Slándáil Research:
Feeds
Feeds
Search
Search Engine
Feed: Sophos: Naked Security
Link
Update on Naked Security
Mom’s Meals issues “Notice of Data Event”: What to know and what to do
S3 Ep149: How many cryptographers does it take to change a light bulb?
Using WinRAR? Be sure to patch against these code execution bugs…
Smart light bulbs could give away your password secrets
“Snakes in airplane mode” – what if your phone says it’s offline but isn’t?
S3 Ep148: Remembering crypto heroes
FBI warns about scams that lure you in as a mobile beta-tester
“Grab hold and give it a wiggle” – ATM card skimming is still a thing
Crimeware server used by NetWalker ransomware seized and shut down
S3 Ep147: What if you type in your password during a meeting?
Microsoft Patch Tuesday: 74 CVEs plus 2 “Exploit Detected” advisories
Serious Security: Why learning to touch-type could protect you from audio snooping
“Crocodile of Wall Street” and her husband plead guilty to giant-sized cryptocrimes
S3 Ep146: Tell us about that breach! (If you want to.)
Performance and security clash yet again in “Collide+Power” attack
Firefox fixes a flurry of flaws in the first of two releases this month
SEC demands four-day disclosure limit for cybersecurity breaches
S3 Ep145: Bugs With Impressive Names!
Zenbleed: How the quest for CPU performance could put your passwords at risk
Apple ships that recent “Rapid Response” spyware patch to everyone, fixes a second zero-day
Hacking police radios: 30-year-old crypto flaws in the spotlight
S3 Ep144: When threat hunting goes down a rabbit hole
Google Virus Total leaks list of spooky email addresses
Microsoft hit by Storm season – a tale of two semi-zero days
Zimbra Collaboration Suite warning: Patch this 0-day right now (by hand)!
S3 Ep143: Supercookie surveillance shenanigans
Microsoft patches four zero-days, finally takes action against crimeware kernel drivers
Apple silently pulls its latest zero-day update – what now?
Urgent! Apple fixes critical zero-day hole in iPhones, iPads and Macs
Serious Security: Rowhammer returns to gaslight your computer
S3 Ep142: Putting the X in X-Ops
Firefox 115 is out, says farewell to users of older Windows and Mac versions
Firefox 115 is out, says farewell to older Windows and Mac users
Ghostscript bug could allow rogue documents to run system commands
WordPress plugin lets users become admins – Patch early, patch often!
S3 Ep141: What was Steve Jobs’s first job?
Interested in $10,000,000? Ready to turn in the Clop ransomware crew?
UK hacker busted in Spain gets 5 years over Twitter hack and more
Aussie PM says, “Shut down your phone every 24 hours for 5 mins” – but that’s not enough on its own
S3 Ep140: So you think you know ransomware?
Apple patch fixes zero-day kernel hole reported by Kaspersky – update now!
Beware bad passwords as attackers co-opt Linux servers into cybercrime
“The Ransomware Documentary” – brand new video series from Sophos starting now!
ASUS warns router customers: Patch now, or block all inbound requests
Megaupload duo will go to prison at last, but Kim Dotcom fights on…
MOVEit mayhem 3: “Disable HTTP and HTTPS traffic immediately”
S3 Ep139: Are password rules like running through rain?
Patch Tuesday fixes 4 critical RCE bugs, and a bunch of Office holes
Gozi banking malware “IT chief” finally jailed after more than 10 years
History revisited: US DOJ unseals Mt. Gox cybercrime charges
More MOVEit mitigations: new patches published for further protection
Thoughts on scheduled password changes (don’t call them rotations!)
S3 Ep138: I like to MOVEit, MOVEit
Firefox 114 is out: No 0-days, but one fascinating “teachable moment” bug
Chrome and Edge zero-day: “This exploit is in the wild”, so check your versions now
Chrome zero-day: “This exploit is in the wild”, so check your version now
MOVEit zero-day exploit used by data breach gangs: The how, the why, and what to do…
Researchers claim Windows “backdoor” affects hundreds of Gigabyte motherboards
S3 Ep137: 16th century crypto skullduggery
Serious Security: That KeePass “master password crack”, and what we can learn from it
Serious Security: Verification is vital – examining an OAUTH login bug
S3 Ep136: Navigating a manic malware maelstrom
Ransomware tales: The MitM attack that really had a Man in the Middle
PyPI open-source code repository deals with manic malware maelstrom
Phone scamming kingpin gets 13 years for running “iSpoof” service
Apple’s secret is out: 3 zero-days fixed, so be sure to patch now!
