Login
FreshRSS
Login
Naked Security
Dutch suspect locked up for alleged personal data megathefts
By
Paul Ducklin
β January 26
th
2023 at 22:02
Undercover Austrian "controlled data buy" leads to Amsterdam arrest and ongoing investigation. Suspect is said to steal and sell all sorts of data, including medical records.
Naked Security
S3 Ep119: Breaches, patches, leaks and tweaks! [Audio + Text]
By
Paul Ducklin
β January 26
th
2023 at 19:57
Lastest episode - listen now! (Or read the transcript.)
Naked Security
Apple patches are out β old iPhones get an old zero-day fix at last!
By
Paul Ducklin
β January 24
th
2023 at 01:24
Don't delay, especially if you're still running an iOS 12 device... please do it today!
Naked Security
Serious Security: How dEliBeRaTe tYpOs might imProVe DNS security
By
Paul Ducklin
β January 23
rd
2023 at 19:59
It's a really cool and super-simple trick. The question is, "Will it help?"
Naked Security
T-Mobile admits to 37,000,000 customer records stolen by βbad actorβ
By
Paul Ducklin
β January 20
th
2023 at 17:59
Once more, it's time for Shakespeare's words: Once more unto the breach...
Naked Security
S3 Ep118: Guess your password? No need if itβs stolen already! [Audio + Text]
By
Paul Ducklin
β January 19
th
2023 at 15:53
As always: entertaining, informative and educational... and not bogged down with jargon! Listen (or read) now...
Naked Security
Serious Security: Unravelling the LifeLock βhacked passwordsβ story
By
Paul Ducklin
β January 17
th
2023 at 17:59
Four straight-talking tips to improve your online security, whether you're a LifeLock customer or not.
Naked Security
S3 Ep117: The crypto crisis that wasnβt (and farewell forever to Win 7) [Audio + Text]
By
Paul Ducklin
β January 12
th
2023 at 17:59
Tell us in the comments... What's the REAL reason there was no Windows 9? (No theory too far-fetched!)
Naked Security
Microsoft Patch Tuesday: One 0-day; Win 7 and 8.1 get last-ever patches
By
Paul Ducklin
β January 11
th
2023 at 00:22
Get 'em while they're hot. And get 'em for the very last time, if you still have Windows 7 or 8.1...
Naked Security
Popular JWT cloud security library patches βremoteβ code execution hole
By
Paul Ducklin
β January 10
th
2023 at 19:59
It's remotely triggerable, but attackers would already have pretty deep network access if they could "prime" your server for compromise.
Naked Security
CircleCI β code-building service suffers total credential compromise
By
Paul Ducklin
β January 9
th
2023 at 14:52
They're saying "rotate secrets"... in plain English, they mean "change your credentials". The company has a tool to help you find them all.
Naked Security
S3 Ep116: Last straw for LastPass? Is crypto doomed? [Audio + Text]
By
Paul Ducklin
β January 5
th
2023 at 17:52
Lots of big issues this week: breaches, encryption, supply chains and patching problems. Listen now! (Full transcript inside.)
Naked Security
Serious Security: How to improve cryptography, resist supply chain attacks, and handle data breaches
By
Paul Ducklin
β January 4
th
2023 at 19:50
Lessons for us all: improve cryptography, fight cybercrime, own your supply chain... and don't steal my data and then pretend you're sorry.
Naked Security
Inside a scammersβ lair: Ukraine busts 40 in fake bank call-centre raid
By
Naked Security writer
β January 3
rd
2023 at 17:03
When someone calls you up to warn you that your bank account is under attack - it's true, because THAT VERY PERSON is the one attacking you!
Naked Security
PyTorch: Machine Learning toolkit pwned from Christmas to New Year
By
Paul Ducklin
β January 1
st
2023 at 21:36
The bad news: the crooks have your SSH private keys. The good news: only users of the "nightly" build were affected.
Naked Security
Naked Security 33Β 1/3 β Cybersecurity predictions for 2023 and beyond
By
Paul Ducklin
β December 30
th
2022 at 19:59
The problem with anniversaries is that there's an almost infinite number of them every day...
hny-1200
Naked Security
US passes the Quantum Computing Cybersecurity Preparedness Act β and why not?
By
Paul Ducklin
β December 29
th
2022 at 20:45
Cryptographic agility: the ability and the willingness to change quickly when needed.
sc-daa-1200
Naked Security
The horror! The horror! NOTEPAD gets tabbed editing (very briefly)
By
Paul Ducklin
β December 29
th
2022 at 19:59
Is there a special meaning of "don't" that means "go right ahead"?
Naked Security
S3 Ep115: True crime stories β A day in the life of a cybercrime fighter [Audio + Text]
By
Paul Ducklin
β December 29
th
2022 at 09:20
Listen now - you'll be alarmed, amused and educated, all in equal measure. (Full transcript in article.)
Naked Security
Twitter data of β+400 million unique usersβ up for sale β what to do?
