Login
FreshRSS
Login
About FreshRSS
Main stream
Favourites (0)
Security
/r/netsec - Information Security News & Discussion
Dark Reading:
http://blog.trendmicro.com/feed
ICS-CERT Alert Feed
Infosec Island Latest Articles
InfoSec Resources
Krebs on Security
McAfee Blogs
Naked Security
News β Packet Storm
Paul's Security Weekly
SANS Internet Storm Center, InfoCON: green
Security β Cisco Blog
SecurityFocus News
The first stop for security news | Threatpost
The Hacker News
The Register - Security
Threatpost | The first stop for security news
Troy Hunt
Verisign Blog
WeLiveSecurity
WIRED
ZDNet | security RSS
Tools
Security Tool Files β Packet Storm
ToolsWatch.org β The Hackers Arsenal Tools Portal
Vulnerabilities
Advisory Files β Packet Storm
Exploit-DB Updates
Full Disclosure
SecurityFocus Vulnerabilities
There are new available articles, click to refresh the page.
Before yesterday
Naked Security
Naked Security
Microsoft Patch Tuesday: 74 CVEs plus 2 βExploit Detectedβ advisories
August 9
th
2023 at 20:34Β
Microsoft Patch Tuesday: 74 CVEs plus 2 βExploit Detectedβ advisories
By
Paul Ducklin
74 CVEs, and two "Exploitation Detected" advisories, which are nearly but not quite the same as 0-days. Also, two potential Teams treacheries that you really want to fix.
Related tags
β
Microsoft
Vulnerability
Patch
Tuesday
vulnerability
Zero
Day
August 9
th
2023 at 20:34
Naked Security
S3 Ep143: Supercookie surveillance shenanigans
July 13
th
2023 at 16:48Β
S3 Ep143: Supercookie surveillance shenanigans
By
Paul Ducklin
Latest episode - listen now! (Full transcript inside.)
Related tags
β
Microsoft
Podcast
Vulnerability
Naked
Security
Podcast
Patch
Tuesday
rowhammer
July 13
th
2023 at 16:48
Naked Security
Microsoft patches four zero-days, finally takes action against crimeware kernel drivers
July 12
th
2023 at 18:57Β
Microsoft patches four zero-days, finally takes action against crimeware kernel drivers
By
Paul Ducklin
Here's a brief reminder to do two things. The first is to patch. The second is to read up why it's a good idea to patch...
Related tags
β
Microsoft
Vulnerability
elevation
of
privilege
EoP
Patch
Tuesday
security
bypass
July 12
th
2023 at 18:57
Naked Security
Firefox 115 is out, says farewell to users of older Windows and Mac versions
July 5
th
2023 at 18:58Β
Firefox 115 is out, says farewell to users of older Windows and Mac versions
By
Paul Ducklin
No zero-days this month, so you're patching to stay ahead, not merely to catch up!
Related tags
β
Vulnerability
Firefox
Patch
vulnerability
July 5
th
2023 at 18:58
Naked Security
WordPress plugin lets users become adminsΒ β Patch early, patch often!
July 3
rd
2023 at 16:48Β
WordPress plugin lets users become adminsΒ β Patch early, patch often!
By
Paul Ducklin
Ultimate Member plugin lets rogue users choose their own site capabilities, including becoming admins.
Related tags
β
Vulnerability
CVE-2023-3460
Patch
Ultimate
Members
vulnerability
July 3
rd
2023 at 16:48
Naked Security
Apple patch fixes zero-day kernel hole reported by Kaspersky β update now!
June 22
nd
2023 at 00:36Β
Apple patch fixes zero-day kernel hole reported by Kaspersky β update now!
By
Paul Ducklin
Apple didn't use the words "Triangulation Trojan", but you probably will.
Related tags
β
Apple
Apple
Safari
iOS
OS
X
Vulnerability
Patch
Zero
Day
June 22
nd
2023 at 00:36
Naked Security
ASUS warns router customers: Patch now, or block all inbound requests
June 20
th
2023 at 18:14Β
ASUS warns router customers: Patch now, or block all inbound requests
By
Paul Ducklin
"Do as we say, not as we do!" - The patches took ages to come out, but don't let that lure you into taking ages to install them.
