Login
FreshRSS
Login
About FreshRSS
Main stream
Favourites (0)
Security
/r/netsec - Information Security News & Discussion
Dark Reading:
http://blog.trendmicro.com/feed
ICS-CERT Alert Feed
Infosec Island Latest Articles
InfoSec Resources
Krebs on Security
McAfee Blogs
Naked Security
News β Packet Storm
Paul's Security Weekly
SANS Internet Storm Center, InfoCON: green
Security β Cisco Blog
SecurityFocus News
The first stop for security news | Threatpost
The Hacker News
The Register - Security
Threatpost | The first stop for security news
Troy Hunt
Verisign Blog
WeLiveSecurity
WIRED
ZDNet | security RSS
Tools
Security Tool Files β Packet Storm
ToolsWatch.org β The Hackers Arsenal Tools Portal
Vulnerabilities
Advisory Files β Packet Storm
Exploit-DB Updates
Full Disclosure
SecurityFocus Vulnerabilities
There are new available articles, click to refresh the page.
Before yesterday
Naked Security
Naked Security
OpenSSL patches are outΒ β CRITICAL bug downgraded to HIGH, but patch anyway!
November 1
st
2022 at 17:24Β
OpenSSL patches are outΒ β CRITICAL bug downgraded to HIGH, but patch anyway!
By
Paul Ducklin
That bated-breath OpenSSL update is out! It's no longer rated CRITICAL, but we advise you to patch ASAP anyway. Here's why...
Related tags
β
Cryptography
Vulnerability
CVE-2022-3602
CVE-2022-3786
openssl
vulneravility
November 1
st
2022 at 17:24
Naked Security
SHA-3 code execution bug patched in PHP β check your version!
November 1
st
2022 at 14:09Β
SHA-3 code execution bug patched in PHP β check your version!
By
Paul Ducklin
As everyone waits for news of a bug in OpenSSL, here's a reminder that other cryptographic code in your life may also need patching!
Related tags
β
Cryptography
Vulnerability
cryptograhpy
CVE-2022-37454
PHP
sha-3
November 1
st
2022 at 14:09
Naked Security
Chrome issues urgent zero-day fix β update now!
October 29
th
2022 at 15:08Β
Chrome issues urgent zero-day fix β update now!
By
Paul Ducklin
We've said it before/And we'll say it again/It's not *if* you should patch/It's a matter of *when*. (Hint: now!)
Related tags
β
Google
Google
Chrome
Vulnerability
"Edge"
day
chrome
Chromium
CVE-2022-3723
Exploit
Zero
Day
October 29
th
2022 at 15:08
Naked Security
Updates to Appleβs zero-day update story β iPhone and iPad users read this!
October 28
th
2022 at 18:04Β
Updates to Appleβs zero-day update story β iPhone and iPad users read this!
By
Paul Ducklin
Turns out that Tuesday's zero-day for iOS 16 is Friday's zero-day for iOS 15...
Related tags
β
Apple
Vulnerability
CVE-2022-42827
iPad
iPhone
spyware
Zero
Day
October 28
th
2022 at 18:04
Naked Security
Apple megaupdate: Ventura out, iOS and iPad kernel zero-day β act now!
October 25
th
2022 at 18:03Β
Apple megaupdate: Ventura out, iOS and iPad kernel zero-day β act now!
By
Paul Ducklin
Ventura hits the market with 112 patches, Catalina's gone missing, and iPhones and iPads get a critical kernel-level zero-day patch...
Related tags
β
Apple
iOS
OS
X
Vulnerability
day
CVE-2022-42827
Exploit
ios
iPad
iPhone
mac
vulnerability
zer-day
October 25
th
2022 at 18:03
Naked Security
Zoom for Mac patches sneaky βspy-on-meβ bug β update now!
October 18
th
2022 at 18:01Β
Zoom for Mac patches sneaky βspy-on-meβ bug β update now!
By
Paul Ducklin
Hey! That back door isn't supposed to be there at all, let alone propped open...
