How do you go from neuroscientist to DEFCON Social Engineering Capture the Flag champ? Find out from hacker and social engineering expert Rachel Tobac. Join us for a fascinating interview with Rachel about her journey, why you should always be “politely paranoid”, and the people who inspired her along the way. With Kimberly Truong and special guest Rachel Tobac ( @RachelTobac on Twitter), hacker and CEO of SocialProof Security. Book mentioned by Rachel: The 6 principles of persuasion by Robert C...
Dec 24, 2020•28 min•Season 3Ep. 12
We look at phishing tricks that really work, investigate a bizarre scam involving Subway sandwiches, and ask whether cybercriminals have lost their interest in the rest of us now they have coronavirus-related targets to go after. With Kimberly Truong, Doug Aamoth and Paul Ducklin. https://nakedsecurity.sophos.com/phishing-tricks-that-really-work https://nakedsecurity.sophos.com/subway-sandwich-scam-mystifies https://nakedsecurity.sophos.com/was-there-a-covid-19-vaccine-hack Original music by Edi...
Dec 17, 2020•45 min•Season 3Ep. 11
Naked Security's Paul Ducklin interviews Sophos expert John Shier about his recently published paper, "20 years of cyberthreats that shaped information security." Join John on a dizzying journey all the way from legendary viruses such as ILOVEYOU and Code Red, which flooded the internet in 2000, to present-day ransomware gangs like Ryuk and REvil, who are extorting millions of dollars in blackmail money per attack. https://news.sophos.com/20-years-of-cyberthreats Original music by Edith Mudge Go...
Dec 14, 2020•21 min•Season 3Ep. 10
We dig into research that figured out a way to steal data from iPhones wirelessly, we tell the fascinating story of how environmentalist divers in Germany came across an old Enigma cipher machine at the bottom of the Baltic sea, and we give you advice on how to talk to phone scammers. With Kimberly Truong, Doug Aamoth and Paul Ducklin. https://nakedsecurity.sophos.com/how-to-steal-photos-off-someones-iphone https://nakedsecurity.sophos.com/german-divers-find-enigma-crypto-machine https://nakedse...
Dec 10, 2020•47 min•Season 3Ep. 10
We look at a network intrusion where the crooks tried to take over dozens of different online accounts from every user, we discuss the potential dangers of digital doorbells, and we give you some handy hints for improving your wireless security at home. With Kimberly Truong, Doug Aamoth and Paul Ducklin. https://nakedsecurity.sophos.com/gift-card-hack-exposed-you-pay-they-play https://nakedsecurity.sophos.com/bzzzzzzt-how-safe-is-that-keenly-priced-digital-doorbell https://nakedsecurity.sophos.c...
Dec 03, 2020•49 min•Season 3Ep. 9
How do you go from pentester to creator of Microsoft’s bug bounty program? Find out from hacker and vulnerability disclosure pioneer, Katie Moussouris. Join us for a fascinating interview with Katie about her journey, the bugs in bug bounty programs, and the people who inspired her along the way. With Kimberly Truong and special guest Katie Moussouris ( @k8em0 on Twitter), Founder and CEO of Luta Security . Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@soph...
Nov 25, 2020•45 min•Season 3Ep. 8
In this episode: we say thanks to companies that refuse to pay ransomware hush money, dig into the new Sophos 2021 Threat Report, and take a quick look inside a malicious Linux kernel driver. Also, a sneak preview of our upcoming podcast interview with bug bounty pioneer Katie Moussouris. With Kimberly Truong, Doug Aamoth and Paul Ducklin *** Cult videogame company Capcom pays a big round $0.00 to ransomware crooks https://nakedsecurity.sophos.com/cult-videogame-company-capcom-pays-a-big-round-0...
Nov 19, 2020•43 min•Season 3Ep. 7
In this episode: When payments go astray, why "just in case" cybersecurity warnings do more harm than good, how to shop safely on Black Friday and beyond, and (oh no!) what to do when all your emails disappear. With Kimberly Truong, Doug Aamoth and Paul Ducklin *** To register for the Sophos Evolve event: https://sophos.com/evolve Smishing attack tells you “mobile payment problem” – don’t fall for it https://nakedsecurity.sophos.com/smishing-attack-tells-you-mobile-payment-problem “Instant bank ...
