Login
FreshRSS
Login
About FreshRSS
Main stream
Favourites (0)
Security
/r/netsec - Information Security News & Discussion
Dark Reading:
http://blog.trendmicro.com/feed
ICS-CERT Alert Feed
Infosec Island Latest Articles
InfoSec Resources
Krebs on Security
McAfee Blogs
Naked Security
News β Packet Storm
Paul's Security Weekly
SANS Internet Storm Center, InfoCON: green
Security β Cisco Blog
SecurityFocus News
The first stop for security news | Threatpost
The Hacker News
The Register - Security
Threatpost | The first stop for security news
Troy Hunt
Verisign Blog
WeLiveSecurity
WIRED
ZDNet | security RSS
Tools
Security Tool Files β Packet Storm
ToolsWatch.org β The Hackers Arsenal Tools Portal
Vulnerabilities
Advisory Files β Packet Storm
Exploit-DB Updates
Full Disclosure
SecurityFocus Vulnerabilities
There are new available articles, click to refresh the page.
Before yesterday
Naked Security
Naked Security
VMware fixes holes that could allow virtual machine escapes
February 16
th
2022 at 19:32Β
VMware fixes holes that could allow virtual machine escapes
By
Paul Ducklin
Hats off to VMware for not using weasel words: "When should you act?" Immediately...
Related tags
β
Vulnerability
VMware
vSphere
February 16
th
2022 at 19:32
Naked Security
Google announces zero-day in Chrome browser β update now!
February 15
th
2022 at 19:17Β
Google announces zero-day in Chrome browser β update now!
By
Paul Ducklin
Zero-day buses: none for a while, then three at once. Here's Google joining Apple and Adobe in "zero-day week"
Related tags
β
Google
Google
Chrome
Microsoft
Edge
Vulnerability
chrome
Chromium
CVE-2022-0609
Zero
Day
February 15
th
2022 at 19:17
Naked Security
Adobe fixes zero-day exploit in e-commerce code: update now!
February 14
th
2022 at 22:38Β
Adobe fixes zero-day exploit in e-commerce code: update now!
By
Paul Ducklin
There's a remote code execution hole in Adobe e-commerce products - and cybercrooks are already exploiting it.
Related tags
β
Adobe
Vulnerability
CVE-2022-24086
Exploit
vulnerability
Zero
Day
February 14
th
2022 at 22:38
Naked Security
Power company pays out $3 trillion compensation to astonished customer
February 14
th
2022 at 14:58Β
Power company pays out $3 trillion compensation to astonished customer
By
Paul Ducklin
More money than the UK's economy produces in a year!
Related tags
β
numeric
overflow
overpayment
vulnerability
February 14
th
2022 at 14:58
Naked Security
Apple zero-day drama for Macs, iPhones and iPads β patch now!
February 11
th
2022 at 14:25Β
Apple zero-day drama for Macs, iPhones and iPads β patch now!
By
Paul Ducklin
Sudden update! Zero-day browser hole! Drive-by malware danger! Patch Apple laptops and phones now...
apple-1200
Related tags
β
Apple
iOS
OS
X
Vulnerability
CVE-2022-22620
iPad
iPhone
macOS
vulnerability
February 11
th
2022 at 14:25
Naked Security
Microsoft blocks web installation of its own App Installer files
February 7
th
2022 at 16:36Β
Microsoft blocks web installation of its own App Installer files
By
Paul Ducklin
It's a big deal when a vendor decides to block one of its own "features" for security reasons. Here's why we think it's a good idea.
Related tags
β
Malware
Phishing
Vulnerability
App
Bundle
App
Installer
CVE-2021-43890
MSIX
Windows
February 7
th
2022 at 16:36
Naked Security
Elementor WordPress plugin has a gaping security hole β update now
February 2
nd
2022 at 17:11Β
Elementor WordPress plugin has a gaping security hole β update now
By
Paul Ducklin
We shouldn't need to say, "Check your inputs!" these days, but we're saying it anyway.
Related tags
β
Vulnerability
February 2
nd
2022 at 17:11
Naked Security
Linux kernel patches βperformance can be harmfulβ bug in video driver
February 1
st
2022 at 19:59Β
Linux kernel patches βperformance can be harmfulβ bug in video driver
By
Paul Ducklin
This bug is fiendishly hard to exploit - but if you patch, it won't be there to exploit at all.
