Naked Security

Who’s watching your webcam? The Screencastify Chrome extension story…

When you really need to make exceptions in cybersecurity, specify them as explicitly as you can.

Naked Security

Poisoned Python and PHP packages purloin passwords for AWS access

More supply chain trouble - this time with clear examples so you can learn how to spot this stuff yourself.

Naked Security

Clearview AI face-matching service fined a lot less than expected

The fine has finally gone through... but it's less than 45% of what was originally proposed.

Naked Security

Mozilla patches Wednesday’s Pwn2Own double-exploit… on Friday!

That was quick! 48 hours from exploit report to published patch.

Naked Security

Microsoft patches the Patch Tuesday patch that broke authentication

Remember the good old days when security patches rarely needed patches? Because security patches themlelves were rare enough anyway?

Naked Security

US Government says: Patch VMware right now, or get off our network

Find and patch. Right now. If you can't patch, get it off the network. Right now! Oh, and show us what you did to comply.

Naked Security

S3 Ep83: Cracking passwords, patching Firefox, and Apple vulns [Podcast]

Latest episode - listen now!

Naked Security

Pwn2Own hacking schedule released – Windows and Linux are top targets

What's better? Disclose early, patch fast? Or dig deep, disclose in full, patch more slowly?

Naked Security

Apple patches zero-day kernel hole and much more – update now!

You'll find fixes for numerous kernel-level code execution holes, including an 0-day vulnerability in many (though not all) versions.

Naked Security

Firefox out-of-band update to 100.0.1 – just in time for Pwn2Own?

A new point-release of Firefox. Not unusual, but the timing of this one is interesting, with Pwn2Own coming up in a few days.

Naked Security

He sold cracked passwords for a living – now he’s serving 4 years in prison

Crooks don't need a password for every user on your network to break in and wreak havoc. One could be enough...

Naked Security

S3 Ep82: Bugs, bugs, bugs (and Colonial Pipeline again) [Podcast]

Latest episode - lots to learn - plain English - fun with a serious side - listen now!

Naked Security

Serious Security: Learning from curl’s latest bug update

Learn how to write plain-speaking and purposeful security advisories from one of the most widely-used open source tools in the world.

Naked Security

Colonial Pipeline facing $1,000,000 fine for poor recovery plans

How good is your cybersecurity? Are you making the same mistakes as lots of other people? Here's some real-life advice...

Naked Security

RubyGems supply chain rip-and-replace bug fixed – check your logs!

Imagine if you could assume the identity of, say, Franklin Delano Roosevelt simply by showing up and calling yourself "Frank".

Naked Security

You didn’t leave enough space between ROSE and AND, and AND and CROWN

What weird Google Docs bug connects the words THEREFORE, AND, SECONDLY, WHY, BUT and BESIDES?

Naked Security

S3 Ep81: Passwords (still with us!), Github, Firefox at 100, and network worms [Podcast]

Latest episode - listen now!

Naked Security

World Password Day – the 1960s just called and gave you your passwords back

Yes, passwords are going away. No, it won't happen tomorrow. So it's still worth knowing the basics of picking proper passwords.

Naked Security

Android monthly updates are out – critical bugs found in critical places!

Android May 2022 updates are out - with some critical fixes in some critical places. Learn more...

Naked Security

Firefox hits 100*, fixes bugs… but no new zero-days this month

Despite concerns that some websites might break when Chromium and then Firefox reached version 100, the web still seems to be intact.

Naked Security

GitHub issues final report on supply-chain source code intrusions

Learn how to find out which apps you've given access rights to, and how to revoke those rights immediately in an emergency.

Naked Security

S3 Ep80: Ransomware news, phishing woes, NAS bugs, and a giant hole in Java [Podcast]

Latest episode - listen now!

Naked Security

Ransomware Survey 2022 – like the Curate’s Egg, “good in parts”

You might not like the headline statistics in this year's ransomware report... but that makes it even more important to take a look!

Naked Security

Phishing goes KISS: Don’t let plain and simple messages catch you out!

Sometimes we receive phishing tricks that we grudgingly have to admit are better than average, just because they're uncomplicated.

Naked Security

QNAP warns of new bugs in its Network Attached Storage devices

Here's what you need to know - plus some sensible advice for all the devices on your home or small biz network!

Naked Security

S3 Ep79: Chrome hole, a bad place for a cybersecurity holiday, and crypto-dodginess [Podcast]

Do you know your Adam Osborne from your John Osbourne? Your Z80 from your 6502? Latest episode - listen now!

Naked Security

Critical cryptographic Java security blunder patched – update now!

Either know the private key and use it scrupulously in your digital signature calculation.... or just send a bunch of zeros instead.

Naked Security

Beanstalk cryptocurrency heist: scammer votes himself all the money

Voting safeguards based on commuity collateral don't work if one person can use a momentary loan to "become" 75% of the community.

Naked Security

Yet another Chrome zero-day emergency update – patch now!

The third emergency Chrome 0-day in three months - the first one was exploited by North Korea, so you might as well get this one ASAP.

