Login
FreshRSS
Login
Naked Security
Scammers and rogue callers β can anything ever stop them?
By
Paul Ducklin
β October 4
th
2022 at 00:06
Some thoughts for Cybersecurity Awareness Month: Is is worth reporting nuisance calls? Is it even worth reporting outright scams?
Naked Security
S3 Ep102.5: βProxyNotShellβ Exchange bugs β an expert speaks [Audio + Text]
By
Paul Ducklin
β October 1
st
2022 at 14:05
Who's affected, what you can do while waiting for Microsoft's patches, and how to plan your threat hunting...
Naked Security
URGENT! Microsoft Exchange double zero-day β βlike ProxyShell, only differentβ
By
Paul Ducklin
β September 30
th
2022 at 18:25
Double-play 0-day in Exchange - what you need to know, and what you can do
Naked Security
S3 Ep102: How to avoid a data breach [Audio + Transcript]
By
Paul Ducklin
β September 29
th
2022 at 18:45
Latest episode - listen now! Tell fact from fiction in hyped-up cybersecurity news...
Naked Security
Optus breach β Aussie telco told it will have to pay to replace IDs
By
Paul Ducklin
β September 28
th
2022 at 13:55
Licence compromised? Passport number burned? Need a new one? Who's going to pay?
Naked Security
WhatsApp βzero-day exploitβ news scare β what you need to know
By
Paul Ducklin
β September 27
th
2022 at 18:51
Is WhatsApp currently under active attack by cybercriminals? Is this a clear and current danger? How worried should WhatsApp users be?
Naked Security
Uber and Rockstar β has a LAPSUS$ linchpin just been busted (again)?
By
Paul Ducklin
β September 24
th
2022 at 22:57
Is this the same suspect as before? Is he part of LAPSUS$? Is this the man who hacked Uber and Rockstar? And, if so, who else?
Naked Security
Morgan Stanley fined millions for selling off devices full of customer PII
By
Paul Ducklin
β September 23
rd
2022 at 18:07
Critical data on old disks always seems inaccessible if you really need it. But when you DON''T want it back, guess what happens...
Naked Security
S3 Ep101: Uber and LastPass breaches β is 2FA all itβs cracked up to be? [Audio + Text]
By
Paul Ducklin
β September 22
nd
2022 at 18:42
Latest episode - listen now! Learn why adopting 2FA isn't a reason to relax your other security precautions...
Naked Security
Interested in cybersecurity? Join us for Security SOS Week 2022!
By
Paul Ducklin
β September 21
st
2022 at 14:24
Four one-on-one interviews with experts who are passionate about sharing their expertise with the community.
Naked Security
LastPass source code breach β incident response report released
By
Paul Ducklin
β September 19
th
2022 at 18:59
Wondering how you'd handle a data breach report if the worst happened to you? Here's a useful example.
Naked Security
S3 Ep100.5: Uber breach β an expert speaks [Audio + Text]
By
Paul Ducklin
β September 17
th
2022 at 20:57
Chester Wisniewski on what we can learn from Uber: "Just because a big company didn't have the security they should doesn't mean you can't."
Naked Security
UBER HAS BEEN HACKED, boasts hacker β how to stop it happening to you
By
Paul Ducklin
β September 16
th
2022 at 18:43
Uber is all over the news for a widely-publicised data breach. We help you answer the question, "How do I stop this happening to me?"
Naked Security
S3 Ep100: Browser-in-the-Browser β how to spot an attack [Audio + Text]
By
Paul Ducklin
β September 15
th
2022 at 18:50
Latest episode - listen now! Cosmic rockets, zero-days, spotting cybercrooks, and unlocking the DEADBOLT...
s3-ep100-js-1200
Naked Security
Serious Security: Browser-in-the-browser attacks β watch out for windows that arenβt!
By
Paul Ducklin
β September 13
th
2022 at 20:52
Simple but super-sneaky - use a picture of a browser, and convince people it's real...
pipe-light-not-1200
Naked Security
Apple patches zero-day holes β even in the brand new iOS 16
By
Paul Ducklin
β September 12
th
2022 at 21:25
Five updates, one upgrade, plus two zero-days. Patch your Macs, iPhones and iPads as soon as you can (again)...
apple-plus-16-1200
Naked Security
How to deal with dates and times without any timezone tantrumsβ¦
By
Paul Ducklin
β September 9
th
2022 at 18:59
Heartfelt encouragement to embrace RFC 3339 - find out why!
Naked Security
S3 Ep99: TikTok βattackβ β was there a data breach, or not? [Audio + Text]
By
Paul Ducklin
β September 8
th
2022 at 13:21
Latest episode - listen now! (Or read if you prefer - full transcript inside.)
Naked Security
DEADBOLT ransomware rears its head again, attacks QNAP devices
By
Paul Ducklin
β September 7
th
2022 at 16:57
NAS devices make it easy for anyone to add high-capacity file servers to their network. Guess why cybercrooks love NAS devices too...
