The major hardware maker has admitted to a nearly year-long credit card breach - just the latest in a string of companies that have suffered Adobe ColdFusion vulnerabilities-related exploits.
Chet and Duck explain what you can do about the big ticket security news items of the past week.
The epic "Heartbleed" bug in OpenSSL, the last patches ever for XP and Office 2003, and Apple's attitude to updates and support all come under the microscope.
Chet and Duck get together once again to look at the week's news with their usual blend of humor, insight and informed intensity....
Take a listen to the latest episode of our weekly quarter-hour podcast!
Is a browser less secure if more people like to hack it? Is it OK to ignore alerts simply because you get too many? Do you back yourself to spot every single phish? And just how smart is the Google Play Store?
Chester and Duck dissect these issues with their usual style in this week's Chet Chat podcast...
Which browser plugin withstood PWN2OWN? How big was the latest South Korean megabreach? What happens when hackers attack phishers?
Find out in 60 Second Security...
Here are the PWN2OWN results from Day Two, and an overview of the final payouts.
Chrome and Safari didn't get picked for Day One, but both of them were pwned on Day Two - twice for Chrome and once for Safari....
PWN2OWN Day One results are in!
The target that sounded easiest - Oracle Java, with prize money less than a third of the supposedly much tougher IE 11 - was the only one left standing at the end of the first half...
Join the dynamic duo for another entertaining quarter-hour on security.
There's Patch Tuesday, the impending end of XP, Advanced Persistent Threatitis, and some astonishing statistics about CryptoLocker.
Five updates from Microsoft, with two of them critical, including an APB for Internet Explorer users.
One important from Adobe, making that three Flash fixes in just over a month.
Don't delay. Patch today!
The US jam and jelly maker is just the latest fly to get stuck in the same web that ensnared dozens of companies last year, including some of the world's largest data brokers and at least one credit card processor.
Chester ducks out of booth duties at the RSA 2014 conference in San Francisco to bring you this week's Chet Chat.
From Apple's SSL bug to Adobe's second-in-a-month emergency Flash update, Chet and Duck once again help you to learn from others' mistakes.
Another Flash emergency already? More SEA hacking? Why have the password "changeme" if you don't? How big a fine for a 20,000,000 record breach?
It'll only take you a minute to find out!
Adobe has just updated its Flash product for the second time this month, pushing out an emergency patch for an attack that has been seen in the wild.
Did you really think XP would go patch-free? Is Flappy Bird really dead? Did you really use the same password on more than one site?
60 Sec Security - 15 Feb 2014
Here's our latest security podcast, featuring Sophos experts Chester Wisniewski and Paul Ducklin.
Join the dynamic duo as they turn the latest news into a quarter-hour podcast that is informative, entertaining and educational.
February's patch roundup sees seven patches from Microsoft and one from Adobe. All supported versions of Windows are impacted, be sure to update as soon as possible.
Advertisements don't have a great track record for safety and we are beginning to see more frequent abuse of search and mobile ads to deliver unwanted addons purporting to be legitimate tools. Be careful where you click and closely scrutinize software options before installation.
Adobe has released an emergency update to its ubiquitous Flash Player software. The flaw is being exploited by attackers so you should update as soon as possible.
It's called PWN2OWN because if you successfully pwn, or hack into, the competition laptop, you own it *literally* - you get to take it home with you.
But there's also $645,000 in cash up for grabs, including a Grand Prize for finding, wait for it, an "exploit unicorn"...
It's that time of year again. A new "Worst Password" list has been published for the password-savvy population's enjoyment. As much as we like to chuckle/groan at this list, is there ever a justification for a bad password?