What's Your IT Question?

Want to know more about this topic or about us? Contact us!

All posts in Vulnerability

Apple emergency zero-day fix for iPhones and Macs – get it now!

by Paul Ducklin You might be forgiven for thinking that July 2021 was Microsoft’s month for cybersecurity vulnerabilities. First there was PrintNightmare in several guises, followed by HiveNightmare (an entirely unrelated bug that nevertheless attracted the “Nightmare” moniker), followed by PetitPotam (which went down the cute aquatic mammal naming path). . . . Read more

Windows “PetitPotam” network attack – how to protect against it

by Paul Ducklin French researcher Gilles Lionel, who goes by @topotam77, recently published proof-of-concept code that attackers could use to take over a Windows network. The hack, which he has dubbed PetitPotam (which is a nod to the endangered Pygmy Hippopotamus, as far as we can tell), involves what’s known . . . Read more

S3 Ep42: Viruses, Nightmares, patches, rewards and scammers [Podcast]

by Paul Ducklin [00’38”] Learning from computer virus history.  [02’26”] The PrintNightmare saga continues.  [05’27”] Apple puts out a patch, but doesn’t say why.  [08’12”] Snitch on a crook and earn $10 million.  [17’50”] Scammars do grammer and speeling correctly.  [25’12”] And the Business Email Compromise that wasn’t. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. . . . Read more

Windows “HiveNightmare” bug could leak passwords – here’s what to do!

by Paul Ducklin As if one Windows Nightmare dogging all our printers were not enough… …here’s another bug, disclosed by Microsoft on 2021-07-20, that could expose critical secrets from the Windows registry. Denoted CVE-2021-36934, this one has variously been nicknamed HiveNightmare and SeriousSAM. The moniker HiveNightmare comes from the fact . . . Read more

S3 Ep41: Crashing iPhones, PrintNightmares, and Code Red memories [Podcast]

by Paul Ducklin [01’32”] We explain how a format string bug could lock your iPhone out of your own network.  [08’53”] We revisit the PrintNightmare saga, which is sort-of fixed but not really.  [12’50”] We look back at the 20-year-old Code Red virus.  [18’30”] We look at what cybercriminals spend money on (hint: more cybercrime).  [29’10”] And in this . . . Read more

More PrintNightmare: “We TOLD you not to turn the Print Spooler back on!”

by Paul Ducklin “It never rains but that it pours,” as the old weather adage goes. That’s certainly how Microsoft must be seeing things right now, following the official announcement of yet another unpatched vulnerability in the Windows Print Spooler service. Dubbed CVE-2021-34481, this one isn’t quite as bad as . . . Read more