Naked Security
Chrome and Edge fix zero-day security hole β update now!
By
Paul Ducklin
β September 5
th
2022 at 15:12
This time, the crooks got there first - only 1 security hole patched, but it's a zero-day.
Naked Security
Peter Eckersley, co-creator of Letβs Encrypt, dies at just 43
By
Paul Ducklin
β September 4
th
2022 at 00:50
This site, like millions of others, has a certificate from Let's Encrypt. Farewell, Peter Eckersley, PhD, who helped make it all possible.
Naked Security
S3 Ep98: The LastPass saga β should we stop using password managers? [Audio + Text]
By
Paul Ducklin
β September 1
st
2022 at 16:55
Latest episode - listen now!
Naked Security
URGENT! Apple slips out zero-day update for older iPhones and iPads
By
Paul Ducklin
β August 31
st
2022 at 18:42
Patch as soon as you can - that recent WebKit zero-day affecting new iPhones and iPads is apparently being used against older models, too.
Naked Security
Chrome patches 24 security holes, enables βSanitizerβ safety system
By
Paul Ducklin
β August 31
st
2022 at 11:48
24 existing bugs fixed. And, we hope, numerous potential future bugs prevented.
Naked Security
JavaScript bugs aplenty in Node.js ecosystem β found automatically
By
Paul Ducklin
β August 30
th
2022 at 16:59
How to get the better of bugs in all the possible packages in your supply chain?
Naked Security
LastPass source code breach β do we still recommend password managers?
By
Paul Ducklin
β August 29
th
2022 at 16:59
What does the recent LastPass breach mean for password managers? Just a bump in the road, or a reason to ditch them entirely?
Naked Security
Firefox 104 is out β no critical bugs, but update anyway
By
Paul Ducklin
β August 26
th
2022 at 16:27
Two trust-spoofing bugs were the main culprits this month - but neither one was a zero-day.
Naked Security
S3 Ep97: Did your iPhone get pwned? How would you know? [Audio + Text]
By
Paul Ducklin
β August 25
th
2022 at 15:37
Latest episode - listen now! (Or read the transcript if you prefer the text version.)
Naked Security
Breaching airgap security: using your phoneβs gyroscope as a microphone
By
Paul Ducklin
β August 24
th
2022 at 18:59
One bit per second makes the Voyager probe data rate seem blindingly fast. But it's enough to break your security assumptions...
Naked Security
Bitcoin ATMs leeched by attackers who created fake admin accounts
By
Paul Ducklin
β August 23
rd
2022 at 18:35
The criminals didn't implant any malware. The attack was orchestrated via malevolent configuration changes.
Naked Security
Laptop denial-of-service via music: the 1980s R&B song with a CVE!
By
Paul Ducklin
β August 22
nd
2022 at 16:03
We haven't validated this vuln ourselves... but the source of the story is impeccable. (Impeccably dressed, at least.)
Naked Security
S3 Ep96: Zoom 0-day, AEPIC leak, Conti reward, healthcare security [Audio + Text]
By
Paul Ducklin
β August 18
th
2022 at 18:38
Latest episode - listen now (or read if you prefer!)
Naked Security
Apple patches double zero-day in browser and kernel β update now!
By
Paul Ducklin
β August 17
th
2022 at 23:33
Double 0-day exploits - one in WebKit (to break in) and the other in the kernel (to take over). Patch now!
Naked Security
Chrome browser gets 11 security fixes with 1 zero-day β update now!
By
Paul Ducklin
β August 17
th
2022 at 13:16
Don't delay - patch today.
Naked Security
US offers reward βup to $10 millionβ for information about the Conti gang
By
Naked Security writer
β August 16
th
2022 at 16:57
Wanted - Reward Offered - Five unknown individuals (plus a man with a weird hat)
Naked Security
Zoom for Mac patches critical bug β update now!
By
Paul Ducklin
β August 15
th
2022 at 18:26
There's many a slip 'twixt the cup and the lip. Or at least between the TOC and the TOU...
Naked Security
S3 Ep95: Slack leak, Github onslaught, and post-quantum crypto [Audio + Text]
By
Paul Ducklin
β August 11
th
2022 at 14:34
Latest episode - listen now! (Or read the transcript if you prefer.)
Naked Security
APIC/EPIC! Intel chips leak secrets even the kernel shouldnβt seeβ¦
By
Paul Ducklin
β August 10
th
2022 at 16:59
If you've ever written code that left stuff lying around in memory when you didn't need it any more... we bet you've regretted it!
Naked Security
Slack admits to leaking hashed passwords for five years
By
Paul Ducklin
β August 8
th
2022 at 15:14
"When those invitations went out... somehow, your password hash went out with them."
