Login
FreshRSS
Login
Naked Security
S3 Ep149: How many cryptographers does it take to change a light bulb?
By
Paul Ducklin
β August 24
th
2023 at 18:50
Latest episode - listen now! Full transcript inside...
Naked Security
S3 Ep148: Remembering crypto heroes
By
Paul Ducklin
β August 17
th
2023 at 19:43
Celebrating the true crypto bros. Listen now (full transcript available).
Naked Security
βGrab hold and give it a wiggleβ β ATM card skimming is still a thing
By
Paul Ducklin
β August 14
th
2023 at 23:18
The rise of tap-to-pay and chip-and-PIN hasn't rid the world of ATM card skimming criminals...
Naked Security
S3 Ep147: What if you type in your password during a meeting?
By
Paul Ducklin
β August 10
th
2023 at 13:34
Latest episode - listen now! (Full transcript inside.)
Naked Security
Hacking police radios: 30-year-old crypto flaws in the spotlight
By
Paul Ducklin
β July 24
th
2023 at 16:59
"Three may keep a secret, if two of them are dead."
Naked Security
S3 Ep142: Putting the X in X-Ops
By
Paul Ducklin
β July 6
th
2023 at 19:58
How to get all your corporate "Ops" teams working together, with cybersecurity correctness as a guiding light.
s3-ep100-js-1200
Naked Security
Ghostscript bug could allow rogue documents to run system commands
By
Paul Ducklin
β July 4
th
2023 at 17:57
Even if you've never heard of the venerable Ghostscript project, you may have it installed without knowing.
Naked Security
S3 Ep141: What was Steve Jobsβs first job?
By
Paul Ducklin
β June 29
th
2023 at 16:58
Latest episode - listen now! (Full transcript inside.)
Naked Security
UK hacker busted in Spain gets 5 years over Twitter hack and more
By
Naked Security writer
β June 26
th
2023 at 18:35
Not just that infamous Twitter hack, but SIM-swapping, stalking and swatting too...
Naked Security
ASUS warns router customers: Patch now, or block all inbound requests
By
Paul Ducklin
β June 20
th
2023 at 18:14
"Do as we say, not as we do!" - The patches took ages to come out, but don't let that lure you into taking ages to install them.
Naked Security
S3 Ep139: Are password rules like running through rain?
By
Paul Ducklin
β June 15
th
2023 at 18:43
Latest episode - listen now! (Full transcript inside.)
Naked Security
S3 Ep137: 16th century crypto skullduggery
By
Paul Ducklin
β June 1
st
2023 at 16:45
Lots to learn, clearly explained in plain English... listen now! (Full transcript inside.)
s3-ep137-feat-1200
Naked Security
S3 Ep136: Navigating a manic malware maelstrom
By
Paul Ducklin
β May 25
th
2023 at 16:50
Latest episode - listen now. Full transcript inside...
Naked Security
S3 Ep134: Itβs a PRIVATE key β the hint is in the name!
By
Paul Ducklin
β May 11
th
2023 at 14:54
Latest episode - listen now! (Full transcript inside.)
Naked Security
Mac malware-for-hire steals passwords and cryptocoins, sends βcrime logsβ via Telegram
By
Paul Ducklin
β April 30
th
2023 at 01:23
These malware peddlers are specifically going after Mac users. The hint's in the name: "Atomic macOS Stealer", or AMOS for short.
Naked Security
S3 Ep132: Proof-of-concept lets anyone hack at will
By
Paul Ducklin
β April 27
th
2023 at 16:55
When Doug says, "Happy Remote Code Execution Day, Duck"... it's irony. For the avoidance of all doubt :-)
Naked Security
PaperCut security vulnerabilities under active attack β vendor urges customers to patch
By
Paul Ducklin
β April 25
th
2023 at 17:53
If you have the product, but you haven't patched - well, the crooks have now landed, so please don't delay. Do it today...
Naked Security
S3 Ep130: Open the garage bay doors, HAL [Audio + Text]
By
Paul Ducklin
β April 13
th
2023 at 16:54
I'm sorry, Dave. I'm afraid I can't... errr, no, hang on a minute, I can do that easily! Worldwide! Right now!
Naked Security
Apple zero-day spyware patches extended to cover older Macs, iPhones and iPads
By
Paul Ducklin
β April 10
th
2023 at 20:20
That double-whammy Apple browser-to-kernel spyware bug combo we wrote up last week? Turns out it applies to all supported Macs and iDevices - patch now!
Naked Security
Popular server-side JavaScript security sandbox βvm2β patches remote execution hole
By
Paul Ducklin
β April 9
th
2023 at 00:28
The security error was in the error handling system that was supposed to catch potential security errors...
vm2-1200
Naked Security
Hack and enter! The βsecureβ garage doors that anyone can open from anywhere β what you need to know
By
Paul Ducklin
β April 5
th
2023 at 18:49
Grab a message/Play it back/You've just performed/A big phat hack...
