Login
FreshRSS
Login
About FreshRSS
Main stream
Favourites (0)
Security
/r/netsec - Information Security News & Discussion
Dark Reading:
http://blog.trendmicro.com/feed
ICS-CERT Alert Feed
Infosec Island Latest Articles
InfoSec Resources
Krebs on Security
McAfee Blogs
Naked Security
News β Packet Storm
Paul's Security Weekly
SANS Internet Storm Center, InfoCON: green
Security β Cisco Blog
SecurityFocus News
The first stop for security news | Threatpost
The Hacker News
The Register - Security
Threatpost | The first stop for security news
Troy Hunt
Verisign Blog
WeLiveSecurity
WIRED
ZDNet | security RSS
Tools
Security Tool Files β Packet Storm
ToolsWatch.org β The Hackers Arsenal Tools Portal
Vulnerabilities
Advisory Files β Packet Storm
Exploit-DB Updates
Full Disclosure
SecurityFocus Vulnerabilities
There are new available articles, click to refresh the page.
Before yesterday
Naked Security
Naked Security
S3 Ep102.5: βProxyNotShellβ Exchange bugs β an expert speaks [Audio + Text]
October 1
st
2022 at 14:05Β
S3 Ep102.5: βProxyNotShellβ Exchange bugs β an expert speaks [Audio + Text]
By
Paul Ducklin
Who's affected, what you can do while waiting for Microsoft's patches, and how to plan your threat hunting...
Related tags
β
Microsoft
Podcast
Vulnerability
:ProxyNotShell
chester
wisniewski
CVE-2022-41040
CVE-2022-41042
exchange
Zero
Day
October 1
st
2022 at 14:05
Naked Security
URGENT! Microsoft Exchange double zero-day β βlike ProxyShell, only differentβ
September 30
th
2022 at 18:25Β
URGENT! Microsoft Exchange double zero-day β βlike ProxyShell, only differentβ
By
Paul Ducklin
Double-play 0-day in Exchange - what you need to know, and what you can do
Related tags
β
Microsoft
Vulnerability
CVE-2022-41040
CVE-2022-41082
exchange
vulnerability
Zero
Day
September 30
th
2022 at 18:25
Naked Security
Uber and Rockstar β has a LAPSUS$ linchpin just been busted (again)?
September 24
th
2022 at 22:57Β
Uber and Rockstar β has a LAPSUS$ linchpin just been busted (again)?
By
Paul Ducklin
Is this the same suspect as before? Is he part of LAPSUS$? Is this the man who hacked Uber and Rockstar? And, if so, who else?
Related tags
β
Law
&
order
2FA
hacking
lapsus
Rockstar
Uber
September 24
th
2022 at 22:57
Naked Security
S3 Ep101: Uber and LastPass breaches β is 2FA all itβs cracked up to be? [Audio + Text]
September 22
nd
2022 at 18:42Β
S3 Ep101: Uber and LastPass breaches β is 2FA all itβs cracked up to be? [Audio + Text]
By
Paul Ducklin
Latest episode - listen now! Learn why adopting 2FA isn't a reason to relax your other security precautions...
Related tags
β
Data
loss
Podcast
2FA
data
breach
LastPass
MFA
Naked
Security
Podcast
Uber
September 22
nd
2022 at 18:42
Naked Security
Chrome and Edge fix zero-day security hole β update now!
September 5
th
2022 at 15:12Β
Chrome and Edge fix zero-day security hole β update now!
By
Paul Ducklin
This time, the crooks got there first - only 1 security hole patched, but it's a zero-day.
Related tags
β
Google
Google
Chrome
Vulnerability
chrome
CVE-2022-3075
Exploit
Patch
Zero
Day
September 5
th
2022 at 15:12
Naked Security
URGENT! Apple slips out zero-day update for older iPhones and iPads
August 31
st
2022 at 18:42Β
URGENT! Apple slips out zero-day update for older iPhones and iPads
By
Paul Ducklin
Patch as soon as you can - that recent WebKit zero-day affecting new iPhones and iPads is apparently being used against older models, too.
Related tags
β
Apple
iOS
CVE-2022-32893
ios
spyware
webkit
Zero
Day
August 31
st
2022 at 18:42
Naked Security
Laptop denial-of-service via music: the 1980s R&B song with a CVE!
