iOS 15 includes Face ID fix for security bypass using fake heads
Fake heads! (Cue dystopian scifi music.)
Read More iOS 15 includes Face ID fix for security bypass using fake headsAuthor: Paul Ducklin
“Back to basics” as courier scammers skip fake fees and missed deliveries
“Stop. Think. Connect.” Say those words aloud – and please pronounce the pauses prescribed by the periods!
Read More “Back to basics” as courier scammers skip fake fees and missed deliveriesOMIGOD, an exploitable hole in Microsoft open source code!
Got Linux? Here’s a bug you weren’t expecting, in software you might not even know you have.
Read More OMIGOD, an exploitable hole in Microsoft open source code!S3 Ep50: Two 0-days plus another 0-day plus a fast food bug [Podcast]
Bugs! So many bugs! Latest episode – listen now…
Read More S3 Ep50: Two 0-days plus another 0-day plus a fast food bug [Podcast]Apple products vulnerable to FORCEDENTRY zero-day attack – patch now!
Double trouble: two zero-days, patched in the same emergency update. So please don’t delay – patch today!
Read More Apple products vulnerable to FORCEDENTRY zero-day attack – patch now!Serious Security: How to make sure you don’t miss bug reports!
Hey, let’s create a text file that lists our security contacts! We’ll call it… security DOT txt.
Read More Serious Security: How to make sure you don’t miss bug reports!S3 Ep49: Poison PACs, pointless alarms and phunky bugs [Podcast]
Latest episode – listen now!
Read More S3 Ep49: Poison PACs, pointless alarms and phunky bugs [Podcast]Windows zero-day MSHTML attack – how not to get booby trapped!
Zero-day bug in MSHTML, the “mini-Internet Explorer” component of Windows, triggered by booby trapped Office files.
Read More Windows zero-day MSHTML attack – how not to get booby trapped!Poisoned proxy PACs! The NPM package with a network-wide security hole…
3,000,000 downloads a week… if only they’d read the fastidious manual!
Read More Poisoned proxy PACs! The NPM package with a network-wide security hole…S3 Ep48: Cryptographic bugs, cryptocurrency nightmares, and lots of phishing [Podcast]
Latest episode – listen now!
Read More S3 Ep48: Cryptographic bugs, cryptocurrency nightmares, and lots of phishing [Podcast]Pwned! The home security system that can be hacked with your email address
The alarm system that can be turned off with your email address.
Read More Pwned! The home security system that can be hacked with your email addressSkimming the CREAM – recursive withdrawals loot $13M in cryptocash
Recursion [noun]: see recursion.
Read More Skimming the CREAM – recursive withdrawals loot $13M in cryptocashBig bad decryption bug in OpenSSL – but no cause for alarm
The buggy code’s in there, alright. Fortunately, it’s hard to get OpenSSL to use it even if you want to, which mitigates the risk.
Read More Big bad decryption bug in OpenSSL – but no cause for alarmS3 Ep47: Daylight robbery, spaghetti trouble, and mousetastic superpowers [Podcast]
Latest episode – listen now!
Read More S3 Ep47: Daylight robbery, spaghetti trouble, and mousetastic superpowers [Podcast]How a gaming mouse can get you Windows superpowers!
When a helpful feature (that you probably didn’t need) turns into an exploitable vulnerability…
Read More How a gaming mouse can get you Windows superpowers!What’s *THAT* on my 3D printer? Cloud bug lets anyone print to everyone
That’s funny. I could have sworn I didn’t run a print job yesterday… but will you look at that?
Read More What’s *THAT* on my 3D printer? Cloud bug lets anyone print to everyoneJapanese cryptocoin exchange robbed of $100,000,000
Another week, another cryptocurrency catastrophe. This time, it’s “only” $100 million’s worth…
Read More Japanese cryptocoin exchange robbed of $100,000,000S3 Ep46: Copyright scams, video snooping and Grand Theft Crypto [Podcast]
Lastest episode – listen, laugh and learn! This week, Chester Wisniewski joins us on the show.
Read More S3 Ep46: Copyright scams, video snooping and Grand Theft Crypto [Podcast]Video surveillance network hacked by researchers to hijack footage
Home automation. Internet of Things. Cloud management. And a security bug that could let other people watch you online…
Read More Video surveillance network hacked by researchers to hijack footageCopyright scammers turn to phone numbers instead of web links
Forewarned is forearmed. Here’s our advice on dealing with “copyright infringement” scammers.
