Login
FreshRSS
Login
About FreshRSS
Main stream
Favourites (0)
Security
/r/netsec - Information Security News & Discussion
Dark Reading:
http://blog.trendmicro.com/feed
ICS-CERT Alert Feed
Infosec Island Latest Articles
InfoSec Resources
Krebs on Security
McAfee Blogs
Naked Security
News β Packet Storm
Paul's Security Weekly
SANS Internet Storm Center, InfoCON: green
Security β Cisco Blog
SecurityFocus News
The first stop for security news | Threatpost
The Hacker News
The Register - Security
Threatpost | The first stop for security news
Troy Hunt
Verisign Blog
WeLiveSecurity
WIRED
ZDNet | security RSS
Tools
Security Tool Files β Packet Storm
ToolsWatch.org β The Hackers Arsenal Tools Portal
Vulnerabilities
Advisory Files β Packet Storm
Exploit-DB Updates
Full Disclosure
SecurityFocus Vulnerabilities
There are new available articles, click to refresh the page.
Before yesterday
Naked Security
Naked Security
S3 Ep87: Follina, AirTags, ID theft and the Law of Big Numbers [Podcast]
June 16
th
2022 at 16:52Β
S3 Ep87: Follina, AirTags, ID theft and the Law of Big Numbers [Podcast]
By
Paul Ducklin
Lastest epsiode - listen now!
Related tags
β
Apple
Microsoft
Phishing
Podcast
Vulnerability
CVE-2022-30190
Exploit
Follina
phishing
SMS
vishing
vulnerability
June 16
th
2022 at 16:52
Naked Security
Follina gets fixed β but itβs not listed in the Patch Tuesday patches!
June 15
th
2022 at 01:20Β
Follina gets fixed β but itβs not listed in the Patch Tuesday patches!
By
Paul Ducklin
We tried it out to make sure, so you don't have to.
Related tags
β
Microsoft
Vulnerability
CVE-2022-30190
Follina
Patch
Tuesday
June 15
th
2022 at 01:20
Naked Security
Youβre invited! Join us for a live walkthrough of the βFollinaβ storyβ¦
June 13
th
2022 at 16:28Β
Youβre invited! Join us for a live walkthrough of the βFollinaβ storyβ¦
By
Paul Ducklin
Live demo, plain English, no sales pitch, just a chance to watch an attack dissected in safety. Join us if you can!
Related tags
β
Malware
Security
leadership
Vulnerability
CVE-2022-30190
Follina
webinar
June 13
th
2022 at 16:28
Naked Security
S3 Ep86: The crooks were in our network for HOW long?! [Podcast + Transcript]
June 9
th
2022 at 13:07Β
S3 Ep86: The crooks were in our network for HOW long?! [Podcast + Transcript]
By
Paul Ducklin
Latest episode - listen (or read) now!
Related tags
β
Podcast
Active
Adversary
MDR
MTR
Naked
Security
Podcast
vulnerability
Zero
Day
June 9
th
2022 at 13:07
Naked Security
SSNDOB Market domains seized, identity theft βbrokerageβ shut down
June 8
th
2022 at 14:53Β
SSNDOB Market domains seized, identity theft βbrokerageβ shut down
By
Paul Ducklin
The online identity "brokerage" SSNDOB Market didn't want people to be in any doubt what it was selling.
Related tags
β
Law
&
order
Privacy
bust
doj
identity
theft
SSNDOB
takedown
June 8
th
2022 at 14:53
Naked Security
Know your enemy! Learn how cybercrime adversaries get inβ¦
June 7
th
2022 at 15:49Β
Know your enemy! Learn how cybercrime adversaries get inβ¦
By
Paul Ducklin
Here's how 144 recent attacks actually went down in real life. Don't let this happen to you!
Related tags
β
Phishing
Privacy
Ransomware
Security
leadership
Vulnerability
data
theft
MDR
MTR
ransomware
threat
response
June 7
th
2022 at 15:49
Naked Security
Atlassian announces 0-day hole in Confluence Server β update now!
June 3
rd
2022 at 18:59Β
Atlassian announces 0-day hole in Confluence Server β update now!
By
Paul Ducklin
Zero-day announced - here's what you need to know
Related tags
β
Vulnerability
atlassian
CVE-2022-26134
Zero
Day
June 3
rd
2022 at 18:59
Naked Security
Yet another zero-day (sort of) in Windows βsearch URLβ handling
June 2
nd
2022 at 19:39Β
Yet another zero-day (sort of) in Windows βsearch URLβ handling
By
Paul Ducklin
More trouble with special-purpose URLs on Windows.
Related tags
β
Microsoft
Vulnerability
url
vulnerability
Windows
June 2
nd
2022 at 19:39
Naked Security
S3 Ep85: Now THATβS what I call a Microsoft Office exploit! [Podcast]
June 2
nd
2022 at 18:37Β
S3 Ep85: Now THATβS what I call a Microsoft Office exploit! [Podcast]
By
Paul Ducklin
Latest episode - listen now!
Related tags
β
Phishing
Podcast
Privacy
Vulnerability
CVE-2022-30190
Follina
Naked
Security
Podcast
smishing
SMS
webcam
June 2
nd
2022 at 18:37
Naked Security
Firefox 101 is out, this time with no 0-day scares (but update anyway!)
June 1
st
2022 at 14:31Β
Firefox 101 is out, this time with no 0-day scares (but update anyway!)
By
Paul Ducklin
After an intriguing month of Firefox releases, here's one with a bit less drama, probably to the collective relief of Mozilla's coders.
Related tags
β
Firefox
Mozilla
Vulnerability
Patch
vulnerability
June 1
st
2022 at 14:31
Naked Security
Mysterious βFollinaβ zero-day hole in Office β hereβs what to do!
May 30
th
2022 at 23:01Β
Mysterious βFollinaβ zero-day hole in Office β hereβs what to do!
By
Paul Ducklin
News has emerged of a "feature" in Office that has been abused as a zero-day bug to run evil code. Turning off macros doesn't help!
Related tags
β
Microsoft
Security
threats
Vulnerability
CVE-2022-30190
Follina
ms-msdt
MSDT
Office
Zero
Day
May 30
th
2022 at 23:01
Naked Security
S3 Ep84: Government demand, Mozilla velocity, and Clearview fine [Podcast]
May 27
th
2022 at 11:17Β
S3 Ep84: Government demand, Mozilla velocity, and Clearview fine [Podcast]
By
Paul Ducklin
Latest episode - listen now!
Related tags
β
Podcast
Privacy
Vulnerability
Clearview
Mozilla
Naked
Security
Podcast
Patching
VMware
May 27
th
2022 at 11:17
Naked Security
Poisoned Python and PHP packages purloin passwords for AWS access
May 24
th
2022 at 23:04Β
Poisoned Python and PHP packages purloin passwords for AWS access
By
Paul Ducklin
More supply chain trouble - this time with clear examples so you can learn how to spot this stuff yourself.
Related tags
β
Malware
Vulnerability
exfiltration
PHP
python
secops
supply
chain
XDR
May 24
th
2022 at 23:04
Naked Security
Mozilla patches Wednesdayβs Pwn2Own double-exploitβ¦ on Friday!
May 20
th
2022 at 23:47Β
Mozilla patches Wednesdayβs Pwn2Own double-exploitβ¦ on Friday!
By
Paul Ducklin
That was quick! 48 hours from exploit report to published patch.
Related tags
β
Firefox
Mozilla
Vulnerability
CVE-2022-1529
CVE-2022-1802
Manfred
Paul
Pwn2Own
May 20
th
2022 at 23:47
Naked Security
Microsoft patches the Patch Tuesday patch that broke authentication
May 20
th
2022 at 22:35Β
Microsoft patches the Patch Tuesday patch that broke authentication
By
Paul Ducklin
Remember the good old days when security patches rarely needed patches? Because security patches themlelves were rare enough anyway?
Related tags
β
Microsoft
Vulnerability
Windows
authentication
out-of-band
patch-to-patch
Woindows
May 20
th
2022 at 22:35
Naked Security
US Government says: Patch VMware right now, or get off our network
May 20
th
2022 at 14:03Β
US Government says: Patch VMware right now, or get off our network
By
Paul Ducklin
Find and patch. Right now. If you can't patch, get it off the network. Right now! Oh, and show us what you did to comply.
Related tags
β
Vulnerability
CVE-2022-22972
CVE-2022-22973
Federal
Government
MTR
VMware
May 20
th
2022 at 14:03
Naked Security
S3 Ep83: Cracking passwords, patching Firefox, and Apple vulns [Podcast]
May 19
th
2022 at 13:56Β
S3 Ep83: Cracking passwords, patching Firefox, and Apple vulns [Podcast]
By
Paul Ducklin
Latest episode - listen now!
Related tags
β
Law
&
order
Podcast
Vulnerability
Apple
bust
cracking
Cybercrime
Naked
Security
Podcast
May 19
th
2022 at 13:56
Naked Security
Pwn2Own hacking schedule released β Windows and Linux are top targets
May 18
th
2022 at 13:04Β
Pwn2Own hacking schedule released β Windows and Linux are top targets
By
Paul Ducklin
What's better? Disclose early, patch fast? Or dig deep, disclose in full, patch more slowly?
Related tags
β
Vulnerability
hacking
Pwn2Own
research
secops
May 18
th
2022 at 13:04
Naked Security
Apple patches zero-day kernel hole and much more β update now!
May 17
th
2022 at 09:30Β
Apple patches zero-day kernel hole and much more β update now!
By
Paul Ducklin
You'll find fixes for numerous kernel-level code execution holes, including an 0-day vulnerability in many (though not all) versions.
Related tags
β
Apple
iOS
OS
X
Vulnerability
day
Patch
vulnerability
Zero
Day
May 17
th
2022 at 09:30
Naked Security
S3 Ep82: Bugs, bugs, bugs (and Colonial Pipeline again) [Podcast]
May 12
th
2022 at 15:46Β
S3 Ep82: Bugs, bugs, bugs (and Colonial Pipeline again) [Podcast]
By
Paul Ducklin
Latest episode - lots to learn - plain English - fun with a serious side - listen now!
Related tags
β
Uncategorized
Cybercrime
Cybercrime
Squad
Naked
Security
Podcast
Podcast
May 12
th
2022 at 15:46
Naked Security
Serious Security: Learning from curlβs latest bug update
May 12
th
2022 at 15:08Β
Serious Security: Learning from curlβs latest bug update
By
Paul Ducklin
Learn how to write plain-speaking and purposeful security advisories from one of the most widely-used open source tools in the world.
Related tags
β
Vulnerability
curl
security
bypass
vulnerability
May 12
th
2022 at 15:08
Naked Security
RubyGems supply chain rip-and-replace bug fixed β check your logs!
May 9
th
2022 at 15:41Β
RubyGems supply chain rip-and-replace bug fixed β check your logs!
By
Paul Ducklin
Imagine if you could assume the identity of, say, Franklin Delano Roosevelt simply by showing up and calling yourself "Frank".
ruby-1200
Related tags
β
Vulnerability
CVE-2022-29176
ruby
RubyGems
suppy
chain
vulnerability
May 9
th
2022 at 15:41
Naked Security
You didnβt leave enough space between ROSE and AND, and AND and CROWN
May 6
th
2022 at 16:59Β
You didnβt leave enough space between ROSE and AND, and AND and CROWN
By
Paul Ducklin
What weird Google Docs bug connects the words THEREFORE, AND, SECONDLY, WHY, BUT and BESIDES?
Related tags
β
Google
Vulnerability
crash
Google
Docs
recursion
May 6
th
2022 at 16:59
Naked Security
S3 Ep81: Passwords (still with us!), Github, Firefox at 100, and network worms [Podcast]
May 5
th
2022 at 14:16Β
S3 Ep81: Passwords (still with us!), Github, Firefox at 100, and network worms [Podcast]
By
Paul Ducklin
Latest episode - listen now!
Related tags
β
Podcast
Cybercrime
Firefox
github
hacking
Naked
Security
Podcast
May 5
th
2022 at 14:16
Naked Security
World Password Day β the 1960s just called and gave you your passwords back
May 5
th
2022 at 01:06Β
World Password Day β the 1960s just called and gave you your passwords back
By
Paul Ducklin
Yes, passwords are going away. No, it won't happen tomorrow. So it's still worth knowing the basics of picking proper passwords.
Related tags
β
Privacy
PasswordDay
WorldPasswordDay
cybersecurity
passwords
May 5
th
2022 at 01:06
Naked Security
Android monthly updates are out β critical bugs found in critical places!
