vulnerability

(get it in RSS or Atom)

What's that screenshot doing on Facebook? 60 Sec Security [VIDEO]

Facebook, ransomware and updates to updates - all in 60 seconds!

Our weekly video for 21 March 2015...

Double FREAK! A cryptographic bug that was found because of the FREAK bug

Researchers checking up on the state of FREAK patching turned up another bug as a result.

Sometimes, finding programming mistakes requires serendipitous coincidences!

SSCC 190 - The CeBIT 2015 edition [PODCAST]

sscc-5-years-250

Recorded right on the Sophos booth at the CeBIT show in Hannover, Germany.

Here's the Fifth Anniversary edition of our weekly podcast...enjoy!

Bank tests heartbeat-encoded wristbands for online authentication

UK bank tests heartbeat-encoded wristbands for online authentication

Halifax is trialing the use of a wristband to store our ECGs, given that our hearts are random number generators unique to every individual.

Update Tuesday wrap-up, March 2015 - FREAK fixed fast, and lots more from Microsoft

Adobe published no bulletins for March 2015, so this one is all about Microsoft...

Apple fixes FREAK in iOS, OS X and Apple TV - and numerous other holes besides

Apple's latest security fixes are out.

The FREAK bug is now fixed, but so are numerous other holes worth patching in their own right.

Google turns Pwnium into an all-year, unlimited-rewards bug-hunting contest

Bug. Image courtesy of Shutterstock.

Google's new thinking around bug hunting: get it to us ASAP, from wherever you are.

Lenovo "Superfish" controversy - what you need to know

sf-250

Controversy of the week is "Superfish," an adware program pre-installed on Lenovo computers that has some worrying security problems.

Here's what you need to know, in plain English...

FreeBSD and the YARNBUG - more trouble at the Random Number Mill

How do you test your random number generator?

How do you determine, in an ordered way, that a sequence of numbers is entirely disordered?

With difficulty!

SSCC 185 - "I have a number for you: Eighty Million" [PODCAST]

Our weekly "Chet Chat" podcast is carefully prepared to fit into a quarter-hour, so it is clear and concise as well as being witty and amusing.

Enjoy...

The "JASBUG" Windows vulnerability - beyond the hype, what you need to know

jasbug-500

Struggling to understand the JASBUG flaw fixed by Microsoft in this month's Update Tuesday?

Paul Ducklin explains it clearly, with minimal jargon.

Update Tuesday wrap-up, February 2015 - don't let JASBUG distract you

Be careful!

The JASBUG vulnerability in Windows is grabbing the headlines, but there are other bugs this month that could hit you harder.

Paul Ducklin explains...

The end of the Silk Road for Dread Pirate Roberts - 60 Sec Security [VIDEO]

Here's our weekly "60 Second Security" video.

Enjoy a fresh and entertaining take on the latest security news in just one minute...

SSCC 184 - What's the lifespan of a GHOST? [PODCAST]

Our weekly security podcast - the latest news in 15 minutes, entertaining *and* educational.

Enjoy!

"Exploit This": Evaluating the exploit skills of malware groups

exploit-this-paper-250

SophosLabs researcher Gabor Szappanos compares APT actors and cybercrooks.

A comparative review of malware writers!

A fascinating study, well worth a read...

News Flash! 3rd time unlucky! New 0-day hits Adobe's browser plug-in...

Ready to kiss goodbye to Flash in your browser yet?

Here's the 3rd zero-day in Flash since Adobe's last Patch Tuesday...

The GHOST in the machine - 60 Sec Security [VIDEO]

Here's our weekly one-minute security video.

Sending spam, cracking the Blackphone and the GHOST in the machine. Enjoy...

The GHOST vulnerability - what you need to know

ghost-250

The funkily-named bug of the week is GHOST.

Here's how it got its name, why there's a problem, and what you can do about it...

Bughunter cracks "absolute privacy" Blackphone - by sending it a text message

Serial bughunter Mark Dowd found a hole where it *really* wasn't wanted.

In the text messaging software on the "absolute privacy" Blackphone...

Adobe gets second Flash zero-day patch ready 2 days early!

Good news from Adobe about CVE-2015-0311, the unpatched zero-day in Flash.

The patch is now ready via auto-update - 2 days early!