Login
FreshRSS
Login
About FreshRSS
Main stream
Favourites (0)
Security
/r/netsec - Information Security News & Discussion
Dark Reading:
http://blog.trendmicro.com/feed
ICS-CERT Alert Feed
Infosec Island Latest Articles
InfoSec Resources
Krebs on Security
McAfee Blogs
Naked Security
News β Packet Storm
Paul's Security Weekly
SANS Internet Storm Center, InfoCON: green
Security β Cisco Blog
SecurityFocus News
The first stop for security news | Threatpost
The Hacker News
The Register - Security
Threatpost | The first stop for security news
Troy Hunt
Verisign Blog
WeLiveSecurity
WIRED
ZDNet | security RSS
Tools
Security Tool Files β Packet Storm
ToolsWatch.org β The Hackers Arsenal Tools Portal
Vulnerabilities
Advisory Files β Packet Storm
Exploit-DB Updates
Full Disclosure
SecurityFocus Vulnerabilities
There are new available articles, click to refresh the page.
Before yesterday
Naked Security
Naked Security
S3 Ep99: TikTok βattackβ β was there a data breach, or not? [Audio + Text]
September 8
th
2022 at 13:21Β
S3 Ep99: TikTok βattackβ β was there a data breach, or not? [Audio + Text]
By
Paul Ducklin
Latest episode - listen now! (Or read if you prefer - full transcript inside.)
Related tags
β
Podcast
Eckersley
Lets
Encrypt
Naked
Security
Podcast
Peter
Tik
Tok
September 8
th
2022 at 13:21
Naked Security
S3 Ep97: Did your iPhone get pwned? How would you know? [Audio + Text]
August 25
th
2022 at 15:37Β
S3 Ep97: Did your iPhone get pwned? How would you know? [Audio + Text]
By
Paul Ducklin
Latest episode - listen now! (Or read the transcript if you prefer the text version.)
Related tags
β
Apple
Cryptocurrency
Google
Microsoft
Podcast
Vulnerability
"Edge"
chrome
crypto
cryptocurrency
denial
of
service
DOS
iPhone
Naked
Security
Podcast
R&B
Zero
Day
August 25
th
2022 at 15:37
Naked Security
Bitcoin ATMs leeched by attackers who created fake admin accounts
August 23
rd
2022 at 18:35Β
Bitcoin ATMs leeched by attackers who created fake admin accounts
By
Paul Ducklin
The criminals didn't implant any malware. The attack was orchestrated via malevolent configuration changes.
Related tags
β
Cryptocurrency
Vulnerability
atm
BTC
crypto
cryptocurrency
General
Bytes
phantom
withdrawal
vulnerability
August 23
rd
2022 at 18:35
Naked Security
S3 Ep96: Zoom 0-day, AEPIC leak, Conti reward, healthcare security [Audio + Text]
August 18
th
2022 at 18:38Β
S3 Ep96: Zoom 0-day, AEPIC leak, Conti reward, healthcare security [Audio + Text]
By
Paul Ducklin
Latest episode - listen now (or read if you prefer!)
Related tags
β
Cryptography
Intel
Law
&
order
Malware
Podcast
Privacy
AEPIC
Conti
healthcare
Naked
Security
Podcast
ransomware
zoom
August 18
th
2022 at 18:38
Naked Security
S3 Ep95: Slack leak, Github onslaught, and post-quantum crypto [Audio + Text]
August 11
th
2022 at 14:34Β
S3 Ep95: Slack leak, Github onslaught, and post-quantum crypto [Audio + Text]
By
Paul Ducklin
Latest episode - listen now! (Or read the transcript if you prefer.)
