Login
FreshRSS
Login
Naked Security
S3 Ep121: Can you get hacked and then prosecuted for it? [Audio + Text]
By
Paul Ducklin
β February 9
th
2023 at 19:41
Latest epsiode. Listen now!
Naked Security
OpenSSL fixes High Severity data-stealing bug β patch now!
By
Paul Ducklin
β February 8
th
2023 at 02:58
7 memory mismanagements and a timing attack. We explain all the jargon bug terminology in plain English...
Naked Security
VMWare user? Worried about βESXi ransomwareβ? Check your patches now!
By
Paul Ducklin
β February 7
th
2023 at 19:59
To borrow from HHGttG, please DON'T PANIC. But if you are two years out of date with patches, please do ACT NOW!
Naked Security
Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto
By
Paul Ducklin
β February 6
th
2023 at 21:53
Hear renowned cybersecurity author Andy Greenberg's thoughtful commentary about the "war on crypto" as we talk to him about his new book...
Naked Security
Finnish psychotherapy extortion suspect arrested in France
By
Naked Security writer
β February 6
th
2023 at 19:13
Company transcribed ultra-personal conversations, didn't secure them. Criminal stole them, then extorted thousands of vulnerable patients.
Naked Security
OpenSSH fixes double-free memory bug thatβs pokable over the network
By
Paul Ducklin
β February 3
rd
2023 at 17:59
It's a bug fix for a bug fix. A memory leak was turned into a double-free that has now been turned into correct code...
Naked Security
S3 Ep120: When dud crypto simply wonβt let go [Audio + Text]
By
Paul Ducklin
β February 2
nd
2023 at 17:50
Latest episode - listen now!
Naked Security
Password-stealing βvulnerabilityβ reported in KeePass β bug or feature?
By
Paul Ducklin
β February 1
st
2023 at 19:58
Is it a vulnerability if someone with control over your account can mess with files that your account is allowed to access anyway?
Naked Security
GitHub code-signing certificates stolen (but will be revoked this week)
By
Paul Ducklin
β January 31
st
2023 at 11:35
There was a breach, so the bad news isn't great, but the good news isn't too bad...
Naked Security
Serious Security: The Samba logon bug caused by outdated crypto
By
Paul Ducklin
β January 30
th
2023 at 19:59
Enjoy our Serious Security deep dive into this real-world example of why cryptographic agility is important!
Naked Security
Hive ransomware servers shut down at last, says FBI
By
Naked Security writer
β January 27
th
2023 at 17:58
Unfortunately, you've probably already heard the cliche that "cybercrime abhors a vacuum"...
Naked Security
Dutch suspect locked up for alleged personal data megathefts
By
Paul Ducklin
β January 26
th
2023 at 22:02
Undercover Austrian "controlled data buy" leads to Amsterdam arrest and ongoing investigation. Suspect is said to steal and sell all sorts of data, including medical records.
Naked Security
S3 Ep119: Breaches, patches, leaks and tweaks! [Audio + Text]
By
Paul Ducklin
β January 26
th
2023 at 19:57
Lastest episode - listen now! (Or read the transcript.)
Naked Security
Apple patches are out β old iPhones get an old zero-day fix at last!
By
Paul Ducklin
β January 24
th
2023 at 01:24
Don't delay, especially if you're still running an iOS 12 device... please do it today!
Naked Security
Serious Security: How dEliBeRaTe tYpOs might imProVe DNS security
By
Paul Ducklin
β January 23
rd
2023 at 19:59
It's a really cool and super-simple trick. The question is, "Will it help?"
Naked Security
T-Mobile admits to 37,000,000 customer records stolen by βbad actorβ
By
Paul Ducklin
β January 20
th
2023 at 17:59
Once more, it's time for Shakespeare's words: Once more unto the breach...
Naked Security
S3 Ep118: Guess your password? No need if itβs stolen already! [Audio + Text]
By
Paul Ducklin
β January 19
th
2023 at 15:53
As always: entertaining, informative and educational... and not bogged down with jargon! Listen (or read) now...
Naked Security
Serious Security: Unravelling the LifeLock βhacked passwordsβ story
By
Paul Ducklin
β January 17
th
2023 at 17:59
Four straight-talking tips to improve your online security, whether you're a LifeLock customer or not.
Naked Security
S3 Ep117: The crypto crisis that wasnβt (and farewell forever to Win 7) [Audio + Text]
By
Paul Ducklin
β January 12
th
2023 at 17:59
Tell us in the comments... What's the REAL reason there was no Windows 9? (No theory too far-fetched!)
Naked Security
Microsoft Patch Tuesday: One 0-day; Win 7 and 8.1 get last-ever patches
By
Paul Ducklin
β January 11
th
2023 at 00:22
Get 'em while they're hot. And get 'em for the very last time, if you still have Windows 7 or 8.1...
Naked Security
Popular JWT cloud security library patches βremoteβ code execution hole
By
Paul Ducklin
β January 10
th
2023 at 19:59
It's remotely triggerable, but attackers would already have pretty deep network access if they could "prime" your server for compromise.
