Podcast - Sophos Security - Chet Chat
Sophos expert Chester Wisniewski digs into the week´s security news with John Shier and Paul Ducklin. Naked Security is Sophos´s threat news room.
Miss Manners confronts copy-and-paste. WinRAR patches bugs. When Airplane mode isn't. How many cryptographers to change a light bulb? https://nakedsecurity.sophos.com/using-winrar-be-sure-to-patch https://nakedsecurity.sophos.com/snakes-in-airplane-mode https://nakedsecurity.sophos.com/smart-light-bulbs-could-give-away-your-password With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Email questions and suggestions to: tips@sophos.com
S3 Ep149: How many cryptographers does it take to change a light bulb?
Navajo Code Talkers Day. Beta bogosities. Skimming shenanigans. Hooligan hosting. A cybercrime conundrum. https://nakedsecurity.sophos.com/fbi-warns-about-scams-that-lure-you-in-as-a-mobile-beta-tester https://nakedsecurity.sophos.com/grab-hold-and-give-it-a-wiggle-atm-card-skimming https://nakedsecurity.sophos.com/crimeware-server-used-by-netwalker-ransomware-seized With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Email questions and suggestions to: tips@sophos.com
S3 Ep148: Remembering crypto heroes
An amazing Art Deco computer. Yet more performance-versus-security trouble. Is sound alone enough to sniff out your password? A rap song (of sorts) with a cybersecurity connection. https://nakedsecurity.sophos.com/2023/08/08/serious-security-why-learning-to-touch-type-could-protect-you-from-audio-snooping/ https://nakedsecurity.sophos.com/2023/08/04/crocodile-of-wall-street-and-her-husband-plead-guilty-to-giant-sized-cryptocrimes/ With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Email questions and suggestions to: tips@sophos.com
S3 Ep147: What if you type in your password during a meeting?
Firefox fixes flaws. The exciting vulnerability that you don't need to be afraid of. Breach reporting rules with lots of leeway. https://nakedsecurity.sophos.com/firefox-fixes-a-flurry-of-flaws https://nakedsecurity.sophos.com/performance-and-security-clash-yet-again https://nakedsecurity.sophos.com/sec-demands-four-day-disclosure-limit With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Email questions and suggestions to: tips@sophos.com
S3 Ep146: Tell us about that breach! (If you want to.)
Apple patches two zero-days, one for a second time. How a 30-year-old cryptosystem got cracked. All your secret are belong to Zenbleed. Remembering those dodgy PC/Mac ads. https://nakedsecurity.sophos.com/apple-ships-that-recent-rapid-response https://nakedsecurity.sophos.com/hacking-police-radios-30-year-old-crypto-flaws https://nakedsecurity.sophos.com/zenbleed-how-the-quest-for-cpu-performance With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Email questions and suggestions to: tips@sophos.com
S3 Ep145: Bugs With Impressive Names!
Why your Mac's calendar app says it's JUL 17. One patch, one line, one file. Careful with that {axe,file}, Eugene. Storm season for Microsoft. When typos make you sing for joy. https://nakedsecurity.sophos.com/zimbra-collaboration-suite-warning https://nakedsecurity.sophos.com/google-virus-total-leaks-list https://nakedsecurity.sophos.com/microsoft-hit-by-storm-season With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)
S3 Ep144: When threat hunting goes down a rabbit hole
Remembering the slide rule. What you need to know about Patch Tuesday. Supercookie surveillance shenanigans. When bugs arrive in pairs. Apple's rapid patch that needed a rapid patch. User-Agent considered harmful. https://nakedsecurity.sophos.com/microsoft-patches-four-zero-days-finally-takes-action https://nakedsecurity.sophos.com/serious-security-rowhammer-returns https://nakedsecurity.sophos.com/ghostscript-bug-could-allow-rogue-documents-to-run-system https://nakedsecurity.sophos.com/urgent-apple-fixes-critical-zero-day-hole https://nakedsecurity.sophos.com/apple-silently-pulls-its-latest-zero-day-update With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)
S3 Ep143: Supercookie surveillance shenanigans
First there was DevOps, then SecOps, then DevSecOps. Or should that be SecDevOps? Paul Ducklin talks to Sophos X-Ops insider Matt Holdcroft about how to get all your corporate "Ops" teams working together, with cybersecurity correctness as a guiding light. With Paul Ducklin and Matt Holdcroft. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)
S3 Ep142: Putting the X in X-Ops
PONG for one player. Apple pushes out anti-spyware patch. Beware bad passwords on Linux servers. "Twitter hacker" gets 5 years. When mobile phones and dental hygiene collide. https://nakedsecurity.sophos.com/apple-patch-fixes-zero-day-kernel-hole https://nakedsecurity.sophos.com/beware-bad-passwords-as-attackers-co-opt-linux-servers https://nakedsecurity.sophos.com/uk-hacker-busted-in-spain-gets-5-years https://nakedsecurity.sophos.com/aussie-pm-says-shut-down-your-phone-every-24-hours With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)
S3 Ep141: What was Steve Jobs's first job?
Gee Whizz BASIC (probably). Think you know ransomware? Megaupload, 11 years on. ASUS warns of critical router bugs. MOVEit mayhem Part III. https://nakedsecurity.sophos.com/the-ransomware-documentary-brand-new-video-series https://nakedsecurity.sophos.com/megaupload-duo-will-go-to-prison https://nakedsecurity.sophos.com/asus-warns-router-customers-patch-now https://nakedsecurity.sophos.com/moveit-mayhem-3 With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)
S3 Ep140: So you think you know ransomware?
