Login
FreshRSS
Login
Naked Security
Adafruit suffers GitHub data breach β donβt let this happen to you
By
Paul Ducklin
β March 7
th
2022 at 12:47
Training data stashed in GitHub by mistake... unfortunately, it was *real* data
Naked Security
Firefox patches two actively exploited 0-day holes: update now!
By
Paul Ducklin
β March 5
th
2022 at 19:06
Firefox just published a double-zero-day patch - "remote code execution" combined with "sandbox escape". Update now!
Naked Security
S3 Ep72: AirTag stalking, web server coding woes and Instascams [Podcast + Transcript]
By
Paul Ducklin
β March 3
rd
2022 at 14:04
Latest episode - listen now (or read it, if that's your preference)...
Naked Security
Ransomware with a difference: βDerestrict your software, or else!β
By
Paul Ducklin
β March 2
nd
2022 at 16:33
"Change your code to improve cryptomining"... or we'll dump 1TB of stolen secrets.
Naked Security
Instagram scammers as busy as ever: passwords and 2FA codes at risk
By
Paul Ducklin
β February 28
th
2022 at 17:56
Instagram scams don't seem to be dying out - we're seeing more variety and trickiness than ever...
Naked Security
Did we learn nothing from Y2K? Why are some coders still stuck on two digit numbers?
By
Paul Ducklin
β February 25
th
2022 at 17:59
Calling all website coders: Y2K was then. V1H is now!
Naked Security
S3 Ep71: VMware escapes, PHP holes, WP plugin woes, and scary scams [Podcast + Transcript]
By
Paul Ducklin
β February 24
th
2022 at 16:51
Latest episode - listen now!
Naked Security
Apple AirTag anti-stalking protection bypassed by researchers
By
Paul Ducklin
β February 23
rd
2022 at 17:59
Problems with Apple's Tracker Detect system, which warns you of likely stalking attempts using hidden AirTags.
Naked Security
WordPress backup plugin maker Updraft says βYou should updateββ¦
By
Paul Ducklin
β February 22
nd
2022 at 17:26
A straight-talking bug report written in plain English by an actual expert - there's a teachable moment in this cybersecurity story!
Naked Security
French speakers blasted by sextortion scams with no text or links
By
Paul Ducklin
β February 21
st
2022 at 17:59
You'd spot this one a mile away... but what about your friends or family?
Naked Security
Irony alert! PHP fixes security flaw in input validation code
By
Paul Ducklin
β February 18
th
2022 at 17:59
What's wrong with this sequence? 1. Step into the road 2. Check if it's safe 3. Keep on walki...
Naked Security
S3 Ep70: Bitcoin, billing blunders, and 0-day after 0-day after 0-day [Podcast + Transcript]
By
Paul Ducklin
β February 17
th
2022 at 17:12
Latest episode - listen and learn!
Naked Security
VMware fixes holes that could allow virtual machine escapes
By
Paul Ducklin
β February 16
th
2022 at 19:32
Hats off to VMware for not using weasel words: "When should you act?" Immediately...
Naked Security
Google announces zero-day in Chrome browser β update now!
By
Paul Ducklin
β February 15
th
2022 at 19:17
Zero-day buses: none for a while, then three at once. Here's Google joining Apple and Adobe in "zero-day week"
Naked Security
Adobe fixes zero-day exploit in e-commerce code: update now!
By
Paul Ducklin
β February 14
th
2022 at 22:38
There's a remote code execution hole in Adobe e-commerce products - and cybercrooks are already exploiting it.
Naked Security
Power company pays out $3 trillion compensation to astonished customer
By
Paul Ducklin
β February 14
th
2022 at 14:58
More money than the UK's economy produces in a year!
Naked Security
Apple zero-day drama for Macs, iPhones and iPads β patch now!
By
Paul Ducklin
β February 11
th
2022 at 14:25
Sudden update! Zero-day browser hole! Drive-by malware danger! Patch Apple laptops and phones now...
apple-1200
Naked Security
S3 Ep69: WordPress woes, Wormhole holes, and a Microsoft change of heart [Podcast + Transcript]
By
Paul Ducklin
β February 10
th
2022 at 01:15
Latest episode - listen now!
Naked Security
Self-styled βCrocodile of Wall Streetβ arrested with husband over Bitcoin megaheist
By
Naked Security writer
β February 9
th
2022 at 14:44
The cops say they've recovered 80% of a $72 million cryptocoin heist... but the recovered funds alone are now worth over $4 billion!
Naked Security
At last! Office macros from the internet to be blocked by default
By
Paul Ducklin
β February 8
th
2022 at 16:34
It's been a long time coming, and we're not there yet, but at least Microsoft Office will be a bit safer against macro malware...