Naked Security
WooCommerce Payments plugin for WordPress has an admin-level hole β patch now!
By
Paul Ducklin
β March 24
th
2023 at 19:48
Admin-level holes in websites are always a bad thing... and for "bad", read "worse" if it's an e-commerce site.
woo-1200
Naked Security
S3 Ep127: When you chop someone out of a photo, but there they are anywayβ¦
By
Paul Ducklin
β March 23
rd
2023 at 17:59
Listen now - latest episode. Full transcript inside.
Naked Security
Bitcoin ATM customers hacked by video upload that was actually an app
By
Paul Ducklin
β March 20
th
2023 at 19:50
As the misquote goes, "Once is misfortune..." This is the second time, and you know what Lady Bracknell had to say about that...
Naked Security
Dangerous Android phone 0-day bugs revealed β patch or work around them now!
By
Paul Ducklin
β March 17
th
2023 at 19:56
Despite its usually inflexible 0-day disclosure policy, Google is keeping four mobile modem bugs semi-secret due to likely ease of exploitation.
Naked Security
S3 Ep 126: The price of fast fashion (and feature creep) [Audio + Text]
By
Paul Ducklin
β March 16
th
2023 at 17:56
Worried about rogue apps? Unsure about the new Outlook zero-day? Clear advice in plain English... just like old times, with Duck and Chet!
Naked Security
DoppelPaymer ransomware supsects arrested in Germany and Ukraine
By
Naked Security writer
β March 6
th
2023 at 16:16
Devices seized, suspects interrogated and arrested, allegedly connected to devastating cyberattack on University Hospital in DΓΌsseldorf.
Naked Security
S3 Ep124: When so-called security apps go rogue [Audio + Text]
By
Paul Ducklin
β March 2
nd
2023 at 19:40
Rogue software packages. Rogue "sysadmins". Rogue keyloggers. Rogue authenticators. Rogue ROGUES!
s3-ep124-auth--1200
Naked Security
S3 Ep123: Crypto company compromise kerfuffle [Audio + Text]
By
Paul Ducklin
β February 23
rd
2023 at 19:58
Latest episode - listen now! Top-notch advice for cybersecurity, both at work and at home.
Naked Security
S3 Ep122: Stop calling every breach βsophisticatedβ! [Audio + Text]
By
Paul Ducklin
β February 16
th
2023 at 17:46
Latest episode - listen now! (Full transcript inside.)
Naked Security
S3 Ep121: Can you get hacked and then prosecuted for it? [Audio + Text]
By
Paul Ducklin
β February 9
th
2023 at 19:41
Latest epsiode. Listen now!
Naked Security
Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto
By
Paul Ducklin
β February 6
th
2023 at 21:53
Hear renowned cybersecurity author Andy Greenberg's thoughtful commentary about the "war on crypto" as we talk to him about his new book...
Naked Security
S3 Ep118: Guess your password? No need if itβs stolen already! [Audio + Text]
By
Paul Ducklin
β January 19
th
2023 at 15:53
As always: entertaining, informative and educational... and not bogged down with jargon! Listen (or read) now...
Naked Security
Popular JWT cloud security library patches βremoteβ code execution hole
By
Paul Ducklin
β January 10
th
2023 at 19:59
It's remotely triggerable, but attackers would already have pretty deep network access if they could "prime" your server for compromise.
Naked Security
CircleCI β code-building service suffers total credential compromise
By
Paul Ducklin
β January 9
th
2023 at 14:52
They're saying "rotate secrets"... in plain English, they mean "change your credentials". The company has a tool to help you find them all.
Naked Security
S3 Ep116: Last straw for LastPass? Is crypto doomed? [Audio + Text]
By
Paul Ducklin
β January 5
th
2023 at 17:52
Lots of big issues this week: breaches, encryption, supply chains and patching problems. Listen now! (Full transcript inside.)
Naked Security
Serious Security: How to improve cryptography, resist supply chain attacks, and handle data breaches
By
Paul Ducklin
β January 4
th
2023 at 19:50
Lessons for us all: improve cryptography, fight cybercrime, own your supply chain... and don't steal my data and then pretend you're sorry.
Naked Security
Inside a scammersβ lair: Ukraine busts 40 in fake bank call-centre raid
By
Naked Security writer
β January 3
rd
2023 at 17:03
When someone calls you up to warn you that your bank account is under attack - it's true, because THAT VERY PERSON is the one attacking you!
Naked Security
PyTorch: Machine Learning toolkit pwned from Christmas to New Year
By
Paul Ducklin
β January 1
st
2023 at 21:36
The bad news: the crooks have your SSH private keys. The good news: only users of the "nightly" build were affected.
Naked Security
S3 Ep115: True crime stories β A day in the life of a cybercrime fighter [Audio + Text]
By
Paul Ducklin
β December 29
th
2022 at 09:20
Listen now - you'll be alarmed, amused and educated, all in equal measure. (Full transcript in article.)
