Login
FreshRSS
Login
Naked Security
NPM JavaScript packages abused to create scambait links in bulk
By
Paul Ducklin
β February 22
nd
2023 at 20:59
Free spins? Bonus game points? Cheap social media followers? What harm could it possibly do if you just take a tiny little look?!
Naked Security
Coinbase breached by social engineers, employee data stolen
By
Paul Ducklin
β February 21
st
2023 at 17:58
Another day, another "sophisticated" attack. This time, the company has handily included some useful advice along with its mea culpa...
Naked Security
Twitter tells users: Pay up if you want to keep using insecure 2FA
By
Paul Ducklin
β February 20
th
2023 at 17:58
Ironically, Twitter Blue users will be allowed to keep using the very 2FA process that's not considered secure enough for everyone else.
Naked Security
GoDaddy admits: Crooks hit us with malware, poisoned customer websites
By
Paul Ducklin
β February 20
th
2023 at 01:36
New report admits that attackers were detected in the network about three months ago, and may have been attacking for about three years.
Naked Security
S3 Ep122: Stop calling every breach βsophisticatedβ! [Audio + Text]
By
Paul Ducklin
β February 16
th
2023 at 17:46
Latest episode - listen now! (Full transcript inside.)
Naked Security
Microsoft Patch Tuesday: 36 RCE bugs, 3 zero-days, 75 CVEs
By
Paul Ducklin
β February 14
th
2023 at 22:12
Lots of lovely patches for your Valentine's Day delight. Get 'em as soon as you can...
Naked Security
Apple fixes zero-day spyware implant bug β patch now!
By
Paul Ducklin
β February 14
th
2023 at 19:08
Everyone update now! Except for those who don't need to! Or who need to but will only get updates later on, though Apple isn't saying yet!
Naked Security
Serious Security: GnuTLS follows OpenSSL, fixes timing attack bug
By
Paul Ducklin
β February 13
th
2023 at 17:59
Conditional code considered cryptographically counterproductive.
Naked Security
Reddit admits it was hacked and data stolen, says βDonβt panicβ
By
Paul Ducklin
β February 10
th
2023 at 19:59
Reddit is suggesting three tips as a follow-up to this breach. We agree with two of them but not with the third...
Naked Security
S3 Ep121: Can you get hacked and then prosecuted for it? [Audio + Text]
By
Paul Ducklin
β February 9
th
2023 at 19:41
Latest epsiode. Listen now!
Naked Security
OpenSSL fixes High Severity data-stealing bug β patch now!
By
Paul Ducklin
β February 8
th
2023 at 02:58
7 memory mismanagements and a timing attack. We explain all the jargon bug terminology in plain English...
Naked Security
VMWare user? Worried about βESXi ransomwareβ? Check your patches now!
By
Paul Ducklin
β February 7
th
2023 at 19:59
To borrow from HHGttG, please DON'T PANIC. But if you are two years out of date with patches, please do ACT NOW!
Naked Security
Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto
By
Paul Ducklin
β February 6
th
2023 at 21:53
Hear renowned cybersecurity author Andy Greenberg's thoughtful commentary about the "war on crypto" as we talk to him about his new book...
Naked Security
Finnish psychotherapy extortion suspect arrested in France
By
Naked Security writer
β February 6
th
2023 at 19:13
Company transcribed ultra-personal conversations, didn't secure them. Criminal stole them, then extorted thousands of vulnerable patients.
Naked Security
OpenSSH fixes double-free memory bug thatβs pokable over the network
By
Paul Ducklin
β February 3
rd
2023 at 17:59
It's a bug fix for a bug fix. A memory leak was turned into a double-free that has now been turned into correct code...
Naked Security
S3 Ep120: When dud crypto simply wonβt let go [Audio + Text]
By
Paul Ducklin
β February 2
nd
2023 at 17:50
Latest episode - listen now!
Naked Security
Password-stealing βvulnerabilityβ reported in KeePass β bug or feature?
By
Paul Ducklin
β February 1
st
2023 at 19:58
Is it a vulnerability if someone with control over your account can mess with files that your account is allowed to access anyway?
Naked Security
GitHub code-signing certificates stolen (but will be revoked this week)
By
Paul Ducklin
β January 31
st
2023 at 11:35
There was a breach, so the bad news isn't great, but the good news isn't too bad...
Naked Security
Serious Security: The Samba logon bug caused by outdated crypto
By
Paul Ducklin
β January 30
th
2023 at 19:59
Enjoy our Serious Security deep dive into this real-world example of why cryptographic agility is important!
Naked Security
Hive ransomware servers shut down at last, says FBI
By
Naked Security writer
β January 27
th
2023 at 17:58
Unfortunately, you've probably already heard the cliche that "cybercrime abhors a vacuum"...
Naked Security
Dutch suspect locked up for alleged personal data megathefts
By
Paul Ducklin
β January 26
th
2023 at 22:02
Undercover Austrian "controlled data buy" leads to Amsterdam arrest and ongoing investigation. Suspect is said to steal and sell all sorts of data, including medical records.