Related tags
β
Cryptography
Data
loss
Law
&
order
Malware
Microsoft
Podcast
Privacy
Cybercrime
github
hacking
malware
Naked
Security
Podcast
quantum
computing
August 11
th
2022 at 14:34
Naked Security
APIC/EPIC! Intel chips leak secrets even the kernel shouldnβt seeβ¦
August 10
th
2022 at 16:59Β
APIC/EPIC! Intel chips leak secrets even the kernel shouldnβt seeβ¦
By
Paul Ducklin
If you've ever written code that left stuff lying around in memory when you didn't need it any more... we bet you've regretted it!
Related tags
β
Cryptography
Data
loss
Vulnerability
APIC
CVE-2022-21233
EPIC
SGX
ΓPIC
Leak
August 10
th
2022 at 16:59
Naked Security
Slack admits to leaking hashed passwords for five years
August 8
th
2022 at 15:14Β
Slack admits to leaking hashed passwords for five years
By
Paul Ducklin
"When those invitations went out... somehow, your password hash went out with them."
Related tags
β
Cryptography
Data
loss
brute
force
crack
dictionary
attack
hashing
password
salt
Slack
August 8
th
2022 at 15:14
Naked Security
S3 Ep94: This sort of crypto (graphy), and the other sort of crypto (currency!) [Audio + Text]
August 4
th
2022 at 17:52Β
S3 Ep94: This sort of crypto (graphy), and the other sort of crypto (currency!) [Audio + Text]
By
Paul Ducklin
Latest episode - listen now! (Or read if that's what you prefer.)
Related tags
β
Cryptocurrency
Cryptography
Podcast
Vulnerability
cryptocurrency
cryptogram
Cybercrime
Naked
Security
Podcast
August 4
th
2022 at 17:52
Naked Security
Post-quantum cryptography β new algorithm βgone in 60 minutesβ
August 3
rd
2022 at 18:55Β
Post-quantum cryptography β new algorithm βgone in 60 minutesβ
By
Paul Ducklin
And THIS is why you don't knit your own home-made encryption algorithms and hope no one looks at them.
Related tags
β
Cryptography
nist
PQC
quantum
quantum
computing
SIKE
August 3
rd
2022 at 18:55
Naked Security
Cryptocoin βtoken swapperβ Nomad loses $200 million in coding blunder
August 2
nd
2022 at 16:12Β
Cryptocoin βtoken swapperβ Nomad loses $200 million in coding blunder
By
Paul Ducklin
Transactions were only approved, it seems, if they were initiated by... errrrr, by anyone.
Related tags
β
Cryptocurrency
Cryptography
Vulnerability
cryptocoin
cryptocurrency
DeFi
Nomad
August 2
nd
2022 at 16:12
Naked Security
GnuTLS patches memory mismanagement bug β update now!
August 1
st
2022 at 16:55Β
GnuTLS patches memory mismanagement bug β update now!
By
Paul Ducklin
GnuTLS may well be the most widespread cryptographic toolkit you've never heard of. Learn more...
Related tags
β
Cryptography
Vulnerability
CVE-2022-2509
double-free
gnutls
heartbleed
August 1
st
2022 at 16:55
Naked Security
S3 Ep91: CodeRed, OpenSSL, Java bugs, Office macros [Audio + Text]
July 14
th
2022 at 18:47Β
S3 Ep91: CodeRed, OpenSSL, Java bugs, Office macros [Audio + Text]
By
Paul Ducklin
Latest episode - listen now! Great discussion, technical content, solid advice... all covered in plain English.
Related tags
β
Cryptography
Law
&
order
Malware
Microsoft
Podcast
AES
Naked
Security
Podcast
ransomware
RSA
VBA
July 14
th
2022 at 18:47
Naked Security
Paying ransomware crooks wonβt reduce your legal risk, warns regulator
July 12
th
2022 at 18:24Β
Paying ransomware crooks wonβt reduce your legal risk, warns regulator
By
Paul Ducklin
"We paid the crooks to keep things under control and make a bad thing better"... isn't a valid excuse. Who knew?
