In this comprehensive article, the Naked Security podcast discusses various tech-related topics, with Doug Aamoth and Paul Ducklin providing their insights and opinions. The article begins with a humorous exchange between Doug and Paul about their representation of an interrogation mark. They then move on to discuss Miss Manners, an advice columnist who addressed the…
A group of researchers from Italy and the UK recently published a paper highlighting cryptographic insecurities in the TP-Link Tapo L530E smart light bulb, which is currently a bestseller on Amazon Italy. The researchers contacted TP-Link through their Vulnerability Research Program, and the company acknowledged the vulnerabilities and began working on fixes. However, the researchers…
The August 2023 Microsoft security updates have been released, fixing a total of 74 CVE-numbered bugs. Two special items, labeled “Exploitation Detected,” caught attention on Microsoft’s bug listing page. These items, Microsoft Office: ADV230003 and Memory Integrity System Readiness Scan Tool: ADV230004, do not directly correspond to any of the month’s CVE numbers. The Office…
DOUG. Firefox updates, another Bug With An Impressive Name, and the SEC demands disclosure. All that, and more, on the Naked Security podcast. [MUSICAL MODEM] Welcome to the podcast, everybody. I am Doug Aamoth; he is Paul Ducklin. Paul, I hope you will be proud of me… I know you are a cycling enthusiast. I rode…
Another week, another BWAIN! For those who are unfamiliar with the term, BWAIN stands for Bug With An Impressive Name. It refers to the practice of giving new cybersecurity attacks catchy names, registering domain names for them, creating custom websites, and designing logos. In the latest discovery, the attack has been named Collide+Power, which includes…
is a commonly used HTML element that is used to create a division or section in a web page. It is used to group and organize content, apply styles and layouts, and create different sections on a webpage. The latest version of Firefox, version 116, has been released. Firefox releases new versions every 28 days,…
Apple recently released a full update that includes not only the second Rapid Response patch but also a fix for another zero-day vulnerability. The zero-day in WebKit, which was previously addressed in the Rapid Response patch, has now been accompanied by a fix for a kernel-level vulnerability. Interestingly, the zero-day in WebKit was attributed to…
Remember Heartbleed? That infamous bug from 2014 introduced the term “-bleed” to describe vulnerabilities that leak data in an uncontrolled manner. These types of bugs cannot be used for precision attacks, but rather allow attackers to collect large amounts of unauthorized data for later analysis. Heartbleed, for example, allowed attackers to obtain additional bytes of…
If you’ve been silently uncovering cryptographic bugs in a private police radio system for the past two years, you might be wondering how to handle the disclosure of your research. The researchers at Midnight Blue, a boutique Dutch cybersecurity consultancy, have a unique approach. They have planned a world tour of conference appearances in the…
Apple users were urged to download a Rapid Response patch to fix a web-browsing security hole that had been exploited in real-world spyware attacks. The bug fix addressed a code execution vulnerability and was released as an emergency measure. While not a true zero-click attack, where cybercriminals can take over a device without any user…