Naked Security
Microsoft blocks web installation of its own App Installer files
By
Paul Ducklin
β February 7
th
2022 at 16:36
It's a big deal when a vendor decides to block one of its own "features" for security reasons. Here's why we think it's a good idea.
Naked Security
Wormhole cryptotrading company turns over $340,000,000 to criminals
By
Paul Ducklin
β February 4
th
2022 at 17:38
It was the best of blockchains, it was the worst of blockchains... as Charles Dickens might have said.
Naked Security
S3 Ep68: Bugs, scams, privacy β¦and fonts?! [Podcast + Transcript]
By
Paul Ducklin
β February 3
rd
2022 at 16:20
Latest episode - listen now!
Naked Security
Elementor WordPress plugin has a gaping security hole β update now
By
Paul Ducklin
β February 2
nd
2022 at 17:11
We shouldn't need to say, "Check your inputs!" these days, but we're saying it anyway.
Naked Security
Linux kernel patches βperformance can be harmfulβ bug in video driver
By
Paul Ducklin
β February 1
st
2022 at 19:59
This bug is fiendishly hard to exploit - but if you patch, it won't be there to exploit at all.
Naked Security
Website operator fined for using Google Fonts βthe cloudy wayβ
By
Paul Ducklin
β January 31
st
2022 at 17:58
Google Fonts are OK, it seems, but only if everyone keeps their own copy of the fonts they use.
Naked Security
Coronavirus SMS scam offers home PCR testing devices β donβt fall for it!
By
Paul Ducklin
β January 28
th
2022 at 23:58
Free home PCR devices would be technological marvels, and really useful, too. But there aren't any...
Naked Security
Happy Data Privacy Day β and we really do mean βhappyβ :-)
By
Paul Ducklin
β January 28
th
2022 at 15:34
We give you some simple digital lifesytle tips that cost nothing.
Naked Security
Apple fixes Safari data leak (and patches a zero-day!) β update now
By
Paul Ducklin
β January 27
th
2022 at 21:09
That infamous "supercookie" bug in Safari has now been fixed. Oh, and there was a zero-day kernel hole as well.
apple-1200
Naked Security
S3 Ep67: Tax scams, carder busts and crypto capers [Podcast + Transcript]
By
Paul Ducklin
β January 27
th
2022 at 19:57
Latest episode - listen now!
Naked Security
βPwnKitβ security bug gets you root on most Linux distros β what to do
By
Paul Ducklin
β January 26
th
2022 at 19:58
An elevation of privilege bug that could let a "mostly harmless" user give themselves a instant root shell
Naked Security
Tax scam emails are alive and well as US tax season starts
By
Paul Ducklin
β January 25
th
2022 at 17:19
If in doubt, don't give it out! (And don't forget that no reply is often a good reply.)
Naked Security
Alleged carder gang mastermind and three acolytes under arrest in Russia
By
Naked Security writer
β January 24
th
2022 at 14:14
The motto of the gang was "In Fraud We Trust", and they went by a dizzying range of online nicknames.
Naked Security
Cryptocoin broker Crypto.com says 2FA bypass led to $35m theft
By
Paul Ducklin
β January 21
st
2022 at 16:25
The company has put out a brief security report that summarises the 'what', but not yet the 'how' or 'why'.
Naked Security
S3 Ep66: Cybercrime busts, wormable Windows, and the crisis of featuritis [Podcast + Transcript]
By
Paul Ducklin
β January 20
th
2022 at 17:28
Latest epsiode - listen now!
Naked Security
Serious Security: Apple Safari leaks private data via database API β what you need to know
By
Paul Ducklin
β January 18
th
2022 at 19:23
There's a tiny data leakage bug in the WebKit browser engine... but it could act as a "supercookie" identifier for your browsing
Naked Security
Romance scammer who targeted 670 women gets 28 months in jail
By
Paul Ducklin
β January 17
th
2022 at 14:13
Found love online? Sending them money? Friends and family warning you it could be a scam? Don't be too quick to dismiss their concerns...
Naked Security
Serious Security: Linux full-disk encryption bug fixed β patch now!
By
Paul Ducklin
β January 14
th
2022 at 21:58
Imagine if someone who didn't have your password could sneakily modify data that was encrypted with it.
Naked Security
REvil ransomware crew allegedly busted in Russia, says FSB
By
Naked Security writer
β January 14
th
2022 at 19:48
The Russian Federal Security Bureau has just published a report about the investigation and arrest of the infamous "REvil" ransomware crew.
Naked Security
S3 Ep65: Supply chain conniption, NetUSB hole, Honda flashback, FTC muscle [Podcast + Transcript]
By
Paul Ducklin
β January 13
th
2022 at 15:26
Latest episode -listen to it or read it now!
