Login
FreshRSS
Login
Naked Security
OpenSSL patches infinite-loop DoS bug in certificate verification
By
Paul Ducklin
β March 18
th
2022 at 17:59
When it comes to writing loops in your code... never sit on the fence!
Naked Security
S3 Ep74: Cybercrime busts, Apple patches, Pi Day, and disconnect effects [Podcast]
By
Paul Ducklin
β March 17
th
2022 at 13:32
Latest episode - listen now!
Naked Security
CISA warning: βRussian actors bypassed 2FAβ β what happened and how to avoid it
By
Paul Ducklin
β March 16
th
2022 at 01:22
Don't leave old accounts lying around where someone sketchy could reactivate them.
Naked Security
Apple patches 87 security holes β from iPhones and Macs to Windows
By
Paul Ducklin
β March 15
th
2022 at 16:36
Lots of fixes, with data leakage flaws and code execution bugs patched on iPhones, Macs and even Windows.
apple-1200
Naked Security
S3 Ep73: Ransomware with a difference, dirty Linux pipes, and much more [Podcast + Transcript]
By
Paul Ducklin
β March 10
th
2022 at 19:37
Latest episode - listen now!
Naked Security
βDirty Pipeβ Linux kernel bug lets anyone write to any file
By
Paul Ducklin
β March 8
th
2022 at 19:37
Even read-only files can be written to, leading to a dangerously general purpose elevation-of-privilege attack.
pipe-1200
Naked Security
Adafruit suffers GitHub data breach β donβt let this happen to you
By
Paul Ducklin
β March 7
th
2022 at 12:47
Training data stashed in GitHub by mistake... unfortunately, it was *real* data
Naked Security
Firefox patches two actively exploited 0-day holes: update now!
By
Paul Ducklin
β March 5
th
2022 at 19:06
Firefox just published a double-zero-day patch - "remote code execution" combined with "sandbox escape". Update now!
Naked Security
S3 Ep72: AirTag stalking, web server coding woes and Instascams [Podcast + Transcript]
By
Paul Ducklin
β March 3
rd
2022 at 14:04
Latest episode - listen now (or read it, if that's your preference)...
Naked Security
Ransomware with a difference: βDerestrict your software, or else!β
By
Paul Ducklin
β March 2
nd
2022 at 16:33
"Change your code to improve cryptomining"... or we'll dump 1TB of stolen secrets.
Naked Security
S3 Ep71: VMware escapes, PHP holes, WP plugin woes, and scary scams [Podcast + Transcript]
By
Paul Ducklin
β February 24
th
2022 at 16:51
Latest episode - listen now!
Naked Security
WordPress backup plugin maker Updraft says βYou should updateββ¦
By
Paul Ducklin
β February 22
nd
2022 at 17:26
A straight-talking bug report written in plain English by an actual expert - there's a teachable moment in this cybersecurity story!
Naked Security
French speakers blasted by sextortion scams with no text or links
By
Paul Ducklin
β February 21
st
2022 at 17:59
You'd spot this one a mile away... but what about your friends or family?
Naked Security
Irony alert! PHP fixes security flaw in input validation code
By
Paul Ducklin
β February 18
th
2022 at 17:59
What's wrong with this sequence? 1. Step into the road 2. Check if it's safe 3. Keep on walki...
Naked Security
S3 Ep70: Bitcoin, billing blunders, and 0-day after 0-day after 0-day [Podcast + Transcript]
By
Paul Ducklin
β February 17
th
2022 at 17:12
Latest episode - listen and learn!
Naked Security
VMware fixes holes that could allow virtual machine escapes
By
Paul Ducklin
β February 16
th
2022 at 19:32
Hats off to VMware for not using weasel words: "When should you act?" Immediately...
Naked Security
Google announces zero-day in Chrome browser β update now!
By
Paul Ducklin
β February 15
th
2022 at 19:17
Zero-day buses: none for a while, then three at once. Here's Google joining Apple and Adobe in "zero-day week"
Naked Security
Adobe fixes zero-day exploit in e-commerce code: update now!
By
Paul Ducklin
β February 14
th
2022 at 22:38
There's a remote code execution hole in Adobe e-commerce products - and cybercrooks are already exploiting it.
Naked Security
Power company pays out $3 trillion compensation to astonished customer
By
Paul Ducklin
β February 14
th
2022 at 14:58
More money than the UK's economy produces in a year!
Naked Security
Apple zero-day drama for Macs, iPhones and iPads β patch now!
By
Paul Ducklin
β February 11
th
2022 at 14:25
Sudden update! Zero-day browser hole! Drive-by malware danger! Patch Apple laptops and phones now...
apple-1200
Naked Security
S3 Ep69: WordPress woes, Wormhole holes, and a Microsoft change of heart [Podcast + Transcript]
By
Paul Ducklin
β February 10
th
2022 at 01:15
Latest episode - listen now!
