Login
FreshRSS
Login
About FreshRSS
Main stream
Favourites (0)
Security
/r/netsec - Information Security News & Discussion
Dark Reading:
http://blog.trendmicro.com/feed
ICS-CERT Alert Feed
Infosec Island Latest Articles
InfoSec Resources
Krebs on Security
McAfee Blogs
Naked Security
News ≈ Packet Storm
Paul's Security Weekly
SANS Internet Storm Center, InfoCON: green
Security – Cisco Blog
SecurityFocus News
The first stop for security news | Threatpost
The Hacker News
The Register - Security
Threatpost | The first stop for security news
Troy Hunt
Verisign Blog
WeLiveSecurity
WIRED
ZDNet | security RSS
Tools
Security Tool Files ≈ Packet Storm
ToolsWatch.org – The Hackers Arsenal Tools Portal
Vulnerabilities
Advisory Files ≈ Packet Storm
Exploit-DB Updates
Full Disclosure
SecurityFocus Vulnerabilities
There are new available articles, click to refresh the page.
Before yesterday
Naked Security
Naked Security
OpenSSL patches infinite-loop DoS bug in certificate verification
March 18
th
2022 at 17:59
OpenSSL patches infinite-loop DoS bug in certificate verification
By
Paul Ducklin
When it comes to writing loops in your code... never sit on the fence!
Related tags
❌
Cryptography
Vulnerability
CVE-2022-0778
DOS
openssl
ormandy
vulnerability
March 18
th
2022 at 17:59
Naked Security
S3 Ep74: Cybercrime busts, Apple patches, Pi Day, and disconnect effects [Podcast]
March 17
th
2022 at 13:32
S3 Ep74: Cybercrime busts, Apple patches, Pi Day, and disconnect effects [Podcast]
By
Paul Ducklin
Latest episode - listen now!
Related tags
❌
Apple
Law
&
order
Podcast
Vulnerability
"vulnerability"
PiDay
Cybercrime
Naked
Security
Podcast
Pi
March 17
th
2022 at 13:32
Naked Security
CISA warning: “Russian actors bypassed 2FA” – what happened and how to avoid it
March 16
th
2022 at 01:22
CISA warning: “Russian actors bypassed 2FA” – what happened and how to avoid it
By
Paul Ducklin
Don't leave old accounts lying around where someone sketchy could reactivate them.
Related tags
❌
Vulnerability
2FA
bypass
CISA
hacking
intrusion
MTR
March 16
th
2022 at 01:22
Naked Security
Apple patches 87 security holes – from iPhones and Macs to Windows
March 15
th
2022 at 16:36
Apple patches 87 security holes – from iPhones and Macs to Windows
By
Paul Ducklin
Lots of fixes, with data leakage flaws and code execution bugs patched on iPhones, Macs and even Windows.
apple-1200
Related tags
❌
Apple
iOS
OS
X
Privacy
Vulnerability
Windows
cve
Exploit
Patch
rce
March 15
th
2022 at 16:36
Naked Security
S3 Ep73: Ransomware with a difference, dirty Linux pipes, and much more [Podcast + Transcript]
March 10
th
2022 at 19:37
S3 Ep73: Ransomware with a difference, dirty Linux pipes, and much more [Podcast + Transcript]
By
Paul Ducklin
Latest episode - listen now!
Related tags
❌
Podcast
adafruit
CVE-2022-0847
Cybercrime
Dirty
Pipe
Firefox
hacking
Linux
Mozilla
Naked
Security
Podcast
NVIDIA
ransomware
March 10
th
2022 at 19:37
Naked Security
“Dirty Pipe” Linux kernel bug lets anyone write to any file
March 8
th
2022 at 19:37
“Dirty Pipe” Linux kernel bug lets anyone write to any file
By
Paul Ducklin
Even read-only files can be written to, leading to a dangerously general purpose elevation-of-privilege attack.
pipe-1200
Related tags
❌
Android
Google
Linux
Vulnerability
CVE-2022-0847
EoP
file
overwrite
kernel
splice
vulnerability
March 8
th
2022 at 19:37
Naked Security
Adafruit suffers GitHub data breach – don’t let this happen to you
March 7
th
2022 at 12:47
Adafruit suffers GitHub data breach – don’t let this happen to you
By
Paul Ducklin
Training data stashed in GitHub by mistake... unfortunately, it was *real* data
Related tags
❌
Data
loss
adafruit
data
breach
ex-employee
github
March 7
th
2022 at 12:47
Naked Security
Firefox patches two actively exploited 0-day holes: update now!
