Login
FreshRSS
Login
About FreshRSS
Main stream
Favourites (0)
Security
/r/netsec - Information Security News & Discussion
Dark Reading:
http://blog.trendmicro.com/feed
ICS-CERT Alert Feed
Infosec Island Latest Articles
InfoSec Resources
Krebs on Security
McAfee Blogs
Naked Security
News β Packet Storm
Paul's Security Weekly
SANS Internet Storm Center, InfoCON: green
Security β Cisco Blog
SecurityFocus News
The first stop for security news | Threatpost
The Hacker News
The Register - Security
Threatpost | The first stop for security news
Troy Hunt
Verisign Blog
WeLiveSecurity
WIRED
ZDNet | security RSS
Tools
Security Tool Files β Packet Storm
ToolsWatch.org β The Hackers Arsenal Tools Portal
Vulnerabilities
Advisory Files β Packet Storm
Exploit-DB Updates
Full Disclosure
SecurityFocus Vulnerabilities
There are new available articles, click to refresh the page.
Before yesterday
Naked Security
Naked Security
Urgent! Apple fixes critical zero-day hole in iPhones, iPads and Macs
July 10
th
2023 at 23:12Β
Urgent! Apple fixes critical zero-day hole in iPhones, iPads and Macs
By
Paul Ducklin
Don't delay, do it today. This is a code-implantation bug in WebKit that attackers already know how to exploit.
Related tags
β
Apple
Apple
Safari
iOS
OS
X
Uncategorized
Vulnerability
day
CVE-2023-37450
vulnerability
webkit
Zero
Day
July 10
th
2023 at 23:12
Naked Security
Chrome and Edge zero-day: βThis exploit is in the wildβ, so check your versions now
June 6
th
2023 at 18:28Β
Chrome and Edge zero-day: βThis exploit is in the wildβ, so check your versions now
By
Paul Ducklin
Chrome and Edge 0-days patched.
Related tags
β
Google
Google
Chrome
Microsoft
Microsoft
Edge
Vulnerability
"Edge"
chrome
CVE-2023-3079
type
confusion
vulnerability
Zero
Day
June 6
th
2023 at 18:28
Naked Security
S3 Ep137: 16th century crypto skullduggery
June 1
st
2023 at 16:45Β
S3 Ep137: 16th century crypto skullduggery
By
Paul Ducklin
Lots to learn, clearly explained in plain English... listen now! (Full transcript inside.)
s3-ep137-feat-1200
Related tags
β
Data
loss
Law
&
order
Podcast
Ransomware
Vulnerability
bust
crypto
Cryptography
CVE-2023-32784
Cybercrime
KeePass
oauth
June 1
st
2023 at 16:45
Naked Security
Serious Security: That KeePass βmaster password crackβ, and what we can learn from it
May 31
st
2023 at 19:39Β
Serious Security: That KeePass βmaster password crackβ, and what we can learn from it
By
Paul Ducklin
Here, in an admittedly discursive nutshell, is the fascinating story of CVE-2023-32784. (Short version: Don't panic.)
Related tags
β
Data
loss
CVE-2023-32784
KeePass
memory
management
ram
scraping
serious
security
May 31
st
2023 at 19:39
Naked Security
PaperCut security vulnerabilities under active attack β vendor urges customers to patch
April 25
th
2023 at 17:53Β
PaperCut security vulnerabilities under active attack β vendor urges customers to patch
By
Paul Ducklin
If you have the product, but you haven't patched - well, the crooks have now landed, so please don't delay. Do it today...
Related tags
β
Vulnerability
CVE-2023-27350
CVE-2023-27351
Exploit
PaperCut
rce
vulnerability
April 25
th
2023 at 17:53
Naked Security
S3 Ep117: The crypto crisis that wasnβt (and farewell forever to Win 7) [Audio + Text]
January 12
th
2023 at 17:59Β
S3 Ep117: The crypto crisis that wasnβt (and farewell forever to Win 7) [Audio + Text]
By
Paul Ducklin
Tell us in the comments... What's the REAL reason there was no Windows 9? (No theory too far-fetched!)
Related tags
β
Cryptography
Law
&
order
Podcast
Vulnerability
bust
Naked
Security
Podcast
RSA
Scam
Windows
7
Windows
8.1
January 12
th
2023 at 17:59
Naked Security
The CHRISTMA EXEC network worm β 35 years and counting!
December 1
st
2022 at 20:35Β
The CHRISTMA EXEC network worm β 35 years and counting!
