Using WinRAR? Be sure to patch against these code execution bugs…

By: Paul Ducklin — August 23^rd 2023 at 17:55

Imagine if you clicked on a harmless-looking image, but an unknown application fired up instead...

Naked Security

S3 Ep146: Tell us about that breach! (If you want to.)

By: Paul Ducklin — August 3^rd 2023 at 17:56

Serious security stories explained clearly in plain English - listen now. (Full transcript available.)

Naked Security

S3 Ep144: When threat hunting goes down a rabbit hole

By: Paul Ducklin — July 20^th 2023 at 14:58

Latest episode - check it out now!

Naked Security

Urgent! Apple fixes critical zero-day hole in iPhones, iPads and Macs

By: Paul Ducklin — July 10^th 2023 at 23:12

Don't delay, do it today. This is a code-implantation bug in WebKit that attackers already know how to exploit.

Naked Security

S3 Ep136: Navigating a manic malware maelstrom

By: Paul Ducklin — May 25^th 2023 at 16:50

Latest episode - listen now. Full transcript inside...

Naked Security

Ransomware tales: The MitM attack that really had a Man in the Middle

By: Paul Ducklin — May 24^th 2023 at 17:59

Another traitorous sysadmin story, this one busted by system logs that gave his game away...

Naked Security

Bootkit zero-day fix – is this Microsoft’s most cautious patch ever?

By: Paul Ducklin — May 10^th 2023 at 11:50

When blocking buggy bootup modules, you have to be really careful not to lock your keys inside the car...

Naked Security

Apple delivers first-ever Rapid Security Response “cyberattack” patch – leaves some users confused

By: Paul Ducklin — May 1^st 2023 at 20:46

Just when we'd got used to three-numbered versions, such as "13.3.1", here comes an update suffix, bringing you "13.3.1 (a)"...

Naked Security

Einstein tilings – the amazing “Hat” shape that never repeats!

By: Paul Ducklin — April 4^th 2023 at 16:59

Imagine tiling a whole football field using a single shape... yet not being able to produce a repeating pattern, even if you wanted to.

Naked Security

The horror! The horror! NOTEPAD gets tabbed editing (very briefly)

By: Paul Ducklin — December 29^th 2022 at 17:59

Is there a special meaning of "don't" that means "go right ahead"?

Naked Security

Critical “10-out-of-10” Linux kernel SMB hole – should you worry?

By: Paul Ducklin — December 27^th 2022 at 18:00

It's serious, it's critical, and you could call it severe... but in HHGttG terminology, it's probably "mostly harmless".

Naked Security

How to hack an unpatched Exchange server with rogue PowerShell code

By: Paul Ducklin — November 22^nd 2022 at 17:54

Review your servers, your patches and your authentication policies - there's a proof-of-concept out

Naked Security

Zoom for Mac patches sneaky “spy-on-me” bug – update now!

By: Paul Ducklin — October 18^th 2022 at 15:58

Hey! That back door isn't supposed to be there at all, let alone propped open...

Naked Security

Paying ransomware crooks won’t reduce your legal risk, warns regulator

By: Paul Ducklin — July 12^th 2022 at 13:24

"We paid the crooks to keep things under control and make a bad thing better"... isn't a valid excuse. Who knew?

Naked Security

S3 Ep82: Bugs, bugs, bugs (and Colonial Pipeline again) [Podcast]

By: Paul Ducklin — May 12^th 2022 at 15:46

Latest episode - lots to learn - plain English - fun with a serious side - listen now!

Naked Security

“VMware Spring Cloud Function” Java bug gives instant remote code execution – update now!

By: Paul Ducklin — March 30^th 2022 at 20:38

Easy unauthenticated remote code execution - PoC code already out