Ukrainian cops bring out the BFG (Big Fearsome Grinder) and cut open some doors. A repeated request for destructive Linux code enters its 15th year. Peloton exercise bicycles found to be rootable . With Kimberly Truong, Doug Aamoth and Paul Ducklin. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity...
Will quantum cryptography mean the end of encryption? How was the FBI able to get bitcoins back in the Colonial Pipeline ransomware case? What is the ALPACA attack , and does it make your browsing less secure? With Kimberly Truong, Doug Aamoth and Paul Ducklin. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity...
Alleged malware coder from the Trickbot gang arrested. 5500 passwords cracked and salaries stolen by "credential stuffing" crook. And we answer a listener's question about just how tough to be when judging a company that's had a breach. With Kimberly Truong, Doug Aamoth and Paul Ducklin. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity...
The fascinating tale of a bug that's baked into Apple's latest chip. Why the Aussie data breach warning site HIBP is partnering with the FBI . And a coronavirus tracking toolkit that fell foul of privacy rules. With Kimberly Truong, Doug Aamoth and Paul Ducklin. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity...
Apple patches a raft of serious security holes . Police arrest eight suspects in an online scamming ring. We explain how WhatsApp messages from hacked accounts are helping cybercrooks bypass 2FA. With Kimberly Truong, Doug Aamoth and Paul Ducklin. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity...
We look into an unnerving case of mixed-up video feeds. We warn you against "going rogue" when you can't get the download you want from the regular place. We explain how Apple's new AirTag product got hacked (again). With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity...
Apple's brand new AirTag product got hacked already. Things you can learn from Colonial Pipeline's ransomware misfortune . Why Dell patched a bunch of driver bugs going back more than a decade. And the "Is it you in the video?" scam just keeps on coming back . Additional links you will find useful: https://news.sophos.com/en-us/using-sophos-edr-to-identify-endpoints-impacted-by-dell https://nakedsecurity.sophos.com/ransomware-dont-expect-a-full-recovery https://www.sophos.com/ransomware With Kim...
We look into Apple's recent emergency updates that closed off four in-the-wild browser bugs. We explain how the infamous "Flubot" home delivery scam works and how to stop it . We investigate a recent security bug that threatened the PHP ecosystem . With Kimberly Truong, Doug Aamoth and Paul Ducklin. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity...
We investigate whether AirDrop is really as dangerous as researchers claimed. We discuss the pestiferous problem of fake Linux bugs submitted as an academic exercise. We review the latest Sophos Ransomware Report and uncover uncomfortable truths about paying up. With Kimberly Truong, Doug Aamoth and Paul Ducklin. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity...
How Firefox showed the hand to a widely abused online tracking trick. Why reading from one part of your computer's memory can paradoxically (and sneakily) let you write to another part . And yet more IoT bugs, this time a whole slew of them that go by the moniker "name:wreck". With Kimberly Truong, Doug Aamoth and Paul Ducklin. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity...
Sophos cybersecurity expert Chester Wisniewski provides excellent, topical and timely commentary on the FBI’s recent use of a malware-like method to forcibly clean up hundreds of servers still infected in the Hafnium aftermath . With Paul Ducklin and Chester Wisniewski Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity...
We look at the big-money hacks from the 2021 Pwn2Own competition. We investigate the difficulties of hiring an assassin via the dark web. We wrestle with some of the privacy issues relating to COVID-19 infection tracking apps . With Kimberly Truong, Doug Aamoth and Paul Ducklin. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity...
How scammers copied a government website almost to perfection . What to do about those fake "bug" hunters who ask for payment for finding "vulnerabilities" that aren't . Why the Dutch data protection authority fined Booking.com for not sending in a data breach disclosure fast enough . Useful podcasts and videos mentioned in this episode: https://nakedsecurity.sophos.com/s3-ep12-a-chat-with-social-engineering-hacker-rachel-tobac https://nakedsecurity.sophos.com/s3-ep8-a-conversation-with-katie-mo...
Why Apple had to rush out a security update for iDevices. Two cryptographic security holes patched in OpenSSL. How PHP nearly got backdoored by crooks. With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity...
How a social engineer ripped off a victim lured in by one of those "small outstanding fee to pay" home delivery scams. The ransomware crooks targeting networks that still haven’t done their Hafnium patches. And the Linux kernel security holes that lay there undiscovered for 15 years. Related articles that we refer to in the show: https://nakedsecurity.sophos.com/beware-the-dhl-delivery-message https://nakedsecurity.sophos.com/watch-out-scummy-scammers https://nakedsecurity.sophos.com/s3-ep12-a-c...
