SN 943: The Top 10 Cybersecurity Misconfigurations - MACE Act Passed, Brave Layoffs, 23andMe Breached
Podcast:Security Now (Audio) Published On: Wed Oct 11 2023 Description: Steve announces the release of his new freeware utility ValiDrive for detecting fake drive capacities. 23andMe claims a recent data breach exposed customer info due to credential stuffing attacks. Key stats from Microsoft's 2023 Digital Defense Report on cyberattacks, including increased attacks on open source software, growth in business email compromise, and more password attacks. Brave lays off 9% of its staff amid the tough economic climate, despite its efforts to diversify revenue with new search features. Google Docs exports replace links with tracking redirects, enabling Google to monitor clicked links from exported documents. The MOVEit breach impacted Sony, exposing employee and family data. Firefox 118 now supports Encrypted ClientHello for hiding site requests from network surveillance. Google will provide 7 years of updates for its new Pixel phones, up from 5 years previously. The MACE Act passed overwhelmingly in Congress, allowing agencies more flexibility in cybersecurity hiring. Median dwell time for ransomware dropped to less than 1 day, with human-driven attacks deploying it faster. Steve digs into the top 10 cybersecurity misconfigurations outlined in the new NSA/CISA advisory. Show notes: https://www.grc.com/sn/SN-943-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: GO.ACILEARNING.COM/TWIT drata.com/twit lookout.com