Security threats

(get it in RSS or Atom)

If the "Deep Web" becomes searchable, is it still deep? 60 Sec Security [VIDEO]

Watch the latest episode of our only-takes-a-minute security roundup video!

This week: From old crypto bugs to the latest Windows security holes...

SSCC 194 - Patch early? Patch often? This time, "Patch NOW!" [PODCAST]

Join Sophos experts Chester Wisniewski and Paul Ducklin for the latest episode of our weekly security podcast.

From the very latest Update Tuesday to how we get rid of 10-year-old security holes, here's the security news you can use.

Google fixes potential revenue-stealing "comment cloning" YouTube bug

Two Egyptian security researchers figured out how to clone other people's YouTube comments.

You could "borrow" approvals and positive reviews so that they appeared to promote your videos, too.

WikiLeaks publishes massive searchable archive of hacked Sony documents

WikiLeaks publishes massive searchable archive of hacked Sony documents

Julian Assange of the whistle-blowing site, WikiLeaks, says that Sony Pictures' data should be publicly available due to its links with "geo-political conflict".

Could a hacker *really* bring down a plane from a mobile phone in seat 12C?

A recent document about Air Traffic Control from the US Government Accountability Office has caused quite a stir.

Could a passenger get the plane to do a barrel roll without even turning off the in-flight movie?

Target's settlement with MasterCard costs retailer $19 million

Target settles

Target says it reached a $19 million settlement with MasterCard to cover some of the damages to financial institutions after its December 2013 data breach. How much more is this breach going to cost?

Tampering with US voting machine as easy as 'abcde', says Virginia report

Tampering with US voting machine as easy as 'abcde', says Virginia report

All it would take to compromise it is to sit in the parking lot with a laptop, some free tools, and a dropper full of tech smarts.

Practical IT: What you need to know about email encryption

it-sins-unencrypted-email-250

When email was invented over 40 years ago, no one thought about how to ensure the integrity of messages. Here's what you need to know about securing email with the right kind of encryption.

Lost your Android? Now you can Google it!

Now you can Google your lost (Android) phone

Just do a Google search on "Find My Phone," and presto! It will show up on a Google map. Then, you can get it to ring its head off.

Update Tuesday, April 2015 - Urgent action needed over Microsoft HTTP bug

We don't usually focus on one vulnerability and say, "Do that first." But this month, we're willing to make an exception.

The Microsoft HTTP stack has a bug that could let attackers straight in with a simple HTTP request...

Interpol announces successful takedown of "Simda" botnet

Interpol just announced a botnet takedown that has neutralised the operation of the "Simda" malware. For now, anyway.

Paul Ducklin takes a look...

Hot Lotto security director suspected of tinkering with computer to win $14.3m

Lottery balls. Image courtesy of Shutterstock

What's luckier than a four-leaf clover? Maybe a rootkit on a handy thumb drive, with access to security cameras that can be tampered with.

TLS certificate blunder revisited - whither China Internet Network Information Center?

cnnic-250

Just under three weeks ago, we wrote about a TLS certificate blunder by a Root Certificate Authority called CNNIC.

We thought we'd revisit that story today to see how the Big Four browser makers responded to the lapse...

Season 5 Game of Thrones episodes leaked online

Season 5 Game of Thrones episodes pirated and leaked online

HBO says that preview copies of Game of Thrones have somehow been breached. They'd already been copied at least 1 million times before Sunday's airing of the new season's first episode.

We TOLD you not to use WPS on your Wi-Fi router! We TOLD you not to knit your own crypto!

Belkin is the latest router vendor to be found relying on "non-secret secrets."

Paul Ducklin looks at the router equivalent of locking the key to the company safe in the top drawer of your desk...

Buh-bye Beebone! Law enforcement kills polymorphic virus-spreading botnet

beebone-botnet-250

International law enforcement activity has taken out the botnet used by the Beebone worm - polymorphic malware that threatened thousands of computers worldwide.

Botnet? Polymorphic? Downloader? We explain ...

What a lot of patches! 60 Sec Security [VIDEO]

Watch the latest episode of our weekly fun-but-serious security news video.

It only takes a minute!

The mobile "security gap" - Pinterest and Yammer the latest gappy apps

Pinterest and Yammer are the latest official mobile apps that didn't do HTTPS correctly, leaving users at risk of imposters and phishing.

Linux Australia gets pwned, rooted, RATted and botted

Linux Australia had a bit of a nightmare Easter Weekend.

While the rest of us were loafing at the beach, the Penguinistas from Down Under were owning up to a pretty extensive cyberintrusion.

After School app grows up after child safety criticisms

AfterSchool app

Like many apps, 'After School' has decided to grow up and start taking toxic chat and threats of violence seriously. It's a welcome sign of maturation.