Login
FreshRSS
Login
About FreshRSS
Main stream
Favourites (0)
Security
/r/netsec - Information Security News & Discussion
Dark Reading:
http://blog.trendmicro.com/feed
ICS-CERT Alert Feed
Infosec Island Latest Articles
InfoSec Resources
Krebs on Security
McAfee Blogs
Naked Security
News β Packet Storm
Paul's Security Weekly
SANS Internet Storm Center, InfoCON: green
Security β Cisco Blog
SecurityFocus News
The first stop for security news | Threatpost
The Hacker News
The Register - Security
Threatpost | The first stop for security news
Troy Hunt
Verisign Blog
WeLiveSecurity
WIRED
ZDNet | security RSS
Tools
Security Tool Files β Packet Storm
ToolsWatch.org β The Hackers Arsenal Tools Portal
Vulnerabilities
Advisory Files β Packet Storm
Exploit-DB Updates
Full Disclosure
SecurityFocus Vulnerabilities
There are new available articles, click to refresh the page.
Before yesterday
Naked Security
Naked Security
S3 Ep141: What was Steve Jobsβs first job?
June 29
th
2023 at 16:58Β
S3 Ep141: What was Steve Jobsβs first job?
By
Paul Ducklin
Latest episode - listen now! (Full transcript inside.)
Related tags
β
Apple
Cryptocurrency
Data
loss
Law
&
order
Malware
Podcast
Privacy
Vulnerability
bust
Cybercrime
hacking
iPhone
malware
Naked
Security
Podcast
Twitter
Zero
Day
June 29
th
2023 at 16:58
Naked Security
S3 Ep140: So you think you know ransomware?
June 22
nd
2023 at 16:48Β
S3 Ep140: So you think you know ransomware?
By
Paul Ducklin
Lots to learn this week - listen now! (Full transcript inside.)
Related tags
β
Law
&
order
Podcast
Vulnerability
Asus
Kim
Dotcom
megaupload
MOVEit
Naked
Security
Podcast
vulnerability
June 22
nd
2023 at 16:48
Naked Security
Apple patch fixes zero-day kernel hole reported by Kaspersky β update now!
June 22
nd
2023 at 00:36Β
Apple patch fixes zero-day kernel hole reported by Kaspersky β update now!
By
Paul Ducklin
Apple didn't use the words "Triangulation Trojan", but you probably will.
Related tags
β
Apple
Apple
Safari
iOS
OS
X
Vulnerability
Patch
Zero
Day
June 22
nd
2023 at 00:36
Naked Security
ASUS warns router customers: Patch now, or block all inbound requests
June 20
th
2023 at 18:14Β
ASUS warns router customers: Patch now, or block all inbound requests
By
Paul Ducklin
"Do as we say, not as we do!" - The patches took ages to come out, but don't let that lure you into taking ages to install them.
Related tags
β
Vulnerability
Asus
Patch
rce
router
vulnerability
June 20
th
2023 at 18:14
Naked Security
MOVEit mayhem 3: βDisable HTTP and HTTPS traffic immediatelyβ
June 15
th
2023 at 22:10Β
MOVEit mayhem 3: βDisable HTTP and HTTPS traffic immediatelyβ
By
Paul Ducklin
Twice more unto the breach... third patch tested and released, shut down web access until you've applied it
mi-1200
Related tags
β
Vulnerability
MOVEit
Progress
SQL
Injection
vulnerability
June 15
th
2023 at 22:10
Naked Security
Patch Tuesday fixes 4 critical RCE bugs, and a bunch of Office holes
June 13
th
2023 at 23:32Β
Patch Tuesday fixes 4 critical RCE bugs, and a bunch of Office holes
By
Paul Ducklin
No zero-days this month, if you ignore the Edge RCE hole patched last week
Related tags
β
Microsoft
Vulnerability
Office
Patch
Tuesday
sharepoint
vulnerability
June 13
th
2023 at 23:32
Naked Security
More MOVEit mitigations: new patches published for further protection
June 9
th
2023 at 21:54Β
More MOVEit mitigations: new patches published for further protection
By
Paul Ducklin
Good news... more patches, this time available proactively
Related tags
β
Data
loss
Vulnerability
CVE-2023-34362
MOVEit
Progress
June 9
th
2023 at 21:54
Naked Security
S3 Ep138: I like to MOVEit, MOVEit
June 8
th
2023 at 16:56Β
S3 Ep138: I like to MOVEit, MOVEit
By
Paul Ducklin
Backdoors, exploits, and Little Bobby Tables. Listen now! (Full transcript available...)
