Login
FreshRSS
Login
Naked Security
US cryptocurrency coder gets 5 years for North Korea sanctions busting
By
Naked Security writer
β April 13
th
2022 at 15:52
Cryptocurrency expert didn't take "No" for an answer when the US authorities said he couldn't pursue cryptocoin opps in North Korea.
Naked Security
Hospital robot system gets five critical security holes patched
By
Paul Ducklin
β April 12
th
2022 at 18:58
Fortunately, we're not talking about a robot revolution, or about hospital AI run amuck. But these bugs could lead to ransomware, or worse...
Naked Security
OpenSSH goes Post-Quantum, switches to qubit-busting crypto by default
By
Paul Ducklin
β April 11
th
2022 at 16:58
Useful quantum computers might not actually be possible. But what if they are? And what if they arrive, say, tomorrow?
cat-1200
Naked Security
Popular Ruby Asciidoc toolkit patched against critical vuln β get the update now!
By
Paul Ducklin
β April 8
th
2022 at 15:38
A rogue line-continuation character can trick the code into validating just the second half of the line, but executing all of it.
ruby-1200
Naked Security
S3 Ep77: Bugs, busts and old-school PDP-11 hacking [Podcast]
By
Paul Ducklin
β April 7
th
2022 at 12:24
Latest episode - listen now! Cybersecurity news and advice in plain English.
Naked Security
Serious Security: Darkweb drugs market Hydra taken offline by German police
By
Paul Ducklin
β April 6
th
2022 at 16:22
Why are Tor sites hard to locate and therefore difficult to take down? We explain in plain English...
Naked Security
Firefox 99 is out β no major bugs, but update anyway!
By
Paul Ducklin
β April 5
th
2022 at 16:21
Firefox's four-weekly updates just dropped - here's what you need to know.
Naked Security
Googleβs monthly Android updates patch numerous βget rootβ holes
By
Paul Ducklin
β April 5
th
2022 at 14:44
Get the update now... if it's available for your phone. Here's how to check.
android-1200
Naked Security
LAPSUS$ hacks continue despite two hacker suspects in court
By
Paul Ducklin
β April 4
th
2022 at 21:36
Do you know where in your company to report security anomalies? If you receive such reports, do you have an efficient way to process them?
Naked Security
Apple pushes out two emergency 0-day updates β get βem now!
By
Paul Ducklin
β March 31
st
2022 at 23:38
More Apple zero-days - mobile devices, laptops and desktops affected. Update now!
apple-1200
Naked Security
Two different βVMware Springβ bugs at large β we cut through the confusion
By
Paul Ducklin
β March 31
st
2022 at 16:59
Whoever came up with the name "Spring4Shell" didn't help at all... we cut through the Spring Bug confusion
Naked Security
S3 Ep76: Deadbolt, LAPSUS$, Zlib, and a Chrome 0-day [Podcast]
By
Paul Ducklin
β March 31
st
2022 at 13:38
Latest episode - listen now!
Naked Security
βVMware Spring Cloud Functionβ Java bug gives instant remote code execution β update now!
By
Paul Ducklin
β March 30
th
2022 at 20:38
Easy unauthenticated remote code execution - PoC code already out
Naked Security
World Backup Day: 5 data recovery tips for everyone!
By
Paul Ducklin
β March 30
th
2022 at 15:10
The only backup you will ever regret is the one you didn't make
Naked Security
Zlib data compressor fixes 17-year-old security bug β patch, errrm, now
By
Paul Ducklin
β March 29
th
2022 at 16:37
This code is venerable! Surely all the bugs must be out by now?
Naked Security
Google Chrome patches mysterious new zero-day bug β update now
By
Paul Ducklin
β March 28
th
2022 at 14:18
CVE-2022-1096 - another mystery in-the-wild 0-day in Chrome... check your version now!
Naked Security
UK police arrest 7 hacking suspects β have they bust the LAPSUS$ gang?
By
Naked Security writer
β March 25
th
2022 at 01:48
Seven alleged hackers have been arrested in the UK. But who are they, and which hacking crew are they from?
Naked Security
S3 Ep75: Okta hack, CryptoRom, OpenSSL, and CafePress [Podcast]
By
Paul Ducklin
β March 24
th
2022 at 13:49
Latest episode - listen now!
Naked Security
Serious Security: DEADBOLT β the ransomware that goes straight for your backups
By
Paul Ducklin
β March 23
rd
2022 at 19:58
Some tips on how to keep your network safe - even (or perhaps especially!) if you think you're safe already.
