Apple ships that recent “Rapid Response” spyware patch to everyone, fixes a second zero-day

By Paul Ducklin — July 24^th 2023 at 23:18

Another month, another patch for in-the-wild iPhone malware (and a whole lot more).

Naked Security

S3 Ep144: When threat hunting goes down a rabbit hole

By Paul Ducklin — July 20^th 2023 at 14:58

Latest episode - check it out now!

Naked Security

Apple’s secret is out: 3 zero-days fixed, so be sure to patch now!

By Paul Ducklin — May 19^th 2023 at 01:02

All Apple users have zero-days that need patching, though some have more zero-days than others.

Naked Security

PaperCut security vulnerabilities under active attack – vendor urges customers to patch

By Paul Ducklin — April 25^th 2023 at 17:53

If you have the product, but you haven't patched - well, the crooks have now landed, so please don't delay. Do it today...

Naked Security

Patch Tuesday: Microsoft fixes a zero-day, and two curious bugs that take the Secure out of Secure Boot

By Paul Ducklin — April 12^th 2023 at 18:57

Is Secure Boot without the Secure just "Boot"?

Naked Security

Apple zero-day spyware patches extended to cover older Macs, iPhones and iPads

By Paul Ducklin — April 10^th 2023 at 20:20

That double-whammy Apple browser-to-kernel spyware bug combo we wrote up last week? Turns out it applies to all supported Macs and iDevices - patch now!

Naked Security

Popular server-side JavaScript security sandbox “vm2” patches remote execution hole

By Paul Ducklin — April 9^th 2023 at 00:28

The security error was in the error handling system that was supposed to catch potential security errors...

vm2-1200

Naked Security

Apple issues emergency patches for spyware-style 0-day exploits – update now!

By Paul Ducklin — April 8^th 2023 at 01:20

A bug to hack your browser, then a bug to pwn the kernel... reported from the wild by Amnesty International.

Naked Security

Apple patches everything, including a zero-day fix for iOS 15 users

By Paul Ducklin — March 28^th 2023 at 00:23

Got an older iPhone that can't run iOS 16? You've got a zero-day to deal with! That super-cool Studio Display monitor needs patching, too.

Naked Security

Microsoft fixes two 0-days on Patch Tuesday – update now!

By Paul Ducklin — March 15^th 2023 at 00:06

An email you haven't even looked at yet could be used to trick Outlook into helping crooks to logon as you.

Naked Security

S3 Ep122: Stop calling every breach “sophisticated”! [Audio + Text]

By Paul Ducklin — February 16^th 2023 at 17:46

Latest episode - listen now! (Full transcript inside.)

Naked Security

Apple patches are out – old iPhones get an old zero-day fix at last!

By Paul Ducklin — January 24^th 2023 at 01:24

Don't delay, especially if you're still running an iOS 12 device... please do it today!

Naked Security

Microsoft Patch Tuesday: One 0-day; Win 7 and 8.1 get last-ever patches

By Paul Ducklin — January 11^th 2023 at 00:22

Get 'em while they're hot. And get 'em for the very last time, if you still have Windows 7 or 8.1...

Naked Security

Patch Tuesday: 0-days, RCE bugs, and a curious tale of signed malware

By Paul Ducklin — December 14^th 2022 at 01:13

Tales of derring-do in the cyberunderground! (And some zero-days.)

Naked Security

Pwn2Own Toronto: 54 hacks, 63 new bugs, $1 million in bounties

By Paul Ducklin — December 12^th 2022 at 19:58

That's a mean average of $15,710 per bug... and 63 fewer bugs out there for crooks and rogues to find.

Naked Security

S3 Ep112: Data breaches can haunt you more than once! [Audio + Text]

By Paul Ducklin — December 9^th 2022 at 16:46

Breaches, exploits, busts, buffer overflows and bug hunting - entertaining and educational in equal measure.

Naked Security

S3 Ep108: You hid THREE BILLION dollars in a popcorn tin?

By Paul Ducklin — November 10^th 2022 at 17:26

Patches, busts, leaks and why even low-likelihood exploits can be high-severity risks - listen now!

Naked Security

Exchange 0-days fixed (at last) – plus 4 brand new Patch Tuesday 0-days!

