Login
FreshRSS
Login
Naked Security
Microsoft Patch Tuesday: 74 CVEs plus 2 βExploit Detectedβ advisories
By
Paul Ducklin
β August 9
th
2023 at 20:34
74 CVEs, and two "Exploitation Detected" advisories, which are nearly but not quite the same as 0-days. Also, two potential Teams treacheries that you really want to fix.
Naked Security
Apple ships that recent βRapid Responseβ spyware patch to everyone, fixes a second zero-day
By
Paul Ducklin
β July 24
th
2023 at 23:18
Another month, another patch for in-the-wild iPhone malware (and a whole lot more).
Naked Security
S3 Ep144: When threat hunting goes down a rabbit hole
By
Paul Ducklin
β July 20
th
2023 at 14:58
Latest episode - check it out now!
Naked Security
Microsoft hit by Storm season β a tale of two semi-zero days
By
Paul Ducklin
β July 18
th
2023 at 20:59
The first compromise didn't get the crooks as far as they wanted, so they found a second one that did...
Naked Security
Zimbra Collaboration Suite warning: Patch this 0-day right now (by hand)!
By
Paul Ducklin
β July 14
th
2023 at 19:58
Zimbra didn't actually say, "Do not delay/Do it today," but they did say, "We kindly request your cooperation to apply the fix manually."
Naked Security
S3 Ep143: Supercookie surveillance shenanigans
By
Paul Ducklin
β July 13
th
2023 at 16:48
Latest episode - listen now! (Full transcript inside.)
Naked Security
Microsoft patches four zero-days, finally takes action against crimeware kernel drivers
By
Paul Ducklin
β July 12
th
2023 at 18:57
Here's a brief reminder to do two things. The first is to patch. The second is to read up why it's a good idea to patch...
Naked Security
Apple silently pulls its latest zero-day update β what now?
By
Paul Ducklin
β July 11
th
2023 at 15:21
Previously, we said "do it today", but now we're forced back on: "Do not delay; do it as soon as Apple and your device will let you."
Naked Security
Urgent! Apple fixes critical zero-day hole in iPhones, iPads and Macs
By
Paul Ducklin
β July 10
th
2023 at 23:12
Don't delay, do it today. This is a code-implantation bug in WebKit that attackers already know how to exploit.
Naked Security
S3 Ep141: What was Steve Jobsβs first job?
By
Paul Ducklin
β June 29
th
2023 at 16:58
Latest episode - listen now! (Full transcript inside.)
Naked Security
Apple patch fixes zero-day kernel hole reported by Kaspersky β update now!
By
Paul Ducklin
β June 22
nd
2023 at 00:36
Apple didn't use the words "Triangulation Trojan", but you probably will.
Naked Security
Patch Tuesday fixes 4 critical RCE bugs, and a bunch of Office holes
By
Paul Ducklin
β June 13
th
2023 at 23:32
No zero-days this month, if you ignore the Edge RCE hole patched last week
Naked Security
S3 Ep138: I like to MOVEit, MOVEit
By
Paul Ducklin
β June 8
th
2023 at 16:56
Backdoors, exploits, and Little Bobby Tables. Listen now! (Full transcript available...)
s3-ep138-1200
Naked Security
Chrome and Edge zero-day: βThis exploit is in the wildβ, so check your versions now
By
Paul Ducklin
β June 6
th
2023 at 18:28
Chrome and Edge 0-days patched.
Naked Security
World Password Day: 2 + 2 = 4
By
Paul Ducklin
β May 4
th
2023 at 13:12
We've kept it short and simple, with no sermons, no judgmentalism, no tubthumping... and no BUY NOW buttons. Have a nice day!
Naked Security
Apple delivers first-ever Rapid Security Response βcyberattackβ patch β leaves some users confused
By
Paul Ducklin
β May 1
st
2023 at 20:46
Just when we'd got used to three-numbered versions, such as "13.3.1", here comes an update suffix, bringing you "13.3.1 (a)"...
Naked Security
Double zero-day in Chrome and Edge β check your versions now!
By
Paul Ducklin
β April 24
th
2023 at 19:59
Wouldn't it be handy if there were a single version number to check for in every Chromium-based browser, on every supported platform?
Naked Security
S3 Ep130: Open the garage bay doors, HAL [Audio + Text]
By
Paul Ducklin
β April 13
th
2023 at 16:54
I'm sorry, Dave. I'm afraid I can't... errr, no, hang on a minute, I can do that easily! Worldwide! Right now!
Naked Security
Patch Tuesday: Microsoft fixes a zero-day, and two curious bugs that take the Secure out of Secure Boot
By
Paul Ducklin
β April 12
th
2023 at 18:57
Is Secure Boot without the Secure just "Boot"?
Naked Security
Apple issues emergency patches for spyware-style 0-day exploits β update now!
By
Paul Ducklin
β April 8
th
2023 at 01:20
A bug to hack your browser, then a bug to pwn the kernel... reported from the wild by Amnesty International.
