Parental control apps prove easy to beat by kids and crims 20m downloads can't be wrong? Or can they? Security21 Dec 2022 | 19
Pwn2Own contest concludes with nearly $1m paid out to ethical hackers Which is pocket change compared to what criminals will pay for zero-days, but thankfully community spirit remains strong Security13 Dec 2022 | 5
Nvidia patches 29 GPU driver bugs that could lead to code execution, device takeover Take a break from the gaming and fix these now Patches01 Dec 2022 | 5
Sirius XM flaw unlocks so-called smart cars thanks to code flaw Telematics program doesn't just give you music, but a big security flaw Security30 Nov 2022 | 25
Still using a discontinued Boa web server? Microsoft warns of supply chain attacks Flaws in the open-source tool exploited – and India's power grid was a target Research23 Nov 2022 | 10
AWS fixes 'confused deputy' vulnerability in AppSync Datadog security researchers found the flaw before miscreants did Security22 Nov 2022 |
Eggheads show how network flaw could lead to NASA crew pod loss. Key word: Could Houston, we have a PCspooF problem Security15 Nov 2022 | 23
GitHub sets up private vulnerability reports for public repos to avoid 'naming and shaming' No need for ignominy when a flaw is found Security14 Nov 2022 | 5
China is likely stockpiling and deploying vulnerabilities, says Microsoft Increase in espionage and cyberattacks since law requiring vulnerabilities first be reported to Beijing Security07 Nov 2022 | 36
OpenSSL downgrades horror bug after week of panic, hype Relax, there's more chance of Babbage coming back to life to hack your system than this flaw being exploited Patches01 Nov 2022 | 3
Cisco AnyConnect Windows client under active attack Make sure you're patched – and update VMware Cloud Foundation, too, by the way Patches26 Oct 2022 | 7
CISA warns of security holes in industrial Advantech, Hitachi kit When we concede that everything has bugs, we wish it wasn't quite everything Patches20 Oct 2022 | 2
Tear in Microsoft Azure Service Fabric can give attackers full admin privileges Orca Security disclosed the bug, and older versions remain vulnerable Research19 Oct 2022 |
Fortinet warns of critical flaw in its security appliance OSes, admin panels Naturally, they're already under attack – so you know what to do next Patches11 Oct 2022 | 15
Make your neighbor think their house is haunted by blinking their Ikea smart bulbs Radio comms vulnerabilities detailed Patches08 Oct 2022 | 54
AI co-programmers perhaps won't spawn as many bugs as feared They can't be any worse than some human developers AI + ML07 Oct 2022 | 17
Atlassian, Microsoft bugs on CISA’s must-patch list after exploitation spree Some days, security just feels like a total illusion. OK, most days... Patches04 Oct 2022 | 7
Sophos fixes critical firewall hole exploited by miscreants Code-injection bug in your network security... mmm, yum yum Patches28 Sep 2022 | 9
China's infosec researchers obeyed Beijing and stopped reporting vulns ... or did they? Report finds increase in anonymous vuln reports Research27 Sep 2022 | 4
One month after Black Hat disclosure, HP's enterprise kit still unpatched What could go wrong with leaving firmware open after world's biggest hacker convention talk? Security13 Sep 2022 | 12
Apple patches iPhone and macOS flaws under active attack High-value targets tend to get hit Security12 Sep 2022 | 13
Dump these small-biz routers, says Cisco, because we won't patch their flawed VPN Nothing like an authentication bypass for your private IPSec network CSO08 Sep 2022 | 56
How Arm popped CHERI architecture into Morello Program hardware Hot Chips Chip giant aims to adapt existing processor architectures to close off vulnerabilities in memory access Systems26 Aug 2022 | 6
If you haven't patched Zimbra holes by now, assume you're toast Here's how to detect an intrusion via vulnerable email systems Patches23 Aug 2022 |
Microsoft trumps Google for 2021-22 bug bounty payouts Another $13.7m handed out to researchers, but then again it does have an awful lot of attack surfaces Security12 Aug 2022 | 4
FAANGs failing on keeping user data safe from bug hunters Black Hat Time to call in the legal team Security12 Aug 2022 | 3
Google's bug bounty boss: Finding and patching vulns? 'Totally useless' Exclusive Disclosing exploits, however, will earn you $100k Security10 Aug 2022 | 14
Slack leaked hashed passwords from its servers for years Users who created shared invitation links for their workspace had login details slip out among encrypted traffic Security08 Aug 2022 | 10
Warning! Critical flaws found in US Emergency Alert System DEF CON may be about to blow lid off security hole Patches05 Aug 2022 | 14
VMware patches critical 'make me admin' auth bypass bug, plus nine other flaws Meanwhile, a security update for rsync Patches03 Aug 2022 | 1