Related tags
β
Data
loss
Vulnerability
CVE-2022-0330
drm/i915
Linux
February 1
st
2022 at 19:59
Naked Security
Apple fixes Safari data leak (and patches a zero-day!) β update now
January 27
th
2022 at 21:09Β
Apple fixes Safari data leak (and patches a zero-day!) β update now
By
Paul Ducklin
That infamous "supercookie" bug in Safari has now been fixed. Oh, and there was a zero-day kernel hole as well.
apple-1200
Related tags
β
Apple
iOS
OS
X
Privacy
Vulnerability
Exploit
ios
iPhone
macOS
Patch
rce
January 27
th
2022 at 21:09
Naked Security
βPwnKitβ security bug gets you root on most Linux distros β what to do
January 26
th
2022 at 19:58Β
βPwnKitβ security bug gets you root on most Linux distros β what to do
By
Paul Ducklin
An elevation of privilege bug that could let a "mostly harmless" user give themselves a instant root shell
Related tags
β
Linux
Vulnerability
CVE-2021-4034
EoP
pkexec
PwnKit
January 26
th
2022 at 19:58
Naked Security
Cryptocoin broker Crypto.com says 2FA bypass led to $35m theft
January 21
st
2022 at 16:25Β
Cryptocoin broker Crypto.com says 2FA bypass led to $35m theft
By
Paul Ducklin
The company has put out a brief security report that summarises the 'what', but not yet the 'how' or 'why'.
Related tags
β
Cryptocurrency
Vulnerability
2FA
Crypto.com
cryptocurrency
January 21
st
2022 at 16:25
Naked Security
S3 Ep66: Cybercrime busts, wormable Windows, and the crisis of featuritis [Podcast + Transcript]
January 20
th
2022 at 17:28Β
S3 Ep66: Cybercrime busts, wormable Windows, and the crisis of featuritis [Podcast + Transcript]
By
Paul Ducklin
Latest epsiode - listen now!
Related tags
β
Apple
iOS
Law
&
order
Linux
Microsoft
Podcast
Vulnerability
Cryptography
Cybercrime
Loinux
Naked
Security
Podcast
Windows
January 20
th
2022 at 17:28
Naked Security
S3 Ep65: Supply chain conniption, NetUSB hole, Honda flashback, FTC muscle [Podcast + Transcript]
January 13
th
2022 at 15:26Β
S3 Ep65: Supply chain conniption, NetUSB hole, Honda flashback, FTC muscle [Podcast + Transcript]
By
Paul Ducklin
Latest episode -listen to it or read it now!
Related tags
β
Podcast
Vulnerability
Honda
Naked
Security
Podcast
npm
supply
chain
January 13
th
2022 at 15:26
Naked Security
Wormable Windows HTTP hole β what you need to know
January 12
th
2022 at 16:24Β
Wormable Windows HTTP hole β what you need to know
By
Paul Ducklin
One bug in the January 2022 Patch Tuesday list is getting lots of attention: "HTTP Protocol Stack Remote Code Execution Vulnerability".
Related tags
β
Microsoft
Vulnerability
CVE-2022-21907
http
HTTP.sys
IIS
Patch
Tuesday
worm
January 12
th
2022 at 16:24
Naked Security
Home routers with NetUSB support could have critical kernel hole
January 11
th
2022 at 17:42Β
Home routers with NetUSB support could have critical kernel hole
By
Paul Ducklin
Got a router that supports USB access across the network? You might need a kernel update...
Related tags
β
Vulnerability
buffer
overflow
CVE-2021-45608
NetUSB
usb
January 11
th
2022 at 17:42
Naked Security
Log4Shell-like security hole found in popular Java SQL database engine H2
January 7
th
2022 at 19:32Β
Log4Shell-like security hole found in popular Java SQL database engine H2
By
Paul Ducklin
"It's Log4Shell, Jim, but not as we know it." How to find and fix a JNDI-based vuln in the H2 Database Engine.
