New Episode of Security Now: Security Now 1022

In this episode of Security Now, Steve Gibson and Leo Laporte tackle several crucial topics in cybersecurity. The show begins with a discussion on Firefox's tab grouping feature, which Steve finally managed to activate. He explains how users can also enable it by modifying Firefox's configuration settings. Next, they discuss the survival of MITRE's CVE (Common Vulnerabilities and Exposures) program, which was nearly discontinued due to funding issues. Fortunately, the program was saved thanks to an extension of funding and the creation of the CVE Foundation, a non-profit organization aimed at ensuring the program's longevity. Another important topic covered is the revelation that China admitted responsibility for cyberattacks against U.S. infrastructure, in response to U.S. support for Taiwan. This confession underscores the growing tensions between the two superpowers and the potential implications for global cybersecurity. Steve and Leo also discuss Oracle's decision not to disclose a data breach, which led the CISA (Cybersecurity and Infrastructure Security Agency) to issue a notice about it. The episode also addresses the critical vulnerability in the Python library BentoML, which allows for remote code execution. This vulnerability, with a CVSS score of 9.8, is particularly concerning due to its high exploitability. Steve explains in detail how this vulnerability works and why it is so dangerous. Additionally, they discuss brute force attacks and security issues related to multi-factor authentication (MFA), emphasizing the importance of implementing robust security measures. Another key point in the episode is the controversial decision by Apple and other browsers to reduce the lifespan of SSL/TLS certificates to 47 days. While this measure aims to improve security, it poses significant challenges for system administrators and developers. Steve expresses his skepticism about the necessity of this reduction and the problems it could cause. The episode concludes with a discussion on Windows Sandbox, a feature built into Windows 10 and 11 that allows for the creation of an isolated and secure testing environment. Steve explains how to enable and use this feature, and why it is so useful for software testing and security experiments. He also highlights the performance and security advantages of Windows Sandbox over traditional virtual machines. In summary, this episode of Security Now provides a comprehensive overview of the latest trends and developments in cybersecurity, with valuable insights from Steve Gibson and Leo Laporte. Whether you are a security professional or simply interested in the subject, this episode offers essential information to stay informed and protected in the ever-evolving digital world.