Crimeware server used by NetWalker ransomware seized and shut down

The site was running from 2014 and allegedly raked in more than $20m, which the DOJ is seeking to claw back...

“Crocodile of Wall Street” and her husband plead guilty to giant-sized cryptocrimes

Sentences still to be decided, but she could get up to 10 years and he could get as many as 20.

S3 Ep140: So you think you know ransomware?

Lots to learn this week - listen now! (Full transcript inside.)

Beware bad passwords as attackers co-opt Linux servers into cybercrime

Did you prevent password-only logins on your SSH servers? On ALL of them? Are you sure about that?

Megaupload duo will go to prison at last, but Kim Dotcom fights on…

One, sadly, has died, and two are heading to prison, but for Kim Dotcom, the saga goes on...

Gozi banking malware “IT chief” finally jailed after more than 10 years

Gozi threesome from way back in the late 2000s and early 2010s now all charged, convicted and sentenced. The DOJ got there in the end...

History revisited: US DOJ unseals Mt. Gox cybercrime charges

Though the mills of the Law grind slowly/Yet they grind exceeding small/Though with patience they stand waiting/With exactness grind they all...

US offers $10m bounty for Russian ransomware suspect outed in indictment

"Up to $10 million for information that leads to the arrest and/or conviction of this defendant."

Whodunnit? Cybercrook gets 6 years for ransoming his own employer

Not just an active adversary, but a two-faced one, too.

S3 Ep128: So you want to be a cyber­criminal? [Audio + Text]

Latest episode - listen now!

Cops use fake DDoS services to take aim at wannabe cybercriminals

Thinking of trying a bit of DDoSsing to get a feel for life at the fringes of the Dark Side? Don't do it!

Apple patches everything, including a zero-day fix for iOS 15 users

Got an older iPhone that can't run iOS 16? You've got a zero-day to deal with! That super-cool Studio Display monitor needs patching, too.

In Memoriam – Gordon Moore, who put the more in “Moore’s Law”

His prediction was called a "Law", though it was an exhortation to engineering excellence as much it was an estimate.

Windows 11 also vulnerable to “aCropalypse” image data leakage

Turns out that the Windows 11 Snipping Tool has the same "aCropalypse" data leakage bug as Pixel phones. Here's how to work around the problem...

Microsoft fixes two 0-days on Patch Tuesday – update now!

An email you haven't even looked at yet could be used to trick Outlook into helping crooks to logon as you.

Serious Security: TPM 2.0 vulns – is your super-secure data at risk?

Security bugs in the very code you've been told you must have to improve the security of your computer...

DoppelPaymer ransomware supsects arrested in Germany and Ukraine

Devices seized, suspects interrogated and arrested, allegedly connected to devastating cyberattack on University Hospital in Düsseldorf.

Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto

Hear renowned cybersecurity author Andy Greenberg's thoughtful commentary about the "war on crypto" as we talk to him about his new book...

OpenSSH fixes double-free memory bug that’s pokable over the network

It's a bug fix for a bug fix. A memory leak was turned into a double-free that has now been turned into correct code...

Hive ransomware servers shut down at last, says FBI

Unfortunately, you've probably already heard the cliche that "cybercrime abhors a vacuum"...

Apple patches are out – old iPhones get an old zero-day fix at last!

Don't delay, especially if you're still running an iOS 12 device... please do it today!

S3 Ep117: The crypto crisis that wasn’t (and farewell forever to Win 7) [Audio + Text]

Tell us in the comments... What's the REAL reason there was no Windows 9? (No theory too far-fetched!)

OneCoin scammer Sebastian Greenwood pleads guilty, “Cryptoqueen” still missing

The Cryptoqueen herself is still missing, but her co-conspirator, who is said to have pocketed over $20m a month, has been convicted.

S3 Ep108: You hid THREE BILLION dollars in a popcorn tin?

Patches, busts, leaks and why even low-likelihood exploits can be high-severity risks - listen now!

Silk Road drugs market hacker pleads guilty, faces 20 years inside

Jurisprudence isn't like arithmetic... two negatives never make a positive!

S3 Ep106: Facial recognition without consent – should it be banned?

Latest episode - listen (or read) now. Teachable moments for X-Ops professionals!

Serious Security: How randomly (or not) can you shuffle cards?

What if you could guess the next card correctly twice as often as you should?

Serious Security: Microsoft Office 365 attacked over feeble encryption

How 2022 is your encryption?

Patch Tuesday in brief – one 0-day fixed, but no patches for Exchange!

