SN 808: CNAME Collusion - Seven Exchange 0-Days, Firefox Enhanced Tracking Protection, SolarWinds Password

Security Now (Audio)

By Leo Laporte. Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio is streamed directly from their servers. Hit the Subscribe button to track updates in Player FM, or paste the feed URL into other podcast apps.

1M ago 2:06:08

MP3•Episode home

Seven Exchange 0-days, Firefox Enhanced Tracking Protection, SolarWinds Password.

Chrome to default to trying HTTPS first when not specified.
Firefox's "Enhanced Tracking Protection" just neutered 3rd-party cookies!
As easy as "SolarWinds123".
Rockwell Automation's CVE-2021-22681 is a CRITICAL 10 out of 10.
VMware's vCenter troubles.
SpinRite update.
Microsoft issues emergency patches for 4 exploited 0-days in Exchange.
CNAME Collusion.

We invite you to read our show notes at https://www.grc.com/sn/SN-808-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

189 episodes

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.