(get it in RSS or Atom)

Microsoft "tops up" Patch Tuesday, issues delayed fix for zero-day hole in logon security

Microsoft has issued a "top up" security bulletin for a fix that didn't quite make it into the November 2014 Patch Tuesday.

The vulnerability can be used to turn any user into a domain administrator, and it's been exploited in the wild...

Patch Tuesday wrap-up, November 2014: Microsoft joins the "security hole in HTTPS" club

Here's what you need to know about the November 2014 Patch Tuesday updates from Microsoft and Adobe...

POODLEs, Sandworms and getting safe online - 60 Sec Security [VIDEO]

The week's security news, turned into an entertaining lesson, turned into a 1-minute video.


The "Sandworm" malware - what you need to know


Fortunately, the Sandworm malware is a lot easier to deal with than the giant science fiction creature from which it takes its name.

In fact, in malware terms, it's not a worm at all.

Paul Ducklin takes a look...

Patch Tuesday for October 2014 - bigger than usual as Microsoft, Adobe and Oracle align

Oracle, Adobe and Microsoft patches are all arriving together on Tuesday 14 October 2014.

Paul Ducklin looks at what to expect...

SSCC 164 - Spend Bitcoins using Apple Pay? *NOW* you've got me interested! [PODCAST]

Here's this week's Sophos Security Chet Chat for your listening pleasure.

Our weekly computer security podcast with the News You Can Use...

Patch Tuesday wrap-up, September 2014 - why even a single-bit data leak is worth fixing

Here's what you need to know about the September 2014 Patch Tuesday updates from Microsoft and Adobe...

"You're under arrest for possession of an insecure phone" - 60 Sec Security [VIDEO]

Here's this week's 60 Second Security video.

News you can use in a format you can enjoy...all in 60 seconds!

Microsoft pulls Patch Tuesday kernel update - MS14-045 can cause Blue Screen of Death


MS14-045, which fixes various security holes in the Windows kernel, can cause a BSoD and leave you stuck in a reboot loop.

Here's how to escape...

SSCC 160 - That's not just any old malware - that's a TRUE VIRUS! [PODCAST]

Ready for listening...

Here's this week's Sophos Security Chet Chat podcast.

Patch Tuesday wrap-up, August 2014: RCE + ASLR bypass + EoP == patch early, patch all!

Patch Tuesday is here again.

Paul Ducklin explains how this month's vulnerabilities can work together for harm, and why *all* the updates matter, not just the ones that ended up with a "critical" or "severe" tag...

Patch Tuesday wrap-up, July 2014 - Adobe fixes "Rosetta", plus a new risky file type on Windows...

Patch Tuesday for July 2014 is just behind us in the case of Microsoft and Adobe, and just ahead of us in the case of Oracle.

Paul Ducklin tells you what you need to know...

Patch Tuesday for July 2014 - 6 bulletins, 2 RCEs, 3 EoPs and get ready to reboot


Here's what to expect from Microsoft in the July 2014 edition of Patch Tuesday, scheduled to ship on Tuesday 08 July 2014...

Is Apple slack at security on iOS? 60 Sec Security [VIDEO]

What went wrong with PayPal's 2FA? Why did Microsoft do an email U-turn? Is Apple slack at security on iOS?

It'll only take a minute to find out...

Microsoft takes down No-IP DNS domains in cybercrime fight - right or wrong? [POLL]


Vote in our poll!

Was Microsoft's takeover of 23 of another company's domain names a justifiable step in dealing with cybercrime, or a disruptive step too far?

Microsoft stops Patch Tuesday emails, blames Canada, then does U-turn

Email ban. Image courtesy of Shutterstock

The decree mentions "changing governmental policies concerning the issuance of automated electronic messaging" - a head-scratcher that Microsoft spokespeople subsequently clarified by pointing to a new Canadian anti-spam law that takes effect today.

Google and Microsoft want to kill your phone if it's stolen. Do you feel safer?

Kill switch

The law enforcement group Secure Our Smartphones is claiming victory after Google and Microsoft announced they will add a "kill switch" to their mobile operating systems.

59 vulns in IE, teenager versus Turing, and Twitter gets wormed - 60 Sec Security [VIDEO]

Is 59 vulns in IE some kind of record? Did a computer really pass the Turing Test? Can a network worm ever be a joke?

Find out in one minute!

Patch Tuesday wrap-up, June 2014 - both Adobe and Microsoft close "remotable" holes


Microsoft fixed 59 vulnerabilities in Internet Explorer alone this month.

Is that worryingly bad, or pleasingly good?

Paul Ducklin investigates what actually came down the chute in the June 2014 Patch Tuesday...