March 5
th
2022 at 19:06
Firefox patches two actively exploited 0-day holes: update now!
By
Paul Ducklin
Firefox just published a double-zero-day patch - "remote code execution" combined with "sandbox escape". Update now!
Related tags
❌
Mozilla
Vulnerability
Exploit
Firefox
o-day
Zero
Day
March 5
th
2022 at 19:06
Naked Security
S3 Ep72: AirTag stalking, web server coding woes and Instascams [Podcast + Transcript]
March 3
rd
2022 at 14:04
S3 Ep72: AirTag stalking, web server coding woes and Instascams [Podcast + Transcript]
By
Paul Ducklin
Latest episode - listen now (or read it, if that's your preference)...
Related tags
❌
Apple
Instagram
Podcast
AirTag
browsers
Naked
Security
Podcast
phishing
March 3
rd
2022 at 14:04
Naked Security
Ransomware with a difference: “Derestrict your software, or else!”
March 2
nd
2022 at 16:33
Ransomware with a difference: “Derestrict your software, or else!”
By
Paul Ducklin
"Change your code to improve cryptomining"... or we'll dump 1TB of stolen secrets.
Related tags
❌
Security
threats
data
breach
extortion
hacking
lapsus
NVIDIA
ransomware
March 2
nd
2022 at 16:33
Naked Security
S3 Ep71: VMware escapes, PHP holes, WP plugin woes, and scary scams [Podcast + Transcript]
February 24
th
2022 at 16:51
S3 Ep71: VMware escapes, PHP holes, WP plugin woes, and scary scams [Podcast + Transcript]
By
Paul Ducklin
Latest episode - listen now!
Related tags
❌
Phishing
Podcast
Vulnerability
backup
Exploit
hacking
Naked
Security
Podcast
Scam
sextortion
VMware
vulnerability
Wordpress
February 24
th
2022 at 16:51
Naked Security
WordPress backup plugin maker Updraft says “You should update”…
February 22
nd
2022 at 17:26
WordPress backup plugin maker Updraft says “You should update”…
By
Paul Ducklin
A straight-talking bug report written in plain English by an actual expert - there's a teachable moment in this cybersecurity story!
Related tags
❌
Vulnerability
CVE-2022-23303
data
leak
Updraft
vulnerability
Wordpress
February 22
nd
2022 at 17:26
Naked Security
French speakers blasted by sextortion scams with no text or links
February 21
st
2022 at 17:59
French speakers blasted by sextortion scams with no text or links
By
Paul Ducklin
You'd spot this one a mile away... but what about your friends or family?
Related tags
❌
Privacy
Security
threats
Cybercrime
extortion
porn
scam
Scam
sextortion
spam
February 21
st
2022 at 17:59
Naked Security
Irony alert! PHP fixes security flaw in input validation code
February 18
th
2022 at 17:59
Irony alert! PHP fixes security flaw in input validation code
By
Paul Ducklin
What's wrong with this sequence? 1. Step into the road 2. Check if it's safe 3. Keep on walki...
Related tags
❌
Vulnerability
CVE-2021-21708
PHP
use-after-free
February 18
th
2022 at 17:59
Naked Security
S3 Ep70: Bitcoin, billing blunders, and 0-day after 0-day after 0-day [Podcast + Transcript]
February 17
th
2022 at 17:12
S3 Ep70: Bitcoin, billing blunders, and 0-day after 0-day after 0-day [Podcast + Transcript]
By
Paul Ducklin
Latest episode - listen and learn!
Related tags
❌
Podcast
Adobe
Apple
bitcoin
bust
cryptocoins
cryptocurrency
Google
Naked
Security
Podcast
February 17
th
2022 at 17:12
Naked Security
VMware fixes holes that could allow virtual machine escapes
February 16
th
2022 at 19:32
VMware fixes holes that could allow virtual machine escapes
By
Paul Ducklin
Hats off to VMware for not using weasel words: "When should you act?" Immediately...
