Naked Security

Crimeware server used by NetWalker ransomware seized and shut down

The site was running from 2014 and allegedly raked in more than $20m, which the DOJ is seeking to claw back...

Naked Security

“Crocodile of Wall Street” and her husband plead guilty to giant-sized cryptocrimes

Sentences still to be decided, but she could get up to 10 years and he could get as many as 20.

Naked Security

Phone scamming kingpin gets 13 years for running “iSpoof” service

Site marketing video promised total anonymity, but that was a lie. 170 arrested already. Potentially 1000s more to follow.

Naked Security

PHP Packagist supply chain poisoned by hacker “looking for a job”

I pwned you! Gizza job! You know it makes sense!

Naked Security

Hack and enter! The “secure” garage doors that anyone can open from anywhere – what you need to know

Grab a message/Play it back/You've just performed/A big phat hack...

Naked Security

S3 Ep125: When security hardware has security holes [Audio + Text]

Lastest episode - listen now! (Full transcript inside.)

Naked Security

Feds warn about right Royal ransomware rampage that runs the gamut of TTPs

Wondering which cybercrime tools, techniques and procedures to focus on? How about any and all of them?

Naked Security

OpenSSL fixes High Severity data-stealing bug – patch now!

7 memory mismanagements and a timing attack. We explain all the jargon bug terminology in plain English...

Naked Security

S3 Ep120: When dud crypto simply won’t let go [Audio + Text]

Latest episode - listen now!

Naked Security

GitHub code-signing certificates stolen (but will be revoked this week)

There was a breach, so the bad news isn't great, but the good news isn't too bad...

Naked Security

Serious Security: The Samba logon bug caused by outdated crypto

Enjoy our Serious Security deep dive into this real-world example of why cryptographic agility is important!

Naked Security

T-Mobile admits to 37,000,000 customer records stolen by “bad actor”

Once more, it's time for Shakespeare's words: Once more unto the breach...

Naked Security

Naked Security 33 1/3 – Cybersecurity predictions for 2023 and beyond

The problem with anniversaries is that there's an almost infinite number of them every day...

Naked Security

“Suspicious login” scammers up their game – take care at Christmas

A picture is worth 1024 words - we clicked through so you don't have to.

Naked Security

The CHRISTMA EXEC network worm – 35 years and counting!

"Uh-oh, this viruses-and-worms scene could turn out quite troublesome." If only we'd been wrong...

Naked Security

S3 Ep111: The business risk of a sleazy “nudity unfilter” [Audio + Text]

Latest episode - listen now (or read if you prefer)...

Naked Security

Voice-scamming site “iSpoof” seized, 100s arrested in massive crackdown

Those numbers or names that pop up when a call comes up? They're OK as a hint of who's calling, but THEY PROVE NOTHING

Naked Security

How social media scammers buy time to steal your 2FA codes

The warning is hosted on a real Facebook page; the phishing uses HTTPS via a real Google server... but the content is all fake

Naked Security

“Gucci Master” business email scammer Hushpuppi gets 11 years

Learn how to protect yourself from big-money tricksters like the Hushpuppis of the world...

Naked Security

Silk Road drugs market hacker pleads guilty, faces 20 years inside

Jurisprudence isn't like arithmetic... two negatives never make a positive!

Naked Security

Twitter Blue Badge email scams – Don’t fall for them!

That was the week that was...

Naked Security

Serious Security: How randomly (or not) can you shuffle cards?

What if you could guess the next card correctly twice as often as you should?

Naked Security

S3 Ep102.5: “ProxyNotShell” Exchange bugs – an expert speaks [Audio + Text]

Who's affected, what you can do while waiting for Microsoft's patches, and how to plan your threat hunting...

Naked Security

Serious Security: Browser-in-the-browser attacks – watch out for windows that aren’t!

Simple but super-sneaky - use a picture of a browser, and convince people it's real...

Naked Security

Post-quantum cryptography – new algorithm “gone in 60 minutes”

And THIS is why you don't knit your own home-made encryption algorithms and hope no one looks at them.

Naked Security

Facebook 2FA scammers return – this time in just 21 minutes

Last time they arrived 28 minutes after lighting up their fake domain... this time it was just 21 minutes

Naked Security

That didn’t last! Microsoft turns off the Office security it just turned on

An Office anti-malware setting that took more than 20 years to arrive... and fewer than 20 weeks to vanish again.

