Naked Security

Microsoft Patch Tuesday: 74 CVEs plus 2 “Exploit Detected” advisories

74 CVEs, and two "Exploitation Detected" advisories, which are nearly but not quite the same as 0-days. Also, two potential Teams treacheries that you really want to fix.

Naked Security

S3 Ep143: Supercookie surveillance shenanigans

Latest episode - listen now! (Full transcript inside.)

Naked Security

Microsoft patches four zero-days, finally takes action against crimeware kernel drivers

Here's a brief reminder to do two things. The first is to patch. The second is to read up why it's a good idea to patch...

Naked Security

Firefox 115 is out, says farewell to users of older Windows and Mac versions

No zero-days this month, so you're patching to stay ahead, not merely to catch up!

Naked Security

WordPress plugin lets users become admins – Patch early, patch often!

Ultimate Member plugin lets rogue users choose their own site capabilities, including becoming admins.

Naked Security

Apple patch fixes zero-day kernel hole reported by Kaspersky – update now!

Apple didn't use the words "Triangulation Trojan", but you probably will.

Naked Security

ASUS warns router customers: Patch now, or block all inbound requests

"Do as we say, not as we do!" - The patches took ages to come out, but don't let that lure you into taking ages to install them.

Naked Security

Patch Tuesday fixes 4 critical RCE bugs, and a bunch of Office holes

No zero-days this month, if you ignore the Edge RCE hole patched last week

Naked Security

Firefox 114 is out: No 0-days, but one fascinating “teachable moment” bug

With the right (or wrong, if you're on the right side of the fence) timing...

Naked Security

Apple delivers first-ever Rapid Security Response “cyberattack” patch – leaves some users confused

Just when we'd got used to three-numbered versions, such as "13.3.1", here comes an update suffix, bringing you "13.3.1 (a)"...

Naked Security

Double zero-day in Chrome and Edge – check your versions now!

Wouldn't it be handy if there were a single version number to check for in every Chromium-based browser, on every supported platform?

Naked Security

Patch Tuesday: Microsoft fixes a zero-day, and two curious bugs that take the Secure out of Secure Boot

Is Secure Boot without the Secure just "Boot"?

Naked Security

Dangerous Android phone 0-day bugs revealed – patch or work around them now!

Despite its usually inflexible 0-day disclosure policy, Google is keeping four mobile modem bugs semi-secret due to likely ease of exploitation.

Naked Security

S3 Ep 126: The price of fast fashion (and feature creep) [Audio + Text]

Worried about rogue apps? Unsure about the new Outlook zero-day? Clear advice in plain English... just like old times, with Duck and Chet!

Naked Security

Microsoft fixes two 0-days on Patch Tuesday – update now!

An email you haven't even looked at yet could be used to trick Outlook into helping crooks to logon as you.

Naked Security

S3 Ep122: Stop calling every breach “sophisticated”! [Audio + Text]

Latest episode - listen now! (Full transcript inside.)

Naked Security

Microsoft Patch Tuesday: 36 RCE bugs, 3 zero-days, 75 CVEs

Lots of lovely patches for your Valentine's Day delight. Get 'em as soon as you can...

Naked Security

VMWare user? Worried about “ESXi ransomware”? Check your patches now!

To borrow from HHGttG, please DON'T PANIC. But if you are two years out of date with patches, please do ACT NOW!

Naked Security

Microsoft Patch Tuesday: One 0-day; Win 7 and 8.1 get last-ever patches

Get 'em while they're hot. And get 'em for the very last time, if you still have Windows 7 or 8.1...

Naked Security

Patch Tuesday: 0-days, RCE bugs, and a curious tale of signed malware

Tales of derring-do in the cyberunderground! (And some zero-days.)

Naked Security

Apple pushes out iOS security update that’s more tight-lipped than ever

We grabbed the update, based on no information at all, just in case we came across a reason to advise you not to. So far, so good...

Naked Security

Firefox fixes fullscreen fakery flaw – get the update now!

What's so bad about a web page going fullscreen without warning you first?

Naked Security

S3 Ep108: You hid THREE BILLION dollars in a popcorn tin?

Patches, busts, leaks and why even low-likelihood exploits can be high-severity risks - listen now!