Related tags
β
GDPR
compliance
Law
&
order
Ransomware
Uncategorized
cyberextortion
GCHQ
ico
NCSC
ransomware
July 12
th
2022 at 18:24
Naked Security
S3 Ep90: Chrome 0-day again, True Cybercrime, and a 2FA bypass [Podcast + Transcript]
July 7
th
2022 at 18:46Β
S3 Ep90: Chrome 0-day again, True Cybercrime, and a 2FA bypass [Podcast + Transcript]
By
Paul Ducklin
Listen now! Or read if you prefer...
Related tags
β
Cryptocurrency
Google
Google
Chrome
Law
&
order
Podcast
Vulnerability
2FA
busts
cryptocurrency
Naked
Security
Podcast
OneCoin
July 7
th
2022 at 18:46
Naked Security
OpenSSL fixes two βone-linerβ crypto bugs β what you need to know
July 6
th
2022 at 16:52Β
OpenSSL fixes two βone-linerβ crypto bugs β what you need to know
By
Paul Ducklin
"As bad as Heartbleed"? We heard that concern a week ago, but we think it's less ungood than that...
Related tags
β
Cryptography
Vulnerability
AES
openssl
RSA
vulnerability
July 6
th
2022 at 16:52
Naked Security
Canadian cybercriminal pleads guilty to βNetWalkerβ attacks in US
July 4
th
2022 at 14:09Β
Canadian cybercriminal pleads guilty to βNetWalkerβ attacks in US
By
Paul Ducklin
Bust in Canada, now bust in the USA as well.
Related tags
β
Cryptocurrency
Law
&
order
Ransomware
bitcoin
bust
Netwalker
ransomware
revil
July 4
th
2022 at 14:09
Naked Security
βMissing Cryptoqueenβ hits the FBIβs Ten Most Wanted list
July 1
st
2022 at 16:49Β
βMissing Cryptoqueenβ hits the FBIβs Ten Most Wanted list
By
Paul Ducklin
The "Missing Cryptoqueen" makes the American Top Ten... but not in a good way.
Related tags
β
Cryptocurrency
Law
&
order
crypto
cryptocoin
cryptoqueen
Ignatova
Scam
July 1
st
2022 at 16:49
Naked Security
S3 Ep89: Sextortion, blockchain blunder, and an OpenSSL bugfix [Podcast + Transcript]
June 30
th
2022 at 12:57Β
S3 Ep89: Sextortion, blockchain blunder, and an OpenSSL bugfix [Podcast + Transcript]
By
Paul Ducklin
Latest episode - listen and read now! Use our advice to advise your own friends and family... let's all do our bit to stand up to scammers!
Related tags
β
Cryptocurrency
Cryptography
Law
&
order
Podcast
Vulnerability
crypto
cryptocurrency
extortion
Naked
Security
Podcast
openssl
scammers
June 30
th
2022 at 12:57
Naked Security
Harmony blockchain loses nearly $100M due to hacked private keys
June 27
th
2022 at 18:14Β
Harmony blockchain loses nearly $100M due to hacked private keys
By
Paul Ducklin
The crooks needed at least two private keys, each stored in two parts... but they got them anyway.
Related tags
β
Cryptocurrency
Data
loss
crypto
ether
hack
Harmony
June 27
th
2022 at 18:14
Naked Security
FTC warns of LGBTQ+ extortion scams β be aware before you share!
June 27
th
2022 at 14:58Β
FTC warns of LGBTQ+ extortion scams β be aware before you share!
By
Paul Ducklin
It's a simple jingle and it's solid advice: "If in doubt, don't give it out!"
Related tags
β
Law
&
order
Privacy
cyberextortion
extortion
RTC
Scam
June 27
th
2022 at 14:58
Naked Security
OpenSSL issues a bugfix for the previous bugfix
June 24
th
2022 at 15:32Β
OpenSSL issues a bugfix for the previous bugfix
By
Paul Ducklin
Fortunately, it's not a major bugfix, which means it's easy to patch and can teach us all some useful lessons.