Naked Security
CircleCI β code-building service suffers total credential compromise
By
Paul Ducklin
β January 9
th
2023 at 14:52
They're saying "rotate secrets"... in plain English, they mean "change your credentials". The company has a tool to help you find them all.
Naked Security
S3 Ep116: Last straw for LastPass? Is crypto doomed? [Audio + Text]
By
Paul Ducklin
β January 5
th
2023 at 17:52
Lots of big issues this week: breaches, encryption, supply chains and patching problems. Listen now! (Full transcript inside.)
Naked Security
Serious Security: How to improve cryptography, resist supply chain attacks, and handle data breaches
By
Paul Ducklin
β January 4
th
2023 at 19:50
Lessons for us all: improve cryptography, fight cybercrime, own your supply chain... and don't steal my data and then pretend you're sorry.
Naked Security
Inside a scammersβ lair: Ukraine busts 40 in fake bank call-centre raid
By
Naked Security writer
β January 3
rd
2023 at 17:03
When someone calls you up to warn you that your bank account is under attack - it's true, because THAT VERY PERSON is the one attacking you!
Naked Security
PyTorch: Machine Learning toolkit pwned from Christmas to New Year
By
Paul Ducklin
β January 1
st
2023 at 21:36
The bad news: the crooks have your SSH private keys. The good news: only users of the "nightly" build were affected.
Naked Security
Naked Security 33Β 1/3 β Cybersecurity predictions for 2023 and beyond
By
Paul Ducklin
β December 30
th
2022 at 19:59
The problem with anniversaries is that there's an almost infinite number of them every day...
hny-1200
Naked Security
US passes the Quantum Computing Cybersecurity Preparedness Act β and why not?
By
Paul Ducklin
β December 29
th
2022 at 20:45
Cryptographic agility: the ability and the willingness to change quickly when needed.
sc-daa-1200
Naked Security
The horror! The horror! NOTEPAD gets tabbed editing (very briefly)
By
Paul Ducklin
β December 29
th
2022 at 19:59
Is there a special meaning of "don't" that means "go right ahead"?
Naked Security
S3 Ep115: True crime stories β A day in the life of a cybercrime fighter [Audio + Text]
By
Paul Ducklin
β December 29
th
2022 at 09:20
Listen now - you'll be alarmed, amused and educated, all in equal measure. (Full transcript in article.)
Naked Security
Twitter data of β+400 million unique usersβ up for sale β what to do?
By
Paul Ducklin
β December 28
th
2022 at 19:59
If the crooks have connected up your phone number and your Twitter handle... what could go wrong?
Naked Security
Critical β10-out-of-10β Linux kernel SMB hole β should you worry?
By
Paul Ducklin
β December 27
th
2022 at 19:35
It's serious, it's critical, and you could call it severe... but in HHGttG terminology, it's probably "mostly harmless".
Naked Security
LastPass finally admits: Those crooks who got in? They did steal your password vaults, after allβ¦
By
Paul Ducklin
β December 23
rd
2022 at 19:58
The crooks now know who you are, where you live, which computers are yours, where you go online... and they got those password vaults, too.
Naked Security
S3 Ep114: Preventing cyberthreats β stop them before they stop you! [Audio + Text]
By
Paul Ducklin
β December 22
nd
2022 at 19:56
Join world-renowned expert Fraser Howard, Director of Research at SophosLabs, for this fascinating episode on how to fight cybercrime.
Naked Security
βSuspicious loginβ scammers up their game β take care at Christmas
By
Paul Ducklin
β December 21
st
2022 at 17:59
A picture is worth 1024 words - we clicked through so you don't have to.
Naked Security
Microsoft dishes the dirt on Appleβs βAchilles heelβ shortly after fixing similar Windows bug
By
Paul Ducklin
β December 20
th
2022 at 17:59
It happens to the best of us: Microsoft highlights a security bypass bug on Macs that is curiously similar to a recent Windows 0-day.
Naked Security
OneCoin scammer Sebastian Greenwood pleads guilty, βCryptoqueenβ still missing
By
Paul Ducklin
β December 19
th
2022 at 19:50
The Cryptoqueen herself is still missing, but her co-conspirator, who is said to have pocketed over $20m a month, has been convicted.
Naked Security
S3 Ep113: Pwning the Windows kernel β the crooks who hoodwinked Microsoft [Audio + Text]
By
Paul Ducklin
β December 15
th
2022 at 17:10
Return o' the rookit, super-sneaky wireless spyware, credit card skimming, and patches galore. Listen and learn!
Naked Security
Apple patches everything, finally reveals mystery of iOS 16.1.2
By
Paul Ducklin
β December 14
th
2022 at 02:11
There's an update for everything this time, not just for iOS.
Naked Security
Patch Tuesday: 0-days, RCE bugs, and a curious tale of signed malware
By
Paul Ducklin
β December 14
th
2022 at 01:13
Tales of derring-do in the cyberunderground! (And some zero-days.)
