Category: Naked Security – Sophos

Chester Wisniewski on what we can learn from Uber: “Just because a big company didn’t have the security they should doesn’t mean you can’t.” This article has been indexed from Naked Security – Sophos Read the original article: S3 Ep100.5:…

Read more →

Uber is all over the news for a widely-publicised data breach. We help you answer the question, “How do I stop this happening to me?” This article has been indexed from Naked Security – Sophos Read the original article: UBER…

Read more →

Latest episode – listen now! Cosmic rockets, zero-days, spotting cybercrooks, and unlocking the DEADBOLT… This article has been indexed from Naked Security – Sophos Read the original article: S3 Ep100: Browser-in-the-Browser – how to spot an attack [Audio + Text]

Read more →

Latest episode – listen now! Cosmic rockets, zero-days, tracking cybercrooks, and unlocking the DEADBOLT… This article has been indexed from Naked Security – Sophos Read the original article: S3 Ep100: Imagine you went to the moon – how would you…

Read more →

It sounds like a scam that could never work: use a picture of browser and convince the user it’s a real browser. You might be surprised… This article has been indexed from Naked Security – Sophos Read the original article:…

Read more →

Five updates, one upgrade, plus two zero-days. Patch your Macs, iPhones and iPads as soon as you can (again)… This article has been indexed from Naked Security – Sophos Read the original article: Apple patches zero-day holes – even in…

Read more →

Five updates, one upgrade, plus a zero-day. Patch your Macs, iPhones and iPads as soon as you can (again)… This article has been indexed from Naked Security – Sophos Read the original article: Apple patches a zero-day hole – even…

Read more →

Heartfelt encouragement to embrace RFC 3339 – find out why! This article has been indexed from Naked Security – Sophos Read the original article: How to deal with dates and times without any timezone tantrums…

Read more →

Latest episode – listen now! (Or read if you prefer – full transcript inside.) This article has been indexed from Naked Security – Sophos Read the original article: S3 Ep99: TikTok “attack” – was there a data breach, or not?…

Read more →

NAS devices make it easy for anyone to add high-capacity file servers to their network. Guess why cybercrooks love NAS devices too… This article has been indexed from Naked Security – Sophos Read the original article: DEADBOLT ransomware rears its…

Read more →

This time, the crooks got there first – only 1 security hole patched, but it’s a zero-day. This article has been indexed from Naked Security – Sophos Read the original article: Chrome and Edge fix zero-day security hole – update…

Read more →

This time, the crooks got there first – only 1 security hole patched, but it’s a zero-day. This article has been indexed from Naked Security – Sophos Read the original article: Chrome fixes 0-day security hole reported anonymously – update…

Read more →

This site, like millions of others, has a certificate from Let’s Encrypt. Farewell, Peter Eckersley, PhD, who helped make it all possible. This article has been indexed from Naked Security – Sophos Read the original article: Peter Eckersley, co-creator of…

Read more →

Latest episode – listen now! This article has been indexed from Naked Security – Sophos Read the original article: S3 Ep98: The LastPass saga – should we stop using password managers? [Audio + Text]

Read more →

Patch as soon as you can – that recent WebKit zero-day affecting new iPhones and iPads is apparently being used against older models, too. This article has been indexed from Naked Security – Sophos Read the original article: URGENT! Apple…

Read more →

Patch as soon as you can – that recent WebKit zero-day affecting new iPhones is apparently being used against older models, too. This article has been indexed from Naked Security – Sophos Read the original article: URGENT! Apple quietly slips…

Read more →

24 existing bugs fixed. And, we hope, numerous potential future bugs prevented. This article has been indexed from Naked Security – Sophos Read the original article: Chrome patches 24 security holes, enables “Sanitizer” safety system

Read more →

How to get the better of bugs in all the possible packages in your supply chain? This article has been indexed from Naked Security – Sophos Read the original article: JavaScript bugs aplenty in Node.js ecosystem – found automatically

Read more →

What does the recent LastPass breach mean for password managers? Just a bump in the road, or a reason to ditch them entirely? This article has been indexed from Naked Security – Sophos Read the original article: LastPass source code…