August 22
nd
2022 at 16:03Β
Laptop denial-of-service via music: the 1980s R&B song with a CVE!
By
Paul Ducklin
We haven't validated this vuln ourselves... but the source of the story is impeccable. (Impeccably dressed, at least.)
Related tags
β
Vulnerability
chen
CVE-2022-38392
Janet
Jackson
music
Raymond
Chen
resonance
August 22
nd
2022 at 16:03
Naked Security
Apple patches double zero-day in browser and kernel β update now!
August 17
th
2022 at 23:33Β
Apple patches double zero-day in browser and kernel β update now!
By
Paul Ducklin
Double 0-day exploits - one in WebKit (to break in) and the other in the kernel (to take over). Patch now!
Related tags
β
Apple
iOS
Malware
OS
X
Vulnerability
CVE-2022-32893
CVE-2022-32894
ios
iPadOS
jailbreak
macOS
spyware
August 17
th
2022 at 23:33
Naked Security
Zoom for Mac patches critical bug β update now!
August 15
th
2022 at 18:26Β
Zoom for Mac patches critical bug β update now!
By
Paul Ducklin
There's many a slip 'twixt the cup and the lip. Or at least between the TOC and the TOU...
Related tags
β
OS
X
Vulnerability
CVE-2022-28756
macOS
Wardle
zoom
August 15
th
2022 at 18:26
Naked Security
APIC/EPIC! Intel chips leak secrets even the kernel shouldnβt seeβ¦
August 10
th
2022 at 16:59Β
APIC/EPIC! Intel chips leak secrets even the kernel shouldnβt seeβ¦
By
Paul Ducklin
If you've ever written code that left stuff lying around in memory when you didn't need it any more... we bet you've regretted it!
Related tags
β
Cryptography
Data
loss
Vulnerability
APIC
CVE-2022-21233
EPIC
SGX
ΓPIC
Leak
August 10
th
2022 at 16:59
Naked Security
GnuTLS patches memory mismanagement bug β update now!
August 1
st
2022 at 16:55Β
GnuTLS patches memory mismanagement bug β update now!
By
Paul Ducklin
GnuTLS may well be the most widespread cryptographic toolkit you've never heard of. Learn more...
Related tags
β
Cryptography
Vulnerability
CVE-2022-2509
double-free
gnutls
heartbleed
August 1
st
2022 at 16:55
Naked Security
Critical Samba bug could let anyone become Domain Admin β patch now!
July 27
th
2022 at 21:15Β
Critical Samba bug could let anyone become Domain Admin β patch now!
By
Paul Ducklin
It's a serious bug... but there's a fix for it, so you know exactly what to do!
Related tags
β
Vulnerability
CVE-2022-32744
password
reset
Samba
July 27
th
2022 at 21:15
Naked Security
Facebook 2FA scammers return β this time in just 21 minutes
July 13
th
2022 at 16:46Β
Facebook 2FA scammers return β this time in just 21 minutes
By
Paul Ducklin
Last time they arrived 28 minutes after lighting up their fake domain... this time it was just 21 minutes
Related tags
β
Facebook
Phishing
Privacy
2FA
Scam
July 13
th
2022 at 16:46
Naked Security
Apache βCommons Configurationβ patches Log4Shell-style bug β what you need to know
July 8
th
2022 at 00:59Β
Apache βCommons Configurationβ patches Log4Shell-style bug β what you need to know
By
Paul Ducklin
It's a bit like Log4J, but for configuration files, not for logging.
Related tags
β
Vulnerability
Apache
Commons
CVE-2022-33980
July 8
th
2022 at 00:59
Naked Security
S3 Ep90: Chrome 0-day again, True Cybercrime, and a 2FA bypass [Podcast + Transcript]
July 7
th
2022 at 18:46Β
S3 Ep90: Chrome 0-day again, True Cybercrime, and a 2FA bypass [Podcast + Transcript]
By
Paul Ducklin
Listen now! Or read if you prefer...
Related tags
β
Cryptocurrency
Google
Google
Chrome
Law
&
order
Podcast
Vulnerability
2FA
busts
cryptocurrency
Naked
Security
Podcast
OneCoin
July 7
th
2022 at 18:46
Naked Security
Google patches βin-the-wildβ Chrome zero-day β update now!
July 5
th
2022 at 15:55Β
Google patches βin-the-wildβ Chrome zero-day β update now!
