S3 Ep81: Passwords (still with us!), Github, Firefox at 100, and network worms [Podcast]

By Paul Ducklin — May 5^th 2022 at 14:16

Latest episode - listen now!

Naked Security

World Password Day – the 1960s just called and gave you your passwords back

By Paul Ducklin — May 5^th 2022 at 01:06

Yes, passwords are going away. No, it won't happen tomorrow. So it's still worth knowing the basics of picking proper passwords.

Naked Security

Firefox hits 100*, fixes bugs… but no new zero-days this month

By Paul Ducklin — May 3^rd 2022 at 16:42

Despite concerns that some websites might break when Chromium and then Firefox reached version 100, the web still seems to be intact.

Naked Security

S3 Ep80: Ransomware news, phishing woes, NAS bugs, and a giant hole in Java [Podcast]

By Paul Ducklin — April 28^th 2022 at 13:18

Latest episode - listen now!

Naked Security

Ransomware Survey 2022 – like the Curate’s Egg, “good in parts”

By Paul Ducklin — April 27^th 2022 at 15:22

You might not like the headline statistics in this year's ransomware report... but that makes it even more important to take a look!

Naked Security

S3 Ep79: Chrome hole, a bad place for a cybersecurity holiday, and crypto-dodginess [Podcast]

By Paul Ducklin — April 21^st 2022 at 13:41

Do you know your Adam Osborne from your John Osbourne? Your Z80 from your 6502? Latest episode - listen now!

Naked Security

Yet another Chrome zero-day emergency update – patch now!

By Paul Ducklin — April 16^th 2022 at 00:33

The third emergency Chrome 0-day in three months - the first one was exploited by North Korea, so you might as well get this one ASAP.

Naked Security

S3 Ep78: Darkweb hydra, Ruby, quantum computing, and a robot revolution [Podcast]

By Paul Ducklin — April 14^th 2022 at 13:39

Latest episode - listen now!

Naked Security

S3 Ep77: Bugs, busts and old-school PDP-11 hacking [Podcast]

By Paul Ducklin — April 7^th 2022 at 12:24

Latest episode - listen now! Cybersecurity news and advice in plain English.

Naked Security

S3 Ep76: Deadbolt, LAPSUS$, Zlib, and a Chrome 0-day [Podcast]

By Paul Ducklin — March 31^st 2022 at 13:38

Latest episode - listen now!

Naked Security

S3 Ep75: Okta hack, CryptoRom, OpenSSL, and CafePress [Podcast]

By Paul Ducklin — March 24^th 2022 at 13:49

Latest episode - listen now!

Naked Security

S3 Ep74: Cybercrime busts, Apple patches, Pi Day, and disconnect effects [Podcast]

By Paul Ducklin — March 17^th 2022 at 13:32

Latest episode - listen now!

Naked Security

Alleged Kaseya ransomware attacker arrives in Texas for trial

By Naked Security writer — March 11^th 2022 at 14:59

The US Independence Day weekend of 2021 wasn't much of a holiday for cybersecurity staff. That was when the Kaseya attack unfolded...

Naked Security

S3 Ep73: Ransomware with a difference, dirty Linux pipes, and much more [Podcast + Transcript]

By Paul Ducklin — March 10^th 2022 at 19:37

Latest episode - listen now!

Naked Security

S3 Ep72: AirTag stalking, web server coding woes and Instascams [Podcast + Transcript]

By Paul Ducklin — March 3^rd 2022 at 14:04

Latest episode - listen now (or read it, if that's your preference)...

Naked Security

Ransomware with a difference: “Derestrict your software, or else!”

By Paul Ducklin — March 2^nd 2022 at 16:33

"Change your code to improve cryptomining"... or we'll dump 1TB of stolen secrets.

Naked Security

S3 Ep71: VMware escapes, PHP holes, WP plugin woes, and scary scams [Podcast + Transcript]

By Paul Ducklin — February 24^th 2022 at 16:51

Latest episode - listen now!

Naked Security

French speakers blasted by sextortion scams with no text or links

By Paul Ducklin — February 21^st 2022 at 17:59

You'd spot this one a mile away... but what about your friends or family?