Read more →

Two trust-spoofing bugs were the main culprits this month – but neither one was a zero-day. This article has been indexed from Naked Security – Sophos Read the original article: Firefox 104 is out – no critical bugs, but update…

Read more →

Latest episode – listen now! (Or read the transcript if you prefer the text version.) This article has been indexed from Naked Security – Sophos Read the original article: S3 Ep97: Did your iPhone get pwned? How would you know?…

Read more →

One bit per second makes the Voyager probe data rate seem blindingly fast. But it’s enough to break your security assumptions… This article has been indexed from Naked Security – Sophos Read the original article: Breaching airgap security: using your…

Read more →

The criminals didn’t implant any malware. The attack was orchestrated via malevolent configuration changes. This article has been indexed from Naked Security – Sophos Read the original article: Bitcoin ATMs leeched by attackers who created fake admin accounts

Read more →

We haven’t validated this vuln ourselves… but the source of the story is impeccable. (Impeccably dressed, at least.) This article has been indexed from Naked Security – Sophos Read the original article: Laptop denial-of-service via music: the 1980s R&B song…

Read more →

Latest episode – listen now (or read if you prefer!) This article has been indexed from Naked Security – Sophos Read the original article: S3 Ep96: Zoom 0-day, AEPIC leak, Conti reward, heathcare security [Audio + Text]

Read more →

Double 0-day exploits – one in WebKit (to break in) and the other in the kernel (to take over). Patch now! This article has been indexed from Naked Security – Sophos Read the original article: Apple patches double zero-day in…

Read more →

Don’t delay – patch today. This article has been indexed from Naked Security – Sophos Read the original article: Chrome browser gets 11 security fixes with 1 zero-day – update now!

Read more →

Wanted – Reward Offered – Five unknown individuals (plus a man with a weird hat) This article has been indexed from Naked Security – Sophos Read the original article: US offers reward “up to $10 million” for information about the…

Read more →

There’s many a slip ‘twixt the cup and the lip. Or at least between the TOC and the TOU… This article has been indexed from Naked Security – Sophos Read the original article: Zoom for Mac patches get-root bug –…

Read more →

Latest episode – listen now! (Or read the transcript if you prefer.) This article has been indexed from Naked Security – Sophos Read the original article: S3 Ep95: Slack leak, Github onslaught, and post-quantum crypto [Audio + Text]

Read more →

If you’ve ever written code that left stuff lying around in memory when you didn’t need it any more… we bet you’ve regretted it! This article has been indexed from Naked Security – Sophos Read the original article: APIC/EPIC! Intel…

Read more →

“When those invitations went out… somehow, your password hash went out with them.” This article has been indexed from Naked Security – Sophos Read the original article: Slack admits to leaking hashed passwords for five years

Read more →

Traffic lights make a handy global metaphor for denoting the sensitivity of cybersecurity threat data – three colours that everyone knows. This article has been indexed from Naked Security – Sophos Read the original article: Traffic Light Protocol for cybersecurity…

Read more →

Lastest episode – listen now! (Or read if that’s what you prefer.) This article has been indexed from Naked Security – Sophos Read the original article: S3 Ep94: This sort of crypto (graphy), and the other sort of crypto (currency!)…

Read more →

If you spew projects laced with hidden malware into an open source repository, don’t waste your time telling us “no harm done” afterwards. This article has been indexed from Naked Security – Sophos Read the original article: GitHub blighted by…

Read more →

And THIS is why you don’t knit your own home-made encryption algorithms and hope no one looks at them. This article has been indexed from Naked Security – Sophos Read the original article: Post-quantum cryptography – new algorithm “gone in…

Read more →

Transactions were only approved, it seems, if they were initiated by… errrrr, by anyone. This article has been indexed from Naked Security – Sophos Read the original article: Cryptocoin “token swapper” Nomad loses $200 million in coding blunder

Read more →

GnuTLS may well be the most widespread cryptographic toolkit you’ve never heard of. Learn more… This article has been indexed from Naked Security – Sophos Read the original article: GnuTLS patches memory mismanagement bug – update now!

Read more →

I’ve just popped in to wish you all/The best SysAdmin Day! This article has been indexed from Naked Security – Sophos Read the original article: How to celebrate SysAdmin Day!

