Ransomware Survey 2022 – like the Curate’s Egg, “good in parts”

You might not like the headline statistics in this year's ransomware report... but that makes it even more important to take a look!

QNAP warns of new bugs in its Network Attached Storage devices

Here's what you need to know - plus some sensible advice for all the devices on your home or small biz network!

S3 Ep79: Chrome hole, a bad place for a cybersecurity holiday, and crypto-dodginess [Podcast]

Do you know your Adam Osborne from your John Osbourne? Your Z80 from your 6502? Latest episode - listen now!

Critical cryptographic Java security blunder patched – update now!

Either know the private key and use it scrupulously in your digital signature calculation.... or just send a bunch of zeros instead.

Beanstalk cryptocurrency heist: scammer votes himself all the money

Voting safeguards based on commuity collateral don't work if one person can use a momentary loan to "become" 75% of the community.

Yet another Chrome zero-day emergency update – patch now!

The third emergency Chrome 0-day in three months - the first one was exploited by North Korea, so you might as well get this one ASAP.

S3 Ep78: Darkweb hydra, Ruby, quantum computing, and a robot revolution [Podcast]

Latest episode - listen now!

Hospital robot system gets five critical security holes patched

Fortunately, we're not talking about a robot revolution, or about hospital AI run amuck. But these bugs could lead to ransomware, or worse...

Popular Ruby Asciidoc toolkit patched against critical vuln – get the update now!

A rogue line-continuation character can trick the code into validating just the second half of the line, but executing all of it.

S3 Ep77: Bugs, busts and old-school PDP-11 hacking [Podcast]

Latest episode - listen now! Cybersecurity news and advice in plain English.

Firefox 99 is out – no major bugs, but update anyway!

Firefox's four-weekly updates just dropped - here's what you need to know.

Google’s monthly Android updates patch numerous “get root” holes

Get the update now... if it's available for your phone. Here's how to check.

Apple pushes out two emergency 0-day updates – get ’em now!

More Apple zero-days - mobile devices, laptops and desktops affected. Update now!

S3 Ep76: Deadbolt, LAPSUS$, Zlib, and a Chrome 0-day [Podcast]

Latest episode - listen now!

Zlib data compressor fixes 17-year-old security bug – patch, errrm, now

This code is venerable! Surely all the bugs must be out by now?

Google Chrome patches mysterious new zero-day bug – update now

CVE-2022-1096 - another mystery in-the-wild 0-day in Chrome... check your version now!

S3 Ep75: Okta hack, CryptoRom, OpenSSL, and CafePress [Podcast]

Latest episode - listen now!

Serious Security: DEADBOLT – the ransomware that goes straight for your backups

Some tips on how to keep your network safe - even (or perhaps especially!) if you think you're safe already.

OpenSSL patches infinite-loop DoS bug in certificate verification

When it comes to writing loops in your code... never sit on the fence!

S3 Ep74: Cybercrime busts, Apple patches, Pi Day, and disconnect effects [Podcast]

Latest episode - listen now!

CISA warning: “Russian actors bypassed 2FA” – what happened and how to avoid it

Don't leave old accounts lying around where someone sketchy could reactivate them.

Apple patches 87 security holes – from iPhones and Macs to Windows

Lots of fixes, with data leakage flaws and code execution bugs patched on iPhones, Macs and even Windows.

S3 Ep73: Ransomware with a difference, dirty Linux pipes, and much more [Podcast + Transcript]

Latest episode - listen now!

“Dirty Pipe” Linux kernel bug lets anyone write to any file

Even read-only files can be written to, leading to a dangerously general purpose elevation-of-privilege attack.

Adafruit suffers GitHub data breach – don’t let this happen to you

Training data stashed in GitHub by mistake... unfortunately, it was *real* data

Firefox patches two actively exploited 0-day holes: update now!

Firefox just published a double-zero-day patch - "remote code execution" combined with "sandbox escape". Update now!

S3 Ep72: AirTag stalking, web server coding woes and Instascams [Podcast + Transcript]

Latest episode - listen now (or read it, if that's your preference)...

Ransomware with a difference: “Derestrict your software, or else!”

"Change your code to improve cryptomining"... or we'll dump 1TB of stolen secrets.

S3 Ep71: VMware escapes, PHP holes, WP plugin woes, and scary scams [Podcast + Transcript]

Latest episode - listen now!

WordPress backup plugin maker Updraft says “You should update”…

A straight-talking bug report written in plain English by an actual expert - there's a teachable moment in this cybersecurity story!

