Login
FreshRSS
Login
Naked Security
S3 Ep141: What was Steve Jobsβs first job?
By
Paul Ducklin
β June 29
th
2023 at 16:58
Latest episode - listen now! (Full transcript inside.)
Naked Security
Interested in $10,000,000? Ready to turn in the Clop ransomware crew?
By
Naked Security writer
β June 28
th
2023 at 18:59
Technically, it's "up to $10 million", but it's potentially a LOT of money, nevertheless...
Naked Security
UK hacker busted in Spain gets 5 years over Twitter hack and more
By
Naked Security writer
β June 26
th
2023 at 18:35
Not just that infamous Twitter hack, but SIM-swapping, stalking and swatting too...
Naked Security
S3 Ep140: So you think you know ransomware?
By
Paul Ducklin
β June 22
nd
2023 at 16:48
Lots to learn this week - listen now! (Full transcript inside.)
Naked Security
Apple patch fixes zero-day kernel hole reported by Kaspersky β update now!
By
Paul Ducklin
β June 22
nd
2023 at 00:36
Apple didn't use the words "Triangulation Trojan", but you probably will.
Naked Security
ASUS warns router customers: Patch now, or block all inbound requests
By
Paul Ducklin
β June 20
th
2023 at 18:14
"Do as we say, not as we do!" - The patches took ages to come out, but don't let that lure you into taking ages to install them.
Naked Security
MOVEit mayhem 3: βDisable HTTP and HTTPS traffic immediatelyβ
By
Paul Ducklin
β June 15
th
2023 at 22:10
Twice more unto the breach... third patch tested and released, shut down web access until you've applied it
mi-1200
Naked Security
S3 Ep139: Are password rules like running through rain?
By
Paul Ducklin
β June 15
th
2023 at 18:43
Latest episode - listen now! (Full transcript inside.)
Naked Security
Patch Tuesday fixes 4 critical RCE bugs, and a bunch of Office holes
By
Paul Ducklin
β June 13
th
2023 at 23:32
No zero-days this month, if you ignore the Edge RCE hole patched last week
Naked Security
History revisited: US DOJ unseals Mt. Gox cybercrime charges
By
Naked Security writer
β June 12
th
2023 at 16:58
Though the mills of the Law grind slowly/Yet they grind exceeding small/Though with patience they stand waiting/With exactness grind they all...
Naked Security
More MOVEit mitigations: new patches published for further protection
By
Paul Ducklin
β June 9
th
2023 at 21:54
Good news... more patches, this time available proactively
Naked Security
S3 Ep138: I like to MOVEit, MOVEit
By
Paul Ducklin
β June 8
th
2023 at 16:56
Backdoors, exploits, and Little Bobby Tables. Listen now! (Full transcript available...)
s3-ep138-1200
Naked Security
Firefox 114 is out: No 0-days, but one fascinating βteachable momentβ bug
By
Paul Ducklin
β June 7
th
2023 at 19:59
With the right (or wrong, if you're on the right side of the fence) timing...
Naked Security
Chrome and Edge zero-day: βThis exploit is in the wildβ, so check your versions now
By
Paul Ducklin
β June 6
th
2023 at 18:28
Chrome and Edge 0-days patched.
Naked Security
MOVEit zero-day exploit used by data breach gangs: The how, the why, and what to doβ¦
By
Paul Ducklin
β June 5
th
2023 at 19:59
Little Bobby Tables is back!
mi-1200
Naked Security
Researchers claim Windows βbackdoorβ affects hundreds of Gigabyte motherboards
By
Paul Ducklin
β June 2
nd
2023 at 18:56
It's a backdoor, Jim, but not as we know it... here's a sober look at this issue.
Naked Security
S3 Ep137: 16th century crypto skullduggery
By
Paul Ducklin
β June 1
st
2023 at 16:45
Lots to learn, clearly explained in plain English... listen now! (Full transcript inside.)
s3-ep137-feat-1200
Naked Security
Serious Security: That KeePass βmaster password crackβ, and what we can learn from it
By
Paul Ducklin
β May 31
st
2023 at 19:39
Here, in an admittedly discursive nutshell, is the fascinating story of CVE-2023-32784. (Short version: Don't panic.)
Naked Security
Serious Security: Verification is vital β examining an OAUTH login bug
By
Paul Ducklin
β May 30
th
2023 at 16:59
What good is a popup asking for your approval if an attacker can bypass it simply by suppressing it?
Naked Security
S3 Ep136: Navigating a manic malware maelstrom
By
Paul Ducklin
β May 25
th
2023 at 16:50
Latest episode - listen now. Full transcript inside...
Naked Security
Appleβs secret is out: 3 zero-days fixed, so be sure to patch now!
By
Paul Ducklin
β May 19
th
2023 at 01:02
All Apple users have zero-days that need patching, though some have more zero-days than others.