Naked Security

Exchange 0-days fixed (at last) – plus 4 brand new Patch Tuesday 0-days!

In all the excitement, we kind of lost track ourselves. Were there six 0-days, or only four?

Naked Security

S3 Ep107: Eight months to kick out the crooks and you think that’s GOOD? [Audio + Text]

Listen now - latest episode - audio plus full transcript

Naked Security

S3 Ep105: WONTFIX! The MS Office cryptofail that “isn’t a security flaw” [Audio + Text]

The coolest video game ever! And lots of solid cybersecurity advice - listen now!

Naked Security

Patch Tuesday in brief – one 0-day fixed, but no patches for Exchange!

There's a zero-day patch, but it's not for the zero-day you thought.

Naked Security

Chrome and Edge fix zero-day security hole – update now!

This time, the crooks got there first - only 1 security hole patched, but it's a zero-day.

Naked Security

Firefox 104 is out – no critical bugs, but update anyway

Two trust-spoofing bugs were the main culprits this month - but neither one was a zero-day.

Naked Security

Firefox 102 fixes address bar spoofing security hole (and helps with Follina!)

Firefox squashes a bug that helped phishers, and brings its own helping hand to Microsoft's "Follina" saga.

Naked Security

Follina gets fixed – but it’s not listed in the Patch Tuesday patches!

We tried it out to make sure, so you don't have to.

Naked Security

Firefox 101 is out, this time with no 0-day scares (but update anyway!)

After an intriguing month of Firefox releases, here's one with a bit less drama, probably to the collective relief of Mozilla's coders.

Naked Security

S3 Ep84: Government demand, Mozilla velocity, and Clearview fine [Podcast]

Latest episode - listen now!

Naked Security

Microsoft patches the Patch Tuesday patch that broke authentication

Remember the good old days when security patches rarely needed patches? Because security patches themlelves were rare enough anyway?

Naked Security

Apple patches zero-day kernel hole and much more – update now!

You'll find fixes for numerous kernel-level code execution holes, including an 0-day vulnerability in many (though not all) versions.

Naked Security

Android monthly updates are out – critical bugs found in critical places!

Android May 2022 updates are out - with some critical fixes in some critical places. Learn more...

Naked Security

S3 Ep77: Bugs, busts and old-school PDP-11 hacking [Podcast]

Latest episode - listen now! Cybersecurity news and advice in plain English.

Naked Security

Firefox 99 is out – no major bugs, but update anyway!

Firefox's four-weekly updates just dropped - here's what you need to know.

Naked Security

Google’s monthly Android updates patch numerous “get root” holes

Get the update now... if it's available for your phone. Here's how to check.

Naked Security

Apple patches 87 security holes – from iPhones and Macs to Windows

Lots of fixes, with data leakage flaws and code execution bugs patched on iPhones, Macs and even Windows.

Naked Security

Apple fixes Safari data leak (and patches a zero-day!) – update now

That infamous "supercookie" bug in Safari has now been fixed. Oh, and there was a zero-day kernel hole as well.

Naked Security

Wormable Windows HTTP hole – what you need to know

One bug in the January 2022 Patch Tuesday list is getting lots of attention: "HTTP Protocol Stack Remote Code Execution Vulnerability".

Naked Security

FTC threatens “legal action” over unpatched Log4j and other vulns

Remember the Equifax breach? Remember the $700m penalty? In case you'd forgotten, here's the FTC to refresh your memory!

Naked Security

Log4Shell vulnerability Number Four: “Much ado about something”

It's a Log4j bug, and you ought to patch it. But we don't think it's a critical crisis like the last one.

Naked Security

Serious Security: OpenSSL fixes “error conflation” bugs – how mixing up mistakes can lead to trouble

Have you ever seen the message "An error occurred"? Even worse, the message "This error cannot occur"? Facts matter!

Naked Security

Apple security updates are out – and not a Log4Shell mention in sight

Get 'em while they're hot!

Naked Security

Check your patches – public exploit now out for critical Exchange bug

It was a zero-day bug until Patch Tuesday, now there's an anyone-can-use-it exploit. Don't be the one who hasn't patched.

Naked Security

Patch Tuesday updates the Win 7 updater… for at most 1 more year of updates

The clock stopped long ago on Windows 7, except for those who paid for overtime. But there won't be any double overtime!