
❌ About FreshRSS
There are new available articles, click to refresh the page.
Before yesterdayNaked Security

The OpenSSL security update story – how can you tell what needs fixing?

By Paul Ducklin
How to Hack! Finding OpenSSL library files and accurately identifying their version numbers...


OpenSSL patches are out – CRITICAL bug downgraded to HIGH, but patch anyway!

By Paul Ducklin
That bated-breath OpenSSL update is out! It's no longer rated CRITICAL, but we advise you to patch ASAP anyway. Here's why...

SHA-3 code execution bug patched in PHP – check your version!

By Paul Ducklin
As everyone waits for news of a bug in OpenSSL, here's a reminder that other cryptographic code in your life may also need patching!

Psychotherapy extortion suspect: arrest warrant issued

By Paul Ducklin
Wanted! Not only the extortionist who abused the data, but also the CEO who let it happen.

Chrome issues urgent zero-day fix – update now!

By Paul Ducklin
We've said it before/And we'll say it again/It's not *if* you should patch/It's a matter of *when*. (Hint: now!)

Online ticketing company β€œSee” pwned for 2.5 years by attackers

By Paul Ducklin
Don't be a cybersecurity slowcoach - you need to spot possible attacks as soon as you can.

Clearview AI image-scraping face recognition service hit with €20m fine in France

By Paul Ducklin
"We told you to stop but you ignored us," said the French regulator, "so now we're coming after you again."

Apple megaupdate: Ventura out, iOS and iPad kernel zero-day – act now!

By Paul Ducklin
Ventura hits the market with 112 patches, Catalina's gone missing, and iPhones and iPads get a critical kernel-level zero-day patch...

Serious Security: How randomly (or not) can you shuffle cards?

By Paul Ducklin
What if you could guess the next card correctly twice as often as you should?


Women in Cryptology – USPS celebrates WW2 codebreakers

By Paul Ducklin
What did you do in the war, Mom? Oh, y'know, a bit of this and that...

Zoom for Mac patches sneaky β€œspy-on-me” bug – update now!

By Paul Ducklin
Hey! That back door isn't supposed to be there at all, let alone propped open...

Fashion brand SHEIN fined $1.9m for lying about data breach

By Naked Security writer
Is "pay a small fine and keep on trading" a sufficient penalty for letting a breach happen, impeding an investigation, and hiding the truth?

Move over Patch Tuesday – it’s Ada Lovelace Day!

By Paul Ducklin
Hacking on actual computers is one thing, but hacking purposefully on imaginary computers is, these days, something we can only imagine.

Mystery iPhone update patches against iOS 16 mail crash-attack

By Paul Ducklin
The problem with crashy messaging apps is that *other people* get to choose if and when to send you messages...

Serious Security: OAuth 2 and why Microsoft is finally forcing you into it

By Paul Ducklin
Microsoft calls it "Modern Auth", though it's a decade old, and is finally forcing Exchange Online customers to switch to it.

Former Uber CSO convicted of covering up megabreach back in 2016

By Naked Security writer
Obstructed FTC proceedings, and concealed a crime, said the jury.

NetWalker ransomware affiliate sentenced to 20 years by Florida court

By Naked Security writer
Judge tells the accused that if he hadn't pleaded guilty, "I would have given you life."

BEC fraudster and romance scammer sent to prison for 25 years

By Paul Ducklin
Two years of scamming + $10 million leeched = 25 years in prison. Just in time for #Cybermonth.


Scammers and rogue callers – can anything ever stop them?

By Paul Ducklin
Some thoughts for Cybersecurity Awareness Month: Is is worth reporting nuisance calls? Is it even worth reporting outright scams?

S3 Ep102: How to avoid a data breach [Audio + Transcript]

By Paul Ducklin
Latest episode - listen now! Tell fact from fiction in hyped-up cybersecurity news...

Optus breach – Aussie telco told it will have to pay to replace IDs

By Paul Ducklin
Licence compromised? Passport number burned? Need a new one? Who's going to pay?