Naked Security
COVID-bit: the wireless spyware trick with an unfortunate name
By
Paul Ducklin
β December 13
th
2022 at 19:58
It's not the switching that's the problem, it's the switching of the switching!
ind-1200
Naked Security
Pwn2Own Toronto: 54 hacks, 63 new bugs, $1 million in bounties
By
Paul Ducklin
β December 12
th
2022 at 19:58
That's a mean average of $15,710 per bug... and 63 fewer bugs out there for crooks and rogues to find.
Naked Security
S3 Ep112: Data breaches can haunt you more than once! [Audio + Text]
By
Paul Ducklin
β December 9
th
2022 at 16:46
Breaches, exploits, busts, buffer overflows and bug hunting - entertaining and educational in equal measure.
Naked Security
Credit card skimming β the long and winding road of supply chain failure
By
Paul Ducklin
β December 8
th
2022 at 19:58
Don't keep calling home to a JavaScript server that closed its doors eight years ago!
Naked Security
SIM swapper sent to prison for 2FA cryptocurrency heist of over $20m
By
Naked Security writer
β December 6
th
2022 at 17:56
Guilty party got 18 months, also has to pay back $20m he probably hasn't got, which could land him in more hot water.
Naked Security
Number Nine! Chrome fixes another 2022 zero-day, Edge patched too
By
Paul Ducklin
β December 5
th
2022 at 20:58
Ninth more unto the breach, dear friends, ninth more.
Naked Security
Ping of death! FreeBSD fixes crashtastic bug in network tool
By
Paul Ducklin
β December 5
th
2022 at 19:59
It's a venerable program, and this version had a venerable bug in it.
Naked Security
Apple pushes out iOS security update thatβs more tight-lipped than ever
By
Paul Ducklin
β December 2
nd
2022 at 21:02
We grabbed the update, based on no information at all, just in case we came across a reason to advise you not to. So far, so good...
Naked Security
LastPass admits to customer data breach caused by previous breach
By
Paul Ducklin
β December 2
nd
2022 at 01:10
Seems that the developer account that the crooks breached last time gave indirect access to customer data this time round.
Naked Security
The CHRISTMA EXEC network worm β 35 years and counting!
By
Paul Ducklin
β December 1
st
2022 at 20:35
"Uh-oh, this viruses-and-worms scene could turn out quite troublesome." If only we'd been wrong...
xmas-1200-35-wide
Naked Security
S3 Ep111: The business risk of a sleazy βnudity unfilterβ [Audio + Text]
By
Paul Ducklin
β December 1
st
2022 at 19:58
Latest episode - listen now (or read if you prefer)...
Naked Security
Serious Security: MD5 considered harmful β to the tune of $600,000
By
Paul Ducklin
β November 30
th
2022 at 17:58
It's not just the hashing, by the way. It's the salting and the stretching, too!
Naked Security
TikTok βInvisible Challengeβ porn malware puts us all at risk
By
Paul Ducklin
β November 29
th
2022 at 19:58
An injury to one is an injury to all. Especially if the other people are part of your social network.
Naked Security
Chrome fixes 8th zero-day of 2022 β check your version now (Edge too!)
By
Paul Ducklin
β November 28
th
2022 at 19:42
There isn't a rhyme to remind you which months have browser zero-days... you just have to keep your eyes and ears open!
Naked Security
Voice-scamming site βiSpoofβ seized, 100s arrested in massive crackdown
By
Naked Security writer
β November 25
th
2022 at 19:17
Those numbers or names that pop up when a call comes up? They're OK as a hint of who's calling, but THEY PROVE NOTHING
Naked Security
S3 Ep110: Spotlight on cyberthreats β an expert speaks [Audio + Text]
By
Paul Ducklin
β November 24
th
2022 at 16:52
Latest episode - security expert John Shier explains what the real-life cybercrime stories in the Sophos Threat Report can teach us
Naked Security
Multimillion dollar CryptoRom scam sites seized, suspects arrested in US
By
Paul Ducklin
β November 23
rd
2022 at 19:58
Five tips to keep yourself, and your friends and family, out of the clutches of "chopping block" scammers...
cryptorom-1200
Naked Security
How to hack an unpatched Exchange server with rogue PowerShell code
By
Paul Ducklin
β November 22
nd
2022 at 19:54
Review your servers, your patches and your authentication policies - there's a proof-of-concept out
Naked Security
How social media scammers buy time to steal your 2FA codes
By
Paul Ducklin
β November 21
st
2022 at 17:02
The warning is hosted on a real Facebook page; the phishing uses HTTPS via a real Google server... but the content is all fake
ffs-2fa-1200
Naked Security
S3 Ep109: How one leaked email password could drain your business [Audio + Transcript]
By
Paul Ducklin
β November 17
th
2022 at 17:52
Latest episode - listen now! Cybersecurity news plus loads of great advice...
Load more articles