Mom’s Meals issues “Notice of Data Event”: What to know and what to do

By Paul Ducklin — August 29^th 2023 at 16:51

It took six months for notifications to start, and we still don't know exactly what went down... but here's our advice on what to do.

Naked Security

“Snakes in airplane mode” – what if your phone says it’s offline but isn’t?

By Paul Ducklin — August 21^st 2023 at 17:45

WYSIWYG is short for "what you see is what you get". Except when it isn't...

Naked Security

Crimeware server used by NetWalker ransomware seized and shut down

By Paul Ducklin — August 14^th 2023 at 19:06

The site was running from 2014 and allegedly raked in more than $20m, which the DOJ is seeking to claw back...

Naked Security

SEC demands four-day disclosure limit for cybersecurity breaches

By Paul Ducklin — July 31^st 2023 at 18:57

When is a ransomware attack a reportable matter? And how long have you got to decide?

Naked Security

S3 Ep145: Bugs With Impressive Names!

By Paul Ducklin — July 27^th 2023 at 18:47

Fascinating fun (with a serious and educational side) - listen now! Full transcript available inside.

Naked Security

S3 Ep142: Putting the X in X-Ops

By Paul Ducklin — July 6^th 2023 at 19:58

How to get all your corporate "Ops" teams working together, with cybersecurity correctness as a guiding light.

s3-ep100-js-1200

Naked Security

S3 Ep141: What was Steve Jobs’s first job?

By Paul Ducklin — June 29^th 2023 at 16:58

Latest episode - listen now! (Full transcript inside.)

Naked Security

Interested in $10,000,000? Ready to turn in the Clop ransomware crew?

By Naked Security writer — June 28^th 2023 at 18:59

Technically, it's "up to $10 million", but it's potentially a LOT of money, nevertheless...

Naked Security

Aussie PM says, “Shut down your phone every 24 hours for 5 mins” – but that’s not enough on its own

By Paul Ducklin — June 23^rd 2023 at 16:10

Don't treat rebooting your phone once a day as a cybersecurity talisman... here are 8 additional tips for better mobile phone security.

Naked Security

Beware bad passwords as attackers co-opt Linux servers into cybercrime

By Paul Ducklin — June 21^st 2023 at 19:50

Did you prevent password-only logins on your SSH servers? On ALL of them? Are you sure about that?

Naked Security

“The Ransomware Documentary” – brand new video series from Sophos starting now!

By Sally Adam — June 21^st 2023 at 18:00

Get the full 360-degree view of ransomware

Ransomware Documentary Graphic Theme_780x480 NS

Naked Security

S3 Ep139: Are password rules like running through rain?

By Paul Ducklin — June 15^th 2023 at 18:43

Latest episode - listen now! (Full transcript inside.)

Naked Security

Gozi banking malware “IT chief” finally jailed after more than 10 years

By Paul Ducklin — June 13^th 2023 at 18:43

Gozi threesome from way back in the late 2000s and early 2010s now all charged, convicted and sentenced. The DOJ got there in the end...

Naked Security

MOVEit zero-day exploit used by data breach gangs: The how, the why, and what to do…

By Paul Ducklin — June 5^th 2023 at 19:59

Little Bobby Tables is back!

mi-1200

Naked Security

Researchers claim Windows “backdoor” affects hundreds of Gigabyte motherboards

By Paul Ducklin — June 2^nd 2023 at 18:56

It's a backdoor, Jim, but not as we know it... here's a sober look at this issue.

Naked Security

S3 Ep137: 16th century crypto skullduggery

By Paul Ducklin — June 1^st 2023 at 16:45

Lots to learn, clearly explained in plain English... listen now! (Full transcript inside.)

s3-ep137-feat-1200

Naked Security

S3 Ep136: Navigating a manic malware maelstrom

By Paul Ducklin — May 25^th 2023 at 16:50

Latest episode - listen now. Full transcript inside...

Naked Security

Ransomware tales: The MitM attack that really had a Man in the Middle

By Paul Ducklin — May 24^th 2023 at 17:59

Another traitorous sysadmin story, this one busted by system logs that gave his game away...

Naked Security

PyPI open-source code repository deals with manic malware maelstrom

By Paul Ducklin — May 23^rd 2023 at 18:45

Controlled outage used to keep malware marauders from gumming up the works. Learn what you can do to help in future...

Naked Security

US offers $10m bounty for Russian ransomware suspect outed in indictment

By Naked Security writer — May 17^th 2023 at 18:40

"Up to $10 million for information that leads to the arrest and/or conviction of this defendant."

Naked Security

Whodunnit? Cybercrook gets 6 years for ransoming his own employer

By Naked Security writer — May 12^th 2023 at 16:15

Not just an active adversary, but a two-faced one, too.

