Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-02-18 17:59:00 |
Irony alert! PHP fixes security flaw in input validation code (lien direct) |
What's wrong with this sequence? 1. Step into the road 2. Check if it's safe 3. Keep on walki... |
|
|
|
|
2022-02-17 17:12:57 |
S3 Ep70: Bitcoin, billing blunders, and 0-day after 0-day after 0-day [Podcast + Transcript] (lien direct) |
Latest episode - listen and learn! |
|
|
|
|
2022-02-16 17:32:16 |
VMWare fixes holes that could allow virtual machine escapes (lien direct) |
Hats off to VMWare for not using weasel words: "When should you act?" Immediately... |
|
|
|
|
2022-02-15 16:17:45 |
Google announces zero-day in Chrome browser – update now! (lien direct) |
Zero-day buses: none for a while, then three at once. Here's Google joining Apple and Adobe in "zero-day week" |
|
|
|
|
2022-02-14 22:38:58 |
Adobe fixes zero-day exploit in e-commerce code: update now! (lien direct) |
There's a remote code execution hole in Adobe e-commerce products - and cybercrooks are already exploiting it. |
|
|
|
|
2022-02-14 14:58:55 |
Power company pays out $3 trillion compensation to astonished customer (lien direct) |
More money than the UK's economy produces in a year! |
|
|
|
|
2022-02-11 14:25:40 |
Apple zero-day drama for Macs, iPhones and iPads – patch now! (lien direct) |
Sudden update! Zero-day browser hole! Drive-by malware danger! Patch Apple laptops and phones now... |
Malware
|
|
|
|
2022-02-10 01:15:56 |
S3 Ep69: WordPress woes, Wormhole holes, and a Microsoft change of heart [Podcast + Transcript] (lien direct) |
Latest episode - listen now! |
|
|
|
|
2022-02-09 14:44:04 |
Self-styled “Crocodile of Wall Street” arrested with husband over Bitcoin megaheist (lien direct) |
The cops say they've recovered 80% of a $72 million cryptocoin heist... but the recovered funds alone are now worth over $4 billion! |
|
|
|
|
2022-02-08 16:34:30 |
At last! Office macros from the internet to be blocked by default (lien direct) |
It's been a long time coming, and we're not there yet, but at least Microsoft Office will be a bit safer against macro malware... |
|
|
|
|
2022-02-07 16:36:25 |
Microsoft blocks web installation of its own App Installer files (lien direct) |
It's a big deal when a vendor decides to block one of its own "features" for security reasons. Here's why we think it's a good idea. |
|
|
|
|
2022-02-04 17:38:40 |
Wormhole cryptotrading company turns over $340,000,000 to criminals (lien direct) |
It was the best of blockchains, it was the worst of blockchains... as Charles Dickens might have said. |
|
|
|
|
2022-02-03 16:20:49 |
S3 Ep68: Bugs, scams, privacy …and fonts?! [Podcast + Transcript] (lien direct) |
Latest episode - listen now! |
|
|
|
|
2022-02-02 17:11:55 |
Elementor WordPress plugin has a gaping security hole – update now (lien direct) |
We shouldn't need to say, "Check your inputs!" these days, but we're saying it anyway. |
|
|
|
|
2022-02-01 17:59:08 |
Linux kernel patches “performance can be harmful” bug in video driver (lien direct) |
This bug is fiendishly hard to exploit - but if you patch, it won't be there to exploit at all. |
|
|
|
|
2022-01-31 17:58:28 |
Website operator fined for using Google Fonts “the cloudy way” (lien direct) |
Google Fonts are OK, it seems, but only if everyone keeps their own copy of the fonts they use. |
|
|
|
|
2022-01-28 23:58:51 |
Coronavirus SMS scam offers home PCR testing devices – don\'t fall for it! (lien direct) |
Free home PCR devices would be technological marvels, and really useful, too. But there aren't any... |