WhatsApp β€œzero-day exploit” news scare – what you need to know

By Paul Ducklin
Is WhatsApp currently under active attack by cybercriminals? Is this a clear and current danger? How worried should WhatsApp users be?

Uber and Rockstar – has a LAPSUS$ linchpin just been busted (again)?

By Paul Ducklin
Is this the same suspect as before? Is he part of LAPSUS$? Is this the man who hacked Uber and Rockstar? And, if so, who else?

Morgan Stanley fined millions for selling off devices full of customer PII

By Paul Ducklin
Critical data on old disks always seems inaccessible if you really need it. But when you DON''T want it back, guess what happens...

Interested in cybersecurity? Join us for Security SOS Week 2022!

By Paul Ducklin
Four one-on-one interviews with experts who are passionate about sharing their expertise with the community.

LastPass source code breach – incident response report released

By Paul Ducklin
Wondering how you'd handle a data breach report if the worst happened to you? Here's a useful example.

S3 Ep100.5: Uber breach – an expert speaks [Audio + Text]

By Paul Ducklin
Chester Wisniewski on what we can learn from Uber: "Just because a big company didn't have the security they should doesn't mean you can't."

UBER HAS BEEN HACKED, boasts hacker – how to stop it happening to you

By Paul Ducklin
Uber is all over the news for a widely-publicised data breach. We help you answer the question, "How do I stop this happening to me?"

S3 Ep100: Browser-in-the-Browser – how to spot an attack [Audio + Text]

By Paul Ducklin
Latest episode - listen now! Cosmic rockets, zero-days, spotting cybercrooks, and unlocking the DEADBOLT...


Serious Security: Browser-in-the-browser attacks – watch out for windows that aren’t!

By Paul Ducklin
Simple but super-sneaky - use a picture of a browser, and convince people it's real...


Apple patches zero-day holes – even in the brand new iOS 16

By Paul Ducklin
Five updates, one upgrade, plus two zero-days. Patch your Macs, iPhones and iPads as soon as you can (again)...


How to deal with dates and times without any timezone tantrums…

By Paul Ducklin
Heartfelt encouragement to embrace RFC 3339 - find out why!

DEADBOLT ransomware rears its head again, attacks QNAP devices

By Paul Ducklin
NAS devices make it easy for anyone to add high-capacity file servers to their network. Guess why cybercrooks love NAS devices too...

Chrome and Edge fix zero-day security hole – update now!

By Paul Ducklin
This time, the crooks got there first - only 1 security hole patched, but it's a zero-day.

Peter Eckersley, co-creator of Let’s Encrypt, dies at just 43

By Paul Ducklin
This site, like millions of others, has a certificate from Let's Encrypt. Farewell, Peter Eckersley, PhD, who helped make it all possible.

URGENT! Apple slips out zero-day update for older iPhones and iPads

By Paul Ducklin
Patch as soon as you can - that recent WebKit zero-day affecting new iPhones and iPads is apparently being used against older models, too.

JavaScript bugs aplenty in Node.js ecosystem – found automatically

By Paul Ducklin
How to get the better of bugs in all the possible packages in your supply chain?

LastPass source code breach – do we still recommend password managers?

By Paul Ducklin
What does the recent LastPass breach mean for password managers? Just a bump in the road, or a reason to ditch them entirely?

Firefox 104 is out – no critical bugs, but update anyway

By Paul Ducklin
Two trust-spoofing bugs were the main culprits this month - but neither one was a zero-day.

Breaching airgap security: using your phone’s gyroscope as a microphone

By Paul Ducklin
One bit per second makes the Voyager probe data rate seem blindingly fast. But it's enough to break your security assumptions...

Bitcoin ATMs leeched by attackers who created fake admin accounts

By Paul Ducklin
The criminals didn't implant any malware. The attack was orchestrated via malevolent configuration changes.

Laptop denial-of-service via music: the 1980s R&B song with a CVE!

By Paul Ducklin
We haven't validated this vuln ourselves... but the source of the story is impeccable. (Impeccably dressed, at least.)
