Login
FreshRSS
Login
Naked Security
VMware fixes holes that could allow virtual machine escapes
By
Paul Ducklin
β February 16
th
2022 at 19:32
Hats off to VMware for not using weasel words: "When should you act?" Immediately...
Naked Security
Google announces zero-day in Chrome browser β update now!
By
Paul Ducklin
β February 15
th
2022 at 19:17
Zero-day buses: none for a while, then three at once. Here's Google joining Apple and Adobe in "zero-day week"
Naked Security
Adobe fixes zero-day exploit in e-commerce code: update now!
By
Paul Ducklin
β February 14
th
2022 at 22:38
There's a remote code execution hole in Adobe e-commerce products - and cybercrooks are already exploiting it.
Naked Security
Power company pays out $3 trillion compensation to astonished customer
By
Paul Ducklin
β February 14
th
2022 at 14:58
More money than the UK's economy produces in a year!
Naked Security
Apple zero-day drama for Macs, iPhones and iPads β patch now!
By
Paul Ducklin
β February 11
th
2022 at 14:25
Sudden update! Zero-day browser hole! Drive-by malware danger! Patch Apple laptops and phones now...
apple-1200
Naked Security
Microsoft blocks web installation of its own App Installer files
By
Paul Ducklin
β February 7
th
2022 at 16:36
It's a big deal when a vendor decides to block one of its own "features" for security reasons. Here's why we think it's a good idea.
Naked Security
Elementor WordPress plugin has a gaping security hole β update now
By
Paul Ducklin
β February 2
nd
2022 at 17:11
We shouldn't need to say, "Check your inputs!" these days, but we're saying it anyway.
Naked Security
Linux kernel patches βperformance can be harmfulβ bug in video driver
By
Paul Ducklin
β February 1
st
2022 at 19:59
This bug is fiendishly hard to exploit - but if you patch, it won't be there to exploit at all.
Naked Security
Apple fixes Safari data leak (and patches a zero-day!) β update now
By
Paul Ducklin
β January 27
th
2022 at 21:09
That infamous "supercookie" bug in Safari has now been fixed. Oh, and there was a zero-day kernel hole as well.
apple-1200
Naked Security
βPwnKitβ security bug gets you root on most Linux distros β what to do
By
Paul Ducklin
β January 26
th
2022 at 19:58
An elevation of privilege bug that could let a "mostly harmless" user give themselves a instant root shell
Naked Security
Cryptocoin broker Crypto.com says 2FA bypass led to $35m theft
By
Paul Ducklin
β January 21
st
2022 at 16:25
The company has put out a brief security report that summarises the 'what', but not yet the 'how' or 'why'.
Naked Security
S3 Ep66: Cybercrime busts, wormable Windows, and the crisis of featuritis [Podcast + Transcript]
By
Paul Ducklin
β January 20
th
2022 at 17:28
Latest epsiode - listen now!
Naked Security
S3 Ep65: Supply chain conniption, NetUSB hole, Honda flashback, FTC muscle [Podcast + Transcript]
By
Paul Ducklin
β January 13
th
2022 at 15:26
Latest episode -listen to it or read it now!
Naked Security
Wormable Windows HTTP hole β what you need to know
By
Paul Ducklin
β January 12
th
2022 at 16:24
One bug in the January 2022 Patch Tuesday list is getting lots of attention: "HTTP Protocol Stack Remote Code Execution Vulnerability".
Naked Security
Home routers with NetUSB support could have critical kernel hole
By
Paul Ducklin
β January 11
th
2022 at 17:42
Got a router that supports USB access across the network? You might need a kernel update...
Naked Security
Log4Shell-like security hole found in popular Java SQL database engine H2
By
Paul Ducklin
β January 7
th
2022 at 19:32
"It's Log4Shell, Jim, but not as we know it." How to find and fix a JNDI-based vuln in the H2 Database Engine.
Naked Security
FTC threatens βlegal actionβ over unpatched Log4j and other vulns
By
Paul Ducklin
β January 5
th
2022 at 19:37
Remember the Equifax breach? Remember the $700m penalty? In case you'd forgotten, here's the FTC to refresh your memory!
