Vulnerability

(get it in RSS or Atom)

"Exploit This": Evaluating the exploit skills of malware groups

exploit-this-paper-250

SophosLabs researcher Gabor Szappanos compares APT actors and cybercrooks.

A comparative review of malware writers!

A fascinating study, well worth a read...

News Flash! 3rd time unlucky! New 0-day hits Adobe's browser plug-in...

Ready to kiss goodbye to Flash in your browser yet?

Here's the 3rd zero-day in Flash since Adobe's last Patch Tuesday...

Hackers breach password database at Atlassian's "HipChat" collaboration service

Hip software company Atlassian has had the hackers in.

It sounds as though the outcome won't be too bad, but it does remind you: choose a better password than everyone else!

Baby monitor hijacked; change default password urges Foscam

Baby monitor hijacked; change default password urges Foscam

A nanny was spooked last week by a cyber creep peeping in on her via a baby monitor while she changed a baby's diaper.

The GHOST in the machine - 60 Sec Security [VIDEO]

60ss-video-250

Here's our weekly one-minute security video.

Sending spam, cracking the Blackphone and the GHOST in the machine. Enjoy...

The GHOST vulnerability - what you need to know

ghost-250

The funkily-named bug of the week is GHOST.

Here's how it got its name, why there's a problem, and what you can do about it...

SSCC 183 - It's Data Privacy Day! Do something! [PODCAST]

chet-chat-logo-featured-250

From Apple's latest OS X and iOS updates to Data Privacy Day - listen, learn and enjoy!

Bughunter cracks "absolute privacy" Blackphone - by sending it a text message

Serial bughunter Mark Dowd found a hole where it *really* wasn't wanted.

In the text messaging software on the "absolute privacy" Blackphone...

Apple fixes Thunderstrike and 3 Project Zero bugs in OS X 10.10.2 Yosemite

Yosemite

The latest OS X beta, version 10.10.2, is in the hands of developers and hints that users will soon be getting fixes for the devilish Thunderstrike vulnerability and 3 Project Zero bugs.

Adobe gets second Flash zero-day patch ready 2 days early!

Good news from Adobe about CVE-2015-0311, the unpatched zero-day in Flash.

The patch is now ready via auto-update - 2 days early!

SCADA programmers? It's time for security by default! 60 Sec Security [VIDEO]

Here's the latest episode of our weekly 60-second security video.

Enjoy the news in just one minute...

Adobe issues emergency fix for Flash zero-day

Crooks are reportedly using a new Flash vulnerability called CVE-2015-0310.

Adobe has a fix already, so grab it while it's hot!

If you use either of these WordPress themes update them now

Pagelines

Older versions of the Platform and PageLines WordPress themes contain privilege escalation vulnerabilities that could allow attackers to take over the website using them.

SSCC 182 - What would the Pirate Party do? [PODCAST]

chet-chat-logo-featured-250

This week's episode of our quarter-hour security podcast.

Entertaining as well as accurate and educational - why not give it a listen?

Big bag of fixes: Oracle's Critical Patches for Jan 2015 close 160 holes, 93 remotely exploitable

oracle-250

Big bag of fixes!

Oracle's Critical Patches for Jan 2015 fix 160 holes in 48 products, with 93 of those vulnerabilities remotely exploitable.

"Cheaper car insurance" dongle could lead to a privacy wreck

snapshot-250

You'd hope that the developers of a dongle that tracks your driving paid a lot of attention to computer security.

Or, in fact, any attention at all...

Ouch! Home router security "bypass" actually means no security AT ALL

A Spanish researcher has found an astonishing security "bypass" in a home router - there simply isn't any security to bypass.

Barack Obama proposes shielding companies that share cyber threat data

Obama proposes new cybersecurity legislation to target identity theft, DDoS

President Obama on Tuesday proposed new cybersecurity legislation that would put cybercrime on par with racketeering and would protect companies from getting sued if they share computer threat data with the government.

SSCC 181 - The Security Duel: "Bug reports at 15 paces" [PODCAST]

Microsoft vs. Google - Google vs. Users - Hackers vs. US Army - the fight is on in the latest episode of our weekly security podcast!

Enjoy...

Update Tuesday wrap-up, January 2015 - See? We didn't use the word "Patch"!

Like fingers and thumbs, not all updates are patches, even if all patches are updates.

So, here's the skinny on Update Tuesday...including the security patches, of course.