Security This Week is a podcast for those curious about recent IT security breach events, what they mean, how they were achieved, and how to prevent similar attacks from happening to you.


Episodes

Search Shows:  
VPN Not Working? As Designed. (164)
Sunday, November 24, 2024
Fortinet VPN design flaw hides successful brute-force attacks

Ding Dong! Sexstortion Lady! (163)
Sunday, November 17, 2024
Ruthless sextortion scammers now threatening to show up at your house

What, No Brie? (162)
Sunday, November 10, 2024
Schneider Electric ransomware crew demands $125k paid in baguettes

Same To You, Roomba! (161)
Sunday, November 3, 2024
Hacked U.S. robot vacuums are yelling racial slurs and chasing pets!

Hey MacOS, your Fly is Down! (160)
Sunday, October 27, 2024
https://thehackernews.com/2024/10/microsoft-reveals-macos-vulnerability.html

No, you may NOT borrow my lighter! (159)
Sunday, October 20, 2024
Hacking with a BBQ Lighter: The Unlikely Method to Gain Laptop Access

Never Give your Mom a Lamborghini! (158)
Sunday, October 13, 2024
Lamborghini Carjackers Lured by $243M Cyberheist

Your Favorite Developer Package Doesn't Exist! (157)
Sunday, October 6, 2024
Large language models hallucinating non-existent developer packages could fuel supply chain attacks

Your Linux System May Kill You. Film at 11. (156)
Sunday, September 29, 2024
Severe Unauthenticated RCE Flaw (CVSS 9.9) in GNU/Linux Systems Awaiting Full Disclosure

The Next Device to Explode (155)
Sunday, September 22, 2024
New Details of Hezbollah Exploding Pagers' Supply Chain Emerge

Screens Spill the Beans (154)
Sunday, September 15, 2024
New PIXHELL acoustic attack leaks secrets from LCD screen noise

Free Flight Crew Passes for All My Friends! (153)
Sunday, September 8, 2024
Researchers find SQL injection to bypass airport TSA security checks

Windows Un-Patched? (152)
Sunday, September 1, 2024
Windows Downdate tool lets you 'unpatch' Windows systems

Is RFID Broken? (151)
Sunday, August 25, 2024
Major Backdoor in Millions of RFID Cards Allows Instant Cloning

Don't Click Anything! (150)
Sunday, August 18, 2024
Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now

Thieves Return Stolen Booty for Reward! (149)
Sunday, August 11, 2024
Ronin Network hacked, $12 million returned by "white hat" hackers

Move Over, Diamonds: GitHub is Forever! (148)
Sunday, July 28, 2024
Deleted GitHub data is forever accessible to anyone, researchers claim

Fly Much? (147)
Sunday, July 21, 2024
We have a lot to say about last week's CrowdStrike incident

Russia Caught Red-Handed Spreading Lies on X! (146)
Sunday, July 14, 2024
US Disrupts AI-Powered Russian Bot Farm on X

Screw you guys, I'm archiving my repo! (145)
Sunday, July 7, 2024
Dev rejects CVE severity, makes his GitHub repo read-only

AI Jailbreaking is Real! (144)
Sunday, June 30, 2024
Mitigating Skeleton Key is a new type of generative AI jailbreak technique

Microsoft Recall Recalled? (143)
Sunday, June 23, 2024
Microsoft Delays AI-Powered Recall Feature for Copilot+ PCs Amid Security Concerns

Too Busy Shipping to Lock the Door! (142)
Sunday, June 16, 2024
Microsoft Ignored Whistleblower Warnings Before SolarWinds Attack

Is Windows Recall Safe? (141)
Sunday, June 9, 2024
Hacker Tool Extracts All the Data Collected by Windows’ New Recall AI

Zoom Invents Time Machine. Film at 11. (140)
Sunday, June 2, 2024
Zoom adds 'post-quantum' encryption for video nattering

Microsoft AI. Secure? (139)
Sunday, May 26, 2024
Hear about what Carl learned about AI Security while at Microsoft Build in Seattle last week.

