S3 Ep149: How many cryptographers does it take to change a light bulb?

Latest episode - listen now! Full transcript inside...

S3 Ep148: Remembering crypto heroes

Celebrating the true crypto bros. Listen now (full transcript available).

“Grab hold and give it a wiggle” – ATM card skimming is still a thing

The rise of tap-to-pay and chip-and-PIN hasn't rid the world of ATM card skimming criminals...

S3 Ep147: What if you type in your password during a meeting?

Latest episode - listen now! (Full transcript inside.)

Hacking police radios: 30-year-old crypto flaws in the spotlight

"Three may keep a secret, if two of them are dead."

S3 Ep142: Putting the X in X-Ops

How to get all your corporate "Ops" teams working together, with cybersecurity correctness as a guiding light.

Ghostscript bug could allow rogue documents to run system commands

Even if you've never heard of the venerable Ghostscript project, you may have it installed without knowing.

S3 Ep141: What was Steve Jobs’s first job?

Latest episode - listen now! (Full transcript inside.)

UK hacker busted in Spain gets 5 years over Twitter hack and more

Not just that infamous Twitter hack, but SIM-swapping, stalking and swatting too...

ASUS warns router customers: Patch now, or block all inbound requests

"Do as we say, not as we do!" - The patches took ages to come out, but don't let that lure you into taking ages to install them.

S3 Ep139: Are password rules like running through rain?

Latest episode - listen now! (Full transcript inside.)

S3 Ep137: 16th century crypto skullduggery

Lots to learn, clearly explained in plain English... listen now! (Full transcript inside.)

S3 Ep136: Navigating a manic malware maelstrom

Latest episode - listen now. Full transcript inside...

S3 Ep134: It’s a PRIVATE key – the hint is in the name!

Latest episode - listen now! (Full transcript inside.)

Mac malware-for-hire steals passwords and cryptocoins, sends “crime logs” via Telegram

These malware peddlers are specifically going after Mac users. The hint's in the name: "Atomic macOS Stealer", or AMOS for short.

S3 Ep132: Proof-of-concept lets anyone hack at will

When Doug says, "Happy Remote Code Execution Day, Duck"... it's irony. For the avoidance of all doubt :-)

PaperCut security vulnerabilities under active attack – vendor urges customers to patch

If you have the product, but you haven't patched - well, the crooks have now landed, so please don't delay. Do it today...

S3 Ep130: Open the garage bay doors, HAL [Audio + Text]

I'm sorry, Dave. I'm afraid I can't... errr, no, hang on a minute, I can do that easily! Worldwide! Right now!

Apple zero-day spyware patches extended to cover older Macs, iPhones and iPads

That double-whammy Apple browser-to-kernel spyware bug combo we wrote up last week? Turns out it applies to all supported Macs and iDevices - patch now!

Popular server-side JavaScript security sandbox “vm2” patches remote execution hole

The security error was in the error handling system that was supposed to catch potential security errors...

Hack and enter! The “secure” garage doors that anyone can open from anywhere – what you need to know

Grab a message/Play it back/You've just performed/A big phat hack...

WooCommerce Payments plugin for WordPress has an admin-level hole – patch now!

Admin-level holes in websites are always a bad thing... and for "bad", read "worse" if it's an e-commerce site.

S3 Ep127: When you chop someone out of a photo, but there they are anyway…

Listen now - latest episode. Full transcript inside.

Bitcoin ATM customers hacked by video upload that was actually an app

As the misquote goes, "Once is misfortune..." This is the second time, and you know what Lady Bracknell had to say about that...

Dangerous Android phone 0-day bugs revealed – patch or work around them now!

Despite its usually inflexible 0-day disclosure policy, Google is keeping four mobile modem bugs semi-secret due to likely ease of exploitation.

S3 Ep 126: The price of fast fashion (and feature creep) [Audio + Text]

Worried about rogue apps? Unsure about the new Outlook zero-day? Clear advice in plain English... just like old times, with Duck and Chet!

DoppelPaymer ransomware supsects arrested in Germany and Ukraine

Devices seized, suspects interrogated and arrested, allegedly connected to devastating cyberattack on University Hospital in Düsseldorf.

S3 Ep124: When so-called security apps go rogue [Audio + Text]

Rogue software packages. Rogue "sysadmins". Rogue keyloggers. Rogue authenticators. Rogue ROGUES!

S3 Ep123: Crypto company compromise kerfuffle [Audio + Text]

Latest episode - listen now! Top-notch advice for cybersecurity, both at work and at home.

S3 Ep122: Stop calling every breach “sophisticated”! [Audio + Text]

Latest episode - listen now! (Full transcript inside.)

S3 Ep121: Can you get hacked and then prosecuted for it? [Audio + Text]

Latest epsiode. Listen now!

Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto

Hear renowned cybersecurity author Andy Greenberg's thoughtful commentary about the "war on crypto" as we talk to him about his new book...

S3 Ep118: Guess your password? No need if it’s stolen already! [Audio + Text]

As always: entertaining, informative and educational... and not bogged down with jargon! Listen (or read) now...

Popular JWT cloud security library patches “remote” code execution hole

It's remotely triggerable, but attackers would already have pretty deep network access if they could "prime" your server for compromise.

CircleCI – code-building service suffers total credential compromise

They're saying "rotate secrets"... in plain English, they mean "change your credentials". The company has a tool to help you find them all.

S3 Ep116: Last straw for LastPass? Is crypto doomed? [Audio + Text]

Lots of big issues this week: breaches, encryption, supply chains and patching problems. Listen now! (Full transcript inside.)

Serious Security: How to improve cryptography, resist supply chain attacks, and handle data breaches

Lessons for us all: improve cryptography, fight cybercrime, own your supply chain... and don't steal my data and then pretend you're sorry.

Inside a scammers’ lair: Ukraine busts 40 in fake bank call-centre raid

When someone calls you up to warn you that your bank account is under attack - it's true, because THAT VERY PERSON is the one attacking you!

PyTorch: Machine Learning toolkit pwned from Christmas to New Year

The bad news: the crooks have your SSH private keys. The good news: only users of the "nightly" build were affected.

S3 Ep115: True crime stories – A day in the life of a cybercrime fighter [Audio + Text]

Listen now - you'll be alarmed, amused and educated, all in equal measure. (Full transcript in article.)

S3 Ep114: Preventing cyberthreats – stop them before they stop you! [Audio + Text]

Join world-renowned expert Fraser Howard, Director of Research at SophosLabs, for this fascinating episode on how to fight cybercrime.

S3 Ep112: Data breaches can haunt you more than once! [Audio + Text]

Breaches, exploits, busts, buffer overflows and bug hunting - entertaining and educational in equal measure.

Credit card skimming – the long and winding road of supply chain failure

Don't keep calling home to a JavaScript server that closed its doors eight years ago!

SIM swapper sent to prison for 2FA cryptocurrency heist of over $20m

Guilty party got 18 months, also has to pay back $20m he probably hasn't got, which could land him in more hot water.

S3 Ep111: The business risk of a sleazy “nudity unfilter” [Audio + Text]

Latest episode - listen now (or read if you prefer)...

S3 Ep109: How one leaked email password could drain your business [Audio + Transcript]

Latest episode - listen now! Cybersecurity news plus loads of great advice...

S3 Ep107: Eight months to kick out the crooks and you think that’s GOOD? [Audio + Text]

Listen now - latest episode - audio plus full transcript

S3 Ep100: Browser-in-the-Browser – how to spot an attack [Audio + Text]

Latest episode - listen now! Cosmic rockets, zero-days, spotting cybercrooks, and unlocking the DEADBOLT...

S3 Ep95: Slack leak, Github onslaught, and post-quantum crypto [Audio + Text]

Latest episode - listen now! (Or read the transcript if you prefer.)

Slack admits to leaking hashed passwords for five years

"When those invitations went out... somehow, your password hash went out with them."

Traffic Light Protocol for cybersecurity responders gets a revamp

Traffic lights make a handy global metaphor for denoting the sensitivity of cybersecurity threat data - three colours that everyone knows.

S3 Ep94: This sort of crypto (graphy), and the other sort of crypto (currency!) [Audio + Text]

Latest episode - listen now! (Or read if that's what you prefer.)

S3 Ep83: Cracking passwords, patching Firefox, and Apple vulns [Podcast]

Latest episode - listen now!

Pwn2Own hacking schedule released – Windows and Linux are top targets

What's better? Disclose early, patch fast? Or dig deep, disclose in full, patch more slowly?

He sold cracked passwords for a living – now he’s serving 4 years in prison

Crooks don't need a password for every user on your network to break in and wreak havoc. One could be enough...

S3 Ep82: Bugs, bugs, bugs (and Colonial Pipeline again) [Podcast]

Latest episode - lots to learn - plain English - fun with a serious side - listen now!

S3 Ep81: Passwords (still with us!), Github, Firefox at 100, and network worms [Podcast]

Latest episode - listen now!

S3 Ep79: Chrome hole, a bad place for a cybersecurity holiday, and crypto-dodginess [Podcast]

Do you know your Adam Osborne from your John Osbourne? Your Z80 from your 6502? Latest episode - listen now!

S3 Ep77: Bugs, busts and old-school PDP-11 hacking [Podcast]

Latest episode - listen now! Cybersecurity news and advice in plain English.

“VMware Spring Cloud Function” Java bug gives instant remote code execution – update now!

Easy unauthenticated remote code execution - PoC code already out