|
|
|
|
2022-01-28 15:34:14 |
Happy Data Privacy Day – and we really do mean “happy” :-) (lien direct) |
We give you some simple digital lifesytle tips that cost nothing. |
|
|
|
|
2022-01-27 17:57:06 |
S3 Ep67: Tax scams, carder busts and crypto capers [Podcast + Transcript] (lien direct) |
Latest episode - listen now! |
|
|
|
|
2022-01-27 14:09:53 |
Apple patches Safari data leak (oh, and a zero-day) – patch now! (lien direct) |
That infamous "supercookie" bug in Safari has now been fixed. Oh, and there was a zero-day kernel hole as well. |
|
|
|
|
2022-01-26 17:58:32 |
“PwnKit” security bug gets you root on most Linux distros – what to do (lien direct) |
An elevation of privilege bug that could let a "mostly harmless" user give themselves a instant root shell |
|
|
|
|
2022-01-25 17:19:50 |
Tax scam emails are alive and well as US tax season starts (lien direct) |
If in doubt, don't give it out! (And don't forget that no reply is often a good reply.) |
|
|
|
|
2022-01-24 14:14:23 |
Alleged carder gang mastermind and three acolytes under arrest in Russia (lien direct) |
The motto of the gang was "In Fraud We Trust", and they went by a dizzying range of online nicknames. |
|
|
|
|
2022-01-21 16:25:27 |
Cryptocoin broker Crypto.com says 2FA bypass led to $35m theft (lien direct) |
The company has put out a brief security report that summarises the 'what', but not yet the 'how' or 'why'. |
|
|
|
|
2022-01-20 17:28:11 |
S3 Ep66: Cybercrime busts, wormable Windows, and the crisis of featuritis [Podcast + Transcript] (lien direct) |
Latest epsiode - listen now! |
|
|
|
|
2022-01-18 17:23:20 |
Serious Security: Apple Safari leaks private data via database API – what you need to know (lien direct) |
There's a tiny data leakage bug in the WebKit browser engine... but it could act as a "supercookie" identifier for your browsing |
|
|
|
|
2022-01-17 14:13:36 |
Romance scammer who targeted 670 women gets 28 months in jail (lien direct) |
Found love online? Sending them money? Friends and family warning you it could be a scam? Don't be too quick to dismiss their concerns... |
|
|
|
|
2022-01-14 17:58:59 |
Serious Security: Linux full-disk encryption bug fixed – patch now! (lien direct) |
Imagine if someone who didn't have your password could sneakily modify data that was encrypted with it. |
|
|
|
|
2022-01-14 14:48:53 |
REvil ransomware crew allegedly busted in Russia, says FSB (lien direct) |
The Russian Federal Security Bureau has just published a report about the investigation and arrest of the infamous "REvil" ransomware crew. |
Ransomware
|
|
|
|
2022-01-13 15:26:28 |
S3 Ep65: Supply chain conniption, NetUSB hole, Honda flashback, FTC muscle [Podcast + Transcript] (lien direct) |
Latest episode -listen to it or read it now! |
|
|
|
|
2022-01-12 16:24:35 |
Wormable Windows HTTP hole – what you need to know (lien direct) |
One bug in the January 2022 Patch Tuesday list is getting lots of attention: "HTTP Protocol Stack Remote Code Execution Vulnerability". |
|
|
|
|
2022-01-11 17:42:31 |
Home routers with NetUSB support could have critical kernel hole (lien direct) |
Got a router that supports USB access across the network? You might need a kernel update... |
|
|
|
|
2022-01-11 00:54:23 |
JavaScript developer destroys own projects in supply chain “lesson” (lien direct) |
Two popular open source JavaScript packages recently got "hacked" in a smbolic gesture by the original project creator. |
|
|
|
|
2022-01-08 02:53:13 |
Honda cars in flashback to 2002 – “Can\'t Get You Out Of My Head” (lien direct) |
