S3 Ep141: What was Steve Jobs’s first job?

By Paul Ducklin — June 29^th 2023 at 16:58

Latest episode - listen now! (Full transcript inside.)

Naked Security

Interested in $10,000,000? Ready to turn in the Clop ransomware crew?

By Naked Security writer — June 28^th 2023 at 18:59

Technically, it's "up to $10 million", but it's potentially a LOT of money, nevertheless...

Naked Security

UK hacker busted in Spain gets 5 years over Twitter hack and more

By Naked Security writer — June 26^th 2023 at 18:35

Not just that infamous Twitter hack, but SIM-swapping, stalking and swatting too...

Naked Security

S3 Ep140: So you think you know ransomware?

By Paul Ducklin — June 22^nd 2023 at 16:48

Lots to learn this week - listen now! (Full transcript inside.)

Naked Security

Apple patch fixes zero-day kernel hole reported by Kaspersky – update now!

By Paul Ducklin — June 22^nd 2023 at 00:36

Apple didn't use the words "Triangulation Trojan", but you probably will.

Naked Security

ASUS warns router customers: Patch now, or block all inbound requests

By Paul Ducklin — June 20^th 2023 at 18:14

"Do as we say, not as we do!" - The patches took ages to come out, but don't let that lure you into taking ages to install them.

Naked Security

MOVEit mayhem 3: “Disable HTTP and HTTPS traffic immediately”

By Paul Ducklin — June 15^th 2023 at 22:10

Twice more unto the breach... third patch tested and released, shut down web access until you've applied it

mi-1200

Naked Security

S3 Ep139: Are password rules like running through rain?

By Paul Ducklin — June 15^th 2023 at 18:43

Latest episode - listen now! (Full transcript inside.)

Naked Security

Patch Tuesday fixes 4 critical RCE bugs, and a bunch of Office holes

By Paul Ducklin — June 13^th 2023 at 23:32

No zero-days this month, if you ignore the Edge RCE hole patched last week

Naked Security

History revisited: US DOJ unseals Mt. Gox cybercrime charges

By Naked Security writer — June 12^th 2023 at 16:58

Though the mills of the Law grind slowly/Yet they grind exceeding small/Though with patience they stand waiting/With exactness grind they all...

Naked Security

More MOVEit mitigations: new patches published for further protection

By Paul Ducklin — June 9^th 2023 at 21:54

Good news... more patches, this time available proactively

Naked Security

S3 Ep138: I like to MOVEit, MOVEit

By Paul Ducklin — June 8^th 2023 at 16:56

Backdoors, exploits, and Little Bobby Tables. Listen now! (Full transcript available...)

s3-ep138-1200

Naked Security

Firefox 114 is out: No 0-days, but one fascinating “teachable moment” bug

By Paul Ducklin — June 7^th 2023 at 19:59

With the right (or wrong, if you're on the right side of the fence) timing...

Naked Security

Chrome and Edge zero-day: “This exploit is in the wild”, so check your versions now

By Paul Ducklin — June 6^th 2023 at 18:28

Chrome and Edge 0-days patched.

Naked Security

MOVEit zero-day exploit used by data breach gangs: The how, the why, and what to do…

By Paul Ducklin — June 5^th 2023 at 19:59

Little Bobby Tables is back!

mi-1200

Naked Security

Researchers claim Windows “backdoor” affects hundreds of Gigabyte motherboards

By Paul Ducklin — June 2^nd 2023 at 18:56

It's a backdoor, Jim, but not as we know it... here's a sober look at this issue.

Naked Security

S3 Ep137: 16th century crypto skullduggery

By Paul Ducklin — June 1^st 2023 at 16:45

Lots to learn, clearly explained in plain English... listen now! (Full transcript inside.)

s3-ep137-feat-1200

Naked Security

Serious Security: That KeePass “master password crack”, and what we can learn from it

By Paul Ducklin — May 31^st 2023 at 19:39

Here, in an admittedly discursive nutshell, is the fascinating story of CVE-2023-32784. (Short version: Don't panic.)

Naked Security

Serious Security: Verification is vital – examining an OAUTH login bug

By Paul Ducklin — May 30^th 2023 at 16:59

What good is a popup asking for your approval if an attacker can bypass it simply by suppressing it?

Naked Security

S3 Ep136: Navigating a manic malware maelstrom

By Paul Ducklin — May 25^th 2023 at 16:50

Latest episode - listen now. Full transcript inside...

Naked Security

Apple’s secret is out: 3 zero-days fixed, so be sure to patch now!

By Paul Ducklin — May 19^th 2023 at 01:02

All Apple users have zero-days that need patching, though some have more zero-days than others.

