Login
FreshRSS
Login
About FreshRSS
Main stream
Favourites (0)
Security
/r/netsec - Information Security News & Discussion
Dark Reading:
http://blog.trendmicro.com/feed
ICS-CERT Alert Feed
Infosec Island Latest Articles
InfoSec Resources
Krebs on Security
McAfee Blogs
Naked Security
News β Packet Storm
Paul's Security Weekly
SANS Internet Storm Center, InfoCON: green
Security β Cisco Blog
SecurityFocus News
The first stop for security news | Threatpost
The Hacker News
The Register - Security
Threatpost | The first stop for security news
Troy Hunt
Verisign Blog
WeLiveSecurity
WIRED
ZDNet | security RSS
Tools
Security Tool Files β Packet Storm
ToolsWatch.org β The Hackers Arsenal Tools Portal
Vulnerabilities
Advisory Files β Packet Storm
Exploit-DB Updates
Full Disclosure
SecurityFocus Vulnerabilities
There are new available articles, click to refresh the page.
Before yesterday
Naked Security
Naked Security
Ghostscript bug could allow rogue documents to run system commands
July 4
th
2023 at 17:57Β
Ghostscript bug could allow rogue documents to run system commands
By
Paul Ducklin
Even if you've never heard of the venerable Ghostscript project, you may have it installed without knowing.
Related tags
β
Vulnerability
command
injection
CVE-2023-36664
Ghostscript
pipe
rce
vulnerability
July 4
th
2023 at 17:57
Naked Security
WordPress plugin lets users become adminsΒ β Patch early, patch often!
July 3
rd
2023 at 16:48Β
WordPress plugin lets users become adminsΒ β Patch early, patch often!
By
Paul Ducklin
Ultimate Member plugin lets rogue users choose their own site capabilities, including becoming admins.
Related tags
β
Vulnerability
CVE-2023-3460
Patch
Ultimate
Members
vulnerability
July 3
rd
2023 at 16:48
Naked Security
More MOVEit mitigations: new patches published for further protection
June 9
th
2023 at 21:54Β
More MOVEit mitigations: new patches published for further protection
By
Paul Ducklin
Good news... more patches, this time available proactively
Related tags
β
Data
loss
Vulnerability
CVE-2023-34362
MOVEit
Progress
June 9
th
2023 at 21:54
Naked Security
MOVEit zero-day exploit used by data breach gangs: The how, the why, and what to doβ¦
June 5
th
2023 at 19:59Β
MOVEit zero-day exploit used by data breach gangs: The how, the why, and what to doβ¦
By
Paul Ducklin
Little Bobby Tables is back!
mi-1200
Related tags
β
Data
loss
Ransomware
Vulnerability
CVE-2023-34362
MOVEit
Progress
June 5
th
2023 at 19:59
Naked Security
VMware patches break-and-enter hole in logging tools: update now!
April 21
st
2023 at 17:58Β
VMware patches break-and-enter hole in logging tools: update now!
By
Paul Ducklin
You know jolly well/What we're going to say/And that's "Do not delay/Simply do it today."
Related tags
β
Vulnerability
Aria
CVE-2023-20864
VMware
April 21
st
2023 at 17:58
Naked Security
Windows 11 also vulnerable to βaCropalypseβ image data leakage
March 22
nd
2023 at 17:59Β
Windows 11 also vulnerable to βaCropalypseβ image data leakage
By
Paul Ducklin
Turns out that the Windows 11 Snipping Tool has the same "aCropalypse" data leakage bug as Pixel phones. Here's how to work around the problem...
Related tags
β
Data
loss
Microsoft
aCropalypse
CVE-2023-20136
data
leakage
Snipping
Tool
Windows
March 22
nd
2023 at 17:59
Naked Security
Google Pixel phones had a serious data leakage bug β hereβs what to do!
March 21
st
2023 at 17:58Β
Google Pixel phones had a serious data leakage bug β hereβs what to do!
By
Paul Ducklin
What if the "safe" images you shared after carefully cropping them... had some or all of the "unsafe" pixels left behind anyway?
Related tags
β
Android
Data
loss
Google
aCropalypse
CVE-2023-20136
image
leak
Pixel
March 21
st
2023 at 17:58
Naked Security
Apple patches are out β old iPhones get an old zero-day fix at last!
January 24
th
2023 at 01:24Β
Apple patches are out β old iPhones get an old zero-day fix at last!
By
Paul Ducklin
Don't delay, especially if you're still running an iOS 12 device... please do it today!
Related tags
β
Apple
Vulnerability
CVE-2022-42856
Exploit
ios
ios
12
iPadOS
macOS
Ventura
Zero
Day
January 24
th
2023 at 01:24
Naked Security
Apple patches everything, finally reveals mystery of iOS 16.1.2
December 14
th
2022 at 02:11Β
Apple patches everything, finally reveals mystery of iOS 16.1.2
By
Paul Ducklin
There's an update for everything this time, not just for iOS.
