June 15, 2023

MOVEit mayhem 3: “Disable HTTP and HTTPS traffic immediately”

Twice more unto the breach... third patch tested and released, shut down web access until you've applied it

Naked Security

June 15, 2023

S3 Ep139: Are password rules like running through rain?

Latest episode - listen now! (Full transcript inside.)

Naked Security

June 14, 2023

Patch Tuesday fixes 4 critical RCE bugs, and a bunch of Office holes

No zero-days this month, if you ignore the Edge RCE hole patched last week

Naked Security

June 13, 2023

Gozi banking malware “IT chief” finally jailed after more than 10 years

Gozi threesome from way back in the late 2000s and early 2010s now all charged, convicted and sentenced. The DOJ got there in the end...

Naked Security

June 12, 2023

History revisited: US DOJ unseals Mt. Gox cybercrime charges

Though the mills of the Law grind slowly/Yet they grind exceeding small/Though with patience they stand waiting/With exactness grind they all...

Naked Security

June 09, 2023

More MOVEit mitigations: new patches published for further protection

Good news... more patches, this time available proactively

Naked Security

June 09, 2023

Thoughts on scheduled password changes (don’t call them rotations!)

Does swapping your password regularly make it a better password?

Naked Security

June 08, 2023

S3 Ep138: I like to MOVEit, MOVEit

Backdoors, exploits, and Little Bobby Tables. Listen now! (Full transcript available...)

Naked Security

June 07, 2023

Firefox 114 is out: No 0-days, but one fascinating “teachable moment” bug

With the right (or wrong, if you're on the right side of the fence) timing...

Naked Security