Naked Security

S3 Ep135: Sysadmin by day, extortionist by night

By Paul Ducklin — May 18^th 2023 at 18:48

Laugh (sufficiently), learn (efficiently), and then let us know what you think in our comments (anonymously, if you wish)...

Naked Security

US offers $10m bounty for Russian ransomware suspect outed in indictment

By Naked Security writer — May 17^th 2023 at 18:40

"Up to $10 million for information that leads to the arrest and/or conviction of this defendant."

Naked Security

S3 Ep134: It’s a PRIVATE key – the hint is in the name!

By Paul Ducklin — May 11^th 2023 at 14:54

Latest episode - listen now! (Full transcript inside.)

Naked Security

PHP Packagist supply chain poisoned by hacker “looking for a job”

By Paul Ducklin — May 5^th 2023 at 16:59

I pwned you! Gizza job! You know it makes sense!

Naked Security

S3 Ep133: Apple takes “tight-lipped” to a whole new level

By Paul Ducklin — May 4^th 2023 at 20:59

Entertaining, educational, and all in plain English 🎧📖

Naked Security

Apple delivers first-ever Rapid Security Response “cyberattack” patch – leaves some users confused

By Paul Ducklin — May 1^st 2023 at 20:46

Just when we'd got used to three-numbered versions, such as "13.3.1", here comes an update suffix, bringing you "13.3.1 (a)"...

Naked Security

S3 Ep132: Proof-of-concept lets anyone hack at will

By Paul Ducklin — April 27^th 2023 at 16:55

When Doug says, "Happy Remote Code Execution Day, Duck"... it's irony. For the avoidance of all doubt :-)

Naked Security

PaperCut security vulnerabilities under active attack – vendor urges customers to patch

By Paul Ducklin — April 25^th 2023 at 17:53

If you have the product, but you haven't patched - well, the crooks have now landed, so please don't delay. Do it today...

Naked Security

Double zero-day in Chrome and Edge – check your versions now!

By Paul Ducklin — April 24^th 2023 at 19:59

Wouldn't it be handy if there were a single version number to check for in every Chromium-based browser, on every supported platform?

Naked Security

VMware patches break-and-enter hole in logging tools: update now!

By Paul Ducklin — April 21^st 2023 at 17:58

You know jolly well/What we're going to say/And that's "Do not delay/Simply do it today."

Naked Security

S3 Ep131: Can you really have fun with FORTRAN?

By Paul Ducklin — April 20^th 2023 at 17:55

Loop-the-loop in this week's episode. Entertaining, educational and all in plain English. Transcript inside.

Naked Security

S3 Ep130: Open the garage bay doors, HAL [Audio + Text]

By Paul Ducklin — April 13^th 2023 at 16:54

I'm sorry, Dave. I'm afraid I can't... errr, no, hang on a minute, I can do that easily! Worldwide! Right now!

Naked Security

Patch Tuesday: Microsoft fixes a zero-day, and two curious bugs that take the Secure out of Secure Boot

By Paul Ducklin — April 12^th 2023 at 18:57

Is Secure Boot without the Secure just "Boot"?

Naked Security

Apple zero-day spyware patches extended to cover older Macs, iPhones and iPads

By Paul Ducklin — April 10^th 2023 at 20:20

That double-whammy Apple browser-to-kernel spyware bug combo we wrote up last week? Turns out it applies to all supported Macs and iDevices - patch now!

Naked Security

Popular server-side JavaScript security sandbox “vm2” patches remote execution hole

By Paul Ducklin — April 9^th 2023 at 00:28

The security error was in the error handling system that was supposed to catch potential security errors...

vm2-1200

Naked Security

Apple issues emergency patches for spyware-style 0-day exploits – update now!

By Paul Ducklin — April 8^th 2023 at 01:20

A bug to hack your browser, then a bug to pwn the kernel... reported from the wild by Amnesty International.

Naked Security

S3 Ep129: When spyware arrives from someone you trust

By Paul Ducklin — April 6^th 2023 at 14:57

Scanning tools, supply-chain malware, Wi-Fi hacking, and why there should be TWO World Backup Days... listen now!

Naked Security

Hack and enter! The “secure” garage doors that anyone can open from anywhere – what you need to know

By Paul Ducklin — April 5^th 2023 at 18:49

Grab a message/Play it back/You've just performed/A big phat hack...

Naked Security

Supply chain blunder puts 3CX telephone app users at risk

By Paul Ducklin — March 30^th 2023 at 20:36

Booby-trapped app, apparently signed and shipped by 3CX itself after its source code repository was broken into.

Naked Security

S3 Ep128: So you want to be a cybercriminal? [Audio + Text]

By Paul Ducklin — March 30^th 2023 at 19:43

Latest episode - listen now!

