Security Now with Steve Gibson and Leo Laporte

Oct 10th 2023

Security Now 943

The Top 10 Cybersecurity Misconfigurations

MACE Act Passed, Brave Layoffs, 23andMe Breached

Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 21:30 UTC.
Category: Help & How To
  • Steve announces the release of his new freeware utility ValiDrive for detecting fake drive capacities. 
  • 23andMe claims a recent data breach exposed customer info due to credential stuffing attacks. 
  • Key stats from Microsoft's 2023 Digital Defense Report on cyberattacks, including increased attacks on open source software, growth in business email compromise, and more password attacks.
  • Brave lays off 9% of its staff amid the tough economic climate, despite its efforts to diversify revenue with new search features.
  • Google Docs exports replace links with tracking redirects, enabling Google to monitor clicked links from exported documents.
  • The MOVEit breach impacted Sony, exposing employee and family data.
  • Firefox 118 now supports Encrypted ClientHello for hiding site requests from network surveillance.
  • Google will provide 7 years of updates for its new Pixel phones, up from 5 years previously.
  • The MACE Act passed overwhelmingly in Congress, allowing agencies more flexibility in cybersecurity hiring.
  • Median dwell time for ransomware dropped to less than 1 day, with human-driven attacks deploying it faster.
  • Steve digs into the top 10 cybersecurity misconfigurations outlined in the new NSA/CISA advisory.

Show notes:

Download or subscribe to this show at

Get episodes ad-free with Club TWiT at

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site:, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.