Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-04-29 16:15:20 |
GitHub issues final report on supply-chain source code intrusions (lien direct) |
Learn how to find out which apps you've given access rights to, and how to revoke those rights immediately in an emergency. |
|
|
|
|
2022-04-28 13:18:25 |
S3 Ep80: Ransomware news, phishing woes, NAS bugs, and a giant hole in Java [Podcast] (lien direct) |
Latest episode - listen now! |
Ransomware
|
|
|
|
2022-04-27 15:22:43 |
Ransomware Survey 2022 – like the Curate\'s Egg, “good in parts” (lien direct) |
You might not like the headline statistics in this year's ransomware report... but that makes it even more important to take a look! |
Ransomware
|
|
|
|
2022-04-25 16:58:37 |
Phishing goes KISS: Don\'t let plain and simple messages catch you out! (lien direct) |
Sometimes we receive phishing tricks that we grudgingly have to admit are better than average, just because they're uncomplicated. |
|
|
|
|
2022-04-22 15:15:58 |
QNAP warns of new bugs in its Network Attached Storage devices (lien direct) |
Here's what you need to know - plus some sensible advice for all the devices on your home or small biz network! |
|
|
|
|
2022-04-21 13:41:12 |
S3 Ep79: Chrome hole, a bad place for a cybersecurity holiday, and cryptododginess [Podcast] (lien direct) |
Do you know your Adam Osborne from your John Osbourne? Your Z80 from your 6502? Latest episode - listen now! |
|
|
|
|
2022-04-20 16:43:05 |
Critical cryptographic Java security blunder patched – update now! (lien direct) |
Either know the private key and use it scrupulously in your digital signature calculation.... or just send a bunch of zeros instead. |
|
|
|
|
2022-04-19 16:00:45 |
Beanstalk cryptocurrency heist: scammer votes himself all the money (lien direct) |
Voting safeguards based on commuity collateral don't work if one person can use a momentary loan to "become" 75% of the community. |
|
|
|
|
2022-04-16 00:33:41 |
Yet another Chrome zero-day emergency update – patch now! (lien direct) |
The third emergency Chrome 0-day in three months - the first one was exploited by North Korea, so you might as well get this one ASAP. |
|
|
|
|
2022-04-14 13:39:52 |
S3 Ep78: Darkweb hydra, Ruby, quantum computing, and a robot revolution [Podcast] (lien direct) |
Latest episode - listen now! |
|
|
|
|
2022-04-13 15:52:57 |
US cryptocurrency coder gets 5 years for North Korea sanctions busting (lien direct) |
Cryptocurrency expert didn't take "No" for an answer when the US authorities said he couldn't pursue cryptocoin opps in North Korea. |
|
|
|
|
2022-04-12 16:58:35 |
Five critical bugs fixed in automatic hospital robot control system (lien direct) |
Fortunately, we're not talking about a robot revolution, or about hospital AI run amuck. But these bugs could lead to ransomware, or worse... |
Guideline
|
|
|
|
2022-04-11 16:58:13 |
OpenSSH goes Post-Quantum, switches to qubit-busting crypto by default (lien direct) |
Useful quantum computers might not actually be possible. But what if they are? And what if they arrive, say, tomorrow? |
|
|
|
|
2022-04-08 15:38:52 |
Popular Ruby Asciidoc toolkit patched against critical vuln – get the update now! (lien direct) |
A rogue line-continuation character can trick the code into validating just the second half of the line, but executing all of it. |
|
|
|
|
2022-04-07 12:24:59 |
S3 Ep77: Bugs, busts and old-school PDP-11 hacking [Podcast] (lien direct) |
Latest episode - listen now! Cybersecurity news and advice in plain English. |
|
|
|
|
