Login
FreshRSS
Login
Naked Security
Password-stealing βvulnerabilityβ reported in KeePass β bug or feature?
By
Paul Ducklin
β February 1
st
2023 at 19:58
Is it a vulnerability if someone with control over your account can mess with files that your account is allowed to access anyway?
Naked Security
GitHub code-signing certificates stolen (but will be revoked this week)
By
Paul Ducklin
β January 31
st
2023 at 11:35
There was a breach, so the bad news isn't great, but the good news isn't too bad...
Naked Security
Serious Security: The Samba logon bug caused by outdated crypto
By
Paul Ducklin
β January 30
th
2023 at 19:59
Enjoy our Serious Security deep dive into this real-world example of why cryptographic agility is important!
Naked Security
S3 Ep119: Breaches, patches, leaks and tweaks! [Audio + Text]
By
Paul Ducklin
β January 26
th
2023 at 19:57
Lastest episode - listen now! (Or read the transcript.)
Naked Security
Apple patches are out β old iPhones get an old zero-day fix at last!
By
Paul Ducklin
β January 24
th
2023 at 01:24
Don't delay, especially if you're still running an iOS 12 device... please do it today!
Naked Security
Serious Security: How dEliBeRaTe tYpOs might imProVe DNS security
By
Paul Ducklin
β January 23
rd
2023 at 19:59
It's a really cool and super-simple trick. The question is, "Will it help?"
Naked Security
S3 Ep118: Guess your password? No need if itβs stolen already! [Audio + Text]
By
Paul Ducklin
β January 19
th
2023 at 15:53
As always: entertaining, informative and educational... and not bogged down with jargon! Listen (or read) now...
Naked Security
S3 Ep117: The crypto crisis that wasnβt (and farewell forever to Win 7) [Audio + Text]
By
Paul Ducklin
β January 12
th
2023 at 17:59
Tell us in the comments... What's the REAL reason there was no Windows 9? (No theory too far-fetched!)
Naked Security
Microsoft Patch Tuesday: One 0-day; Win 7 and 8.1 get last-ever patches
By
Paul Ducklin
β January 11
th
2023 at 00:22
Get 'em while they're hot. And get 'em for the very last time, if you still have Windows 7 or 8.1...
Naked Security
Popular JWT cloud security library patches βremoteβ code execution hole
By
Paul Ducklin
β January 10
th
2023 at 19:59
It's remotely triggerable, but attackers would already have pretty deep network access if they could "prime" your server for compromise.
Naked Security
CircleCI β code-building service suffers total credential compromise
By
Paul Ducklin
β January 9
th
2023 at 14:52
They're saying "rotate secrets"... in plain English, they mean "change your credentials". The company has a tool to help you find them all.
Naked Security
S3 Ep116: Last straw for LastPass? Is crypto doomed? [Audio + Text]
By
Paul Ducklin
β January 5
th
2023 at 17:52
Lots of big issues this week: breaches, encryption, supply chains and patching problems. Listen now! (Full transcript inside.)
Naked Security
Serious Security: How to improve cryptography, resist supply chain attacks, and handle data breaches
By
Paul Ducklin
β January 4
th
2023 at 19:50
Lessons for us all: improve cryptography, fight cybercrime, own your supply chain... and don't steal my data and then pretend you're sorry.
Naked Security
PyTorch: Machine Learning toolkit pwned from Christmas to New Year
By
Paul Ducklin
β January 1
st
2023 at 21:36
The bad news: the crooks have your SSH private keys. The good news: only users of the "nightly" build were affected.
Naked Security
Naked Security 33Β 1/3 β Cybersecurity predictions for 2023 and beyond
By
Paul Ducklin
β December 30
th
2022 at 19:59
The problem with anniversaries is that there's an almost infinite number of them every day...
hny-1200
Naked Security
S3 Ep115: True crime stories β A day in the life of a cybercrime fighter [Audio + Text]
By
Paul Ducklin
β December 29
th
2022 at 09:20
Listen now - you'll be alarmed, amused and educated, all in equal measure. (Full transcript in article.)
Naked Security
Twitter data of β+400 million unique usersβ up for sale β what to do?
By
Paul Ducklin
β December 28
th
2022 at 19:59
If the crooks have connected up your phone number and your Twitter handle... what could go wrong?
Naked Security
S3 Ep114: Preventing cyberthreats β stop them before they stop you! [Audio + Text]
By
Paul Ducklin
β December 22
nd
2022 at 19:56
Join world-renowned expert Fraser Howard, Director of Research at SophosLabs, for this fascinating episode on how to fight cybercrime.
Naked Security
Microsoft dishes the dirt on Appleβs βAchilles heelβ shortly after fixing similar Windows bug
By
Paul Ducklin
β December 20
th
2022 at 17:59
It happens to the best of us: Microsoft highlights a security bypass bug on Macs that is curiously similar to a recent Windows 0-day.
