Login
FreshRSS
Login
About FreshRSS
Main stream
Favourites (0)
Security
/r/netsec - Information Security News & Discussion
Dark Reading:
http://blog.trendmicro.com/feed
ICS-CERT Alert Feed
Infosec Island Latest Articles
InfoSec Resources
Krebs on Security
McAfee Blogs
Naked Security
News β Packet Storm
Paul's Security Weekly
SANS Internet Storm Center, InfoCON: green
Security β Cisco Blog
SecurityFocus News
The first stop for security news | Threatpost
The Hacker News
The Register - Security
Threatpost | The first stop for security news
Troy Hunt
Verisign Blog
WeLiveSecurity
WIRED
ZDNet | security RSS
Tools
Security Tool Files β Packet Storm
ToolsWatch.org β The Hackers Arsenal Tools Portal
Vulnerabilities
Advisory Files β Packet Storm
Exploit-DB Updates
Full Disclosure
SecurityFocus Vulnerabilities
There are new available articles, click to refresh the page.
Before yesterday
Naked Security
Naked Security
NPM JavaScript packages abused to create scambait links in bulk
February 22
nd
2023 at 20:59Β
NPM JavaScript packages abused to create scambait links in bulk
By
Paul Ducklin
Free spins? Bonus game points? Cheap social media followers? What harm could it possibly do if you just take a tiny little look?!
Related tags
β
Data
loss
Spam
clickbait
npm
rogue
packages
scamming
February 22
nd
2023 at 20:59
Naked Security
PyTorch: Machine Learning toolkit pwned from Christmas to New Year
January 1
st
2023 at 21:36Β
PyTorch: Machine Learning toolkit pwned from Christmas to New Year
By
Paul Ducklin
The bad news: the crooks have your SSH private keys. The good news: only users of the "nightly" build were affected.
Related tags
β
Machine
Learning
Malware
AI
Artificial
intelligence
data
stealing
Linux
machine
learning
malware
ML
PyTorch
triton
January 1
st
2023 at 21:36
Naked Security
S3 Ep113: Pwning the Windows kernel β the crooks who hoodwinked Microsoft [Audio + Text]
December 15
th
2022 at 17:10Β
S3 Ep113: Pwning the Windows kernel β the crooks who hoodwinked Microsoft [Audio + Text]
By
Paul Ducklin
Return o' the rookit, super-sneaky wireless spyware, credit card skimming, and patches galore. Listen and learn!
Related tags
β
Apple
Data
loss
Malware
Microsoft
Podcast
Privacy
Vulnerability
day
Ben-Gurion
University
ios
Naked
Security
Podcast
skimming
supply
chain
vulnerability
Zero
Day
December 15
th
2022 at 17:10
Naked Security
COVID-bit: the wireless spyware trick with an unfortunate name
December 13
th
2022 at 19:58Β
COVID-bit: the wireless spyware trick with an unfortunate name
By
Paul Ducklin
It's not the switching that's the problem, it's the switching of the switching!
ind-1200
Related tags
β
Data
loss
Privacy
airgap
Ben-Gurion
University
exfiltration
December 13
th
2022 at 19:58
Naked Security
TikTok βInvisible Challengeβ porn malware puts us all at risk
November 29
th
2022 at 19:58Β
TikTok βInvisible Challengeβ porn malware puts us all at risk
By
Paul Ducklin
An injury to one is an injury to all. Especially if the other people are part of your social network.
Related tags
β
Malware
Privacy
Social
networks
github
malware
supply
chain
Tik
Tok
TikTok
November 29
th
2022 at 19:58
Naked Security
βGucci Masterβ business email scammer Hushpuppi gets 11 years
November 14
th
2022 at 19:24Β
βGucci Masterβ business email scammer Hushpuppi gets 11 years
By
Naked Security writer
Learn how to protect yourself from big-money tricksters like the Hushpuppis of the world...
puppi-car-1200
Related tags
β
BEC
Law
&
order
Abbas
business
email
compromise
Hushpuppi
November 14
th
2022 at 19:24
Naked Security
S3 Ep106: Facial recognition without consent β should it be banned?
October 27
th
2022 at 16:59Β
S3 Ep106: Facial recognition without consent β should it be banned?
By
Paul Ducklin
Latest episode - listen (or read) now. Teachable moments for X-Ops professionals!
Related tags
β
Cryptography
Data
loss
GDPR
compliance
Law
&
order
Podcast
Privacy
Ransomware
Clearview
Clearview
AI
Deadbolt
Naked
Security
Podcast
randomness
October 27
th
2022 at 16:59
Naked Security
Clearview AI image-scraping face recognition service hit with β¬20m fine in France
October 26
th
2022 at 00:50Β
Clearview AI image-scraping face recognition service hit with β¬20m fine in France
By
Paul Ducklin
"We told you to stop but you ignored us," said the French regulator, "so now we're coming after you again."
