Author Archives: Paul Ducklin

S3 Ep96: Zoom 0-day, AEPIC leak, Conti reward, healthcare security [Audio + Text]

Posted on August 18, 2022 by Paul Ducklin

Latest episode – listen now (or read if you prefer!) Continue reading S3 Ep96: Zoom 0-day, AEPIC leak, Conti reward, healthcare security [Audio + Text]→

Apple patches double zero-day in browser and kernel – update now!

Posted on August 17, 2022 by Paul Ducklin

Double 0-day exploits – one in WebKit (to break in) and the other in the kernel (to take over). Patch now! Continue reading Apple patches double zero-day in browser and kernel – update now!→

Chrome browser gets 11 security fixes with 1 zero-day – update now!

Posted on August 17, 2022 by Paul Ducklin

Don’t delay – patch today. Continue reading Chrome browser gets 11 security fixes with 1 zero-day – update now!→

Zoom for Mac patches critical bug – update now!

Posted on August 15, 2022 by Paul Ducklin

There’s many a slip ‘twixt the cup and the lip. Or at least between the TOC and the TOU… Continue reading Zoom for Mac patches critical bug – update now!→

S3 Ep95: Slack leak, Github onslaught, and post-quantum crypto [Audio + Text]

Posted on August 11, 2022 by Paul Ducklin

Latest episode – listen now! (Or read the transcript if you prefer.) Continue reading S3 Ep95: Slack leak, Github onslaught, and post-quantum crypto [Audio + Text]→

APIC/EPIC! Intel chips leak secrets even the kernel shouldn’t see…

Posted on August 10, 2022 by Paul Ducklin

If you’ve ever written code that left stuff lying around in memory when you didn’t need it any more… we bet you’ve regretted it! Continue reading APIC/EPIC! Intel chips leak secrets even the kernel shouldn’t see…→

Slack admits to leaking hashed passwords for five years

Posted on August 8, 2022 by Paul Ducklin

“When those invitations went out… somehow, your password hash went out with them.” Continue reading Slack admits to leaking hashed passwords for five years→

Traffic Light Protocol for cybersecurity responders gets a revamp

Posted on August 5, 2022 by Paul Ducklin

Traffic lights make a handy global metaphor for denoting the sensitivity of cybersecurity threat data – three colours that everyone knows. Continue reading Traffic Light Protocol for cybersecurity responders gets a revamp→

S3 Ep94: This sort of crypto (graphy), and the other sort of crypto (currency!) [Audio + Text]

Posted on August 4, 2022 by Paul Ducklin

Latest episode – listen now! (Or read if that’s what you prefer.) Continue reading S3 Ep94: This sort of crypto (graphy), and the other sort of crypto (currency!) [Audio + Text]→

GitHub blighted by “researcher” who created thousands of malicious projects

Posted on August 3, 2022 by Paul Ducklin

If you spew projects laced with hidden malware into an open source repository, don’t waste your time telling us “no harm done” afterwards. Continue reading GitHub blighted by “researcher” who created thousands of malicious projects→