Author Archives: Paul Ducklin

7 VPNs that leaked their logs – the logs that “didn’t exist”

Posted on July 20, 2020 by Paul Ducklin

Just how private is your Virtual Private Network? Continue reading 7 VPNs that leaked their logs – the logs that “didn’t exist”→

Apple’s latest updates are out for iPhones and Macs – get them now!

Posted on July 17, 2020 by Paul Ducklin

None of Apple’s bugs have nicknames like Microsoft’s recent “SIGRed” – but there are nevertheless kernel-level code holes to be patched… Continue reading Apple’s latest updates are out for iPhones and Macs – get them now!→

Twitter limits tweeting as prominent accounts spam out cryptocoin scams

Posted on July 16, 2020 by Paul Ducklin

Twitter is investigating a rash of scam tweets from prominent accounts – don’t fall for these scams! Continue reading Twitter limits tweeting as prominent accounts spam out cryptocoin scams→

Patch now! SIGRED – the wormable hole in your Windows servers

Posted on July 15, 2020 by Paul Ducklin

The bug can definitely crash your Windows DNS servers, and it could end up being used for much worse than that. Please patch now! Continue reading Patch now! SIGRED – the wormable hole in your Windows servers→

RATicate malware gang goes commercial

Posted on July 14, 2020 by Paul Ducklin

O, what tangled code we weave, when first we practise to deceive! Continue reading RATicate malware gang goes commercial→

Digicert revokes a raft of web security certificates

Posted on July 13, 2020 by Paul Ducklin

The good news is that this was a bureaucratic necessity rather than an actual cybersecurity attack. Continue reading Digicert revokes a raft of web security certificates→

Mozilla turns off “Firefox Send” following malware abuse reports

Posted on July 8, 2020 by Paul Ducklin

Sadly, the easier and safer you make your file sharing service, the more attractive it becomes to the crooks. Continue reading Mozilla turns off “Firefox Send” following malware abuse reports→

Company web names hijacked via outdated cloud DNS records

Posted on July 7, 2020 by Paul Ducklin

Why hack into a server when you can just send vistors to a fake alternative instead? Continue reading Company web names hijacked via outdated cloud DNS records→

Facebook hoaxes back in the spotlight – what to tell your friends

Posted on July 3, 2020 by Paul Ducklin

At the risk of giving you a feeling of déjà vu all over again, it’s time to talk about Facebook hoaxes once more. Continue reading Facebook hoaxes back in the spotlight – what to tell your friends→

MongoDB ransom threats step up from blackmail to full-on wiping

Posted on July 2, 2020 by Paul Ducklin

Still thinking “the crooks probably won’t find me if I make a security blunder”? Continue reading MongoDB ransom threats step up from blackmail to full-on wiping→