Read more →

Latest episode – listen now! This article has been indexed from Naked Security – Sophos Read the original article: S3 Ep93: Office security, breach costs, and leisurely patches [Audio + Text]

Read more →

It’s a serious bug… but there’s a fix for it, so you know exactly what to do! This article has been indexed from Naked Security – Sophos Read the original article: Critical Samba bug could let anyone become Domain Admin…

Read more →

When it comes to cybersecurity, ask not what everyone else can do for you… This article has been indexed from Naked Security – Sophos Read the original article: 8 months on, US says Log4Shell will be around for “a decade…

Read more →

Here you go – seven thoughtful cybersecurity tips to help you travel safely… This article has been indexed from Naked Security – Sophos Read the original article: 7 cybersecurity tips for your summer vacation!

Read more →

Latest episode – listen now! Great discussion, technical content, solid advice… all covered in plain English. This article has been indexed from Naked Security – Sophos Read the original article: S3 Ep91: CodeRed, OpenSSL, Java bugs and Office macros [Podcast…

Read more →

Last time they arrived 28 minutes after lighting up their fake domain… this time it was just 21 minutes This article has been indexed from Naked Security – Sophos Read the original article: Facebook 2FA scammers return – this time…

Read more →

“We paid the crooks to keep things under control and make a bad thing better”… isn’t a valid excuse. Who knew? This article has been indexed from Naked Security – Sophos Read the original article: Paying ransomware crooks won’t reduce…

Read more →

An Office anti-malware setting that took more than 20 years to arrive… and fewer than 20 weeks to vanish again. This article has been indexed from Naked Security – Sophos Read the original article: That didn’t last! Microsoft turns off…

Read more →

It’s a bit like Log4J, but for configuration files, not for logging. This article has been indexed from Naked Security – Sophos Read the original article: Apache “Commons Configuration” patches Log4Shell-style bug – what you need to know

Read more →

It’s a bit like Log4J, but for configuration files, not for logging. This article has been indexed from Naked Security – Sophos Read the original article: Apache “Commons Configuration” toolkit patches Log4Shell-like bug

Read more →

Listen now! Or read if you prefer… This article has been indexed from Naked Security – Sophos Read the original article: S3 Ep90: Chrome 0-day again, True Cybercrime, and a 2FA bypass [Podcast + Transcript]

Read more →

“As bad as Heartbleed”? We heard that concern a week ago, but we think it’s less ungood than that… This article has been indexed from Naked Security – Sophos Read the original article: OpenSSL fixes two “one-liner” crypto bugs –…

Read more →

Running Chrome? Do the “Help-About-Update” dance move right now, just to be sure… This article has been indexed from Naked Security – Sophos Read the original article: Google patches “in-the-wild” Chrome zero-day – update now!

Read more →

Bust in Canada, now bust in the USA as well. This article has been indexed from Naked Security – Sophos Read the original article: Canadian cybercriminal pleads guilty to “NetWalker” attacks in US

Read more →

The crooks hit us up with this phishing email less than half an hour after they activated their new scam domain. This article has been indexed from Naked Security – Sophos Read the original article: Facebook 2FA phish arrives just…

Read more →

The “Missing Cryptoqueen” makes the American Top Ten… but not in a good way. This article has been indexed from Naked Security – Sophos Read the original article: “Missing Cryptoqueen” hits the FBI’s Ten Most Wanted list

Read more →

Latest episode – listen and read now! Use our advice to advise your own friends and family… let’s all do our bit to stand up to scammers! This article has been indexed from Naked Security – Sophos Read the original…

Read more →

Firefox squashes a bug that helped phishers, and brings its own helping hand to Microsoft’s “Follina” saga. This article has been indexed from Naked Security – Sophos Read the original article: Firefox 102 fixes address bar spoofing security hole (and…

Read more →

The crooks needed at least two private keys, each stored in two parts… but they got them anyway. This article has been indexed from Naked Security – Sophos Read the original article: Harmony blockchain loses nearly $100M due to hacked…

Read more →

It’s a simple jingle and it’s solid advice: “If in doubt, don’t give it out!” This article has been indexed from Naked Security – Sophos Read the original article: FTC warns of LGBTQ+ extortion scams – be aware before you…

