S3 Ep144: When threat hunting goes down a rabbit hole

By Paul Ducklin — July 20^th 2023 at 14:58

Latest episode - check it out now!

Naked Security

Microsoft hit by Storm season – a tale of two semi-zero days

By Paul Ducklin — July 18^th 2023 at 20:59

The first compromise didn't get the crooks as far as they wanted, so they found a second one that did...

Naked Security

Google leaking 2FA secrets – researchers advise against new “account sync” feature for now

By Paul Ducklin — April 26^th 2023 at 17:59

You waited 13 years for this feature in Google Authenticator. Now researchers are advising you to wait a while longer, just in case...

Naked Security

Ex-CEO of breached pyschotherapy clinic gets prison sentence for bad data security

By Paul Ducklin — April 18^th 2023 at 16:56

Did the sentence fit the crime? Read the backstory, and then have your say in our comments! (You may post anonymously.)

Naked Security

Attention gamers! Motherboard maker MSI admits to breach, issues “rogue firmware” alert

By Paul Ducklin — April 11^th 2023 at 18:58

Stealing private keys is like getting hold of a medieval monarch's personal signet ring... you get to put an official seal on treasonous material.

Naked Security

S3 Ep124: When so-called security apps go rogue [Audio + Text]

By Paul Ducklin — March 2^nd 2023 at 19:40

Rogue software packages. Rogue "sysadmins". Rogue keyloggers. Rogue authenticators. Rogue ROGUES!

s3-ep124-auth--1200

Naked Security

Beware rogue 2FA apps in App Store and Google Play – don’t get hacked!

By Paul Ducklin — February 27^th 2023 at 02:10

Even in Apple's and Google's "walled gardens", there are plenty of 2FA apps that are either dangerously incompetent, or unrepentantly malicious. (Or perhaps both.)

Naked Security

Twitter tells users: Pay up if you want to keep using insecure 2FA

By Paul Ducklin — February 20^th 2023 at 17:58

Ironically, Twitter Blue users will be allowed to keep using the very 2FA process that's not considered secure enough for everyone else.

Naked Security

Finnish psychotherapy extortion suspect arrested in France

By Naked Security writer — February 6^th 2023 at 19:13

Company transcribed ultra-personal conversations, didn't secure them. Criminal stole them, then extorted thousands of vulnerable patients.

Naked Security

S3 Ep116: Last straw for LastPass? Is crypto doomed? [Audio + Text]

By Paul Ducklin — January 5^th 2023 at 17:52

Lots of big issues this week: breaches, encryption, supply chains and patching problems. Listen now! (Full transcript inside.)

Naked Security

PyTorch: Machine Learning toolkit pwned from Christmas to New Year

By Paul Ducklin — January 1^st 2023 at 21:36

The bad news: the crooks have your SSH private keys. The good news: only users of the "nightly" build were affected.

Naked Security

Twitter data of “+400 million unique users” up for sale – what to do?

By Paul Ducklin — December 28^th 2022 at 19:59

If the crooks have connected up your phone number and your Twitter handle... what could go wrong?

Naked Security

S3 Ep111: The business risk of a sleazy “nudity unfilter” [Audio + Text]

By Paul Ducklin — December 1^st 2022 at 19:58

Latest episode - listen now (or read if you prefer)...

Naked Security

Multimillion dollar CryptoRom scam sites seized, suspects arrested in US

By Paul Ducklin — November 23^rd 2022 at 19:58

Five tips to keep yourself, and your friends and family, out of the clutches of "chopping block" scammers...

cryptorom-1200

Naked Security

Twitter Blue Badge email scams – Don’t fall for them!

By Naked Security writer — November 4^th 2022 at 17:59

That was the week that was...

Naked Security

S3 Ep107: Eight months to kick out the crooks and you think that’s GOOD? [Audio + Text]

By Paul Ducklin — November 3^rd 2022 at 17:51

Listen now - latest episode - audio plus full transcript

Naked Security

Psychotherapy extortion suspect: arrest warrant issued

By Paul Ducklin — October 31^st 2022 at 19:59

Wanted! Not only the extortionist who abused the data, but also the CEO who let it happen.

Naked Security

Paying ransomware crooks won’t reduce your legal risk, warns regulator

By Paul Ducklin — July 12^th 2022 at 18:24

"We paid the crooks to keep things under control and make a bad thing better"... isn't a valid excuse. Who knew?

Naked Security

S3 Ep89: Sextortion, blockchain blunder, and an OpenSSL bugfix [Podcast + Transcript]

By Paul Ducklin — June 30^th 2022 at 12:57

Latest episode - listen and read now! Use our advice to advise your own friends and family... let's all do our bit to stand up to scammers!

Naked Security

FTC warns of LGBTQ+ extortion scams – be aware before you share!

By Paul Ducklin — June 27^th 2022 at 14:58

It's a simple jingle and it's solid advice: "If in doubt, don't give it out!"

Naked Security

Who’s watching your webcam? The Screencastify Chrome extension story…

By Paul Ducklin — May 26^th 2022 at 12:41

When you really need to make exceptions in cybersecurity, specify them as explicitly as you can.

Naked Security

LAPSUS$ hacks continue despite two hacker suspects in court

By Paul Ducklin — April 4^th 2022 at 21:36

Do you know where in your company to report security anomalies? If you receive such reports, do you have an efficient way to process them?

Naked Security

Beware bogus Betas – cryptocoin scammers abuse Apple’s TestFlight system

By Paul Ducklin — March 16^th 2022 at 15:49

"Install this moneymaking app" - this one is so special that it isn't available on Google Play or the App Store!

Naked Security

Ransomware with a difference: “Derestrict your software, or else!”

By Paul Ducklin — March 2^nd 2022 at 16:33

"Change your code to improve cryptomining"... or we'll dump 1TB of stolen secrets.

Naked Security

S3 Ep71: VMware escapes, PHP holes, WP plugin woes, and scary scams [Podcast + Transcript]

By Paul Ducklin — February 24^th 2022 at 16:51

Latest episode - listen now!

Naked Security

French speakers blasted by sextortion scams with no text or links

By Paul Ducklin — February 21^st 2022 at 17:59

You'd spot this one a mile away... but what about your friends or family?