Login
FreshRSS
Login
About FreshRSS
Main stream
Favourites (0)
Security
/r/netsec - Information Security News & Discussion
Dark Reading:
http://blog.trendmicro.com/feed
ICS-CERT Alert Feed
Infosec Island Latest Articles
InfoSec Resources
Krebs on Security
McAfee Blogs
Naked Security
News β Packet Storm
Paul's Security Weekly
SANS Internet Storm Center, InfoCON: green
Security β Cisco Blog
SecurityFocus News
The first stop for security news | Threatpost
The Hacker News
The Register - Security
Threatpost | The first stop for security news
Troy Hunt
Verisign Blog
WeLiveSecurity
WIRED
ZDNet | security RSS
Tools
Security Tool Files β Packet Storm
ToolsWatch.org β The Hackers Arsenal Tools Portal
Vulnerabilities
Advisory Files β Packet Storm
Exploit-DB Updates
Full Disclosure
SecurityFocus Vulnerabilities
There are new available articles, click to refresh the page.
Before yesterday
Naked Security
Naked Security
Updates to Appleβs zero-day update story β iPhone and iPad users read this!
October 28
th
2022 at 18:04Β
Updates to Appleβs zero-day update story β iPhone and iPad users read this!
By
Paul Ducklin
Turns out that Tuesday's zero-day for iOS 16 is Friday's zero-day for iOS 15...
Related tags
β
Apple
Vulnerability
CVE-2022-42827
iPad
iPhone
spyware
Zero
Day
October 28
th
2022 at 18:04
Naked Security
Apple megaupdate: Ventura out, iOS and iPad kernel zero-day β act now!
October 25
th
2022 at 18:03Β
Apple megaupdate: Ventura out, iOS and iPad kernel zero-day β act now!
By
Paul Ducklin
Ventura hits the market with 112 patches, Catalina's gone missing, and iPhones and iPads get a critical kernel-level zero-day patch...
Related tags
β
Apple
iOS
OS
X
Vulnerability
day
CVE-2022-42827
Exploit
ios
iPad
iPhone
mac
vulnerability
zer-day
October 25
th
2022 at 18:03
Naked Security
Dangerous hole in Apache Commons Text β like Log4Shell all over again
October 18
th
2022 at 17:26Β
Dangerous hole in Apache Commons Text β like Log4Shell all over again
By
Paul Ducklin
Third time unlucky. Time to put your patching boots on again...
act-1200
Related tags
β
Vulnerability
Apache
Apache
Commons
Text
CVE-2022-42889
Log4j
Log4Shell
string
interpolation
October 18
th
2022 at 17:26
Naked Security
Patch Tuesday in brief β one 0-day fixed, but no patches for Exchange!
October 12
th
2022 at 16:58Β
Patch Tuesday in brief β one 0-day fixed, but no patches for Exchange!
By
Paul Ducklin
There's a zero-day patch, but it's not for the zero-day you thought.
Related tags
β
Microsoft
Vulnerability
Windows
day
Exploit
Patch
Tuesday
vulnerability
October 12
th
2022 at 16:58
Naked Security
Mystery iPhone update patches against iOS 16 mail crash-attack
October 11
th
2022 at 00:28Β
Mystery iPhone update patches against iOS 16 mail crash-attack
By
Paul Ducklin
The problem with crashy messaging apps is that *other people* get to choose if and when to send you messages...
Related tags
β
Apple
iOS
Vulnerability
crash-of-death
CVE-2022-22658
ios
October 11
th
2022 at 00:28
Naked Security
S3 Ep103: Scammers in the Slammer (and other stories) [Audio + Text]
October 6
th
2022 at 14:43Β
S3 Ep103: Scammers in the Slammer (and other stories) [Audio + Text]
By
Paul Ducklin
Latest episode - listen and learn now (or read and revise, if the written word is your thing)...
Related tags
β
Law
&
order
Microsoft
Podcast
:ProxyNotShell
BEC
bust
exchange
Exploit
Naked
Security
Podcast
robocalls
romance
scam
vulnerability
October 6
th
2022 at 14:43
Naked Security
S3 Ep102.5: βProxyNotShellβ Exchange bugs β an expert speaks [Audio + Text]
October 1
st
2022 at 14:05Β
S3 Ep102.5: βProxyNotShellβ Exchange bugs β an expert speaks [Audio + Text]
By
Paul Ducklin
Who's affected, what you can do while waiting for Microsoft's patches, and how to plan your threat hunting...