Naked Security
S3 Ep119: Breaches, patches, leaks and tweaks! [Audio + Text]
By
Paul Ducklin
β January 26
th
2023 at 19:57
Lastest episode - listen now! (Or read the transcript.)
Naked Security
GoTo admits: Customer cloud backups stolen together with decryption key
By
Paul Ducklin
β January 25
th
2023 at 01:37
We were going to write, "Once more unto the breach, dear friends, once more"... but it seems to go without saying these days.
Naked Security
Apple patches are out β old iPhones get an old zero-day fix at last!
By
Paul Ducklin
β January 24
th
2023 at 01:24
Don't delay, especially if you're still running an iOS 12 device... please do it today!
Naked Security
Serious Security: How dEliBeRaTe tYpOs might imProVe DNS security
By
Paul Ducklin
β January 23
rd
2023 at 19:59
It's a really cool and super-simple trick. The question is, "Will it help?"
Naked Security
T-Mobile admits to 37,000,000 customer records stolen by βbad actorβ
By
Paul Ducklin
β January 20
th
2023 at 17:59
Once more, it's time for Shakespeare's words: Once more unto the breach...
Naked Security
S3 Ep118: Guess your password? No need if itβs stolen already! [Audio + Text]
By
Paul Ducklin
β January 19
th
2023 at 15:53
As always: entertaining, informative and educational... and not bogged down with jargon! Listen (or read) now...
Naked Security
Serious Security: Unravelling the LifeLock βhacked passwordsβ story
By
Paul Ducklin
β January 17
th
2023 at 17:59
Four straight-talking tips to improve your online security, whether you're a LifeLock customer or not.
Naked Security
Multi-million investment scammers busted in four-country Europol raid
By
Paul Ducklin
β January 16
th
2023 at 16:10
216 questioned, 15 arrested, 4 fake call centres searched, millions seized...
Naked Security
S3 Ep117: The crypto crisis that wasnβt (and farewell forever to Win 7) [Audio + Text]
By
Paul Ducklin
β January 12
th
2023 at 17:59
Tell us in the comments... What's the REAL reason there was no Windows 9? (No theory too far-fetched!)
Naked Security
Microsoft Patch Tuesday: One 0-day; Win 7 and 8.1 get last-ever patches
By
Paul Ducklin
β January 11
th
2023 at 00:22
Get 'em while they're hot. And get 'em for the very last time, if you still have Windows 7 or 8.1...
Naked Security
Popular JWT cloud security library patches βremoteβ code execution hole
By
Paul Ducklin
β January 10
th
2023 at 19:59
It's remotely triggerable, but attackers would already have pretty deep network access if they could "prime" your server for compromise.
Naked Security
CircleCI β code-building service suffers total credential compromise
By
Paul Ducklin
β January 9
th
2023 at 14:52
They're saying "rotate secrets"... in plain English, they mean "change your credentials". The company has a tool to help you find them all.
Naked Security
RSA crypto cracked? Or perhaps not!
By
Paul Ducklin
β January 6
th
2023 at 19:59
Stand down from blue alert, it seems... but why not plan your cryptographic agility anyway?
Naked Security
S3 Ep116: Last straw for LastPass? Is crypto doomed? [Audio + Text]
By
Paul Ducklin
β January 5
th
2023 at 17:52
Lots of big issues this week: breaches, encryption, supply chains and patching problems. Listen now! (Full transcript inside.)
Naked Security
Serious Security: How to improve cryptography, resist supply chain attacks, and handle data breaches
By
Paul Ducklin
β January 4
th
2023 at 19:50
Lessons for us all: improve cryptography, fight cybercrime, own your supply chain... and don't steal my data and then pretend you're sorry.
Naked Security
Inside a scammersβ lair: Ukraine busts 40 in fake bank call-centre raid
By
Naked Security writer
β January 3
rd
2023 at 17:03
When someone calls you up to warn you that your bank account is under attack - it's true, because THAT VERY PERSON is the one attacking you!
Naked Security
PyTorch: Machine Learning toolkit pwned from Christmas to New Year
By
Paul Ducklin
β January 1
st
2023 at 21:36
The bad news: the crooks have your SSH private keys. The good news: only users of the "nightly" build were affected.
Naked Security
Naked Security 33Β 1/3 β Cybersecurity predictions for 2023 and beyond
By
Paul Ducklin
β December 30
th
2022 at 19:59
The problem with anniversaries is that there's an almost infinite number of them every day...
hny-1200
Naked Security
US passes the Quantum Computing Cybersecurity Preparedness Act β and why not?
By
Paul Ducklin
β December 29
th
2022 at 20:45
Cryptographic agility: the ability and the willingness to change quickly when needed.
sc-daa-1200
Naked Security
The horror! The horror! NOTEPAD gets tabbed editing (very briefly)
By
Paul Ducklin
β December 29
th
2022 at 19:59
Is there a special meaning of "don't" that means "go right ahead"?