Naked Security
Traffic Light Protocol for cybersecurity responders gets a revamp
By
Paul Ducklin
β August 5
th
2022 at 18:57
Traffic lights make a handy global metaphor for denoting the sensitivity of cybersecurity threat data - three colours that everyone knows.
Naked Security
S3 Ep94: This sort of crypto (graphy), and the other sort of crypto (currency!) [Audio + Text]
By
Paul Ducklin
β August 4
th
2022 at 17:52
Latest episode - listen now! (Or read if that's what you prefer.)
Naked Security
GitHub blighted by βresearcherβ who created thousands of malicious projects
By
Paul Ducklin
β August 3
rd
2022 at 23:06
If you spew projects laced with hidden malware into an open source repository, don't waste your time telling us "no harm done" afterwards.
Naked Security
Post-quantum cryptography β new algorithm βgone in 60 minutesβ
By
Paul Ducklin
β August 3
rd
2022 at 18:55
And THIS is why you don't knit your own home-made encryption algorithms and hope no one looks at them.
Naked Security
Cryptocoin βtoken swapperβ Nomad loses $200 million in coding blunder
By
Paul Ducklin
β August 2
nd
2022 at 16:12
Transactions were only approved, it seems, if they were initiated by... errrrr, by anyone.
Naked Security
GnuTLS patches memory mismanagement bug β update now!
By
Paul Ducklin
β August 1
st
2022 at 16:55
GnuTLS may well be the most widespread cryptographic toolkit you've never heard of. Learn more...
Naked Security
How to celebrate SysAdmin Day!
By
Paul Ducklin
β July 29
th
2022 at 15:37
I've just popped in to wish you all/The best SysAdmin Day!
Naked Security
S3 Ep93: Office security, breach costs, and leisurely patches [Audio + Text]
By
Paul Ducklin
β July 28
th
2022 at 15:47
Latest episode - listen now!
Naked Security
Critical Samba bug could let anyone become Domain Admin β patch now!
By
Paul Ducklin
β July 27
th
2022 at 21:15
It's a serious bug... but there's a fix for it, so you know exactly what to do!
Naked Security
Mild monthly security update from Firefox β but update anyway
By
Paul Ducklin
β July 27
th
2022 at 00:41
You're probably thinking we're going to say, "Don't delay/Do it today"... and that's exactly what we are saying!
Naked Security
T-Mobile to cough up $500 million over 2021 data breach
By
Paul Ducklin
β July 25
th
2022 at 16:20
Technically, it's not a fine, and the lawyers will get a big chunk of it. But it still adds up to a half-billion-dollar data breach.
Naked Security
Office macro security: on-again-off-again feature now BACK ON AGAIN!
By
Paul Ducklin
β July 23
rd
2022 at 01:10
20 years to turn it on, then 20 weeks to turn it off, then just 2 weeks to turn it back on again. That's progress!
Naked Security
S3 Ep92: Log4Shell4Ever, travel tips, and scamminess [Audio + Text]
By
Paul Ducklin
β July 21
st
2022 at 16:25
Latest episode - listen, read or both!
Naked Security
Apple patches β0-dayβ browser bug fixed 2 weeks ago in Chrome, Edge
By
Paul Ducklin
β July 21
st
2022 at 12:38
One vendor's zero-day is another vendor's routine patch...
Naked Security
Last member of Gozi malware troika arrives in US for criminal trial
By
Paul Ducklin
β July 20
th
2022 at 14:56
His co-conspirators went into and got out of prison years ago, while he remained free. Now the tables have turned...
Naked Security
8 months on, US says Log4Shell will be around for βa decade or longerβ
By
Paul Ducklin
β July 18
th
2022 at 16:57
When it comes to cybersecurity, ask not what everyone else can do for you...
Naked Security
7 cybersecurity tips for your summer vacation!
By
Paul Ducklin
β July 15
th
2022 at 18:23
Here you go - seven thoughtful cybersecurity tips to help you travel safely...
Naked Security
S3 Ep91: CodeRed, OpenSSL, Java bugs, Office macros [Audio + Text]
By
Paul Ducklin
β July 14
th
2022 at 18:47
Latest episode - listen now! Great discussion, technical content, solid advice... all covered in plain English.
Naked Security
Facebook 2FA scammers return β this time in just 21 minutes
By
Paul Ducklin
β July 13
th
2022 at 16:46
Last time they arrived 28 minutes after lighting up their fake domain... this time it was just 21 minutes
Naked Security
Paying ransomware crooks wonβt reduce your legal risk, warns regulator
By
Paul Ducklin
β July 12
th
2022 at 18:24
"We paid the crooks to keep things under control and make a bad thing better"... isn't a valid excuse. Who knew?
Naked Security
That didnβt last! Microsoft turns off the Office security it just turned on
By
Paul Ducklin
β July 11
th
2022 at 13:27
An Office anti-malware setting that took more than 20 years to arrive... and fewer than 20 weeks to vanish again.
Load more articles