Microsoft Patch Tuesday: One 0-day; Win 7 and 8.1 get last-ever patches

By Paul Ducklin — January 11^th 2023 at 00:22

Get 'em while they're hot. And get 'em for the very last time, if you still have Windows 7 or 8.1...

Naked Security

S3 Ep113: Pwning the Windows kernel – the crooks who hoodwinked Microsoft [Audio + Text]

By Paul Ducklin — December 15^th 2022 at 17:10

Return o' the rookit, super-sneaky wireless spyware, credit card skimming, and patches galore. Listen and learn!

Naked Security

Patch Tuesday: 0-days, RCE bugs, and a curious tale of signed malware

By Paul Ducklin — December 14^th 2022 at 01:13

Tales of derring-do in the cyberunderground! (And some zero-days.)

Naked Security

Number Nine! Chrome fixes another 2022 zero-day, Edge patched too

By Paul Ducklin — December 5^th 2022 at 20:58

Ninth more unto the breach, dear friends, ninth more.

Naked Security

Chrome fixes 8th zero-day of 2022 – check your version now (Edge too!)

By Paul Ducklin — November 28^th 2022 at 19:42

There isn't a rhyme to remind you which months have browser zero-days... you just have to keep your eyes and ears open!

Naked Security

How to hack an unpatched Exchange server with rogue PowerShell code

By Paul Ducklin — November 22^nd 2022 at 19:54

Review your servers, your patches and your authentication policies - there's a proof-of-concept out

Naked Security

Black Friday and retail season – watch out for PayPal “money request” scams

By Paul Ducklin — November 17^th 2022 at 12:45

Don't let a keen eye for bargains lead you into risky online behaviour...

Naked Security

S3 Ep108: You hid THREE BILLION dollars in a popcorn tin?

By Paul Ducklin — November 10^th 2022 at 17:26

Patches, busts, leaks and why even low-likelihood exploits can be high-severity risks - listen now!

Naked Security

Exchange 0-days fixed (at last) – plus 4 brand new Patch Tuesday 0-days!

By Paul Ducklin — November 9^th 2022 at 19:58

In all the excitement, we kind of lost track ourselves. Were there six 0-days, or only four?

Naked Security

Chrome issues urgent zero-day fix – update now!

By Paul Ducklin — October 29^th 2022 at 15:08

We've said it before/And we'll say it again/It's not *if* you should patch/It's a matter of *when*. (Hint: now!)

Naked Security

Updates to Apple’s zero-day update story – iPhone and iPad users read this!

By Paul Ducklin — October 28^th 2022 at 18:04

Turns out that Tuesday's zero-day for iOS 16 is Friday's zero-day for iOS 15...

Naked Security

Apple megaupdate: Ventura out, iOS and iPad kernel zero-day – act now!

By Paul Ducklin — October 25^th 2022 at 18:03

Ventura hits the market with 112 patches, Catalina's gone missing, and iPhones and iPads get a critical kernel-level zero-day patch...

Naked Security

S3 Ep105: WONTFIX! The MS Office cryptofail that “isn’t a security flaw” [Audio + Text]

By Paul Ducklin — October 20^th 2022 at 18:54

The coolest video game ever! And lots of solid cybersecurity advice - listen now!

pic-1200

Naked Security

Patch Tuesday in brief – one 0-day fixed, but no patches for Exchange!

By Paul Ducklin — October 12^th 2022 at 16:58

There's a zero-day patch, but it's not for the zero-day you thought.

Naked Security

Move over Patch Tuesday – it’s Ada Lovelace Day!

By Paul Ducklin — October 11^th 2022 at 15:22

Hacking on actual computers is one thing, but hacking purposefully on imaginary computers is, these days, something we can only imagine.

Naked Security

S3 Ep102.5: “ProxyNotShell” Exchange bugs – an expert speaks [Audio + Text]

By Paul Ducklin — October 1^st 2022 at 14:05

Who's affected, what you can do while waiting for Microsoft's patches, and how to plan your threat hunting...

Naked Security

URGENT! Microsoft Exchange double zero-day – “like ProxyShell, only different”

By Paul Ducklin — September 30^th 2022 at 18:25

Double-play 0-day in Exchange - what you need to know, and what you can do

Naked Security

S3 Ep100: Browser-in-the-Browser – how to spot an attack [Audio + Text]

By Paul Ducklin — September 15^th 2022 at 18:50

Latest episode - listen now! Cosmic rockets, zero-days, spotting cybercrooks, and unlocking the DEADBOLT...

s3-ep100-js-1200

Naked Security

Chrome and Edge fix zero-day security hole – update now!

By Paul Ducklin — September 5^th 2022 at 15:12

This time, the crooks got there first - only 1 security hole patched, but it's a zero-day.

Naked Security

URGENT! Apple slips out zero-day update for older iPhones and iPads

By Paul Ducklin — August 31^st 2022 at 18:42

Patch as soon as you can - that recent WebKit zero-day affecting new iPhones and iPads is apparently being used against older models, too.

Naked Security

S3 Ep97: Did your iPhone get pwned? How would you know? [Audio + Text]

By Paul Ducklin — August 25^th 2022 at 15:37

Latest episode - listen now! (Or read the transcript if you prefer the text version.)

Naked Security

How to celebrate SysAdmin Day!

By Paul Ducklin — July 29^th 2022 at 15:37

I've just popped in to wish you all/The best SysAdmin Day!

Naked Security

S3 Ep93: Office security, breach costs, and leisurely patches [Audio + Text]

By Paul Ducklin — July 28^th 2022 at 15:47

Latest episode - listen now!