S3 Ep135: Sysadmin by day, extortionist by night
US offers $10m bounty for Russian ransomware suspect outed in indictment
Belkin Wemo Smart Plug V2 – the buffer overflow that won’t be patched
Zut alors! Raclage crapuleux! Clearview AI in 20% more trouble in France
Whodunnit? Cybercrook gets 6 years for ransoming his own employer
S3 Ep134: It’s a PRIVATE key – the hint is in the name!
Bootkit zero-day fix – is this Microsoft’s most cautious patch ever?
Low-level motherboard security keys leaked in MSI breach, claim researchers
PHP Packagist supply chain poisoned by hacker “looking for a job”
S3 Ep133: Apple takes “tight-lipped” to a whole new level
World Password Day: 2 + 2 = 4
Tracked by hidden tags? Apple and Google unite to propose safety and security standards…
Apple delivers first-ever Rapid Security Response “cyberattack” patch – leaves some users confused
Mac malware-for-hire steals passwords and cryptocoins, sends “crime logs” via Telegram
Google wins court order to force ISPs to filter botnet traffic
S3 Ep132: Proof-of-concept lets anyone hack at will
Google leaking 2FA secrets – researchers advise against new “account sync” feature for now
PaperCut security vulnerabilities under active attack – vendor urges customers to patch
Double zero-day in Chrome and Edge – check your versions now!
VMware patches break-and-enter hole in logging tools: update now!
S3 Ep131: Can you really have fun with FORTRAN?
Ex-CEO of breached pyschotherapy clinic gets prison sentence for bad data security
FBI and FCC warn about “Juicejacking” – but just how useful is their advice?
S3 Ep130: Open the garage bay doors, HAL [Audio + Text]
Patch Tuesday: Microsoft fixes a zero-day, and two curious bugs that take the Secure out of Secure Boot
Microsoft fixes a zero-day – and two curious bugs that take the Secure out of Secure Boot
Attention gamers! Motherboard maker MSI admits to breach, issues “rogue firmware” alert
Apple zero-day spyware patches extended to cover older Macs, iPhones and iPads
Popular server-side JavaScript security sandbox “vm2” patches remote execution hole
Apple issues emergency patches for spyware-style 0-day exploits – update now!
S3 Ep129: When spyware arrives from someone you trust
Hack and enter! The “secure” garage doors that anyone can open from anywhere – what you need to know
US government warning! What if anyone could open your garage door?
Einstein tilings – the amazing “Hat” shape that never repeats!
Researchers claim they can bypass Wi-Fi encryption (briefly, at least)
World Backup Day is here again – 5 tips to keep your precious data safe
Supply chain blunder puts 3CX telephone app users at risk
S3 Ep128: So you want to be a cybercriminal? [Audio + Text]
S3 Ep128: So you want to be a cybercriminal? [Audio + Text]
Cops use fake DDoS services to take aim at wannabe cybercriminals
Apple patches everything, including a zero-day fix for iOS 15 users
Microsoft assigns CVE to Snipping Tool bug, pushes patch to Store
In Memoriam – Gordon Moore, who put the more in “Moore’s Law”
WooCommerce Payments plugin for WordPress has an admin-level hole – patch now!
S3 Ep127: When you chop someone out of a photo, but there they are anyway…
Windows 11 also vulnerable to “aCropalypse” image data leakage
Google Pixel phones had a serious data leakage bug – here’s what to do!
Bitcoin ATM customers hacked by video upload that was actually an app
Dangerous Android phone 0-day bugs revealed – patch or work around them now!
S3 Ep 126: The price of fast fashion (and feature creep) [Audio + Text]
Microsoft fixes two 0-days on Patch Tuesday – update now!
Firefox 111 patches 11 holes, but not 1 zero-day among them…
Linux gets double-quick double-update to fix kernel Oops!
SHEIN shopping app goes rogue, grabs price and URL data from your clipboard
S3 Ep125: When security hardware has security holes [Audio + Text]
Serious Security: TPM 2.0 vulns – is your super-secure data at risk?