French speakers blasted by sextortion scams with no text or links

You'd spot this one a mile away... but what about your friends or family?

Irony alert! PHP fixes security flaw in input validation code

What's wrong with this sequence? 1. Step into the road 2. Check if it's safe 3. Keep on walki...

S3 Ep70: Bitcoin, billing blunders, and 0-day after 0-day after 0-day [Podcast + Transcript]

Latest episode - listen and learn!

VMware fixes holes that could allow virtual machine escapes

Hats off to VMware for not using weasel words: "When should you act?" Immediately...

Google announces zero-day in Chrome browser – update now!

Zero-day buses: none for a while, then three at once. Here's Google joining Apple and Adobe in "zero-day week"

Adobe fixes zero-day exploit in e-commerce code: update now!

There's a remote code execution hole in Adobe e-commerce products - and cybercrooks are already exploiting it.

Power company pays out $3 trillion compensation to astonished customer

More money than the UK's economy produces in a year!

Apple zero-day drama for Macs, iPhones and iPads – patch now!

Sudden update! Zero-day browser hole! Drive-by malware danger! Patch Apple laptops and phones now...

S3 Ep69: WordPress woes, Wormhole holes, and a Microsoft change of heart [Podcast + Transcript]

Latest episode - listen now!

Self-styled “Crocodile of Wall Street” arrested with husband over Bitcoin megaheist

The cops say they've recovered 80% of a $72 million cryptocoin heist... but the recovered funds alone are now worth over $4 billion!

At last! Office macros from the internet to be blocked by default

It's been a long time coming, and we're not there yet, but at least Microsoft Office will be a bit safer against macro malware...

Microsoft blocks web installation of its own App Installer files

It's a big deal when a vendor decides to block one of its own "features" for security reasons. Here's why we think it's a good idea.

S3 Ep68: Bugs, scams, privacy …and fonts?! [Podcast + Transcript]

Latest episode - listen now!

Elementor WordPress plugin has a gaping security hole – update now

We shouldn't need to say, "Check your inputs!" these days, but we're saying it anyway.

Linux kernel patches “performance can be harmful” bug in video driver

This bug is fiendishly hard to exploit - but if you patch, it won't be there to exploit at all.

Coronavirus SMS scam offers home PCR testing devices – don’t fall for it!

Free home PCR devices would be technological marvels, and really useful, too. But there aren't any...

Happy Data Privacy Day – and we really do mean “happy” :-)

We give you some simple digital lifesytle tips that cost nothing.

Apple fixes Safari data leak (and patches a zero-day!) – update now

That infamous "supercookie" bug in Safari has now been fixed. Oh, and there was a zero-day kernel hole as well.

S3 Ep67: Tax scams, carder busts and crypto capers [Podcast + Transcript]

Latest episode - listen now!

“PwnKit” security bug gets you root on most Linux distros – what to do

An elevation of privilege bug that could let a "mostly harmless" user give themselves a instant root shell

Tax scam emails are alive and well as US tax season starts

If in doubt, don't give it out! (And don't forget that no reply is often a good reply.)

Cryptocoin broker Crypto.com says 2FA bypass led to $35m theft

The company has put out a brief security report that summarises the 'what', but not yet the 'how' or 'why'.

S3 Ep66: Cybercrime busts, wormable Windows, and the crisis of featuritis [Podcast + Transcript]

Latest epsiode - listen now!

Serious Security: Apple Safari leaks private data via database API – what you need to know

There's a tiny data leakage bug in the WebKit browser engine... but it could act as a "supercookie" identifier for your browsing

S3 Ep65: Supply chain conniption, NetUSB hole, Honda flashback, FTC muscle [Podcast + Transcript]

Latest episode -listen to it or read it now!

Wormable Windows HTTP hole – what you need to know

One bug in the January 2022 Patch Tuesday list is getting lots of attention: "HTTP Protocol Stack Remote Code Execution Vulnerability".

Home routers with NetUSB support could have critical kernel hole

Got a router that supports USB access across the network? You might need a kernel update...

Log4Shell-like security hole found in popular Java SQL database engine H2

"It's Log4Shell, Jim, but not as we know it." How to find and fix a JNDI-based vuln in the H2 Database Engine.

S3 Ep64: Log4Shell again, scammers keeping busy, and Apple Home bug [Podcast + Transcript]

We're back for 2022 - listen now!

FTC threatens “legal action” over unpatched Log4j and other vulns

Remember the Equifax breach? Remember the $700m penalty? In case you'd forgotten, here's the FTC to refresh your memory!