Naked Security
S3 Ep129: When spyware arrives from someone you trust
By
Paul Ducklin
β April 6
th
2023 at 14:57
Scanning tools, supply-chain malware, Wi-Fi hacking, and why there should be TWO World Backup Days... listen now!
Naked Security
World Backup Day is here again β 5 tips to keep your precious data safe
By
Paul Ducklin
β March 31
st
2023 at 01:14
The only backup you will ever regret is the one you didn't make...
Naked Security
Apple patches everything, including a zero-day fix for iOS 15 users
By
Paul Ducklin
β March 28
th
2023 at 00:23
Got an older iPhone that can't run iOS 16? You've got a zero-day to deal with! That super-cool Studio Display monitor needs patching, too.
Naked Security
S3 Ep 126: The price of fast fashion (and feature creep) [Audio + Text]
By
Paul Ducklin
β March 16
th
2023 at 17:56
Worried about rogue apps? Unsure about the new Outlook zero-day? Clear advice in plain English... just like old times, with Duck and Chet!
Naked Security
Microsoft fixes two 0-days on Patch Tuesday β update now!
By
Paul Ducklin
β March 15
th
2023 at 00:06
An email you haven't even looked at yet could be used to trick Outlook into helping crooks to logon as you.
Naked Security
S3 Ep122: Stop calling every breach βsophisticatedβ! [Audio + Text]
By
Paul Ducklin
β February 16
th
2023 at 17:46
Latest episode - listen now! (Full transcript inside.)
Naked Security
Microsoft Patch Tuesday: 36 RCE bugs, 3 zero-days, 75 CVEs
By
Paul Ducklin
β February 14
th
2023 at 22:12
Lots of lovely patches for your Valentine's Day delight. Get 'em as soon as you can...
Naked Security
Apple fixes zero-day spyware implant bug β patch now!
By
Paul Ducklin
β February 14
th
2023 at 19:08
Everyone update now! Except for those who don't need to! Or who need to but will only get updates later on, though Apple isn't saying yet!
Naked Security
S3 Ep119: Breaches, patches, leaks and tweaks! [Audio + Text]
By
Paul Ducklin
β January 26
th
2023 at 19:57
Lastest episode - listen now! (Or read the transcript.)
Naked Security
Apple patches are out β old iPhones get an old zero-day fix at last!
By
Paul Ducklin
β January 24
th
2023 at 01:24
Don't delay, especially if you're still running an iOS 12 device... please do it today!
Naked Security
Microsoft Patch Tuesday: One 0-day; Win 7 and 8.1 get last-ever patches
By
Paul Ducklin
β January 11
th
2023 at 00:22
Get 'em while they're hot. And get 'em for the very last time, if you still have Windows 7 or 8.1...
Naked Security
S3 Ep113: Pwning the Windows kernel β the crooks who hoodwinked Microsoft [Audio + Text]
By
Paul Ducklin
β December 15
th
2022 at 17:10
Return o' the rookit, super-sneaky wireless spyware, credit card skimming, and patches galore. Listen and learn!
Naked Security
Patch Tuesday: 0-days, RCE bugs, and a curious tale of signed malware
By
Paul Ducklin
β December 14
th
2022 at 01:13
Tales of derring-do in the cyberunderground! (And some zero-days.)
Naked Security
Number Nine! Chrome fixes another 2022 zero-day, Edge patched too
By
Paul Ducklin
β December 5
th
2022 at 20:58
Ninth more unto the breach, dear friends, ninth more.
Naked Security
Chrome fixes 8th zero-day of 2022 β check your version now (Edge too!)
By
Paul Ducklin
β November 28
th
2022 at 19:42
There isn't a rhyme to remind you which months have browser zero-days... you just have to keep your eyes and ears open!
Naked Security
How to hack an unpatched Exchange server with rogue PowerShell code
By
Paul Ducklin
β November 22
nd
2022 at 19:54
Review your servers, your patches and your authentication policies - there's a proof-of-concept out
Naked Security
Black Friday and retail season β watch out for PayPal βmoney requestβ scams
By
Paul Ducklin
β November 17
th
2022 at 12:45
Don't let a keen eye for bargains lead you into risky online behaviour...
Naked Security
S3 Ep108: You hid THREE BILLION dollars in a popcorn tin?
By
Paul Ducklin
β November 10
th
2022 at 17:26
Patches, busts, leaks and why even low-likelihood exploits can be high-severity risks - listen now!
Naked Security
Exchange 0-days fixed (at last) β plus 4 brand new Patch Tuesday 0-days!
By
Paul Ducklin
β November 9
th
2022 at 19:58
In all the excitement, we kind of lost track ourselves. Were there six 0-days, or only four?
Naked Security
Chrome issues urgent zero-day fix β update now!
By
Paul Ducklin
β October 29
th
2022 at 15:08
We've said it before/And we'll say it again/It's not *if* you should patch/It's a matter of *when*. (Hint: now!)