Related tags
β
Vulnerability
Asus
Patch
rce
router
vulnerability
June 20
th
2023 at 18:14
Naked Security
Patch Tuesday fixes 4 critical RCE bugs, and a bunch of Office holes
June 13
th
2023 at 23:32Β
Patch Tuesday fixes 4 critical RCE bugs, and a bunch of Office holes
By
Paul Ducklin
No zero-days this month, if you ignore the Edge RCE hole patched last week
Related tags
β
Microsoft
Vulnerability
Office
Patch
Tuesday
sharepoint
vulnerability
June 13
th
2023 at 23:32
Naked Security
Firefox 114 is out: No 0-days, but one fascinating βteachable momentβ bug
June 7
th
2023 at 19:59Β
Firefox 114 is out: No 0-days, but one fascinating βteachable momentβ bug
By
Paul Ducklin
With the right (or wrong, if you're on the right side of the fence) timing...
Related tags
β
Firefox
Mozilla
Vulnerability
CVE-2023-34414
Patches
vulnerability
June 7
th
2023 at 19:59
Naked Security
Apple delivers first-ever Rapid Security Response βcyberattackβ patch β leaves some users confused
May 1
st
2023 at 20:46Β
Apple delivers first-ever Rapid Security Response βcyberattackβ patch β leaves some users confused
By
Paul Ducklin
Just when we'd got used to three-numbered versions, such as "13.3.1", here comes an update suffix, bringing you "13.3.1 (a)"...
Related tags
β
Uncategorized
Apple
Patch
Rapid
Security
Response
Zero
Day
May 1
st
2023 at 20:46
Naked Security
Double zero-day in Chrome and Edge β check your versions now!
April 24
th
2023 at 19:59Β
Double zero-day in Chrome and Edge β check your versions now!
By
Paul Ducklin
Wouldn't it be handy if there were a single version number to check for in every Chromium-based browser, on every supported platform?
Related tags
β
Google
Google
Chrome
Microsoft
Microsoft
Edge
Vulnerability
"Edge"
chrome
Chromium
Patch
Zero
Day
April 24
th
2023 at 19:59
Naked Security
Patch Tuesday: Microsoft fixes a zero-day, and two curious bugs that take the Secure out of Secure Boot
April 12
th
2023 at 18:57Β
Patch Tuesday: Microsoft fixes a zero-day, and two curious bugs that take the Secure out of Secure Boot
By
Paul Ducklin
Is Secure Boot without the Secure just "Boot"?
Related tags
β
Microsoft
Vulnerability
bootkit
Exploit
Patch
Tuesday
Secure
Boot
Zero
Day
April 12
th
2023 at 18:57
Naked Security
Dangerous Android phone 0-day bugs revealed β patch or work around them now!
March 17
th
2023 at 19:56Β
Dangerous Android phone 0-day bugs revealed β patch or work around them now!
By
Paul Ducklin
Despite its usually inflexible 0-day disclosure policy, Google is keeping four mobile modem bugs semi-secret due to likely ease of exploitation.
Related tags
β
Android
Google
Samsung
Vulnerability
Patches
rce
vulnerability
March 17
th
2023 at 19:56
Naked Security
S3 Ep 126: The price of fast fashion (and feature creep) [Audio + Text]
March 16
th
2023 at 17:56Β
S3 Ep 126: The price of fast fashion (and feature creep) [Audio + Text]
By
Paul Ducklin
Worried about rogue apps? Unsure about the new Outlook zero-day? Clear advice in plain English... just like old times, with Duck and Chet!
Related tags
β
Data
loss
Google
Microsoft
Mozilla
Podcast
Privacy
Vulnerability
Cybercrime
Firefox
Naked
Security
Podcast
Outlook
Patch
Tuesday
SHEIN
vulnerability
March 16
th
2023 at 17:56
Naked Security
Microsoft fixes two 0-days on Patch Tuesday β update now!
March 15
th
2023 at 00:06Β
Microsoft fixes two 0-days on Patch Tuesday β update now!
