Anatomy of OpenBSD's OpenSMTPD hijack hole: How a malicious sender address can lead to remote pwnage
Code dive Function accidentally returns OK instead of no-way
Security30 Jan 2020 | 43
Patch Management
Teenagers today. Can't take them anywhere, eh? 18-year-old kid accused of $50m SIM-swap cryptocurrency heist
Roundup Also, Cisco, Citrix emit patches, US army advises using Signal
OSes25 Jan 2020 | 18
It's Friday, the weekend has landed... and Microsoft warns of an Internet Explorer zero day exploited in the wild
Roundup Plus, WeLeakInfo? Not anymore!
Security18 Jan 2020 | 15
Yo, sysadmins! Thought Patch Tuesday was big? Oracle says 'hold my Java' with huge 334 security flaw fix bundle
House of Larry delivers massive update for 93 products
Databases15 Jan 2020 | 7
Updated your WordPress plugins lately? Here are 320,000 auth-bypassing reasons why you should
Another day, another critical set of flaws
Security15 Jan 2020 | 20
Welcome to the 2020s: Booby-trapped Office files, NSA tipping off Windows cert-spoofing bugs, RDP flaws...
Patch Tuesday Grab your Microsoft, Adobe, SAP, Intel, and VMware fixes now
OSes14 Jan 2020 | 42
NARROWER TOPICS
Ding-dong: Cisco delivers your Patch Tuesday warm-up with WebEx, IOS fixes for a few irritating security holes
The main event is next week
Security10 Jan 2020 | 1
The Six Million Dollar Scam: London cops probe Travelex cyber-ransacking amid reports of £m ransomware demand, wide-open VPN server holes
We can rebuild him, we have the backups... er, right?
Security08 Jan 2020 | 81
That Pulse Secure VPN you're using to protect your data? Better get it patched – or it's going to be ransomware time
Plug this security bypass... if you can even find the boxes running it
Security07 Jan 2020 | 12
New year, new critical Cisco patches to install – this time for a dirty dozen of bugs that can be exploited to sidestep auth, inject commands, etc
Data Center Network Manager bugapalooza with three must-fix flaws
Security03 Jan 2020 | 3
Ever wonder how hackers could possibly pwn power plants? Here are 54 Siemens bugs that could explain things
Arbitrary code execution in a controller, what could go wrong?
Security13 Dec 2019 | 43
OpenBSD bugs, Microsoft's bad update, a new Nork hacking crew, and more
Meanwhile, the DOJ sets its sights on money mules
OSes07 Dec 2019 | 16
RDP loves company: Kaspersky finds 37 security holes in VNC remote desktop software
BlueKeep isn't the only bug in town, plenty to go round
Security23 Nov 2019 | 28
Half of Oracle E-Business customers open to months-old bank fraud flaw
Haven't gotten around to patching since last Spring? Now would be a good time
Security20 Nov 2019 | 5
Pemex hit by ransomware, US Postal Service gets a copycat and new WhatsApp bugs
Plus, 1Password gets a boatload of cash
Security18 Nov 2019 | 1
Don't miss this patch: Bad Intel drivers give hackers a backdoor to the Windows kernel
Alarm raised over more holes in third-party low-level code
Security12 Nov 2019 | 32
We're almost into the third decade of the 21st century and we're still grading security bugs out of 10 like kids. Why?