Naked Security

Apple patches everything, including a zero-day fix for iOS 15 users

By Paul Ducklin — March 28^th 2023 at 00:23

Got an older iPhone that can't run iOS 16? You've got a zero-day to deal with! That super-cool Studio Display monitor needs patching, too.

Naked Security

In Memoriam – Gordon Moore, who put the more in “Moore’s Law”

By Paul Ducklin — March 27^th 2023 at 00:05

His prediction was called a "Law", though it was an exhortation to engineering excellence as much it was an estimate.

gm-rip-1200

Naked Security

WooCommerce Payments plugin for WordPress has an admin-level hole – patch now!

By Paul Ducklin — March 24^th 2023 at 19:48

Admin-level holes in websites are always a bad thing... and for "bad", read "worse" if it's an e-commerce site.

woo-1200

Naked Security

S3 Ep127: When you chop someone out of a photo, but there they are anyway…

By Paul Ducklin — March 23^rd 2023 at 17:59

Listen now - latest episode. Full transcript inside.

Naked Security

Dangerous Android phone 0-day bugs revealed – patch or work around them now!

By Paul Ducklin — March 17^th 2023 at 19:56

Despite its usually inflexible 0-day disclosure policy, Google is keeping four mobile modem bugs semi-secret due to likely ease of exploitation.

Naked Security

S3 Ep 126: The price of fast fashion (and feature creep) [Audio + Text]

By Paul Ducklin — March 16^th 2023 at 17:56

Worried about rogue apps? Unsure about the new Outlook zero-day? Clear advice in plain English... just like old times, with Duck and Chet!

Naked Security

Microsoft fixes two 0-days on Patch Tuesday – update now!

By Paul Ducklin — March 15^th 2023 at 00:06

An email you haven't even looked at yet could be used to trick Outlook into helping crooks to logon as you.

Naked Security

Firefox 111 patches 11 holes, but not 1 zero-day among them…

By Paul Ducklin — March 14^th 2023 at 19:16

In the game of cricket, 111 is an inauspicious number, but for Firefox, there doesn't seem to be much to worry about this month.

Naked Security

S3 Ep125: When security hardware has security holes [Audio + Text]

By Paul Ducklin — March 9^th 2023 at 18:58

Lastest episode - listen now! (Full transcript inside.)

Naked Security

Serious Security: TPM 2.0 vulns – is your super-secure data at risk?

By Paul Ducklin — March 7^th 2023 at 19:59

Security bugs in the very code you've been told you must have to improve the security of your computer...

Naked Security

Feds warn about right Royal ransomware rampage that runs the gamut of TTPs

By Paul Ducklin — March 3^rd 2023 at 19:56

Wondering which cybercrime tools, techniques and procedures to focus on? How about any and all of them?

Naked Security

S3 Ep124: When so-called security apps go rogue [Audio + Text]

By Paul Ducklin — March 2^nd 2023 at 19:40

Rogue software packages. Rogue "sysadmins". Rogue keyloggers. Rogue authenticators. Rogue ROGUES!

s3-ep124-auth--1200

Naked Security

S3 Ep123: Crypto company compromise kerfuffle [Audio + Text]

By Paul Ducklin — February 23^rd 2023 at 19:58

Latest episode - listen now! Top-notch advice for cybersecurity, both at work and at home.

Naked Security

NPM JavaScript packages abused to create scambait links in bulk

By Paul Ducklin — February 22^nd 2023 at 20:59

Free spins? Bonus game points? Cheap social media followers? What harm could it possibly do if you just take a tiny little look?!

Naked Security

Twitter tells users: Pay up if you want to keep using insecure 2FA

By Paul Ducklin — February 20^th 2023 at 17:58

Ironically, Twitter Blue users will be allowed to keep using the very 2FA process that's not considered secure enough for everyone else.

Naked Security

S3 Ep122: Stop calling every breach “sophisticated”! [Audio + Text]

By Paul Ducklin — February 16^th 2023 at 17:46

Latest episode - listen now! (Full transcript inside.)

Naked Security

Apple fixes zero-day spyware implant bug – patch now!

By Paul Ducklin — February 14^th 2023 at 19:08

Everyone update now! Except for those who don't need to! Or who need to but will only get updates later on, though Apple isn't saying yet!

Naked Security

Reddit admits it was hacked and data stolen, says “Don’t panic”

By Paul Ducklin — February 10^th 2023 at 19:59

Reddit is suggesting three tips as a follow-up to this breach. We agree with two of them but not with the third...

Naked Security

S3 Ep121: Can you get hacked and then prosecuted for it? [Audio + Text]

By Paul Ducklin — February 9^th 2023 at 19:41

Latest epsiode. Listen now!