Related tags
β
Cryptography
Vulnerability
command
injection
crypto
openssl
June 24
th
2022 at 15:32
Naked Security
S3 Ep88: Phone scammers, hacking bust, and data breach fines [Podcast + Transcript]
June 23
rd
2022 at 11:08Β
S3 Ep88: Phone scammers, hacking bust, and data breach fines [Podcast + Transcript]
By
Paul Ducklin
Latest epsiode - listen (or read) now!
Related tags
β
Amazon
Cryptocurrency
Data
loss
Law
&
order
Malware
Podcast
Privacy
bust
data
breach
hacking
Interpol
Naked
Security
Podcast
phone
scams
scammers
June 23
rd
2022 at 11:08
Naked Security
Capital One identity theft hacker finally gets convicted
June 21
st
2022 at 15:24Β
Capital One identity theft hacker finally gets convicted
By
Paul Ducklin
It took three years, but the Capital One cracker was convicted in the end. Don't get caught out in a data breach of your own!
Related tags
β
Data
loss
Law
&
order
Malware
capital
one
cryptojacking
data
breach
doj
SSN
June 21
st
2022 at 15:24
Naked Security
Murder suspect admits she tracked cheating partner with hidden AirTag
June 14
th
2022 at 18:49Β
Murder suspect admits she tracked cheating partner with hidden AirTag
By
Paul Ducklin
O! What a tangled web we weave, when first we practise to deceive.
Related tags
β
Law
&
order
Privacy
AirTag
BLE
bluetooth
surveillance
Tracking
June 14
th
2022 at 18:49
Naked Security
Whoβs watching your webcam? The Screencastify Chrome extension storyβ¦
May 26
th
2022 at 12:41Β
Whoβs watching your webcam? The Screencastify Chrome extension storyβ¦
By
Paul Ducklin
When you really need to make exceptions in cybersecurity, specify them as explicitly as you can.
Related tags
β
Privacy
Chrome
store
need-to-know
Screencastify
webcam
May 26
th
2022 at 12:41
Naked Security
Microsoft patches the Patch Tuesday patch that broke authentication
May 20
th
2022 at 22:35Β
Microsoft patches the Patch Tuesday patch that broke authentication
By
Paul Ducklin
Remember the good old days when security patches rarely needed patches? Because security patches themlelves were rare enough anyway?
Related tags
β
Microsoft
Vulnerability
Windows
authentication
out-of-band
patch-to-patch
Woindows
May 20
th
2022 at 22:35
Naked Security
He sold cracked passwords for a living β now heβs serving 4 years in prison
May 13
th
2022 at 18:31Β
He sold cracked passwords for a living β now heβs serving 4 years in prison
By
Paul Ducklin
Crooks don't need a password for every user on your network to break in and wreak havoc. One could be enough...
Related tags
β
Cryptography
Law
&
order
bust
cracking
Cybercrime
doj
May 13
th
2022 at 18:31
Naked Security
S3 Ep79: Chrome hole, a bad place for a cybersecurity holiday, and crypto-dodginess [Podcast]
April 21
st
2022 at 13:41Β
S3 Ep79: Chrome hole, a bad place for a cybersecurity holiday, and crypto-dodginess [Podcast]
By
Paul Ducklin
Do you know your Adam Osborne from your John Osbourne? Your Z80 from your 6502? Latest episode - listen now!
Related tags
β
Cryptocurrency
Cryptography
Law
&
order
Podcast
Beanstalk
cryptocurrency
Cybercrime
Naked
Security
Podcast
April 21
st
2022 at 13:41
Naked Security
Critical cryptographic Java security blunder patched β update now!
April 20
th
2022 at 16:43Β
Critical cryptographic Java security blunder patched β update now!
