Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-08-10 16:59:05 |
APIC/EPIC! Intel chips leak secrets even the kernel shouldn\'t see… (lien direct) |
If you've ever written code that left stuff lying around in memory when you didn't need it any more... we bet you've regretted it! |
|
|
|
|
2022-08-08 15:14:38 |
Slack admits to leaking hashed passwords for five years (lien direct) |
"When those invitations went out... somehow, your password hash went out with them." |
|
|
|
|
2022-08-03 23:06:28 |
GitHub blighted by “researcher” who created thousands of malicious projects (lien direct) |
If you spew projects laced with hidden malware into an open source repository, don't waste your time telling us "no harm done" afterwards. |
Malware
|
|
|
|
2022-07-28 15:47:16 |
S3 Ep93: Office security, breach costs, and leisurely patches [Audio + Text] (lien direct) |
Latest episode - listen now! |
|
|
|
|
2022-07-25 16:20:53 |
T-Mobile to cough up $500 million over 2021 data breach (lien direct) |
Technically, it's not a fine, and the lawyers will get a big chunk of it. But it still adds up to a half-billion-dollar data breach. |
Data Breach
|
|
|
|
2022-07-20 14:56:08 |
Last member of Gozi malware troika arrives in US for criminal trial (lien direct) |
His co-conspirators went into and got out of prison years ago, while he remained free. Now the tables have turned... |
Malware
|
|
|
|
2022-07-04 14:09:05 |
Canadian cybercriminal pleads guilty to “NetWalker” attacks in US (lien direct) |
Bust in Canada, now bust in the USA as well. |
|
|
|
|
2022-06-30 12:57:04 |
S3 Ep89: Sextortion, blockchain blunder, and an OpenSSL bugfix [Podcast + Transcript] (lien direct) |
Latest episode - listen and read now! Use our advice to advise your own friends and family... let's all do our bit to stand up to scammers! |
|
|
|
|
2022-06-29 16:11:55 |
Firefox 102 fixes address bar spoofing security hole (and helps with Follina!) (lien direct) |
Firefox squashes a bug that helped phishers, and brings its own helping hand to Microsoft's "Follina" saga. |
|
|
|
|
2022-06-27 18:14:53 |
Harmony blockchain loses nearly $100M due to hacked private keys (lien direct) |
The crooks needed at least two private keys, each stored in two parts... but they got them anyway. |
|
|
|
|
2022-06-27 14:58:19 |
FTC warns of LGBTQ+ extortion scams – be aware before you share! (lien direct) |
It's a simple jingle and it's solid advice: "If in doubt, don't give it out!" |
|
|
|
|
2022-06-24 15:32:13 |
OpenSSL issues a bugfix for the previous bugfix (lien direct) |
Fortunately, it's not a major bugfix, which means it's easy to patch and can teach us all some useful lessons. |
|
|
|
|
2022-06-23 11:08:42 |
S3 Ep88: Phone scammers, hacking bust, and data breach fines [Podcast] (lien direct) |
Latest epsiode - listen now! |
Data Breach
|
|
|
|
2022-06-21 15:24:24 |
Capital One identity theft hacker finally gets convicted (lien direct) |
It took three years, but the Capital One cracker was convicted in the end. Don't get caught out in a data breach of your own! |
Data Breach
|
|
|
|
2022-06-20 18:10:48 |
Interpol busts 2000 suspects in phone scamming takedown (lien direct) |
Friends don't let friends get scammed. Not everyone knows how typical scams unfold, so here are some real-world examples... |
|
|
|
|
2022-06-16 16:52:55 |
S3 Ep87: Follina, AirTags, ID theft and the Law of Big Numbers [Podcast] (lien direct) |
Lastest epsiode - listen now! |
|
|
|
|
2022-06-15 01:20:14 |
Follina gets fixed – but it\'s not listed in the Patch Tuesday patches! (lien direct) |
