Naked Security

S3 Ep136: Navigating a manic malware maelstrom

Latest episode - listen now. Full transcript inside...

Naked Security

PyPI open-source code repository deals with manic malware maelstrom

Controlled outage used to keep malware marauders from gumming up the works. Learn what you can do to help in future...

Naked Security

PHP Packagist supply chain poisoned by hacker “looking for a job”

I pwned you! Gizza job! You know it makes sense!

Naked Security

Attention gamers! Motherboard maker MSI admits to breach, issues “rogue firmware” alert

Stealing private keys is like getting hold of a medieval monarch's personal signet ring... you get to put an official seal on treasonous material.

Naked Security

S3 Ep129: When spyware arrives from someone you trust

Scanning tools, supply-chain malware, Wi-Fi hacking, and why there should be TWO World Backup Days... listen now!

Naked Security

Supply chain blunder puts 3CX telephone app users at risk

Booby-trapped app, apparently signed and shipped by 3CX itself after its source code repository was broken into.

Naked Security

S3 Ep113: Pwning the Windows kernel – the crooks who hoodwinked Microsoft [Audio + Text]

Return o' the rookit, super-sneaky wireless spyware, credit card skimming, and patches galore. Listen and learn!

Naked Security

TikTok “Invisible Challenge” porn malware puts us all at risk

An injury to one is an injury to all. Especially if the other people are part of your social network.

Naked Security

GitHub blighted by “researcher” who created thousands of malicious projects

If you spew projects laced with hidden malware into an open source repository, don't waste your time telling us "no harm done" afterwards.

Naked Security

Poisoned Python and PHP packages purloin passwords for AWS access

More supply chain trouble - this time with clear examples so you can learn how to spot this stuff yourself.

Naked Security

RubyGems supply chain rip-and-replace bug fixed – check your logs!

Imagine if you could assume the identity of, say, Franklin Delano Roosevelt simply by showing up and calling yourself "Frank".

Naked Security

GitHub issues final report on supply-chain source code intrusions

Learn how to find out which apps you've given access rights to, and how to revoke those rights immediately in an emergency.

Naked Security

Beanstalk cryptocurrency heist: scammer votes himself all the money

Voting safeguards based on commuity collateral don't work if one person can use a momentary loan to "become" 75% of the community.

Naked Security

Wormhole cryptotrading company turns over $340,000,000 to criminals

It was the best of blockchains, it was the worst of blockchains... as Charles Dickens might have said.

Naked Security

S3 Ep65: Supply chain conniption, NetUSB hole, Honda flashback, FTC muscle [Podcast + Transcript]

Latest episode -listen to it or read it now!

Naked Security

JavaScript developer destroys own projects in supply chain “lesson”

Two popular open source JavaScript packages recently got "hacked" in a symbolic gesture by the original project creator.

Naked Security

Listen up 2 – CYBERSECURITY FIRST! How to protect yourself from supply chain attacks

Everyone remembers this year's big-news supply chain attacks on Kaseya and SolarWinds. Sophos expert Chester Wisniewski explains how to control the risk.