S3 Ep54: Another 0-day, double Apache patch, and Fight The Phish [Podcast]

Latest episode - listen now!

LANtenna hack spies on your data from across the room! (Sort of)

Are your network cables acting as undercover wireless transmitters? What can you do if they are?

Cybersecurity Awareness Month: Building your career

Explore. Experience. Share. How to get into cybersecurity...

“To the moon!” Cryptocurrency hamster Mr Goxx trades online 24/7

Here's a happy cryptocurrency story for once, with not a cybercrook in sight.

S3 Ep55: Live malware, global encryption, dating scams, and secret emanations [Podcasts]

Latest episode - listen now! (And sign up for our forthcoming Live Malware Demo at the same time.)

REvil ransomware gang allegedly forced offline by law enforcement counterattacks

One down. Lots more to go. Here's what to do...

Cybersecurity Awareness Month: Listen up – CYBER­SECURITY FIRST!

Fraser Howard of SophosLabs is truly a world expert in fighting malware. Read now, and learn from the best!

Listen up 4 – CYBERSECURITY FIRST! Purple teaming – learning to think like your adversaries

Michelle Farenci knows her stuff, because she's a cybersecurity practitioner inside a cybersecurity company! Learn why thinking like an attacker makes you a better defender.

Listen up 3 – CYBERSECURITY FIRST! Cyberinsurance, help or hindrance?

Dr Jason Nurse, Associate Professor in Cybersecurity at the University of Kent, takes on the controversial topic of cyberinsurance.

Listen up 2 – CYBERSECURITY FIRST! How to protect yourself from supply chain attacks

Everyone remembers this year's big-news supply chain attacks on Kaseya and SolarWinds. Sophos expert Chester Wisniewski explains how to control the risk.

Banking scam uses Docusign phish to thieve 2FA codes

999 people in 1000 will know this is a phish straight off the bat. But for 1 in 1000 it will be plausible at first sight...

Apple ships Monterey with security updates, fixes 0-day in Watch and TV products, updates iDevices

A slew of security bulletins from Apple HQ, including 37 bugs listed as fixed in the initial public release of macOS Monterey.

S3 Ep56: Cryptotrading rodent, ransomware hackback, and a Docusign phish [Podcast]

Latest episode - listen now! Serious security explained with personality in plain English.

Microsoft Edge finally arrives on Linux – “Official” build lands in repos

Microsoft Edge for Linux makes an Official landing.

Microsoft documents “SHROOTLESS” hack patched in latest Apple updates

We'd have called this bug "SHROOTMORE", but naming it wasn't our call.

Europol announces “targeting” of 12 suspects in ransomware attacks

More anti-ransomware activity by law enforcement, this time in Switzerland and Ukraine.

Facebook to throw out face recognition, delete all template data

Publicity stunt? Or privacy progress?

S3 Ep57: Europol v. Ransomware, Shrootless bug, and Linux browser flamewars [Podcast]

Latest episode - listen now!

“Customer complaint” email scam preys on your fear of getting into trouble at work

Stop. Think. Connect. Don't let the crooks trick you into acting in haste.

Kaseya ransomware suspect nabbed in Poland, $6m seized from absent colleague

Suspects nabbed, millions seized, in ransomware busts across the globe.

Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!

The crooks have shown that they're willing to learn and adapt their attacks, so we need to make sure we learn and adapt, too.

Patch Tuesday updates the Win 7 updater… for at most 1 more year of updates

The clock stopped long ago on Windows 7, except for those who paid for overtime. But there won't be any double overtime!

S3 Ep58: Faces on Facebook, scams that pose as complaints, and a Kaseya bust [Podcast]

Latest epsiode - listen now!

Samba update patches plaintext password plundering problem

When Microsoft itself says STOP USING X, where X is one of its own protocols... we think you should listen.

FBI email hack spreads fake security alerts. Here’s what to do…

Fake warnings and false accusations - it's a "call to distraction"

Emotet malware: “The report of my death was an exaggeration”

"Old malware rarely dies." The best way to predict the future is to look at the past... if it worked before, it will probably work again.

The self-driving smart suitcase… that the person behind you can hijack!

Apparently, we need a self-driving IoT Bluetooth robot suitcase. Who knew?

Apple’s Mail Privacy Protection feature – watch out if you have a Watch!

Apple's "Protect Mail Activity" is a handy privacy enhancement for your messaging habits. As long as you know its limitations...

S3 Ep59: Emotet, an FBI hoax, Samba bugs, and a hijackable suitcase [Podcast]

Latest episode - listen now!

Github cookie leakage – thousands of Firefox cookie files uploaded by mistake

Be aware before you share! That's a good rule for developers and techies, just as much as it is for social media addicts.

Black Friday and Cyber Monday – here’s what you REALLY need to do!

