Performance and security clash yet again in “Collide+Power” attack

By Paul Ducklin — August 2^nd 2023 at 23:36

It's a real vulnerability, but the data leakage rate can be as low as... let's just say that an IMAX-quality copy of the new "Oppenheimer" movie could take you 4 billion years to exfiltrate.

Naked Security

Urgent! Apple fixes critical zero-day hole in iPhones, iPads and Macs

By Paul Ducklin — July 10^th 2023 at 23:12

Don't delay, do it today. This is a code-implantation bug in WebKit that attackers already know how to exploit.

Naked Security

Belkin Wemo Smart Plug V2 – the buffer overflow that won’t be patched

By Paul Ducklin — May 16^th 2023 at 17:59

Yes, it's a buffer overflow bug. No, it's not going get fixed.

Naked Security

Popular JWT cloud security library patches “remote” code execution hole

By Paul Ducklin — January 10^th 2023 at 19:59

It's remotely triggerable, but attackers would already have pretty deep network access if they could "prime" your server for compromise.

Naked Security

S3 Ep114: Preventing cyberthreats – stop them before they stop you! [Audio + Text]

By Paul Ducklin — December 22^nd 2022 at 19:56

Join world-renowned expert Fraser Howard, Director of Research at SophosLabs, for this fascinating episode on how to fight cybercrime.

Naked Security

Online ticketing company “See” pwned for 2.5 years by attackers

By Paul Ducklin — October 26^th 2022 at 19:58

Don't be a cybersecurity slowcoach - you need to spot possible attacks as soon as you can.

Naked Security

Fashion brand SHEIN fined $1.9m for lying about data breach

By Naked Security writer — October 17^th 2022 at 18:50

Is "pay a small fine and keep on trading" a sufficient penalty for letting a breach happen, impeding an investigation, and hiding the truth?

Naked Security

Interested in cybersecurity? Join us for Security SOS Week 2022!

By Paul Ducklin — September 21^st 2022 at 14:24

Four one-on-one interviews with experts who are passionate about sharing their expertise with the community.

Naked Security

URGENT! Apple slips out zero-day update for older iPhones and iPads

By Paul Ducklin — August 31^st 2022 at 18:42

Patch as soon as you can - that recent WebKit zero-day affecting new iPhones and iPads is apparently being used against older models, too.

Naked Security

You’re invited! Join us for a live walkthrough of the “Follina” story…

By Paul Ducklin — June 13^th 2022 at 16:28

Live demo, plain English, no sales pitch, just a chance to watch an attack dissected in safety. Join us if you can!

Naked Security

S3 Ep85: Now THAT’S what I call a Microsoft Office exploit! [Podcast]

By Paul Ducklin — June 2^nd 2022 at 18:37

Latest episode - listen now!

Naked Security

Who’s watching your webcam? The Screencastify Chrome extension story…

By Paul Ducklin — May 26^th 2022 at 12:41

When you really need to make exceptions in cybersecurity, specify them as explicitly as you can.

Naked Security

S3 Ep78: Darkweb hydra, Ruby, quantum computing, and a robot revolution [Podcast]

By Paul Ducklin — April 14^th 2022 at 13:39

Latest episode - listen now!

Naked Security

Serious Security: Darkweb drugs market Hydra taken offline by German police

By Paul Ducklin — April 6^th 2022 at 16:22

Why are Tor sites hard to locate and therefore difficult to take down? We explain in plain English...

Naked Security

Serious Security: Apple Safari leaks private data via database API – what you need to know

By Paul Ducklin — January 18^th 2022 at 19:23

There's a tiny data leakage bug in the WebKit browser engine... but it could act as a "supercookie" identifier for your browsing

Naked Security

Apache’s other product: Critical bugs in ‘httpd’ web server, patch now!

By Paul Ducklin — December 21^st 2021 at 19:57

The Apache web server just got an update - this one is nothing to do with Log4j!