Crimeware server used by NetWalker ransomware seized and shut down

By Paul Ducklin — August 14^th 2023 at 19:06

The site was running from 2014 and allegedly raked in more than $20m, which the DOJ is seeking to claw back...

Naked Security

S3 Ep147: What if you type in your password during a meeting?

By Paul Ducklin — August 10^th 2023 at 13:34

Latest episode - listen now! (Full transcript inside.)

Naked Security

Serious Security: Why learning to touch-type could protect you from audio snooping

By Paul Ducklin — August 8^th 2023 at 18:51

Fast, quiet, smooth, consistent and low impact... why true hacker-grade touch-typing might keep you more secure.

Naked Security

S3 Ep144: When threat hunting goes down a rabbit hole

By Paul Ducklin — July 20^th 2023 at 14:58

Latest episode - check it out now!

Naked Security

Google Virus Total leaks list of spooky email addresses

By Paul Ducklin — July 18^th 2023 at 23:16

Careful with that file, Eugene!

Naked Security

Serious Security: Rowhammer returns to gaslight your computer

By Paul Ducklin — July 10^th 2023 at 21:22

Gaslights produce a telltale flicker when nearby lamps are lit; DRAM values do something similar when nearby memory cells are accessed.

Naked Security

S3 Ep141: What was Steve Jobs’s first job?

By Paul Ducklin — June 29^th 2023 at 16:58

Latest episode - listen now! (Full transcript inside.)

Naked Security

UK hacker busted in Spain gets 5 years over Twitter hack and more

By Naked Security writer — June 26^th 2023 at 18:35

Not just that infamous Twitter hack, but SIM-swapping, stalking and swatting too...

Naked Security

Aussie PM says, “Shut down your phone every 24 hours for 5 mins” – but that’s not enough on its own

By Paul Ducklin — June 23^rd 2023 at 16:10

Don't treat rebooting your phone once a day as a cybersecurity talisman... here are 8 additional tips for better mobile phone security.

Naked Security

S3 Ep140: So you think you know ransomware?

By Paul Ducklin — June 22^nd 2023 at 16:48

Lots to learn this week - listen now! (Full transcript inside.)

Naked Security

ASUS warns router customers: Patch now, or block all inbound requests

By Paul Ducklin — June 20^th 2023 at 18:14

"Do as we say, not as we do!" - The patches took ages to come out, but don't let that lure you into taking ages to install them.

Naked Security

S3 Ep139: Are password rules like running through rain?

By Paul Ducklin — June 15^th 2023 at 18:43

Latest episode - listen now! (Full transcript inside.)

Naked Security

Gozi banking malware “IT chief” finally jailed after more than 10 years

By Paul Ducklin — June 13^th 2023 at 18:43

Gozi threesome from way back in the late 2000s and early 2010s now all charged, convicted and sentenced. The DOJ got there in the end...

Naked Security

History revisited: US DOJ unseals Mt. Gox cybercrime charges

By Naked Security writer — June 12^th 2023 at 16:58

Though the mills of the Law grind slowly/Yet they grind exceeding small/Though with patience they stand waiting/With exactness grind they all...

Naked Security

Chrome and Edge zero-day: “This exploit is in the wild”, so check your versions now

By Paul Ducklin — June 6^th 2023 at 18:28

Chrome and Edge 0-days patched.

Naked Security

S3 Ep137: 16th century crypto skullduggery

By Paul Ducklin — June 1^st 2023 at 16:45

Lots to learn, clearly explained in plain English... listen now! (Full transcript inside.)

s3-ep137-feat-1200

Naked Security

Serious Security: That KeePass “master password crack”, and what we can learn from it

By Paul Ducklin — May 31^st 2023 at 19:39

Here, in an admittedly discursive nutshell, is the fascinating story of CVE-2023-32784. (Short version: Don't panic.)

Naked Security

S3 Ep136: Navigating a manic malware maelstrom

By Paul Ducklin — May 25^th 2023 at 16:50

Latest episode - listen now. Full transcript inside...

Naked Security

Ransomware tales: The MitM attack that really had a Man in the Middle

By Paul Ducklin — May 24^th 2023 at 17:59

Another traitorous sysadmin story, this one busted by system logs that gave his game away...

Naked Security

Phone scamming kingpin gets 13 years for running “iSpoof” service

By Naked Security writer — May 22^nd 2023 at 16:58

Site marketing video promised total anonymity, but that was a lie. 170 arrested already. Potentially 1000s more to follow.

ispoof-1200

Naked Security

US offers $10m bounty for Russian ransomware suspect outed in indictment

By Naked Security writer — May 17^th 2023 at 18:40

"Up to $10 million for information that leads to the arrest and/or conviction of this defendant."