Naked Security
S3 Ep135: Sysadmin by day, extortionist by night
By
Paul Ducklin
β May 18
th
2023 at 18:48
Laugh (sufficiently), learn (efficiently), and then let us know what you think in our comments (anonymously, if you wish)...
Naked Security
US offers $10m bounty for Russian ransomware suspect outed in indictment
By
Naked Security writer
β May 17
th
2023 at 18:40
"Up to $10 million for information that leads to the arrest and/or conviction of this defendant."
Naked Security
S3 Ep134: Itβs a PRIVATE key β the hint is in the name!
By
Paul Ducklin
β May 11
th
2023 at 14:54
Latest episode - listen now! (Full transcript inside.)
Naked Security
PHP Packagist supply chain poisoned by hacker βlooking for a jobβ
By
Paul Ducklin
β May 5
th
2023 at 16:59
I pwned you! Gizza job! You know it makes sense!
Naked Security
S3 Ep133: Apple takes βtight-lippedβ to a whole new level
By
Paul Ducklin
β May 4
th
2023 at 20:59
Entertaining, educational, and all in plain English π§π
Naked Security
Apple delivers first-ever Rapid Security Response βcyberattackβ patch β leaves some users confused
By
Paul Ducklin
β May 1
st
2023 at 20:46
Just when we'd got used to three-numbered versions, such as "13.3.1", here comes an update suffix, bringing you "13.3.1 (a)"...
Naked Security
S3 Ep132: Proof-of-concept lets anyone hack at will
By
Paul Ducklin
β April 27
th
2023 at 16:55
When Doug says, "Happy Remote Code Execution Day, Duck"... it's irony. For the avoidance of all doubt :-)
Naked Security
PaperCut security vulnerabilities under active attack β vendor urges customers to patch
By
Paul Ducklin
β April 25
th
2023 at 17:53
If you have the product, but you haven't patched - well, the crooks have now landed, so please don't delay. Do it today...
Naked Security
Double zero-day in Chrome and Edge β check your versions now!
By
Paul Ducklin
β April 24
th
2023 at 19:59
Wouldn't it be handy if there were a single version number to check for in every Chromium-based browser, on every supported platform?
Naked Security
VMware patches break-and-enter hole in logging tools: update now!
By
Paul Ducklin
β April 21
st
2023 at 17:58
You know jolly well/What we're going to say/And that's "Do not delay/Simply do it today."
Naked Security
S3 Ep131: Can you really have fun with FORTRAN?
By
Paul Ducklin
β April 20
th
2023 at 17:55
Loop-the-loop in this week's episode. Entertaining, educational and all in plain English. Transcript inside.
Naked Security
S3 Ep130: Open the garage bay doors, HAL [Audio + Text]
By
Paul Ducklin
β April 13
th
2023 at 16:54
I'm sorry, Dave. I'm afraid I can't... errr, no, hang on a minute, I can do that easily! Worldwide! Right now!
Naked Security
Patch Tuesday: Microsoft fixes a zero-day, and two curious bugs that take the Secure out of Secure Boot
By
Paul Ducklin
β April 12
th
2023 at 18:57
Is Secure Boot without the Secure just "Boot"?
Naked Security
Apple zero-day spyware patches extended to cover older Macs, iPhones and iPads
By
Paul Ducklin
β April 10
th
2023 at 20:20
That double-whammy Apple browser-to-kernel spyware bug combo we wrote up last week? Turns out it applies to all supported Macs and iDevices - patch now!
Naked Security
Popular server-side JavaScript security sandbox βvm2β patches remote execution hole
By
Paul Ducklin
β April 9
th
2023 at 00:28
The security error was in the error handling system that was supposed to catch potential security errors...
vm2-1200
Naked Security
Apple issues emergency patches for spyware-style 0-day exploits β update now!
By
Paul Ducklin
β April 8
th
2023 at 01:20
A bug to hack your browser, then a bug to pwn the kernel... reported from the wild by Amnesty International.
Naked Security
S3 Ep129: When spyware arrives from someone you trust
By
Paul Ducklin
β April 6
th
2023 at 14:57
Scanning tools, supply-chain malware, Wi-Fi hacking, and why there should be TWO World Backup Days... listen now!
Naked Security
Hack and enter! The βsecureβ garage doors that anyone can open from anywhere β what you need to know
By
Paul Ducklin
β April 5
th
2023 at 18:49
Grab a message/Play it back/You've just performed/A big phat hack...
Naked Security
Supply chain blunder puts 3CX telephone app users at risk
By
Paul Ducklin
β March 30
th
2023 at 20:36
Booby-trapped app, apparently signed and shipped by 3CX itself after its source code repository was broken into.
Naked Security
S3 Ep128: So you want to be a cyberΒcriminal? [Audio + Text]
By
Paul Ducklin
β March 30
th
2023 at 19:43
Latest episode - listen now!
