Naked Security

US cryptocurrency coder gets 5 years for North Korea sanctions busting

Cryptocurrency expert didn't take "No" for an answer when the US authorities said he couldn't pursue cryptocoin opps in North Korea.

Naked Security

Hospital robot system gets five critical security holes patched

Fortunately, we're not talking about a robot revolution, or about hospital AI run amuck. But these bugs could lead to ransomware, or worse...

Naked Security

OpenSSH goes Post-Quantum, switches to qubit-busting crypto by default

Useful quantum computers might not actually be possible. But what if they are? And what if they arrive, say, tomorrow?

Naked Security

Popular Ruby Asciidoc toolkit patched against critical vuln – get the update now!

A rogue line-continuation character can trick the code into validating just the second half of the line, but executing all of it.

Naked Security

S3 Ep77: Bugs, busts and old-school PDP-11 hacking [Podcast]

Latest episode - listen now! Cybersecurity news and advice in plain English.

Naked Security

Serious Security: Darkweb drugs market Hydra taken offline by German police

Why are Tor sites hard to locate and therefore difficult to take down? We explain in plain English...

Naked Security

Firefox 99 is out – no major bugs, but update anyway!

Firefox's four-weekly updates just dropped - here's what you need to know.

Naked Security

Google’s monthly Android updates patch numerous “get root” holes

Get the update now... if it's available for your phone. Here's how to check.

Naked Security

LAPSUS$ hacks continue despite two hacker suspects in court

Do you know where in your company to report security anomalies? If you receive such reports, do you have an efficient way to process them?

Naked Security

Apple pushes out two emergency 0-day updates – get ’em now!

More Apple zero-days - mobile devices, laptops and desktops affected. Update now!

Naked Security

Two different “VMware Spring” bugs at large – we cut through the confusion

Whoever came up with the name "Spring4Shell" didn't help at all... we cut through the Spring Bug confusion

Naked Security

S3 Ep76: Deadbolt, LAPSUS$, Zlib, and a Chrome 0-day [Podcast]

Latest episode - listen now!

Naked Security

“VMware Spring Cloud Function” Java bug gives instant remote code execution – update now!

Easy unauthenticated remote code execution - PoC code already out

Naked Security

World Backup Day: 5 data recovery tips for everyone!

The only backup you will ever regret is the one you didn't make

Naked Security

Zlib data compressor fixes 17-year-old security bug – patch, errrm, now

This code is venerable! Surely all the bugs must be out by now?

Naked Security

Google Chrome patches mysterious new zero-day bug – update now

CVE-2022-1096 - another mystery in-the-wild 0-day in Chrome... check your version now!

Naked Security

UK police arrest 7 hacking suspects – have they bust the LAPSUS$ gang?

Seven alleged hackers have been arrested in the UK. But who are they, and which hacking crew are they from?

Naked Security

S3 Ep75: Okta hack, CryptoRom, OpenSSL, and CafePress [Podcast]

Latest episode - listen now!

Naked Security

Serious Security: DEADBOLT – the ransomware that goes straight for your backups

Some tips on how to keep your network safe - even (or perhaps especially!) if you think you're safe already.

Naked Security

Web vendor CafePress fined $500,000 for giving cybersecurity a low value

Just because you're the victim of a cybercrime doesn't let you off your cybersecurity obligations

Naked Security

OpenSSL patches infinite-loop DoS bug in certificate verification

When it comes to writing loops in your code... never sit on the fence!

Naked Security

S3 Ep74: Cybercrime busts, Apple patches, Pi Day, and disconnect effects [Podcast]

Latest episode - listen now!

Naked Security

Beware bogus Betas – cryptocoin scammers abuse Apple’s TestFlight system

"Install this moneymaking app" - this one is so special that it isn't available on Google Play or the App Store!

Naked Security

CISA warning: “Russian actors bypassed 2FA” – what happened and how to avoid it

Don't leave old accounts lying around where someone sketchy could reactivate them.

Naked Security

Apple patches 87 security holes – from iPhones and Macs to Windows

Lots of fixes, with data leakage flaws and code execution bugs patched on iPhones, Macs and even Windows.

Naked Security

Happy #PiDay – even if you aren’t in North America!

There is a cybersecurity angle here - but you will need to read right to the end to find it :-)

Naked Security

Cryptocoin ATMs ruled illegal – “Shut down at once”, says regulator

If you live in the UK and hadn't yet heard of cryptocoin ATMs... it's too late now!

Naked Security

Alleged Kaseya ransomware attacker arrives in Texas for trial

The US Independence Day weekend of 2021 wasn't much of a holiday for cybersecurity staff. That was when the Kaseya attack unfolded...

Naked Security

S3 Ep73: Ransomware with a difference, dirty Linux pipes, and much more [Podcast + Transcript]

Latest episode - listen now!

Naked Security

“Dirty Pipe” Linux kernel bug lets anyone write to any file

Even read-only files can be written to, leading to a dangerously general purpose elevation-of-privilege attack.