By
Paul Ducklin
Either know the private key and use it scrupulously in your digital signature calculation.... or just send a bunch of zeros instead.
Related tags
β
Cryptography
Java
Oracle
Vulnerability
CVE-2022-21449
digital
signature
vulnerability
April 20
th
2022 at 16:43
Naked Security
Beanstalk cryptocurrency heist: scammer votes himself all the money
April 19
th
2022 at 16:00Β
Beanstalk cryptocurrency heist: scammer votes himself all the money
By
Paul Ducklin
Voting safeguards based on commuity collateral don't work if one person can use a momentary loan to "become" 75% of the community.
Related tags
β
Cryptocurrency
Vulnerability
Blockchain
cryptocoin
cryptocurrency
vulnerability
April 19
th
2022 at 16:00
Naked Security
S3 Ep78: Darkweb hydra, Ruby, quantum computing, and a robot revolution [Podcast]
April 14
th
2022 at 13:39Β
S3 Ep78: Darkweb hydra, Ruby, quantum computing, and a robot revolution [Podcast]
By
Paul Ducklin
Latest episode - listen now!
Related tags
β
Cryptocurrency
Cryptography
Podcast
Vulnerability
darkweb
Hydra
iot
Naked
Security
Podcast
PQC
quantum
computing
robot
takedown
April 14
th
2022 at 13:39
Naked Security
US cryptocurrency coder gets 5 years for North Korea sanctions busting
April 13
th
2022 at 15:52Β
US cryptocurrency coder gets 5 years for North Korea sanctions busting
By
Naked Security writer
Cryptocurrency expert didn't take "No" for an answer when the US authorities said he couldn't pursue cryptocoin opps in North Korea.
Related tags
β
Cryptocurrency
Law
&
order
bust
doj
FBI
North
Korea
April 13
th
2022 at 15:52
Naked Security
OpenSSH goes Post-Quantum, switches to qubit-busting crypto by default
April 11
th
2022 at 16:58Β
OpenSSH goes Post-Quantum, switches to qubit-busting crypto by default
By
Paul Ducklin
Useful quantum computers might not actually be possible. But what if they are? And what if they arrive, say, tomorrow?
cat-1200
Related tags
β
Cryptography
NTRU
Prime
openssh
quantum
computing
April 11
th
2022 at 16:58
Naked Security
Serious Security: Darkweb drugs market Hydra taken offline by German police
April 6
th
2022 at 16:22Β
Serious Security: Darkweb drugs market Hydra taken offline by German police
By
Paul Ducklin
Why are Tor sites hard to locate and therefore difficult to take down? We explain in plain English...
Related tags
β
Cryptocurrency
Law
&
order
bust
cryptocurrency
dark
web
darkweb
Hydra
takedown
April 6
th
2022 at 16:22
Naked Security
LAPSUS$ hacks continue despite two hacker suspects in court
April 4
th
2022 at 21:36Β
LAPSUS$ hacks continue despite two hacker suspects in court
By
Paul Ducklin
Do you know where in your company to report security anomalies? If you receive such reports, do you have an efficient way to process them?
Related tags
β
Data
loss
Law
&
order
Privacy
bust
cyberextortion
hacking
lapsus
ransomware
April 4
th
2022 at 21:36
Naked Security
UK police arrest 7 hacking suspects β have they bust the LAPSUS$ gang?
March 25
th
2022 at 01:48Β
UK police arrest 7 hacking suspects β have they bust the LAPSUS$ gang?
By
Naked Security writer
Seven alleged hackers have been arrested in the UK. But who are they, and which hacking crew are they from?
Related tags
β
Cryptocurrency
Law
&
order
bust
Cybercrime
DEV-0537
hacking
lapsus
March 25
th
2022 at 01:48
Naked Security
S3 Ep75: Okta hack, CryptoRom, OpenSSL, and CafePress [Podcast]
March 24
th
2022 at 13:49Β
S3 Ep75: Okta hack, CryptoRom, OpenSSL, and CafePress [Podcast]
By
Paul Ducklin
Latest episode - listen now!
