Exploit

(get it in RSS or Atom)

Anatomy of a poisoned image: colour-coded JavaScript!

poisoned-img-250

Colour-coded JavaScript?

Paul Ducklin looks into a malware writer's poisoned-image trick that tells an interesting (and, though it hurts to say it, an amusing) story of subterfuge and guile...

PWN2OWN 2014 - Find the "exploit unicorn" and win $150,000

unicorn-250

It's called PWN2OWN because if you successfully pwn, or hack into, the competition laptop, you own it *literally* - you get to take it home with you.

But there's also $645,000 in cash up for grabs, including a Grand Prize for finding, wait for it, an "exploit unicorn"...

Patch Tuesday - get ready for the January 2014 Security Trifecta!

pt-jan-2104-250

In January 2014, Patch Tuesday coincides for Oracle, Adobe and Microsoft.

Here's what you'll be up against in the opening fixture of the 2014 Patching Season...

Sophos Techknow - Understanding Botnets [PODCAST]

techknow-logo-170-of-250-at-0250x0250

Botnets, short for "robot networks", are more than just malware: they're the money making machinery of modern cybercriminals.

Paul Ducklin and James Wyke help you to understand the What, How and Why of this troublesome topic...

Gaping admin access holes found in SoHo routers from Linksys, Netgear and others

wifi-funky-250

For many home users, the router-slash-firewall at the edge of their network plays an vital security role.

So it is always alarming to read about sloppy programming in the firmware that ships with this sort of device...

Attack dismissed as "theoretical" by Snapchat used to plunder 4.6 million phone numbers

sc-250

Controversial photosharing site Snapchat is back in the news again, opening the New Year as the victim of a data breach.

Hackers have turned an attack dubbed "theoretical" by Snapchat into a reality, stealing 4.6 million phone numbers along the way.

Apple updates Mavericks to 10.9.1, issues security fixes for Safari

mav-250

Apple just announced the first point update for its recently released OS X Mavericks.

Most of the fixes and enhancements are of the not-really-to-do-with-security sort, but the update includes a new version of Safari, with remote code execution patches.

Patching by Microsoft, spoofing Google and launching nukes - 60 Sec Security [VIDEO]

2013-12-14-missile-250

How fast is fast enough for a patch? Should you trust the French Treasury? How many zeros launch a missile?

Watch 60 Sec Security and find out!

Patch Tuesday December 2013 - TIFF exploit patched, XP kernel flaw not fixed yet

istock_patchtuesday250

The updates for Microsoft's December 2013 Patch Tuesday are out.

Paul Ducklin takes a brief look at what's in, and what's not.

Microsoft Patch Tuesday - get ready to patch and reboot the lot, including Server Core

pt-dec-2013-250

This month really is an omnibus update: all platforms are affected, from XP to 8.1 and from Server 2003 to 2012, including stripped-down Server Core installs.

It looks as though the NDPROXY.SYS kernel bug in XP might be fixed, but, then again, it might not...

From the Labs: New PlugX malware variant takes aim at Japan

px-jp-250

SophosLabs Principal Researcher Gabor Szappanos takes on a recent PlugX malware sample.

He finds a curious mixture of similarities and differences with earlier versions - and a brand new target group: users of the Japanese-language word processor Ichitaro...

D-Link patches "Joel's Backdoor" security hole in its SoHo routers

dl-524-250

About six weeks ago we wrote about an amusingly alarming security hole in various D-Link routers.

D-Link has now come out with a firmware fix - don't forget to update if you're on the affected list...

SSCC 126 - Zero-day, Bitcoins, passwords and randomness [PODCAST]

Turn bad news into good with "what you can do better" advice from Chet and Duck.

Learn from: an XP zero-day, a spate of Bitcoin "bank robberies," the outcome of a European user security survey, and yet another cryptographic blunder, this time from Drupal.

Drupal security update fixes a laundry list of problems, including "predictable random numbers"

drupal-250

The Debian Linux security team recently pushed out a wry security advisory for popular web CMS Drupal.

In amongst the laundry list of fixes was a common modern malady - non-cryptographic random numbers used cryptographically...

Microsoft warns of zero-day XP kernel bug being exploited in the wild

xp-250

Microsoft has gone public to warn about a zero-day vulnerability in the Windows XP kernel.

Full details are still to be released, as it isn't patched yet, but here's what we know so far...

Apple's iOS 7.0.4 fixes a "too easy to buy stuff" security flaw

ios704-250

Apple pushed out iOS 7.0.4 last week, the fourth patch in two months.

Is iOS getting buggier, or is Apple simply publishing security fixes more promptly?

Sophos Techknow - The End of XP [PODCAST]

techknow-logo-170-of-250-at-0250x0250

Welcome to Techknow, the podcast in which Sophos experts debate, explore and explain the often baffling world of computer security.

In "The End of XP", Duck and Chet investigate the what, the why and the how of dealing with the impending end of support for Windows XP in 2014.

Adobe, Android and CryptoLocker - 60 Sec Security [VIDEO]

2013-11-09-pet-passwords-250

Which pets make the best/worst passwords?

How many times did Google make the same coding blunder?

Find out this and more in our one-minute wrapup of the week's security lessons!

SSCC 122 - Facebook hoax, Microsoft 0-day, Android hole and Firefox going forward [PODCAST]

sscc-122-175-250

What a coincidence! A Facebook hoax claming that images can infect your computer...and then a Microsoft zero-day that uses images to infect your computer.

Chet and Duck talk you through the latest news...

Anatomy of a file format problem - yet another code verification bypass in Android

kk-kitkat-250

Four months ago, the Android platform was stirred, if not shaken, by a pair of code verification holes.

Turns out there was a third one, now fixed in Android 4.4, better known as Kit Kat.

Paul Ducklin looks at what we can learn from it...