Naked Security

SEC demands four-day disclosure limit for cybersecurity breaches

When is a ransomware attack a reportable matter? And how long have you got to decide?

Naked Security

S3 Ep131: Can you really have fun with FORTRAN?

Loop-the-loop in this week's episode. Entertaining, educational and all in plain English. Transcript inside.

Naked Security

Ex-CEO of breached pyschotherapy clinic gets prison sentence for bad data security

Did the sentence fit the crime? Read the backstory, and then have your say in our comments! (You may post anonymously.)

Naked Security

Attention gamers! Motherboard maker MSI admits to breach, issues “rogue firmware” alert

Stealing private keys is like getting hold of a medieval monarch's personal signet ring... you get to put an official seal on treasonous material.

Naked Security

Bitcoin ATM customers hacked by video upload that was actually an app

As the misquote goes, "Once is misfortune..." This is the second time, and you know what Lady Bracknell had to say about that...

Naked Security

LastPass: Keylogger on home PC led to cracked corporate password vault

Seems the crooks implanted a keylogger via a vulnerable media app (LastPass politely didn't say which one!) on a developer's home computer.

Naked Security

Dutch police arrest three cyberextortion suspects who allegedly earned millions

Ever paid hush money to crooks who broke into your network? Wondered how much you can trust them?

Naked Security

Coinbase breached by social engineers, employee data stolen

Another day, another "sophisticated" attack. This time, the company has handily included some useful advice along with its mea culpa...

Naked Security

GoDaddy admits: Crooks hit us with malware, poisoned customer websites

New report admits that attackers were detected in the network about three months ago, and may have been attacking for about three years.

Naked Security

Reddit admits it was hacked and data stolen, says “Don’t panic”

Reddit is suggesting three tips as a follow-up to this breach. We agree with two of them but not with the third...

Naked Security

Finnish psychotherapy extortion suspect arrested in France

Company transcribed ultra-personal conversations, didn't secure them. Criminal stole them, then extorted thousands of vulnerable patients.

Naked Security

GitHub code-signing certificates stolen (but will be revoked this week)

There was a breach, so the bad news isn't great, but the good news isn't too bad...

Naked Security

Dutch suspect locked up for alleged personal data megathefts

Undercover Austrian "controlled data buy" leads to Amsterdam arrest and ongoing investigation. Suspect is said to steal and sell all sorts of data, including medical records.

Naked Security

GoTo admits: Customer cloud backups stolen together with decryption key

We were going to write, "Once more unto the breach, dear friends, once more"... but it seems to go without saying these days.

Naked Security

T-Mobile admits to 37,000,000 customer records stolen by “bad actor”

Once more, it's time for Shakespeare's words: Once more unto the breach...

Naked Security

S3 Ep118: Guess your password? No need if it’s stolen already! [Audio + Text]

As always: entertaining, informative and educational... and not bogged down with jargon! Listen (or read) now...

Naked Security

CircleCI – code-building service suffers total credential compromise

They're saying "rotate secrets"... in plain English, they mean "change your credentials". The company has a tool to help you find them all.

Naked Security

Twitter data of “+400 million unique users” up for sale – what to do?

If the crooks have connected up your phone number and your Twitter handle... what could go wrong?

Naked Security

LastPass finally admits: Those crooks who got in? They did steal your password vaults, after all…

The crooks now know who you are, where you live, which computers are yours, where you go online... and they got those password vaults, too.

Naked Security

LastPass admits to customer data breach caused by previous breach

Seems that the developer account that the crooks breached last time gave indirect access to customer data this time round.

Naked Security

S3 Ep107: Eight months to kick out the crooks and you think that’s GOOD? [Audio + Text]

Listen now - latest episode - audio plus full transcript

Naked Security

Online ticketing company “See” pwned for 2.5 years by attackers

Don't be a cybersecurity slowcoach - you need to spot possible attacks as soon as you can.

Naked Security

S3 Ep105: WONTFIX! The MS Office cryptofail that “isn’t a security flaw” [Audio + Text]

The coolest video game ever! And lots of solid cybersecurity advice - listen now!

Naked Security

Fashion brand SHEIN fined $1.9m for lying about data breach

Is "pay a small fine and keep on trading" a sufficient penalty for letting a breach happen, impeding an investigation, and hiding the truth?

Naked Security

S3 Ep102: How to avoid a data breach [Audio + Transcript]

Latest episode - listen now! Tell fact from fiction in hyped-up cybersecurity news...

Naked Security

Optus breach – Aussie telco told it will have to pay to replace IDs

Licence compromised? Passport number burned? Need a new one? Who's going to pay?

Naked Security

S3 Ep101: Uber and LastPass breaches – is 2FA all it’s cracked up to be? [Audio + Text]

Latest episode - listen now! Learn why adopting 2FA isn't a reason to relax your other security precautions...

Naked Security

LastPass source code breach – incident response report released

Wondering how you'd handle a data breach report if the worst happened to you? Here's a useful example.

Naked Security

UBER HAS BEEN HACKED, boasts hacker – how to stop it happening to you

Uber is all over the news for a widely-publicised data breach. We help you answer the question, "How do I stop this happening to me?"

Naked Security

LastPass source code breach – do we still recommend password managers?

What does the recent LastPass breach mean for password managers? Just a bump in the road, or a reason to ditch them entirely?

Naked Security

T-Mobile to cough up $500 million over 2021 data breach

Technically, it's not a fine, and the lawyers will get a big chunk of it. But it still adds up to a half-billion-dollar data breach.

Naked Security

S3 Ep88: Phone scammers, hacking bust, and data breach fines [Podcast + Transcript]

Latest epsiode - listen (or read) now!

Naked Security

Capital One identity theft hacker finally gets convicted

It took three years, but the Capital One cracker was convicted in the end. Don't get caught out in a data breach of your own!

Naked Security

S3 Ep77: Bugs, busts and old-school PDP-11 hacking [Podcast]

Latest episode - listen now! Cybersecurity news and advice in plain English.

Naked Security

S3 Ep75: Okta hack, CryptoRom, OpenSSL, and CafePress [Podcast]

Latest episode - listen now!

Naked Security

Adafruit suffers GitHub data breach – don’t let this happen to you

Training data stashed in GitHub by mistake... unfortunately, it was *real* data

Naked Security

Ransomware with a difference: “Derestrict your software, or else!”

"Change your code to improve cryptomining"... or we'll dump 1TB of stolen secrets.

Naked Security

S3 Ep60: Exchange exploit, GoDaddy breach and cookies made public [Podcast]

Latest episode - listen now! Solid cybersecurity advice in plain English.

Naked Security

GoDaddy admits to password breach: check your Managed WordPress site!

GoDaddy found crooks in its network, and kicked them out - but not before they'd been in there for six weeks.