“Crocodile of Wall Street” and her husband plead guilty to giant-sized cryptocrimes

By Paul Ducklin — August 4^th 2023 at 16:52

Sentences still to be decided, but she could get up to 10 years and he could get as many as 20.

Naked Security

Performance and security clash yet again in “Collide+Power” attack

By Paul Ducklin — August 2^nd 2023 at 23:36

It's a real vulnerability, but the data leakage rate can be as low as... let's just say that an IMAX-quality copy of the new "Oppenheimer" movie could take you 4 billion years to exfiltrate.

Naked Security

S3 Ep142: Putting the X in X-Ops

By Paul Ducklin — July 6^th 2023 at 19:58

How to get all your corporate "Ops" teams working together, with cybersecurity correctness as a guiding light.

s3-ep100-js-1200

Naked Security

Ghostscript bug could allow rogue documents to run system commands

By Paul Ducklin — July 4^th 2023 at 17:57

Even if you've never heard of the venerable Ghostscript project, you may have it installed without knowing.

Naked Security

S3 Ep140: So you think you know ransomware?

By Paul Ducklin — June 22^nd 2023 at 16:48

Lots to learn this week - listen now! (Full transcript inside.)

Naked Security

Megaupload duo will go to prison at last, but Kim Dotcom fights on…

By Paul Ducklin — June 19^th 2023 at 18:59

One, sadly, has died, and two are heading to prison, but for Kim Dotcom, the saga goes on...

Naked Security

History revisited: US DOJ unseals Mt. Gox cybercrime charges

By Naked Security writer — June 12^th 2023 at 16:58

Though the mills of the Law grind slowly/Yet they grind exceeding small/Though with patience they stand waiting/With exactness grind they all...

Naked Security

Chrome and Edge zero-day: “This exploit is in the wild”, so check your versions now

By Paul Ducklin — June 6^th 2023 at 18:28

Chrome and Edge 0-days patched.

Naked Security

Zut alors! Raclage crapuleux! Clearview AI in 20% more trouble in France

By Paul Ducklin — May 15^th 2023 at 16:36

We asked you once, we told you twice, now we're ordering you for the third time...

Naked Security

World Backup Day is here again – 5 tips to keep your precious data safe

By Paul Ducklin — March 31^st 2023 at 01:14

The only backup you will ever regret is the one you didn't make...

Naked Security

Apple patches everything, including a zero-day fix for iOS 15 users

By Paul Ducklin — March 28^th 2023 at 00:23

Got an older iPhone that can't run iOS 16? You've got a zero-day to deal with! That super-cool Studio Display monitor needs patching, too.

Naked Security

WooCommerce Payments plugin for WordPress has an admin-level hole – patch now!

By Paul Ducklin — March 24^th 2023 at 19:48

Admin-level holes in websites are always a bad thing... and for "bad", read "worse" if it's an e-commerce site.

woo-1200

Naked Security

Beware rogue 2FA apps in App Store and Google Play – don’t get hacked!

By Paul Ducklin — February 27^th 2023 at 02:10

Even in Apple's and Google's "walled gardens", there are plenty of 2FA apps that are either dangerously incompetent, or unrepentantly malicious. (Or perhaps both.)

Naked Security

S3 Ep123: Crypto company compromise kerfuffle [Audio + Text]

By Paul Ducklin — February 23^rd 2023 at 19:58

Latest episode - listen now! Top-notch advice for cybersecurity, both at work and at home.

Naked Security

Coinbase breached by social engineers, employee data stolen

By Paul Ducklin — February 21^st 2023 at 17:58

Another day, another "sophisticated" attack. This time, the company has handily included some useful advice along with its mea culpa...

Naked Security

S3 Ep120: When dud crypto simply won’t let go [Audio + Text]

By Paul Ducklin — February 2^nd 2023 at 17:50

Latest episode - listen now!

Naked Security

GitHub code-signing certificates stolen (but will be revoked this week)

By Paul Ducklin — January 31^st 2023 at 11:35

There was a breach, so the bad news isn't great, but the good news isn't too bad...

Naked Security

Serious Security: The Samba logon bug caused by outdated crypto

By Paul Ducklin — January 30^th 2023 at 19:59

Enjoy our Serious Security deep dive into this real-world example of why cryptographic agility is important!

Naked Security

Apple patches are out – old iPhones get an old zero-day fix at last!

By Paul Ducklin — January 24^th 2023 at 01:24

Don't delay, especially if you're still running an iOS 12 device... please do it today!

Naked Security

US passes the Quantum Computing Cybersecurity Preparedness Act – and why not?

