• A number of ongoing out-in-the-wild attacks
• Another early-warned Drupal vulnerability
• A 19-year old flaw in an obscure decompress for the "ACE" archive format
• Microsoft reveals an abuse of HTTP/2 protocol which is DoSing its IIS servers.
• Mozilla faces a dilemma about a wanna-be Certificate Authority and they also send a worried letter to Australia.
• Microsoft's Edge browser is revealed to be secretly whitelisting 58 web domains which are allowed to bypass its "Click-To-Run" permission for Flash.
• ICANN renews its plea for the Internet to adopt DNSSEC.
• NVIDIA releases a handful of critical driver updates for Windows.
• Apple increases the intelligence of it's Intelligent Tracking Prevention.

We invite you to read our show notes at https://www.grc.com/sn/SN-703-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• thehelm.com/SECURITYNOW
• expressvpn.com/securitynow
• Atlassian.com/IT