Vulnerability

(get it in RSS or Atom)

SSCC 194 - Patch early? Patch often? This time, "Patch NOW!" [PODCAST]

Join Sophos experts Chester Wisniewski and Paul Ducklin for the latest episode of our weekly security podcast.

From the very latest Update Tuesday to how we get rid of 10-year-old security holes, here's the security news you can use.

Google fixes potential revenue-stealing "comment cloning" YouTube bug

Two Egyptian security researchers figured out how to clone other people's YouTube comments.

You could "borrow" approvals and positive reviews so that they appeared to promote your videos, too.

Tampering with US voting machine as easy as 'abcde', says Virginia report

Tampering with US voting machine as easy as 'abcde', says Virginia report

All it would take to compromise it is to sit in the parking lot with a laptop, some free tools, and a dropper full of tech smarts.

Update Tuesday, April 2015 - Urgent action needed over Microsoft HTTP bug

We don't usually focus on one vulnerability and say, "Do that first." But this month, we're willing to make an exception.

The Microsoft HTTP stack has a bug that could let attackers straight in with a simple HTTP request...

TLS certificate blunder revisited - whither China Internet Network Information Center?

cnnic-250

Just under three weeks ago, we wrote about a TLS certificate blunder by a Root Certificate Authority called CNNIC.

We thought we'd revisit that story today to see how the Big Four browser makers responded to the lapse...

We TOLD you not to use WPS on your Wi-Fi router! We TOLD you not to knit your own crypto!

Belkin is the latest router vendor to be found relying on "non-secret secrets."

Paul Ducklin looks at the router equivalent of locking the key to the company safe in the top drawer of your desk...

What a lot of patches! 60 Sec Security [VIDEO]

Watch the latest episode of our weekly fun-but-serious security news video.

It only takes a minute!

The mobile "security gap" - Pinterest and Yammer the latest gappy apps

Pinterest and Yammer are the latest official mobile apps that didn't do HTTPS correctly, leaving users at risk of imposters and phishing.

Linux Australia gets pwned, rooted, RATted and botted

Linux Australia had a bit of a nightmare Easter Weekend.

While the rest of us were loafing at the beach, the Penguinistas from Down Under were owning up to a pretty extensive cyberintrusion.

Apple fixes loads of security holes in OS X, iOS, Apple TV, Safari

OS X gets a brand new photo application called, er, Photos, but the security fixes are the real reason you want these updates.

FBI warns WordPress users of ISIS threat: Patch and update now

FBI warns WordPress users of ISIS threat: Patch and update now

The FBI is advising all WordPress site owners to update and patch their installation and plugins. If you're not already doing so, now is a great time to start. We offer tips on how to get started.

Baby cam plays creepy music, moves of its own accord

Man in a hoody

Yes, the wireless cam was possessed - by the spirit of whoever hijacked the Foscam IP device to spy on a Minnesota couple's baby.

SSCC 193 - Pick a YouTube security token, any token! [PODCAST]

Join Sophos experts Chester Wisniewski and Paul Ducklin as they dissect the latest computer security stories in their inimitable style.

Turn news into advice with the Sophos Security Chet Chat!

Firefox issues brand new update to fix HTTPS security hole in new update

ff-hhtp2-500

Firefox 37.0 added support for a security-enhancing feature in HTTP/2 known as Alternative Services.

Unfortunately, the new feature had a rather bad HTTPS security hole all of its own...

Monday review - the hot 22 stories of the week

Here are last week's stories in one convenient place so you can catch up on what you missed!

Has Uber scored an executive touchdown? 60 Sec Security [VIDEO]

Watch the latest episode of our weekly "news in one minute" security video...

"Probably tired and shagged out after a long squawk" - 60 Sec Security [VIDEO]

Our weekly witty-but-serious video - news you can use, and it only takes a minute.

Enjoy...

SSCC 191 - Live in Ljubljana [PODCAST]

Chester is on the road again, this time to present at a conference in Slovenia.

So this episode of the Chet Chat comes to you from an al fresco café in downtown Ljubljana...

"Pwn2Own" competition pops Flash, Reader and four browsers, pays out over $550K [POLL]

Pwn2Own has become something of an institution on the North American computer security conference circuit.

Come and vote in our poll to tell us what you think of security contests like this...

What's that screenshot doing on Facebook? 60 Sec Security [VIDEO]

Facebook, ransomware and updates to updates - all in 60 seconds!

Our weekly video for 21 March 2015...