Related tags
β
Uncategorized
CVE-2022-28762
snooping
spyware
vulnerabiloity
zoom
October 18
th
2022 at 18:01
Naked Security
Dangerous hole in Apache Commons Text β like Log4Shell all over again
October 18
th
2022 at 17:26Β
Dangerous hole in Apache Commons Text β like Log4Shell all over again
By
Paul Ducklin
Third time unlucky. Time to put your patching boots on again...
act-1200
Related tags
β
Vulnerability
Apache
Apache
Commons
Text
CVE-2022-42889
Log4j
Log4Shell
string
interpolation
October 18
th
2022 at 17:26
Naked Security
Mystery iPhone update patches against iOS 16 mail crash-attack
October 11
th
2022 at 00:28Β
Mystery iPhone update patches against iOS 16 mail crash-attack
By
Paul Ducklin
The problem with crashy messaging apps is that *other people* get to choose if and when to send you messages...
Related tags
β
Apple
iOS
Vulnerability
crash-of-death
CVE-2022-22658
ios
October 11
th
2022 at 00:28
Naked Security
S3 Ep102.5: βProxyNotShellβ Exchange bugs β an expert speaks [Audio + Text]
October 1
st
2022 at 14:05Β
S3 Ep102.5: βProxyNotShellβ Exchange bugs β an expert speaks [Audio + Text]
By
Paul Ducklin
Who's affected, what you can do while waiting for Microsoft's patches, and how to plan your threat hunting...
Related tags
β
Microsoft
Podcast
Vulnerability
:ProxyNotShell
chester
wisniewski
CVE-2022-41040
CVE-2022-41042
exchange
Zero
Day
October 1
st
2022 at 14:05
Naked Security
URGENT! Microsoft Exchange double zero-day β βlike ProxyShell, only differentβ
September 30
th
2022 at 18:25Β
URGENT! Microsoft Exchange double zero-day β βlike ProxyShell, only differentβ
By
Paul Ducklin
Double-play 0-day in Exchange - what you need to know, and what you can do
Related tags
β
Microsoft
Vulnerability
CVE-2022-41040
CVE-2022-41082
exchange
vulnerability
Zero
Day
September 30
th
2022 at 18:25
Naked Security
Uber and Rockstar β has a LAPSUS$ linchpin just been busted (again)?
September 24
th
2022 at 22:57Β
Uber and Rockstar β has a LAPSUS$ linchpin just been busted (again)?
By
Paul Ducklin
Is this the same suspect as before? Is he part of LAPSUS$? Is this the man who hacked Uber and Rockstar? And, if so, who else?
Related tags
β
Law
&
order
2FA
hacking
lapsus
Rockstar
Uber
September 24
th
2022 at 22:57
Naked Security
S3 Ep101: Uber and LastPass breaches β is 2FA all itβs cracked up to be? [Audio + Text]
September 22
nd
2022 at 18:42Β
S3 Ep101: Uber and LastPass breaches β is 2FA all itβs cracked up to be? [Audio + Text]
By
Paul Ducklin
Latest episode - listen now! Learn why adopting 2FA isn't a reason to relax your other security precautions...
Related tags
β
Data
loss
Podcast
2FA
data
breach
LastPass
MFA
Naked
Security
Podcast
Uber
September 22
nd
2022 at 18:42
Naked Security
Chrome and Edge fix zero-day security hole β update now!
September 5
th
2022 at 15:12Β
Chrome and Edge fix zero-day security hole β update now!
By
Paul Ducklin
This time, the crooks got there first - only 1 security hole patched, but it's a zero-day.
Related tags
β
Google
Google
Chrome
Vulnerability
chrome
CVE-2022-3075
Exploit
Patch
Zero
Day
September 5
th
2022 at 15:12
Naked Security
URGENT! Apple slips out zero-day update for older iPhones and iPads
August 31
st
2022 at 18:42Β
URGENT! Apple slips out zero-day update for older iPhones and iPads
By
Paul Ducklin
Patch as soon as you can - that recent WebKit zero-day affecting new iPhones and iPads is apparently being used against older models, too.
Related tags
β
Apple
iOS
CVE-2022-32893
ios
spyware
webkit
Zero
Day
August 31
st
2022 at 18:42
Naked Security
Laptop denial-of-service via music: the 1980s R&B song with a CVE!
August 22
nd
2022 at 16:03Β
Laptop denial-of-service via music: the 1980s R&B song with a CVE!
By
Paul Ducklin
We haven't validated this vuln ourselves... but the source of the story is impeccable. (Impeccably dressed, at least.)
