F5 hurriedly squashes BIG-IP remote code execution bug Fixes came earlier than scheduled as vulnerability became known to outsiders Research27 Oct 2023 | 3
VMware reveals critical vCenter vuln that you may have patched already without knowing it Takes rare step of issuing patches for end-of-life versions, as some staff report end-of-career letters Patches25 Oct 2023 | 4
US cybercops urge admins to patch amid ongoing Confluence chaos Do it now, no ifs or buts, says advisory Patches17 Oct 2023 | 3
Calls for Visual Studio security tweak fall on deaf ears despite one-click RCE exploit Two years on and Microsoft refuses to address the issue Research13 Oct 2023 | 11
Equifax scores £11.1M slap on wrist over 2017 mega breach Not quite a pound for every one of the 13.8 million affected UK citizens, and it could have been more Cybersecurity Month13 Oct 2023 | 11
Squid games: 35 security holes still unpatched in proxy after 2 years, now public We'd like to say don't panic … but maybe? Research13 Oct 2023 | 10
Microsoft takes another run at closing Exchange brute-force security hole Meanwhile, Exchange Online is on the fritz Cybersecurity Month11 Oct 2023 | 13
curl vulnerabilities ironed out with patches after week-long tease Updated The coordinated disclosure didn’t quite go to plan, though Patches11 Oct 2023 | 16
HTTP/2 'Rapid Reset' zero-day exploited in biggest DDoS deluge seen yet Botnet storm drowned last record with 398 million requests per second CSO10 Oct 2023 | 13
Researcher bags two-for-one deal on Linux bugs while probing GNOME component One-click exploit could potentially affect most major distros Research10 Oct 2023 | 12
Ransomware attacks register record speeds thanks to success of infosec industry Dwell times drop to hours rather than days for the first time Research10 Oct 2023 | 3
Chinese smart TV boxes infected with malware in PEACHPIT ad fraud campaign Infosec in brief PLUS: Sony admits to MoveITbreach; Blackbaud fined again, Qakbot's sorta back from the dead; and more Security09 Oct 2023 | 7
CISA reveals 'Admin123' as top security threat in cyber sloppiness chart Calls for wider adoption of security-by-design principles continue to ring loudly from Uncle Sam Security06 Oct 2023 | 8
CISA adds latest Chrome zero-day to Known Exploited Vulnerabilities Catalog Chrome’s second zero-day of the month puts fed security at 'significant risk' Security03 Oct 2023 |
Security researchers believe mass exploitation attempts against WS_FTP have begun Updated Early signs emerge after Progress Software said there were no active attempts last week Cyber-crime02 Oct 2023 | 14
Now MOVEit maker Progress patches holes in WS_FTP Infosec in brief Plus: Johnson Controls hit by IT 'incident', Exim and Chrome security updates, and more Patches01 Oct 2023 | 9
Thousands of Juniper Junos firewalls still open to hijacks, exploit code available to all Unauthenticated and remote code execution possible without dropping a file on disk Security18 Sep 2023 | 6
California passes bill to set up one-stop data deletion shop Infosec in brief Also, LockBit gets a new second stringer, AirTag owners find yet another illicit use, and this week's critical vulns Security18 Sep 2023 | 13
Google warns infoseccers: Beware of North Korean spies sliding into your DMs Infosec in brief ALSO: Verizon turns self in for reduced fine, malvertising comes to macOS, and this week's critical vulnerabilities Security11 Sep 2023 | 2
Ransomware fiends pounce on Cisco VPN brute-force zero-day flaw No patch yet – but you've got strong creds and MFA enabled anyway, yeah? Networks08 Sep 2023 | 6
Apple opens annual applications for free hackable iPhones Infosec in brief ALSO: Brazilian stalkerware database ripped by the short hairs, a fast fashion breach, and this week's critical vulns Security04 Sep 2023 | 1
Ford SYNC 3 infotainment vulnerable to drive-by Wi-Fi hijacking Don't panic, says automaker, but if you do, just turn off wireless for now Security14 Aug 2023 | 13
Electoral Commission had internet-facing server with unpatched vuln ProxyNotShell vulnerability could be how UK body got pwned, suggests infosec expert Cyber-crime11 Aug 2023 | 23
Nearly every AMD CPU since 2017 vulnerable to Inception data-leak attacks It's like a nesting doll of security flaws Patches09 Aug 2023 | 32
Five Eyes nations detail dirty dozen most exploited vulnerabilities Infosec in brief PLUS: FBI admits buying NSO spyware; "IT" company busted for drugs 'n guns biz; this week's critical vulns Security07 Aug 2023 | 6
US senator victim-blames Microsoft for Chinese hack Infosec in brief ALSO: China says US hacked it right back, BreachForums users have been pwned, and this week's critical vulns Security31 Jul 2023 | 10
Millions of people's data stolen because web devs forget to check access perms IDORs of the storm CSO29 Jul 2023 | 40
AMD Zenbleed chip bug leaks secrets fast and easy Zen 2 flaw more simple than Spectre, exploit code already out there – get patching when you can CSO24 Jul 2023 | 64
Google Cloud shores up log permissions for builder bot Infosec in brief ALSO: Amazon's child-sized COPPA fine, smart tech security labels coming to the US, and this week's critical vulns Security24 Jul 2023 | 2
It's 2023 and memory overwrite bugs are not just a thing, they're still number one Cough, cough, use Rust. Plus: Eight more exploited bugs added to CISA's must-patch list Research29 Jun 2023 | 71