Naked Security
Updates to Appleβs zero-day update story β iPhone and iPad users read this!
By
Paul Ducklin
β October 28
th
2022 at 18:04
Turns out that Tuesday's zero-day for iOS 16 is Friday's zero-day for iOS 15...
Naked Security
Apple megaupdate: Ventura out, iOS and iPad kernel zero-day β act now!
By
Paul Ducklin
β October 25
th
2022 at 18:03
Ventura hits the market with 112 patches, Catalina's gone missing, and iPhones and iPads get a critical kernel-level zero-day patch...
Naked Security
S3 Ep105: WONTFIX! The MS Office cryptofail that βisnβt a security flawβ [Audio + Text]
By
Paul Ducklin
β October 20
th
2022 at 18:54
The coolest video game ever! And lots of solid cybersecurity advice - listen now!
pic-1200
Naked Security
Patch Tuesday in brief β one 0-day fixed, but no patches for Exchange!
By
Paul Ducklin
β October 12
th
2022 at 16:58
There's a zero-day patch, but it's not for the zero-day you thought.
Naked Security
Move over Patch Tuesday β itβs Ada Lovelace Day!
By
Paul Ducklin
β October 11
th
2022 at 15:22
Hacking on actual computers is one thing, but hacking purposefully on imaginary computers is, these days, something we can only imagine.
Naked Security
S3 Ep102.5: βProxyNotShellβ Exchange bugs β an expert speaks [Audio + Text]
By
Paul Ducklin
β October 1
st
2022 at 14:05
Who's affected, what you can do while waiting for Microsoft's patches, and how to plan your threat hunting...
Naked Security
URGENT! Microsoft Exchange double zero-day β βlike ProxyShell, only differentβ
By
Paul Ducklin
β September 30
th
2022 at 18:25
Double-play 0-day in Exchange - what you need to know, and what you can do
Naked Security
S3 Ep100: Browser-in-the-Browser β how to spot an attack [Audio + Text]
By
Paul Ducklin
β September 15
th
2022 at 18:50
Latest episode - listen now! Cosmic rockets, zero-days, spotting cybercrooks, and unlocking the DEADBOLT...
s3-ep100-js-1200
Naked Security
Chrome and Edge fix zero-day security hole β update now!
By
Paul Ducklin
β September 5
th
2022 at 15:12
This time, the crooks got there first - only 1 security hole patched, but it's a zero-day.
Naked Security
URGENT! Apple slips out zero-day update for older iPhones and iPads
By
Paul Ducklin
β August 31
st
2022 at 18:42
Patch as soon as you can - that recent WebKit zero-day affecting new iPhones and iPads is apparently being used against older models, too.
Naked Security
S3 Ep97: Did your iPhone get pwned? How would you know? [Audio + Text]
By
Paul Ducklin
β August 25
th
2022 at 15:37
Latest episode - listen now! (Or read the transcript if you prefer the text version.)
Naked Security
How to celebrate SysAdmin Day!
By
Paul Ducklin
β July 29
th
2022 at 15:37
I've just popped in to wish you all/The best SysAdmin Day!
Naked Security
S3 Ep93: Office security, breach costs, and leisurely patches [Audio + Text]
By
Paul Ducklin
β July 28
th
2022 at 15:47
Latest episode - listen now!
Naked Security
7 cybersecurity tips for your summer vacation!
By
Paul Ducklin
β July 15
th
2022 at 18:23
Here you go - seven thoughtful cybersecurity tips to help you travel safely...
Naked Security
Google patches βin-the-wildβ Chrome zero-day β update now!
By
Paul Ducklin
β July 5
th
2022 at 15:55
Running Chrome? Do the "Help-About-Update" dance move right now, just to be sure...
Naked Security
Follina gets fixed β but itβs not listed in the Patch Tuesday patches!
By
Paul Ducklin
β June 15
th
2022 at 01:20
We tried it out to make sure, so you don't have to.
Naked Security
S3 Ep86: The crooks were in our network for HOW long?! [Podcast + Transcript]
By
Paul Ducklin
β June 9
th
2022 at 13:07
Latest episode - listen (or read) now!
Naked Security
Atlassian announces 0-day hole in Confluence Server β update now!
By
Paul Ducklin
β June 3
rd
2022 at 18:59
Zero-day announced - here's what you need to know
Naked Security
Mysterious βFollinaβ zero-day hole in Office β hereβs what to do!
By
Paul Ducklin
β May 30
th
2022 at 23:01
News has emerged of a "feature" in Office that has been abused as a zero-day bug to run evil code. Turning off macros doesn't help!
Naked Security
Apple patches zero-day kernel hole and much more β update now!
By
Paul Ducklin
β May 17
th
2022 at 09:30
You'll find fixes for numerous kernel-level code execution holes, including an 0-day vulnerability in many (though not all) versions.
Load more articles