Security Now 943

• Steve announces the release of his new freeware utility ValiDrive for detecting fake drive capacities. 
• 23andMe claims a recent data breach exposed customer info due to credential stuffing attacks. 
• Key stats from Microsoft's 2023 Digital Defense Report on cyberattacks, including increased attacks on open source software, growth in business email compromise, and more password attacks.
• Brave lays off 9% of its staff amid the tough economic climate, despite its efforts to diversify revenue with new search features.
• Google Docs exports replace links with tracking redirects, enabling Google to monitor clicked links from exported documents.
• The MOVEit breach impacted Sony, exposing employee and family data.
• Firefox 118 now supports Encrypted ClientHello for hiding site requests from network surveillance.
• Google will provide 7 years of updates for its new Pixel phones, up from 5 years previously.
• The MACE Act passed overwhelmingly in Congress, allowing agencies more flexibility in cybersecurity hiring.
• Median dwell time for ransomware dropped to less than 1 day, with human-driven attacks deploying it faster.
• Steve digs into the top 10 cybersecurity misconfigurations outlined in the new NSA/CISA advisory.

Show notes: https://www.grc.com/sn/SN-943-Notes.pdf

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

• Transcripts: Security Now 943 Transcript