Laptop denial-of-service via music: the 1980s R&B song with a CVE!

By Paul Ducklin — August 22^nd 2022 at 16:03

We haven't validated this vuln ourselves... but the source of the story is impeccable. (Impeccably dressed, at least.)

Naked Security

S3 Ep96: Zoom 0-day, AEPIC leak, Conti reward, healthcare security [Audio + Text]

By Paul Ducklin — August 18^th 2022 at 18:38

Latest episode - listen now (or read if you prefer!)

Naked Security

US offers reward “up to $10 million” for information about the Conti gang

By Naked Security writer — August 16^th 2022 at 16:57

Wanted - Reward Offered - Five unknown individuals (plus a man with a weird hat)

Naked Security

Slack admits to leaking hashed passwords for five years

By Paul Ducklin — August 8^th 2022 at 15:14

"When those invitations went out... somehow, your password hash went out with them."

Naked Security

Apple patches “0-day” browser bug fixed 2 weeks ago in Chrome, Edge

By Paul Ducklin — July 21^st 2022 at 12:38

One vendor's zero-day is another vendor's routine patch...

Naked Security

7 cybersecurity tips for your summer vacation!

By Paul Ducklin — July 15^th 2022 at 18:23

Here you go - seven thoughtful cybersecurity tips to help you travel safely...

Naked Security

Paying ransomware crooks won’t reduce your legal risk, warns regulator

By Paul Ducklin — July 12^th 2022 at 18:24

"We paid the crooks to keep things under control and make a bad thing better"... isn't a valid excuse. Who knew?

Naked Security

Apache “Commons Configuration” patches Log4Shell-style bug – what you need to know

By Paul Ducklin — July 8^th 2022 at 00:59

It's a bit like Log4J, but for configuration files, not for logging.

Naked Security

S3 Ep90: Chrome 0-day again, True Cybercrime, and a 2FA bypass [Podcast + Transcript]

By Paul Ducklin — July 7^th 2022 at 18:46

Listen now! Or read if you prefer...

Naked Security

S3 Ep89: Sextortion, blockchain blunder, and an OpenSSL bugfix [Podcast + Transcript]

By Paul Ducklin — June 30^th 2022 at 12:57

Latest episode - listen and read now! Use our advice to advise your own friends and family... let's all do our bit to stand up to scammers!

Naked Security

Harmony blockchain loses nearly $100M due to hacked private keys

By Paul Ducklin — June 27^th 2022 at 18:14

The crooks needed at least two private keys, each stored in two parts... but they got them anyway.

Naked Security

FTC warns of LGBTQ+ extortion scams – be aware before you share!

By Paul Ducklin — June 27^th 2022 at 14:58

It's a simple jingle and it's solid advice: "If in doubt, don't give it out!"

Naked Security

OpenSSL issues a bugfix for the previous bugfix

By Paul Ducklin — June 24^th 2022 at 15:32

Fortunately, it's not a major bugfix, which means it's easy to patch and can teach us all some useful lessons.

Naked Security

S3 Ep88: Phone scammers, hacking bust, and data breach fines [Podcast + Transcript]

By Paul Ducklin — June 23^rd 2022 at 11:08

Latest epsiode - listen (or read) now!

Naked Security

Capital One identity theft hacker finally gets convicted

By Paul Ducklin — June 21^st 2022 at 15:24

It took three years, but the Capital One cracker was convicted in the end. Don't get caught out in a data breach of your own!

Naked Security

Know your enemy! Learn how cybercrime adversaries get in…

By Paul Ducklin — June 7^th 2022 at 15:49

Here's how 144 recent attacks actually went down in real life. Don't let this happen to you!

Naked Security

Poisoned Python and PHP packages purloin passwords for AWS access

By Paul Ducklin — May 24^th 2022 at 23:04

More supply chain trouble - this time with clear examples so you can learn how to spot this stuff yourself.

Naked Security

Microsoft patches the Patch Tuesday patch that broke authentication

By Paul Ducklin — May 20^th 2022 at 22:35

Remember the good old days when security patches rarely needed patches? Because security patches themlelves were rare enough anyway?