By
Paul Ducklin
Running Chrome? Do the "Help-About-Update" dance move right now, just to be sure...
Related tags
β
Google
Google
Chrome
Vulnerability
day
chrome
CVE-2022-2294
vulnerability
zer-day
Zero
Day
July 5
th
2022 at 15:55
Naked Security
Facebook 2FA phish arrives just 28 minutes after scam domain created
July 1
st
2022 at 20:01Β
Facebook 2FA phish arrives just 28 minutes after scam domain created
By
Paul Ducklin
The crooks hit us up with this phishing email less than half an hour after they activated their new scam domain.
Related tags
β
Data
loss
Facebook
Phishing
Privacy
2FA
phishing
Scam
July 1
st
2022 at 20:01
Naked Security
S3 Ep87: Follina, AirTags, ID theft and the Law of Big Numbers [Podcast]
June 16
th
2022 at 16:52Β
S3 Ep87: Follina, AirTags, ID theft and the Law of Big Numbers [Podcast]
By
Paul Ducklin
Lastest epsiode - listen now!
Related tags
β
Apple
Microsoft
Phishing
Podcast
Vulnerability
CVE-2022-30190
Exploit
Follina
phishing
SMS
vishing
vulnerability
June 16
th
2022 at 16:52
Naked Security
Follina gets fixed β but itβs not listed in the Patch Tuesday patches!
June 15
th
2022 at 01:20Β
Follina gets fixed β but itβs not listed in the Patch Tuesday patches!
By
Paul Ducklin
We tried it out to make sure, so you don't have to.
Related tags
β
Microsoft
Vulnerability
CVE-2022-30190
Follina
Patch
Tuesday
June 15
th
2022 at 01:20
Naked Security
Youβre invited! Join us for a live walkthrough of the βFollinaβ storyβ¦
June 13
th
2022 at 16:28Β
Youβre invited! Join us for a live walkthrough of the βFollinaβ storyβ¦
By
Paul Ducklin
Live demo, plain English, no sales pitch, just a chance to watch an attack dissected in safety. Join us if you can!
Related tags
β
Malware
Security
leadership
Vulnerability
CVE-2022-30190
Follina
webinar
June 13
th
2022 at 16:28
Naked Security
Atlassian announces 0-day hole in Confluence Server β update now!
June 3
rd
2022 at 18:59Β
Atlassian announces 0-day hole in Confluence Server β update now!
By
Paul Ducklin
Zero-day announced - here's what you need to know
Related tags
β
Vulnerability
atlassian
CVE-2022-26134
Zero
Day
June 3
rd
2022 at 18:59
Naked Security
S3 Ep85: Now THATβS what I call a Microsoft Office exploit! [Podcast]
June 2
nd
2022 at 18:37Β
S3 Ep85: Now THATβS what I call a Microsoft Office exploit! [Podcast]
By
Paul Ducklin
Latest episode - listen now!
Related tags
β
Phishing
Podcast
Privacy
Vulnerability
CVE-2022-30190
Follina
Naked
Security
Podcast
smishing
SMS
webcam
June 2
nd
2022 at 18:37
Naked Security
Mysterious βFollinaβ zero-day hole in Office β hereβs what to do!
May 30
th
2022 at 23:01Β
Mysterious βFollinaβ zero-day hole in Office β hereβs what to do!
By
Paul Ducklin
News has emerged of a "feature" in Office that has been abused as a zero-day bug to run evil code. Turning off macros doesn't help!
Related tags
β
Microsoft
Security
threats
Vulnerability
CVE-2022-30190
Follina
ms-msdt
MSDT
Office
Zero
Day
May 30
th
2022 at 23:01
Naked Security
Mozilla patches Wednesdayβs Pwn2Own double-exploitβ¦ on Friday!
May 20
th
2022 at 23:47Β
Mozilla patches Wednesdayβs Pwn2Own double-exploitβ¦ on Friday!
By
Paul Ducklin
That was quick! 48 hours from exploit report to published patch.
Related tags
β
Firefox
Mozilla
Vulnerability
CVE-2022-1529
CVE-2022-1802
Manfred
Paul
Pwn2Own
May 20
th
2022 at 23:47
Naked Security
US Government says: Patch VMware right now, or get off our network
May 20
th
2022 at 14:03Β
US Government says: Patch VMware right now, or get off our network
By
Paul Ducklin
Find and patch. Right now. If you can't patch, get it off the network. Right now! Oh, and show us what you did to comply.