Naked Security
S3 Ep115: True crime stories β A day in the life of a cybercrime fighter [Audio + Text]
By
Paul Ducklin
β December 29
th
2022 at 09:20
Listen now - you'll be alarmed, amused and educated, all in equal measure. (Full transcript in article.)
Naked Security
Twitter data of β+400 million unique usersβ up for sale β what to do?
By
Paul Ducklin
β December 28
th
2022 at 19:59
If the crooks have connected up your phone number and your Twitter handle... what could go wrong?
Naked Security
Critical β10-out-of-10β Linux kernel SMB hole β should you worry?
By
Paul Ducklin
β December 27
th
2022 at 19:35
It's serious, it's critical, and you could call it severe... but in HHGttG terminology, it's probably "mostly harmless".
Naked Security
LastPass finally admits: Those crooks who got in? They did steal your password vaults, after allβ¦
By
Paul Ducklin
β December 23
rd
2022 at 19:58
The crooks now know who you are, where you live, which computers are yours, where you go online... and they got those password vaults, too.
Naked Security
S3 Ep114: Preventing cyberthreats β stop them before they stop you! [Audio + Text]
By
Paul Ducklin
β December 22
nd
2022 at 19:56
Join world-renowned expert Fraser Howard, Director of Research at SophosLabs, for this fascinating episode on how to fight cybercrime.
Naked Security
βSuspicious loginβ scammers up their game β take care at Christmas
By
Paul Ducklin
β December 21
st
2022 at 17:59
A picture is worth 1024 words - we clicked through so you don't have to.
Naked Security
Microsoft dishes the dirt on Appleβs βAchilles heelβ shortly after fixing similar Windows bug
By
Paul Ducklin
β December 20
th
2022 at 17:59
It happens to the best of us: Microsoft highlights a security bypass bug on Macs that is curiously similar to a recent Windows 0-day.
Naked Security
OneCoin scammer Sebastian Greenwood pleads guilty, βCryptoqueenβ still missing
By
Paul Ducklin
β December 19
th
2022 at 19:50
The Cryptoqueen herself is still missing, but her co-conspirator, who is said to have pocketed over $20m a month, has been convicted.
Naked Security
S3 Ep113: Pwning the Windows kernel β the crooks who hoodwinked Microsoft [Audio + Text]
By
Paul Ducklin
β December 15
th
2022 at 17:10
Return o' the rookit, super-sneaky wireless spyware, credit card skimming, and patches galore. Listen and learn!
Naked Security
Apple patches everything, finally reveals mystery of iOS 16.1.2
By
Paul Ducklin
β December 14
th
2022 at 02:11
There's an update for everything this time, not just for iOS.
Naked Security
Patch Tuesday: 0-days, RCE bugs, and a curious tale of signed malware
By
Paul Ducklin
β December 14
th
2022 at 01:13
Tales of derring-do in the cyberunderground! (And some zero-days.)
Naked Security
COVID-bit: the wireless spyware trick with an unfortunate name
By
Paul Ducklin
β December 13
th
2022 at 19:58
It's not the switching that's the problem, it's the switching of the switching!
ind-1200
Naked Security
Pwn2Own Toronto: 54 hacks, 63 new bugs, $1 million in bounties
By
Paul Ducklin
β December 12
th
2022 at 19:58
That's a mean average of $15,710 per bug... and 63 fewer bugs out there for crooks and rogues to find.
Naked Security
S3 Ep112: Data breaches can haunt you more than once! [Audio + Text]
By
Paul Ducklin
β December 9
th
2022 at 16:46
Breaches, exploits, busts, buffer overflows and bug hunting - entertaining and educational in equal measure.
Naked Security
Credit card skimming β the long and winding road of supply chain failure
By
Paul Ducklin
β December 8
th
2022 at 19:58
Don't keep calling home to a JavaScript server that closed its doors eight years ago!
Naked Security
SIM swapper sent to prison for 2FA cryptocurrency heist of over $20m
By
Naked Security writer
β December 6
th
2022 at 17:56
Guilty party got 18 months, also has to pay back $20m he probably hasn't got, which could land him in more hot water.
Naked Security
Number Nine! Chrome fixes another 2022 zero-day, Edge patched too
By
Paul Ducklin
β December 5
th
2022 at 20:58
Ninth more unto the breach, dear friends, ninth more.
Naked Security
Ping of death! FreeBSD fixes crashtastic bug in network tool
By
Paul Ducklin
β December 5
th
2022 at 19:59
It's a venerable program, and this version had a venerable bug in it.
Naked Security
Apple pushes out iOS security update thatβs more tight-lipped than ever
By
Paul Ducklin
β December 2
nd
2022 at 21:02
We grabbed the update, based on no information at all, just in case we came across a reason to advise you not to. So far, so good...
Load more articles