Author Archives: Paul Ducklin

Apple patches “0-day” browser bug fixed 2 weeks ago in Chrome, Edge

Posted on July 21, 2022 by Paul Ducklin

One vendor’s zero-day is another vendor’s routine patch… Continue reading Apple patches “0-day” browser bug fixed 2 weeks ago in Chrome, Edge→

Last member of Gozi malware troika arrives in US for criminal trial

Posted on July 20, 2022 by Paul Ducklin

His co-conspirators went into and got out of prison years ago, while he remained free. Now the tables have turned… Continue reading Last member of Gozi malware troika arrives in US for criminal trial→

8 months on, US says Log4Shell will be around for “a decade or longer”

Posted on July 18, 2022 by Paul Ducklin

When it comes to cybersecurity, ask not what everyone else can do for you… Continue reading 8 months on, US says Log4Shell will be around for “a decade or longer”→

7 cybersecurity tips for your summer vacation!

Posted on July 15, 2022 by Paul Ducklin

Here you go – seven thoughtful cybersecurity tips to help you travel safely… Continue reading 7 cybersecurity tips for your summer vacation!→

S3 Ep91: CodeRed, OpenSSL, Java bugs and Office macros [Podcast + Transcript]

Posted on July 14, 2022 by Paul Ducklin

Latest episode – listen now! Great discussion, technical content, solid advice… all covered in plain English. Continue reading S3 Ep91: CodeRed, OpenSSL, Java bugs and Office macros [Podcast + Transcript]→

Facebook 2FA scammers return – this time in just 21 minutes

Posted on July 13, 2022 by Paul Ducklin

Last time they arrived 28 minutes after lighting up their fake domain… this time it was just 21 minutes Continue reading Facebook 2FA scammers return – this time in just 21 minutes→

Paying ransomware crooks won’t reduce your legal risk, warns regulator

Posted on July 12, 2022 by Paul Ducklin

“We paid the crooks to keep things under control and make a bad thing better”… isn’t a valid excuse. Who knew? Continue reading Paying ransomware crooks won’t reduce your legal risk, warns regulator→

That didn’t last! Microsoft turns off the Office security it just turned on

Posted on July 11, 2022 by Paul Ducklin

An Office anti-malware setting that took more than 20 years to arrive… and fewer than 20 weeks to vanish again. Continue reading That didn’t last! Microsoft turns off the Office security it just turned on→

Apache “Commons Configuration” patches Log4Shell-style bug – what you need to know

Posted on July 8, 2022 by Paul Ducklin

It’s a bit like Log4J, but for configuration files, not for logging. Continue reading Apache “Commons Configuration” patches Log4Shell-style bug – what you need to know→

S3 Ep90: Chrome 0-day again, True Cybercrime, and a 2FA bypass [Podcast + Transcript]

Posted on July 7, 2022 by Paul Ducklin

Listen now! Or read if you prefer… Continue reading S3 Ep90: Chrome 0-day again, True Cybercrime, and a 2FA bypass [Podcast + Transcript]→