• A new DRAM problem called "RAMBleed"• A bad Linux TCP SACK server kernel crashing flaw• Last week's patch Tuesday• A Bluetooth surprise• Another useless warning about the BlueKeep vulnerability• Microsoft misses a 90-day Tavis Ormandy deadline• Good news about GandCrab wrapup• Yubico's entropy mistake• Post-announce SQRL news• Our favorite iOS security app• Attacks on Exim mail servers and other pending disastersWe invite you to read our show notes at https://www.grc.com/sn/SN-719-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: pulseway.com/twit Wasabi.com offer code SecurityNow canary.tools/twit - use code: TWIT

• SandboxEscaper drops another 0-day• The still-not-yet-widely-exploited BlueKeep vulnerability• GoldBrute Botnet pounding on RDP servers (but not yet using BlueKeep)• The FBI issued an interesting advisory about not trusting secure sites just because they're secure• VLC receives 33 security bug fixes• Microsoft's Edge browser takes another step forward• Mozilla reorganizes• MUST HAVE utility of the week: DNS Query Sniffer• The first formal full release of SQRL• Anyone running an Exim mail server needs to update immediately!We invite you to read our show notes at https://www.grc.com/sn/SN-718-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite...

• Checking in on the BlueKeep RDP vulnerability• The planned shutdown of one of the most "successful" affiliate-based ransomware systems• An update on the anti-Robocalling problem• Russian and Chinese militaries plan to quit using Windows• Apple's announcement yesterday of their forthcoming "Sign in with Apple" service• The Nansh0u campaign, apparently sourced from China, has successfully compromised many tens of thousands of servers exposed to the Internet.We invite you to read our show notes at https://www.grc.com/sn/SN-717-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: securitynow.cachefly.com Jobs LastPass.com/twit

• The Internet is Doomed: BlueKeep Attacks Windows Remote Desktop Protocol• Google Stores Unhashed G Suite Passwords• Sandbox Escaper Drops FIVE New Zero-Day Exploits• Microsoft's Just-released Win10 Feature Update 1903• Security Enhancements in Firefox's Release 67We invite you to read our show notes at https://www.grc.com/sn/SN-716-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Prilock.com/twit promo code LEO expressvpn.com/securitynow Atlassian.com/teams/it

This Week's Stories• The next round of Intel processor information leakage problems: Microarchitectural Data Sampling vulnerabilities• Last Tuesday's patches from Microsoft, Adobe and Apple includes one for Windows XP• Security problem for Cisco that ever has stock analysts taking notice• Ongoing troubles with the cryptocurrency market• Trouble with Google's Titan Bluetooth dongle• Another monthly problem with Windows 10 updatesWe invite you to read our show notes at https://www.grc.com/sn/SN-715-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT WordPress.com/securitynow pulseway.com/twit

This Week's Stories• Update WhatsApp NOW!• Security News from Google I/O 2019 conference• A new exploitable flaw in all Linux kernels earlier than v5.0.8• A new set of flaws affecting all Intel processors known as "ZombieLoad"• Security enhancements in Android Q.We invite you to read our show notes at https://www.grc.com/sn/SN-714-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: go.itpro.tv/securitynow promo code SN30 FreshBooks.com/securitynow Atlassian.com/teams/it

This Week's StoriesThe continuing and changing world of cryptojacking after Coinhive closed their doors last month.Google's announcement of self-expiring data retentionThe mess arising from Mozilla's intermediate certificate expirationAnother wrinkle in the exploit marketplaceMozilla's announcement about deliberate code obfuscationA hacker who hacked at least 29 other botnet hackersA warning about a very popular D-Link netcamWho's paying and who's receiving bug bounties by countryAnother User-Agent gotcha with Google DocsA problem with Google Earth on the new Chromium-Edge browserA bit more about Edge's future just dropped at the start of Microsoft's Build 2019 conference. We invite you to read our show notes at https://www.grc.com/sn/SN-713-Notes.pdf Hosts: Leo Laporte and Steve Gibson Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including...

The large and emerging threat of website credential stuffing attacks.Privacy fallout from our recent coverage of Facebook and GoogleThe uptake rate of recent Windows 10 feature releasesThe source of the A/V troubles with the April patch Tuesday updatesThe NIST's formal fuzzing developmentA massive and ongoing database data leak involving more than half of all American householdsWindows Insiders are already finding that their systems won't update to the May 2019 feature update.United Airlines passengers have noticed and been understandably upset by seatback cameras pointing at them.We invite you to read our show notes at https://www.grc.com/sn/SN-712-Notes.pdf Hosts: Leo Laporte and Steve Gibson Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery...

Top Security Stories this Week:Google uses its "sensorvault" to help catch the bad guys.Time to update Drupal again.Facebook steals users' email contact lists, logs plaintext Instagram passwordsRussia moves closer to adopting "Internet Master Cutoff Switch" legislation.A reminder that "USB Killers" are a real thing.Marcus Hutchins' plea dealA new(ish) actively exploited Windows 0-dayA bunch of Microsoft Edge newsWindows 7 end-of-life noticesSomething from the "I did say this was bound to happen" departmentDetailed threat research from Cisco's Talos group about the leveraging of DNS espionage.We invite you to read our show notes at https://www.grc.com/sn/SN-711-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance...

DragonBlood: the first effective attack on the new WPA3 protocolMalicious use of the URL tracking "ping" attributeThe WinRAR NightmareMore 3rd-party A/V troubles with MicrosoftWhat good did April's patch Tuesday accomplish?Adobe 's big patch TuesdayGoogle considering automatically blocking "high risk" downloadsRussia's Roskomnadzor finally lowers the boom on FacebookThe incredible Taj Mahal APT framework Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Wasabi.com offer code SecurityNow go.itpro.tv/securitynow promo code SN30 WordPress.com/securitynow