The birth of ENIAC. A “sophisticated attack” (someone got phished). A cryptographic hack enabled by a security warning. Valentine’s Day Patch Tuesday. Apple closes spyware-sized 0-day hole. DOUG. Patching bugs, hacking Reddit, and the early days of computing. All that, and more, on the Naked Security podcast. [MUSICAL MODEM] Welcome to the podcast, everybody. I am […]
It’s the last regular working weekday of 2022 (in the UK and the US, at least), in the unsurprisingly relaxed and vacationistic gap between Christmas and New Year… …so you were probably expecting us to come up either with a Coolest Stories Of The Year In Review listicle, or with a What You Simply Must […]
DOUG. Wireless spyware, credit card skimming, and patches galore. All that, and more, on the Naked Security podcast. [MUSICAL MODEM] Welcome to the podcast, everybody. I am Doug Aamoth; he is Paul Ducklin. Paul, how do you do? DUCK. I’m very well, Doug. Cold, but well. DOUG. It’s freezing here too, and everyone is sick… but that’s December […]
DOUG. SIM swapping, zero-days, the [dramatic voice] P-i-n-g of D-E-A-T-H, and LastPass… again. All that, and more, on the Naked Security podcast. [MUSICAL MODEM] Welcome to the podcast everybody. I am Doug Aamoth. With me, as always, is Paul Ducklin. Paul, how do you do? DUCK. Very well, Doug. You put some high drama sound into that […]
One of the first low-level network tools that any computer user learns about is the venerable ping utility. Named after the eponymous sound effect from any and every old-school war movie scene involving submarines, the command is a metaphorical echo (see what we did there?) of the underwater version of RADAR known as SONAR. You […]
An emergency Chrome update that Google announced on Thanksgiving Day addresses an actively exploited zero-day in the popular browser. Tracked as CVE-2022-4135, the high-severity vulnerability is described as a heap buffer overflow in Chrome’s GPU component. “Google is aware that an exploit for CVE-2022-4135 exists in the wild,” the internet giant notes. A National Vulnerability […]
Google has just patched Chrome’s eighth zero-day hole of the year so far. Zero-days are bugs for which there were zero days you could have updated proactively… …because cybercriminals not only found the bug first, but also figured out how to exploit it for nefarious purposes before a patch was prepared and published. So, the […]
Just under two months ago, some worrying bug news broke: a pair of zero-day vulnerabilities were announced in Microsoft Exchange. As we advised at the time, these vulnerabilities, officially designated CVE-2022-41040 and CVE-2022-41082: [were] two zero-days that [could] be chained together, with the first bug used remotely to open enough of a hole to trigger […]