Naked Security

Irony alert! PHP fixes security flaw in input validation code

By Paul Ducklin — February 18^th 2022 at 17:59

What's wrong with this sequence? 1. Step into the road 2. Check if it's safe 3. Keep on walki...

Naked Security

S3 Ep70: Bitcoin, billing blunders, and 0-day after 0-day after 0-day [Podcast + Transcript]

By Paul Ducklin — February 17^th 2022 at 17:12

Latest episode - listen and learn!

Naked Security

S3 Ep69: WordPress woes, Wormhole holes, and a Microsoft change of heart [Podcast + Transcript]

By Paul Ducklin — February 10^th 2022 at 01:15

Latest episode - listen now!

Naked Security

At last! Office macros from the internet to be blocked by default

By Paul Ducklin — February 8^th 2022 at 16:34

It's been a long time coming, and we're not there yet, but at least Microsoft Office will be a bit safer against macro malware...

Naked Security

S3 Ep68: Bugs, scams, privacy …and fonts?! [Podcast + Transcript]

By Paul Ducklin — February 3^rd 2022 at 16:20

Latest episode - listen now!

Naked Security

Coronavirus SMS scam offers home PCR testing devices – don’t fall for it!

By Paul Ducklin — January 28^th 2022 at 23:58

Free home PCR devices would be technological marvels, and really useful, too. But there aren't any...

Naked Security

Happy Data Privacy Day – and we really do mean “happy” :-)

By Paul Ducklin — January 28^th 2022 at 15:34

We give you some simple digital lifesytle tips that cost nothing.

Naked Security

S3 Ep67: Tax scams, carder busts and crypto capers [Podcast + Transcript]

By Paul Ducklin — January 27^th 2022 at 19:57

Latest episode - listen now!

Naked Security

Tax scam emails are alive and well as US tax season starts

By Paul Ducklin — January 25^th 2022 at 17:19

If in doubt, don't give it out! (And don't forget that no reply is often a good reply.)

Naked Security

S3 Ep66: Cybercrime busts, wormable Windows, and the crisis of featuritis [Podcast + Transcript]

By Paul Ducklin — January 20^th 2022 at 17:28

Latest epsiode - listen now!

Naked Security

Serious Security: Linux full-disk encryption bug fixed – patch now!

By Paul Ducklin — January 14^th 2022 at 21:58

Imagine if someone who didn't have your password could sneakily modify data that was encrypted with it.

Naked Security

S3 Ep65: Supply chain conniption, NetUSB hole, Honda flashback, FTC muscle [Podcast + Transcript]

By Paul Ducklin — January 13^th 2022 at 15:26

Latest episode -listen to it or read it now!

Naked Security

S3 Ep64: Log4Shell again, scammers keeping busy, and Apple Home bug [Podcast + Transcript]

By Paul Ducklin — January 6^th 2022 at 19:44

We're back for 2022 - listen now!

Naked Security

SFW! The Top N Cybersecurity Stories of 2021 (for small positive integer values of N)

By Paul Ducklin — December 24^th 2021 at 17:44

Happy Holidays! Our Top N stories, all totally SFW!

Naked Security

The cool retro phone with a REAL DIAL… plus plenty of IoT problems

By Paul Ducklin — December 23^rd 2021 at 17:58

You know you want one, because this retro phone is NOT A TOY... except when it comes to cybersecurity.

Naked Security

Apache’s other product: Critical bugs in ‘httpd’ web server, patch now!

By Paul Ducklin — December 21^st 2021 at 19:57

The Apache web server just got an update - this one is nothing to do with Log4j!

Naked Security

S3 Ep63: Log4Shell (what else?) and Apple kernel bugs [Podcast+Transcript]

By Paul Ducklin — December 16^th 2021 at 17:41

Latest episode - listen now! (Yes, there are plenty of critical things to go along with Log4Shell.)

Naked Security

S3 Ep62: The S in IoT stands for security (and much more) [Podcast+Transcript]

By Paul Ducklin — December 9^th 2021 at 17:40

Listen now or read as an article! (Full transcript inside.)

