Author Archives: Paul Ducklin

Phishing goes KISS: Don’t let plain and simple messages catch you out!

Posted on April 25, 2022 by Paul Ducklin

Sometimes we receive phishing tricks that we grudgingly have to admit are better than average, just because they’re uncomplicated. Continue reading Phishing goes KISS: Don’t let plain and simple messages catch you out!→

QNAP warns of new bugs in its Network Attached Storage devices

Posted on April 22, 2022 by Paul Ducklin

Here’s what you need to know – plus some sensible advice for all the devices on your home or small biz network! Continue reading QNAP warns of new bugs in its Network Attached Storage devices→

S3 Ep79: Chrome hole, a bad place for a cybersecurity holiday, and crypto-dodginess [Podcast]

Posted on April 21, 2022 by Paul Ducklin

Do you know your Adam Osborne from your John Osbourne? Your Z80 from your 6502? Latest episode – listen now! Continue reading S3 Ep79: Chrome hole, a bad place for a cybersecurity holiday, and crypto-dodginess [Podcast]→

Critical cryptographic Java security blunder patched – update now!

Posted on April 20, 2022 by Paul Ducklin

Either know the private key and use it scrupulously in your digital signature calculation…. or just send a bunch of zeros instead. Continue reading Critical cryptographic Java security blunder patched – update now!→

Beanstalk cryptocurrency heist: scammer votes himself all the money

Posted on April 19, 2022 by Paul Ducklin

Voting safeguards based on commuity collateral don’t work if one person can use a momentary loan to “become” 75% of the community. Continue reading Beanstalk cryptocurrency heist: scammer votes himself all the money→

Yet another Chrome zero-day emergency update – patch now!

Posted on April 16, 2022 by Paul Ducklin

The third emergency Chrome 0-day in three months – the first one was exploited by North Korea, so you might as well get this one ASAP. Continue reading Yet another Chrome zero-day emergency update – patch now!→

S3 Ep78: Darkweb hydra, Ruby, quantum computing, and a robot revolution [Podcast]

Posted on April 14, 2022 by Paul Ducklin

Latest episode – listen now! Continue reading S3 Ep78: Darkweb hydra, Ruby, quantum computing, and a robot revolution [Podcast]→

Hospital robot system gets five critical security holes patched

Posted on April 12, 2022 by Paul Ducklin

Fortunately, we’re not talking about a robot revolution, or about hospital AI run amuck. But these bugs could lead to ransomware, or worse… Continue reading Hospital robot system gets five critical security holes patched→

OpenSSH goes Post-Quantum, switches to qubit-busting crypto by default

Posted on April 11, 2022 by Paul Ducklin

Useful quantum computers might not actually be possible. But what if they are? And what if they arrive, say, tomorrow? Continue reading OpenSSH goes Post-Quantum, switches to qubit-busting crypto by default→

Popular Ruby Asciidoc toolkit patched against critical vuln – get the update now!

Posted on April 8, 2022 by Paul Ducklin

A rogue line-continuation character can trick the code into validating just the second half of the line, but executing all of it. Continue reading Popular Ruby Asciidoc toolkit patched against critical vuln – get the update now!→