Read More Copyright scammers turn to phone numbers instead of web linksS3 Ep32: AirTag jailbreak, Dell vulns, and a never-ending scam [Podcast]
Latest episode – listen now!
Read More S3 Ep32: AirTag jailbreak, Dell vulns, and a never-ending scam [Podcast]Beware fake online trading apps, on iOS as well as Android
All that glisters is not gold/Often have you heard that told/Gilded tombs do worms enfold
Read More Beware fake online trading apps, on iOS as well as AndroidApple AirTag jailbroken already – hacked in rickroll attack
Ooooh, look! A shiny button-like object!
Read More Apple AirTag jailbroken already – hacked in rickroll attackNever say never! Warren Buffett caught up in integer overflow error…
640Kbytes of RAM should be enough for anyone…
Read More Never say never! Warren Buffett caught up in integer overflow error…S3 Ep31: Apple zero-days, Flubot scammers and PHP supply chain bug [Podcast]
Latest episode – listen now! (And please share with your friends.)
Read More S3 Ep31: Apple zero-days, Flubot scammers and PHP supply chain bug [Podcast]Firefox for Android gets critical update to block cookie-stealing hole
This browser update is for everyone, but it’s for Android users particularly.
Read More Firefox for Android gets critical update to block cookie-stealing holeDell fixes exploitable holes in its own firmware update driver – patch now!
These bugs date back to 2009, and they could give crooks who are already in your network access to sysadmin superpowers.
Read More Dell fixes exploitable holes in its own firmware update driver – patch now!Apple products hit by fourfecta of zero-day exploits – patch now!
Don’t delay. Get these updates today.
Read More Apple products hit by fourfecta of zero-day exploits – patch now!Naked Security Live – Beware ‘Flubot’: the home delivery scam with a difference
Here’s the latest Naked Security talk – watch now!
Read More Naked Security Live – Beware ‘Flubot’: the home delivery scam with a differencePHP community sidesteps its third supply chain attack in three years
Third time lucky! (The first two times were lucky, too, luckily.)
Read More PHP community sidesteps its third supply chain attack in three yearsS3 Ep30: AirDrop worries, Linux pests and ransomware truths [Podcast]
Listen now – latest episode – lots of fun but with a serious (and educational!) side.
Read More S3 Ep30: AirDrop worries, Linux pests and ransomware truths [Podcast]Gamers update! Nvidia patches GPU driver kernel escalation bugs
Patch early, patch often. Here’s why it’s worth it.
Read More Gamers update! Nvidia patches GPU driver kernel escalation bugsRansomware: don’t expect a full recovery, however much you pay
Turns out the ransomware crooks aren’t that good at keeping their promises…
Read More Ransomware: don’t expect a full recovery, however much you payNaked Security Live – Just how (un)safe is AirDrop?
Here’s the latest Naked Security talk – watch now!
Read More Naked Security Live – Just how (un)safe is AirDrop?Apple AirDrop has “significant privacy leak”, say German researchers
Researchers say they reported what they consider to be a privacy hole to Apple in 2019, but never heard back. They worked on a fix anyway.
Read More Apple AirDrop has “significant privacy leak”, say German researchersLinux team in public bust-up over fake “patches” to introduce bugs
Embarrassed overreaction or righteous indignation? An academic research group has provoked the Linux crew to ban their whole university!
Read More Linux team in public bust-up over fake “patches” to introduce bugsS3 Ep29: Anti-tracking, rowhammer problems and IoT vulns [Podcast]
Latest episode – listen now!
Read More S3 Ep29: Anti-tracking, rowhammer problems and IoT vulns [Podcast]When cryptography attacks – how TLS helps malware hide in plain sight
No IT technology feels quite as much of a double-edged sword as encryption.
Read More When cryptography attacks – how TLS helps malware hide in plain sightFirefox 88 patches bugs and kills off a sneaky JavaScript tracking trick
What’s in a window name? Turns out that it could be a sneaky tracking code, so Firefox has put a stop to that.
Read More Firefox 88 patches bugs and kills off a sneaky JavaScript tracking trickNaked Security Live – To hack or not to hack?
