Whodunnit? Cybercrook gets 6 years for ransoming his own employer

By Naked Security writer — May 12^th 2023 at 16:15

Not just an active adversary, but a two-faced one, too.

Naked Security

Apple delivers first-ever Rapid Security Response “cyberattack” patch – leaves some users confused

By Paul Ducklin — May 1^st 2023 at 20:46

Just when we'd got used to three-numbered versions, such as "13.3.1", here comes an update suffix, bringing you "13.3.1 (a)"...

Naked Security

Double zero-day in Chrome and Edge – check your versions now!

By Paul Ducklin — April 24^th 2023 at 19:59

Wouldn't it be handy if there were a single version number to check for in every Chromium-based browser, on every supported platform?

Naked Security

S3 Ep130: Open the garage bay doors, HAL [Audio + Text]

By Paul Ducklin — April 13^th 2023 at 16:54

I'm sorry, Dave. I'm afraid I can't... errr, no, hang on a minute, I can do that easily! Worldwide! Right now!

Naked Security

Patch Tuesday: Microsoft fixes a zero-day, and two curious bugs that take the Secure out of Secure Boot

By Paul Ducklin — April 12^th 2023 at 18:57

Is Secure Boot without the Secure just "Boot"?

Naked Security

Apple issues emergency patches for spyware-style 0-day exploits – update now!

By Paul Ducklin — April 8^th 2023 at 01:20

A bug to hack your browser, then a bug to pwn the kernel... reported from the wild by Amnesty International.

Naked Security

Apple patches everything, including a zero-day fix for iOS 15 users

By Paul Ducklin — March 28^th 2023 at 00:23

Got an older iPhone that can't run iOS 16? You've got a zero-day to deal with! That super-cool Studio Display monitor needs patching, too.

Naked Security

Microsoft fixes two 0-days on Patch Tuesday – update now!

By Paul Ducklin — March 15^th 2023 at 00:06

An email you haven't even looked at yet could be used to trick Outlook into helping crooks to logon as you.

Naked Security

S3 Ep122: Stop calling every breach “sophisticated”! [Audio + Text]

By Paul Ducklin — February 16^th 2023 at 17:46

Latest episode - listen now! (Full transcript inside.)

Naked Security

Apple fixes zero-day spyware implant bug – patch now!

By Paul Ducklin — February 14^th 2023 at 19:08

Everyone update now! Except for those who don't need to! Or who need to but will only get updates later on, though Apple isn't saying yet!

Naked Security

S3 Ep119: Breaches, patches, leaks and tweaks! [Audio + Text]

By Paul Ducklin — January 26^th 2023 at 19:57

Lastest episode - listen now! (Or read the transcript.)

Naked Security

Apple patches are out – old iPhones get an old zero-day fix at last!

By Paul Ducklin — January 24^th 2023 at 01:24

Don't delay, especially if you're still running an iOS 12 device... please do it today!

Naked Security

S3 Ep113: Pwning the Windows kernel – the crooks who hoodwinked Microsoft [Audio + Text]

By Paul Ducklin — December 15^th 2022 at 17:10

Return o' the rookit, super-sneaky wireless spyware, credit card skimming, and patches galore. Listen and learn!

Naked Security

Number Nine! Chrome fixes another 2022 zero-day, Edge patched too

By Paul Ducklin — December 5^th 2022 at 20:58

Ninth more unto the breach, dear friends, ninth more.

Naked Security

Chrome fixes 8th zero-day of 2022 – check your version now (Edge too!)

By Paul Ducklin — November 28^th 2022 at 19:42

There isn't a rhyme to remind you which months have browser zero-days... you just have to keep your eyes and ears open!

Naked Security

How to hack an unpatched Exchange server with rogue PowerShell code

By Paul Ducklin — November 22^nd 2022 at 19:54

Review your servers, your patches and your authentication policies - there's a proof-of-concept out

Naked Security

Exchange 0-days fixed (at last) – plus 4 brand new Patch Tuesday 0-days!

By Paul Ducklin — November 9^th 2022 at 19:58

In all the excitement, we kind of lost track ourselves. Were there six 0-days, or only four?

Naked Security

Chrome issues urgent zero-day fix – update now!

By Paul Ducklin — October 29^th 2022 at 15:08

We've said it before/And we'll say it again/It's not *if* you should patch/It's a matter of *when*. (Hint: now!)

Naked Security

Updates to Apple’s zero-day update story – iPhone and iPad users read this!

By Paul Ducklin — October 28^th 2022 at 18:04

Turns out that Tuesday's zero-day for iOS 16 is Friday's zero-day for iOS 15...

Naked Security

S3 Ep102.5: “ProxyNotShell” Exchange bugs – an expert speaks [Audio + Text]

By Paul Ducklin — October 1^st 2022 at 14:05

Who's affected, what you can do while waiting for Microsoft's patches, and how to plan your threat hunting...