s3-ep138-1200
Related tags
β
Google
Google
Chrome
Microsoft
Microsoft
Edge
Podcast
Vulnerability
"Edge"
chrome
Gigabyte
MOVEit
Naked
Security
Podcast
Zero
Day
June 8
th
2023 at 16:56
Naked Security
Firefox 114 is out: No 0-days, but one fascinating βteachable momentβ bug
June 7
th
2023 at 19:59Β
Firefox 114 is out: No 0-days, but one fascinating βteachable momentβ bug
By
Paul Ducklin
With the right (or wrong, if you're on the right side of the fence) timing...
Related tags
β
Firefox
Mozilla
Vulnerability
CVE-2023-34414
Patches
vulnerability
June 7
th
2023 at 19:59
Naked Security
Chrome and Edge zero-day: βThis exploit is in the wildβ, so check your versions now
June 6
th
2023 at 18:28Β
Chrome and Edge zero-day: βThis exploit is in the wildβ, so check your versions now
By
Paul Ducklin
Chrome and Edge 0-days patched.
Related tags
β
Google
Google
Chrome
Microsoft
Microsoft
Edge
Vulnerability
"Edge"
chrome
CVE-2023-3079
type
confusion
vulnerability
Zero
Day
June 6
th
2023 at 18:28
Naked Security
MOVEit zero-day exploit used by data breach gangs: The how, the why, and what to doβ¦
June 5
th
2023 at 19:59Β
MOVEit zero-day exploit used by data breach gangs: The how, the why, and what to doβ¦
By
Paul Ducklin
Little Bobby Tables is back!
mi-1200
Related tags
β
Data
loss
Ransomware
Vulnerability
CVE-2023-34362
MOVEit
Progress
June 5
th
2023 at 19:59
Naked Security
Researchers claim Windows βbackdoorβ affects hundreds of Gigabyte motherboards
June 2
nd
2023 at 18:56Β
Researchers claim Windows βbackdoorβ affects hundreds of Gigabyte motherboards
By
Paul Ducklin
It's a backdoor, Jim, but not as we know it... here's a sober look at this issue.
Related tags
β
Vulnerability
firmware
Gigabyte
vulnerability
WPBT
June 2
nd
2023 at 18:56
Naked Security
S3 Ep137: 16th century crypto skullduggery
June 1
st
2023 at 16:45Β
S3 Ep137: 16th century crypto skullduggery
By
Paul Ducklin
Lots to learn, clearly explained in plain English... listen now! (Full transcript inside.)
s3-ep137-feat-1200
Related tags
β
Data
loss
Law
&
order
Podcast
Ransomware
Vulnerability
bust
crypto
Cryptography
CVE-2023-32784
Cybercrime
KeePass
oauth
June 1
st
2023 at 16:45
Naked Security
Serious Security: Verification is vital β examining an OAUTH login bug
May 30
th
2023 at 16:59Β
Serious Security: Verification is vital β examining an OAUTH login bug
By
Paul Ducklin
What good is a popup asking for your approval if an attacker can bypass it simply by suppressing it?
Related tags
β
Data
loss
Vulnerability
CVE-2023-28131
expo
oauth
vulnerability
May 30
th
2023 at 16:59
Naked Security
Appleβs secret is out: 3 zero-days fixed, so be sure to patch now!
May 19
th
2023 at 01:02Β
Appleβs secret is out: 3 zero-days fixed, so be sure to patch now!
By
Paul Ducklin
All Apple users have zero-days that need patching, though some have more zero-days than others.
Related tags
β
Apple
Vulnerability
Exploit
iPhone
mac
vulnerability
May 19
th
2023 at 01:02
Naked Security
PHP Packagist supply chain poisoned by hacker βlooking for a jobβ
May 5
th
2023 at 16:59Β
PHP Packagist supply chain poisoned by hacker βlooking for a jobβ
By
Paul Ducklin
I pwned you! Gizza job! You know it makes sense!
