Security Now!

SN 868: The 0-Day Explosion - Lenovo EUFI Firmware, Everscale Blockchain Wallet, Major Java Update

Hinzugefügt: 27. April 2022

Picture of the Week.
CISA's Known Exploited Vulnerabilities Catalog.
Lenovo UEFI Firmware Troubles.
Everscale Blockchain Wallet.
Java 15, 16, 17, and 18 received MUST UPDATES last week....

SN 867: A Critical Windows RPC RCE - Another Chrome 0-day, MS Patch-Fest, US Nuclear Systems Unhackable?

Hinzugefügt: 20. April 2022

Picture of the Week.
Chrome's 3rd 0-day of 2022.
Patch Tuesday Redux.
WordPress once again...
Apache Struts Framework needs a critical update.
Are America's nuclear systems so old they're...

SN 866: Spring4Shell - Patch Tuesday, Microsoft's Autopatch System, NGINX 0-Day

Hinzugefügt: 13. April 2022

Picture of the Week.
Could NGINX have a 0-day?
Microsoft's new Autopatch system.
Another instance of Russian Protest in JavaScript's repository.
End-of-service life for some popular Windows...

SN 865: Port Knocking - Wyze Gets Spanked, FinFisher Bites the Dust, Spring4Shell, LAPSUS$ Update

Hinzugefügt: 6. April 2022

Picture of the Week.
0-Day Watch.
Spring Forward (Java: Spring4Shell)
QNAP and the OpenSSL DoS vulnerability.
Sophos has a 9.8.
CISA orders federal civilian agencies to patch the Sophos...

SN 864: Targeted Exploitation - Ukrainian ISP Challenges, Kaspersky Labs Banned in the US, Chrome 0-Day

Hinzugefügt: 30. März 2022

Picture of the Week.
A high severity 0-day vulnerability update for Chrome.
An interview with the CTO of a large Ukraine ISP, Ukrtelecom.
NPM under attack, again.
Honda says, nothing to worry...

SN 863: Use After Free - OpenSSL Bug, Cybercrime Reporting Law, Node.js Supply Chain Compromise

Hinzugefügt: 23. März 2022

Picture of the Week.
Report Cybercrime: It's the Law.
A software supply chain compromise.
Browser in the Browser.
TrickBot, MicroTik & Microsoft.
The Infinite Loop OpenSSL Bug.
CISA Alert...

SN 862: QWACs on? or QWACs off? - Patch Tuesday Recap, NVIDIA Hacked, EUFI Firmware Flaw, ProtonMail

Hinzugefügt: 16. März 2022

Picture of the Week.
Patch Tuesday for the Industry.
Android, too.
Firefox emergency update.
HP's major UEFI firmware patch-fest.
The NVIDIA breach.
ProtonMail gets it right.
Linux Blues....

SN 861: Rogue Nation Cyber Consequences - Russia vs. Ukraine, Crypto, StarLink, Namecheap, Telegram

Hinzugefügt: 9. März 2022

Picture of the Week.
The Russians are coming.
Ukrainian "Cyber Unit Technologies" is paying for attacks on Russia.
StarLink in Ukraine.
Russia blocks access to Facebook, Twitter, foreign news...

SN 860: Trust Dies in Darkness - Samsung's TrustZone Keymaster Design, Daxin, Windows 11 compatibility

Hinzugefügt: 2. März 2022

Picture of the Week. 
Honor among thieves? 
Daxin. 
Whither or Wither: Log4j / Log4Shell. 
"418 I'm a teapot" 
Will the US attack? 
Windows 11 Compatibility. 
Closing the Loop. 
SpinRite...

SN 859: A BGP Routing Attack - UpdraftPlus, Xenomorph, Ukranian DDoS, The Bobiverse Trilogy

Hinzugefügt: 23. Februar 2022

Picture of the Week.
The "UpdraftPlus" WordPress Plug-In.
"Xenomorph"
Decrypting "The Hive"
Un-Pixelating redacted text.
No Internet For You!!
If at first you don't succeed...
Ukrainian DDoS...

