At the tail-end of last week, Microsoft published a report entitled Analysis of Storm-0558 techniques for unauthorized email access. In this rather dramatic document, the company’s security team revealed the background to a previously unexplained hack in which data including email text, attachments and more were accessed: from approximately 25 organizations, including government agencies and […]
The birth of ENIAC. A “sophisticated attack” (someone got phished). A cryptographic hack enabled by a security warning. Valentine’s Day Patch Tuesday. Apple closes spyware-sized 0-day hole. DOUG. Patching bugs, hacking Reddit, and the early days of computing. All that, and more, on the Naked Security podcast. [MUSICAL MODEM] Welcome to the podcast, everybody. I am […]
DOUG. Wireless spyware, credit card skimming, and patches galore. All that, and more, on the Naked Security podcast. [MUSICAL MODEM] Welcome to the podcast, everybody. I am Doug Aamoth; he is Paul Ducklin. Paul, how do you do? DUCK. I’m very well, Doug. Cold, but well. DOUG. It’s freezing here too, and everyone is sick… but that’s December […]
DOUG. SIM swapping, zero-days, the [dramatic voice] P-i-n-g of D-E-A-T-H, and LastPass… again. All that, and more, on the Naked Security podcast. [MUSICAL MODEM] Welcome to the podcast everybody. I am Doug Aamoth. With me, as always, is Paul Ducklin. Paul, how do you do? DUCK. Very well, Doug. You put some high drama sound into that […]
Just under two months ago, some worrying bug news broke: a pair of zero-day vulnerabilities were announced in Microsoft Exchange. As we advised at the time, these vulnerabilities, officially designated CVE-2022-41040 and CVE-2022-41082: [were] two zero-days that [could] be chained together, with the first bug used remotely to open enough of a hole to trigger […]