Security Now with Steve Gibson and Leo Laporte

Nov 7th 2023

Security Now 947

Article 45

Citrix Bleed update, Ace Hardware cyberattack, Bitwarden get Passkeys

Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.
Category: Help & How To
  • Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key
  • A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix
  • Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable
  • Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity
  • CVSS version 4 released with new metrics for better granularity and clarity of vulnerability scores
  • Ace Hardware suffered a cyberattack impacting servers and systems
  • Google abandons controversial "Web DRM" proposal to let sites restrict browser extensions
  • Analysis of "BadCandy" malware infecting vulnerable Cisco routers
  • Bitwarden password manager adds support for FIDO2 passkeys in browser extension
  • Rescuing a severely degraded SSD and bringing it back to life with SpinRite
  • Feedback from listeners on IPv6 adoption, factors for choosing crypto primes, installing Windows 11, and more
  • The brewing battle in the EU over proposed eIDAS regulation Article 45 that could ban security checks on root certificates and undermine encrypted web traffic

Show Notes -

Download or subscribe to this show at

Get episodes ad-free with Club TWiT at

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site:, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.