Related tags
❌
Vulnerability
VMware
vSphere
February 16
th
2022 at 19:32
Naked Security
Google announces zero-day in Chrome browser – update now!
February 15
th
2022 at 19:17
Google announces zero-day in Chrome browser – update now!
By
Paul Ducklin
Zero-day buses: none for a while, then three at once. Here's Google joining Apple and Adobe in "zero-day week"
Related tags
❌
Google
Google
Chrome
Microsoft
Edge
Vulnerability
chrome
Chromium
CVE-2022-0609
Zero
Day
February 15
th
2022 at 19:17
Naked Security
Adobe fixes zero-day exploit in e-commerce code: update now!
February 14
th
2022 at 22:38
Adobe fixes zero-day exploit in e-commerce code: update now!
By
Paul Ducklin
There's a remote code execution hole in Adobe e-commerce products - and cybercrooks are already exploiting it.
Related tags
❌
Adobe
Vulnerability
CVE-2022-24086
Exploit
vulnerability
Zero
Day
February 14
th
2022 at 22:38
Naked Security
Power company pays out $3 trillion compensation to astonished customer
February 14
th
2022 at 14:58
Power company pays out $3 trillion compensation to astonished customer
By
Paul Ducklin
More money than the UK's economy produces in a year!
Related tags
❌
numeric
overflow
overpayment
vulnerability
February 14
th
2022 at 14:58
Naked Security
Apple zero-day drama for Macs, iPhones and iPads – patch now!
February 11
th
2022 at 14:25
Apple zero-day drama for Macs, iPhones and iPads – patch now!
By
Paul Ducklin
Sudden update! Zero-day browser hole! Drive-by malware danger! Patch Apple laptops and phones now...
apple-1200
Related tags
❌
Apple
iOS
OS
X
Vulnerability
CVE-2022-22620
iPad
iPhone
macOS
vulnerability
February 11
th
2022 at 14:25
Naked Security
S3 Ep69: WordPress woes, Wormhole holes, and a Microsoft change of heart [Podcast + Transcript]
February 10
th
2022 at 01:15
S3 Ep69: WordPress woes, Wormhole holes, and a Microsoft change of heart [Podcast + Transcript]
By
Paul Ducklin
Latest episode - listen now!
Related tags
❌
Law
&
order
Microsoft
Podcast
Security
threats
bust
cryptocurrency
Cybercrime
Naked
Security
Podcast
February 10
th
2022 at 01:15
Naked Security
Self-styled “Crocodile of Wall Street” arrested with husband over Bitcoin megaheist
February 9
th
2022 at 14:44
Self-styled “Crocodile of Wall Street” arrested with husband over Bitcoin megaheist
By
Naked Security writer
The cops say they've recovered 80% of a $72 million cryptocoin heist... but the recovered funds alone are now worth over $4 billion!
Related tags
❌
Cryptocurrency
Cryptography
Law
&
order
Big
Bitcoin
Heist
bitcoin
BTC
bust
cryptocurrency
doj
quantum
cryptography
February 9
th
2022 at 14:44
Naked Security
At last! Office macros from the internet to be blocked by default
February 8
th
2022 at 16:34
At last! Office macros from the internet to be blocked by default
By
Paul Ducklin
It's been a long time coming, and we're not there yet, but at least Microsoft Office will be a bit safer against macro malware...
Related tags
❌
Malware
Microsoft
Security
threats
macroi
viruses
malware
Melissa
virus
Office
VBA
February 8
th
2022 at 16:34
Naked Security
Microsoft blocks web installation of its own App Installer files
February 7
th
2022 at 16:36
Microsoft blocks web installation of its own App Installer files
By
Paul Ducklin
It's a big deal when a vendor decides to block one of its own "features" for security reasons. Here's why we think it's a good idea.
Related tags
❌
Malware
Phishing
Vulnerability
App
Bundle
App
Installer
CVE-2021-43890
MSIX
Windows
February 7
th
2022 at 16:36
Naked Security
S3 Ep68: Bugs, scams, privacy …and fonts?! [Podcast + Transcript]
February 3
rd
2022 at 16:20
S3 Ep68: Bugs, scams, privacy …and fonts?! [Podcast + Transcript]
By
Paul Ducklin
Latest episode - listen now!
