How to hack an unpatched Exchange server with rogue PowerShell code

By Paul Ducklin — November 22^nd 2022 at 19:54

Review your servers, your patches and your authentication policies - there's a proof-of-concept out

Dangerous hole in Apache Commons Text – like Log4Shell all over again

By Paul Ducklin — October 18^th 2022 at 17:26

Third time unlucky. Time to put your patching boots on again...

act-1200

By Paul Ducklin — October 6^th 2022 at 14:43

Latest episode - listen and learn now (or read and revise, if the written word is your thing)...

By Paul Ducklin — October 1^st 2022 at 14:05

Who's affected, what you can do while waiting for Microsoft's patches, and how to plan your threat hunting...

By Paul Ducklin — July 18^th 2022 at 16:57

When it comes to cybersecurity, ask not what everyone else can do for you...

By Paul Ducklin — March 31^st 2022 at 16:59

Whoever came up with the name "Spring4Shell" didn't help at all... we cut through the Spring Bug confusion

By Paul Ducklin — January 6^th 2022 at 19:44

We're back for 2022 - listen now!

By Paul Ducklin — January 5^th 2022 at 19:37

Remember the Equifax breach? Remember the $700m penalty? In case you'd forgotten, here's the FTC to refresh your memory!

By Paul Ducklin — December 29^th 2021 at 19:12

It's a Log4j bug, and you ought to patch it. But we don't think it's a critical crisis like the last one.

By Paul Ducklin — December 16^th 2021 at 17:41

Latest episode - listen now! (Yes, there are plenty of critical things to go along with Log4Shell.)

By Paul Ducklin — December 13^th 2021 at 19:41

Find out how to deal with the Log4Shell vulnerability right across your estate. Yes, you need to patch, but that helps everyone else along with you!

By Paul Ducklin — December 10^th 2021 at 19:22

Just when you thought it was safe to relax for the weekend... a critical bug showed up in Apache's Log4j product