Crimeware server used by NetWalker ransomware seized and shut down

The site was running from 2014 and allegedly raked in more than $20m, which the DOJ is seeking to claw back...

“Crocodile of Wall Street” and her husband plead guilty to giant-sized cryptocrimes

Sentences still to be decided, but she could get up to 10 years and he could get as many as 20.

Phone scamming kingpin gets 13 years for running “iSpoof” service

Site marketing video promised total anonymity, but that was a lie. 170 arrested already. Potentially 1000s more to follow.

PHP Packagist supply chain poisoned by hacker “looking for a job”

I pwned you! Gizza job! You know it makes sense!

Hack and enter! The “secure” garage doors that anyone can open from anywhere – what you need to know

Grab a message/Play it back/You've just performed/A big phat hack...

S3 Ep125: When security hardware has security holes [Audio + Text]

Lastest episode - listen now! (Full transcript inside.)

Feds warn about right Royal ransomware rampage that runs the gamut of TTPs

Wondering which cybercrime tools, techniques and procedures to focus on? How about any and all of them?

OpenSSL fixes High Severity data-stealing bug – patch now!

7 memory mismanagements and a timing attack. We explain all the jargon bug terminology in plain English...

S3 Ep120: When dud crypto simply won’t let go [Audio + Text]

Latest episode - listen now!

GitHub code-signing certificates stolen (but will be revoked this week)

There was a breach, so the bad news isn't great, but the good news isn't too bad...

Serious Security: The Samba logon bug caused by outdated crypto

Enjoy our Serious Security deep dive into this real-world example of why cryptographic agility is important!

T-Mobile admits to 37,000,000 customer records stolen by “bad actor”

Once more, it's time for Shakespeare's words: Once more unto the breach...

Naked Security 33 1/3 – Cybersecurity predictions for 2023 and beyond

The problem with anniversaries is that there's an almost infinite number of them every day...

“Suspicious login” scammers up their game – take care at Christmas

A picture is worth 1024 words - we clicked through so you don't have to.

The CHRISTMA EXEC network worm – 35 years and counting!

"Uh-oh, this viruses-and-worms scene could turn out quite troublesome." If only we'd been wrong...

S3 Ep111: The business risk of a sleazy “nudity unfilter” [Audio + Text]

Latest episode - listen now (or read if you prefer)...

Voice-scamming site “iSpoof” seized, 100s arrested in massive crackdown

Those numbers or names that pop up when a call comes up? They're OK as a hint of who's calling, but THEY PROVE NOTHING

How social media scammers buy time to steal your 2FA codes

The warning is hosted on a real Facebook page; the phishing uses HTTPS via a real Google server... but the content is all fake

“Gucci Master” business email scammer Hushpuppi gets 11 years

Learn how to protect yourself from big-money tricksters like the Hushpuppis of the world...

Silk Road drugs market hacker pleads guilty, faces 20 years inside

Jurisprudence isn't like arithmetic... two negatives never make a positive!

Twitter Blue Badge email scams – Don’t fall for them!

That was the week that was...

Serious Security: How randomly (or not) can you shuffle cards?

What if you could guess the next card correctly twice as often as you should?

S3 Ep102.5: “ProxyNotShell” Exchange bugs – an expert speaks [Audio + Text]

Who's affected, what you can do while waiting for Microsoft's patches, and how to plan your threat hunting...

Serious Security: Browser-in-the-browser attacks – watch out for windows that aren’t!

Simple but super-sneaky - use a picture of a browser, and convince people it's real...

Post-quantum cryptography – new algorithm “gone in 60 minutes”

And THIS is why you don't knit your own home-made encryption algorithms and hope no one looks at them.

Facebook 2FA scammers return – this time in just 21 minutes

Last time they arrived 28 minutes after lighting up their fake domain... this time it was just 21 minutes

That didn’t last! Microsoft turns off the Office security it just turned on

An Office anti-malware setting that took more than 20 years to arrive... and fewer than 20 weeks to vanish again.