Disclosure Infosec veteran Marc Rogers on why we need a better system to rate vulnerabilities
Security07 Nov 2019 | 48
Is HONK nothing sacred HONK? It's 2019 and an evil save file can pwn much-loved HONK Untitled Goose Game
Please don't forget to HONK deserialize your data safely HONK
Security29 Oct 2019 | 24
MacOS 'Catalina' 10.15 comes packed with exclusive security fixes – gee, thanks, Apple
New OS squashes bugs, older versions may have to wait
OSes07 Oct 2019 | 22
Life's certainties: Death, taxes, and Cisco patching more serious vulnerabilities
Switchzilla closes off 18 CVE-listed holes, get to work
Security04 Oct 2019 | 7
Medic! Uncle Sam warns hospitals not to use outdated IPnet freely on their networks
Meanwhile ransomware forces Alabama doctors to turn away non-urgent patients
Security02 Oct 2019 | 15
Jamf emits mystery security fix for Pro macOS, iOS wrangler, keeps admins in dark by censoring chatter
iAdmins steaming over handling of 'critical' patch rollout
OSes01 Oct 2019 | 7
Stop us if you've heard this one before: Yet another critical flaw threatens Exim servers
Remote code flaw sparks calls for major updates
OSes30 Sep 2019 | 15
Microsoft changes encryption, another D-Link bug, phishing dangers, and more
Roundup Plus, Baltimore's disastrous ransomware infection and worse IT practices
Security30 Sep 2019 | 14
Got a pre-A12 iPhone? Love jailbreaks? Happy Friday! 'Unpatchable tethered Boot ROM exploit' released
Coder claims iThings older than two years can be unlocked from Apple's clutches
OSes27 Sep 2019 | 40
Hot patches for ColdFusion: Adobe drops trio of fixes for three serious flaws
While you're at it, fix Java too
Security25 Sep 2019 | 4
This vBulletin vBug is vBad: Zero-day exploit lets miscreants hijack vulnerable web forums
Updated Hackers can inject system commands via version 5 of software, no patch available
Security24 Sep 2019 | 8
If you're using Harbor as your container registry, bear in mind it can be hijacked with has_admin_role = True
Video Patch now before miscreants sail off with your apps, data
Security19 Sep 2019 | 2
That Telegram feature that let you delete your private messages on recipients' phones? It didn't work properly
VIdeo Infosec bod bags reward for spotting image privacy bug
Security09 Sep 2019 | 18
Exim marks the spot… of remote code execution: Patch due out today for 'give me root' flaw in mail server
Install incoming update to avoid having your boxes hijacked
OSes06 Sep 2019 | 13
Too bad, so sad, exploit devs: Google patches possibly several million dollars' worth of security flaws in Android
Except one – a 'your phone is now my phone' bug reported months ago and still not fixed
Security05 Sep 2019 | 5
Fancy buying a compact and bijou cardboard box home in a San Francisco alley? This $2.5m Android bounty will get you nearly there
Bug seller Zerodium boosts payouts for 'droid, slashes iOS prices in half
Security04 Sep 2019 | 7
Enjoy the holiday weekend, America? Well-rested? Good. Supermicro server boards can be remotely hijacked
Virtual USB hub allows attackers to get into BMCs
Security03 Sep 2019 | 52
JACK OF ALL TIRADES: Twitter boss loses account to cunning foul-mouthed pranksters
Roundup Plus a Cisco bug, dentists bitten by malware, and France takes down a worm
Security31 Aug 2019 | 14
Google takes a little more responsibility for its Android world, will cough up bounties for mega-popular app bugs
Payouts extended to anything with more than 100m installs
Security29 Aug 2019 | 6
Can't bear to part with that well-worn copy of Windows 7? Microsoft might let you keep it updated an extra year
EA and ESA subscribers can get 12 free months of updates
OSes27 Aug 2019 | 133
Steam cleaned of zero-day security holes after Valve turned off by bug bounty snub outrage
Security bod may be invited back into vuln reward program, Half-Life 3 still ain't happening
Security22 Aug 2019 | 11
Disgruntled bug-hunter drops Steam zero-day to get back at Valve for refusing him a bounty
EoP bug now free for the world to see after bounty was rejected
Security22 Aug 2019 | 100
The Joy of Six... critical security patches: Cisco small biz switches open to hijacking via web UI
Plus UCS and other gear need updates
Security22 Aug 2019 | 3
Stuff like sophisticated government spyware is scary and all – but don't forget, a single .wmv file can pwn you via VLC
Keep your media player, like other apps, up to date: 13 security flaws fixed
Security21 Aug 2019 | 15
Kaspersky and Trend Micro get patch bonanza after ID flaw and password manager holes spotted
Quis custodiet ipsos custodes?