Magnetic core memory. Patch Tuesday and SketchUp shenanigans. More MOVEit mitigations. Mt. Gox back in the news. Gozi malware criminal imprisoned at last. Are password rules like running through rain? https://nakedsecurity.sophos.com/patch-tuesday-fixes-4-critical-rce-bugs https://nakedsecurity.sophos.com/more-moveit-mitigations-new-patches https://nakedsecurity.sophos.com/history-revisited-us-doj-unseals-mt-gox-cybercrime-charges https://nakedsecurity.sophos.com/gozi-banking-malware-it-chief-finally-jailed https://nakedsecurity.sophos.com/thoughts-on-scheduled-password-changes With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)
S3 Ep139: Are password rules like running through rain?
Calling all modems. KeePass gets an update. MOVEit gets pwned. Chromium zero-day. The backdoor that wasn't really. WPBT explained. https://nakedsecurity.sophos.com/serious-security-that-keepass-master-password-crack https://nakedsecurity.sophos.com/moveit-zero-day-exploit-used-by-data-breach-gangs https://nakedsecurity.sophos.com/chrome-zero-day-this-exploit-is-in-the-wild https://nakedsecurity.sophos.com/researchers-claim-windows-backdoor With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)
S3 Ep138: I like to MOVEit, MOVEit
How to say "GIF". A Blackmailer-in-the-Middle attack. Knitting your own crypto. KeePass master password shenanigans. Binge listening. https://nakedsecurity.sophos.com/ransomware-tales-the-mitm-attack https://nakedsecurity.sophos.com/serious-security-verification-is-vital https://nakedsecurity.sophos.com/serious-security-that-keepass-master-password-crack With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)
S3 Ep137: 16th century crypto skullduggery
Luminiferous aether. A $10m cybercrime reward. Bank scam kingpin gets 13 years. Three Apple 0-days. A Python malware maelstrom. https://nakedsecurity.sophos.com/us-offers-10m-bounty-for-russian-ransomware-suspect https://nakedsecurity.sophos.com/phone-scamming-kingpin-gets-13-years https://nakedsecurity.sophos.com/apples-secret-is-out-3-zero-days-fixed https://nakedsecurity.sophos.com/pypi-open-source-code-repository-deals-with-manic-malware-maelstrom With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)
S3 Ep136: Navigating a manic malware maelstrom
An Apple product that flopped (and was not the Newton). Two-faced sysadmin jailed for 6 years. The smart plug with the unsmart security hole. Clearview AI again, once more, again. https://nakedsecurity.sophos.com/whodunnit-cybercrook-gets-6-years https://nakedsecurity.sophos.com/belkin-wemo-smart-plug-v2-the-buffer-overflow https://nakedsecurity.sophos.com/zut-alors-raclage-crapuleux-clearview-ai With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)
S3 Ep135: Sysadmin by day, extortionist by night
The world-changing Visible Calculator. How not to get a job. Private keys - the hint is in the name. Microsoft's complicated bootkit patch. Taming Bluetooth trackers. https://nakedsecurity.sophos.com/php-packagist-supply-chain-poisoned-by-hacker https://nakedsecurity.sophos.com/low-level-motherboard-security-keys-leaked https://nakedsecurity.sophos.com/bootkit-zero-day-fix-is-this-microsofts-most-cautious https://nakedsecurity.sophos.com/tracked-by-hidden-tags-apple-and-google-unite With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)
S3 Ep134: It's a PRIVATE key - the hint is in the name!
New England gets BASIC. Google hits back at CryptBot crooks. Apple seals its lips on security. Mac malware-as-a-service. World Password Day. PaperCut: disclose or don't disclose? https://nakedsecurity.sophos.com/google-wins-court-order-to-force-isps-to-filter https://nakedsecurity.sophos.com/apple-delivers-first-ever-rapid-security-response https://nakedsecurity.sophos.com/mac-malware-for-hire-steals-passwords-and-cryptocoins https://nakedsecurity.sophos.com/world-password-day-2-2-4 https://nakedsecurity.sophos.com/papercut-security-vulnerabilities-under-active-attack With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)
S3 Ep133: Apple takes "tight-lipped" to a whole new level
The CIH or SpaceFiller virus revisited. Google's 2FA security shortcut. Server vulns under active attack. Two Chrome zero-days, but was it one attack? https://nakedsecurity.sophos.com/20-years-ago-today-what-we-can-learn-from-the-cih-virus https://nakedsecurity.sophos.com/google-leaking-2fa-secrets https://nakedsecurity.sophos.com/papercut-security-vulnerabilities-under-active-attack https://nakedsecurity.sophos.com/double-zero-day-in-chrome-and-edge-check-your-versions With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)
S3 Ep132: Proof-of-concept lets anyone hack at will
Fun with FORTRAN?! An extreme data breach and its consequences. Rogue 2FA apps live in action. Juicejacking revisited. https://nakedsecurity.sophos.com/ex-ceo-of-breached-pyschotherapy-clinic-gets-prison-sentence https://nakedsecurity.sophos.com/beware-rogue-2fa-apps-in-app-store-and-google-play https://nakedsecurity.sophos.com/fbi-and-fcc-warn-about-juicejacking With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)
S3 Ep131: Can you really have fun with FORTRAN?
A common business-oriented language. Patch Tuesday. Secure Boot (without the "Secure" part). Apple zero-days. World-readable garage doors. Motherboard malware threats. https://nakedsecurity.sophos.com/microsoft-fixes-a-zero-day-and-two-curious-bugs https://nakedsecurity.sophos.com/apple-issues-emergency-patches-for-spyware https://nakedsecurity.sophos.com/apple-zero-day-spyware-patches-extended https://nakedsecurity.sophos.com/us-government-warning-what-if-anyone-could-open https://nakedsecurity.sophos.com/attention-gamers-motherboard-maker-msi-admits-to-breach With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)
S3 Ep130: Open the garage bay doors, HAL