Read more →

Fortunately, it’s not a major bugfix, which means it’s easy to patch and can teach us all some useful lessons. This article has been indexed from Naked Security – Sophos Read the original article: OpenSSL issues a bugfix for the…

Read more →

Latest epsiode – listen (or read) now! This article has been indexed from Naked Security – Sophos Read the original article: S3 Ep88: Phone scammers, hacking bust, and data breach fines [Podcast + Transcript]

Read more →

Latest epsiode – listen now! This article has been indexed from Naked Security – Sophos Read the original article: S3 Ep88: Phone scammers, hacking bust, and data breach fines [Podcast]

Read more →

It took three years, but the Capital One cracker was convicted in the end. Don’t get caught out in a data breach of your own! This article has been indexed from Naked Security – Sophos Read the original article: Capital…

Read more →

Friends don’t let friends get scammed. Not everyone knows how typical scams unfold, so here are some real-world examples… This article has been indexed from Naked Security – Sophos Read the original article: Interpol busts 2000 suspects in phone scamming…

Read more →

This article has been indexed from Naked Security – Sophos Lastest epsiode – listen now! Read the original article: S3 Ep87: Follina, AirTags, ID theft and the Law of Big Numbers [Podcast]

Read more →

This article has been indexed from Naked Security – Sophos We tried it out to make sure, so you don’t have to. Read the original article: Follina gets fixed – but it’s not listed in the Patch Tuesday patches!

Read more →

This article has been indexed from Naked Security – Sophos O! What a tangled web we weave, when first we practise to deceive. Read the original article: Murder suspect admits she tracked cheating partner with hidden AirTag

Read more →

This article has been indexed from Naked Security – Sophos Live demo, plain English, no sales pitch, just a chance to watch an attack dissected in safety. Join us if you can! Read the original article: You’re invited! Join us…

Read more →

This article has been indexed from Naked Security – Sophos Latest episode – listen (or read) now! Read the original article: S3 Ep86: The crooks were in our network for HOW long?! [Podcast + Transcript]

Read more →

This article has been indexed from Naked Security – Sophos The online identity “brokerage” SSNDOB Market didn’t want people to be in any doubt what it was selling. Read the original article: SSNDOB Market domains seized, identity theft “brokerage” shut…

Read more →

This article has been indexed from Naked Security – Sophos The online identity “brokerage” SSNDOB Market didn’t want pople to be in any doubt what it was selling. Read the original article: SSNDOB Market servers seized, identity theft “brokerage”” shut…

Read more →

This article has been indexed from Naked Security – Sophos Here’s how 144 recent attacks actually went down in real life. Don’t let this happen to you! Read the original article: Know your enemy! Learn how cybercrime adversaries get in…

Read more →

This article has been indexed from Naked Security – Sophos Zero-day announced – here’s what you need to know Read the original article: Atlassian announces 0-day hole in Confluence Server – update soon!

Read more →

This article has been indexed from Naked Security – Sophos Latest episode – listen now! Read the original article: S3 Ep85: Now THAT’S what I call a Microsoft Office exploit! [Podcast]

Read more →

This article has been indexed from Naked Security – Sophos More trouble with special-purpose URLs on Windows. Read the original article: Yet another zero-day (sort of) in Windows “search URL” handling

Read more →

This article has been indexed from Naked Security – Sophos After an intriguing month of Firefox releases, here’s one with a bit less drama, probably to the collective relief of Mozilla’s coders. Read the original article: Firefox 101 is out,…

Read more →

This article has been indexed from Naked Security – Sophos News has emerged of a “feature” in Office that has been abused as a zero-day bug to run evil code. Turning off macros doesn’t help! Read the original article: Mysterious…

Read more →

This article has been indexed from Naked Security – Sophos News has emerged of a “feature” in Office that has been abused as a zero-day bug to run evil code. Turning off macros doesn’t help! Read the original article: Mysterious…

Read more →

This article has been indexed from Naked Security – Sophos Home delivery scams are getting leaner, and meaner, and more likely to “look about right”. Here’s an example to show you what we mean… Read the original article: Beware the…

Read more →

This article has been indexed from Naked Security – Sophos Latest episode – listen now! Read the original article: S3 Ep84: Government demand, Mozilla velocity, and Clearview fine [Podcast]

