• Canon printer driver vulnerabilities enable Windows kernel exploitation.
• Astonishing cyber-security awareness from a household appliance manufacturer.
• France tries to hook 2.5 million school children with a Phishing test.
• Wordpress added an abuse prone feature in 2022. Guess what happened?
• Oracle? Is there something you'd like to tell us?
• Utah's governor just signed the App Store Accountability Act. Now what?
• AI bots hungry for new data are DDoSing FOSS projects.
• No Microsoft Account? No Microsoft Windows 11.
• Gmail claims it now offers E2EE. It kinda sorta does. Somewhat.
• A dreaded CVSS 10.0 was discovered in Apache Parquet.
• A bunch of terrific listener feedback.
• What's Multi-Perspective Issuance Corroboration and why must all certificate authorities now do it?

Show Notes - https://www.grc.com/sn/SN-1020-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

• material.security
• threatlocker.com for Security Now
• canary.tools/twit - use code: TWIT
• joindeleteme.com/twit promo code TWIT
• bitwarden.com/twit

• Kuala Lumpur International Airport says no to a ransom attack, switches to whiteboard.
• A tired and jet-lagged Troy Hunt got Phished then listed himself on his own site.
• Cloudflare completely pulls the plug on port 80 (HTTP) API access.
• Malware is switching to obscure languages to avoid detection. FORTH, anyone?
• Password reuse doesn't appear to be dropping. Cloudflare has numbers.
• A listener shares his log of malicious Microsoft login attempts. Why no geofencing?
• 23andMe down for the count (reminder).
• A sobering Ransomware attack & victim listing website. Gulp!
• "InControl" keeps VR planes aloft.
• And the European Union gets serious about a switch to Linux

Show Notes - https://www.grc.com/sn/SN-1019-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

• drata.com/securitynow
• outsystems.com/twit
• bitwarden.com/twit
• threatlocker.com for Security Now
• legatosecurity.com

• The dangers of doing things you don't understand.
• Espressif responds to the claims of an ESP32 backdoor.
• A widely leveraged mistake Microsoft stubbornly refuses to correct.
• A disturbingly simple remote takeover of Apache Tomcat servers.
• A 10/10 vulnerability affecting some ASUS, ASRock and HPE motherboards.
• Google snapped up another cloud security firm but paid a price!
• RCS messaging to soon get full end-to-end encryption (done right!).
• How did an AI Crypto Chatbot lose $105,000? ...and what is an AI Crypto Chatbot?
• Looks like Oracle may take stewardship of TikTok to keep it in-country.
• Whoops! 23andMe is sinking — don't let them take your genetics with them!
• The White House says "the cyber guys should stay!"
• AI project failure rates are on the rise. Anyone surprised?
• Listener feedback, and a very interesting update on just how looming is the threat from quantum computing?

Show Notes - https://www.grc.com/sn/SN-1018-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

• zscaler.com/security
• legatosecurity.com
• joindeleteme.com/twit promo code TWIT