Zero Day

(get it in RSS or Atom)

SSCC 142 - Heartbleed explained, Patches assessed, Apple chastised [PODCAST]

sscc-142-250

Chet and Duck explain what you can do about the big ticket security news items of the past week.

The epic "Heartbleed" bug in OpenSSL, the last patches ever for XP and Office 2003, and Apple's attitude to updates and support all come under the microscope.

Patch Tuesday for April 2014 - it's Goodbye, Farewell and Amen for Windows XP

pt-2014-04-250

The date's been in our diaries since 2007.

But even with seven years to prepare for it, you'll be forgiven for approaching the April 2014 Patch Tuesday with a bit of a lump in your throat.

Adieu, XP.

Word zero-day, Snapchat blasted, MS-DOS released - 60 Sec Security [VIDEO]

2014-03-29-hiding-250

What should you do about the latest Word zero-day? What does Mr Rockefeller think of SnapChat? And is that MS-DOS I see before me?

Watch 60 Sec Security for 29 March 2014, and find out!

SSCC 140 - Does Windows have more holes than OS X? Whither messaging privacy? [PODCAST]

sscc-140-thumb-250

How bad is the latest Microsoft Word 0-day? Does OS X really need patching less often than Windows? What does Gmail's move to HTTPS-only really mean? And if WhatsApp has privacy coded into its DNA, is it coded into its app, too?

Chet and Duck get stuck in...

SSCC 138 - Patching, zero-days, XP, APTs and CryptoLocker [PODCAST]

sscc-138-thumb-250

Join the dynamic duo for another entertaining quarter-hour on security.

There's Patch Tuesday, the impending end of XP, Advanced Persistent Threatitis, and some astonishing statistics about CryptoLocker.

Adobe fixes critical Flash flaw

Adobe Flash security update for Windows, Mac, Android, Linux and Solaris users

Adobe has released an emergency update to its ubiquitous Flash Player software. The flaw is being exploited by attackers so you should update as soon as possible.

SSCC 128 - Learning from 2013 for a safer, more secure 2014 [PODCAST]

sscc-thumb-250

Our weekly security podcast looks back at the big blunders of 2013 to find out what went wrong.

Let Chet and Duck help you plan for a safer and more secure 2014!

SSCC 126 - Zero-day, Bitcoins, passwords and randomness [PODCAST]

Turn bad news into good with "what you can do better" advice from Chet and Duck.

Learn from: an XP zero-day, a spate of Bitcoin "bank robberies," the outcome of a European user security survey, and yet another cryptographic blunder, this time from Drupal.

Computer Security Day, Forward secrecy, XP 0-day and YouTube spam - 60 Sec Security [VIDEO]

2013-11-30-0-day-250

When is Computer Security Day? What can forward secrecy do for you? Can you believe there's an 0-day in XP?

Have some fun finding out the answers in this week's 60 Second Security!

SSCC 122 - Facebook hoax, Microsoft 0-day, Android hole and Firefox going forward [PODCAST]

sscc-122-175-250

What a coincidence! A Facebook hoax claming that images can infect your computer...and then a Microsoft zero-day that uses images to infect your computer.

Chet and Duck talk you through the latest news...

Microsoft warns Windows users of zero-day danger from booby trapped image files

win-250

Microsoft is warning about a brand new security hole that could let criminals get control of your computer through booby-trapped image files.

Anatomy of an exploit - inside the CVE-2013-3893 Internet Explorer zero-day - Part 2

3893-2-250

Part Two of our examination of an IE exploit.

This is a great read if you want to get a feeling for how cybercrooks think. (Don't worry if you aren't technical: it's clear and jargon-free.)

Anatomy of an exploit - inside the CVE-2013-3893 Internet Explorer zero-day - Part 1

3893-1-250

The latest IE zero-day explained.

This is a great read if you want to get a feeling for how cybercrooks think.

(Don't worry if you aren't technical: we've kept the code and jargon to a minimum.)

Microsoft's Patch Tuesday is out - and the answer is, "YES, they FIXED IT!"

tuesday-250

Microsoft's Tenth Anniversary Patch Tuesday is out, and, yes, Redmond's security gurus did patch against the recent Internet Explorer zero-day that is being exploited in the wild!

There are seven other fixes as well - Paul Ducklin has the details.

SSCC 119 - Happy 10th, Patch Tuesday - Adobe "goes open source" - Dread Pirate Roberts [PODCAST]

sscc-119-250

A wild ride this week, with Patch Tuesday turning 10, Adobe "going open source" by losing 40GB of code, and Silk Road operator Dread Pirate Roberts getting locked in the brig.

Chet and Duck turn their amusing but insightful attention to the latest security stories...

Internet Explorer zero-day exploit prompts Microsoft to publish emergency Fix it

Microsoft releases fix for Internet Explorer security hole, full patch coming Friday

Microsoft has published an out of band security advisory for users of Internet Explorer to warn about a new zero-day attack being used in the wild. IE users are advised to use Microsoft's Fix it or EMET tool to protect against exploitation until a permanent fix is released.

May Patch Tuesday critical for users of Internet Explorer and web-based services

Patch Tuesday

Microsoft has just released its monthly updates for May 2013. The zero-day IE flaw used on the Dept of Labor website was fixed, as well as an IE 10 hole used at PWN2OWN.

Critical fixes for Adobe Reader, Flash Player and ColdFusion also hit the streets today.

Anatomy of a targeted attack - SophosLabs explores an Adobe zero-day "malware experiment"

SophosLabs was contacted recently to help investigate malware from an unusual sort of targeted attack.

What our researchers found was intriguing, to say the least, so we thought we'd share our discoveries with you...

Protect against latest Java zero-day vulnerability right now: Mal/JavaJar-B

rushingmancartoon

In the past 24 hours, many popular exploit kits have been found to be targeting what appears to be a new zero-day vulnerability in Java. Read this article for advice on how to fend off these attacks.

Monday review - the hot 17 stories of the week

OK, these aren't just the hot 17 stories of the past week, but of the two weeks before that, too.

If, like us, you've been enjoying some downtime over the Christmas and New Year holidays, here's your quickest way to get back up to speed with Naked Security...