FileWave fixes bugs that left 1,000+ orgs open to ransomware, data theft Internet-connected MDM instances, each with an 'unrestricted number' of managed devices, were vulnerable Security27 Jul 2022 | 5
Time from vulnerability disclosures to exploits is shrinking Palo Alto Networks Unit 42 incident response team warns of patch speedups Security27 Jul 2022 |
Infosec not your job but your responsibility? How to be smarter than the average bear Opinion Many of last week's security stories tell the same tale Security25 Jul 2022 | 20
Security flaws in GPS trackers can be abused to cut off fuel to vehicles, CISA warns About '1.5 million' folks and organizations use these gadgets Security19 Jul 2022 | 29
Thousands of websites run buggy WordPress plugin that allows complete takeover All versions are susceptible, there's no patch, so now's a good time to remove this add-on Security15 Jul 2022 | 32
Windows Network File System flaw results in arbitrary code execution as SYSTEM Follina was all very exciting, but did you patch CVE-2022-30136? Security15 Jul 2022 | 9
Homeland Security warns: Expect Log4j risks for 'a decade or longer' Great, another thing that's gone endemic Patches14 Jul 2022 | 12
Lenovo issues firmware updates after UEFI vulnerabilities disclosed Déjà vu all over again for laptop maker as researchers poke holes in its code Security14 Jul 2022 | 6
Microsoft's July Patch Tuesday fixes actively exploited bug Patch Tuesday No, Windows Autopatch didn't kill the monthly patchapalooza Patches12 Jul 2022 | 8
Amazon squashes years-old authentication bugs in AWS Kubernetes service Three vulnerabilities in one line of code Security12 Jul 2022 | 1
What to do about inherent security flaws in critical infrastructure? Industrial systems' security got 99 problems and CVEs are one. Or more Research03 Jul 2022 | 46
FabricScape: Microsoft warns of vuln in Service Fabric Not trying to spin this as a Linux security hole, surely? Devops29 Jun 2022 | 12
Halfords suffers a puncture in the customer details department I like driving in my car, hope my data's not gone far Security23 Jun 2022 | 58
Cisco warns of security holes in its security appliances Bugs potentially useful for rogue insiders, admin account hijackers Patches22 Jun 2022 | 11
For a few days earlier this year, rogue GitHub apps could have hijacked countless repos A bit of a near-hit for the software engineering world Devops21 Jun 2022 | 5
How refactoring code in Safari's WebKit resurrected 'zombie' security bug Fixed in 2013, reinstated in 2016, exploited in the wild this year Research21 Jun 2022 | 14
CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure Updated Nearly 60 holes found affecting 'more than 30,000' machines worldwide Research21 Jun 2022 | 23
DeadBolt ransomware takes another shot at QNAP storage Keep boxes updated and protected to avoid a NAS-ty shock Cyber-crime18 Jun 2022 | 16
If you're using older, vulnerable Cisco small biz routers, throw them out Severe security flaw won't be fixed – as patches released this week for other bugs Networks16 Jun 2022 | 27
Azure issues not adequately fixed for months, complain bug hunters Updated Redmond kicks off Patch Tuesday with a months-old flaw fix Security14 Jun 2022 | 6
Symantec: More malware operators moving in to exploit Follina Meanwhile Microsoft still hasn't patched the fatal flaw Security09 Jun 2022 | 11
Now Windows Follina zero-day exploited to infect PCs with Qbot Data-stealing malware also paired with Black Basta ransomware gang Research09 Jun 2022 | 4
To cut off all nearby phones with these Chinese chips, this is the bug to exploit Android patches incoming for NAS-ty memory overwrite flaw Research03 Jun 2022 | 28
Zero-day vuln in Microsoft Office: 'Follina' will work even when macros are disabled Updated Researchers comb through code execution flaw found in malicious document Security30 May 2022 | 25
That critical vulnerability might not be the first you should patch Startup Rezilion suggests enterprises should change prioritization strategies Security30 May 2022 | 5
Talos names eight deadly sins in widely used industrial software Entire swaths of gear relies on vulnerability-laden Open Automation Software (OAS) Patches27 May 2022 | 6
In record year for vulnerabilities, Microsoft actually had fewer Occasional gaping hole and overprivileged users still blight the Beast of Redmond Security25 May 2022 | 10
Patch now: Zoom chat messages can infect PCs, Macs, phones with malware Google Project Zero blows lid off bug involving that old chestnut: XML parsing Patches24 May 2022 | 4
US won’t prosecute ‘good faith’ security researchers under CFAA Well, that clears things up? Maybe not Security20 May 2022 | 37
Meet Wizard Spider, the multimillion-dollar gang behind Conti, Ryuk malware Analysis Russia-linked crime-as-a-service crew is rich, professional – and investing in R&D Research18 May 2022 | 3
Monero-mining botnet targets Windows, Linux web servers Sysrv-K malware infects unpatched tin, Microsoft warns Cyber-crime18 May 2022 | 10