By
Paul Ducklin
"Uh-oh, this viruses-and-worms scene could turn out quite troublesome." If only we'd been wrong...
xmas-1200-35-wide
Related tags
β
Malware
3270
Christma
CMS
IBM
Virus
worm
December 1
st
2022 at 20:35
Naked Security
Log4Shell-like code execution hole in popular Backstage dev tool
November 15
th
2022 at 17:49Β
Log4Shell-like code execution hole in popular Backstage dev tool
By
Paul Ducklin
Good old "string templating", also known as "string interpolation", in the spotlight again...
bs-1200
Related tags
β
Vulnerability
Backstage
CVE-2022-36067
November 15
th
2022 at 17:49
Naked Security
The OpenSSL security update story β how can you tell what needs fixing?
November 3
rd
2022 at 00:44Β
The OpenSSL security update story β how can you tell what needs fixing?
By
Paul Ducklin
How to Hack! Finding OpenSSL library files and accurately identifying their version numbers...
ossl-code-1200
Related tags
β
Cryptography
Vulnerability
CVE-2022-3602
CVE-2022-378
openssl
November 3
rd
2022 at 00:44
Naked Security
OpenSSL patches are outΒ β CRITICAL bug downgraded to HIGH, but patch anyway!
November 1
st
2022 at 17:24Β
OpenSSL patches are outΒ β CRITICAL bug downgraded to HIGH, but patch anyway!
By
Paul Ducklin
That bated-breath OpenSSL update is out! It's no longer rated CRITICAL, but we advise you to patch ASAP anyway. Here's why...
Related tags
β
Cryptography
Vulnerability
CVE-2022-3602
CVE-2022-3786
openssl
vulneravility
November 1
st
2022 at 17:24
Naked Security
SHA-3 code execution bug patched in PHP β check your version!
November 1
st
2022 at 14:09Β
SHA-3 code execution bug patched in PHP β check your version!
By
Paul Ducklin
As everyone waits for news of a bug in OpenSSL, here's a reminder that other cryptographic code in your life may also need patching!
Related tags
β
Cryptography
Vulnerability
cryptograhpy
CVE-2022-37454
PHP
sha-3
November 1
st
2022 at 14:09
Naked Security
Chrome issues urgent zero-day fix β update now!
October 29
th
2022 at 15:08Β
Chrome issues urgent zero-day fix β update now!
By
Paul Ducklin
We've said it before/And we'll say it again/It's not *if* you should patch/It's a matter of *when*. (Hint: now!)
Related tags
β
Google
Google
Chrome
Vulnerability
"Edge"
day
chrome
Chromium
CVE-2022-3723
Exploit
Zero
Day
October 29
th
2022 at 15:08
Naked Security
Updates to Appleβs zero-day update story β iPhone and iPad users read this!
October 28
th
2022 at 18:04Β
Updates to Appleβs zero-day update story β iPhone and iPad users read this!
By
Paul Ducklin
Turns out that Tuesday's zero-day for iOS 16 is Friday's zero-day for iOS 15...
Related tags
β
Apple
Vulnerability
CVE-2022-42827
iPad
iPhone
spyware
Zero
Day
October 28
th
2022 at 18:04
Naked Security
Apple megaupdate: Ventura out, iOS and iPad kernel zero-day β act now!
October 25
th
2022 at 18:03Β
Apple megaupdate: Ventura out, iOS and iPad kernel zero-day β act now!
By
Paul Ducklin
Ventura hits the market with 112 patches, Catalina's gone missing, and iPhones and iPads get a critical kernel-level zero-day patch...
Related tags
β
Apple
iOS
OS
X
Vulnerability
day
CVE-2022-42827
Exploit
ios
iPad
iPhone
mac
vulnerability
zer-day
October 25
th
2022 at 18:03
Naked Security
Zoom for Mac patches sneaky βspy-on-meβ bug β update now!
October 18
th
2022 at 18:01Β
Zoom for Mac patches sneaky βspy-on-meβ bug β update now!
By
Paul Ducklin
Hey! That back door isn't supposed to be there at all, let alone propped open...
Related tags
β
Uncategorized
CVE-2022-28762
snooping
spyware
vulnerabiloity
zoom
October 18
th
2022 at 18:01
Naked Security
Chrome and Edge fix zero-day security hole β update now!
September 5
th
2022 at 15:12Β
Chrome and Edge fix zero-day security hole β update now!
By
Paul Ducklin
This time, the crooks got there first - only 1 security hole patched, but it's a zero-day.
Related tags
β
Google
Google
Chrome
Vulnerability
chrome
CVE-2022-3075
Exploit
Patch
Zero
Day
September 5
th
2022 at 15:12
Naked Security
Zoom for Mac patches critical bug β update now!
August 15
th
2022 at 18:26Β
Zoom for Mac patches critical bug β update now!
By
Paul Ducklin
There's many a slip 'twixt the cup and the lip. Or at least between the TOC and the TOU...
Related tags
β
OS
X
Vulnerability
CVE-2022-28756
macOS
Wardle
zoom
August 15
th
2022 at 18:26
Naked Security
Critical Samba bug could let anyone become Domain Admin β patch now!
