If you can’t beat ’em, sue ’em! | Continue reading
This site, like millions of others, has a certificate from Let’s Encrypt. Farewell, Peter Eckersley, PhD, who helped make it all possible. | Continue reading
If you spew projects laced with hidden malware into an open source repository, don’t waste your time telling us “no harm done” afterwards. | Continue reading
“When those invitations went out… somehow, your password hash went out with them.” | Continue reading
And THIS is why you don’t knit your own home-made encryption algorithms and hope no one looks at them. | Continue reading
More supply chain trouble – this time with clear examples so you can learn how to spot this stuff yourself. | Continue reading
Just when you thought it was safe to delve into your clipboard. | Continue reading
This code is venerable! Surely all the bugs must be out by now? | Continue reading
Zero-day buses: none for a while, then three at once. Here’s Google joining Apple and Adobe in “zero-day week” | Continue reading
A third-party cybersecurity firm were paid to drill a hole in a Tor-reliant operating system to uncover a man who spent years sextorting young girls. | Continue reading
Sudden update! Zero-day browser hole! Drive-by malware danger! Patch Apple laptops and phones now… | Continue reading
Once more unto the breach, dear friends, once more… | Continue reading
Researcher Artem Dinaburg presented his paper about memory errors leading to mistaken DNS lookups at last week’s Black Hat conference in Las Vegas, Nevada. He showed how attackers could use t… | Continue reading
Ut tensio, sic uis! Does twice the bug pile on twice the pressure to fix it? | Continue reading
All bugs are equal. But some bugs are more equal than others. | Continue reading
You are the password (and so is a photograph of you) | Continue reading
Can you help? There’s a hidden meaning here, and it’s time to find it! | Continue reading
It’s all over the news! The bug you can’t fix! Fortunately, you don’t need to. We explain why. | Continue reading
It’s three weeks since last time. Now it’s this time, so patch now! | Continue reading
More phun with Apple AirTags! Free internet, no data plan required… but it’s s-l-o-o-o-w. | Continue reading
Ooooh, look! A shiny button-like object! | Continue reading
When a search result looks too good to be true – it IS too good to be true! | Continue reading
To this “researcher”, even a job not worth doing was worth overdoing. Here’s what you can learn from the incident… | Continue reading
It’s déjà vu all over again! New month, new Chrome zero-day bug being exploited in the wild. | Continue reading
Beware pseudo-geeks bearing ‘gifts’. | Continue reading
Great news from Europol – if you’ve heard of Emotet, you’ll have a good idea how badly things often end for its victims. | Continue reading
Most companies are quick to remove ex-staff from the payroll, but often not so quick to shut down their network access. | Continue reading
What looked at first glance underwater like an “old typewriter” turned out to be an historic cipher machine. | Continue reading
The bug at the heart of this is already patched – but there’s a lot to learn from this story anyway. | Continue reading
The journey to the end of Flash. Are we there yet? | Continue reading
A relative newcomer in the “malware-as-a-service” scene is starting to attract the big-money ransomware criminals. | Continue reading
Were you woken up by a bogus Android notification from Google or Microsoft this week? | Continue reading
Making .GOV domains secure – it’ll take “a few years” yet | Continue reading
GitHub has uncovered a form of malware that spreads via infected repositories on its system. | Continue reading
Maps, weather, searches et al. suck up location data in the background, even if Tracking is turned off. Arizona says it’s consumer fraud. | Continue reading
She wanted a sub, not Facebook, Instagram and SMS come-ons from the guy who served her and intercepted her contact-tracing details. | Continue reading
Web hosting behemoth GoDaddy just filed a data breach notification with the US state of California. | Continue reading
Scientists known for finding ways to transmit software from non-networked computers have figured out a way to do it with computer fan vibrations. | Continue reading
The Big Bad Wolves haven’t blown the house down but did come up with a way to “hold the three little pigs responsible for being delicious,” Signal said. | Continue reading
A rival hacking forum has yet again hacked OGUsers and doxxed its database for one and all to grab. | Continue reading
The aim is to block the browser from reaching the small number of sites that cling to HTTP, closing security risks. | Continue reading
Eight million customer records belonging to companies including Amazon, eBay, Shopify, PayPal, and Stripe were collected. | Continue reading
The bill, which would undercut Section 230 protections for online publishing, presents itself as a way to stop online child abuse. | Continue reading
Brave is testing a new defence against fingerprinting: confusing algorithms by randomising some of the data they collect. | Continue reading
If your certificate gets revoked and you don’t renew it, visitors won’t be able to get to your site… | Continue reading
From 1 September 2020, Safari will no longer trust SSL/TLS certificates with more than a year on the clock. | Continue reading
The attacker(s) infected both IT and operational networks with an unspecified ransomware strain, though the facility never lost control. | Continue reading
HTTPS web encryption – blessing or curse? A new SophosLabs report looks at how much the crooks love TLS. | Continue reading