2022-04-06 16:22:33 |
Serious Security: Darkweb drugs market Hydra taken offline by German police (lien direct) |
Why are Tor sites hard to locate and therefore difficult to take down? We explain in plain English... |
|
|
|
|
2022-04-05 16:21:07 |
Firefox 99 is out – no major bugs, but update anyway! (lien direct) |
Firefox's four-weekly updates just dropped - here's what you need to know. |
|
|
|
|
2022-04-05 14:44:20 |
Google\'s monthly Android updates patch numerous “get root” holes (lien direct) |
Get the update now... if it's available for your phone. Here's how to check. |
|
|
|
|
2022-04-04 21:36:27 |
LAPSUS$ hacks continue despite two UK hacker suspects in court (lien direct) |
Do you know where in your company to report security anomalies? If you receive such reports, do you have an efficient way to process them? |
|
|
|
|
2022-03-31 23:38:39 |
Apple pushes out two emergency 0-day updates – get \'em now! (lien direct) |
More Apple zero-days - mobile devices, laptops and desktops affected. Update now! |
|
|
|
|
2022-03-31 16:59:26 |
Two different “VMware Spring” bugs at large – we cut through the confusion (lien direct) |
Whoever came up with the name "Spring4Shell" didn't help at all... we cut through the Spring Bug confusion |
|
|
|
|
2022-03-31 13:38:35 |
S3 Ep76: Deadbolt, LAPSUS$, Zlib, and a Chrome 0-day [Podcast] (lien direct) |
Latest episode - listen now! |
|
|
|
|
2022-03-30 16:38:07 |
“VMWare Spring Cloud” Java bug gives instant remote code execution – update now! (lien direct) |
Easy unauthenticated remote code execution - PoC code already out |
|
|
|
|
2022-03-30 15:10:07 |
World Backup Day: 5 data recovery tips for everyone! (lien direct) |
The only backup you will ever regret is the one you didn't make |
|
|
|
|
2022-03-29 16:37:38 |
Zlib data compressor fixes 17-year-old security bug – patch, errr, now (lien direct) |
This code is venerable! Sirely all the bugs must be out by now? |
|
|
★★
|
|
2022-03-28 14:18:59 |
Google Chrome patches mysterious new zero-day bug – update now (lien direct) |
CVE-2022-1096 - another mystery in-the-wild 0-day in Chrome... check your version now! |
|
|
|
|
2022-03-25 01:48:28 |
UK police arrest 7 hacking suspects – have they bust the LAPSUS$ gang? (lien direct) |
Seven alleged hackers have been arrested in the UK. But who are they, and which hacking crew are they from? |
|
|
|
|
2022-03-24 13:49:08 |
S3 Ep75: Okta hack, CryptoRom, OpenSSL, and CafePress [Podcast] (lien direct) |
Latest episode - listen now! |
|
|
|
|
2022-03-23 17:58:05 |
Serious Security: DEADBOLT – the ransomware that goes straight for for your backups (lien direct) |
Some tips on how to keep your network safe - even (or perhaps especially!) if you think you're safe already. |
Ransomware
|
|
|
|
2022-03-21 16:55:43 |
Web vendor CafePress fined $500,000 for giving cybersecurity a low value (lien direct) |
Just because you're the victim of a cybercrime doesn't let you off your cybersecurity obligations |
|
|
|
|
2022-03-18 17:59:17 |
OpenSSL patches infinite-loop DoS bug in certificate verification (lien direct) |
When it comes to writing loops in your code... never sit on the fence! |
|
|
|
|
2022-03-17 13:32:02 |
S3 Ep74: Cybercrime busts, Apple patches, Pi Day, and disconnect effects [Podcast] (lien direct) |
Latest episode - listen now! |
|
|
|
|
2022-03-16 15:49:29 |
Beware bogus Betas – cryptocoin scammers abuse Apple\'s TestFlight system (lien direct) |
"Install this moneymaking app" - this one is so special that it isn't available on Google Play or the App Store! |
