Critical Flaws Found In Four Cisco SMB Router Ranges

August 5^th 2022 at 14:28

News ≈ Packet Storm

Huge Flaw Threatens US Emergency Alert System, DHS Researcher Warns

August 5^th 2022 at 14:28

News ≈ Packet Storm

VMWare Urges Users To Patch Critical Authentication Bypass Bug

August 4^th 2022 at 14:11

Naked Security

GitHub blighted by “researcher” who created thousands of malicious projects

By Paul Ducklin — August 3^rd 2022 at 23:06

If you spew projects laced with hidden malware into an open source repository, don't waste your time telling us "no harm done" afterwards.

News ≈ Packet Storm

Post-Quantum Encryption Contender Is Taken Out By Single-Core PC And 1 Hour

August 2^nd 2022 at 13:46

News ≈ Packet Storm

Threat Actors Pivot Around Microsoft's Macro-Blocking In Office

July 29^th 2022 at 13:56

Naked Security

S3 Ep93: Office security, breach costs, and leisurely patches [Audio + Text]

By Paul Ducklin — July 28^th 2022 at 15:47

Latest episode - listen now!

News ≈ Packet Storm

FileWave Fixes Bugs That Left 1,000+ Orgs Open To Ransomware

July 28^th 2022 at 14:39

News ≈ Packet Storm

Inside The Energy Department's 10-Year Plan To Reshape Cybersecurity In The Sector

July 28^th 2022 at 14:39

News ≈ Packet Storm

Time Between Vulnerability Disclosures To Exploits Is Shrinking

July 27^th 2022 at 17:15

Naked Security

T-Mobile to cough up $500 million over 2021 data breach

By Paul Ducklin — July 25^th 2022 at 16:20

Technically, it's not a fine, and the lawyers will get a big chunk of it. But it still adds up to a half-billion-dollar data breach.

News ≈ Packet Storm

Hardcoded Password In Confluence Has Been Leaked On Twitter

July 25^th 2022 at 15:45

News ≈ Packet Storm

Microsoft Again Reverses Course, Will Block Macros By Default

July 25^th 2022 at 15:45

News ≈ Packet Storm

Atlassian Reveals Critical Flaws In Almost Everything It Makes And Touches

July 21^st 2022 at 20:18

News ≈ Packet Storm

Critical Flaws In GPS Tracker Enable Life Threatening Hacks

July 20^th 2022 at 16:38

Naked Security

Last member of Gozi malware troika arrives in US for criminal trial

By Paul Ducklin — July 20^th 2022 at 14:56

His co-conspirators went into and got out of prison years ago, while he remained free. Now the tables have turned...

News ≈ Packet Storm

Industrial Control System Password Cracker May Be Bad, Actually

July 19^th 2022 at 14:50

News ≈ Packet Storm

Servers Running Digium Phones VoIP Software Are Getting Backdoored

July 19^th 2022 at 14:49

News ≈ Packet Storm

Microsoft's Latest Security Patch Troubles Windows 11 Users

July 18^th 2022 at 16:28

News ≈ Packet Storm

Windows Network File System Flaw Results In Arbitrary Code Execution As SYSTEM

July 15^th 2022 at 14:54

Naked Security

S3 Ep91: CodeRed, OpenSSL, Java bugs, Office macros [Audio + Text]

By Paul Ducklin — July 14^th 2022 at 18:47

Latest episode - listen now! Great discussion, technical content, solid advice... all covered in plain English.

News ≈ Packet Storm

New Spectre-Type Retbleed Vulnerability Drops. Will Attackers Use It?

July 13^th 2022 at 17:25

News ≈ Packet Storm

X.org Servers Update Closes 2 Security Holes

July 13^th 2022 at 17:24

News ≈ Packet Storm

Microsoft's July Patch Tuesday Fixes Actively Exploited Bug

July 13^th 2022 at 17:24

News ≈ Packet Storm

Amazon Squashes Years-Old Authentication Bugs In AWS Kubernetes Service

July 12^th 2022 at 20:00

Naked Security

Paying ransomware crooks won’t reduce your legal risk, warns regulator

By Paul Ducklin — July 12^th 2022 at 18:24

"We paid the crooks to keep things under control and make a bad thing better"... isn't a valid excuse. Who knew?

