Top Security Stories this Week:• Google uses its "SensorVault" to help catch the bad guys.• Time to update Drupal again.• Facebook steals users' email contact lists, logs plaintext Instagram...

• DragonBlood: the first effective attack on the new WPA3 protocol• Malicious use of the URL tracking "ping" attribute• The WinRAR Nightmare• More 3rd-party A/V troubles with Microsoft• What good...

This Week's StoriesYet another capitulation in the (virtually lost) battle against tracking our behavior on the Internet with URL "ping" tracking.UK government's plan to legislate, police and...

Android Security, 10 Years LaterWinRAR, a 20+ Year Old Tool With 500M Users, Acknowledged VulnerabilityRussian GPS Hacking and What It Means For UsAndroid's April Fools Day PatchesTesla Autopilot...

Results of the much anticipated Mid-March Vancouver Pwn2Own competitionThe return of "Clippy", Microsoft's much-loathed dancing paperclipOperation "ShadowHammer" which reports say compromised ASUS...

Last week's Patch Tuesday March MadnessWin7 SHA256 Windows Update... UpdateMany attacks leveraging the recently discovered WinRAR vulnerabilityWhat happens when Apple, Google, and GoDaddy all drop...

0-day exploit bidding warNSA releases Ghidra v9Firefox's adds Tor privacyA pair of nasty 0-daysA worrisome breach at CitrixThe risk of claiming to be an unhackable aftermarket car alarmA new and...

The increasing feasibility of making a sustainable career out of hunting for software bugsA newly available improvement in Spectre mitigation performance and who can try it nowAdobe's ColdFusion...

A number of ongoing out-in-the-wild attacks Another early-warned Drupal vulnerability A 19-year old flaw in an obscure decompress for the "ACE" archive formatMicrosoft reveals an abuse of HTTP/2...

Last week's doozy of a patch Tuesday for both Microsoft and AdobeAn interesting twist coming to Windows 7 and Server 2008 security updates Eight mining apps pulled from the Windows StoreAnother...

Apple's most recent v12.1.4 iOS update and the two 0-day vulnerabilities it closedWorrisome new Android image-display vulnerabilityAn interesting "reverse RDP" attackThe new LibreOffice &...

Chrome gets "spell-check for URLs"Catch up on your Linux patch up!Performance enhancements for Chrome and FireFox.Facebook must really like being in the doghouse. The Japanese government takes on...

The expressive power of the social media friends we keepThe persistent DNS hijacking campaign which has the US Government quite concernedLast week's iOS and macOS updates (and doubtless another one...

Which is the right VPN client for Android, and which should you avoid at all costs?A very worrisome WiFi bug affecting billions of devicesHack a Tesla Model 3 at Pwn2OwnRussia's ongoing, failing...

The implications of the recent increase in bounty for the purchase of 0-day vulnerabilities. The intended and unintended consequences of last week's Windows Patch Tuesday.Speaking of unintended...

The NSA announces the forthcoming release of an internal powerful reverse-engineering tool for examining and understanding other people's code.Emergency out-of-cycle patches from both Adobe and...

The Best of Security Now from 2018!
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
You can submit a question to Security Now! at...

Rhode Island's response to Google's recent API flawSignal's response to Australia's anti-encryption legislationThe return of PewDiePieUS border agents retaining traveler's private dataThis Week in...

Australia's recently passed anti-encryption legislationDetails of a couple more mega-breaches including a bit of Marriott follow-upA welcome call for legislation from MicrosoftA new twist on online...

Another Lenovo SuperFish-style local security certificate screw upThe Marriott breach and several other new, large and high-profile secure breach incidentsThe inevitable evolution of exploitation...