Related tags
β
Law
&
order
Privacy
Clearview
Clearview
AI
data
collectoin
facial
recognition
October 26
th
2022 at 00:50
Naked Security
S3 Ep98: The LastPass saga β should we stop using password managers? [Audio + Text]
September 1
st
2022 at 16:55Β
S3 Ep98: The LastPass saga β should we stop using password managers? [Audio + Text]
By
Paul Ducklin
Latest episode - listen now!
Related tags
β
Podcast
airgap
bugs
chrome
data
loss
JavaScript
LastPass
vulnerability
September 1
st
2022 at 16:55
Naked Security
Breaching airgap security: using your phoneβs gyroscope as a microphone
August 24
th
2022 at 18:59Β
Breaching airgap security: using your phoneβs gyroscope as a microphone
By
Paul Ducklin
One bit per second makes the Voyager probe data rate seem blindingly fast. But it's enough to break your security assumptions...
Related tags
β
Data
loss
Vulnerability
airgap
Ben
Gurion
Ben-Gurion
University
data
leakage
GAIROSCOPE
August 24
th
2022 at 18:59
Naked Security
Apple patches double zero-day in browser and kernel β update now!
August 17
th
2022 at 23:33Β
Apple patches double zero-day in browser and kernel β update now!
By
Paul Ducklin
Double 0-day exploits - one in WebKit (to break in) and the other in the kernel (to take over). Patch now!
Related tags
β
Apple
iOS
Malware
OS
X
Vulnerability
CVE-2022-32893
CVE-2022-32894
ios
iPadOS
jailbreak
macOS
spyware
August 17
th
2022 at 23:33
Naked Security
GitHub blighted by βresearcherβ who created thousands of malicious projects
August 3
rd
2022 at 23:06Β
GitHub blighted by βresearcherβ who created thousands of malicious projects
By
Paul Ducklin
If you spew projects laced with hidden malware into an open source repository, don't waste your time telling us "no harm done" afterwards.
Related tags
β
Law
&
order
github
malware
supply
chain
August 3
rd
2022 at 23:06
Naked Security
Murder suspect admits she tracked cheating partner with hidden AirTag
June 14
th
2022 at 18:49Β
Murder suspect admits she tracked cheating partner with hidden AirTag
By
Paul Ducklin
O! What a tangled web we weave, when first we practise to deceive.
Related tags
β
Law
&
order
Privacy
AirTag
BLE
bluetooth
surveillance
Tracking
June 14
th
2022 at 18:49
Naked Security
Poisoned Python and PHP packages purloin passwords for AWS access
May 24
th
2022 at 23:04Β
Poisoned Python and PHP packages purloin passwords for AWS access
By
Paul Ducklin
More supply chain trouble - this time with clear examples so you can learn how to spot this stuff yourself.
Related tags
β
Malware
Vulnerability
exfiltration
PHP
python
secops
supply
chain
XDR
May 24
th
2022 at 23:04
Naked Security
Clearview AI face-matching service fined a lot less than expected
May 23
rd
2022 at 13:01Β
Clearview AI face-matching service fined a lot less than expected
By
Paul Ducklin
The fine has finally gone through... but it's less than 45% of what was originally proposed.
eleceye-1200
Related tags
β
Privacy
Clearview
Clearview
AI
fine
ico
May 23
rd
2022 at 13:01
Naked Security
RubyGems supply chain rip-and-replace bug fixed β check your logs!
May 9
th
2022 at 15:41Β
RubyGems supply chain rip-and-replace bug fixed β check your logs!
By
Paul Ducklin
Imagine if you could assume the identity of, say, Franklin Delano Roosevelt simply by showing up and calling yourself "Frank".
ruby-1200
Related tags
β
Vulnerability
CVE-2022-29176
ruby
RubyGems
suppy
chain
vulnerability
May 9
th
2022 at 15:41
Naked Security
GitHub issues final report on supply-chain source code intrusions
April 29
th
2022 at 16:15Β
GitHub issues final report on supply-chain source code intrusions
By
Paul Ducklin
Learn how to find out which apps you've given access rights to, and how to revoke those rights immediately in an emergency.
Related tags
β
Data
loss
Microsoft
github
oauth
supply
chain
zero
trust
April 29
th
2022 at 16:15
Naked Security
Beanstalk cryptocurrency heist: scammer votes himself all the money
April 19
th
2022 at 16:00Β
Beanstalk cryptocurrency heist: scammer votes himself all the money
By
Paul Ducklin
Voting safeguards based on commuity collateral don't work if one person can use a momentary loan to "become" 75% of the community.
Related tags
β
Cryptocurrency
Vulnerability
Blockchain
cryptocoin
cryptocurrency
vulnerability
April 19
th
2022 at 16:00
Naked Security
S3 Ep72: AirTag stalking, web server coding woes and Instascams [Podcast + Transcript]
March 3
rd
2022 at 14:04Β
S3 Ep72: AirTag stalking, web server coding woes and Instascams [Podcast + Transcript]
By
Paul Ducklin
Latest episode - listen now (or read it, if that's your preference)...
