All posts in Exploit
01 Apr, 2021
Apple, Cryptography, Exploit, iOS, Naked Security Podcast, openssl, PHP, podcast, Privacy, Security News, Vulnerability
0

by Paul Ducklin Why Apple had to rush out a security update for iDevices. Two cryptographic security holes patched in OpenSSL. How PHP nearly got backdoored by crooks. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. LISTEN NOW Click-and-drag on the soundwaves below to skip . . . Read more

by Paul Ducklin Cybercrime isn’t about just one sort of attack, one type of crook, or one method of protection! Learn more: Watch directly on YouTube if the video won’t play here.Click the on-screen Settings cog to speed up playback or show subtitles. Why not join us live next time? . . . Read more
27 Mar, 2021
Apple, Apple Safari, CVE-2021-1879, Exploit, iOS, iPad, iPhone, Security News, Vulnerability, WebKit, XSS
0

by Paul Ducklin Apple has just pushed out an emergency “one-bug” security update for its mobile devices, including iPhones, iPads and Apple Watches. Even users of older iPhones who are still on the officially-supported iOS 12 version need to patch, so the versions you should be updating to are as . . . Read more

by Paul Ducklin Researchers at cybersecurity company GRIMM recently published an interesting trio of bugs they found in the Linux kernel… …in code that had been sitting there inconspicuously for some 15 years. Fortunately, it seemed that no one else had looked at the code for all that time, at . . . Read more

by Paul Ducklin The word “Hafnium” can refer [a] to a gang currently involved in a bunch of attacks, [b] to the exploits they’re using at the moment, and [c] to the malware they are deploying after they get in. Lots of things to think about – we run you . . . Read more
11 Mar, 2021
Exploit, Hafnium, Naked Security Podcast, podcast, Privacy, Python, Security News, selfies, supply chain, Vulnerability, zero day
0

by Paul Ducklin Getting to grips with the HAFNIUM gang/vulnerabilities/exploits/webshells/attacks. Why it’s important to think before you share those home-based selfies. What you need to know about social engineering. How (not!) to prove a point when you’re a programmer. With Kimberly Truong and Paul Ducklin. Intro and outro music by . . . Read more
04 Mar, 2021
0-day, Bug, chrome, Chromium, Exploit, google, Google Chrome, patch, Security News, Vulnerability, zero day
0

by Paul Ducklin Almost exactly a month ago, or a couple of days under an average month given that February was the short one, we warned of a zero-day bug in Google’s Chromium browser code. Patch now, we said. And we’re saying it again, following Google’s otherwise cheery release of . . . Read more

by Paul Ducklin Remember the last big jailbreak news? It was nearly a year ago, back in May 2020, when well-known Apple jailbreaking crew unc0ver released version 5 of their jailbreak toolkit, just a week after Apple came out with iOS 13.5. The word jailbreak, at least in the IT . . . Read more

by Paul Ducklin The graphics card that wants you to stick to playing games, the man that didn’t weigh 100 tons after all, and the marketing gang that used a browser bug to bombard iPhone users with scammy online surveys. With Kimberly Truong, Doug Aamoth and Paul Ducklin. Intro and . . . Read more

by Paul Ducklin Digital ad company Confiant, which claims to “improve the digital marketing experience” for online advertisers by knowing about and getting rid of malicious and unwanted ads, has just published an analysis of a malvertising group it calls ScamClub. According to Confiant, this group is behind a massive . . . Read more