Login
FreshRSS
Login
Naked Security
S3 Ep132: Proof-of-concept lets anyone hack at will
By
Paul Ducklin
β April 27
th
2023 at 16:55
When Doug says, "Happy Remote Code Execution Day, Duck"... it's irony. For the avoidance of all doubt :-)
Naked Security
PaperCut security vulnerabilities under active attack β vendor urges customers to patch
By
Paul Ducklin
β April 25
th
2023 at 17:53
If you have the product, but you haven't patched - well, the crooks have now landed, so please don't delay. Do it today...
Naked Security
Double zero-day in Chrome and Edge β check your versions now!
By
Paul Ducklin
β April 24
th
2023 at 19:59
Wouldn't it be handy if there were a single version number to check for in every Chromium-based browser, on every supported platform?
Naked Security
VMware patches break-and-enter hole in logging tools: update now!
By
Paul Ducklin
β April 21
st
2023 at 17:58
You know jolly well/What we're going to say/And that's "Do not delay/Simply do it today."
Naked Security
S3 Ep130: Open the garage bay doors, HAL [Audio + Text]
By
Paul Ducklin
β April 13
th
2023 at 16:54
I'm sorry, Dave. I'm afraid I can't... errr, no, hang on a minute, I can do that easily! Worldwide! Right now!
Naked Security
Patch Tuesday: Microsoft fixes a zero-day, and two curious bugs that take the Secure out of Secure Boot
By
Paul Ducklin
β April 12
th
2023 at 18:57
Is Secure Boot without the Secure just "Boot"?
Naked Security
Apple zero-day spyware patches extended to cover older Macs, iPhones and iPads
By
Paul Ducklin
β April 10
th
2023 at 20:20
That double-whammy Apple browser-to-kernel spyware bug combo we wrote up last week? Turns out it applies to all supported Macs and iDevices - patch now!
Naked Security
Popular server-side JavaScript security sandbox βvm2β patches remote execution hole
By
Paul Ducklin
β April 9
th
2023 at 00:28
The security error was in the error handling system that was supposed to catch potential security errors...
vm2-1200
Naked Security
Apple issues emergency patches for spyware-style 0-day exploits β update now!
By
Paul Ducklin
β April 8
th
2023 at 01:20
A bug to hack your browser, then a bug to pwn the kernel... reported from the wild by Amnesty International.
Naked Security
Hack and enter! The βsecureβ garage doors that anyone can open from anywhere β what you need to know
By
Paul Ducklin
β April 5
th
2023 at 18:49
Grab a message/Play it back/You've just performed/A big phat hack...
Naked Security
S3 Ep128: So you want to be a cyberΒcriminal? [Audio + Text]
By
Paul Ducklin
β March 30
th
2023 at 19:43
Latest episode - listen now!
Naked Security
Apple patches everything, including a zero-day fix for iOS 15 users
By
Paul Ducklin
β March 28
th
2023 at 00:23
Got an older iPhone that can't run iOS 16? You've got a zero-day to deal with! That super-cool Studio Display monitor needs patching, too.
Naked Security
WooCommerce Payments plugin for WordPress has an admin-level hole β patch now!
By
Paul Ducklin
β March 24
th
2023 at 19:48
Admin-level holes in websites are always a bad thing... and for "bad", read "worse" if it's an e-commerce site.
woo-1200
Naked Security
S3 Ep127: When you chop someone out of a photo, but there they are anywayβ¦
By
Paul Ducklin
β March 23
rd
2023 at 17:59
Listen now - latest episode. Full transcript inside.
Naked Security
Dangerous Android phone 0-day bugs revealed β patch or work around them now!
By
Paul Ducklin
β March 17
th
2023 at 19:56
Despite its usually inflexible 0-day disclosure policy, Google is keeping four mobile modem bugs semi-secret due to likely ease of exploitation.
Naked Security
S3 Ep 126: The price of fast fashion (and feature creep) [Audio + Text]
By
Paul Ducklin
β March 16
th
2023 at 17:56
Worried about rogue apps? Unsure about the new Outlook zero-day? Clear advice in plain English... just like old times, with Duck and Chet!
Naked Security
Microsoft fixes two 0-days on Patch Tuesday β update now!
By
Paul Ducklin
β March 15
th
2023 at 00:06
An email you haven't even looked at yet could be used to trick Outlook into helping crooks to logon as you.
Naked Security
Firefox 111 patches 11 holes, but not 1 zero-day among themβ¦
By
Paul Ducklin
β March 14
th
2023 at 19:16
In the game of cricket, 111 is an inauspicious number, but for Firefox, there doesn't seem to be much to worry about this month.
Naked Security
S3 Ep125: When security hardware has security holes [Audio + Text]
By
Paul Ducklin
β March 9
th
2023 at 18:58
Lastest episode - listen now! (Full transcript inside.)
Naked Security
Serious Security: TPM 2.0 vulns β is your super-secure data at risk?
