“Snakes in airplane mode” – what if your phone says it’s offline but isn’t?

WYSIWYG is short for "what you see is what you get". Except when it isn't...

S3 Ep142: Putting the X in X-Ops

How to get all your corporate "Ops" teams working together, with cybersecurity correctness as a guiding light.

S3 Ep141: What was Steve Jobs’s first job?

Latest episode - listen now! (Full transcript inside.)

Aussie PM says, “Shut down your phone every 24 hours for 5 mins” – but that’s not enough on its own

Don't treat rebooting your phone once a day as a cybersecurity talisman... here are 8 additional tips for better mobile phone security.

Beware bad passwords as attackers co-opt Linux servers into cybercrime

Did you prevent password-only logins on your SSH servers? On ALL of them? Are you sure about that?

S3 Ep139: Are password rules like running through rain?

Latest episode - listen now! (Full transcript inside.)

Gozi banking malware “IT chief” finally jailed after more than 10 years

Gozi threesome from way back in the late 2000s and early 2010s now all charged, convicted and sentenced. The DOJ got there in the end...

S3 Ep136: Navigating a manic malware maelstrom

Latest episode - listen now. Full transcript inside...

PyPI open-source code repository deals with manic malware maelstrom

Controlled outage used to keep malware marauders from gumming up the works. Learn what you can do to help in future...

S3 Ep133: Apple takes “tight-lipped” to a whole new level

Entertaining, educational, and all in plain English 🎧📖

Mac malware-for-hire steals passwords and cryptocoins, sends “crime logs” via Telegram

These malware peddlers are specifically going after Mac users. The hint's in the name: "Atomic macOS Stealer", or AMOS for short.

Attention gamers! Motherboard maker MSI admits to breach, issues “rogue firmware” alert

Stealing private keys is like getting hold of a medieval monarch's personal signet ring... you get to put an official seal on treasonous material.

S3 Ep129: When spyware arrives from someone you trust

Scanning tools, supply-chain malware, Wi-Fi hacking, and why there should be TWO World Backup Days... listen now!

Supply chain blunder puts 3CX telephone app users at risk

Booby-trapped app, apparently signed and shipped by 3CX itself after its source code repository was broken into.

LastPass: Keylogger on home PC led to cracked corporate password vault

Seems the crooks implanted a keylogger via a vulnerable media app (LastPass politely didn't say which one!) on a developer's home computer.

Beware rogue 2FA apps in App Store and Google Play – don’t get hacked!

Even in Apple's and Google's "walled gardens", there are plenty of 2FA apps that are either dangerously incompetent, or unrepentantly malicious. (Or perhaps both.)

S3 Ep123: Crypto company compromise kerfuffle [Audio + Text]

Latest episode - listen now! Top-notch advice for cybersecurity, both at work and at home.

GoDaddy admits: Crooks hit us with malware, poisoned customer websites

New report admits that attackers were detected in the network about three months ago, and may have been attacking for about three years.

Microsoft Patch Tuesday: One 0-day; Win 7 and 8.1 get last-ever patches

Get 'em while they're hot. And get 'em for the very last time, if you still have Windows 7 or 8.1...

Serious Security: How to improve cryptography, resist supply chain attacks, and handle data breaches

Lessons for us all: improve cryptography, fight cybercrime, own your supply chain... and don't steal my data and then pretend you're sorry.

PyTorch: Machine Learning toolkit pwned from Christmas to New Year

The bad news: the crooks have your SSH private keys. The good news: only users of the "nightly" build were affected.

S3 Ep115: True crime stories – A day in the life of a cybercrime fighter [Audio + Text]

Listen now - you'll be alarmed, amused and educated, all in equal measure. (Full transcript in article.)

S3 Ep114: Preventing cyberthreats – stop them before they stop you! [Audio + Text]

Join world-renowned expert Fraser Howard, Director of Research at SophosLabs, for this fascinating episode on how to fight cybercrime.

S3 Ep113: Pwning the Windows kernel – the crooks who hoodwinked Microsoft [Audio + Text]

Return o' the rookit, super-sneaky wireless spyware, credit card skimming, and patches galore. Listen and learn!

S3 Ep112: Data breaches can haunt you more than once! [Audio + Text]

Breaches, exploits, busts, buffer overflows and bug hunting - entertaining and educational in equal measure.

Credit card skimming – the long and winding road of supply chain failure

Don't keep calling home to a JavaScript server that closed its doors eight years ago!

The CHRISTMA EXEC network worm – 35 years and counting!

"Uh-oh, this viruses-and-worms scene could turn out quite troublesome." If only we'd been wrong...

S3 Ep111: The business risk of a sleazy “nudity unfilter” [Audio + Text]

Latest episode - listen now (or read if you prefer)...

TikTok “Invisible Challenge” porn malware puts us all at risk

An injury to one is an injury to all. Especially if the other people are part of your social network.

