Login
FreshRSS
Login
Secure Planet Training Courses Updated For 2019 - Click Here
Main stream
Favourites (0)
My labels
Security
/r/netsec - Information Security News & Discussion
Dark Reading:
ICS-CERT Alert Feed
InfoSec Resources
Infosec Island Latest Articles
Krebs on Security
McAfee Blogs
Naked Security
News β Packet Storm
Paul's Security Weekly
SANS Internet Storm Center, InfoCON: green
Security β Cisco Blog
SecurityFocus News
The Hacker News
The Register - Security
The first stop for security news | Threatpost
Threatpost | The first stop for security news
Troy Hunt
Verisign Blog
WIRED
WeLiveSecurity
ZDNet | security RSS
http://blog.trendmicro.com/feed
Tools
KitPloit - PenTest Tools!
Security Tool Files β Packet Storm
ToolsWatch.org β The Hackers Arsenal Tools Portal
Vulnerabilities
Advisory Files β Packet Storm
Exploit-DB Updates
Full Disclosure
SecurityFocus Vulnerabilities
There are new available articles, click to refresh the page.
Before yesterday
Naked Security
Naked Security
Ghostscript bug could allow rogue documents to run system commands
July 4
th
2023 at 17:57Β
Ghostscript bug could allow rogue documents to run system commands
By:
Paul Ducklin
Even if you've never heard of the venerable Ghostscript project, you may have it installed without knowing.
π·οΈ
My labels
β
Article tags
β
Vulnerability
command injection
CVE-2023-36664
Ghostscript
pipe
rce
vulnerability
July 4
th
2023 at 17:57
Naked Security
ASUS warns router customers: Patch now, or block all inbound requests
June 20
th
2023 at 16:14Β
ASUS warns router customers: Patch now, or block all inbound requests
By:
Paul Ducklin
"Do as we say, not as we do!" - The patches took ages to come out, but don't let that lure you into taking ages to install them.
π·οΈ
My labels
β
Article tags
β
Vulnerability
Asus
Patch
rce
router
vulnerability
June 20
th
2023 at 16:14
Naked Security
PaperCut security vulnerabilities under active attack β vendor urges customers to patch
April 25
th
2023 at 17:53Β
PaperCut security vulnerabilities under active attack β vendor urges customers to patch
By:
Paul Ducklin
If you have the product, but you haven't patched - well, the crooks have now landed, so please don't delay. Do it today...
π·οΈ
My labels
β
Article tags
β
Vulnerability
CVE-2023-27350
CVE-2023-27351
Exploit
PaperCut
rce
vulnerability
April 25
th
2023 at 17:53
Naked Security
Apple zero-day spyware patches extended to cover older Macs, iPhones and iPads
April 10
th
2023 at 20:20Β
Apple zero-day spyware patches extended to cover older Macs, iPhones and iPads
By:
Paul Ducklin
That double-whammy Apple browser-to-kernel spyware bug combo we wrote up last week? Turns out it applies to all supported Macs and iDevices - patch now!
π·οΈ
My labels
β
Article tags
β
Apple
iOS
OS X
Vulnerability
Exploit
kernel bug
rce
spyware
April 10
th
2023 at 20:20
Naked Security
WooCommerce Payments plugin for WordPress has an admin-level hole β patch now!
March 24
th
2023 at 17:48Β
WooCommerce Payments plugin for WordPress has an admin-level hole β patch now!
By:
Paul Ducklin
Admin-level holes in websites are always a bad thing... and for "bad", read "worse" if it's an e-commerce site.
woo-1200
π·οΈ
My labels
β
Article tags
β
Data loss
Privacy
Vulnerability
vulnerability
WooCommerce
Wordpress
March 24
th
2023 at 17:48
Naked Security
Dangerous Android phone 0-day bugs revealed β patch or work around them now!
March 17
th
2023 at 17:56Β
Dangerous Android phone 0-day bugs revealed β patch or work around them now!
