• DragonBlood: the first effective attack on the new WPA3 protocol• Malicious use of the URL tracking "ping" attribute• The WinRAR Nightmare• More 3rd-party A/V troubles with Microsoft• What good did April's patch Tuesday accomplish?• Adobe 's big patch Tuesday• Google considering automatically blocking "high risk" downloads• Russia's Roskomnadzor finally lowers the boom on Facebook• The incredible Taj Mahal APT framework Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Wasabi.com offer code SecurityNow go.itpro.tv/securitynow promo code SN30 WordPress.com/securitynow

This Week's StoriesYet another capitulation in the (virtually lost) battle against tracking our behavior on the Internet with URL "ping" tracking.UK government's plan to legislate, police and enforce online social media contentMicrosoft's Chromium-based Edge browser's securityImprovements to Windows 10's update managementNews from the "spoofing biometrics" departmentThe worrisome state of Android mobile financial appsNSA's GHIDRA software reverse engineering tool suitePerhaps the dumbest thing Facebook has done yet (and by policy, not by mistake)An important change in Win10 1809 external storage caching policy Hosts: Jason Howell and Steve Gibson Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite...

Android Security, 10 Years LaterWinRAR, a 20+ Year Old Tool With 500M Users, Acknowledged VulnerabilityRussian GPS Hacking and What It Means For UsAndroid's April Fools Day PatchesTesla Autopilot SpoofingThe ASUS "ShadowHammer" AttackWindows 10 (last) October 2018 UpdateA VMware UpdateWe invite you to read our show notes at https://www.grc.com/sn/SN-708-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: LastPass.com/twit securitynow.cachefly.com FreshBooks.com/securitynow

Results of the much anticipated Mid-March Vancouver Pwn2Own competitionThe return of "Clippy", Microsoft's much-loathed dancing paperclipOperation "ShadowHammer" which reports say compromised ASUS (... but did it?)The ransomware attack on Norsk Hydro aluminumThe surprise renaming of Windows DefenderA severe bug revealed in the most popular PDF generating PHP libraryAn early look at Microsoft's forthcoming Chromium-based web browserHope for preventing caller ID spoofingA needed update for users of PuTTYMozilla's decision to conditionally rely upon Windows' root storeMicrosoft to offer virtual Windows 7 and 10 desktops through AzureDetails of the Windows 7 End of Life warning dialogue Hosts: Leo Laporte and Steve Gibson Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk...

Last week's Patch Tuesday March MadnessWin7 SHA256 Windows Update... UpdateMany attacks leveraging the recently discovered WinRAR vulnerabilityWhat happens when Apple, Google, and GoDaddy all drop a bit?A big recent jump in Mirai Botnet CapabilityCompromised Counter-Strike gaming serversPrivacy enhancements coming in Android QA pair of very odd web browser extensions for Chrome and Firefox from MicrosoftA VERY exciting and encouraging project to create an entirely open eVoting system Hosts: Leo Laporte and Steve Gibson Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: ZipRecruiter.com/securitynow Sophos.com canary.tools/twit - use code: TWIT

0-day exploitbidding warNSA releases Ghidra v9Firefox adds Tor privacyA pair of nasty 0-daysA worrisome breach at CitrixThe risk of claiming to be an unhackable aftermarket car alarmA new and interesting "Windows developers chatting with users" idea at MicrosoftA semi-solution to Windows updates crashing systemsDetailed news of the Marriott/Starwood breach, a bit of miscellany fromSPOILER: Another new and different consequence of speculation on Intel machines.We invite you to read our show notes at https://www.grc.com/sn/SN-705-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: FreshBooks.com/securitynow Atlassian.com/IT go.itpro.tv/securitynow promo code...

The increasing feasibility of making a sustainable career out of hunting for software bugsA newly available improvement in Spectre mitigation performance and who can try it nowAdobe's ColdFusion emergency and patch,More problems with A/V and self-signed certsA Docker vulnerability being exploited in the wildThe end of CoinhiveA new major Wireshark releaseA nifty web browser website screenshot hackContinuing troubles with the over-privileged Thunderbolt interfaceBot-based credential stuffing attacksWe invite you to read our show notes at https://www.grc.com/sn/SN-704-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite...

A number of ongoing out-in-the-wild attacks Another early-warned Drupal vulnerability A 19-year old flaw in an obscure decompress for the "ACE" archive formatMicrosoft reveals an abuse of HTTP/2 protocol which is DoSing its IIS servers.Mozilla faces a dilemma about a wanna-be Certificate Authority and they also send a worried letter to Australia. Microsoft's Edge browser is revealed to be secretly whitelisting 58 web domains which are allowed to bypass its "Click-To-Run" permission for Flash.ICANN renews its plea for the Internet to adopt DNSSEC.NVIDIA releases a handful of critical driver updates for Windows.Apple increases the intelligence of it's Intelligent Tracking Prevention.We invite you to read our show notes at https://www.grc.com/sn/SN-703-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes...

Last week's doozy of a patch Tuesday for both Microsoft and AdobeAn interesting twist coming to Windows 7 and Server 2008 security updates Eight mining apps pulled from the Windows StoreAnother positive security initiative from GoogleElectric scooters being hackedChipping away at Tor's privacy guaranteesA year and a half after Equifax, and where's the data?The beginnings of GDPR-like legislation for USAn extremely concerning new and emerging threat for the InternetWe invite you to read our show notes. Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: WordPress.com/securitynow canary.tools/twit - use code: TWIT Wasabi.com offer code SecurityNow

Apple's mostrecent v12.1.4 iOS update and the two 0-day vulnerabilities it closedWorrisome new Android image-display vulnerabilityAn interesting "reverse RDP" attackThe new LibreOffice & OpenOffice vulnerabilityMicrosoft's research into the primary source of software vulnerabilitiesMaryJo gets an early peek at enterprise pricing for extending Windows 7 supportChina and Russia continue their work to take control of their countries' InternetFirefox's resumption of its A/V warning in release 65.How Google does the Cha-Cha with their new "Adiantum" ultra-high-performance cryptographic cipher.We invite you to read our show notes. Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite...