Login
FreshRSS
Login
About FreshRSS
Main stream
Favourites (0)
Security
/r/netsec - Information Security News & Discussion
Dark Reading:
http://blog.trendmicro.com/feed
ICS-CERT Alert Feed
Infosec Island Latest Articles
InfoSec Resources
Krebs on Security
McAfee Blogs
Naked Security
News ≈ Packet Storm
Paul's Security Weekly
SANS Internet Storm Center, InfoCON: green
Security – Cisco Blog
SecurityFocus News
The first stop for security news | Threatpost
The Hacker News
The Register - Security
Threatpost | The first stop for security news
Troy Hunt
Verisign Blog
WeLiveSecurity
WIRED
ZDNet | security RSS
Tools
Security Tool Files ≈ Packet Storm
ToolsWatch.org – The Hackers Arsenal Tools Portal
Vulnerabilities
Advisory Files ≈ Packet Storm
Exploit-DB Updates
Full Disclosure
SecurityFocus Vulnerabilities
There are new available articles, click to refresh the page.
Before yesterday
Naked Security
Naked Security
Zoom for Mac patches critical bug – update now!
August 15
th
2022 at 18:26
Zoom for Mac patches critical bug – update now!
By
Paul Ducklin
There's many a slip 'twixt the cup and the lip. Or at least between the TOC and the TOU...
Related tags
❌
OS
X
Vulnerability
CVE-2022-28756
macOS
Wardle
zoom
August 15
th
2022 at 18:26
Naked Security
S3 Ep95: Slack leak, Github onslaught, and post-quantum crypto [Audio + Text]
August 11
th
2022 at 14:34
S3 Ep95: Slack leak, Github onslaught, and post-quantum crypto [Audio + Text]
By
Paul Ducklin
Latest episode - listen now! (Or read the transcript if you prefer.)
Related tags
❌
Cryptography
Data
loss
Law
&
order
Malware
Microsoft
Podcast
Privacy
Cybercrime
github
hacking
malware
Naked
Security
Podcast
quantum
computing
August 11
th
2022 at 14:34
Naked Security
APIC/EPIC! Intel chips leak secrets even the kernel shouldn’t see…
August 10
th
2022 at 16:59
APIC/EPIC! Intel chips leak secrets even the kernel shouldn’t see…
By
Paul Ducklin
If you've ever written code that left stuff lying around in memory when you didn't need it any more... we bet you've regretted it!
Related tags
❌
Cryptography
Data
loss
Vulnerability
APIC
CVE-2022-21233
EPIC
SGX
ÆPIC
Leak
August 10
th
2022 at 16:59
Naked Security
Slack admits to leaking hashed passwords for five years
August 8
th
2022 at 15:14
Slack admits to leaking hashed passwords for five years
By
Paul Ducklin
"When those invitations went out... somehow, your password hash went out with them."
Related tags
❌
Cryptography
Data
loss
brute
force
crack
dictionary
attack
hashing
password
salt
Slack
August 8
th
2022 at 15:14
Naked Security
Traffic Light Protocol for cybersecurity responders gets a revamp
August 5
th
2022 at 18:57
Traffic Light Protocol for cybersecurity responders gets a revamp
By
Paul Ducklin
Traffic lights make a handy global metaphor for denoting the sensitivity of cybersecurity threat data - three colours that everyone knows.
Related tags
❌
Security
leadership
cybersecurity
MDR
MTR
research
TLP
August 5
th
2022 at 18:57
Naked Security
S3 Ep94: This sort of crypto (graphy), and the other sort of crypto (currency!) [Audio + Text]
August 4
th
2022 at 17:52
S3 Ep94: This sort of crypto (graphy), and the other sort of crypto (currency!) [Audio + Text]
By
Paul Ducklin
Latest episode - listen now! (Or read if that's what you prefer.)
Related tags
❌
Cryptocurrency
Cryptography
Podcast
Vulnerability
cryptocurrency
cryptogram
Cybercrime
Naked
Security
Podcast
August 4
th
2022 at 17:52
Naked Security
GitHub blighted by “researcher” who created thousands of malicious projects
August 3
rd
2022 at 23:06
GitHub blighted by “researcher” who created thousands of malicious projects
By
Paul Ducklin
If you spew projects laced with hidden malware into an open source repository, don't waste your time telling us "no harm done" afterwards.
Related tags
❌
Law
&
order
github
malware
supply
chain
August 3
rd
2022 at 23:06
Naked Security
Post-quantum cryptography – new algorithm “gone in 60 minutes”
August 3
rd
2022 at 18:55
Post-quantum cryptography – new algorithm “gone in 60 minutes”
By
Paul Ducklin
And THIS is why you don't knit your own home-made encryption algorithms and hope no one looks at them.
Related tags
❌
Cryptography
nist
PQC
quantum
quantum
computing
SIKE
August 3
rd
2022 at 18:55
Naked Security
Cryptocoin “token swapper” Nomad loses $200 million in coding blunder
August 2
nd
2022 at 16:12
Cryptocoin “token swapper” Nomad loses $200 million in coding blunder
By
Paul Ducklin
Transactions were only approved, it seems, if they were initiated by... errrrr, by anyone.
Related tags
❌
Cryptocurrency
Cryptography
Vulnerability
cryptocoin
cryptocurrency
DeFi
Nomad
August 2
nd
2022 at 16:12
Naked Security
GnuTLS patches memory mismanagement bug – update now!
August 1
st
2022 at 16:55
GnuTLS patches memory mismanagement bug – update now!
By
Paul Ducklin
GnuTLS may well be the most widespread cryptographic toolkit you've never heard of. Learn more...
Related tags
❌
Cryptography
Vulnerability
CVE-2022-2509
double-free
gnutls
heartbleed
August 1
st
2022 at 16:55
Naked Security
How to celebrate SysAdmin Day!
July 29
th
2022 at 15:37
How to celebrate SysAdmin Day!
By
Paul Ducklin
I've just popped in to wish you all/The best SysAdmin Day!
Related tags
❌
Security
leadership
SysAdminDay
SAAD
sysadmin
day
July 29
th
2022 at 15:37
Naked Security
S3 Ep93: Office security, breach costs, and leisurely patches [Audio + Text]
July 28
th
2022 at 15:47
S3 Ep93: Office security, breach costs, and leisurely patches [Audio + Text]
By
Paul Ducklin
Latest episode - listen now!
Related tags
❌
Apple
Data
loss
Law
&
order
Mozilla
Podcast
Privacy
Vulnerability
Safari
T-Mobile
vulnerability
Zero
Day
July 28
th
2022 at 15:47
Naked Security
Critical Samba bug could let anyone become Domain Admin – patch now!
July 27
th
2022 at 21:15
Critical Samba bug could let anyone become Domain Admin – patch now!
By
Paul Ducklin
It's a serious bug... but there's a fix for it, so you know exactly what to do!
Related tags
❌
Vulnerability
CVE-2022-32744
password
reset
Samba
July 27
th
2022 at 21:15
Naked Security
Mild monthly security update from Firefox – but update anyway
July 27
th
2022 at 00:41
Mild monthly security update from Firefox – but update anyway
By
Paul Ducklin
You're probably thinking we're going to say, "Don't delay/Do it today"... and that's exactly what we are saying!
Related tags
❌
Firefox
Mozilla
Vulnerability
clickjacking
vulnerability
July 27
th
2022 at 00:41
Naked Security
T-Mobile to cough up $500 million over 2021 data breach
July 25
th
2022 at 16:20
T-Mobile to cough up $500 million over 2021 data breach
By
Paul Ducklin
Technically, it's not a fine, and the lawyers will get a big chunk of it. But it still adds up to a half-billion-dollar data breach.
Related tags
❌
Data
loss
Law
&
order
Privacy
data
breach
T-Mobile
July 25
th
2022 at 16:20
Naked Security
Office macro security: on-again-off-again feature now BACK ON AGAIN!
July 23
rd
2022 at 01:10
Office macro security: on-again-off-again feature now BACK ON AGAIN!
By
Paul Ducklin
20 years to turn it on, then 20 weeks to turn it off, then just 2 weeks to turn it back on again. That's progress!
Related tags
❌
Data
loss
Malware
Microsoft
Privacy
macros
Office
VBA
July 23
rd
2022 at 01:10
Naked Security
S3 Ep92: Log4Shell4Ever, travel tips, and scamminess [Audio + Text]
July 21
st
2022 at 16:25
S3 Ep92: Log4Shell4Ever, travel tips, and scamminess [Audio + Text]
By
Paul Ducklin
Latest episode - listen, read or both!
Related tags
❌
Podcast
Facebook
Naked
Security
Podcast
tips
July 21
st
2022 at 16:25
Naked Security
Apple patches “0-day” browser bug fixed 2 weeks ago in Chrome, Edge
July 21
st
2022 at 12:38
Apple patches “0-day” browser bug fixed 2 weeks ago in Chrome, Edge
By
Paul Ducklin
One vendor's zero-day is another vendor's routine patch...
Related tags
❌
Apple
Vulnerability
iPad
iPhone
mac
macOS
vulnerability
July 21
st
2022 at 12:38
Naked Security
Last member of Gozi malware troika arrives in US for criminal trial
July 20
th
2022 at 14:56
Last member of Gozi malware troika arrives in US for criminal trial
By
Paul Ducklin
His co-conspirators went into and got out of prison years ago, while he remained free. Now the tables have turned...
Related tags
❌
Law
&
order
Malware
banking
malware
bust
Gozi
SpyEye
Zeus
July 20
th
2022 at 14:56
Naked Security
8 months on, US says Log4Shell will be around for “a decade or longer”
July 18
th
2022 at 16:57
8 months on, US says Log4Shell will be around for “a decade or longer”
By
Paul Ducklin
When it comes to cybersecurity, ask not what everyone else can do for you...
Related tags
❌
Malware
Vulnerability
CSRB
DHS
Log4j
Log4Shell
Security.txt
July 18
th
2022 at 16:57
Naked Security
7 cybersecurity tips for your summer vacation!
July 15
th
2022 at 18:23
7 cybersecurity tips for your summer vacation!
By
Paul Ducklin
Here you go - seven thoughtful cybersecurity tips to help you travel safely...
Related tags
❌
Privacy
holiday
spycam
surveillance
travel
vacation
Wi-fi
July 15
th
2022 at 18:23
Naked Security
S3 Ep91: CodeRed, OpenSSL, Java bugs, Office macros [Audio + Text]
July 14
th
2022 at 18:47
S3 Ep91: CodeRed, OpenSSL, Java bugs, Office macros [Audio + Text]
By
Paul Ducklin
Latest episode - listen now! Great discussion, technical content, solid advice... all covered in plain English.
Related tags
❌
Cryptography
Law
&
order
Malware
Microsoft
Podcast
AES
Naked
Security
Podcast
ransomware
RSA
VBA
July 14
th
2022 at 18:47
Naked Security
Facebook 2FA scammers return – this time in just 21 minutes
July 13
th
2022 at 16:46
Facebook 2FA scammers return – this time in just 21 minutes
By
Paul Ducklin
Last time they arrived 28 minutes after lighting up their fake domain... this time it was just 21 minutes
Related tags
❌
Facebook
Phishing
Privacy
2FA
Scam
July 13
th
2022 at 16:46
Naked Security
Paying ransomware crooks won’t reduce your legal risk, warns regulator
July 12
th
2022 at 18:24
Paying ransomware crooks won’t reduce your legal risk, warns regulator
By
Paul Ducklin
"We paid the crooks to keep things under control and make a bad thing better"... isn't a valid excuse. Who knew?
Related tags
❌
GDPR
compliance
Law
&
order
Ransomware
Uncategorized
cyberextortion
GCHQ
ico
NCSC
ransomware
July 12
th
2022 at 18:24
Naked Security
That didn’t last! Microsoft turns off the Office security it just turned on
July 11
th
2022 at 13:27
That didn’t last! Microsoft turns off the Office security it just turned on
By
Paul Ducklin
An Office anti-malware setting that took more than 20 years to arrive... and fewer than 20 weeks to vanish again.
Related tags
❌
Malware
Microsoft
Phishing
macro
malware
Office
VBA
July 11
th
2022 at 13:27
Naked Security
Apache “Commons Configuration” patches Log4Shell-style bug – what you need to know
July 8
th
2022 at 00:59
Apache “Commons Configuration” patches Log4Shell-style bug – what you need to know
By
Paul Ducklin
It's a bit like Log4J, but for configuration files, not for logging.
Related tags
❌
Vulnerability
Apache
Commons
CVE-2022-33980
July 8
th
2022 at 00:59
Naked Security
S3 Ep90: Chrome 0-day again, True Cybercrime, and a 2FA bypass [Podcast + Transcript]
July 7
th
2022 at 18:46
S3 Ep90: Chrome 0-day again, True Cybercrime, and a 2FA bypass [Podcast + Transcript]
By
Paul Ducklin
Listen now! Or read if you prefer...
Related tags
❌
Cryptocurrency
Google
Google
Chrome
Law
&
order
Podcast
Vulnerability
2FA
busts
cryptocurrency
Naked
Security
Podcast
OneCoin
July 7
th
2022 at 18:46
Naked Security
OpenSSL fixes two “one-liner” crypto bugs – what you need to know
July 6
th
2022 at 16:52
OpenSSL fixes two “one-liner” crypto bugs – what you need to know
By
Paul Ducklin
"As bad as Heartbleed"? We heard that concern a week ago, but we think it's less ungood than that...
Related tags
❌
Cryptography
Vulnerability
AES
openssl
RSA
vulnerability
July 6
th
2022 at 16:52
Naked Security
Google patches “in-the-wild” Chrome zero-day – update now!
July 5
th
2022 at 15:55
Google patches “in-the-wild” Chrome zero-day – update now!
By
Paul Ducklin
Running Chrome? Do the "Help-About-Update" dance move right now, just to be sure...
Related tags
❌
Google
Google
Chrome
Vulnerability
day
chrome
CVE-2022-2294
vulnerability
zer-day
Zero
Day
July 5
th
2022 at 15:55
Naked Security
Canadian cybercriminal pleads guilty to “NetWalker” attacks in US
July 4
th
2022 at 14:09
Canadian cybercriminal pleads guilty to “NetWalker” attacks in US
By
Paul Ducklin
Bust in Canada, now bust in the USA as well.
Related tags
❌
Cryptocurrency
Law
&
order
Ransomware
bitcoin
bust
Netwalker
ransomware
revil
July 4
th
2022 at 14:09
Naked Security
Facebook 2FA phish arrives just 28 minutes after scam domain created
July 1
st
2022 at 20:01
Facebook 2FA phish arrives just 28 minutes after scam domain created
By
Paul Ducklin
The crooks hit us up with this phishing email less than half an hour after they activated their new scam domain.
Related tags
❌
Data
loss
Facebook
Phishing
Privacy
2FA
phishing
Scam
July 1
st
2022 at 20:01
Naked Security
“Missing Cryptoqueen” hits the FBI’s Ten Most Wanted list
July 1
st
2022 at 16:49
“Missing Cryptoqueen” hits the FBI’s Ten Most Wanted list
By
Paul Ducklin
The "Missing Cryptoqueen" makes the American Top Ten... but not in a good way.
Related tags
❌
Cryptocurrency
Law
&
order
crypto
cryptocoin
cryptoqueen
Ignatova
Scam
July 1
st
2022 at 16:49
Naked Security
S3 Ep89: Sextortion, blockchain blunder, and an OpenSSL bugfix [Podcast + Transcript]
June 30
th
2022 at 12:57
S3 Ep89: Sextortion, blockchain blunder, and an OpenSSL bugfix [Podcast + Transcript]
By
Paul Ducklin
Latest episode - listen and read now! Use our advice to advise your own friends and family... let's all do our bit to stand up to scammers!
Related tags
❌
Cryptocurrency
Cryptography
Law
&
order
Podcast
Vulnerability
crypto
cryptocurrency
extortion
Naked
Security
Podcast
openssl
scammers
June 30
th
2022 at 12:57
Naked Security
Firefox 102 fixes address bar spoofing security hole (and helps with Follina!)
June 29
th
2022 at 16:11
Firefox 102 fixes address bar spoofing security hole (and helps with Follina!)
By
Paul Ducklin
Firefox squashes a bug that helped phishers, and brings its own helping hand to Microsoft's "Follina" saga.
Related tags
❌
Firefox
Mozilla
Vulnerability
Follina
Patch
vulnerability
June 29
th
2022 at 16:11
Naked Security
Harmony blockchain loses nearly $100M due to hacked private keys
June 27
th
2022 at 18:14
Harmony blockchain loses nearly $100M due to hacked private keys
By
Paul Ducklin
The crooks needed at least two private keys, each stored in two parts... but they got them anyway.
Related tags
❌
Cryptocurrency
Data
loss
crypto
ether
hack
Harmony
June 27
th
2022 at 18:14
Naked Security
FTC warns of LGBTQ+ extortion scams – be aware before you share!
June 27
th
2022 at 14:58
FTC warns of LGBTQ+ extortion scams – be aware before you share!
By
Paul Ducklin
It's a simple jingle and it's solid advice: "If in doubt, don't give it out!"
Related tags
❌
Law
&
order
Privacy
cyberextortion
extortion
RTC
Scam
June 27
th
2022 at 14:58
Naked Security
OpenSSL issues a bugfix for the previous bugfix
June 24
th
2022 at 15:32
OpenSSL issues a bugfix for the previous bugfix
By
Paul Ducklin
Fortunately, it's not a major bugfix, which means it's easy to patch and can teach us all some useful lessons.
Related tags
❌
Cryptography
Vulnerability
command
injection
crypto
openssl
June 24
th
2022 at 15:32
Naked Security
S3 Ep88: Phone scammers, hacking bust, and data breach fines [Podcast + Transcript]
June 23
rd
2022 at 11:08
S3 Ep88: Phone scammers, hacking bust, and data breach fines [Podcast + Transcript]
By
Paul Ducklin
Latest epsiode - listen (or read) now!
Related tags
❌
Amazon
Cryptocurrency
Data
loss
Law
&
order
Malware
Podcast
Privacy
bust
data
breach
hacking
Interpol
Naked
Security
Podcast
phone
scams
scammers
June 23
rd
2022 at 11:08
Naked Security
Capital One identity theft hacker finally gets convicted
June 21
st
2022 at 15:24
Capital One identity theft hacker finally gets convicted
By
Paul Ducklin
It took three years, but the Capital One cracker was convicted in the end. Don't get caught out in a data breach of your own!
Related tags
❌
Data
loss
Law
&
order
Malware
capital
one
cryptojacking
data
breach
doj
SSN
June 21
st
2022 at 15:24
Naked Security
Interpol busts 2000 suspects in phone scamming takedown
June 20
th
2022 at 18:10
Interpol busts 2000 suspects in phone scamming takedown
By
Paul Ducklin
Friends don't let friends get scammed. Not everyone knows how typical scams unfold, so here are some real-world examples...
Related tags
❌
Law
&
order
Privacy
bust
Interpol
scamming
Social
Engineering
June 20
th
2022 at 18:10
Naked Security
S3 Ep87: Follina, AirTags, ID theft and the Law of Big Numbers [Podcast]
June 16
th
2022 at 16:52
S3 Ep87: Follina, AirTags, ID theft and the Law of Big Numbers [Podcast]
By
Paul Ducklin
Lastest epsiode - listen now!
Related tags
❌
Apple
Microsoft
Phishing
Podcast
Vulnerability
CVE-2022-30190
Exploit
Follina
phishing
SMS
vishing
vulnerability
June 16
th
2022 at 16:52
Naked Security
Follina gets fixed – but it’s not listed in the Patch Tuesday patches!
June 15
th
2022 at 01:20
Follina gets fixed – but it’s not listed in the Patch Tuesday patches!
By
Paul Ducklin
We tried it out to make sure, so you don't have to.
Related tags
❌
Microsoft
Vulnerability
CVE-2022-30190
Follina
Patch
Tuesday
June 15
th
2022 at 01:20
Naked Security
Murder suspect admits she tracked cheating partner with hidden AirTag
June 14
th
2022 at 18:49
Murder suspect admits she tracked cheating partner with hidden AirTag
By
Paul Ducklin
O! What a tangled web we weave, when first we practise to deceive.
Related tags
❌
Law
&
order
Privacy
AirTag
BLE
bluetooth
surveillance
Tracking
June 14
th
2022 at 18:49
Naked Security
You’re invited! Join us for a live walkthrough of the “Follina” story…
June 13
th
2022 at 16:28
You’re invited! Join us for a live walkthrough of the “Follina” story…
By
Paul Ducklin
Live demo, plain English, no sales pitch, just a chance to watch an attack dissected in safety. Join us if you can!
Related tags
❌
Malware
Security
leadership
Vulnerability
CVE-2022-30190
Follina
webinar
June 13
th
2022 at 16:28
Naked Security
S3 Ep86: The crooks were in our network for HOW long?! [Podcast + Transcript]
June 9
th
2022 at 13:07
S3 Ep86: The crooks were in our network for HOW long?! [Podcast + Transcript]
By
Paul Ducklin
Latest episode - listen (or read) now!
Related tags
❌
Podcast
Active
Adversary
MDR
MTR
Naked
Security
Podcast
vulnerability
Zero
Day
June 9
th
2022 at 13:07
Naked Security
SSNDOB Market domains seized, identity theft “brokerage” shut down
June 8
th
2022 at 14:53
SSNDOB Market domains seized, identity theft “brokerage” shut down
By
Paul Ducklin
The online identity "brokerage" SSNDOB Market didn't want people to be in any doubt what it was selling.
Related tags
❌
Law
&
order
Privacy
bust
doj
identity
theft
SSNDOB
takedown
June 8
th
2022 at 14:53
Naked Security
Know your enemy! Learn how cybercrime adversaries get in…
June 7
th
2022 at 15:49
Know your enemy! Learn how cybercrime adversaries get in…
By
Paul Ducklin
Here's how 144 recent attacks actually went down in real life. Don't let this happen to you!
Related tags
❌
Phishing
Privacy
Ransomware
Security
leadership
Vulnerability
data
theft
MDR
MTR
ransomware
threat
response
June 7
th
2022 at 15:49
Naked Security
Atlassian announces 0-day hole in Confluence Server – update now!
June 3
rd
2022 at 18:59
Atlassian announces 0-day hole in Confluence Server – update now!
By
Paul Ducklin
Zero-day announced - here's what you need to know
Related tags
❌
Vulnerability
atlassian
CVE-2022-26134
Zero
Day
June 3
rd
2022 at 18:59
Naked Security
Yet another zero-day (sort of) in Windows “search URL” handling
June 2
nd
2022 at 19:39
Yet another zero-day (sort of) in Windows “search URL” handling
By
Paul Ducklin
More trouble with special-purpose URLs on Windows.
Related tags
❌
Microsoft
Vulnerability
url
vulnerability
Windows
June 2
nd
2022 at 19:39
Naked Security
S3 Ep85: Now THAT’S what I call a Microsoft Office exploit! [Podcast]
June 2
nd
2022 at 18:37
S3 Ep85: Now THAT’S what I call a Microsoft Office exploit! [Podcast]
By
Paul Ducklin
Latest episode - listen now!
Related tags
❌
Phishing
Podcast
Privacy
Vulnerability
CVE-2022-30190
Follina
Naked
Security
Podcast
smishing
SMS
webcam
June 2
nd
2022 at 18:37
Naked Security
Firefox 101 is out, this time with no 0-day scares (but update anyway!)
June 1
st
2022 at 14:31
Firefox 101 is out, this time with no 0-day scares (but update anyway!)
By
Paul Ducklin
After an intriguing month of Firefox releases, here's one with a bit less drama, probably to the collective relief of Mozilla's coders.
Related tags
❌
Firefox
Mozilla
Vulnerability
Patch
vulnerability
June 1
st
2022 at 14:31
Naked Security
Mysterious “Follina” zero-day hole in Office – here’s what to do!
May 30
th
2022 at 23:01
Mysterious “Follina” zero-day hole in Office – here’s what to do!
By
Paul Ducklin
News has emerged of a "feature" in Office that has been abused as a zero-day bug to run evil code. Turning off macros doesn't help!
Related tags
❌
Microsoft
Security
threats
Vulnerability
CVE-2022-30190
Follina
ms-msdt
MSDT
Office
Zero
Day
May 30
th
2022 at 23:01
Naked Security
Beware the Smish! Home delivery scams with a professional feel…
May 30
th
2022 at 17:59
Beware the Smish! Home delivery scams with a professional feel…
By
Paul Ducklin
Home delivery scams are getting leaner, and meaner, and more likely to "look about right". Here's an example to show you what we mean...
Related tags
❌
Phishing
Privacy
phishing
Scam
smishing
SMS
May 30
th
2022 at 17:59
Naked Security
S3 Ep84: Government demand, Mozilla velocity, and Clearview fine [Podcast]
May 27
th
2022 at 11:17
S3 Ep84: Government demand, Mozilla velocity, and Clearview fine [Podcast]
By
Paul Ducklin
Latest episode - listen now!
Related tags
❌
Podcast
Privacy
Vulnerability
Clearview
Mozilla
Naked
Security
Podcast
Patching
VMware
May 27
th
2022 at 11:17
Naked Security
Who’s watching your webcam? The Screencastify Chrome extension story…
May 26
th
2022 at 12:41
Who’s watching your webcam? The Screencastify Chrome extension story…
By
Paul Ducklin
When you really need to make exceptions in cybersecurity, specify them as explicitly as you can.
Related tags
❌
Privacy
Chrome
store
need-to-know
Screencastify
webcam
May 26
th
2022 at 12:41
Naked Security
Poisoned Python and PHP packages purloin passwords for AWS access
May 24
th
2022 at 23:04
Poisoned Python and PHP packages purloin passwords for AWS access
By
Paul Ducklin
More supply chain trouble - this time with clear examples so you can learn how to spot this stuff yourself.
Related tags
❌
Malware
Vulnerability
exfiltration
PHP
python
secops
supply
chain
XDR
May 24
th
2022 at 23:04
Naked Security
Clearview AI face-matching service fined a lot less than expected
May 23
rd
2022 at 13:01
Clearview AI face-matching service fined a lot less than expected
By
Paul Ducklin
The fine has finally gone through... but it's less than 45% of what was originally proposed.
eleceye-1200
Related tags
❌
Privacy
Clearview
Clearview
AI
fine
ico
May 23
rd
2022 at 13:01
Naked Security
Mozilla patches Wednesday’s Pwn2Own double-exploit… on Friday!
May 20
th
2022 at 23:47
Mozilla patches Wednesday’s Pwn2Own double-exploit… on Friday!
By
Paul Ducklin
That was quick! 48 hours from exploit report to published patch.
Related tags
❌
Firefox
Mozilla
Vulnerability
CVE-2022-1529
CVE-2022-1802
Manfred
Paul
Pwn2Own
May 20
th
2022 at 23:47
Naked Security
Microsoft patches the Patch Tuesday patch that broke authentication
May 20
th
2022 at 22:35
Microsoft patches the Patch Tuesday patch that broke authentication
By
Paul Ducklin
Remember the good old days when security patches rarely needed patches? Because security patches themlelves were rare enough anyway?
Related tags
❌
Microsoft
Vulnerability
Windows
authentication
out-of-band
patch-to-patch
Woindows
May 20
th
2022 at 22:35
Naked Security
US Government says: Patch VMware right now, or get off our network
May 20
th
2022 at 14:03
US Government says: Patch VMware right now, or get off our network
By
Paul Ducklin
Find and patch. Right now. If you can't patch, get it off the network. Right now! Oh, and show us what you did to comply.
Related tags
❌
Vulnerability
CVE-2022-22972
CVE-2022-22973
Federal
Government
MTR
VMware
May 20
th
2022 at 14:03
Load more articles