Related tags
β
Vulnerability
Packagist
PHP
supply
chain
May 5
th
2023 at 16:59
Naked Security
S3 Ep132: Proof-of-concept lets anyone hack at will
April 27
th
2023 at 16:55Β
S3 Ep132: Proof-of-concept lets anyone hack at will
By
Paul Ducklin
When Doug says, "Happy Remote Code Execution Day, Duck"... it's irony. For the avoidance of all doubt :-)
Related tags
β
Google
Google
Chrome
Microsoft
Microsoft
Edge
Podcast
Privacy
Vulnerability
"Edge"
chrome
Cybercrime
PaperCut
April 27
th
2023 at 16:55
Naked Security
PaperCut security vulnerabilities under active attack β vendor urges customers to patch
April 25
th
2023 at 17:53Β
PaperCut security vulnerabilities under active attack β vendor urges customers to patch
By
Paul Ducklin
If you have the product, but you haven't patched - well, the crooks have now landed, so please don't delay. Do it today...
Related tags
β
Vulnerability
CVE-2023-27350
CVE-2023-27351
Exploit
PaperCut
rce
vulnerability
April 25
th
2023 at 17:53
Naked Security
Double zero-day in Chrome and Edge β check your versions now!
April 24
th
2023 at 19:59Β
Double zero-day in Chrome and Edge β check your versions now!
By
Paul Ducklin
Wouldn't it be handy if there were a single version number to check for in every Chromium-based browser, on every supported platform?
Related tags
β
Google
Google
Chrome
Microsoft
Microsoft
Edge
Vulnerability
"Edge"
chrome
Chromium
Patch
Zero
Day
April 24
th
2023 at 19:59
Naked Security
VMware patches break-and-enter hole in logging tools: update now!
April 21
st
2023 at 17:58Β
VMware patches break-and-enter hole in logging tools: update now!
By
Paul Ducklin
You know jolly well/What we're going to say/And that's "Do not delay/Simply do it today."
Related tags
β
Vulnerability
Aria
CVE-2023-20864
VMware
April 21
st
2023 at 17:58
Naked Security
S3 Ep130: Open the garage bay doors, HAL [Audio + Text]
April 13
th
2023 at 16:54Β
S3 Ep130: Open the garage bay doors, HAL [Audio + Text]
By
Paul Ducklin
I'm sorry, Dave. I'm afraid I can't... errr, no, hang on a minute, I can do that easily! Worldwide! Right now!
Related tags
β
Apple
IoT
Microsoft
Podcast
Vulnerability
Cybercrime
exoploit
hacking
iot
Naked
Security
Podcast
Zero
Day
April 13
th
2023 at 16:54
Naked Security
Patch Tuesday: Microsoft fixes a zero-day, and two curious bugs that take the Secure out of Secure Boot
April 12
th
2023 at 18:57Β
Patch Tuesday: Microsoft fixes a zero-day, and two curious bugs that take the Secure out of Secure Boot
By
Paul Ducklin
Is Secure Boot without the Secure just "Boot"?
Related tags
β
Microsoft
Vulnerability
bootkit
Exploit
Patch
Tuesday
Secure
Boot
Zero
Day
April 12
th
2023 at 18:57
Naked Security
Apple zero-day spyware patches extended to cover older Macs, iPhones and iPads
April 10
th
2023 at 20:20Β
Apple zero-day spyware patches extended to cover older Macs, iPhones and iPads
By
Paul Ducklin
That double-whammy Apple browser-to-kernel spyware bug combo we wrote up last week? Turns out it applies to all supported Macs and iDevices - patch now!
Related tags
β
Apple
iOS
OS
X
Vulnerability
Exploit
kernel
bug
rce
spyware
April 10
th
2023 at 20:20
Naked Security
Popular server-side JavaScript security sandbox βvm2β patches remote execution hole
April 9
th
2023 at 00:28Β
Popular server-side JavaScript security sandbox βvm2β patches remote execution hole
By
Paul Ducklin
The security error was in the error handling system that was supposed to catch potential security errors...
vm2-1200
Related tags
β
Vulnerability
Exploit
RC
E
Sandbox
vm2
April 9
th
2023 at 00:28
Naked Security
Apple issues emergency patches for spyware-style 0-day exploits β update now!
April 8
th
2023 at 01:20Β
Apple issues emergency patches for spyware-style 0-day exploits β update now!
By
Paul Ducklin
A bug to hack your browser, then a bug to pwn the kernel... reported from the wild by Amnesty International.
