New Episode of Security Now: Security Now 1023

In this episode of Security Now, Steve Gibson and Leo Laporte tackle several critical cybersecurity topics. The episode begins with a discussion on the mysterious appearance of the iNetPub folder on Windows machines after the April 2025 update. Although this folder is empty, it is essential for a critical security update, but its appearance has caused confusion and concern among users. Steve explains that this folder is necessary to fix a privilege escalation vulnerability, but Microsoft has not provided clear details on its importance, leading to speculation and user errors. Another key point in the episode is Kevin Beaumont's discovery of a new vulnerability introduced by Microsoft's patch. This vulnerability allows non-administrator users to disable all future Windows updates, posing a serious security risk. Steve and Leo discuss the implications of this discovery and Microsoft's response, which classified the vulnerability as moderate and did not plan an immediate fix. The episode also addresses a new attack on GPT-type conversational AI models, known as the Inception attack. This attack bypasses AI security safeguards by using fictional scenarios to generate malicious content. Steve explains how this attack works and its implications for AI security. Another important topic is North Korea's creation of fake American companies to recruit employees and infect their networks with malware. Steve and Leo discuss this new tactic and its implications for corporate security. They emphasize the importance of vigilance during recruitment processes and the need to verify the authenticity of companies. The episode also looks at data loss in unpowered SSDs. A recent study showed that SSDs can lose data over time if not used. Steve explains the technical reasons for this phenomenon and proposes solutions to prevent data loss, such as periodic rewriting of data and storing SSDs in a cool environment. Finally, Steve and Leo discuss the abuse of Windows Sandbox by malware. Windows Sandbox is a Windows feature that allows the creation of an isolated environment to test applications and files without affecting the main system. However, researchers have discovered that malware can use Windows Sandbox to hide and persist on infected systems. Steve explains how this attack works and proposes solutions to prevent Windows Sandbox abuse, such as disabling virtualization extensions in the BIOS or using AppLocker to block Windows Sandbox execution. In conclusion, this episode of Security Now covers a range of critical cybersecurity topics, providing valuable insights and practical solutions to protect systems against emerging threats.