FreshRSS

πŸ”’
β–³ πŸ”ƒ
☐ β˜† βœ‡ Naked Security

Update on Naked Security

By Naked Security writer β€” September 26th 2023 at 10:00
To consolidate all of our security intelligence and news in one location, we have migrated Naked Security to the Sophos News platform.

Naked Security

☐ β˜† βœ‡ Naked Security

Mom’s Meals issues β€œNotice of Data Event”: What to know and what to do

By Paul Ducklin β€” August 29th 2023 at 16:51
It took six months for notifications to start, and we still don't know exactly what went down... but here's our advice on what to do.

☐ β˜† βœ‡ Naked Security

S3 Ep149: How many cryptographers does it take to change a light bulb?

By Paul Ducklin β€” August 24th 2023 at 18:50
Latest episode - listen now! Full transcript inside...

☐ β˜† βœ‡ Naked Security

Using WinRAR? Be sure to patch against these code execution bugs…

By Paul Ducklin β€” August 23rd 2023 at 19:55
Imagine if you clicked on a harmless-looking image, but an unknown application fired up instead...

☐ β˜† βœ‡ Naked Security

Smart light bulbs could give away your password secrets

By Paul Ducklin β€” August 22nd 2023 at 19:56
Cryptography isn't just about secrecy. You need to take care of authenticity (no imposters!) and integrity (no tampering!) as well.

☐ β˜† βœ‡ Naked Security

β€œSnakes in airplane mode” – what if your phone says it’s offline but isn’t?

By Paul Ducklin β€” August 21st 2023 at 17:45
WYSIWYG is short for "what you see is what you get". Except when it isn't...

☐ β˜† βœ‡ Naked Security

S3 Ep148: Remembering crypto heroes

By Paul Ducklin β€” August 17th 2023 at 19:43
Celebrating the true crypto bros. Listen now (full transcript available).

☐ β˜† βœ‡ Naked Security

FBI warns about scams that lure you in as a mobile beta-tester

By Paul Ducklin β€” August 16th 2023 at 18:57
Apps on your iPhone must come from the App Store. Except when they don't... we explain what to look out for.

☐ β˜† βœ‡ Naked Security

β€œGrab hold and give it a wiggle” – ATM card skimming is still a thing

By Paul Ducklin β€” August 14th 2023 at 23:18
The rise of tap-to-pay and chip-and-PIN hasn't rid the world of ATM card skimming criminals...

☐ β˜† βœ‡ Naked Security

Crimeware server used by NetWalker ransomware seized and shut down

By Paul Ducklin β€” August 14th 2023 at 19:06
The site was running from 2014 and allegedly raked in more than $20m, which the DOJ is seeking to claw back...

☐ β˜† βœ‡ Naked Security

S3 Ep147: What if you type in your password during a meeting?

By Paul Ducklin β€” August 10th 2023 at 13:34
Latest episode - listen now! (Full transcript inside.)

☐ β˜† βœ‡ Naked Security

Microsoft Patch Tuesday: 74 CVEs plus 2 β€œExploit Detected” advisories

By Paul Ducklin β€” August 9th 2023 at 20:34
74 CVEs, and two "Exploitation Detected" advisories, which are nearly but not quite the same as 0-days. Also, two potential Teams treacheries that you really want to fix.

☐ β˜† βœ‡ Naked Security

Serious Security: Why learning to touch-type could protect you from audio snooping

By Paul Ducklin β€” August 8th 2023 at 18:51
Fast, quiet, smooth, consistent and low impact... why true hacker-grade touch-typing might keep you more secure.

☐ β˜† βœ‡ Naked Security

β€œCrocodile of Wall Street” and her husband plead guilty to giant-sized cryptocrimes

By Paul Ducklin β€” August 4th 2023 at 16:52
Sentences still to be decided, but she could get up to 10 years and he could get as many as 20.

☐ β˜† βœ‡ Naked Security

S3 Ep146: Tell us about that breach! (If you want to.)

