(get it in RSS or Atom)

Java updater to stop pushing Ask Toolbar, will foist Yahoo search on you instead

Java updater to stop pushing Ask Toolbar, will foist Yahoo search on you instead

Oracle's Java, infamous in the past for bundling the Ask Toolbar as part of its install and update processes, is ditching Ask in favour of Yahoo's search engine.

SCADA programmers? It's time for security by default! 60 Sec Security [VIDEO]

Here's the latest episode of our weekly 60-second security video.

Enjoy the news in just one minute...

HTML5 goes officially live - now you really CAN say goodbye to Java in your browser!


Of the 21.5 years that the WWW has been going strong, 15 have been spent getting from HTML 4 to HTML5.

That's quite a journey!

Paul Ducklin takes look at where we are now...

Patch Tuesday for October 2014 - bigger than usual as Microsoft, Adobe and Oracle align

Oracle, Adobe and Microsoft patches are all arriving together on Tuesday 14 October 2014.

Paul Ducklin looks at what to expect...

Microsoft brings Internet Explorer's security into the 21st century

Microsoft brings Internet Explorer's security into the 21st century

Internet Explorer (IE) will finally catch up with rival browsers next week when it begins blocking out-of-date ActiveX controls.

SSCC 155 - cybercrime bust, cloud laws, phishing and malware back from extinction [PODCAST]

In this episode, Sophos experts John Shier and Paul Ducklin tackle the week's interesting security stories.

John and Duck get stuck into: a high-profile cybercrime arrest; how mainstream brands help phishers; and why macro malware is making a comeback.

Patch Tuesday wrap-up, July 2014 - Adobe fixes "Rosetta", plus a new risky file type on Windows...

Patch Tuesday for July 2014 is just behind us in the case of Microsoft and Adobe, and just ahead of us in the case of Oracle.

Paul Ducklin tells you what you need to know...

Monday review - the hot 21 stories of the week


It's weekly roundup time!

Here's all the great stuff we've written in the past seven days.

No Heartbleed holes in Java, but here comes a sea of patches anyway


Oracle's quarterly Patch Tuesday updates are out.

Java gets 37 fixes, 35 of them what Oracle calls "Remote Exploit without Authentication".

The silver lining? No Heartbleed bug in Java Standard Edition...

Browsers pwned, Korean megabreach, hackers phoiled, and Chet Chat turns 4! [VIDEO]


Which browser plugin withstood PWN2OWN? How big was the latest South Korean megabreach? What happens when hackers attack phishers?

Find out in 60 Second Security...

SSCC 134 - Patching, foisting, hacking and obfuscating [PODCAST]


Here's our latest security podcast, featuring Sophos experts Chester Wisniewski and Paul Ducklin.

Join the dynamic duo as they turn the latest news into a quarter-hour podcast that is informative, entertaining and educational.

Misleading advertisements lead to hijacked browser settings


Advertisements don't have a great track record for safety and we are beginning to see more frequent abuse of search and mobile ads to deliver unwanted addons purporting to be legitimate tools. Be careful where you click and closely scrutinize software options before installation.

PWN2OWN 2014 - Find the "exploit unicorn" and win $150,000


It's called PWN2OWN because if you successfully pwn, or hack into, the competition laptop, you own it *literally* - you get to take it home with you.

But there's also $645,000 in cash up for grabs, including a Grand Prize for finding, wait for it, an "exploit unicorn"...

Patch Tuesday January 2014 - Microsoft, Adobe and Oracle


Microsoft, Adobe and Oracle have all released fixes today. Products covered include Microsoft Word, Windows XP, Windows 7, Adobe Reader, Java, MySQL and VirtualBox.

SSCC 130 - Botnets, banking, breaches, patching and the Mavericks controversy [PODCAST]


What's the best way to deal with botnets? Should you use your bank's mobile app? Why all these data breaches? What about Patch Tuesday? Do you really *have* to update your Mac to Mavericks?

Listen as Chet and Duck dissect and explore the week's security stories...

SSCC 120 - Vulnerabilities, backdoors, crypto done right, and crypto done wrong [PODCAST]


Ah, the irony! Good crypto from the bad guys, and bad crypto from the good guys...

Chet and Duck turn the latest security news into an insightful, amusing and educational discussion in the latest episode of their two-weekly podcast.

Oracle releases 127 security fixes, 51 for Java alone


Oracle has released its quarterly software update fixing more than 100 security vulnerabilities in its products. Java is at risk from more than 50 flaws, so it is time to update immediately if you still use it.

Oracle Java fails at security in new and creative ways


Oracle is about to release a new "feature" in its Java Runtime Environment (JRE) that allows enterprises (or anyone else) to turn off security features for backward compatibility.

Personal data on 72,000 staff taken in University of Delaware hack

Personal data on 72,000 staff taken in University of Delaware hack

The University of Delaware has joined the long line of recent data breach victims, with a compromised university system yielding personal information on 72,000 past and present employees.

UD authorities have notified those affected by mail, and email where possible. Investigators have been called in to pin down the scale of the breach, identify any additional risks and ensure those affected are properly informed.