Naked Security

Microsoft Patch Tuesday: 74 CVEs plus 2 “Exploit Detected” advisories

74 CVEs, and two "Exploitation Detected" advisories, which are nearly but not quite the same as 0-days. Also, two potential Teams treacheries that you really want to fix.

Naked Security

Apple ships that recent “Rapid Response” spyware patch to everyone, fixes a second zero-day

Another month, another patch for in-the-wild iPhone malware (and a whole lot more).

Naked Security

S3 Ep144: When threat hunting goes down a rabbit hole

Latest episode - check it out now!

Naked Security

Zimbra Collaboration Suite warning: Patch this 0-day right now (by hand)!

Zimbra didn't actually say, "Do not delay/Do it today," but they did say, "We kindly request your cooperation to apply the fix manually."

Naked Security

Apple silently pulls its latest zero-day update – what now?

Previously, we said "do it today", but now we're forced back on: "Do not delay; do it as soon as Apple and your device will let you."

Naked Security

Urgent! Apple fixes critical zero-day hole in iPhones, iPads and Macs

Don't delay, do it today. This is a code-implantation bug in WebKit that attackers already know how to exploit.

Naked Security

S3 Ep141: What was Steve Jobs’s first job?

Latest episode - listen now! (Full transcript inside.)

Naked Security

Apple patch fixes zero-day kernel hole reported by Kaspersky – update now!

Apple didn't use the words "Triangulation Trojan", but you probably will.

Naked Security

S3 Ep138: I like to MOVEit, MOVEit

Backdoors, exploits, and Little Bobby Tables. Listen now! (Full transcript available...)

Naked Security

Chrome and Edge zero-day: “This exploit is in the wild”, so check your versions now

Chrome and Edge 0-days patched.

Naked Security

Apple delivers first-ever Rapid Security Response “cyberattack” patch – leaves some users confused

Just when we'd got used to three-numbered versions, such as "13.3.1", here comes an update suffix, bringing you "13.3.1 (a)"...

Naked Security

Double zero-day in Chrome and Edge – check your versions now!

Wouldn't it be handy if there were a single version number to check for in every Chromium-based browser, on every supported platform?

Naked Security

S3 Ep130: Open the garage bay doors, HAL [Audio + Text]

I'm sorry, Dave. I'm afraid I can't... errr, no, hang on a minute, I can do that easily! Worldwide! Right now!

Naked Security

Patch Tuesday: Microsoft fixes a zero-day, and two curious bugs that take the Secure out of Secure Boot

Is Secure Boot without the Secure just "Boot"?

Naked Security

Apple issues emergency patches for spyware-style 0-day exploits – update now!

A bug to hack your browser, then a bug to pwn the kernel... reported from the wild by Amnesty International.

Naked Security

Apple patches everything, including a zero-day fix for iOS 15 users

Got an older iPhone that can't run iOS 16? You've got a zero-day to deal with! That super-cool Studio Display monitor needs patching, too.

Naked Security

Microsoft fixes two 0-days on Patch Tuesday – update now!

An email you haven't even looked at yet could be used to trick Outlook into helping crooks to logon as you.

Naked Security

S3 Ep122: Stop calling every breach “sophisticated”! [Audio + Text]

Latest episode - listen now! (Full transcript inside.)

Naked Security

Apple fixes zero-day spyware implant bug – patch now!

Everyone update now! Except for those who don't need to! Or who need to but will only get updates later on, though Apple isn't saying yet!

Naked Security

S3 Ep119: Breaches, patches, leaks and tweaks! [Audio + Text]

Lastest episode - listen now! (Or read the transcript.)

Naked Security

Apple patches are out – old iPhones get an old zero-day fix at last!

Don't delay, especially if you're still running an iOS 12 device... please do it today!

Naked Security

S3 Ep113: Pwning the Windows kernel – the crooks who hoodwinked Microsoft [Audio + Text]

Return o' the rookit, super-sneaky wireless spyware, credit card skimming, and patches galore. Listen and learn!

Naked Security

Number Nine! Chrome fixes another 2022 zero-day, Edge patched too

Ninth more unto the breach, dear friends, ninth more.