Related tags
❌
Podcast
Privacy
Apple
fonts
Naked
Security
Podcast
Safari
scams
Zero
Day
February 3
rd
2022 at 16:20
Naked Security
Elementor WordPress plugin has a gaping security hole – update now
February 2
nd
2022 at 17:11
Elementor WordPress plugin has a gaping security hole – update now
By
Paul Ducklin
We shouldn't need to say, "Check your inputs!" these days, but we're saying it anyway.
Related tags
❌
Vulnerability
February 2
nd
2022 at 17:11
Naked Security
Linux kernel patches “performance can be harmful” bug in video driver
February 1
st
2022 at 19:59
Linux kernel patches “performance can be harmful” bug in video driver
By
Paul Ducklin
This bug is fiendishly hard to exploit - but if you patch, it won't be there to exploit at all.
Related tags
❌
Data
loss
Vulnerability
CVE-2022-0330
drm/i915
Linux
February 1
st
2022 at 19:59
Naked Security
Coronavirus SMS scam offers home PCR testing devices – don’t fall for it!
January 28
th
2022 at 23:58
Coronavirus SMS scam offers home PCR testing devices – don’t fall for it!
By
Paul Ducklin
Free home PCR devices would be technological marvels, and really useful, too. But there aren't any...
Related tags
❌
Phishing
Security
threats
coronavirus
COVID-19
NHS
Scam
SMS
January 28
th
2022 at 23:58
Naked Security
Happy Data Privacy Day – and we really do mean “happy” :-)
January 28
th
2022 at 15:34
Happy Data Privacy Day – and we really do mean “happy” :-)
By
Paul Ducklin
We give you some simple digital lifesytle tips that cost nothing.
Related tags
❌
Privacy
Security
leadership
privacy
day
scammers
January 28
th
2022 at 15:34
Naked Security
Apple fixes Safari data leak (and patches a zero-day!) – update now
January 27
th
2022 at 21:09
Apple fixes Safari data leak (and patches a zero-day!) – update now
By
Paul Ducklin
That infamous "supercookie" bug in Safari has now been fixed. Oh, and there was a zero-day kernel hole as well.
apple-1200
Related tags
❌
Apple
iOS
OS
X
Privacy
Vulnerability
Exploit
ios
iPhone
macOS
Patch
rce
January 27
th
2022 at 21:09
Naked Security
S3 Ep67: Tax scams, carder busts and crypto capers [Podcast + Transcript]
January 27
th
2022 at 19:57
S3 Ep67: Tax scams, carder busts and crypto capers [Podcast + Transcript]
By
Paul Ducklin
Latest episode - listen now!
Related tags
❌
Podcast
2FA
cryptocurrency
Naked
Security
Podcast
scams
January 27
th
2022 at 19:57
Naked Security
“PwnKit” security bug gets you root on most Linux distros – what to do
January 26
th
2022 at 19:58
“PwnKit” security bug gets you root on most Linux distros – what to do
By
Paul Ducklin
An elevation of privilege bug that could let a "mostly harmless" user give themselves a instant root shell
Related tags
❌
Linux
Vulnerability
CVE-2021-4034
EoP
pkexec
PwnKit
January 26
th
2022 at 19:58
Naked Security
Tax scam emails are alive and well as US tax season starts
January 25
th
2022 at 17:19
Tax scam emails are alive and well as US tax season starts
By
Paul Ducklin
If in doubt, don't give it out! (And don't forget that no reply is often a good reply.)
Related tags
❌
Privacy
Security
leadership
January 25
th
2022 at 17:19
Naked Security
Cryptocoin broker Crypto.com says 2FA bypass led to $35m theft
January 21
st
2022 at 16:25
Cryptocoin broker Crypto.com says 2FA bypass led to $35m theft
By
Paul Ducklin
The company has put out a brief security report that summarises the 'what', but not yet the 'how' or 'why'.