Nov 12, 2020•48 min•Season 3Ep. 6
In this episode: a zero-day bug in Chrome for Android, the imminent death of Adobe Flash, the evolution of "malware-as-a-service", and the malware risks from image search. Also (oh! no!), why you should take care before you pair. With Kimberly Truong, Doug Aamoth and Paul Ducklin https://nakedsecurity.sophos.com/another-chrome-zero-day-this-time-on-android https://nakedsecurity.sophos.com/adobe-flash-its-the-end-of-the-end-of-the-end https://nakedsecurity.sophos.com/buer-loader-malware-as-a-serv...
Nov 05, 2020•40 min•Season 3Ep. 5
On Wednesday, the FBI, CISA and HHS released an unprecedented warning against "an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers." In this quick mini-sode, Chester Wisniewski (Principal Research Scientist at Sophos) discusses what the threat is, what this advisory means, and why this warning is a warning for everyone. With Kimberly Truong and special guest, Chester Wisniewski @chetwisniewski RESOURCES: Read the article from Naked Security https://nakedsecurit...
Oct 30, 2020•14 min•Season 3Ep. 4
This week: Facebook scammers trick you with fake copyright notices, voice scammers automate their attacks on the vulnerable, how to tune up your mobile privacy, and (oh! no!) the best/worst IT helpdesk call ever. With Kimberly Truong, Doug Aamoth and Paul Ducklin *** Facebook “copyright violation” tries to get past 2FA – don’t fall for it https://nakedsecurity.sophos.com/facebook-copyright-violation-tries-to-get-past-2fa Phone scamming – friends don’t let friends get vished https://nakedsecurity...
Oct 30, 2020•46 min•Season 3Ep. 4
This week: the DOJ's attempt to reignite the Battle to Break Encryption; the story of the Russian hackers behind the Sandworm Team; a zero-day bug just patched in Chrome; and (oh no!) why your vocabulary needs the word "restore" even more than it needs "backup". With Kimberly Truong, Doug Aamoth and Paul Ducklin *** US Department of Justice reignites the Battle to Break Encryption https://nakedsecurity.sophos.com/us-department-of-justice-reignites Russian “government hackers” charged with cyberc...
Oct 22, 2020•37 min•Season 3Ep. 3
In this episode: we investigate a smartwatch for kids with a creepy set of functions, discuss Microsoft's short-lived takedown of Trickbot, explain how to avoid the Windows "Ping of Death" bug, and (oh no!) find the source of mysterious beeping from every computer in the office. With Kimberly Truong, Doug Aamoth and Paul Ducklin *** Creepy covert camera “feature” found in popular smartwatch for kids https://nakedsecurity.sophos.com/creepy-covert-camera-feature-found Microsoft on the counteratta...
Oct 15, 2020•39 min•Season 3Ep. 2
Join us for the first episode in our brand new Series 3! This week we wonder whether Cybersecurity Awareness Month is a waste of time, explain the concept of "linkless phishing", ask if it's ever OK to pay a ransomware demand, and advise what to do when the CEO won't stop looking at naughty sites. With Paul Ducklin, Kimberly Truong and Doug Aamoth Tips for National Cybersecurity Awareness Month https://nakedsecurity.sophos.com/if-you-connect-it-protect-it Phishing without links https://nakedsecu...
Oct 09, 2020•43 min•Season 3Ep. 1
Get ready. A brand new season arrives Thursday, October 8th.
Oct 05, 2020•52 sec
END OF SERIES SPECIAL: This week Mark shares why Pablo Escobar’s brother is suing Apple for $2.6b, Greg talks about a malicious ‘Octopus Scanner’ targeting developers on Github and Duck discusses the “Sign in with Apple” account takeover flaw. Host Anna Brading is joined by Sophos experts Paul Ducklin, Mark Stockley and Greg Iddon. Related articles: Github uncovers malicious ‘Octopus Scanner’ targeting developers https://nakedsecurity.sophos.com/2020/06/01/github-uncovers-malicious-scanner-targe...