Related tags
β
Apple
Instagram
Podcast
AirTag
browsers
Naked
Security
Podcast
phishing
March 3
rd
2022 at 14:04
Naked Security
Apple AirTag anti-stalking protection bypassed by researchers
February 23
rd
2022 at 17:59Β
Apple AirTag anti-stalking protection bypassed by researchers
By
Paul Ducklin
Problems with Apple's Tracker Detect system, which warns you of likely stalking attempts using hidden AirTags.
Related tags
β
Apple
Privacy
AirTag
cyberstalking
Find
My
stalking
February 23
rd
2022 at 17:59
Naked Security
Wormhole cryptotrading company turns over $340,000,000 to criminals
February 4
th
2022 at 17:38Β
Wormhole cryptotrading company turns over $340,000,000 to criminals
By
Paul Ducklin
It was the best of blockchains, it was the worst of blockchains... as Charles Dickens might have said.
Related tags
β
Cryptocurrency
Blockchain
Jump
Crypto
smart
contract
Wormhole
February 4
th
2022 at 17:38
Naked Security
S3 Ep65: Supply chain conniption, NetUSB hole, Honda flashback, FTC muscle [Podcast + Transcript]
January 13
th
2022 at 15:26Β
S3 Ep65: Supply chain conniption, NetUSB hole, Honda flashback, FTC muscle [Podcast + Transcript]
By
Paul Ducklin
Latest episode -listen to it or read it now!
Related tags
β
Podcast
Vulnerability
Honda
Naked
Security
Podcast
npm
supply
chain
January 13
th
2022 at 15:26
Naked Security
JavaScript developer destroys own projects in supply chain βlessonβ
January 11
th
2022 at 00:54Β
JavaScript developer destroys own projects in supply chain βlessonβ
By
Paul Ducklin
Two popular open source JavaScript packages recently got "hacked" in a symbolic gesture by the original project creator.
Related tags
β
colors.js
faker.js
JavaScript
npm
supply
chain
January 11
th
2022 at 00:54
Naked Security
S3 Ep63: Log4Shell (what else?) and Apple kernel bugs [Podcast+Transcript]
December 16
th
2021 at 17:41Β
S3 Ep63: Log4Shell (what else?) and Apple kernel bugs [Podcast+Transcript]
By
Paul Ducklin
Latest episode - listen now! (Yes, there are plenty of critical things to go along with Log4Shell.)
Related tags
β
Apple
Podcast
CVE-2021-44228
Exploit
iPhone
jailbreak
Log4Shell
macOS
Naked
Security
Podcast
December 16
th
2021 at 17:41
Naked Security
S3 Ep61: Call scammers, cloud insecurity, and facial recognition creepiness [Podcast+Transcript]
December 2
nd
2021 at 20:50Β
S3 Ep61: Call scammers, cloud insecurity, and facial recognition creepiness [Podcast+Transcript]
By
Paul Ducklin
Latest episode - listen now!
Related tags
β
Law
&
order
Podcast
Privacy
Ada
Lovelace
AI
computer
ethics
Cybercrime
cybersecurity
facial
recognition
Naked
Security
Podcast
December 2
nd
2021 at 20:50
Naked Security
Clearview AI face-matching service set to be fined over $20m
November 30
th
2021 at 19:13Β
Clearview AI face-matching service set to be fined over $20m
By
Paul Ducklin
Scraping data for a facial recognition service? "That's unlawful", concluded both the British and the Australians.
Related tags
β
Law
&
order
Privacy
Social
networks
Clearview
Clearview
AI
facial
recognition
ico
OAIC
surveillance
November 30
th
2021 at 19:13
Naked Security
Samba update patches plaintext password plundering problem
November 12
th
2021 at 19:59Β
Samba update patches plaintext password plundering problem
By
Paul Ducklin
When Microsoft itself says STOP USING X, where X is one of its own protocols... we think you should listen.
Related tags
β
Cryptography
legacy
plaintext
Samba
SMB1
November 12
th
2021 at 19:59
Naked Security
Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
November 9
th
2021 at 19:31Β
Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
By
Paul Ducklin
The crooks have shown that they're willing to learn and adapt their attacks, so we need to make sure we learn and adapt, too.
Related tags
β
Machine
Learning
Malware
Mobile
Security
leadership
Security
threats
AI
MTR
sophoslabs
Threat
Report
November 9
th
2021 at 19:31
Naked Security
Listen up 2 β CYBERSECURITY FIRST! How to protect yourself from supply chain attacks
October 25
th
2021 at 16:38Β
Listen up 2 β CYBERSECURITY FIRST! How to protect yourself from supply chain attacks
By
Paul Ducklin
Everyone remembers this year's big-news supply chain attacks on Kaseya and SolarWinds. Sophos expert Chester Wisniewski explains how to control the risk.
Related tags
β
Malware
Podcast
Ransomware
Security
leadership
BeCyberSmart
Cybermonth
Chester
Wisniewki
Cybermonth
2021
sos-2021
supply
chain
October 25
th
2021 at 16:38
There are no more articles
β
Mark all as read