Facebook 2FA phish arrives just 28 minutes after scam domain created

The crooks hit us up with this phishing email less than half an hour after they activated their new scam domain.

S3 Ep87: Follina, AirTags, ID theft and the Law of Big Numbers [Podcast]

Lastest epsiode - listen now!

Know your enemy! Learn how cybercrime adversaries get in…

Here's how 144 recent attacks actually went down in real life. Don't let this happen to you!

S3 Ep85: Now THAT’S what I call a Microsoft Office exploit! [Podcast]

Latest episode - listen now!

Beware the Smish! Home delivery scams with a professional feel…

Home delivery scams are getting leaner, and meaner, and more likely to "look about right". Here's an example to show you what we mean...

Phishing goes KISS: Don’t let plain and simple messages catch you out!

Sometimes we receive phishing tricks that we grudgingly have to admit are better than average, just because they're uncomplicated.

CISA warning: “Russian actors bypassed 2FA” – what happened and how to avoid it

Don't leave old accounts lying around where someone sketchy could reactivate them.

S3 Ep72: AirTag stalking, web server coding woes and Instascams [Podcast + Transcript]

Latest episode - listen now (or read it, if that's your preference)...

Instagram scammers as busy as ever: passwords and 2FA codes at risk

Instagram scams don't seem to be dying out - we're seeing more variety and trickiness than ever...

S3 Ep71: VMware escapes, PHP holes, WP plugin woes, and scary scams [Podcast + Transcript]

Latest episode - listen now!

Self-styled “Crocodile of Wall Street” arrested with husband over Bitcoin megaheist

The cops say they've recovered 80% of a $72 million cryptocoin heist... but the recovered funds alone are now worth over $4 billion!

At last! Office macros from the internet to be blocked by default

It's been a long time coming, and we're not there yet, but at least Microsoft Office will be a bit safer against macro malware...

Microsoft blocks web installation of its own App Installer files

It's a big deal when a vendor decides to block one of its own "features" for security reasons. Here's why we think it's a good idea.

Coronavirus SMS scam offers home PCR testing devices – don’t fall for it!

Free home PCR devices would be technological marvels, and really useful, too. But there aren't any...

Wormable Windows HTTP hole – what you need to know

One bug in the January 2022 Patch Tuesday list is getting lots of attention: "HTTP Protocol Stack Remote Code Execution Vulnerability".

Instagram copyright infringment scams – don’t get sucked in!

We deconstructed a copyright phish so you don't have to. Be warned: the crooks are getting better at these scams...

Plundered bitcoins recovered by FBI – all 3,879-and-one-sixth of them!

Phew! An audacious crime... that didn't work out.

IoT devices must “protect consumers from cyberharm”, says UK government

"Must be at least THIS tall to go on ride" seems to be the starting point. Too little, too late? Or better than nothing?

Black Friday and Cyber Monday – here’s what you REALLY need to do!

The world fills up with cybersecurity tips every year when Black Friday comes round. But what about the rest of the year?

“Customer complaint” email scam preys on your fear of getting into trouble at work

Stop. Think. Connect. Don't let the crooks trick you into acting in haste.

S3 Ep56: Cryptotrading rodent, ransomware hackback, and a Docusign phish [Podcast]

Latest episode - listen now! Serious security explained with personality in plain English.

Banking scam uses Docusign phish to thieve 2FA codes

999 people in 1000 will know this is a phish straight off the bat. But for 1 in 1000 it will be plausible at first sight...

Listen up 2 – CYBERSECURITY FIRST! How to protect yourself from supply chain attacks

Everyone remembers this year's big-news supply chain attacks on Kaseya and SolarWinds. Sophos expert Chester Wisniewski explains how to control the risk.

S3 Ep54: Another 0-day, double Apache patch, and Fight The Phish [Podcast]

Latest episode - listen now!