Read more →

This article has been indexed from Naked Security – Sophos When you really need to make exceptions in cybersecurity, specify them as explicitly as you can. Read the original article: Who’s watching your webcam? The Screencastify Chrome extension story…

Read more →

This article has been indexed from Naked Security – Sophos More supply chain trouble – this time with clear examples so you can learn how to spot this stuff yourself. Read the original article: Poisoned Python and PHP packages purloin…

Read more →

This article has been indexed from Naked Security – Sophos The fine has finally gone through… but it’s less than 45% of what was originally proposed. Read the original article: Clearview AI face-matching service fined a lot less than expected

Read more →

This article has been indexed from Naked Security – Sophos That was quick! 48 hours from exploit report to published patch. Read the original article: Mozilla patches Wednesday’s Pwn2Own double-exploit… on Friday!

Read more →

This article has been indexed from Naked Security – Sophos Remember the good old days when security patches rarely needed patches? Because security patches themlelves were rare enough anyway? Read the original article: Microsoft patches the Patch Tuesday patch that…

Read more →

This article has been indexed from Naked Security – Sophos Find and patch. Right now. If you can’t patch, get it off the network. Right now! Oh, and show us what you did to comply. Read the original article: US…

Read more →

This article has been indexed from Naked Security – Sophos Latest episode – listen now! Read the original article: S3 Ep83: Cracking passwords, patching Firefox, and Apple vulns [Podcast]

Read more →

This article has been indexed from Naked Security – Sophos What’s better? Disclose early, patch fast? Or dig deep, disclose in full, patch more slowly? Read the original article: Pwn2Own hacking schedule released – Windows and Linux are top targets

Read more →

This article has been indexed from Naked Security – Sophos You’ll find fixes for numerous kernel-level code execution holes, including an 0-day vulnerability in many (though not all) versions. Read the original article: Apple patches zero-day kernel hole and much…

Read more →

This article has been indexed from Naked Security – Sophos A new point-release of Firefox. Not unusual, but the timing of this one is interesting, with Pwn2Own coming up in a few days. Read the original article: Firefox out-of-band update…

Read more →

This article has been indexed from Naked Security – Sophos Crooks don’t need a password for every user on your network to break in and wreak havoc. One could be enough… Read the original article: He sold cracked passwords for…

Read more →

This article has been indexed from Naked Security – Sophos Crooks don’t need a password for every user on your network to break in and wreak havoc. One could be enough… Read the original article: He cracked passwords for a…

Read more →

This article has been indexed from Naked Security – Sophos Latest episode – lots to learn – plain English – fun with a serious side – listen now! Read the original article: S3 Ep82: Bugs, bugs, bugs (and Colonial Pipeline…

Read more →

This article has been indexed from Naked Security – Sophos Learn how to write plain-speaking and purposeful security advisories from one of the most widely-used open source tools in the world. Read the original article: Serious Security: Learning from curl’s…

Read more →

This article has been indexed from Naked Security – Sophos How good is your cybersecurity? Are you making the same mistakes as lots of other people? Here’s some real-life advice… Read the original article: Colonial Pipeline facing $1,000,000 fine for…

Read more →

This article has been indexed from Naked Security – Sophos Imagine if you could assume the identity of, say, Franklin Delano Roosevelt simply by showing up and calling yourself “Frank”. Read the original article: RubyGems supply chain rip-and-replace bug fixed…

Read more →

This article has been indexed from Naked Security – Sophos What weird Google Docs bug connects the words THEREFORE, AND, SECONDLY, WHY, BUT and BESIDES? Read the original article: You didn’t leave enough space between ROSE and AND, and AND…

Read more →

This article has been indexed from Naked Security – Sophos Latest episode – listen now! Read the original article: S3 Ep81: Passwords (still with us!), Github, Firefox at 100, and network worms [Podcast]

Read more →

This article has been indexed from Naked Security – Sophos Yes, passwords are going away. No, it won’t happen tomorrow. So it’s still worth knowing the basics of picking proper passwords. Read the original article: World Password Day – the…

Read more →

This article has been indexed from Naked Security – Sophos Android May 2022 updates are out – with some critical fixes in some critical places. Learn more… Read the original article: Android monthly updates are out – critical bugs found…

Read more →