Login
FreshRSS
Login
Naked Security
S3 Ep141: What was Steve Jobsβs first job?
By
Paul Ducklin
β June 29
th
2023 at 16:58
Latest episode - listen now! (Full transcript inside.)
Naked Security
S3 Ep140: So you think you know ransomware?
By
Paul Ducklin
β June 22
nd
2023 at 16:48
Lots to learn this week - listen now! (Full transcript inside.)
Naked Security
Apple patch fixes zero-day kernel hole reported by Kaspersky β update now!
By
Paul Ducklin
β June 22
nd
2023 at 00:36
Apple didn't use the words "Triangulation Trojan", but you probably will.
Naked Security
ASUS warns router customers: Patch now, or block all inbound requests
By
Paul Ducklin
β June 20
th
2023 at 18:14
"Do as we say, not as we do!" - The patches took ages to come out, but don't let that lure you into taking ages to install them.
Naked Security
MOVEit mayhem 3: βDisable HTTP and HTTPS traffic immediatelyβ
By
Paul Ducklin
β June 15
th
2023 at 22:10
Twice more unto the breach... third patch tested and released, shut down web access until you've applied it
mi-1200
Naked Security
Patch Tuesday fixes 4 critical RCE bugs, and a bunch of Office holes
By
Paul Ducklin
β June 13
th
2023 at 23:32
No zero-days this month, if you ignore the Edge RCE hole patched last week
Naked Security
More MOVEit mitigations: new patches published for further protection
By
Paul Ducklin
β June 9
th
2023 at 21:54
Good news... more patches, this time available proactively
Naked Security
S3 Ep138: I like to MOVEit, MOVEit
By
Paul Ducklin
β June 8
th
2023 at 16:56
Backdoors, exploits, and Little Bobby Tables. Listen now! (Full transcript available...)
s3-ep138-1200
Naked Security
Firefox 114 is out: No 0-days, but one fascinating βteachable momentβ bug
By
Paul Ducklin
β June 7
th
2023 at 19:59
With the right (or wrong, if you're on the right side of the fence) timing...
Naked Security
Chrome and Edge zero-day: βThis exploit is in the wildβ, so check your versions now
By
Paul Ducklin
β June 6
th
2023 at 18:28
Chrome and Edge 0-days patched.
Naked Security
MOVEit zero-day exploit used by data breach gangs: The how, the why, and what to doβ¦
By
Paul Ducklin
β June 5
th
2023 at 19:59
Little Bobby Tables is back!
mi-1200
Naked Security
Researchers claim Windows βbackdoorβ affects hundreds of Gigabyte motherboards
By
Paul Ducklin
β June 2
nd
2023 at 18:56
It's a backdoor, Jim, but not as we know it... here's a sober look at this issue.
Naked Security
S3 Ep137: 16th century crypto skullduggery
By
Paul Ducklin
β June 1
st
2023 at 16:45
Lots to learn, clearly explained in plain English... listen now! (Full transcript inside.)
s3-ep137-feat-1200
Naked Security
Serious Security: Verification is vital β examining an OAUTH login bug
By
Paul Ducklin
β May 30
th
2023 at 16:59
What good is a popup asking for your approval if an attacker can bypass it simply by suppressing it?
Naked Security
Appleβs secret is out: 3 zero-days fixed, so be sure to patch now!
By
Paul Ducklin
β May 19
th
2023 at 01:02
All Apple users have zero-days that need patching, though some have more zero-days than others.
Naked Security
PHP Packagist supply chain poisoned by hacker βlooking for a jobβ
By
Paul Ducklin
β May 5
th
2023 at 16:59
I pwned you! Gizza job! You know it makes sense!
Naked Security
S3 Ep132: Proof-of-concept lets anyone hack at will
By
Paul Ducklin
β April 27
th
2023 at 16:55
When Doug says, "Happy Remote Code Execution Day, Duck"... it's irony. For the avoidance of all doubt :-)
Naked Security
PaperCut security vulnerabilities under active attack β vendor urges customers to patch
By
Paul Ducklin
β April 25
th
2023 at 17:53
If you have the product, but you haven't patched - well, the crooks have now landed, so please don't delay. Do it today...
Naked Security
Double zero-day in Chrome and Edge β check your versions now!
By
Paul Ducklin
β April 24
th
2023 at 19:59
Wouldn't it be handy if there were a single version number to check for in every Chromium-based browser, on every supported platform?
Naked Security
VMware patches break-and-enter hole in logging tools: update now!
By
Paul Ducklin
β April 21
st
2023 at 17:58
You know jolly well/What we're going to say/And that's "Do not delay/Simply do it today."
Naked Security
S3 Ep130: Open the garage bay doors, HAL [Audio + Text]
By
Paul Ducklin
β April 13
th
2023 at 16:54
I'm sorry, Dave. I'm afraid I can't... errr, no, hang on a minute, I can do that easily! Worldwide! Right now!