Latest video – watch now! We look at the recent FBI “webshell hacking” controversy from both sides.
Read More Naked Security Live – To hack or not to hack?S3 Ep21: Cryptomining clampdown, the 100-ton man, and ScamClub ads [Podcast]
Latest episode – listen now!
Read More S3 Ep21: Cryptomining clampdown, the 100-ton man, and ScamClub ads [Podcast]Keybase secure messaging fixes photo-leaking bug – patch now!
It’s a bit like Snapchat all over again – but this bug was quickly fixed.
Read More Keybase secure messaging fixes photo-leaking bug – patch now!Naked Security Live – How to calculate important things using a computer
Here’s the latest Naked Security Live talk – watch now!
Read More Naked Security Live – How to calculate important things using a computerNvidia announces official “anti-cryptomining” software drivers
“It’s a DoS, Jim, but not as we know it.”
Read More Nvidia announces official “anti-cryptomining” software driversThe massive coronavirus IT blunder with a funny side
He was either the smallest person who has ever lived, by an order of magnitude, or the heaviest person ever known, by two of them.
Read More The massive coronavirus IT blunder with a funny sideS3 Ep20: Corporate megahacking, true love gone bad, and tax grabs [Podcast]
Latest episode, listen now! (Includes special gardening safety section at no extra charge!)
Read More S3 Ep20: Corporate megahacking, true love gone bad, and tax grabs [Podcast]“ScamClub” gang outed for exploiting iPhone browser bug to spew ads
Stay away from popup surveys that want personal data. Tell your friends…
Read More “ScamClub” gang outed for exploiting iPhone browser bug to spew adsRomance scams at all-time high: here’s what you need to know
It’s heartbreaking to get sucked into a romance scam, or to watch a friend or family member getting sucked in. Here’s what to do…
Read More Romance scams at all-time high: here’s what you need to knowHow one man silently infiltrated dozens of high-tech networks
Ever counted how many external source code dependencies your fancy new software product has? Be prepared for a surprise!
Read More How one man silently infiltrated dozens of high-tech networksNaked Security Live – When is a bug bounty not a bug bounty?
Latest episode – watch now!
Read More Naked Security Live – When is a bug bounty not a bug bounty?Egregor ransomware criminals allegedly busted in Ukraine
More good news in the cybercrime law-and-order world, this time a bust of ransomware crooks.
Read More Egregor ransomware criminals allegedly busted in UkraineSMS tax scam unmasked: Bogus but believable – don’t fall for it!
Everyone loves a tax refund – just don’t get so excited that you forget to check for telltale signs of a scam.
Read More SMS tax scam unmasked: Bogus but believable – don’t fall for it!S3 Ep19: Chrome zero-day, coffee hacking and Perl.com stolen [Podcast]
Latest episode (includes 111,848 “free” cups of coffee) – listen now!
Read More S3 Ep19: Chrome zero-day, coffee hacking and Perl.com stolen [Podcast]Patch now to stop hackers blindly crashing your Windows computers
Patch early, patch often. In fact, patch now if you haven’t already. Here’s why.
Read More Patch now to stop hackers blindly crashing your Windows computersBeware of technical “experts” bombarding you with bug reports
Beware pseudo-geeks bearing ‘gifts’.
Read More Beware of technical “experts” bombarding you with bug reportsNaked Security Live – Jargonbuster: Bugs, vulns, 0-days and exploits
Latest Naked Security Live talk – watch now!
Read More Naked Security Live – Jargonbuster: Bugs, vulns, 0-days and exploitsPerl.com gets its domain back – normal service restored!
All’s well that ends well.
Read More Perl.com gets its domain back – normal service restored!Chrome zero-day browser bug found – patch now!
This zero-day bug affects Chrome, as well as Edge and other Chromium-based browsers.
Read More Chrome zero-day browser bug found – patch now!S3 Ep18: Apple emergency, crypto blunder and botnet takedown [Podcast]
New episode – listen now!
Read More S3 Ep18: Apple emergency, crypto blunder and botnet takedown [Podcast]Free coffee! Belgian researcher hacks prepaid vending machines
Only try this at home, folks! As easy as it might look, it’s illegal in the wild, with good reason.
Read More Free coffee! Belgian researcher hacks prepaid vending machines