Naked Security
S3 Ep114: Preventing cyberthreats β stop them before they stop you! [Audio + Text]
By
Paul Ducklin
β December 22
nd
2022 at 19:56
Join world-renowned expert Fraser Howard, Director of Research at SophosLabs, for this fascinating episode on how to fight cybercrime.
Naked Security
S3 Ep112: Data breaches can haunt you more than once! [Audio + Text]
By
Paul Ducklin
β December 9
th
2022 at 16:46
Breaches, exploits, busts, buffer overflows and bug hunting - entertaining and educational in equal measure.
Naked Security
Credit card skimming β the long and winding road of supply chain failure
By
Paul Ducklin
β December 8
th
2022 at 19:58
Don't keep calling home to a JavaScript server that closed its doors eight years ago!
Naked Security
SIM swapper sent to prison for 2FA cryptocurrency heist of over $20m
By
Naked Security writer
β December 6
th
2022 at 17:56
Guilty party got 18 months, also has to pay back $20m he probably hasn't got, which could land him in more hot water.
Naked Security
S3 Ep111: The business risk of a sleazy βnudity unfilterβ [Audio + Text]
By
Paul Ducklin
β December 1
st
2022 at 19:58
Latest episode - listen now (or read if you prefer)...
Naked Security
S3 Ep109: How one leaked email password could drain your business [Audio + Transcript]
By
Paul Ducklin
β November 17
th
2022 at 17:52
Latest episode - listen now! Cybersecurity news plus loads of great advice...
Naked Security
S3 Ep107: Eight months to kick out the crooks and you think thatβs GOOD? [Audio + Text]
By
Paul Ducklin
β November 3
rd
2022 at 17:51
Listen now - latest episode - audio plus full transcript
Naked Security
S3 Ep100: Browser-in-the-Browser β how to spot an attack [Audio + Text]
By
Paul Ducklin
β September 15
th
2022 at 18:50
Latest episode - listen now! Cosmic rockets, zero-days, spotting cybercrooks, and unlocking the DEADBOLT...
s3-ep100-js-1200
Naked Security
S3 Ep95: Slack leak, Github onslaught, and post-quantum crypto [Audio + Text]
By
Paul Ducklin
β August 11
th
2022 at 14:34
Latest episode - listen now! (Or read the transcript if you prefer.)
Naked Security
Slack admits to leaking hashed passwords for five years
By
Paul Ducklin
β August 8
th
2022 at 15:14
"When those invitations went out... somehow, your password hash went out with them."
Naked Security
Traffic Light Protocol for cybersecurity responders gets a revamp
By
Paul Ducklin
β August 5
th
2022 at 18:57
Traffic lights make a handy global metaphor for denoting the sensitivity of cybersecurity threat data - three colours that everyone knows.
Naked Security
S3 Ep94: This sort of crypto (graphy), and the other sort of crypto (currency!) [Audio + Text]
By
Paul Ducklin
β August 4
th
2022 at 17:52
Latest episode - listen now! (Or read if that's what you prefer.)
Naked Security
S3 Ep83: Cracking passwords, patching Firefox, and Apple vulns [Podcast]
By
Paul Ducklin
β May 19
th
2022 at 13:56
Latest episode - listen now!
Naked Security
Pwn2Own hacking schedule released β Windows and Linux are top targets
By
Paul Ducklin
β May 18
th
2022 at 13:04
What's better? Disclose early, patch fast? Or dig deep, disclose in full, patch more slowly?
Naked Security
He sold cracked passwords for a living β now heβs serving 4 years in prison
By
Paul Ducklin
β May 13
th
2022 at 18:31
Crooks don't need a password for every user on your network to break in and wreak havoc. One could be enough...
Naked Security
S3 Ep82: Bugs, bugs, bugs (and Colonial Pipeline again) [Podcast]
By
Paul Ducklin
β May 12
th
2022 at 15:46
Latest episode - lots to learn - plain English - fun with a serious side - listen now!
Naked Security
S3 Ep81: Passwords (still with us!), Github, Firefox at 100, and network worms [Podcast]
By
Paul Ducklin
β May 5
th
2022 at 14:16
Latest episode - listen now!
Naked Security
S3 Ep79: Chrome hole, a bad place for a cybersecurity holiday, and crypto-dodginess [Podcast]
By
Paul Ducklin
β April 21
st
2022 at 13:41
Do you know your Adam Osborne from your John Osbourne? Your Z80 from your 6502? Latest episode - listen now!
Naked Security
S3 Ep77: Bugs, busts and old-school PDP-11 hacking [Podcast]
By
Paul Ducklin
β April 7
th
2022 at 12:24
Latest episode - listen now! Cybersecurity news and advice in plain English.
Naked Security
βVMware Spring Cloud Functionβ Java bug gives instant remote code execution β update now!
By
Paul Ducklin
β March 30
th
2022 at 20:38
Easy unauthenticated remote code execution - PoC code already out
Load more articles