By:
Paul Ducklin
Despite its usually inflexible 0-day disclosure policy, Google is keeping four mobile modem bugs semi-secret due to likely ease of exploitation.
π·οΈ
My labels
β
Article tags
β
Android
Google
Samsung
Vulnerability
Patches
rce
vulnerability
March 17
th
2023 at 17:56
Naked Security
Popular JWT cloud security library patches βremoteβ code execution hole
January 10
th
2023 at 17:59Β
Popular JWT cloud security library patches βremoteβ code execution hole
By:
Paul Ducklin
It's remotely triggerable, but attackers would already have pretty deep network access if they could "prime" your server for compromise.
π·οΈ
My labels
β
Article tags
β
Cryptography
Vulnerability
JSON
jsonwebtoken
JWT
rce
vulnerability
January 10
th
2023 at 17:59
Naked Security
Credit card skimming β the long and winding road of supply chain failure
December 8
th
2022 at 17:58Β
Credit card skimming β the long and winding road of supply chain failure
By:
Paul Ducklin
Don't keep calling home to a JavaScript server that closed its doors eight years ago!
π·οΈ
My labels
β
Article tags
β
Data loss
Malware
Privacy
Cockpit
e-commerce
HTML injection
skimming
December 8
th
2022 at 17:58
Naked Security
Slack admits to leaking hashed passwords for five years
August 8
th
2022 at 15:14Β
Slack admits to leaking hashed passwords for five years
By:
Paul Ducklin
"When those invitations went out... somehow, your password hash went out with them."
π·οΈ
My labels
β
Article tags
β
Cryptography
Data loss
brute force
crack
dictionary attack
hashing
password
salt
Slack
August 8
th
2022 at 15:14
Naked Security
βVMware Spring Cloud Functionβ Java bug gives instant remote code execution β update now!
March 30
th
2022 at 20:38Β
βVMware Spring Cloud Functionβ Java bug gives instant remote code execution β update now!
By:
Paul Ducklin
Easy unauthenticated remote code execution - PoC code already out
π·οΈ
My labels
β
Article tags
β
Uncategorized
CVE-2022-22963
Java
Log4She;;
SPEL
Spring
Spring Cloud
Spring Expression Resource
March 30
th
2022 at 20:38
Naked Security
Apple patches 87 security holes β from iPhones and Macs to Windows
March 15
th
2022 at 16:36Β
Apple patches 87 security holes β from iPhones and Macs to Windows
By:
Paul Ducklin
Lots of fixes, with data leakage flaws and code execution bugs patched on iPhones, Macs and even Windows.
apple-1200
π·οΈ
My labels
β
Article tags
β
Apple
iOS
OS X
Privacy
Vulnerability
Windows
cve
Exploit
Patch
rce
March 15
th
2022 at 16:36
Naked Security
Apple fixes Safari data leak (and patches a zero-day!) β update now
January 27
th
2022 at 21:09Β
Apple fixes Safari data leak (and patches a zero-day!) β update now
By:
Paul Ducklin
That infamous "supercookie" bug in Safari has now been fixed. Oh, and there was a zero-day kernel hole as well.
apple-1200
π·οΈ
My labels
β
Article tags
β
Apple
iOS
OS X
Privacy
Vulnerability
Exploit
ios
iPhone
macOS
Patch
rce
January 27
th
2022 at 21:09
Naked Security
βLog4Shellβ Java vulnerability β how to safeguard your servers
December 10
th
2021 at 16:22Β
βLog4Shellβ Java vulnerability β how to safeguard your servers
By:
Paul Ducklin
Just when you thought it was safe to relax for the weekend... a critical bug showed up in Apache's Log4j product
π·οΈ
My labels
β
Article tags
β
Vulnerability
Apache
CVE-2021-44228
Exploit
Java
Log4Shell
LOGJAM
rce
December 10
th
2021 at 16:22
There are no more articles
β
Mark all as read
Login
FreshRSS 