Related tags
β
Apple
Apple
Safari
Vulnerability
day
Amnesty
International
Exploit
ios
iPhone
mac
Zero
Day
April 8
th
2023 at 01:20
Naked Security
Hack and enter! The βsecureβ garage doors that anyone can open from anywhere β what you need to know
April 5
th
2023 at 18:49Β
Hack and enter! The βsecureβ garage doors that anyone can open from anywhere β what you need to know
By
Paul Ducklin
Grab a message/Play it back/You've just performed/A big phat hack...
Related tags
β
Privacy
Vulnerability
Cybercrime
hacking
iot
Nexx
responsible
disclosure
vulnerbility
April 5
th
2023 at 18:49
Naked Security
S3 Ep128: So you want to be a cyberΒcriminal? [Audio + Text]
March 30
th
2023 at 19:43Β
S3 Ep128: So you want to be a cyberΒcriminal? [Audio + Text]
By
Paul Ducklin
Latest episode - listen now!
Related tags
β
Apple
Google
Law
&
order
Microsoft
Podcast
Privacy
DDoS
Naked
Security
Podcast
vulnerability
March 30
th
2023 at 19:43
Naked Security
Apple patches everything, including a zero-day fix for iOS 15 users
March 28
th
2023 at 00:23Β
Apple patches everything, including a zero-day fix for iOS 15 users
By
Paul Ducklin
Got an older iPhone that can't run iOS 16? You've got a zero-day to deal with! That super-cool Studio Display monitor needs patching, too.
Related tags
β
Apple
Vulnerability
day
Exploit
ios
iPad
iPadOS
iPhone
macOS
vulnerability
Zero
Day
March 28
th
2023 at 00:23
Naked Security
WooCommerce Payments plugin for WordPress has an admin-level hole β patch now!
March 24
th
2023 at 19:48Β
WooCommerce Payments plugin for WordPress has an admin-level hole β patch now!
By
Paul Ducklin
Admin-level holes in websites are always a bad thing... and for "bad", read "worse" if it's an e-commerce site.
woo-1200
Related tags
β
Data
loss
Privacy
Vulnerability
vulnerability
WooCommerce
Wordpress
March 24
th
2023 at 19:48
Naked Security
S3 Ep127: When you chop someone out of a photo, but there they are anywayβ¦
March 23
rd
2023 at 17:59Β
S3 Ep127: When you chop someone out of a photo, but there they are anywayβ¦
By
Paul Ducklin
Listen now - latest episode. Full transcript inside.
Related tags
β
Cryptocurrency
Data
loss
Google
Microsoft
Podcast
Vulnerability
aCropalypse
BTC
cryptocurrency
Cybercrime
March 23
rd
2023 at 17:59
Naked Security
Dangerous Android phone 0-day bugs revealed β patch or work around them now!
March 17
th
2023 at 19:56Β
Dangerous Android phone 0-day bugs revealed β patch or work around them now!
By
Paul Ducklin
Despite its usually inflexible 0-day disclosure policy, Google is keeping four mobile modem bugs semi-secret due to likely ease of exploitation.
Related tags
β
Android
Google
Samsung
Vulnerability
Patches
rce
vulnerability
March 17
th
2023 at 19:56
Naked Security
S3 Ep 126: The price of fast fashion (and feature creep) [Audio + Text]
March 16
th
2023 at 17:56Β
S3 Ep 126: The price of fast fashion (and feature creep) [Audio + Text]
By
Paul Ducklin
Worried about rogue apps? Unsure about the new Outlook zero-day? Clear advice in plain English... just like old times, with Duck and Chet!
Related tags
β
Data
loss
Google
Microsoft
Mozilla
Podcast
Privacy
Vulnerability
Cybercrime
Firefox
Naked
Security
Podcast
Outlook
Patch
Tuesday
SHEIN
vulnerability
March 16
th
2023 at 17:56
Naked Security
Microsoft fixes two 0-days on Patch Tuesday β update now!
March 15
th
2023 at 00:06Β
Microsoft fixes two 0-days on Patch Tuesday β update now!
By
Paul Ducklin
An email you haven't even looked at yet could be used to trick Outlook into helping crooks to logon as you.
Related tags
β
Microsoft
Vulnerability
Windows
day
Exploit
MOTW
NTLM
v2
Outlook
Patch
Tuesday
SmartScreen
vulnerability
Zero
Day
March 15
th
2023 at 00:06
Naked Security
Firefox 111 patches 11 holes, but not 1 zero-day among themβ¦
March 14
th
2023 at 19:16Β
Firefox 111 patches 11 holes, but not 1 zero-day among themβ¦
By
Paul Ducklin
In the game of cricket, 111 is an inauspicious number, but for Firefox, there doesn't seem to be much to worry about this month.