Related tags
β
Vulnerability
chen
CVE-2022-38392
Janet
Jackson
music
Raymond
Chen
resonance
August 22
nd
2022 at 16:03
Naked Security
Apple patches double zero-day in browser and kernel β update now!
August 17
th
2022 at 23:33Β
Apple patches double zero-day in browser and kernel β update now!
By
Paul Ducklin
Double 0-day exploits - one in WebKit (to break in) and the other in the kernel (to take over). Patch now!
Related tags
β
Apple
iOS
Malware
OS
X
Vulnerability
CVE-2022-32893
CVE-2022-32894
ios
iPadOS
jailbreak
macOS
spyware
August 17
th
2022 at 23:33
Naked Security
Zoom for Mac patches critical bug β update now!
August 15
th
2022 at 18:26Β
Zoom for Mac patches critical bug β update now!
By
Paul Ducklin
There's many a slip 'twixt the cup and the lip. Or at least between the TOC and the TOU...
Related tags
β
OS
X
Vulnerability
CVE-2022-28756
macOS
Wardle
zoom
August 15
th
2022 at 18:26
Naked Security
APIC/EPIC! Intel chips leak secrets even the kernel shouldnβt seeβ¦
August 10
th
2022 at 16:59Β
APIC/EPIC! Intel chips leak secrets even the kernel shouldnβt seeβ¦
By
Paul Ducklin
If you've ever written code that left stuff lying around in memory when you didn't need it any more... we bet you've regretted it!
Related tags
β
Cryptography
Data
loss
Vulnerability
APIC
CVE-2022-21233
EPIC
SGX
ΓPIC
Leak
August 10
th
2022 at 16:59
Naked Security
GnuTLS patches memory mismanagement bug β update now!
August 1
st
2022 at 16:55Β
GnuTLS patches memory mismanagement bug β update now!
By
Paul Ducklin
GnuTLS may well be the most widespread cryptographic toolkit you've never heard of. Learn more...
Related tags
β
Cryptography
Vulnerability
CVE-2022-2509
double-free
gnutls
heartbleed
August 1
st
2022 at 16:55
Naked Security
Critical Samba bug could let anyone become Domain Admin β patch now!
July 27
th
2022 at 21:15Β
Critical Samba bug could let anyone become Domain Admin β patch now!
By
Paul Ducklin
It's a serious bug... but there's a fix for it, so you know exactly what to do!
Related tags
β
Vulnerability
CVE-2022-32744
password
reset
Samba
July 27
th
2022 at 21:15
Naked Security
Facebook 2FA scammers return β this time in just 21 minutes
July 13
th
2022 at 16:46Β
Facebook 2FA scammers return β this time in just 21 minutes
By
Paul Ducklin
Last time they arrived 28 minutes after lighting up their fake domain... this time it was just 21 minutes
Related tags
β
Facebook
Phishing
Privacy
2FA
Scam
July 13
th
2022 at 16:46
Naked Security
Apache βCommons Configurationβ patches Log4Shell-style bug β what you need to know
July 8
th
2022 at 00:59Β
Apache βCommons Configurationβ patches Log4Shell-style bug β what you need to know
By
Paul Ducklin
It's a bit like Log4J, but for configuration files, not for logging.
Related tags
β
Vulnerability
Apache
Commons
CVE-2022-33980
July 8
th
2022 at 00:59
Naked Security
S3 Ep90: Chrome 0-day again, True Cybercrime, and a 2FA bypass [Podcast + Transcript]
July 7
th
2022 at 18:46Β
S3 Ep90: Chrome 0-day again, True Cybercrime, and a 2FA bypass [Podcast + Transcript]
By
Paul Ducklin
Listen now! Or read if you prefer...
Related tags
β
Cryptocurrency
Google
Google
Chrome
Law
&
order
Podcast
Vulnerability
2FA
busts
cryptocurrency
Naked
Security
Podcast
OneCoin
July 7
th
2022 at 18:46
Naked Security
Google patches βin-the-wildβ Chrome zero-day β update now!
July 5
th
2022 at 15:55Β
Google patches βin-the-wildβ Chrome zero-day β update now!
By
Paul Ducklin
Running Chrome? Do the "Help-About-Update" dance move right now, just to be sure...
