logo
episode-header-image
Mar 2024
2h 23m

SN 965: Passkeys vs. 2FA - Unhelpful CER...

TWiT
About this episode
  • VMware needs immediate patching
  • Midnight Blizzard still on the offensive
  • China is quietly "de-American'ing" their networks
  • Signal Version 7.0, now in beta
  • Meta, WhatsApp, and Messenger -meets- the EU's DMA
  • The Change Healthcare cyberattack
  • SpinRite update
  • Telegram's end-to-end encryption
  • KepassXC now supports passkeys
  • Login accelerators
  • Sites start rejecting @duck.com emails
  • Tool to detect chrome extensions change owners
  • Sortest SN title
  • Passkeys vs 2FA

Show Notes - https://www.grc.com/sn/SN-965-Notes.pdf

Hosts: Steve Gibson and Mikah Sargent

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Up next
May 7
SN 1024: Don't Blame Signal - The Real Story Behind the TM SGNL Breach
Microsoft to officially abandon passwords and support their deletion. Meta's RayBan smart glasses weaken their privacy terms. 30% of Microsoft code is now being written by AI. Google says prying Chrome from it will damage its security. Nearly 1,000 six-year-old eCommerce backdoor ... Show More
2h 46m
Apr 30
SN 1023: Preventing Windows Sandbox Abuse - Microsoft Says "Don't Delete This Folder"
Why did a mysterious empty "inetpub" directory appear after April's Patch Tuesday? And what new Windows Update crashing hack did this also create? North Korea is now creating fake US companies to lure would-be employees. The "Inception" attack subverts all GPT conversational AIs. ... Show More
2h 44m
Apr 23
SN 1022: The Windows Sandbox - Short-life Certs, Ransomware Payout Stats
Enabling Firefox's Tab Grouping. Recalled Recall Re-Rolls out. The crucial CVE program nearly died. It's been given new life. China confesses to hacking the US (blames our stance on Taiwan). CISA says what Oracle still refuses to. Brute force attacks on the (rapid) rise. An AI/ML ... Show More
2h 53m
Recommended Episodes
Jun 4
Emergency Patches, Ransomware Exposes, and Rising QR Code Scams
In this episode of Cybersecurity Today, host Jim Love discusses the latest urgent security updates and cyber threats. Google has released an emergency Chrome patch to fix a high-severity zero-day vulnerability, while Microsoft issued an emergency patch to resolve Windows 11 boot ... Show More
10m 51s
Jan 2025
A new Mirai-based botnet.
Researchers ID a new Mirai-based botnet. Android devices get their first round of updates for the new year. Criminals exploit legitimate Apple and Google services in sophisticated voice phishing attacks. Japan attributes over 200 cyberattacks to the Chinese hacking group MirrorFa ... Show More
32m 9s
Jan 2025
Sneaky 2FA Attacks Microsoft 365 Users Breaking Two Factor Authentication (2FA): Cyber Security Today Monday January 20, 2025
Cybersecurity Today: Sneaky 2FA Phishing Attack & AI-Powered Scams In this episode of Cybersecurity Today, host Jim Love explores the emergence of Sneaky 2FA, a new phishing-as-a-service attack that compromises two-factor authentication for Microsoft 365 users. The episode also c ... Show More
5m 57s
Feb 2025
Final Draft Malware Attacks Using Outlook: Cyber Security Today for Tuesday, February 18th, 2025
Critical PostgreSQL Bug Exploited in Treasury Hack & New Threats Unveiled - Cybersecurity Today In today's episode of Cybersecurity Today, hosted by Jim Love, we delve into major cybersecurity events, including a crucial PostgreSQL vulnerability exploited in the U.S. Treasury hac ... Show More
8m 11s
Jan 2025
China’s shadow over U.S. telecom networks.
New reports shed light on both Volt and Salt Typhoons. Tenable updates faulty Nessus Agents and resumes plugin updates. A new infostealer campaign targets gamers on Discord. A fake version of a popular browser extension has been discovered stealing login credentials and conductin ... Show More
32m 41s
Feb 2021
SLP252 NVK Bitcoin Hardware Wallets vs Air Gapped Computers
NVK, CEO of CoinKite joins me on the show to talk about hardware wallets, air gapped computers and all kinds of useful security questions. This episode will help you learn about the kinds of attacks possible against air gapped computers and hardware wallets, as well as bring some ... Show More
1h 2m
Jan 2025
When retaliation turns digital.
New details emerge about Chinese hackers breaching the US Treasury Department. The Supreme Court considers the TikTok ban. Chinese hackers exploit a zero-day flaw in Ivanti Connect Secure VPN. A new credit card skimmer malware targets WordPress checkout pages. The Banshee macOS i ... Show More
33m 29s
Listen to millions of songs and podcasts on Anghami