By
Paul Ducklin
An email you haven't even looked at yet could be used to trick Outlook into helping crooks to logon as you.
Related tags
β
Microsoft
Vulnerability
Windows
day
Exploit
MOTW
NTLM
v2
Outlook
Patch
Tuesday
SmartScreen
vulnerability
Zero
Day
March 15
th
2023 at 00:06
Naked Security
S3 Ep122: Stop calling every breach βsophisticatedβ! [Audio + Text]
February 16
th
2023 at 17:46Β
S3 Ep122: Stop calling every breach βsophisticatedβ! [Audio + Text]
By
Paul Ducklin
Latest episode - listen now! (Full transcript inside.)
Related tags
β
Podcast
Apple
Cybercrime
Exploit
hacking
Microsoft
Naked
Security
Podcast
Patch
Tuesday
reddit
vulnerability
Zero
Day
February 16
th
2023 at 17:46
Naked Security
Microsoft Patch Tuesday: 36 RCE bugs, 3 zero-days, 75 CVEs
February 14
th
2023 at 22:12Β
Microsoft Patch Tuesday: 36 RCE bugs, 3 zero-days, 75 CVEs
By
Paul Ducklin
Lots of lovely patches for your Valentine's Day delight. Get 'em as soon as you can...
Related tags
β
Microsoft
Patch
Tuesday
February 14
th
2023 at 22:12
Naked Security
VMWare user? Worried about βESXi ransomwareβ? Check your patches now!
February 7
th
2023 at 19:59Β
VMWare user? Worried about βESXi ransomwareβ? Check your patches now!
By
Paul Ducklin
To borrow from HHGttG, please DON'T PANIC. But if you are two years out of date with patches, please do ACT NOW!
Related tags
β
Ransomware
Vulnerability
ESXi
Patching
ransomware
VMware
February 7
th
2023 at 19:59
Naked Security
Microsoft Patch Tuesday: One 0-day; Win 7 and 8.1 get last-ever patches
January 11
th
2023 at 00:22Β
Microsoft Patch Tuesday: One 0-day; Win 7 and 8.1 get last-ever patches
By
Paul Ducklin
Get 'em while they're hot. And get 'em for the very last time, if you still have Windows 7 or 8.1...
Related tags
β
Microsoft
Vulnerability
Exploit
malware.
spam.
vulnerability
Patch
Tuesday
January 11
th
2023 at 00:22
Naked Security
Patch Tuesday: 0-days, RCE bugs, and a curious tale of signed malware
December 14
th
2022 at 01:13Β
Patch Tuesday: 0-days, RCE bugs, and a curious tale of signed malware
By
Paul Ducklin
Tales of derring-do in the cyberunderground! (And some zero-days.)
Related tags
β
Microsoft
Vulnerability
driver
signing
Exploit
Patch
Tuesday
vulnerability
December 14
th
2022 at 01:13
Naked Security
Apple pushes out iOS security update thatβs more tight-lipped than ever
December 2
nd
2022 at 21:02Β
Apple pushes out iOS security update thatβs more tight-lipped than ever
By
Paul Ducklin
We grabbed the update, based on no information at all, just in case we came across a reason to advise you not to. So far, so good...
Related tags
β
Apple
iOS
ios
iPhone
security
patch
December 2
nd
2022 at 21:02
Naked Security
Firefox fixes fullscreen fakery flaw β get the update now!
November 16
th
2022 at 19:51Β
Firefox fixes fullscreen fakery flaw β get the update now!
By
Paul Ducklin
What's so bad about a web page going fullscreen without warning you first?
Related tags
β
Firefox
Mozilla
Vulnerability
Patch
vulnerability
November 16
th
2022 at 19:51
Naked Security
S3 Ep108: You hid THREE BILLION dollars in a popcorn tin?
November 10
th
2022 at 17:26Β
S3 Ep108: You hid THREE BILLION dollars in a popcorn tin?
By
Paul Ducklin
Patches, busts, leaks and why even low-likelihood exploits can be high-severity risks - listen now!