We tried it out to make sure, so you don't have to. |
|
|
|
|
2022-06-14 16:49:36 |
Murder suspect admits she tracked cheating partner with hidden AirTag (lien direct) |
O! What a tangled web we weave, when first we practise to deceive. |
|
|
|
|
2022-06-13 16:28:17 |
You\'re invited! Join us for a live walkthrough of the “Follina” story… (lien direct) |
Live demo, plain English, no sales pitch, just a chance to watch an attack dissected in safety. Join us if you can! |
|
|
|
|
2022-06-09 13:07:36 |
S3 Ep86: The crooks were in our network for HOW long?! [Podcast + Transcript] (lien direct) |
Latest episode - listen (or read) now! |
|
|
|
|
2022-06-08 14:53:35 |
SSNDOB Market servers seized, identity theft “brokerage”” shut down (lien direct) |
The online identity "brokerage" SSNDOB Market didn't want pople to be in any doubt what it was selling. |
|
|
|
|
2022-06-07 15:49:50 |
Know your enemy! Learn how cybercrime adversaries get in… (lien direct) |
Here's how 144 recent attacks actually went down in real life. Don't let this happen to you! |
|
|
|
|
2022-06-03 16:59:18 |
Atlassian announces 0-day hole in Confluence Server – update soon! (lien direct) |
Zero-day announced - here's what you need to know |
|
|
|
|
2022-06-02 15:37:11 |
S3 Ep85: Now THAT\'S what I call a Microsoft Office exploit! [Podcast] (lien direct) |
Latest episode - listen now! |
|
|
|
|
2022-06-02 13:46:57 |
Yet another zero-day (sort of) in Windows “search URL” handling (lien direct) |
More trouble with special-purpose URLs on Windows. |
|
|
|
|
2022-06-01 14:31:19 |
Firefox 101 is out, this time with no 0-day scares (but update anyway!) (lien direct) |
After an intriguing month of Firefox releases, here's one with a bit less drama, probably to the collective relief of Mozilla's coders. |
|
|
★★
|
|
2022-05-30 23:01:55 |
Mysterious “Follina” zero-day hole in Office – what to do? (lien direct) |
News has emerged of a "feature" in Office that has been abused as a zero-day bug to run evil code. Turning off macros doesn't help! |
|
|
|
|
2022-05-30 16:59:12 |
Beware the Smish! Home delivery scams with a professional feel… (lien direct) |
Home delivery scams are getting leaner, and meaner, and more likely to "look about right". Here's an example to show you what we mean... |
|
|
|
|
2022-05-27 11:17:15 |
S3 Ep84: Government demand, Mozilla velocity, and Clearview fine [Podcast] (lien direct) |
Latest episode - listen now! |
|
|
|
|
2022-05-26 12:41:02 |
Who\'s watching your webcam? The Screencastify Chrome extension story… (lien direct) |
When you really need to make exceptions in cybersecurity, specify them as explicitly as you can. |
|
|
|
|
2022-05-24 23:04:17 |
Poisoned Python and PHP packages purloin passwords for AWS access (lien direct) |
More supply chain trouble - this time with clear examples so you can learn how to spot this stuff yourself. |
|
|
|
|
2022-05-23 13:01:58 |
Clearview AI face-matching service fined a lot less than expected (lien direct) |
The fine has finally gone through... but it's less than 45% of what was originally proposed. |
|
|
|
|
2022-05-20 23:47:31 |
Mozilla patches Wednesday\'s Pwn2Own double-exploit… on Friday! (lien direct) |
That was quick! 48 hours from exploit report to published patch. |
|
|
|
|
2022-05-20 22:35:09 |
Microsoft patches the Patch Tuesday patch that broke authentication (lien direct) |
Remember the good old days when security patches rarely needed patches? Because security patches themlelves were rare enough anyway? |
|
|
★★
|
|
2022-05-20 14:03:54 |
