Zoom for Mac patches sneaky “spy-on-me” bug – update now!

By Paul Ducklin — October 18^th 2022 at 18:01

Hey! That back door isn't supposed to be there at all, let alone propped open...

Naked Security

S3 Ep104: Should hospital ransomware attackers be locked up for life? [Audio + Text]

By Paul Ducklin — October 13^th 2022 at 16:37

Have your say on three deep questions posed by this week's podcast. Read or listen as suits you best...

Naked Security

WhatsApp goes after Chinese password scammers via US court

By Paul Ducklin — October 7^th 2022 at 18:14

If you can't beat 'em, sue 'em!

Naked Security

NetWalker ransomware affiliate sentenced to 20 years by Florida court

By Naked Security writer — October 5^th 2022 at 18:55

Judge tells the accused that if he hadn't pleaded guilty, "I would have given you life."

Naked Security

S3 Ep102: How to avoid a data breach [Audio + Transcript]

By Paul Ducklin — September 29^th 2022 at 18:45

Latest episode - listen now! Tell fact from fiction in hyped-up cybersecurity news...

Naked Security

Interested in cybersecurity? Join us for Security SOS Week 2022!

By Paul Ducklin — September 21^st 2022 at 14:24

Four one-on-one interviews with experts who are passionate about sharing their expertise with the community.

Naked Security

S3 Ep100: Browser-in-the-Browser – how to spot an attack [Audio + Text]

By Paul Ducklin — September 15^th 2022 at 18:50

Latest episode - listen now! Cosmic rockets, zero-days, spotting cybercrooks, and unlocking the DEADBOLT...

s3-ep100-js-1200

Naked Security

DEADBOLT ransomware rears its head again, attacks QNAP devices

By Paul Ducklin — September 7^th 2022 at 16:57

NAS devices make it easy for anyone to add high-capacity file servers to their network. Guess why cybercrooks love NAS devices too...

Naked Security

URGENT! Apple slips out zero-day update for older iPhones and iPads

By Paul Ducklin — August 31^st 2022 at 18:42

Patch as soon as you can - that recent WebKit zero-day affecting new iPhones and iPads is apparently being used against older models, too.

Naked Security

S3 Ep96: Zoom 0-day, AEPIC leak, Conti reward, healthcare security [Audio + Text]

By Paul Ducklin — August 18^th 2022 at 18:38

Latest episode - listen now (or read if you prefer!)

Naked Security

Apple patches double zero-day in browser and kernel – update now!

By Paul Ducklin — August 17^th 2022 at 23:33

Double 0-day exploits - one in WebKit (to break in) and the other in the kernel (to take over). Patch now!

Naked Security

US offers reward “up to $10 million” for information about the Conti gang

By Naked Security writer — August 16^th 2022 at 16:57

Wanted - Reward Offered - Five unknown individuals (plus a man with a weird hat)

Naked Security

Zoom for Mac patches critical bug – update now!

By Paul Ducklin — August 15^th 2022 at 18:26

There's many a slip 'twixt the cup and the lip. Or at least between the TOC and the TOU...

Naked Security

S3 Ep95: Slack leak, Github onslaught, and post-quantum crypto [Audio + Text]

By Paul Ducklin — August 11^th 2022 at 14:34

Latest episode - listen now! (Or read the transcript if you prefer.)

Naked Security

GitHub blighted by “researcher” who created thousands of malicious projects

By Paul Ducklin — August 3^rd 2022 at 23:06

If you spew projects laced with hidden malware into an open source repository, don't waste your time telling us "no harm done" afterwards.

Naked Security

Office macro security: on-again-off-again feature now BACK ON AGAIN!

By Paul Ducklin — July 23^rd 2022 at 01:10

20 years to turn it on, then 20 weeks to turn it off, then just 2 weeks to turn it back on again. That's progress!

Naked Security

Last member of Gozi malware troika arrives in US for criminal trial

By Paul Ducklin — July 20^th 2022 at 14:56

His co-conspirators went into and got out of prison years ago, while he remained free. Now the tables have turned...

Naked Security

8 months on, US says Log4Shell will be around for “a decade or longer”

By Paul Ducklin — July 18^th 2022 at 16:57

When it comes to cybersecurity, ask not what everyone else can do for you...

Naked Security

S3 Ep91: CodeRed, OpenSSL, Java bugs, Office macros [Audio + Text]

By Paul Ducklin — July 14^th 2022 at 18:47

Latest episode - listen now! Great discussion, technical content, solid advice... all covered in plain English.

Naked Security

Paying ransomware crooks won’t reduce your legal risk, warns regulator

By Paul Ducklin — July 12^th 2022 at 18:24

"We paid the crooks to keep things under control and make a bad thing better"... isn't a valid excuse. Who knew?

