Security Now!

SN 815: Homogeneity Attacks - Is FLoC All That Bad?, Humble Bundle For Programmers, Chrome 90

Dodany: 21 kwietnia 2021

Club TWiT details.
Picture of the Week.
The Vivaldi Project's take on FLoC.
Chrome continues to be THE high-value target.
We're at Chrome v90.
Exchange Server Web Shells removed, with DOJ...

SN 814: PwnIt And OwnIt - Why Port 10080 is Blocked, FLoC Rollout, PHP GIT Hack Revisited, CISCO Router Problems

Dodany: 14 kwietnia 2021

Picture of the week.
The Slips keep Streaming.
Are You FLoC'ed?
The PHP GIT Hack, revisited.
CISCO abandons old routers having problems.
Failure to Patch.
PwnIt And OwnIt.
We invite you to read our...

SN 813: A Spy in Our Pocket - Ubiquity Coverup, Facebook Data Dump, Malicious Call of Duty Cheats

Dodany: 7 kwietnia 2021

Ubiquity coverup, Facebook data dump, malicious Call of Duty cheats.
The Ubiquiti Coverup.
Facebook's 533,313,128 Million User Whoopsie!
Don't mess with our water!
Android moves to limit inter-app...

SN 812: GIT Me Some PHP - Spectre Returns to Linux, API Security, OpenSSL Flaws, SolarWinds

Dodany: 31 marca 2021

Spectre returns to Linux, API Security, OpenSSL flaws, SolarWinds.
Picture of the week.
ProxyLogon Update.
Spectre returns to Linux.
OpenSSL fixes several high-severity flaws.
SolarWinds keeps...

SN 811: What the FLoC? - Automatic Fix for Exchange Server Flaw, Firefox 87 Features, MyBB Patch

Dodany: 24 marca 2021

Automatic fix for Exchange Server flaw, Firefox 87 features, MyBB patch.
Dave's Garage on YouTube.
The latest update on the ProxyLogon fiasco is from Microsoft.
Black Kingdom Ransomware.

SN 810: ProxyLogon - New Chrome 0-Day, Patch Tuesday Redux, Spectre Comes to Chrome

Dodany: 17 marca 2021

New Chrome 0-Day, Patch Tuesday Redux, Spectre Comes to Chrome.
Chrome closes another 0-day.
This v89 of Chrome also lost some weight.
Spectre comes to Chrome!
Prime+Probe: A new browser tracking...

SN 809: Hafnium - Dependency Confusion, Intel Side Channel Attacks, Crispy Subtitles From Lay's

Dodany: 10 marca 2021

Dependency confusion, Intel Side Channel Attacks, Crispy Subtitles from Lay's.
Picture of the week.
47 fixes in Chrome 89.0.4389.72.
Crispy Subtitles from Lay's.
Google funds Linux kernel security...

SN 808: CNAME Collusion - Seven Exchange 0-Days, Firefox Enhanced Tracking Protection, SolarWinds Password

Dodany: 3 marca 2021

Seven Exchange 0-days, Firefox Enhanced Tracking Protection, SolarWinds Password.
Chrome to default to trying HTTPS first when not specified.
Firefox's "Enhanced Tracking Protection" just neutered...

SN 807: Dependency Confusion - SHAREit's Security Update, Solorigate, Brave's "Private Window With Tor"

Dodany: 24 lutego 2021

SHAREit's security update, Solorigate, Brave's "Private Window with Tor".
SHAREit Follow-up
This Week in Web Browser Tracking
Brave's "Private Window with Tor" was not so private
Tracking with...

SN 806: C.O.M.B. - Florida Water Supply Hack Update, Major Patch Tuesday, Android SHAREit Vulnerability

Dodany: 17 lutego 2021

Florida water supply hack update, Major patch Tuesday, Android SHAREit vulnerability.
Pic of the week.
New info in the Oldsmar, Florida water supply attack.
Major Patch Tuesday update.

SN 805: SCADA Scandal - Defender Thinks Chrome is Malware, Plex Media Servers in DDoS Attacks

Dodany: 10 lutego 2021

Defender thinks Chrome is malware, Plex Media Servers in DDoS attacks.
Picture of the Week.
Google has been busy with Chrome.
Google Chrome Heap Buffer Overflow Vulnerability Exploited.
A unique...

SN 804: NAT Slipstreaming 2.0 - SUDO Was Pseudo Secure, BigNox Supply-Chain Attack, iMessage in a Sandbox

Dodany: 3 lutego 2021

SUDO was pseudo secure, BigNox supply-chain attack, iMessage in a sandbox.
Picture of the Week.
Chrome rescinding another CA's root cert.
An urgent update to the recently released GnuPG.

SN 803: Comparative Smartphone Security - Browser Password Managers, Adobe Flash Repercussions, SolarWinds

Dodany: 27 stycznia 2021

Browser password managers, Adobe Flash repercussions, SolarWinds.
Chrome and Edge have beefed-up their built-in password managers.
The random repercussions associated with the end of Adobe...

SN 802: Where the Plaintext Is - 2021's First Patch Tuesday, Titan Security Key Side-Channel Attack, WhatsApp

Dodany: 20 stycznia 2021

2021's first Patch Tuesday, Titan Security Key side-channel attack, WhatsApp.
When is Chrome not Chromium?
A major DuckDuckGo milestone.
Project Zero in the wild.
First Patch Tuesday of...

SN 801: Out With The Old - SolarWinds Smoking Gun, Signal Influx of WhatsApp Users, Male Chastity Cage

Dodany: 13 stycznia 2021

SolarWinds smoking gun, Signal influx of WhatsApp users, male chastity cage.
Firefox and Chromium updates address remote system take over bugs.
Tenable researchers reported a critical Chromium...

SN 800: SolarBlizzard - SolarWinds' Orion Software, Swatting Goes IoT, PHP Zend Framework Vulnerability

Dodany: 6 stycznia 2021

SolarWinds' Orion software, swatting goes IoT, PHP Zend Framework vulnerability.
Chrome struggles with A/V pre-scan file locking.
Zyxel security products protected by a single redundant...

SN 799: Sunburst & Supernova - Ransomware Task Force, Chrome 87, Firefox Caches, Preserving Flash Video

Dodany: 30 grudnia 2020

Ransomware Task Force, Chrome 87, Firefox caches, preserving Flash video.
Chrome 87 backs away from Insecure Form Warnings.
Firefox to begin partitioning its caches.
Browsers say no to Kazakhstan...

SN 798: Best of 2020 - The Year's Best Stories on Security Now

Dodany: 22 grudnia 2020

Leo Laporte walks through some of the highlights of the show and most impactful stories of 2020. Stories include:
Clearview AI face scanning.
The "EARN IT" act.
Zoom security issues.
Why contact...

SN 797: SolarWinds - Chrome Throttling Ads, Google Outage, 2020 Pwnie Awards, JavaScript's 25th Birthday

Dodany: 16 grudnia 2020

Chrome throttling ads, Google outage, 2020 Pwnie Awards, JavaScript's 25th birthday.
Chrome's heavy ad intervention.
Ransomware: "Double Extortion."
A 0-click wormable vulnerability in...

SN 796: Amazon Sidewalk - Google Play Core Library, iOS Zero-Click Radio Proximity Exploit, Apple M1 Chip

Dodany: 9 grudnia 2020

Google Play Core Library, iOS zero-click radio proximity exploit, Apple M1 chip.
Ransomware news regarding Foxconn, Egregor, and K12 Inc.
The Apple iPhone zero-click radio proximity...