Vulnerability

(get it in RSS or Atom)

D-Link patches critical router flaws, says more fixes to come

by Lee Munson on March 4, 2015 | Leave a comment
D-Link logo

D-Link has taken action over three serious vulnerabilities discovered in several of its home routers, and it's promising more fixes next week.

Bought PII from the government? PLEASE DON'T LOSE IT! 60 Sec Security [VIDEO]

by Paul Ducklin on February 28, 2015 | Leave a comment
60ss-video-250

Here's the latest episode of our weekly computer security roundup.

The latest news presented so you can enjoy it...in just one minute!

Facebook Bug Bounty report for 2014: $1.3M paid out to more than 700 bug finders

by Paul Ducklin on February 27, 2015 | Leave a comment

Facebook just released details of how much it paid out in bug bounties for 2014.

Rewards ranged from $500 to over $50,000...

SSCC 187 - The cryptography edition [PODCAST]

by Paul Ducklin on February 26, 2015 | Leave a comment
chet-chat-logo-featured-250

Sophos expert John Shier sits in for regular presenter Chester Wisniewski in this episode.

John and Paul Ducklin dissect the latest security issues, which were dominated this week by some thorny matters of cryptography.

Google turns Pwnium into an all-year, unlimited-rewards bug-hunting contest

by Lisa Vaas on February 26, 2015 | 2 Comments
Bug. Image courtesy of Shutterstock.

Google's new thinking around bug hunting: get it to us ASAP, from wherever you are.

From the Labs: more advances in Advanced Persistent Threats

by Paul Ducklin on February 25, 2015 | Leave a comment
apt-scene-250

SophosLabs researcher Gabor Szappanos is back.

He presents another insightful installment in the ongoing saga of PlugX and other "malware factories" that are part of the Advanced Persistent Threat scene.

What's SUPER and helps you to PHISH, sorry, FISH? 60 Sec Security [VIDEO]

by Paul Ducklin on February 21, 2015 | Leave a comment
60ss-video-250

Here's our weekly news roundup - from Superfish to Super Spectacles.

It's amusing, informative, and only takes a minute - enjoy!

Lenovo "Superfish" controversy - what you need to know

by Paul Ducklin on February 20, 2015 | 13 Comments
sf-250

Controversy of the week is "Superfish," an adware program pre-installed on Lenovo computers that has some worrying security problems.

Here's what you need to know, in plain English...

FreeBSD and the YARNBUG - more trouble at the Random Number Mill

by Paul Ducklin on February 19, 2015 | 15 Comments

How do you test your random number generator?

How do you determine, in an ordered way, that a sequence of numbers is entirely disordered?

With difficulty!

SSCC 186 - Just how firm is your firmware? [PODCAST]

by Paul Ducklin on February 18, 2015 | 2 Comments
chet-chat-logo-featured-250

Here's the latest episode of our weekly security podcast - from firmware and Firefox to Project Zero and Lightning conductors.

Chet and Duck are in fine fettle as usual...enjoy!

Google's Project Zero backs off a bit - will now give up to 14 days' grace

by Paul Ducklin on February 16, 2015 | 9 Comments
zd-250

Google's controversial "zero-day dropping machine," Project Zero, which automatically outs your bugs after 90 days, will now give up to 14 day's leeway.

News flash: hacker turns Apple's Lightning connector into a jailbreak conductor

by Paul Ducklin on February 16, 2015 | Leave a comment
lightning-250

A French hacker says he'll soon be making modified Lightning connector cables that will give Apple iOS jailbreakers a better view inside their iDevices.

What do you mean, "Facebook is now text only"? - 60 Sec Security [VIDEO]

by Paul Ducklin on February 14, 2015 | Leave a comment
60ss-video-250

Here's the latest episode of our weekly one-minute security video.

Fun, fast...and educational.

SSCC 185 - "I have a number for you: Eighty Million" [PODCAST]

by Paul Ducklin on February 13, 2015 | Leave a comment
chet-chat-logo-featured-250

Our weekly "Chet Chat" podcast is carefully prepared to fit into a quarter-hour, so it is clear and concise as well as being witty and amusing.

Enjoy...

"Most adorable bug" - Raspberry Pi 2 crashes when you take a photo of it

by Lisa Vaas on February 11, 2015 | 14 Comments
Raspberry. Image courtesy of Shutterstock.

It's not buggy, it's camera-shy! The tiny, budget Raspberry Pi faints when you flash a photo of it, and it's likewise not keen on laser pointers.

The "JASBUG" Windows vulnerability - beyond the hype, what you need to know

by Paul Ducklin on February 11, 2015 | 11 Comments
jasbug-500

Struggling to understand the JASBUG flaw fixed by Microsoft in this month's Update Tuesday?

Paul Ducklin explains it clearly, with minimal jargon.

Update Tuesday wrap-up, February 2015 - don't let JASBUG distract you

by Paul Ducklin on February 11, 2015 | 1 Comment
patch-tuesday-denim-250

Be careful!

The JASBUG vulnerability in Windows is grabbing the headlines, but there are other bugs this month that could hit you harder.

Paul Ducklin explains...

The end of the Silk Road for Dread Pirate Roberts - 60 Sec Security [VIDEO]

by Paul Ducklin on February 7, 2015 | Leave a comment
60ss-video-250

Here's our weekly "60 Second Security" video.

Enjoy a fresh and entertaining take on the latest security news in just one minute...

SSCC 184 - What's the lifespan of a GHOST? [PODCAST]

by Paul Ducklin on February 5, 2015 | 4 Comments
chet-chat-logo-featured-250

Our weekly security podcast - the latest news in 15 minutes, entertaining *and* educational.

Enjoy!

Internet Explorer has a Cross Site Scripting zero-day bug

by Paul Ducklin on February 4, 2015 | Leave a comment
ie11-250

Another day, another zero-day.

This time, it's Internet Explorer that is attracting the sort of publicity a browser doesn't want, with the public disclosure of an XSS bug.