Author Archives: Paul Ducklin

Supply chain blunder puts 3CX telephone app users at risk

Posted on March 30, 2023 by Paul Ducklin

Booby-trapped app, apparently signed and shipped by 3CX itself after its source code repository was broken into. Continue reading Supply chain blunder puts 3CX telephone app users at risk→

S3 Ep128: So you want to be a cyber­criminal? [Audio + Text]

Posted on March 30, 2023 by Paul Ducklin

Latest episode – listen now! Continue reading S3 Ep128: So you want to be a cyber­criminal? [Audio + Text]→

Apple patches everything, including a zero-day fix for iOS 15 users

Posted on March 28, 2023 by Paul Ducklin

Got an older iPhone that can’t run iOS 16? You’ve got a zero-day to deal with! That super-cool Studio Display monitor needs patching, too.
Continue reading Apple patches everything, including a zero-day fix for iOS 15 users→

Microsoft assigns CVE to Snipping Tool bug, pushes patch to Store

Posted on March 27, 2023 by Paul Ducklin

Microsoft says “successful exploitation requires uncommon user interaction”, but it’s the innocent and accidental leakage of private data you should be concerned about. Continue reading Microsoft assigns CVE to Snipping Tool bug, pushes patch to Store→

In Memoriam – Gordon Moore, who put the more in “Moore’s Law”

Posted on March 27, 2023 by Paul Ducklin

His prediction was called a “Law”, though it was an exhortation to engineering excellence as much it was an estimate.
Continue reading In Memoriam – Gordon Moore, who put the more in “Moore’s Law”→

WooCommerce Payments plugin for WordPress has an admin-level hole – patch now!

Posted on March 24, 2023 by Paul Ducklin

Admin-level holes in websites are always a bad thing… and for “bad”, read “worse” if it’s an e-commerce site. Continue reading WooCommerce Payments plugin for WordPress has an admin-level hole – patch now!→

S3 Ep127: When you chop someone out of a photo, but there they are anyway…

Posted on March 23, 2023 by Paul Ducklin

Listen now – latest episode. Full transcript inside. Continue reading S3 Ep127: When you chop someone out of a photo, but there they are anyway…→

Windows 11 also vulnerable to “aCropalypse” image data leakage

Posted on March 22, 2023 by Paul Ducklin

Turns out that the Windows 11 Snipping Tool has the same “aCropalypse” data leakage bug as Pixel phones. Here’s how to work around the problem… Continue reading Windows 11 also vulnerable to “aCropalypse” image data leakage→

Google Pixel phones had a serious data leakage bug – here’s what to do!

Posted on March 21, 2023 by Paul Ducklin

What if the “safe” images you shared after carefully cropping them… had some or all of the “unsafe” pixels left behind anyway? Continue reading Google Pixel phones had a serious data leakage bug – here’s what to do!→

Bitcoin ATM customers hacked by video upload that was actually an app

Posted on March 20, 2023 by Paul Ducklin

As the misquote goes, “Once is misfortune…” This is the second time, and you know what Lady Bracknell had to say about that… Continue reading Bitcoin ATM customers hacked by video upload that was actually an app→