The world fills up with cybersecurity tips every year when Black Friday comes round. But what about the rest of the year?

GoDaddy admits to password breach: check your Managed WordPress site!

GoDaddy found crooks in its network, and kicked them out - but not before they'd been in there for six weeks.

Check your patches – public exploit now out for critical Exchange bug

It was a zero-day bug until Patch Tuesday, now there's an anyone-can-use-it exploit. Don't be the one who hasn't patched.

US government securities watchdog spoofed by investment scammers – don’t fall for it!

Those numbers that show up on your phone to tell you who's calling? Treat them as SUGGESTIONS, never as PROOF.

S3 Ep60: Exchange exploit, GoDaddy breach and cookies made public [Podcast]

Latest episode - listen now! Solid cybersecurity advice in plain English.

Cloud Security: Don’t wait until your next bill to find out about an attack!

Cloud security is the best sort of altruism: you need to do it to protect yourself, but you help to protect everyone else at the same time.

Clearview AI face-matching service set to be fined over $20m

Scraping data for a facial recognition service? "That's unlawful", concluded both the British and the Australians.

IoT devices must “protect consumers from cyberharm”, says UK government

"Must be at least THIS tall to go on ride" seems to be the starting point. Too little, too late? Or better than nothing?

S3 Ep61: Call scammers, cloud insecurity, and facial recognition creepiness [Podcast+Transcript]

Latest episode - listen now!

Mozilla patches critical “BigSig” cryptographic bug: Here’s how to track it down and fix it

Mozilla's cryptographic code had a critical bug. Problem is that numerous apps are affected and may need patching individually.

Cryptocurrency startup fails to subtract before adding, loses $31m

Think of a number, any number. Take away 42. Add 42 back in. Then pretend you didn't take away 42. How much is left?

Firefox update brings a whole new sort of security sandbox

Firefox 95.0 is out, with the usual security fixes... plus some funky new ones.

S3 Ep62: The S in IoT stands for security (and much more) [Podcast+Transcript]

Listen now or read as an article! (Full transcript inside.)

“Log4Shell” Java vulnerability – how to safeguard your servers

Just when you thought it was safe to relax for the weekend... a critical bug showed up in Apache's Log4j product

Log4Shell explained – how it works, why you need to know, and how to fix it

Find out how to deal with the Log4Shell vulnerability right across your estate. Yes, you need to patch, but that helps everyone else along with you!

Apple security updates are out – and not a Log4Shell mention in sight

Get 'em while they're hot!

S3 Ep63: Log4Shell (what else?) and Apple kernel bugs [Podcast+Transcript]

Latest episode - listen now! (Yes, there are plenty of critical things to go along with Log4Shell.)

Serious Security: OpenSSL fixes “error conflation” bugs – how mixing up mistakes can lead to trouble

Have you ever seen the message "An error occurred"? Even worse, the message "This error cannot occur"? Facts matter!

Log4Shell: The Movie… a short, safe visual tour for work and home

Be happy that your sysadmins are taking one (three, actually!) for the team right now... here's why!

Apache’s other product: Critical bugs in ‘httpd’ web server, patch now!

The Apache web server just got an update - this one is nothing to do with Log4j!

Plundered bitcoins recovered by FBI – all 3,879-and-one-sixth of them!

Phew! An audacious crime... that didn't work out.

The cool retro phone with a REAL DIAL… plus plenty of IoT problems

You know you want one, because this retro phone is NOT A TOY... except when it comes to cybersecurity.

SFW! The Top N Cyber­security Stories of 2021 (for small positive integer values of N)

Happy Holidays! Our Top N stories, all totally SFW!

Log4Shell vulnerability Number Four: “Much ado about something”

It's a Log4j bug, and you ought to patch it. But we don't think it's a critical crisis like the last one.

Instagram copyright infringment scams – don’t get sucked in!

We deconstructed a copyright phish so you don't have to. Be warned: the crooks are getting better at these scams...

Apple Home software bug could lock you out of your iPhone

The finder of this bug insists it "poses a serious risk". We're not so sure, but we recommend you take steps to avoid it anyway.

FTC threatens “legal action” over unpatched Log4j and other vulns

Remember the Equifax breach? Remember the $700m penalty? In case you'd forgotten, here's the FTC to refresh your memory!

S3 Ep64: Log4Shell again, scammers keeping busy, and Apple Home bug [Podcast + Transcript]

We're back for 2022 - listen now!

Log4Shell-like security hole found in popular Java SQL database engine H2

"It's Log4Shell, Jim, but not as we know it." How to find and fix a JNDI-based vuln in the H2 Database Engine.

Honda cars in flashback to 2002 – “Can’t Get You Out Of My Head”

Where were YOU on the night of 17 May 2002? And what about the day after that?