Naked Security
S3 Ep113: Pwning the Windows kernel β the crooks who hoodwinked Microsoft [Audio + Text]
By
Paul Ducklin
β December 15
th
2022 at 17:10
Return o' the rookit, super-sneaky wireless spyware, credit card skimming, and patches galore. Listen and learn!
Naked Security
Apple patches everything, finally reveals mystery of iOS 16.1.2
By
Paul Ducklin
β December 14
th
2022 at 02:11
There's an update for everything this time, not just for iOS.
Naked Security
Patch Tuesday: 0-days, RCE bugs, and a curious tale of signed malware
By
Paul Ducklin
β December 14
th
2022 at 01:13
Tales of derring-do in the cyberunderground! (And some zero-days.)
Naked Security
COVID-bit: the wireless spyware trick with an unfortunate name
By
Paul Ducklin
β December 13
th
2022 at 19:58
It's not the switching that's the problem, it's the switching of the switching!
ind-1200
Naked Security
Pwn2Own Toronto: 54 hacks, 63 new bugs, $1 million in bounties
By
Paul Ducklin
β December 12
th
2022 at 19:58
That's a mean average of $15,710 per bug... and 63 fewer bugs out there for crooks and rogues to find.
Naked Security
S3 Ep112: Data breaches can haunt you more than once! [Audio + Text]
By
Paul Ducklin
β December 9
th
2022 at 16:46
Breaches, exploits, busts, buffer overflows and bug hunting - entertaining and educational in equal measure.
Naked Security
Credit card skimming β the long and winding road of supply chain failure
By
Paul Ducklin
β December 8
th
2022 at 19:58
Don't keep calling home to a JavaScript server that closed its doors eight years ago!
Naked Security
Number Nine! Chrome fixes another 2022 zero-day, Edge patched too
By
Paul Ducklin
β December 5
th
2022 at 20:58
Ninth more unto the breach, dear friends, ninth more.
Naked Security
Ping of death! FreeBSD fixes crashtastic bug in network tool
By
Paul Ducklin
β December 5
th
2022 at 19:59
It's a venerable program, and this version had a venerable bug in it.
Naked Security
Apple pushes out iOS security update thatβs more tight-lipped than ever
By
Paul Ducklin
β December 2
nd
2022 at 21:02
We grabbed the update, based on no information at all, just in case we came across a reason to advise you not to. So far, so good...
Naked Security
S3 Ep111: The business risk of a sleazy βnudity unfilterβ [Audio + Text]
By
Paul Ducklin
β December 1
st
2022 at 19:58
Latest episode - listen now (or read if you prefer)...
Naked Security
TikTok βInvisible Challengeβ porn malware puts us all at risk
By
Paul Ducklin
β November 29
th
2022 at 19:58
An injury to one is an injury to all. Especially if the other people are part of your social network.
Naked Security
Chrome fixes 8th zero-day of 2022 β check your version now (Edge too!)
By
Paul Ducklin
β November 28
th
2022 at 19:42
There isn't a rhyme to remind you which months have browser zero-days... you just have to keep your eyes and ears open!
Naked Security
Voice-scamming site βiSpoofβ seized, 100s arrested in massive crackdown
By
Naked Security writer
β November 25
th
2022 at 19:17
Those numbers or names that pop up when a call comes up? They're OK as a hint of who's calling, but THEY PROVE NOTHING
Naked Security
S3 Ep110: Spotlight on cyberthreats β an expert speaks [Audio + Text]
By
Paul Ducklin
β November 24
th
2022 at 16:52
Latest episode - security expert John Shier explains what the real-life cybercrime stories in the Sophos Threat Report can teach us
Naked Security
How to hack an unpatched Exchange server with rogue PowerShell code
By
Paul Ducklin
β November 22
nd
2022 at 19:54
Review your servers, your patches and your authentication policies - there's a proof-of-concept out
Naked Security
S3 Ep109: How one leaked email password could drain your business [Audio + Transcript]
By
Paul Ducklin
β November 17
th
2022 at 17:52
Latest episode - listen now! Cybersecurity news plus loads of great advice...
Naked Security
Firefox fixes fullscreen fakery flaw β get the update now!
By
Paul Ducklin
β November 16
th
2022 at 19:51
What's so bad about a web page going fullscreen without warning you first?
Naked Security
Log4Shell-like code execution hole in popular Backstage dev tool
By
Paul Ducklin
β November 15
th
2022 at 17:49
Good old "string templating", also known as "string interpolation", in the spotlight again...
bs-1200
Naked Security
S3 Ep108: You hid THREE BILLION dollars in a popcorn tin?
By
Paul Ducklin
β November 10
th
2022 at 17:26
Patches, busts, leaks and why even low-likelihood exploits can be high-severity risks - listen now!
Naked Security
Emergency code execution patch from Apple β but not an 0-day
By
Paul Ducklin
β November 10
th
2022 at 01:49
Not a zero-day, but important enough for a quick-fire patch to one system library...