Naked Security
Web vendor CafePress fined $500,000 for giving cybersecurity a low value
By
Paul Ducklin
β March 21
st
2022 at 16:55
Just because you're the victim of a cybercrime doesn't let you off your cybersecurity obligations
Naked Security
OpenSSL patches infinite-loop DoS bug in certificate verification
By
Paul Ducklin
β March 18
th
2022 at 17:59
When it comes to writing loops in your code... never sit on the fence!
Naked Security
S3 Ep74: Cybercrime busts, Apple patches, Pi Day, and disconnect effects [Podcast]
By
Paul Ducklin
β March 17
th
2022 at 13:32
Latest episode - listen now!
Naked Security
Beware bogus Betas β cryptocoin scammers abuse Appleβs TestFlight system
By
Paul Ducklin
β March 16
th
2022 at 15:49
"Install this moneymaking app" - this one is so special that it isn't available on Google Play or the App Store!
Naked Security
CISA warning: βRussian actors bypassed 2FAβ β what happened and how to avoid it
By
Paul Ducklin
β March 16
th
2022 at 01:22
Don't leave old accounts lying around where someone sketchy could reactivate them.
Naked Security
Apple patches 87 security holes β from iPhones and Macs to Windows
By
Paul Ducklin
β March 15
th
2022 at 16:36
Lots of fixes, with data leakage flaws and code execution bugs patched on iPhones, Macs and even Windows.
apple-1200
Naked Security
Happy #PiDay β even if you arenβt in North America!
By
Paul Ducklin
β March 14
th
2022 at 23:59
There is a cybersecurity angle here - but you will need to read right to the end to find it :-)
Naked Security
Cryptocoin ATMs ruled illegal β βShut down at onceβ, says regulator
By
Paul Ducklin
β March 14
th
2022 at 17:51
If you live in the UK and hadn't yet heard of cryptocoin ATMs... it's too late now!
Naked Security
Alleged Kaseya ransomware attacker arrives in Texas for trial
By
Naked Security writer
β March 11
th
2022 at 14:59
The US Independence Day weekend of 2021 wasn't much of a holiday for cybersecurity staff. That was when the Kaseya attack unfolded...
Naked Security
S3 Ep73: Ransomware with a difference, dirty Linux pipes, and much more [Podcast + Transcript]
By
Paul Ducklin
β March 10
th
2022 at 19:37
Latest episode - listen now!
Naked Security
βDirty Pipeβ Linux kernel bug lets anyone write to any file
By
Paul Ducklin
β March 8
th
2022 at 19:37
Even read-only files can be written to, leading to a dangerously general purpose elevation-of-privilege attack.
pipe-1200
Naked Security
Adafruit suffers GitHub data breach β donβt let this happen to you
By
Paul Ducklin
β March 7
th
2022 at 12:47
Training data stashed in GitHub by mistake... unfortunately, it was *real* data
Naked Security
Firefox patches two actively exploited 0-day holes: update now!
By
Paul Ducklin
β March 5
th
2022 at 19:06
Firefox just published a double-zero-day patch - "remote code execution" combined with "sandbox escape". Update now!
Naked Security
S3 Ep72: AirTag stalking, web server coding woes and Instascams [Podcast + Transcript]
By
Paul Ducklin
β March 3
rd
2022 at 14:04
Latest episode - listen now (or read it, if that's your preference)...
Naked Security
Ransomware with a difference: βDerestrict your software, or else!β
By
Paul Ducklin
β March 2
nd
2022 at 16:33
"Change your code to improve cryptomining"... or we'll dump 1TB of stolen secrets.
Naked Security
Instagram scammers as busy as ever: passwords and 2FA codes at risk
By
Paul Ducklin
β February 28
th
2022 at 17:56
Instagram scams don't seem to be dying out - we're seeing more variety and trickiness than ever...
Naked Security
Did we learn nothing from Y2K? Why are some coders still stuck on two digit numbers?
By
Paul Ducklin
β February 25
th
2022 at 17:59
Calling all website coders: Y2K was then. V1H is now!
Naked Security
S3 Ep71: VMware escapes, PHP holes, WP plugin woes, and scary scams [Podcast + Transcript]
By
Paul Ducklin
β February 24
th
2022 at 16:51
Latest episode - listen now!
Naked Security
Apple AirTag anti-stalking protection bypassed by researchers
By
Paul Ducklin
β February 23
rd
2022 at 17:59
Problems with Apple's Tracker Detect system, which warns you of likely stalking attempts using hidden AirTags.
Naked Security
WordPress backup plugin maker Updraft says βYou should updateββ¦
By
Paul Ducklin
β February 22
nd
2022 at 17:26
A straight-talking bug report written in plain English by an actual expert - there's a teachable moment in this cybersecurity story!
Naked Security
French speakers blasted by sextortion scams with no text or links
By
Paul Ducklin
β February 21
st
2022 at 17:59
You'd spot this one a mile away... but what about your friends or family?