News ≈ Packet Storm

Microsoft Pauses Once Touted Macro Security Change

July 11^th 2022 at 14:07

News ≈ Packet Storm

Hackers Say They Can Unlock And Start Honda Cars Remotely

July 11^th 2022 at 14:07

Naked Security

S3 Ep90: Chrome 0-day again, True Cybercrime, and a 2FA bypass [Podcast + Transcript]

By Paul Ducklin — July 7^th 2022 at 18:46

Listen now! Or read if you prefer...

News ≈ Packet Storm

Hack Allows Drone Takeover Via ExpressLRS Protocol

July 7^th 2022 at 13:05

Naked Security

Canadian cybercriminal pleads guilty to “NetWalker” attacks in US

By Paul Ducklin — July 4^th 2022 at 14:09

Bust in Canada, now bust in the USA as well.

Naked Security

“Missing Cryptoqueen” hits the FBI’s Ten Most Wanted list

By Paul Ducklin — July 1^st 2022 at 16:49

The "Missing Cryptoqueen" makes the American Top Ten... but not in a good way.

Naked Security

S3 Ep89: Sextortion, blockchain blunder, and an OpenSSL bugfix [Podcast + Transcript]

By Paul Ducklin — June 30^th 2022 at 12:57

Latest episode - listen and read now! Use our advice to advise your own friends and family... let's all do our bit to stand up to scammers!

Naked Security

FTC warns of LGBTQ+ extortion scams – be aware before you share!

By Paul Ducklin — June 27^th 2022 at 14:58

It's a simple jingle and it's solid advice: "If in doubt, don't give it out!"

Naked Security

S3 Ep88: Phone scammers, hacking bust, and data breach fines [Podcast + Transcript]

By Paul Ducklin — June 23^rd 2022 at 11:08

Latest epsiode - listen (or read) now!

Naked Security

Capital One identity theft hacker finally gets convicted

By Paul Ducklin — June 21^st 2022 at 15:24

It took three years, but the Capital One cracker was convicted in the end. Don't get caught out in a data breach of your own!

Naked Security

Interpol busts 2000 suspects in phone scamming takedown

By Paul Ducklin — June 20^th 2022 at 18:10

Friends don't let friends get scammed. Not everyone knows how typical scams unfold, so here are some real-world examples...

Naked Security

Murder suspect admits she tracked cheating partner with hidden AirTag

By Paul Ducklin — June 14^th 2022 at 18:49

O! What a tangled web we weave, when first we practise to deceive.

Naked Security

SSNDOB Market domains seized, identity theft “brokerage” shut down

By Paul Ducklin — June 8^th 2022 at 14:53

The online identity "brokerage" SSNDOB Market didn't want people to be in any doubt what it was selling.

Naked Security

S3 Ep83: Cracking passwords, patching Firefox, and Apple vulns [Podcast]

By Paul Ducklin — May 19^th 2022 at 13:56

Latest episode - listen now!

Naked Security

He sold cracked passwords for a living – now he’s serving 4 years in prison

By Paul Ducklin — May 13^th 2022 at 18:31

Crooks don't need a password for every user on your network to break in and wreak havoc. One could be enough...

Naked Security

Ransomware Survey 2022 – like the Curate’s Egg, “good in parts”

By Paul Ducklin — April 27^th 2022 at 15:22

You might not like the headline statistics in this year's ransomware report... but that makes it even more important to take a look!

Naked Security

S3 Ep79: Chrome hole, a bad place for a cybersecurity holiday, and crypto-dodginess [Podcast]

By Paul Ducklin — April 21^st 2022 at 13:41

Do you know your Adam Osborne from your John Osbourne? Your Z80 from your 6502? Latest episode - listen now!

