Microsoft hit by Storm season – a tale of two semi-zero days – Naked Security

At the tail-end of last week, Microsoft published a report entitled Analysis of Storm-0558 techniques for unauthorized email access. In this rather dramatic document, the company’s security team revealed the background to a previously unexplained hack in which data including email text, attachments and more were accessed: from approximately 25 organizations, including government agencies and […]

Read More

Stop calling every breach “sophisticated”! [Audio + Text] – Naked Security

The birth of ENIAC. A “sophisticated attack” (someone got phished). A cryptographic hack enabled by a security warning. Valentine’s Day Patch Tuesday. Apple closes spyware-sized 0-day hole. DOUG.  Patching bugs, hacking Reddit, and the early days of computing. All that, and more, on the Naked Security podcast. [MUSICAL MODEM] Welcome to the podcast, everybody. I am […]

Read More

Pwning the Windows kernel – the crooks who hoodwinked Microsoft [Audio + Text] – Naked Security

DOUG.  Wireless spyware, credit card skimming, and patches galore. All that, and more, on the Naked Security podcast. [MUSICAL MODEM] Welcome to the podcast, everybody. I am Doug Aamoth; he is Paul Ducklin. Paul, how do you do? DUCK.  I’m very well, Doug. Cold, but well. DOUG.  It’s freezing here too, and everyone is sick… but that’s December […]

Read More

How to hack an unpatched Exchange server with rogue PowerShell code – Naked Security

Just under two months ago, some worrying bug news broke: a pair of zero-day vulnerabilities were announced in Microsoft Exchange. As we advised at the time, these vulnerabilities, officially designated CVE-2022-41040 and CVE-2022-41082: [were] two zero-days that [could] be chained together, with the first bug used remotely to open enough of a hole to trigger […]

Read More