By Paul Ducklin β€” August 3rd 2023 at 17:56
Serious security stories explained clearly in plain English - listen now. (Full transcript available.)

☐ β˜† βœ‡ Naked Security

Performance and security clash yet again in β€œCollide+Power” attack

By Paul Ducklin β€” August 2nd 2023 at 23:36
It's a real vulnerability, but the data leakage rate can be as low as... let's just say that an IMAX-quality copy of the new "Oppenheimer" movie could take you 4 billion years to exfiltrate.

☐ β˜† βœ‡ Naked Security

Firefox fixes a flurry of flaws in the first of two releases this month

By Paul Ducklin β€” August 1st 2023 at 19:28
No zero-days, but some interesting patches with their very own "teachable moments".

Firefox

☐ β˜† βœ‡ Naked Security

SEC demands four-day disclosure limit for cybersecurity breaches

By Paul Ducklin β€” July 31st 2023 at 18:57
When is a ransomware attack a reportable matter? And how long have you got to decide?

☐ β˜† βœ‡ Naked Security

S3 Ep145: Bugs With Impressive Names!

By Paul Ducklin β€” July 27th 2023 at 18:47
Fascinating fun (with a serious and educational side) - listen now! Full transcript available inside.

☐ β˜† βœ‡ Naked Security

Zenbleed: How the quest for CPU performance could put your passwords at risk

By Paul Ducklin β€” July 26th 2023 at 19:01
You need to turn on a special setting to stop (the code you wrote to stop [the code you wrote to improve performance] from reducing performance) from reducing security.

☐ β˜† βœ‡ Naked Security

Apple ships that recent β€œRapid Response” spyware patch to everyone, fixes a second zero-day

By Paul Ducklin β€” July 24th 2023 at 23:18
Another month, another patch for in-the-wild iPhone malware (and a whole lot more).

☐ β˜† βœ‡ Naked Security

Hacking police radios: 30-year-old crypto flaws in the spotlight

By Paul Ducklin β€” July 24th 2023 at 16:59
"Three may keep a secret, if two of them are dead."

☐ β˜† βœ‡ Naked Security

S3 Ep144: When threat hunting goes down a rabbit hole

By Paul Ducklin β€” July 20th 2023 at 14:58
Latest episode - check it out now!

☐ β˜† βœ‡ Naked Security

Google Virus Total leaks list of spooky email addresses

By Paul Ducklin β€” July 18th 2023 at 23:16
Careful with that file, Eugene!

☐ β˜† βœ‡ Naked Security

Microsoft hit by Storm season – a tale of two semi-zero days

By Paul Ducklin β€” July 18th 2023 at 20:59
The first compromise didn't get the crooks as far as they wanted, so they found a second one that did...

☐ β˜† βœ‡ Naked Security

Zimbra Collaboration Suite warning: Patch this 0-day right now (by hand)!

By Paul Ducklin β€” July 14th 2023 at 19:58
Zimbra didn't actually say, "Do not delay/Do it today," but they did say, "We kindly request your cooperation to apply the fix manually."

☐ β˜† βœ‡ Naked Security

S3 Ep143: Supercookie surveillance shenanigans

By Paul Ducklin β€” July 13th 2023 at 16:48
Latest episode - listen now! (Full transcript inside.)

☐ β˜† βœ‡ Naked Security

Microsoft patches four zero-days, finally takes action against crimeware kernel drivers

By Paul Ducklin β€” July 12th 2023 at 18:57
Here's a brief reminder to do two things. The first is to patch. The second is to read up why it's a good idea to patch...

☐ β˜† βœ‡ Naked Security

Apple silently pulls its latest zero-day update – what now?

By Paul Ducklin β€” July 11th 2023 at 15:21
Previously, we said "do it today", but now we're forced back on: "Do not delay; do it as soon as Apple and your device will let you."

☐ β˜† βœ‡ Naked Security

Urgent! Apple fixes critical zero-day hole in iPhones, iPads and Macs

By Paul Ducklin β€” July 10th 2023 at 23:12
Don't delay, do it today. This is a code-implantation bug in WebKit that attackers already know how to exploit.