Naked Security
Apple patches everything, including a zero-day fix for iOS 15 users
By
Paul Ducklin
β March 28
th
2023 at 00:23
Got an older iPhone that can't run iOS 16? You've got a zero-day to deal with! That super-cool Studio Display monitor needs patching, too.
Naked Security
In Memoriam β Gordon Moore, who put the more in βMooreβs Lawβ
By
Paul Ducklin
β March 27
th
2023 at 00:05
His prediction was called a "Law", though it was an exhortation to engineering excellence as much it was an estimate.
gm-rip-1200
Naked Security
WooCommerce Payments plugin for WordPress has an admin-level hole β patch now!
By
Paul Ducklin
β March 24
th
2023 at 19:48
Admin-level holes in websites are always a bad thing... and for "bad", read "worse" if it's an e-commerce site.
woo-1200
Naked Security
S3 Ep127: When you chop someone out of a photo, but there they are anywayβ¦
By
Paul Ducklin
β March 23
rd
2023 at 17:59
Listen now - latest episode. Full transcript inside.
Naked Security
Dangerous Android phone 0-day bugs revealed β patch or work around them now!
By
Paul Ducklin
β March 17
th
2023 at 19:56
Despite its usually inflexible 0-day disclosure policy, Google is keeping four mobile modem bugs semi-secret due to likely ease of exploitation.
Naked Security
S3 Ep 126: The price of fast fashion (and feature creep) [Audio + Text]
By
Paul Ducklin
β March 16
th
2023 at 17:56
Worried about rogue apps? Unsure about the new Outlook zero-day? Clear advice in plain English... just like old times, with Duck and Chet!
Naked Security
Microsoft fixes two 0-days on Patch Tuesday β update now!
By
Paul Ducklin
β March 15
th
2023 at 00:06
An email you haven't even looked at yet could be used to trick Outlook into helping crooks to logon as you.
Naked Security
Firefox 111 patches 11 holes, but not 1 zero-day among themβ¦
By
Paul Ducklin
β March 14
th
2023 at 19:16
In the game of cricket, 111 is an inauspicious number, but for Firefox, there doesn't seem to be much to worry about this month.
Naked Security
S3 Ep125: When security hardware has security holes [Audio + Text]
By
Paul Ducklin
β March 9
th
2023 at 18:58
Lastest episode - listen now! (Full transcript inside.)
Naked Security
Serious Security: TPM 2.0 vulns β is your super-secure data at risk?
By
Paul Ducklin
β March 7
th
2023 at 19:59
Security bugs in the very code you've been told you must have to improve the security of your computer...
Naked Security
Feds warn about right Royal ransomware rampage that runs the gamut of TTPs
By
Paul Ducklin
β March 3
rd
2023 at 19:56
Wondering which cybercrime tools, techniques and procedures to focus on? How about any and all of them?
Naked Security
S3 Ep124: When so-called security apps go rogue [Audio + Text]
By
Paul Ducklin
β March 2
nd
2023 at 19:40
Rogue software packages. Rogue "sysadmins". Rogue keyloggers. Rogue authenticators. Rogue ROGUES!
s3-ep124-auth--1200
Naked Security
S3 Ep123: Crypto company compromise kerfuffle [Audio + Text]
By
Paul Ducklin
β February 23
rd
2023 at 19:58
Latest episode - listen now! Top-notch advice for cybersecurity, both at work and at home.
Naked Security
NPM JavaScript packages abused to create scambait links in bulk
By
Paul Ducklin
β February 22
nd
2023 at 20:59
Free spins? Bonus game points? Cheap social media followers? What harm could it possibly do if you just take a tiny little look?!
Naked Security
Twitter tells users: Pay up if you want to keep using insecure 2FA
By
Paul Ducklin
β February 20
th
2023 at 17:58
Ironically, Twitter Blue users will be allowed to keep using the very 2FA process that's not considered secure enough for everyone else.
Naked Security
S3 Ep122: Stop calling every breach βsophisticatedβ! [Audio + Text]
By
Paul Ducklin
β February 16
th
2023 at 17:46
Latest episode - listen now! (Full transcript inside.)
Naked Security
Apple fixes zero-day spyware implant bug β patch now!
By
Paul Ducklin
β February 14
th
2023 at 19:08
Everyone update now! Except for those who don't need to! Or who need to but will only get updates later on, though Apple isn't saying yet!
Naked Security
Reddit admits it was hacked and data stolen, says βDonβt panicβ
By
Paul Ducklin
β February 10
th
2023 at 19:59
Reddit is suggesting three tips as a follow-up to this breach. We agree with two of them but not with the third...
Naked Security
S3 Ep121: Can you get hacked and then prosecuted for it? [Audio + Text]
By
Paul Ducklin
β February 9
th
2023 at 19:41
Latest epsiode. Listen now!
Load more articles