Login
FreshRSS
Login
Naked Security
S3 Ep94: This sort of crypto (graphy), and the other sort of crypto (currency!) [Audio + Text]
By
Paul Ducklin
β August 4
th
2022 at 17:52
Latest episode - listen now! (Or read if that's what you prefer.)
Naked Security
GitHub blighted by βresearcherβ who created thousands of malicious projects
By
Paul Ducklin
β August 3
rd
2022 at 23:06
If you spew projects laced with hidden malware into an open source repository, don't waste your time telling us "no harm done" afterwards.
Naked Security
Post-quantum cryptography β new algorithm βgone in 60 minutesβ
By
Paul Ducklin
β August 3
rd
2022 at 18:55
And THIS is why you don't knit your own home-made encryption algorithms and hope no one looks at them.
Naked Security
Cryptocoin βtoken swapperβ Nomad loses $200 million in coding blunder
By
Paul Ducklin
β August 2
nd
2022 at 16:12
Transactions were only approved, it seems, if they were initiated by... errrrr, by anyone.
Naked Security
GnuTLS patches memory mismanagement bug β update now!
By
Paul Ducklin
β August 1
st
2022 at 16:55
GnuTLS may well be the most widespread cryptographic toolkit you've never heard of. Learn more...
Naked Security
How to celebrate SysAdmin Day!
By
Paul Ducklin
β July 29
th
2022 at 15:37
I've just popped in to wish you all/The best SysAdmin Day!
Naked Security
S3 Ep93: Office security, breach costs, and leisurely patches [Audio + Text]
By
Paul Ducklin
β July 28
th
2022 at 15:47
Latest episode - listen now!
Naked Security
Critical Samba bug could let anyone become Domain Admin β patch now!
By
Paul Ducklin
β July 27
th
2022 at 21:15
It's a serious bug... but there's a fix for it, so you know exactly what to do!
Naked Security
Mild monthly security update from Firefox β but update anyway
By
Paul Ducklin
β July 27
th
2022 at 00:41
You're probably thinking we're going to say, "Don't delay/Do it today"... and that's exactly what we are saying!
Naked Security
T-Mobile to cough up $500 million over 2021 data breach
By
Paul Ducklin
β July 25
th
2022 at 16:20
Technically, it's not a fine, and the lawyers will get a big chunk of it. But it still adds up to a half-billion-dollar data breach.
Naked Security
Office macro security: on-again-off-again feature now BACK ON AGAIN!
By
Paul Ducklin
β July 23
rd
2022 at 01:10
20 years to turn it on, then 20 weeks to turn it off, then just 2 weeks to turn it back on again. That's progress!
Naked Security
S3 Ep92: Log4Shell4Ever, travel tips, and scamminess [Audio + Text]
By
Paul Ducklin
β July 21
st
2022 at 16:25
Latest episode - listen, read or both!
Naked Security
Apple patches β0-dayβ browser bug fixed 2 weeks ago in Chrome, Edge
By
Paul Ducklin
β July 21
st
2022 at 12:38
One vendor's zero-day is another vendor's routine patch...
Naked Security
Last member of Gozi malware troika arrives in US for criminal trial
By
Paul Ducklin
β July 20
th
2022 at 14:56
His co-conspirators went into and got out of prison years ago, while he remained free. Now the tables have turned...
Naked Security
8 months on, US says Log4Shell will be around for βa decade or longerβ
By
Paul Ducklin
β July 18
th
2022 at 16:57
When it comes to cybersecurity, ask not what everyone else can do for you...
Naked Security
7 cybersecurity tips for your summer vacation!
By
Paul Ducklin
β July 15
th
2022 at 18:23
Here you go - seven thoughtful cybersecurity tips to help you travel safely...
Naked Security
S3 Ep91: CodeRed, OpenSSL, Java bugs, Office macros [Audio + Text]
By
Paul Ducklin
β July 14
th
2022 at 18:47
Latest episode - listen now! Great discussion, technical content, solid advice... all covered in plain English.
Naked Security
Facebook 2FA scammers return β this time in just 21 minutes
By
Paul Ducklin
β July 13
th
2022 at 16:46
Last time they arrived 28 minutes after lighting up their fake domain... this time it was just 21 minutes
Naked Security
Paying ransomware crooks wonβt reduce your legal risk, warns regulator
By
Paul Ducklin
β July 12
th
2022 at 18:24
"We paid the crooks to keep things under control and make a bad thing better"... isn't a valid excuse. Who knew?
Naked Security
That didnβt last! Microsoft turns off the Office security it just turned on
By
Paul Ducklin
β July 11
th
2022 at 13:27
An Office anti-malware setting that took more than 20 years to arrive... and fewer than 20 weeks to vanish again.