Naked Security

S3 Ep61: Call scammers, cloud insecurity, and facial recognition creepiness [Podcast+Transcript]

By Paul Ducklin — December 2^nd 2021 at 20:50

Latest episode - listen now!

Naked Security

Cloud Security: Don’t wait until your next bill to find out about an attack!

By Paul Ducklin — November 26^th 2021 at 19:58

Cloud security is the best sort of altruism: you need to do it to protect yourself, but you help to protect everyone else at the same time.

Naked Security

S3 Ep60: Exchange exploit, GoDaddy breach and cookies made public [Podcast]

By Paul Ducklin — November 25^th 2021 at 12:38

Latest episode - listen now! Solid cybersecurity advice in plain English.

Naked Security

US government securities watchdog spoofed by investment scammers – don’t fall for it!

By Paul Ducklin — November 24^th 2021 at 19:57

Those numbers that show up on your phone to tell you who's calling? Treat them as SUGGESTIONS, never as PROOF.

Naked Security

GoDaddy admits to password breach: check your Managed WordPress site!

By Paul Ducklin — November 23^rd 2021 at 00:35

GoDaddy found crooks in its network, and kicked them out - but not before they'd been in there for six weeks.

Naked Security

Black Friday and Cyber Monday – here’s what you REALLY need to do!

By Paul Ducklin — November 22^nd 2021 at 19:52

The world fills up with cybersecurity tips every year when Black Friday comes round. But what about the rest of the year?

Naked Security

S3 Ep59: Emotet, an FBI hoax, Samba bugs, and a hijackable suitcase [Podcast]

By Paul Ducklin — November 18^th 2021 at 15:00

Latest episode - listen now!

Naked Security

S3 Ep58: Faces on Facebook, scams that pose as complaints, and a Kaseya bust [Podcast]

By Paul Ducklin — November 11^th 2021 at 17:41

Latest epsiode - listen now!

Naked Security

Patch Tuesday updates the Win 7 updater… for at most 1 more year of updates

By Paul Ducklin — November 10^th 2021 at 19:45

The clock stopped long ago on Windows 7, except for those who paid for overtime. But there won't be any double overtime!

Naked Security

Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!

By Paul Ducklin — November 9^th 2021 at 19:31

The crooks have shown that they're willing to learn and adapt their attacks, so we need to make sure we learn and adapt, too.

Naked Security

S3 Ep57: Europol v. Ransomware, Shrootless bug, and Linux browser flamewars [Podcast]

By Paul Ducklin — November 4^th 2021 at 17:46

Latest episode - listen now!

Naked Security

Europol announces “targeting” of 12 suspects in ransomware attacks

By Naked Security writer — October 29^th 2021 at 23:22

More anti-ransomware activity by law enforcement, this time in Switzerland and Ukraine.

Naked Security

S3 Ep56: Cryptotrading rodent, ransomware hackback, and a Docusign phish [Podcast]

By Paul Ducklin — October 28^th 2021 at 18:45

Latest episode - listen now! Serious security explained with personality in plain English.

ns-1200-logo-podcast-with-mic-and-rodent-emoji

Naked Security

Listen up 2 – CYBERSECURITY FIRST! How to protect yourself from supply chain attacks

By Paul Ducklin — October 25^th 2021 at 16:38

Everyone remembers this year's big-news supply chain attacks on Kaseya and SolarWinds. Sophos expert Chester Wisniewski explains how to control the risk.

Naked Security

Listen up 3 – CYBERSECURITY FIRST! Cyberinsurance, help or hindrance?

By Paul Ducklin — October 25^th 2021 at 16:37

Dr Jason Nurse, Associate Professor in Cybersecurity at the University of Kent, takes on the controversial topic of cyberinsurance.

Naked Security

Listen up 4 – CYBERSECURITY FIRST! Purple teaming – learning to think like your adversaries

By Paul Ducklin — October 25^th 2021 at 16:36

Michelle Farenci knows her stuff, because she's a cybersecurity practitioner inside a cybersecurity company! Learn why thinking like an attacker makes you a better defender.