• When is Chrome not Chromium?
• A major DuckDuckGo milestone.
• Project Zero in the wild.
• First Patch Tuesday of 2021.
• ZeroLogon Drop Dead.
• NSA warns against outsourcing DoH services.
• A Side-Channel in Titan.
• The "PayPal Football"
• WhatsApp's decision to bring its data into Facebook.

We invite you to read our show notes at https://www.grc.com/sn/SN-802-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• business.eset.com/twit
• expressvpn.com/securitynow
• canary.tools/twit - use code: TWIT

• Firefox and Chromium updates address remote system take over bugs.
• Tenable researchers reported a critical Chromium bug.
• What Firefox's backspace key does and should do.
• How Ryuk malware operations netted $150 million via cryptocurrency exchange.
• Intel: A triumph of marketing over technology.
• The strange case of the Male Chastity Cage.
• A SolarWinds smoking gun? "Sunburst backdoor."
• A class action lawsuit filed by shareholders of SolarWinds stock.
• The "Krebs Stamos Group"
• Zyxel security endpoints under attack.
• WhatsApp revises their privacy policy.
• Signal sees a mass influx of WhatsApp users.
• Out with the old: A look at the history of SpinRite code.

We invite you to read our show notes at https://www.grc.com/sn/SN-801-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• WWT.COM/TWIT
• barracuda.com/securitynow

• Chrome struggles with A/V pre-scan file locking.
• Zyxel security products protected by a single redundant password.
• How Swatters are using IoT devices to increase the terror.
• A new serious problem in the PHP Zend Framework on WordPress.
• Bitcoin woes as value reaches new peaks.
• ReadSpeed, SSD's, and SpinRite.
• A new flaw discovered in SolarWinds' Orion software.

We invite you to read our show notes at https://www.grc.com/sn/SN-800-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsor:

• itpro.tv/securitynow promo code SN30

• Chrome 87 backs away from Insecure Form Warnings.
• Firefox to begin partitioning its caches.
• Browsers say no to Kazakhstan again.
• Announcing the RTF - The Ransomware Task Force.
• 5 million WordPress sites in critical danger.
• Treck's TCP/IO stack strikes again!
• Preserving Flash content online.
• SpinRite: ReadSpeed is ready!
• InitDisk is at release 5.
• Numerous updates on SolarWind, Sunburst, and Supernova.

We invite you to read our show notes at https://www.grc.com/sn/SN-799-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

• Clearview AI face scanning.
• The "EARN IT" act.
• Zoom security issues.
• Why contact tracing apps won't work.
• How to prevent the next Twitter hack
• Ring's autonomous flying home security webcam.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

• Chrome's heavy ad intervention.
• Adrozek.
• Ransomware: "Double Extortion."
• A 0-click wormable vulnerability in D-Link VPN servers.
• Google suffered an outage.
• Amnesia:33.
• Zero-day in WordPress SMTP plugin.
• The 2020 Pwnie Awards.
• The end of Flash.
• JavaScript is celebrating its 25th birthday.
• InitDisk release 4 published.
• A deep look at the SolarWinds hack.

We invite you to read our show notes at https://www.grc.com/sn/SN-797-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• barracuda.com/securitynow
• WWT.COM/TWIT
• canary.tools/twit - use code: TWIT

• Ransomware news regarding Foxconn, Egregor, and K12 Inc.
• The Apple iPhone zero-click radio proximity vulnerability.
• Oblivious DoH (ODoH).
• Google Play Core Library problems.
• The mysterious power of Apple's M1 Arm processor chip.
• InitDisk release 2 published.
• SpinRite update.
• Amazon Sidewalk.

We invite you to read our show notes at https://www.grc.com/sn/SN-796-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• Wasabi.com offer code SECURITYNOW
• Melissa.com/twit
• itpro.tv/securitynow promo code SN30

• Chrome Omnibox becomes more Omni.
• Chrome's open tabs search.
• Ransomware news involving Delaware County, Canon, US Fertility, Ritzau, Baltimore County Public Schools, and Banijay group SAS.
• Drupal's security advisory titled "Drupal core - Critical - Arbitrary PHP code execution."
• The revenge of cheap smart doorbells.
• Tesla Key Fob Hack #3.
• CA's adapt to single-year certs.
• Nearly 50,000 Fortinet VPN credentials posted online.
• More than 300,000 Spotify accounts hacked.
• MobileIron MDM CVSS 9.8 RCE.
• The Salvation Trilogy.
• Spinrite update.
• DNS Consolidation.

We invite you to read our show notes at https://www.grc.com/sn/SN-795-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• expressvpn.com/securitynow
• LastPass.com/twit
• WWT.COM/TWIT

• Chrome moves to release 87.
• Explicit Publication of Privacy Practices.
• Firefox 83 gets HTTPS-only Mode.
• Mozilla seeks consultation on implementing DNS-over-HTTPS.
• The comical announcement strategy of the Egregor Ransomware.
• Large-scale attacks targeting Epsilon Framework Themes in WordPress.
• Cybercrime gang installs hidden e-commerce stores on WordPress sites.
• 245,000 Windows systems still vulnerable to BlueKeep RDP bug.
• Google's Rich Communication Services is getting E2EE via Signal.
• Cicada, a Chinese state-sponsored advanced persistent threat group.

We invite you to read our show notes at https://www.grc.com/sn/SN-794-Notes.pdf

Hosts: Steve Gibson and Jason Howell

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• manscaped.com/twit
• extrahop.com/SECURITYNOW
• barracuda.com/securitynow

• Where do most malicious Android apps come from?
• SAD DNS is a revival of the classic DNS cache poisoning attack
• How many Ransomware-as-a-Service (RaaS) operations are there?
• Ragnar Locker ransomware gang takes out a Facebook ad
• Two more new 0-days revealed in Chrome
• Last Tuesday, Microsoft fixed 112 known vulnerabilities in Microsoft products

We invite you to read our show notes at https://www.grc.com/sn/SN-793-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• canary.tools/twit - use code: TWIT
• extrahop.com/SECURITYNOW
• WWT.COM/TWIT