Microsoft Patch Tuesday: 74 CVEs plus 2 “Exploit Detected” advisories

74 CVEs, and two "Exploitation Detected" advisories, which are nearly but not quite the same as 0-days. Also, two potential Teams treacheries that you really want to fix.

S3 Ep143: Supercookie surveillance shenanigans

Latest episode - listen now! (Full transcript inside.)

Microsoft patches four zero-days, finally takes action against crimeware kernel drivers

Here's a brief reminder to do two things. The first is to patch. The second is to read up why it's a good idea to patch...

Firefox 115 is out, says farewell to users of older Windows and Mac versions

No zero-days this month, so you're patching to stay ahead, not merely to catch up!

WordPress plugin lets users become admins – Patch early, patch often!

Ultimate Member plugin lets rogue users choose their own site capabilities, including becoming admins.

Apple patch fixes zero-day kernel hole reported by Kaspersky – update now!

Apple didn't use the words "Triangulation Trojan", but you probably will.

ASUS warns router customers: Patch now, or block all inbound requests

"Do as we say, not as we do!" - The patches took ages to come out, but don't let that lure you into taking ages to install them.

Patch Tuesday fixes 4 critical RCE bugs, and a bunch of Office holes

No zero-days this month, if you ignore the Edge RCE hole patched last week

Firefox 114 is out: No 0-days, but one fascinating “teachable moment” bug

With the right (or wrong, if you're on the right side of the fence) timing...

Apple delivers first-ever Rapid Security Response “cyberattack” patch – leaves some users confused

Just when we'd got used to three-numbered versions, such as "13.3.1", here comes an update suffix, bringing you "13.3.1 (a)"...

Double zero-day in Chrome and Edge – check your versions now!

Wouldn't it be handy if there were a single version number to check for in every Chromium-based browser, on every supported platform?

Patch Tuesday: Microsoft fixes a zero-day, and two curious bugs that take the Secure out of Secure Boot

Is Secure Boot without the Secure just "Boot"?

Dangerous Android phone 0-day bugs revealed – patch or work around them now!

Despite its usually inflexible 0-day disclosure policy, Google is keeping four mobile modem bugs semi-secret due to likely ease of exploitation.

S3 Ep 126: The price of fast fashion (and feature creep) [Audio + Text]

Worried about rogue apps? Unsure about the new Outlook zero-day? Clear advice in plain English... just like old times, with Duck and Chet!

Microsoft fixes two 0-days on Patch Tuesday – update now!

An email you haven't even looked at yet could be used to trick Outlook into helping crooks to logon as you.

S3 Ep122: Stop calling every breach “sophisticated”! [Audio + Text]

Latest episode - listen now! (Full transcript inside.)

Microsoft Patch Tuesday: 36 RCE bugs, 3 zero-days, 75 CVEs

Lots of lovely patches for your Valentine's Day delight. Get 'em as soon as you can...

VMWare user? Worried about “ESXi ransomware”? Check your patches now!

To borrow from HHGttG, please DON'T PANIC. But if you are two years out of date with patches, please do ACT NOW!

Microsoft Patch Tuesday: One 0-day; Win 7 and 8.1 get last-ever patches

Get 'em while they're hot. And get 'em for the very last time, if you still have Windows 7 or 8.1...

Patch Tuesday: 0-days, RCE bugs, and a curious tale of signed malware

Tales of derring-do in the cyberunderground! (And some zero-days.)

Apple pushes out iOS security update that’s more tight-lipped than ever

We grabbed the update, based on no information at all, just in case we came across a reason to advise you not to. So far, so good...

Firefox fixes fullscreen fakery flaw – get the update now!

What's so bad about a web page going fullscreen without warning you first?

S3 Ep108: You hid THREE BILLION dollars in a popcorn tin?

Patches, busts, leaks and why even low-likelihood exploits can be high-severity risks - listen now!