May 4
th
2022 at 15:54Β
Android monthly updates are out β critical bugs found in critical places!
By
Paul Ducklin
Android May 2022 updates are out - with some critical fixes in some critical places. Learn more...
Related tags
β
Android
Google
Vulnerability
critical
Patch
update
vulnerability
May 4
th
2022 at 15:54
Naked Security
Firefox hits 100*, fixes bugs⦠but no new zero-days this month
May 3
rd
2022 at 16:42Β
Firefox hits 100*, fixes bugs⦠but no new zero-days this month
By
Paul Ducklin
Despite concerns that some websites might break when Chromium and then Firefox reached version 100, the web still seems to be intact.
Related tags
β
Mozilla
Vulnerability
browsers
Firefox
vulnerability
May 3
rd
2022 at 16:42
Naked Security
GitHub issues final report on supply-chain source code intrusions
April 29
th
2022 at 16:15Β
GitHub issues final report on supply-chain source code intrusions
By
Paul Ducklin
Learn how to find out which apps you've given access rights to, and how to revoke those rights immediately in an emergency.
Related tags
β
Data
loss
Microsoft
github
oauth
supply
chain
zero
trust
April 29
th
2022 at 16:15
Naked Security
S3 Ep80: Ransomware news, phishing woes, NAS bugs, and a giant hole in Java [Podcast]
April 28
th
2022 at 13:18Β
S3 Ep80: Ransomware news, phishing woes, NAS bugs, and a giant hole in Java [Podcast]
By
Paul Ducklin
Latest episode - listen now!
Related tags
β
Malware
Oracle
Podcast
Privacy
Ransomware
CIH
firewall
Java
Naked
Security
Podcast
ransomware
ZTNA
April 28
th
2022 at 13:18
Naked Security
Ransomware Survey 2022 β like the Curateβs Egg, βgood in partsβ
April 27
th
2022 at 15:22Β
Ransomware Survey 2022 β like the Curateβs Egg, βgood in partsβ
By
Paul Ducklin
You might not like the headline statistics in this year's ransomware report... but that makes it even more important to take a look!
Related tags
β
Law
&
order
Ransomware
cybersecurity
EDR
MDR
MTR
ransomware
white
paper
XDR
April 27
th
2022 at 15:22
Naked Security
QNAP warns of new bugs in its Network Attached Storage devices
April 22
nd
2022 at 15:15Β
QNAP warns of new bugs in its Network Attached Storage devices
By
Paul Ducklin
Here's what you need to know - plus some sensible advice for all the devices on your home or small biz network!
nas-1200
Related tags
β
IoT
Vulnerability
Apache
httpd
NAS
QNAP
vulnerability
April 22
nd
2022 at 15:15
Naked Security
S3 Ep79: Chrome hole, a bad place for a cybersecurity holiday, and crypto-dodginess [Podcast]
April 21
st
2022 at 13:41Β
S3 Ep79: Chrome hole, a bad place for a cybersecurity holiday, and crypto-dodginess [Podcast]
By
Paul Ducklin
Do you know your Adam Osborne from your John Osbourne? Your Z80 from your 6502? Latest episode - listen now!
Related tags
β
Cryptocurrency
Cryptography
Law
&
order
Podcast
Beanstalk
cryptocurrency
Cybercrime
Naked
Security
Podcast
April 21
st
2022 at 13:41
Naked Security
Critical cryptographic Java security blunder patched β update now!
April 20
th
2022 at 16:43Β
Critical cryptographic Java security blunder patched β update now!
By
Paul Ducklin
Either know the private key and use it scrupulously in your digital signature calculation.... or just send a bunch of zeros instead.
Related tags
β
Cryptography
Java
Oracle
Vulnerability
CVE-2022-21449
digital
signature
vulnerability
April 20
th
2022 at 16:43
Naked Security
Beanstalk cryptocurrency heist: scammer votes himself all the money
April 19
th
2022 at 16:00Β
Beanstalk cryptocurrency heist: scammer votes himself all the money
By
Paul Ducklin
Voting safeguards based on commuity collateral don't work if one person can use a momentary loan to "become" 75% of the community.