Related tags
β
Vulnerability
CVE-2021-42392
H2
Java
JNDI
Log4j
SQL
January 7
th
2022 at 19:32
Naked Security
FTC threatens βlegal actionβ over unpatched Log4j and other vulns
January 5
th
2022 at 19:37Β
FTC threatens βlegal actionβ over unpatched Log4j and other vulns
By
Paul Ducklin
Remember the Equifax breach? Remember the $700m penalty? In case you'd forgotten, here's the FTC to refresh your memory!
Related tags
β
Data
loss
Law
&
order
Privacy
Vulnerability
Equifax
ftc
Log4j
Log4Shell
Patching
January 5
th
2022 at 19:37
Naked Security
Log4Shell vulnerability Number Four: βMuch ado about somethingβ
December 29
th
2021 at 19:12Β
Log4Shell vulnerability Number Four: βMuch ado about somethingβ
By
Paul Ducklin
It's a Log4j bug, and you ought to patch it. But we don't think it's a critical crisis like the last one.
Related tags
β
Vulnerability
Apache
CVE-2021-44228
CVE-2021-44832
Java
Log4j
Log4Shell
Patch
vulnerability
December 29
th
2021 at 19:12
Naked Security
Apacheβs other product: Critical bugs in βhttpdβ web server, patch now!
December 21
st
2021 at 19:57Β
Apacheβs other product: Critical bugs in βhttpdβ web server, patch now!
By
Paul Ducklin
The Apache web server just got an update - this one is nothing to do with Log4j!
Related tags
β
Vulnerability
Apache
CVE-2021-44224
CVE-2021-44790
httpd
web
server
December 21
st
2021 at 19:57
Naked Security
Serious Security: OpenSSL fixes βerror conflationβ bugs β how mixing up mistakes can lead to trouble
December 17
th
2021 at 17:57Β
Serious Security: OpenSSL fixes βerror conflationβ bugs β how mixing up mistakes can lead to trouble
By
Paul Ducklin
Have you ever seen the message "An error occurred"? Even worse, the message "This error cannot occur"? Facts matter!
Related tags
β
Cryptography
CVE-2021-4044
openssl
Patching
vulnerability
December 17
th
2021 at 17:57
Naked Security
Apple security updates are out β and not a Log4Shell mention in sight
December 14
th
2021 at 12:55Β
Apple security updates are out β and not a Log4Shell mention in sight
By
Paul Ducklin
Get 'em while they're hot!
Related tags
β
Apple
iPad
iPhone
macOS
Patch
vulnerability
December 14
th
2021 at 12:55
Naked Security
Log4Shell explained β how it works, why you need to know, and how to fix it
December 13
th
2021 at 19:41Β
Log4Shell explained β how it works, why you need to know, and how to fix it
By
Paul Ducklin
Find out how to deal with the Log4Shell vulnerability right across your estate. Yes, you need to patch, but that helps everyone else along with you!
Related tags
β
Vulnerability
CVE-2021-44228
Log4j
Log4Shell
December 13
th
2021 at 19:41
Naked Security
βLog4Shellβ Java vulnerability β how to safeguard your servers
December 10
th
2021 at 19:22Β
βLog4Shellβ Java vulnerability β how to safeguard your servers
By
Paul Ducklin
Just when you thought it was safe to relax for the weekend... a critical bug showed up in Apache's Log4j product
Related tags
β
Vulnerability
Apache
CVE-2021-44228
Exploit
Java
Log4Shell
LOGJAM
rce
December 10
th
2021 at 19:22
Naked Security
S3 Ep62: The S in IoT stands for security (and much more) [Podcast+Transcript]
December 9
th
2021 at 17:40Β
S3 Ep62: The S in IoT stands for security (and much more) [Podcast+Transcript]
By
Paul Ducklin
Listen now or read as an article! (Full transcript inside.)
Related tags
β
IoT
Law
&
order
Podcast
Vulnerability
Cybercrime
hacking
iot
Naked
Security
Podcast
December 9
th
2021 at 17:40
Naked Security
Firefox update brings a whole new sort of security sandbox
December 7
th
2021 at 19:14Β
Firefox update brings a whole new sort of security sandbox
By
Paul Ducklin
Firefox 95.0 is out, with the usual security fixes... plus some funky new ones.
