• Last week's doozy of a patch Tuesday for both Microsoft and Adobe
• An interesting twist coming to Windows 7 and Server 2008 security updates
• Eight mining apps pulled from the Windows Store
• Another positive security initiative from Google
• Electric scooters being hacked
• Chipping away at Tor's privacy guarantees
• A year and a half after Equifax, and where's the data?
• The beginnings of GDPR-like legislation for US
• An extremely concerning new and emerging threat for the Internet

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• WordPress.com/securitynow
• canary.tools/twit - use code: TWIT
• Wasabi.com offer code SecurityNow

• Apple's most recent v12.1.4 iOS update and the two 0-day vulnerabilities it closed
• Worrisome new Android image-display vulnerability
• An interesting "reverse RDP" attack
• The new LibreOffice & OpenOffice vulnerability
• Microsoft's research into the primary source of software vulnerabilities
• MaryJo gets an early peek at enterprise pricing for extending Windows 7 support
• China and Russia continue their work to take control of their countries' Internet
• Firefox's resumption of its A/V warning in release 65.
• How Google does the Cha-Cha with their new "Adiantum" ultra-high-performance cryptographic cipher.

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• Atlassian.com/IT
• go.itpro.tv/securitynow promo code SN30
• Sophos.com

• Chrome gets "spell-check for URLs"
• Catch up on your Linux patch up!
• Performance enhancements for Chrome and FireFox.
• Facebook must really like being in the doghouse.
• The Japanese government takes on IoT security.
• Ubiquiti routers are in trouble again.
• Chrome "Never Slow" mode in the works.

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• FreshBooks.com/securitynow
• LastPass.com/twit
• securitynow.cachefly.com

• The expressive power of the social media friends we keep
• The persistent DNS hijacking campaign which has the US Government quite concerned
• Last week's iOS and macOS updates (and doubtless another one very soon!)
• A valiant effort to take down malware distribution domains
• Chrome catching up to IE and Firefox with drive-by file downloads
• Two particularly worrisome vulnerabilities in two Cisco router models publicly disclosed last Friday
• The state of the industry and the consequences of extensions to our web browsers.

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• expressvpn.com/securitynow
• Atlassian.com
• thehelm.com/SECURITYNOW

• Which is the right VPN client for Android, and which should you avoid at all costs?
• A very worrisome WiFi bug affecting billions of devices
• Hack a Tesla Model 3 at Pwn2Own
• Russia's ongoing, failing and flailing efforts to control the Internet
• The return of the Anubis Android banking malware
• Google's changing policy for phone and SMS App access
• Tim Cook's note in TIME Magazine
• News of a nice Facebook Ad auditing page
• Another Cisco default password nightmare in widely used lower-end devices

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• canary.tools/twit - use code: TWIT
• Wasabi.com offer code SecurityNow
• WordPress.com/securitynow

• The implications of the recent increase in bounty for the purchase of 0-day vulnerabilities.
• The intended and unintended consequences of last week's Windows Patch Tuesday.
• Speaking of unintended consequences, the US Government shutdown has had some, too!
• A significant privacy failure in WhatsApp.
• Another Ransomware decryptor (with a twist).
• Movement on the DNS-over-TLS front.
• An expectation of the cyberthreat landscape for 2019.
• A cloudy forecast for The Weather Channel App.
• A successful 51% attack against the Ethereum Classic cryptocurrency.
• Another court reversing compelled biometric authentication.
• An update on the lingering death of Flash... now in hospice care.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• go.itpro.tv/securitynow promo code SN30
• Sophos.com
• Atlassian.com

• The NSA announces the forthcoming release of an internal powerful reverse-engineering tool for examining and understanding other people's code.
• Emergency out-of-cycle patches from both Adobe and Microsoft.
• PewDiePie hacker strikes again.
• Prolific 0-day dropper SandboxEscaper ruffles some feathers.
• A new effort by the US government to educate industry about the risks of Cyber attacks.
• Welcome news on the ransomware front.
• VERY welcome news of a new Windows 10 feature.
• A note about a just-published side-channel attack on OS page caches.

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• LastPass.com/twit
• securitynow.cachefly.com
• FreshBooks.com/securitynow

The Best of Security Now from 2018!

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsor:

• securitynow.cachefly.com

• Rhode Island's response to Google's recent API flaw
• Signal's response to Australia's anti-encryption legislation
• The return of PewDiePie
• US border agents retaining traveler's private data
• This Week in Android Hijinks
• Confusion surrounding the Windows v5 release
• Another Facebook API mistake
• The 8th annual most common passwords list (AKA "How's 'monkey' doing?")
• Why all might not be lost if someone is hit with drive encrypting malware
• Microsoft's recent 4-month run of 0-day vulnerability patches
• The Firefox 64 update
• A reminder of an awesome train game for iOS, Mac and Android
• A look at a new and very troubling flaw discovered in the massively widespread SQLite library... and what we can do.

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• LastPass.com/twit
• RocketMortgage.com/SecurityNow
• redhat.com/heroes

• Australia's recently passed anti-encryption legislation
• Details of a couple more mega-breaches including a bit of Marriott follow-up
• A welcome call for legislation from Microsoft
• A new twist on online advertising click fraud
• The DHS is interested in deanonymizing cryptocurrencies beyond Bitcoin
• The changing landscape of TOR funding
• An entirely foreseeable disaster with a new Internet IoT-oriented protocol
• Google finds bugs in Google+ and acts responsibly -- again -- what that suggests for everyone else

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• ITPro.TV/securitynow - use code: SN30
• expressvpn.com/securitynow
• canary.tools/twit - use code: TWIT