Login
FreshRSS
Login
About FreshRSS
Main stream
Favourites (0)
Security
/r/netsec - Information Security News & Discussion
Dark Reading:
http://blog.trendmicro.com/feed
ICS-CERT Alert Feed
Infosec Island Latest Articles
InfoSec Resources
Krebs on Security
McAfee Blogs
Naked Security
News β Packet Storm
Paul's Security Weekly
SANS Internet Storm Center, InfoCON: green
Security β Cisco Blog
SecurityFocus News
The first stop for security news | Threatpost
The Hacker News
The Register - Security
Threatpost | The first stop for security news
Troy Hunt
Verisign Blog
WeLiveSecurity
WIRED
ZDNet | security RSS
Tools
Security Tool Files β Packet Storm
ToolsWatch.org β The Hackers Arsenal Tools Portal
Vulnerabilities
Advisory Files β Packet Storm
Exploit-DB Updates
Full Disclosure
SecurityFocus Vulnerabilities
There are new available articles, click to refresh the page.
Before yesterday
Naked Security
Naked Security
Using WinRAR? Be sure to patch against these code execution bugsβ¦
August 23
rd
2023 at 19:55Β
Using WinRAR? Be sure to patch against these code execution bugsβ¦
By
Paul Ducklin
Imagine if you clicked on a harmless-looking image, but an unknown application fired up instead...
Related tags
β
Uncategorized
August 23
rd
2023 at 19:55
Naked Security
S3 Ep146: Tell us about that breach! (If you want to.)
August 3
rd
2023 at 17:56Β
S3 Ep146: Tell us about that breach! (If you want to.)
By
Paul Ducklin
Serious security stories explained clearly in plain English - listen now. (Full transcript available.)
Related tags
β
Podcast
Uncategorized
BWAIN
data
leakage
Firefox
Naked
Security
Podcast
SEC
August 3
rd
2023 at 17:56
Naked Security
S3 Ep144: When threat hunting goes down a rabbit hole
July 20
th
2023 at 14:58Β
S3 Ep144: When threat hunting goes down a rabbit hole
By
Paul Ducklin
Latest episode - check it out now!
Related tags
β
Uncategorized
Exploit
Microsoft
Naked
Security
Podcast
Storm
Virus
Total
Zero
Day
Zimbra
July 20
th
2023 at 14:58
Naked Security
Urgent! Apple fixes critical zero-day hole in iPhones, iPads and Macs
July 10
th
2023 at 23:12Β
Urgent! Apple fixes critical zero-day hole in iPhones, iPads and Macs
By
Paul Ducklin
Don't delay, do it today. This is a code-implantation bug in WebKit that attackers already know how to exploit.
Related tags
β
Apple
Apple
Safari
iOS
OS
X
Uncategorized
Vulnerability
day
CVE-2023-37450
vulnerability
webkit
Zero
Day
July 10
th
2023 at 23:12
Naked Security
Gozi banking malware βIT chiefβ finally jailed after more than 10 years
June 13
th
2023 at 18:43Β
Gozi banking malware βIT chiefβ finally jailed after more than 10 years
By
Paul Ducklin
Gozi threesome from way back in the late 2000s and early 2010s now all charged, convicted and sentenced. The DOJ got there in the end...
Related tags
β
Data
loss
Law
&
order
Malware
bust
doj
Gozi
paunescu
June 13
th
2023 at 18:43
Naked Security
S3 Ep136: Navigating a manic malware maelstrom
May 25
th
2023 at 16:50Β
S3 Ep136: Navigating a manic malware maelstrom
By
Paul Ducklin
Latest episode - listen now. Full transcript inside...
Related tags
β
Denial
of
Service
Law
&
order
Malware
Podcast
bust
Cybercrime
hacking
Naked
Security
Podcast
PyPI
supply
chain
Uncategorized
May 25
th
2023 at 16:50
Naked Security
Ransomware tales: The MitM attack that really had a Man in the Middle
May 24
th
2023 at 17:59Β
Ransomware tales: The MitM attack that really had a Man in the Middle
By
Paul Ducklin
Another traitorous sysadmin story, this one busted by system logs that gave his game away...
Related tags
β
Uncategorized
bust
ransomware
May 24
th
2023 at 17:59
Naked Security
Bootkit zero-day fix β is this Microsoftβs most cautious patch ever?
May 10
th
2023 at 11:50Β
Bootkit zero-day fix β is this Microsoftβs most cautious patch ever?
By
Paul Ducklin
When blocking buggy bootup modules, you have to be really careful not to lock your keys inside the car...
Related tags
β
Uncategorized
May 10
th
2023 at 11:50
Naked Security
World Password Day: 2 + 2 = 4
May 4
th
2023 at 13:12Β
World Password Day: 2 + 2 = 4
By
Paul Ducklin
We've kept it short and simple, with no sermons, no judgmentalism, no tubthumping... and no BUY NOW buttons. Have a nice day!