Related tags
β
Cryptocurrency
Law
&
order
Microsoft
Podcast
Privacy
Vulnerability
bust
cryptocurrency
Exploit
Naked
Security
Podcast
Patch
Tuesday
Windows
November 10
th
2022 at 17:26
Naked Security
Exchange 0-days fixed (at last) β plus 4 brand new Patch Tuesday 0-days!
November 9
th
2022 at 19:58Β
Exchange 0-days fixed (at last) β plus 4 brand new Patch Tuesday 0-days!
By
Paul Ducklin
In all the excitement, we kind of lost track ourselves. Were there six 0-days, or only four?
Related tags
β
Microsoft
Privacy
Vulnerability
day
exchange
Exploit
Patch
Tuesday
vulnerability
Zero
Day
November 9
th
2022 at 19:58
Naked Security
S3 Ep107: Eight months to kick out the crooks and you think thatβs GOOD? [Audio + Text]
November 3
rd
2022 at 17:51Β
S3 Ep107: Eight months to kick out the crooks and you think thatβs GOOD? [Audio + Text]
By
Paul Ducklin
Listen now - latest episode - audio plus full transcript
Related tags
β
Apple
Data
loss
Google
Law
&
order
Malware
Podcast
Privacy
Vulnerability
bust
Cybercrime
cyberextortion
data
breach
heartbleed
Naked
Security
Podcast
openssl
Patches
November 3
rd
2022 at 17:51
Naked Security
S3 Ep105: WONTFIX! The MS Office cryptofail that βisnβt a security flawβ [Audio + Text]
October 20
th
2022 at 18:54Β
S3 Ep105: WONTFIX! The MS Office cryptofail that βisnβt a security flawβ [Audio + Text]
By
Paul Ducklin
The coolest video game ever! And lots of solid cybersecurity advice - listen now!
pic-1200
Related tags
β
Cryptography
Data
loss
Microsoft
Podcast
Privacy
data
breach
Naked
Security
Podcast
Office
Patch
Tuesday
zoom
October 20
th
2022 at 18:54
Naked Security
Patch Tuesday in brief β one 0-day fixed, but no patches for Exchange!
October 12
th
2022 at 16:58Β
Patch Tuesday in brief β one 0-day fixed, but no patches for Exchange!
By
Paul Ducklin
There's a zero-day patch, but it's not for the zero-day you thought.
Related tags
β
Microsoft
Vulnerability
Windows
day
Exploit
Patch
Tuesday
vulnerability
October 12
th
2022 at 16:58
Naked Security
Chrome and Edge fix zero-day security hole β update now!
September 5
th
2022 at 15:12Β
Chrome and Edge fix zero-day security hole β update now!
By
Paul Ducklin
This time, the crooks got there first - only 1 security hole patched, but it's a zero-day.
Related tags
β
Google
Google
Chrome
Vulnerability
chrome
CVE-2022-3075
Exploit
Patch
Zero
Day
September 5
th
2022 at 15:12
Naked Security
Firefox 104 is out β no critical bugs, but update anyway
August 26
th
2022 at 16:27Β
Firefox 104 is out β no critical bugs, but update anyway
By
Paul Ducklin
Two trust-spoofing bugs were the main culprits this month - but neither one was a zero-day.
Related tags
β
Firefox
Mozilla
Vulnerability
Patch
vulnerability
August 26
th
2022 at 16:27
Naked Security
Firefox 102 fixes address bar spoofing security hole (and helps with Follina!)
June 29
th
2022 at 16:11Β
Firefox 102 fixes address bar spoofing security hole (and helps with Follina!)
By
Paul Ducklin
Firefox squashes a bug that helped phishers, and brings its own helping hand to Microsoft's "Follina" saga.
Related tags
β
Firefox
Mozilla
Vulnerability
Follina
Patch
vulnerability
June 29
th
2022 at 16:11
Naked Security
Follina gets fixed β but itβs not listed in the Patch Tuesday patches!
June 15
th
2022 at 01:20Β
Follina gets fixed β but itβs not listed in the Patch Tuesday patches!
By
Paul Ducklin
We tried it out to make sure, so you don't have to.
Related tags
β
Microsoft
Vulnerability
CVE-2022-30190
Follina
Patch
Tuesday
June 15
th
2022 at 01:20
Naked Security
Firefox 101 is out, this time with no 0-day scares (but update anyway!)