By
Paul Ducklin
β March 7
th
2023 at 19:59
Security bugs in the very code you've been told you must have to improve the security of your computer...
Naked Security
S3 Ep122: Stop calling every breach βsophisticatedβ! [Audio + Text]
By
Paul Ducklin
β February 16
th
2023 at 17:46
Latest episode - listen now! (Full transcript inside.)
Naked Security
Apple fixes zero-day spyware implant bug β patch now!
By
Paul Ducklin
β February 14
th
2023 at 19:08
Everyone update now! Except for those who don't need to! Or who need to but will only get updates later on, though Apple isn't saying yet!
Naked Security
S3 Ep121: Can you get hacked and then prosecuted for it? [Audio + Text]
By
Paul Ducklin
β February 9
th
2023 at 19:41
Latest epsiode. Listen now!
Naked Security
OpenSSL fixes High Severity data-stealing bug β patch now!
By
Paul Ducklin
β February 8
th
2023 at 02:58
7 memory mismanagements and a timing attack. We explain all the jargon bug terminology in plain English...
Naked Security
VMWare user? Worried about βESXi ransomwareβ? Check your patches now!
By
Paul Ducklin
β February 7
th
2023 at 19:59
To borrow from HHGttG, please DON'T PANIC. But if you are two years out of date with patches, please do ACT NOW!
Naked Security
OpenSSH fixes double-free memory bug thatβs pokable over the network
By
Paul Ducklin
β February 3
rd
2023 at 17:59
It's a bug fix for a bug fix. A memory leak was turned into a double-free that has now been turned into correct code...
Naked Security
S3 Ep120: When dud crypto simply wonβt let go [Audio + Text]
By
Paul Ducklin
β February 2
nd
2023 at 17:50
Latest episode - listen now!
Naked Security
Password-stealing βvulnerabilityβ reported in KeePass β bug or feature?
By
Paul Ducklin
β February 1
st
2023 at 19:58
Is it a vulnerability if someone with control over your account can mess with files that your account is allowed to access anyway?
Naked Security
GitHub code-signing certificates stolen (but will be revoked this week)
By
Paul Ducklin
β January 31
st
2023 at 11:35
There was a breach, so the bad news isn't great, but the good news isn't too bad...
Naked Security
Serious Security: The Samba logon bug caused by outdated crypto
By
Paul Ducklin
β January 30
th
2023 at 19:59
Enjoy our Serious Security deep dive into this real-world example of why cryptographic agility is important!
Naked Security
S3 Ep119: Breaches, patches, leaks and tweaks! [Audio + Text]
By
Paul Ducklin
β January 26
th
2023 at 19:57
Lastest episode - listen now! (Or read the transcript.)
Naked Security
Apple patches are out β old iPhones get an old zero-day fix at last!
By
Paul Ducklin
β January 24
th
2023 at 01:24
Don't delay, especially if you're still running an iOS 12 device... please do it today!
Naked Security
Serious Security: How dEliBeRaTe tYpOs might imProVe DNS security
By
Paul Ducklin
β January 23
rd
2023 at 19:59
It's a really cool and super-simple trick. The question is, "Will it help?"
Naked Security
S3 Ep117: The crypto crisis that wasnβt (and farewell forever to Win 7) [Audio + Text]
By
Paul Ducklin
β January 12
th
2023 at 17:59
Tell us in the comments... What's the REAL reason there was no Windows 9? (No theory too far-fetched!)
Naked Security
Microsoft Patch Tuesday: One 0-day; Win 7 and 8.1 get last-ever patches
By
Paul Ducklin
β January 11
th
2023 at 00:22
Get 'em while they're hot. And get 'em for the very last time, if you still have Windows 7 or 8.1...
Naked Security
Popular JWT cloud security library patches βremoteβ code execution hole
By
Paul Ducklin
β January 10
th
2023 at 19:59
It's remotely triggerable, but attackers would already have pretty deep network access if they could "prime" your server for compromise.
Naked Security
CircleCI β code-building service suffers total credential compromise
By
Paul Ducklin
β January 9
th
2023 at 14:52
They're saying "rotate secrets"... in plain English, they mean "change your credentials". The company has a tool to help you find them all.
Naked Security
Serious Security: How to improve cryptography, resist supply chain attacks, and handle data breaches
By
Paul Ducklin
β January 4
th
2023 at 19:50
Lessons for us all: improve cryptography, fight cybercrime, own your supply chain... and don't steal my data and then pretend you're sorry.
Naked Security
Naked Security 33Β 1/3 β Cybersecurity predictions for 2023 and beyond
By
Paul Ducklin
β December 30
th
2022 at 19:59
The problem with anniversaries is that there's an almost infinite number of them every day...
hny-1200
Naked Security
Microsoft dishes the dirt on Appleβs βAchilles heelβ shortly after fixing similar Windows bug
By
Paul Ducklin
β December 20
th
2022 at 17:59
It happens to the best of us: Microsoft highlights a security bypass bug on Macs that is curiously similar to a recent Windows 0-day.
