(get it in RSS or Atom)

Big bag of fixes: Oracle's Critical Patches for Jan 2015 close 160 holes, 93 remotely exploitable


Big bag of fixes!

Oracle's Critical Patches for Jan 2015 fix 160 holes in 48 products, with 93 of those vulnerabilities remotely exploitable.

HTML5 goes officially live - now you really CAN say goodbye to Java in your browser!


Of the 21.5 years that the WWW has been going strong, 15 have been spent getting from HTML 4 to HTML5.

That's quite a journey!

Paul Ducklin takes look at where we are now...

Patch Tuesday for October 2014 - bigger than usual as Microsoft, Adobe and Oracle align

Oracle, Adobe and Microsoft patches are all arriving together on Tuesday 14 October 2014.

Paul Ducklin looks at what to expect...

SSCC 155 - cybercrime bust, cloud laws, phishing and malware back from extinction [PODCAST]

In this episode, Sophos experts John Shier and Paul Ducklin tackle the week's interesting security stories.

John and Duck get stuck into: a high-profile cybercrime arrest; how mainstream brands help phishers; and why macro malware is making a comeback.

No Heartbleed holes in Java, but here comes a sea of patches anyway


Oracle's quarterly Patch Tuesday updates are out.

Java gets 37 fixes, 35 of them what Oracle calls "Remote Exploit without Authentication".

The silver lining? No Heartbleed bug in Java Standard Edition...

Browsers pwned, Korean megabreach, hackers phoiled, and Chet Chat turns 4! [VIDEO]


Which browser plugin withstood PWN2OWN? How big was the latest South Korean megabreach? What happens when hackers attack phishers?

Find out in 60 Second Security...

PWN2OWN Day Two - Chrome and Safari join the losers


Here are the PWN2OWN results from Day Two, and an overview of the final payouts.

Chrome and Safari didn't get picked for Day One, but both of them were pwned on Day Two - twice for Chrome and once for Safari....

PWN2OWN Day One - Reader, IE, Flash and Firefox felled, Java left standing


PWN2OWN Day One results are in!

The target that sounded easiest - Oracle Java, with prize money less than a third of the supposedly much tougher IE 11 - was the only one left standing at the end of the first half...

SSCC 134 - Patching, foisting, hacking and obfuscating [PODCAST]


Here's our latest security podcast, featuring Sophos experts Chester Wisniewski and Paul Ducklin.

Join the dynamic duo as they turn the latest news into a quarter-hour podcast that is informative, entertaining and educational.

PWN2OWN 2014 - Find the "exploit unicorn" and win $150,000


It's called PWN2OWN because if you successfully pwn, or hack into, the competition laptop, you own it *literally* - you get to take it home with you.

But there's also $645,000 in cash up for grabs, including a Grand Prize for finding, wait for it, an "exploit unicorn"...

Oracle and Java, Apple and the FTC, Google and privacy - 60 Sec Security [VIDEO]


Why was this month's Java update a "must patch"? Should in-app purchases be allowed to target children? Is it a good idea to give Google control of your home?

Find out in 60 Second Security for 18 Jan 2014

SSCC 130 - Botnets, banking, breaches, patching and the Mavericks controversy [PODCAST]


What's the best way to deal with botnets? Should you use your bank's mobile app? Why all these data breaches? What about Patch Tuesday? Do you really *have* to update your Mac to Mavericks?

Listen as Chet and Duck dissect and explore the week's security stories...

Patch Tuesday - get ready for the January 2014 Security Trifecta!


In January 2014, Patch Tuesday coincides for Oracle, Adobe and Microsoft.

Here's what you'll be up against in the opening fixture of the 2014 Patching Season...

SSCC 120 - Vulnerabilities, backdoors, crypto done right, and crypto done wrong [PODCAST]


Ah, the irony! Good crypto from the bad guys, and bad crypto from the good guys...

Chet and Duck turn the latest security news into an insightful, amusing and educational discussion in the latest episode of their two-weekly podcast.

Oracle releases 127 security fixes, 51 for Java alone


Oracle has released its quarterly software update fixing more than 100 security vulnerabilities in its products. Java is at risk from more than 50 flaws, so it is time to update immediately if you still use it.

Oracle Java fails at security in new and creative ways


Oracle is about to release a new "feature" in its Java Runtime Environment (JRE) that allows enterprises (or anyone else) to turn off security features for backward compatibility.

Android randomness, Sniffer dustbins, Unpatch Wednesday, ATM skimming - 60 Sec Security [VIDEO]


How does a bug in Android put your Bitcoins at risk? Why did the City of London bin its bins? What was Unpatch Wednesday? What to do with a 3D printer after you've made your own gun?

Find out in 60 seconds!

Lakeland hacked and passwords reset, customers advised to change passwords elsewhere

Lakeland hacked and passwords reset, customers advised to change passwords elsewhere

Lakeland has suffered a "sophisticated and sustained" attack in which two encrypted databases were accessed. It says it's found no evidence that data was stolen but has reset customers' passwords to be on the safe side.

Rooting SIM cards - BlackHat speaker says he may be able to "own your phone" with a text message


Mobile security researcher Karsten Nohl says he'll explain at the BlackHat conference how he can remotely "own" mobile phones with a single text message.

Paul Ducklin looks at what Nohl has said so far, and ponders how hard this might be to sort out...