Vulnerability

(get it in RSS or Atom)

Anatomy of a LOGJAM - another TLS vulnerability, and what to do about it

We've had BEAST, Lucky Thirteen, BREACH, BEAST, POODLE, Heartbleed and FREAK...now, it's LOGJAM.

Paul Ducklin explains, and tells you what you can do about it.

The phone that keeps an eye on your eyes - 60 Sec Security [VIDEO]

The latest episode of our weekly "security news in one minute" video.

Enjoy...

The VENOM "virtual machine escape" bug - what you need to know

snake-1200

Here's what you need to know about VENOM, the latest security vulnerability to be given a marketing-friendly name.

If you're using any virtual machines, read this to set your mind at rest...

Lenovo uses System Update to patch serious System Update security hole

Responsible disclosure and an exploitable hole closed neatly through the exploitable process itself.

Result! (But make sure you've patched.)

Apple updates Safari on OS X, fixes critical flaws

No sooner had we reported that Microsoft will adopt a "rolling update" model for Windows 10...

...than we received notice of Apple's latest "rolling update" for its Safari browser.

Bugs in the hospital: how to pwn your own pethidine machine

Feeling short-changed by the nurse in charge of your painkiller quota? Telnet into the drug dispenser!

Paul Ducklin looks at how to avoid this sort of security hole...

SSCC 196 - From Wi-Fi bugs to carder busts [PODCAST]

From bugs to busts, here's the latest episode of our weekly security news podcast - for your listening pleasure.

Remotely operated surgery robot is easy to e-hijack, researchers find

Raven II robot

"Jerky" movement can be caused by tampering with packets. Not a good adjective when you're talking about surgery!

RSA Conference 2015 in retrospect

We talk to Grey Howe, winner of Sophos's "trip to RSA" competition on Spiceworks, about the funkiest and weirdest ideas from the talks...

That's SHUTTING down your PC, not SHOOTING it down! 60 Sec Security [VIDEO]

Ever felt like shooting your PC? This guy did it! (And more news in our weekly one-minute security video.)

Wi-Fi security software chokes on network names, opens potential hole for hackers

wifi-250

The Wi-Fi security software "wpa_supplicant," found in Android amongst many other places, has a potentially hackable security hole...

SSCC 195.5 - Did Google really say, "No more Android malware?" [PODCAST]

From "joined up security" to the suggestion that Google proclaimed the end of malware on Android, find out what's happening at RSA 2015!

SSCC 195 - Let's talk security (over HTTPS, of course) [PODCAST]

This week, Chester is at the RSA Conference 2015.

Get a feel for the conference vibe, hear about this year's themes, and, of course, catch up on the latest security news...

D-Link router user? Keep your ears and eyes open for the next firmware fixes!

A critical bug that leaves various D-Link routers wide open has apparently been patched...

...except that the patches need patches.

Watch out!

5 online privacy and security tips for travelers

Going on holiday or traveling for business any time soon?

Here are 5 online privacy and security tips for when you're on the road.

Woman sues Google after in-app purchases drain her bank account

Woman sues Google after Play Store drains her bank account

She's alleging that Google Play's inadequate security let crooks siphon thousands of dollars in charges from her account.

If the "Deep Web" becomes searchable, is it still deep? 60 Sec Security [VIDEO]

Watch the latest episode of our only-takes-a-minute security roundup video!

This week: From old crypto bugs to the latest Windows security holes...

SSCC 194 - Patch early? Patch often? This time, "Patch NOW!" [PODCAST]

Join Sophos experts Chester Wisniewski and Paul Ducklin for the latest episode of our weekly security podcast.

From the very latest Update Tuesday to how we get rid of 10-year-old security holes, here's the security news you can use.

Google fixes potential revenue-stealing "comment cloning" YouTube bug

Two Egyptian security researchers figured out how to clone other people's YouTube comments.

You could "borrow" approvals and positive reviews so that they appeared to promote your videos, too.