S3 Ep147: What if you type in your password during a meeting?

Latest episode - listen now! (Full transcript inside.)

Performance and security clash yet again in “Collide+Power” attack

It's a real vulnerability, but the data leakage rate can be as low as... let's just say that an IMAX-quality copy of the new "Oppenheimer" movie could take you 4 billion years to exfiltrate.

Microsoft patches four zero-days, finally takes action against crimeware kernel drivers

Here's a brief reminder to do two things. The first is to patch. The second is to read up why it's a good idea to patch...

Belkin Wemo Smart Plug V2 – the buffer overflow that won’t be patched

Yes, it's a buffer overflow bug. No, it's not going get fixed.

Apple zero-day spyware patches extended to cover older Macs, iPhones and iPads

That double-whammy Apple browser-to-kernel spyware bug combo we wrote up last week? Turns out it applies to all supported Macs and iDevices - patch now!

Supply chain blunder puts 3CX telephone app users at risk

Booby-trapped app, apparently signed and shipped by 3CX itself after its source code repository was broken into.

In Memoriam – Gordon Moore, who put the more in “Moore’s Law”

His prediction was called a "Law", though it was an exhortation to engineering excellence as much it was an estimate.

Google Pixel phones had a serious data leakage bug – here’s what to do!

What if the "safe" images you shared after carefully cropping them... had some or all of the "unsafe" pixels left behind anyway?

DoppelPaymer ransomware supsects arrested in Germany and Ukraine

Devices seized, suspects interrogated and arrested, allegedly connected to devastating cyberattack on University Hospital in Düsseldorf.

Serious Security: Unravelling the LifeLock “hacked passwords” story

Four straight-talking tips to improve your online security, whether you're a LifeLock customer or not.

PyTorch: Machine Learning toolkit pwned from Christmas to New Year

The bad news: the crooks have your SSH private keys. The good news: only users of the "nightly" build were affected.

How to hack an unpatched Exchange server with rogue PowerShell code

Review your servers, your patches and your authentication policies - there's a proof-of-concept out

Dangerous hole in Apache Commons Text – like Log4Shell all over again

Third time unlucky. Time to put your patching boots on again...

S3 Ep104: Should hospital ransomware attackers be locked up for life? [Audio + Text]

Have your say on three deep questions posed by this week's podcast. Read or listen as suits you best...

Move over Patch Tuesday – it’s Ada Lovelace Day!

Hacking on actual computers is one thing, but hacking purposefully on imaginary computers is, these days, something we can only imagine.

S3 Ep103: Scammers in the Slammer (and other stories) [Audio + Text]

Latest episode - listen and learn now (or read and revise, if the written word is your thing)...

S3 Ep102.5: “ProxyNotShell” Exchange bugs – an expert speaks [Audio + Text]

Who's affected, what you can do while waiting for Microsoft's patches, and how to plan your threat hunting...

S3 Ep96: Zoom 0-day, AEPIC leak, Conti reward, healthcare security [Audio + Text]

Latest episode - listen now (or read if you prefer!)

8 months on, US says Log4Shell will be around for “a decade or longer”

When it comes to cybersecurity, ask not what everyone else can do for you...

7 cybersecurity tips for your summer vacation!

Here you go - seven thoughtful cybersecurity tips to help you travel safely...

Colonial Pipeline facing $1,000,000 fine for poor recovery plans

How good is your cybersecurity? Are you making the same mistakes as lots of other people? Here's some real-life advice...

Two different “VMware Spring” bugs at large – we cut through the confusion

Whoever came up with the name "Spring4Shell" didn't help at all... we cut through the Spring Bug confusion

“VMware Spring Cloud Function” Java bug gives instant remote code execution – update now!

Easy unauthenticated remote code execution - PoC code already out

“Dirty Pipe” Linux kernel bug lets anyone write to any file

Even read-only files can be written to, leading to a dangerously general purpose elevation-of-privilege attack.

At last! Office macros from the internet to be blocked by default

It's been a long time coming, and we're not there yet, but at least Microsoft Office will be a bit safer against macro malware...

S3 Ep64: Log4Shell again, scammers keeping busy, and Apple Home bug [Podcast + Transcript]

We're back for 2022 - listen now!

FTC threatens “legal action” over unpatched Log4j and other vulns

Remember the Equifax breach? Remember the $700m penalty? In case you'd forgotten, here's the FTC to refresh your memory!

Log4Shell vulnerability Number Four: “Much ado about something”

It's a Log4j bug, and you ought to patch it. But we don't think it's a critical crisis like the last one.

S3 Ep63: Log4Shell (what else?) and Apple kernel bugs [Podcast+Transcript]

Latest episode - listen now! (Yes, there are plenty of critical things to go along with Log4Shell.)

Log4Shell explained – how it works, why you need to know, and how to fix it

Find out how to deal with the Log4Shell vulnerability right across your estate. Yes, you need to patch, but that helps everyone else along with you!

“Log4Shell” Java vulnerability – how to safeguard your servers

Just when you thought it was safe to relax for the weekend... a critical bug showed up in Apache's Log4j product

S3 Ep61: Call scammers, cloud insecurity, and facial recognition creepiness [Podcast+Transcript]

Latest episode - listen now!

Apple’s Mail Privacy Protection feature – watch out if you have a Watch!

Apple's "Protect Mail Activity" is a handy privacy enhancement for your messaging habits. As long as you know its limitations...

“To the moon!” Cryptocurrency hamster Mr Goxx trades online 24/7

Here's a happy cryptocurrency story for once, with not a cybercrook in sight.

LANtenna hack spies on your data from across the room! (Sort of)

Are your network cables acting as undercover wireless transmitters? What can you do if they are?