logo
episode-header-image
Sep 2024
2h 23m

SN 992: Password Manager Injection Attac...

TWiT
About this episode
  • Windows Endpoint Security Ecosystem Summit
  • Aging storage media does NOT last forever
  • How Navy chiefs conspired to get themselves illegal warship Wi-Fi
  • adam:ONE named the #1 best Secure Access Service Edge (SASE) solution
  • AI Talk
  • Password Manager Injection Attacks

Show Notes - https://www.grc.com/sn/SN-992-Notes.pdf

Hosts: Steve Gibson and Mikah Sargent

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Up next
Oct 7
SN 1046: Google's Developer Registration Decree - The End of Free Android Apps?
Google's new demand for developer registration could spell the end for open-source app stores, while Europe's controversial chat control vote threatens privacy for everyone—Steve and Leo break down what's at stake for devs and users alike. Qantas says no one can releak their stol ... Show More
2h 31m
Sep 30
SN 1045: News and Listener Views - 2.3 Million Cisco Devices Exposed
Cisco's routers just exposed more than two million networks thanks to a "security optional" SNMP setup that's being actively exploited—Steve and Leo break down why this is a worst-case scenario for the industry and how easily it could have been avoided. Gmail's spam filtering fal ... Show More
2h 49m
Sep 23
SN 1044: The EU's Online Age Verification - Consumer Reports vs. Microsoft
Consumer Reports on Windows 10 updates. Waste (not fraud or abuse) within DoD Cyberoperations. China's DeepSeek produces deliberately flawed code. WebAssembly v3.0 officially released. Firefox v143 updates and new features. Firefox for Android now offers DoH. A nearly terminal fl ... Show More
3h 1m
Recommended Episodes
Oct 2024
Balancing Security with Usability in Cybersecurity
In this episode of Threat Vector, host David Moulton talks with guest speaker Brian Wrozek, Forrester Principal Analyst in Security & Risk, about the complexities of aligning security strategies across global teams. Brian draws on his extensive experience in cybersecurity, operat ... Show More
41m 41s
Aug 15
Media server mayday.
Plex urges users to immediately update their Media Server due to an undisclosed security flaw. Cisco warns of a critical remote code execution flaw in their Secure Firewall Management Center software.Rockwell Automation discloses multiple critical and high-severity flaws. Hackers ... Show More
29m 33s
Nov 2024
War Room Best Practices
In this episode of Threat Vector, David Moulton, Director of Thought Leadership at Unit 42, is joined by cybersecurity experts Kyle Wilhoit, Director of Threat Research, and Michal Goldstein, Director of Security Architecture and Research at Palo Alto Networks. Together, they exp ... Show More
35m 17s
Feb 2025
Rethinking Cloud Security Strategies
Cloud security is more complex than ever. Organizations move fast, but security teams often struggle to keep up. In this episode of Threat Vector, host David Moulton speaks with Amol Mathur, SVP of Products for Prisma Cloud at Palo Alto Networks, about how platformization is resh ... Show More
35m 28s
Aug 2023
549: Unauthorized Trash Can
Pre-show: Marco’s box truck TruckMap Trucker Path 🗣️ New ATP Memership Survey 🗣️ (For everyone, not just members) 🗣️ New member special: ATP Tier List: Every iMac 🗣️ Follow-up: iMac Tier List Intel Core vs. Core 2 ∆s (via Michael Gabriel) Marco claims vindication Core Duo Gee ... Show More
1h 59m
Feb 2025
Hacked in plain sight.
A major employee screening provider discloses a data breach affecting over 3.3 million people. Signal considers exiting Sweden over a proposed law that would give police access to encrypted messages. House Democrats call out DOGE’s negligent cybersecurity practices. Critical vuln ... Show More
30m 56s
Jul 2024
Squarespace's square off with hijacked domains.
Some Squarespace users see their domains hijacked. Kaspersky Lab is shutting down US operations. BackPack APKs break malware analysis tools. Hackers use 7zip files to deliver Poco RAT malware. CISA’s red-teaming reveals security failings at an unnamed federal agency. Microsoft fi ... Show More
36m 53s
Dec 2024
Behind the Scenes with Palo Alto Networks CIO and CISO Securing Business Success with Frictionless Cybersecurity
In this episode of Threat Vector, David Moulton speaks with Meerah Rajavel, CIO of Palo Alto Networks, and Niall Browne, CISO of the organization, about the importance of aligning IT strategy with cybersecurity.  Meerah and Niall discuss how frictionless security, AI integration, ... Show More
39m 17s
Feb 2025
PAN-ic mode: The race to secure PAN-OS.
Palo Alto Networks confirms a recently patched firewall vulnerability is being actively exploited. CISA warns of an actively exploited iOS vulnerability. Juniper Networks has issued a critical security advisory for an API authentication bypass vulnerability. The acting commission ... Show More
35m 23s
Listen to millions of songs and podcasts on Anghami