We discuss an iPhone app that allowed anyone to snoop on anyone's calls - but not in the way you might expect. We investigate a data breach where 150,000 surveillance cameras protecting hundreds or thousands of customers were apparently "secured" by a single password ... that got leaked onto the internet. And we urge you as keenly as we can: " Don't spread hoaxes , folkses." With Kimberly Truong, Doug Aamoth and Paul Ducklin. Original music by Edith Mudge Got questions/suggestions/stories to sha...
John Noble was Director of Incident Management at the UK's National Cyber Security Centre (NCSC) until his retirement in 2018. During his 40 years of Government service, John specialised in operational delivery and strategic business change. For his work in creating effective partnerships in the run up to the London Olympics, he was made a Commander of the British Empire (CBE) in 2012. John helped to establish the NCSC and led the response to nearly 800 significant cyberincidents. This work has ...
Getting to grips with the HAFNIUM gang/vulnerabilities/exploits/webshells/attacks. Why it's important to think before you share those home-based selfies. What you need to know about social engineering. How (not!) to prove a point when you're a programmer. With Kimberly Truong and Paul Ducklin Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity...
How to stop security-conscious apps from allowing unencrypted data to escape , and how scammers put social network users under pressure in order to steal their passwords . With Doug Aamoth and Paul Ducklin Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity...
The graphics card that wants you to stick to playing games , the man that didn't weigh 100 tons after all, and the marketing gang that used a browser bug to bombard iPhone users with scammy online surveys. With Kimberly Truong, Doug Aamoth and Paul Ducklin Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity...
How a bug hunter snuck into the internal networks of 35 megacorporations . Why romance scams are going stronger than ever (and how to avoid them). What to do about those tempting but treacherous "tax refund" messages . And a listener tells us how he got a bit carried away while he was gardening... With Kimberly Truong, Doug Aamoth and Paul Ducklin Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity...
In this special mini-episode, Paul Ducklin talks to Sophos cybersecurity expert Chester Wisniewski about bug bounty hunting. How does bug bounty hunting work? What should you do if you get a bug report that doesn't follow established protocol? Chester tells you how to deal with so-called "beg bounties", where self-styled "experts" beg you for money or even threaten you with ill-defined "problems" they claim to have found. https://news.sophos.com/en-us/have-a-domain-name-beg-bounty-hunters-may-be...
We delve into Google's tight-lipped Chrome bugfix , explain how a Belgian researcher awarded himself 111,848 cups of coffee , and discuss the audacious but thankfully temporary theft of the Perl.com domain. With Kimberly Truong, Doug Aamoth and Paul Ducklin Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity...
Apple pushed out an iOS update in a hurry to shut down a serious 0-day bug . The GnuPG team scrambled to fix an ironic vulnerability that could be exploited during the very process of checking if the data you just received could be trusted. And Europol reported on a successful takedown operation against the notorious Emotet malware . With Kimberly Truong, Doug Aamoth and Paul Ducklin Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSec...
What's the connection between coronavirus facemasks and fingerprint biometrics ? Who would have expected funky job ads on the White House website? And what would you do if you ran into a deceased former colleague on your network? With Kimberly Truong, Doug Aamoth and Paul Ducklin Original music by Edith Mudge *** Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity...
Anonymous and private, yet busted! We explain how darkweb sites sometimes keep your secrets ... and sometimes don't. We help you improve your cybersecurity at home . And we tell you the tale of a company with the coolest name but allegedly with the creepiest habits coded into its browser extensions. With Kimberly Truong, Doug Aamoth and Paul Ducklin Original music by Edith Mudge *** Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity...
Thanks to coronavirus lockdown rules in the UK, and the temporary closure of all schools, Sally Adam suddenly found herself responsible for cybersecurity where it mattered more than ever: on a home network that jointly served for home, work and school. Paul Ducklin talks to Sally about how she did it, and how to keep your own family’s digital life safe. https://nakedsecurity.sophos.com/home-schooling-how-to-stay-secure https://nakedsecurity.sophos.com/home-wi-fi-security-tips Original music by E...
We explain how two French researchers hacked a Google Titan security key (but why you don't need to panic), and dig into the Mimecast certificate compromise story to see what we can all learn from it. With Kimberly Truong, Doug Aamoth and Paul Ducklin Original music by Edith Mudge *** Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity...
We advise you how to react when a friend suddenly asks for money, explain why Chromium is finally aiming for HTTPS by default , and warn you why you should never, ever hardcode passwords into your software. With Kimberly Truong, Doug Aamoth and Paul Ducklin. Original music by Edith Mudge *** Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity...
How did the movie "Hackers" inspire a girl to grow up to become a hacker herself? Find out from security analyst, friendly hacker and TED Talk speaker Keren Elazari. Hear about Keren’s incredible journey, why hackers should be welcomed with open arms, and the inspiration that guided her career. With Kimberly Truong and special guest Keren Elazari ( @k3r3n3 on Twitter), cybersecurity analyst and researcher. Original music by Edith Mudge *** Got questions/suggestions/stories to share? Email tips@s...
