What's Your IT Question?

Want to know more about this topic or about us? Contact us!

All posts in Exploit

S3 Ep26: Apple 0-day, crypto vulnerabilities and PHP backdoor [Podcast]

by Paul Ducklin Why Apple had to rush out a security update for iDevices. Two cryptographic security holes patched in OpenSSL. How PHP nearly got backdoored by crooks. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. LISTEN NOW Click-and-drag on the soundwaves below to skip . . . Read more

Apple devices get urgent patch for zero-day exploit – update now!

by Paul Ducklin Apple has just pushed out an emergency “one-bug” security update for its mobile devices, including iPhones, iPads and Apple Watches. Even users of older iPhones who are still on the officially-supported iOS 12 version need to patch, so the versions you should be updating to are as . . . Read more

S3 Ep23: Hafnium happenings, I see you, and Pythonic poison [Podcast]

by Paul Ducklin Getting to grips with the HAFNIUM gang/vulnerabilities/exploits/webshells/attacks. Why it’s important to think before you share those home-based selfies. What you need to know about social engineering. How (not!) to prove a point when you’re a programmer. With Kimberly Truong and Paul Ducklin. Intro and outro music by . . . Read more

Another Chrome zero-day exploit – so get that update done!

by Paul Ducklin Almost exactly a month ago, or a couple of days under an average month given that February was the short one, we warned of a zero-day bug in Google’s Chromium browser code. Patch now, we said. And we’re saying it again, following Google’s otherwise cheery release of . . . Read more

S3 Ep21: Cryptomining clampdown, the 100-ton man, and ScamClub ads [Podcast]

by Paul Ducklin The graphics card that wants you to stick to playing games, the man that didn’t weigh 100 tons after all, and the marketing gang that used a browser bug to bombard iPhone users with scammy online surveys. With Kimberly Truong, Doug Aamoth and Paul Ducklin. Intro and . . . Read more

“ScamClub” gang outed for exploiting iPhone browser bug to spew ads

by Paul Ducklin Digital ad company Confiant, which claims to “improve the digital marketing experience” for online advertisers by knowing about and getting rid of malicious and unwanted ads, has just published an analysis of a malvertising group it calls ScamClub. According to Confiant, this group is behind a massive . . . Read more