Multimillion dollar CryptoRom scam sites seized, suspects arrested in US

Five tips to keep yourself, and your friends and family, out of the clutches of "chopping block" scammers...

S3 Ep107: Eight months to kick out the crooks and you think that’s GOOD? [Audio + Text]

Listen now - latest episode - audio plus full transcript

Online ticketing company “See” pwned for 2.5 years by attackers

Don't be a cybersecurity slowcoach - you need to spot possible attacks as soon as you can.

WhatsApp goes after Chinese password scammers via US court

If you can't beat 'em, sue 'em!

Interested in cybersecurity? Join us for Security SOS Week 2022!

Four one-on-one interviews with experts who are passionate about sharing their expertise with the community.

S3 Ep96: Zoom 0-day, AEPIC leak, Conti reward, healthcare security [Audio + Text]

Latest episode - listen now (or read if you prefer!)

Apple patches double zero-day in browser and kernel – update now!

Double 0-day exploits - one in WebKit (to break in) and the other in the kernel (to take over). Patch now!

S3 Ep95: Slack leak, Github onslaught, and post-quantum crypto [Audio + Text]

Latest episode - listen now! (Or read the transcript if you prefer.)

GitHub blighted by “researcher” who created thousands of malicious projects

If you spew projects laced with hidden malware into an open source repository, don't waste your time telling us "no harm done" afterwards.

Office macro security: on-again-off-again feature now BACK ON AGAIN!

20 years to turn it on, then 20 weeks to turn it off, then just 2 weeks to turn it back on again. That's progress!

Last member of Gozi malware troika arrives in US for criminal trial

His co-conspirators went into and got out of prison years ago, while he remained free. Now the tables have turned...

8 months on, US says Log4Shell will be around for “a decade or longer”

When it comes to cybersecurity, ask not what everyone else can do for you...

S3 Ep91: CodeRed, OpenSSL, Java bugs, Office macros [Audio + Text]

Latest episode - listen now! Great discussion, technical content, solid advice... all covered in plain English.

That didn’t last! Microsoft turns off the Office security it just turned on

An Office anti-malware setting that took more than 20 years to arrive... and fewer than 20 weeks to vanish again.

S3 Ep88: Phone scammers, hacking bust, and data breach fines [Podcast + Transcript]

Latest epsiode - listen (or read) now!

Capital One identity theft hacker finally gets convicted

It took three years, but the Capital One cracker was convicted in the end. Don't get caught out in a data breach of your own!

You’re invited! Join us for a live walkthrough of the “Follina” story…

Live demo, plain English, no sales pitch, just a chance to watch an attack dissected in safety. Join us if you can!

Poisoned Python and PHP packages purloin passwords for AWS access

More supply chain trouble - this time with clear examples so you can learn how to spot this stuff yourself.

S3 Ep80: Ransomware news, phishing woes, NAS bugs, and a giant hole in Java [Podcast]

Latest episode - listen now!

S3 Ep75: Okta hack, CryptoRom, OpenSSL, and CafePress [Podcast]

Latest episode - listen now!

Beware bogus Betas – cryptocoin scammers abuse Apple’s TestFlight system

"Install this moneymaking app" - this one is so special that it isn't available on Google Play or the App Store!

At last! Office macros from the internet to be blocked by default

It's been a long time coming, and we're not there yet, but at least Microsoft Office will be a bit safer against macro malware...

Microsoft blocks web installation of its own App Installer files

It's a big deal when a vendor decides to block one of its own "features" for security reasons. Here's why we think it's a good idea.

Firefox update brings a whole new sort of security sandbox

Firefox 95.0 is out, with the usual security fixes... plus some funky new ones.

Black Friday and Cyber Monday – here’s what you REALLY need to do!

The world fills up with cybersecurity tips every year when Black Friday comes round. But what about the rest of the year?

S3 Ep59: Emotet, an FBI hoax, Samba bugs, and a hijackable suitcase [Podcast]

Latest episode - listen now!

Emotet malware: “The report of my death was an exaggeration”

"Old malware rarely dies." The best way to predict the future is to look at the past... if it worked before, it will probably work again.

Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!

The crooks have shown that they're willing to learn and adapt their attacks, so we need to make sure we learn and adapt, too.

“Customer complaint” email scam preys on your fear of getting into trouble at work

Stop. Think. Connect. Don't let the crooks trick you into acting in haste.

S3 Ep56: Cryptotrading rodent, ransomware hackback, and a Docusign phish [Podcast]

Latest episode - listen now! Serious security explained with personality in plain English.

Listen up 2 – CYBERSECURITY FIRST! How to protect yourself from supply chain attacks

Everyone remembers this year's big-news supply chain attacks on Kaseya and SolarWinds. Sophos expert Chester Wisniewski explains how to control the risk.