Naked Security
Log4Shell vulnerability Number Four: βMuch ado about somethingβ
By
Paul Ducklin
β December 29
th
2021 at 19:12
It's a Log4j bug, and you ought to patch it. But we don't think it's a critical crisis like the last one.
Naked Security
Apacheβs other product: Critical bugs in βhttpdβ web server, patch now!
By
Paul Ducklin
β December 21
st
2021 at 19:57
The Apache web server just got an update - this one is nothing to do with Log4j!
Naked Security
Serious Security: OpenSSL fixes βerror conflationβ bugs β how mixing up mistakes can lead to trouble
By
Paul Ducklin
β December 17
th
2021 at 17:57
Have you ever seen the message "An error occurred"? Even worse, the message "This error cannot occur"? Facts matter!
Naked Security
Apple security updates are out β and not a Log4Shell mention in sight
By
Paul Ducklin
β December 14
th
2021 at 12:55
Get 'em while they're hot!
Naked Security
Log4Shell explained β how it works, why you need to know, and how to fix it
By
Paul Ducklin
β December 13
th
2021 at 19:41
Find out how to deal with the Log4Shell vulnerability right across your estate. Yes, you need to patch, but that helps everyone else along with you!
Naked Security
βLog4Shellβ Java vulnerability β how to safeguard your servers
By
Paul Ducklin
β December 10
th
2021 at 19:22
Just when you thought it was safe to relax for the weekend... a critical bug showed up in Apache's Log4j product
Naked Security
S3 Ep62: The S in IoT stands for security (and much more) [Podcast+Transcript]
By
Paul Ducklin
β December 9
th
2021 at 17:40
Listen now or read as an article! (Full transcript inside.)
Naked Security
Firefox update brings a whole new sort of security sandbox
By
Paul Ducklin
β December 7
th
2021 at 19:14
Firefox 95.0 is out, with the usual security fixes... plus some funky new ones.
Naked Security
Mozilla patches critical βBigSigβ cryptographic bug: Hereβs how to track it down and fix it
By
Paul Ducklin
β December 3
rd
2021 at 17:58
Mozilla's cryptographic code had a critical bug. Problem is that numerous apps are affected and may need patching individually.
Naked Security
IoT devices must βprotect consumers from cyberharmβ, says UK government
By
Paul Ducklin
β December 2
nd
2021 at 19:10
"Must be at least THIS tall to go on ride" seems to be the starting point. Too little, too late? Or better than nothing?
Naked Security
S3 Ep60: Exchange exploit, GoDaddy breach and cookies made public [Podcast]
By
Paul Ducklin
β November 25
th
2021 at 12:38
Latest episode - listen now! Solid cybersecurity advice in plain English.
Naked Security
Check your patches β public exploit now out for critical Exchange bug
By
Paul Ducklin
β November 23
rd
2021 at 14:36
It was a zero-day bug until Patch Tuesday, now there's an anyone-can-use-it exploit. Don't be the one who hasn't patched.
Naked Security
GoDaddy admits to password breach: check your Managed WordPress site!
By
Paul Ducklin
β November 23
rd
2021 at 00:35
GoDaddy found crooks in its network, and kicked them out - but not before they'd been in there for six weeks.
Naked Security
Patch Tuesday updates the Win 7 updater⦠for at most 1 more year of updates
By
Paul Ducklin
β November 10
th
2021 at 19:45
The clock stopped long ago on Windows 7, except for those who paid for overtime. But there won't be any double overtime!
Naked Security
Microsoft documents βSHROOTLESSβ hack patched in latest Apple updates
By
Paul Ducklin
β October 29
th
2021 at 13:38
We'd have called this bug "SHROOTMORE", but naming it wasn't our call.
Naked Security
S3 Ep54: Another 0-day, double Apache patch, and Fight The Phish [Podcast]
By
Paul Ducklin
β October 14
th
2021 at 18:33
Latest episode - listen now!
There are no more articles
β
Mark all as read