vulnerability

(get it in RSS or Atom)

Google turns Pwnium into an all-year, unlimited-rewards bug-hunting contest

by Lisa Vaas on February 26, 2015 | 2 Comments
Bug. Image courtesy of Shutterstock.

Google's new thinking around bug hunting: get it to us ASAP, from wherever you are.

Lenovo "Superfish" controversy - what you need to know

by Paul Ducklin on February 20, 2015 | 13 Comments
sf-250

Controversy of the week is "Superfish," an adware program pre-installed on Lenovo computers that has some worrying security problems.

Here's what you need to know, in plain English...

FreeBSD and the YARNBUG - more trouble at the Random Number Mill

by Paul Ducklin on February 19, 2015 | 15 Comments

How do you test your random number generator?

How do you determine, in an ordered way, that a sequence of numbers is entirely disordered?

With difficulty!

SSCC 185 - "I have a number for you: Eighty Million" [PODCAST]

by Paul Ducklin on February 13, 2015 | Leave a comment
chet-chat-logo-featured-250

Our weekly "Chet Chat" podcast is carefully prepared to fit into a quarter-hour, so it is clear and concise as well as being witty and amusing.

Enjoy...

The "JASBUG" Windows vulnerability - beyond the hype, what you need to know

by Paul Ducklin on February 11, 2015 | 11 Comments
jasbug-500

Struggling to understand the JASBUG flaw fixed by Microsoft in this month's Update Tuesday?

Paul Ducklin explains it clearly, with minimal jargon.

Update Tuesday wrap-up, February 2015 - don't let JASBUG distract you

by Paul Ducklin on February 11, 2015 | 1 Comment
patch-tuesday-denim-250

Be careful!

The JASBUG vulnerability in Windows is grabbing the headlines, but there are other bugs this month that could hit you harder.

Paul Ducklin explains...

The end of the Silk Road for Dread Pirate Roberts - 60 Sec Security [VIDEO]

by Paul Ducklin on February 7, 2015 | Leave a comment
60ss-video-250

Here's our weekly "60 Second Security" video.

Enjoy a fresh and entertaining take on the latest security news in just one minute...

SSCC 184 - What's the lifespan of a GHOST? [PODCAST]

by Paul Ducklin on February 5, 2015 | 4 Comments
chet-chat-logo-featured-250

Our weekly security podcast - the latest news in 15 minutes, entertaining *and* educational.

Enjoy!

"Exploit This": Evaluating the exploit skills of malware groups

by Paul Ducklin on February 3, 2015 | 3 Comments
exploit-this-paper-250

SophosLabs researcher Gabor Szappanos compares APT actors and cybercrooks.

A comparative review of malware writers!

A fascinating study, well worth a read...

News Flash! 3rd time unlucky! New 0-day hits Adobe's browser plug-in...

by Paul Ducklin on February 3, 2015 | 29 Comments

Ready to kiss goodbye to Flash in your browser yet?

Here's the 3rd zero-day in Flash since Adobe's last Patch Tuesday...

The GHOST in the machine - 60 Sec Security [VIDEO]

by Paul Ducklin on January 31, 2015 | 6 Comments
60ss-video-250

Here's our weekly one-minute security video.

Sending spam, cracking the Blackphone and the GHOST in the machine. Enjoy...

The GHOST vulnerability - what you need to know

by Paul Ducklin on January 29, 2015 | 8 Comments
ghost-250

The funkily-named bug of the week is GHOST.

Here's how it got its name, why there's a problem, and what you can do about it...

Bughunter cracks "absolute privacy" Blackphone - by sending it a text message

by Paul Ducklin on January 28, 2015 | 7 Comments

Serial bughunter Mark Dowd found a hole where it *really* wasn't wanted.

In the text messaging software on the "absolute privacy" Blackphone...

Adobe gets second Flash zero-day patch ready 2 days early!

by Paul Ducklin on January 24, 2015 | 17 Comments

Good news from Adobe about CVE-2015-0311, the unpatched zero-day in Flash.

The patch is now ready via auto-update - 2 days early!

SCADA programmers? It's time for security by default! 60 Sec Security [VIDEO]

by Paul Ducklin on January 24, 2015 | Leave a comment

Here's the latest episode of our weekly 60-second security video.

Enjoy the news in just one minute...

Adobe issues emergency fix for Flash zero-day

by Paul Ducklin on January 23, 2015 | 9 Comments

Crooks are reportedly using a new Flash vulnerability called CVE-2015-0310.

Adobe has a fix already, so grab it while it's hot!

If you use either of these WordPress themes update them now

by Mark Stockley on January 22, 2015 | Leave a comment
Pagelines

Older versions of the Platform and PageLines WordPress themes contain privilege escalation vulnerabilities that could allow attackers to take over the website using them.

Big bag of fixes: Oracle's Critical Patches for Jan 2015 close 160 holes, 93 remotely exploitable

by Paul Ducklin on January 21, 2015 | 4 Comments
oracle-250

Big bag of fixes!

Oracle's Critical Patches for Jan 2015 fix 160 holes in 48 products, with 93 of those vulnerabilities remotely exploitable.

SSCC 181 - The Security Duel: "Bug reports at 15 paces" [PODCAST]

by Paul Ducklin on January 15, 2015 | 4 Comments

Microsoft vs. Google - Google vs. Users - Hackers vs. US Army - the fight is on in the latest episode of our weekly security podcast!

Enjoy...

Microsoft swings punch at Google - accuses Project Zero of a "Gotcha!"

by Paul Ducklin on January 12, 2015 | 13 Comments

Two days! Two measly days!

Google is back in the firing line, this time directly from Microsoft, over its "Project Zero" full-disclosure process...