logo
episode-header-image
Apr 2025
3h 5m

SN 1019: EU OS - Troy Hunt Phished, Rans...

TWiT
About this episode
  • Kuala Lumpur International Airport says no to a ransom attack, switches to whiteboard.
  • A tired and jet-lagged Troy Hunt got Phished then listed himself on his own site.
  • Cloudflare completely pulls the plug on port 80 (HTTP) API access.
  • Malware is switching to obscure languages to avoid detection. FORTH, anyone?
  • Password reuse doesn't appear to be dropping. Cloudflare has numbers.
  • A listener shares his log of malicious Microsoft login attempts. Why no geofencing?
  • 23andMe down for the count (reminder).
  • A sobering Ransomware attack & victim listing website. Gulp!
  • "InControl" keeps VR planes aloft.
  • And the European Union gets serious about a switch to Linux

Show Notes - https://www.grc.com/sn/SN-1019-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

Up next
Oct 7
SN 1046: Google's Developer Registration Decree - The End of Free Android Apps?
Google's new demand for developer registration could spell the end for open-source app stores, while Europe's controversial chat control vote threatens privacy for everyone—Steve and Leo break down what's at stake for devs and users alike. Qantas says no one can releak their stol ... Show More
2h 31m
Sep 30
SN 1045: News and Listener Views - 2.3 Million Cisco Devices Exposed
Cisco's routers just exposed more than two million networks thanks to a "security optional" SNMP setup that's being actively exploited—Steve and Leo break down why this is a worst-case scenario for the industry and how easily it could have been avoided. Gmail's spam filtering fal ... Show More
2h 49m
Sep 23
SN 1044: The EU's Online Age Verification - Consumer Reports vs. Microsoft
Consumer Reports on Windows 10 updates. Waste (not fraud or abuse) within DoD Cyberoperations. China's DeepSeek produces deliberately flawed code. WebAssembly v3.0 officially released. Firefox v143 updates and new features. Firefox for Android now offers DoH. A nearly terminal fl ... Show More
3h 1m
Recommended Episodes
Sep 4
Cloudflare Fends Off A Record Breaking 11.5 Tbps DDoS Attack
In this episode of Cybersecurity Today, host Jim Love covers the latest and most critical stories in the world of cyber threats and digital defense: • Cloudflare fends off a record-breaking 11.5 Tbps DDoS attack, highlighting the relentless scale and sophistication of modern cybe ... Show More
11m 59s
Aug 22
Cybersecurity Today: Massive Data Exposures, Microsoft Failures, and PayPal Breach Claims
In this episode of Cybersecurity Today, host Jim Love covers a range of recent cybersecurity incidents. A major privacy failure has hit Elon Musk's Grok chatbot, exposing over 370,000 private conversations with sensitive information. Microsoft's recent security update has caused ... Show More
9m 9s
Aug 2024
Cyber revolt or just digital ruckus?
Hacktivists respond to the arrest of Telegram’s CEO in France. Stealthy Linux malware stayed undetected for two years. Versa Networks patches a zero-day vulnerability. Google has patched its tenth zero-day vulnerability of 2024. Researchers at Arkose labs document Greasy Opal. A ... Show More
31m 20s
Jul 2024
Squarespace's square off with hijacked domains.
Some Squarespace users see their domains hijacked. Kaspersky Lab is shutting down US operations. BackPack APKs break malware analysis tools. Hackers use 7zip files to deliver Poco RAT malware. CISA’s red-teaming reveals security failings at an unnamed federal agency. Microsoft fi ... Show More
36m 53s
Jun 2024
U.S. tightens the cybersecurity belt.
Biden bans Kaspersky over security concerns. Accenture says reports of them being breached are greatly exaggerated. SneakyChef targets diplomats in Africa, the Middle East, Europe and Asia. A serious firmware flaw affects Intel CPUs. More headaches for car dealerships relying on ... Show More
34m 59s
Sep 2
Blizzard warning: Amazon freezes midnight hack.
Researchers disrupt a cyber campaign by Russia’s Midnight Blizzard. The Salesloft Drift breach continues to ripple outward. WhatsApp patches a critical flaw in its iOS and Mac apps. A fake PDF editing tool delivers the TamperChef infostealer. A hacker finds crash data Tesla claim ... Show More
32m 11s
Feb 2025
154: Hijacked Line
Conor Freeman (x.com/conorfrmn) stole money online. Lot’s of it. In this episode we talk with him, and hear how he did it, why he did, and what he spent it on.Conor’s website: https://conorfreeman.ieConor’s X: https://x.com/conorfrmnSponsorsSupport for this show comes from Threat ... Show More
1h 6m
Feb 2025
Hacked in plain sight.
A major employee screening provider discloses a data breach affecting over 3.3 million people. Signal considers exiting Sweden over a proposed law that would give police access to encrypted messages. House Democrats call out DOGE’s negligent cybersecurity practices. Critical vuln ... Show More
30m 56s
Jul 2023
New phishing campaigns hit Microsoft 365 and Adobe users. Big Head ransomware. Multichain bridge compromised. CISA adds a KEV. Progress patches MOVEit. Telegram's role in Russia's war.
New phishing campaigns afflict users of Microsoft 365 and Adobe. An analysis of Big Head ransomware. Multichain reports a crypto heist with over $100 million stolen. CISA makes an addition to the Known Exploited Vulnerability Catalog. Progress Software issues additional MOVEit pa ... Show More
31m 15s
Feb 2025
PAN-ic mode: The race to secure PAN-OS.
Palo Alto Networks confirms a recently patched firewall vulnerability is being actively exploited. CISA warns of an actively exploited iOS vulnerability. Juniper Networks has issued a critical security advisory for an API authentication bypass vulnerability. The acting commission ... Show More
35m 23s
Listen to millions of songs and podcasts on Anghami