Vulnerability

(get it in RSS or Atom)

10 security holes that cybercrooks dream about - 60 Sec Security [VIDEO]

60ss-video-250

Here's this week's episode of 60 Second Security.

Enjoy the latest security news in just one minute...

eBay takes flak for leaving rigged iPhone listing up for 12 hours

Ebay. Image courtesy of Radu Bercan/Shutterstock.com

eBay's getting flak for its chilled response to a serious XSS attack, sprung when a user clicked on a fake listing for an Iphone 5S and was redirected to a spoofed site that was after users' login credentials.

Apple ships a sevenfold security surprise, including iOS 8 and OS X 10.9.5

apple-upd-250

Apple doesn't have Patch Tuesdays, but it does have Update Surprisedays.

We just had one of them, with brand new and more secure versions of iOS, OS X and Safari.

SSCC 165 - "U2 or not U2," that is the question [PODCAST]

chet-chat-logo-featured-250

It's Chet Chat time!

Here's this week's episode of our news-you-can-use security podcast...

"Shocking" Android browser bug could be a "privacy disaster": here's how to fix it

browser-250

The Metasploit crew is calling this Android Browser bug a "privacy disaster.”

Here's what you can do to avoid trouble...

Firefox sneaks out an "inbetweener" update, with security improvements rather than fixes

Usually, if everything goes according to plan, Firefox updates appear every six weeks.

But if needs must, Mozilla delivers in-between updates, too, and that's what has happened here, bumping Firefox from version 32.0 to 32.0.1.

SSCC 164 - Spend Bitcoins using Apple Pay? *NOW* you've got me interested! [PODCAST]

chet-chat-logo-featured-250

Here's this week's Sophos Security Chet Chat for your listening pleasure.

Our weekly computer security podcast with the News You Can Use...

Patch Tuesday wrap-up, September 2014 - why even a single-bit data leak is worth fixing

patch-tuesday-denim-250

Here's what you need to know about the September 2014 Patch Tuesday updates from Microsoft and Adobe...

How far would your sysadmins go to fix a problem? 60 Sec Security [VIDEO]

60ss-video-250

Here it is - this week's 60 Second Security video.

News that will amuse, and it only takes a minute...

Twitter adds unlimited payouts to its bug bounty program

Twitter adds unlimited payouts to its bug-bounty program

The social media buzz bucket announced on Wednesday that cash will be added to the profound gratitude it's doled out since the bug-reporting program started in June.

Firefox 32.0 fixes holes, shakes out some old SSL certs, introduces certificate pinning

Yesterday was Firefox's Fortytwosday (updates come out every 42 days, on Tuesdays, in a nod to Douglas Adams), bringing us to Firefox 32.0.

There are also two Extended Support Releases for the more conservative amongst us...

Using WPS on your Wi-Fi router may be even more dangerous than you think

wps-250

In 2011, a researcher found that WPS was 10,000 times easier to crack than it was supposed to be.

Now, another researcher has found that cracking it may be 10,000 times easier again...

"You're under arrest for possession of an insecure phone" - 60 Sec Security [VIDEO]

60ss-video-250

Here's this week's 60 Second Security video.

News you can use in a format you can enjoy...all in 60 seconds!

SSCC161 - What do you mean, "Trade him for Edward Snowden"? [PODCAST]

chet-chat-logo-featured-250

Here's the latest Chet Chat security podcast!

Sophos experts Chester Wisniewski and Paul Ducklin once again turn plain old news into advice you can use.

5 excuses for doing nothing about computer security!

Here are five security excuses that we hear a lot, both from individuals and from small businesses.

We've given you some advice to help you argue back that security really does matter...

Microsoft pulls Patch Tuesday kernel update - MS14-045 can cause Blue Screen of Death

bsod-8-250

MS14-045, which fixes various security holes in the Windows kernel, can cause a BSoD and leave you stuck in a reboot loop.

Here's how to escape...

The EPIC edition - 60 Sec Security [VIDEO]

60ss-video-250

One less opt-in app, one more Android virus, and a bunch of EPIC failures...

All in this week's 60 Second Security.

Apple Safari for OS X gets "click-to-own" security holes patched

safari-250

The 6th Safari security update in 10 months is out.

With fixes for 7 potential remote code execution holes, get it while it's hot...

SSCC 160 - That's not just any old malware - that's a TRUE VIRUS! [PODCAST]

chet-chat-logo-featured-250

Ready for listening...

Here's this week's Sophos Security Chet Chat podcast.

Patch Tuesday wrap-up, August 2014: RCE + ASLR bypass + EoP == patch early, patch all!

patch-tuesday-denim-250

Patch Tuesday is here again.

Paul Ducklin explains how this month's vulnerabilities can work together for harm, and why *all* the updates matter, not just the ones that ended up with a "critical" or "severe" tag...