Naked Security

S3 Ep134: It’s a PRIVATE key – the hint is in the name!

By Paul Ducklin — May 11^th 2023 at 14:54

Latest episode - listen now! (Full transcript inside.)

Naked Security

S3 Ep133: Apple takes “tight-lipped” to a whole new level

By Paul Ducklin — May 4^th 2023 at 20:59

Entertaining, educational, and all in plain English 🎧📖

Naked Security

Mac malware-for-hire steals passwords and cryptocoins, sends “crime logs” via Telegram

By Paul Ducklin — April 30^th 2023 at 01:23

These malware peddlers are specifically going after Mac users. The hint's in the name: "Atomic macOS Stealer", or AMOS for short.

Naked Security

VMware patches break-and-enter hole in logging tools: update now!

By Paul Ducklin — April 21^st 2023 at 17:58

You know jolly well/What we're going to say/And that's "Do not delay/Simply do it today."

Naked Security

Attention gamers! Motherboard maker MSI admits to breach, issues “rogue firmware” alert

By Paul Ducklin — April 11^th 2023 at 18:58

Stealing private keys is like getting hold of a medieval monarch's personal signet ring... you get to put an official seal on treasonous material.

Naked Security

Apple zero-day spyware patches extended to cover older Macs, iPhones and iPads

By Paul Ducklin — April 10^th 2023 at 20:20

That double-whammy Apple browser-to-kernel spyware bug combo we wrote up last week? Turns out it applies to all supported Macs and iDevices - patch now!

Naked Security

S3 Ep129: When spyware arrives from someone you trust

By Paul Ducklin — April 6^th 2023 at 14:57

Scanning tools, supply-chain malware, Wi-Fi hacking, and why there should be TWO World Backup Days... listen now!

Naked Security

World Backup Day is here again – 5 tips to keep your precious data safe

By Paul Ducklin — March 31^st 2023 at 01:14

The only backup you will ever regret is the one you didn't make...

Naked Security

Supply chain blunder puts 3CX telephone app users at risk

By Paul Ducklin — March 30^th 2023 at 20:36

Booby-trapped app, apparently signed and shipped by 3CX itself after its source code repository was broken into.

Naked Security

S3 Ep125: When security hardware has security holes [Audio + Text]

By Paul Ducklin — March 9^th 2023 at 18:58

Lastest episode - listen now! (Full transcript inside.)

Naked Security

DoppelPaymer ransomware supsects arrested in Germany and Ukraine

By Naked Security writer — March 6^th 2023 at 16:16

Devices seized, suspects interrogated and arrested, allegedly connected to devastating cyberattack on University Hospital in Düsseldorf.

Naked Security

Feds warn about right Royal ransomware rampage that runs the gamut of TTPs

By Paul Ducklin — March 3^rd 2023 at 19:56

Wondering which cybercrime tools, techniques and procedures to focus on? How about any and all of them?

Naked Security

S3 Ep124: When so-called security apps go rogue [Audio + Text]

By Paul Ducklin — March 2^nd 2023 at 19:40

Rogue software packages. Rogue "sysadmins". Rogue keyloggers. Rogue authenticators. Rogue ROGUES!

s3-ep124-auth--1200

Naked Security

LastPass: Keylogger on home PC led to cracked corporate password vault

By Paul Ducklin — February 28^th 2023 at 02:23

Seems the crooks implanted a keylogger via a vulnerable media app (LastPass politely didn't say which one!) on a developer's home computer.

Naked Security

Dutch police arrest three cyberextortion suspects who allegedly earned millions

By Naked Security writer — February 27^th 2023 at 19:33

Ever paid hush money to crooks who broke into your network? Wondered how much you can trust them?

Naked Security

Beware rogue 2FA apps in App Store and Google Play – don’t get hacked!

By Paul Ducklin — February 27^th 2023 at 02:10

Even in Apple's and Google's "walled gardens", there are plenty of 2FA apps that are either dangerously incompetent, or unrepentantly malicious. (Or perhaps both.)

Naked Security

S3 Ep123: Crypto company compromise kerfuffle [Audio + Text]

By Paul Ducklin — February 23^rd 2023 at 19:58

Latest episode - listen now! Top-notch advice for cybersecurity, both at work and at home.

Naked Security

GoDaddy admits: Crooks hit us with malware, poisoned customer websites

By Paul Ducklin — February 20^th 2023 at 01:36

New report admits that attackers were detected in the network about three months ago, and may have been attacking for about three years.

Naked Security

S3 Ep121: Can you get hacked and then prosecuted for it? [Audio + Text]

By Paul Ducklin — February 9^th 2023 at 19:41

Latest epsiode. Listen now!

Naked Security

VMWare user? Worried about “ESXi ransomware”? Check your patches now!