Naked Security

Colonial Pipeline facing $1,000,000 fine for poor recovery plans

By Paul Ducklin — May 10^th 2022 at 16:59

How good is your cybersecurity? Are you making the same mistakes as lots of other people? Here's some real-life advice...

Naked Security

You didn’t leave enough space between ROSE and AND, and AND and CROWN

By Paul Ducklin — May 6^th 2022 at 16:59

What weird Google Docs bug connects the words THEREFORE, AND, SECONDLY, WHY, BUT and BESIDES?

Naked Security

Yet another Chrome zero-day emergency update – patch now!

By Paul Ducklin — April 16^th 2022 at 00:33

The third emergency Chrome 0-day in three months - the first one was exploited by North Korea, so you might as well get this one ASAP.

Naked Security

LAPSUS$ hacks continue despite two hacker suspects in court

By Paul Ducklin — April 4^th 2022 at 21:36

Do you know where in your company to report security anomalies? If you receive such reports, do you have an efficient way to process them?

Naked Security

Apple pushes out two emergency 0-day updates – get ’em now!

By Paul Ducklin — March 31^st 2022 at 23:38

More Apple zero-days - mobile devices, laptops and desktops affected. Update now!

apple-1200

Naked Security

“VMware Spring Cloud Function” Java bug gives instant remote code execution – update now!

By Paul Ducklin — March 30^th 2022 at 20:38

Easy unauthenticated remote code execution - PoC code already out

Naked Security

CISA warning: “Russian actors bypassed 2FA” – what happened and how to avoid it

By Paul Ducklin — March 16^th 2022 at 01:22

Don't leave old accounts lying around where someone sketchy could reactivate them.

Naked Security

Happy #PiDay – even if you aren’t in North America!

By Paul Ducklin — March 14^th 2022 at 23:59

There is a cybersecurity angle here - but you will need to read right to the end to find it :-)

Naked Security

Cryptocoin ATMs ruled illegal – “Shut down at once”, says regulator

By Paul Ducklin — March 14^th 2022 at 17:51

If you live in the UK and hadn't yet heard of cryptocoin ATMs... it's too late now!

Naked Security

Ransomware with a difference: “Derestrict your software, or else!”

By Paul Ducklin — March 2^nd 2022 at 16:33

"Change your code to improve cryptomining"... or we'll dump 1TB of stolen secrets.

Naked Security

S3 Ep71: VMware escapes, PHP holes, WP plugin woes, and scary scams [Podcast + Transcript]

By Paul Ducklin — February 24^th 2022 at 16:51

Latest episode - listen now!

Naked Security

French speakers blasted by sextortion scams with no text or links

By Paul Ducklin — February 21^st 2022 at 17:59

You'd spot this one a mile away... but what about your friends or family?

Naked Security

Apple zero-day drama for Macs, iPhones and iPads – patch now!

By Paul Ducklin — February 11^th 2022 at 14:25

Sudden update! Zero-day browser hole! Drive-by malware danger! Patch Apple laptops and phones now...

apple-1200

Naked Security

Wormhole cryptotrading company turns over $340,000,000 to criminals

By Paul Ducklin — February 4^th 2022 at 17:38

It was the best of blockchains, it was the worst of blockchains... as Charles Dickens might have said.

Naked Security

S3 Ep68: Bugs, scams, privacy …and fonts?! [Podcast + Transcript]

By Paul Ducklin — February 3^rd 2022 at 16:20

Latest episode - listen now!

Naked Security

Coronavirus SMS scam offers home PCR testing devices – don’t fall for it!

By Paul Ducklin — January 28^th 2022 at 23:58

Free home PCR devices would be technological marvels, and really useful, too. But there aren't any...

Naked Security

Apple fixes Safari data leak (and patches a zero-day!) – update now

By Paul Ducklin — January 27^th 2022 at 21:09

That infamous "supercookie" bug in Safari has now been fixed. Oh, and there was a zero-day kernel hole as well.

apple-1200

Naked Security

S3 Ep65: Supply chain conniption, NetUSB hole, Honda flashback, FTC muscle [Podcast + Transcript]

By Paul Ducklin — January 13^th 2022 at 15:26

Latest episode -listen to it or read it now!