Related tags
β
Microsoft
Podcast
Vulnerability
:ProxyNotShell
chester
wisniewski
CVE-2022-41040
CVE-2022-41042
exchange
Zero
Day
October 1
st
2022 at 14:05
Naked Security
URGENT! Microsoft Exchange double zero-day β βlike ProxyShell, only differentβ
September 30
th
2022 at 18:25Β
URGENT! Microsoft Exchange double zero-day β βlike ProxyShell, only differentβ
By
Paul Ducklin
Double-play 0-day in Exchange - what you need to know, and what you can do
Related tags
β
Microsoft
Vulnerability
CVE-2022-41040
CVE-2022-41082
exchange
vulnerability
Zero
Day
September 30
th
2022 at 18:25
Naked Security
WhatsApp βzero-day exploitβ news scare β what you need to know
September 27
th
2022 at 18:51Β
WhatsApp βzero-day exploitβ news scare β what you need to know
By
Paul Ducklin
Is WhatsApp currently under active attack by cybercriminals? Is this a clear and current danger? How worried should WhatsApp users be?
Related tags
β
Vulnerability
Exploit
vulnerability
WhatsApp
September 27
th
2022 at 18:51
Naked Security
Apple patches zero-day holes β even in the brand new iOS 16
September 12
th
2022 at 21:25Β
Apple patches zero-day holes β even in the brand new iOS 16
By
Paul Ducklin
Five updates, one upgrade, plus two zero-days. Patch your Macs, iPhones and iPads as soon as you can (again)...
apple-plus-16-1200
Related tags
β
Apple
iOS
OS
X
Vulnerability
September 12
th
2022 at 21:25
Naked Security
Chrome and Edge fix zero-day security hole β update now!
September 5
th
2022 at 15:12Β
Chrome and Edge fix zero-day security hole β update now!
By
Paul Ducklin
This time, the crooks got there first - only 1 security hole patched, but it's a zero-day.
Related tags
β
Google
Google
Chrome
Vulnerability
chrome
CVE-2022-3075
Exploit
Patch
Zero
Day
September 5
th
2022 at 15:12
Naked Security
S3 Ep98: The LastPass saga β should we stop using password managers? [Audio + Text]
September 1
st
2022 at 16:55Β
S3 Ep98: The LastPass saga β should we stop using password managers? [Audio + Text]
By
Paul Ducklin
Latest episode - listen now!
Related tags
β
Podcast
airgap
bugs
chrome
data
loss
JavaScript
LastPass
vulnerability
September 1
st
2022 at 16:55
Naked Security
Chrome patches 24 security holes, enables βSanitizerβ safety system
August 31
st
2022 at 11:48Β
Chrome patches 24 security holes, enables βSanitizerβ safety system
By
Paul Ducklin
24 existing bugs fixed. And, we hope, numerous potential future bugs prevented.
Related tags
β
Google
Google
Chrome
Vulnerability
buffer
overflow
chrome
Sanitizer
use-after-free
vulnerability
XSS
August 31
st
2022 at 11:48
Naked Security
JavaScript bugs aplenty in Node.js ecosystem β found automatically
August 30
th
2022 at 16:59Β
JavaScript bugs aplenty in Node.js ecosystem β found automatically
By
Paul Ducklin
How to get the better of bugs in all the possible packages in your supply chain?
Related tags
β
Vulnerability
bug-hunting
cve
JavaScript
vulnerability
August 30
th
2022 at 16:59
Naked Security
Firefox 104 is out β no critical bugs, but update anyway
August 26
th
2022 at 16:27Β
Firefox 104 is out β no critical bugs, but update anyway
By
Paul Ducklin
Two trust-spoofing bugs were the main culprits this month - but neither one was a zero-day.
Related tags
β
Firefox
Mozilla
Vulnerability
Patch
vulnerability
August 26
th
2022 at 16:27
Naked Security
S3 Ep97: Did your iPhone get pwned? How would you know? [Audio + Text]
August 25
th
2022 at 15:37Β
S3 Ep97: Did your iPhone get pwned? How would you know? [Audio + Text]
By
Paul Ducklin
Latest episode - listen now! (Or read the transcript if you prefer the text version.)
