
☐ β˜† βœ‡ Naked Security

β€œGucci Master” business email scammer Hushpuppi gets 11 years

By Naked Security writer β€” November 14th 2022 at 19:24
Learn how to protect yourself from big-money tricksters like the Hushpuppis of the world...


☐ β˜† βœ‡ Naked Security

Dangerous SIM-swap lockscreen bypass – update Android now!

By Paul Ducklin β€” November 11th 2022 at 19:59
A bit like leaving the front door keys under the doormat...

☐ β˜† βœ‡ Naked Security

S3 Ep108: You hid THREE BILLION dollars in a popcorn tin?

By Paul Ducklin β€” November 10th 2022 at 17:26
Patches, busts, leaks and why even low-likelihood exploits can be high-severity risks - listen now!

☐ β˜† βœ‡ Naked Security

Emergency code execution patch from Apple – but not an 0-day

By Paul Ducklin β€” November 10th 2022 at 01:49
Not a zero-day, but important enough for a quick-fire patch to one system library...

☐ β˜† βœ‡ Naked Security

Exchange 0-days fixed (at last) – plus 4 brand new Patch Tuesday 0-days!

By Paul Ducklin β€” November 9th 2022 at 19:58
In all the excitement, we kind of lost track ourselves. Were there six 0-days, or only four?

☐ β˜† βœ‡ Naked Security

Silk Road drugs market hacker pleads guilty, faces 20 years inside

By Paul Ducklin β€” November 8th 2022 at 19:58
Jurisprudence isn't like arithmetic... two negatives never make a positive!

☐ β˜† βœ‡ Naked Security

Public URL scanning tools – when security leads to insecurity

By Paul Ducklin β€” November 7th 2022 at 19:59
Never make your users cry/By how you use an API

☐ β˜† βœ‡ Naked Security

Twitter Blue Badge email scams – Don’t fall for them!

By Naked Security writer β€” November 4th 2022 at 17:59
That was the week that was...

☐ β˜† βœ‡ Naked Security

S3 Ep107: Eight months to kick out the crooks and you think that’s GOOD? [Audio + Text]

By Paul Ducklin β€” November 3rd 2022 at 17:51
Listen now - latest episode - audio plus full transcript

☐ β˜† βœ‡ Naked Security

The OpenSSL security update story – how can you tell what needs fixing?

By Paul Ducklin β€” November 3rd 2022 at 00:44
How to Hack! Finding OpenSSL library files and accurately identifying their version numbers...


☐ β˜† βœ‡ Naked Security

OpenSSL patches are out – CRITICAL bug downgraded to HIGH, but patch anyway!

By Paul Ducklin β€” November 1st 2022 at 17:24
That bated-breath OpenSSL update is out! It's no longer rated CRITICAL, but we advise you to patch ASAP anyway. Here's why...

☐ β˜† βœ‡ Naked Security

SHA-3 code execution bug patched in PHP – check your version!

By Paul Ducklin β€” November 1st 2022 at 14:09
As everyone waits for news of a bug in OpenSSL, here's a reminder that other cryptographic code in your life may also need patching!

☐ β˜† βœ‡ Naked Security

Psychotherapy extortion suspect: arrest warrant issued

By Paul Ducklin β€” October 31st 2022 at 19:59
Wanted! Not only the extortionist who abused the data, but also the CEO who let it happen.

☐ β˜† βœ‡ Naked Security

Chrome issues urgent zero-day fix – update now!

By Paul Ducklin β€” October 29th 2022 at 15:08
We've said it before/And we'll say it again/It's not *if* you should patch/It's a matter of *when*. (Hint: now!)

☐ β˜† βœ‡ Naked Security

Updates to Apple’s zero-day update story – iPhone and iPad users read this!

By Paul Ducklin β€” October 28th 2022 at 18:04
Turns out that Tuesday's zero-day for iOS 16 is Friday's zero-day for iOS 15...

☐ β˜† βœ‡ Naked Security

S3 Ep106: Facial recognition without consent – should it be banned?

