New Episode of Security Now: Security Now 1018

In this episode of Security Now, Steve Gibson and Leo Laporte address several crucial topics related to computer security. The episode begins with a discussion on a critical Microsoft vulnerability that, despite being known for years, has still not been fixed. This flaw is being exploited by 11 advanced threat groups, highlighting the importance of taking proactive measures to secure systems. Another key point of the episode is the remote takeover of an Apache Tomcat server. This vulnerability allows attackers to execute code remotely using malicious session files. The ease with which this attack can be carried out and the availability of proof-of-concept examples online make this threat particularly concerning. Steve and Leo also discuss the importance of updating systems to protect against such attacks. The episode also addresses the issue of communication security within the U.S. government. A recent leak revealed that sensitive discussions about war plans were being conducted via the Signal app on personal phones, which is extremely risky given the surveillance capabilities of foreign intelligence agencies. This situation highlights the importance of following strict security protocols, even for the most sensitive communications. Another important topic is Google's acquisition of the cloud security company Wiz. This acquisition, the largest ever in the field of cybersecurity, demonstrates Google's commitment to strengthening its security capabilities. However, it also raises questions about the concentration of power within the tech industry. The episode then delves into the bankruptcy of the genomics company 23andMe and the implications for genetic data privacy. With the company in bankruptcy, it is crucial for users to delete their data to prevent it from falling into the wrong hands. Steve shares his own experiences with deleting his data, highlighting the ease of the process. Finally, the episode concludes with an in-depth discussion on the quantum threat. With rapid advances in quantum computing, it is increasingly likely that current cryptographic algorithms will soon become obsolete. Steve and Leo discuss the measures organizations can take to prepare for this transition, including inventorying vulnerable systems and migrating to quantum-resistant cryptographic algorithms. In conclusion, this episode of Security Now provides a comprehensive overview of the challenges and solutions in computer security. It emphasizes the importance of remaining vigilant and proactive in the face of emerging threats and taking steps to secure systems against known and future vulnerabilities.