Naked Security

That didn’t last! Microsoft turns off the Office security it just turned on

By Paul Ducklin — July 11^th 2022 at 13:27

An Office anti-malware setting that took more than 20 years to arrive... and fewer than 20 weeks to vanish again.

Naked Security

Canadian cybercriminal pleads guilty to “NetWalker” attacks in US

By Paul Ducklin — July 4^th 2022 at 14:09

Bust in Canada, now bust in the USA as well.

Naked Security

S3 Ep88: Phone scammers, hacking bust, and data breach fines [Podcast + Transcript]

By Paul Ducklin — June 23^rd 2022 at 11:08

Latest epsiode - listen (or read) now!

Naked Security

Capital One identity theft hacker finally gets convicted

By Paul Ducklin — June 21^st 2022 at 15:24

It took three years, but the Capital One cracker was convicted in the end. Don't get caught out in a data breach of your own!

Naked Security

You’re invited! Join us for a live walkthrough of the “Follina” story…

By Paul Ducklin — June 13^th 2022 at 16:28

Live demo, plain English, no sales pitch, just a chance to watch an attack dissected in safety. Join us if you can!

Naked Security

Know your enemy! Learn how cybercrime adversaries get in…

By Paul Ducklin — June 7^th 2022 at 15:49

Here's how 144 recent attacks actually went down in real life. Don't let this happen to you!

Naked Security

S3 Ep84: Government demand, Mozilla velocity, and Clearview fine [Podcast]

By Paul Ducklin — May 27^th 2022 at 11:17

Latest episode - listen now!

Naked Security

Poisoned Python and PHP packages purloin passwords for AWS access

By Paul Ducklin — May 24^th 2022 at 23:04

More supply chain trouble - this time with clear examples so you can learn how to spot this stuff yourself.

Naked Security

US Government says: Patch VMware right now, or get off our network

By Paul Ducklin — May 20^th 2022 at 14:03

Find and patch. Right now. If you can't patch, get it off the network. Right now! Oh, and show us what you did to comply.

Naked Security

Colonial Pipeline facing $1,000,000 fine for poor recovery plans

By Paul Ducklin — May 10^th 2022 at 16:59

How good is your cybersecurity? Are you making the same mistakes as lots of other people? Here's some real-life advice...

Naked Security

S3 Ep80: Ransomware news, phishing woes, NAS bugs, and a giant hole in Java [Podcast]

By Paul Ducklin — April 28^th 2022 at 13:18

Latest episode - listen now!

Naked Security

Ransomware Survey 2022 – like the Curate’s Egg, “good in parts”

By Paul Ducklin — April 27^th 2022 at 15:22

You might not like the headline statistics in this year's ransomware report... but that makes it even more important to take a look!

Naked Security

LAPSUS$ hacks continue despite two hacker suspects in court

By Paul Ducklin — April 4^th 2022 at 21:36

Do you know where in your company to report security anomalies? If you receive such reports, do you have an efficient way to process them?

Naked Security

Two different “VMware Spring” bugs at large – we cut through the confusion

By Paul Ducklin — March 31^st 2022 at 16:59

Whoever came up with the name "Spring4Shell" didn't help at all... we cut through the Spring Bug confusion

Naked Security

S3 Ep76: Deadbolt, LAPSUS$, Zlib, and a Chrome 0-day [Podcast]

By Paul Ducklin — March 31^st 2022 at 13:38

Latest episode - listen now!

Naked Security

World Backup Day: 5 data recovery tips for everyone!

By Paul Ducklin — March 30^th 2022 at 15:10

The only backup you will ever regret is the one you didn't make

Naked Security

S3 Ep75: Okta hack, CryptoRom, OpenSSL, and CafePress [Podcast]

By Paul Ducklin — March 24^th 2022 at 13:49

Latest episode - listen now!

Naked Security

Serious Security: DEADBOLT – the ransomware that goes straight for your backups

By Paul Ducklin — March 23^rd 2022 at 19:58

Some tips on how to keep your network safe - even (or perhaps especially!) if you think you're safe already.

Naked Security

Beware bogus Betas – cryptocoin scammers abuse Apple’s TestFlight system

By Paul Ducklin — March 16^th 2022 at 15:49

"Install this moneymaking app" - this one is so special that it isn't available on Google Play or the App Store!

Naked Security

Alleged Kaseya ransomware attacker arrives in Texas for trial

By Naked Security writer — March 11^th 2022 at 14:59

The US Independence Day weekend of 2021 wasn't much of a holiday for cybersecurity staff. That was when the Kaseya attack unfolded...