Jun 05, 2020•46 min•Season 2Ep. 42
This week Peter shares how Ragnar Locker ransomware deploys a virtual machine to dodge security, Mark discusses the latest in the Apple v FBI saga and Duck talks "MagicPairing." Producer Alice Duckett is joined by Sophos experts Mark Stockley, Paul Ducklin and Peter Mackenzie. Listen now! Related articles: Signal secure messaging can now identify you without a phone number https://nakedsecurity.sophos.com/2020/05/22/signal-secure-messaging-can-now-identify-you-without-a-phone-number/ Apple and G...
May 27, 2020•51 min•Season 2Ep. 41
This week we discuss a customer who went to Subway for a sandwich and left with a stalker, demon printers and the things you should patch now. Producer Alice Duckett is joined by Sophos experts Mark Stockley, Paul Ducklin and Greg Iddon. Related articles: Beware the DHL delivery message email – it could be a package scam https://nakedsecurity.sophos.com/2020/05/13/beware-the-dhl-delivery-message-email-it-could-be-a-package-scam/ Microsoft joins encrypted DNS club with Windows 10 option https://n...
May 20, 2020•53 min•Season 2Ep. 40
In this episode Mark discusses government encryption, Duck tells us why turning your computer off is a cool idea and Greg regales us with his reply all woes. Host Anna Brading is joined by Sophos experts Mark Stockley, Paul Ducklin, Greg Iddon and Producer Alice Duckett. Related articles: Clearview AI won’t sell vast faceprint collection to private companies https://nakedsecurity.sophos.com/2020/05/11/clearview-ai-wont-sell-vast-faceprint-collection-to-private-companies/ Celebrity personal data ...
May 13, 2020•52 min•Season 2Ep. 39
In this episode Duck discusses the iPhone "word of death", Peter shares a shocking ransomware story and Alice talks about a chatbot that shows empathy. Or so it says. Host Anna Brading is joined by Naked Security regular Paul Ducklin, Threat Response expert Peter Mackenzie and Producer Alice Duckett. Related articles: https://nakedsecurity.sophos.com/godaddy-unauthorized-individual-had-access-to-login-info https://nakedsecurity.sophos.com/adult-live-streaming-site-cam4-leaks-millions-of-emails-p...
May 06, 2020•48 min
This week we talk ransomware apologies, whether companies should be pushing 2FA and good vibrations, kind of... We're proud to be nominated for Best Cybersecurity Podcast in the European Cybersecurity Blogger Awards. If you enjoy our show, please vote for us: https://docs.google.com/forms/d/e/1FAIpQLSe8AkYMfAAwJ4JZzYRm8GfsJCDON8q83C9_wu5u10sNAt_CcA/viewform?fbzx=1378805297375984251 Host Anna Brading is joined by Sophos experts Mark Stockley, Paul Ducklin and Producer Alice Duckett. Listen now! F...
Apr 30, 2020•40 min
This week we discuss 49 rogue Chrome extensions, Signal fears over the EARN IT Act and how Darth Vader sent someone viral for all the wrong reasons. Host Anna Brading is joined by Sophos experts Paul Ducklin, Mark Stockley and Producer Alice Duckett. Listen now! First three stories: https://nakedsecurity.sophos.com/critical-bug-in-google-chrome-get-your-update-now https://nakedsecurity.sophos.com/new-sextortion-scam-high-level-of-risk-your-account-has-been-hacked https://nakedsecurity.sophos.com...
Apr 22, 2020•43 min
This week we discuss a TikTok flaw, why sextortion scammers are rearing their heads again and whether single sign-on is better than having loads of different passwords. Host Anna Brading is joined by Sophos experts Mark Stockey, Paul Ducklin and Producer Alice Duckett. Listen now! Related articles: https://nakedsecurity.sophos.com/tiktok-users-beware-hackers-could-swap-your-videos-with-their-own https://nakedsecurity.sophos.com/sextortion-emails-and-porn-scams-are-back-dont-let-them-scare-you Fi...
