Source: nakedsecurity.sophos.com – Author: Paul Ducklin First there was DevOps, then SecOps, then DevSecOps. Or should that be SecDevOps? Paul Ducklin talks to Sophos X-Ops insider...
Author:
Firefox 115 is out, says farewell to older Windows and Mac users – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin Firefox’s latest monthly update just came out, bumping the primary version of the popular alternative browser to 115.0. OK, it’s...
command injection CVE-2023-36664 Cyber Security News Ghostscript nakedsecurity pipe rce rss-feed-post-generator-echo Vulnerability
Ghostscript bug could allow rogue documents to run system commands – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin Even if you haven’t heard of the venerable Ghostscript project, you may very well have used it without knowing. Alternatively,...
CVE-2023-3460 Cyber Security News nakedsecurity Patch rss-feed-post-generator-echo Ultimate Members Vulnerability
WordPress plugin lets users become admins – Patch early, patch often! – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin If you run a WordPress site with the Ultimate Members plugin installed, make sure you’ve updated it to the latest...
Apple bust cryptocurrency Cyber Security News Cybercrime Data loss hacking iPhone Law & order Malware Naked Security Podcast nakedsecurity Podcast privacy rss-feed-post-generator-echo Twitter Vulnerability Zero Day
S3 Ep141: What was Steve Jobs’s first job? – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin DOUG. Emergency Apple patches, justice for the 2020 Twitter hack, and “Turn off your phones, please!” All that, and more, on...
Albanese Australia Cyber Security News Data loss Malware modile phone tips nakedsecurity rss-feed-post-generator-echo
Aussie PM says, “Shut down your phone every 24 hours for 5 mins” – but that’s not enough on its own – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin The Australian Prime Minister, Anthony Albanese, has apparently advised people Down Under to turn off their mobile phones once a...
0 - CT 0 - CT - SOC - CSIRT Operations - Malware & Ransomware ASUS Cyber Security News Kim Dotcom Law & order megaupload MOVEit Naked Security Podcast nakedsecurity Podcast rss-feed-post-generator-echo Vulnerability
S3 Ep140: So you think you know ransomware? – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin DOUG. Router woes, Megaupload in megatrouble, and more MOVEit mayhem. All that and more on the Naked Security podcast. [MUSICAL MODEM]...
0 - CT 0 - CT - Cybersecurity Vendors - Kaspersky Apple Apple Safari Cyber Security News ios nakedsecurity OS X Patch rss-feed-post-generator-echo Vulnerability Zero Day
Apple patch fixes zero-day kernel hole reported by Kaspersky – update now! – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin Right at the start of June 2023, well-known Russian cybersecurity outfit Kaspersky reported on a previously unknown strain of iPhone...
0 - CT 0 - CT - SOC - CSIRT Operations - Cyber Incidents & Attacks Notepad botnet cryptocurrency Cryptojacking Cyber Security News DDoS Malware nakedsecurity password guessing rss-feed-post-generator-echo ssh XMrig zombie malware
Beware bad passwords as attackers co-opt Linux servers into cybercrime – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin Researchers at Korean anti-malware business AhnLab are warning about an old-school attack that they say they’re seeing a lot of...
ASUS warns router customers: Patch now, or block all inbound requests – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin ASUS is a well-known maker of popular electronics products, ranging from laptops and phones to home routers and graphics cards....
Cyber Security News dotcom file locker Kim Dotcom Law & order megaupload nakedsecurity rss-feed-post-generator-echo
Megaupload duo will go to prison at last, but Kim Dotcom fights on… – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin For the third time in about a week, cybersecurity law-and-order news includes a criminal case that’s been brewing for more...
Cyber Security News MOVEit nakedsecurity Progress rss-feed-post-generator-echo SQL injection Vulnerability
MOVEit mayhem 3: “Disable HTTP and HTTPS traffic immediately” – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin Yet more MOVEit mayhem! “Disable HTTP and HTTPS traffic to MOVEit Transfer,” says Progress Software, and the timeframe for doing...
bust Cyber Security News Cybercrime hacking Law & order Malware Microsoft Naked Security Podcast nakedsecurity Podcast rss-feed-post-generator-echo
S3 Ep139: Are password rules like running through rain? – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin DOUG. Patch Tuesday, cybercrime comeuppance, and fun with passwords. All that, and more, on the Naked Security podcast. [MUSICAL MODEM] Welcome...
Cyber Security News Microsoft nakedsecurity Office Patch Tuesday rss-feed-post-generator-echo SharePoint Vulnerability
Patch Tuesday fixes 4 critical RCE bugs, and a bunch of Office holes – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin No zero-days this month, if you ignore the Edge RCE hole patched last week (make sure you’ve got that update,...
0 - CT 0 - CT - SOC - CSIRT Operations - Malware & Ransomware bust Cyber Security News Data loss DOJ Gozi Law & order Malware nakedsecurity paunescu rss-feed-post-generator-echo
Gozi banking malware “IT chief” finally jailed after more than 10 years – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin Yesterday, we wrote about cybercrime charges that were finally unsealed for a massive cryptocurrency heist that was allegedly conducted over...
