Oct 10th 2023
Security Now 943
The Top 10 Cybersecurity Misconfigurations
Hosted by
Steve Gibson,
Leo Laporte
MACE Act Passed, Brave Layoffs, 23andMe Breached
Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 21:30 UTC.
- Steve announces the release of his new freeware utility ValiDrive for detecting fake drive capacities.
- 23andMe claims a recent data breach exposed customer info due to credential stuffing attacks.
- Key stats from Microsoft's 2023 Digital Defense Report on cyberattacks, including increased attacks on open source software, growth in business email compromise, and more password attacks.
- Brave lays off 9% of its staff amid the tough economic climate, despite its efforts to diversify revenue with new search features.
- Google Docs exports replace links with tracking redirects, enabling Google to monitor clicked links from exported documents.
- The MOVEit breach impacted Sony, exposing employee and family data.
- Firefox 118 now supports Encrypted ClientHello for hiding site requests from network surveillance.
- Google will provide 7 years of updates for its new Pixel phones, up from 5 years previously.
- The MACE Act passed overwhelmingly in Congress, allowing agencies more flexibility in cybersecurity hiring.
- Median dwell time for ransomware dropped to less than 1 day, with human-driven attacks deploying it faster.
- Steve digs into the top 10 cybersecurity misconfigurations outlined in the new NSA/CISA advisory.
Show notes: https://www.grc.com/sn/SN-943-Notes.pdf
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.