Related tags
❌
Cryptocurrency
Vulnerability
2FA
Crypto.com
cryptocurrency
January 21
st
2022 at 16:25
Naked Security
S3 Ep66: Cybercrime busts, wormable Windows, and the crisis of featuritis [Podcast + Transcript]
January 20
th
2022 at 17:28
S3 Ep66: Cybercrime busts, wormable Windows, and the crisis of featuritis [Podcast + Transcript]
By
Paul Ducklin
Latest epsiode - listen now!
Related tags
❌
Apple
iOS
Law
&
order
Linux
Microsoft
Podcast
Vulnerability
Cryptography
Cybercrime
Loinux
Naked
Security
Podcast
Windows
January 20
th
2022 at 17:28
Naked Security
Serious Security: Apple Safari leaks private data via database API – what you need to know
January 18
th
2022 at 19:23
Serious Security: Apple Safari leaks private data via database API – what you need to know
By
Paul Ducklin
There's a tiny data leakage bug in the WebKit browser engine... but it could act as a "supercookie" identifier for your browsing
Related tags
❌
Apple
Data
loss
Privacy
data
leakage
Safari
webkit
January 18
th
2022 at 19:23
Naked Security
S3 Ep65: Supply chain conniption, NetUSB hole, Honda flashback, FTC muscle [Podcast + Transcript]
January 13
th
2022 at 15:26
S3 Ep65: Supply chain conniption, NetUSB hole, Honda flashback, FTC muscle [Podcast + Transcript]
By
Paul Ducklin
Latest episode -listen to it or read it now!
Related tags
❌
Podcast
Vulnerability
Honda
Naked
Security
Podcast
npm
supply
chain
January 13
th
2022 at 15:26
Naked Security
Wormable Windows HTTP hole – what you need to know
January 12
th
2022 at 16:24
Wormable Windows HTTP hole – what you need to know
By
Paul Ducklin
One bug in the January 2022 Patch Tuesday list is getting lots of attention: "HTTP Protocol Stack Remote Code Execution Vulnerability".
Related tags
❌
Microsoft
Vulnerability
CVE-2022-21907
http
HTTP.sys
IIS
Patch
Tuesday
worm
January 12
th
2022 at 16:24
Naked Security
Home routers with NetUSB support could have critical kernel hole
January 11
th
2022 at 17:42
Home routers with NetUSB support could have critical kernel hole
By
Paul Ducklin
Got a router that supports USB access across the network? You might need a kernel update...
Related tags
❌
Vulnerability
buffer
overflow
CVE-2021-45608
NetUSB
usb
January 11
th
2022 at 17:42
Naked Security
Log4Shell-like security hole found in popular Java SQL database engine H2
January 7
th
2022 at 19:32
Log4Shell-like security hole found in popular Java SQL database engine H2
By
Paul Ducklin
"It's Log4Shell, Jim, but not as we know it." How to find and fix a JNDI-based vuln in the H2 Database Engine.
Related tags
❌
Vulnerability
CVE-2021-42392
H2
Java
JNDI
Log4j
SQL
January 7
th
2022 at 19:32
Naked Security
S3 Ep64: Log4Shell again, scammers keeping busy, and Apple Home bug [Podcast + Transcript]
January 6
th
2022 at 19:44
S3 Ep64: Log4Shell again, scammers keeping busy, and Apple Home bug [Podcast + Transcript]
By
Paul Ducklin
We're back for 2022 - listen now!
Related tags
❌
Apple
Podcast
Apache
Instagram
Log4j
Log4Shell
Naked
Security
Podcast
January 6
th
2022 at 19:44
Naked Security
FTC threatens “legal action” over unpatched Log4j and other vulns
January 5
th
2022 at 19:37
FTC threatens “legal action” over unpatched Log4j and other vulns
By
Paul Ducklin
Remember the Equifax breach? Remember the $700m penalty? In case you'd forgotten, here's the FTC to refresh your memory!
Related tags
❌
Data
loss
Law
&
order
Privacy
Vulnerability
Equifax
ftc
Log4j
Log4Shell
Patching
January 5
th
2022 at 19:37
Naked Security
Apple Home software bug could lock you out of your iPhone
January 4
th
2022 at 17:23
Apple Home software bug could lock you out of your iPhone
By
Paul Ducklin
The finder of this bug insists it "poses a serious risk". We're not so sure, but we recommend you take steps to avoid it anyway.
