vulnerability

(get it in RSS or Atom)

Gaping admin access holes found in SoHo routers from Linksys, Netgear and others

wifi-funky-250

For many home users, the router-slash-firewall at the edge of their network plays an vital security role.

So it is always alarming to read about sloppy programming in the firmware that ships with this sort of device...

Attack dismissed as "theoretical" by Snapchat used to plunder 4.6 million phone numbers

sc-250

Controversial photosharing site Snapchat is back in the news again, opening the New Year as the victim of a data breach.

Hackers have turned an attack dubbed "theoretical" by Snapchat into a reality, stealing 4.6 million phone numbers along the way.

SSCC 128 - Learning from 2013 for a safer, more secure 2014 [PODCAST]

sscc-thumb-250

Our weekly security podcast looks back at the big blunders of 2013 to find out what went wrong.

Let Chet and Duck help you plan for a safer and more secure 2014!

Apple updates Mavericks to 10.9.1, issues security fixes for Safari

mav-250

Apple just announced the first point update for its recently released OS X Mavericks.

Most of the fixes and enhancements are of the not-really-to-do-with-security sort, but the update includes a new version of Safari, with remote code execution patches.

Patching by Microsoft, spoofing Google and launching nukes - 60 Sec Security [VIDEO]

2013-12-14-missile-250

How fast is fast enough for a patch? Should you trust the French Treasury? How many zeros launch a missile?

Watch 60 Sec Security and find out!

Patch Tuesday December 2013 - TIFF exploit patched, XP kernel flaw not fixed yet

istock_patchtuesday250

The updates for Microsoft's December 2013 Patch Tuesday are out.

Paul Ducklin takes a brief look at what's in, and what's not.

Microsoft Patch Tuesday - get ready to patch and reboot the lot, including Server Core

pt-dec-2013-250

This month really is an omnibus update: all platforms are affected, from XP to 8.1 and from Server 2003 to 2012, including stripped-down Server Core installs.

It looks as though the NDPROXY.SYS kernel bug in XP might be fixed, but, then again, it might not...

From the Labs: New PlugX malware variant takes aim at Japan

px-jp-250

SophosLabs Principal Researcher Gabor Szappanos takes on a recent PlugX malware sample.

He finds a curious mixture of similarities and differences with earlier versions - and a brand new target group: users of the Japanese-language word processor Ichitaro...

D-Link patches "Joel's Backdoor" security hole in its SoHo routers

dl-524-250

About six weeks ago we wrote about an amusingly alarming security hole in various D-Link routers.

D-Link has now come out with a firmware fix - don't forget to update if you're on the affected list...

SSCC 126 - Zero-day, Bitcoins, passwords and randomness [PODCAST]

Turn bad news into good with "what you can do better" advice from Chet and Duck.

Learn from: an XP zero-day, a spate of Bitcoin "bank robberies," the outcome of a European user security survey, and yet another cryptographic blunder, this time from Drupal.

Drupal security update fixes a laundry list of problems, including "predictable random numbers"

drupal-250

The Debian Linux security team recently pushed out a wry security advisory for popular web CMS Drupal.

In amongst the laundry list of fixes was a common modern malady - non-cryptographic random numbers used cryptographically...

Microsoft warns of zero-day XP kernel bug being exploited in the wild

xp-250

Microsoft has gone public to warn about a zero-day vulnerability in the Windows XP kernel.

Full details are still to be released, as it isn't patched yet, but here's what we know so far...

Apple's iOS 7.0.4 fixes a "too easy to buy stuff" security flaw

ios704-250

Apple pushed out iOS 7.0.4 last week, the fourth patch in two months.

Is iOS getting buggier, or is Apple simply publishing security fixes more promptly?

Sophos Techknow - The End of XP [PODCAST]

techknow-logo-170-of-250-at-0250x0250

Welcome to Techknow, the podcast in which Sophos experts debate, explore and explain the often baffling world of computer security.

In "The End of XP", Duck and Chet investigate the what, the why and the how of dealing with the impending end of support for Windows XP in 2014.

OpenSSH fixes potential remote code execution hole

openssh-250

Potential remote code execution bugs in OpenSSH, probably the most widely-used remote access security system on the internet, are the stuff of nightmares for system administrators.

Paul Ducklin takes a look at the bug and the patch...

Adobe, Android and CryptoLocker - 60 Sec Security [VIDEO]

2013-11-09-pet-passwords-250

Which pets make the best/worst passwords?

How many times did Google make the same coding blunder?

Find out this and more in our one-minute wrapup of the week's security lessons!

SSCC 122 - Facebook hoax, Microsoft 0-day, Android hole and Firefox going forward [PODCAST]

sscc-122-175-250

What a coincidence! A Facebook hoax claming that images can infect your computer...and then a Microsoft zero-day that uses images to infect your computer.

Chet and Duck talk you through the latest news...

Anatomy of a file format problem - yet another code verification bypass in Android

kk-kitkat-250

Four months ago, the Android platform was stirred, if not shaken, by a pair of code verification holes.

Turns out there was a third one, now fixed in Android 4.4, better known as Kit Kat.

Paul Ducklin looks at what we can learn from it...

NSA, Apple, Facebook and Adobe - 60 Sec Security [VIDEO]

2013-11-02-giraffes-250

A touch of fun but with a serious side - and only a minute to watch it.

Give our weekly "60 Second Security" video a whirl today...

The "BadBIOS" virus that jumps airgaps and takes over your firmware - what's the story?

chip-250

"BadBIOS" is an unfolding story about a virus that is claimed to have some remarkable characteristics - such as jumping airgaps, spreading using sound waves, and taking over your firmware.

How does it work? What do we know? Is it real or a hoax? Paul Ducklin takes a look...