Vulnerability

(get it in RSS or Atom)

The OpenSSL "CVE-2015-1793" certificate verification bug - what you need to know

os-1200

OpenSSL announced on Monday that it had a "high severity" update arriving in three days' time.

That's today, and the update is out. Paul Ducklin tells you what you need to know...

Flash zero-day leaks out from "Hacking Team" hack, patch expected Real Soon Now

Last night we wrote about how Flash troubles come in threes, like those proverbial buses.

Stop the presses! Here comes another one!

Flash malware that gives you a free security update

Malware that patches Flash for you after it's broken in?

Sadly, it's not all about you...in fact, it's not about you at all.

Amazon releases low-cholesterol Heartbleed medicine called 's2n'

Remember the Heartbleed bug in OpenSSL?

Here's Amazon's open-source effort to expand our choice of cryptographic sauce...

"Something stolen, something new" - 60 Sec Security [VIDEO]

Here's the latest episode of our weekly 1-minute security video.

Fun with a serious side...enjoy!

SSCC 205 - Update early, update often! [PODCAST]

chet-chat-logo-fb-842

Join Sophos experts John Shier and Paul Ducklin for the latest episode of our weekly security podcast, the Chet Chat.

News you can use...enjoy!

Apple lets rip with update spate: OS X, iOS, Safari, iTunes, QuickTime

Apple just opened the stopcocks and released a Hoover Dam's worth of security-related updates.

Yes, there are numerous new features and products in there too, but it's the security fixes that make a compelling reason to update.

Latest Flash hole already exploited to deliver ransomware - update now!

Are you still using Flash in your browser?

If so, make sure you've got the latest update from Adobe, even though it only came out last week.

SSCC 204 - You want an extension to your extension for Windows XP? [PODCAST]

Here's the latest episode of our weekly security podcast, the award-winning Chet Chat.

Enjoy!

US Navy pays millions to cling to Windows XP

US Navy pays millions to cling to Windows XP

More than a year after Microsoft pulled the plug on free support for the end-of-life'd OS, hundreds of millions of users are still clinging to the drifting ship.

Security hole in MacKeeper used to shove malware onto Macs

According to researchers at BAE, a recent Mac malware infestation was carried out using a security hole in a utility called MacKeeper.

"Belts and breaches" - 60 Sec Security [VIDEO]

60ss-video-1200

Here's the latest episode of our entertaining news-in-1-minute security roundup.

Enjoy!

SSCC 203 - What's the worst sort of service to have a password breach? [PODCAST]

Join Sophos security experts John Shier and Paul Ducklin as they dig into the latest security news in our regular "Chet Chat" podcast.

This week: LastPass, Facebook, Windows 10 (and not-quite-the-end of XP), Samsung, and the Android ecosystem.

Critical Drupal vulnerability patched — update your website now

drupal

The Drupal Security Team has released a critical security advisory and software updates for the Drupal Content Management System (CMS). Users with websites running either Drupal 6 or Drupal 7 are urged to upgrade immediately.

Apple OS X and iOS in the vulnerability spotlight - meet "CORED," also known as "XARA"

The security issue of the week has arrived in iOS and OS X, and it's attracted a funky name already.

The researchers called it XARA, but others had different ideas, and dubbed it "CORED."

As in "Apple CORED."

Google launches Android bug bounty program

android_1200-213172579

After paying out $1.5 million to security researchers last year, Google now offers cash to Android bug hunters.

Samsung keyboard app could let a crook crack your phone

A presenter at BlackHat London has some bad news for you: the keyboard app built in to your Samsung phone may leave you open to attack.

Paul Ducklin explains and offers some advice...

Authentication is all around us! 60 Sec Security [VIDEO]

Here's our latest "60 Second Security" video - catch the week's security news in just 1 minute.

SSCC 202 - They hacked the US Army? Are you SURE? [PODCAST]

Join Sophos security experts Chester Wisniewski and Paul Ducklin for this week's security podcast.

Apple, Microsoft, patching, hacking the army (sort of), and 49 arrests in a Europol action against bank fraudsters!

Security hole in Hospira hospital drug pumps could let through fatal doses

Flaw in Hospira hospital drug pumps could let through fatal doses

An attacker who knows how to update the firmware - not a tough task, says security researcher Billy Rios - can change the dosage to a lethal limit.