Naked Security
Apache βCommons Configurationβ patches Log4Shell-style bug β what you need to know
By
Paul Ducklin
β July 8
th
2022 at 00:59
It's a bit like Log4J, but for configuration files, not for logging.
Naked Security
S3 Ep90: Chrome 0-day again, True Cybercrime, and a 2FA bypass [Podcast + Transcript]
By
Paul Ducklin
β July 7
th
2022 at 18:46
Listen now! Or read if you prefer...
Naked Security
OpenSSL fixes two βone-linerβ crypto bugs β what you need to know
By
Paul Ducklin
β July 6
th
2022 at 16:52
"As bad as Heartbleed"? We heard that concern a week ago, but we think it's less ungood than that...
Naked Security
Google patches βin-the-wildβ Chrome zero-day β update now!
By
Paul Ducklin
β July 5
th
2022 at 15:55
Running Chrome? Do the "Help-About-Update" dance move right now, just to be sure...
Naked Security
Canadian cybercriminal pleads guilty to βNetWalkerβ attacks in US
By
Paul Ducklin
β July 4
th
2022 at 14:09
Bust in Canada, now bust in the USA as well.
Naked Security
Facebook 2FA phish arrives just 28 minutes after scam domain created
By
Paul Ducklin
β July 1
st
2022 at 20:01
The crooks hit us up with this phishing email less than half an hour after they activated their new scam domain.
Naked Security
βMissing Cryptoqueenβ hits the FBIβs Ten Most Wanted list
By
Paul Ducklin
β July 1
st
2022 at 16:49
The "Missing Cryptoqueen" makes the American Top Ten... but not in a good way.
Naked Security
S3 Ep89: Sextortion, blockchain blunder, and an OpenSSL bugfix [Podcast + Transcript]
By
Paul Ducklin
β June 30
th
2022 at 12:57
Latest episode - listen and read now! Use our advice to advise your own friends and family... let's all do our bit to stand up to scammers!
Naked Security
Firefox 102 fixes address bar spoofing security hole (and helps with Follina!)
By
Paul Ducklin
β June 29
th
2022 at 16:11
Firefox squashes a bug that helped phishers, and brings its own helping hand to Microsoft's "Follina" saga.
Naked Security
Harmony blockchain loses nearly $100M due to hacked private keys
By
Paul Ducklin
β June 27
th
2022 at 18:14
The crooks needed at least two private keys, each stored in two parts... but they got them anyway.
Naked Security
FTC warns of LGBTQ+ extortion scams β be aware before you share!
By
Paul Ducklin
β June 27
th
2022 at 14:58
It's a simple jingle and it's solid advice: "If in doubt, don't give it out!"
Naked Security
OpenSSL issues a bugfix for the previous bugfix
By
Paul Ducklin
β June 24
th
2022 at 15:32
Fortunately, it's not a major bugfix, which means it's easy to patch and can teach us all some useful lessons.
Naked Security
S3 Ep88: Phone scammers, hacking bust, and data breach fines [Podcast + Transcript]
By
Paul Ducklin
β June 23
rd
2022 at 11:08
Latest epsiode - listen (or read) now!
Naked Security
Capital One identity theft hacker finally gets convicted
By
Paul Ducklin
β June 21
st
2022 at 15:24
It took three years, but the Capital One cracker was convicted in the end. Don't get caught out in a data breach of your own!
Naked Security
Interpol busts 2000 suspects in phone scamming takedown
By
Paul Ducklin
β June 20
th
2022 at 18:10
Friends don't let friends get scammed. Not everyone knows how typical scams unfold, so here are some real-world examples...
Naked Security
S3 Ep87: Follina, AirTags, ID theft and the Law of Big Numbers [Podcast]
By
Paul Ducklin
β June 16
th
2022 at 16:52
Lastest epsiode - listen now!
Naked Security
Follina gets fixed β but itβs not listed in the Patch Tuesday patches!
By
Paul Ducklin
β June 15
th
2022 at 01:20
We tried it out to make sure, so you don't have to.
Naked Security
Murder suspect admits she tracked cheating partner with hidden AirTag
By
Paul Ducklin
β June 14
th
2022 at 18:49
O! What a tangled web we weave, when first we practise to deceive.
Naked Security
Youβre invited! Join us for a live walkthrough of the βFollinaβ storyβ¦
By
Paul Ducklin
β June 13
th
2022 at 16:28
Live demo, plain English, no sales pitch, just a chance to watch an attack dissected in safety. Join us if you can!
Naked Security
S3 Ep86: The crooks were in our network for HOW long?! [Podcast + Transcript]
By
Paul Ducklin
β June 9
th
2022 at 13:07
Latest episode - listen (or read) now!