Naked Security

S3 Ep73: Ransomware with a difference, dirty Linux pipes, and much more [Podcast + Transcript]

By Paul Ducklin — March 10^th 2022 at 19:37

Latest episode - listen now!

Naked Security

Ransomware with a difference: “Derestrict your software, or else!”

By Paul Ducklin — March 2^nd 2022 at 16:33

"Change your code to improve cryptomining"... or we'll dump 1TB of stolen secrets.

Naked Security

S3 Ep71: VMware escapes, PHP holes, WP plugin woes, and scary scams [Podcast + Transcript]

By Paul Ducklin — February 24^th 2022 at 16:51

Latest episode - listen now!

Naked Security

VMware fixes holes that could allow virtual machine escapes

By Paul Ducklin — February 16^th 2022 at 19:32

Hats off to VMware for not using weasel words: "When should you act?" Immediately...

Naked Security

At last! Office macros from the internet to be blocked by default

By Paul Ducklin — February 8^th 2022 at 16:34

It's been a long time coming, and we're not there yet, but at least Microsoft Office will be a bit safer against macro malware...

Naked Security

Microsoft blocks web installation of its own App Installer files

By Paul Ducklin — February 7^th 2022 at 16:36

It's a big deal when a vendor decides to block one of its own "features" for security reasons. Here's why we think it's a good idea.

Naked Security

REvil ransomware crew allegedly busted in Russia, says FSB

By Naked Security writer — January 14^th 2022 at 19:48

The Russian Federal Security Bureau has just published a report about the investigation and arrest of the infamous "REvil" ransomware crew.

Naked Security

Firefox update brings a whole new sort of security sandbox

By Paul Ducklin — December 7^th 2021 at 19:14

Firefox 95.0 is out, with the usual security fixes... plus some funky new ones.

Naked Security

Black Friday and Cyber Monday – here’s what you REALLY need to do!

By Paul Ducklin — November 22^nd 2021 at 19:52

The world fills up with cybersecurity tips every year when Black Friday comes round. But what about the rest of the year?

Naked Security

S3 Ep59: Emotet, an FBI hoax, Samba bugs, and a hijackable suitcase [Podcast]

By Paul Ducklin — November 18^th 2021 at 15:00

Latest episode - listen now!

Naked Security

Emotet malware: “The report of my death was an exaggeration”

By Paul Ducklin — November 16^th 2021 at 14:13

"Old malware rarely dies." The best way to predict the future is to look at the past... if it worked before, it will probably work again.

Naked Security

S3 Ep58: Faces on Facebook, scams that pose as complaints, and a Kaseya bust [Podcast]

By Paul Ducklin — November 11^th 2021 at 17:41

Latest epsiode - listen now!

Naked Security

Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!

By Paul Ducklin — November 9^th 2021 at 19:31

The crooks have shown that they're willing to learn and adapt their attacks, so we need to make sure we learn and adapt, too.

Naked Security

Kaseya ransomware suspect nabbed in Poland, $6m seized from absent colleague

By Naked Security writer — November 8^th 2021 at 22:37

Suspects nabbed, millions seized, in ransomware busts across the globe.

Naked Security

“Customer complaint” email scam preys on your fear of getting into trouble at work

By Paul Ducklin — November 5^th 2021 at 19:49

Stop. Think. Connect. Don't let the crooks trick you into acting in haste.

Naked Security

S3 Ep57: Europol v. Ransomware, Shrootless bug, and Linux browser flamewars [Podcast]

By Paul Ducklin — November 4^th 2021 at 17:46

Latest episode - listen now!

Naked Security

Europol announces “targeting” of 12 suspects in ransomware attacks

By Naked Security writer — October 29^th 2021 at 23:22

More anti-ransomware activity by law enforcement, this time in Switzerland and Ukraine.

Naked Security

S3 Ep56: Cryptotrading rodent, ransomware hackback, and a Docusign phish [Podcast]

By Paul Ducklin — October 28^th 2021 at 18:45

Latest episode - listen now! Serious security explained with personality in plain English.

ns-1200-logo-podcast-with-mic-and-rodent-emoji

Naked Security

Listen up 2 – CYBERSECURITY FIRST! How to protect yourself from supply chain attacks

By Paul Ducklin — October 25^th 2021 at 16:38

Everyone remembers this year's big-news supply chain attacks on Kaseya and SolarWinds. Sophos expert Chester Wisniewski explains how to control the risk.

Naked Security

Listen up 3 – CYBERSECURITY FIRST! Cyberinsurance, help or hindrance?

By Paul Ducklin — October 25^th 2021 at 16:37

Dr Jason Nurse, Associate Professor in Cybersecurity at the University of Kent, takes on the controversial topic of cyberinsurance.