Login
FreshRSS
Login
Naked Security
Beware rogue 2FA apps in App Store and Google Play β donβt get hacked!
By
Paul Ducklin
β February 27
th
2023 at 02:10
Even in Apple's and Google's "walled gardens", there are plenty of 2FA apps that are either dangerously incompetent, or unrepentantly malicious. (Or perhaps both.)
Naked Security
S3 Ep123: Crypto company compromise kerfuffle [Audio + Text]
By
Paul Ducklin
β February 23
rd
2023 at 19:58
Latest episode - listen now! Top-notch advice for cybersecurity, both at work and at home.
Naked Security
Coinbase breached by social engineers, employee data stolen
By
Paul Ducklin
β February 21
st
2023 at 17:58
Another day, another "sophisticated" attack. This time, the company has handily included some useful advice along with its mea culpa...
Naked Security
S3 Ep120: When dud crypto simply wonβt let go [Audio + Text]
By
Paul Ducklin
β February 2
nd
2023 at 17:50
Latest episode - listen now!
Naked Security
GitHub code-signing certificates stolen (but will be revoked this week)
By
Paul Ducklin
β January 31
st
2023 at 11:35
There was a breach, so the bad news isn't great, but the good news isn't too bad...
Naked Security
Serious Security: The Samba logon bug caused by outdated crypto
By
Paul Ducklin
β January 30
th
2023 at 19:59
Enjoy our Serious Security deep dive into this real-world example of why cryptographic agility is important!
Naked Security
Apple patches are out β old iPhones get an old zero-day fix at last!
By
Paul Ducklin
β January 24
th
2023 at 01:24
Don't delay, especially if you're still running an iOS 12 device... please do it today!
Naked Security
US passes the Quantum Computing Cybersecurity Preparedness Act β and why not?
By
Paul Ducklin
β December 29
th
2022 at 20:45
Cryptographic agility: the ability and the willingness to change quickly when needed.
sc-daa-1200
Naked Security
Microsoft dishes the dirt on Appleβs βAchilles heelβ shortly after fixing similar Windows bug
By
Paul Ducklin
β December 20
th
2022 at 17:59
It happens to the best of us: Microsoft highlights a security bypass bug on Macs that is curiously similar to a recent Windows 0-day.
Naked Security
OneCoin scammer Sebastian Greenwood pleads guilty, βCryptoqueenβ still missing
By
Paul Ducklin
β December 19
th
2022 at 19:50
The Cryptoqueen herself is still missing, but her co-conspirator, who is said to have pocketed over $20m a month, has been convicted.
Naked Security
Credit card skimming β the long and winding road of supply chain failure
By
Paul Ducklin
β December 8
th
2022 at 19:58
Don't keep calling home to a JavaScript server that closed its doors eight years ago!
Naked Security
βGucci Masterβ business email scammer Hushpuppi gets 11 years
By
Naked Security writer
β November 14
th
2022 at 19:24
Learn how to protect yourself from big-money tricksters like the Hushpuppis of the world...
puppi-car-1200
Naked Security
Silk Road drugs market hacker pleads guilty, faces 20 years inside
By
Paul Ducklin
β November 8
th
2022 at 19:58
Jurisprudence isn't like arithmetic... two negatives never make a positive!
Naked Security
Psychotherapy extortion suspect: arrest warrant issued
By
Paul Ducklin
β October 31
st
2022 at 19:59
Wanted! Not only the extortionist who abused the data, but also the CEO who let it happen.
Naked Security
S3 Ep106: Facial recognition without consent β should it be banned?
By
Paul Ducklin
β October 27
th
2022 at 16:59
Latest episode - listen (or read) now. Teachable moments for X-Ops professionals!
Naked Security
Clearview AI image-scraping face recognition service hit with β¬20m fine in France
By
Paul Ducklin
β October 26
th
2022 at 00:50
"We told you to stop but you ignored us," said the French regulator, "so now we're coming after you again."
Naked Security
Serious Security: How randomly (or not) can you shuffle cards?
By
Paul Ducklin
β October 24
th
2022 at 18:57
What if you could guess the next card correctly twice as often as you should?
card-fan-1200
Naked Security
When cops hack back: Dutch police fleece DEADBOLT criminals (legally!)
By
Paul Ducklin
β October 21
st
2022 at 18:25
Crooks: Show us the money! Cops: How about you show us the decryption keys first?
Naked Security
Dangerous hole in Apache Commons Text β like Log4Shell all over again
By
Paul Ducklin
β October 18
th
2022 at 17:26
Third time unlucky. Time to put your patching boots on again...
act-1200
Naked Security
Fashion brand SHEIN fined $1.9m for lying about data breach
By
Naked Security writer
β October 17
th
2022 at 18:50
Is "pay a small fine and keep on trading" a sufficient penalty for letting a breach happen, impeding an investigation, and hiding the truth?