June 1
st
2022 at 14:31Β
Firefox 101 is out, this time with no 0-day scares (but update anyway!)
By
Paul Ducklin
After an intriguing month of Firefox releases, here's one with a bit less drama, probably to the collective relief of Mozilla's coders.
Related tags
β
Firefox
Mozilla
Vulnerability
Patch
vulnerability
June 1
st
2022 at 14:31
Naked Security
S3 Ep84: Government demand, Mozilla velocity, and Clearview fine [Podcast]
May 27
th
2022 at 11:17Β
S3 Ep84: Government demand, Mozilla velocity, and Clearview fine [Podcast]
By
Paul Ducklin
Latest episode - listen now!
Related tags
β
Podcast
Privacy
Vulnerability
Clearview
Mozilla
Naked
Security
Podcast
Patching
VMware
May 27
th
2022 at 11:17
Naked Security
Microsoft patches the Patch Tuesday patch that broke authentication
May 20
th
2022 at 22:35Β
Microsoft patches the Patch Tuesday patch that broke authentication
By
Paul Ducklin
Remember the good old days when security patches rarely needed patches? Because security patches themlelves were rare enough anyway?
Related tags
β
Microsoft
Vulnerability
Windows
authentication
out-of-band
patch-to-patch
Woindows
May 20
th
2022 at 22:35
Naked Security
Apple patches zero-day kernel hole and much more β update now!
May 17
th
2022 at 09:30Β
Apple patches zero-day kernel hole and much more β update now!
By
Paul Ducklin
You'll find fixes for numerous kernel-level code execution holes, including an 0-day vulnerability in many (though not all) versions.
Related tags
β
Apple
iOS
OS
X
Vulnerability
day
Patch
vulnerability
Zero
Day
May 17
th
2022 at 09:30
Naked Security
Android monthly updates are out β critical bugs found in critical places!
May 4
th
2022 at 15:54Β
Android monthly updates are out β critical bugs found in critical places!
By
Paul Ducklin
Android May 2022 updates are out - with some critical fixes in some critical places. Learn more...
Related tags
β
Android
Google
Vulnerability
critical
Patch
update
vulnerability
May 4
th
2022 at 15:54
Naked Security
S3 Ep77: Bugs, busts and old-school PDP-11 hacking [Podcast]
April 7
th
2022 at 12:24Β
S3 Ep77: Bugs, busts and old-school PDP-11 hacking [Podcast]
By
Paul Ducklin
Latest episode - listen now! Cybersecurity news and advice in plain English.
Related tags
β
Android
Apple
Firefox
Google
iOS
Law
&
order
Mozilla
OS
X
Podcast
Privacy
Vulnerability
Cybercrime
data
breach
lapsus
Naked
Security
Podcast
Patches
vulnerability
April 7
th
2022 at 12:24
Naked Security
Firefox 99 is out β no major bugs, but update anyway!
April 5
th
2022 at 16:21Β
Firefox 99 is out β no major bugs, but update anyway!
By
Paul Ducklin
Firefox's four-weekly updates just dropped - here's what you need to know.
Related tags
β
Firefox
Mozilla
Vulnerability
Patch
vulnerability
April 5
th
2022 at 16:21
Naked Security
Googleβs monthly Android updates patch numerous βget rootβ holes
April 5
th
2022 at 14:44Β
Googleβs monthly Android updates patch numerous βget rootβ holes
By
Paul Ducklin
Get the update now... if it's available for your phone. Here's how to check.
android-1200
Related tags
β
Android
Google
Vulnerability
Android
10
EoP
Patch
vulnerability
April 5
th
2022 at 14:44
Naked Security
Apple patches 87 security holes β from iPhones and Macs to Windows
March 15
th
2022 at 16:36Β
Apple patches 87 security holes β from iPhones and Macs to Windows
By
Paul Ducklin
Lots of fixes, with data leakage flaws and code execution bugs patched on iPhones, Macs and even Windows.