WiFi Hacked Again! (138)
Sunday, May 19, 2024
New WiFi Flaw Leaves All Devices Vulnerable to ‘SSID Confusion’ Attacks

Is Your Software USDA Approved? (137)
Sunday, May 12, 2024
The US Government Is Asking Big Tech to Promise Better Cybersecurity

Is DropBox Done? (136)
Sunday, May 5, 2024
An SEC security breach filing has us wondering!

AI Attacks! (135)
Sunday, April 28, 2024
GPT-4 Can Exploit Most Vulns Just by Reading Threat Advisories

The Last Pass for LastPass? (134)
Sunday, April 21, 2024
Hackers targeted LastPass employee in failed deep fake CEO call.

Hey Microsoft, is your House Clean? (133)
Sunday, April 14, 2024
Microsoft employees exposed internal passwords in security lapse

State Hackers Blow up Red Hat Linux from the Inside! (132)
Sunday, April 7, 2024
Red Hat warns of backdoor in XZ tools used by most Linux distros

Dyslexic Vampire Sends Rogue iMessages! (131)
Sunday, March 31, 2024
New Darcula phishing service targets iPhone users via iMessage

They can hear what you're typing! (130)
Sunday, March 24, 2024
New acoustic attack determines keystrokes from typing patterns

TikTok. Time's a Wastin! (129)
Sunday, March 17, 2024
House passes bill that would ban TikTok if its Chinese owners don't sell the popular app.

Repo Man Confused. Film at 11. (128)
Sunday, March 10, 2024
Over 100,000 Infected Repos Found on GitHub!

Is C# Dead? (127)
Sunday, March 3, 2024
White House urges devs to switch to memory-safe programming languages

Is Your AI Writing Rubber Checks? (126)
Sunday, February 25, 2024
Air Canada must honor refund policy invented by airline’s chatbot

Hey Canada, Where's My Car? (125)
Sunday, February 18, 2024
Canada to ban the Flipper Zero to stop surge in car thefts

Spoutible Exposes Sensitive User Data! (124)
Sunday, February 11, 2024
At least the API was thorough!

The Mother of All Breaches! (123)
Sunday, January 28, 2024
Mother of all breaches reveals 26 billion records!

Is Bitcoin no longer anonymous? (122)
Sunday, January 21, 2024
How a 27-year-old busted the myth of Bitcoin’s anonymity

Kerberos Bug Fixed! Film at 11! (121)
Sunday, January 14, 2024
Microsoft fixes critical flaws in Windows Kerberos, Hyper-V

PornHub Complaining Again (120)
Sunday, January 7, 2024
PornHub blocks North Carolina, Montana over new age verification laws

Ultimate Job Interview Fail! (119)
Sunday, December 31, 2023
Blockchain dev's wallet emptied in "job interview" using npm package

Yes, Virginia, They ARE Listening to You (118)
Sunday, December 24, 2023
Marketing Company Claims That It Actually Is Listening to Your Phone and Smart Speakers to Target Ads

WordPress... WTF! (117)
Sunday, December 17, 2023
50K WordPress sites exposed to RCE attacks by critical bug in backup plugin

Got LogoFAIL? You're Screwed! (116)
Sunday, December 10, 2023
LogoFAIL exploit bypasses hardware and software security measures and is nearly impossible to detect or remove

Is Your iPhone Exploiting You? (115)
Sunday, December 3, 2023
Last week there was a scare about the NameDrop feature in iOS 17. What's the real story?

What's wrong with Password123? (114)
Sunday, November 26, 2023
The guys check out a list of the top 200 most common passwords used all over the world.

Apparently Crime Pays! (113)
Sunday, November 19, 2023
Fraudsters make $50,000 a day by spoofing crypto researchers

OpenAI Goes Down. Film at 11 (112)
Sunday, November 12, 2023
OpenAI confirms DDoS attacks behind ongoing ChatGPT outages

Who's That Knocking at Your Windows? (111)
Sunday, November 5, 2023
Researchers Find 34 Windows Drivers Vulnerable to Full Device Takeover

Revenge of the Windows Phone! (110)
Sunday, October 29, 2023
Windows Phone gets revenge on YouTube from the grave by helping users bypass its ad-blocker-blocker

Elmer Fudd Shoots Linux! (109)
Sunday, October 15, 2023
'Looney Tunables' Bug Opens Millions of Linux Systems to Root Takeover

Red Cross Tells Cyber Villains to Play Nice (108)
Sunday, October 8, 2023
Red Cross issues rules of engagement to war-focused hacker groups, who say 'yeah, right!'