Naked Security
Wormable Windows HTTP hole β what you need to know
By
Paul Ducklin
β January 12
th
2022 at 16:24
One bug in the January 2022 Patch Tuesday list is getting lots of attention: "HTTP Protocol Stack Remote Code Execution Vulnerability".
Naked Security
Home routers with NetUSB support could have critical kernel hole
By
Paul Ducklin
β January 11
th
2022 at 17:42
Got a router that supports USB access across the network? You might need a kernel update...
Naked Security
JavaScript developer destroys own projects in supply chain βlessonβ
By
Paul Ducklin
β January 11
th
2022 at 00:54
Two popular open source JavaScript packages recently got "hacked" in a symbolic gesture by the original project creator.
Naked Security
Honda cars in flashback to 2002Β β βCanβt Get You Out Of My Headβ
By
Paul Ducklin
β January 8
th
2022 at 02:53
Where were YOU on the night of 17 May 2002? And what about the day after that?
Naked Security
Log4Shell-like security hole found in popular Java SQL database engine H2
By
Paul Ducklin
β January 7
th
2022 at 19:32
"It's Log4Shell, Jim, but not as we know it." How to find and fix a JNDI-based vuln in the H2 Database Engine.
Naked Security
S3 Ep64: Log4Shell again, scammers keeping busy, and Apple Home bug [Podcast + Transcript]
By
Paul Ducklin
β January 6
th
2022 at 19:44
We're back for 2022 - listen now!
Naked Security
FTC threatens βlegal actionβ over unpatched Log4j and other vulns
By
Paul Ducklin
β January 5
th
2022 at 19:37
Remember the Equifax breach? Remember the $700m penalty? In case you'd forgotten, here's the FTC to refresh your memory!
Naked Security
Apple Home software bug could lock you out of your iPhone
By
Paul Ducklin
β January 4
th
2022 at 17:23
The finder of this bug insists it "poses a serious risk". We're not so sure, but we recommend you take steps to avoid it anyway.
Naked Security
Instagram copyright infringment scams β donβt get sucked in!
By
Paul Ducklin
β December 30
th
2021 at 14:40
We deconstructed a copyright phish so you don't have to. Be warned: the crooks are getting better at these scams...
Naked Security
Log4Shell vulnerability Number Four: βMuch ado about somethingβ
By
Paul Ducklin
β December 29
th
2021 at 19:12
It's a Log4j bug, and you ought to patch it. But we don't think it's a critical crisis like the last one.
Naked Security
SFW! The Top N CyberΒsecurity Stories of 2021 (for small positive integer values of N)
By
Paul Ducklin
β December 24
th
2021 at 17:44
Happy Holidays! Our Top N stories, all totally SFW!
Naked Security
The cool retro phone with a REAL DIAL⦠plus plenty of IoT problems
By
Paul Ducklin
β December 23
rd
2021 at 17:58
You know you want one, because this retro phone is NOT A TOY... except when it comes to cybersecurity.
Naked Security
Plundered bitcoins recovered by FBI β all 3,879-and-one-sixth of them!
By
Paul Ducklin
β December 22
nd
2021 at 17:57
Phew! An audacious crime... that didn't work out.
Naked Security
Apacheβs other product: Critical bugs in βhttpdβ web server, patch now!
By
Paul Ducklin
β December 21
st
2021 at 19:57
The Apache web server just got an update - this one is nothing to do with Log4j!
Naked Security
Log4Shell: The Movie⦠a short, safe visual tour for work and home
By
Paul Ducklin
β December 20
th
2021 at 13:20
Be happy that your sysadmins are taking one (three, actually!) for the team right now... here's why!
Naked Security
Serious Security: OpenSSL fixes βerror conflationβ bugs β how mixing up mistakes can lead to trouble
By
Paul Ducklin
β December 17
th
2021 at 17:57
Have you ever seen the message "An error occurred"? Even worse, the message "This error cannot occur"? Facts matter!
Naked Security
S3 Ep63: Log4Shell (what else?) and Apple kernel bugs [Podcast+Transcript]
By
Paul Ducklin
β December 16
th
2021 at 17:41
Latest episode - listen now! (Yes, there are plenty of critical things to go along with Log4Shell.)
Naked Security
Apple security updates are out β and not a Log4Shell mention in sight
By
Paul Ducklin
β December 14
th
2021 at 12:55
Get 'em while they're hot!
Naked Security
Log4Shell explained β how it works, why you need to know, and how to fix it
By
Paul Ducklin
β December 13
th
2021 at 19:41
Find out how to deal with the Log4Shell vulnerability right across your estate. Yes, you need to patch, but that helps everyone else along with you!
Naked Security
βLog4Shellβ Java vulnerability β how to safeguard your servers
By
Paul Ducklin
β December 10
th
2021 at 19:22
Just when you thought it was safe to relax for the weekend... a critical bug showed up in Apache's Log4j product
Load more articles