Author Archives: Paul Ducklin

Zlib data compressor fixes 17-year-old security bug – patch, errrm, now

Posted on March 29, 2022 by Paul Ducklin

This code is venerable! Surely all the bugs must be out by now? Continue reading Zlib data compressor fixes 17-year-old security bug – patch, errrm, now→

Google Chrome patches mysterious new zero-day bug – update now

Posted on March 28, 2022 by Paul Ducklin

CVE-2022-1096 – another mystery in-the-wild 0-day in Chrome… check your version now! Continue reading Google Chrome patches mysterious new zero-day bug – update now→

S3 Ep75: Okta hack, CryptoRom, OpenSSL, and CafePress [Podcast]

Posted on March 24, 2022 by Paul Ducklin

Latest episode – listen now! Continue reading S3 Ep75: Okta hack, CryptoRom, OpenSSL, and CafePress [Podcast]→

Serious Security: DEADBOLT – the ransomware that goes straight for your backups

Posted on March 23, 2022 by Paul Ducklin

Some tips on how to keep your network safe – even (or perhaps especially!) if you think you’re safe already. Continue reading Serious Security: DEADBOLT – the ransomware that goes straight for your backups→

Web vendor CafePress fined $500,000 for giving cybersecurity a low value

Posted on March 21, 2022 by Paul Ducklin

Just because you’re the victim of a cybercrime doesn’t let you off your cybersecurity obligations Continue reading Web vendor CafePress fined $500,000 for giving cybersecurity a low value→

OpenSSL patches infinite-loop DoS bug in certificate verification

Posted on March 18, 2022 by Paul Ducklin

When it comes to writing loops in your code… never sit on the fence! Continue reading OpenSSL patches infinite-loop DoS bug in certificate verification→

S3 Ep74: Cybercrime busts, Apple patches, Pi Day, and disconnect effects [Podcast]

Posted on March 17, 2022 by Paul Ducklin

Latest episode – listen now! Continue reading S3 Ep74: Cybercrime busts, Apple patches, Pi Day, and disconnect effects [Podcast]→

Beware bogus Betas – cryptocoin scammers abuse Apple’s TestFlight system

Posted on March 16, 2022 by Paul Ducklin

“Install this moneymaking app” – this one is so special that it isn’t available on Google Play or the App Store! Continue reading Beware bogus Betas – cryptocoin scammers abuse Apple’s TestFlight system→

CISA warning: “Russian actors bypassed 2FA” – what happened and how to avoid it

Posted on March 16, 2022 by Paul Ducklin

Don’t leave old accounts lying around where someone sketchy could reactivate them. Continue reading CISA warning: “Russian actors bypassed 2FA” – what happened and how to avoid it→

Apple patches 87 security holes – from iPhones and Macs to Windows

Posted on March 15, 2022 by Paul Ducklin

Lots of fixes, with data leakage flaws and code execution bugs patched on iPhones, Macs and even Windows. Continue reading Apple patches 87 security holes – from iPhones and Macs to Windows→