NFT Updates! Get the latest! (107)
Sunday, October 1, 2023
This just in: NFTs are...

Need Security? AI to the Rescue... NOT (106)
Sunday, September 17, 2023
AI’s Pivotal Role in Addressing APAC’s Cybersecurity Talent Shortage

Fish and Chips With a Side of Mass Surveillance (105)
Sunday, September 10, 2023
The UK Is Poised to Force a Bad Law on the Internet

DMARC My Words! Email Will Be Spoofed! (104)
Sunday, August 27, 2023
Take a nod from Microsoft, whose misconfigured DNS caused Hotmail to crash

Is Zoom Safe to Use? (103)
Sunday, August 20, 2023
Zoom basically admits that they can do whatever they want with your video, audio, chat, and other information.

To Moq or Not to Moq (102)
Sunday, August 13, 2023
TBA

US Senator Wyden Accuses Microsoft of ‘Cybersecurity Negligence’ (101)
Sunday, August 6, 2023
Redmond is accused of “negligent cybersecurity practices” that enabled a successful Chinese hack of the United States government.

Russia Sends Cybersecurity CEO to Jail for 14 Years! (100)
Sunday, July 30, 2023
It sucks to be a smart Russian right now.

Oops! I Sent a Military Email to Mali Again (99)
Sunday, July 23, 2023
‘Millions’ of sensitive US military emails were reportedly sent to Mali due to a typo

Didn't Get the iPhone Security Patch Notification? (98)
Sunday, July 16, 2023
Carl and Duane discover that they did NOT get a notification about the two critical security patches for iOS devices released last week!

Patch your Mastodon Server Toot-Sweet! (97)
Sunday, July 9, 2023
Critical TootRoot bug lets attackers hijack Mastodon servers

Whadya mean, Apple has security issues!? (96)
Sunday, July 2, 2023
Update now! Apple fixes three actively exploited vulnerabilities

Bakery says "Don't Eat Our Cookies!" (95)
Friday, June 23, 2023
Google Tells Employees to Stay Away from Its Own Bard Chatbot

Security Best Practices for Developers (94)
Sunday, June 18, 2023
Carl, Patrick, and Duane welcome Jeremy Likness (Microsoft) to talk about the short list of security measures every software developer needs to know.

A Nail in the Coffin for KeePass Password Manager (93)
Saturday, June 10, 2023
KeePass v2.54 fixes bug that leaked cleartext master password

Ring Ring! Amazon Privacy Lawsuits Calling! (92)
Saturday, June 3, 2023
Amazon to pay over $30 million in FTC settlements over Ring, Alexa privacy violations

China wants your WiFi Router! (91)
Friday, May 26, 2023
Malware turns home routers into proxies for Chinese state-sponsored hackers. Should you be concerned?

Can GPT Read Your Mind? (90)
Saturday, May 6, 2023
Scientists Use GPT AI to Passively Read People's Thoughts in Breakthrough

AI Used for Evil. Film at 11 (89)
Saturday, April 29, 2023
Ariz. Mom Says Daughter's Voice Was Cloned with AI in $1 Million Kidnapping Hoax!

Be Careful where you Stick your Dongle (88)
Saturday, April 22, 2023
The FBI says you should never use the charging port at an airport!

Florida Man or FTX Guy. Who's the Bigger Dope? (87)
Saturday, April 15, 2023
Florida Man drops to #2 on the dope list!

Garage Door Opener Opens the Door! (86)
Saturday, April 8, 2023
Disconnect it now!!

Twitter Source Code Leaked on Github! (85)
Saturday, April 1, 2023
Just when Elan Musk thought he was in control...

Bitcoin ATMs Hacked for $1.5 Million (84)
Saturday, March 25, 2023
Hackers drain bitcoin ATMs of $1.5 million by exploiting zero-day bug

How Likely is a TikTok Ban? (83)
Saturday, March 18, 2023
The US wants to ban TikTok. How likely is this to happen, and what are the consequences?

