Poisoned Python and PHP packages purloin passwords for AWS access

By Paul Ducklin — May 24^th 2022 at 23:04

More supply chain trouble - this time with clear examples so you can learn how to spot this stuff yourself.

Naked Security

Clearview AI face-matching service fined a lot less than expected

By Paul Ducklin — May 23^rd 2022 at 13:01

The fine has finally gone through... but it's less than 45% of what was originally proposed.

eleceye-1200

Naked Security

RubyGems supply chain rip-and-replace bug fixed – check your logs!

By Paul Ducklin — May 9^th 2022 at 15:41

Imagine if you could assume the identity of, say, Franklin Delano Roosevelt simply by showing up and calling yourself "Frank".

ruby-1200

Naked Security

GitHub issues final report on supply-chain source code intrusions

By Paul Ducklin — April 29^th 2022 at 16:15

Learn how to find out which apps you've given access rights to, and how to revoke those rights immediately in an emergency.

Naked Security

Beanstalk cryptocurrency heist: scammer votes himself all the money

By Paul Ducklin — April 19^th 2022 at 16:00

Voting safeguards based on commuity collateral don't work if one person can use a momentary loan to "become" 75% of the community.

Naked Security

S3 Ep72: AirTag stalking, web server coding woes and Instascams [Podcast + Transcript]

By Paul Ducklin — March 3^rd 2022 at 14:04

Latest episode - listen now (or read it, if that's your preference)...

Naked Security

Apple AirTag anti-stalking protection bypassed by researchers

By Paul Ducklin — February 23^rd 2022 at 17:59

Problems with Apple's Tracker Detect system, which warns you of likely stalking attempts using hidden AirTags.

Naked Security

Wormhole cryptotrading company turns over $340,000,000 to criminals

By Paul Ducklin — February 4^th 2022 at 17:38

It was the best of blockchains, it was the worst of blockchains... as Charles Dickens might have said.

Naked Security

S3 Ep65: Supply chain conniption, NetUSB hole, Honda flashback, FTC muscle [Podcast + Transcript]

By Paul Ducklin — January 13^th 2022 at 15:26

Latest episode -listen to it or read it now!

Naked Security

JavaScript developer destroys own projects in supply chain “lesson”

By Paul Ducklin — January 11^th 2022 at 00:54

Two popular open source JavaScript packages recently got "hacked" in a symbolic gesture by the original project creator.

Naked Security

S3 Ep63: Log4Shell (what else?) and Apple kernel bugs [Podcast+Transcript]

By Paul Ducklin — December 16^th 2021 at 17:41

Latest episode - listen now! (Yes, there are plenty of critical things to go along with Log4Shell.)

Naked Security

S3 Ep61: Call scammers, cloud insecurity, and facial recognition creepiness [Podcast+Transcript]

By Paul Ducklin — December 2^nd 2021 at 20:50

Latest episode - listen now!

Naked Security

Clearview AI face-matching service set to be fined over $20m

By Paul Ducklin — November 30^th 2021 at 19:13

Scraping data for a facial recognition service? "That's unlawful", concluded both the British and the Australians.

Naked Security

Samba update patches plaintext password plundering problem

By Paul Ducklin — November 12^th 2021 at 19:59

When Microsoft itself says STOP USING X, where X is one of its own protocols... we think you should listen.

Naked Security

Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!

By Paul Ducklin — November 9^th 2021 at 19:31

The crooks have shown that they're willing to learn and adapt their attacks, so we need to make sure we learn and adapt, too.

Naked Security

Listen up 2 – CYBERSECURITY FIRST! How to protect yourself from supply chain attacks

By Paul Ducklin — October 25^th 2021 at 16:38

Everyone remembers this year's big-news supply chain attacks on Kaseya and SolarWinds. Sophos expert Chester Wisniewski explains how to control the risk.