Related tags
❌
Apple
iOS
doorLock
HomeKit
iot
January 4
th
2022 at 17:23
Naked Security
Log4Shell vulnerability Number Four: “Much ado about something”
December 29
th
2021 at 19:12
Log4Shell vulnerability Number Four: “Much ado about something”
By
Paul Ducklin
It's a Log4j bug, and you ought to patch it. But we don't think it's a critical crisis like the last one.
Related tags
❌
Vulnerability
Apache
CVE-2021-44228
CVE-2021-44832
Java
Log4j
Log4Shell
Patch
vulnerability
December 29
th
2021 at 19:12
Naked Security
SFW! The Top N Cybersecurity Stories of 2021 (for small positive integer values of N)
December 24
th
2021 at 17:44
SFW! The Top N Cybersecurity Stories of 2021 (for small positive integer values of N)
By
Paul Ducklin
Happy Holidays! Our Top N stories, all totally SFW!
Related tags
❌
Security
leadership
Security
threats
2018
US
State
of
Cybercrime
Cybercrime
cybersecurity
Happy
Holidays
Top
3
December 24
th
2021 at 17:44
Naked Security
The cool retro phone with a REAL DIAL… plus plenty of IoT problems
December 23
rd
2021 at 17:58
The cool retro phone with a REAL DIAL… plus plenty of IoT problems
By
Paul Ducklin
You know you want one, because this retro phone is NOT A TOY... except when it comes to cybersecurity.
Related tags
❌
IoT
Security
threats
bugs
Buletooth
Chatter
Phone
data
leakage
iot
snooping
December 23
rd
2021 at 17:58
Naked Security
Plundered bitcoins recovered by FBI – all 3,879-and-one-sixth of them!
December 22
nd
2021 at 17:57
Plundered bitcoins recovered by FBI – all 3,879-and-one-sixth of them!
By
Paul Ducklin
Phew! An audacious crime... that didn't work out.
Related tags
❌
Cryptocurrency
Law
&
order
bitcoin
cyberheist
doj
Japan
December 22
nd
2021 at 17:57
Naked Security
Apache’s other product: Critical bugs in ‘httpd’ web server, patch now!
December 21
st
2021 at 19:57
Apache’s other product: Critical bugs in ‘httpd’ web server, patch now!
By
Paul Ducklin
The Apache web server just got an update - this one is nothing to do with Log4j!
Related tags
❌
Vulnerability
Apache
CVE-2021-44224
CVE-2021-44790
httpd
web
server
December 21
st
2021 at 19:57
Naked Security
Serious Security: OpenSSL fixes “error conflation” bugs – how mixing up mistakes can lead to trouble
December 17
th
2021 at 17:57
Serious Security: OpenSSL fixes “error conflation” bugs – how mixing up mistakes can lead to trouble
By
Paul Ducklin
Have you ever seen the message "An error occurred"? Even worse, the message "This error cannot occur"? Facts matter!
Related tags
❌
Cryptography
CVE-2021-4044
openssl
Patching
vulnerability
December 17
th
2021 at 17:57
Naked Security
S3 Ep63: Log4Shell (what else?) and Apple kernel bugs [Podcast+Transcript]
December 16
th
2021 at 17:41
S3 Ep63: Log4Shell (what else?) and Apple kernel bugs [Podcast+Transcript]
By
Paul Ducklin
Latest episode - listen now! (Yes, there are plenty of critical things to go along with Log4Shell.)
Related tags
❌
Apple
Podcast
CVE-2021-44228
Exploit
iPhone
jailbreak
Log4Shell
macOS
Naked
Security
Podcast
December 16
th
2021 at 17:41
Naked Security
Apple security updates are out – and not a Log4Shell mention in sight
December 14
th
2021 at 12:55
Apple security updates are out – and not a Log4Shell mention in sight
By
Paul Ducklin
Get 'em while they're hot!
Related tags
❌
Apple
iPad
iPhone
macOS
Patch
vulnerability
December 14
th
2021 at 12:55
Naked Security
Log4Shell explained – how it works, why you need to know, and how to fix it
December 13
th
2021 at 19:41
Log4Shell explained – how it works, why you need to know, and how to fix it
By
Paul Ducklin
Find out how to deal with the Log4Shell vulnerability right across your estate. Yes, you need to patch, but that helps everyone else along with you!
