Security Now (Video) - podcast cover

Security Now (Video)

TWiTtwit.tv
Technology
Cybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.
Last refreshed:
Follow this podcast in the Metacast mobile app to refresh it and see new episodes.
Follow on
Apple Podcasts
Spotify
RSS
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Podcasts are better in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episodes

SN 1043: Memory Integrity Enforcement - Crypto ATM Scam Epidemic

Apple just rewrote the rules of device security with a chip-level upgrade that could wipe out most iPhone vulnerabilities overnight. Find out how "memory integrity enforcement" aims to make exploits a thing of the past—and why it took half a decade to pull off. Are Bitcoin ATMs anything more than scamming terminals. Ransomware hits the Uvalde school district and Jaguar. Did "Scattered LapSus Hunters" just throw in the towel. Germany, for one, to vote "no" on Chat Control. Russia's new MAX messen...

Sep 17, 20252 hr 51 minEp. 1043

SN 1042: Letters of Marque - 1.1.1.1 Certificate Snafu

Steve and Leo explore the blurring lines between cyber defense and retaliation, examining Google's plan for a cyber disruption unit and the historical context of 'Letters of Marque'. They also detail a sophisticated supply chain attack exploiting 18 popular npm packages to hijack cryptocurrency, and the unsettling misissuance of 1.1.1.1 DNS TLS certificates, raising concerns about trust and transparency. Other topics include AI blackmail against artists, Firefox's extended support for older Windows versions, and the debate over cybersecurity information sharing.

Sep 10, 20252 hr 56 minEp. 1042

SN 1041: Covering All the Bases - SHAKEN Networks, Uncontrollable AI, and Robocall Reckoning

When even the Department of Defense can't properly vet its software dependencies, what chance do the rest of us have? Steve Gibson reveals how "fast-glob" became a case study in supply chain blindness, explores whether AI can ever truly be controlled after Meta's celebrity chatbot disaster, and celebrates BYTE Magazine's 50th anniversary with a look at how far we've come (and how vulnerable we still are). A look back at issue #1 of BYTE magazine exactly 50 years ago The enforcement of the SHAKEN...

Sep 03, 20253 hr 3 minEp. 1041

SN 1040: Clickjacking "Whac-A-Mole" - Inside the Password Manager Clickjacking Frenzy and What It Means

Alarm bells are ringing over a supposed browser zero-day, but is the threat as bad as it sounds? Steve reveals why "clickjacking" might be more whac-a-mole than breaking news, and what that really means for your passwords. • Germany may soon outlaw ad blockers • What's happening in the courts over AI • The U.K. drops its demands of Apple • New Microsoft 365 tenants being throttled • Is Russia preparing to block Google Meet? • Bluesky suspends its service in Mississippi • How to throttle AI • A t...

Aug 27, 20252 hr 51 minEp. 1040

SN 1039: The Sad Case of ScriptCase - Data Brokers Dodge Deletion

What AI website summaries mean for Internet economics. Time to urgently update Plex Servers (again). Allianz Life stolen data gets leaked. Chrome test Incognito-mode fingerprint script blocking. Chrome 140 additions coming in 2 weeks. Data brokers hide opt-out pages from search engines. Secure messaging changes in Russia. NIST rolls-out lightweight IoT crypto. SyncThing moves to v2.0 and beyond. Alien:Earth -- first take. What can we learn from another critical vulnerability? Show Notes - https:...

Aug 20, 20252 hr 52 minEp. 1039

SN 1038: Perplexity's Duplicity - Malicious Repository Libraries

CISA's Emergency Directive to ALL Federal agencies re: SharePoint. NVIDIA firmly says "no" to any embedded chip gimmicks. Dashlane is terminating its (totally unusable) free tier. Malicious repository libraries are becoming even more hostile. The best web filter (uBlock Origin) comes to Safari. The very popular SonicWall firewall is being compromised. >100 models of Dell Latitude and Precision laptops are in danger. The significant challenge of patching SharePoint (for example). A quick look ...

Aug 13, 20253 hr 4 minEp. 1038

SN 1037: Chinese Participation in MAPP - Why Signal is Leaving Australia

A follow-up to the SharePoint server patch mess. How Russia arranges to spy on other country's local embassies. "Dropbox Passwords" manager app is ending in October. Signal will leave Australia rather than help spy. YouTube deploys viewing history age-estimation heuristics. Chrome adds clever lightweight extension signing to prevent abuse. A domain registrar is coming close to losing its rights. A TP-Link router that doesn't encrypt its configuration. What is "TruAge" and might it be useful for ...

Aug 06, 20252 hr 47 minEp. 1037

SN 1036: Inside the SharePoint 0-day - Is Our Data Safe Anywhere?

Brave randomizes its fingerprints. The next Brave will block Microsoft Recall by default. Clorox sues its IT provider for $380 million in damages. 6-month Win10 ESU offers are beginning to appear. Warfare has significantly become cyber. Allianz Life loses control of 125 million customers' data. The CIA's Acquisition Research Center website was hacked. The Pentagon says the SharePoint RCE didn't get them. A look at a DPRK "laptop farm" to impersonate Americans. FIDO's passkey was NOT bypassed by ...

Jul 30, 20252 hr 58 minEp. 1036

SN 1035: Cloudflare's 1.1.1.1 Outage - Bypassing Passkey Protections

Bypassing all passkey protections. The ransomware attacks just keep on coming. Cloudflare capitulates to the MPA and starts blocking. The need for online age verification is exploding. Microsoft really wants Exchange Servers to subscribe. Russia (further) clamps down on Internet usage. The global trend toward more Internet restrictions. China can inspect locked Android phones. Use a burner. Web shells are the new buffer overflow. An age verification protocol sketch. What Cloudflare did to create...

Jul 23, 20252 hr 48 minEp. 1035

SN 1034: Introduction to Zero-Knowledge Proofs - Taking Down Quantum Factorization

A glorious takedown of quantum factorization. Notepad++ signs its own code signing certificate. Dennis Taylor has Bobiverse Book 6 on his lap. Crypto/ATM machines flat out outlawed. Signal vs WhatsApp: Encryption in flight and at rest. A close look at browser fingerprinting metrics. Rewriting interpreters in memory-safe languages. An introduction to zero-knowledge proofs Show Notes - https://www.grc.com/sn/SN-1034-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security No...

Jul 16, 20252 hr 56 minEp. 1034

SN 1033: Going on the Offensive - The Digital Arms Race

Another Israeli spyware vendor surfaces. Win11 to delete restore points more quickly. The EU accelerates its plans to abandon Microsoft Azure. The EU sets timelines for Post-Quantum crypto adoption. Russia to create a massive IMEI database. Canada and the UK create the "Common Good Cyber Fund". U.S. states crack down on Bitcoin ATMs amid growing scams. Congressional staffers cannot use WhatsApp on gov devices. LibXML2 and the problems with commercial use of OSS. A(nother) remote code execution v...

Jul 09, 20253 hr 5 minEp. 1033
For the best experience, listen in Metacast app for iOS or Android