DoppelPaymer ransomware supsects arrested in Germany and Ukraine
Feds warn about right Royal ransomware rampage that runs the gamut of TTPs
S3 Ep124: When so-called security apps go rogue [Audio + Text]
LastPass: The crooks used a keylogger to crack a corporatre password vault
LastPass: The crooks used a keylogger to crack a corporate password vault
LastPass: Keylogger on home PC led to cracked corporate password vault
Dutch police arrest three cyberextortion suspects who allegedly earned millions
Beware rogue 2FA apps in App Store and Google Play – don’t get hacked!
S3 Ep123: Crypto company compromise kerfuffle [Audio + Text]
NPM JavaScript packages abused to create scambait links in bulk
Coinbase breached by social engineers, employee data stolen
Twitter tells users: Pay up if you want to keep using insecure 2FA
GoDaddy admits: Crooks hit us with malware, poisoned customer websites
S3 Ep122: Stop calling every breach “sophisticated”! [Audio + Text]
Microsoft Patch Tuesday: 36 RCE bugs, 3 zero-days, 75 CVEs
Apple fixes zero-day spyware implant bug – patch now!
Serious Security: GnuTLS follows OpenSSL, fixes timing attack bug
Reddit admits it was hacked and data stolen, says “Don’t panic”
S3 Ep121: Can you get hacked and then prosecuted for it? [Audio + Text]
OpenSSL fixes High Severity data-stealing bug – patch now!
Using VMWare? Worried about “ESXi ransomware”? Check your patches now!
VMWare user? Worried about “ESXi ransomware”? Check your patches now!
Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto
Finnish psychotherapy extortion suspect arrested in France
OpenSSH fixes double-free memory bug that’s pokable over the network
S3 Ep120: When dud crypto simply won’t let go [Audio + Text]
Password-stealing “vulnerability” reported in KeePass – bug or feature?
GitHub code-signing certificates stolen (but will be revoked this week)
Serious Security: The Samba logon bug caused by outdated crypto
Hive ransomware servers shut down at last, says FBI
Dutch suspect locked up for alleged personal data megathefts
S3 Ep119: Breaches, patches, leaks and tweaks! [Audio + Text]
GoTo admits: Customer cloud backups stolen together with decryption key
Apple patches are out – old iPhones get an old zero-day fix at last!
Serious Security: How dEliBeRaTe tYpOs might imProVe DNS security
T-Mobile admits to 37,000,000 customer records stolen by “bad actor”
S3 Ep118: Guess your password? No need if it’s stolen already! [Audio + Text]
Serious Security: Unravelling the NortonLifeLock “hacked passwords” story
Serious Security: Unravelling the LifeLock “hacked passwords” story
Multi-million investment scammers busted in four-country Europol raid
S3 Ep117: The crypto crisis that wasn’t (and farewell forever to Win 7) [Audio + Text]
Microsoft Patch Tuesday: One 0-day; Win 7 and 8.1 get last-ever patches
Popular JWT cloud security library patches “remote” code execution hole
CircleCI – code-building service suffers total credential compromise
RSA crypto cracked? Or perhaps not!
S3 Ep116: Last straw for LastPass? Is crypto doomed? [Audio + Text]
Serious Security: How to improve cryptography, resist supply chain attacks, and handle data breaches
Serious Security: Vital cybersecurity lessons from the holiday season
Inside a scammers’ lair: Ukraine busts 40 in fake bank call-centre raid
PyTorch: Machine Learning toolkit pwned from Christmas to New Year
Naked Security 33 1/3 – Cybersecurity predictions for 2023 and beyond
The horror! The horror! NOTEPAD gets tabbed editing (very briefly)
US passes the Quantum Computing Cybersecurity Preparedness Act – and why not?
S3 Ep115: True crime stories – A day in the life of a cybercrime fighter [Audio + Text]
Twitter data of “+400 million unique users” up for sale – what to do?
Critical “10-out-of-10” Linux kernel SMB hole – should you worry?
