Exploit

(get it in RSS or Atom)

Google turns Pwnium into an all-year, unlimited-rewards bug-hunting contest

Bug. Image courtesy of Shutterstock.

Google's new thinking around bug hunting: get it to us ASAP, from wherever you are.

SSCC 185 - "I have a number for you: Eighty Million" [PODCAST]

chet-chat-logo-featured-250

Our weekly "Chet Chat" podcast is carefully prepared to fit into a quarter-hour, so it is clear and concise as well as being witty and amusing.

Enjoy...

The "JASBUG" Windows vulnerability - beyond the hype, what you need to know

jasbug-500

Struggling to understand the JASBUG flaw fixed by Microsoft in this month's Update Tuesday?

Paul Ducklin explains it clearly, with minimal jargon.

Update Tuesday wrap-up, February 2015 - don't let JASBUG distract you

patch-tuesday-denim-250

Be careful!

The JASBUG vulnerability in Windows is grabbing the headlines, but there are other bugs this month that could hit you harder.

Paul Ducklin explains...

The end of the Silk Road for Dread Pirate Roberts - 60 Sec Security [VIDEO]

60ss-video-250

Here's our weekly "60 Second Security" video.

Enjoy a fresh and entertaining take on the latest security news in just one minute...

SSCC 184 - What's the lifespan of a GHOST? [PODCAST]

chet-chat-logo-featured-250

Our weekly security podcast - the latest news in 15 minutes, entertaining *and* educational.

Enjoy!

D-Link routers vulnerable to DNS hijacking

Router. Image courtesy of Shutterstock.

A newly discovered vulnerability in the ZynOS firmware used by popular routers may leave some models at risk of DNS hijacking

"Exploit This": Evaluating the exploit skills of malware groups

exploit-this-paper-250

SophosLabs researcher Gabor Szappanos compares APT actors and cybercrooks.

A comparative review of malware writers!

A fascinating study, well worth a read...

News Flash! 3rd time unlucky! New 0-day hits Adobe's browser plug-in...

Ready to kiss goodbye to Flash in your browser yet?

Here's the 3rd zero-day in Flash since Adobe's last Patch Tuesday...

The GHOST in the machine - 60 Sec Security [VIDEO]

60ss-video-250

Here's our weekly one-minute security video.

Sending spam, cracking the Blackphone and the GHOST in the machine. Enjoy...

Bughunter cracks "absolute privacy" Blackphone - by sending it a text message

Serial bughunter Mark Dowd found a hole where it *really* wasn't wanted.

In the text messaging software on the "absolute privacy" Blackphone...

Adobe gets second Flash zero-day patch ready 2 days early!

Good news from Adobe about CVE-2015-0311, the unpatched zero-day in Flash.

The patch is now ready via auto-update - 2 days early!

SCADA programmers? It's time for security by default! 60 Sec Security [VIDEO]

Here's the latest episode of our weekly 60-second security video.

Enjoy the news in just one minute...

Adobe issues emergency fix for Flash zero-day

Crooks are reportedly using a new Flash vulnerability called CVE-2015-0310.

Adobe has a fix already, so grab it while it's hot!

Big bag of fixes: Oracle's Critical Patches for Jan 2015 close 160 holes, 93 remotely exploitable

oracle-250

Big bag of fixes!

Oracle's Critical Patches for Jan 2015 fix 160 holes in 48 products, with 93 of those vulnerabilities remotely exploitable.

SSCC 181 - The Security Duel: "Bug reports at 15 paces" [PODCAST]

Microsoft vs. Google - Google vs. Users - Hackers vs. US Army - the fight is on in the latest episode of our weekly security podcast!

Enjoy...

Patch Tuesday wrap-up, December 2014 - why "Important" can be Critical...

patch-tuesday-denim-250

Adobe and Microsoft put forth their respective Patch Tuesday updates this week, bringing you their last scheduled patches of 2014.

Paul Ducklin digs in...

Adobe publishes out-of-band Flash update - provides "booster dose" for October's patches

Adobe has published a Flash update, dubbed APSB14-26.

The new patch offers additional protection against a vulnerability that was originally addressed in October 2014.

SSCC 175 - "My, what an ENORMOUS malware infection you have!" [PODCAST]

Here's the latest episode of our weekly security podcast.

For your listening pleasure - the news you can use!

WordPress issues critical security fixes, closing remote anonymous compromise bug and more

wp-250

WordPress has just published a critical security release.

If you're still on WordPress 3, this is about as critical as it gets, because one of the fixes closes a "remote anonymous compromise" bug.