Security Risks of Monoculture2023-03-29 15:30:02Seven respected information security experts have released a paper pointing out that the ubiquity of the Microsoft operating system is a security risk. Worth reading.
Cops use fake DDoS services to take aim at wannabe cybercriminals2023-03-28 19:58:35Thinking of trying a bit of DDoSsing to get a feel for life at the fringes of the Dark Side? Don't do it!
Apple patches everything, including a zero-day fix for iOS 15 users2023-03-28 18:59:24Got an older iPhone that can't run iOS 16? You've got a zero-day to deal with! That super-cool Studio Display monitor needs patching, too.
Microsoft assigns CVE to Snipping Tool bug, pushes patch to Store2023-03-27 19:59:15Microsoft says "successful exploitation requires uncommon user interaction", but it's the innocent and accidental leakage of private data you should be concerned about.
In Memoriam – Gordon Moore, who put the more in “Moore’s Law”2023-03-27 18:05:44His prediction was called a "Law", though it was an exhortation to engineering excellence as much it was an estimate.
WooCommerce Payments plugin for WordPress has an admin-level hole – patch now!2023-03-24 19:48:35Admin-level holes in websites are always a bad thing... and for "bad", read "worse" if it's an e-commerce site.
S3 Ep127: When you chop someone out of a photo, but there they are anyway…2023-03-23 19:59:21Listen now - latest episode. Full transcript inside.
Windows 11 also vulnerable to “aCropalypse” image data leakage2023-03-22 19:59:10Turns out that the Windows 11 Snipping Tool has the same "aCropalypse" data leakage bug as Pixel phones. Here's how to work around the problem...
Google Pixel phones had a serious data leakage bug – here’s what to do!2023-03-21 19:58:55What if the "safe" images you shared after carefully cropping them... had some or all of the "unsafe" pixels left behind anyway?
Bitcoin ATM customers hacked by video upload that was actually an app2023-03-20 19:50:17As the misquote goes, "Once is misfortune..." This is the second time, and you know what Lady Bracknell had to say about that...
Dangerous Android phone 0-day bugs revealed – patch or work around them now!2023-03-17 19:56:10Despite its usually inflexible 0-day disclosure policy, Google is keeping four mobile modem bugs semi-secret due to likely ease of exploitation.
S3 Ep 126: The price of fast fashion (and feature creep) [Audio + Text]2023-03-16 19:56:56Worried about rogue apps? Unsure about the new Outlook zero-day? Clear advice in plain English... just like old times, with Duck and Chet!
Microsoft fixes two 0-days on Patch Tuesday – update now!2023-03-15 19:06:08An email you haven't even looked at yet could be used to trick Outlook into helping crooks to logon as you.
Firefox 111 patches 11 holes, but not 1 zero-day among them…2023-03-14 19:16:58In the game of cricket, 111 is an inauspicious number, but for Firefox, there doesn't seem to be much to worry about this month.
Linux gets double-quick double-update to fix kernel Oops!2023-03-13 19:59:05Linux doesn't BSoD. It has oopses and panics instead. (We show you how to make a kernel module to explore further.)
SHEIN shopping app goes rogue, grabs price and URL data from your clipboard2023-03-10 19:58:29It's not exactly data theft, but it's worryingly close to "unintentional treachery" - apparently because it's great for marketing purposes
S3 Ep125: When security hardware has security holes [Audio + Text]2023-03-09 20:58:21Lastest episode - listen now! (Full transcript inside.)
Serious Security: TPM 2.0 vulns – is your super-secure data at risk?2023-03-07 19:59:14Security bugs in the very code you've been told you must have to improve the security of your computer...
DoppelPaymer ransomware supsects arrested in Germany and Ukraine2023-03-06 19:16:58Devices seized, suspects interrogated and arrested, allegedly connected to devastating cyberattack on University Hospital in Düsseldorf.
Feds warn about right Royal ransomware rampage that runs the gamut of TTPs2023-03-03 19:56:34Wondering which cybercrime tools, techniques and procedures to focus on? How about any and all of them?
S3 Ep124: When so-called security apps go rogue [Audio + Text]2023-03-02 19:40:41Rogue software packages. Rogue "sysadmins". Rogue keyloggers. Rogue authenticators. Rogue ROGUES!
LastPass: Keylogger on home PC led to cracked corporate password vault2023-02-28 19:23:16Seems the crooks implanted a keylogger via a vulnerable media app (LastPass politely didn't say which one!) on a developer's home computer.
Beware rogue 2FA apps in App Store and Google Play – don’t get hacked!2023-02-27 20:37:56Even in Apple's and Google's "walled gardens", there are plenty of 2FA apps that are either dangerously incompetent, or unrepentantly malicious. (Or perhaps both.)
Dutch police arrest three cyberextortion suspects who allegedly earned millions2023-02-27 19:33:11Ever paid hush money to crooks who broke into your network? Wondered how much you can trust them?