OMIGOD, an exploitable hole in Microsoft open source code!
Got Linux? Here’s a bug you weren’t expecting, in software you might not know you have.
Want to know more about this topic or about us? Contact us!
Got Linux? Here’s a bug you weren’t expecting, in software you might not know you have.
by Paul Ducklin [05’06”] Ukrainian cops bring out the BFG (Big Fearsome Grinder) and cut open some doors. [10’23”] A repeated request for destructive Linux code enters its 15th year. [19’39”] Peloton exercise bicycles found to be rootable. [28’43”] What’s the point of paying ransomware money? [33’53”] Oh! No! of the week With Kimberly Truong, Doug Aamoth and . . . Read more
by Paul Ducklin We don’t often put out programming appeals on Naked Security, especially when the code that we’re looking for is dangerous and destructive. But this time we’re prepared to make an exception, given that it’s a rainy Friday afternoon where we are, and that this issue is now . . . Read more
by Paul Ducklin We investigate whether AirDrop is really as dangerous as researchers claimed. We discuss the pestiferous problem of fake Linux bugs submitted as an academic exercise. We review the latest Sophos Ransomware Report and uncover uncomfortable truths about paying up. With Kimberly Truong, Doug Aamoth and Paul Ducklin. . . . Read more
by Paul Ducklin One of the hot new jargon terms in cybersecurity is supply chain attack. The phrase itself isn’t new, of course, because the idea of attacking someone indirectly by attacking someone they get their supplies from, or by attacking one of their supplier’s suppliers, and so on, is . . . Read more
by Paul Ducklin The annual Pwn2Own contest features live hacking where top cybersecurity researchers duke it out under time pressure for huge cash prizes. Their quest: to prove that the exploits they claim to have discovered really do work under real-life conditions. Indeed, Pwn2Own is a bug bounty program with . . . Read more
by Paul Ducklin How a social engineer ripped off a victim lured in by one of those “small outstanding fee to pay” home delivery scams. The ransomware crooks targeting networks that still haven’t done their Hafnium patches. And the Linux kernel security holes that lay there undiscovered for 15 years. . . . Read more
by Paul Ducklin Researchers at cybersecurity company GRIMM recently published an interesting trio of bugs they found in the Linux kernel… …in code that had been sitting there inconspicuously for some 15 years. Fortunately, it seemed that no one else had looked at the code for all that time, at . . . Read more
by Paul Ducklin Apple pushed out an iOS update in something of a hurry to shut down a serious 0-day bug. The GnuPG team scrambled to fix an ironic vulnerability that could be exploited during the very process of checking if the data you just received could be trusted. And . . . Read more
At least 6,500 cryptocurrency users have been infected by new, ‘extremely intrusive’ malware that’s spread via trojanized macOS, Windows and Linux apps. A new remote access tool (RAT) has been discovered being used in an extensive campaign. The attack has targeted cryptocurrency users in an attempt to collect their private . . . Read more