Vulnerability

(get it in RSS or Atom)

POODLEs, Sandworms and getting safe online - 60 Sec Security [VIDEO]

60ss-video-250

The week's security news, turned into an entertaining lesson, turned into a 1-minute video.

Enjoy...

Has the "Sandworm" zero-day exploit burrowed back to the surface?

sand-2-250

You may have noticed that Microsoft recently published a Security Advisory that sounds a lot like the "Sandworm" vulnerability all over again.

Paul Ducklin explains...

Twitter invites us to say goodbye to passwords, use Digits instead

Digits

Twitter's new credentials handling scheme is called Digits, and it's hoping that mobile app developers use it to enable their users to sign in with their phone numbers as identifiers, along with one-time passwords SMSed to the phones.

SSCC 170 - Is the best time to shop at a store right after it has a breach? [PODCAST]

chet-chat-logo-featured-250

Here's the latest episode of our weekly security podcast.

Join Sophos experts Chester Wisniewski, John Shier and Paul Ducklin as they turn news into advice...

Is your phone line a '6-figure liability waiting to happen'?

The company telephone: A '6-figure liability waiting to happen'

Premium-rate service scams are sticking businesses - particularly small ones using local carriers - with outrageous phone bills, to the tune of $4.73 billion globally for 2013. Many businesses aren't even aware that they can be stuck paying the bill (or fighting it in court).

Apple pushes out iOS 8.1 - kills the mobile POODLE and closes some, ahem, "backdoors"

8dot1-250

The marquee vulnerablity fixed in iOS 8.1 is, as you might expect, POODLE.

But there are other cryptographic fixes in iOS 8.1 that are equally important...because cryptography is notoriously hard to get right first time.

"Oops! I'm sorry about that" - 60 Sec Security [VIDEO]

60ss-video-250

Here it is - this week's 60 Second Security video.

News that will amuse, and it only takes a minute...

Apple kills the POODLE – also fixes Shellshock in case you forgot

poosdle-osx-250

Apple just shipped OS X 10.10 Yosemite - including a fix for the POODLE vulnerability.

Mavericks and Mountain Lion also got updates to kill the POODLE.

As for Lion, now three releases off the pace...bad news.

'The Snappening’: stolen Snapchat photos site defaced, details of site owner published

Snappening fans deface Snapchat photos site after it comes down

Owner of TheSnappening.org photo site, Mudit Grover, took the stolen Snapchat images and the site down. But within hours, attackers identifying themselves as "Team Danny" allegedly took over the domain and published Grover's personal details.

Snapchat to address sketchy third-party apps with public API ... at some point

Snapchat logo

Oh, those darn third-party apps, their home-brewed APIs and their photo-leaking ways, Snapchat moaned on Wednesday morning, promising to cook up a public API to fix the situation... sooner or later.

The "Sandworm" malware - what you need to know

sandworm-250

Fortunately, the Sandworm malware is a lot easier to deal with than the giant science fiction creature from which it takes its name.

In fact, in malware terms, it's not a worm at all.

Paul Ducklin takes a look...

Dropbox passwords leaked, third-party services blamed

Dropbox logo

Hundreds of Dropbox logins were posted on Pastebin and Reddit, but it turns out they were stolen from a third-party service months ago, Dropbox says. So why did some of those passwords work, as Reddit users claimed? Think password reuse.

Backoff malware gang hits Dairy Queen stores

Backoff malware gang hits Dairy Queen stores

Customers' payment card details may have been whipped out of nearly 400 Dairy Queen stores in the US. It's just the latest in a string of PoS malware infections that have been slamming US retailers.

Patch Tuesday for October 2014 - bigger than usual as Microsoft, Adobe and Oracle align

Oracle, Adobe and Microsoft patches are all arriving together on Tuesday 14 October 2014.

Paul Ducklin looks at what to expect...

SSCC 168 - Amaze your friends by ruining all their USB drives! [PODCAST]

chet-chat-logo-featured-250

Here's the latest Chet Chat security podcast for your listening pleasure.

Sophos experts Chester Wisniewski and Paul Ducklin take apart the latest computer security stories to turn them into news you can use.

SSCC 167 - Avoiding the shock of Shellshock (and more!) [PODCAST]

chet-chat-logo-featured-250

Here's the latest episode of our weekly Chet Chat podcast!

Shellshock leads the list, of course, but Snapchat, cybersecurity awareness and the iPhone 6 all get a look in too...

Security incidents are up - and pricier! - but infosec budgets are dwindling

Security incidents are up - and pricier! - but budgets to prevent them dwindle

The number of security incidents is popping, as are associated costs to mop them up, according to a report from PcW. Global corporate security budgets, meanwhile, seem to be hiding in the closet, just hoping it all goes away.

SSCC 166.5 - Special edition from the Virus Bulletin 2014 conference [PODCAST]

chet-chat-logo-featured-250

Sophos security expert Chester Wisniewski was at the Virus Bulletin 2014 conference in Seattle.

In this special edition of the Chet Chat, Paul Ducklin puts Chet on the other side of the mic to find out more about both the technology and the ethics of anti-malware research.

Apple patches OS X against Shellshock

apple-bash-250

If you're a Mac user, you may have felt wrongfully left out of all the Shellshock kerfuffle over the past few days.

Not any more!