New Episode of Security Now: Security Now 1038

14 Aug 2025

CybersecurityVulnerabilitiesSoftwareUpdatesDataBreaches

In this episode of Security Now, Steve Gibson and Leo Laporte address several crucial topics related to cybersecurity. The episode begins with a discussion on an emergency directive issued by CISA regarding a vulnerability in Microsoft Exchange. This flaw allows attackers to move laterally from on-premises Exchange servers to the M365 cloud, posing a major risk for organizations using hybrid configurations. Steve explains in detail the measures to take to fix this vulnerability, emphasizing the importance of updating systems quickly.

    Another key point of the episode is Nvidia's announcement regarding backdoors and kill switches. Nvidia released a firm statement asserting that they will not allow the integration of such features into their chips, highlighting the security risks and ethical implications. Steve and Leo discuss the implications of this decision and its potential impact on the tech industry.

    The podcast also covers the end of Dashlane's free support, a popular password manager. Steve criticizes the limitation of 25 passwords in the free version, pointing out that this makes the product practically unusable. He recommends users switch to alternatives like 1Password or Bitwarden, which offer more generous free options.

    An important technical topic is the discovery of malicious libraries in the npm registry. Steve explains how these libraries can be used to delete all files on a user's system, highlighting the risks associated with using unverified third-party libraries. He emphasizes the importance of vigilance and source verification when using such libraries.

    The podcast also discusses vulnerabilities in Dell Latitude and Precision laptops. Cisco's Talos Group discovered several critical flaws in the Control Vault 3 firmware, used to store sensitive information. These vulnerabilities allow attackers to take full control of the system, even without elevated privileges. Steve explains the measures to take to fix these flaws and protect affected systems.

    Another topic covered is the controversy surrounding Perplexity and Cloudflare. Cloudflare accuses Perplexity of using stealthy crawlers to bypass website directives, while Perplexity denies these allegations. Steve and Leo discuss the implications of this controversy and the broader questions about AI access to web content. They highlight the importance of web openness and property rights, as well as the challenges posed by crawlers and paywalls.

    Finally, the podcast concludes with a discussion on the new series Alien Earth, which promises to be an exciting addition to the Alien franchise. Steve shares his enthusiasm for the series and his expectations for the upcoming episodes.

    For more details, you can consult the full transcript of the episode at https://twit.tv/posts/transcripts/security-now-1038-transcript.

New Episode of Security Now: Security Now 1038

14 Aug 2025

CybersecurityVulnerabilitiesSoftwareUpdatesDataBreaches

    Another key point of the episode is Nvidia's announcement regarding backdoors and kill switches. Nvidia released a firm statement asserting that they will not allow the integration of such features into their chips, highlighting the security risks and ethical implications. Steve and Leo discuss the implications of this decision and its potential impact on the tech industry.

    The podcast also covers the end of Dashlane's free support, a popular password manager. Steve criticizes the limitation of 25 passwords in the free version, pointing out that this makes the product practically unusable. He recommends users switch to alternatives like 1Password or Bitwarden, which offer more generous free options.

    An important technical topic is the discovery of malicious libraries in the npm registry. Steve explains how these libraries can be used to delete all files on a user's system, highlighting the risks associated with using unverified third-party libraries. He emphasizes the importance of vigilance and source verification when using such libraries.

    The podcast also discusses vulnerabilities in Dell Latitude and Precision laptops. Cisco's Talos Group discovered several critical flaws in the Control Vault 3 firmware, used to store sensitive information. These vulnerabilities allow attackers to take full control of the system, even without elevated privileges. Steve explains the measures to take to fix these flaws and protect affected systems.

    Another topic covered is the controversy surrounding Perplexity and Cloudflare. Cloudflare accuses Perplexity of using stealthy crawlers to bypass website directives, while Perplexity denies these allegations. Steve and Leo discuss the implications of this controversy and the broader questions about AI access to web content. They highlight the importance of web openness and property rights, as well as the challenges posed by crawlers and paywalls.

    Finally, the podcast concludes with a discussion on the new series Alien Earth, which promises to be an exciting addition to the Alien franchise. Steve shares his enthusiasm for the series and his expectations for the upcoming episodes.

    For more details, you can consult the full transcript of the episode at https://twit.tv/posts/transcripts/security-now-1038-transcript.