Login
FreshRSS
Login
Naked Security
Apache βCommons Configurationβ patches Log4Shell-style bug β what you need to know
By
Paul Ducklin
β July 8
th
2022 at 00:59
It's a bit like Log4J, but for configuration files, not for logging.
Naked Security
S3 Ep90: Chrome 0-day again, True Cybercrime, and a 2FA bypass [Podcast + Transcript]
By
Paul Ducklin
β July 7
th
2022 at 18:46
Listen now! Or read if you prefer...
Naked Security
OpenSSL fixes two βone-linerβ crypto bugs β what you need to know
By
Paul Ducklin
β July 6
th
2022 at 16:52
"As bad as Heartbleed"? We heard that concern a week ago, but we think it's less ungood than that...
Naked Security
Google patches βin-the-wildβ Chrome zero-day β update now!
By
Paul Ducklin
β July 5
th
2022 at 15:55
Running Chrome? Do the "Help-About-Update" dance move right now, just to be sure...
Naked Security
Canadian cybercriminal pleads guilty to βNetWalkerβ attacks in US
By
Paul Ducklin
β July 4
th
2022 at 14:09
Bust in Canada, now bust in the USA as well.
Naked Security
Facebook 2FA phish arrives just 28 minutes after scam domain created
By
Paul Ducklin
β July 1
st
2022 at 20:01
The crooks hit us up with this phishing email less than half an hour after they activated their new scam domain.
Naked Security
βMissing Cryptoqueenβ hits the FBIβs Ten Most Wanted list
By
Paul Ducklin
β July 1
st
2022 at 16:49
The "Missing Cryptoqueen" makes the American Top Ten... but not in a good way.
Naked Security
S3 Ep89: Sextortion, blockchain blunder, and an OpenSSL bugfix [Podcast + Transcript]
By
Paul Ducklin
β June 30
th
2022 at 12:57
Latest episode - listen and read now! Use our advice to advise your own friends and family... let's all do our bit to stand up to scammers!
Naked Security
Firefox 102 fixes address bar spoofing security hole (and helps with Follina!)
By
Paul Ducklin
β June 29
th
2022 at 16:11
Firefox squashes a bug that helped phishers, and brings its own helping hand to Microsoft's "Follina" saga.
Naked Security
Harmony blockchain loses nearly $100M due to hacked private keys
By
Paul Ducklin
β June 27
th
2022 at 18:14
The crooks needed at least two private keys, each stored in two parts... but they got them anyway.
Naked Security
FTC warns of LGBTQ+ extortion scams β be aware before you share!
By
Paul Ducklin
β June 27
th
2022 at 14:58
It's a simple jingle and it's solid advice: "If in doubt, don't give it out!"
Naked Security
OpenSSL issues a bugfix for the previous bugfix
By
Paul Ducklin
β June 24
th
2022 at 15:32
Fortunately, it's not a major bugfix, which means it's easy to patch and can teach us all some useful lessons.
Naked Security
S3 Ep88: Phone scammers, hacking bust, and data breach fines [Podcast + Transcript]
By
Paul Ducklin
β June 23
rd
2022 at 11:08
Latest epsiode - listen (or read) now!
Naked Security
Capital One identity theft hacker finally gets convicted
By
Paul Ducklin
β June 21
st
2022 at 15:24
It took three years, but the Capital One cracker was convicted in the end. Don't get caught out in a data breach of your own!
Naked Security
Interpol busts 2000 suspects in phone scamming takedown
By
Paul Ducklin
β June 20
th
2022 at 18:10
Friends don't let friends get scammed. Not everyone knows how typical scams unfold, so here are some real-world examples...
Naked Security
S3 Ep87: Follina, AirTags, ID theft and the Law of Big Numbers [Podcast]
By
Paul Ducklin
β June 16
th
2022 at 16:52
Lastest epsiode - listen now!
Naked Security
Follina gets fixed β but itβs not listed in the Patch Tuesday patches!
By
Paul Ducklin
β June 15
th
2022 at 01:20
We tried it out to make sure, so you don't have to.
Naked Security
Murder suspect admits she tracked cheating partner with hidden AirTag
By
Paul Ducklin
β June 14
th
2022 at 18:49
O! What a tangled web we weave, when first we practise to deceive.
Naked Security
Youβre invited! Join us for a live walkthrough of the βFollinaβ storyβ¦
By
Paul Ducklin
β June 13
th
2022 at 16:28
Live demo, plain English, no sales pitch, just a chance to watch an attack dissected in safety. Join us if you can!
Naked Security
S3 Ep86: The crooks were in our network for HOW long?! [Podcast + Transcript]
By
Paul Ducklin
β June 9
th
2022 at 13:07
Latest episode - listen (or read) now!
