Author Archives: Paul Ducklin

MOVEit zero-day exploit used by data breach gangs: The how, the why, and what to do…

Posted on June 5, 2023 by Paul Ducklin

Little Bobby Tables is back! Continue reading MOVEit zero-day exploit used by data breach gangs: The how, the why, and what to do…→

Researchers claim Windows “backdoor” affects hundreds of Gigabyte motherboards

Posted on June 2, 2023 by Paul Ducklin

It’s a backdoor, Jim, but not as we know it… here’s a sober look at this issue. Continue reading Researchers claim Windows “backdoor” affects hundreds of Gigabyte motherboards→

S3 Ep137: 16th century crypto skullduggery

Posted on June 1, 2023 by Paul Ducklin

Lots to learn, clearly explained in plain English… listen now! (Full transcript inside.) Continue reading S3 Ep137: 16th century crypto skullduggery→

Serious Security: That KeePass “master password crack”, and what we can learn from it

Posted on May 31, 2023 by Paul Ducklin

Here, in an admittedly discursive nutshell, is the fascinating story of CVE-2023-32784. (Short version: Don’t panic.) Continue reading Serious Security: That KeePass “master password crack”, and what we can learn from it→

Serious Security: Verification is vital – examining an OAUTH login bug

Posted on May 30, 2023 by Paul Ducklin

What good is a popup asking for your approval if an attacker can bypass it simply by suppressing it? Continue reading Serious Security: Verification is vital – examining an OAUTH login bug→

S3 Ep136: Navigating a manic malware maelstrom

Posted on May 25, 2023 by Paul Ducklin

Latest episode – listen now. Full transcript inside… Continue reading S3 Ep136: Navigating a manic malware maelstrom→

Ransomware tales: The MitM attack that really had a Man in the Middle

Posted on May 24, 2023 by Paul Ducklin

Another traitorous sysadmin story, this one busted by system logs that gave his game away… Continue reading Ransomware tales: The MitM attack that really had a Man in the Middle→

PyPI open-source code repository deals with manic malware maelstrom

Posted on May 23, 2023 by Paul Ducklin

Controlled outage used to keep malware marauders from gumming up the works. Learn what you can do to help in future… Continue reading PyPI open-source code repository deals with manic malware maelstrom→

Apple’s secret is out: 3 zero-days fixed, so be sure to patch now!

Posted on May 19, 2023 by Paul Ducklin

All Apple users have zero-days that need patching, though some have more zero-days than others. Continue reading Apple’s secret is out: 3 zero-days fixed, so be sure to patch now!→

S3 Ep135: Sysadmin by day, extortionist by night

Posted on May 18, 2023 by Paul Ducklin

Laugh (sufficiently), learn (efficiently), and then let us know what you think in our comments (anonymously, if you wish)… Continue reading S3 Ep135: Sysadmin by day, extortionist by night→