By
Paul Ducklin
β December 28
th
2022 at 19:59
If the crooks have connected up your phone number and your Twitter handle... what could go wrong?
Naked Security
Critical β10-out-of-10β Linux kernel SMB hole β should you worry?
By
Paul Ducklin
β December 27
th
2022 at 19:35
It's serious, it's critical, and you could call it severe... but in HHGttG terminology, it's probably "mostly harmless".
Naked Security
LastPass finally admits: Those crooks who got in? They did steal your password vaults, after allβ¦
By
Paul Ducklin
β December 23
rd
2022 at 19:58
The crooks now know who you are, where you live, which computers are yours, where you go online... and they got those password vaults, too.
Naked Security
S3 Ep114: Preventing cyberthreats β stop them before they stop you! [Audio + Text]
By
Paul Ducklin
β December 22
nd
2022 at 19:56
Join world-renowned expert Fraser Howard, Director of Research at SophosLabs, for this fascinating episode on how to fight cybercrime.
Naked Security
βSuspicious loginβ scammers up their game β take care at Christmas
By
Paul Ducklin
β December 21
st
2022 at 17:59
A picture is worth 1024 words - we clicked through so you don't have to.
Naked Security
Microsoft dishes the dirt on Appleβs βAchilles heelβ shortly after fixing similar Windows bug
By
Paul Ducklin
β December 20
th
2022 at 17:59
It happens to the best of us: Microsoft highlights a security bypass bug on Macs that is curiously similar to a recent Windows 0-day.
Naked Security
OneCoin scammer Sebastian Greenwood pleads guilty, βCryptoqueenβ still missing
By
Paul Ducklin
β December 19
th
2022 at 19:50
The Cryptoqueen herself is still missing, but her co-conspirator, who is said to have pocketed over $20m a month, has been convicted.
Naked Security
S3 Ep113: Pwning the Windows kernel β the crooks who hoodwinked Microsoft [Audio + Text]
By
Paul Ducklin
β December 15
th
2022 at 17:10
Return o' the rookit, super-sneaky wireless spyware, credit card skimming, and patches galore. Listen and learn!
Naked Security
Apple patches everything, finally reveals mystery of iOS 16.1.2
By
Paul Ducklin
β December 14
th
2022 at 02:11
There's an update for everything this time, not just for iOS.
Naked Security
Patch Tuesday: 0-days, RCE bugs, and a curious tale of signed malware
By
Paul Ducklin
β December 14
th
2022 at 01:13
Tales of derring-do in the cyberunderground! (And some zero-days.)
Naked Security
COVID-bit: the wireless spyware trick with an unfortunate name
By
Paul Ducklin
β December 13
th
2022 at 19:58
It's not the switching that's the problem, it's the switching of the switching!
ind-1200
Naked Security
Pwn2Own Toronto: 54 hacks, 63 new bugs, $1 million in bounties
By
Paul Ducklin
β December 12
th
2022 at 19:58
That's a mean average of $15,710 per bug... and 63 fewer bugs out there for crooks and rogues to find.
Naked Security
S3 Ep112: Data breaches can haunt you more than once! [Audio + Text]
By
Paul Ducklin
β December 9
th
2022 at 16:46
Breaches, exploits, busts, buffer overflows and bug hunting - entertaining and educational in equal measure.
Naked Security
Credit card skimming β the long and winding road of supply chain failure
By
Paul Ducklin
β December 8
th
2022 at 19:58
Don't keep calling home to a JavaScript server that closed its doors eight years ago!
Naked Security
SIM swapper sent to prison for 2FA cryptocurrency heist of over $20m
By
Naked Security writer
β December 6
th
2022 at 17:56
Guilty party got 18 months, also has to pay back $20m he probably hasn't got, which could land him in more hot water.
Naked Security
Number Nine! Chrome fixes another 2022 zero-day, Edge patched too
By
Paul Ducklin
β December 5
th
2022 at 20:58
Ninth more unto the breach, dear friends, ninth more.
Naked Security
Ping of death! FreeBSD fixes crashtastic bug in network tool
By
Paul Ducklin
β December 5
th
2022 at 19:59
It's a venerable program, and this version had a venerable bug in it.
Naked Security
Apple pushes out iOS security update thatβs more tight-lipped than ever
By
Paul Ducklin
β December 2
nd
2022 at 21:02
We grabbed the update, based on no information at all, just in case we came across a reason to advise you not to. So far, so good...
Naked Security
LastPass admits to customer data breach caused by previous breach
By
Paul Ducklin
β December 2
nd
2022 at 01:10
Seems that the developer account that the crooks breached last time gave indirect access to customer data this time round.
Naked Security
The CHRISTMA EXEC network worm β 35 years and counting!