☐ β˜† βœ‡ Naked Security

Serious Security: Rowhammer returns to gaslight your computer

By Paul Ducklin β€” July 10th 2023 at 21:22
Gaslights produce a telltale flicker when nearby lamps are lit; DRAM values do something similar when nearby memory cells are accessed.

☐ β˜† βœ‡ Naked Security

S3 Ep142: Putting the X in X-Ops

By Paul Ducklin β€” July 6th 2023 at 19:58
How to get all your corporate "Ops" teams working together, with cybersecurity correctness as a guiding light.

s3-ep100-js-1200

☐ β˜† βœ‡ Naked Security

Firefox 115 is out, says farewell to users of older Windows and Mac versions

By Paul Ducklin β€” July 5th 2023 at 18:58
No zero-days this month, so you're patching to stay ahead, not merely to catch up!

☐ β˜† βœ‡ Naked Security

Ghostscript bug could allow rogue documents to run system commands

By Paul Ducklin β€” July 4th 2023 at 17:57
Even if you've never heard of the venerable Ghostscript project, you may have it installed without knowing.

☐ β˜† βœ‡ Naked Security

WordPress plugin lets users become admins – Patch early, patch often!

By Paul Ducklin β€” July 3rd 2023 at 16:48
Ultimate Member plugin lets rogue users choose their own site capabilities, including becoming admins.

☐ β˜† βœ‡ Naked Security

S3 Ep141: What was Steve Jobs’s first job?

By Paul Ducklin β€” June 29th 2023 at 16:58
Latest episode - listen now! (Full transcript inside.)

☐ β˜† βœ‡ Naked Security

Interested in $10,000,000? Ready to turn in the Clop ransomware crew?

By Naked Security writer β€” June 28th 2023 at 18:59
Technically, it's "up to $10 million", but it's potentially a LOT of money, nevertheless...

☐ β˜† βœ‡ Naked Security

UK hacker busted in Spain gets 5 years over Twitter hack and more

By Naked Security writer β€” June 26th 2023 at 18:35
Not just that infamous Twitter hack, but SIM-swapping, stalking and swatting too...

☐ β˜† βœ‡ Naked Security

Aussie PM says, β€œShut down your phone every 24 hours for 5 mins” – but that’s not enough on its own

By Paul Ducklin β€” June 23rd 2023 at 16:10
Don't treat rebooting your phone once a day as a cybersecurity talisman... here are 8 additional tips for better mobile phone security.

☐ β˜† βœ‡ Naked Security

S3 Ep140: So you think you know ransomware?

By Paul Ducklin β€” June 22nd 2023 at 16:48
Lots to learn this week - listen now! (Full transcript inside.)

☐ β˜† βœ‡ Naked Security

Apple patch fixes zero-day kernel hole reported by Kaspersky – update now!

By Paul Ducklin β€” June 22nd 2023 at 00:36
Apple didn't use the words "Triangulation Trojan", but you probably will.

☐ β˜† βœ‡ Naked Security

Beware bad passwords as attackers co-opt Linux servers into cybercrime

By Paul Ducklin β€” June 21st 2023 at 19:50
Did you prevent password-only logins on your SSH servers? On ALL of them? Are you sure about that?

☐ β˜† βœ‡ Naked Security

β€œThe Ransomware Documentary” – brand new video series from Sophos starting now!

By Sally Adam β€” June 21st 2023 at 18:00
Get the full 360-degree view of ransomware

Ransomware Documentary Graphic Theme_780x480 NS

☐ β˜† βœ‡ Naked Security

ASUS warns router customers: Patch now, or block all inbound requests

By Paul Ducklin β€” June 20th 2023 at 18:14
"Do as we say, not as we do!" - The patches took ages to come out, but don't let that lure you into taking ages to install them.

☐ β˜† βœ‡ Naked Security

Megaupload duo will go to prison at last, but Kim Dotcom fights on…

By Paul Ducklin β€” June 19th 2023 at 18:59
One, sadly, has died, and two are heading to prison, but for Kim Dotcom, the saga goes on...

