Security Now with Steve Gibson and Leo Laporte

Dec 20th 2022

Security Now 902

A Generic WAF Bypass

Pwn2Own Toronto, URSNIF malware, Vivaldi Mastodon support, Bye Bye SHA-1

Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.
Category: Help & How To
  • Picture of the Week. 
  • A malware operation known as URSNIF. 
  • Pwn2Own Toronto 2022. 
  • Citrix and Fortinet recently released security updates to patch 0-day vulnerabilities. 
  • Patch Tuesday. 
  • Another Uber breach? 
  • Elon Botches ‘Bot Blockage. 
  • Vivaldi integrates Mastodon in its desktop browser. 
  • 5,200 Dutch government warnings. 
  • CIB: “Coordinated Inauthentic Behavior” 
  • GitHub to require 2FA by the end of next year. 
  • Bye bye SHA-1. 
  • WordFence’s VERY useful looking WordPress add-on vulnerability database. 
  • Closing The Loop. 
  • SpinRite. 
  • A Generic WAF Bypass. 

Show Notes

Download or subscribe to this show at

Get episodes ad-free with Club TWiT at

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site:, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.