Related tags
β
Apple
Vulnerability
CVE-2022-42856
December 14
th
2022 at 02:11
Naked Security
Number Nine! Chrome fixes another 2022 zero-day, Edge patched too
December 5
th
2022 at 20:58Β
Number Nine! Chrome fixes another 2022 zero-day, Edge patched too
By
Paul Ducklin
Ninth more unto the breach, dear friends, ninth more.
Related tags
β
Google
Google
Chrome
Microsoft
Vulnerability
"Edge"
chrome
Chromium
CVE-2022-4262
Zero
Day
December 5
th
2022 at 20:58
Naked Security
Log4Shell-like code execution hole in popular Backstage dev tool
November 15
th
2022 at 17:49Β
Log4Shell-like code execution hole in popular Backstage dev tool
By
Paul Ducklin
Good old "string templating", also known as "string interpolation", in the spotlight again...
bs-1200
Related tags
β
Vulnerability
Backstage
CVE-2022-36067
November 15
th
2022 at 17:49
Naked Security
Dangerous SIM-swap lockscreen bypass β update Android now!
November 11
th
2022 at 19:59Β
Dangerous SIM-swap lockscreen bypass β update Android now!
By
Paul Ducklin
A bit like leaving the front door keys under the doormat...
Related tags
β
Android
Google
CVE-2022-20465
hacking
lockscreen
pypass
SIM
November 11
th
2022 at 19:59
Naked Security
The OpenSSL security update story β how can you tell what needs fixing?
November 3
rd
2022 at 00:44Β
The OpenSSL security update story β how can you tell what needs fixing?
By
Paul Ducklin
How to Hack! Finding OpenSSL library files and accurately identifying their version numbers...
ossl-code-1200
Related tags
β
Cryptography
Vulnerability
CVE-2022-3602
CVE-2022-378
openssl
November 3
rd
2022 at 00:44
Naked Security
OpenSSL patches are outΒ β CRITICAL bug downgraded to HIGH, but patch anyway!
November 1
st
2022 at 17:24Β
OpenSSL patches are outΒ β CRITICAL bug downgraded to HIGH, but patch anyway!
By
Paul Ducklin
That bated-breath OpenSSL update is out! It's no longer rated CRITICAL, but we advise you to patch ASAP anyway. Here's why...
Related tags
β
Cryptography
Vulnerability
CVE-2022-3602
CVE-2022-3786
openssl
vulneravility
November 1
st
2022 at 17:24
Naked Security
Zoom for Mac patches sneaky βspy-on-meβ bug β update now!
October 18
th
2022 at 18:01Β
Zoom for Mac patches sneaky βspy-on-meβ bug β update now!
By
Paul Ducklin
Hey! That back door isn't supposed to be there at all, let alone propped open...
Related tags
β
Uncategorized
CVE-2022-28762
snooping
spyware
vulnerabiloity
zoom
October 18
th
2022 at 18:01
Naked Security
Mystery iPhone update patches against iOS 16 mail crash-attack
October 11
th
2022 at 00:28Β
Mystery iPhone update patches against iOS 16 mail crash-attack
By
Paul Ducklin
The problem with crashy messaging apps is that *other people* get to choose if and when to send you messages...
Related tags
β
Apple
iOS
Vulnerability
crash-of-death
CVE-2022-22658
ios
October 11
th
2022 at 00:28
Naked Security
S3 Ep102: How to avoid a data breach [Audio + Transcript]
September 29
th
2022 at 18:45Β
S3 Ep102: How to avoid a data breach [Audio + Transcript]
By
Paul Ducklin
Latest episode - listen now! Tell fact from fiction in hyped-up cybersecurity news...
Related tags
β
Podcast
data
breach
GTA6
Naked
Security
Podcast
Uber
WhatsApp
forwarding
September 29
th
2022 at 18:45
Naked Security
Zoom for Mac patches critical bug β update now!
August 15
th
2022 at 18:26Β
Zoom for Mac patches critical bug β update now!
By
Paul Ducklin
There's many a slip 'twixt the cup and the lip. Or at least between the TOC and the TOU...
Related tags
β
OS
X
Vulnerability
CVE-2022-28756
macOS
Wardle
zoom
August 15
th
2022 at 18:26
Naked Security
Atlassian announces 0-day hole in Confluence Server β update now!
June 3
rd
2022 at 18:59Β
Atlassian announces 0-day hole in Confluence Server β update now!
By
Paul Ducklin
Zero-day announced - here's what you need to know
Related tags
β
Vulnerability
atlassian
CVE-2022-26134
Zero
Day
June 3
rd
2022 at 18:59
Naked Security
RubyGems supply chain rip-and-replace bug fixed β check your logs!
