Exploit
Mozilla pushes out new Firefox and Thunderbird: 8 security advisories, 3 critical fixes
Not to be outdone by Microsoft and Adobe's Patch Tuesday releases, Mozilla pushed out its latest browser and email client updates today.
There are no bated-breath patches for in-the-wild exploits, but 3 of the 8 security fixes are deemed "critical".
Microsoft rushes out CVE-2013-1347 "Fix it" for the latest Internet Explorer zero-day
The recent and widely reported US Dept of Labor website hack turned out to be a zero-day exploit against IE.
Good news! Microsoft just published an emergency "Fix it" patch against the vulnerability...
SSCC 108 - WW2 crypto, Bitcoin mining, internet cameras, password breaches [PODCAST]
Chester calls home from Interop in Las Vegas to record the latest episode of the Sophos Security Chet Chat.
Join Chester and guest Paul Ducklin in their regular quarter-hour podcast as they laugh about (and lament) the latest goings-on in the world of computer security.
Lifting the lid on the Redkit exploit kit
In the first of a two part series, Fraser Howard takes a closer look at the Redkit exploit kit.
Learn more about how this kit works and the compromised web servers that are being used to host it.
US Department of Labor website hacked, serves malware, now fixed
A subdomain of the US Department of Labor's main website, running off a separate server - what's known colloquially as a microsite - was modified to serve up malware.
Paul Ducklin takes a quick look at the attack...
What WERE they thinking? Internet-enabled cameras under the security lens once again...
Vulnerability researchers at Core Security recently turned their attention on internet-enabled cameras, finding lots of holes.
And when security holes arise from features, not bugs, you really do feel like shouting aloud, "What WERE they thinking?"
Apple iMessage "censors" mention of Obama: international conspiracy...or software bug?
Try sending the message "I could be the next Obama" via the iMessage service from your iPhone or your iPad!
Paul Ducklin takes a look at a humorous bug that teaches us some serious lessons...
Oracle and Apple ship critical Java updates - get yours today!
The security-beleaguered Java ecosystem usually gets updates just once every four months, in February, June and October.
But this year, Oracle has adapted that schedule a number of times, and this is one of them...
Anatomy of an exploit - Linksys router remote password change hole
A security researcher from California has published a how-to guide detailing a number of exploits against various Linksys routers.
Paul Ducklin looks at the ominous sounding "EA2700 Password Change Insufficient Authentication and CSRF Vulnerability"...
Microsoft to issue 9 security updates on Tuesday, critical for all IE versions, reboot required
Microsoft has issued its usual advance notification for the coming week's Patch Tuesday.
If you use Windows you're probably affected, and you'll probably need to reboot all your PCs and most of your servers...
Apple password reset website - gaping hole found, fixed
Apple has had a good-bad-good-bad week of it in the computer security environment.
Its announcement of two-step verification for some users was quickly followed by a report of a password recovery exploit for everyone else...
Google to pay $40,000 "consolation prize" to Pinkie Pie for not-quite breaking into Chrome OS
Renowned Chrome hacker Pinkie Pie, who scooped the prize at last year's Pwnium competition, didn't quite get across the line this year.
But Google will pay him a one-third-sized consolation prize anyway, for "honoring the spirit of the competition."
Apple ships OS X 10.8.3 - 11 remote code execution vulns patched, Snow Leopard and Lion get fixes too
Apple has shipped the latest point release of its flagship Mountain Lion (OS X 10.8) operating system.
There are plenty of security fixes in there, which Snow Leopard (10.6) and Lion (10.7) users get too, in standalone security updates.
Microsoft Patch Tuesday - seven bulletins, four critical, three RCEs, and even a fix for Macs
Microsoft's March 2013 Patch Tuesday is out.
There are seven bulletins this month, dealing with twenty documented vulnerabilities.
Paul Ducklin helps you choose where to start...
SSCC 104 - Probably (be fair, definitely!) the best 15-minute podcast you'll hear today
Have your joined thousands of others, and become a loyal listener to the "Chet Chat" yet?
Here's the latest Naked Security podcast, Sophos Security Chet Chat 104, discussing a range of recent and newsworthy topics from the world of computer security.
Firefox and Chrome patched ALREADY after Pwn2own - now the pressure is on for IE and Microsoft!
Mozilla and Google have already pushed out patches to stop the exploits that got past their browsers at this year's PWN2OWN competition!
That certainly throws down the gauntlet to Microsoft, whose Internet Explorer 10 browser was also successfully breached in the competition.
PWN2OWN results Day Two - Adobe Reader and Flash owned, Java felled yet again
PWN2OWN 2013 finished off today.
A second scheduled attack on IE 10 didn't happen, so IE 10 didn't get owned again, but Flash and Reader fell once each, and Java was exploited for the fourth time in two days...
PWN2OWN results Day One - Java, Chrome, IE 10 and Firefox owned
Of the Big Four browsers, only Apple's Safari has so far survived the onslaught of the browser-breakers at PWN2OWN 2013.
Java fell three times today; Adobe's Flash and Reader meet their attackers tomorrow...
Last-minute pre-Pwnium Chrome update closes numerous holes...
Google just slammed the door on a number of vulnerabilities in Chrome.
Just two days before its flagship browser was due to go under public hacking scrutiny at a Canadian security conference...
Oracle ships out-of-band Java fix, Apple follows suit
Oracle recently published an emergency update for Java, and Apple quickly followed suit for the version of Java it still officially supports.
Paul Ducklin tries to guess where Oracle's Java patch cycle will end up...
![Have your say - LulzSec: helpful, harmless or hideous? [VOTE NOW]](http://sophosnews.files.wordpress.com/2013/05/lulzsec-poll-thumb.jpg?w=75&h=75&crop=1)
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
![Hacked TV channels broadcast zombie apocalypse emergency alert [VIDEO]](http://sophosnews.files.wordpress.com/2013/02/zombie-thumb.jpg?w=75&h=75&crop=1)
