Naked Security
How to hack an unpatched Exchange server with rogue PowerShell code
November 22^nd 2022 at 17:54

How to hack an unpatched Exchange server with rogue PowerShell code

By: Paul Ducklin

Review your servers, your patches and your authentication policies - there's a proof-of-concept out

Naked Security
Dangerous hole in Apache Commons Text – like Log4Shell all over again
October 18^th 2022 at 16:26

Dangerous hole in Apache Commons Text – like Log4Shell all over again

By: Paul Ducklin

Third time unlucky. Time to put your patching boots on again...

act-1200

Naked Security
S3 Ep103: Scammers in the Slammer (and other stories) [Audio + Text]
October 6^th 2022 at 14:43

S3 Ep103: Scammers in the Slammer (and other stories) [Audio + Text]

By: Paul Ducklin

Latest episode - listen and learn now (or read and revise, if the written word is your thing)...

Naked Security
S3 Ep102.5: “ProxyNotShell” Exchange bugs – an expert speaks [Audio + Text]
October 1^st 2022 at 14:05

S3 Ep102.5: “ProxyNotShell” Exchange bugs – an expert speaks [Audio + Text]

By: Paul Ducklin

Who's affected, what you can do while waiting for Microsoft's patches, and how to plan your threat hunting...

Naked Security
8 months on, US says Log4Shell will be around for “a decade or longer”
July 18^th 2022 at 16:57

8 months on, US says Log4Shell will be around for “a decade or longer”

By: Paul Ducklin

When it comes to cybersecurity, ask not what everyone else can do for you...

Naked Security
Two different “VMware Spring” bugs at large – we cut through the confusion
March 31^st 2022 at 16:59

Two different “VMware Spring” bugs at large – we cut through the confusion

By: Paul Ducklin

Whoever came up with the name "Spring4Shell" didn't help at all... we cut through the Spring Bug confusion

Naked Security
S3 Ep64: Log4Shell again, scammers keeping busy, and Apple Home bug [Podcast + Transcript]
January 6^th 2022 at 13:44

S3 Ep64: Log4Shell again, scammers keeping busy, and Apple Home bug [Podcast + Transcript]

By: Paul Ducklin

We're back for 2022 - listen now!

Naked Security
FTC threatens “legal action” over unpatched Log4j and other vulns
January 5^th 2022 at 16:37

FTC threatens “legal action” over unpatched Log4j and other vulns

By: Paul Ducklin

Remember the Equifax breach? Remember the $700m penalty? In case you'd forgotten, here's the FTC to refresh your memory!

Naked Security
Log4Shell vulnerability Number Four: “Much ado about something”
December 29^th 2021 at 16:12

Log4Shell vulnerability Number Four: “Much ado about something”

By: Paul Ducklin

It's a Log4j bug, and you ought to patch it. But we don't think it's a critical crisis like the last one.

Naked Security
S3 Ep63: Log4Shell (what else?) and Apple kernel bugs [Podcast+Transcript]
December 16^th 2021 at 17:41

S3 Ep63: Log4Shell (what else?) and Apple kernel bugs [Podcast+Transcript]

By: Paul Ducklin

Latest episode - listen now! (Yes, there are plenty of critical things to go along with Log4Shell.)

Naked Security
Log4Shell explained – how it works, why you need to know, and how to fix it
December 13^th 2021 at 19:41

Log4Shell explained – how it works, why you need to know, and how to fix it

By: Paul Ducklin

Find out how to deal with the Log4Shell vulnerability right across your estate. Yes, you need to patch, but that helps everyone else along with you!

🏷️ My labels
- ❌
Article tags
December 13^th 2021 at 19:41

Naked Security
“Log4Shell” Java vulnerability – how to safeguard your servers
December 10^th 2021 at 16:22

“Log4Shell” Java vulnerability – how to safeguard your servers

By: Paul Ducklin

Just when you thought it was safe to relax for the weekend... a critical bug showed up in Apache's Log4j product