By Paul Ducklin — November 9^th 2022 at 19:58

In all the excitement, we kind of lost track ourselves. Were there six 0-days, or only four?

Naked Security

Chrome issues urgent zero-day fix – update now!

By Paul Ducklin — October 29^th 2022 at 15:08

We've said it before/And we'll say it again/It's not *if* you should patch/It's a matter of *when*. (Hint: now!)

Naked Security

Apple megaupdate: Ventura out, iOS and iPad kernel zero-day – act now!

By Paul Ducklin — October 25^th 2022 at 18:03

Ventura hits the market with 112 patches, Catalina's gone missing, and iPhones and iPads get a critical kernel-level zero-day patch...

Naked Security

Patch Tuesday in brief – one 0-day fixed, but no patches for Exchange!

By Paul Ducklin — October 12^th 2022 at 16:58

There's a zero-day patch, but it's not for the zero-day you thought.

Naked Security

S3 Ep103: Scammers in the Slammer (and other stories) [Audio + Text]

By Paul Ducklin — October 6^th 2022 at 14:43

Latest episode - listen and learn now (or read and revise, if the written word is your thing)...

Naked Security

WhatsApp “zero-day exploit” news scare – what you need to know

By Paul Ducklin — September 27^th 2022 at 18:51

Is WhatsApp currently under active attack by cybercriminals? Is this a clear and current danger? How worried should WhatsApp users be?

Naked Security

Chrome and Edge fix zero-day security hole – update now!

By Paul Ducklin — September 5^th 2022 at 15:12

This time, the crooks got there first - only 1 security hole patched, but it's a zero-day.

Naked Security

S3 Ep87: Follina, AirTags, ID theft and the Law of Big Numbers [Podcast]

By Paul Ducklin — June 16^th 2022 at 16:52

Lastest epsiode - listen now!

Naked Security

Google Chrome patches mysterious new zero-day bug – update now

By Paul Ducklin — March 28^th 2022 at 14:18

CVE-2022-1096 - another mystery in-the-wild 0-day in Chrome... check your version now!

Naked Security

Serious Security: DEADBOLT – the ransomware that goes straight for your backups

By Paul Ducklin — March 23^rd 2022 at 19:58

Some tips on how to keep your network safe - even (or perhaps especially!) if you think you're safe already.

Naked Security

Apple patches 87 security holes – from iPhones and Macs to Windows

By Paul Ducklin — March 15^th 2022 at 16:36

Lots of fixes, with data leakage flaws and code execution bugs patched on iPhones, Macs and even Windows.

apple-1200

Naked Security

Firefox patches two actively exploited 0-day holes: update now!

By Paul Ducklin — March 5^th 2022 at 19:06

Firefox just published a double-zero-day patch - "remote code execution" combined with "sandbox escape". Update now!

Naked Security

S3 Ep71: VMware escapes, PHP holes, WP plugin woes, and scary scams [Podcast + Transcript]

By Paul Ducklin — February 24^th 2022 at 16:51

Latest episode - listen now!

Naked Security

Adobe fixes zero-day exploit in e-commerce code: update now!

By Paul Ducklin — February 14^th 2022 at 22:38

There's a remote code execution hole in Adobe e-commerce products - and cybercrooks are already exploiting it.

Naked Security

Apple fixes Safari data leak (and patches a zero-day!) – update now

By Paul Ducklin — January 27^th 2022 at 21:09

That infamous "supercookie" bug in Safari has now been fixed. Oh, and there was a zero-day kernel hole as well.

apple-1200

Naked Security

S3 Ep63: Log4Shell (what else?) and Apple kernel bugs [Podcast+Transcript]

By Paul Ducklin — December 16^th 2021 at 17:41

Latest episode - listen now! (Yes, there are plenty of critical things to go along with Log4Shell.)

Naked Security

“Log4Shell” Java vulnerability – how to safeguard your servers

By Paul Ducklin — December 10^th 2021 at 19:22

Just when you thought it was safe to relax for the weekend... a critical bug showed up in Apache's Log4j product

Naked Security

S3 Ep60: Exchange exploit, GoDaddy breach and cookies made public [Podcast]

By Paul Ducklin — November 25^th 2021 at 12:38

Latest episode - listen now! Solid cybersecurity advice in plain English.