Naked Security
Exchange 0-days fixed (at last) β plus 4 brand new Patch Tuesday 0-days!
By
Paul Ducklin
β November 9
th
2022 at 19:58
In all the excitement, we kind of lost track ourselves. Were there six 0-days, or only four?
Naked Security
Silk Road drugs market hacker pleads guilty, faces 20 years inside
By
Paul Ducklin
β November 8
th
2022 at 19:58
Jurisprudence isn't like arithmetic... two negatives never make a positive!
Naked Security
Twitter Blue Badge email scams β Donβt fall for them!
By
Naked Security writer
β November 4
th
2022 at 17:59
That was the week that was...
Naked Security
S3 Ep107: Eight months to kick out the crooks and you think thatβs GOOD? [Audio + Text]
By
Paul Ducklin
β November 3
rd
2022 at 17:51
Listen now - latest episode - audio plus full transcript
Naked Security
The OpenSSL security update story β how can you tell what needs fixing?
By
Paul Ducklin
β November 3
rd
2022 at 00:44
How to Hack! Finding OpenSSL library files and accurately identifying their version numbers...
ossl-code-1200
Naked Security
OpenSSL patches are outΒ β CRITICAL bug downgraded to HIGH, but patch anyway!
By
Paul Ducklin
β November 1
st
2022 at 17:24
That bated-breath OpenSSL update is out! It's no longer rated CRITICAL, but we advise you to patch ASAP anyway. Here's why...
Naked Security
SHA-3 code execution bug patched in PHP β check your version!
By
Paul Ducklin
β November 1
st
2022 at 14:09
As everyone waits for news of a bug in OpenSSL, here's a reminder that other cryptographic code in your life may also need patching!
Naked Security
Chrome issues urgent zero-day fix β update now!
By
Paul Ducklin
β October 29
th
2022 at 15:08
We've said it before/And we'll say it again/It's not *if* you should patch/It's a matter of *when*. (Hint: now!)
Naked Security
Updates to Appleβs zero-day update story β iPhone and iPad users read this!
By
Paul Ducklin
β October 28
th
2022 at 18:04
Turns out that Tuesday's zero-day for iOS 16 is Friday's zero-day for iOS 15...
Naked Security
S3 Ep106: Facial recognition without consent β should it be banned?
By
Paul Ducklin
β October 27
th
2022 at 16:59
Latest episode - listen (or read) now. Teachable moments for X-Ops professionals!
Naked Security
Clearview AI image-scraping face recognition service hit with β¬20m fine in France
By
Paul Ducklin
β October 26
th
2022 at 00:50
"We told you to stop but you ignored us," said the French regulator, "so now we're coming after you again."
Naked Security
Apple megaupdate: Ventura out, iOS and iPad kernel zero-day β act now!
By
Paul Ducklin
β October 25
th
2022 at 18:03
Ventura hits the market with 112 patches, Catalina's gone missing, and iPhones and iPads get a critical kernel-level zero-day patch...
Naked Security
S3 Ep105: WONTFIX! The MS Office cryptofail that βisnβt a security flawβ [Audio + Text]
By
Paul Ducklin
β October 20
th
2022 at 18:54
The coolest video game ever! And lots of solid cybersecurity advice - listen now!
pic-1200
Naked Security
Zoom for Mac patches sneaky βspy-on-meβ bug β update now!
By
Paul Ducklin
β October 18
th
2022 at 18:01
Hey! That back door isn't supposed to be there at all, let alone propped open...
Naked Security
Dangerous hole in Apache Commons Text β like Log4Shell all over again
By
Paul Ducklin
β October 18
th
2022 at 17:26
Third time unlucky. Time to put your patching boots on again...
act-1200
Naked Security
S3 Ep104: Should hospital ransomware attackers be locked up for life? [Audio + Text]
By
Paul Ducklin
β October 13
th
2022 at 16:37
Have your say on three deep questions posed by this week's podcast. Read or listen as suits you best...
Naked Security
Patch Tuesday in brief β one 0-day fixed, but no patches for Exchange!
By
Paul Ducklin
β October 12
th
2022 at 16:58
There's a zero-day patch, but it's not for the zero-day you thought.
Naked Security
Mystery iPhone update patches against iOS 16 mail crash-attack
By
Paul Ducklin
β October 11
th
2022 at 00:28
The problem with crashy messaging apps is that *other people* get to choose if and when to send you messages...
Naked Security
S3 Ep103: Scammers in the Slammer (and other stories) [Audio + Text]
By
Paul Ducklin
β October 6
th
2022 at 14:43
Latest episode - listen and learn now (or read and revise, if the written word is your thing)...
Naked Security
S3 Ep102.5: βProxyNotShellβ Exchange bugs β an expert speaks [Audio + Text]
By
Paul Ducklin
β October 1
st
2022 at 14:05
Who's affected, what you can do while waiting for Microsoft's patches, and how to plan your threat hunting...
Load more articles