Naked Security

Facebook 2FA phish arrives just 28 minutes after scam domain created

The crooks hit us up with this phishing email less than half an hour after they activated their new scam domain.

Naked Security

S3 Ep87: Follina, AirTags, ID theft and the Law of Big Numbers [Podcast]

Lastest epsiode - listen now!

Naked Security

Know your enemy! Learn how cybercrime adversaries get in…

Here's how 144 recent attacks actually went down in real life. Don't let this happen to you!

Naked Security

S3 Ep85: Now THAT’S what I call a Microsoft Office exploit! [Podcast]

Latest episode - listen now!

Naked Security

Beware the Smish! Home delivery scams with a professional feel…

Home delivery scams are getting leaner, and meaner, and more likely to "look about right". Here's an example to show you what we mean...

Naked Security

Phishing goes KISS: Don’t let plain and simple messages catch you out!

Sometimes we receive phishing tricks that we grudgingly have to admit are better than average, just because they're uncomplicated.

Naked Security

CISA warning: “Russian actors bypassed 2FA” – what happened and how to avoid it

Don't leave old accounts lying around where someone sketchy could reactivate them.

Naked Security

S3 Ep72: AirTag stalking, web server coding woes and Instascams [Podcast + Transcript]

Latest episode - listen now (or read it, if that's your preference)...

Naked Security

Instagram scammers as busy as ever: passwords and 2FA codes at risk

Instagram scams don't seem to be dying out - we're seeing more variety and trickiness than ever...

Naked Security

S3 Ep71: VMware escapes, PHP holes, WP plugin woes, and scary scams [Podcast + Transcript]

Latest episode - listen now!

Naked Security

Self-styled “Crocodile of Wall Street” arrested with husband over Bitcoin megaheist

The cops say they've recovered 80% of a $72 million cryptocoin heist... but the recovered funds alone are now worth over $4 billion!

Naked Security

At last! Office macros from the internet to be blocked by default

It's been a long time coming, and we're not there yet, but at least Microsoft Office will be a bit safer against macro malware...

Naked Security

Microsoft blocks web installation of its own App Installer files

It's a big deal when a vendor decides to block one of its own "features" for security reasons. Here's why we think it's a good idea.

Naked Security

Coronavirus SMS scam offers home PCR testing devices – don’t fall for it!

Free home PCR devices would be technological marvels, and really useful, too. But there aren't any...

Naked Security

Wormable Windows HTTP hole – what you need to know

One bug in the January 2022 Patch Tuesday list is getting lots of attention: "HTTP Protocol Stack Remote Code Execution Vulnerability".

Naked Security

Instagram copyright infringment scams – don’t get sucked in!

We deconstructed a copyright phish so you don't have to. Be warned: the crooks are getting better at these scams...

Naked Security

Plundered bitcoins recovered by FBI – all 3,879-and-one-sixth of them!

Phew! An audacious crime... that didn't work out.

Naked Security

IoT devices must “protect consumers from cyberharm”, says UK government

"Must be at least THIS tall to go on ride" seems to be the starting point. Too little, too late? Or better than nothing?

Naked Security

Black Friday and Cyber Monday – here’s what you REALLY need to do!

The world fills up with cybersecurity tips every year when Black Friday comes round. But what about the rest of the year?

Naked Security

“Customer complaint” email scam preys on your fear of getting into trouble at work

Stop. Think. Connect. Don't let the crooks trick you into acting in haste.

Naked Security

S3 Ep56: Cryptotrading rodent, ransomware hackback, and a Docusign phish [Podcast]

Latest episode - listen now! Serious security explained with personality in plain English.

Naked Security

Banking scam uses Docusign phish to thieve 2FA codes

999 people in 1000 will know this is a phish straight off the bat. But for 1 in 1000 it will be plausible at first sight...

Naked Security

Listen up 2 – CYBERSECURITY FIRST! How to protect yourself from supply chain attacks

Everyone remembers this year's big-news supply chain attacks on Kaseya and SolarWinds. Sophos expert Chester Wisniewski explains how to control the risk.

Naked Security

S3 Ep54: Another 0-day, double Apache patch, and Fight The Phish [Podcast]

Latest episode - listen now!