Uh Oh. Bitwarden has a Security Flaw! (82)
Saturday, March 11, 2023
Hackers might be able to crack this top password manager and steal your logins!

Holy Crap! My Fridge is on TikTok! (81)
Saturday, March 4, 2023
Carl is horrified at how hackable your smart TV actually is!

Twitter is NOT SECURE! (80)
Saturday, February 25, 2023
Twitter is removing an essential security feature, putting millions of accounts at risk.

The Sushi Terrorist (79)
Saturday, February 18, 2023
Now you HAVE to listen, don't you?

Duane says this ESXi exploit is "awesome!" (78)
Saturday, February 11, 2023
So, you better pay attention to it!

The Cyberwar Intensifies (77)
Saturday, February 4, 2023
Russia targets Windows domains in Ukraine, ratcheting up tensions that are spilling over into the physical war.

Beware of Lightbulbs Sending DNS Requests (76)
Saturday, January 28, 2023
Learn how China may be spying on you via 'smart' devices.

You might have to fight a Gorn! (75)
Saturday, January 21, 2023
More news about password managers, MSI secure boot woes, Cacti, Cisco, and the differences between Picard and Kirk.

Who Can We Trust with our Passwords? (74)
Saturday, January 14, 2023
Following up on last week's show, we look at alternatives to LastPass

LastPass Leak Update! (73)
Saturday, January 7, 2023
Since Christmas, some new information has come out about the latest LastPass leak.

Bad Santas with a Side of LastPass Hash (72)
Sunday, December 25, 2022
A mom got booted from the Radio City Music Hall due to facial recognition. Oh yeah, LastPass hackers actually stole keys

Duane's Neighbor Busted in Russian Spy Ring! (71)
Sunday, December 18, 2022
No joke!

Attack of the AI Chat Bot! (70)
Sunday, December 11, 2022
Yes, it's fascinating, but it's also dangerous!

Oops! LastPass Got Breached Again (69)
Sunday, December 4, 2022
LastPass got breached. What you need to know.

Government go for security. No get. (68)
Saturday, November 12, 2022
US Federal Network Hacked. Doh!

Beware of Mastodons Bearing Gifts (67)
Saturday, November 5, 2022
Mastodon Users are Vulnerable to Password-Stealing Attacks!

Security Scanner Leaks Data! (66)
Saturday, October 29, 2022
When your anti-malware app makes public everything you own in the cloud!

Beware of Geek Squad Scams (65)
Saturday, October 22, 2022
The Geek Squad is a great service. The brand is being exploited, and non-techy people are vulnerable!

Hackers Get Hacked! (64)
Saturday, October 15, 2022
A vulnerability was discovered in popular hacking software that exposes the hackers!

Samsung Phones go Boom! (63)
Saturday, October 8, 2022
Got an old Samsung phone sitting around? You might want to listen to this.

When you Least Expect it, Expect it! (62)
Saturday, October 1, 2022
Criminals are hiding messages in pictures and videos!

The Need for Speed (61)
Saturday, September 24, 2022
17-year-old Uber Hacker Brags Online and gets Nabbed PDQ.

Hate group gets hacked and complains about it (60)
Saturday, September 17, 2022
Kiwi Farms has been breached; assume passwords and emails have been leaked

It's Uber time. Do you know where your teenager is? (59)
Saturday, September 10, 2022
Uber computer systems breached by ‘teen’ in major security alert

Conti Members Strike Back! (58)
Saturday, September 3, 2022
Former Conti ransomware members are allegedly regrouping to attack Ukraine

Watch out for that Galaxy! (57)
Saturday, August 27, 2022
A hacker has been using an image taken by the James Webb Space Telescope to load malware onto Windows computers.

Uninstall TikTok Now! (56)
Saturday, August 20, 2022
TikTok can monitor users’ keystrokes, and could collect passwords, and credit card info, researcher claims

When SMS Attacks (55)
Saturday, August 13, 2022
If you get a constant barrage of SMS messages asking you to confirm a login, you may have already been hacked.

