Want to know more about this topic or about us? Contact us!
by Paul Ducklin Almost exactly a month ago, or a couple of days under an average month given that February was the short one, we warned of a zero-day bug in Google’s Chromium browser code. Patch now, we said. And we’re saying it again, following Google’s otherwise cheery release of . . . Read more
by Paul Ducklin Keybase, owned by online meeting and teleconferencing behemoth Zoom, is a secure messaging and file sharing service that describes itself as providing “end-to-end encryption for things that matter.” End-to-end encryption is pretty much what it says: encryption that starts on your computer, typically inside an individual app . . . Read more
by Paul Ducklin Digital ad company Confiant, which claims to “improve the digital marketing experience” for online advertisers by knowing about and getting rid of malicious and unwanted ads, has just published an analysis of a malvertising group it calls ScamClub. According to Confiant, this group is behind a massive . . . Read more
by Paul Ducklin We know what you’re thinking: “I bet you this is what they call a supply chain attack.” And you’d be right. The “one man” in the headline is cybersecurity researcher Alex Birsan, and his paper Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other . . . Read more
by Paul Ducklin We discuss bug hunting – how to do it professionally, how NOT to do it, and how to react when bugs are reported to you: [embedded content] Watch directly on YouTube if the video won’t play here. Click the on-screen Settings cog to speed up playback or . . . Read more
by Paul Ducklin We delve into Google’s tight-lipped Chrome bugfix, explain how a Belgian researcher awarded himself 111,848 cups of coffee, and discuss the audacious but thankfully temporary theft of the Perl.com domain. With Kimberly Truong, Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. LISTEN NOW . . . Read more
by Paul Ducklin As you know, our usual advice for Patch Tuesday boils down to four words, “Patch early, patch often.” There were 56 newly-reported vulnerabilities fixed in this month’s patches from Microsoft, with four of them offering attackers the chance of finding remote code execution (RCE) exploits. Remote code . . . Read more
by Paul Ducklin We’re all appalled at scammers who take advantage of people’s fears to sell them products they don’t need, or worse still products that don’t exist and never arrive. Worst of all, perhaps, are the scammers who offer products and services that do exactly the opposite of what . . . Read more
by Paul Ducklin Google announced a critical bug in Chrome last week – a bug that affected Edge as well. But the company kept details of the bug secret, presumably to avoid having thousands of crooks simultaneously figuring out, “Ah, so that’s where to look!” All we were told was that . . . Read more
by Paul Ducklin Google, whose Project Zero bug-hunting team is often surprisingly vocal when describing and discussing software vulnerabilities, has taken a very quiet approach to a just-patched bug in its Chrome browser. In this case, the low-key announcement is understandable, because the patch fixes a hole that cybercrooks are . . . Read more