June 16, 2022

Confluence exploits used to drop ransomware on vulnerable servers

Automated attacks are now widely exploiting the Atlassian vulnerability

Security OperationsThreat Research

April 16, 2021

S3 Ep28.5: Hacking back – is attack an acceptable form of defence? [Podcast]

Listen now - and have your say on this divisive issue in our comments!

Naked Security

April 14, 2021

FBI hacks into hundreds of infected US servers (and disinfects them)

Hacking for good! A judge said I could!

Naked Security

March 30, 2021

PHP web language narrowly avoids “backdoor” supply chain attack

The crooks got in and added a backdoor to PHP, but it looks as though it was caught before any harm was done.

Naked Security

March 25, 2021

Patching alone is not enough: Investigate your exposure windows

Security Operations

March 23, 2021

Black Kingdom ransomware begins appearing on Exchange servers

A novel, if not particularly well made, ransomware is spreading to Exchange servers that haven't been patched against the ProxyLogon exploit

Threat Research

March 15, 2021

Naked Security Live – HAFNIUM explained in plain English

Latest episode - watch now!

Naked Security

March 09, 2021

Serious Security: Webshells explained in the aftermath of HAFNIUM attacks

Webshells explained, with some (safe) examples you can try at home if you want to learn more.

Naked Security

March 09, 2021

Critical updates dominate March, 2021 Patch Tuesday releases

Fixes urgently required for DNS and Exchange servers, as well as for all desktop Windows machines

SophosLabs UncutThreat Research