SN 947: Article 45 - Citrix Bleed update, Ace Hardware cyberattack, Bitwarden get Passkeys
Security Now (Audio) - A podcast by TWiT - Miercuri
Categories:
Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity CVSS version 4 released with new metrics for better granularity and clarity of vulnerability scores Ace Hardware suffered a cyberattack impacting servers and systems Google abandons controversial "Web DRM" proposal to let sites restrict browser extensions Analysis of "BadCandy" malware infecting vulnerable Cisco routers Bitwarden password manager adds support for FIDO2 passkeys in browser extension Rescuing a severely degraded SSD and bringing it back to life with SpinRite Feedback from listeners on IPv6 adoption, factors for choosing crypto primes, installing Windows 11, and more The brewing battle in the EU over proposed eIDAS regulation Article 45 that could ban security checks on root certificates and undermine encrypted web traffic Show Notes - https://www.grc.com/sn/SN-947-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com canary.tools/twit - use code: TWIT Melissa.com/twit