Naked Security
SSNDOB Market domains seized, identity theft βbrokerageβ shut down
By
Paul Ducklin
β June 8
th
2022 at 14:53
The online identity "brokerage" SSNDOB Market didn't want people to be in any doubt what it was selling.
Naked Security
Know your enemy! Learn how cybercrime adversaries get inβ¦
By
Paul Ducklin
β June 7
th
2022 at 15:49
Here's how 144 recent attacks actually went down in real life. Don't let this happen to you!
Naked Security
Atlassian announces 0-day hole in Confluence Server β update now!
By
Paul Ducklin
β June 3
rd
2022 at 18:59
Zero-day announced - here's what you need to know
Naked Security
Yet another zero-day (sort of) in Windows βsearch URLβ handling
By
Paul Ducklin
β June 2
nd
2022 at 19:39
More trouble with special-purpose URLs on Windows.
Naked Security
S3 Ep85: Now THATβS what I call a Microsoft Office exploit! [Podcast]
By
Paul Ducklin
β June 2
nd
2022 at 18:37
Latest episode - listen now!
Naked Security
Firefox 101 is out, this time with no 0-day scares (but update anyway!)
By
Paul Ducklin
β June 1
st
2022 at 14:31
After an intriguing month of Firefox releases, here's one with a bit less drama, probably to the collective relief of Mozilla's coders.
Naked Security
Mysterious βFollinaβ zero-day hole in Office β hereβs what to do!
By
Paul Ducklin
β May 30
th
2022 at 23:01
News has emerged of a "feature" in Office that has been abused as a zero-day bug to run evil code. Turning off macros doesn't help!
Naked Security
S3 Ep84: Government demand, Mozilla velocity, and Clearview fine [Podcast]
By
Paul Ducklin
β May 27
th
2022 at 11:17
Latest episode - listen now!
Naked Security
Whoβs watching your webcam? The Screencastify Chrome extension storyβ¦
By
Paul Ducklin
β May 26
th
2022 at 12:41
When you really need to make exceptions in cybersecurity, specify them as explicitly as you can.
Naked Security
Poisoned Python and PHP packages purloin passwords for AWS access
By
Paul Ducklin
β May 24
th
2022 at 23:04
More supply chain trouble - this time with clear examples so you can learn how to spot this stuff yourself.
Naked Security
Clearview AI face-matching service fined a lot less than expected
By
Paul Ducklin
β May 23
rd
2022 at 13:01
The fine has finally gone through... but it's less than 45% of what was originally proposed.
eleceye-1200
Naked Security
Mozilla patches Wednesdayβs Pwn2Own double-exploitβ¦ on Friday!
By
Paul Ducklin
β May 20
th
2022 at 23:47
That was quick! 48 hours from exploit report to published patch.
Naked Security
Microsoft patches the Patch Tuesday patch that broke authentication
By
Paul Ducklin
β May 20
th
2022 at 22:35
Remember the good old days when security patches rarely needed patches? Because security patches themlelves were rare enough anyway?
Naked Security
US Government says: Patch VMware right now, or get off our network
By
Paul Ducklin
β May 20
th
2022 at 14:03
Find and patch. Right now. If you can't patch, get it off the network. Right now! Oh, and show us what you did to comply.
Naked Security
S3 Ep83: Cracking passwords, patching Firefox, and Apple vulns [Podcast]
By
Paul Ducklin
β May 19
th
2022 at 13:56
Latest episode - listen now!
Naked Security
Pwn2Own hacking schedule released β Windows and Linux are top targets
By
Paul Ducklin
β May 18
th
2022 at 13:04
What's better? Disclose early, patch fast? Or dig deep, disclose in full, patch more slowly?
Naked Security
Apple patches zero-day kernel hole and much more β update now!
By
Paul Ducklin
β May 17
th
2022 at 09:30
You'll find fixes for numerous kernel-level code execution holes, including an 0-day vulnerability in many (though not all) versions.
Naked Security
Firefox out-of-band update to 100.0.1 β just in time for Pwn2Own?
By
Paul Ducklin
β May 15
th
2022 at 21:53
A new point-release of Firefox. Not unusual, but the timing of this one is interesting, with Pwn2Own coming up in a few days.
Naked Security
He sold cracked passwords for a living β now heβs serving 4 years in prison
By
Paul Ducklin
β May 13
th
2022 at 18:31
Crooks don't need a password for every user on your network to break in and wreak havoc. One could be enough...
Naked Security
S3 Ep82: Bugs, bugs, bugs (and Colonial Pipeline again) [Podcast]
By
Paul Ducklin
β May 12
th
2022 at 15:46
Latest episode - lots to learn - plain English - fun with a serious side - listen now!
Naked Security
Serious Security: Learning from curlβs latest bug update
By
Paul Ducklin
β May 12
th
2022 at 15:08
Learn how to write plain-speaking and purposeful security advisories from one of the most widely-used open source tools in the world.