apple-1200
Related tags
β
Apple
iOS
OS
X
Privacy
Vulnerability
Windows
cve
Exploit
Patch
rce
March 15
th
2022 at 16:36
Naked Security
Apple fixes Safari data leak (and patches a zero-day!) β update now
January 27
th
2022 at 21:09Β
Apple fixes Safari data leak (and patches a zero-day!) β update now
By
Paul Ducklin
That infamous "supercookie" bug in Safari has now been fixed. Oh, and there was a zero-day kernel hole as well.
apple-1200
Related tags
β
Apple
iOS
OS
X
Privacy
Vulnerability
Exploit
ios
iPhone
macOS
Patch
rce
January 27
th
2022 at 21:09
Naked Security
Wormable Windows HTTP hole β what you need to know
January 12
th
2022 at 16:24Β
Wormable Windows HTTP hole β what you need to know
By
Paul Ducklin
One bug in the January 2022 Patch Tuesday list is getting lots of attention: "HTTP Protocol Stack Remote Code Execution Vulnerability".
Related tags
β
Microsoft
Vulnerability
CVE-2022-21907
http
HTTP.sys
IIS
Patch
Tuesday
worm
January 12
th
2022 at 16:24
Naked Security
FTC threatens βlegal actionβ over unpatched Log4j and other vulns
January 5
th
2022 at 19:37Β
FTC threatens βlegal actionβ over unpatched Log4j and other vulns
By
Paul Ducklin
Remember the Equifax breach? Remember the $700m penalty? In case you'd forgotten, here's the FTC to refresh your memory!
Related tags
β
Data
loss
Law
&
order
Privacy
Vulnerability
Equifax
ftc
Log4j
Log4Shell
Patching
January 5
th
2022 at 19:37
Naked Security
Log4Shell vulnerability Number Four: βMuch ado about somethingβ
December 29
th
2021 at 19:12Β
Log4Shell vulnerability Number Four: βMuch ado about somethingβ
By
Paul Ducklin
It's a Log4j bug, and you ought to patch it. But we don't think it's a critical crisis like the last one.
Related tags
β
Vulnerability
Apache
CVE-2021-44228
CVE-2021-44832
Java
Log4j
Log4Shell
Patch
vulnerability
December 29
th
2021 at 19:12
Naked Security
Serious Security: OpenSSL fixes βerror conflationβ bugs β how mixing up mistakes can lead to trouble
December 17
th
2021 at 17:57Β
Serious Security: OpenSSL fixes βerror conflationβ bugs β how mixing up mistakes can lead to trouble
By
Paul Ducklin
Have you ever seen the message "An error occurred"? Even worse, the message "This error cannot occur"? Facts matter!
Related tags
β
Cryptography
CVE-2021-4044
openssl
Patching
vulnerability
December 17
th
2021 at 17:57
Naked Security
Apple security updates are out β and not a Log4Shell mention in sight
December 14
th
2021 at 12:55Β
Apple security updates are out β and not a Log4Shell mention in sight
By
Paul Ducklin
Get 'em while they're hot!
Related tags
β
Apple
iPad
iPhone
macOS
Patch
vulnerability
December 14
th
2021 at 12:55
Naked Security
Check your patches β public exploit now out for critical Exchange bug
November 23
rd
2021 at 14:36Β
Check your patches β public exploit now out for critical Exchange bug
By
Paul Ducklin
It was a zero-day bug until Patch Tuesday, now there's an anyone-can-use-it exploit. Don't be the one who hasn't patched.
Related tags
β
Microsoft
Vulnerability
CVE-2021-42321
exchange
Patch
Patch
Tuesday
Zero
Day
November 23
rd
2021 at 14:36
Naked Security
Patch Tuesday updates the Win 7 updater⦠for at most 1 more year of updates
November 10
th
2021 at 19:45Β
Patch Tuesday updates the Win 7 updater⦠for at most 1 more year of updates
By
Paul Ducklin
The clock stopped long ago on Windows 7, except for those who paid for overtime. But there won't be any double overtime!
Related tags
β
Microsoft
Vulnerability
Patch
Tuesday
security
holes
Windows
November 10
th
2021 at 19:45
There are no more articles
β
Mark all as read