Related tags
β
Cryptocurrency
Vulnerability
Blockchain
cryptocoin
cryptocurrency
vulnerability
April 19
th
2022 at 16:00
Naked Security
Yet another Chrome zero-day emergency update β patch now!
April 16
th
2022 at 00:33Β
Yet another Chrome zero-day emergency update β patch now!
By
Paul Ducklin
The third emergency Chrome 0-day in three months - the first one was exploited by North Korea, so you might as well get this one ASAP.
Related tags
β
Google
Google
Chrome
Microsoft
Edge
Vulnerability
"Edge"
browser
chrome
CVE-2022-1364
type
confusion
vulnerability
April 16
th
2022 at 00:33
Naked Security
S3 Ep78: Darkweb hydra, Ruby, quantum computing, and a robot revolution [Podcast]
April 14
th
2022 at 13:39Β
S3 Ep78: Darkweb hydra, Ruby, quantum computing, and a robot revolution [Podcast]
By
Paul Ducklin
Latest episode - listen now!
Related tags
β
Cryptocurrency
Cryptography
Podcast
Vulnerability
darkweb
Hydra
iot
Naked
Security
Podcast
PQC
quantum
computing
robot
takedown
April 14
th
2022 at 13:39
Naked Security
Hospital robot system gets five critical security holes patched
April 12
th
2022 at 18:58Β
Hospital robot system gets five critical security holes patched
By
Paul Ducklin
Fortunately, we're not talking about a robot revolution, or about hospital AI run amuck. But these bugs could lead to ransomware, or worse...
Related tags
β
Vulnerability
healthcare
hospital
JekyllBot
robot
TUG
vulnerability
April 12
th
2022 at 18:58
Naked Security
Popular Ruby Asciidoc toolkit patched against critical vuln β get the update now!
April 8
th
2022 at 15:38Β
Popular Ruby Asciidoc toolkit patched against critical vuln β get the update now!
By
Paul Ducklin
A rogue line-continuation character can trick the code into validating just the second half of the line, but executing all of it.
ruby-1200
Related tags
β
Vulnerability
April 8
th
2022 at 15:38
Naked Security
S3 Ep77: Bugs, busts and old-school PDP-11 hacking [Podcast]
April 7
th
2022 at 12:24Β
S3 Ep77: Bugs, busts and old-school PDP-11 hacking [Podcast]
By
Paul Ducklin
Latest episode - listen now! Cybersecurity news and advice in plain English.
Related tags
β
Android
Apple
Firefox
Google
iOS
Law
&
order
Mozilla
OS
X
Podcast
Privacy
Vulnerability
Cybercrime
data
breach
lapsus
Naked
Security
Podcast
Patches
vulnerability
April 7
th
2022 at 12:24
Naked Security
Firefox 99 is out β no major bugs, but update anyway!
April 5
th
2022 at 16:21Β
Firefox 99 is out β no major bugs, but update anyway!
By
Paul Ducklin
Firefox's four-weekly updates just dropped - here's what you need to know.
Related tags
β
Firefox
Mozilla
Vulnerability
Patch
vulnerability
April 5
th
2022 at 16:21
Naked Security
Googleβs monthly Android updates patch numerous βget rootβ holes
April 5
th
2022 at 14:44Β
Googleβs monthly Android updates patch numerous βget rootβ holes
By
Paul Ducklin
Get the update now... if it's available for your phone. Here's how to check.
android-1200
Related tags
β
Android
Google
Vulnerability
Android
10
EoP
Patch
vulnerability
April 5
th
2022 at 14:44
Naked Security
Apple pushes out two emergency 0-day updates β get βem now!
March 31
st
2022 at 23:38Β
Apple pushes out two emergency 0-day updates β get βem now!
By
Paul Ducklin
More Apple zero-days - mobile devices, laptops and desktops affected. Update now!
apple-1200
Related tags
β
Apple
Vulnerability
iPad
iPhone
mac
vulnerability
Zero
Day
March 31
st
2022 at 23:38
Naked Security
S3 Ep76: Deadbolt, LAPSUS$, Zlib, and a Chrome 0-day [Podcast]
March 31
st
2022 at 13:38Β
S3 Ep76: Deadbolt, LAPSUS$, Zlib, and a Chrome 0-day [Podcast]
By
Paul Ducklin
Latest episode - listen now!