Related tags
β
Google
Google
Chrome
Vulnerability
day
chrome
CVE-2022-2294
vulnerability
zer-day
Zero
Day
July 5
th
2022 at 15:55
Naked Security
Facebook 2FA phish arrives just 28 minutes after scam domain created
July 1
st
2022 at 20:01Β
Facebook 2FA phish arrives just 28 minutes after scam domain created
By
Paul Ducklin
The crooks hit us up with this phishing email less than half an hour after they activated their new scam domain.
Related tags
β
Data
loss
Facebook
Phishing
Privacy
2FA
phishing
Scam
July 1
st
2022 at 20:01
Naked Security
S3 Ep87: Follina, AirTags, ID theft and the Law of Big Numbers [Podcast]
June 16
th
2022 at 16:52Β
S3 Ep87: Follina, AirTags, ID theft and the Law of Big Numbers [Podcast]
By
Paul Ducklin
Lastest epsiode - listen now!
Related tags
β
Apple
Microsoft
Phishing
Podcast
Vulnerability
CVE-2022-30190
Exploit
Follina
phishing
SMS
vishing
vulnerability
June 16
th
2022 at 16:52
Naked Security
Follina gets fixed β but itβs not listed in the Patch Tuesday patches!
June 15
th
2022 at 01:20Β
Follina gets fixed β but itβs not listed in the Patch Tuesday patches!
By
Paul Ducklin
We tried it out to make sure, so you don't have to.
Related tags
β
Microsoft
Vulnerability
CVE-2022-30190
Follina
Patch
Tuesday
June 15
th
2022 at 01:20
Naked Security
Youβre invited! Join us for a live walkthrough of the βFollinaβ storyβ¦
June 13
th
2022 at 16:28Β
Youβre invited! Join us for a live walkthrough of the βFollinaβ storyβ¦
By
Paul Ducklin
Live demo, plain English, no sales pitch, just a chance to watch an attack dissected in safety. Join us if you can!
Related tags
β
Malware
Security
leadership
Vulnerability
CVE-2022-30190
Follina
webinar
June 13
th
2022 at 16:28
Naked Security
Atlassian announces 0-day hole in Confluence Server β update now!
June 3
rd
2022 at 18:59Β
Atlassian announces 0-day hole in Confluence Server β update now!
By
Paul Ducklin
Zero-day announced - here's what you need to know
Related tags
β
Vulnerability
atlassian
CVE-2022-26134
Zero
Day
June 3
rd
2022 at 18:59
Naked Security
S3 Ep85: Now THATβS what I call a Microsoft Office exploit! [Podcast]
June 2
nd
2022 at 18:37Β
S3 Ep85: Now THATβS what I call a Microsoft Office exploit! [Podcast]
By
Paul Ducklin
Latest episode - listen now!
Related tags
β
Phishing
Podcast
Privacy
Vulnerability
CVE-2022-30190
Follina
Naked
Security
Podcast
smishing
SMS
webcam
June 2
nd
2022 at 18:37
Naked Security
Mysterious βFollinaβ zero-day hole in Office β hereβs what to do!
May 30
th
2022 at 23:01Β
Mysterious βFollinaβ zero-day hole in Office β hereβs what to do!
By
Paul Ducklin
News has emerged of a "feature" in Office that has been abused as a zero-day bug to run evil code. Turning off macros doesn't help!
Related tags
β
Microsoft
Security
threats
Vulnerability
CVE-2022-30190
Follina
ms-msdt
MSDT
Office
Zero
Day
May 30
th
2022 at 23:01
Naked Security
Mozilla patches Wednesdayβs Pwn2Own double-exploitβ¦ on Friday!
May 20
th
2022 at 23:47Β
Mozilla patches Wednesdayβs Pwn2Own double-exploitβ¦ on Friday!
By
Paul Ducklin
That was quick! 48 hours from exploit report to published patch.
Related tags
β
Firefox
Mozilla
Vulnerability
CVE-2022-1529
CVE-2022-1802
Manfred
Paul
Pwn2Own
May 20
th
2022 at 23:47
Naked Security
US Government says: Patch VMware right now, or get off our network
May 20
th
2022 at 14:03Β
US Government says: Patch VMware right now, or get off our network
By
Paul Ducklin
Find and patch. Right now. If you can't patch, get it off the network. Right now! Oh, and show us what you did to comply.