Related tags
β
Vulnerability
CVE-2022-22972
CVE-2022-22973
Federal
Government
MTR
VMware
May 20
th
2022 at 14:03
Naked Security
Pwn2Own hacking schedule released β Windows and Linux are top targets
May 18
th
2022 at 13:04Β
Pwn2Own hacking schedule released β Windows and Linux are top targets
By
Paul Ducklin
What's better? Disclose early, patch fast? Or dig deep, disclose in full, patch more slowly?
Related tags
β
Vulnerability
hacking
Pwn2Own
research
secops
May 18
th
2022 at 13:04
Naked Security
Firefox out-of-band update to 100.0.1 β just in time for Pwn2Own?
May 15
th
2022 at 21:53Β
Firefox out-of-band update to 100.0.1 β just in time for Pwn2Own?
By
Paul Ducklin
A new point-release of Firefox. Not unusual, but the timing of this one is interesting, with Pwn2Own coming up in a few days.
Related tags
β
Firefox
Mozilla
Pwn2Own
Sandbox
May 15
th
2022 at 21:53
Naked Security
RubyGems supply chain rip-and-replace bug fixed β check your logs!
May 9
th
2022 at 15:41Β
RubyGems supply chain rip-and-replace bug fixed β check your logs!
By
Paul Ducklin
Imagine if you could assume the identity of, say, Franklin Delano Roosevelt simply by showing up and calling yourself "Frank".
ruby-1200
Related tags
β
Vulnerability
CVE-2022-29176
ruby
RubyGems
suppy
chain
vulnerability
May 9
th
2022 at 15:41
Naked Security
Critical cryptographic Java security blunder patched β update now!
April 20
th
2022 at 16:43Β
Critical cryptographic Java security blunder patched β update now!
By
Paul Ducklin
Either know the private key and use it scrupulously in your digital signature calculation.... or just send a bunch of zeros instead.
Related tags
β
Cryptography
Java
Oracle
Vulnerability
CVE-2022-21449
digital
signature
vulnerability
April 20
th
2022 at 16:43
Naked Security
Yet another Chrome zero-day emergency update β patch now!
April 16
th
2022 at 00:33Β
Yet another Chrome zero-day emergency update β patch now!
By
Paul Ducklin
The third emergency Chrome 0-day in three months - the first one was exploited by North Korea, so you might as well get this one ASAP.
Related tags
β
Google
Google
Chrome
Microsoft
Edge
Vulnerability
"Edge"
browser
chrome
CVE-2022-1364
type
confusion
vulnerability
April 16
th
2022 at 00:33
Naked Security
Two different βVMware Springβ bugs at large β we cut through the confusion
March 31
st
2022 at 16:59Β
Two different βVMware Springβ bugs at large β we cut through the confusion
By
Paul Ducklin
Whoever came up with the name "Spring4Shell" didn't help at all... we cut through the Spring Bug confusion
Related tags
β
CVE-2022-22963
CVE-2022-22965
Spring
Spring
Cloud
Spring
Framework
Spring4Shell
VMWare
Spring
March 31
st
2022 at 16:59
Naked Security
βVMware Spring Cloud Functionβ Java bug gives instant remote code execution β update now!
March 30
th
2022 at 20:38Β
βVMware Spring Cloud Functionβ Java bug gives instant remote code execution β update now!
By
Paul Ducklin
Easy unauthenticated remote code execution - PoC code already out
Related tags
β
Uncategorized
CVE-2022-22963
Java
Log4She;;
SPEL
Spring
Spring
Cloud
Spring
Expression
Resource
March 30
th
2022 at 20:38
Naked Security
Zlib data compressor fixes 17-year-old security bug β patch, errrm, now
March 29
th
2022 at 16:37Β
Zlib data compressor fixes 17-year-old security bug β patch, errrm, now
By
Paul Ducklin
This code is venerable! Surely all the bugs must be out by now?
Related tags
β
Vulnerability
CVE-2018-25032
DEFLATE
ormandy
vulnerability
Zlib
March 29
th
2022 at 16:37
Naked Security
Google Chrome patches mysterious new zero-day bug β update now
March 28
th
2022 at 14:18Β
Google Chrome patches mysterious new zero-day bug β update now
By
Paul Ducklin
CVE-2022-1096 - another mystery in-the-wild 0-day in Chrome... check your version now!
