Login
FreshRSS
Login
Naked Security
Zoom for Mac patches sneaky βspy-on-meβ bug β update now!
By
Paul Ducklin
β October 18
th
2022 at 18:01
Hey! That back door isn't supposed to be there at all, let alone propped open...
Naked Security
S3 Ep104: Should hospital ransomware attackers be locked up for life? [Audio + Text]
By
Paul Ducklin
β October 13
th
2022 at 16:37
Have your say on three deep questions posed by this week's podcast. Read or listen as suits you best...
Naked Security
WhatsApp goes after Chinese password scammers via US court
By
Paul Ducklin
β October 7
th
2022 at 18:14
If you can't beat 'em, sue 'em!
Naked Security
NetWalker ransomware affiliate sentenced to 20 years by Florida court
By
Naked Security writer
β October 5
th
2022 at 18:55
Judge tells the accused that if he hadn't pleaded guilty, "I would have given you life."
Naked Security
S3 Ep102: How to avoid a data breach [Audio + Transcript]
By
Paul Ducklin
β September 29
th
2022 at 18:45
Latest episode - listen now! Tell fact from fiction in hyped-up cybersecurity news...
Naked Security
Interested in cybersecurity? Join us for Security SOS Week 2022!
By
Paul Ducklin
β September 21
st
2022 at 14:24
Four one-on-one interviews with experts who are passionate about sharing their expertise with the community.
Naked Security
S3 Ep100: Browser-in-the-Browser β how to spot an attack [Audio + Text]
By
Paul Ducklin
β September 15
th
2022 at 18:50
Latest episode - listen now! Cosmic rockets, zero-days, spotting cybercrooks, and unlocking the DEADBOLT...
s3-ep100-js-1200
Naked Security
DEADBOLT ransomware rears its head again, attacks QNAP devices
By
Paul Ducklin
β September 7
th
2022 at 16:57
NAS devices make it easy for anyone to add high-capacity file servers to their network. Guess why cybercrooks love NAS devices too...
Naked Security
URGENT! Apple slips out zero-day update for older iPhones and iPads
By
Paul Ducklin
β August 31
st
2022 at 18:42
Patch as soon as you can - that recent WebKit zero-day affecting new iPhones and iPads is apparently being used against older models, too.
Naked Security
S3 Ep96: Zoom 0-day, AEPIC leak, Conti reward, healthcare security [Audio + Text]
By
Paul Ducklin
β August 18
th
2022 at 18:38
Latest episode - listen now (or read if you prefer!)
Naked Security
Apple patches double zero-day in browser and kernel β update now!
By
Paul Ducklin
β August 17
th
2022 at 23:33
Double 0-day exploits - one in WebKit (to break in) and the other in the kernel (to take over). Patch now!
Naked Security
US offers reward βup to $10 millionβ for information about the Conti gang
By
Naked Security writer
β August 16
th
2022 at 16:57
Wanted - Reward Offered - Five unknown individuals (plus a man with a weird hat)
Naked Security
Zoom for Mac patches critical bug β update now!
By
Paul Ducklin
β August 15
th
2022 at 18:26
There's many a slip 'twixt the cup and the lip. Or at least between the TOC and the TOU...
Naked Security
S3 Ep95: Slack leak, Github onslaught, and post-quantum crypto [Audio + Text]
By
Paul Ducklin
β August 11
th
2022 at 14:34
Latest episode - listen now! (Or read the transcript if you prefer.)
Naked Security
GitHub blighted by βresearcherβ who created thousands of malicious projects
By
Paul Ducklin
β August 3
rd
2022 at 23:06
If you spew projects laced with hidden malware into an open source repository, don't waste your time telling us "no harm done" afterwards.
Naked Security
Office macro security: on-again-off-again feature now BACK ON AGAIN!
By
Paul Ducklin
β July 23
rd
2022 at 01:10
20 years to turn it on, then 20 weeks to turn it off, then just 2 weeks to turn it back on again. That's progress!
Naked Security
Last member of Gozi malware troika arrives in US for criminal trial
By
Paul Ducklin
β July 20
th
2022 at 14:56
His co-conspirators went into and got out of prison years ago, while he remained free. Now the tables have turned...
Naked Security
8 months on, US says Log4Shell will be around for βa decade or longerβ
By
Paul Ducklin
β July 18
th
2022 at 16:57
When it comes to cybersecurity, ask not what everyone else can do for you...
Naked Security
S3 Ep91: CodeRed, OpenSSL, Java bugs, Office macros [Audio + Text]
By
Paul Ducklin
β July 14
th
2022 at 18:47
Latest episode - listen now! Great discussion, technical content, solid advice... all covered in plain English.
Naked Security
Paying ransomware crooks wonβt reduce your legal risk, warns regulator
By
Paul Ducklin
β July 12
th
2022 at 18:24
"We paid the crooks to keep things under control and make a bad thing better"... isn't a valid excuse. Who knew?