Where were YOU on the night of 17 May 2002? And what about the day after that? |
|
|
|
|
2022-01-07 16:32:23 |
Log4Shell-like security hole found in popular Java SQL database engine H2 (lien direct) |
"It's Log4Shell, Jim, but not as we know it." How to find and fix a JNDI-based vuln in the H2 Database Engine. |
|
|
|
|
2022-01-06 13:44:44 |
S3 Ep64: Log4Shell again, scammers keeping busy, and Apple Home bug [Podcast + Transcript] (lien direct) |
We're back for 2022 - listen now! |
|
|
|
|
2022-01-05 16:37:54 |
FTC threatens “legal action” over unpatched Log4j and other vulns (lien direct) |
Remember the Equifax breach? Remember the $700m penalty? In case you'd forgotten, here's the FTC to refresh your memory! |
|
Equifax
Equifax
|
|
|
2022-01-04 17:23:56 |
Apple Home software bug could lock you out of your iPhone (lien direct) |
The finder of this bug insists it "poses a serious risk". We're not so sure, but we recommend you take steps to avoid it anyway. |
|
|
|
|
2021-12-30 14:40:50 |
Instagram copyright infringment scams – don\'t get sucked in! (lien direct) |
We deconstructed a copyright phish so you don't have to. Be warned: the crooks are getting better at these scams... |
|
|
|
|
2021-12-29 16:12:03 |
Log4Shell vulnerability Number Four: “Much ado about something” (lien direct) |
It's a Log4j bug, and you ought to patch it. But we don't think it's a critical crisis like the last one. |
Vulnerability
|
|
|
|
2021-12-24 17:44:09 |
SFW! The Top N Cybersecurity Stories of 2021 (for small positive integer values of N) (lien direct) |
Happy Holidays! Our Top N stories, all totally SFW! |
|
|
|
|
2021-12-23 17:58:34 |
The cool retro phone with a REAL DIAL… plus plenty of IoT problems (lien direct) |
You know you want one, because this retro phone is NOT A TOY... except when it comes to cybersecurity. |
|
|
|
|
2021-12-22 17:57:02 |
Plundered bitcoins recovered by FBI – all 3,879-and-one-sixth of them! (lien direct) |
Phew! An audacious crime... that didn't work out. |
|
|
|
|
2021-12-21 17:57:39 |
Apache\'s other product: Critical bugs in \'httpd\' web server, patch now! (lien direct) |
The Apache web server just got an update - this one is nothing to do with Log4j! |
|
|
|
|
2021-12-20 13:20:19 |
Log4Shell: The Movie… a short, safe visual tour for work and home (lien direct) |
Be happy that your sysadmins are taking one (three, actually!) for the team right now... here's why! |
|
|
|
|
2021-12-17 17:57:52 |
Serious Security: OpenSSL fixes “error conflation” bugs – how mixing up mistakes can lead to trouble (lien direct) |
Have you ever seen the message "An error occurred"? Even worse, the message "This error cannot occur"? Facts matter! |
|
|
|
|
2021-12-16 17:41:40 |
S3 Ep63: Log4Shell (what else?) and Apple kernel bugs [Podcast+Transcript] (lien direct) |
Latest episode - listen now! (Yes, there are plenty of critical things to go along with Log4Shell.) |
|
|
|
|
2021-12-14 12:55:30 |
Apple security updates are out – and not a Log4Shell mention in sight (lien direct) |
Get 'em while they're hot! |
|
|
|
|
2021-12-13 00:41:01 |
Log4Shell explained – how it works, why you need to know, and how to fix it (lien direct) |
Find out how to deal with the Log2Shell vulnerability right across your estate. Yes, you need to patch, but that helps everyone else along with you! |
Vulnerability
|
|
|
|
2021-12-10 16:22:03 |
“Log4Shell” Java vulnerability – how to safeguard your servers (lien direct) |
Just when you thought it was safe to relax for the weekend... a critical bug showed up in Apache's Log4j product |
Vulnerability
|
|
|