Security Now 808: CNAME Collusion

PumpCast at

"Security Now 808: CNAME Collusion" Seven Exchange 0-days, Firefox Enhanced Tracking Protection, SolarWinds Password. Chrome to default to trying HTTPS first when not specified. Firefox's "Enhanced Tracking Protection" just neutered 3rd-party cookies! As easy as "SolarWinds123". Rockwell Automation's CVE-2021-22681 is a CRITICAL 10 out of 10. VMware's vCenter troubles. SpinRite update. Microsoft issues emergency patches for 4 exploited 0-days in Exchange. CNAME Collusion. We invite you to read our show notes at https://www.grc.com/sn/SN-808-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: privacy.com/securitynow Melissa.com/twit itpro.tv/securitynow promo code SN30 https://twit.tv/shows/security-now/episodes/808 ( Feed URL: http://feeds.twit.tv/brickhouse_video_small.xml )