Picture of the Week. Multiple Exploitable Samsung 0-Days. A good idea for NPM. The TikTok Tick Tock. Google pushes for 90-day TLS certificate life. CHESS is safe. CISA has begun scanning! Flying Trojan Horses. Show Notes: https://www.grc.com/sn/SN-915-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit GO.ACILEARNING.COM/TWIT expressvpn.com/securitynow

Picture of the Week. Another Malicious Chrome Extension. Germany to join the Huawei & ZTE ban. Putting "phishing" into perspective. The Polynonce attack. Plex's RCE now in CISA's KEV. Sci-Fi: Andor. Sony Sues Quad9. Show Notes: https://www.grc.com/sn/SN-914-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: fortra.com bitwarden.com/twit plextrac.com/twit

Picture of the Week. DDoS'ing Fosstodon. DDoS for Hire takedowns. TikTok Insanity. Illegal Warrantless Surveillance. Strategic Objective 3.3. GitHub Secret Scanning. CISA's Covert Red-Team. What's left? What's old is new again. TCG TPM vulnerabilities. WordPress "All In One SEO". Russia fines Wikipedia. A Fowl Incident. Show Notes: https://www.grc.com/sn/SN-913-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT drata.com/twit kolide.com/securitynow

Picture of the Week. Windows 11? ... anyone? As Plain as Ever. Edge's new built-in VPN? LastPass Incident Update. Signal says NO to the UK. More PyPI troubles. The QNAP bug bounty program. SpinRite. The NSA @ Home. Show Notes: https://www.grc.com/sn/SN-912-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsor: kolide.com/securitynow

GoneDaddy, Section 230, NPM malware, Hyundai Kia mess, Meta Verified Picture of the Week. GoneDaddy. Section 230. No Blue, No SMS-based 2FA. Bitwarden gets Argon. "Meta Verified". Emsisoft Fake Code Signing. Attacks breaking records. More Mirai. NPM malware. Patch Tuesday. Samsung announces "Message Guard". The Hyundai & Kia mess. A Clever Regurgitator. Show Notes https://www.grc.com/sn/sn-911-notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit GO.ACILEARNING.COM/TWIT