Zero Day

(get it in RSS or Atom)

Has the "Sandworm" zero-day exploit burrowed back to the surface?

sand-2-250

You may have noticed that Microsoft recently published a Security Advisory that sounds a lot like the "Sandworm" vulnerability all over again.

Paul Ducklin explains...

Are you tired of weak or fake zero-day exploits? 60 Sec Security [VIDEO]

60ss-video-250

Watch our latest 60 Second Security video!

An entertaining but insightful look at the week's security woes - in just one minute...

Ex-con Kevin Mitnick now selling zero-day exploits, starting at $100K

Ex-con Kevin Mitnick now selling zero-day exploits, starting at $100K

He says his firm will carefully screen potential clients and that he'd never sell to an entity such as the Syrian regime or a criminal gang. Then again, he's not asking what clients intend to do with the high-end exploits.

SoHo routers to get hacker-style scrutiny in return for "awesome" prizes

soho-250

Buy a $50 SoHo router, plug it in, press a couple of buttons.

Bingo! A connected household! What could possibly go wrong?

If history is any guide, quite a lot...

EFF sues NSA over hoarding of zero days

nsa-250

Wouldn't it be nice to know just how, exactly, the spy agency decides whether to silently exploit zero days for snooping purposes while leaving businesses and individuals in the dark with their bellies exposed? The EFF has filed a FOIA lawsuit to help find answers.

Microsoft and Adobe have 0-days, AOL breached, and we win an award! 60 Sec Security [VIDEO]

2014-03-05-thumb-0250

Are two zero-days better than one? What happened to AOL's user database? And is that another award that Naked Security just won?

Find out in 60 Sec Security for 03 May 2014...

SSCC 145 - Zero-days x2, fixing Heartbleed x2, and security-by-design [PODCAST]

sscc145-thumb-250

An 0-day in IE and an 0-day in Flash; two approaches to fixing OpenSSL after Heartbleed; how to get a free pass to Infosec Europe 2014; and why security happens by design and not by accident!

Join Chet and Duck for another podcast in the weekly Chet Chat series...

Not to be outdone by Microsoft, Adobe announces zero-day exploit patch for Flash

flash-250

Hot on the heels of Microsoft's IE zero-day announcement comes an Adobe bulletin about a zero-day in Flash.

(No, they're *not* related, even though the current IE exploits use a Flash file to kick things off.)

Microsoft acknowledges "in the wild" Internet Explorer zero-day

ie-11-250

Microsoft has published a security advisory of the heart-dropping sort.

An "in the wild" exploit has been spotted that can cause RCE, or remote code execution, in Internet Explorer.

Paul Ducklin gives some tips for mitigating the risk...

SSCC 142 - Heartbleed explained, Patches assessed, Apple chastised [PODCAST]

sscc-142-250

Chet and Duck explain what you can do about the big ticket security news items of the past week.

The epic "Heartbleed" bug in OpenSSL, the last patches ever for XP and Office 2003, and Apple's attitude to updates and support all come under the microscope.

Patch Tuesday for April 2014 - it's Goodbye, Farewell and Amen for Windows XP

pt-2014-04-250

The date's been in our diaries since 2007.

But even with seven years to prepare for it, you'll be forgiven for approaching the April 2014 Patch Tuesday with a bit of a lump in your throat.

Adieu, XP.

Word zero-day, Snapchat blasted, MS-DOS released - 60 Sec Security [VIDEO]

2014-03-29-hiding-250

What should you do about the latest Word zero-day? What does Mr Rockefeller think of SnapChat? And is that MS-DOS I see before me?

Watch 60 Sec Security for 29 March 2014, and find out!

SSCC 140 - Does Windows have more holes than OS X? Whither messaging privacy? [PODCAST]

sscc-140-thumb-250

How bad is the latest Microsoft Word 0-day? Does OS X really need patching less often than Windows? What does Gmail's move to HTTPS-only really mean? And if WhatsApp has privacy coded into its DNA, is it coded into its app, too?

Chet and Duck get stuck in...

SSCC 138 - Patching, zero-days, XP, APTs and CryptoLocker [PODCAST]

sscc-138-thumb-250

Join the dynamic duo for another entertaining quarter-hour on security.

There's Patch Tuesday, the impending end of XP, Advanced Persistent Threatitis, and some astonishing statistics about CryptoLocker.

Adobe fixes critical Flash flaw

Adobe Flash security update for Windows, Mac, Android, Linux and Solaris users

Adobe has released an emergency update to its ubiquitous Flash Player software. The flaw is being exploited by attackers so you should update as soon as possible.

SSCC 128 - Learning from 2013 for a safer, more secure 2014 [PODCAST]

sscc-thumb-250

Our weekly security podcast looks back at the big blunders of 2013 to find out what went wrong.

Let Chet and Duck help you plan for a safer and more secure 2014!

SSCC 126 - Zero-day, Bitcoins, passwords and randomness [PODCAST]

Turn bad news into good with "what you can do better" advice from Chet and Duck.

Learn from: an XP zero-day, a spate of Bitcoin "bank robberies," the outcome of a European user security survey, and yet another cryptographic blunder, this time from Drupal.

Computer Security Day, Forward secrecy, XP 0-day and YouTube spam - 60 Sec Security [VIDEO]

2013-11-30-0-day-250

When is Computer Security Day? What can forward secrecy do for you? Can you believe there's an 0-day in XP?

Have some fun finding out the answers in this week's 60 Second Security!

SSCC 122 - Facebook hoax, Microsoft 0-day, Android hole and Firefox going forward [PODCAST]

sscc-122-175-250

What a coincidence! A Facebook hoax claming that images can infect your computer...and then a Microsoft zero-day that uses images to infect your computer.

Chet and Duck talk you through the latest news...

Microsoft warns Windows users of zero-day danger from booby trapped image files

win-250

Microsoft is warning about a brand new security hole that could let criminals get control of your computer through booby-trapped image files.