Related tags
β
Malware
Mozilla
Vulnerability
Firefox
Sandbox
vulnerability
December 7
th
2021 at 19:14
Naked Security
Mozilla patches critical βBigSigβ cryptographic bug: Hereβs how to track it down and fix it
December 3
rd
2021 at 17:58Β
Mozilla patches critical βBigSigβ cryptographic bug: Hereβs how to track it down and fix it
By
Paul Ducklin
Mozilla's cryptographic code had a critical bug. Problem is that numerous apps are affected and may need patching individually.
Related tags
β
Mozilla
Vulnerability
Cryptography
NSS
vulnerability
December 3
rd
2021 at 17:58
Naked Security
IoT devices must βprotect consumers from cyberharmβ, says UK government
December 2
nd
2021 at 19:10Β
IoT devices must βprotect consumers from cyberharmβ, says UK government
By
Paul Ducklin
"Must be at least THIS tall to go on ride" seems to be the starting point. Too little, too late? Or better than nothing?
Related tags
β
IoT
Law
&
order
Vulnerability
iot
law
passwords
PSTI
responsible
disclosure
vulnerability
December 2
nd
2021 at 19:10
Naked Security
S3 Ep60: Exchange exploit, GoDaddy breach and cookies made public [Podcast]
November 25
th
2021 at 12:38Β
S3 Ep60: Exchange exploit, GoDaddy breach and cookies made public [Podcast]
By
Paul Ducklin
Latest episode - listen now! Solid cybersecurity advice in plain English.
Related tags
β
Podcast
cookies
data
breach
exchange
Exploit
GoDaddy
Naked
Security
Podcast
passwords
vulnerability
November 25
th
2021 at 12:38
Naked Security
Check your patches β public exploit now out for critical Exchange bug
November 23
rd
2021 at 14:36Β
Check your patches β public exploit now out for critical Exchange bug
By
Paul Ducklin
It was a zero-day bug until Patch Tuesday, now there's an anyone-can-use-it exploit. Don't be the one who hasn't patched.
Related tags
β
Microsoft
Vulnerability
CVE-2021-42321
exchange
Patch
Patch
Tuesday
Zero
Day
November 23
rd
2021 at 14:36
Naked Security
GoDaddy admits to password breach: check your Managed WordPress site!
November 23
rd
2021 at 00:35Β
GoDaddy admits to password breach: check your Managed WordPress site!
By
Paul Ducklin
GoDaddy found crooks in its network, and kicked them out - but not before they'd been in there for six weeks.
Related tags
β
Data
loss
Vulnerability
breach
Breach
Notification
GoDaddy
Managed
WordPress
passwords
SEC
November 23
rd
2021 at 00:35
Naked Security
Patch Tuesday updates the Win 7 updater⦠for at most 1 more year of updates
November 10
th
2021 at 19:45Β
Patch Tuesday updates the Win 7 updater⦠for at most 1 more year of updates
By
Paul Ducklin
The clock stopped long ago on Windows 7, except for those who paid for overtime. But there won't be any double overtime!
Related tags
β
Microsoft
Vulnerability
Patch
Tuesday
security
holes
Windows
November 10
th
2021 at 19:45
Naked Security
Microsoft documents βSHROOTLESSβ hack patched in latest Apple updates
October 29
th
2021 at 13:38Β
Microsoft documents βSHROOTLESSβ hack patched in latest Apple updates
By
Paul Ducklin
We'd have called this bug "SHROOTMORE", but naming it wasn't our call.
Related tags
β
Apple
Microsoft
Vulnerability
CVE-2021-30892
rootless
shrootless
SIP
vulnerability
October 29
th
2021 at 13:38
Naked Security
S3 Ep54: Another 0-day, double Apache patch, and Fight The Phish [Podcast]
October 14
th
2021 at 18:33Β
S3 Ep54: Another 0-day, double Apache patch, and Fight The Phish [Podcast]
By
Paul Ducklin
Latest episode - listen now!
Related tags
β
Apple
iOS
Phishing
Podcast
Vulnerability
day
iPhone
Naked
Security
Podcast
vulnerability
Zero
Day
October 14
th
2021 at 18:33
There are no more articles
β
Mark all as read