Sep 2024

2h 23m

SN 992: Password Manager Injection Attac...

TWiT

About this episode

Windows Endpoint Security Ecosystem Summit
Aging storage media does NOT last forever
How Navy chiefs conspired to get themselves illegal warship Wi-Fi
adam:ONE named the #1 best Secure Access Service Edge (SASE) solution
AI Talk
Password Manager Injection Attacks

Show Notes - https://www.grc.com/sn/SN-992-Notes.pdf

Hosts: Steve Gibson and Mikah Sargent

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Up next

May 7

SN 1024: Don't Blame Signal - The Real Story Behind the TM SGNL Breach

Microsoft to officially abandon passwords and support their deletion. Meta's RayBan smart glasses weaken their privacy terms. 30% of Microsoft code is now being written by AI. Google says prying Chrome from it will damage its security. Nearly 1,000 six-year-old eCommerce backdoor ... Show More

2h 46m

Apr 30

SN 1023: Preventing Windows Sandbox Abuse - Microsoft Says "Don't Delete This Folder"

Why did a mysterious empty "inetpub" directory appear after April's Patch Tuesday? And what new Windows Update crashing hack did this also create? North Korea is now creating fake US companies to lure would-be employees. The "Inception" attack subverts all GPT conversational AIs. ... Show More

2h 44m

Apr 23

SN 1022: The Windows Sandbox - Short-life Certs, Ransomware Payout Stats

Enabling Firefox's Tab Grouping. Recalled Recall Re-Rolls out. The crucial CVE program nearly died. It's been given new life. China confesses to hacking the US (blames our stance on Taiwan). CISA says what Oracle still refuses to. Brute force attacks on the (rapid) rise. An AI/ML ... Show More

2h 53m

Recommended Episodes

Aug 2024

From secret chats to public spats.

Telegram’s CEO is arrested by French police, presumably over moderation failures. A cyberattack disrupted services at Seattle-Tacoma International Airport and the Port of Seattle. SonicWall has warned customers of a critical vulnerability that could lead to unauthorized access or ... Show More

32m 10s

Jul 2024

AT&T's not so LOL hack.

AT&T wireless announces a massive data breach. NATO will build a cyber defense center in Belgium. The White House outlines cybersecurity budget priorities.A popular phone spyware app suffers a major data breach.Some Linksys routers are sending user credentials in the clear. Sysdi ... Show More

36m 41s

Sep 2024

UK’s newest cybersecurity MVPs.

The UK designates data centers as Critical National Infrastructure. Cisco releases patches for multiple vulnerabilities in its IOS XR network operating system. BYOD is a growing security risk. A Pennsylvania healthcare network has agreed to a $65 million settlement stemming from ... Show More

34m 29s

Aug 2024

Almost letting hackers rule the web.

A Wordpress plugin vulnerability puts 5 million sites at risk. Google releases an emergency Chrome update addressing an actively exploited vulnerability. Cisco patches multiple vulnerabilities. Researchers say Slack AI is vulnerable to prompt injection. Widely used RFID smart car ... Show More

32m 7s

Oct 2024

Balancing Security with Usability in Cybersecurity

In this episode of Threat Vector, host David Moulton talks with guest speaker Brian Wrozek, Forrester Principal Analyst in Security & Risk, about the complexities of aligning security strategies across global teams. Brian draws on his extensive experience in cybersecurity, operat ... Show More

41m 41s

Jun 27

Turbulence in the cloud.

Hawaiian Airlines reports a cybersecurity incident. Microsoft updates its Windows Resiliency Initiative after the 2024 CrowdStrike crash. CitrixBleed 2 is under active exploitation in the wild. Researchers disclose a critical vulnerability in Open VSX. Malware uses prompt injecti ... Show More

37m 13s

Mar 2025

Tomcat got your server?

An Apache Tomcat vulnerability is under active exploitation. CISA rehires workers ousted by DOGE. Lawmakers look to protect rural water systems from cyber threats. Western Alliance Bank notifies 22,000 individuals of a data breach. A new cyberattack method called BitM allows hack ... Show More

30m 57s

Aug 2024

From dispossessor to disposed.

The FBI is the repossessor of Dispossessor. The NCA collars and extradites a notorious cybercriminal. A German company loses sixty million dollars to business email compromise. DeathGrip is a new Ransomware-as-a-Service (RaaS) platform. Russia blocks access to Signal. NIST publis ... Show More

37m 47s

Apr 10

Former cybersecurity officials lose clearances.

Trump targets former cybersecurity officials. Senator blocks CISA nominee over telecom security concerns. The acting head of NSA and Cyber Command makes his public debut. Escalation of Cyber Tensions in U.S.-China Trade Relations. Researchers evaluate the effectiveness of Large L ... Show More

32m 31s

Jan 2025

Massive malware cleanup.

The FBI deletes PlugX malware from thousands of U.S. computers. Researchers uncover vulnerabilities in Windows 11 allowing attackers to bypass protections and execute code at the kernel level. A look at (a busy) Patch Tuesday. Researchers uncovered six critical vulnerabilities in ... Show More

35m 35s

Listen to millions of songs and podcasts on Anghami