Naked Security

7 cybersecurity tips for your summer vacation!

By Paul Ducklin — July 15^th 2022 at 18:23

Here you go - seven thoughtful cybersecurity tips to help you travel safely...

Naked Security

Google patches “in-the-wild” Chrome zero-day – update now!

By Paul Ducklin — July 5^th 2022 at 15:55

Running Chrome? Do the "Help-About-Update" dance move right now, just to be sure...

Naked Security

Follina gets fixed – but it’s not listed in the Patch Tuesday patches!

By Paul Ducklin — June 15^th 2022 at 01:20

We tried it out to make sure, so you don't have to.

Naked Security

S3 Ep86: The crooks were in our network for HOW long?! [Podcast + Transcript]

By Paul Ducklin — June 9^th 2022 at 13:07

Latest episode - listen (or read) now!

Naked Security

Atlassian announces 0-day hole in Confluence Server – update now!

By Paul Ducklin — June 3^rd 2022 at 18:59

Zero-day announced - here's what you need to know

Naked Security

Mysterious “Follina” zero-day hole in Office – here’s what to do!

By Paul Ducklin — May 30^th 2022 at 23:01

News has emerged of a "feature" in Office that has been abused as a zero-day bug to run evil code. Turning off macros doesn't help!

Naked Security

Apple patches zero-day kernel hole and much more – update now!

By Paul Ducklin — May 17^th 2022 at 09:30

You'll find fixes for numerous kernel-level code execution holes, including an 0-day vulnerability in many (though not all) versions.

Naked Security

World Password Day – the 1960s just called and gave you your passwords back

By Paul Ducklin — May 5^th 2022 at 01:06

Yes, passwords are going away. No, it won't happen tomorrow. So it's still worth knowing the basics of picking proper passwords.

Naked Security

Apple pushes out two emergency 0-day updates – get ’em now!

By Paul Ducklin — March 31^st 2022 at 23:38

More Apple zero-days - mobile devices, laptops and desktops affected. Update now!

apple-1200

Naked Security

World Backup Day: 5 data recovery tips for everyone!

By Paul Ducklin — March 30^th 2022 at 15:10

The only backup you will ever regret is the one you didn't make

Naked Security

Google Chrome patches mysterious new zero-day bug – update now

By Paul Ducklin — March 28^th 2022 at 14:18

CVE-2022-1096 - another mystery in-the-wild 0-day in Chrome... check your version now!

Naked Security

S3 Ep74: Cybercrime busts, Apple patches, Pi Day, and disconnect effects [Podcast]

By Paul Ducklin — March 17^th 2022 at 13:32

Latest episode - listen now!

Naked Security

Firefox patches two actively exploited 0-day holes: update now!

By Paul Ducklin — March 5^th 2022 at 19:06

Firefox just published a double-zero-day patch - "remote code execution" combined with "sandbox escape". Update now!

Naked Security

Google announces zero-day in Chrome browser – update now!

By Paul Ducklin — February 15^th 2022 at 19:17

Zero-day buses: none for a while, then three at once. Here's Google joining Apple and Adobe in "zero-day week"

Naked Security

Adobe fixes zero-day exploit in e-commerce code: update now!

By Paul Ducklin — February 14^th 2022 at 22:38

There's a remote code execution hole in Adobe e-commerce products - and cybercrooks are already exploiting it.

Naked Security

S3 Ep68: Bugs, scams, privacy …and fonts?! [Podcast + Transcript]

By Paul Ducklin — February 3^rd 2022 at 16:20

Latest episode - listen now!

Naked Security

Happy Data Privacy Day – and we really do mean “happy” :-)

By Paul Ducklin — January 28^th 2022 at 15:34

We give you some simple digital lifesytle tips that cost nothing.

Naked Security

Wormable Windows HTTP hole – what you need to know

By Paul Ducklin — January 12^th 2022 at 16:24

One bug in the January 2022 Patch Tuesday list is getting lots of attention: "HTTP Protocol Stack Remote Code Execution Vulnerability".

Naked Security

SFW! The Top N Cybersecurity Stories of 2021 (for small positive integer values of N)

By Paul Ducklin — December 24^th 2021 at 17:44

Happy Holidays! Our Top N stories, all totally SFW!

Naked Security

Check your patches – public exploit now out for critical Exchange bug

By Paul Ducklin — November 23^rd 2021 at 14:36

It was a zero-day bug until Patch Tuesday, now there's an anyone-can-use-it exploit. Don't be the one who hasn't patched.

Naked Security

Black Friday and Cyber Monday – here’s what you REALLY need to do!

By Paul Ducklin — November 22^nd 2021 at 19:52

The world fills up with cybersecurity tips every year when Black Friday comes round. But what about the rest of the year?

Naked Security

Patch Tuesday updates the Win 7 updater… for at most 1 more year of updates

By Paul Ducklin — November 10^th 2021 at 19:45

The clock stopped long ago on Windows 7, except for those who paid for overtime. But there won't be any double overtime!

Naked Security

Apple ships Monterey with security updates, fixes 0-day in Watch and TV products, updates iDevices

By Paul Ducklin — October 27^th 2021 at 22:16

A slew of security bulletins from Apple HQ, including 37 bugs listed as fixed in the initial public release of macOS Monterey.

Naked Security

S3 Ep54: Another 0-day, double Apache patch, and Fight The Phish [Podcast]

By Paul Ducklin — October 14^th 2021 at 18:33

Latest episode - listen now!