Critical Flaws Found In Four Cisco SMB Router Ranges

August 5^th 2022 at 14:28

News ≈ Packet Storm

Huge Flaw Threatens US Emergency Alert System, DHS Researcher Warns

August 5^th 2022 at 14:28

News ≈ Packet Storm

VMWare Urges Users To Patch Critical Authentication Bypass Bug

August 4^th 2022 at 14:11

Naked Security

GitHub blighted by “researcher” who created thousands of malicious projects

By Paul Ducklin — August 3^rd 2022 at 23:06

If you spew projects laced with hidden malware into an open source repository, don't waste your time telling us "no harm done" afterwards.

News ≈ Packet Storm

Post-Quantum Encryption Contender Is Taken Out By Single-Core PC And 1 Hour

August 2^nd 2022 at 13:46

News ≈ Packet Storm

Threat Actors Pivot Around Microsoft's Macro-Blocking In Office

July 29^th 2022 at 13:56

Naked Security

S3 Ep93: Office security, breach costs, and leisurely patches [Audio + Text]

By Paul Ducklin — July 28^th 2022 at 15:47

Latest episode - listen now!

News ≈ Packet Storm

FileWave Fixes Bugs That Left 1,000+ Orgs Open To Ransomware

July 28^th 2022 at 14:39

News ≈ Packet Storm

Inside The Energy Department's 10-Year Plan To Reshape Cybersecurity In The Sector

July 28^th 2022 at 14:39

News ≈ Packet Storm

Time Between Vulnerability Disclosures To Exploits Is Shrinking

July 27^th 2022 at 17:15

Naked Security

T-Mobile to cough up $500 million over 2021 data breach

By Paul Ducklin — July 25^th 2022 at 16:20

Technically, it's not a fine, and the lawyers will get a big chunk of it. But it still adds up to a half-billion-dollar data breach.

News ≈ Packet Storm

Hardcoded Password In Confluence Has Been Leaked On Twitter

July 25^th 2022 at 15:45

News ≈ Packet Storm

Microsoft Again Reverses Course, Will Block Macros By Default

July 25^th 2022 at 15:45

News ≈ Packet Storm

Atlassian Reveals Critical Flaws In Almost Everything It Makes And Touches

July 21^st 2022 at 20:18

News ≈ Packet Storm

Critical Flaws In GPS Tracker Enable Life Threatening Hacks

July 20^th 2022 at 16:38

Naked Security

Last member of Gozi malware troika arrives in US for criminal trial

By Paul Ducklin — July 20^th 2022 at 14:56

His co-conspirators went into and got out of prison years ago, while he remained free. Now the tables have turned...

News ≈ Packet Storm

Industrial Control System Password Cracker May Be Bad, Actually

July 19^th 2022 at 14:50

News ≈ Packet Storm

Servers Running Digium Phones VoIP Software Are Getting Backdoored

July 19^th 2022 at 14:49

News ≈ Packet Storm

Microsoft's Latest Security Patch Troubles Windows 11 Users

July 18^th 2022 at 16:28

News ≈ Packet Storm

Windows Network File System Flaw Results In Arbitrary Code Execution As SYSTEM

July 15^th 2022 at 14:54

Naked Security

S3 Ep91: CodeRed, OpenSSL, Java bugs, Office macros [Audio + Text]

By Paul Ducklin — July 14^th 2022 at 18:47

Latest episode - listen now! Great discussion, technical content, solid advice... all covered in plain English.

News ≈ Packet Storm

New Spectre-Type Retbleed Vulnerability Drops. Will Attackers Use It?

July 13^th 2022 at 17:25

News ≈ Packet Storm

X.org Servers Update Closes 2 Security Holes

July 13^th 2022 at 17:24

News ≈ Packet Storm

Microsoft's July Patch Tuesday Fixes Actively Exploited Bug

July 13^th 2022 at 17:24

News ≈ Packet Storm

Amazon Squashes Years-Old Authentication Bugs In AWS Kubernetes Service

July 12^th 2022 at 20:00

Naked Security

Paying ransomware crooks won’t reduce your legal risk, warns regulator

By Paul Ducklin — July 12^th 2022 at 18:24

"We paid the crooks to keep things under control and make a bad thing better"... isn't a valid excuse. Who knew?

News ≈ Packet Storm

Microsoft Pauses Once Touted Macro Security Change

July 11^th 2022 at 14:07

News ≈ Packet Storm

Hackers Say They Can Unlock And Start Honda Cars Remotely

July 11^th 2022 at 14:07

Naked Security

S3 Ep90: Chrome 0-day again, True Cybercrime, and a 2FA bypass [Podcast + Transcript]

By Paul Ducklin — July 7^th 2022 at 18:46

Listen now! Or read if you prefer...

News ≈ Packet Storm

Hack Allows Drone Takeover Via ExpressLRS Protocol

July 7^th 2022 at 13:05

News ≈ Packet Storm

Google: Half Of Zero-Day Exploits Linked To Poor Software Fixes

July 5^th 2022 at 13:58

News ≈ Packet Storm

What To Do About Inherent Security Flaws In Critical Infrastructure?

July 4^th 2022 at 14:18

Naked Security

Canadian cybercriminal pleads guilty to “NetWalker” attacks in US

By Paul Ducklin — July 4^th 2022 at 14:09

Bust in Canada, now bust in the USA as well.

Naked Security

“Missing Cryptoqueen” hits the FBI’s Ten Most Wanted list

By Paul Ducklin — July 1^st 2022 at 16:49

The "Missing Cryptoqueen" makes the American Top Ten... but not in a good way.