Related tags
β
Apple
Cryptocurrency
Google
Microsoft
Podcast
Vulnerability
"Edge"
chrome
crypto
cryptocurrency
denial
of
service
DOS
iPhone
Naked
Security
Podcast
R&B
Zero
Day
August 25
th
2022 at 15:37
Naked Security
Breaching airgap security: using your phoneβs gyroscope as a microphone
August 24
th
2022 at 18:59Β
Breaching airgap security: using your phoneβs gyroscope as a microphone
By
Paul Ducklin
One bit per second makes the Voyager probe data rate seem blindingly fast. But it's enough to break your security assumptions...
Related tags
β
Data
loss
Vulnerability
airgap
Ben
Gurion
Ben-Gurion
University
data
leakage
GAIROSCOPE
August 24
th
2022 at 18:59
Naked Security
Bitcoin ATMs leeched by attackers who created fake admin accounts
August 23
rd
2022 at 18:35Β
Bitcoin ATMs leeched by attackers who created fake admin accounts
By
Paul Ducklin
The criminals didn't implant any malware. The attack was orchestrated via malevolent configuration changes.
Related tags
β
Cryptocurrency
Vulnerability
atm
BTC
crypto
cryptocurrency
General
Bytes
phantom
withdrawal
vulnerability
August 23
rd
2022 at 18:35
Naked Security
Laptop denial-of-service via music: the 1980s R&B song with a CVE!
August 22
nd
2022 at 16:03Β
Laptop denial-of-service via music: the 1980s R&B song with a CVE!
By
Paul Ducklin
We haven't validated this vuln ourselves... but the source of the story is impeccable. (Impeccably dressed, at least.)
Related tags
β
Vulnerability
chen
CVE-2022-38392
Janet
Jackson
music
Raymond
Chen
resonance
August 22
nd
2022 at 16:03
Naked Security
Apple patches double zero-day in browser and kernel β update now!
August 17
th
2022 at 23:33Β
Apple patches double zero-day in browser and kernel β update now!
By
Paul Ducklin
Double 0-day exploits - one in WebKit (to break in) and the other in the kernel (to take over). Patch now!
Related tags
β
Apple
iOS
Malware
OS
X
Vulnerability
CVE-2022-32893
CVE-2022-32894
ios
iPadOS
jailbreak
macOS
spyware
August 17
th
2022 at 23:33
Naked Security
Chrome browser gets 11 security fixes with 1 zero-day β update now!
August 17
th
2022 at 13:16Β
Chrome browser gets 11 security fixes with 1 zero-day β update now!
By
Paul Ducklin
Don't delay - patch today.
Related tags
β
Google
Google
Chrome
Vulnerability
August 17
th
2022 at 13:16
Naked Security
Zoom for Mac patches critical bug β update now!
August 15
th
2022 at 18:26Β
Zoom for Mac patches critical bug β update now!
By
Paul Ducklin
There's many a slip 'twixt the cup and the lip. Or at least between the TOC and the TOU...
Related tags
β
OS
X
Vulnerability
CVE-2022-28756
macOS
Wardle
zoom
August 15
th
2022 at 18:26
Naked Security
APIC/EPIC! Intel chips leak secrets even the kernel shouldnβt seeβ¦
August 10
th
2022 at 16:59Β
APIC/EPIC! Intel chips leak secrets even the kernel shouldnβt seeβ¦
By
Paul Ducklin
If you've ever written code that left stuff lying around in memory when you didn't need it any more... we bet you've regretted it!
Related tags
β
Cryptography
Data
loss
Vulnerability
APIC
CVE-2022-21233
EPIC
SGX
ΓPIC
Leak
August 10
th
2022 at 16:59
Naked Security
S3 Ep94: This sort of crypto (graphy), and the other sort of crypto (currency!) [Audio + Text]
August 4
th
2022 at 17:52Β
S3 Ep94: This sort of crypto (graphy), and the other sort of crypto (currency!) [Audio + Text]
By
Paul Ducklin
Latest episode - listen now! (Or read if that's what you prefer.)