There's a zero-day patch, but it's not for the zero-day you thought.

Scammers and rogue callers – can anything ever stop them?

Some thoughts for Cybersecurity Awareness Month: Is is worth reporting nuisance calls? Is it even worth reporting outright scams?

S3 Ep97: Did your iPhone get pwned? How would you know? [Audio + Text]

Latest episode - listen now! (Or read the transcript if you prefer the text version.)

Apple patches double zero-day in browser and kernel – update now!

Double 0-day exploits - one in WebKit (to break in) and the other in the kernel (to take over). Patch now!

GnuTLS patches memory mismanagement bug – update now!

GnuTLS may well be the most widespread cryptographic toolkit you've never heard of. Learn more...

Capital One identity theft hacker finally gets convicted

It took three years, but the Capital One cracker was convicted in the end. Don't get caught out in a data breach of your own!

SSNDOB Market domains seized, identity theft “brokerage” shut down

The online identity "brokerage" SSNDOB Market didn't want people to be in any doubt what it was selling.

Yet another zero-day (sort of) in Windows “search URL” handling

More trouble with special-purpose URLs on Windows.

Microsoft patches the Patch Tuesday patch that broke authentication

Remember the good old days when security patches rarely needed patches? Because security patches themlelves were rare enough anyway?

He sold cracked passwords for a living – now he’s serving 4 years in prison

Crooks don't need a password for every user on your network to break in and wreak havoc. One could be enough...

You didn’t leave enough space between ROSE and AND, and AND and CROWN

What weird Google Docs bug connects the words THEREFORE, AND, SECONDLY, WHY, BUT and BESIDES?

S3 Ep78: Darkweb hydra, Ruby, quantum computing, and a robot revolution [Podcast]

Latest episode - listen now!

US cryptocurrency coder gets 5 years for North Korea sanctions busting

Cryptocurrency expert didn't take "No" for an answer when the US authorities said he couldn't pursue cryptocoin opps in North Korea.

Serious Security: Darkweb drugs market Hydra taken offline by German police

Why are Tor sites hard to locate and therefore difficult to take down? We explain in plain English...

OpenSSL patches infinite-loop DoS bug in certificate verification

When it comes to writing loops in your code... never sit on the fence!

Apple patches 87 security holes – from iPhones and Macs to Windows

Lots of fixes, with data leakage flaws and code execution bugs patched on iPhones, Macs and even Windows.

S3 Ep70: Bitcoin, billing blunders, and 0-day after 0-day after 0-day [Podcast + Transcript]

Latest episode - listen and learn!

Adobe fixes zero-day exploit in e-commerce code: update now!

There's a remote code execution hole in Adobe e-commerce products - and cybercrooks are already exploiting it.

Self-styled “Crocodile of Wall Street” arrested with husband over Bitcoin megaheist

The cops say they've recovered 80% of a $72 million cryptocoin heist... but the recovered funds alone are now worth over $4 billion!

Microsoft blocks web installation of its own App Installer files

It's a big deal when a vendor decides to block one of its own "features" for security reasons. Here's why we think it's a good idea.

S3 Ep66: Cybercrime busts, wormable Windows, and the crisis of featuritis [Podcast + Transcript]

Latest epsiode - listen now!

Apple Home software bug could lock you out of your iPhone

The finder of this bug insists it "poses a serious risk". We're not so sure, but we recommend you take steps to avoid it anyway.

Plundered bitcoins recovered by FBI – all 3,879-and-one-sixth of them!

Phew! An audacious crime... that didn't work out.

S3 Ep59: Emotet, an FBI hoax, Samba bugs, and a hijackable suitcase [Podcast]

Latest episode - listen now!

FBI email hack spreads fake security alerts. Here’s what to do…

Fake warnings and false accusations - it's a "call to distraction"

Patch Tuesday updates the Win 7 updater… for at most 1 more year of updates

The clock stopped long ago on Windows 7, except for those who paid for overtime. But there won't be any double overtime!

Kaseya ransomware suspect nabbed in Poland, $6m seized from absent colleague

Suspects nabbed, millions seized, in ransomware busts across the globe.

“Customer complaint” email scam preys on your fear of getting into trouble at work

Stop. Think. Connect. Don't let the crooks trick you into acting in haste.

Apple ships Monterey with security updates, fixes 0-day in Watch and TV products, updates iDevices

A slew of security bulletins from Apple HQ, including 37 bugs listed as fixed in the initial public release of macOS Monterey.