By
Paul Ducklin
β December 1
st
2022 at 20:35
"Uh-oh, this viruses-and-worms scene could turn out quite troublesome." If only we'd been wrong...
xmas-1200-35-wide
Naked Security
S3 Ep111: The business risk of a sleazy βnudity unfilterβ [Audio + Text]
By
Paul Ducklin
β December 1
st
2022 at 19:58
Latest episode - listen now (or read if you prefer)...
Naked Security
Serious Security: MD5 considered harmful β to the tune of $600,000
By
Paul Ducklin
β November 30
th
2022 at 17:58
It's not just the hashing, by the way. It's the salting and the stretching, too!
Naked Security
TikTok βInvisible Challengeβ porn malware puts us all at risk
By
Paul Ducklin
β November 29
th
2022 at 19:58
An injury to one is an injury to all. Especially if the other people are part of your social network.
Naked Security
Chrome fixes 8th zero-day of 2022 β check your version now (Edge too!)
By
Paul Ducklin
β November 28
th
2022 at 19:42
There isn't a rhyme to remind you which months have browser zero-days... you just have to keep your eyes and ears open!
Naked Security
Voice-scamming site βiSpoofβ seized, 100s arrested in massive crackdown
By
Naked Security writer
β November 25
th
2022 at 19:17
Those numbers or names that pop up when a call comes up? They're OK as a hint of who's calling, but THEY PROVE NOTHING
Naked Security
S3 Ep110: Spotlight on cyberthreats β an expert speaks [Audio + Text]
By
Paul Ducklin
β November 24
th
2022 at 16:52
Latest episode - security expert John Shier explains what the real-life cybercrime stories in the Sophos Threat Report can teach us
Naked Security
Multimillion dollar CryptoRom scam sites seized, suspects arrested in US
By
Paul Ducklin
β November 23
rd
2022 at 19:58
Five tips to keep yourself, and your friends and family, out of the clutches of "chopping block" scammers...
cryptorom-1200
Naked Security
How to hack an unpatched Exchange server with rogue PowerShell code
By
Paul Ducklin
β November 22
nd
2022 at 19:54
Review your servers, your patches and your authentication policies - there's a proof-of-concept out
Naked Security
How social media scammers buy time to steal your 2FA codes
By
Paul Ducklin
β November 21
st
2022 at 17:02
The warning is hosted on a real Facebook page; the phishing uses HTTPS via a real Google server... but the content is all fake
ffs-2fa-1200
Naked Security
S3 Ep109: How one leaked email password could drain your business [Audio + Transcript]
By
Paul Ducklin
β November 17
th
2022 at 17:52
Latest episode - listen now! Cybersecurity news plus loads of great advice...
Naked Security
Black Friday and retail season β watch out for PayPal βmoney requestβ scams
By
Paul Ducklin
β November 17
th
2022 at 12:45
Don't let a keen eye for bargains lead you into risky online behaviour...
Naked Security
Firefox fixes fullscreen fakery flaw β get the update now!
By
Paul Ducklin
β November 16
th
2022 at 19:51
What's so bad about a web page going fullscreen without warning you first?
Naked Security
Log4Shell-like code execution hole in popular Backstage dev tool
By
Paul Ducklin
β November 15
th
2022 at 17:49
Good old "string templating", also known as "string interpolation", in the spotlight again...
bs-1200
Naked Security
βGucci Masterβ business email scammer Hushpuppi gets 11 years
By
Naked Security writer
β November 14
th
2022 at 19:24
Learn how to protect yourself from big-money tricksters like the Hushpuppis of the world...
puppi-car-1200
Naked Security
Dangerous SIM-swap lockscreen bypass β update Android now!
By
Paul Ducklin
β November 11
th
2022 at 19:59
A bit like leaving the front door keys under the doormat...
Naked Security
S3 Ep108: You hid THREE BILLION dollars in a popcorn tin?
By
Paul Ducklin
β November 10
th
2022 at 17:26
Patches, busts, leaks and why even low-likelihood exploits can be high-severity risks - listen now!
Naked Security
Emergency code execution patch from Apple β but not an 0-day
By
Paul Ducklin
β November 10
th
2022 at 01:49
Not a zero-day, but important enough for a quick-fire patch to one system library...
Naked Security
Exchange 0-days fixed (at last) β plus 4 brand new Patch Tuesday 0-days!
By
Paul Ducklin
β November 9
th
2022 at 19:58
In all the excitement, we kind of lost track ourselves. Were there six 0-days, or only four?
Naked Security
Silk Road drugs market hacker pleads guilty, faces 20 years inside
By
Paul Ducklin
β November 8
th
2022 at 19:58
Jurisprudence isn't like arithmetic... two negatives never make a positive!
Naked Security
Public URL scanning tools β when security leads to insecurity
By
Paul Ducklin
β November 7
th
2022 at 19:59
Never make your users cry/By how you use an API
Naked Security
Twitter Blue Badge email scams β Donβt fall for them!
By
Naked Security writer
β November 4
th
2022 at 17:59
That was the week that was...
Load more articles