Naked Security

URGENT! Microsoft Exchange double zero-day – “like ProxyShell, only different”

By Paul Ducklin — September 30^th 2022 at 18:25

Double-play 0-day in Exchange - what you need to know, and what you can do

Naked Security

LastPass source code breach – incident response report released

By Paul Ducklin — September 19^th 2022 at 18:59

Wondering how you'd handle a data breach report if the worst happened to you? Here's a useful example.

Naked Security

S3 Ep100: Browser-in-the-Browser – how to spot an attack [Audio + Text]

By Paul Ducklin — September 15^th 2022 at 18:50

Latest episode - listen now! Cosmic rockets, zero-days, spotting cybercrooks, and unlocking the DEADBOLT...

s3-ep100-js-1200

Naked Security

Chrome and Edge fix zero-day security hole – update now!

By Paul Ducklin — September 5^th 2022 at 15:12

This time, the crooks got there first - only 1 security hole patched, but it's a zero-day.

Naked Security

URGENT! Apple slips out zero-day update for older iPhones and iPads

By Paul Ducklin — August 31^st 2022 at 18:42

Patch as soon as you can - that recent WebKit zero-day affecting new iPhones and iPads is apparently being used against older models, too.

Naked Security

S3 Ep97: Did your iPhone get pwned? How would you know? [Audio + Text]

By Paul Ducklin — August 25^th 2022 at 15:37

Latest episode - listen now! (Or read the transcript if you prefer the text version.)

Naked Security

S3 Ep93: Office security, breach costs, and leisurely patches [Audio + Text]

By Paul Ducklin — July 28^th 2022 at 15:47

Latest episode - listen now!

Naked Security

Google patches “in-the-wild” Chrome zero-day – update now!

By Paul Ducklin — July 5^th 2022 at 15:55

Running Chrome? Do the "Help-About-Update" dance move right now, just to be sure...

Naked Security

S3 Ep86: The crooks were in our network for HOW long?! [Podcast + Transcript]

By Paul Ducklin — June 9^th 2022 at 13:07

Latest episode - listen (or read) now!

Naked Security

Atlassian announces 0-day hole in Confluence Server – update now!

By Paul Ducklin — June 3^rd 2022 at 18:59

Zero-day announced - here's what you need to know

Naked Security

Mysterious “Follina” zero-day hole in Office – here’s what to do!

By Paul Ducklin — May 30^th 2022 at 23:01

News has emerged of a "feature" in Office that has been abused as a zero-day bug to run evil code. Turning off macros doesn't help!

Naked Security

Apple patches zero-day kernel hole and much more – update now!

By Paul Ducklin — May 17^th 2022 at 09:30

You'll find fixes for numerous kernel-level code execution holes, including an 0-day vulnerability in many (though not all) versions.

Naked Security

GitHub issues final report on supply-chain source code intrusions

By Paul Ducklin — April 29^th 2022 at 16:15

Learn how to find out which apps you've given access rights to, and how to revoke those rights immediately in an emergency.

Naked Security

Apple pushes out two emergency 0-day updates – get ’em now!

By Paul Ducklin — March 31^st 2022 at 23:38

More Apple zero-days - mobile devices, laptops and desktops affected. Update now!

apple-1200

Naked Security

Google Chrome patches mysterious new zero-day bug – update now

By Paul Ducklin — March 28^th 2022 at 14:18

CVE-2022-1096 - another mystery in-the-wild 0-day in Chrome... check your version now!

Naked Security

Firefox patches two actively exploited 0-day holes: update now!

By Paul Ducklin — March 5^th 2022 at 19:06

Firefox just published a double-zero-day patch - "remote code execution" combined with "sandbox escape". Update now!

Naked Security

Google announces zero-day in Chrome browser – update now!

By Paul Ducklin — February 15^th 2022 at 19:17

Zero-day buses: none for a while, then three at once. Here's Google joining Apple and Adobe in "zero-day week"

Naked Security

Adobe fixes zero-day exploit in e-commerce code: update now!

By Paul Ducklin — February 14^th 2022 at 22:38

There's a remote code execution hole in Adobe e-commerce products - and cybercrooks are already exploiting it.

Naked Security

S3 Ep68: Bugs, scams, privacy …and fonts?! [Podcast + Transcript]

By Paul Ducklin — February 3^rd 2022 at 16:20

Latest episode - listen now!

Naked Security

Check your patches – public exploit now out for critical Exchange bug

By Paul Ducklin — November 23^rd 2021 at 14:36

It was a zero-day bug until Patch Tuesday, now there's an anyone-can-use-it exploit. Don't be the one who hasn't patched.

Naked Security

Apple ships Monterey with security updates, fixes 0-day in Watch and TV products, updates iDevices

By Paul Ducklin — October 27^th 2021 at 22:16

A slew of security bulletins from Apple HQ, including 37 bugs listed as fixed in the initial public release of macOS Monterey.

Naked Security

S3 Ep54: Another 0-day, double Apache patch, and Fight The Phish [Podcast]

By Paul Ducklin — October 14^th 2021 at 18:33

Latest episode - listen now!