Naked Security
That didnβt last! Microsoft turns off the Office security it just turned on
By
Paul Ducklin
β July 11
th
2022 at 13:27
An Office anti-malware setting that took more than 20 years to arrive... and fewer than 20 weeks to vanish again.
Naked Security
Canadian cybercriminal pleads guilty to βNetWalkerβ attacks in US
By
Paul Ducklin
β July 4
th
2022 at 14:09
Bust in Canada, now bust in the USA as well.
Naked Security
S3 Ep88: Phone scammers, hacking bust, and data breach fines [Podcast + Transcript]
By
Paul Ducklin
β June 23
rd
2022 at 11:08
Latest epsiode - listen (or read) now!
Naked Security
Capital One identity theft hacker finally gets convicted
By
Paul Ducklin
β June 21
st
2022 at 15:24
It took three years, but the Capital One cracker was convicted in the end. Don't get caught out in a data breach of your own!
Naked Security
Youβre invited! Join us for a live walkthrough of the βFollinaβ storyβ¦
By
Paul Ducklin
β June 13
th
2022 at 16:28
Live demo, plain English, no sales pitch, just a chance to watch an attack dissected in safety. Join us if you can!
Naked Security
Know your enemy! Learn how cybercrime adversaries get inβ¦
By
Paul Ducklin
β June 7
th
2022 at 15:49
Here's how 144 recent attacks actually went down in real life. Don't let this happen to you!
Naked Security
S3 Ep84: Government demand, Mozilla velocity, and Clearview fine [Podcast]
By
Paul Ducklin
β May 27
th
2022 at 11:17
Latest episode - listen now!
Naked Security
Poisoned Python and PHP packages purloin passwords for AWS access
By
Paul Ducklin
β May 24
th
2022 at 23:04
More supply chain trouble - this time with clear examples so you can learn how to spot this stuff yourself.
Naked Security
US Government says: Patch VMware right now, or get off our network
By
Paul Ducklin
β May 20
th
2022 at 14:03
Find and patch. Right now. If you can't patch, get it off the network. Right now! Oh, and show us what you did to comply.
Naked Security
Colonial Pipeline facing $1,000,000 fine for poor recovery plans
By
Paul Ducklin
β May 10
th
2022 at 16:59
How good is your cybersecurity? Are you making the same mistakes as lots of other people? Here's some real-life advice...
Naked Security
S3 Ep80: Ransomware news, phishing woes, NAS bugs, and a giant hole in Java [Podcast]
By
Paul Ducklin
β April 28
th
2022 at 13:18
Latest episode - listen now!
Naked Security
Ransomware Survey 2022 β like the Curateβs Egg, βgood in partsβ
By
Paul Ducklin
β April 27
th
2022 at 15:22
You might not like the headline statistics in this year's ransomware report... but that makes it even more important to take a look!
Naked Security
LAPSUS$ hacks continue despite two hacker suspects in court
By
Paul Ducklin
β April 4
th
2022 at 21:36
Do you know where in your company to report security anomalies? If you receive such reports, do you have an efficient way to process them?
Naked Security
Two different βVMware Springβ bugs at large β we cut through the confusion
By
Paul Ducklin
β March 31
st
2022 at 16:59
Whoever came up with the name "Spring4Shell" didn't help at all... we cut through the Spring Bug confusion
Naked Security
S3 Ep76: Deadbolt, LAPSUS$, Zlib, and a Chrome 0-day [Podcast]
By
Paul Ducklin
β March 31
st
2022 at 13:38
Latest episode - listen now!
Naked Security
World Backup Day: 5 data recovery tips for everyone!
By
Paul Ducklin
β March 30
th
2022 at 15:10
The only backup you will ever regret is the one you didn't make
Naked Security
S3 Ep75: Okta hack, CryptoRom, OpenSSL, and CafePress [Podcast]
By
Paul Ducklin
β March 24
th
2022 at 13:49
Latest episode - listen now!
Naked Security
Serious Security: DEADBOLT β the ransomware that goes straight for your backups
By
Paul Ducklin
β March 23
rd
2022 at 19:58
Some tips on how to keep your network safe - even (or perhaps especially!) if you think you're safe already.
Naked Security
Beware bogus Betas β cryptocoin scammers abuse Appleβs TestFlight system
By
Paul Ducklin
β March 16
th
2022 at 15:49
"Install this moneymaking app" - this one is so special that it isn't available on Google Play or the App Store!
Naked Security
Alleged Kaseya ransomware attacker arrives in Texas for trial
By
Naked Security writer
β March 11
th
2022 at 14:59
The US Independence Day weekend of 2021 wasn't much of a holiday for cybersecurity staff. That was when the Kaseya attack unfolded...