Related tags
β
Mozilla
Vulnerability
Firefox
update
vulnerability
March 14
th
2023 at 19:16
Naked Security
S3 Ep125: When security hardware has security holes [Audio + Text]
March 9
th
2023 at 18:58Β
S3 Ep125: When security hardware has security holes [Audio + Text]
By
Paul Ducklin
Lastest episode - listen now! (Full transcript inside.)
Related tags
β
Cryptography
Law
&
order
Podcast
Ransomware
Vulnerability
bust
CISA
Naked
Security
Podcast
ransomware
tpm
March 9
th
2023 at 18:58
Naked Security
Serious Security: TPM 2.0 vulns β is your super-secure data at risk?
March 7
th
2023 at 19:59Β
Serious Security: TPM 2.0 vulns β is your super-secure data at risk?
By
Paul Ducklin
Security bugs in the very code you've been told you must have to improve the security of your computer...
Related tags
β
Cryptography
Vulnerability
TCG
tpm
TPM
2.0
Windows
11
March 7
th
2023 at 19:59
Naked Security
S3 Ep122: Stop calling every breach βsophisticatedβ! [Audio + Text]
February 16
th
2023 at 17:46Β
S3 Ep122: Stop calling every breach βsophisticatedβ! [Audio + Text]
By
Paul Ducklin
Latest episode - listen now! (Full transcript inside.)
Related tags
β
Podcast
Apple
Cybercrime
Exploit
hacking
Microsoft
Naked
Security
Podcast
Patch
Tuesday
reddit
vulnerability
Zero
Day
February 16
th
2023 at 17:46
Naked Security
Apple fixes zero-day spyware implant bug β patch now!
February 14
th
2023 at 19:08Β
Apple fixes zero-day spyware implant bug β patch now!
By
Paul Ducklin
Everyone update now! Except for those who don't need to! Or who need to but will only get updates later on, though Apple isn't saying yet!
Related tags
β
Apple
Apple
Safari
Vulnerability
VE-2023-23529
Zero
Day
February 14
th
2023 at 19:08
Naked Security
S3 Ep121: Can you get hacked and then prosecuted for it? [Audio + Text]
February 9
th
2023 at 19:41Β
S3 Ep121: Can you get hacked and then prosecuted for it? [Audio + Text]
By
Paul Ducklin
Latest epsiode. Listen now!
Related tags
β
Law
&
order
Podcast
Ransomware
Vulnerability
bust
Cybercrime
KeePass
Naked
Security
Podcast
openssh
openssl
pathes
VMware
February 9
th
2023 at 19:41
Naked Security
OpenSSL fixes High Severity data-stealing bug β patch now!
February 8
th
2023 at 02:58Β
OpenSSL fixes High Severity data-stealing bug β patch now!
By
Paul Ducklin
7 memory mismanagements and a timing attack. We explain all the jargon bug terminology in plain English...
Related tags
β
Cryptography
Vulnerability
memory
mismanagement
openssl
timing
attack
February 8
th
2023 at 02:58
Naked Security
VMWare user? Worried about βESXi ransomwareβ? Check your patches now!
February 7
th
2023 at 19:59Β
VMWare user? Worried about βESXi ransomwareβ? Check your patches now!
By
Paul Ducklin
To borrow from HHGttG, please DON'T PANIC. But if you are two years out of date with patches, please do ACT NOW!
Related tags
β
Ransomware
Vulnerability
ESXi
Patching
ransomware
VMware
February 7
th
2023 at 19:59
Naked Security
OpenSSH fixes double-free memory bug thatβs pokable over the network
February 3
rd
2023 at 17:59Β
OpenSSH fixes double-free memory bug thatβs pokable over the network
By
Paul Ducklin
It's a bug fix for a bug fix. A memory leak was turned into a double-free that has now been turned into correct code...
Related tags
β
Vulnerability
double-free
openssh
February 3
rd
2023 at 17:59
Naked Security
S3 Ep120: When dud crypto simply wonβt let go [Audio + Text]
February 2
nd
2023 at 17:50Β
S3 Ep120: When dud crypto simply wonβt let go [Audio + Text]
By
Paul Ducklin
Latest episode - listen now!
