Vulnerability

(get it in RSS or Atom)

How (not) to pay yourself a $14m bonus - 60 Sec Security [VIDEO]

Our weekly 1-minute security video...news with some fun in it!

SSCC 208 - (Cyber)crime and Punishment [PODCAST]

Join us for the weekly Chet Chat!

In this episode: Cybercrime (and punishment), crimeware, the Angler exploit kit, and how the Fourth Amendment applies to social networks.

WordPress 4.2.3 is out, update your website now

Wordpress 4.2.3 is out, update your website now

If you manage a website that utilizes Wordpress - update now! The latest version has been released and includes a fix for a cross-site scripting (XSS) vulnerability that your website could do without.

Baby, you can hack my car: researchers take over a Jeep from 10 miles away

Baby, you can hack my car: researchers take over a Jeep from 10 miles away

Two renowned security researchers have discovered a way to remotely hack into and take over a Jeep Cherokee, controlling the brakes and accelerator as well as other components.

Beyond the breaches: Understanding the Angler exploit kit

Crimeware expert Fraser Howard tells you what you need to know about Angler - the current "market leader" in the exploit kit scene.

A must-read report if you want to bolster your defences...

If you make everybody use weaker locks, it's burglars who benefit! 60 Sec Security [VIDEO]

Security can be fun...here's the latest episode of our weekly 1-minute video.

Enjoy!

SSCC 207 - Windows 2003 R2? The train stops here! [PODCAST]

Our weekly quarter-hour podcast where we turn the latest security news into advice you can use - and have fun at the same time.

Enjoy!

What's keeping security experts awake at night?

What's keeping you awake at night? Gartner polls top-level security experts

Enterprises will pour more than $71 billion into infosec this year but are still getting clobbered by Sony-esque level breaches. Why? They're not focusing on the real threats.

Another "Hacking Team" zero-day surfaces - this time in IE, not Flash!

Yet another zero-day has been dragged out of the data dump from hacked Italian security outfit Hacking Team.

Microsoft was all over this in double-quick time, so get the patch!

Did Firefox listen to Facebook and just kill Flash? (No, but there's another patch!)

Did Firefox listen to Facebook and just kill Flash? (No, but there's another patch!)

United Airlines pays hacker one million air miles in bug bounty reward

united-air-miles-bounty-1200

It didn't take Jordan Wiens very long to find a vulnerability in United Airlines' network, but the payoff was huge - one million free air miles for about six hours of work.

Is that a Flash 0-day hole I see before me? 60 Sec Security [VIDEO]

Patches, hacking and keeping your head down online: our weekly 1-minute fun news video that's educational, too!

The OpenSSL "CVE-2015-1793" certificate verification bug - what you need to know

os-1200

OpenSSL announced on Monday that it had a "high severity" update arriving in three days' time.

That's today, and the update is out. Paul Ducklin tells you what you need to know...

Flash zero-day leaks out from "Hacking Team" hack, patch expected Real Soon Now

Last night we wrote about how Flash troubles come in threes, like those proverbial buses.

Stop the presses! Here comes another one!

Flash malware that gives you a free security update

Malware that patches Flash for you after it's broken in?

Sadly, it's not all about you...in fact, it's not about you at all.

Amazon releases low-cholesterol Heartbleed medicine called 's2n'

Remember the Heartbleed bug in OpenSSL?

Here's Amazon's open-source effort to expand our choice of cryptographic sauce...

"Something stolen, something new" - 60 Sec Security [VIDEO]

Here's the latest episode of our weekly 1-minute security video.

Fun with a serious side...enjoy!

SSCC 205 - Update early, update often! [PODCAST]

chet-chat-logo-fb-842

Join Sophos experts John Shier and Paul Ducklin for the latest episode of our weekly security podcast, the Chet Chat.

News you can use...enjoy!

Apple lets rip with update spate: OS X, iOS, Safari, iTunes, QuickTime

Apple just opened the stopcocks and released a Hoover Dam's worth of security-related updates.

Yes, there are numerous new features and products in there too, but it's the security fixes that make a compelling reason to update.