Naked Security
S3 Ep73: Ransomware with a difference, dirty Linux pipes, and much more [Podcast + Transcript]
By
Paul Ducklin
β March 10
th
2022 at 19:37
Latest episode - listen now!
Naked Security
Ransomware with a difference: βDerestrict your software, or else!β
By
Paul Ducklin
β March 2
nd
2022 at 16:33
"Change your code to improve cryptomining"... or we'll dump 1TB of stolen secrets.
Naked Security
S3 Ep71: VMware escapes, PHP holes, WP plugin woes, and scary scams [Podcast + Transcript]
By
Paul Ducklin
β February 24
th
2022 at 16:51
Latest episode - listen now!
Naked Security
VMware fixes holes that could allow virtual machine escapes
By
Paul Ducklin
β February 16
th
2022 at 19:32
Hats off to VMware for not using weasel words: "When should you act?" Immediately...
Naked Security
At last! Office macros from the internet to be blocked by default
By
Paul Ducklin
β February 8
th
2022 at 16:34
It's been a long time coming, and we're not there yet, but at least Microsoft Office will be a bit safer against macro malware...
Naked Security
Microsoft blocks web installation of its own App Installer files
By
Paul Ducklin
β February 7
th
2022 at 16:36
It's a big deal when a vendor decides to block one of its own "features" for security reasons. Here's why we think it's a good idea.
Naked Security
REvil ransomware crew allegedly busted in Russia, says FSB
By
Naked Security writer
β January 14
th
2022 at 19:48
The Russian Federal Security Bureau has just published a report about the investigation and arrest of the infamous "REvil" ransomware crew.
Naked Security
Firefox update brings a whole new sort of security sandbox
By
Paul Ducklin
β December 7
th
2021 at 19:14
Firefox 95.0 is out, with the usual security fixes... plus some funky new ones.
Naked Security
Black Friday and Cyber Monday β hereβs what you REALLY need to do!
By
Paul Ducklin
β November 22
nd
2021 at 19:52
The world fills up with cybersecurity tips every year when Black Friday comes round. But what about the rest of the year?
Naked Security
S3 Ep59: Emotet, an FBI hoax, Samba bugs, and a hijackable suitcase [Podcast]
By
Paul Ducklin
β November 18
th
2021 at 15:00
Latest episode - listen now!
Naked Security
Emotet malware: βThe report of my death was an exaggerationβ
By
Paul Ducklin
β November 16
th
2021 at 14:13
"Old malware rarely dies." The best way to predict the future is to look at the past... if it worked before, it will probably work again.
Naked Security
S3 Ep58: Faces on Facebook, scams that pose as complaints, and a Kaseya bust [Podcast]
By
Paul Ducklin
β November 11
th
2021 at 17:41
Latest epsiode - listen now!
Naked Security
Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
By
Paul Ducklin
β November 9
th
2021 at 19:31
The crooks have shown that they're willing to learn and adapt their attacks, so we need to make sure we learn and adapt, too.
Naked Security
Kaseya ransomware suspect nabbed in Poland, $6m seized from absent colleague
By
Naked Security writer
β November 8
th
2021 at 22:37
Suspects nabbed, millions seized, in ransomware busts across the globe.
Naked Security
βCustomer complaintβ email scam preys on your fear of getting into trouble at work
By
Paul Ducklin
β November 5
th
2021 at 19:49
Stop. Think. Connect. Don't let the crooks trick you into acting in haste.
Naked Security
S3 Ep57: Europol v. Ransomware, Shrootless bug, and Linux browser flamewars [Podcast]
By
Paul Ducklin
β November 4
th
2021 at 17:46
Latest episode - listen now!
Naked Security
Europol announces βtargetingβ of 12 suspects in ransomware attacks
By
Naked Security writer
β October 29
th
2021 at 23:22
More anti-ransomware activity by law enforcement, this time in Switzerland and Ukraine.
Naked Security
S3 Ep56: Cryptotrading rodent, ransomware hackback, and a Docusign phish [Podcast]
By
Paul Ducklin
β October 28
th
2021 at 18:45
Latest episode - listen now! Serious security explained with personality in plain English.
ns-1200-logo-podcast-with-mic-and-rodent-emoji
Naked Security
Listen up 2 β CYBERSECURITY FIRST! How to protect yourself from supply chain attacks
By
Paul Ducklin
β October 25
th
2021 at 16:38
Everyone remembers this year's big-news supply chain attacks on Kaseya and SolarWinds. Sophos expert Chester Wisniewski explains how to control the risk.
Naked Security
Listen up 3 β CYBERSECURITY FIRST! Cyberinsurance, help or hindrance?
By
Paul Ducklin
β October 25
th
2021 at 16:37
Dr Jason Nurse, Associate Professor in Cybersecurity at the University of Kent, takes on the controversial topic of cyberinsurance.
Load more articles