Naked Security
Move over Patch Tuesday β itβs Ada Lovelace Day!
By
Paul Ducklin
β October 11
th
2022 at 15:22
Hacking on actual computers is one thing, but hacking purposefully on imaginary computers is, these days, something we can only imagine.
Naked Security
Former Uber CSO convicted of covering up megabreach back in 2016
By
Naked Security writer
β October 6
th
2022 at 01:04
Obstructed FTC proceedings, and concealed a crime, said the jury.
Naked Security
Scammers and rogue callers β can anything ever stop them?
By
Paul Ducklin
β October 4
th
2022 at 00:06
Some thoughts for Cybersecurity Awareness Month: Is is worth reporting nuisance calls? Is it even worth reporting outright scams?
Naked Security
Morgan Stanley fined millions for selling off devices full of customer PII
By
Paul Ducklin
β September 23
rd
2022 at 18:07
Critical data on old disks always seems inaccessible if you really need it. But when you DON''T want it back, guess what happens...
Naked Security
Breaching airgap security: using your phoneβs gyroscope as a microphone
By
Paul Ducklin
β August 24
th
2022 at 18:59
One bit per second makes the Voyager probe data rate seem blindingly fast. But it's enough to break your security assumptions...
Naked Security
S3 Ep96: Zoom 0-day, AEPIC leak, Conti reward, healthcare security [Audio + Text]
By
Paul Ducklin
β August 18
th
2022 at 18:38
Latest episode - listen now (or read if you prefer!)
Naked Security
Apple patches double zero-day in browser and kernel β update now!
By
Paul Ducklin
β August 17
th
2022 at 23:33
Double 0-day exploits - one in WebKit (to break in) and the other in the kernel (to take over). Patch now!
Naked Security
US offers reward βup to $10 millionβ for information about the Conti gang
By
Naked Security writer
β August 16
th
2022 at 16:57
Wanted - Reward Offered - Five unknown individuals (plus a man with a weird hat)
Naked Security
Zoom for Mac patches critical bug β update now!
By
Paul Ducklin
β August 15
th
2022 at 18:26
There's many a slip 'twixt the cup and the lip. Or at least between the TOC and the TOU...
Naked Security
S3 Ep95: Slack leak, Github onslaught, and post-quantum crypto [Audio + Text]
By
Paul Ducklin
β August 11
th
2022 at 14:34
Latest episode - listen now! (Or read the transcript if you prefer.)
Naked Security
Post-quantum cryptography β new algorithm βgone in 60 minutesβ
By
Paul Ducklin
β August 3
rd
2022 at 18:55
And THIS is why you don't knit your own home-made encryption algorithms and hope no one looks at them.
Naked Security
Cryptocoin βtoken swapperβ Nomad loses $200 million in coding blunder
By
Paul Ducklin
β August 2
nd
2022 at 16:12
Transactions were only approved, it seems, if they were initiated by... errrrr, by anyone.
Naked Security
Apple patches β0-dayβ browser bug fixed 2 weeks ago in Chrome, Edge
By
Paul Ducklin
β July 21
st
2022 at 12:38
One vendor's zero-day is another vendor's routine patch...
Naked Security
Paying ransomware crooks wonβt reduce your legal risk, warns regulator
By
Paul Ducklin
β July 12
th
2022 at 18:24
"We paid the crooks to keep things under control and make a bad thing better"... isn't a valid excuse. Who knew?
Naked Security
Apache βCommons Configurationβ patches Log4Shell-style bug β what you need to know
By
Paul Ducklin
β July 8
th
2022 at 00:59
It's a bit like Log4J, but for configuration files, not for logging.
Naked Security
S3 Ep90: Chrome 0-day again, True Cybercrime, and a 2FA bypass [Podcast + Transcript]
By
Paul Ducklin
β July 7
th
2022 at 18:46
Listen now! Or read if you prefer...
Naked Security
Canadian cybercriminal pleads guilty to βNetWalkerβ attacks in US
By
Paul Ducklin
β July 4
th
2022 at 14:09
Bust in Canada, now bust in the USA as well.
Naked Security
βMissing Cryptoqueenβ hits the FBIβs Ten Most Wanted list
By
Paul Ducklin
β July 1
st
2022 at 16:49
The "Missing Cryptoqueen" makes the American Top Ten... but not in a good way.
Naked Security
OpenSSL issues a bugfix for the previous bugfix
By
Paul Ducklin
β June 24
th
2022 at 15:32
Fortunately, it's not a major bugfix, which means it's easy to patch and can teach us all some useful lessons.
Naked Security
Poisoned Python and PHP packages purloin passwords for AWS access
By
Paul Ducklin
β May 24
th
2022 at 23:04
More supply chain trouble - this time with clear examples so you can learn how to spot this stuff yourself.