CVE-2023-34362 Cyber Security News Data loss MOVEit nakedsecurity Progress rss-feed-post-generator-echo Vulnerability
More MOVEit mitigations: new patches published for further protection – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin Even if you’re not a MOVEit customer, and even if you’d never heard of the MOVEit file sharing software before...
Thoughts on scheduled password changes (don’t call them rotations!) – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin Skip to content by Post navigation We’re all still using passwords on many, perhaps most, of our accounts, because we’re...
"Edge" Chrome Cyber Security News Gigabyte Google Google Chrome Microsoft Microsoft Edge MOVEit Naked Security Podcast nakedsecurity Podcast rss-feed-post-generator-echo Vulnerability Zero Day
S3 Ep138: I like to MOVEit, MOVEit – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin DOUG. Backdoors, exploits, and the triumphant return of Little Bobby Tables. All that, and more, on the Naked Security podcast. [MUSICAL...
CVE-2023-34414 Cyber Security News Firefox Mozilla nakedsecurity patches rss-feed-post-generator-echo Vulnerability
Firefox 114 is out: No 0-days, but one fascinating “teachable moment” bug – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin Firefox’s latest major update is out, following Mozilla’s usual every-fourth-Tuesday release cycle. The list of security fixes this month (like...
"Edge" Chrome CVE-2023-3079 Cyber Security News Google Google Chrome Microsoft Microsoft Edge nakedsecurity rss-feed-post-generator-echo type confusion Vulnerability Zero Day
Chrome zero-day: “This exploit is in the wild”, so check your version now – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin Google’s latest Chrome update is out, and this time the company hasn’t minced its words about one of the two...
0 - CT 0 - CT - SOC - CSIRT Operations - Data Leak & Breach Incidents Notepad CVE-2023-34362 Cyber Security News Data loss MOVEit nakedsecurity Progress ransomware rss-feed-post-generator-echo Vulnerability
MOVEit zero-day exploit used by data breach gangs: The how, the why, and what to do… – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin Last week, Progress Software Corporation, which sells software and services for user interface development, devops, file management and more, alerted...
Researchers claim Windows “backdoor” affects hundreds of Gigabyte motherboards – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin Researchers at firmware and supply-chain security company Eclypsium claim to have found what they have rather dramatically dubbed a “backdoor”...
0 - CT 0 – CT – Cybersecurity Architecture – Crypto Security bust Crypto Cryptography CVE-2023-32784 Cyber Security News Cybercrime Data loss KeePass Law & order nakedsecurity OAuth Podcast ransomware rss-feed-post-generator-echo Vulnerability
S3 Ep137: 16th century crypto skullduggery – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin DOUG. Password manager cracks, login bugs, and Queen Elizabeth I versus Mary Queen of Scots… of course! All that, and more,...
CVE-2023-32784 Cyber Security News Data loss KeePass memory management nakedsecurity ram scraping rss-feed-post-generator-echo serious security
Serious Security: That KeePass “master password crack”, and what we can learn from it – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin Over the last two weeks, we’ve seen a series of articles talking up what’s been described as a “master password...
CVE-2023-28131 Cyber Security News Data loss expo nakedsecurity OAuth rss-feed-post-generator-echo Vulnerability
Serious Security: Verification is vital – examining an OAUTH login bug – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin Researchers at web coding security company SALT just published a fascinating description of how they found an authentication bug dubbed...
0 - CT 0 - CT - SOC - CSIRT Operations - Malware & Ransomware bust Cyber Security News Cybercrime Denial of Service hacking Law & order Malware Naked Security Podcast nakedsecurity Podcast pypi rss-feed-post-generator-echo supply chain Uncategorized
S3 Ep136: Navigating a manic malware maelstrom – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin DOUG. Cybercrime after cybercrime, some Apple updates, and an attack on a source code repository. All that, and more, on the...
0 - CT 0 - CT - SOC - CSIRT Operations - Cyber Incidents & Attacks Notepad 0 - CT - SOC - CSIRT Operations - Malware & Ransomware bust Cyber Security News nakedsecurity ransomware rss-feed-post-generator-echo Uncategorized
Ransomware tales: The MitM attack that really had a Man in the Middle – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin It’s taken more than five years for justice to be served in this case, but the cops and the courts...
0 - CT 0 - CT - SOC - CSIRT Operations - Malware & Ransomware Cyber Security News Malware nakedsecurity pypi Python rss-feed-post-generator-echo supply chain
PyPI open-source code repository deals with manic malware maelstrom – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin Skip to content by Post navigation Public source code repositories, from Sourceforge to GitHub, from the Linux Kernel Archives to...
Apple Cyber Security News exploit iPhone mac nakedsecurity rss-feed-post-generator-echo Vulnerability
Apple’s secret is out: 3 zero-days fixed, so be sure to patch now! – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin Remember that zipped-lipped but super-fast update that Apple pushed out three weeks ago, on 2023-05-01? That update was the very...
0 - CT 0 - CT - Cybersecurity Organizations - NIST Cyber Security News Naked Security Podcast nakedsecurity Podcast rss-feed-post-generator-echo
S3 Ep135: Sysadmin by day, extortionist by night – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin DOUG. Inside jobs, facial recognition, and the “S” in “IoT” still stands for “security”. All that, and more, on the Naked...