This Week In Security: Plenty Of Patches, Replacing Old Gear, And Phrack Calls For Papers

When Friday the Thirteenth and Patch Tuesday happen on the same week, we’re surely in for a good time. Anyone who maintains any sort of Microsoft ecosystem knows by now to brace for impact co…

This Week In Security: Getting Back Up To Speed

Editor’s Note: Over the course of nearly 300 posts, Jonathan Bennett set a very high bar for this column, so we knew it needed to be placed in the hands of somebody who could do it justice. T…

Another huge leak of passwords is the tip of the infostealing iceberg

An unprotected database that spilled 149 million usernames and passwords to the web shines new light on how infostealing malware powers cybercrime.

The WIRED Guide to Digital Opsec for Teens

Practicing good “operations security” is essential to staying safe online. Here's a complete guide for teenagers (and anyone else) who wants to button up their digital lives.

Bluesky

Bluesky

This Week In Security: Malicious Rollback, WHOIS, And More

It’s time to talk about Microsoft’s patch Tuesday, and the odd vulnerability rollback that happened. CVE-2024-43491 has caught some attention, as it’s a 9.8 on the CVSS scale, is …

This Week In Security: EUCLEAK, Revival Hijack, And More

[Thomas Roche] of NinjaLab is out with EUCLEAK, (pdf) a physical attack against Infineon security microcontrollers, and the security tokens that contain them. The name is a portmanteau of Euclidean…

This Week In Security: The Rest Of The IPv6 Story, CVE Hunting, And Hacking The TSA

We finally have some answers about the Windows IPv6 vulnerability — and a Proof of Concept! The patch was a single change in the Windows TCP/IP driver’s Ipv6pProcessOptions(), now calli…