All posts in Vulnerability
24 Aug, 2023
cybercrime, Data loss, Hacking, IoT, Naked Security Podcast, podcast, Privacy, Security News, TP-LINK, Vulnerability, WinRAR
0

by Paul Ducklin HOW MANY CRYPTOGRAPHERS? No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify and anywhere that good podcasts are found. Or just drop the . . . Read more

by Paul Ducklin A trio of researchers split between Italy and the UK have recently published a paper about cryptographic insecurities they found in a widely-known smart light bulb. The researchers seem to have chosen their target device, the TP-Link Tapo L530E, on the basis that it is “currently [the] . . . Read more

by Paul Ducklin The August 2023 Microsoft security updates are out (the first day of the month was a Tuesday, making this month’s Patch Tuesday as early as ever it can be), with 74 CVE-numbered bugs fixed. Intriguingly, if not confusingly, Microsoft’s offical bug listing page is topped by two . . . Read more
03 Aug, 2023
BWAIN, Data leakage, Data loss, Firefox, Law & order, Naked Security Podcast, podcast, SEC, Security News, Vulnerability
0

by Paul Ducklin WEIRD BUT TRUE No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify and anywhere that good podcasts are found. Or just drop the . . . Read more

by Paul Ducklin Another week, another BWAIN! As you’ll know if you listened to last week’s podcast (hint, hint!), BWAIN is short for Bug With An Impressive Name: It’s a nickname we apply when the finders of a new cybersecurity attack get so excited about their discovery that they give . . . Read more

by Paul Ducklin The latest full new version of Firefox is out, marking the first of two “monthly” upgrades you’ll see this month. Just as there will be a blue moon in August 2023 (that’s the name applied to a second full moon in the same calendar month, rather than . . . Read more
27 Jul, 2023
Apple, BWAIN, Cryptography, Data loss, iPhone, Naked Security Podcast, podcast, Security News, Spyware, TETRA:BURST, Triangulation Trojan, Vulnerability, Zenbleed
0

by Paul Ducklin ONE WEEK, TWO BWAINS Apple patches two zero-days, one for a second time. How a 30-year-old cryptosystem got cracked. All your secret are belong to Zenbleed. Remembering those dodgy PC/Mac ads. No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and . . . Read more

by Paul Ducklin Remember Heartbleed? That was the bug, back in 2014, that introduced the suffix -bleed for vulnerabilities that leak data in a haphazard way that neither the attacker nor the victim can reliably control. In other words, a crook can’t use a bleed-style bug for a precision attack, . . . Read more

by Paul Ducklin Two weeks ago, we urged Apple users with recent hardware to grab the company’s second-ever Rapid Response patch. As we pointed out at the time, this was an emergency bug fix to block off a web-browsing security hole that had apparently been used in real-world spyware attacks: . . . Read more

by Paul Ducklin If you’d been quietly chasing down cryptographic bugs in a proprietary police radio system since 2021, but you’d had to wait until the second half of 2023 to go public with your research, how would you deal with the reveal? You’d probably do what researchers at boutique . . . Read more