Naked Security

Whodunnit? Cybercrook gets 6 years for ransoming his own employer

By Naked Security writer — May 12^th 2023 at 16:15

Not just an active adversary, but a two-faced one, too.

Naked Security

Google wins court order to force ISPs to filter botnet traffic

By Naked Security writer — April 28^th 2023 at 19:59

CryptBot criminals are alleged to have plundered browser passwords, illicitly-snapped screenshots, cryptocurrency account data, and more.

Naked Security

Ex-CEO of breached pyschotherapy clinic gets prison sentence for bad data security

By Paul Ducklin — April 18^th 2023 at 16:56

Did the sentence fit the crime? Read the backstory, and then have your say in our comments! (You may post anonymously.)

Naked Security

S3 Ep125: When security hardware has security holes [Audio + Text]

By Paul Ducklin — March 9^th 2023 at 18:58

Lastest episode - listen now! (Full transcript inside.)

Naked Security

DoppelPaymer ransomware supsects arrested in Germany and Ukraine

By Naked Security writer — March 6^th 2023 at 16:16

Devices seized, suspects interrogated and arrested, allegedly connected to devastating cyberattack on University Hospital in Düsseldorf.

Naked Security

Dutch police arrest three cyberextortion suspects who allegedly earned millions

By Naked Security writer — February 27^th 2023 at 19:33

Ever paid hush money to crooks who broke into your network? Wondered how much you can trust them?

Naked Security

S3 Ep121: Can you get hacked and then prosecuted for it? [Audio + Text]

By Paul Ducklin — February 9^th 2023 at 19:41

Latest epsiode. Listen now!

Naked Security

Dutch suspect locked up for alleged personal data megathefts

By Paul Ducklin — January 26^th 2023 at 22:02

Undercover Austrian "controlled data buy" leads to Amsterdam arrest and ongoing investigation. Suspect is said to steal and sell all sorts of data, including medical records.

Naked Security

S3 Ep118: Guess your password? No need if it’s stolen already! [Audio + Text]

By Paul Ducklin — January 19^th 2023 at 15:53

As always: entertaining, informative and educational... and not bogged down with jargon! Listen (or read) now...

Naked Security

S3 Ep117: The crypto crisis that wasn’t (and farewell forever to Win 7) [Audio + Text]

By Paul Ducklin — January 12^th 2023 at 17:59

Tell us in the comments... What's the REAL reason there was no Windows 9? (No theory too far-fetched!)

Naked Security

The CHRISTMA EXEC network worm – 35 years and counting!

By Paul Ducklin — December 1^st 2022 at 20:35

"Uh-oh, this viruses-and-worms scene could turn out quite troublesome." If only we'd been wrong...

xmas-1200-35-wide

Naked Security

“Gucci Master” business email scammer Hushpuppi gets 11 years

By Naked Security writer — November 14^th 2022 at 19:24

Learn how to protect yourself from big-money tricksters like the Hushpuppis of the world...

puppi-car-1200

Naked Security

S3 Ep108: You hid THREE BILLION dollars in a popcorn tin?

By Paul Ducklin — November 10^th 2022 at 17:26

Patches, busts, leaks and why even low-likelihood exploits can be high-severity risks - listen now!

Naked Security

Silk Road drugs market hacker pleads guilty, faces 20 years inside

By Paul Ducklin — November 8^th 2022 at 19:58

Jurisprudence isn't like arithmetic... two negatives never make a positive!

Naked Security

S3 Ep107: Eight months to kick out the crooks and you think that’s GOOD? [Audio + Text]

By Paul Ducklin — November 3^rd 2022 at 17:51

Listen now - latest episode - audio plus full transcript

Naked Security

S3 Ep103: Scammers in the Slammer (and other stories) [Audio + Text]

By Paul Ducklin — October 6^th 2022 at 14:43

Latest episode - listen and learn now (or read and revise, if the written word is your thing)...

Naked Security

NetWalker ransomware affiliate sentenced to 20 years by Florida court

By Naked Security writer — October 5^th 2022 at 18:55

Judge tells the accused that if he hadn't pleaded guilty, "I would have given you life."

Naked Security

BEC fraudster and romance scammer sent to prison for 25 years

By Paul Ducklin — October 4^th 2022 at 19:12

Two years of scamming + $10 million leeched = 25 years in prison. Just in time for #Cybermonth.

rs-1200

Naked Security

Optus breach – Aussie telco told it will have to pay to replace IDs

By Paul Ducklin — September 28^th 2022 at 13:55

Licence compromised? Passport number burned? Need a new one? Who's going to pay?