By Paul Ducklin — December 29^th 2022 at 20:45

Cryptographic agility: the ability and the willingness to change quickly when needed.

sc-daa-1200

Naked Security

Microsoft dishes the dirt on Apple’s “Achilles heel” shortly after fixing similar Windows bug

By Paul Ducklin — December 20^th 2022 at 17:59

It happens to the best of us: Microsoft highlights a security bypass bug on Macs that is curiously similar to a recent Windows 0-day.

Naked Security

OneCoin scammer Sebastian Greenwood pleads guilty, “Cryptoqueen” still missing

By Paul Ducklin — December 19^th 2022 at 19:50

The Cryptoqueen herself is still missing, but her co-conspirator, who is said to have pocketed over $20m a month, has been convicted.

Naked Security

Credit card skimming – the long and winding road of supply chain failure

By Paul Ducklin — December 8^th 2022 at 19:58

Don't keep calling home to a JavaScript server that closed its doors eight years ago!

Naked Security

“Gucci Master” business email scammer Hushpuppi gets 11 years

By Naked Security writer — November 14^th 2022 at 19:24

Learn how to protect yourself from big-money tricksters like the Hushpuppis of the world...

puppi-car-1200

Naked Security

Silk Road drugs market hacker pleads guilty, faces 20 years inside

By Paul Ducklin — November 8^th 2022 at 19:58

Jurisprudence isn't like arithmetic... two negatives never make a positive!

Naked Security

Psychotherapy extortion suspect: arrest warrant issued

By Paul Ducklin — October 31^st 2022 at 19:59

Wanted! Not only the extortionist who abused the data, but also the CEO who let it happen.

Naked Security

S3 Ep106: Facial recognition without consent – should it be banned?

By Paul Ducklin — October 27^th 2022 at 16:59

Latest episode - listen (or read) now. Teachable moments for X-Ops professionals!

Naked Security

Clearview AI image-scraping face recognition service hit with €20m fine in France

By Paul Ducklin — October 26^th 2022 at 00:50

"We told you to stop but you ignored us," said the French regulator, "so now we're coming after you again."

Naked Security

Serious Security: How randomly (or not) can you shuffle cards?

By Paul Ducklin — October 24^th 2022 at 18:57

What if you could guess the next card correctly twice as often as you should?

card-fan-1200

Naked Security

When cops hack back: Dutch police fleece DEADBOLT criminals (legally!)

By Paul Ducklin — October 21^st 2022 at 18:25

Crooks: Show us the money! Cops: How about you show us the decryption keys first?

Naked Security

Dangerous hole in Apache Commons Text – like Log4Shell all over again

By Paul Ducklin — October 18^th 2022 at 17:26

Third time unlucky. Time to put your patching boots on again...

act-1200

Naked Security

Fashion brand SHEIN fined $1.9m for lying about data breach

By Naked Security writer — October 17^th 2022 at 18:50

Is "pay a small fine and keep on trading" a sufficient penalty for letting a breach happen, impeding an investigation, and hiding the truth?

Naked Security

Move over Patch Tuesday – it’s Ada Lovelace Day!

By Paul Ducklin — October 11^th 2022 at 15:22

Hacking on actual computers is one thing, but hacking purposefully on imaginary computers is, these days, something we can only imagine.

Naked Security

Former Uber CSO convicted of covering up megabreach back in 2016

By Naked Security writer — October 6^th 2022 at 01:04

Obstructed FTC proceedings, and concealed a crime, said the jury.

Naked Security

Scammers and rogue callers – can anything ever stop them?

By Paul Ducklin — October 4^th 2022 at 00:06

Some thoughts for Cybersecurity Awareness Month: Is is worth reporting nuisance calls? Is it even worth reporting outright scams?

Naked Security

Morgan Stanley fined millions for selling off devices full of customer PII

By Paul Ducklin — September 23^rd 2022 at 18:07

Critical data on old disks always seems inaccessible if you really need it. But when you DON''T want it back, guess what happens...

Naked Security

Breaching airgap security: using your phone’s gyroscope as a microphone

By Paul Ducklin — August 24^th 2022 at 18:59

One bit per second makes the Voyager probe data rate seem blindingly fast. But it's enough to break your security assumptions...

Naked Security

S3 Ep96: Zoom 0-day, AEPIC leak, Conti reward, healthcare security [Audio + Text]

By Paul Ducklin — August 18^th 2022 at 18:38

Latest episode - listen now (or read if you prefer!)

Naked Security

Apple patches double zero-day in browser and kernel – update now!

By Paul Ducklin — August 17^th 2022 at 23:33

Double 0-day exploits - one in WebKit (to break in) and the other in the kernel (to take over). Patch now!

Naked Security

US offers reward “up to $10 million” for information about the Conti gang

By Naked Security writer — August 16^th 2022 at 16:57

Wanted - Reward Offered - Five unknown individuals (plus a man with a weird hat)

Naked Security

Zoom for Mac patches critical bug – update now!

