Author Archives: Paul Ducklin

Happy #PiDay – even if you aren’t in North America!

Posted on March 14, 2022 by Paul Ducklin

There is a cybersecurity angle here – but you will need to read right to the end to find it 🙂 Continue reading Happy #PiDay – even if you aren’t in North America!→

Cryptocoin ATMs ruled illegal – “Shut down at once”, says regulator

Posted on March 14, 2022 by Paul Ducklin

If you live in the UK and hadn’t yet heard of cryptocoin ATMs… it’s too late now! Continue reading Cryptocoin ATMs ruled illegal – “Shut down at once”, says regulator→

S3 Ep73: Ransomware with a difference, dirty Linux pipes, and much more [Podcast]

Posted on March 10, 2022 by Paul Ducklin

Latest episode – listen now! Continue reading S3 Ep73: Ransomware with a difference, dirty Linux pipes, and much more [Podcast]→

“Dirty Pipe” Linux kernel bug lets anyone write to any file

Posted on March 8, 2022 by Paul Ducklin

Even read-only files can be written to, leading to a dangerously general purpose elevation-of-privilege attack. Continue reading “Dirty Pipe” Linux kernel bug lets anyone write to any file→

Adafruit suffers GitHub data breach – don’t let this happen to you

Posted on March 7, 2022 by Paul Ducklin

Training data stashed in GitHub by mistake… unfortunately, it was *real* data Continue reading Adafruit suffers GitHub data breach – don’t let this happen to you→

Firefox patches two in-the-wild exploits – update now!

Posted on March 5, 2022 by Paul Ducklin

Firefox just published a double-zero-day patch – “remote code execution” combined with “sandbox escape”. Update now! Continue reading Firefox patches two in-the-wild exploits – update now!→

S3 Ep72: AirTag stalking, web server coding woes and Instascams [Podcast + Transcript]

Posted on March 3, 2022 by Paul Ducklin

Latest episode – listen now (or read it, if that’s your preference)… Continue reading S3 Ep72: AirTag stalking, web server coding woes and Instascams [Podcast + Transcript]→

Ransomware with a difference: “Derestrict your software, or else!”

Posted on March 2, 2022 by Paul Ducklin

“Change your code to improve cryptomining”… or we’ll dump 1TB of stolen secrets. Continue reading Ransomware with a difference: “Derestrict your software, or else!”→

Instagram scammers as busy as ever: passwords and 2FA codes at risk

Posted on February 28, 2022 by Paul Ducklin

Instagram scams don’t seem to be dying out – we’re seeing more variety and trickiness than ever… Continue reading Instagram scammers as busy as ever: passwords and 2FA codes at risk→

Did we learn nothing from Y2K? Why are some coders still stuck on two digit numbers?

Posted on February 25, 2022 by Paul Ducklin

Calling all website coders: Y2K was then. V1H is now! Continue reading Did we learn nothing from Y2K? Why are some coders still stuck on two digit numbers?→