US Government says: Patch VMware right now, or get off our network (lien direct) |
Find and patch. Right now. If you can't patch, get it off the network. Right now! Oh, and show us what you did to comply. |
|
|
|
|
2022-05-19 13:56:58 |
S3 Ep83: Cracking passwords, patching Firefox, and Apple vulns [Podcast] (lien direct) |
Latest episode - listen now! |
Patching
|
|
|
|
2022-05-18 13:04:06 |
Pwn2Own hacking schedule released – Windows and Linux are top targets (lien direct) |
What's better? Disclose early, patch fast? Or dig deep, disclose in full, patch more slowly? |
|
|
|
|
2022-05-17 09:30:25 |
Apple patches zero-day kernel hole and much more – update now! (lien direct) |
You'll find fixes for numerous kernel-level code execution holes, including an 0-day vulnerability in many (though not all) versions. |
Vulnerability
|
|
|
|
2022-05-15 21:53:47 |
Firefox out-of-band update to 100.0.1 – just in time for Pwn2Own? (lien direct) |
A new point-release of Firefox. Not unusual, but the timing of this one is interesting, with Pwn2Own coming up in a few days. |
|
|
|
|
2022-05-13 15:31:56 |
(Déjà vu) He sold cracked passwords for a living – now he\'s serving 4 years in prison (lien direct) |
Crooks don't need a password for every user on your network to break in and wreak havoc. One could be enough... |
|
|
|
|
2022-05-13 15:31:56 |
He cracked passwords for a living – now he\'s serving 4 years in prison (lien direct) |
Crooks don't need a password for every user on your network to break in and wreak havoc. One could be enough... |
|
|
|
|
2022-05-12 15:46:08 |
S3 Ep82: Bugs, bugs, bugs (and Colonial Pipeline again) [Podcast] (lien direct) |
Latest episode - lots to learn - plain English - fun with a serious side - listen now! |
|
|
★★★
|
|
2022-05-12 15:08:53 |
Serious Security: Learning from curl\'s latest bug update (lien direct) |
Learn how to write plain-speaking and purposeful security advisories from one of the most widely-used open source tools in the world. |
|
|
★★
|
|
2022-05-10 16:59:39 |
Colonial Pipeline facing $1,000,000 fine for poor recovery plans (lien direct) |
How good is your cybersecurity? Are you making the same mistakes as lots of other people? Here's some real-life advice... |
|
|
★★★
|
|
2022-05-09 15:41:04 |
RubyGems supply chain rip-and-replace bug fixed – check your logs! (lien direct) |
Imagine if you could assume the identity of, say, Franklin Delano Roosevelt simply by showing up and calling yourself "Frank". |
|
|
★★★
|
|
2022-05-06 16:59:16 |
You didn\'t leave enough space between ROSE and AND, and AND and CROWN (lien direct) |
What weird Google Docs bug connects the words THEREFORE, AND, SECONDLY, WHY, BUT and BESIDES? |
|
|
★★
|
|
2022-05-05 14:16:18 |
S3 Ep81: Passwords (still with us!), Github, Firefox at 100, and network worms [Podcast] (lien direct) |
Latest episode - listen now! |
|
|
|
|
2022-05-05 01:06:58 |
World Password Day – the 1960s just called and gave you your passwords back (lien direct) |
Yes, passwords are going away. No, it won't happen tomorrow. So it's still worth knowing the basics of picking proper passwords. |
|
|
|
|
2022-05-04 15:54:17 |
Android monthly updates are out – critical bugs found in critical places! (lien direct) |
Android May 2022 updates are out - with some critical fixes in some critical places. Learn more... |
|
|
|
|
2022-05-03 16:42:06 |
Firefox hits 100*, fixes bugs… but no new zero-days this month (lien direct) |
Despite concerns that some websites might break when Chromium and then Firefox reached version 100, the web still seems to be intact. |
|
|
|