Related tags
β
Google
Google
Chrome
chrome
Chromium
CVE-2022-1096
Exploit
Zero
Day
March 28
th
2022 at 14:18
Naked Security
OpenSSL patches infinite-loop DoS bug in certificate verification
March 18
th
2022 at 17:59Β
OpenSSL patches infinite-loop DoS bug in certificate verification
By
Paul Ducklin
When it comes to writing loops in your code... never sit on the fence!
Related tags
β
Cryptography
Vulnerability
CVE-2022-0778
DOS
openssl
ormandy
vulnerability
March 18
th
2022 at 17:59
Naked Security
CISA warning: βRussian actors bypassed 2FAβ β what happened and how to avoid it
March 16
th
2022 at 01:22Β
CISA warning: βRussian actors bypassed 2FAβ β what happened and how to avoid it
By
Paul Ducklin
Don't leave old accounts lying around where someone sketchy could reactivate them.
Related tags
β
Vulnerability
2FA
bypass
CISA
hacking
intrusion
MTR
March 16
th
2022 at 01:22
Naked Security
S3 Ep73: Ransomware with a difference, dirty Linux pipes, and much more [Podcast + Transcript]
March 10
th
2022 at 19:37Β
S3 Ep73: Ransomware with a difference, dirty Linux pipes, and much more [Podcast + Transcript]
By
Paul Ducklin
Latest episode - listen now!
Related tags
β
Podcast
adafruit
CVE-2022-0847
Cybercrime
Dirty
Pipe
Firefox
hacking
Linux
Mozilla
Naked
Security
Podcast
NVIDIA
ransomware
March 10
th
2022 at 19:37
Naked Security
βDirty Pipeβ Linux kernel bug lets anyone write to any file
March 8
th
2022 at 19:37Β
βDirty Pipeβ Linux kernel bug lets anyone write to any file
By
Paul Ducklin
Even read-only files can be written to, leading to a dangerously general purpose elevation-of-privilege attack.
pipe-1200
Related tags
β
Android
Google
Linux
Vulnerability
CVE-2022-0847
EoP
file
overwrite
kernel
splice
vulnerability
March 8
th
2022 at 19:37
Naked Security
WordPress backup plugin maker Updraft says βYou should updateββ¦
February 22
nd
2022 at 17:26Β
WordPress backup plugin maker Updraft says βYou should updateββ¦
By
Paul Ducklin
A straight-talking bug report written in plain English by an actual expert - there's a teachable moment in this cybersecurity story!
Related tags
β
Vulnerability
CVE-2022-23303
data
leak
Updraft
vulnerability
Wordpress
February 22
nd
2022 at 17:26
Naked Security
Irony alert! PHP fixes security flaw in input validation code
February 18
th
2022 at 17:59Β
Irony alert! PHP fixes security flaw in input validation code
By
Paul Ducklin
What's wrong with this sequence? 1. Step into the road 2. Check if it's safe 3. Keep on walki...
Related tags
β
Vulnerability
CVE-2021-21708
PHP
use-after-free
February 18
th
2022 at 17:59
Naked Security
Google announces zero-day in Chrome browser β update now!
February 15
th
2022 at 19:17Β
Google announces zero-day in Chrome browser β update now!
By
Paul Ducklin
Zero-day buses: none for a while, then three at once. Here's Google joining Apple and Adobe in "zero-day week"
Related tags
β
Google
Google
Chrome
Microsoft
Edge
Vulnerability
chrome
Chromium
CVE-2022-0609
Zero
Day
February 15
th
2022 at 19:17
Naked Security
Adobe fixes zero-day exploit in e-commerce code: update now!
February 14
th
2022 at 22:38Β
Adobe fixes zero-day exploit in e-commerce code: update now!
By
Paul Ducklin
There's a remote code execution hole in Adobe e-commerce products - and cybercrooks are already exploiting it.
Related tags
β
Adobe
Vulnerability
CVE-2022-24086
Exploit
vulnerability
Zero
Day
February 14
th
2022 at 22:38
Naked Security
Apple zero-day drama for Macs, iPhones and iPads β patch now!
