vulnerability

(get it in RSS or Atom)

Apple OS X and iOS in the vulnerability spotlight - meet "CORED," also known as "XARA"

The security issue of the week has arrived in iOS and OS X, and it's attracted a funky name already.

The researchers called it XARA, but others had different ideas, and dubbed it "CORED."

As in "Apple CORED."

Google launches Android bug bounty program

android_1200-213172579

After paying out $1.5 million to security researchers last year, Google now offers cash to Android bug hunters.

Samsung keyboard app could let a crook crack your phone

A presenter at BlackHat London has some bad news for you: the keyboard app built in to your Samsung phone may leave you open to attack.

Paul Ducklin explains and offers some advice...

Windows 10 patches - will you get them no matter what?

What does the wording about updates being "available automatically" in the Windows 10 Specifications really mean?

Authentication is all around us! 60 Sec Security [VIDEO]

Here's our latest "60 Second Security" video - catch the week's security news in just 1 minute.

You STILL support encryption designed to be crackable in 1995? 60 Sec Security [VIDEO]

Watch this week's "60 Second Security" - the one-minute news roundup video with attitude!

Anatomy of a LOGJAM - another TLS vulnerability, and what to do about it

We've had BEAST, Lucky Thirteen, BREACH, BEAST, POODLE, Heartbleed and FREAK...now, it's LOGJAM.

Paul Ducklin explains, and tells you what you can do about it.

SSCC 199 - Don't panic, it's not really as VENOMous as you thought [PODCAST]

Our latest weekly security podcast - the VENOM bug, iris recognition, a spyware company breach, and ID trouble at the Passport Agency.

Happy listening!

SSCC 198 - "Fusking"? Did I hear that correctly? [PODCAST]

A week of many patches, Lenovo in the news again, an anti-forensic tool with a misleading name, and the rudely-named "sport" of Fusking.

Listen to our latest straight-talking security podcast...

The VENOM "virtual machine escape" bug - what you need to know

snake-1200

Here's what you need to know about VENOM, the latest security vulnerability to be given a marketing-friendly name.

If you're using any virtual machines, read this to set your mind at rest...

Apple updates Safari on OS X, fixes critical flaws

No sooner had we reported that Microsoft will adopt a "rolling update" model for Windows 10...

...than we received notice of Apple's latest "rolling update" for its Safari browser.

Microsoft Word Intruder - the malware that writes new malware for you

Malware construction kits started in the 1990s as a way of expanding the virus-writing counterculture, but now they are all about money. SophosLabs looks at MWI, the Microsoft Word Intruder...

Bugs in the hospital: how to pwn your own pethidine machine

Feeling short-changed by the nurse in charge of your painkiller quota? Telnet into the drug dispenser!

Paul Ducklin looks at how to avoid this sort of security hole...

That's SHUTTING down your PC, not SHOOTING it down! 60 Sec Security [VIDEO]

Ever felt like shooting your PC? This guy did it! (And more news in our weekly one-minute security video.)

Wi-Fi security software chokes on network names, opens potential hole for hackers

wifi-250

The Wi-Fi security software "wpa_supplicant," found in Android amongst many other places, has a potentially hackable security hole...

SSCC 195 - Let's talk security (over HTTPS, of course) [PODCAST]

This week, Chester is at the RSA Conference 2015.

Get a feel for the conference vibe, hear about this year's themes, and, of course, catch up on the latest security news...

D-Link router user? Keep your ears and eyes open for the next firmware fixes!

A critical bug that leaves various D-Link routers wide open has apparently been patched...

...except that the patches need patches.

Watch out!

If the "Deep Web" becomes searchable, is it still deep? 60 Sec Security [VIDEO]

Watch the latest episode of our only-takes-a-minute security roundup video!

This week: From old crypto bugs to the latest Windows security holes...

Google fixes potential revenue-stealing "comment cloning" YouTube bug

Two Egyptian security researchers figured out how to clone other people's YouTube comments.

You could "borrow" approvals and positive reviews so that they appeared to promote your videos, too.

Update Tuesday, April 2015 - Urgent action needed over Microsoft HTTP bug

We don't usually focus on one vulnerability and say, "Do that first." But this month, we're willing to make an exception.

The Microsoft HTTP stack has a bug that could let attackers straight in with a simple HTTP request...