Related tags
β
Google
Law
&
order
Podcast
Ransomware
Vulnerability
chrome
Clippy
Deadbolt
Naked
Security
Podcast
ransomware
vulnerability
Zlib
March 31
st
2022 at 13:38
Naked Security
Zlib data compressor fixes 17-year-old security bug β patch, errrm, now
March 29
th
2022 at 16:37Β
Zlib data compressor fixes 17-year-old security bug β patch, errrm, now
By
Paul Ducklin
This code is venerable! Surely all the bugs must be out by now?
Related tags
β
Vulnerability
CVE-2018-25032
DEFLATE
ormandy
vulnerability
Zlib
March 29
th
2022 at 16:37
Naked Security
Google Chrome patches mysterious new zero-day bug β update now
March 28
th
2022 at 14:18Β
Google Chrome patches mysterious new zero-day bug β update now
By
Paul Ducklin
CVE-2022-1096 - another mystery in-the-wild 0-day in Chrome... check your version now!
Related tags
β
Google
Google
Chrome
chrome
Chromium
CVE-2022-1096
Exploit
Zero
Day
March 28
th
2022 at 14:18
Naked Security
S3 Ep75: Okta hack, CryptoRom, OpenSSL, and CafePress [Podcast]
March 24
th
2022 at 13:49Β
S3 Ep75: Okta hack, CryptoRom, OpenSSL, and CafePress [Podcast]
By
Paul Ducklin
Latest episode - listen now!
Related tags
β
Cryptography
Data
loss
Malware
Podcast
Vulnerability
CafePress
data
breach
ftc
lapsus
Naked
Security
Podcast
March 24
th
2022 at 13:49
Naked Security
Serious Security: DEADBOLT β the ransomware that goes straight for your backups
March 23
rd
2022 at 19:58Β
Serious Security: DEADBOLT β the ransomware that goes straight for your backups
By
Paul Ducklin
Some tips on how to keep your network safe - even (or perhaps especially!) if you think you're safe already.
Related tags
β
Ransomware
Vulnerability
backup
Deadbolt
Exploit
NAS
QNAP
ransomware
vulnerability
March 23
rd
2022 at 19:58
Naked Security
OpenSSL patches infinite-loop DoS bug in certificate verification
March 18
th
2022 at 17:59Β
OpenSSL patches infinite-loop DoS bug in certificate verification
By
Paul Ducklin
When it comes to writing loops in your code... never sit on the fence!
Related tags
β
Cryptography
Vulnerability
CVE-2022-0778
DOS
openssl
ormandy
vulnerability
March 18
th
2022 at 17:59
Naked Security
S3 Ep74: Cybercrime busts, Apple patches, Pi Day, and disconnect effects [Podcast]
March 17
th
2022 at 13:32Β
S3 Ep74: Cybercrime busts, Apple patches, Pi Day, and disconnect effects [Podcast]
By
Paul Ducklin
Latest episode - listen now!
Related tags
β
Apple
Law
&
order
Podcast
Vulnerability
"vulnerability"
PiDay
Cybercrime
Naked
Security
Podcast
Pi
March 17
th
2022 at 13:32
Naked Security
CISA warning: βRussian actors bypassed 2FAβ β what happened and how to avoid it
March 16
th
2022 at 01:22Β
CISA warning: βRussian actors bypassed 2FAβ β what happened and how to avoid it
By
Paul Ducklin
Don't leave old accounts lying around where someone sketchy could reactivate them.
Related tags
β
Vulnerability
2FA
bypass
CISA
hacking
intrusion
MTR
March 16
th
2022 at 01:22
Naked Security
Apple patches 87 security holes β from iPhones and Macs to Windows
March 15
th
2022 at 16:36Β
Apple patches 87 security holes β from iPhones and Macs to Windows
By
Paul Ducklin
Lots of fixes, with data leakage flaws and code execution bugs patched on iPhones, Macs and even Windows.
apple-1200
Related tags
β
Apple
iOS
OS
X
Privacy
Vulnerability
Windows
cve
Exploit
Patch
rce
March 15
th
2022 at 16:36
Naked Security
S3 Ep73: Ransomware with a difference, dirty Linux pipes, and much more [Podcast + Transcript]
March 10
th
2022 at 19:37Β
S3 Ep73: Ransomware with a difference, dirty Linux pipes, and much more [Podcast + Transcript]
By
Paul Ducklin
Latest episode - listen now!