Naked Security

Adafruit suffers GitHub data breach – don’t let this happen to you

Training data stashed in GitHub by mistake... unfortunately, it was *real* data

Naked Security

Firefox patches two actively exploited 0-day holes: update now!

Firefox just published a double-zero-day patch - "remote code execution" combined with "sandbox escape". Update now!

Naked Security

S3 Ep72: AirTag stalking, web server coding woes and Instascams [Podcast + Transcript]

Latest episode - listen now (or read it, if that's your preference)...

Naked Security

Ransomware with a difference: “Derestrict your software, or else!”

"Change your code to improve cryptomining"... or we'll dump 1TB of stolen secrets.

Naked Security

Instagram scammers as busy as ever: passwords and 2FA codes at risk

Instagram scams don't seem to be dying out - we're seeing more variety and trickiness than ever...

Naked Security

Did we learn nothing from Y2K? Why are some coders still stuck on two digit numbers?

Calling all website coders: Y2K was then. V1H is now!

Naked Security

S3 Ep71: VMware escapes, PHP holes, WP plugin woes, and scary scams [Podcast + Transcript]

Latest episode - listen now!

Naked Security

Apple AirTag anti-stalking protection bypassed by researchers

Problems with Apple's Tracker Detect system, which warns you of likely stalking attempts using hidden AirTags.

Naked Security

WordPress backup plugin maker Updraft says “You should update”…

A straight-talking bug report written in plain English by an actual expert - there's a teachable moment in this cybersecurity story!

Naked Security

French speakers blasted by sextortion scams with no text or links

You'd spot this one a mile away... but what about your friends or family?

Naked Security

Irony alert! PHP fixes security flaw in input validation code

What's wrong with this sequence? 1. Step into the road 2. Check if it's safe 3. Keep on walki...

Naked Security

S3 Ep70: Bitcoin, billing blunders, and 0-day after 0-day after 0-day [Podcast + Transcript]

Latest episode - listen and learn!

Naked Security

VMware fixes holes that could allow virtual machine escapes

Hats off to VMware for not using weasel words: "When should you act?" Immediately...

Naked Security

Google announces zero-day in Chrome browser – update now!

Zero-day buses: none for a while, then three at once. Here's Google joining Apple and Adobe in "zero-day week"

Naked Security

Adobe fixes zero-day exploit in e-commerce code: update now!

There's a remote code execution hole in Adobe e-commerce products - and cybercrooks are already exploiting it.

Naked Security

Power company pays out $3 trillion compensation to astonished customer

More money than the UK's economy produces in a year!

Naked Security

Apple zero-day drama for Macs, iPhones and iPads – patch now!

Sudden update! Zero-day browser hole! Drive-by malware danger! Patch Apple laptops and phones now...

Naked Security

S3 Ep69: WordPress woes, Wormhole holes, and a Microsoft change of heart [Podcast + Transcript]

Latest episode - listen now!

Naked Security

Self-styled “Crocodile of Wall Street” arrested with husband over Bitcoin megaheist

The cops say they've recovered 80% of a $72 million cryptocoin heist... but the recovered funds alone are now worth over $4 billion!

Naked Security

At last! Office macros from the internet to be blocked by default

It's been a long time coming, and we're not there yet, but at least Microsoft Office will be a bit safer against macro malware...

Naked Security

Microsoft blocks web installation of its own App Installer files

It's a big deal when a vendor decides to block one of its own "features" for security reasons. Here's why we think it's a good idea.

Naked Security

Wormhole cryptotrading company turns over $340,000,000 to criminals

It was the best of blockchains, it was the worst of blockchains... as Charles Dickens might have said.

Naked Security

S3 Ep68: Bugs, scams, privacy …and fonts?! [Podcast + Transcript]

Latest episode - listen now!

Naked Security

Elementor WordPress plugin has a gaping security hole – update now

We shouldn't need to say, "Check your inputs!" these days, but we're saying it anyway.

Naked Security

Linux kernel patches “performance can be harmful” bug in video driver

This bug is fiendishly hard to exploit - but if you patch, it won't be there to exploit at all.

Naked Security

Website operator fined for using Google Fonts “the cloudy way”

Google Fonts are OK, it seems, but only if everyone keeps their own copy of the fonts they use.

Naked Security

Coronavirus SMS scam offers home PCR testing devices – don’t fall for it!

Free home PCR devices would be technological marvels, and really useful, too. But there aren't any...

Naked Security

Happy Data Privacy Day – and we really do mean “happy” :-)

We give you some simple digital lifesytle tips that cost nothing.

Naked Security

Apple fixes Safari data leak (and patches a zero-day!) – update now

That infamous "supercookie" bug in Safari has now been fixed. Oh, and there was a zero-day kernel hole as well.

Naked Security

S3 Ep67: Tax scams, carder busts and crypto capers [Podcast + Transcript]

Latest episode - listen now!