Naked Security

Chrome fixes 8th zero-day of 2022 – check your version now (Edge too!)

There isn't a rhyme to remind you which months have browser zero-days... you just have to keep your eyes and ears open!

Naked Security

How to hack an unpatched Exchange server with rogue PowerShell code

Review your servers, your patches and your authentication policies - there's a proof-of-concept out

Naked Security

Exchange 0-days fixed (at last) – plus 4 brand new Patch Tuesday 0-days!

In all the excitement, we kind of lost track ourselves. Were there six 0-days, or only four?

Naked Security

Chrome issues urgent zero-day fix – update now!

We've said it before/And we'll say it again/It's not *if* you should patch/It's a matter of *when*. (Hint: now!)

Naked Security

Updates to Apple’s zero-day update story – iPhone and iPad users read this!

Turns out that Tuesday's zero-day for iOS 16 is Friday's zero-day for iOS 15...

Naked Security

S3 Ep102.5: “ProxyNotShell” Exchange bugs – an expert speaks [Audio + Text]

Who's affected, what you can do while waiting for Microsoft's patches, and how to plan your threat hunting...

Naked Security

URGENT! Microsoft Exchange double zero-day – “like ProxyShell, only different”

Double-play 0-day in Exchange - what you need to know, and what you can do

Naked Security

S3 Ep100: Browser-in-the-Browser – how to spot an attack [Audio + Text]

Latest episode - listen now! Cosmic rockets, zero-days, spotting cybercrooks, and unlocking the DEADBOLT...

Naked Security

Chrome and Edge fix zero-day security hole – update now!

This time, the crooks got there first - only 1 security hole patched, but it's a zero-day.

Naked Security

URGENT! Apple slips out zero-day update for older iPhones and iPads

Patch as soon as you can - that recent WebKit zero-day affecting new iPhones and iPads is apparently being used against older models, too.

Naked Security

S3 Ep97: Did your iPhone get pwned? How would you know? [Audio + Text]

Latest episode - listen now! (Or read the transcript if you prefer the text version.)

Naked Security

S3 Ep93: Office security, breach costs, and leisurely patches [Audio + Text]

Latest episode - listen now!

Naked Security

Google patches “in-the-wild” Chrome zero-day – update now!

Running Chrome? Do the "Help-About-Update" dance move right now, just to be sure...

Naked Security

S3 Ep86: The crooks were in our network for HOW long?! [Podcast + Transcript]

Latest episode - listen (or read) now!

Naked Security

Atlassian announces 0-day hole in Confluence Server – update now!

Zero-day announced - here's what you need to know

Naked Security

Mysterious “Follina” zero-day hole in Office – here’s what to do!

News has emerged of a "feature" in Office that has been abused as a zero-day bug to run evil code. Turning off macros doesn't help!

Naked Security

Apple patches zero-day kernel hole and much more – update now!

You'll find fixes for numerous kernel-level code execution holes, including an 0-day vulnerability in many (though not all) versions.

Naked Security

Apple pushes out two emergency 0-day updates – get ’em now!

More Apple zero-days - mobile devices, laptops and desktops affected. Update now!

Naked Security

Google Chrome patches mysterious new zero-day bug – update now

CVE-2022-1096 - another mystery in-the-wild 0-day in Chrome... check your version now!

Naked Security

Firefox patches two actively exploited 0-day holes: update now!

Firefox just published a double-zero-day patch - "remote code execution" combined with "sandbox escape". Update now!

Naked Security

Google announces zero-day in Chrome browser – update now!

Zero-day buses: none for a while, then three at once. Here's Google joining Apple and Adobe in "zero-day week"

Naked Security

Adobe fixes zero-day exploit in e-commerce code: update now!

There's a remote code execution hole in Adobe e-commerce products - and cybercrooks are already exploiting it.

Naked Security

S3 Ep68: Bugs, scams, privacy …and fonts?! [Podcast + Transcript]

Latest episode - listen now!

Naked Security

Check your patches – public exploit now out for critical Exchange bug

It was a zero-day bug until Patch Tuesday, now there's an anyone-can-use-it exploit. Don't be the one who hasn't patched.