Related tags
β
Cryptography
Law
&
order
Podcast
Ransomware
collision
Hive
MD5
Naked
Security
Podcast
ransomware
Samba
vulnerability
February 2
nd
2023 at 17:50
Naked Security
Password-stealing βvulnerabilityβ reported in KeePass β bug or feature?
February 1
st
2023 at 19:58Β
Password-stealing βvulnerabilityβ reported in KeePass β bug or feature?
By
Paul Ducklin
Is it a vulnerability if someone with control over your account can mess with files that your account is allowed to access anyway?
Related tags
β
Cryptography
Data
loss
Vulnerability
CVE-2023-24055
data
leakage
KeePass
trigger
February 1
st
2023 at 19:58
Naked Security
GitHub code-signing certificates stolen (but will be revoked this week)
January 31
st
2023 at 11:35Β
GitHub code-signing certificates stolen (but will be revoked this week)
By
Paul Ducklin
There was a breach, so the bad news isn't great, but the good news isn't too bad...
Related tags
β
Data
loss
Microsoft
Vulnerability
certificate
breach
Code
signing
compromise
github
January 31
st
2023 at 11:35
Naked Security
Serious Security: The Samba logon bug caused by outdated crypto
January 30
th
2023 at 19:59Β
Serious Security: The Samba logon bug caused by outdated crypto
By
Paul Ducklin
Enjoy our Serious Security deep dive into this real-world example of why cryptographic agility is important!
Related tags
β
Cryptography
Vulnerability
CIFS
collision
CVE-2022-38023
mac
MD5
message
digest
Samba
SMB
January 30
th
2023 at 19:59
Naked Security
S3 Ep119: Breaches, patches, leaks and tweaks! [Audio + Text]
January 26
th
2023 at 19:57Β
S3 Ep119: Breaches, patches, leaks and tweaks! [Audio + Text]
By
Paul Ducklin
Lastest episode - listen now! (Or read the transcript.)
Related tags
β
Apple
Data
loss
Google
Podcast
Vulnerability
DNS
GoTo
LastPass
vulnerability
Zero
Day
January 26
th
2023 at 19:57
Naked Security
Apple patches are out β old iPhones get an old zero-day fix at last!
January 24
th
2023 at 01:24Β
Apple patches are out β old iPhones get an old zero-day fix at last!
By
Paul Ducklin
Don't delay, especially if you're still running an iOS 12 device... please do it today!
Related tags
β
Apple
Vulnerability
CVE-2022-42856
Exploit
ios
ios
12
iPadOS
macOS
Ventura
Zero
Day
January 24
th
2023 at 01:24
Naked Security
Serious Security: How dEliBeRaTe tYpOs might imProVe DNS security
January 23
rd
2023 at 19:59Β
Serious Security: How dEliBeRaTe tYpOs might imProVe DNS security
By
Paul Ducklin
It's a really cool and super-simple trick. The question is, "Will it help?"
Related tags
β
Vulnerability
DNS
hijack
Spoofing
January 23
rd
2023 at 19:59
Naked Security
S3 Ep117: The crypto crisis that wasnβt (and farewell forever to Win 7) [Audio + Text]
January 12
th
2023 at 17:59Β
S3 Ep117: The crypto crisis that wasnβt (and farewell forever to Win 7) [Audio + Text]
By
Paul Ducklin
Tell us in the comments... What's the REAL reason there was no Windows 9? (No theory too far-fetched!)
Related tags
β
Cryptography
Law
&
order
Podcast
Vulnerability
bust
Naked
Security
Podcast
RSA
Scam
Windows
7
Windows
8.1
January 12
th
2023 at 17:59
Naked Security
Microsoft Patch Tuesday: One 0-day; Win 7 and 8.1 get last-ever patches
January 11
th
2023 at 00:22Β
Microsoft Patch Tuesday: One 0-day; Win 7 and 8.1 get last-ever patches
By
Paul Ducklin
Get 'em while they're hot. And get 'em for the very last time, if you still have Windows 7 or 8.1...
Related tags
β
Microsoft
Vulnerability
Exploit
malware.
spam.
vulnerability
Patch
Tuesday
January 11
th
2023 at 00:22
Naked Security
Popular JWT cloud security library patches βremoteβ code execution hole
January 10
th
2023 at 19:59Β
Popular JWT cloud security library patches βremoteβ code execution hole
By
Paul Ducklin
It's remotely triggerable, but attackers would already have pretty deep network access if they could "prime" your server for compromise.