Naked Security
Irony alert! PHP fixes security flaw in input validation code
By
Paul Ducklin
β February 18
th
2022 at 17:59
What's wrong with this sequence? 1. Step into the road 2. Check if it's safe 3. Keep on walki...
Naked Security
S3 Ep70: Bitcoin, billing blunders, and 0-day after 0-day after 0-day [Podcast + Transcript]
By
Paul Ducklin
β February 17
th
2022 at 17:12
Latest episode - listen and learn!
Naked Security
VMware fixes holes that could allow virtual machine escapes
By
Paul Ducklin
β February 16
th
2022 at 19:32
Hats off to VMware for not using weasel words: "When should you act?" Immediately...
Naked Security
Google announces zero-day in Chrome browser β update now!
By
Paul Ducklin
β February 15
th
2022 at 19:17
Zero-day buses: none for a while, then three at once. Here's Google joining Apple and Adobe in "zero-day week"
Naked Security
Adobe fixes zero-day exploit in e-commerce code: update now!
By
Paul Ducklin
β February 14
th
2022 at 22:38
There's a remote code execution hole in Adobe e-commerce products - and cybercrooks are already exploiting it.
Naked Security
Power company pays out $3 trillion compensation to astonished customer
By
Paul Ducklin
β February 14
th
2022 at 14:58
More money than the UK's economy produces in a year!
Naked Security
Apple zero-day drama for Macs, iPhones and iPads β patch now!
By
Paul Ducklin
β February 11
th
2022 at 14:25
Sudden update! Zero-day browser hole! Drive-by malware danger! Patch Apple laptops and phones now...
apple-1200
Naked Security
S3 Ep69: WordPress woes, Wormhole holes, and a Microsoft change of heart [Podcast + Transcript]
By
Paul Ducklin
β February 10
th
2022 at 01:15
Latest episode - listen now!
Naked Security
Self-styled βCrocodile of Wall Streetβ arrested with husband over Bitcoin megaheist
By
Naked Security writer
β February 9
th
2022 at 14:44
The cops say they've recovered 80% of a $72 million cryptocoin heist... but the recovered funds alone are now worth over $4 billion!
Naked Security
At last! Office macros from the internet to be blocked by default
By
Paul Ducklin
β February 8
th
2022 at 16:34
It's been a long time coming, and we're not there yet, but at least Microsoft Office will be a bit safer against macro malware...
Naked Security
Microsoft blocks web installation of its own App Installer files
By
Paul Ducklin
β February 7
th
2022 at 16:36
It's a big deal when a vendor decides to block one of its own "features" for security reasons. Here's why we think it's a good idea.
Naked Security
Wormhole cryptotrading company turns over $340,000,000 to criminals
By
Paul Ducklin
β February 4
th
2022 at 17:38
It was the best of blockchains, it was the worst of blockchains... as Charles Dickens might have said.
Naked Security
S3 Ep68: Bugs, scams, privacy β¦and fonts?! [Podcast + Transcript]
By
Paul Ducklin
β February 3
rd
2022 at 16:20
Latest episode - listen now!
Naked Security
Elementor WordPress plugin has a gaping security hole β update now
By
Paul Ducklin
β February 2
nd
2022 at 17:11
We shouldn't need to say, "Check your inputs!" these days, but we're saying it anyway.
Naked Security
Linux kernel patches βperformance can be harmfulβ bug in video driver
By
Paul Ducklin
β February 1
st
2022 at 19:59
This bug is fiendishly hard to exploit - but if you patch, it won't be there to exploit at all.
Naked Security
Website operator fined for using Google Fonts βthe cloudy wayβ
By
Paul Ducklin
β January 31
st
2022 at 17:58
Google Fonts are OK, it seems, but only if everyone keeps their own copy of the fonts they use.
Naked Security
Coronavirus SMS scam offers home PCR testing devices β donβt fall for it!
By
Paul Ducklin
β January 28
th
2022 at 23:58
Free home PCR devices would be technological marvels, and really useful, too. But there aren't any...
Naked Security
Happy Data Privacy Day β and we really do mean βhappyβ :-)
By
Paul Ducklin
β January 28
th
2022 at 15:34
We give you some simple digital lifesytle tips that cost nothing.
Naked Security
Apple fixes Safari data leak (and patches a zero-day!) β update now
By
Paul Ducklin
β January 27
th
2022 at 21:09
That infamous "supercookie" bug in Safari has now been fixed. Oh, and there was a zero-day kernel hole as well.
apple-1200
Naked Security
S3 Ep67: Tax scams, carder busts and crypto capers [Podcast + Transcript]
By
Paul Ducklin
β January 27
th
2022 at 19:57
Latest episode - listen now!
Load more articles