Login
FreshRSS
Login
Naked Security
PHP Packagist supply chain poisoned by hacker βlooking for a jobβ
By
Paul Ducklin
β May 5
th
2023 at 16:59
I pwned you! Gizza job! You know it makes sense!
Naked Security
Attention gamers! Motherboard maker MSI admits to breach, issues βrogue firmwareβ alert
By
Paul Ducklin
β April 11
th
2023 at 18:58
Stealing private keys is like getting hold of a medieval monarch's personal signet ring... you get to put an official seal on treasonous material.
Naked Security
S3 Ep129: When spyware arrives from someone you trust
By
Paul Ducklin
β April 6
th
2023 at 14:57
Scanning tools, supply-chain malware, Wi-Fi hacking, and why there should be TWO World Backup Days... listen now!
Naked Security
World Backup Day is here again β 5 tips to keep your precious data safe
By
Paul Ducklin
β March 31
st
2023 at 01:14
The only backup you will ever regret is the one you didn't make...
Naked Security
Supply chain blunder puts 3CX telephone app users at risk
By
Paul Ducklin
β March 30
th
2023 at 20:36
Booby-trapped app, apparently signed and shipped by 3CX itself after its source code repository was broken into.
Naked Security
Firefox 111 patches 11 holes, but not 1 zero-day among themβ¦
By
Paul Ducklin
β March 14
th
2023 at 19:16
In the game of cricket, 111 is an inauspicious number, but for Firefox, there doesn't seem to be much to worry about this month.
Naked Security
S3 Ep113: Pwning the Windows kernel β the crooks who hoodwinked Microsoft [Audio + Text]
By
Paul Ducklin
β December 15
th
2022 at 17:10
Return o' the rookit, super-sneaky wireless spyware, credit card skimming, and patches galore. Listen and learn!
Naked Security
TikTok βInvisible Challengeβ porn malware puts us all at risk
By
Paul Ducklin
β November 29
th
2022 at 19:58
An injury to one is an injury to all. Especially if the other people are part of your social network.
Naked Security
βGucci Masterβ business email scammer Hushpuppi gets 11 years
By
Naked Security writer
β November 14
th
2022 at 19:24
Learn how to protect yourself from big-money tricksters like the Hushpuppis of the world...
puppi-car-1200
Naked Security
Psychotherapy extortion suspect: arrest warrant issued
By
Paul Ducklin
β October 31
st
2022 at 19:59
Wanted! Not only the extortionist who abused the data, but also the CEO who let it happen.
Naked Security
Fashion brand SHEIN fined $1.9m for lying about data breach
By
Naked Security writer
β October 17
th
2022 at 18:50
Is "pay a small fine and keep on trading" a sufficient penalty for letting a breach happen, impeding an investigation, and hiding the truth?
Naked Security
GitHub blighted by βresearcherβ who created thousands of malicious projects
By
Paul Ducklin
β August 3
rd
2022 at 23:06
If you spew projects laced with hidden malware into an open source repository, don't waste your time telling us "no harm done" afterwards.
Naked Security
Poisoned Python and PHP packages purloin passwords for AWS access
By
Paul Ducklin
β May 24
th
2022 at 23:04
More supply chain trouble - this time with clear examples so you can learn how to spot this stuff yourself.
Naked Security
RubyGems supply chain rip-and-replace bug fixed β check your logs!
By
Paul Ducklin
β May 9
th
2022 at 15:41
Imagine if you could assume the identity of, say, Franklin Delano Roosevelt simply by showing up and calling yourself "Frank".
ruby-1200
Naked Security
Android monthly updates are out β critical bugs found in critical places!
By
Paul Ducklin
β May 4
th
2022 at 15:54
Android May 2022 updates are out - with some critical fixes in some critical places. Learn more...
Naked Security
GitHub issues final report on supply-chain source code intrusions
By
Paul Ducklin
β April 29
th
2022 at 16:15
Learn how to find out which apps you've given access rights to, and how to revoke those rights immediately in an emergency.
Naked Security
World Backup Day: 5 data recovery tips for everyone!
By
Paul Ducklin
β March 30
th
2022 at 15:10
The only backup you will ever regret is the one you didn't make
Naked Security
Serious Security: DEADBOLT β the ransomware that goes straight for your backups
By
Paul Ducklin
β March 23
rd
2022 at 19:58
Some tips on how to keep your network safe - even (or perhaps especially!) if you think you're safe already.
Naked Security
S3 Ep71: VMware escapes, PHP holes, WP plugin woes, and scary scams [Podcast + Transcript]
By
Paul Ducklin
β February 24
th
2022 at 16:51
Latest episode - listen now!
Naked Security
WordPress backup plugin maker Updraft says βYou should updateββ¦
By
Paul Ducklin
β February 22
nd
2022 at 17:26
A straight-talking bug report written in plain English by an actual expert - there's a teachable moment in this cybersecurity story!
Naked Security
Serious Security: Linux full-disk encryption bug fixed β patch now!
By
Paul Ducklin
β January 14
th
2022 at 21:58
Imagine if someone who didn't have your password could sneakily modify data that was encrypted with it.
Naked Security
S3 Ep65: Supply chain conniption, NetUSB hole, Honda flashback, FTC muscle [Podcast + Transcript]
By
Paul Ducklin
β January 13
th
2022 at 15:26
Latest episode -listen to it or read it now!
Naked Security
JavaScript developer destroys own projects in supply chain βlessonβ
By
Paul Ducklin
β January 11
th
2022 at 00:54
Two popular open source JavaScript packages recently got "hacked" in a symbolic gesture by the original project creator.
Naked Security
Listen up 2 β CYBERSECURITY FIRST! How to protect yourself from supply chain attacks
By
Paul Ducklin
β October 25
th
2021 at 16:38
Everyone remembers this year's big-news supply chain attacks on Kaseya and SolarWinds. Sophos expert Chester Wisniewski explains how to control the risk.
There are no more articles
β
Mark all as read