logo
episode-header-image
Mar 2024
2h 23m

SN 965: Passkeys vs. 2FA - Unhelpful CER...

TWiT
About this episode
  • VMware needs immediate patching
  • Midnight Blizzard still on the offensive
  • China is quietly "de-American'ing" their networks
  • Signal Version 7.0, now in beta
  • Meta, WhatsApp, and Messenger -meets- the EU's DMA
  • The Change Healthcare cyberattack
  • SpinRite update
  • Telegram's end-to-end encryption
  • KepassXC now supports passkeys
  • Login accelerators
  • Sites start rejecting @duck.com emails
  • Tool to detect chrome extensions change owners
  • Sortest SN title
  • Passkeys vs 2FA

Show Notes - https://www.grc.com/sn/SN-965-Notes.pdf

Hosts: Steve Gibson and Mikah Sargent

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Up next
Yesterday
SN 1040: Clickjacking "Whac-A-Mole" - Inside the Password Manager Clickjacking Frenzy and What It Means
Alarm bells are ringing over a supposed browser zero-day, but is the threat as bad as it sounds? Steve reveals why "clickjacking" might be more whac-a-mole than breaking news, and what that really means for your passwords. • Germany may soon outlaw ad blockers • What's happening ... Show More
2h 51m
Aug 19
SN 1039: The Sad Case of ScriptCase - Data Brokers Dodge Deletion
What AI website summaries mean for Internet economics. Time to urgently update Plex Servers (again). Allianz Life stolen data gets leaked. Chrome test Incognito-mode fingerprint script blocking. Chrome 140 additions coming in 2 weeks. Data brokers hide opt-out pages from search e ... Show More
2h 51m
Aug 12
SN 1038: Perplexity's Duplicity - Malicious Repository Libraries
CISA's Emergency Directive to ALL Federal agencies re: SharePoint. NVIDIA firmly says "no" to any embedded chip gimmicks. Dashlane is terminating its (totally unusable) free tier. Malicious repository libraries are becoming even more hostile. The best web filter (uBlock Origin) c ... Show More
3h 3m
Recommended Episodes
Jun 4
Emergency Patches, Ransomware Exposes, and Rising QR Code Scams
In this episode of Cybersecurity Today, host Jim Love discusses the latest urgent security updates and cyber threats. Google has released an emergency Chrome patch to fix a high-severity zero-day vulnerability, while Microsoft issued an emergency patch to resolve Windows 11 boot ... Show More
10m 51s
Jan 2025
A new Mirai-based botnet.
Researchers ID a new Mirai-based botnet. Android devices get their first round of updates for the new year. Criminals exploit legitimate Apple and Google services in sophisticated voice phishing attacks. Japan attributes over 200 cyberattacks to the Chinese hacking group MirrorFa ... Show More
32m 9s
Jan 2025
Sneaky 2FA Attacks Microsoft 365 Users Breaking Two Factor Authentication (2FA): Cyber Security Today Monday January 20, 2025
Cybersecurity Today: Sneaky 2FA Phishing Attack & AI-Powered Scams In this episode of Cybersecurity Today, host Jim Love explores the emergence of Sneaky 2FA, a new phishing-as-a-service attack that compromises two-factor authentication for Microsoft 365 users. The episode also c ... Show More
5m 57s
Feb 2025
Final Draft Malware Attacks Using Outlook: Cyber Security Today for Tuesday, February 18th, 2025
Critical PostgreSQL Bug Exploited in Treasury Hack & New Threats Unveiled - Cybersecurity Today In today's episode of Cybersecurity Today, hosted by Jim Love, we delve into major cybersecurity events, including a crucial PostgreSQL vulnerability exploited in the U.S. Treasury hac ... Show More
8m 11s
Jan 2025
China’s shadow over U.S. telecom networks.
New reports shed light on both Volt and Salt Typhoons. Tenable updates faulty Nessus Agents and resumes plugin updates. A new infostealer campaign targets gamers on Discord. A fake version of a popular browser extension has been discovered stealing login credentials and conductin ... Show More
32m 41s
Feb 2021
SLP252 NVK Bitcoin Hardware Wallets vs Air Gapped Computers
NVK, CEO of CoinKite joins me on the show to talk about hardware wallets, air gapped computers and all kinds of useful security questions. This episode will help you learn about the kinds of attacks possible against air gapped computers and hardware wallets, as well as bring some ... Show More
1h 2m
Jan 2025
When retaliation turns digital.
New details emerge about Chinese hackers breaching the US Treasury Department. The Supreme Court considers the TikTok ban. Chinese hackers exploit a zero-day flaw in Ivanti Connect Secure VPN. A new credit card skimmer malware targets WordPress checkout pages. The Banshee macOS i ... Show More
33m 29s
Aug 8
Cybersecurity Alerts: Black Hat Exposes AI and Firmware Vulnerabilities
In this episode, host Jim Love thanks listeners for their support of his book 'Elisa, A Tale of Quantum Kisses,' which is available for 99 cents on Kindle. The show then dives into pressing cybersecurity issues discussed at Black Hat USA, including vulnerabilities in AI assistant ... Show More
11m 54s
Listen to millions of songs and podcasts on Anghami