logo
episode-header-image
Jun 2024
2h 3m

SN 980: The Mixed Blessing of Lousy PRNG...

TWiT
About this episode
  • Expected follow-up on CVE-2024-30078
  • From Russia with Love
  • An EU privacy agency complains about Google's Privacy Sandbox?
  • Email @ GRC
  • Security Now SPAM?
  • Orange Tsai needs help!
  • Recall and 3rd Party Leakage
  • Errata
  • The Mixed Blessing of a Crappy PRNG

Show Notes - https://www.grc.com/sn/SN-980-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Up next
Aug 5
SN 1037: Chinese Participation in MAPP - Why Signal is Leaving Australia
A follow-up to the SharePoint server patch mess. How Russia arranges to spy on other country's local embassies. "Dropbox Passwords" manager app is ending in October. Signal will leave Australia rather than help spy. YouTube deploys viewing history age-estimation heuristics. Chrom ... Show More
2h 47m
Jul 22
SN 1035: Cloudflare's 1.1.1.1 Outage - Bypassing Passkey Protections
Bypassing all passkey protections. The ransomware attacks just keep on coming. Cloudflare capitulates to the MPA and starts blocking. The need for online age verification is exploding. Microsoft really wants Exchange Servers to subscribe. Russia (further) clamps down on Internet ... Show More
2h 48m
May 27
SN 1027: Artificial Intelligence - The Status of Encrypted Client Hello
What the status of Encrypted Client Hello (ECH)? What radio technology would be best for remote inverter shutdown? Some DNS providers already block newly listed domains. Knowing when not to click a link can take true understanding. Why can losing a small portion of a power grid b ... Show More
2h 54m
Recommended Episodes
Jan 2025
Disrupting Cracked Cobalt Strike [The Microsoft Threat Intelligence Podcast]
While we are on our winter publishing break, please enjoy an episode of our N2K CyberWire network show, The Microsoft Threat Intelligence Podcast by Microsoft Threat Intelligence. See you in 2025! On this week's episode of The Microsoft Threat Intelligence Podcast, we discuss the ... Show More
38m 40s
Jul 2024
Squarespace's square off with hijacked domains.
Some Squarespace users see their domains hijacked. Kaspersky Lab is shutting down US operations. BackPack APKs break malware analysis tools. Hackers use 7zip files to deliver Poco RAT malware. CISA’s red-teaming reveals security failings at an unnamed federal agency. Microsoft fi ... Show More
36m 53s
Jan 2025
Massive malware cleanup.
The FBI deletes PlugX malware from thousands of U.S. computers. Researchers uncover vulnerabilities in Windows 11 allowing attackers to bypass protections and execute code at the kernel level. A look at (a busy) Patch Tuesday. Researchers uncovered six critical vulnerabilities in ... Show More
35m 35s
Aug 2024
Weeding out 'worms' for Window's users.
Microsoft urges users to patch a critical TCP/IP remote code execution vulnerability. Texas sues GM over the privacy of location and driving data. Google says Iran’s APT42 is responsible for recent phishing attacks targeting presidential campaigns. Doppelgänger struggles to susta ... Show More
33m 8s
Apr 2025
When fake fixes hide real attacks.
Adversary nations are using ClickFix in cyber espionage campaigns. Japan’s Financial Services Agency issues an urgent warning after hundreds of millions in unauthorized trades. The critical Erlang/OTP’s SSH vulnerability now has public exploits. A flawed rollout of a new Microsof ... Show More
31m 36s
May 5
Hardcoded credentials and hard lessons.
Researchers uncover serious vulnerabilities in the Signal fork reportedly used by top government officials. CISA adds a second Commvault flaw to its Known Exploited Vulnerabilities catalog. xAI exposed a private API key on GitHub for nearly two months. FortiGuard uncovers a cyber ... Show More
29m 46s
Jun 11
Ghost students “haunting” online colleges.
Patch Tuesday. Mozilla patches two critical FireFox security flaws. A critical flaw in Salesforce OmniStudio exposes sensitive customer data stored in plain text. The Badbox botnet continues to evolve. AI-powered “ghost students” enrolling in online college courses to steal gover ... Show More
37m 6s
Sep 2024
Derailing the Raptor Train botnet.
The US government disrupts China’s Raptor Train botnet. A phishing campaign abuses GitHub repositories to distribute malware.Ransomware group Vanilla Tempest targets U.S. healthcare providers.Hackers demand $6 million for stolen airport data. The FCC opens applications for a $200 ... Show More
38m 9s
May 23
Cybersecurity Threats and Breaches: Critical Updates and Insights
In this episode of Cybersecurity today, host Jim Love reports on various critical cyber threats and data breaches. A newly discovered flaw in Windows Server 2025 allows attackers to seize full domain control, referred to by researchers as the 'bad successor' exploit. Government m ... Show More
11m 24s
Feb 2025
Hacked in plain sight.
A major employee screening provider discloses a data breach affecting over 3.3 million people. Signal considers exiting Sweden over a proposed law that would give police access to encrypted messages. House Democrats call out DOGE’s negligent cybersecurity practices. Critical vuln ... Show More
30m 56s
Listen to millions of songs and podcasts on Anghami