Naked Security
Patch Tuesday: Microsoft fixes a zero-day, and two curious bugs that take the Secure out of Secure Boot
By
Paul Ducklin
β April 12
th
2023 at 18:57
Is Secure Boot without the Secure just "Boot"?
Naked Security
Apple zero-day spyware patches extended to cover older Macs, iPhones and iPads
By
Paul Ducklin
β April 10
th
2023 at 20:20
That double-whammy Apple browser-to-kernel spyware bug combo we wrote up last week? Turns out it applies to all supported Macs and iDevices - patch now!
Naked Security
Popular server-side JavaScript security sandbox βvm2β patches remote execution hole
By
Paul Ducklin
β April 9
th
2023 at 00:28
The security error was in the error handling system that was supposed to catch potential security errors...
vm2-1200
Naked Security
Apple issues emergency patches for spyware-style 0-day exploits β update now!
By
Paul Ducklin
β April 8
th
2023 at 01:20
A bug to hack your browser, then a bug to pwn the kernel... reported from the wild by Amnesty International.
Naked Security
Hack and enter! The βsecureβ garage doors that anyone can open from anywhere β what you need to know
By
Paul Ducklin
β April 5
th
2023 at 18:49
Grab a message/Play it back/You've just performed/A big phat hack...
Naked Security
S3 Ep128: So you want to be a cyberΒcriminal? [Audio + Text]
By
Paul Ducklin
β March 30
th
2023 at 19:43
Latest episode - listen now!
Naked Security
Apple patches everything, including a zero-day fix for iOS 15 users
By
Paul Ducklin
β March 28
th
2023 at 00:23
Got an older iPhone that can't run iOS 16? You've got a zero-day to deal with! That super-cool Studio Display monitor needs patching, too.
Naked Security
WooCommerce Payments plugin for WordPress has an admin-level hole β patch now!
By
Paul Ducklin
β March 24
th
2023 at 19:48
Admin-level holes in websites are always a bad thing... and for "bad", read "worse" if it's an e-commerce site.
woo-1200
Naked Security
S3 Ep127: When you chop someone out of a photo, but there they are anywayβ¦
By
Paul Ducklin
β March 23
rd
2023 at 17:59
Listen now - latest episode. Full transcript inside.
Naked Security
Dangerous Android phone 0-day bugs revealed β patch or work around them now!
By
Paul Ducklin
β March 17
th
2023 at 19:56
Despite its usually inflexible 0-day disclosure policy, Google is keeping four mobile modem bugs semi-secret due to likely ease of exploitation.
Naked Security
S3 Ep 126: The price of fast fashion (and feature creep) [Audio + Text]
By
Paul Ducklin
β March 16
th
2023 at 17:56
Worried about rogue apps? Unsure about the new Outlook zero-day? Clear advice in plain English... just like old times, with Duck and Chet!
Naked Security
Microsoft fixes two 0-days on Patch Tuesday β update now!
By
Paul Ducklin
β March 15
th
2023 at 00:06
An email you haven't even looked at yet could be used to trick Outlook into helping crooks to logon as you.
Naked Security
Firefox 111 patches 11 holes, but not 1 zero-day among themβ¦
By
Paul Ducklin
β March 14
th
2023 at 19:16
In the game of cricket, 111 is an inauspicious number, but for Firefox, there doesn't seem to be much to worry about this month.
Naked Security
S3 Ep125: When security hardware has security holes [Audio + Text]
By
Paul Ducklin
β March 9
th
2023 at 18:58
Lastest episode - listen now! (Full transcript inside.)
Naked Security
Serious Security: TPM 2.0 vulns β is your super-secure data at risk?
By
Paul Ducklin
β March 7
th
2023 at 19:59
Security bugs in the very code you've been told you must have to improve the security of your computer...
Naked Security
S3 Ep122: Stop calling every breach βsophisticatedβ! [Audio + Text]
By
Paul Ducklin
β February 16
th
2023 at 17:46
Latest episode - listen now! (Full transcript inside.)
Naked Security
Apple fixes zero-day spyware implant bug β patch now!
By
Paul Ducklin
β February 14
th
2023 at 19:08
Everyone update now! Except for those who don't need to! Or who need to but will only get updates later on, though Apple isn't saying yet!
Naked Security
S3 Ep121: Can you get hacked and then prosecuted for it? [Audio + Text]
By
Paul Ducklin
β February 9
th
2023 at 19:41
Latest epsiode. Listen now!
Naked Security
OpenSSL fixes High Severity data-stealing bug β patch now!
By
Paul Ducklin
β February 8
th
2023 at 02:58
7 memory mismanagements and a timing attack. We explain all the jargon bug terminology in plain English...
Naked Security
VMWare user? Worried about βESXi ransomwareβ? Check your patches now!