News ≈ Packet Storm

Jenkins Warns Of Security Holes In These 25 Plugins

July 1^st 2022 at 14:34

News ≈ Packet Storm

Leaky Access Tokens Exposed Amazon Photos Of Users

June 30^th 2022 at 15:43

Naked Security

S3 Ep89: Sextortion, blockchain blunder, and an OpenSSL bugfix [Podcast + Transcript]

By Paul Ducklin — June 30^th 2022 at 12:57

Latest episode - listen and read now! Use our advice to advise your own friends and family... let's all do our bit to stand up to scammers!

News ≈ Packet Storm

Patchable And Preventable Security Issues Lead Causes Of Q1 Attacks

June 29^th 2022 at 19:55

News ≈ Packet Storm

Mitel VoIP Bug Exploited In Ransomware Attacks

June 28^th 2022 at 15:02

Naked Security

FTC warns of LGBTQ+ extortion scams – be aware before you share!

By Paul Ducklin — June 27^th 2022 at 14:58

It's a simple jingle and it's solid advice: "If in doubt, don't give it out!"

News ≈ Packet Storm

CISA Warns Over Software Flaws In Industrial Control Systems

June 23^rd 2022 at 16:14

News ≈ Packet Storm

Fancy Bear Uses Nuke Threat Lure To Exploit 1-Click Bug

June 23^rd 2022 at 16:14

News ≈ Packet Storm

NSA, CISA Say: Don't Block PowerShell, Here's What To Do Instead

June 23^rd 2022 at 16:14

Naked Security

S3 Ep88: Phone scammers, hacking bust, and data breach fines [Podcast + Transcript]

By Paul Ducklin — June 23^rd 2022 at 11:08

Latest epsiode - listen (or read) now!

News ≈ Packet Storm

Mega Says It Can't Decrypt Your Files. New POC Exploit Shows Different

June 22^nd 2022 at 15:01

Naked Security

Capital One identity theft hacker finally gets convicted

By Paul Ducklin — June 21^st 2022 at 15:24

It took three years, but the Capital One cracker was convicted in the end. Don't get caught out in a data breach of your own!

Naked Security

Interpol busts 2000 suspects in phone scamming takedown

By Paul Ducklin — June 20^th 2022 at 18:10

Friends don't let friends get scammed. Not everyone knows how typical scams unfold, so here are some real-world examples...

Naked Security

Murder suspect admits she tracked cheating partner with hidden AirTag

By Paul Ducklin — June 14^th 2022 at 18:49

O! What a tangled web we weave, when first we practise to deceive.

Naked Security

SSNDOB Market domains seized, identity theft “brokerage” shut down

By Paul Ducklin — June 8^th 2022 at 14:53

The online identity "brokerage" SSNDOB Market didn't want people to be in any doubt what it was selling.

Naked Security

S3 Ep83: Cracking passwords, patching Firefox, and Apple vulns [Podcast]

By Paul Ducklin — May 19^th 2022 at 13:56

Latest episode - listen now!

Naked Security

He sold cracked passwords for a living – now he’s serving 4 years in prison

By Paul Ducklin — May 13^th 2022 at 18:31

Crooks don't need a password for every user on your network to break in and wreak havoc. One could be enough...

Naked Security

Ransomware Survey 2022 – like the Curate’s Egg, “good in parts”

By Paul Ducklin — April 27^th 2022 at 15:22

You might not like the headline statistics in this year's ransomware report... but that makes it even more important to take a look!

Naked Security

S3 Ep79: Chrome hole, a bad place for a cybersecurity holiday, and crypto-dodginess [Podcast]

By Paul Ducklin — April 21^st 2022 at 13:41

Do you know your Adam Osborne from your John Osbourne? Your Z80 from your 6502? Latest episode - listen now!

Naked Security

US cryptocurrency coder gets 5 years for North Korea sanctions busting

By Naked Security writer — April 13^th 2022 at 15:52

Cryptocurrency expert didn't take "No" for an answer when the US authorities said he couldn't pursue cryptocoin opps in North Korea.

Naked Security

S3 Ep77: Bugs, busts and old-school PDP-11 hacking [Podcast]

By Paul Ducklin — April 7^th 2022 at 12:24

Latest episode - listen now! Cybersecurity news and advice in plain English.

Naked Security

Serious Security: Darkweb drugs market Hydra taken offline by German police

By Paul Ducklin — April 6^th 2022 at 16:22

Why are Tor sites hard to locate and therefore difficult to take down? We explain in plain English...

Naked Security

LAPSUS$ hacks continue despite two hacker suspects in court

By Paul Ducklin — April 4^th 2022 at 21:36

Do you know where in your company to report security anomalies? If you receive such reports, do you have an efficient way to process them?

Naked Security

S3 Ep76: Deadbolt, LAPSUS$, Zlib, and a Chrome 0-day [Podcast]

By Paul Ducklin — March 31^st 2022 at 13:38

Latest episode - listen now!

Naked Security

UK police arrest 7 hacking suspects – have they bust the LAPSUS$ gang?

By Naked Security writer — March 25^th 2022 at 01:48

Seven alleged hackers have been arrested in the UK. But who are they, and which hacking crew are they from?

Naked Security

S3 Ep74: Cybercrime busts, Apple patches, Pi Day, and disconnect effects [Podcast]

By Paul Ducklin — March 17^th 2022 at 13:32

Latest episode - listen now!