2023

Adobe Flash Player Updater is (still) desperately trying to update
Veracrypt password security
Firefox moves to 120 with a bunch of very nice new features
Do-Not-Track is back on track...

SN 949: Ethernet Turned 50 - Signal funding, X (Twitter) ad fallout, RCS for iPhone, TETRA review

Hinzugefügt: 22. November 2023

Privacy and Funding Challenges Facing Signal Messaging App
Loss of Advertisers for Twitter After Controversial Tweet by Elon Musk
Ransomware Group Files SEC Complaint Against Breached Company...

SN 948: What if a Bit Flipped? - Privacy Badger, Downfall, OpenVPN, Windshield Barnacle, Article 45

Hinzugefügt: 15. November 2023

Privacy Badger blocks trackers on news sites and prevents browser exposure to unwanted domains like TikTok and Datadog.
No major updates on EU's controversial Article 45 in eIDAS 2.0. Industry...

SN 947: Article 45 - Citrix Bleed update, Ace Hardware cyberattack, Bitwarden get Passkeys

Hinzugefügt: 8. November 2023

Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key
A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to...

SN 946: CitrixBleed - iMessage Cotact Key Verification, HackerOne bug bounty news, CISA's Logging Made Easy

Hinzugefügt: 1. November 2023

What caused last week's connection interruption? Router was rebooting intermittently, but why?
David Redekop of AdamNetworks explained their enterprise network security solution aims to only allow...

SN 945: The Power of Privilege - New cURL vulnerabilities, CVSS 10.0 Cisco Nightmare, So long VBScript!

Hinzugefügt: 25. Oktober 2023

How fake drives continue to be sold on Amazon despite negative reviews
Microsoft is discontinuing support for the VBScript language
The 30-year old NTLM authentication protocol will eventually be...

SN 944: Abusing HTTP/2 Rapid Reset - Passkeys, ValiDrive follow-up, 2FA apps, pre-release Spinrite

Hinzugefügt: 18. Oktober 2023

ValiDrive release follow-up
Passkeys exportability and phishing risk
Passkeys for device verification like SSH keys
Possibility of hobby browsers vs. production browsers
Availability of...

SN 943: The Top 10 Cybersecurity Misconfigurations - MACE Act Passed, Brave Layoffs, 23andMe Breached

Hinzugefügt: 11. Oktober 2023

Steve announces the release of his new freeware utility ValiDrive for detecting fake drive capacities.
23andMe claims a recent data breach exposed customer info due to credential stuffing attacks....

SN 942: Encrypting ClientHello - EXIM eMail Servers Exposed, Windows 11 Passkeys, Bing Chat Malware Risk

Hinzugefügt: 4. Oktober 2023

Exim email server ignored ZDI's responsible disclosure of critical remote code execution flaws for over a year, putting millions of servers at risk.
Malicious ads are appearing in Bing Chat...

SN 941: We told you so! - NSA hacked Huawei? MS big AI data blunder, ValiDrive update

Hinzugefügt: 27. September 2023

Apple has quietly removed support for Postscript in macOS Ventura over security concerns with the outdated interpreter language.
China has formally accused the NSA of hacking and maintaining...

SN 940: When Hashes Collide - Secure-wipe best practices, browser identity segregation, bye bye Twitter (X)

Hinzugefügt: 20. September 2023

Last week's news about evidence of LastPass vault decryption targeting cryptocurrency keys, and the UK's backing down on its encryption monitoring legislation.
How hardware security modules (HSMs)...

SN 939: LastMess - Online Safety Bill, Microsoft Outlook breach details, auto brand data privacy

Hinzugefügt: 13. September 2023

UK government appears to back down on demands to break encryption in Online Safety Bill
Microsoft reveals how China-based hackers acquired secret key used to breach Outlook accounts

SN 938: Apple Says No - Topics coming to Android, Apple security research, browser extension vulnerabilities

Hinzugefügt: 6. September 2023

Steve provides an update on ValiDrive, his new freeware utility for testing USB drives. It identifies bogus mass storage drives and performance differences between drives.
There has been another...

SN 937: The Man in the Middle - WinRAR v6.23, fake flash drives, Voyager2 antenna, Google Topics

Hinzugefügt: 30. August 2023

Picture of the Week: Steve shares a funny "what we say vs what we mean" image about tech support conversations.
WinRAR v6.23 fixes: Steve explains that updating to the latest WinRAR is more...

SN 936: When Heuristics Backfire - OpenSUSE, SanDisk and Western Digital, 8Base, TSSHOCK

Hinzugefügt: 23. August 2023

OpenSUSE goes private.
Android to get satellite comms.
SanDisk and Western Digital in hot water.
You're asking for it: YouTube children's privacy.
Whoopsie! 8Base.
Where the money is.

SN 935: "Topics" Arrives - Firefox multi-account containers, DuckDuckGo email alias, satellite crowding

Hinzugefügt: 16. August 2023

Picture of the Week.
Security Now!'s 18th birthday!
Closing the Loop.
Firefox Multi-Account Containers.
A question about Full Disk Encryption on SSD's.
Should I run SpinRite before I back up...

SN 934: Revisiting Global Privacy Control - Voyager 2, MS Security, keyboard acoustic side-channel attacks

Hinzugefügt: 9. August 2023

Picture of the Week.
NASA "shouted" at Voyager.
Another view of Microsoft.
What about this Chinese attack?
AI meets Keyboard Acoustic Side-Channel attacks.
Closing the Loop.
Revisiting Global...

SN 933: TETRA:BURST - Satellite Turla, Android tracker tech, VirusTotal 2023 report, open source in Russia

Hinzugefügt: 2. August 2023

Picture of the Week.
Satellite Turla: APT Command and Control in the Sky.
OS 17 to further crack down on device fingerprinting.
Android to start warning of "unknown trackers".
The 7th branch of...

SN 932: Satellite Insecurity, Part 2 - Apple vs EU, Cyber Resilience Act, Web Environment Integrity

Hinzugefügt: 26. Juli 2023

Picture of the Week.
R.I.P. Kevin Mitnick.
Apple says: "Thanks, but we'd rather leave."
Web Environment Integrity.
Web Analytics under the spotlight.
More progress on the IoT security front....

SN 931: Satellite Insecurity, Part 1 - Kaspersky on MS flaw, WormGPT, Bitcoin addresses, Twitter DM change

Hinzugefügt: 19. Juli 2023

Picture of the Week.
Kaspersky on Microsoft's Patch Tuesday.
As the worm turns: WormGPT.
Microsoft revokes 100+ malicious drivers.
MOVEit Update.
Does Dun & Bradstreet know you?
No Threads...