Ex-FBI employee jailed for taking classified material home Infosec in brief Also: a PII harvest at Dole's server farm, military members mailed mystery smartwatches, and this week's critical vulns CSO26 Jun 2023 | 55
Online muggers make serious moves on unpatched Microsoft bugs Win32k and Visual Studio flaws are under attack Security09 Jun 2023 | 3
Deployed publicly accessible MOVEit Transfer? Oh no. Mass exploitation underway Time to MOVEit, MOVEit. We don't like to MOVEit, MOVEit Patches01 Jun 2023 | 10
1. This crypto-coin is called Jimbo. 2. $8m was stolen from its devs in flash loan attack 3. It's asked for 90% of the digital dosh back, or else it'll beg the cops for help Cyber-crime30 May 2023 | 46
Google settles location tracking lawsuit for only $39.9M in brief Also, more OEM Android malware, Google's bug reports (mostly) ditch CVEs, and this week's critical vulns Security22 May 2023 | 7
Cisco squashes critical bugs in small biz switches You'll want to patch these as proof-of-concept exploit code is out there already Patches18 May 2023 |
Why Microsoft just patched a patch that squashed an under-attack Outlook bug Let's take a quick dive into Windows API Patches12 May 2023 | 45
EU's Cyber Resilience Act contains a poison pill for open source developers Opinion The road to hell is paved with good intentions OSes12 May 2023 | 82
Dump these insecure phone adapters because we're not fixing them, says Cisco Security hole ranks 9.8 out of 10 in severity, 0 out of 10 in patch availability CSO05 May 2023 | 90
Mirai botnet loves exploiting your unpatched TP-Link routers, CISA warns Oracle and Apache holes also on Uncle Sam's list of big bad abused bugs Patches02 May 2023 | 1
Russian snoops just love invading unpatched Cisco gear, America and UK warn Spying on foreign targets? That's our job! CSO18 Apr 2023 | 7
Apple squashes iOS, macOS zero-day bugs already exploited by snoops Keep calm and install patches before abuse becomes widespread Patches10 Apr 2023 | 1
Welcome to open source, Elon. Your Twitter code just got a CVE for shadow ban bug Plus: Substack shanked by bitter Twitter? Research07 Apr 2023 | 14
It's this easy to seize control of someone's Nexx 'smart' home plugs, garage doors Netizens urged to disconnect kit after 40,000-plus devices found riddled with dumb bugs Security07 Apr 2023 | 41
Azure blunder left Bing results editable, MS 365 accounts potentially exposed 'BingBang' boo-boo affected other internal Microsoft apps, too Security30 Mar 2023 | 12
Attackers hit Bitcoin ATMs to steal $1.5 million in crypto cash Terminal maker General Bytes shutters its cloud business after second breach in seven months Security23 Mar 2023 | 30
Cisco kindly reveals proof of concept attacks for flaws in rival Netgear's kit Maybe this is deserved given the problem's in a hidden telnet service Research22 Mar 2023 | 24
Police pounce on 'pompompurin' – alleged mastermind of BreachForums In Brief Crypto laundering service gets cleaned up by police and SVB mess draws in more criminals Security20 Mar 2023 | 3
Microsoft pushes out PowerShell scripts to fix BitLocker bypass Attackers exploiting the vulnerability could access encrypted data Software19 Mar 2023 | 28
Google: Turn off Wi-Fi calling, VoLTE to protect your Android from Samsung hijack bugs Four flaws open mobiles, cars to remote-control at baseband level with just a phone number Patches17 Mar 2023 | 40
CISA joins forces with Women in CyberSecurity to break up the boy's club in brief Also, the FBI just admitted to bypassing warrants by buying cellphone location data, and this week's actionable items Security13 Mar 2023 | 17
Russian charged with smuggling US counterintel tech to Motherland In brief Also, don't download that 'ChatGPT Windows client,' and this week's critical vulnerabilities to keep an eye on Cyber-crime27 Feb 2023 | 8
LockBit's Royal Mail ransom deadline flies by. No data released in brief Also: Russian wiper malware authors turn to data theft, plus this week's critical vulns Cyber-crime13 Feb 2023 | 9
Microsoft to enterprises: Patch your Exchange servers If you want to keep the miscreants out, put the updates in, Redmond says Patches28 Jan 2023 | 14
Months after NSA disclosed Microsoft cert bug, datacenters remain unpatched You know when we all said quit using MD5? We really meant it CSO26 Jan 2023 | 3
Logfile management is no fun. Now it's a nightmare thanks to critical-rated VMware flaws You know the drill: patch before criminals use these bugs in vRealize to sniff your systems Patches25 Jan 2023 |
Apple emits emergency patch for older iPhones after snoops pounce on WebKit hole Also: Yay for Data Privacy Day! Security24 Jan 2023 | 14
Miscreants sure do love ransacking cloud networks, more so than before Thanks for putting all your data in one basket CSO20 Jan 2023 | 9
Thousands of Sophos firewalls still vulnerable out there to hijacking Updated As hundreds of staff axed this week Security18 Jan 2023 | 3
Swiss Army's Threema messaging app was full of holes – at least seven At least the penknives are still secure Security11 Jan 2023 | 17
Here's how to remotely take over a Ferrari...account, that is Connected cars. What could possibly go wrong? Security07 Jan 2023 | 86