Security Now (Audio)

Apple just rewrote the rules of device security with a chip-level upgrade that could wipe out most iPhone vulnerabilities overnight. Find out how "memory integrity enforcement" aims to make exploits a thing of the past—and why it took half a decade to pull off.

• Are Bitcoin ATMs anything more than scamming terminals.
• Ransomware hits the Uvalde school district and Jaguar.
• Did "Scattered LapSus Hunters" just throw in the towel...

Is the U.S. on the verge of legalizing "hack back" missions, turning private companies into sanctioned cyber warriors? Steve and Leo unpack Google's plan for a cyber disruption unit and why the lines between defense and digital retaliation are suddenly blurring.

• My experience with 'X' vs email.
• Google TIG blackmailed to fire two security researchers.
• 1.1.1.1 DNS TLS certificate mis-issued.
• Artists blackmailed with threats ...

When even the Department of Defense can't properly vet its software dependencies, what chance do the rest of us have? Steve Gibson reveals how "fast-glob" became a case study in supply chain blindness, explores whether AI can ever truly be controlled after Meta's celebrity chatbot disaster, and celebrates BYTE Magazine's 50th anniversary with a look at how far we've come (and how vulnerable we still are).

• A look back at issue...

Alarm bells are ringing over a supposed browser zero-day, but is the threat as bad as it sounds? Steve reveals why "clickjacking" might be more whac-a-mole than breaking news, and what that really means for your passwords.

• Germany may soon outlaw ad blockers
• What's happening in the courts over AI
• The U.K. drops its demands of Apple
• New Microsoft 365 tenants being throttled
• Is Russia preparing to block Google Meet?
...

• What AI website summaries mean for Internet economics.
• Time to urgently update Plex Servers (again).
• Allianz Life stolen data gets leaked.
• Chrome test Incognito-mode fingerprint script blocking.
• Chrome 140 additions coming in 2 weeks.
• Data brokers hide opt-out pages from search engines.
• Secure messaging changes in Russia.
• NIST rolls-out lightweight IoT crypto.
• SyncThing moves to v2.0 and beyond.
• Alien:Earth -- first...

• CISA's Emergency Directive to ALL Federal agencies re: SharePoint.
• NVIDIA firmly says "no" to any embedded chip gimmicks.
• Dashlane is terminating its (totally unusable) free tier.
• Malicious repository libraries are becoming even more hostile.
• The best web filter (uBlock Origin) comes to Safari.
• The very popular SonicWall firewall is being compromised.
• >100 models of Dell Latitude and Precision laptops are in danger.
...

• A follow-up to the SharePoint server patch mess.
• How Russia arranges to spy on other country's local embassies.
• "Dropbox Passwords" manager app is ending in October.
• Signal will leave Australia rather than help spy.
• YouTube deploys viewing history age-estimation heuristics.
• Chrome adds clever lightweight extension signing to prevent abuse.
• A domain registrar is coming close to losing its rights.
• A TP-Link router that ...

• Brave randomizes its fingerprints.
• The next Brave will block Microsoft Recall by default.
• Clorox sues its IT provider for $380 million in damages.
• 6-month Win10 ESU offers are beginning to appear.
• Warfare has significantly become cyber.
• Allianz Life loses control of 125 million customers' data.
• The CIA's Acquisition Research Center website was hacked.
• The Pentagon says the SharePoint RCE didn't get them.
• A look at a ...

• Bypassing all passkey protections.
• The ransomware attacks just keep on coming.
• Cloudflare capitulates to the MPA and starts blocking.
• The need for online age verification is exploding.
• Microsoft really wants Exchange Servers to subscribe.
• Russia (further) clamps down on Internet usage.
• The global trend toward more Internet restrictions.
• China can inspect locked Android phones. Use a burner.
• Web shells are the new buf...