Naked Security

S3 Ep78: Darkweb hydra, Ruby, quantum computing, and a robot revolution [Podcast]

Latest episode - listen now!

Naked Security

US cryptocurrency coder gets 5 years for North Korea sanctions busting

Cryptocurrency expert didn't take "No" for an answer when the US authorities said he couldn't pursue cryptocoin opps in North Korea.

Naked Security

Hospital robot system gets five critical security holes patched

Fortunately, we're not talking about a robot revolution, or about hospital AI run amuck. But these bugs could lead to ransomware, or worse...

Naked Security

OpenSSH goes Post-Quantum, switches to qubit-busting crypto by default

Useful quantum computers might not actually be possible. But what if they are? And what if they arrive, say, tomorrow?

Naked Security

Popular Ruby Asciidoc toolkit patched against critical vuln – get the update now!

A rogue line-continuation character can trick the code into validating just the second half of the line, but executing all of it.

Naked Security

S3 Ep77: Bugs, busts and old-school PDP-11 hacking [Podcast]

Latest episode - listen now! Cybersecurity news and advice in plain English.

Naked Security

Serious Security: Darkweb drugs market Hydra taken offline by German police

Why are Tor sites hard to locate and therefore difficult to take down? We explain in plain English...

Naked Security

Firefox 99 is out – no major bugs, but update anyway!

Firefox's four-weekly updates just dropped - here's what you need to know.

Naked Security

Google’s monthly Android updates patch numerous “get root” holes

Get the update now... if it's available for your phone. Here's how to check.

Naked Security

LAPSUS$ hacks continue despite two hacker suspects in court

Do you know where in your company to report security anomalies? If you receive such reports, do you have an efficient way to process them?

Naked Security

Apple pushes out two emergency 0-day updates – get ’em now!

More Apple zero-days - mobile devices, laptops and desktops affected. Update now!

Naked Security

Two different “VMware Spring” bugs at large – we cut through the confusion

Whoever came up with the name "Spring4Shell" didn't help at all... we cut through the Spring Bug confusion

Naked Security

S3 Ep76: Deadbolt, LAPSUS$, Zlib, and a Chrome 0-day [Podcast]

Latest episode - listen now!

Naked Security

“VMware Spring Cloud Function” Java bug gives instant remote code execution – update now!

Easy unauthenticated remote code execution - PoC code already out

Naked Security

World Backup Day: 5 data recovery tips for everyone!

The only backup you will ever regret is the one you didn't make

Naked Security

Zlib data compressor fixes 17-year-old security bug – patch, errrm, now

This code is venerable! Surely all the bugs must be out by now?

Naked Security

Google Chrome patches mysterious new zero-day bug – update now

CVE-2022-1096 - another mystery in-the-wild 0-day in Chrome... check your version now!

Naked Security

UK police arrest 7 hacking suspects – have they bust the LAPSUS$ gang?

Seven alleged hackers have been arrested in the UK. But who are they, and which hacking crew are they from?

Naked Security

S3 Ep75: Okta hack, CryptoRom, OpenSSL, and CafePress [Podcast]

Latest episode - listen now!

Naked Security

Serious Security: DEADBOLT – the ransomware that goes straight for your backups

Some tips on how to keep your network safe - even (or perhaps especially!) if you think you're safe already.

Naked Security

Web vendor CafePress fined $500,000 for giving cybersecurity a low value

Just because you're the victim of a cybercrime doesn't let you off your cybersecurity obligations

Naked Security

OpenSSL patches infinite-loop DoS bug in certificate verification

When it comes to writing loops in your code... never sit on the fence!

Naked Security

S3 Ep74: Cybercrime busts, Apple patches, Pi Day, and disconnect effects [Podcast]

Latest episode - listen now!

Naked Security

Beware bogus Betas – cryptocoin scammers abuse Apple’s TestFlight system

"Install this moneymaking app" - this one is so special that it isn't available on Google Play or the App Store!

Naked Security

CISA warning: “Russian actors bypassed 2FA” – what happened and how to avoid it

Don't leave old accounts lying around where someone sketchy could reactivate them.

Naked Security

Apple patches 87 security holes – from iPhones and Macs to Windows

Lots of fixes, with data leakage flaws and code execution bugs patched on iPhones, Macs and even Windows.

Naked Security

Happy #PiDay – even if you aren’t in North America!

There is a cybersecurity angle here - but you will need to read right to the end to find it :-)

Naked Security

Cryptocoin ATMs ruled illegal – “Shut down at once”, says regulator

If you live in the UK and hadn't yet heard of cryptocoin ATMs... it's too late now!

Naked Security

Alleged Kaseya ransomware attacker arrives in Texas for trial

The US Independence Day weekend of 2021 wasn't much of a holiday for cybersecurity staff. That was when the Kaseya attack unfolded...

Naked Security

S3 Ep73: Ransomware with a difference, dirty Linux pipes, and much more [Podcast + Transcript]

Latest episode - listen now!

Naked Security

“Dirty Pipe” Linux kernel bug lets anyone write to any file

Even read-only files can be written to, leading to a dangerously general purpose elevation-of-privilege attack.