Related tags
β
Vulnerability
CVE-2022-22972
CVE-2022-22973
Federal
Government
MTR
VMware
May 20
th
2022 at 14:03
Naked Security
Pwn2Own hacking schedule released β Windows and Linux are top targets
May 18
th
2022 at 13:04Β
Pwn2Own hacking schedule released β Windows and Linux are top targets
By
Paul Ducklin
What's better? Disclose early, patch fast? Or dig deep, disclose in full, patch more slowly?
Related tags
β
Vulnerability
hacking
Pwn2Own
research
secops
May 18
th
2022 at 13:04
Naked Security
Firefox out-of-band update to 100.0.1 β just in time for Pwn2Own?
May 15
th
2022 at 21:53Β
Firefox out-of-band update to 100.0.1 β just in time for Pwn2Own?
By
Paul Ducklin
A new point-release of Firefox. Not unusual, but the timing of this one is interesting, with Pwn2Own coming up in a few days.
Related tags
β
Firefox
Mozilla
Pwn2Own
Sandbox
May 15
th
2022 at 21:53
Naked Security
RubyGems supply chain rip-and-replace bug fixed β check your logs!
May 9
th
2022 at 15:41Β
RubyGems supply chain rip-and-replace bug fixed β check your logs!
By
Paul Ducklin
Imagine if you could assume the identity of, say, Franklin Delano Roosevelt simply by showing up and calling yourself "Frank".
ruby-1200
Related tags
β
Vulnerability
CVE-2022-29176
ruby
RubyGems
suppy
chain
vulnerability
May 9
th
2022 at 15:41
Naked Security
Critical cryptographic Java security blunder patched β update now!
April 20
th
2022 at 16:43Β
Critical cryptographic Java security blunder patched β update now!
By
Paul Ducklin
Either know the private key and use it scrupulously in your digital signature calculation.... or just send a bunch of zeros instead.
Related tags
β
Cryptography
Java
Oracle
Vulnerability
CVE-2022-21449
digital
signature
vulnerability
April 20
th
2022 at 16:43
Naked Security
Yet another Chrome zero-day emergency update β patch now!
April 16
th
2022 at 00:33Β
Yet another Chrome zero-day emergency update β patch now!
By
Paul Ducklin
The third emergency Chrome 0-day in three months - the first one was exploited by North Korea, so you might as well get this one ASAP.
Related tags
β
Google
Google
Chrome
Microsoft
Edge
Vulnerability
"Edge"
browser
chrome
CVE-2022-1364
type
confusion
vulnerability
April 16
th
2022 at 00:33
Naked Security
Two different βVMware Springβ bugs at large β we cut through the confusion
March 31
st
2022 at 16:59Β
Two different βVMware Springβ bugs at large β we cut through the confusion
By
Paul Ducklin
Whoever came up with the name "Spring4Shell" didn't help at all... we cut through the Spring Bug confusion
Related tags
β
CVE-2022-22963
CVE-2022-22965
Spring
Spring
Cloud
Spring
Framework
Spring4Shell
VMWare
Spring
March 31
st
2022 at 16:59
Naked Security
βVMware Spring Cloud Functionβ Java bug gives instant remote code execution β update now!
March 30
th
2022 at 20:38Β
βVMware Spring Cloud Functionβ Java bug gives instant remote code execution β update now!
By
Paul Ducklin
Easy unauthenticated remote code execution - PoC code already out
Related tags
β
Uncategorized
CVE-2022-22963
Java
Log4She;;
SPEL
Spring
Spring
Cloud
Spring
Expression
Resource
March 30
th
2022 at 20:38
Naked Security
Zlib data compressor fixes 17-year-old security bug β patch, errrm, now
March 29
th
2022 at 16:37Β
Zlib data compressor fixes 17-year-old security bug β patch, errrm, now
By
Paul Ducklin
This code is venerable! Surely all the bugs must be out by now?
Related tags
β
Vulnerability
CVE-2018-25032
DEFLATE
ormandy
vulnerability
Zlib
March 29
th
2022 at 16:37
Naked Security
Google Chrome patches mysterious new zero-day bug β update now
March 28
th
2022 at 14:18Β
Google Chrome patches mysterious new zero-day bug β update now
By
Paul Ducklin
CVE-2022-1096 - another mystery in-the-wild 0-day in Chrome... check your version now!