Related tags
β
Cryptography
Data
loss
Malware
Podcast
Vulnerability
CafePress
data
breach
ftc
lapsus
Naked
Security
Podcast
March 24
th
2022 at 13:49
Naked Security
OpenSSL patches infinite-loop DoS bug in certificate verification
March 18
th
2022 at 17:59Β
OpenSSL patches infinite-loop DoS bug in certificate verification
By
Paul Ducklin
When it comes to writing loops in your code... never sit on the fence!
Related tags
β
Cryptography
Vulnerability
CVE-2022-0778
DOS
openssl
ormandy
vulnerability
March 18
th
2022 at 17:59
Naked Security
Beware bogus Betas β cryptocoin scammers abuse Appleβs TestFlight system
March 16
th
2022 at 15:49Β
Beware bogus Betas β cryptocoin scammers abuse Appleβs TestFlight system
By
Paul Ducklin
"Install this moneymaking app" - this one is so special that it isn't available on Google Play or the App Store!
Related tags
β
Apple
Cryptocurrency
iOS
Malware
cryptocoin
scam
CryptoRom
fake
app
malware
scammer
TestFlight
March 16
th
2022 at 15:49
Naked Security
Cryptocoin ATMs ruled illegal β βShut down at onceβ, says regulator
March 14
th
2022 at 17:51Β
Cryptocoin ATMs ruled illegal β βShut down at onceβ, says regulator
By
Paul Ducklin
If you live in the UK and hadn't yet heard of cryptocoin ATMs... it's too late now!
Related tags
β
Cryptocurrency
cryptcoins
Money
Laundering
scams
March 14
th
2022 at 17:51
Naked Security
Alleged Kaseya ransomware attacker arrives in Texas for trial
March 11
th
2022 at 14:59Β
Alleged Kaseya ransomware attacker arrives in Texas for trial
By
Naked Security writer
The US Independence Day weekend of 2021 wasn't much of a holiday for cybersecurity staff. That was when the Kaseya attack unfolded...
Related tags
β
Cryptocurrency
Law
&
order
Ransomware
bust
Kaseya
ransomware
March 11
th
2022 at 14:59
Naked Security
Ransomware with a difference: βDerestrict your software, or else!β
March 2
nd
2022 at 16:33Β
Ransomware with a difference: βDerestrict your software, or else!β
By
Paul Ducklin
"Change your code to improve cryptomining"... or we'll dump 1TB of stolen secrets.
Related tags
β
Security
threats
data
breach
extortion
hacking
lapsus
NVIDIA
ransomware
March 2
nd
2022 at 16:33
Naked Security
S3 Ep71: VMware escapes, PHP holes, WP plugin woes, and scary scams [Podcast + Transcript]
February 24
th
2022 at 16:51Β
S3 Ep71: VMware escapes, PHP holes, WP plugin woes, and scary scams [Podcast + Transcript]
By
Paul Ducklin
Latest episode - listen now!
Related tags
β
Phishing
Podcast
Vulnerability
backup
Exploit
hacking
Naked
Security
Podcast
Scam
sextortion
VMware
vulnerability
Wordpress
February 24
th
2022 at 16:51
Naked Security
French speakers blasted by sextortion scams with no text or links
February 21
st
2022 at 17:59Β
French speakers blasted by sextortion scams with no text or links
By
Paul Ducklin
You'd spot this one a mile away... but what about your friends or family?
Related tags
β
Privacy
Security
threats
Cybercrime
extortion
porn
scam
Scam
sextortion
spam
February 21
st
2022 at 17:59
Naked Security
S3 Ep70: Bitcoin, billing blunders, and 0-day after 0-day after 0-day [Podcast + Transcript]
February 17
th
2022 at 17:12Β
S3 Ep70: Bitcoin, billing blunders, and 0-day after 0-day after 0-day [Podcast + Transcript]
By
Paul Ducklin
Latest episode - listen and learn!
