Dec 20th 2022
Security Now 902
A Generic WAF Bypass
Hosted by Steve Gibson, Leo Laporte
Pwn2Own Toronto, URSNIF malware, Vivaldi Mastodon support, Bye Bye SHA-1
Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.
- Picture of the Week.
- A malware operation known as URSNIF.
- Pwn2Own Toronto 2022.
- Citrix and Fortinet recently released security updates to patch 0-day vulnerabilities.
- Patch Tuesday.
- Another Uber breach?
- Elon Botches ‘Bot Blockage.
- Vivaldi integrates Mastodon in its desktop browser.
- 5,200 Dutch government warnings.
- CIB: “Coordinated Inauthentic Behavior”
- GitHub to require 2FA by the end of next year.
- Bye bye SHA-1.
- WordFence’s VERY useful looking WordPress add-on vulnerability database.
- Closing The Loop.
- A Generic WAF Bypass.
Show Notes https://www.grc.com/sn/SN-902-Notes.pdf
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now! at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.