This week Steve and Leo discuss Symantec finding 40 past attacks explained by the Vault7 document leaks, an incremental improvement coming to CA certificate issuance, Microsoft patches a 0-day Office vulnerability that was being exploited in the wild, what's a "BricketBot"?, why you need a secure DNS registrar, This Week in IoT Tantrums, a head shaker from our "You really can't make this stuff up" department, the present danger of fake VPN services, an older edition of Windows reaches end-of-patch-life, some "closing the loop" feedback from our listeners, a bit of miscellany, and a comprehensive survey of privacy encroaching technologies and what can be done to limit their grasp.

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by CacheFly.