all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

SN 942: Encrypting ClientHello - EXIM eMail Servers Exposed, Windows 11 Passkeys, Bing Chat Malware Risk

Add to bookmarks
Oct. 4, 2023, 4:03 a.m. | TWiT

Security Now (Audio) twit.tv


  • Exim email server ignored ZDI's responsible disclosure of critical remote code execution flaws for over a year, putting millions of servers at risk.

  • Malicious ads are appearing in Bing Chat responses, promoting fake sites distributing malware.

  • Windows 11 now natively supports passkeys, though browser support may make this redundant.

  • Researchers exploit WiFi beamforming side-channel to potentially reveal keystrokes, but practicality is limited.

  • The ECH TLS extension encrypts the ClientHello packet to hide SNI data.

  • Exim disclosure timeline and impact on …

ads bing bing chat bing chat malware risks browser chat code code execution critical disclosure email email server encrypted client hello hides sni data exim exim server vulnerabilities exposed fake flaws help & how to iab19 leo laporte malicious malicious ads malware passkeys remote code remote code execution responsible responsible disclosure risk security security now server servers steve gibson technology twit wifi password stealing exaggerations windows windows 11 windows 11 passkey support zdi

Visit resource

More from twit.tv / Security Now (Audio)

SN 971: Chat (out of) Control - Fuxnet, Android Quarantine, Gentoo 3 days, 7 hours ago | twit.tv
actalis ai amp android +45
SN 970: GhostRace - AT&T Breach Update, Cookie Notices, Router Buttons 1 week, 3 days ago | twit.tv
amp att breach button +38
SN 969: Minimum Viable Secure Product - Dlink NAS Backdoor, Privnote, Crowdefense 2 weeks, 3 days ago | twit.tv
android apple backdoor can +37
SN 968: A Cautionary Tale - XZ Outbreak, AT&T Data Breach 3 weeks, 3 days ago | twit.tv
ad blockers advertisers amp att +34
SN 967: GoFetch - Apple vs. DOJ, ".INTERNAL" TLD 1 month ago | twit.tv
ai apple authentication blocked +43
SN 966: Morris The Second - Voyager 1, The Web Turns 35 1 month, 1 week ago | twit.tv
2fa accounts addresses anonymous +41
SN 966: Morris The Second - Voyager 1, The Web Turns 35 1 month, 1 week ago | twit.tv
2fa accounts addresses anonymous +41
SN 966: Morris The Second - Voyager 1, The Web Turns 35 1 month, 1 week ago | twit.tv
2fa accounts addresses anonymous +41
SN 965: Passkeys vs. 2FA - Unhelpful CERT, VMware patch, Signal 7.0 Beta 1 month, 2 weeks ago | twit.tv
2fa accelerators american beta +45

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Data & Security Engineer Lead

@ LiquidX | Singapore, Central Singapore, Singapore
View on infosec-jobs.com

IT and Cyber Risk Control Lead

@ GXS Bank | Singapore - OneNorth
View on infosec-jobs.com

Consultant Senior en Gestion de Crise Cyber et Continuité d’Activité H/F

@ Hifield | Sèvres, France
View on infosec-jobs.com

Cyber Security Analyst (Weekend 1st Shift)

@ Fortress Security Risk Management | Cleveland, OH, United States
View on infosec-jobs.com

Senior Manager, Cybersecurity

@ BlueTriton Brands | Stamford, CT, US
View on infosec-jobs.com
View more jobs