Related tags
β
Google
Google
Chrome
chrome
Chromium
CVE-2022-1096
Exploit
Zero
Day
March 28
th
2022 at 14:18
Naked Security
OpenSSL patches infinite-loop DoS bug in certificate verification
March 18
th
2022 at 17:59Β
OpenSSL patches infinite-loop DoS bug in certificate verification
By
Paul Ducklin
When it comes to writing loops in your code... never sit on the fence!
Related tags
β
Cryptography
Vulnerability
CVE-2022-0778
DOS
openssl
ormandy
vulnerability
March 18
th
2022 at 17:59
Naked Security
CISA warning: βRussian actors bypassed 2FAβ β what happened and how to avoid it
March 16
th
2022 at 01:22Β
CISA warning: βRussian actors bypassed 2FAβ β what happened and how to avoid it
By
Paul Ducklin
Don't leave old accounts lying around where someone sketchy could reactivate them.
Related tags
β
Vulnerability
2FA
bypass
CISA
hacking
intrusion
MTR
March 16
th
2022 at 01:22
Naked Security
S3 Ep73: Ransomware with a difference, dirty Linux pipes, and much more [Podcast + Transcript]
March 10
th
2022 at 19:37Β
S3 Ep73: Ransomware with a difference, dirty Linux pipes, and much more [Podcast + Transcript]
By
Paul Ducklin
Latest episode - listen now!
Related tags
β
Podcast
adafruit
CVE-2022-0847
Cybercrime
Dirty
Pipe
Firefox
hacking
Linux
Mozilla
Naked
Security
Podcast
NVIDIA
ransomware
March 10
th
2022 at 19:37
Naked Security
βDirty Pipeβ Linux kernel bug lets anyone write to any file
March 8
th
2022 at 19:37Β
βDirty Pipeβ Linux kernel bug lets anyone write to any file
By
Paul Ducklin
Even read-only files can be written to, leading to a dangerously general purpose elevation-of-privilege attack.
pipe-1200
Related tags
β
Android
Google
Linux
Vulnerability
CVE-2022-0847
EoP
file
overwrite
kernel
splice
vulnerability
March 8
th
2022 at 19:37
Naked Security
WordPress backup plugin maker Updraft says βYou should updateββ¦
February 22
nd
2022 at 17:26Β
WordPress backup plugin maker Updraft says βYou should updateββ¦
By
Paul Ducklin
A straight-talking bug report written in plain English by an actual expert - there's a teachable moment in this cybersecurity story!
Related tags
β
Vulnerability
CVE-2022-23303
data
leak
Updraft
vulnerability
Wordpress
February 22
nd
2022 at 17:26
Naked Security
Irony alert! PHP fixes security flaw in input validation code
February 18
th
2022 at 17:59Β
Irony alert! PHP fixes security flaw in input validation code
By
Paul Ducklin
What's wrong with this sequence? 1. Step into the road 2. Check if it's safe 3. Keep on walki...
Related tags
β
Vulnerability
CVE-2021-21708
PHP
use-after-free
February 18
th
2022 at 17:59
Naked Security
Google announces zero-day in Chrome browser β update now!
February 15
th
2022 at 19:17Β
Google announces zero-day in Chrome browser β update now!
By
Paul Ducklin
Zero-day buses: none for a while, then three at once. Here's Google joining Apple and Adobe in "zero-day week"
Related tags
β
Google
Google
Chrome
Microsoft
Edge
Vulnerability
chrome
Chromium
CVE-2022-0609
Zero
Day
February 15
th
2022 at 19:17
Naked Security
Adobe fixes zero-day exploit in e-commerce code: update now!
February 14
th
2022 at 22:38Β
Adobe fixes zero-day exploit in e-commerce code: update now!
By
Paul Ducklin
There's a remote code execution hole in Adobe e-commerce products - and cybercrooks are already exploiting it.
Related tags
β
Adobe
Vulnerability
CVE-2022-24086
Exploit
vulnerability
Zero
Day
February 14
th
2022 at 22:38
Naked Security
Apple zero-day drama for Macs, iPhones and iPads β patch now!
February 11
th
2022 at 14:25Β
Apple zero-day drama for Macs, iPhones and iPads β patch now!
