Security Now (Audio)
By Leo Laporte (feedmail@twit.tv)
Cybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week. You can join Club TWiT for $10 per month and get ad-free audio and video feeds for all our shows plus everything else the club offers...or get just this podcast ad-free for $5 per month. New episodes every Tuesday.
22 episodes
All Episodes
NSA's Fast16.sys: Decades of Digital Sabotage Corrupting Calculations
NSA's Fast16.sys rootkit subtly corrupted scientific calculations for over 20 years, revealing early state-sponsored sabotage targeting research integrity.
View Episode Notes →
AI Accelerates Vulnerability Lifecycle, Demanding Security Adaptation Now
AI is collapsing the vulnerability lifecycle, enabling attackers to exploit software faster than organizations can patch. Adapt now or face an avalanche of AI-driven attacks.
View Episode Notes →
AI's Exploitability Demands Shift from Patching to Prevention
AI can now chain zero-day vulnerabilities into working exploits, ending "ship it and patch it later." This demands a fundamental shift in software development and security practices to avoid impending mayhem.
View Episode Notes →
FCC Router Ban: Misplaced Focus on Origin Over Actual Security
The FCC's router ban misses the mark on cybersecurity, creating market disruption and a false sense of security by focusing on hardware origin instead of actual device vulnerabilities.
View Episode Notes →
LightLLM Catastrophe Exposes Fragile Software Supply Chain Trust
A compromised dependency nearly unleashed a catastrophic AI supply chain attack, revealing the alarming fragility of automated development and implicit trust in open-source code.
View Episode Notes →
H&R Block Software Embeds Root CA Private Key, Creating Security Backdoor
H&R Block's tax software embeds a root certificate with its private key, creating a 23-year vulnerability that exposes users to man-in-the-middle attacks and bypasses standard security protocols.
View Episode Notes →
CISA's Cyber Hygiene Service: Free External Scans Reveal Hidden Network Weaknesses
Discover a free, hidden shield for your network. CISA's Cyber Hygiene Service scans your internet-facing assets, revealing vulnerabilities you didn't know existed and significantly reducing risk.
View Episode Notes →
LLMs Automate De-anonymization, Eroding Digital Privacy
LLMs now dismantle digital anonymity with astonishing accuracy, transforming privacy from a given into a privilege requiring active defense. Understand how this de-anonymization occurs and its profound impact on digital identity.
View Episode Notes →
Internal Threats Demand Zero Trust Security Architecture
Internal threats now bypass perimeter defenses, demanding a shift to "never trust, always verify" with Zero Trust principles for resilient organizations.
View Episode Notes →
When Trust Becomes the Exploit: Social Engineering and Native Tools
Attackers exploit user trust and system convenience, turning Windows functionalities into vulnerabilities. Understand these evolving tactics to defend against sophisticated social engineering.
View Episode Notes →
Hidden Costs of Convenience: Exploiting User Trust in Cybersecurity
Convenience in the digital world hides cybersecurity risks. Attackers exploit human psychology and system flaws, often using AI, to bypass security and compromise systems through seemingly harmless actions.
View Episode Notes →
Password Manager Security Compromised by Convenience Features
Convenience in password managers introduces hidden security risks by adding complexity. Understand the trade-offs between usability and robust protection to safeguard your digital credentials.
View Episode Notes →
Human Trust Creates Code Signing Gauntlet and AI Risks
Human trust is the critical vulnerability in secure code, creating bureaucratic hurdles and potential profiteering within the code signing system.
View Episode Notes →
The Hidden Costs of Convenience: Why Least Privilege is True Security
Prioritizing convenience over the "least privilege" security principle creates systemic vulnerabilities, leading to breaches that bad actors actively exploit.
View Episode Notes →
AI Discovers Zero-Day Vulnerabilities, Reshaping Software Security
AI discovers zero-day vulnerabilities at an unprecedented scale, revealing that current software security understanding is becoming obsolete, demanding a paradigm shift.
View Episode Notes →
AI-Driven Malware Revolution Widens Attacker-Defender Asymmetry
AI empowers attackers to create sophisticated malware rapidly, widening the gap between offensive and defensive capabilities and demanding new strategies for cybersecurity professionals.
View Episode Notes →
AI Demand Disrupts Cybersecurity Hardware and Intensifies Data Privacy Scrutiny
Rising DRAM prices from AI demand will significantly squeeze firewall manufacturers, increasing costs and potentially impacting cybersecurity stock values.
View Episode Notes →
AI Accelerates Development While Code Signing Becomes Costlier
AI accelerates software creation, yet escalating code signing costs and complexity challenge authenticity verification.
View Episode Notes →
AI Accelerates Coding, Short-Lived Certificates Complicate Trust
AI coding assistants democratize software creation and accelerate development, while short-lived certificates and cloud signing services increase complexity and costs.
View Episode Notes →
Code-Signing Certificate Lifetimes Shortened, Consolidating Power
Code-signing certificate lifetimes are shrinking, increasing costs and consolidating power under a few providers, not enhancing security. This shift threatens software integrity and personal computing freedom.
View Episode Notes →
Vitamin D Deficiency: Unrecognized Epidemic and Widespread Health Implications
Vitamin D, a steroid hormone crucial for immunity and disease prevention, is deficient in most people due to modern lifestyles, yet its benefits extend far beyond bone health.
View Episode Notes →
North Korean Hackers Exploit Emerging Tech for Billions in Crypto
North Korean hackers steal billions in crypto using sophisticated tactics like IT worker infiltration and malware hidden in browser extensions, posing a major national security threat.
View Episode Notes →