Related tags
β
Podcast
Adobe
Apple
bitcoin
bust
cryptocoins
cryptocurrency
Google
Naked
Security
Podcast
February 17
th
2022 at 17:12
Naked Security
S3 Ep69: WordPress woes, Wormhole holes, and a Microsoft change of heart [Podcast + Transcript]
February 10
th
2022 at 01:15Β
S3 Ep69: WordPress woes, Wormhole holes, and a Microsoft change of heart [Podcast + Transcript]
By
Paul Ducklin
Latest episode - listen now!
Related tags
β
Law
&
order
Microsoft
Podcast
Security
threats
bust
cryptocurrency
Cybercrime
Naked
Security
Podcast
February 10
th
2022 at 01:15
Naked Security
Self-styled βCrocodile of Wall Streetβ arrested with husband over Bitcoin megaheist
February 9
th
2022 at 14:44Β
Self-styled βCrocodile of Wall Streetβ arrested with husband over Bitcoin megaheist
By
Naked Security writer
The cops say they've recovered 80% of a $72 million cryptocoin heist... but the recovered funds alone are now worth over $4 billion!
Related tags
β
Cryptocurrency
Cryptography
Law
&
order
Big
Bitcoin
Heist
bitcoin
BTC
bust
cryptocurrency
doj
quantum
cryptography
February 9
th
2022 at 14:44
Naked Security
Wormhole cryptotrading company turns over $340,000,000 to criminals
February 4
th
2022 at 17:38Β
Wormhole cryptotrading company turns over $340,000,000 to criminals
By
Paul Ducklin
It was the best of blockchains, it was the worst of blockchains... as Charles Dickens might have said.
Related tags
β
Cryptocurrency
Blockchain
Jump
Crypto
smart
contract
Wormhole
February 4
th
2022 at 17:38
Naked Security
S3 Ep67: Tax scams, carder busts and crypto capers [Podcast + Transcript]
January 27
th
2022 at 19:57Β
S3 Ep67: Tax scams, carder busts and crypto capers [Podcast + Transcript]
By
Paul Ducklin
Latest episode - listen now!
Related tags
β
Podcast
2FA
cryptocurrency
Naked
Security
Podcast
scams
January 27
th
2022 at 19:57
Naked Security
Cryptocoin broker Crypto.com says 2FA bypass led to $35m theft
January 21
st
2022 at 16:25Β
Cryptocoin broker Crypto.com says 2FA bypass led to $35m theft
By
Paul Ducklin
The company has put out a brief security report that summarises the 'what', but not yet the 'how' or 'why'.
Related tags
β
Cryptocurrency
Vulnerability
2FA
Crypto.com
cryptocurrency
January 21
st
2022 at 16:25
Naked Security
S3 Ep66: Cybercrime busts, wormable Windows, and the crisis of featuritis [Podcast + Transcript]
January 20
th
2022 at 17:28Β
S3 Ep66: Cybercrime busts, wormable Windows, and the crisis of featuritis [Podcast + Transcript]
By
Paul Ducklin
Latest epsiode - listen now!
Related tags
β
Apple
iOS
Law
&
order
Linux
Microsoft
Podcast
Vulnerability
Cryptography
Cybercrime
Loinux
Naked
Security
Podcast
Windows
January 20
th
2022 at 17:28
Naked Security
Serious Security: Linux full-disk encryption bug fixed β patch now!
January 14
th
2022 at 21:58Β
Serious Security: Linux full-disk encryption bug fixed β patch now!
By
Paul Ducklin
Imagine if someone who didn't have your password could sneakily modify data that was encrypted with it.