Naked Security

US cryptocurrency coder gets 5 years for North Korea sanctions busting

By Naked Security writer — April 13^th 2022 at 15:52

Cryptocurrency expert didn't take "No" for an answer when the US authorities said he couldn't pursue cryptocoin opps in North Korea.

Naked Security

S3 Ep77: Bugs, busts and old-school PDP-11 hacking [Podcast]

By Paul Ducklin — April 7^th 2022 at 12:24

Latest episode - listen now! Cybersecurity news and advice in plain English.

Naked Security

Serious Security: Darkweb drugs market Hydra taken offline by German police

By Paul Ducklin — April 6^th 2022 at 16:22

Why are Tor sites hard to locate and therefore difficult to take down? We explain in plain English...

Naked Security

LAPSUS$ hacks continue despite two hacker suspects in court

By Paul Ducklin — April 4^th 2022 at 21:36

Do you know where in your company to report security anomalies? If you receive such reports, do you have an efficient way to process them?

Naked Security

S3 Ep76: Deadbolt, LAPSUS$, Zlib, and a Chrome 0-day [Podcast]

By Paul Ducklin — March 31^st 2022 at 13:38

Latest episode - listen now!

Naked Security

UK police arrest 7 hacking suspects – have they bust the LAPSUS$ gang?

By Naked Security writer — March 25^th 2022 at 01:48

Seven alleged hackers have been arrested in the UK. But who are they, and which hacking crew are they from?

Naked Security

S3 Ep74: Cybercrime busts, Apple patches, Pi Day, and disconnect effects [Podcast]

By Paul Ducklin — March 17^th 2022 at 13:32

Latest episode - listen now!

Naked Security

Alleged Kaseya ransomware attacker arrives in Texas for trial

By Naked Security writer — March 11^th 2022 at 14:59

The US Independence Day weekend of 2021 wasn't much of a holiday for cybersecurity staff. That was when the Kaseya attack unfolded...

Naked Security

S3 Ep69: WordPress woes, Wormhole holes, and a Microsoft change of heart [Podcast + Transcript]

By Paul Ducklin — February 10^th 2022 at 01:15

Latest episode - listen now!

Naked Security

Self-styled “Crocodile of Wall Street” arrested with husband over Bitcoin megaheist

By Naked Security writer — February 9^th 2022 at 14:44

The cops say they've recovered 80% of a $72 million cryptocoin heist... but the recovered funds alone are now worth over $4 billion!

Naked Security

Alleged carder gang mastermind and three acolytes under arrest in Russia

By Naked Security writer — January 24^th 2022 at 14:14

The motto of the gang was "In Fraud We Trust", and they went by a dizzying range of online nicknames.

Naked Security

S3 Ep66: Cybercrime busts, wormable Windows, and the crisis of featuritis [Podcast + Transcript]

By Paul Ducklin — January 20^th 2022 at 17:28

Latest epsiode - listen now!

Naked Security

Romance scammer who targeted 670 women gets 28 months in jail

By Paul Ducklin — January 17^th 2022 at 14:13

Found love online? Sending them money? Friends and family warning you it could be a scam? Don't be too quick to dismiss their concerns...

Naked Security

FTC threatens “legal action” over unpatched Log4j and other vulns

By Paul Ducklin — January 5^th 2022 at 19:37

Remember the Equifax breach? Remember the $700m penalty? In case you'd forgotten, here's the FTC to refresh your memory!

Naked Security

Plundered bitcoins recovered by FBI – all 3,879-and-one-sixth of them!

By Paul Ducklin — December 22^nd 2021 at 17:57

Phew! An audacious crime... that didn't work out.

Naked Security

S3 Ep62: The S in IoT stands for security (and much more) [Podcast+Transcript]

By Paul Ducklin — December 9^th 2021 at 17:40

Listen now or read as an article! (Full transcript inside.)

Naked Security

S3 Ep61: Call scammers, cloud insecurity, and facial recognition creepiness [Podcast+Transcript]

By Paul Ducklin — December 2^nd 2021 at 20:50

Latest episode - listen now!