|
|
|
|
2022-03-16 01:22:19 |
“Russian actors bypass 2FA” warning – what happened and how to avoid it (lien direct) |
Don't leave old accounts lying around where someone sketchy could reactivate them. |
|
|
|
|
2022-03-15 16:36:04 |
Apple patches 87 security holes – from iPhones and Macs to Windows (lien direct) |
Lots of fixes, with data leakage flaws and code execution bugs patched on iPhones, Macs and even Windows. |
|
|
|
|
2022-03-14 23:59:05 |
Happy #PiDay – even if you aren\'t in North America! (lien direct) |
There is a cybersecurity angle here - but you will need to read right to the end to find it :-) |
|
|
|
|
2022-03-14 17:51:20 |
Cryptocoin ATMs ruled illegal – “Shut down at once”, says regulator (lien direct) |
If you live in the UK and hadn't yet heard of cryptocoin ATMs... it's too late now! |
|
|
★★★
|
|
2022-03-11 14:59:16 |
Alleged Kaseya ransomware attacker arrives in Texas for trial (lien direct) |
The US Independence Day weekend of 2021 wasn't much of a holiday for cybersecurity staff. That was when the Kaseya attack unfolded... |
Ransomware
|
|
★★★
|
|
2022-03-10 16:37:01 |
S3 Ep73: Ransomware with a difference, dirty Linux pipes, and much more [Podcast] (lien direct) |
Latest episode - listen now! |
Ransomware
|
|
|
|
2022-03-08 17:37:00 |
“Dirty Pipe” Linux kernel bug lets anyone to write to any file (lien direct) |
Even read-only files can be written to, leading to a dangerously general purpose elevation-of-privilege attack. |
Guideline
|
|
|
|
2022-03-07 12:47:44 |
Adafruit suffers GitHub data breach – don\'t let this happen to you (lien direct) |
Training data stashed in GitHub by mistake... unfortunately, it was *real* data |
Data Breach
|
|
|
|
2022-03-05 19:06:09 |
Firefox patches two in-the-wild exploits – update now! (lien direct) |
Firefox just published a double-zero-day patch - "remote code execution" combined with "sandbox escape". Update now! |
|
|
|
|
2022-03-03 14:04:50 |
S3 Ep72: AirTag stalking, web server coding woes and Instascams [Podcast + Transcript] (lien direct) |
Latest episode - listen now (or read it, if that's your preference)... |
|
|
|
|
2022-03-02 16:33:45 |
Ransomware with a difference: “Derestrict your software, or else!” (lien direct) |
"Change your code to improve cryptomining"... or we'll dump 1TB of stolen secrets. |
|
|
|
|
2022-02-28 17:56:20 |
Instagram scammers as busy as ever: passwords and 2FA codes at risk (lien direct) |
Instagram scams don't seem to be dying out - we're seeing more variety and trickiness than ever... |
|
|
|
|
2022-02-25 17:59:11 |
Did we learn nothing from Y2K? Why are some coders still stuck on two digit numbers? (lien direct) |
Calling all website coders: Y2K was then. V1H is now! |
|
|
|
|
2022-02-24 16:51:41 |
S3 Ep71: VMware escapes, PHP holes, WP plugin woes, and scary scams [Podcast] (lien direct) |
Latest episode - listen now! |
|
|
|
|
2022-02-23 17:59:12 |
Apple AirTag anti-stalking protection bypassed by researchers (lien direct) |
Problems with Apple's Tracker Detect system, which warns you of likely stalking attempts using hidden AirTags. |
|
|
|
|
2022-02-22 17:26:37 |
WordPress backup plugin maker Updraft says “You should update”… (lien direct) |
A straight-talking bug report written in plain English by an actual expert - there's a teachable moment in this cybersecurity story! |
|
|
|
|
2022-02-21 17:59:02 |
French cybercriminals using sextortion scams with no text or links (lien direct) |
You'd spot this one a mile away... but what about your friends or family? |
|
|
|