Related tags
β
Cryptocurrency
Cryptography
Podcast
Vulnerability
cryptocurrency
cryptogram
Cybercrime
Naked
Security
Podcast
August 4
th
2022 at 17:52
Naked Security
Cryptocoin βtoken swapperβ Nomad loses $200 million in coding blunder
August 2
nd
2022 at 16:12Β
Cryptocoin βtoken swapperβ Nomad loses $200 million in coding blunder
By
Paul Ducklin
Transactions were only approved, it seems, if they were initiated by... errrrr, by anyone.
Related tags
β
Cryptocurrency
Cryptography
Vulnerability
cryptocoin
cryptocurrency
DeFi
Nomad
August 2
nd
2022 at 16:12
Naked Security
GnuTLS patches memory mismanagement bug β update now!
August 1
st
2022 at 16:55Β
GnuTLS patches memory mismanagement bug β update now!
By
Paul Ducklin
GnuTLS may well be the most widespread cryptographic toolkit you've never heard of. Learn more...
Related tags
β
Cryptography
Vulnerability
CVE-2022-2509
double-free
gnutls
heartbleed
August 1
st
2022 at 16:55
Naked Security
S3 Ep93: Office security, breach costs, and leisurely patches [Audio + Text]
July 28
th
2022 at 15:47Β
S3 Ep93: Office security, breach costs, and leisurely patches [Audio + Text]
By
Paul Ducklin
Latest episode - listen now!
Related tags
β
Apple
Data
loss
Law
&
order
Mozilla
Podcast
Privacy
Vulnerability
Safari
T-Mobile
vulnerability
Zero
Day
July 28
th
2022 at 15:47
Naked Security
Critical Samba bug could let anyone become Domain Admin β patch now!
July 27
th
2022 at 21:15Β
Critical Samba bug could let anyone become Domain Admin β patch now!
By
Paul Ducklin
It's a serious bug... but there's a fix for it, so you know exactly what to do!
Related tags
β
Vulnerability
CVE-2022-32744
password
reset
Samba
July 27
th
2022 at 21:15
Naked Security
Mild monthly security update from Firefox β but update anyway
July 27
th
2022 at 00:41Β
Mild monthly security update from Firefox β but update anyway
By
Paul Ducklin
You're probably thinking we're going to say, "Don't delay/Do it today"... and that's exactly what we are saying!
Related tags
β
Firefox
Mozilla
Vulnerability
clickjacking
vulnerability
July 27
th
2022 at 00:41
Naked Security
Apple patches β0-dayβ browser bug fixed 2 weeks ago in Chrome, Edge
July 21
st
2022 at 12:38Β
Apple patches β0-dayβ browser bug fixed 2 weeks ago in Chrome, Edge
By
Paul Ducklin
One vendor's zero-day is another vendor's routine patch...
Related tags
β
Apple
Vulnerability
iPad
iPhone
mac
macOS
vulnerability
July 21
st
2022 at 12:38
Naked Security
8 months on, US says Log4Shell will be around for βa decade or longerβ
July 18
th
2022 at 16:57Β
8 months on, US says Log4Shell will be around for βa decade or longerβ
By
Paul Ducklin
When it comes to cybersecurity, ask not what everyone else can do for you...
Related tags
β
Malware
Vulnerability
CSRB
DHS
Log4j
Log4Shell
Security.txt
July 18
th
2022 at 16:57
Naked Security
Apache βCommons Configurationβ patches Log4Shell-style bug β what you need to know
July 8
th
2022 at 00:59Β
Apache βCommons Configurationβ patches Log4Shell-style bug β what you need to know
By
Paul Ducklin
It's a bit like Log4J, but for configuration files, not for logging.
Related tags
β
Vulnerability
Apache
Commons
CVE-2022-33980
July 8
th
2022 at 00:59
Naked Security
S3 Ep90: Chrome 0-day again, True Cybercrime, and a 2FA bypass [Podcast + Transcript]
July 7
th
2022 at 18:46Β
S3 Ep90: Chrome 0-day again, True Cybercrime, and a 2FA bypass [Podcast + Transcript]
By
Paul Ducklin
Listen now! Or read if you prefer...
