Here's our latest security podcast, featuring Sophos experts Chester Wisniewski and Paul Ducklin.
Join the dynamic duo as they turn the latest news into a quarter-hour podcast that is informative, entertaining and educational.
Advertisements don't have a great track record for safety and we are beginning to see more frequent abuse of search and mobile ads to deliver unwanted addons purporting to be legitimate tools. Be careful where you click and closely scrutinize software options before installation.
It's called PWN2OWN because if you successfully pwn, or hack into, the competition laptop, you own it *literally* - you get to take it home with you.
But there's also $645,000 in cash up for grabs, including a Grand Prize for finding, wait for it, an "exploit unicorn"...
Microsoft, Adobe and Oracle have all released fixes today. Products covered include Microsoft Word, Windows XP, Windows 7, Adobe Reader, Java, MySQL and VirtualBox.
What's the best way to deal with botnets? Should you use your bank's mobile app? Why all these data breaches? What about Patch Tuesday? Do you really *have* to update your Mac to Mavericks?
Listen as Chet and Duck dissect and explore the week's security stories...
Oracle has released its quarterly software update fixing more than 100 security vulnerabilities in its products. Java is at risk from more than 50 flaws, so it is time to update immediately if you still use it.
Oracle is about to release a new "feature" in its Java Runtime Environment (JRE) that allows enterprises (or anyone else) to turn off security features for backward compatibility.
The University of Delaware has joined the long line of recent data breach victims, with a compromised university system yielding personal information on 72,000 past and present employees.
UD authorities have notified those affected by mail, and email where possible. Investigators have been called in to pin down the scale of the breach, identify any additional risks and ensure those affected are properly informed.
Mobile security researcher Karsten Nohl says he'll explain at the BlackHat conference how he can remotely "own" mobile phones with a single text message.
Paul Ducklin looks at what Nohl has said so far, and ponders how hard this might be to sort out...
Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.
Following on from the recent analysis of the Glazunov exploit kit, Fraser Howard takes a detailed look at two other closely related kits. He finds several similarities which suggest that the same criminal group may well be behind all three.
In this article, Fraser Howard takes a look at Glazunov - an exploit kit that has been increasingly active in recent weeks. In this deep dive, readers can learn more about how these attacks operate.
There's a Java update coming next Tuesday, 18 June 2013, and you might as well get ready for it now if you haven't already.
Oracle has fixed 40 holes, all but three of them remotely exploitable.
In a big fat blog post, Oracle has promised to work harder to make Java more secure. But given the flood of high-profile, heavily-exploited vulnerabilities that have bobbed to the surface, can Oracle save this piece of software from drowning in bad vibes?