Naked Security
Colonial Pipeline facing $1,000,000 fine for poor recovery plans
By
Paul Ducklin
β May 10
th
2022 at 16:59
How good is your cybersecurity? Are you making the same mistakes as lots of other people? Here's some real-life advice...
Naked Security
RubyGems supply chain rip-and-replace bug fixed β check your logs!
By
Paul Ducklin
β May 9
th
2022 at 15:41
Imagine if you could assume the identity of, say, Franklin Delano Roosevelt simply by showing up and calling yourself "Frank".
ruby-1200
Naked Security
You didnβt leave enough space between ROSE and AND, and AND and CROWN
By
Paul Ducklin
β May 6
th
2022 at 16:59
What weird Google Docs bug connects the words THEREFORE, AND, SECONDLY, WHY, BUT and BESIDES?
Naked Security
S3 Ep81: Passwords (still with us!), Github, Firefox at 100, and network worms [Podcast]
By
Paul Ducklin
β May 5
th
2022 at 14:16
Latest episode - listen now!
Naked Security
World Password Day β the 1960s just called and gave you your passwords back
By
Paul Ducklin
β May 5
th
2022 at 01:06
Yes, passwords are going away. No, it won't happen tomorrow. So it's still worth knowing the basics of picking proper passwords.
Naked Security
Android monthly updates are out β critical bugs found in critical places!
By
Paul Ducklin
β May 4
th
2022 at 15:54
Android May 2022 updates are out - with some critical fixes in some critical places. Learn more...
Naked Security
Firefox hits 100*, fixes bugs⦠but no new zero-days this month
By
Paul Ducklin
β May 3
rd
2022 at 16:42
Despite concerns that some websites might break when Chromium and then Firefox reached version 100, the web still seems to be intact.
Naked Security
GitHub issues final report on supply-chain source code intrusions
By
Paul Ducklin
β April 29
th
2022 at 16:15
Learn how to find out which apps you've given access rights to, and how to revoke those rights immediately in an emergency.
Naked Security
S3 Ep80: Ransomware news, phishing woes, NAS bugs, and a giant hole in Java [Podcast]
By
Paul Ducklin
β April 28
th
2022 at 13:18
Latest episode - listen now!
Naked Security
Ransomware Survey 2022 β like the Curateβs Egg, βgood in partsβ
By
Paul Ducklin
β April 27
th
2022 at 15:22
You might not like the headline statistics in this year's ransomware report... but that makes it even more important to take a look!
Naked Security
Phishing goes KISS: Donβt let plain and simple messages catch you out!
By
Paul Ducklin
β April 25
th
2022 at 16:58
Sometimes we receive phishing tricks that we grudgingly have to admit are better than average, just because they're uncomplicated.
Naked Security
QNAP warns of new bugs in its Network Attached Storage devices
By
Paul Ducklin
β April 22
nd
2022 at 15:15
Here's what you need to know - plus some sensible advice for all the devices on your home or small biz network!
nas-1200
Naked Security
S3 Ep79: Chrome hole, a bad place for a cybersecurity holiday, and crypto-dodginess [Podcast]
By
Paul Ducklin
β April 21
st
2022 at 13:41
Do you know your Adam Osborne from your John Osbourne? Your Z80 from your 6502? Latest episode - listen now!
Naked Security
Critical cryptographic Java security blunder patched β update now!
By
Paul Ducklin
β April 20
th
2022 at 16:43
Either know the private key and use it scrupulously in your digital signature calculation.... or just send a bunch of zeros instead.
Naked Security
Beanstalk cryptocurrency heist: scammer votes himself all the money
By
Paul Ducklin
β April 19
th
2022 at 16:00
Voting safeguards based on commuity collateral don't work if one person can use a momentary loan to "become" 75% of the community.
Naked Security
Yet another Chrome zero-day emergency update β patch now!
By
Paul Ducklin
β April 16
th
2022 at 00:33
The third emergency Chrome 0-day in three months - the first one was exploited by North Korea, so you might as well get this one ASAP.
Naked Security
S3 Ep78: Darkweb hydra, Ruby, quantum computing, and a robot revolution [Podcast]
By
Paul Ducklin
β April 14
th
2022 at 13:39
Latest episode - listen now!
Naked Security
US cryptocurrency coder gets 5 years for North Korea sanctions busting
By
Naked Security writer
β April 13
th
2022 at 15:52
Cryptocurrency expert didn't take "No" for an answer when the US authorities said he couldn't pursue cryptocoin opps in North Korea.
Naked Security
Hospital robot system gets five critical security holes patched
By
Paul Ducklin
β April 12
th
2022 at 18:58
Fortunately, we're not talking about a robot revolution, or about hospital AI run amuck. But these bugs could lead to ransomware, or worse...
Load more articles