Source: nakedsecurity.sophos.com – Author: Paul Ducklin First there was DevOps, then SecOps, then DevSecOps. Or should that be SecDevOps? Paul Ducklin talks to Sophos X-Ops insider...
Author:
Firefox 115 is out, says farewell to older Windows and Mac users – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin Firefox’s latest monthly update just came out, bumping the primary version of the popular alternative browser to 115.0. OK, it’s...
Ghostscript bug could allow rogue documents to run system commands – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin Even if you haven’t heard of the venerable Ghostscript project, you may very well have used it without knowing. Alternatively,...
WordPress plugin lets users become admins – Patch early, patch often! – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin If you run a WordPress site with the Ultimate Members plugin installed, make sure you’ve updated it to the latest...
S3 Ep141: What was Steve Jobs’s first job? – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin DOUG. Emergency Apple patches, justice for the 2020 Twitter hack, and “Turn off your phones, please!” All that, and more, on...
Aussie PM says, “Shut down your phone every 24 hours for 5 mins” – but that’s not enough on its own – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin The Australian Prime Minister, Anthony Albanese, has apparently advised people Down Under to turn off their mobile phones once a...
S3 Ep140: So you think you know ransomware? – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin DOUG. Router woes, Megaupload in megatrouble, and more MOVEit mayhem. All that and more on the Naked Security podcast. [MUSICAL MODEM]...
Apple patch fixes zero-day kernel hole reported by Kaspersky – update now! – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin Right at the start of June 2023, well-known Russian cybersecurity outfit Kaspersky reported on a previously unknown strain of iPhone...
Beware bad passwords as attackers co-opt Linux servers into cybercrime – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin Researchers at Korean anti-malware business AhnLab are warning about an old-school attack that they say they’re seeing a lot of...
ASUS warns router customers: Patch now, or block all inbound requests – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin ASUS is a well-known maker of popular electronics products, ranging from laptops and phones to home routers and graphics cards....
Megaupload duo will go to prison at last, but Kim Dotcom fights on… – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin For the third time in about a week, cybersecurity law-and-order news includes a criminal case that’s been brewing for more...
MOVEit mayhem 3: “Disable HTTP and HTTPS traffic immediately” – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin Yet more MOVEit mayhem! “Disable HTTP and HTTPS traffic to MOVEit Transfer,” says Progress Software, and the timeframe for doing...
S3 Ep139: Are password rules like running through rain? – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin DOUG. Patch Tuesday, cybercrime comeuppance, and fun with passwords. All that, and more, on the Naked Security podcast. [MUSICAL MODEM] Welcome...
Patch Tuesday fixes 4 critical RCE bugs, and a bunch of Office holes – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin No zero-days this month, if you ignore the Edge RCE hole patched last week (make sure you’ve got that update,...
Gozi banking malware “IT chief” finally jailed after more than 10 years – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin Yesterday, we wrote about cybercrime charges that were finally unsealed for a massive cryptocurrency heist that was allegedly conducted over...
More MOVEit mitigations: new patches published for further protection – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin Even if you’re not a MOVEit customer, and even if you’d never heard of the MOVEit file sharing software before...
Thoughts on scheduled password changes (don’t call them rotations!) – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin Skip to content by Post navigation We’re all still using passwords on many, perhaps most, of our accounts, because we’re...
S3 Ep138: I like to MOVEit, MOVEit – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin DOUG. Backdoors, exploits, and the triumphant return of Little Bobby Tables. All that, and more, on the Naked Security podcast. [MUSICAL...
Firefox 114 is out: No 0-days, but one fascinating “teachable moment” bug – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin Firefox’s latest major update is out, following Mozilla’s usual every-fourth-Tuesday release cycle. The list of security fixes this month (like...
Chrome zero-day: “This exploit is in the wild”, so check your version now – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin Google’s latest Chrome update is out, and this time the company hasn’t minced its words about one of the two...
MOVEit zero-day exploit used by data breach gangs: The how, the why, and what to do… – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin Last week, Progress Software Corporation, which sells software and services for user interface development, devops, file management and more, alerted...
Researchers claim Windows “backdoor” affects hundreds of Gigabyte motherboards – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin Researchers at firmware and supply-chain security company Eclypsium claim to have found what they have rather dramatically dubbed a “backdoor”...
S3 Ep137: 16th century crypto skullduggery – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin DOUG. Password manager cracks, login bugs, and Queen Elizabeth I versus Mary Queen of Scots… of course! All that, and more,...
Serious Security: That KeePass “master password crack”, and what we can learn from it – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin Over the last two weeks, we’ve seen a series of articles talking up what’s been described as a “master password...
Serious Security: Verification is vital – examining an OAUTH login bug – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin Researchers at web coding security company SALT just published a fascinating description of how they found an authentication bug dubbed...
S3 Ep136: Navigating a manic malware maelstrom – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin DOUG. Cybercrime after cybercrime, some Apple updates, and an attack on a source code repository. All that, and more, on the...
Ransomware tales: The MitM attack that really had a Man in the Middle – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin It’s taken more than five years for justice to be served in this case, but the cops and the courts...
PyPI open-source code repository deals with manic malware maelstrom – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin Skip to content by Post navigation Public source code repositories, from Sourceforge to GitHub, from the Linux Kernel Archives to...
Apple’s secret is out: 3 zero-days fixed, so be sure to patch now! – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin Remember that zipped-lipped but super-fast update that Apple pushed out three weeks ago, on 2023-05-01? That update was the very...
S3 Ep135: Sysadmin by day, extortionist by night – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin DOUG. Inside jobs, facial recognition, and the “S” in “IoT” still stands for “security”. All that, and more, on the Naked...