NEWS & Updates


    How Outlook “autodiscover” could leak your passwords – and how to stop it

    23 SEP 2021 0 Previous: VMware patch bulletin warns: “This needs your immediate attention.” by Paul Ducklin Researchers at a cybersecurity startup called Guardicore just published a report about an experiment they conducted over the past four months… …in which they claim to have collected hundreds of thousands of Exchange and Windows passwords that were inadvertently uploaded to their servers by […]

    Read more

    VMware patch bulletin warns: “This needs your immediate attention.”

    22 SEP 2021 0Vulnerability Previous: iOS 15 launches with 22 documented security patches – including a Face ID bypass using a “3D model” by Paul Ducklin VMware’s latest security update includes patches for 19 different CVE-numbered vulnerabilities affecting the company’s vCenter Server and Cloud Foundation products. All of the bugs can be considered serious – they wouldn’t be enumerated in an official security advisory […]

    Read more

    iOS 15 includes Face ID fix for security bypass using fake heads

    by Paul Ducklin Apple’s iOS 15 is now out – the very latest software version for iPhones, just in time for the official launch of the new iPhone 13 later in the week. (Yes, you can buy an iPhone 13 today, but only by placing what modern sales and marketing jargon refers to as a pre-order, which […]

    Read more

    “Back to basics” as courier scammers skip fake fees and missed deliveries

    by Paul Ducklin We’ve been warning about fake courier scams on Naked Security for many years, even before the coronavirus pandemic increased our collective reliance on home deliveries. These scams can take many different forms, including: A fake gift sent by an online “friend” is delayed by customs charges. This is a common ruse used by romance scammers, […]

    Read more

    OMIGOD, an exploitable hole in Microsoft open source code!

    by Paul Ducklin The September 2021 Patch Tuesday updates from Microsoft came out this week. The fix that everyone was waiting for with bated breath was the patch for CVE-2021-40444, a zero-day remote code execution bug in MSHTML that was announced by Microsoft just days before Patch Tuesday came around: Remotable bugs in MSHTML, which is the web renderer used by […]

    Read more

    Apple products vulnerable to FORCEDENTRY zero-day attack – patch now!

    14 SEP 2021 0Apple, iOS, OS X Previous: Serious Security: How to make sure you don’t miss bug reports! by Paul Ducklin   You know what we’re going to say, so we’ll say it right away. Patch early, patch often. Canadian privacy and cybersecurity activist group The Citizen Lab just announced a zero-day security hole in Apple’s iPhone, iPad and Macintosh operating […]

    Read more