Related tags
β
Privacy
WorldPasswordDay
passwords
fun
tips
May 4
th
2023 at 13:12
Naked Security
Apple delivers first-ever Rapid Security Response βcyberattackβ patch β leaves some users confused
May 1
st
2023 at 20:46Β
Apple delivers first-ever Rapid Security Response βcyberattackβ patch β leaves some users confused
By
Paul Ducklin
Just when we'd got used to three-numbered versions, such as "13.3.1", here comes an update suffix, bringing you "13.3.1 (a)"...
Related tags
β
Uncategorized
Apple
Patch
Rapid
Security
Response
Zero
Day
May 1
st
2023 at 20:46
Naked Security
Einstein tilings β the amazing βHatβ shape that never repeats!
April 4
th
2023 at 18:59Β
Einstein tilings β the amazing βHatβ shape that never repeats!
By
Paul Ducklin
Imagine tiling a whole football field using a single shape... yet not being able to produce a repeating pattern, even if you wanted to.
Related tags
β
Uncategorized
April 4
th
2023 at 18:59
Naked Security
Dangerous Android phone 0-day bugs revealed β patch or work around them now!
March 17
th
2023 at 19:56Β
Dangerous Android phone 0-day bugs revealed β patch or work around them now!
By
Paul Ducklin
Despite its usually inflexible 0-day disclosure policy, Google is keeping four mobile modem bugs semi-secret due to likely ease of exploitation.
Related tags
β
Android
Google
Samsung
Vulnerability
Patches
rce
vulnerability
March 17
th
2023 at 19:56
Naked Security
Dutch suspect locked up for alleged personal data megathefts
January 26
th
2023 at 22:02Β
Dutch suspect locked up for alleged personal data megathefts
By
Paul Ducklin
Undercover Austrian "controlled data buy" leads to Amsterdam arrest and ongoing investigation. Suspect is said to steal and sell all sorts of data, including medical records.
Related tags
β
Law
&
order
Austria
breach
data
theft
Money
Laundering
Netherlands
January 26
th
2023 at 22:02
Naked Security
The horror! The horror! NOTEPAD gets tabbed editing (very briefly)
December 29
th
2022 at 19:59Β
The horror! The horror! NOTEPAD gets tabbed editing (very briefly)
By
Paul Ducklin
Is there a special meaning of "don't" that means "go right ahead"?
Related tags
β
Microsoft
Uncategorized
Happy
New
Year
humor
humour
Notepad++
December 29
th
2022 at 19:59
Naked Security
Critical β10-out-of-10β Linux kernel SMB hole β should you worry?
December 27
th
2022 at 19:35Β
Critical β10-out-of-10β Linux kernel SMB hole β should you worry?
By
Paul Ducklin
It's serious, it's critical, and you could call it severe... but in HHGttG terminology, it's probably "mostly harmless".
Related tags
β
Uncategorized
December 27
th
2022 at 19:35
Naked Security
S3 Ep113: Pwning the Windows kernel β the crooks who hoodwinked Microsoft [Audio + Text]
December 15
th
2022 at 17:10Β
S3 Ep113: Pwning the Windows kernel β the crooks who hoodwinked Microsoft [Audio + Text]
By
Paul Ducklin
Return o' the rookit, super-sneaky wireless spyware, credit card skimming, and patches galore. Listen and learn!
Related tags
β
Apple
Data
loss
Malware
Microsoft
Podcast
Privacy
Vulnerability
day
Ben-Gurion
University
ios
Naked
Security
Podcast
skimming
supply
chain
vulnerability
Zero
Day
December 15
th
2022 at 17:10
Naked Security
COVID-bit: the wireless spyware trick with an unfortunate name
December 13
th
2022 at 19:58Β
COVID-bit: the wireless spyware trick with an unfortunate name
By
Paul Ducklin
It's not the switching that's the problem, it's the switching of the switching!
ind-1200
Related tags
β
Data
loss
Privacy
airgap
Ben-Gurion
University
exfiltration
December 13
th
2022 at 19:58
Naked Security
How to hack an unpatched Exchange server with rogue PowerShell code
November 22
nd
2022 at 19:54Β
How to hack an unpatched Exchange server with rogue PowerShell code
By
Paul Ducklin
Review your servers, your patches and your authentication policies - there's a proof-of-concept out
Related tags
β
Microsoft
Uncategorized
Vulnerability
day
:ProxyNotShell
CVE-2022-41040
CVE-2022-41082
Zero
Day
November 22
nd
2022 at 19:54
Naked Security
Public URL scanning tools β when security leads to insecurity
November 7
th
2022 at 19:59Β
Public URL scanning tools β when security leads to insecurity
By
Paul Ducklin
Never make your users cry/By how you use an API
Related tags
β
Privacy
API
BrΔunlein
data
leakage
urlscan
November 7
th
2022 at 19:59
Naked Security
When cops hack back: Dutch police fleece DEADBOLT criminals (legally!)