July 27
th
2022 at 21:15Β
Critical Samba bug could let anyone become Domain Admin β patch now!
By
Paul Ducklin
It's a serious bug... but there's a fix for it, so you know exactly what to do!
Related tags
β
Vulnerability
CVE-2022-32744
password
reset
Samba
July 27
th
2022 at 21:15
Naked Security
US Government says: Patch VMware right now, or get off our network
May 20
th
2022 at 14:03Β
US Government says: Patch VMware right now, or get off our network
By
Paul Ducklin
Find and patch. Right now. If you can't patch, get it off the network. Right now! Oh, and show us what you did to comply.
Related tags
β
Vulnerability
CVE-2022-22972
CVE-2022-22973
Federal
Government
MTR
VMware
May 20
th
2022 at 14:03
Naked Security
RubyGems supply chain rip-and-replace bug fixed β check your logs!
May 9
th
2022 at 15:41Β
RubyGems supply chain rip-and-replace bug fixed β check your logs!
By
Paul Ducklin
Imagine if you could assume the identity of, say, Franklin Delano Roosevelt simply by showing up and calling yourself "Frank".
ruby-1200
Related tags
β
Vulnerability
CVE-2022-29176
ruby
RubyGems
suppy
chain
vulnerability
May 9
th
2022 at 15:41
Naked Security
UK police arrest 7 hacking suspects β have they bust the LAPSUS$ gang?
March 25
th
2022 at 01:48Β
UK police arrest 7 hacking suspects β have they bust the LAPSUS$ gang?
By
Naked Security writer
Seven alleged hackers have been arrested in the UK. But who are they, and which hacking crew are they from?
Related tags
β
Cryptocurrency
Law
&
order
bust
Cybercrime
DEV-0537
hacking
lapsus
March 25
th
2022 at 01:48
Naked Security
OpenSSL patches infinite-loop DoS bug in certificate verification
March 18
th
2022 at 17:59Β
OpenSSL patches infinite-loop DoS bug in certificate verification
By
Paul Ducklin
When it comes to writing loops in your code... never sit on the fence!
Related tags
β
Cryptography
Vulnerability
CVE-2022-0778
DOS
openssl
ormandy
vulnerability
March 18
th
2022 at 17:59
Naked Security
S3 Ep73: Ransomware with a difference, dirty Linux pipes, and much more [Podcast + Transcript]
March 10
th
2022 at 19:37Β
S3 Ep73: Ransomware with a difference, dirty Linux pipes, and much more [Podcast + Transcript]
By
Paul Ducklin
Latest episode - listen now!
Related tags
β
Podcast
adafruit
CVE-2022-0847
Cybercrime
Dirty
Pipe
Firefox
hacking
Linux
Mozilla
Naked
Security
Podcast
NVIDIA
ransomware
March 10
th
2022 at 19:37
Naked Security
βDirty Pipeβ Linux kernel bug lets anyone write to any file
March 8
th
2022 at 19:37Β
βDirty Pipeβ Linux kernel bug lets anyone write to any file
By
Paul Ducklin
Even read-only files can be written to, leading to a dangerously general purpose elevation-of-privilege attack.
pipe-1200
Related tags
β
Android
Google
Linux
Vulnerability
CVE-2022-0847
EoP
file
overwrite
kernel
splice
vulnerability
March 8
th
2022 at 19:37
Naked Security
Irony alert! PHP fixes security flaw in input validation code
February 18
th
2022 at 17:59Β
Irony alert! PHP fixes security flaw in input validation code
By
Paul Ducklin
What's wrong with this sequence? 1. Step into the road 2. Check if it's safe 3. Keep on walki...
Related tags
β
Vulnerability
CVE-2021-21708
PHP
use-after-free
February 18
th
2022 at 17:59
Naked Security
Wormable Windows HTTP hole β what you need to know
January 12
th
2022 at 16:24Β
Wormable Windows HTTP hole β what you need to know
By
Paul Ducklin
One bug in the January 2022 Patch Tuesday list is getting lots of attention: "HTTP Protocol Stack Remote Code Execution Vulnerability".
Related tags
β
Microsoft
Vulnerability
CVE-2022-21907
http
HTTP.sys
IIS
Patch
Tuesday
worm
January 12
th
2022 at 16:24
Naked Security
Apacheβs other product: Critical bugs in βhttpdβ web server, patch now!
December 21
st
2021 at 19:57Β
Apacheβs other product: Critical bugs in βhttpdβ web server, patch now!
By
Paul Ducklin
The Apache web server just got an update - this one is nothing to do with Log4j!
Related tags
β
Vulnerability
Apache
CVE-2021-44224
CVE-2021-44790
httpd
web
server
December 21
st
2021 at 19:57
There are no more articles
β
Mark all as read