By Paul Ducklin β€” October 27th 2022 at 16:59
Latest episode - listen (or read) now. Teachable moments for X-Ops professionals!

☐ β˜† βœ‡ Naked Security

Online ticketing company β€œSee” pwned for 2.5 years by attackers

By Paul Ducklin β€” October 26th 2022 at 19:58
Don't be a cybersecurity slowcoach - you need to spot possible attacks as soon as you can.

☐ β˜† βœ‡ Naked Security

Clearview AI image-scraping face recognition service hit with €20m fine in France

By Paul Ducklin β€” October 26th 2022 at 00:50
"We told you to stop but you ignored us," said the French regulator, "so now we're coming after you again."

☐ β˜† βœ‡ Naked Security

Apple megaupdate: Ventura out, iOS and iPad kernel zero-day – act now!

By Paul Ducklin β€” October 25th 2022 at 18:03
Ventura hits the market with 112 patches, Catalina's gone missing, and iPhones and iPads get a critical kernel-level zero-day patch...

☐ β˜† βœ‡ Naked Security

Serious Security: How randomly (or not) can you shuffle cards?

By Paul Ducklin β€” October 24th 2022 at 18:57
What if you could guess the next card correctly twice as often as you should?


☐ β˜† βœ‡ Naked Security

When cops hack back: Dutch police fleece DEADBOLT criminals (legally!)

By Paul Ducklin β€” October 21st 2022 at 18:25
Crooks: Show us the money! Cops: How about you show us the decryption keys first?

☐ β˜† βœ‡ Naked Security

S3 Ep105: WONTFIX! The MS Office cryptofail that β€œisn’t a security flaw” [Audio + Text]

By Paul Ducklin β€” October 20th 2022 at 18:54
The coolest video game ever! And lots of solid cybersecurity advice - listen now!


☐ β˜† βœ‡ Naked Security

Women in Cryptology – USPS celebrates WW2 codebreakers

By Paul Ducklin β€” October 19th 2022 at 16:58
What did you do in the war, Mom? Oh, y'know, a bit of this and that...

☐ β˜† βœ‡ Naked Security

Zoom for Mac patches sneaky β€œspy-on-me” bug – update now!

By Paul Ducklin β€” October 18th 2022 at 18:01
Hey! That back door isn't supposed to be there at all, let alone propped open...

☐ β˜† βœ‡ Naked Security

Dangerous hole in Apache Commons Text – like Log4Shell all over again

By Paul Ducklin β€” October 18th 2022 at 17:26
Third time unlucky. Time to put your patching boots on again...


☐ β˜† βœ‡ Naked Security

Fashion brand SHEIN fined $1.9m for lying about data breach

By Naked Security writer β€” October 17th 2022 at 18:50
Is "pay a small fine and keep on trading" a sufficient penalty for letting a breach happen, impeding an investigation, and hiding the truth?

☐ β˜† βœ‡ Naked Security

Serious Security: Microsoft Office 365 attacked over feeble encryption

By Paul Ducklin β€” October 14th 2022 at 16:59
How 2022 is your encryption?

☐ β˜† βœ‡ Naked Security

S3 Ep104: Should hospital ransomware attackers be locked up for life? [Audio + Text]

By Paul Ducklin β€” October 13th 2022 at 16:37
Have your say on three deep questions posed by this week's podcast. Read or listen as suits you best...

☐ β˜† βœ‡ Naked Security

Patch Tuesday in brief – one 0-day fixed, but no patches for Exchange!

By Paul Ducklin β€” October 12th 2022 at 16:58
There's a zero-day patch, but it's not for the zero-day you thought.

☐ β˜† βœ‡ Naked Security

Move over Patch Tuesday – it’s Ada Lovelace Day!

By Paul Ducklin β€” October 11th 2022 at 15:22
Hacking on actual computers is one thing, but hacking purposefully on imaginary computers is, these days, something we can only imagine.

☐ β˜† βœ‡ Naked Security

Mystery iPhone update patches against iOS 16 mail crash-attack

By Paul Ducklin β€” October 11th 2022 at 00:28
The problem with crashy messaging apps is that *other people* get to choose if and when to send you messages...