Related tags
β
Cryptography
cryptsetup
Linux
January 14
th
2022 at 21:58
Naked Security
SFW! The Top N CyberΒsecurity Stories of 2021 (for small positive integer values of N)
December 24
th
2021 at 17:44Β
SFW! The Top N CyberΒsecurity Stories of 2021 (for small positive integer values of N)
By
Paul Ducklin
Happy Holidays! Our Top N stories, all totally SFW!
Related tags
β
Security
leadership
Security
threats
2018
US
State
of
Cybercrime
Cybercrime
cybersecurity
Happy
Holidays
Top
3
December 24
th
2021 at 17:44
Naked Security
The cool retro phone with a REAL DIAL⦠plus plenty of IoT problems
December 23
rd
2021 at 17:58Β
The cool retro phone with a REAL DIAL⦠plus plenty of IoT problems
By
Paul Ducklin
You know you want one, because this retro phone is NOT A TOY... except when it comes to cybersecurity.
Related tags
β
IoT
Security
threats
bugs
Buletooth
Chatter
Phone
data
leakage
iot
snooping
December 23
rd
2021 at 17:58
Naked Security
Plundered bitcoins recovered by FBI β all 3,879-and-one-sixth of them!
December 22
nd
2021 at 17:57Β
Plundered bitcoins recovered by FBI β all 3,879-and-one-sixth of them!
By
Paul Ducklin
Phew! An audacious crime... that didn't work out.
Related tags
β
Cryptocurrency
Law
&
order
bitcoin
cyberheist
doj
Japan
December 22
nd
2021 at 17:57
Naked Security
Serious Security: OpenSSL fixes βerror conflationβ bugs β how mixing up mistakes can lead to trouble
December 17
th
2021 at 17:57Β
Serious Security: OpenSSL fixes βerror conflationβ bugs β how mixing up mistakes can lead to trouble
By
Paul Ducklin
Have you ever seen the message "An error occurred"? Even worse, the message "This error cannot occur"? Facts matter!
Related tags
β
Cryptography
CVE-2021-4044
openssl
Patching
vulnerability
December 17
th
2021 at 17:57
Naked Security
Cryptocurrency startup fails to subtract before adding, loses $31m
December 6
th
2021 at 19:50Β
Cryptocurrency startup fails to subtract before adding, loses $31m
By
Paul Ducklin
Think of a number, any number. Take away 42. Add 42 back in. Then pretend you didn't take away 42. How much is left?
Related tags
β
Cryptocurrency
cryptocoin
cryptocurrency
race
condition
December 6
th
2021 at 19:50
Naked Security
Mozilla patches critical βBigSigβ cryptographic bug: Hereβs how to track it down and fix it
December 3
rd
2021 at 17:58Β
Mozilla patches critical βBigSigβ cryptographic bug: Hereβs how to track it down and fix it
By
Paul Ducklin
Mozilla's cryptographic code had a critical bug. Problem is that numerous apps are affected and may need patching individually.
Related tags
β
Mozilla
Vulnerability
Cryptography
NSS
vulnerability
December 3
rd
2021 at 17:58
Naked Security
Cloud Security: Donβt wait until your next bill to find out about an attack!
November 26
th
2021 at 19:58Β
Cloud Security: Donβt wait until your next bill to find out about an attack!
By
Paul Ducklin
Cloud security is the best sort of altruism: you need to do it to protect yourself, but you help to protect everyone else at the same time.
Related tags
β
Cryptocurrency
cloud
security
cryptomining
Google
Cloud
November 26
th
2021 at 19:58
Naked Security
Samba update patches plaintext password plundering problem
November 12
th
2021 at 19:59Β
Samba update patches plaintext password plundering problem
By
Paul Ducklin
When Microsoft itself says STOP USING X, where X is one of its own protocols... we think you should listen.
Related tags
β
Cryptography
legacy
plaintext
Samba
SMB1
November 12
th
2021 at 19:59
Load more articles