By
Paul Ducklin
Sudden update! Zero-day browser hole! Drive-by malware danger! Patch Apple laptops and phones now...
apple-1200
Related tags
β
Apple
iOS
OS
X
Vulnerability
CVE-2022-22620
iPad
iPhone
macOS
vulnerability
February 11
th
2022 at 14:25
Naked Security
Microsoft blocks web installation of its own App Installer files
February 7
th
2022 at 16:36Β
Microsoft blocks web installation of its own App Installer files
By
Paul Ducklin
It's a big deal when a vendor decides to block one of its own "features" for security reasons. Here's why we think it's a good idea.
Related tags
β
Malware
Phishing
Vulnerability
App
Bundle
App
Installer
CVE-2021-43890
MSIX
Windows
February 7
th
2022 at 16:36
Naked Security
Linux kernel patches βperformance can be harmfulβ bug in video driver
February 1
st
2022 at 19:59Β
Linux kernel patches βperformance can be harmfulβ bug in video driver
By
Paul Ducklin
This bug is fiendishly hard to exploit - but if you patch, it won't be there to exploit at all.
Related tags
β
Data
loss
Vulnerability
CVE-2022-0330
drm/i915
Linux
February 1
st
2022 at 19:59
Naked Security
S3 Ep67: Tax scams, carder busts and crypto capers [Podcast + Transcript]
January 27
th
2022 at 19:57Β
S3 Ep67: Tax scams, carder busts and crypto capers [Podcast + Transcript]
By
Paul Ducklin
Latest episode - listen now!
Related tags
β
Podcast
2FA
cryptocurrency
Naked
Security
Podcast
scams
January 27
th
2022 at 19:57
Naked Security
βPwnKitβ security bug gets you root on most Linux distros β what to do
January 26
th
2022 at 19:58Β
βPwnKitβ security bug gets you root on most Linux distros β what to do
By
Paul Ducklin
An elevation of privilege bug that could let a "mostly harmless" user give themselves a instant root shell
Related tags
β
Linux
Vulnerability
CVE-2021-4034
EoP
pkexec
PwnKit
January 26
th
2022 at 19:58
Naked Security
Cryptocoin broker Crypto.com says 2FA bypass led to $35m theft
January 21
st
2022 at 16:25Β
Cryptocoin broker Crypto.com says 2FA bypass led to $35m theft
By
Paul Ducklin
The company has put out a brief security report that summarises the 'what', but not yet the 'how' or 'why'.
Related tags
β
Cryptocurrency
Vulnerability
2FA
Crypto.com
cryptocurrency
January 21
st
2022 at 16:25
Naked Security
Wormable Windows HTTP hole β what you need to know
January 12
th
2022 at 16:24Β
Wormable Windows HTTP hole β what you need to know
By
Paul Ducklin
One bug in the January 2022 Patch Tuesday list is getting lots of attention: "HTTP Protocol Stack Remote Code Execution Vulnerability".
Related tags
β
Microsoft
Vulnerability
CVE-2022-21907
http
HTTP.sys
IIS
Patch
Tuesday
worm
January 12
th
2022 at 16:24
Naked Security
Home routers with NetUSB support could have critical kernel hole
January 11
th
2022 at 17:42Β
Home routers with NetUSB support could have critical kernel hole
By
Paul Ducklin
Got a router that supports USB access across the network? You might need a kernel update...
Related tags
β
Vulnerability
buffer
overflow
CVE-2021-45608
NetUSB
usb
January 11
th
2022 at 17:42
Naked Security
Log4Shell-like security hole found in popular Java SQL database engine H2
January 7
th
2022 at 19:32Β
Log4Shell-like security hole found in popular Java SQL database engine H2
By
Paul Ducklin
"It's Log4Shell, Jim, but not as we know it." How to find and fix a JNDI-based vuln in the H2 Database Engine.
Related tags
β
Vulnerability
CVE-2021-42392
H2
Java
JNDI
Log4j
SQL
January 7
th
2022 at 19:32
Naked Security
Log4Shell vulnerability Number Four: βMuch ado about somethingβ
December 29
th
2021 at 19:12Β
Log4Shell vulnerability Number Four: βMuch ado about somethingβ
By
Paul Ducklin
It's a Log4j bug, and you ought to patch it. But we don't think it's a critical crisis like the last one.
Related tags
β
Vulnerability
Apache
CVE-2021-44228
CVE-2021-44832
Java
Log4j
Log4Shell
Patch
vulnerability
December 29
th
2021 at 19:12
Load more articles