All posts in Vulnerability

by Paul Ducklin Remember that zipped-lipped but super-fast update that Apple pushed out three weeks ago, on 2023-05-01? That update was the very first in Apple’s newfangled Rapid Security Response process, whereby the company can push out critical patches for key system components without going through a full-size operating system . . . Read more

Get technical details about how the cybercriminals are targeting this vulnerability, who is impacted, and how to detect and protect against this security threat. Image: Getty Images/iStockphoto Several ransomware groups and state-sponsored cyberespionage threat actors are exploiting a vulnerability affecting printing software tools PaperCut MF and PaperCut NG to compromise . . . Read more

by Paul Ducklin We’ve written about PHP’s Packagist ecosystem before. Like PyPI for Pythonistas, Gems for Ruby fans, NPM for JavaScript programmers, or LuaRocks for Luaphiles, Packagist is a repository where community contributors can publish details of PHP packages they’ve created. This makes it easy for fellow PHP coders to . . . Read more

by Paul Ducklin We’ve written about the uncertainty of Apple’s security update process many times before. We’ve had urgent updates accompanied by email notifications that warned us of zero-day bugs that needed fixing right away, because crooks were already onto them… …but without even the vaguest description of what sort . . . Read more
27 Apr, 2023
chrome, cybercrime, Edge, google, Google Chrome, Microsoft, Microsoft Edge, PaperCut, podcast, Privacy, Security News, Vulnerability
0

by Paul Ducklin 2FA, HACKING, AND PATCHING No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just . . . Read more

by Paul Ducklin We’ll be honest, and admit that we hadn’t heard of the printer management software PaperCut until this week. In fact, the first time we heard the name was in the context of cybercriminality and malware attacks, and we naively assumed that “PaperCut” was what we like to . . . Read more
24 Apr, 2023
chrome, Chromium, Edge, google, Google Chrome, Microsoft, Microsoft Edge, patch, Security News, Vulnerability, zero day
0

by Paul Ducklin If you’re a Google Chrome or Microsoft Edge browser fan, you’re probably getting updates automatically and you’re probably up to date already. However… …just in case you’ve missed any updates recently, we suggest you go and check right now, because the Chromium browser core, on which both . . . Read more

by Paul Ducklin Logging software has made cyberinsecurity headlines many times before, notably in the case of the Apache Log4J bug known as Log4Shell that ruined Christmas for many sysadmins at the end of 2021. The Log4Shell hole was a security flaw in the logging process itself, and boiled down . . . Read more
13 Apr, 2023
Apple, cybercrime, exoploit, Hacking, IoT, Microsoft, Naked Security Podcast, podcast, Security News, Vulnerability, zero day
0

by Paul Ducklin I’M SORRY, DAVE, I’M AFRAID… SORRY, MY MISTAKE, I CAN DO THAT EASILY No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher . . . Read more

by Paul Ducklin It’s Patch Tuesday Week (if you will allow us our daily pleonasm), and Microsoft’s updates include fixes for a number of security holes that the company has dubbed Critical, along with a zero-day fix, although the 0-day only gets a rating of Important. The 0-day probably got . . . Read more