SN 808: CNAME Collusion - Seven Exchange 0-Days, Firefox Enhanced Tracking Protection, SolarWinds Password

2:06:07
 
Share
 

Manage episode 286388413 series 80555
By Leo Laporte. Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio is streamed directly from their servers. Hit the Subscribe button to track updates in Player FM, or paste the feed URL into other podcast apps.

Seven Exchange 0-days, Firefox Enhanced Tracking Protection, SolarWinds Password.

  • Chrome to default to trying HTTPS first when not specified.
  • Firefox's "Enhanced Tracking Protection" just neutered 3rd-party cookies!
  • As easy as "SolarWinds123".
  • Rockwell Automation's CVE-2021-22681 is a CRITICAL 10 out of 10.
  • VMware's vCenter troubles.
  • SpinRite update.
  • Microsoft issues emergency patches for 4 exploited 0-days in Exchange.
  • CNAME Collusion.

We invite you to read our show notes at https://www.grc.com/sn/SN-808-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

306 episodes