SN 947: Article 45 - Citrix Bleed update, Ace Hardware cyberattack, Bitwarden get Passkeys
11/07/23 • 133 min
- Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key
- A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix
- Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable
- Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity
- CVSS version 4 released with new metrics for better granularity and clarity of vulnerability scores
- Ace Hardware suffered a cyberattack impacting servers and systems
- Google abandons controversial "Web DRM" proposal to let sites restrict browser extensions
- Analysis of "BadCandy" malware infecting vulnerable Cisco routers
- Bitwarden password manager adds support for FIDO2 passkeys in browser extension
- Rescuing a severely degraded SSD and bringing it back to life with SpinRite
- Feedback from listeners on IPv6 adoption, factors for choosing crypto primes, installing Windows 11, and more
- The brewing battle in the EU over proposed eIDAS regulation Article 45 that could ban security checks on root certificates and undermine encrypted web traffic
Show Notes - https://www.grc.com/sn/SN-947-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
- Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key
- A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix
- Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable
- Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity
- CVSS version 4 released with new metrics for better granularity and clarity of vulnerability scores
- Ace Hardware suffered a cyberattack impacting servers and systems
- Google abandons controversial "Web DRM" proposal to let sites restrict browser extensions
- Analysis of "BadCandy" malware infecting vulnerable Cisco routers
- Bitwarden password manager adds support for FIDO2 passkeys in browser extension
- Rescuing a severely degraded SSD and bringing it back to life with SpinRite
- Feedback from listeners on IPv6 adoption, factors for choosing crypto primes, installing Windows 11, and more
- The brewing battle in the EU over proposed eIDAS regulation Article 45 that could ban security checks on root certificates and undermine encrypted web traffic
Show Notes - https://www.grc.com/sn/SN-947-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
Previous Episode
SN 946: CitrixBleed - iMessage Contact Key Verification, HackerOne bug bounty news, CISA's Logging Made Easy
- What caused last week's connection interruption? Router was rebooting intermittently, but why?
- David Redekop of AdamNetworks explained their enterprise network security solution aims to only allow known safe connections, blocking everything else.
- iMessage gets Contact Key Verification to confirm new devices added to an account belong to the contact.
- Public Interest Research Group asks Microsoft to extend Windows 10 support beyond 2025.
- HackerOne breach bounties surpass $300M total payout.
- CISA releases free Logging Made Easy toolkit to enhance Windows logging capabilities.
- SpinRite 6.1 pre-release 2 published, likely final pre-release with some testing remaining before full launch.
- Moving the Internet fully to IPv6 likely won't happen until IPv4 addresses are fully consumed.
- Open source projects struggle with costly code signing certificates.
- Deep dive into CitrixBleed vulnerability allowing authentication bypass.
Show Notes - https://www.grc.com/sn/SN-946-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
Next Episode
SN 948: What if a Bit Flipped? - Privacy Badger, Downfall, OpenVPN, Windshield Barnacle, Article 45
- Privacy Badger blocks trackers on news sites and prevents browser exposure to unwanted domains like TikTok and Datadog.
- No major updates on EU's controversial Article 45 in eIDAS 2.0. Industry pushback continues as implementation would threaten encryption.
- Cryptocurrency exchange Poloniex lost $130M in a hot wallet hack, the 14th largest crypto theft.
- Decentralized finance platform Raft lost $3.3M due to an exploit.
- Crook operated website iotaseed.io to generate wallet seed phrases, then recorded and stole them.
- New Intel processor vulnerability called Downfall leaks encryption keys and sensitive data between users on shared systems.
- Russia moves to formally ban all VPN use in the country.
- Two new flaws found in OpenVPN software, one allowing memory access.
- SpinRite development paused as DOS and Windows versions are complete.
- Understanding assembly language helps malware analysis and exploit development, but high-level decompilers also useful.
- Quantum-safe symmetric cryptography is limited compared to asymmetric crypto.
- EU's Article 45 allows transparent decryption and traffic interception, supposedly for security purposes.
- "Windshield Barnacle" parking enforcement device uses suction cups and 1000 lbs of force to immobilize vehicles until parking tickets are paid.
- Sci-fi book series Aeon 14 by M.D. Cooper offers fun military space opera adventure.
- 27-year-old theoretical crypto attack now shown practical. Passive network observers can steal SSH RSA keys if faulty signature generated, allowing impersonation.
Show Notes - https://www.grc.com/sn/SN-948-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/security-now-audio-297831/sn-947-article-45-citrix-bleed-update-ace-hardware-cyberattack-bitward-39748779"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to sn 947: article 45 - citrix bleed update, ace hardware cyberattack, bitwarden get passkeys on goodpods" style="width: 225px" /> </a>
Copy