Windows 11 also vulnerable to “aCropalypse” image data leakage

By: Paul Ducklin — March 22^nd 2023 at 17:59

Turns out that the Windows 11 Snipping Tool has the same "aCropalypse" data leakage bug as Pixel phones. Here's how to work around the problem...

Naked Security

Microsoft fixes two 0-days on Patch Tuesday – update now!

By: Paul Ducklin — March 15^th 2023 at 00:06

An email you haven't even looked at yet could be used to trick Outlook into helping crooks to logon as you.

Naked Security

Serious Security: TPM 2.0 vulns – is your super-secure data at risk?

By: Paul Ducklin — March 7^th 2023 at 17:59

Security bugs in the very code you've been told you must have to improve the security of your computer...

Naked Security

S3 Ep117: The crypto crisis that wasn’t (and farewell forever to Win 7) [Audio + Text]

By: Paul Ducklin — January 12^th 2023 at 17:59

Tell us in the comments... What's the REAL reason there was no Windows 9? (No theory too far-fetched!)

Naked Security

S3 Ep108: You hid THREE BILLION dollars in a popcorn tin?

By: Paul Ducklin — November 10^th 2022 at 17:26

Patches, busts, leaks and why even low-likelihood exploits can be high-severity risks - listen now!

Naked Security

Serious Security: Microsoft Office 365 attacked over feeble encryption

By: Paul Ducklin — October 14^th 2022 at 16:59

How 2022 is your encryption?

Naked Security

Patch Tuesday in brief – one 0-day fixed, but no patches for Exchange!

By: Paul Ducklin — October 12^th 2022 at 16:58

There's a zero-day patch, but it's not for the zero-day you thought.

Naked Security

Yet another zero-day (sort of) in Windows “search URL” handling

By: Paul Ducklin — June 2^nd 2022 at 13:46

More trouble with special-purpose URLs on Windows.

Naked Security

Microsoft patches the Patch Tuesday patch that broke authentication

By: Paul Ducklin — May 20^th 2022 at 22:35

Remember the good old days when security patches rarely needed patches? Because security patches themlelves were rare enough anyway?

Naked Security

Apple patches 87 security holes – from iPhones and Macs to Windows

By: Paul Ducklin — March 15^th 2022 at 16:36

Lots of fixes, with data leakage flaws and code execution bugs patched on iPhones, Macs and even Windows.

apple-1200

Naked Security

Microsoft blocks web installation of its own App Installer files

By: Paul Ducklin — February 7^th 2022 at 16:36

It's a big deal when a vendor decides to block one of its own "features" for security reasons. Here's why we think it's a good idea.

Naked Security

S3 Ep66: Cybercrime busts, wormable Windows, and the crisis of featuritis [Podcast + Transcript]

By: Paul Ducklin — January 20^th 2022 at 17:28

Latest epsiode - listen now!

Naked Security

Patch Tuesday updates the Win 7 updater… for at most 1 more year of updates

By: Paul Ducklin — November 10^th 2021 at 17:45

The clock stopped long ago on Windows 7, except for those who paid for overtime. But there won't be any double overtime!