LastPass finally admits: Those crooks who got in? They did steal your password vaults, after all…
S3 Ep114: Preventing cyberthreats – stop them before they stop you! [Audio + Text]
“Suspicious login” scammers up their game – take care at Christmas
Microsoft dishes the dirt on Apple’s “Achilles heel” shortly after fixing similar Windows bug
OneCoin scammer Sebastian Greenwood pleads guilty, “Cryptoqueen” still missing
S3 Ep113: Pwning the Windows kernel – the crooks who hoodwinked Microsoft [Audio + Text]
Apple patches everything, finally reveals mystery of iOS 16.1.2
Patch Tuesday: 0-days, RCE bugs, and a curious tale of signed malware
COVID-bit: the wireless spyware trick with an unfortunate name
Pwn2Own Toronto: 54 hacks, 63 new bugs, $1 million in bounties
S3 Ep112: Data breaches can haunt you more than once! [Audio + Text]
Credit card skimming – the long and winding road of supply chain failure
SIM swapper sent to prison for 2FA cryptocurrency heist of over $20m
Ping of death! FreeBSD fixes crashtastic bug in network tool
Number Nine! Chrome fixes another 2022 zero-day, Edge not patched yet
Number Nine! Chrome fixes another 2022 zero-day, Edge patched too
Apple pushes out iOS security update that’s more tight-lipped than ever
LastPass admits to customer data breach caused by previous breach
S3 Ep111: The business risk of a sleazy “nudity unfilter” [Audio + Text]
The CHRISTMA EXEC network worm – 35 years and counting!
Serious Security: MD5 considered harmful – to the tune of $600,000
TikTok “Invisible Challenge” porn malware puts us all at risk
Chrome fixes 8th zero-day of 2022 – check your version now (Edge too!)
Chrome fixes 8th zero-day of 2022 – check your version now
Voice-scamming site “iSpoof” seized, 100s arrested in massive crackdown
S3 Ep110: Spotlight on cyberthreats – an expert speaks [Audio + Text]
Multimillion dollar CryptoRom scam sites seized, suspects arrested in US
CryptoRom “pig butchering” scam sites seized, suspects arrested in US
How to hack an unpatched Exchange server with rogue PowerShell code
How social media scammers buy time to steal your 2FA codes
S3 Ep109: How one leaked email password could drain your business
S3 Ep109: How one leaked email password could drain your business [Audio + Transcript]
Black Friday and retail season – watch out for PayPal “money request” scams
Firefox fixes fullscreen fakery flaw – get the update now!
Log4Shell-like code execution hole in popular Backstage dev tool
“Gucci Master” business email scammer Hushpuppi gets 11 years
Dangerous SIM-swap lockscreen bypass – update Android now!
S3 Ep108: You hid THREE BILLION dollars in a popcorn tin?
Emergency code execution patch from Apple – but not an 0-day
Exchange 0-days fixed (at last) – plus 4 brand new Patch Tuesday 0-days!
Silk Road drugs market hacker pleads guilty, faces 20 years inside
Public URL scanning tools – when security leads to insecurity
Twitter Blue Badge email scams – Don’t fall for them!
S3 Ep107: Eight months to kick out the crooks and you think that’s GOOD? [Audio + Text]
The OpenSSL security update story – how can you tell what needs fixing?
OpenSSL patches are out – CRITICAL bug downgraded to HIGH, but patch anyway!
SHA-3 code execution bug patched in PHP – check your version!
Psychotherapy extortion suspect: arrest warrant issued
Chrome issues urgent zero-day fix – update now!
Updates to Apple’s zero-day update story – iPhone and iPad users read this!
S3 Ep106: Facial recognition without consent – should it be banned?
Online ticketing company “See” pwned for 2.5 years by attackers
Clearview AI image-scraping face recognition service hit with €20m fine in France
Apple megaupdate: Ventura out, iOS and iPad kernel zero-day – act now!
Serious Security: How randomly (or not) can you shuffle cards?
Serious Security: You can’t beat the house at Blackjack – or can you?
When cops hack back: Dutch police fleece DEADBOLT criminals (legally!)
S3 Ep105: WONTFIX! The MS Office cryptofail that “isn’t a security flaw” [Audio + Text]
Women in Cryptology – USPS celebrates WW2 codebreakers
Zoom for Mac patches sneaky “spy-on-me” bug – update now!
Dangerous hole in Apache Commons Text – like Log4Shell all over again
Fashion brand SHEIN fined $1.9m for lying about data breach
Serious Security: Microsoft Office 365 attacked over feeble encryption
S3 Ep104: Should hospital ransomware attackers be locked up for life? [Audio + Text]
Patch Tuesday in brief – one 0-day fixed, but no patches for Exchange!
Move over Patch Tuesday – it’s Ada Lovelace Day!
Mystery iPhone update patches against iOS 16 mail crash-attack
Serious Security: OAuth 2 and why Microsoft is finally forcing you into it
WhatsApp goes after Chinese password scammers via US court
S3 Ep103: Scammers in the Slammer (and other stories) [Audio + Text]
Former Uber CSO convicted of covering up megabreach back in 2016