Naked Security
Clearview AI face-matching service fined a lot less than expected
By
Paul Ducklin
β May 23
rd
2022 at 13:01
The fine has finally gone through... but it's less than 45% of what was originally proposed.
eleceye-1200
Naked Security
Pwn2Own hacking schedule released β Windows and Linux are top targets
By
Paul Ducklin
β May 18
th
2022 at 13:04
What's better? Disclose early, patch fast? Or dig deep, disclose in full, patch more slowly?
Naked Security
Colonial Pipeline facing $1,000,000 fine for poor recovery plans
By
Paul Ducklin
β May 10
th
2022 at 16:59
How good is your cybersecurity? Are you making the same mistakes as lots of other people? Here's some real-life advice...
Naked Security
Beanstalk cryptocurrency heist: scammer votes himself all the money
By
Paul Ducklin
β April 19
th
2022 at 16:00
Voting safeguards based on commuity collateral don't work if one person can use a momentary loan to "become" 75% of the community.
Naked Security
Yet another Chrome zero-day emergency update β patch now!
By
Paul Ducklin
β April 16
th
2022 at 00:33
The third emergency Chrome 0-day in three months - the first one was exploited by North Korea, so you might as well get this one ASAP.
Naked Security
S3 Ep78: Darkweb hydra, Ruby, quantum computing, and a robot revolution [Podcast]
By
Paul Ducklin
β April 14
th
2022 at 13:39
Latest episode - listen now!
Naked Security
OpenSSH goes Post-Quantum, switches to qubit-busting crypto by default
By
Paul Ducklin
β April 11
th
2022 at 16:58
Useful quantum computers might not actually be possible. But what if they are? And what if they arrive, say, tomorrow?
cat-1200
Naked Security
Web vendor CafePress fined $500,000 for giving cybersecurity a low value
By
Paul Ducklin
β March 21
st
2022 at 16:55
Just because you're the victim of a cybercrime doesn't let you off your cybersecurity obligations
Naked Security
Beware bogus Betas β cryptocoin scammers abuse Appleβs TestFlight system
By
Paul Ducklin
β March 16
th
2022 at 15:49
"Install this moneymaking app" - this one is so special that it isn't available on Google Play or the App Store!
Naked Security
Happy #PiDay β even if you arenβt in North America!
By
Paul Ducklin
β March 14
th
2022 at 23:59
There is a cybersecurity angle here - but you will need to read right to the end to find it :-)
Naked Security
Cryptocoin ATMs ruled illegal β βShut down at onceβ, says regulator
By
Paul Ducklin
β March 14
th
2022 at 17:51
If you live in the UK and hadn't yet heard of cryptocoin ATMs... it's too late now!
Naked Security
S3 Ep70: Bitcoin, billing blunders, and 0-day after 0-day after 0-day [Podcast + Transcript]
By
Paul Ducklin
β February 17
th
2022 at 17:12
Latest episode - listen and learn!
Naked Security
Apple zero-day drama for Macs, iPhones and iPads β patch now!
By
Paul Ducklin
β February 11
th
2022 at 14:25
Sudden update! Zero-day browser hole! Drive-by malware danger! Patch Apple laptops and phones now...
apple-1200
Naked Security
Self-styled βCrocodile of Wall Streetβ arrested with husband over Bitcoin megaheist
By
Naked Security writer
β February 9
th
2022 at 14:44
The cops say they've recovered 80% of a $72 million cryptocoin heist... but the recovered funds alone are now worth over $4 billion!
Naked Security
Wormhole cryptotrading company turns over $340,000,000 to criminals
By
Paul Ducklin
β February 4
th
2022 at 17:38
It was the best of blockchains, it was the worst of blockchains... as Charles Dickens might have said.
Naked Security
Coronavirus SMS scam offers home PCR testing devices β donβt fall for it!
By
Paul Ducklin
β January 28
th
2022 at 23:58
Free home PCR devices would be technological marvels, and really useful, too. But there aren't any...
Naked Security
Apple fixes Safari data leak (and patches a zero-day!) β update now
By
Paul Ducklin
β January 27
th
2022 at 21:09
That infamous "supercookie" bug in Safari has now been fixed. Oh, and there was a zero-day kernel hole as well.
apple-1200
Naked Security
Cryptocoin broker Crypto.com says 2FA bypass led to $35m theft
By
Paul Ducklin
β January 21
st
2022 at 16:25
The company has put out a brief security report that summarises the 'what', but not yet the 'how' or 'why'.
Naked Security
JavaScript developer destroys own projects in supply chain βlessonβ
By
Paul Ducklin
β January 11
th
2022 at 00:54
Two popular open source JavaScript packages recently got "hacked" in a symbolic gesture by the original project creator.
Naked Security
Plundered bitcoins recovered by FBI β all 3,879-and-one-sixth of them!
By
Paul Ducklin
β December 22
nd
2021 at 17:57
Phew! An audacious crime... that didn't work out.
Load more articles