Related tags
β
Cryptography
Vulnerability
JSON
jsonwebtoken
JWT
rce
vulnerability
January 10
th
2023 at 19:59
Naked Security
CircleCI β code-building service suffers total credential compromise
January 9
th
2023 at 14:52Β
CircleCI β code-building service suffers total credential compromise
By
Paul Ducklin
They're saying "rotate secrets"... in plain English, they mean "change your credentials". The company has a tool to help you find them all.
Related tags
β
Data
loss
Vulnerability
breach
CircleCI
January 9
th
2023 at 14:52
Naked Security
Serious Security: How to improve cryptography, resist supply chain attacks, and handle data breaches
January 4
th
2023 at 19:50Β
Serious Security: How to improve cryptography, resist supply chain attacks, and handle data breaches
By
Paul Ducklin
Lessons for us all: improve cryptography, fight cybercrime, own your supply chain... and don't steal my data and then pretend you're sorry.
Related tags
β
Data
loss
Malware
Podcast
Security
leadership
Vulnerability
Cryptography
Cybercrime
Linux
machine
learning
vulnerability
January 4
th
2023 at 19:50
Naked Security
Naked Security 33Β 1/3 β Cybersecurity predictions for 2023 and beyond
December 30
th
2022 at 19:59Β
Naked Security 33Β 1/3 β Cybersecurity predictions for 2023 and beyond
By
Paul Ducklin
The problem with anniversaries is that there's an almost infinite number of them every day...
hny-1200
Related tags
β
Security
leadership
Security
threats
cybersecurity
MDR
morris
worm
NYD
nye
vulnerability
December 30
th
2022 at 19:59
Naked Security
Microsoft dishes the dirt on Appleβs βAchilles heelβ shortly after fixing similar Windows bug
December 20
th
2022 at 17:59Β
Microsoft dishes the dirt on Appleβs βAchilles heelβ shortly after fixing similar Windows bug
By
Paul Ducklin
It happens to the best of us: Microsoft highlights a security bypass bug on Macs that is curiously similar to a recent Windows 0-day.
Related tags
β
Apple
Microsoft
Vulnerability
Achilles
CVE-2022-42821
Gatekeeper
macOS
MOTW
vulnerability
December 20
th
2022 at 17:59
Naked Security
S3 Ep113: Pwning the Windows kernel β the crooks who hoodwinked Microsoft [Audio + Text]
December 15
th
2022 at 17:10Β
S3 Ep113: Pwning the Windows kernel β the crooks who hoodwinked Microsoft [Audio + Text]
By
Paul Ducklin
Return o' the rookit, super-sneaky wireless spyware, credit card skimming, and patches galore. Listen and learn!
Related tags
β
Apple
Data
loss
Malware
Microsoft
Podcast
Privacy
Vulnerability
day
Ben-Gurion
University
ios
Naked
Security
Podcast
skimming
supply
chain
vulnerability
Zero
Day
December 15
th
2022 at 17:10
Naked Security
Apple patches everything, finally reveals mystery of iOS 16.1.2
December 14
th
2022 at 02:11Β
Apple patches everything, finally reveals mystery of iOS 16.1.2
By
Paul Ducklin
There's an update for everything this time, not just for iOS.
Related tags
β
Apple
Vulnerability
CVE-2022-42856
December 14
th
2022 at 02:11
Naked Security
Patch Tuesday: 0-days, RCE bugs, and a curious tale of signed malware
December 14
th
2022 at 01:13Β
Patch Tuesday: 0-days, RCE bugs, and a curious tale of signed malware
By
Paul Ducklin
Tales of derring-do in the cyberunderground! (And some zero-days.)
Related tags
β
Microsoft
Vulnerability
driver
signing
Exploit
Patch
Tuesday
vulnerability
December 14
th
2022 at 01:13
Naked Security
Pwn2Own Toronto: 54 hacks, 63 new bugs, $1 million in bounties
December 12
th
2022 at 19:58Β
Pwn2Own Toronto: 54 hacks, 63 new bugs, $1 million in bounties
By
Paul Ducklin
That's a mean average of $15,710 per bug... and 63 fewer bugs out there for crooks and rogues to find.
Related tags
β
Security
events
Vulnerability
Exploit
hacking
Pwn2Own
vulnerability
December 12
th
2022 at 19:58
Load more articles