By Paul Ducklin — August 15^th 2022 at 18:26

There's many a slip 'twixt the cup and the lip. Or at least between the TOC and the TOU...

Naked Security

S3 Ep95: Slack leak, Github onslaught, and post-quantum crypto [Audio + Text]

By Paul Ducklin — August 11^th 2022 at 14:34

Latest episode - listen now! (Or read the transcript if you prefer.)

Naked Security

Post-quantum cryptography – new algorithm “gone in 60 minutes”

By Paul Ducklin — August 3^rd 2022 at 18:55

And THIS is why you don't knit your own home-made encryption algorithms and hope no one looks at them.

Naked Security

Cryptocoin “token swapper” Nomad loses $200 million in coding blunder

By Paul Ducklin — August 2^nd 2022 at 16:12

Transactions were only approved, it seems, if they were initiated by... errrrr, by anyone.

Naked Security

Apple patches “0-day” browser bug fixed 2 weeks ago in Chrome, Edge

By Paul Ducklin — July 21^st 2022 at 12:38

One vendor's zero-day is another vendor's routine patch...

Naked Security

Paying ransomware crooks won’t reduce your legal risk, warns regulator

By Paul Ducklin — July 12^th 2022 at 18:24

"We paid the crooks to keep things under control and make a bad thing better"... isn't a valid excuse. Who knew?

Naked Security

Apache “Commons Configuration” patches Log4Shell-style bug – what you need to know

By Paul Ducklin — July 8^th 2022 at 00:59

It's a bit like Log4J, but for configuration files, not for logging.

Naked Security

S3 Ep90: Chrome 0-day again, True Cybercrime, and a 2FA bypass [Podcast + Transcript]

By Paul Ducklin — July 7^th 2022 at 18:46

Listen now! Or read if you prefer...

Naked Security

Canadian cybercriminal pleads guilty to “NetWalker” attacks in US

By Paul Ducklin — July 4^th 2022 at 14:09

Bust in Canada, now bust in the USA as well.

Naked Security

“Missing Cryptoqueen” hits the FBI’s Ten Most Wanted list

By Paul Ducklin — July 1^st 2022 at 16:49

The "Missing Cryptoqueen" makes the American Top Ten... but not in a good way.

Naked Security

OpenSSL issues a bugfix for the previous bugfix

By Paul Ducklin — June 24^th 2022 at 15:32

Fortunately, it's not a major bugfix, which means it's easy to patch and can teach us all some useful lessons.

Naked Security

Poisoned Python and PHP packages purloin passwords for AWS access

By Paul Ducklin — May 24^th 2022 at 23:04

More supply chain trouble - this time with clear examples so you can learn how to spot this stuff yourself.

Naked Security

Clearview AI face-matching service fined a lot less than expected

By Paul Ducklin — May 23^rd 2022 at 13:01

The fine has finally gone through... but it's less than 45% of what was originally proposed.

eleceye-1200

Naked Security

Pwn2Own hacking schedule released – Windows and Linux are top targets

By Paul Ducklin — May 18^th 2022 at 13:04

What's better? Disclose early, patch fast? Or dig deep, disclose in full, patch more slowly?

Naked Security

Colonial Pipeline facing $1,000,000 fine for poor recovery plans

By Paul Ducklin — May 10^th 2022 at 16:59

How good is your cybersecurity? Are you making the same mistakes as lots of other people? Here's some real-life advice...

Naked Security

Beanstalk cryptocurrency heist: scammer votes himself all the money

By Paul Ducklin — April 19^th 2022 at 16:00

Voting safeguards based on commuity collateral don't work if one person can use a momentary loan to "become" 75% of the community.

Naked Security

Yet another Chrome zero-day emergency update – patch now!

By Paul Ducklin — April 16^th 2022 at 00:33

The third emergency Chrome 0-day in three months - the first one was exploited by North Korea, so you might as well get this one ASAP.

Naked Security

S3 Ep78: Darkweb hydra, Ruby, quantum computing, and a robot revolution [Podcast]

By Paul Ducklin — April 14^th 2022 at 13:39

Latest episode - listen now!

Naked Security

OpenSSH goes Post-Quantum, switches to qubit-busting crypto by default

By Paul Ducklin — April 11^th 2022 at 16:58

Useful quantum computers might not actually be possible. But what if they are? And what if they arrive, say, tomorrow?

cat-1200

Naked Security

Web vendor CafePress fined $500,000 for giving cybersecurity a low value

By Paul Ducklin — March 21^st 2022 at 16:55

Just because you're the victim of a cybercrime doesn't let you off your cybersecurity obligations