Related tags
β
Cryptocurrency
Google
Google
Chrome
Law
&
order
Podcast
Vulnerability
2FA
busts
cryptocurrency
Naked
Security
Podcast
OneCoin
July 7
th
2022 at 18:46
Naked Security
OpenSSL fixes two βone-linerβ crypto bugs β what you need to know
July 6
th
2022 at 16:52Β
OpenSSL fixes two βone-linerβ crypto bugs β what you need to know
By
Paul Ducklin
"As bad as Heartbleed"? We heard that concern a week ago, but we think it's less ungood than that...
Related tags
β
Cryptography
Vulnerability
AES
openssl
RSA
vulnerability
July 6
th
2022 at 16:52
Naked Security
Google patches βin-the-wildβ Chrome zero-day β update now!
July 5
th
2022 at 15:55Β
Google patches βin-the-wildβ Chrome zero-day β update now!
By
Paul Ducklin
Running Chrome? Do the "Help-About-Update" dance move right now, just to be sure...
Related tags
β
Google
Google
Chrome
Vulnerability
day
chrome
CVE-2022-2294
vulnerability
zer-day
Zero
Day
July 5
th
2022 at 15:55
Naked Security
S3 Ep89: Sextortion, blockchain blunder, and an OpenSSL bugfix [Podcast + Transcript]
June 30
th
2022 at 12:57Β
S3 Ep89: Sextortion, blockchain blunder, and an OpenSSL bugfix [Podcast + Transcript]
By
Paul Ducklin
Latest episode - listen and read now! Use our advice to advise your own friends and family... let's all do our bit to stand up to scammers!
Related tags
β
Cryptocurrency
Cryptography
Law
&
order
Podcast
Vulnerability
crypto
cryptocurrency
extortion
Naked
Security
Podcast
openssl
scammers
June 30
th
2022 at 12:57
Naked Security
Firefox 102 fixes address bar spoofing security hole (and helps with Follina!)
June 29
th
2022 at 16:11Β
Firefox 102 fixes address bar spoofing security hole (and helps with Follina!)
By
Paul Ducklin
Firefox squashes a bug that helped phishers, and brings its own helping hand to Microsoft's "Follina" saga.
Related tags
β
Firefox
Mozilla
Vulnerability
Follina
Patch
vulnerability
June 29
th
2022 at 16:11
Naked Security
OpenSSL issues a bugfix for the previous bugfix
June 24
th
2022 at 15:32Β
OpenSSL issues a bugfix for the previous bugfix
By
Paul Ducklin
Fortunately, it's not a major bugfix, which means it's easy to patch and can teach us all some useful lessons.
Related tags
β
Cryptography
Vulnerability
command
injection
crypto
openssl
June 24
th
2022 at 15:32
Naked Security
S3 Ep87: Follina, AirTags, ID theft and the Law of Big Numbers [Podcast]
June 16
th
2022 at 16:52Β
S3 Ep87: Follina, AirTags, ID theft and the Law of Big Numbers [Podcast]
By
Paul Ducklin
Lastest epsiode - listen now!
Related tags
β
Apple
Microsoft
Phishing
Podcast
Vulnerability
CVE-2022-30190
Exploit
Follina
phishing
SMS
vishing
vulnerability
June 16
th
2022 at 16:52
Naked Security
Follina gets fixed β but itβs not listed in the Patch Tuesday patches!
June 15
th
2022 at 01:20Β
Follina gets fixed β but itβs not listed in the Patch Tuesday patches!
By
Paul Ducklin
We tried it out to make sure, so you don't have to.
Related tags
β
Microsoft
Vulnerability
CVE-2022-30190
Follina
Patch
Tuesday
June 15
th
2022 at 01:20
Naked Security
Youβre invited! Join us for a live walkthrough of the βFollinaβ storyβ¦
June 13
th
2022 at 16:28Β
Youβre invited! Join us for a live walkthrough of the βFollinaβ storyβ¦
By
Paul Ducklin
Live demo, plain English, no sales pitch, just a chance to watch an attack dissected in safety. Join us if you can!
Related tags
β
Malware
Security
leadership
Vulnerability
CVE-2022-30190
Follina
webinar
June 13
th
2022 at 16:28
Naked Security
S3 Ep86: The crooks were in our network for HOW long?! [Podcast + Transcript]
June 9
th
2022 at 13:07Β
S3 Ep86: The crooks were in our network for HOW long?! [Podcast + Transcript]
By
Paul Ducklin
Latest episode - listen (or read) now!