Naked Security

Honda cars in flashback to 2002 – “Can’t Get You Out Of My Head”

By Paul Ducklin — January 8^th 2022 at 02:53

Where were YOU on the night of 17 May 2002? And what about the day after that?

Naked Security

The cool retro phone with a REAL DIAL… plus plenty of IoT problems

By Paul Ducklin — December 23^rd 2021 at 17:58

You know you want one, because this retro phone is NOT A TOY... except when it comes to cybersecurity.

Naked Security

S3 Ep63: Log4Shell (what else?) and Apple kernel bugs [Podcast+Transcript]

By Paul Ducklin — December 16^th 2021 at 17:41

Latest episode - listen now! (Yes, there are plenty of critical things to go along with Log4Shell.)

Naked Security

Apple security updates are out – and not a Log4Shell mention in sight

By Paul Ducklin — December 14^th 2021 at 12:55

Get 'em while they're hot!

Naked Security

Cryptocurrency startup fails to subtract before adding, loses $31m

By Paul Ducklin — December 6^th 2021 at 19:50

Think of a number, any number. Take away 42. Add 42 back in. Then pretend you didn't take away 42. How much is left?

Naked Security

S3 Ep61: Call scammers, cloud insecurity, and facial recognition creepiness [Podcast+Transcript]

By Paul Ducklin — December 2^nd 2021 at 20:50

Latest episode - listen now!

Naked Security

IoT devices must “protect consumers from cyberharm”, says UK government

By Paul Ducklin — December 2^nd 2021 at 19:10

"Must be at least THIS tall to go on ride" seems to be the starting point. Too little, too late? Or better than nothing?

Naked Security

Clearview AI face-matching service set to be fined over $20m

By Paul Ducklin — November 30^th 2021 at 19:13

Scraping data for a facial recognition service? "That's unlawful", concluded both the British and the Australians.

Naked Security

US government securities watchdog spoofed by investment scammers – don’t fall for it!

By Paul Ducklin — November 24^th 2021 at 19:57

Those numbers that show up on your phone to tell you who's calling? Treat them as SUGGESTIONS, never as PROOF.

Naked Security

GoDaddy admits to password breach: check your Managed WordPress site!

By Paul Ducklin — November 23^rd 2021 at 00:35

GoDaddy found crooks in its network, and kicked them out - but not before they'd been in there for six weeks.

Naked Security

Black Friday and Cyber Monday – here’s what you REALLY need to do!

By Paul Ducklin — November 22^nd 2021 at 19:52

The world fills up with cybersecurity tips every year when Black Friday comes round. But what about the rest of the year?

Naked Security

S3 Ep58: Faces on Facebook, scams that pose as complaints, and a Kaseya bust [Podcast]

By Paul Ducklin — November 11^th 2021 at 17:41

Latest epsiode - listen now!

Naked Security

Facebook to throw out face recognition, delete all template data

By Paul Ducklin — November 3^rd 2021 at 19:31

Publicity stunt? Or privacy progress?

Naked Security

Europol announces “targeting” of 12 suspects in ransomware attacks

By Naked Security writer — October 29^th 2021 at 23:22

More anti-ransomware activity by law enforcement, this time in Switzerland and Ukraine.

Naked Security

Listen up 2 – CYBERSECURITY FIRST! How to protect yourself from supply chain attacks

By Paul Ducklin — October 25^th 2021 at 16:38

Everyone remembers this year's big-news supply chain attacks on Kaseya and SolarWinds. Sophos expert Chester Wisniewski explains how to control the risk.

Naked Security

Listen up 3 – CYBERSECURITY FIRST! Cyberinsurance, help or hindrance?

By Paul Ducklin — October 25^th 2021 at 16:37

Dr Jason Nurse, Associate Professor in Cybersecurity at the University of Kent, takes on the controversial topic of cyberinsurance.

Naked Security

Listen up 4 – CYBERSECURITY FIRST! Purple teaming – learning to think like your adversaries

By Paul Ducklin — October 25^th 2021 at 16:36

Michelle Farenci knows her stuff, because she's a cybersecurity practitioner inside a cybersecurity company! Learn why thinking like an attacker makes you a better defender.