Microsoft hit by Storm season – a tale of two semi-zero days

By Paul Ducklin — July 18^th 2023 at 20:59

The first compromise didn't get the crooks as far as they wanted, so they found a second one that did...

Naked Security

Google leaking 2FA secrets – researchers advise against new “account sync” feature for now

By Paul Ducklin — April 26^th 2023 at 17:59

You waited 13 years for this feature in Google Authenticator. Now researchers are advising you to wait a while longer, just in case...

Naked Security

Beware rogue 2FA apps in App Store and Google Play – don’t get hacked!

By Paul Ducklin — February 27^th 2023 at 02:10

Even in Apple's and Google's "walled gardens", there are plenty of 2FA apps that are either dangerously incompetent, or unrepentantly malicious. (Or perhaps both.)

Naked Security

Twitter tells users: Pay up if you want to keep using insecure 2FA

By Paul Ducklin — February 20^th 2023 at 17:58

Ironically, Twitter Blue users will be allowed to keep using the very 2FA process that's not considered secure enough for everyone else.

Naked Security

S3 Ep121: Can you get hacked and then prosecuted for it? [Audio + Text]

By Paul Ducklin — February 9^th 2023 at 19:41

Latest epsiode. Listen now!

Naked Security

Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto

By Paul Ducklin — February 6^th 2023 at 21:53

Hear renowned cybersecurity author Andy Greenberg's thoughtful commentary about the "war on crypto" as we talk to him about his new book...

Naked Security

Dutch suspect locked up for alleged personal data megathefts

By Paul Ducklin — January 26^th 2023 at 22:02

Undercover Austrian "controlled data buy" leads to Amsterdam arrest and ongoing investigation. Suspect is said to steal and sell all sorts of data, including medical records.