Related tags
β
Podcast
adafruit
CVE-2022-0847
Cybercrime
Dirty
Pipe
Firefox
hacking
Linux
Mozilla
Naked
Security
Podcast
NVIDIA
ransomware
March 10
th
2022 at 19:37
Naked Security
βDirty Pipeβ Linux kernel bug lets anyone write to any file
March 8
th
2022 at 19:37Β
βDirty Pipeβ Linux kernel bug lets anyone write to any file
By
Paul Ducklin
Even read-only files can be written to, leading to a dangerously general purpose elevation-of-privilege attack.
pipe-1200
Related tags
β
Android
Google
Linux
Vulnerability
CVE-2022-0847
EoP
file
overwrite
kernel
splice
vulnerability
March 8
th
2022 at 19:37
Naked Security
Adafruit suffers GitHub data breach β donβt let this happen to you
March 7
th
2022 at 12:47Β
Adafruit suffers GitHub data breach β donβt let this happen to you
By
Paul Ducklin
Training data stashed in GitHub by mistake... unfortunately, it was *real* data
Related tags
β
Data
loss
adafruit
data
breach
ex-employee
github
March 7
th
2022 at 12:47
Naked Security
Firefox patches two actively exploited 0-day holes: update now!
March 5
th
2022 at 19:06Β
Firefox patches two actively exploited 0-day holes: update now!
By
Paul Ducklin
Firefox just published a double-zero-day patch - "remote code execution" combined with "sandbox escape". Update now!
Related tags
β
Mozilla
Vulnerability
Exploit
Firefox
o-day
Zero
Day
March 5
th
2022 at 19:06
Naked Security
S3 Ep72: AirTag stalking, web server coding woes and Instascams [Podcast + Transcript]
March 3
rd
2022 at 14:04Β
S3 Ep72: AirTag stalking, web server coding woes and Instascams [Podcast + Transcript]
By
Paul Ducklin
Latest episode - listen now (or read it, if that's your preference)...
Related tags
β
Apple
Instagram
Podcast
AirTag
browsers
Naked
Security
Podcast
phishing
March 3
rd
2022 at 14:04
Naked Security
Ransomware with a difference: βDerestrict your software, or else!β
March 2
nd
2022 at 16:33Β
Ransomware with a difference: βDerestrict your software, or else!β
By
Paul Ducklin
"Change your code to improve cryptomining"... or we'll dump 1TB of stolen secrets.
Related tags
β
Security
threats
data
breach
extortion
hacking
lapsus
NVIDIA
ransomware
March 2
nd
2022 at 16:33
Naked Security
S3 Ep71: VMware escapes, PHP holes, WP plugin woes, and scary scams [Podcast + Transcript]
February 24
th
2022 at 16:51Β
S3 Ep71: VMware escapes, PHP holes, WP plugin woes, and scary scams [Podcast + Transcript]
By
Paul Ducklin
Latest episode - listen now!
Related tags
β
Phishing
Podcast
Vulnerability
backup
Exploit
hacking
Naked
Security
Podcast
Scam
sextortion
VMware
vulnerability
Wordpress
February 24
th
2022 at 16:51
Naked Security
WordPress backup plugin maker Updraft says βYou should updateββ¦
February 22
nd
2022 at 17:26Β
WordPress backup plugin maker Updraft says βYou should updateββ¦
By
Paul Ducklin
A straight-talking bug report written in plain English by an actual expert - there's a teachable moment in this cybersecurity story!
Related tags
β
Vulnerability
CVE-2022-23303
data
leak
Updraft
vulnerability
Wordpress
February 22
nd
2022 at 17:26
Naked Security
French speakers blasted by sextortion scams with no text or links
February 21
st
2022 at 17:59Β
French speakers blasted by sextortion scams with no text or links
By
Paul Ducklin
You'd spot this one a mile away... but what about your friends or family?
Related tags
β
Privacy
Security
threats
Cybercrime
extortion
porn
scam
Scam
sextortion
spam
February 21
st
2022 at 17:59
Load more articles