☐ β˜† βœ‡ Naked Security

Serious Security: OAuth 2 and why Microsoft is finally forcing you into it

By Paul Ducklin β€” October 10th 2022 at 18:02
Microsoft calls it "Modern Auth", though it's a decade old, and is finally forcing Exchange Online customers to switch to it.

☐ β˜† βœ‡ Naked Security

WhatsApp goes after Chinese password scammers via US court

By Paul Ducklin β€” October 7th 2022 at 18:14
If you can't beat 'em, sue 'em!

☐ β˜† βœ‡ Naked Security

S3 Ep103: Scammers in the Slammer (and other stories) [Audio + Text]

By Paul Ducklin β€” October 6th 2022 at 14:43
Latest episode - listen and learn now (or read and revise, if the written word is your thing)...

☐ β˜† βœ‡ Naked Security

Former Uber CSO convicted of covering up megabreach back in 2016

By Naked Security writer β€” October 6th 2022 at 01:04
Obstructed FTC proceedings, and concealed a crime, said the jury.

☐ β˜† βœ‡ Naked Security

NetWalker ransomware affiliate sentenced to 20 years by Florida court

By Naked Security writer β€” October 5th 2022 at 18:55
Judge tells the accused that if he hadn't pleaded guilty, "I would have given you life."

☐ β˜† βœ‡ Naked Security

BEC fraudster and romance scammer sent to prison for 25 years

By Paul Ducklin β€” October 4th 2022 at 19:12
Two years of scamming + $10 million leeched = 25 years in prison. Just in time for #Cybermonth.


☐ β˜† βœ‡ Naked Security

Scammers and rogue callers – can anything ever stop them?

By Paul Ducklin β€” October 4th 2022 at 00:06
Some thoughts for Cybersecurity Awareness Month: Is is worth reporting nuisance calls? Is it even worth reporting outright scams?

☐ β˜† βœ‡ Naked Security

S3 Ep102.5: β€œProxyNotShell” Exchange bugs – an expert speaks [Audio + Text]

By Paul Ducklin β€” October 1st 2022 at 14:05
Who's affected, what you can do while waiting for Microsoft's patches, and how to plan your threat hunting...

☐ β˜† βœ‡ Naked Security

URGENT! Microsoft Exchange double zero-day – β€œlike ProxyShell, only different”

By Paul Ducklin β€” September 30th 2022 at 18:25
Double-play 0-day in Exchange - what you need to know, and what you can do

☐ β˜† βœ‡ Naked Security

S3 Ep102: How to avoid a data breach [Audio + Transcript]

By Paul Ducklin β€” September 29th 2022 at 18:45
Latest episode - listen now! Tell fact from fiction in hyped-up cybersecurity news...

☐ β˜† βœ‡ Naked Security

Optus breach – Aussie telco told it will have to pay to replace IDs

By Paul Ducklin β€” September 28th 2022 at 13:55
Licence compromised? Passport number burned? Need a new one? Who's going to pay?

☐ β˜† βœ‡ Naked Security

WhatsApp β€œzero-day exploit” news scare – what you need to know

By Paul Ducklin β€” September 27th 2022 at 18:51
Is WhatsApp currently under active attack by cybercriminals? Is this a clear and current danger? How worried should WhatsApp users be?

☐ β˜† βœ‡ Naked Security

Uber and Rockstar – has a LAPSUS$ linchpin just been busted (again)?

By Paul Ducklin β€” September 24th 2022 at 22:57
Is this the same suspect as before? Is he part of LAPSUS$? Is this the man who hacked Uber and Rockstar? And, if so, who else?

☐ β˜† βœ‡ Naked Security

Morgan Stanley fined millions for selling off devices full of customer PII

By Paul Ducklin β€” September 23rd 2022 at 18:07
Critical data on old disks always seems inaccessible if you really need it. But when you DON''T want it back, guess what happens...