By
Paul Ducklin
β February 7
th
2023 at 19:59
To borrow from HHGttG, please DON'T PANIC. But if you are two years out of date with patches, please do ACT NOW!
Naked Security
OpenSSH fixes double-free memory bug thatβs pokable over the network
By
Paul Ducklin
β February 3
rd
2023 at 17:59
It's a bug fix for a bug fix. A memory leak was turned into a double-free that has now been turned into correct code...
Naked Security
S3 Ep120: When dud crypto simply wonβt let go [Audio + Text]
By
Paul Ducklin
β February 2
nd
2023 at 17:50
Latest episode - listen now!
Naked Security
Password-stealing βvulnerabilityβ reported in KeePass β bug or feature?
By
Paul Ducklin
β February 1
st
2023 at 19:58
Is it a vulnerability if someone with control over your account can mess with files that your account is allowed to access anyway?
Naked Security
GitHub code-signing certificates stolen (but will be revoked this week)
By
Paul Ducklin
β January 31
st
2023 at 11:35
There was a breach, so the bad news isn't great, but the good news isn't too bad...
Naked Security
Serious Security: The Samba logon bug caused by outdated crypto
By
Paul Ducklin
β January 30
th
2023 at 19:59
Enjoy our Serious Security deep dive into this real-world example of why cryptographic agility is important!
Naked Security
S3 Ep119: Breaches, patches, leaks and tweaks! [Audio + Text]
By
Paul Ducklin
β January 26
th
2023 at 19:57
Lastest episode - listen now! (Or read the transcript.)
Naked Security
Apple patches are out β old iPhones get an old zero-day fix at last!
By
Paul Ducklin
β January 24
th
2023 at 01:24
Don't delay, especially if you're still running an iOS 12 device... please do it today!
Naked Security
Serious Security: How dEliBeRaTe tYpOs might imProVe DNS security
By
Paul Ducklin
β January 23
rd
2023 at 19:59
It's a really cool and super-simple trick. The question is, "Will it help?"
Naked Security
S3 Ep117: The crypto crisis that wasnβt (and farewell forever to Win 7) [Audio + Text]
By
Paul Ducklin
β January 12
th
2023 at 17:59
Tell us in the comments... What's the REAL reason there was no Windows 9? (No theory too far-fetched!)
Naked Security
Microsoft Patch Tuesday: One 0-day; Win 7 and 8.1 get last-ever patches
By
Paul Ducklin
β January 11
th
2023 at 00:22
Get 'em while they're hot. And get 'em for the very last time, if you still have Windows 7 or 8.1...
Naked Security
Popular JWT cloud security library patches βremoteβ code execution hole
By
Paul Ducklin
β January 10
th
2023 at 19:59
It's remotely triggerable, but attackers would already have pretty deep network access if they could "prime" your server for compromise.
Naked Security
CircleCI β code-building service suffers total credential compromise
By
Paul Ducklin
β January 9
th
2023 at 14:52
They're saying "rotate secrets"... in plain English, they mean "change your credentials". The company has a tool to help you find them all.
Naked Security
Serious Security: How to improve cryptography, resist supply chain attacks, and handle data breaches
By
Paul Ducklin
β January 4
th
2023 at 19:50
Lessons for us all: improve cryptography, fight cybercrime, own your supply chain... and don't steal my data and then pretend you're sorry.
Naked Security
Naked Security 33Β 1/3 β Cybersecurity predictions for 2023 and beyond
By
Paul Ducklin
β December 30
th
2022 at 19:59
The problem with anniversaries is that there's an almost infinite number of them every day...
hny-1200
Naked Security
Microsoft dishes the dirt on Appleβs βAchilles heelβ shortly after fixing similar Windows bug
By
Paul Ducklin
β December 20
th
2022 at 17:59
It happens to the best of us: Microsoft highlights a security bypass bug on Macs that is curiously similar to a recent Windows 0-day.
Naked Security
S3 Ep113: Pwning the Windows kernel β the crooks who hoodwinked Microsoft [Audio + Text]
By
Paul Ducklin
β December 15
th
2022 at 17:10
Return o' the rookit, super-sneaky wireless spyware, credit card skimming, and patches galore. Listen and learn!
Naked Security
Apple patches everything, finally reveals mystery of iOS 16.1.2
By
Paul Ducklin
β December 14
th
2022 at 02:11
There's an update for everything this time, not just for iOS.
Naked Security
Patch Tuesday: 0-days, RCE bugs, and a curious tale of signed malware
By
Paul Ducklin
β December 14
th
2022 at 01:13
Tales of derring-do in the cyberunderground! (And some zero-days.)
Naked Security
Pwn2Own Toronto: 54 hacks, 63 new bugs, $1 million in bounties
By
Paul Ducklin
β December 12
th
2022 at 19:58
That's a mean average of $15,710 per bug... and 63 fewer bugs out there for crooks and rogues to find.
Load more articles