We Don't Know How Bad It Really Is (54)
Saturday, August 6, 2022
New vulnerabilities are making experts wonder how many are yet to be discovered.

Microsoft Comes to Their Senses (53)
Saturday, July 30, 2022
Microsoft did a 180 and blocked Office macros, but is it enough?

Happy Anniversary! (52)
Saturday, July 23, 2022
Security This Week published its first show one year ago yo the day.

Has Microsoft Lost Their Mind? (51)
Saturday, July 16, 2022
Microsoft rolls back the decision to block Office macros by default! WTF!

Apple Lockdown Mode is Coming! (50)
Saturday, July 9, 2022
Apple announced that a new security feature known as Lockdown Mode will roll out with iOS 16, iPadOS 16, and macOS Ventura to protect high-risk individuals against targeted spyware attacks.

Where's Udi? (49)
Saturday, July 2, 2022
Users of the Strava running app can use fake routes to track other users wherever they are!

Knocking RSocks Off! (48)
Saturday, June 18, 2022
The FBI disrupted a Russian botnet after it hacked millions of devices, and that's not even the scariest story of the week!

BLTCoin: Sandwich-based currency (47)
Saturday, June 11, 2022
Local high-tech crime units are tracking and seizing stolen cryptocurrency

The Office they Come, the Protocol they Fall (46)
Saturday, June 4, 2022
The big story this week involves a massive zero-day vulnerability in Microsoft Office.

Hat Colors Explained (45)
Saturday, May 28, 2022
Duane and Patrick school Carl on what hacker hat colors mean

Space Pirates Attack! (44)
Saturday, May 21, 2022
Chinese Space Pirates are hacking Russian aerospace firms. Film at 11.

Beware Thy Neighbor! (43)
Saturday, May 14, 2022
Sometimes your neighbors infringe on your rights. The same thing happens in multi-tenant systems. All will be explained.

Is Cheating at Gaming a Gateway Drug? (42)
Saturday, May 7, 2022
If you want to see the next generation of hackers, consider monitoring the gaming cheats industry

The Game that Takes Down Russia (41)
Saturday, April 30, 2022
You can play a game that, when you play it, will help take down Russian websites.

To Quantum and NOT to Quantum (40)
Saturday, April 23, 2022
Schrödinger's cat is dead! Or is it?

Windows Patch Tuesday (39)
Saturday, April 16, 2022
Microsoft patched 120+ Windows flaws last week!

Google says Oops! (38)
Saturday, April 9, 2022
Last week, Google sent a security patch to 3.2 billion users of Chrome

Springtime brings a Spring Vulnerability (37)
Saturday, April 2, 2022
A new vulnerability in the Spring framework, a tool for programmers, may become the new Log4J

What's in a Password? (36)
Saturday, March 26, 2022
Is a longer password with numbers, lower and uppercase letters, and symbols harder to hack?

Russia and Facebook Cancel Each Other (35)
Saturday, March 19, 2022
Facebook blocked Russia right after Russia blocked Facebook

Watch out for the Dirty Pipe! (34)
Saturday, March 12, 2022
As the kinetic war (and cyberwar) between Ukraine and Russia marches on, a new Linux exploit wreaks havoc on all Linux (and therefore Android) systems. Patch it!

Hackers Get Involved! (33)
Saturday, March 5, 2022
As Russia wages war on Ukraine, we see stories emerging of hacking groups on both sides joining the cyberwar.

No News This Week (just kidding) (32)
Saturday, February 26, 2022
Russia, Ukraine, Ransomware, and you.

Verify! Verify! Verify! (31)
Saturday, February 19, 2022
Many scammers can be foiled by asking a simple question.

Macros Shmacros! (30)
Saturday, February 12, 2022
This week, Microsoft got around to disabling Internet macros in Office apps by default. Brilliant!

Hacker Takes down North Korea's Internet in his Pajamas (29)
Saturday, February 5, 2022
Why North Korea's Internet was wearing the hacker's pajamas we'll never know!

What if you lost your phone? (28)
Saturday, January 29, 2022
Prepare for the prospect that someday your phone may be lost or stolen.

From Russia, with Love (27)
Saturday, January 22, 2022
Looks like Russia is hacking Ukraine. Who knew?

