What's Your IT Question?

Want to know more about this topic or about us? Contact us!

All posts in Vulnerability

S3 Ep32: AirTag jailbreak, Dell vulns, and a never-ending scam [Podcast]

by Paul Ducklin Apple’s brand new AirTag product got hacked already. Things you can learn from Colonial Pipeline’s ransomware misfortune. Why Dell patched a bunch of driver bugs going back more than a decade. And the “Is it you in the video?” scam just keeps on coming back. With Kimberly . . . Read more

S3 Ep31: Apple zero-days, Flubot scammers and PHP supply chain bug [Podcast]

by Paul Ducklin We look into Apple’s recent emergency updates that closed off four in-the-wild browser bugs. We explain how the infamous “Flubot” home delivery scam works and how to stop it. We investigate a recent security bug that threatened the PHP ecosystem. With Doug Aamoth and Paul Ducklin. Intro . . . Read more

Dell fixes exploitable holes its own firmware update driver – patch now!

by Paul Ducklin Researchers at SentinelLabs say that they found various exploitable bugs in one of Dell’s Windows kernel drivers, which they reported back in December 2020. There were five related bugs, now collectively dubbed CVE-2021-21551. Dell has now issued a patch for these vulnerabilities (the official update is dated . . . Read more

Apple products hit by fourfecta of zero-day exploits – patch now!

by Paul Ducklin It’s only a week since Apple’s last product updates, but it’s already time to update again. As you probably know, Apple, unusually amongst major operating system and application producers, doesn’t have any sort of predictable schedule for its security patches. Unlike vendors such as Microsoft (monthly), Google . . . Read more

PHP community sidesteps its third supply chain attack in three years

by Paul Ducklin Swiss cybersecurity researchers recently found security holes in Composer, the software tool that programming teams use to access Packagist, the PHP ecosystems’s major online repository of PHP software modules. These bugs could have allowed cybercriminals to poison the Packagist system itself, thus tainting the very watering hole . . . Read more

S3 Ep30: AirDrop worries, Linux pests and ransomware truths [Podcast]

by Paul Ducklin We investigate whether AirDrop is really as dangerous as researchers claimed. We discuss the pestiferous problem of fake Linux bugs submitted as an academic exercise. We review the latest Sophos Ransomware Report and uncover uncomfortable truths about paying up. With Kimberly Truong, Doug Aamoth and Paul Ducklin. . . . Read more