Apr 15, 2020•44 min
This week we discuss the hackers' forum that got hacked (lol), how the coronavirus pandemic has deferred a security update, and why jumping to conclusions is always a bad idea. Oh, and we came across plans for a toilet that identifies you by scanning your, errrm... you'll have to listen to find out. Listen now! Related stories: https://nakedsecurity.sophos.com/hackers-forum-hacked-ogusers-database-dumped-again https://nakedsecurity.sophos.com/covid-19-forces-browser-makers-to-continue-supporting...
Apr 08, 2020•50 min
This week we bring you the podcast from our makeshift home studios (pillow forts). We discuss Dharma ransomware, the tour guide who turned out to be a Chinese spy, and why thousands of dark web sites have disappeared. Host Anna Brading is joined by Sophos experts Mark Stockley, Greg Iddon, Peter Mackenzie and Producer Alice Duckett. Listen now! Related articles: https://nakedsecurity.sophos.com/dharma-ransomware-source-code-on-sale-for-2000 https://nakedsecurity.sophos.com/tour-guide-chinese-spy...
Apr 01, 2020•53 min
In this episode, Greg looks at why the WhatsApp Martinelli hoax has come back in a big way, Duck decompiles some coronavirus-themed Android malware, and Anna tells you what ZoomBombing is and why you really, really need to get the security settings right on your Zoom meetings. Join host Anna Brading with Sophos experts Paul Ducklin and Greg Iddon. Listen now! Related articles: https://nakedsecurity.sophos.com/whatsapp-martinelli-hoax-is-back-warning-about-dance-of-the-pope https://nakedsecurity....
Mar 25, 2020•36 min
This week, Duck advises how to keep your company safe while working remotely, Peter discusses a malwareless ransomware attack, and Mark shares the latest in the EARN IT saga. Host Anna Brading is joined by Sophos experts Paul Ducklin, Peter Mackenzie and Mark Stockley. Listen now! Links for you: https://nakedsecurity.sophos.com/earn-it-act-threatens-end-to-end-encryption https://nakedsecurity.sophos.com/5-tips-for-working-safely-from-home
Mar 19, 2020•48 min
This week we talk about why Let's Encrypt might have to celebrate its billionth certificate twice, wonder if James Bond could hack Siri with ultrasound and make backups surprisingly interesting. Host Mark Stockley is joined by Sophos experts Greg 'Fido' Iddon and Peter Mackenzie. Related articles: Let's Encrypt: https://nakedsecurity.sophos.com/2020/03/02/lets-encrypt-issues-one-billionth-free-certificate/ https://nakedsecurity.sophos.com/2020/03/04/why-3-million-lets-encrypt-certificates-are-be...
Mar 11, 2020•46 min
To celebrate International Women's Day we invite you to this all-female splinter episode. We discuss privacy, biometrics, machine learning, social media, getting into cybersecurity and of course, what it's like to be a woman in tech. Host Anna Brading is joined by Sophos experts Hillary Sanders, Michelle Farenci and Alice Duckett. Listen now! You can get Hillary's book here: https://www.amazon.com/Malware-Data-Science-Detection-Attribution/dp/1593278594 Malware Data Science: Attack Detection and...
Mar 07, 2020•50 min
This week we discuss the latest in the Clearview AI debacle, get more tales from the ransomware swamp and discover how often our smart speakers are listening to us. Host Anna Brading is joined by Sophos experts Alice Duckett, Paul Ducklin and Peter Mackenzie. Related articles: Facial recognition and Clearview: https://nakedsecurity.sophos.com/clearview-ai-loses-entire-database-of-faceprint-buying-clients-to-hackers https://nakedsecurity.sophos.com/facebook-google-youtube-order-clearview-to-stop-...
Mar 04, 2020•44 min