SN 858: InControl - PHP Everywhere, Magento Emergency, Project Zero Stats, Goodbye WMIC, SeriousSAM

Hinzugefügt: 16. Februar 2022

Picture of the Week.
A high-severity 0-day in Chrome.
Apple updates against another 0-day.
CISA thinks this Apple vulnerability is quite serious.
Which brings us back to "SeriousSAM" as it's being...

SN 857: The Inept Panda - China Olympics, SAMBA CVS 9.9 Vulnerability, Microsoft Office 3rd Party Macros

Hinzugefügt: 9. Februar 2022 - Durchschnittliche Bewertung: 5

Picture of the Week.
China's Olympics: Leave your tech at home.
We have a serious CVS 9.9 remote code execution vulnerability in SAMBA.
Living off the Land.
The suspension of the ms-appinstaller://...

SN 856: The “Topics” API - PwnKit Tech Details, DrawnApart, Zerodium Bug Bounties, Log4Shell Hits Ubiquiti

Hinzugefügt: 2. Februar 2022 - Durchschnittliche Bewertung: 5

Picture of the Week.
Apple eliminates 0-days from iOS and macOS.
Qualys published technical details for PwnKit.
Log4Shell hits Ubiquiti.
New bug bounties posted by Zerodium.
"DrawnApart": A device...

SN 855: Inside the NetUSB Hack - Log4J Update, Cyber-Insurance and Ransomware, EU Bug Bounty Programs

Hinzugefügt: 26. Januar 2022 - Durchschnittliche Bewertung: 5

Picture of the Week.
Log4J News.
Who pays for RansomWare attack recovery?
The rising cost of cyber-insurance.
Another very dangerous WordPress add-on.
And a supply-chain attack on a popular...

SN 854: Anatomy of a Log4j Exploit - Buggy KCode, WordPress Security

Hinzugefügt: 19. Januar 2022

Picture of the Week
"Hack the Pentagon" with Log4j
Open Source Software Security Summit
Microsoft's January Patch Tuesday Review: The GOOD News
Microsoft's January Patch Tuesday Review: The Not So...

SN 853: URL Parsing Vulnerabilities - US CISA on Log4J, WordPress Security Update, What Is a Pluton

Hinzugefügt: 12. Januar 2022

Picture of the Week.
The US CISA Log4J status update.
The H2 Database Console vulnerability.
The Federal Trade Commission gets into the act!
Chrome fixed 37 known problems last week.
The...

SN 852: December 33rd - Log4j Update, RSA Postponed, Hack the DHS Expanded, Cyber Insurance Cost Rising

Hinzugefügt: 5. Januar 2022

Picture of the Week.
Log4j's 5th update.
Microsoft's Log4j scanner triggers false positives.
Chinese government is annoyed with Alibaba.
"Hack the DHS" Bug Bounty Expanded.
COVID postpones the RSA...

SN 851: Best of 2021 - The Year's Best Stories on Security Now

Hinzugefügt: 28. Dezember 2021

Leo Laporte walks through some of the highlights of the show and most impactful stories of 2021. Stories include:
SolarWinds Hack Detailed By Microsoft
Crispy Subtitles from Lay's
Remembering Dan...

SN 850: It's a Log4j Christmas - Another Chrome 0-Day, Cloud Clipboard Disabled, Wi-Fi/Bluetooth Leakage

Hinzugefügt: 22. Dezember 2021

Picture of the Week.
Google's 16th exploited Chrome 0-day of the year.
Firefox refuses to do Microsoft.com!
Firefox disabled Microsoft's Cloud Clipboard.
Weaknesses in all cellular networks since...

SN 849: Log4j & Log4Shell - Apple AirTag Abuse, Amazon Outage and Cloud Dependence, New WordPress Threats

Hinzugefügt: 15. Dezember 2021

Picture of the Week.
Amazon outage and cloud dependence.
AirTag Abuse.
Windows 11 vs Your Browser of Choice.
WordPress once again in the crosshairs.
Closing the Loop.
Sci-Fi.
SpinRite.
Log4j &...