Naked Security

S3 Ep96: Zoom 0-day, AEPIC leak, Conti reward, healthcare security [Audio + Text]

Latest episode - listen now (or read if you prefer!)

Naked Security

Apple patches double zero-day in browser and kernel – update now!

Double 0-day exploits - one in WebKit (to break in) and the other in the kernel (to take over). Patch now!

Naked Security

Chrome browser gets 11 security fixes with 1 zero-day – update now!

Don't delay - patch today.

Naked Security

US offers reward “up to $10 million” for information about the Conti gang

Wanted - Reward Offered - Five unknown individuals (plus a man with a weird hat)

Naked Security

Zoom for Mac patches critical bug – update now!

There's many a slip 'twixt the cup and the lip. Or at least between the TOC and the TOU...

Naked Security

S3 Ep95: Slack leak, Github onslaught, and post-quantum crypto [Audio + Text]

Latest episode - listen now! (Or read the transcript if you prefer.)

Naked Security

APIC/EPIC! Intel chips leak secrets even the kernel shouldn’t see…

If you've ever written code that left stuff lying around in memory when you didn't need it any more... we bet you've regretted it!

Naked Security

Slack admits to leaking hashed passwords for five years

"When those invitations went out... somehow, your password hash went out with them."

Naked Security

Traffic Light Protocol for cybersecurity responders gets a revamp

Traffic lights make a handy global metaphor for denoting the sensitivity of cybersecurity threat data - three colours that everyone knows.

Naked Security

S3 Ep94: This sort of crypto (graphy), and the other sort of crypto (currency!) [Audio + Text]

Latest episode - listen now! (Or read if that's what you prefer.)

Naked Security

GitHub blighted by “researcher” who created thousands of malicious projects

If you spew projects laced with hidden malware into an open source repository, don't waste your time telling us "no harm done" afterwards.

Naked Security

Post-quantum cryptography – new algorithm “gone in 60 minutes”

And THIS is why you don't knit your own home-made encryption algorithms and hope no one looks at them.

Naked Security

Cryptocoin “token swapper” Nomad loses $200 million in coding blunder

Transactions were only approved, it seems, if they were initiated by... errrrr, by anyone.

Naked Security

GnuTLS patches memory mismanagement bug – update now!

GnuTLS may well be the most widespread cryptographic toolkit you've never heard of. Learn more...

Naked Security

How to celebrate SysAdmin Day!

I've just popped in to wish you all/The best SysAdmin Day!

Naked Security

S3 Ep93: Office security, breach costs, and leisurely patches [Audio + Text]

Latest episode - listen now!

Naked Security

Critical Samba bug could let anyone become Domain Admin – patch now!

It's a serious bug... but there's a fix for it, so you know exactly what to do!

Naked Security

Mild monthly security update from Firefox – but update anyway

You're probably thinking we're going to say, "Don't delay/Do it today"... and that's exactly what we are saying!

Naked Security

T-Mobile to cough up $500 million over 2021 data breach

Technically, it's not a fine, and the lawyers will get a big chunk of it. But it still adds up to a half-billion-dollar data breach.

Naked Security

Office macro security: on-again-off-again feature now BACK ON AGAIN!

20 years to turn it on, then 20 weeks to turn it off, then just 2 weeks to turn it back on again. That's progress!

Naked Security

S3 Ep92: Log4Shell4Ever, travel tips, and scamminess [Audio + Text]

Latest episode - listen, read or both!

Naked Security

Apple patches “0-day” browser bug fixed 2 weeks ago in Chrome, Edge

One vendor's zero-day is another vendor's routine patch...

Naked Security

Last member of Gozi malware troika arrives in US for criminal trial

His co-conspirators went into and got out of prison years ago, while he remained free. Now the tables have turned...

Naked Security

8 months on, US says Log4Shell will be around for “a decade or longer”

When it comes to cybersecurity, ask not what everyone else can do for you...

Naked Security

7 cybersecurity tips for your summer vacation!

Here you go - seven thoughtful cybersecurity tips to help you travel safely...

Naked Security

S3 Ep91: CodeRed, OpenSSL, Java bugs, Office macros [Audio + Text]

Latest episode - listen now! Great discussion, technical content, solid advice... all covered in plain English.

Naked Security

Facebook 2FA scammers return – this time in just 21 minutes

Last time they arrived 28 minutes after lighting up their fake domain... this time it was just 21 minutes

Naked Security

Paying ransomware crooks won’t reduce your legal risk, warns regulator

"We paid the crooks to keep things under control and make a bad thing better"... isn't a valid excuse. Who knew?

Naked Security

That didn’t last! Microsoft turns off the Office security it just turned on

An Office anti-malware setting that took more than 20 years to arrive... and fewer than 20 weeks to vanish again.

Naked Security

Apache “Commons Configuration” patches Log4Shell-style bug – what you need to know

It's a bit like Log4J, but for configuration files, not for logging.