Naked Security

Uber and Rockstar – has a LAPSUS$ linchpin just been busted (again)?

By Paul Ducklin — September 24^th 2022 at 22:57

Is this the same suspect as before? Is he part of LAPSUS$? Is this the man who hacked Uber and Rockstar? And, if so, who else?

Naked Security

LastPass source code breach – incident response report released

By Paul Ducklin — September 19^th 2022 at 18:59

Wondering how you'd handle a data breach report if the worst happened to you? Here's a useful example.

Naked Security

Chrome patches 24 security holes, enables “Sanitizer” safety system

By Paul Ducklin — August 31^st 2022 at 11:48

24 existing bugs fixed. And, we hope, numerous potential future bugs prevented.

Naked Security

Laptop denial-of-service via music: the 1980s R&B song with a CVE!

By Paul Ducklin — August 22^nd 2022 at 16:03

We haven't validated this vuln ourselves... but the source of the story is impeccable. (Impeccably dressed, at least.)

Naked Security

US offers reward “up to $10 million” for information about the Conti gang

By Naked Security writer — August 16^th 2022 at 16:57

Wanted - Reward Offered - Five unknown individuals (plus a man with a weird hat)

Naked Security

Last member of Gozi malware troika arrives in US for criminal trial

By Paul Ducklin — July 20^th 2022 at 14:56

His co-conspirators went into and got out of prison years ago, while he remained free. Now the tables have turned...

Naked Security

S3 Ep90: Chrome 0-day again, True Cybercrime, and a 2FA bypass [Podcast + Transcript]

By Paul Ducklin — July 7^th 2022 at 18:46

Listen now! Or read if you prefer...

Naked Security

Canadian cybercriminal pleads guilty to “NetWalker” attacks in US

By Paul Ducklin — July 4^th 2022 at 14:09

Bust in Canada, now bust in the USA as well.

Naked Security

S3 Ep88: Phone scammers, hacking bust, and data breach fines [Podcast + Transcript]

By Paul Ducklin — June 23^rd 2022 at 11:08

Latest epsiode - listen (or read) now!

Naked Security

Interpol busts 2000 suspects in phone scamming takedown

By Paul Ducklin — June 20^th 2022 at 18:10

Friends don't let friends get scammed. Not everyone knows how typical scams unfold, so here are some real-world examples...

Naked Security

SSNDOB Market domains seized, identity theft “brokerage” shut down

By Paul Ducklin — June 8^th 2022 at 14:53

The online identity "brokerage" SSNDOB Market didn't want people to be in any doubt what it was selling.

Naked Security

S3 Ep83: Cracking passwords, patching Firefox, and Apple vulns [Podcast]

By Paul Ducklin — May 19^th 2022 at 13:56

Latest episode - listen now!

Naked Security

He sold cracked passwords for a living – now he’s serving 4 years in prison

By Paul Ducklin — May 13^th 2022 at 18:31

Crooks don't need a password for every user on your network to break in and wreak havoc. One could be enough...

Naked Security

GitHub issues final report on supply-chain source code intrusions

By Paul Ducklin — April 29^th 2022 at 16:15

Learn how to find out which apps you've given access rights to, and how to revoke those rights immediately in an emergency.

Naked Security

Yet another Chrome zero-day emergency update – patch now!

By Paul Ducklin — April 16^th 2022 at 00:33

The third emergency Chrome 0-day in three months - the first one was exploited by North Korea, so you might as well get this one ASAP.

Naked Security

US cryptocurrency coder gets 5 years for North Korea sanctions busting

By Naked Security writer — April 13^th 2022 at 15:52

Cryptocurrency expert didn't take "No" for an answer when the US authorities said he couldn't pursue cryptocoin opps in North Korea.

Naked Security

S3 Ep77: Bugs, busts and old-school PDP-11 hacking [Podcast]

By Paul Ducklin — April 7^th 2022 at 12:24

Latest episode - listen now! Cybersecurity news and advice in plain English.

Naked Security

Serious Security: Darkweb drugs market Hydra taken offline by German police

By Paul Ducklin — April 6^th 2022 at 16:22

Why are Tor sites hard to locate and therefore difficult to take down? We explain in plain English...

Naked Security

LAPSUS$ hacks continue despite two hacker suspects in court

By Paul Ducklin — April 4^th 2022 at 21:36

Do you know where in your company to report security anomalies? If you receive such reports, do you have an efficient way to process them?

Naked Security

UK police arrest 7 hacking suspects – have they bust the LAPSUS$ gang?

By Naked Security writer — March 25^th 2022 at 01:48

Seven alleged hackers have been arrested in the UK. But who are they, and which hacking crew are they from?