By Paul Ducklin — February 7^th 2023 at 19:59

To borrow from HHGttG, please DON'T PANIC. But if you are two years out of date with patches, please do ACT NOW!

Naked Security

S3 Ep120: When dud crypto simply won’t let go [Audio + Text]

By Paul Ducklin — February 2^nd 2023 at 17:50

Latest episode - listen now!

Naked Security

Hive ransomware servers shut down at last, says FBI

By Naked Security writer — January 27^th 2023 at 17:58

Unfortunately, you've probably already heard the cliche that "cybercrime abhors a vacuum"...

Naked Security

Microsoft Patch Tuesday: One 0-day; Win 7 and 8.1 get last-ever patches

By Paul Ducklin — January 11^th 2023 at 00:22

Get 'em while they're hot. And get 'em for the very last time, if you still have Windows 7 or 8.1...

Naked Security

Serious Security: How to improve cryptography, resist supply chain attacks, and handle data breaches

By Paul Ducklin — January 4^th 2023 at 19:50

Lessons for us all: improve cryptography, fight cybercrime, own your supply chain... and don't steal my data and then pretend you're sorry.

Naked Security

PyTorch: Machine Learning toolkit pwned from Christmas to New Year

By Paul Ducklin — January 1^st 2023 at 21:36

The bad news: the crooks have your SSH private keys. The good news: only users of the "nightly" build were affected.

Naked Security

S3 Ep115: True crime stories – A day in the life of a cybercrime fighter [Audio + Text]

By Paul Ducklin — December 29^th 2022 at 09:20

Listen now - you'll be alarmed, amused and educated, all in equal measure. (Full transcript in article.)

Naked Security

S3 Ep114: Preventing cyberthreats – stop them before they stop you! [Audio + Text]

By Paul Ducklin — December 22^nd 2022 at 19:56

Join world-renowned expert Fraser Howard, Director of Research at SophosLabs, for this fascinating episode on how to fight cybercrime.

Naked Security

S3 Ep113: Pwning the Windows kernel – the crooks who hoodwinked Microsoft [Audio + Text]

By Paul Ducklin — December 15^th 2022 at 17:10

Return o' the rookit, super-sneaky wireless spyware, credit card skimming, and patches galore. Listen and learn!

Naked Security

S3 Ep112: Data breaches can haunt you more than once! [Audio + Text]

By Paul Ducklin — December 9^th 2022 at 16:46

Breaches, exploits, busts, buffer overflows and bug hunting - entertaining and educational in equal measure.

Naked Security

Credit card skimming – the long and winding road of supply chain failure

By Paul Ducklin — December 8^th 2022 at 19:58

Don't keep calling home to a JavaScript server that closed its doors eight years ago!

Naked Security

The CHRISTMA EXEC network worm – 35 years and counting!

By Paul Ducklin — December 1^st 2022 at 20:35

"Uh-oh, this viruses-and-worms scene could turn out quite troublesome." If only we'd been wrong...

xmas-1200-35-wide

Naked Security

S3 Ep111: The business risk of a sleazy “nudity unfilter” [Audio + Text]

By Paul Ducklin — December 1^st 2022 at 19:58

Latest episode - listen now (or read if you prefer)...

Naked Security

TikTok “Invisible Challenge” porn malware puts us all at risk

By Paul Ducklin — November 29^th 2022 at 19:58

An injury to one is an injury to all. Especially if the other people are part of your social network.

Naked Security

Multimillion dollar CryptoRom scam sites seized, suspects arrested in US

By Paul Ducklin — November 23^rd 2022 at 19:58

Five tips to keep yourself, and your friends and family, out of the clutches of "chopping block" scammers...

cryptorom-1200

Naked Security

S3 Ep107: Eight months to kick out the crooks and you think that’s GOOD? [Audio + Text]

By Paul Ducklin — November 3^rd 2022 at 17:51

Listen now - latest episode - audio plus full transcript

Naked Security

Updates to Apple’s zero-day update story – iPhone and iPad users read this!

By Paul Ducklin — October 28^th 2022 at 18:04

Turns out that Tuesday's zero-day for iOS 16 is Friday's zero-day for iOS 15...

Naked Security

S3 Ep106: Facial recognition without consent – should it be banned?

By Paul Ducklin — October 27^th 2022 at 16:59

Latest episode - listen (or read) now. Teachable moments for X-Ops professionals!

Naked Security

Online ticketing company “See” pwned for 2.5 years by attackers

By Paul Ducklin — October 26^th 2022 at 19:58

Don't be a cybersecurity slowcoach - you need to spot possible attacks as soon as you can.

Naked Security

When cops hack back: Dutch police fleece DEADBOLT criminals (legally!)

By Paul Ducklin — October 21^st 2022 at 18:25

Crooks: Show us the money! Cops: How about you show us the decryption keys first?