Exchange 0-days fixed (at last) – plus 4 brand new Patch Tuesday 0-days!

In all the excitement, we kind of lost track ourselves. Were there six 0-days, or only four?

S3 Ep107: Eight months to kick out the crooks and you think that’s GOOD? [Audio + Text]

Listen now - latest episode - audio plus full transcript

S3 Ep105: WONTFIX! The MS Office cryptofail that “isn’t a security flaw” [Audio + Text]

The coolest video game ever! And lots of solid cybersecurity advice - listen now!

Patch Tuesday in brief – one 0-day fixed, but no patches for Exchange!

There's a zero-day patch, but it's not for the zero-day you thought.

Chrome and Edge fix zero-day security hole – update now!

This time, the crooks got there first - only 1 security hole patched, but it's a zero-day.

Firefox 104 is out – no critical bugs, but update anyway

Two trust-spoofing bugs were the main culprits this month - but neither one was a zero-day.

Firefox 102 fixes address bar spoofing security hole (and helps with Follina!)

Firefox squashes a bug that helped phishers, and brings its own helping hand to Microsoft's "Follina" saga.

Follina gets fixed – but it’s not listed in the Patch Tuesday patches!

We tried it out to make sure, so you don't have to.

Firefox 101 is out, this time with no 0-day scares (but update anyway!)

After an intriguing month of Firefox releases, here's one with a bit less drama, probably to the collective relief of Mozilla's coders.

S3 Ep84: Government demand, Mozilla velocity, and Clearview fine [Podcast]

Latest episode - listen now!

Microsoft patches the Patch Tuesday patch that broke authentication

Remember the good old days when security patches rarely needed patches? Because security patches themlelves were rare enough anyway?

Apple patches zero-day kernel hole and much more – update now!

You'll find fixes for numerous kernel-level code execution holes, including an 0-day vulnerability in many (though not all) versions.

Android monthly updates are out – critical bugs found in critical places!

Android May 2022 updates are out - with some critical fixes in some critical places. Learn more...

S3 Ep77: Bugs, busts and old-school PDP-11 hacking [Podcast]

Latest episode - listen now! Cybersecurity news and advice in plain English.

Firefox 99 is out – no major bugs, but update anyway!

Firefox's four-weekly updates just dropped - here's what you need to know.

Google’s monthly Android updates patch numerous “get root” holes

Get the update now... if it's available for your phone. Here's how to check.

Apple patches 87 security holes – from iPhones and Macs to Windows

Lots of fixes, with data leakage flaws and code execution bugs patched on iPhones, Macs and even Windows.

Apple fixes Safari data leak (and patches a zero-day!) – update now

That infamous "supercookie" bug in Safari has now been fixed. Oh, and there was a zero-day kernel hole as well.

Wormable Windows HTTP hole – what you need to know

One bug in the January 2022 Patch Tuesday list is getting lots of attention: "HTTP Protocol Stack Remote Code Execution Vulnerability".

FTC threatens “legal action” over unpatched Log4j and other vulns

Remember the Equifax breach? Remember the $700m penalty? In case you'd forgotten, here's the FTC to refresh your memory!

Log4Shell vulnerability Number Four: “Much ado about something”

It's a Log4j bug, and you ought to patch it. But we don't think it's a critical crisis like the last one.

Serious Security: OpenSSL fixes “error conflation” bugs – how mixing up mistakes can lead to trouble

Have you ever seen the message "An error occurred"? Even worse, the message "This error cannot occur"? Facts matter!

Apple security updates are out – and not a Log4Shell mention in sight

Get 'em while they're hot!

Check your patches – public exploit now out for critical Exchange bug

It was a zero-day bug until Patch Tuesday, now there's an anyone-can-use-it exploit. Don't be the one who hasn't patched.

Patch Tuesday updates the Win 7 updater… for at most 1 more year of updates

The clock stopped long ago on Windows 7, except for those who paid for overtime. But there won't be any double overtime!