February 11
th
2022 at 14:25Β
Apple zero-day drama for Macs, iPhones and iPads β patch now!
By
Paul Ducklin
Sudden update! Zero-day browser hole! Drive-by malware danger! Patch Apple laptops and phones now...
apple-1200
Related tags
β
Apple
iOS
OS
X
Vulnerability
CVE-2022-22620
iPad
iPhone
macOS
vulnerability
February 11
th
2022 at 14:25
Naked Security
Microsoft blocks web installation of its own App Installer files
February 7
th
2022 at 16:36Β
Microsoft blocks web installation of its own App Installer files
By
Paul Ducklin
It's a big deal when a vendor decides to block one of its own "features" for security reasons. Here's why we think it's a good idea.
Related tags
β
Malware
Phishing
Vulnerability
App
Bundle
App
Installer
CVE-2021-43890
MSIX
Windows
February 7
th
2022 at 16:36
Naked Security
Linux kernel patches βperformance can be harmfulβ bug in video driver
February 1
st
2022 at 19:59Β
Linux kernel patches βperformance can be harmfulβ bug in video driver
By
Paul Ducklin
This bug is fiendishly hard to exploit - but if you patch, it won't be there to exploit at all.
Related tags
β
Data
loss
Vulnerability
CVE-2022-0330
drm/i915
Linux
February 1
st
2022 at 19:59
Naked Security
S3 Ep67: Tax scams, carder busts and crypto capers [Podcast + Transcript]
January 27
th
2022 at 19:57Β
S3 Ep67: Tax scams, carder busts and crypto capers [Podcast + Transcript]
By
Paul Ducklin
Latest episode - listen now!
Related tags
β
Podcast
2FA
cryptocurrency
Naked
Security
Podcast
scams
January 27
th
2022 at 19:57
Naked Security
βPwnKitβ security bug gets you root on most Linux distros β what to do
January 26
th
2022 at 19:58Β
βPwnKitβ security bug gets you root on most Linux distros β what to do
By
Paul Ducklin
An elevation of privilege bug that could let a "mostly harmless" user give themselves a instant root shell
Related tags
β
Linux
Vulnerability
CVE-2021-4034
EoP
pkexec
PwnKit
January 26
th
2022 at 19:58
Naked Security
Cryptocoin broker Crypto.com says 2FA bypass led to $35m theft
January 21
st
2022 at 16:25Β
Cryptocoin broker Crypto.com says 2FA bypass led to $35m theft
By
Paul Ducklin
The company has put out a brief security report that summarises the 'what', but not yet the 'how' or 'why'.
Related tags
β
Cryptocurrency
Vulnerability
2FA
Crypto.com
cryptocurrency
January 21
st
2022 at 16:25
Naked Security
Wormable Windows HTTP hole β what you need to know
January 12
th
2022 at 16:24Β
Wormable Windows HTTP hole β what you need to know
By
Paul Ducklin
One bug in the January 2022 Patch Tuesday list is getting lots of attention: "HTTP Protocol Stack Remote Code Execution Vulnerability".
Related tags
β
Microsoft
Vulnerability
CVE-2022-21907
http
HTTP.sys
IIS
Patch
Tuesday
worm
January 12
th
2022 at 16:24
Naked Security
Home routers with NetUSB support could have critical kernel hole
January 11
th
2022 at 17:42Β
Home routers with NetUSB support could have critical kernel hole
By
Paul Ducklin
Got a router that supports USB access across the network? You might need a kernel update...
Related tags
β
Vulnerability
buffer
overflow
CVE-2021-45608
NetUSB
usb
January 11
th
2022 at 17:42
Naked Security
Log4Shell-like security hole found in popular Java SQL database engine H2
January 7
th
2022 at 19:32Β
Log4Shell-like security hole found in popular Java SQL database engine H2
By
Paul Ducklin
"It's Log4Shell, Jim, but not as we know it." How to find and fix a JNDI-based vuln in the H2 Database Engine.
Related tags
β
Vulnerability
CVE-2021-42392
H2
Java
JNDI
Log4j
SQL
January 7
th
2022 at 19:32
Naked Security
Log4Shell vulnerability Number Four: βMuch ado about somethingβ
December 29
th
2021 at 19:12Β
Log4Shell vulnerability Number Four: βMuch ado about somethingβ
By
Paul Ducklin
It's a Log4j bug, and you ought to patch it. But we don't think it's a critical crisis like the last one.