October 21
st
2022 at 18:25Β
When cops hack back: Dutch police fleece DEADBOLT criminals (legally!)
By
Paul Ducklin
Crooks: Show us the money! Cops: How about you show us the decryption keys first?
Related tags
β
Cryptocurrency
Law
&
order
counter-hack
cryptocurrency
Deadbolt
dutch
police
ransomware
October 21
st
2022 at 18:25
Naked Security
Zoom for Mac patches sneaky βspy-on-meβ bug β update now!
October 18
th
2022 at 18:01Β
Zoom for Mac patches sneaky βspy-on-meβ bug β update now!
By
Paul Ducklin
Hey! That back door isn't supposed to be there at all, let alone propped open...
Related tags
β
Uncategorized
CVE-2022-28762
snooping
spyware
vulnerabiloity
zoom
October 18
th
2022 at 18:01
Naked Security
JavaScript bugs aplenty in Node.js ecosystem β found automatically
August 30
th
2022 at 16:59Β
JavaScript bugs aplenty in Node.js ecosystem β found automatically
By
Paul Ducklin
How to get the better of bugs in all the possible packages in your supply chain?
Related tags
β
Vulnerability
bug-hunting
cve
JavaScript
vulnerability
August 30
th
2022 at 16:59
Naked Security
Breaching airgap security: using your phoneβs gyroscope as a microphone
August 24
th
2022 at 18:59Β
Breaching airgap security: using your phoneβs gyroscope as a microphone
By
Paul Ducklin
One bit per second makes the Voyager probe data rate seem blindingly fast. But it's enough to break your security assumptions...
Related tags
β
Data
loss
Vulnerability
airgap
Ben
Gurion
Ben-Gurion
University
data
leakage
GAIROSCOPE
August 24
th
2022 at 18:59
Naked Security
Paying ransomware crooks wonβt reduce your legal risk, warns regulator
July 12
th
2022 at 18:24Β
Paying ransomware crooks wonβt reduce your legal risk, warns regulator
By
Paul Ducklin
"We paid the crooks to keep things under control and make a bad thing better"... isn't a valid excuse. Who knew?
Related tags
β
GDPR
compliance
Law
&
order
Ransomware
Uncategorized
cyberextortion
GCHQ
ico
NCSC
ransomware
July 12
th
2022 at 18:24
Naked Security
S3 Ep82: Bugs, bugs, bugs (and Colonial Pipeline again) [Podcast]
May 12
th
2022 at 15:46Β
S3 Ep82: Bugs, bugs, bugs (and Colonial Pipeline again) [Podcast]
By
Paul Ducklin
Latest episode - lots to learn - plain English - fun with a serious side - listen now!
Related tags
β
Uncategorized
Cybercrime
Cybercrime
Squad
Naked
Security
Podcast
Podcast
May 12
th
2022 at 15:46
Naked Security
βVMware Spring Cloud Functionβ Java bug gives instant remote code execution β update now!
March 30
th
2022 at 20:38Β
βVMware Spring Cloud Functionβ Java bug gives instant remote code execution β update now!
By
Paul Ducklin
Easy unauthenticated remote code execution - PoC code already out
Related tags
β
Uncategorized
CVE-2022-22963
Java
Log4She;;
SPEL
Spring
Spring
Cloud
Spring
Expression
Resource
March 30
th
2022 at 20:38
Naked Security
Cryptocoin ATMs ruled illegal β βShut down at onceβ, says regulator
March 14
th
2022 at 17:51Β
Cryptocoin ATMs ruled illegal β βShut down at onceβ, says regulator
By
Paul Ducklin
If you live in the UK and hadn't yet heard of cryptocoin ATMs... it's too late now!
Related tags
β
Cryptocurrency
cryptcoins
Money
Laundering
scams
March 14
th
2022 at 17:51
Naked Security
Microsoft blocks web installation of its own App Installer files
February 7
th
2022 at 16:36Β
Microsoft blocks web installation of its own App Installer files
By
Paul Ducklin
It's a big deal when a vendor decides to block one of its own "features" for security reasons. Here's why we think it's a good idea.
Related tags
β
Malware
Phishing
Vulnerability
App
Bundle
App
Installer
CVE-2021-43890
MSIX
Windows
February 7
th
2022 at 16:36
Naked Security
S3 Ep55: Live malware, global encryption, dating scams, and secret emanations [Podcasts]
October 21
st
2021 at 18:13Β
S3 Ep55: Live malware, global encryption, dating scams, and secret emanations [Podcasts]
By
Paul Ducklin
Latest episode - listen now! (And sign up for our forthcoming Live Malware Demo at the same time.)
Related tags
β
Cryptocurrency
Cryptography
Malware
Podcast
Privacy
Ben-Gurion
University
BGU
cryptocurency
Cybercrime
LANtenna
Naked
Security
Podcast
scammers
TBX
October 21
st
2021 at 18:13
There are no more articles
β
Mark all as read