Hoisted by their own Petard (26)
Saturday, January 15, 2022
Last week cyberspies infected themselves with their own malware

Pull up your Breaches! (25)
Saturday, January 8, 2022
You will be a breach victim sooner or later. If you don't take measures to mitigate risk, and you get breached, you could be sued.

Not Really the Last Pass (24)
Saturday, January 1, 2022
Enable 2 Factor Authentication on your LastPass account!

Happy Christmahaunukwanzadan! (23)
Saturday, December 25, 2021
More Log4j developments, more career advice for criminals, and more reasons to not click on email links.

More Log4j Stuff (22)
Saturday, December 18, 2021
We think we'll be talking about Log4j for a long time.

The Internet is Burning! (21)
Saturday, December 11, 2021
No, really. You NEED to listen to this episode before you do anything else.

Don't Click This Link! (20)
Saturday, December 4, 2021
Disturbing statistics show the US lost billions to cybercrime in 2021

UK Government Porn Site (19)
Saturday, November 27, 2021
The Dirty Dangers of DNS!

Rowhammer Time! (18)
Saturday, November 20, 2021
What happens when the digital world collides with the digital world?

World War Hack! (17)
Saturday, November 13, 2021
Nation-states are ramping up the cyberwar

The Neverending Side Story (16)
Saturday, November 6, 2021
The three amigos can't seem to stop going on tangents when discussing ransomware and other hacks.

Skim This! (15)
Saturday, October 30, 2021
Nefarious individuals can steal your credit card right underneath your nose!

Trick or Treat! (14)
Monday, October 25, 2021
This week there have been some tricks, but you'll get a treat at the end!

Beware Sharp Edges! (13)
Monday, October 18, 2021
Ransomware is the overwhelming theme for this show. As for the sharp edges, you'll have to listen to get that reference.

OK, Facebook! (12)
Monday, October 11, 2021
One good thing about last week's Facebook outage is that our kids now know what DNS is.

Don't look a grift horse in the mouth! (11)
Monday, October 4, 2021
If you have an Android phone and get apps from the Google Play store, you might have been robbed.

We were just trying to help (10)
Monday, September 27, 2021
Sometimes, well-meaning companies implement a technical solution to a problem to be helpful, and it doesn't go well.

Redemption (9)
Monday, September 20, 2021
Microsoft and Apple go on a Patch Rampage!

Not a good week for Microsoft (8)
Monday, September 13, 2021
Several attacks against Microsoft properties this week. They can't catch a break!

Living in a Zero-Trust World (7)
Saturday, September 4, 2021
A US government mandate requires authentication systems to start adopting zero-trust policies. Are you ready?

Cash for Hacks (6)
Saturday, August 28, 2021
Disgruntled employee participates in a ransomware attack against their own company! Also, what's a public/private key pair?

The Pyramid of Threats (5)
Saturday, August 21, 2021
Patrick talks about the Pyramid of Threats, a mental model to categorize threats according to their popularity (biggest at the base). The higher you go up the pyramid, the harder it is to defend yourself against the threats.

VPNs and Cruise Missiles (4)
Saturday, August 14, 2021
Carl and Patrick (no Duane this week) talk about the Colonial Pipeline ransomware hack, and Pat's thoughts on how to shut down ransomware.

This Week in Ransomware (3)
Saturday, August 7, 2021
Phishing is when a bad actor sends you an email that looks like it came from Microsoft, Amazon, Google, or some other legit company that you probably use. They give you a link to click on for some reason, and with a single click, your entire hard drive is encrypted and your computer can't be used until you pay a ransom. This week we talk about how to spot phishing emails and how big companies are getting involved to fight ransomware. Don't miss it!

It's the Little Things (2)
Saturday, July 31, 2021
It's the little things everyone can do to fortify their networks. Reboot your iPhone once a week, use the GUEST wifi network for devices that just need Internet access, and be careful who you take online aerobics classes from!

Introducing Security This Week (1)
Friday, July 23, 2021
Our pilot episode, in which we lay the groundwork for what to expect from this podcast.

An error has occurred. This application may no longer respond until reloaded. Reload 🗙