☐ β˜† βœ‡ Naked Security

S3 Ep101: Uber and LastPass breaches – is 2FA all it’s cracked up to be? [Audio + Text]

By Paul Ducklin β€” September 22nd 2022 at 18:42
Latest episode - listen now! Learn why adopting 2FA isn't a reason to relax your other security precautions...

☐ β˜† βœ‡ Naked Security

Interested in cybersecurity? Join us for Security SOS Week 2022!

By Paul Ducklin β€” September 21st 2022 at 14:24
Four one-on-one interviews with experts who are passionate about sharing their expertise with the community.

☐ β˜† βœ‡ Naked Security

LastPass source code breach – incident response report released

By Paul Ducklin β€” September 19th 2022 at 18:59
Wondering how you'd handle a data breach report if the worst happened to you? Here's a useful example.

☐ β˜† βœ‡ Naked Security

S3 Ep100.5: Uber breach – an expert speaks [Audio + Text]

By Paul Ducklin β€” September 17th 2022 at 20:57
Chester Wisniewski on what we can learn from Uber: "Just because a big company didn't have the security they should doesn't mean you can't."

☐ β˜† βœ‡ Naked Security

UBER HAS BEEN HACKED, boasts hacker – how to stop it happening to you

By Paul Ducklin β€” September 16th 2022 at 18:43
Uber is all over the news for a widely-publicised data breach. We help you answer the question, "How do I stop this happening to me?"

☐ β˜† βœ‡ Naked Security

S3 Ep100: Browser-in-the-Browser – how to spot an attack [Audio + Text]

By Paul Ducklin β€” September 15th 2022 at 18:50
Latest episode - listen now! Cosmic rockets, zero-days, spotting cybercrooks, and unlocking the DEADBOLT...


☐ β˜† βœ‡ Naked Security

Serious Security: Browser-in-the-browser attacks – watch out for windows that aren’t!

By Paul Ducklin β€” September 13th 2022 at 20:52
Simple but super-sneaky - use a picture of a browser, and convince people it's real...


☐ β˜† βœ‡ Naked Security

Apple patches zero-day holes – even in the brand new iOS 16

By Paul Ducklin β€” September 12th 2022 at 21:25
Five updates, one upgrade, plus two zero-days. Patch your Macs, iPhones and iPads as soon as you can (again)...


☐ β˜† βœ‡ Naked Security

How to deal with dates and times without any timezone tantrums…

By Paul Ducklin β€” September 9th 2022 at 18:59
Heartfelt encouragement to embrace RFC 3339 - find out why!

☐ β˜† βœ‡ Naked Security

S3 Ep99: TikTok β€œattack” – was there a data breach, or not? [Audio + Text]

By Paul Ducklin β€” September 8th 2022 at 13:21
Latest episode - listen now! (Or read if you prefer - full transcript inside.)

☐ β˜† βœ‡ Naked Security

DEADBOLT ransomware rears its head again, attacks QNAP devices

By Paul Ducklin β€” September 7th 2022 at 16:57
NAS devices make it easy for anyone to add high-capacity file servers to their network. Guess why cybercrooks love NAS devices too...

☐ β˜† βœ‡ Naked Security

Chrome and Edge fix zero-day security hole – update now!

By Paul Ducklin β€” September 5th 2022 at 15:12
This time, the crooks got there first - only 1 security hole patched, but it's a zero-day.

☐ β˜† βœ‡ Naked Security

Peter Eckersley, co-creator of Let’s Encrypt, dies at just 43

By Paul Ducklin β€” September 4th 2022 at 00:50
This site, like millions of others, has a certificate from Let's Encrypt. Farewell, Peter Eckersley, PhD, who helped make it all possible.

☐ β˜† βœ‡ Naked Security

S3 Ep98: The LastPass saga – should we stop using password managers? [Audio + Text]

By Paul Ducklin β€” September 1st 2022 at 16:55
Latest episode - listen now!

☐ β˜† βœ‡ Naked Security

URGENT! Apple slips out zero-day update for older iPhones and iPads

By Paul Ducklin β€” August 31st 2022 at 18:42
Patch as soon as you can - that recent WebKit zero-day affecting new iPhones and iPads is apparently being used against older models, too.
