What's Your IT Question?

Want to know more about this topic or about us? Contact us!

All posts in Vulnerability

Apple Operating Systems are Being Targeted by Threat Actors, Plus 4 More Vulnerability Trends

The number of macOS vulnerabilities exploited in 2023 increased by more than 30%, according to a new report. The Software Vulnerability Ratings Report 2024 from patch management software company Action1 also found that Microsoft Office programs are becoming more exploitable, while attackers are targeting load balancers like NGINX and Citrix . . . Read more

S3 Ep149: How many cryptographers does it take to change a light bulb?

by Paul Ducklin HOW MANY CRYPTOGRAPHERS? No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify and anywhere that good podcasts are found. Or just drop the . . . Read more

S3 Ep146: Tell us about that breach! (If you want to.)

by Paul Ducklin WEIRD BUT TRUE No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify and anywhere that good podcasts are found. Or just drop the . . . Read more

S3 Ep145: Bugs With Impressive Names!

by Paul Ducklin ONE WEEK, TWO BWAINS Apple patches two zero-days, one for a second time. How a 30-year-old cryptosystem got cracked. All your secret are belong to Zenbleed. Remembering those dodgy PC/Mac ads. No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and . . . Read more

Zenbleed: How the quest for CPU performance could put your passwords at risk

by Paul Ducklin Remember Heartbleed? That was the bug, back in 2014, that introduced the suffix -bleed for vulnerabilities that leak data in a haphazard way that neither the attacker nor the victim can reliably control. In other words, a crook can’t use a bleed-style bug for a precision attack, . . . Read more

Apple ships that recent “Rapid Response” spyware patch to everyone, fixes a second zero-day

by Paul Ducklin Two weeks ago, we urged Apple users with recent hardware to grab the company’s second-ever Rapid Response patch. As we pointed out at the time, this was an emergency bug fix to block off a web-browsing security hole that had apparently been used in real-world spyware attacks: . . . Read more