Author Archives: Paul Ducklin

Hacking police radios: 30-year-old crypto flaws in the spotlight

Posted on July 24, 2023 by Paul Ducklin

“Three may keep a secret, if two of them are dead.” Continue reading Hacking police radios: 30-year-old crypto flaws in the spotlight→

S3 Ep144: When threat hunting goes down a rabbit hole

Posted on July 20, 2023 by Paul Ducklin

Latest episode – check it out now! Continue reading S3 Ep144: When threat hunting goes down a rabbit hole→

Google Virus Total leaks list of spooky email addresses

Posted on July 18, 2023 by Paul Ducklin

Careful with that file, Eugene!
Continue reading Google Virus Total leaks list of spooky email addresses→

Microsoft hit by Storm season – a tale of two semi-zero days

Posted on July 18, 2023 by Paul Ducklin

The first compromise didn’t get the crooks as far as they wanted, so they found a second one that did… Continue reading Microsoft hit by Storm season – a tale of two semi-zero days→

Zimbra Collaboration Suite warning: Patch this 0-day right now (by hand)!

Posted on July 14, 2023 by Paul Ducklin

Zimbra didn’t actually say, “Do not delay/Do it today,” but they did say, “We kindly request your cooperation to apply the fix manually.” Continue reading Zimbra Collaboration Suite warning: Patch this 0-day right now (by hand)!→

S3 Ep143: Supercookie surveillance shenanigans

Posted on July 13, 2023 by Paul Ducklin

Latest episode – listen now! (Full transcript inside.) Continue reading S3 Ep143: Supercookie surveillance shenanigans→

Microsoft patches four zero-days, finally takes action against crimeware kernel drivers

Posted on July 12, 2023 by Paul Ducklin

Here’s a brief reminder to do two things. The first is to patch. The second is to read up why it’s a good idea to patch…
Continue reading Microsoft patches four zero-days, finally takes action against crimeware kernel drivers→

Apple silently pulls its latest zero-day update – what now?

Posted on July 11, 2023 by Paul Ducklin

Previously, we said “do it today”, but now we’re forced back on: “Do not delay; do it as soon as Apple and your device will let you.” Continue reading Apple silently pulls its latest zero-day update – what now?→

Urgent! Apple fixes critical zero-day hole in iPhones, iPads and Macs

Posted on July 10, 2023 by Paul Ducklin

Don’t delay, do it today. This is a code-implantation bug in WebKit that attackers already know how to exploit. Continue reading Urgent! Apple fixes critical zero-day hole in iPhones, iPads and Macs→

Serious Security: Rowhammer returns to gaslight your computer

Posted on July 10, 2023 by Paul Ducklin

Gaslights produce a telltale flicker when nearby lamps are lit; DRAM values do something similar when nearby memory cells are accessed. Continue reading Serious Security: Rowhammer returns to gaslight your computer→