Naked Security
Self-styled βCrocodile of Wall Streetβ arrested with husband over Bitcoin megaheist
By
Naked Security writer
β February 9
th
2022 at 14:44
The cops say they've recovered 80% of a $72 million cryptocoin heist... but the recovered funds alone are now worth over $4 billion!
Naked Security
At last! Office macros from the internet to be blocked by default
By
Paul Ducklin
β February 8
th
2022 at 16:34
It's been a long time coming, and we're not there yet, but at least Microsoft Office will be a bit safer against macro malware...
Naked Security
Microsoft blocks web installation of its own App Installer files
By
Paul Ducklin
β February 7
th
2022 at 16:36
It's a big deal when a vendor decides to block one of its own "features" for security reasons. Here's why we think it's a good idea.
Naked Security
S3 Ep68: Bugs, scams, privacy β¦and fonts?! [Podcast + Transcript]
By
Paul Ducklin
β February 3
rd
2022 at 16:20
Latest episode - listen now!
Naked Security
Elementor WordPress plugin has a gaping security hole β update now
By
Paul Ducklin
β February 2
nd
2022 at 17:11
We shouldn't need to say, "Check your inputs!" these days, but we're saying it anyway.
Naked Security
Linux kernel patches βperformance can be harmfulβ bug in video driver
By
Paul Ducklin
β February 1
st
2022 at 19:59
This bug is fiendishly hard to exploit - but if you patch, it won't be there to exploit at all.
Naked Security
Coronavirus SMS scam offers home PCR testing devices β donβt fall for it!
By
Paul Ducklin
β January 28
th
2022 at 23:58
Free home PCR devices would be technological marvels, and really useful, too. But there aren't any...
Naked Security
Happy Data Privacy Day β and we really do mean βhappyβ :-)
By
Paul Ducklin
β January 28
th
2022 at 15:34
We give you some simple digital lifesytle tips that cost nothing.
Naked Security
Apple fixes Safari data leak (and patches a zero-day!) β update now
By
Paul Ducklin
β January 27
th
2022 at 21:09
That infamous "supercookie" bug in Safari has now been fixed. Oh, and there was a zero-day kernel hole as well.
apple-1200
Naked Security
S3 Ep67: Tax scams, carder busts and crypto capers [Podcast + Transcript]
By
Paul Ducklin
β January 27
th
2022 at 19:57
Latest episode - listen now!
Naked Security
βPwnKitβ security bug gets you root on most Linux distros β what to do
By
Paul Ducklin
β January 26
th
2022 at 19:58
An elevation of privilege bug that could let a "mostly harmless" user give themselves a instant root shell
Naked Security
Tax scam emails are alive and well as US tax season starts
By
Paul Ducklin
β January 25
th
2022 at 17:19
If in doubt, don't give it out! (And don't forget that no reply is often a good reply.)
Naked Security
Cryptocoin broker Crypto.com says 2FA bypass led to $35m theft
By
Paul Ducklin
β January 21
st
2022 at 16:25
The company has put out a brief security report that summarises the 'what', but not yet the 'how' or 'why'.
Naked Security
S3 Ep66: Cybercrime busts, wormable Windows, and the crisis of featuritis [Podcast + Transcript]
By
Paul Ducklin
β January 20
th
2022 at 17:28
Latest epsiode - listen now!
Naked Security
Serious Security: Apple Safari leaks private data via database API β what you need to know
By
Paul Ducklin
β January 18
th
2022 at 19:23
There's a tiny data leakage bug in the WebKit browser engine... but it could act as a "supercookie" identifier for your browsing
Naked Security
S3 Ep65: Supply chain conniption, NetUSB hole, Honda flashback, FTC muscle [Podcast + Transcript]
By
Paul Ducklin
β January 13
th
2022 at 15:26
Latest episode -listen to it or read it now!
Naked Security
Wormable Windows HTTP hole β what you need to know
By
Paul Ducklin
β January 12
th
2022 at 16:24
One bug in the January 2022 Patch Tuesday list is getting lots of attention: "HTTP Protocol Stack Remote Code Execution Vulnerability".
Naked Security
Home routers with NetUSB support could have critical kernel hole
By
Paul Ducklin
β January 11
th
2022 at 17:42
Got a router that supports USB access across the network? You might need a kernel update...
Naked Security
Log4Shell-like security hole found in popular Java SQL database engine H2
By
Paul Ducklin
β January 7
th
2022 at 19:32
"It's Log4Shell, Jim, but not as we know it." How to find and fix a JNDI-based vuln in the H2 Database Engine.
Naked Security
S3 Ep64: Log4Shell again, scammers keeping busy, and Apple Home bug [Podcast + Transcript]
By
Paul Ducklin
β January 6
th
2022 at 19:44
We're back for 2022 - listen now!