☐ β˜† βœ‡ Naked Security

MOVEit mayhem 3: β€œDisable HTTP and HTTPS traffic immediately”

By Paul Ducklin β€” June 15th 2023 at 22:10
Twice more unto the breach... third patch tested and released, shut down web access until you've applied it

mi-1200

☐ β˜† βœ‡ Naked Security

S3 Ep139: Are password rules like running through rain?

By Paul Ducklin β€” June 15th 2023 at 18:43
Latest episode - listen now! (Full transcript inside.)

☐ β˜† βœ‡ Naked Security

Patch Tuesday fixes 4 critical RCE bugs, and a bunch of Office holes

By Paul Ducklin β€” June 13th 2023 at 23:32
No zero-days this month, if you ignore the Edge RCE hole patched last week

☐ β˜† βœ‡ Naked Security

Gozi banking malware β€œIT chief” finally jailed after more than 10 years

By Paul Ducklin β€” June 13th 2023 at 18:43
Gozi threesome from way back in the late 2000s and early 2010s now all charged, convicted and sentenced. The DOJ got there in the end...

☐ β˜† βœ‡ Naked Security

History revisited: US DOJ unseals Mt. Gox cybercrime charges

By Naked Security writer β€” June 12th 2023 at 16:58
Though the mills of the Law grind slowly/Yet they grind exceeding small/Though with patience they stand waiting/With exactness grind they all...

☐ β˜† βœ‡ Naked Security

More MOVEit mitigations: new patches published for further protection

By Paul Ducklin β€” June 9th 2023 at 21:54
Good news... more patches, this time available proactively

☐ β˜† βœ‡ Naked Security

Thoughts on scheduled password changes (don’t call them rotations!)

By Paul Ducklin β€” June 9th 2023 at 18:58
Does swapping your password regularly make it a better password?

☐ β˜† βœ‡ Naked Security

S3 Ep138: I like to MOVEit, MOVEit

By Paul Ducklin β€” June 8th 2023 at 16:56
Backdoors, exploits, and Little Bobby Tables. Listen now! (Full transcript available...)

s3-ep138-1200

☐ β˜† βœ‡ Naked Security

Firefox 114 is out: No 0-days, but one fascinating β€œteachable moment” bug

By Paul Ducklin β€” June 7th 2023 at 19:59
With the right (or wrong, if you're on the right side of the fence) timing...

☐ β˜† βœ‡ Naked Security

Chrome and Edge zero-day: β€œThis exploit is in the wild”, so check your versions now

By Paul Ducklin β€” June 6th 2023 at 18:28
Chrome and Edge 0-days patched.

☐ β˜† βœ‡ Naked Security

MOVEit zero-day exploit used by data breach gangs: The how, the why, and what to do…

By Paul Ducklin β€” June 5th 2023 at 19:59
Little Bobby Tables is back!

mi-1200

☐ β˜† βœ‡ Naked Security

Researchers claim Windows β€œbackdoor” affects hundreds of Gigabyte motherboards

By Paul Ducklin β€” June 2nd 2023 at 18:56
It's a backdoor, Jim, but not as we know it... here's a sober look at this issue.

☐ β˜† βœ‡ Naked Security

S3 Ep137: 16th century crypto skullduggery

By Paul Ducklin β€” June 1st 2023 at 16:45
Lots to learn, clearly explained in plain English... listen now! (Full transcript inside.)

s3-ep137-feat-1200

☐ β˜† βœ‡ Naked Security

Serious Security: That KeePass β€œmaster password crack”, and what we can learn from it

By Paul Ducklin β€” May 31st 2023 at 19:39
Here, in an admittedly discursive nutshell, is the fascinating story of CVE-2023-32784. (Short version: Don't panic.)

☐ β˜† βœ‡ Naked Security

Serious Security: Verification is vital – examining an OAUTH login bug

By Paul Ducklin β€” May 30th 2023 at 16:59
What good is a popup asking for your approval if an attacker can bypass it simply by suppressing it?

❌