by Paul Ducklin This week: the DOJ’s attempt to reignite the Battle to Break Encryption; the story of the Russian hackers behind the Sandworm Team; a zero-day bug just patched in Chrome; and (oh no!) […]
Tag: vulnerability
Chrome zero-day in the wild – patch now! – Naked Security
Do you browse with Google Chrome or a related product such as Chromium? If so, please check that your auto-updater is working and that you have the latest version. A trip to the About Chrome […]
Google’s Waze Can Allow Hackers to Identify and Track Users
The company already patched an API flaw that allowed a security researcher to use the app to find the real identity of drivers using it. Source link
are you at risk? – Naked Security
Here’s the latest episode of our weekly Naked Security Live video series. By the way, if you want to ask questions in real time while we’re online, we’d love you to join in live – […]
Windows “Ping of Death” bug revealed – patch now! – Naked Security
Every time that critical patches come out for any operating system, device or app that we think you might be using, you can predict in advance what we’re going to say. Patch early, patch often. […]
Critical Flash Player Flaw Opens Adobe Users to RCE
The flaw stems from a NULL Pointer Dereference error and plagues the Windows, macOS, Linux and ChromeOS versions of Adobe Flash Player. Source link
Creepy covert camera “feature” found in popular smartwatch for kids – Naked Security
If you nearly didn’t read this article because you thought the headline sounded unsurprising, like “Dinosaurs Still Extinct” or “Sun to Rise in East”… …then be aware that we nearly didn’t write it for the […]
8 tips to tighten up your work-from-home network – Naked Security
Earlier this week, we published an article headlined “If you connect it, protect it.” The TL;DR version of that article is, of course, exactly the same as the headline: if you connect it, protect it. […]
Microsoft Azure Flaws Open Admin Servers to Takeover
Two flaws in Microsoft’s cloud-based Azure App Services could have allowed server-side forgery request (SSFR) and remote code-execution attacks. Source link
Comcast TV Remote Hack Opens Homes to Snooping
Researchers disclosed the ‘WarezTheRemote’ attack, affecting Comcast’s XR11 voice remote control. Source link
305 CVEs and Counting: Bug-Hunting Stories From a Security Engineer
Larry Cashdollar, senior security response engineer at Akamai, talks about the craziest stories he’s faced, reporting CVEs since 1994. Source link
GitHub launches automated code vulnerability scanner for developers
GitHub enhanced its platform today with the launch of a vulnerability scanner that can automatically find security issues in developers’ software projects. The addition will not only make GitHub’s feature set more competitive but potentially […]
Microsoft Exchange Servers Still Open to Actively Exploited Flaw
Despite Microsoft issuing patches almost eight months ago, 61 percent of Exchange servers are still vulnerable. Source link
Critical Industrial Flaws Pose Patching Headache For Manufacturers
When it comes to patching critical flaws, industrial firms face various challenges - with some needing to shut down entire factories in order to apply updates. Source link
Firefox 81 Release Kills High-Severity Code-Execution Bugs
Mozilla has fixed three high-severity flaws with the release of Firefox 81 and Firefox ESR 78.3. Source link
are you at risk?” – Naked Security
We do a show on Facebook every week in our Naked Security Live video series, where we discuss one of the big security concerns of the week. We’d love you to join in if you […]
Zerologon – hacking Windows servers with a bunch of zeros – Naked Security
The big, bad bug of the week is called Zerologon. As you can probably tell from the name, it involves Windows – everyone else talks about logging in, but on Windows you’ve always very definitely […]
Feds Warn Nation-State Hackers are Actively Exploiting Unpatched Microsoft Exchange, F5, VPN Bugs
Monday’s CISA advisory is a staunch reminder for federal government and private sector entities to apply patches for flaws in F5 BIG-IP devices, Citrix VPNs, Pulse Secure VPNs and Microsoft Exchange servers. Source link
Hacking Windows passwords via your wallpaper – Naked Security
Our cybersecurity antennae always start vibrating when we see warnings about attacks that involve a new type of file. We’re sure you have the same sort of reaction. After all, if a file type that […]
Betty Gilpin Embraces the Vulnerability of Filming GLOW: ‘We’re All in This Together, Pantsless’
Betty Gilpin knows how GLOW looks from the outside. Netflix’s ’80s-set wrestling comedy can get raw outside the ring, but when the Gorgeous Ladies of Wrestling are performing — with their big hair, tight spandex, and layers of […]
Attackers Can Exploit Critical Cisco Jabber Flaw With One Message
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will […]
Google Ups Product-Abuse Bug Bounties
The top award for flaws that allow cybercriminals to abuse legitimate services has increased by 166 percent. Source link
U.S. Agencies Must Adopt Vulnerability-Disclosure Policies by March 2021
U.S. agencies must implement vulnerability-disclosure policies by March 2021, according to a new CISA mandate. Source link
Cisco Warns of Active Exploitation of Flaw in Carrier-Grade Routers
Multiple flaws in system software that causes errors in packet handling could allow an attacker to consume memory and crash devices. Source link