Related tags
β
Vulnerability
Apache
CVE-2021-44228
CVE-2021-44832
Java
Log4j
Log4Shell
Patch
vulnerability
December 29
th
2021 at 19:12
Naked Security
SFW! The Top N CyberΒsecurity Stories of 2021 (for small positive integer values of N)
December 24
th
2021 at 17:44Β
SFW! The Top N CyberΒsecurity Stories of 2021 (for small positive integer values of N)
By
Paul Ducklin
Happy Holidays! Our Top N stories, all totally SFW!
Related tags
β
Security
leadership
Security
threats
2018
US
State
of
Cybercrime
Cybercrime
cybersecurity
Happy
Holidays
Top
3
December 24
th
2021 at 17:44
Naked Security
Apacheβs other product: Critical bugs in βhttpdβ web server, patch now!
December 21
st
2021 at 19:57Β
Apacheβs other product: Critical bugs in βhttpdβ web server, patch now!
By
Paul Ducklin
The Apache web server just got an update - this one is nothing to do with Log4j!
Related tags
β
Vulnerability
Apache
CVE-2021-44224
CVE-2021-44790
httpd
web
server
December 21
st
2021 at 19:57
Naked Security
Log4Shell: The Movie⦠a short, safe visual tour for work and home
December 20
th
2021 at 13:20Β
Log4Shell: The Movie⦠a short, safe visual tour for work and home
By
Paul Ducklin
Be happy that your sysadmins are taking one (three, actually!) for the team right now... here's why!
Related tags
β
Video
CVE-2021-44228
CVE-2021-45046
CVE-2021-45105
December 20
th
2021 at 13:20
Naked Security
Serious Security: OpenSSL fixes βerror conflationβ bugs β how mixing up mistakes can lead to trouble
December 17
th
2021 at 17:57Β
Serious Security: OpenSSL fixes βerror conflationβ bugs β how mixing up mistakes can lead to trouble
By
Paul Ducklin
Have you ever seen the message "An error occurred"? Even worse, the message "This error cannot occur"? Facts matter!
Related tags
β
Cryptography
CVE-2021-4044
openssl
Patching
vulnerability
December 17
th
2021 at 17:57
Naked Security
S3 Ep63: Log4Shell (what else?) and Apple kernel bugs [Podcast+Transcript]
December 16
th
2021 at 17:41Β
S3 Ep63: Log4Shell (what else?) and Apple kernel bugs [Podcast+Transcript]
By
Paul Ducklin
Latest episode - listen now! (Yes, there are plenty of critical things to go along with Log4Shell.)
Related tags
β
Apple
Podcast
CVE-2021-44228
Exploit
iPhone
jailbreak
Log4Shell
macOS
Naked
Security
Podcast
December 16
th
2021 at 17:41
Naked Security
Log4Shell explained β how it works, why you need to know, and how to fix it
December 13
th
2021 at 19:41Β
Log4Shell explained β how it works, why you need to know, and how to fix it
By
Paul Ducklin
Find out how to deal with the Log4Shell vulnerability right across your estate. Yes, you need to patch, but that helps everyone else along with you!
Related tags
β
Vulnerability
CVE-2021-44228
Log4j
Log4Shell
December 13
th
2021 at 19:41
Naked Security
βLog4Shellβ Java vulnerability β how to safeguard your servers
December 10
th
2021 at 19:22Β
βLog4Shellβ Java vulnerability β how to safeguard your servers
By
Paul Ducklin
Just when you thought it was safe to relax for the weekend... a critical bug showed up in Apache's Log4j product
Related tags
β
Vulnerability
Apache
CVE-2021-44228
Exploit
Java
Log4Shell
LOGJAM
rce
December 10
th
2021 at 19:22
Naked Security
Check your patches β public exploit now out for critical Exchange bug
November 23
rd
2021 at 14:36Β
Check your patches β public exploit now out for critical Exchange bug
By
Paul Ducklin
It was a zero-day bug until Patch Tuesday, now there's an anyone-can-use-it exploit. Don't be the one who hasn't patched.
Related tags
β
Microsoft
Vulnerability
CVE-2021-42321
exchange
Patch
Patch
Tuesday
Zero
Day
November 23
rd
2021 at 14:36
Load more articles