Naked Security
FTC threatens βlegal actionβ over unpatched Log4j and other vulns
By
Paul Ducklin
β January 5
th
2022 at 19:37
Remember the Equifax breach? Remember the $700m penalty? In case you'd forgotten, here's the FTC to refresh your memory!
Naked Security
Apple Home software bug could lock you out of your iPhone
By
Paul Ducklin
β January 4
th
2022 at 17:23
The finder of this bug insists it "poses a serious risk". We're not so sure, but we recommend you take steps to avoid it anyway.
Naked Security
Log4Shell vulnerability Number Four: βMuch ado about somethingβ
By
Paul Ducklin
β December 29
th
2021 at 19:12
It's a Log4j bug, and you ought to patch it. But we don't think it's a critical crisis like the last one.
Naked Security
SFW! The Top N CyberΒsecurity Stories of 2021 (for small positive integer values of N)
By
Paul Ducklin
β December 24
th
2021 at 17:44
Happy Holidays! Our Top N stories, all totally SFW!
Naked Security
The cool retro phone with a REAL DIAL⦠plus plenty of IoT problems
By
Paul Ducklin
β December 23
rd
2021 at 17:58
You know you want one, because this retro phone is NOT A TOY... except when it comes to cybersecurity.
Naked Security
Plundered bitcoins recovered by FBI β all 3,879-and-one-sixth of them!
By
Paul Ducklin
β December 22
nd
2021 at 17:57
Phew! An audacious crime... that didn't work out.
Naked Security
Apacheβs other product: Critical bugs in βhttpdβ web server, patch now!
By
Paul Ducklin
β December 21
st
2021 at 19:57
The Apache web server just got an update - this one is nothing to do with Log4j!
Naked Security
Serious Security: OpenSSL fixes βerror conflationβ bugs β how mixing up mistakes can lead to trouble
By
Paul Ducklin
β December 17
th
2021 at 17:57
Have you ever seen the message "An error occurred"? Even worse, the message "This error cannot occur"? Facts matter!
Naked Security
S3 Ep63: Log4Shell (what else?) and Apple kernel bugs [Podcast+Transcript]
By
Paul Ducklin
β December 16
th
2021 at 17:41
Latest episode - listen now! (Yes, there are plenty of critical things to go along with Log4Shell.)
Naked Security
Apple security updates are out β and not a Log4Shell mention in sight
By
Paul Ducklin
β December 14
th
2021 at 12:55
Get 'em while they're hot!
Naked Security
Log4Shell explained β how it works, why you need to know, and how to fix it
By
Paul Ducklin
β December 13
th
2021 at 19:41
Find out how to deal with the Log4Shell vulnerability right across your estate. Yes, you need to patch, but that helps everyone else along with you!
Naked Security
βLog4Shellβ Java vulnerability β how to safeguard your servers
By
Paul Ducklin
β December 10
th
2021 at 19:22
Just when you thought it was safe to relax for the weekend... a critical bug showed up in Apache's Log4j product
Naked Security
S3 Ep62: The S in IoT stands for security (and much more) [Podcast+Transcript]
By
Paul Ducklin
β December 9
th
2021 at 17:40
Listen now or read as an article! (Full transcript inside.)
Naked Security
Firefox update brings a whole new sort of security sandbox
By
Paul Ducklin
β December 7
th
2021 at 19:14
Firefox 95.0 is out, with the usual security fixes... plus some funky new ones.
Naked Security
Cryptocurrency startup fails to subtract before adding, loses $31m
By
Paul Ducklin
β December 6
th
2021 at 19:50
Think of a number, any number. Take away 42. Add 42 back in. Then pretend you didn't take away 42. How much is left?
Naked Security
Mozilla patches critical βBigSigβ cryptographic bug: Hereβs how to track it down and fix it
By
Paul Ducklin
β December 3
rd
2021 at 17:58
Mozilla's cryptographic code had a critical bug. Problem is that numerous apps are affected and may need patching individually.
Naked Security
S3 Ep61: Call scammers, cloud insecurity, and facial recognition creepiness [Podcast+Transcript]
By
Paul Ducklin
β December 2
nd
2021 at 20:50
Latest episode - listen now!
Naked Security
IoT devices must βprotect consumers from cyberharmβ, says UK government
By
Paul Ducklin
β December 2
nd
2021 at 19:10
"Must be at least THIS tall to go on ride" seems to be the starting point. Too little, too late? Or better than nothing?
Naked Security
Clearview AI face-matching service set to be fined over $20m
By
Paul Ducklin
β November 30
th
2021 at 19:13
Scraping data for a facial recognition service? "That's unlawful", concluded both the British and the Australians.
Load more articles