Naked Security
SSNDOB Market domains seized, identity theft βbrokerageβ shut down
By
Paul Ducklin
β June 8
th
2022 at 14:53
The online identity "brokerage" SSNDOB Market didn't want people to be in any doubt what it was selling.
Naked Security
Know your enemy! Learn how cybercrime adversaries get inβ¦
By
Paul Ducklin
β June 7
th
2022 at 15:49
Here's how 144 recent attacks actually went down in real life. Don't let this happen to you!
Naked Security
Atlassian announces 0-day hole in Confluence Server β update now!
By
Paul Ducklin
β June 3
rd
2022 at 18:59
Zero-day announced - here's what you need to know
Naked Security
Yet another zero-day (sort of) in Windows βsearch URLβ handling
By
Paul Ducklin
β June 2
nd
2022 at 19:39
More trouble with special-purpose URLs on Windows.
Naked Security
S3 Ep85: Now THATβS what I call a Microsoft Office exploit! [Podcast]
By
Paul Ducklin
β June 2
nd
2022 at 18:37
Latest episode - listen now!
Naked Security
Firefox 101 is out, this time with no 0-day scares (but update anyway!)
By
Paul Ducklin
β June 1
st
2022 at 14:31
After an intriguing month of Firefox releases, here's one with a bit less drama, probably to the collective relief of Mozilla's coders.
Naked Security
Mysterious βFollinaβ zero-day hole in Office β hereβs what to do!
By
Paul Ducklin
β May 30
th
2022 at 23:01
News has emerged of a "feature" in Office that has been abused as a zero-day bug to run evil code. Turning off macros doesn't help!
Naked Security
Beware the Smish! Home delivery scams with a professional feelβ¦
By
Paul Ducklin
β May 30
th
2022 at 17:59
Home delivery scams are getting leaner, and meaner, and more likely to "look about right". Here's an example to show you what we mean...
Naked Security
S3 Ep84: Government demand, Mozilla velocity, and Clearview fine [Podcast]
By
Paul Ducklin
β May 27
th
2022 at 11:17
Latest episode - listen now!
Naked Security
Whoβs watching your webcam? The Screencastify Chrome extension storyβ¦
By
Paul Ducklin
β May 26
th
2022 at 12:41
When you really need to make exceptions in cybersecurity, specify them as explicitly as you can.
Naked Security
Poisoned Python and PHP packages purloin passwords for AWS access
By
Paul Ducklin
β May 24
th
2022 at 23:04
More supply chain trouble - this time with clear examples so you can learn how to spot this stuff yourself.
Naked Security
Clearview AI face-matching service fined a lot less than expected
By
Paul Ducklin
β May 23
rd
2022 at 13:01
The fine has finally gone through... but it's less than 45% of what was originally proposed.
eleceye-1200
Naked Security
Mozilla patches Wednesdayβs Pwn2Own double-exploitβ¦ on Friday!
By
Paul Ducklin
β May 20
th
2022 at 23:47
That was quick! 48 hours from exploit report to published patch.
Naked Security
Microsoft patches the Patch Tuesday patch that broke authentication
By
Paul Ducklin
β May 20
th
2022 at 22:35
Remember the good old days when security patches rarely needed patches? Because security patches themlelves were rare enough anyway?
Naked Security
US Government says: Patch VMware right now, or get off our network
By
Paul Ducklin
β May 20
th
2022 at 14:03
Find and patch. Right now. If you can't patch, get it off the network. Right now! Oh, and show us what you did to comply.
Naked Security
S3 Ep83: Cracking passwords, patching Firefox, and Apple vulns [Podcast]
By
Paul Ducklin
β May 19
th
2022 at 13:56
Latest episode - listen now!
Naked Security
Pwn2Own hacking schedule released β Windows and Linux are top targets
By
Paul Ducklin
β May 18
th
2022 at 13:04
What's better? Disclose early, patch fast? Or dig deep, disclose in full, patch more slowly?
Naked Security
Apple patches zero-day kernel hole and much more β update now!
By
Paul Ducklin
β May 17
th
2022 at 09:30
You'll find fixes for numerous kernel-level code execution holes, including an 0-day vulnerability in many (though not all) versions.
Naked Security
Firefox out-of-band update to 100.0.1 β just in time for Pwn2Own?
By
Paul Ducklin
β May 15
th
2022 at 21:53
A new point-release of Firefox. Not unusual, but the timing of this one is interesting, with Pwn2Own coming up in a few days.
Naked Security
He sold cracked passwords for a living β now heβs serving 4 years in prison
By
Paul Ducklin
β May 13
th
2022 at 18:31
Crooks don't need a password for every user on your network to break in and wreak havoc. One could be enough...
Load more articles