Turn bad news into good with "what you can do better" advice from Chet and Duck.
Learn from: an XP zero-day, a spate of Bitcoin "bank robberies," the outcome of a European user security survey, and yet another cryptographic blunder, this time from Drupal.
When is Computer Security Day? What can forward secrecy do for you? Can you believe there's an 0-day in XP?
Have some fun finding out the answers in this week's 60 Second Security!
What a coincidence! A Facebook hoax claming that images can infect your computer...and then a Microsoft zero-day that uses images to infect your computer.
Chet and Duck talk you through the latest news...
Microsoft is warning about a brand new security hole that could let criminals get control of your computer through booby-trapped image files.
Part Two of our examination of an IE exploit.
This is a great read if you want to get a feeling for how cybercrooks think. (Don't worry if you aren't technical: it's clear and jargon-free.)
The latest IE zero-day explained.
This is a great read if you want to get a feeling for how cybercrooks think.
(Don't worry if you aren't technical: we've kept the code and jargon to a minimum.)
Microsoft's Tenth Anniversary Patch Tuesday is out, and, yes, Redmond's security gurus did patch against the recent Internet Explorer zero-day that is being exploited in the wild!
There are seven other fixes as well - Paul Ducklin has the details.
A wild ride this week, with Patch Tuesday turning 10, Adobe "going open source" by losing 40GB of code, and Silk Road operator Dread Pirate Roberts getting locked in the brig.
Chet and Duck turn their amusing but insightful attention to the latest security stories...
Microsoft has published an out of band security advisory for users of Internet Explorer to warn about a new zero-day attack being used in the wild. IE users are advised to use Microsoft's Fix it or EMET tool to protect against exploitation until a permanent fix is released.
Microsoft has just released its monthly updates for May 2013. The zero-day IE flaw used on the Dept of Labor website was fixed, as well as an IE 10 hole used at PWN2OWN.
Critical fixes for Adobe Reader, Flash Player and ColdFusion also hit the streets today.
SophosLabs was contacted recently to help investigate malware from an unusual sort of targeted attack.
What our researchers found was intriguing, to say the least, so we thought we'd share our discoveries with you...
In the past 24 hours, many popular exploit kits have been found to be targeting what appears to be a new zero-day vulnerability in Java. Read this article for advice on how to fend off these attacks.
Microsoft has released an advisory on a new zero day attack against users of Internet Explorer. While a Fixit is available it may be best to avoid using IE for awhile.
A hacker is selling a $700 zero-day exploit for Yahoo Mail that lets an attacker leverage a cross-site scripting (XSS) vulnerability to steal cookies and hijack accounts.
The vulnerability is selling for up to $50K on the black market, security researchers say, and has been included in a package of banking Trojans called the Blackhole Exploit Kit, which is the most prevalent exploit kit out there.
The gang behind that recent Java zero day attacks apparently hasn't packed up for the season. A researcher examining one of the servers used to launch attacks on vulnerable Java installations said he found a new zero day exploit for Microsoft's Internet Explorer web browser.
Oracle has released an emergency update fixing four vulnerabilities affecting both Java 6 and Java 7 users.