Related tags
β
Podcast
Active
Adversary
MDR
MTR
Naked
Security
Podcast
vulnerability
Zero
Day
June 9
th
2022 at 13:07
Naked Security
Know your enemy! Learn how cybercrime adversaries get inβ¦
June 7
th
2022 at 15:49Β
Know your enemy! Learn how cybercrime adversaries get inβ¦
By
Paul Ducklin
Here's how 144 recent attacks actually went down in real life. Don't let this happen to you!
Related tags
β
Phishing
Privacy
Ransomware
Security
leadership
Vulnerability
data
theft
MDR
MTR
ransomware
threat
response
June 7
th
2022 at 15:49
Naked Security
Atlassian announces 0-day hole in Confluence Server β update now!
June 3
rd
2022 at 18:59Β
Atlassian announces 0-day hole in Confluence Server β update now!
By
Paul Ducklin
Zero-day announced - here's what you need to know
Related tags
β
Vulnerability
atlassian
CVE-2022-26134
Zero
Day
June 3
rd
2022 at 18:59
Naked Security
Yet another zero-day (sort of) in Windows βsearch URLβ handling
June 2
nd
2022 at 19:39Β
Yet another zero-day (sort of) in Windows βsearch URLβ handling
By
Paul Ducklin
More trouble with special-purpose URLs on Windows.
Related tags
β
Microsoft
Vulnerability
url
vulnerability
Windows
June 2
nd
2022 at 19:39
Naked Security
S3 Ep85: Now THATβS what I call a Microsoft Office exploit! [Podcast]
June 2
nd
2022 at 18:37Β
S3 Ep85: Now THATβS what I call a Microsoft Office exploit! [Podcast]
By
Paul Ducklin
Latest episode - listen now!
Related tags
β
Phishing
Podcast
Privacy
Vulnerability
CVE-2022-30190
Follina
Naked
Security
Podcast
smishing
SMS
webcam
June 2
nd
2022 at 18:37
Naked Security
Firefox 101 is out, this time with no 0-day scares (but update anyway!)
June 1
st
2022 at 14:31Β
Firefox 101 is out, this time with no 0-day scares (but update anyway!)
By
Paul Ducklin
After an intriguing month of Firefox releases, here's one with a bit less drama, probably to the collective relief of Mozilla's coders.
Related tags
β
Firefox
Mozilla
Vulnerability
Patch
vulnerability
June 1
st
2022 at 14:31
Naked Security
Mysterious βFollinaβ zero-day hole in Office β hereβs what to do!
May 30
th
2022 at 23:01Β
Mysterious βFollinaβ zero-day hole in Office β hereβs what to do!
By
Paul Ducklin
News has emerged of a "feature" in Office that has been abused as a zero-day bug to run evil code. Turning off macros doesn't help!
Related tags
β
Microsoft
Security
threats
Vulnerability
CVE-2022-30190
Follina
ms-msdt
MSDT
Office
Zero
Day
May 30
th
2022 at 23:01
Naked Security
S3 Ep84: Government demand, Mozilla velocity, and Clearview fine [Podcast]
May 27
th
2022 at 11:17Β
S3 Ep84: Government demand, Mozilla velocity, and Clearview fine [Podcast]
By
Paul Ducklin
Latest episode - listen now!
Related tags
β
Podcast
Privacy
Vulnerability
Clearview
Mozilla
Naked
Security
Podcast
Patching
VMware
May 27
th
2022 at 11:17
Naked Security
Poisoned Python and PHP packages purloin passwords for AWS access
May 24
th
2022 at 23:04Β
Poisoned Python and PHP packages purloin passwords for AWS access
By
Paul Ducklin
More supply chain trouble - this time with clear examples so you can learn how to spot this stuff yourself.
Related tags
β
Malware
Vulnerability
exfiltration
PHP
python
secops
supply
chain
XDR
May 24
th
2022 at 23:04
Naked Security
Mozilla patches Wednesdayβs Pwn2Own double-exploitβ¦ on Friday!
May 20
th
2022 at 23:47Β
Mozilla patches Wednesdayβs Pwn2Own double-exploitβ¦ on Friday!
By
Paul Ducklin
That was quick! 48 hours from exploit report to published patch.