Related tags
❌
Vulnerability
CVE-2021-44228
Log4j
Log4Shell
December 13
th
2021 at 19:41
Naked Security
“Log4Shell” Java vulnerability – how to safeguard your servers
December 10
th
2021 at 19:22
“Log4Shell” Java vulnerability – how to safeguard your servers
By
Paul Ducklin
Just when you thought it was safe to relax for the weekend... a critical bug showed up in Apache's Log4j product
Related tags
❌
Vulnerability
Apache
CVE-2021-44228
Exploit
Java
Log4Shell
LOGJAM
rce
December 10
th
2021 at 19:22
Naked Security
S3 Ep62: The S in IoT stands for security (and much more) [Podcast+Transcript]
December 9
th
2021 at 17:40
S3 Ep62: The S in IoT stands for security (and much more) [Podcast+Transcript]
By
Paul Ducklin
Listen now or read as an article! (Full transcript inside.)
Related tags
❌
IoT
Law
&
order
Podcast
Vulnerability
Cybercrime
hacking
iot
Naked
Security
Podcast
December 9
th
2021 at 17:40
Naked Security
Firefox update brings a whole new sort of security sandbox
December 7
th
2021 at 19:14
Firefox update brings a whole new sort of security sandbox
By
Paul Ducklin
Firefox 95.0 is out, with the usual security fixes... plus some funky new ones.
Related tags
❌
Malware
Mozilla
Vulnerability
Firefox
Sandbox
vulnerability
December 7
th
2021 at 19:14
Naked Security
Cryptocurrency startup fails to subtract before adding, loses $31m
December 6
th
2021 at 19:50
Cryptocurrency startup fails to subtract before adding, loses $31m
By
Paul Ducklin
Think of a number, any number. Take away 42. Add 42 back in. Then pretend you didn't take away 42. How much is left?
Related tags
❌
Cryptocurrency
cryptocoin
cryptocurrency
race
condition
December 6
th
2021 at 19:50
Naked Security
Mozilla patches critical “BigSig” cryptographic bug: Here’s how to track it down and fix it
December 3
rd
2021 at 17:58
Mozilla patches critical “BigSig” cryptographic bug: Here’s how to track it down and fix it
By
Paul Ducklin
Mozilla's cryptographic code had a critical bug. Problem is that numerous apps are affected and may need patching individually.
Related tags
❌
Mozilla
Vulnerability
Cryptography
NSS
vulnerability
December 3
rd
2021 at 17:58
Naked Security
S3 Ep61: Call scammers, cloud insecurity, and facial recognition creepiness [Podcast+Transcript]
December 2
nd
2021 at 20:50
S3 Ep61: Call scammers, cloud insecurity, and facial recognition creepiness [Podcast+Transcript]
By
Paul Ducklin
Latest episode - listen now!
Related tags
❌
Law
&
order
Podcast
Privacy
Ada
Lovelace
AI
computer
ethics
Cybercrime
cybersecurity
facial
recognition
Naked
Security
Podcast
December 2
nd
2021 at 20:50
Naked Security
IoT devices must “protect consumers from cyberharm”, says UK government
December 2
nd
2021 at 19:10
IoT devices must “protect consumers from cyberharm”, says UK government
By
Paul Ducklin
"Must be at least THIS tall to go on ride" seems to be the starting point. Too little, too late? Or better than nothing?
Related tags
❌
IoT
Law
&
order
Vulnerability
iot
law
passwords
PSTI
responsible
disclosure
vulnerability
December 2
nd
2021 at 19:10
Naked Security
Clearview AI face-matching service set to be fined over $20m
November 30
th
2021 at 19:13
Clearview AI face-matching service set to be fined over $20m
By
Paul Ducklin
Scraping data for a facial recognition service? "That's unlawful", concluded both the British and the Australians.
Related tags
❌
Law
&
order
Privacy
Social
networks
Clearview
Clearview
AI
facial
recognition
ico
OAIC
surveillance
November 30
th
2021 at 19:13
Load more articles