Security Now 1036: Inside the SharePoint 0-day

• Brave randomizes its fingerprints.


• The next Brave will block Microsoft Recall by default.


• Clorox sues its IT provider for $380 million in damages.


• 6-month Win10 ESU offers are beginning to appear.


• Warfare has significantly become cyber.


• Allianz Life loses control of 125 million customers' data.


• The CIA's Acquisition Research Center website was hacked.


• The Pentagon says the SharePoint RCE didn't get them.


• A look at a DPRK "laptop farm" to impersonate Americans.


• FIDO's passkey was NOT bypassed by a MITM after all.


• Is our data safe anywhere?


• The UK is trying to back-pedal out of the Apple ADP mess.


• Meanwhile, the EU resumes its push for "Chat Control".


• Microsoft fumbled the patch of a powerful Pwn2Own exploit

Show Notes - https://www.grc.com/sn/SN-1036-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!

Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

• canary.tools/twit - use code: TWIT


• threatlocker.com for Security Now


• bitwarden.com/twit


• uscloud.com