Related tags
β
Firefox
Mozilla
Vulnerability
CVE-2022-1529
CVE-2022-1802
Manfred
Paul
Pwn2Own
May 20
th
2022 at 23:47
Naked Security
Microsoft patches the Patch Tuesday patch that broke authentication
May 20
th
2022 at 22:35Β
Microsoft patches the Patch Tuesday patch that broke authentication
By
Paul Ducklin
Remember the good old days when security patches rarely needed patches? Because security patches themlelves were rare enough anyway?
Related tags
β
Microsoft
Vulnerability
Windows
authentication
out-of-band
patch-to-patch
Woindows
May 20
th
2022 at 22:35
Naked Security
US Government says: Patch VMware right now, or get off our network
May 20
th
2022 at 14:03Β
US Government says: Patch VMware right now, or get off our network
By
Paul Ducklin
Find and patch. Right now. If you can't patch, get it off the network. Right now! Oh, and show us what you did to comply.
Related tags
β
Vulnerability
CVE-2022-22972
CVE-2022-22973
Federal
Government
MTR
VMware
May 20
th
2022 at 14:03
Naked Security
S3 Ep83: Cracking passwords, patching Firefox, and Apple vulns [Podcast]
May 19
th
2022 at 13:56Β
S3 Ep83: Cracking passwords, patching Firefox, and Apple vulns [Podcast]
By
Paul Ducklin
Latest episode - listen now!
Related tags
β
Law
&
order
Podcast
Vulnerability
Apple
bust
cracking
Cybercrime
Naked
Security
Podcast
May 19
th
2022 at 13:56
Naked Security
Pwn2Own hacking schedule released β Windows and Linux are top targets
May 18
th
2022 at 13:04Β
Pwn2Own hacking schedule released β Windows and Linux are top targets
By
Paul Ducklin
What's better? Disclose early, patch fast? Or dig deep, disclose in full, patch more slowly?
Related tags
β
Vulnerability
hacking
Pwn2Own
research
secops
May 18
th
2022 at 13:04
Naked Security
Apple patches zero-day kernel hole and much more β update now!
May 17
th
2022 at 09:30Β
Apple patches zero-day kernel hole and much more β update now!
By
Paul Ducklin
You'll find fixes for numerous kernel-level code execution holes, including an 0-day vulnerability in many (though not all) versions.
Related tags
β
Apple
iOS
OS
X
Vulnerability
day
Patch
vulnerability
Zero
Day
May 17
th
2022 at 09:30
Naked Security
Serious Security: Learning from curlβs latest bug update
May 12
th
2022 at 15:08Β
Serious Security: Learning from curlβs latest bug update
By
Paul Ducklin
Learn how to write plain-speaking and purposeful security advisories from one of the most widely-used open source tools in the world.
Related tags
β
Vulnerability
curl
security
bypass
vulnerability
May 12
th
2022 at 15:08
Naked Security
RubyGems supply chain rip-and-replace bug fixed β check your logs!
May 9
th
2022 at 15:41Β
RubyGems supply chain rip-and-replace bug fixed β check your logs!
By
Paul Ducklin
Imagine if you could assume the identity of, say, Franklin Delano Roosevelt simply by showing up and calling yourself "Frank".
ruby-1200
Related tags
β
Vulnerability
CVE-2022-29176
ruby
RubyGems
suppy
chain
vulnerability
May 9
th
2022 at 15:41
Naked Security
You didnβt leave enough space between ROSE and AND, and AND and CROWN
May 6
th
2022 at 16:59Β
You didnβt leave enough space between ROSE and AND, and AND and CROWN
By
Paul Ducklin
What weird Google Docs bug connects the words THEREFORE, AND, SECONDLY, WHY, BUT and BESIDES?
Related tags
β
Google
Vulnerability
crash
Google
Docs
recursion
May 6
th
2022 at 16:59
Naked Security
Android monthly updates are out β critical bugs found in critical places!
May 4
th
2022 at 15:54Β
Android monthly updates are out β critical bugs found in critical places!
By
Paul Ducklin
Android May 2022 updates are out - with some critical fixes in some critical places. Learn more...
Related tags
β
Android
Google
Vulnerability
critical
Patch
update
vulnerability
May 4
th
2022 at 15:54
Load more articles