Naked Security
S3 Ep113: Pwning the Windows kernel β the crooks who hoodwinked Microsoft [Audio + Text]
By
Paul Ducklin
β December 15
th
2022 at 17:10
Return o' the rookit, super-sneaky wireless spyware, credit card skimming, and patches galore. Listen and learn!
Naked Security
Apple patches everything, finally reveals mystery of iOS 16.1.2
By
Paul Ducklin
β December 14
th
2022 at 02:11
There's an update for everything this time, not just for iOS.
Naked Security
Patch Tuesday: 0-days, RCE bugs, and a curious tale of signed malware
By
Paul Ducklin
β December 14
th
2022 at 01:13
Tales of derring-do in the cyberunderground! (And some zero-days.)
Naked Security
Pwn2Own Toronto: 54 hacks, 63 new bugs, $1 million in bounties
By
Paul Ducklin
β December 12
th
2022 at 19:58
That's a mean average of $15,710 per bug... and 63 fewer bugs out there for crooks and rogues to find.
Naked Security
S3 Ep112: Data breaches can haunt you more than once! [Audio + Text]
By
Paul Ducklin
β December 9
th
2022 at 16:46
Breaches, exploits, busts, buffer overflows and bug hunting - entertaining and educational in equal measure.
Naked Security
Number Nine! Chrome fixes another 2022 zero-day, Edge patched too
By
Paul Ducklin
β December 5
th
2022 at 20:58
Ninth more unto the breach, dear friends, ninth more.
Naked Security
Ping of death! FreeBSD fixes crashtastic bug in network tool
By
Paul Ducklin
β December 5
th
2022 at 19:59
It's a venerable program, and this version had a venerable bug in it.
Naked Security
Chrome fixes 8th zero-day of 2022 β check your version now (Edge too!)
By
Paul Ducklin
β November 28
th
2022 at 19:42
There isn't a rhyme to remind you which months have browser zero-days... you just have to keep your eyes and ears open!
Naked Security
How to hack an unpatched Exchange server with rogue PowerShell code
By
Paul Ducklin
β November 22
nd
2022 at 19:54
Review your servers, your patches and your authentication policies - there's a proof-of-concept out
Naked Security
S3 Ep109: How one leaked email password could drain your business [Audio + Transcript]
By
Paul Ducklin
β November 17
th
2022 at 17:52
Latest episode - listen now! Cybersecurity news plus loads of great advice...
Naked Security
Firefox fixes fullscreen fakery flaw β get the update now!
By
Paul Ducklin
β November 16
th
2022 at 19:51
What's so bad about a web page going fullscreen without warning you first?
Naked Security
Log4Shell-like code execution hole in popular Backstage dev tool
By
Paul Ducklin
β November 15
th
2022 at 17:49
Good old "string templating", also known as "string interpolation", in the spotlight again...
bs-1200
Naked Security
S3 Ep108: You hid THREE BILLION dollars in a popcorn tin?
By
Paul Ducklin
β November 10
th
2022 at 17:26
Patches, busts, leaks and why even low-likelihood exploits can be high-severity risks - listen now!
Naked Security
Emergency code execution patch from Apple β but not an 0-day
By
Paul Ducklin
β November 10
th
2022 at 01:49
Not a zero-day, but important enough for a quick-fire patch to one system library...
Naked Security
Exchange 0-days fixed (at last) β plus 4 brand new Patch Tuesday 0-days!
By
Paul Ducklin
β November 9
th
2022 at 19:58
In all the excitement, we kind of lost track ourselves. Were there six 0-days, or only four?
Naked Security
S3 Ep107: Eight months to kick out the crooks and you think thatβs GOOD? [Audio + Text]
By
Paul Ducklin
β November 3
rd
2022 at 17:51
Listen now - latest episode - audio plus full transcript
Naked Security
The OpenSSL security update story β how can you tell what needs fixing?
By
Paul Ducklin
β November 3
rd
2022 at 00:44
How to Hack! Finding OpenSSL library files and accurately identifying their version numbers...
ossl-code-1200
Naked Security
OpenSSL patches are outΒ β CRITICAL bug downgraded to HIGH, but patch anyway!
By
Paul Ducklin
β November 1
st
2022 at 17:24
That bated-breath OpenSSL update is out! It's no longer rated CRITICAL, but we advise you to patch ASAP anyway. Here's why...
Naked Security
SHA-3 code execution bug patched in PHP β check your version!
By
Paul Ducklin
β November 1
st
2022 at 14:09
As everyone waits for news of a bug in OpenSSL, here's a reminder that other cryptographic code in your life may also need patching!
Naked Security
Chrome issues urgent zero-day fix β update now!
By
Paul Ducklin
β October 29
th
2022 at 15:08
We've said it before/And we'll say it again/It's not *if* you should patch/It's a matter of *when*. (Hint: now!)
Load more articles