vulnerability

(get it in RSS or Atom)

Adobe publishes out-of-band Flash update - provides "booster dose" for October's patches

Adobe has published a Flash update, dubbed APSB14-26.

The new patch offers additional protection against a vulnerability that was originally addressed in October 2014.

WordPress issues critical security fixes, closing remote anonymous compromise bug and more

wp-250

WordPress has just published a critical security release.

If you're still on WordPress 3, this is about as critical as it gets, because one of the fixes closes a "remote anonymous compromise" bug.

"That's not a hack..." - 60 Sec Security [VIDEO]

Here's our latest 60 Second Security video.

One week of news in one amusingly informative minute...

Microsoft "tops up" Patch Tuesday, issues delayed fix for zero-day hole in logon security

Microsoft has issued a "top up" security bulletin for a fix that didn't quite make it into the November 2014 Patch Tuesday.

The vulnerability can be used to turn any user into a domain administrator, and it's been exploited in the wild...

Apple ships OS X 10.10.1 - does it fix those Wi-Fi problems?

yos-wifi-250

Reader: "So Paul, has Yosemite 10.10.1 fixed the Wi-Fi problems?"

Duck: "The answer is..."

Find out, as they say, inside.

The worst password in the penitentiary - 60 Sec Security [VIDEO]

Here's this week's 60 Second Security video.

The latest news made educational and amusing...and it only takes a minute.

Patch Tuesday wrap-up, November 2014: Microsoft joins the "security hole in HTTPS" club

Here's what you need to know about the November 2014 Patch Tuesday updates from Microsoft and Adobe...

SSCC 172 - Ransomware's not dead! [PODCAST]

Here's the latest episode of our weekly security podcast.

News you can use!

Millions of Drupal websites at risk from failure to patch

Millions of Drupal websites at risk from failure to patch

You should assume that your Drupal 7 website has been compromised if you didn't patch it within 7 hours of the release of Drupal 7.32 on 15 October 2014.

SSCC 171 - Are you SURE that "1234" is a bad password? [PODCAST]

Here's the latest Chet Chat podcast for your listening pleasure...

Enjoy.

POODLEs, Sandworms and getting safe online - 60 Sec Security [VIDEO]

The week's security news, turned into an entertaining lesson, turned into a 1-minute video.

Enjoy...

Has the "Sandworm" zero-day exploit burrowed back to the surface?

sand-2-250

You may have noticed that Microsoft recently published a Security Advisory that sounds a lot like the "Sandworm" vulnerability all over again.

Paul Ducklin explains...

Apple pushes out iOS 8.1 - kills the mobile POODLE and closes some, ahem, "backdoors"

8dot1-250

The marquee vulnerablity fixed in iOS 8.1 is, as you might expect, POODLE.

But there are other cryptographic fixes in iOS 8.1 that are equally important...because cryptography is notoriously hard to get right first time.

Apple kills the POODLE – also fixes Shellshock in case you forgot

poosdle-osx-250

Apple just shipped OS X 10.10 Yosemite - including a fix for the POODLE vulnerability.

Mavericks and Mountain Lion also got updates to kill the POODLE.

As for Lion, now three releases off the pace...bad news.

The "Sandworm" malware - what you need to know

sandworm-250

Fortunately, the Sandworm malware is a lot easier to deal with than the giant science fiction creature from which it takes its name.

In fact, in malware terms, it's not a worm at all.

Paul Ducklin takes a look...

Patch Tuesday for October 2014 - bigger than usual as Microsoft, Adobe and Oracle align

Oracle, Adobe and Microsoft patches are all arriving together on Tuesday 14 October 2014.

Paul Ducklin looks at what to expect...

SSCC 168 - Amaze your friends by ruining all their USB drives! [PODCAST]

Here's the latest Chet Chat security podcast for your listening pleasure.

Sophos experts Chester Wisniewski and Paul Ducklin take apart the latest computer security stories to turn them into news you can use.

SSCC 167 - Avoiding the shock of Shellshock (and more!) [PODCAST]

Here's the latest episode of our weekly Chet Chat podcast!

Shellshock leads the list, of course, but Snapchat, cybersecurity awareness and the iPhone 6 all get a look in too...

Are you tired of weak or fake zero-day exploits? 60 Sec Security [VIDEO]

Watch our latest 60 Second Security video!

An entertaining but insightful look at the week's security woes - in just one minute...