Vulnerability

(get it in RSS or Atom)

Security incidents are up - and pricier! - but infosec budgets are dwindling

Security incidents are up - and pricier! - but budgets to prevent them dwindle

The number of security incidents is popping, as are associated costs to mop them up, according to a report from PcW. Global corporate security budgets, meanwhile, seem to be hiding in the closet, just hoping it all goes away.

SSCC 166.5 - Special edition from the Virus Bulletin 2014 conference [PODCAST]

chet-chat-logo-featured-250

Sophos security expert Chester Wisniewski was at the Virus Bulletin 2014 conference in Seattle.

In this special edition of the Chet Chat, Paul Ducklin puts Chet on the other side of the mic to find out more about both the technology and the ethics of anti-malware research.

Apple patches OS X against Shellshock

apple-bash-250

If you're a Mac user, you may have felt wrongfully left out of all the Shellshock kerfuffle over the past few days.

Not any more!

Are you tired of weak or fake zero-day exploits? 60 Sec Security [VIDEO]

60ss-video-250

Watch our latest 60 Second Security video!

An entertaining but insightful look at the week's security woes - in just one minute...

Ex-con Kevin Mitnick now selling zero-day exploits, starting at $100K

Ex-con Kevin Mitnick now selling zero-day exploits, starting at $100K

He says his firm will carefully screen potential clients and that he'd never sell to an entity such as the Syrian regime or a criminal gang. Then again, he's not asking what clients intend to do with the high-end exploits.

Bash “Shellshock” vulnerability – what you need to know

shellshock-250

Shellshock is the media-friendly name for a remote code execution hole in Bash, a command shell commonly used on Linux and UNIX systems.

Paul Ducklin explains...

Mozilla fixes "phishing friendly" cryptographic bug in Firefox and Thunderbird

moz-250

Mozilla just patched a bug in its cryptographic library, NSS.

The bug is rated "critical" because it could permit skullduggery in apparently secure connections.

Is it *really* such a bad idea to use a password twice?

reuse-250

We regularly warn you against using the same password for multiple accounts.

But if you memorise one really long and complex password, isn't that enough?

No! Here's why...

10 security holes that cybercrooks dream about - 60 Sec Security [VIDEO]

60ss-video-250

Here's this week's episode of 60 Second Security.

Enjoy the latest security news in just one minute...

eBay takes flak for leaving rigged iPhone listing up for 12 hours

Ebay. Image courtesy of Radu Bercan/Shutterstock.com

eBay's getting flak for its chilled response to a serious XSS attack, sprung when a user clicked on a fake listing for an Iphone 5S and was redirected to a spoofed site that was after users' login credentials.

Apple ships a sevenfold security surprise, including iOS 8 and OS X 10.9.5

apple-upd-250

Apple doesn't have Patch Tuesdays, but it does have Update Surprisedays.

We just had one of them, with brand new and more secure versions of iOS, OS X and Safari.

SSCC 165 - "U2 or not U2," that is the question [PODCAST]

chet-chat-logo-featured-250

It's Chet Chat time!

Here's this week's episode of our news-you-can-use security podcast...

"Shocking" Android browser bug could be a "privacy disaster": here's how to fix it

browser-250

The Metasploit crew is calling this Android Browser bug a "privacy disaster.”

Here's what you can do to avoid trouble...

Firefox sneaks out an "inbetweener" update, with security improvements rather than fixes

Usually, if everything goes according to plan, Firefox updates appear every six weeks.

But if needs must, Mozilla delivers in-between updates, too, and that's what has happened here, bumping Firefox from version 32.0 to 32.0.1.

SSCC 164 - Spend Bitcoins using Apple Pay? *NOW* you've got me interested! [PODCAST]

chet-chat-logo-featured-250

Here's this week's Sophos Security Chet Chat for your listening pleasure.

Our weekly computer security podcast with the News You Can Use...

Patch Tuesday wrap-up, September 2014 - why even a single-bit data leak is worth fixing

patch-tuesday-denim-250

Here's what you need to know about the September 2014 Patch Tuesday updates from Microsoft and Adobe...

How far would your sysadmins go to fix a problem? 60 Sec Security [VIDEO]

60ss-video-250

Here it is - this week's 60 Second Security video.

News that will amuse, and it only takes a minute...

Twitter adds unlimited payouts to its bug bounty program

Twitter adds unlimited payouts to its bug-bounty program

The social media buzz bucket announced on Wednesday that cash will be added to the profound gratitude it's doled out since the bug-reporting program started in June.

Firefox 32.0 fixes holes, shakes out some old SSL certs, introduces certificate pinning

Yesterday was Firefox's Fortytwosday (updates come out every 42 days, on Tuesdays, in a nod to Douglas Adams), bringing us to Firefox 32.0.

There are also two Extended Support Releases for the more conservative amongst us...

Using WPS on your Wi-Fi router may be even more dangerous than you think

wps-250

In 2011, a researcher found that WPS was 10,000 times easier to crack than it was supposed to be.

Now, another researcher has found that cracking it may be 10,000 times easier again...