Naked Security

S3 Ep90: Chrome 0-day again, True Cybercrime, and a 2FA bypass [Podcast + Transcript]

Listen now! Or read if you prefer...

Naked Security

OpenSSL fixes two “one-liner” crypto bugs – what you need to know

"As bad as Heartbleed"? We heard that concern a week ago, but we think it's less ungood than that...

Naked Security

Google patches “in-the-wild” Chrome zero-day – update now!

Running Chrome? Do the "Help-About-Update" dance move right now, just to be sure...

Naked Security

Canadian cybercriminal pleads guilty to “NetWalker” attacks in US

Bust in Canada, now bust in the USA as well.

Naked Security

Facebook 2FA phish arrives just 28 minutes after scam domain created

The crooks hit us up with this phishing email less than half an hour after they activated their new scam domain.

Naked Security

“Missing Cryptoqueen” hits the FBI’s Ten Most Wanted list

The "Missing Cryptoqueen" makes the American Top Ten... but not in a good way.

Naked Security

S3 Ep89: Sextortion, blockchain blunder, and an OpenSSL bugfix [Podcast + Transcript]

Latest episode - listen and read now! Use our advice to advise your own friends and family... let's all do our bit to stand up to scammers!

Naked Security

Firefox 102 fixes address bar spoofing security hole (and helps with Follina!)

Firefox squashes a bug that helped phishers, and brings its own helping hand to Microsoft's "Follina" saga.

Naked Security

Harmony blockchain loses nearly $100M due to hacked private keys

The crooks needed at least two private keys, each stored in two parts... but they got them anyway.

Naked Security

FTC warns of LGBTQ+ extortion scams – be aware before you share!

It's a simple jingle and it's solid advice: "If in doubt, don't give it out!"

Naked Security

OpenSSL issues a bugfix for the previous bugfix

Fortunately, it's not a major bugfix, which means it's easy to patch and can teach us all some useful lessons.

Naked Security

S3 Ep88: Phone scammers, hacking bust, and data breach fines [Podcast + Transcript]

Latest epsiode - listen (or read) now!

Naked Security

Capital One identity theft hacker finally gets convicted

It took three years, but the Capital One cracker was convicted in the end. Don't get caught out in a data breach of your own!

Naked Security

Interpol busts 2000 suspects in phone scamming takedown

Friends don't let friends get scammed. Not everyone knows how typical scams unfold, so here are some real-world examples...

Naked Security

S3 Ep87: Follina, AirTags, ID theft and the Law of Big Numbers [Podcast]

Lastest epsiode - listen now!

Naked Security

Follina gets fixed – but it’s not listed in the Patch Tuesday patches!

We tried it out to make sure, so you don't have to.

Naked Security

Murder suspect admits she tracked cheating partner with hidden AirTag

O! What a tangled web we weave, when first we practise to deceive.

Naked Security

You’re invited! Join us for a live walkthrough of the “Follina” story…

Live demo, plain English, no sales pitch, just a chance to watch an attack dissected in safety. Join us if you can!

Naked Security

S3 Ep86: The crooks were in our network for HOW long?! [Podcast + Transcript]

Latest episode - listen (or read) now!

Naked Security

SSNDOB Market domains seized, identity theft “brokerage” shut down

The online identity "brokerage" SSNDOB Market didn't want people to be in any doubt what it was selling.

Naked Security

Know your enemy! Learn how cybercrime adversaries get in…

Here's how 144 recent attacks actually went down in real life. Don't let this happen to you!

Naked Security

Atlassian announces 0-day hole in Confluence Server – update now!

Zero-day announced - here's what you need to know

Naked Security

Yet another zero-day (sort of) in Windows “search URL” handling

More trouble with special-purpose URLs on Windows.

Naked Security

S3 Ep85: Now THAT’S what I call a Microsoft Office exploit! [Podcast]

Latest episode - listen now!

Naked Security

Firefox 101 is out, this time with no 0-day scares (but update anyway!)

After an intriguing month of Firefox releases, here's one with a bit less drama, probably to the collective relief of Mozilla's coders.

Naked Security

Mysterious “Follina” zero-day hole in Office – here’s what to do!

News has emerged of a "feature" in Office that has been abused as a zero-day bug to run evil code. Turning off macros doesn't help!

Naked Security

Beware the Smish! Home delivery scams with a professional feel…

Home delivery scams are getting leaner, and meaner, and more likely to "look about right". Here's an example to show you what we mean...

Naked Security

S3 Ep84: Government demand, Mozilla velocity, and Clearview fine [Podcast]

Latest episode - listen now!

Naked Security

Who’s watching your webcam? The Screencastify Chrome extension story…

When you really need to make exceptions in cybersecurity, specify them as explicitly as you can.

Naked Security

Poisoned Python and PHP packages purloin passwords for AWS access

More supply chain trouble - this time with clear examples so you can learn how to spot this stuff yourself.