Exploit

(get it in RSS or Atom)

Xen fixes another "virtual machine escape" bug

xen-480

Last time it was the floppy disk drive that let crooks squeeze out of jail - this time, the virtual CD-ROM is their springboard...

The "Stagefright" hole in Android - what you need to know

Android. Image courtesy of Bloomua / Shutterstock.

Here's what you can do to deal with the much-talked-up "Stagefright" messaging vulnerability on Android

Beyond the breaches: Understanding the Angler exploit kit

Crimeware expert Fraser Howard tells you what you need to know about Angler - the current "market leader" in the exploit kit scene.

A must-read report if you want to bolster your defences...

If you make everybody use weaker locks, it's burglars who benefit! 60 Sec Security [VIDEO]

Security can be fun...here's the latest episode of our weekly 1-minute video.

Enjoy!

SSCC 207 - Windows 2003 R2? The train stops here! [PODCAST]

Our weekly quarter-hour podcast where we turn the latest security news into advice you can use - and have fun at the same time.

Enjoy!

Another "Hacking Team" zero-day surfaces - this time in IE, not Flash!

Yet another zero-day has been dragged out of the data dump from hacked Italian security outfit Hacking Team.

Microsoft was all over this in double-quick time, so get the patch!

Did Firefox listen to Facebook and just kill Flash? (No, but there's another patch!)

Did Firefox listen to Facebook and just kill Flash? (No, but there's another patch!)

The OpenSSL "CVE-2015-1793" certificate verification bug - what you need to know

os-1200

OpenSSL announced on Monday that it had a "high severity" update arriving in three days' time.

That's today, and the update is out. Paul Ducklin tells you what you need to know...

Flash zero-day leaks out from "Hacking Team" hack, patch expected Real Soon Now

Last night we wrote about how Flash troubles come in threes, like those proverbial buses.

Stop the presses! Here comes another one!

Flash malware that gives you a free security update

Malware that patches Flash for you after it's broken in?

Sadly, it's not all about you...in fact, it's not about you at all.

"Something stolen, something new" - 60 Sec Security [VIDEO]

Here's the latest episode of our weekly 1-minute security video.

Fun with a serious side...enjoy!

Apple lets rip with update spate: OS X, iOS, Safari, iTunes, QuickTime

Apple just opened the stopcocks and released a Hoover Dam's worth of security-related updates.

Yes, there are numerous new features and products in there too, but it's the security fixes that make a compelling reason to update.

Latest Flash hole already exploited to deliver ransomware - update now!

Are you still using Flash in your browser?

If so, make sure you've got the latest update from Adobe, even though it only came out last week.

Security hole in MacKeeper used to shove malware onto Macs

According to researchers at BAE, a recent Mac malware infestation was carried out using a security hole in a utility called MacKeeper.

"Belts and breaches" - 60 Sec Security [VIDEO]

60ss-video-1200

Here's the latest episode of our entertaining news-in-1-minute security roundup.

Enjoy!

SSCC 203 - What's the worst sort of service to have a password breach? [PODCAST]

Join Sophos security experts John Shier and Paul Ducklin as they dig into the latest security news in our regular "Chet Chat" podcast.

This week: LastPass, Facebook, Windows 10 (and not-quite-the-end of XP), Samsung, and the Android ecosystem.

Apple OS X and iOS in the vulnerability spotlight - meet "CORED," also known as "XARA"

The security issue of the week has arrived in iOS and OS X, and it's attracted a funky name already.

The researchers called it XARA, but others had different ideas, and dubbed it "CORED."

As in "Apple CORED."

Samsung keyboard app could let a crook crack your phone

A presenter at BlackHat London has some bad news for you: the keyboard app built in to your Samsung phone may leave you open to attack.

Paul Ducklin explains and offers some advice...

Windows 10 patches - will you get them no matter what?

What does the wording about updates being "available automatically" in the Windows 10 Specifications really mean?

The phone that keeps an eye on your eyes - 60 Sec Security [VIDEO]

The latest episode of our weekly "security news in one minute" video.

Enjoy...