May 9
th
2022 at 15:41Β
RubyGems supply chain rip-and-replace bug fixed β check your logs!
By
Paul Ducklin
Imagine if you could assume the identity of, say, Franklin Delano Roosevelt simply by showing up and calling yourself "Frank".
ruby-1200
Related tags
β
Vulnerability
CVE-2022-29176
ruby
RubyGems
suppy
chain
vulnerability
May 9
th
2022 at 15:41
Naked Security
Yet another Chrome zero-day emergency update β patch now!
April 16
th
2022 at 00:33Β
Yet another Chrome zero-day emergency update β patch now!
By
Paul Ducklin
The third emergency Chrome 0-day in three months - the first one was exploited by North Korea, so you might as well get this one ASAP.
Related tags
β
Google
Google
Chrome
Microsoft
Edge
Vulnerability
"Edge"
browser
chrome
CVE-2022-1364
type
confusion
vulnerability
April 16
th
2022 at 00:33
Naked Security
Two different βVMware Springβ bugs at large β we cut through the confusion
March 31
st
2022 at 16:59Β
Two different βVMware Springβ bugs at large β we cut through the confusion
By
Paul Ducklin
Whoever came up with the name "Spring4Shell" didn't help at all... we cut through the Spring Bug confusion
Related tags
β
CVE-2022-22963
CVE-2022-22965
Spring
Spring
Cloud
Spring
Framework
Spring4Shell
VMWare
Spring
March 31
st
2022 at 16:59
Naked Security
βVMware Spring Cloud Functionβ Java bug gives instant remote code execution β update now!
March 30
th
2022 at 20:38Β
βVMware Spring Cloud Functionβ Java bug gives instant remote code execution β update now!
By
Paul Ducklin
Easy unauthenticated remote code execution - PoC code already out
Related tags
β
Uncategorized
CVE-2022-22963
Java
Log4She;;
SPEL
Spring
Spring
Cloud
Spring
Expression
Resource
March 30
th
2022 at 20:38
Naked Security
Google Chrome patches mysterious new zero-day bug β update now
March 28
th
2022 at 14:18Β
Google Chrome patches mysterious new zero-day bug β update now
By
Paul Ducklin
CVE-2022-1096 - another mystery in-the-wild 0-day in Chrome... check your version now!
Related tags
β
Google
Google
Chrome
chrome
Chromium
CVE-2022-1096
Exploit
Zero
Day
March 28
th
2022 at 14:18
Naked Security
Google announces zero-day in Chrome browser β update now!
February 15
th
2022 at 19:17Β
Google announces zero-day in Chrome browser β update now!
By
Paul Ducklin
Zero-day buses: none for a while, then three at once. Here's Google joining Apple and Adobe in "zero-day week"
Related tags
β
Google
Google
Chrome
Microsoft
Edge
Vulnerability
chrome
Chromium
CVE-2022-0609
Zero
Day
February 15
th
2022 at 19:17
Naked Security
Adobe fixes zero-day exploit in e-commerce code: update now!
February 14
th
2022 at 22:38Β
Adobe fixes zero-day exploit in e-commerce code: update now!
By
Paul Ducklin
There's a remote code execution hole in Adobe e-commerce products - and cybercrooks are already exploiting it.
Related tags
β
Adobe
Vulnerability
CVE-2022-24086
Exploit
vulnerability
Zero
Day
February 14
th
2022 at 22:38
Naked Security
Apple zero-day drama for Macs, iPhones and iPads β patch now!
February 11
th
2022 at 14:25Β
Apple zero-day drama for Macs, iPhones and iPads β patch now!
By
Paul Ducklin
Sudden update! Zero-day browser hole! Drive-by malware danger! Patch Apple laptops and phones now...
apple-1200
Related tags
β
Apple
iOS
OS
X
Vulnerability
CVE-2022-22620
iPad
iPhone
macOS
vulnerability
February 11
th
2022 at 14:25
Naked Security
Home routers with NetUSB support could have critical kernel hole
January 11
th
2022 at 17:42Β
Home routers with NetUSB support could have critical kernel hole
By
Paul Ducklin
Got a router that supports USB access across the network? You might need a kernel update...
Related tags
β
Vulnerability
buffer
overflow
CVE-2021-45608
NetUSB
usb
January 11
th
2022 at 17:42
Naked Security
Log4Shell: The Movie⦠a short, safe visual tour for work and home
December 20
th
2021 at 13:20Β
Log4Shell: The Movie⦠a short, safe visual tour for work and home
By
Paul Ducklin
Be happy that your sysadmins are taking one (three, actually!) for the team right now... here's why!
Related tags
β
Video
CVE-2021-44228
CVE-2021-45046
CVE-2021-45105
December 20
th
2021 at 13:20
There are no more articles
β
Mark all as read