What's Your IT Question?

Want to know more about this topic or about us? Contact us!

All posts in Vulnerability

Another Chrome zero-day exploit – so get that update done!

by Paul Ducklin Almost exactly a month ago, or a couple of days under an average month given that February was the short one, we warned of a zero-day bug in Google’s Chromium browser code. Patch now, we said. And we’re saying it again, following Google’s otherwise cheery release of . . . Read more

Keybase secure messaging fixes photo-leaking bug – patch now!

by Paul Ducklin Keybase, owned by online meeting and teleconferencing behemoth Zoom, is a secure messaging and file sharing service that describes itself as providing “end-to-end encryption for things that matter.” End-to-end encryption is pretty much what it says: encryption that starts on your computer, typically inside an individual app . . . Read more

“ScamClub” gang outed for exploiting iPhone browser bug to spew ads

by Paul Ducklin Digital ad company Confiant, which claims to “improve the digital marketing experience” for online advertisers by knowing about and getting rid of malicious and unwanted ads, has just published an analysis of a malvertising group it calls ScamClub. According to Confiant, this group is behind a massive . . . Read more

S3 Ep19: Chrome zero-day, coffee hacking and Perl.com stolen [Podcast]

by Paul Ducklin We delve into Google’s tight-lipped Chrome bugfix, explain how a Belgian researcher awarded himself 111,848 cups of coffee, and discuss the audacious but thankfully temporary theft of the Perl.com domain. With Kimberly Truong, Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. LISTEN NOW . . . Read more

Patch now to stop hackers blindly crashing your Windows computers

by Paul Ducklin As you know, our usual advice for Patch Tuesday boils down to four words, “Patch early, patch often.” There were 56 newly-reported vulnerabilities fixed in this month’s patches from Microsoft, with four of them offering attackers the chance of finding remote code execution (RCE) exploits. Remote code . . . Read more

Chrome zero-day browser bug found – patch now!

by Paul Ducklin Google, whose Project Zero bug-hunting team is often surprisingly vocal when describing and discussing software vulnerabilities, has taken a very quiet approach to a just-patched bug in its Chrome browser. In this case, the low-key announcement is understandable, because the patch fixes a hole that cybercrooks are . . . Read more