Software15 Aug 2019 | 2
Intel: Listen up, you NUC-leheads! Mini PCs and compute sticks just got a major security fix
Chipzilla patches firmware, drivers, SDKs
Security14 Aug 2019 | 4
Dear hackers: If you try to pwn a website for phishing, make sure it's not the personal domain of a senior Akamai security researcher
Exclusive Crooks fail to hijack infosec bloke's site to dress it up as a legit Euro bank login page
Security29 Jul 2019 | 62
Dodgy vids can hijack PCs via VLC security flaw, US, Germany warn. Software's makers not app-y with that claim
Updated 'Fake news!' dev team cries
Security23 Jul 2019 | 21
Huawei website ████ ██████ security flaws ██████ customer info and biz operations at risk: ███████ patched
Is this the Chinese giant's Winnie the Pooh moment?
Security09 Jul 2019 | 38
Cisco delivers Patch Tuesday warmup with bundle of 18 bug fixes
Unified Comms, Jabber among targets for clean-up
Security05 Jul 2019 | 4
July is here – and so are the latest Android security fixes. Plenty of critical updates for all
Patch, punch, it's the first of the month
Security01 Jul 2019 | 29
Millions of Windows Dell PCs need patching: Give-me-admin security gremlin found lurking in bundled support tool
Updated Can't spell SupportAssist without 'ass' and 'u' – other makers may be hit, too
Security20 Jun 2019 | 15
Digi-dosh exchange Coinbase: Someone tried to pwn our staff via this week's Firefox zero-day security hole
Patch released after crypto-currency biz sounded alarm
Security20 Jun 2019 | 5
This is grim, Vim and Neovim: Opening this crafty file in your editor may pwn your box. Patch now if not already
Welcome to Vim Sh*tty 2000
OSes12 Jun 2019 | 60
It's that time again: Android kicks off June's patch parade with fixes for five hijack holes
Updates are on the way… if you have a Google device, at least
Security05 Jun 2019 | 17
Git your patches here! GitHub offers to brew automatic pull requests loaded with vuln fixes
Your repo's dependencies need updating to close a hole? We're way ahead of you, pal
Security30 May 2019 | 8
Two weeks after Microsoft warned of Windows RDP worms, a million internet-facing boxes still vulnerable
If you haven't patched CVE-2019-0708 aka BlueKeep, then, well, now would be a good time
OSes28 May 2019 | 51
Oracle splats 300 vulns in MySQL, Database, Fusion, etc, pours fresh brew of Java SE terms
Multiple pre-auth remote code exec holes need pasting over, enterprise IT giant warns
Databases16 Apr 2019 | 22
Juniper slips out update after hardcoded credentials left in switches
Telemetry Interface blamed for exposed gRPC passwords
Security11 Apr 2019 | 8
As you wrap up this month's patch installs, don't forget these Intel fixes
Chipzilla kicks out firmware patches plus a side channel Spoiler alert
Security11 Apr 2019 | 6
A patchy Apache a-patchin: HTTP server gets fix for worrying root access hole
Rogue 'worker' processes can sneak in with elevated privileges at startup
Security03 Apr 2019 | 10
Don't be an April Fool: Update your Android mobes, gizmos to – hopefully – pick up critical security fixes
Meanwhile, another Edge, IE zero-day emitted online
Security02 Apr 2019 | 31
Cisco emits 25 security bug fixes for IOS, takes second crack at patching WAN router SNAFUs
Updated Oh no, these patches kinda blow, go go Switchzilla!
Networks27 Mar 2019 | 2
Thought you were done patching this week? Not if you're using an Intel-powered PC or server
Here comes Chipzilla with a big bunch of security fixes for graphics drivers, server and workstation firmware, and more
Security14 Mar 2019 | 14
Tech security at Equifax was so diabolical, senators want to pass US laws making its incompetence illegal
Now Homeland Security committee sticks the boot in
Security08 Mar 2019 | 60
No RESTful the wicked: If your website runs Drupal, you need to check for security updates – unless you enjoy being hacked
PUT, PATCH, POST, PWNED!
Security20 Feb 2019 | 4
Biting the hand that feeds IT
