• Ransomware hits schools, hospitals, and hearing aid manufacturers
• Sodinokibi: the latest advances in Ransomware-as-a-Service
• Win7 Extended Security Updates are extended
• A new Nasty 0-Day RCE in vBulletin
• There's a new WannaCry in town

We invite you to read our show notes at https://www.grc.com/sn/SN-735-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• Melissa.com/twit
• WWT.COM/TWIT
• ZipRecruiter.com/securitynow

This Week's Stories

• The latest state-of-the-art secure solutions for cross-device, cross-location device synchronization
• Mozilla's recently announced plans to gradually and carefully bring DNS-over-HTTPS to all Firefox users in the US
• The EFF weighs in on DNS-over-HTTPS
• The 100% free VPN offering coming from our friends at Cloudflare

We invite you to read our show notes at https://www.grc.com/sn/SN-734-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• FreshBooks.com/securitynow
• securitynow.cachefly.com
• LastPass.com/twit

This Week's Stories:

• Cryptomining makes a comeback
• The top three most attacked ports
• Small office/home office (SOHO) routers and wireless access points: "SOHOpelessly Broken"
• Chrome gets an emergency update, to 77.0.3865.90
• 2019 CWE Top 25 Most Dangerous Software Errors

We invite you to read our show notes at https://www.grc.com/sn/SN-733-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• ZipRecruiter.com/securitynow
• Wasabi.com offer code SecurityNow
• expressvpn.com/securitynow

This Week's Stories

• SIMjacker allows attackers to hijack any phone just by sending it an SMS message.
• Here comes iOS "Lucky" 13!
• Chrome follows Mozilla to DoH with a twist.
• Want to enable DoH in Chrome right now? You can, right now, if you wish.
• Chrome stops showing Extended Validation certs in the URL bar.
• Mozilla launches 'Firefox Private Network' VPN service as a browser extension.
• Windows Patch Tuesday redux
• Chrome Remote Desktop
• EXIM eMail servers are in trouble again.

We invite you to read our show notes at https://www.grc.com/sn/SN-732-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• WWT.COM/TWIT
• thehelm.com/SECURITYNOW
• go.itpro.tv/securitynow promo code SN30

This week's stories:

• Get rich quick spotting deepfakes!
• A forced two-day recess of all schools in Flagstaff, Arizona
• The case of a ransomware operator being too greedy
• Apple's controversial response to Google's discovery of Chinese iOS hacks
• Zerodium's new payout schedule and what it might mean.
• The final full public disclosure of BlueKeep exploitation code
• Serious PHP flaws, some potentially serious flaws found

We invite you to read our show notes at https://www.grc.com/sn/SN-731-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• canary.tools/twit - use code: TWIT
• FreshBooks.com/securitynow
• redhat.com/heroes

This Week's Stories:

• Google expands its bug bounty program
• New bug bounty millionaires
• Google's Project Zero group dropped a bomb on iOS
• Ransomware attacks on local governments and businesses are on the rise

We invite you to read our show notes at https://www.grc.com/sn/SN-730-Notes.pdf

If you're in Boston on October 3rd, join LastPass and TWiT.tv for the Cybersecurity & Identity Trends, Unlocked event. Sign up at http://twit.to/unlocked

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• securitynow.cachefly.com
• LastPass.com/twit
• ZipRecruiter.com/securitynow

• Texas Ransomware Update
• Remember that Kazakhstan cert?
• The mixed-blessing of "wide open" source projects
• RubyGems is in trouble again
• Chrome to add data breach notification
• iOS v12.4 updated quickly to 12.4.1
• Next-gen ad privacy

We invite you to read our show notes at https://www.grc.com/sn/SN-729-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• expressvpn.com/securitynow
• Wasabi.com offer code SecurityNow
• WWT.COM/TWIT

• Last Tuesday was another busy and important patch Tuesday
• And speaking of Patch Tuesday... 3rd-Party A/V Strikes Again!
• Kaspersky facilitates independent web tracking
• So, what the heck is "CTF"?
• 23 Government agencies in Texas were hit with a well-coordinated ransomware attack last Friday, August 16th
• RIP, EV: The coming demise of Extended Validation (EV) certificates
• And... So long FTP!
• HTTP/2 goes to the Movies
• "The KNOB is Broken: Exploiting Low Entropy in the Encryption Key Negotiation Of Bluetooth BR/EDR"

We invite you to read our show notes at https://www.grc.com/sn/SN-728-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• thehelm.com/SECURITYNOW
• netscout.com

This Week's Stories

• BlackHat and Def Con 2019
• Microsoft dangles $300,000 for Azure hacks at BlackHat...
• Hotel chaos from Germany's Chaos Computer Club
• 40 dangerous drivers
• Google's battle to allow its Incognito users' Incognitoness to be Incognito
• Microsoft ranks the industry's top bug hunters
• Apple bumps its bounties

We invite you to read our show notes at https://www.grc.com/sn/SN-727-Notes.pdf

Hosts: Steve Gibson and Jason Howell

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• go.itpro.tv/securitynow promo code SN30
• WWT.COM/TWIT
• canary.tools/twit - use code: TWIT

This week's stories
• A widespread false alarm about Facebook's planned subversion of end-to-end encryption
• Still more municipality Ransomware attacks
• Anti-encryption saber rattling among the Five Eyes nations
• Microsoft's discovery of Russian-backed IoT compromise
• Chrome 76's changes
• Black Hat and Def Con preview
• The challenge of synchronizing a working set of files between two locations

We invite you to read our show notes at https://www.grc.com/sn/SN-726-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• LastPass.com/twit
• securitynow.cachefly.com
• netscout.com