vulnerability

(get it in RSS or Atom)

SSCC 167 - Avoiding the shock of Shellshock (and more!) [PODCAST]

Here's the latest episode of our weekly Chet Chat podcast!

Shellshock leads the list, of course, but Snapchat, cybersecurity awareness and the iPhone 6 all get a look in too...

Are you tired of weak or fake zero-day exploits? 60 Sec Security [VIDEO]

Watch our latest 60 Second Security video!

An entertaining but insightful look at the week's security woes - in just one minute...

Bash “Shellshock” vulnerability – what you need to know

shellshock-250

Shellshock is the media-friendly name for a remote code execution hole in Bash, a command shell commonly used on Linux and UNIX systems.

Paul Ducklin explains...

Apple ships a sevenfold security surprise, including iOS 8 and OS X 10.9.5

apple-upd-250

Apple doesn't have Patch Tuesdays, but it does have Update Surprisedays.

We just had one of them, with brand new and more secure versions of iOS, OS X and Safari.

"Shocking" Android browser bug could be a "privacy disaster": here's how to fix it

browser-250

The Metasploit crew is calling this Android Browser bug a "privacy disaster.”

Here's what you can do to avoid trouble...

SSCC 164 - Spend Bitcoins using Apple Pay? *NOW* you've got me interested! [PODCAST]

Here's this week's Sophos Security Chet Chat for your listening pleasure.

Our weekly computer security podcast with the News You Can Use...

Patch Tuesday wrap-up, September 2014 - why even a single-bit data leak is worth fixing

patch-tuesday-denim-250

Here's what you need to know about the September 2014 Patch Tuesday updates from Microsoft and Adobe...

SSCC161 - What do you mean, "Trade him for Edward Snowden"? [PODCAST]

Here's the latest Chet Chat security podcast!

Sophos experts Chester Wisniewski and Paul Ducklin once again turn plain old news into advice you can use.

Apple Safari for OS X gets "click-to-own" security holes patched

safari-250

The 6th Safari security update in 10 months is out.

With fixes for 7 potential remote code execution holes, get it while it's hot...

Android "FakeID" security hole causes a pre-BlackHat stir

Seems that a rogue Android app can get more privileges than it deserves simply by saying that someone trustworthy has vouched for it.

It's been dubbed the "FakeID" hole...

Hacking, spamming, rogue SMSes and browsers - 60 Sec Security [VIDEO]

The week's security news, turned into an entertaining lesson, turned into a 1-min video...

60 Sec Security, 26 July 2014

Firefox 31 has arrived - 11 bulletins, 3 critical, 0 visual surprises

fftb-250

Firefox 31 is out.

So is its updated conservative older brother, the Extended Support Release, now at 24.7.

And Firefox's email-oriented cousin Thunderbird gets updated, too.

SoHo routers to get hacker-style scrutiny in return for "awesome" prizes

soho-250

Buy a $50 SoHo router, plug it in, press a couple of buttons.

Bingo! A connected household! What could possibly go wrong?

If history is any guide, quite a lot...

It's all about trust! 60 Sec Security [VIDEO]

Watch 60 Second Security for 19 July 2014 - it's all about trust!

Cisco warns of big remote management hole in tiny routers

cisco-250

Even little routers can have giant holes, as Cisco warns in a just-published security advisory.

Oracle's "Patch Tuesday" brings 113 patches across 13 product families

0-250

Oracle's July 2014 security patches are out, and there's a ton of them.

Literally and figuratively...

LibreSSL ships first portable version, now up to 48% less huge!

LibreSSL, OpenBSD's drop-in replacement for OpenSSL started after the pain of Heartbleed, has just published its first "portable" version.

If you're a coder and you're interested in security, why not try it and see what you think?

Patch Tuesday wrap-up, July 2014 - Adobe fixes "Rosetta", plus a new risky file type on Windows...

patch-tuesday-denim-250

Patch Tuesday for July 2014 is just behind us in the case of Microsoft and Adobe, and just ahead of us in the case of Oracle.

Paul Ducklin tells you what you need to know...

Monday review - the hot 22 stories of the week

dow-250

It's weekly roundup time!

Here's all the great stuff we've written in the past seven days.

Patch Tuesday for July 2014 - 6 bulletins, 2 RCEs, 3 EoPs and get ready to reboot

pt-2014-07-250

Here's what to expect from Microsoft in the July 2014 edition of Patch Tuesday, scheduled to ship on Tuesday 08 July 2014...