Sophos expert Chester Wisniewski digs into the week´s security news with John Shier and Paul Ducklin. Naked Security is Sophos´s threat news room.
Miss Manners confronts copy-and-paste. WinRAR patches bugs. When Airplane mode isn't. How many cryptographers to change a light bulb?
https://nakedsecurity.sophos.com/using-winrar-be-sure-to-patch
https://nakedsecurity.sophos.com/snakes-in-airplane-mode
https://nakedsecurity.sophos.com/smart-light-bulbs-could-give-away-your-password
With Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge (https://www.edithmudge.com)
Email questions and suggestions to: tips@sophos.com
S3 Ep149: How many cryptographers does it take to change a light bulb?
Navajo Code Talkers Day. Beta bogosities. Skimming shenanigans. Hooligan hosting. A cybercrime conundrum.
https://nakedsecurity.sophos.com/fbi-warns-about-scams-that-lure-you-in-as-a-mobile-beta-tester
https://nakedsecurity.sophos.com/grab-hold-and-give-it-a-wiggle-atm-card-skimming
https://nakedsecurity.sophos.com/crimeware-server-used-by-netwalker-ransomware-seized
With Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge (https://www.edithmudge.com)
Email questions and suggestions to: tips@sophos.com
S3 Ep148: Remembering crypto heroes
An amazing Art Deco computer. Yet more performance-versus-security trouble. Is sound alone enough to sniff out your password? A rap song (of sorts) with a cybersecurity connection.
https://nakedsecurity.sophos.com/2023/08/08/serious-security-why-learning-to-touch-type-could-protect-you-from-audio-snooping/
https://nakedsecurity.sophos.com/2023/08/04/crocodile-of-wall-street-and-her-husband-plead-guilty-to-giant-sized-cryptocrimes/
With Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge (https://www.edithmudge.com)
Email questions and suggestions to: tips@sophos.com
S3 Ep147: What if you type in your password during a meeting?
Firefox fixes flaws. The exciting vulnerability that you don't need to be afraid of. Breach reporting rules with lots of leeway.
https://nakedsecurity.sophos.com/firefox-fixes-a-flurry-of-flaws
https://nakedsecurity.sophos.com/performance-and-security-clash-yet-again
https://nakedsecurity.sophos.com/sec-demands-four-day-disclosure-limit
With Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge (https://www.edithmudge.com)
Email questions and suggestions to: tips@sophos.com
S3 Ep146: Tell us about that breach! (If you want to.)
Apple patches two zero-days, one for a second time. How a 30-year-old cryptosystem got cracked. All your secret are belong to Zenbleed. Remembering those dodgy PC/Mac ads.
https://nakedsecurity.sophos.com/apple-ships-that-recent-rapid-response
https://nakedsecurity.sophos.com/hacking-police-radios-30-year-old-crypto-flaws
https://nakedsecurity.sophos.com/zenbleed-how-the-quest-for-cpu-performance
With Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge (https://www.edithmudge.com)
Email questions and suggestions to: tips@sophos.com
S3 Ep145: Bugs With Impressive Names!
Why your Mac's calendar app says it's JUL 17. One patch, one line, one file. Careful with that {axe,file}, Eugene. Storm season for Microsoft. When typos make you sing for joy.
https://nakedsecurity.sophos.com/zimbra-collaboration-suite-warning
https://nakedsecurity.sophos.com/google-virus-total-leaks-list
https://nakedsecurity.sophos.com/microsoft-hit-by-storm-season
With Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge (https://www.edithmudge.com)
Got questions/suggestions/stories to share?
Email: tips@sophos.com
Twitter: NakedSecurity (https://twitter.com/nakedsecurity)
S3 Ep144: When threat hunting goes down a rabbit hole
Remembering the slide rule. What you need to know about Patch Tuesday. Supercookie surveillance shenanigans. When bugs arrive in pairs. Apple's rapid patch that needed a rapid patch. User-Agent considered harmful.
https://nakedsecurity.sophos.com/microsoft-patches-four-zero-days-finally-takes-action
https://nakedsecurity.sophos.com/serious-security-rowhammer-returns
https://nakedsecurity.sophos.com/ghostscript-bug-could-allow-rogue-documents-to-run-system
https://nakedsecurity.sophos.com/urgent-apple-fixes-critical-zero-day-hole
https://nakedsecurity.sophos.com/apple-silently-pulls-its-latest-zero-day-update
With Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge (https://www.edithmudge.com)
Got questions/suggestions/stories to share?
Email: tips@sophos.com
Twitter: NakedSecurity (https://twitter.com/nakedsecurity)
S3 Ep143: Supercookie surveillance shenanigans
First there was DevOps, then SecOps, then DevSecOps. Or should that be SecDevOps? Paul Ducklin talks to Sophos X-Ops insider Matt Holdcroft about how to get all your corporate "Ops" teams working together, with cybersecurity correctness as a guiding light.
With Paul Ducklin and Matt Holdcroft.
Original music by Edith Mudge (https://www.edithmudge.com)
Got questions/suggestions/stories to share?
Email: tips@sophos.com
Twitter: NakedSecurity (https://twitter.com/nakedsecurity)
S3 Ep142: Putting the X in X-Ops
PONG for one player. Apple pushes out anti-spyware patch. Beware bad passwords on Linux servers. "Twitter hacker" gets 5 years. When mobile phones and dental hygiene collide.
https://nakedsecurity.sophos.com/apple-patch-fixes-zero-day-kernel-hole
https://nakedsecurity.sophos.com/beware-bad-passwords-as-attackers-co-opt-linux-servers
https://nakedsecurity.sophos.com/uk-hacker-busted-in-spain-gets-5-years
https://nakedsecurity.sophos.com/aussie-pm-says-shut-down-your-phone-every-24-hours
With Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge (https://www.edithmudge.com)
Got questions/suggestions/stories to share?
Email: tips@sophos.com
Twitter: NakedSecurity (https://twitter.com/nakedsecurity)
S3 Ep141: What was Steve Jobs's first job?
Gee Whizz BASIC (probably). Think you know ransomware? Megaupload, 11 years on. ASUS warns of critical router bugs. MOVEit mayhem Part III.
https://nakedsecurity.sophos.com/the-ransomware-documentary-brand-new-video-series
https://nakedsecurity.sophos.com/megaupload-duo-will-go-to-prison
https://nakedsecurity.sophos.com/asus-warns-router-customers-patch-now
https://nakedsecurity.sophos.com/moveit-mayhem-3
With Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge (https://www.edithmudge.com)
Got questions/suggestions/stories to share?
Email: tips@sophos.com
Twitter: NakedSecurity (https://twitter.com/nakedsecurity)
S3 Ep140: So you think you know ransomware?
Magnetic core memory. Patch Tuesday and SketchUp shenanigans. More MOVEit mitigations. Mt. Gox back in the news. Gozi malware criminal imprisoned at last. Are password rules like running through rain?
https://nakedsecurity.sophos.com/patch-tuesday-fixes-4-critical-rce-bugs
https://nakedsecurity.sophos.com/more-moveit-mitigations-new-patches
https://nakedsecurity.sophos.com/history-revisited-us-doj-unseals-mt-gox-cybercrime-charges
https://nakedsecurity.sophos.com/gozi-banking-malware-it-chief-finally-jailed
https://nakedsecurity.sophos.com/thoughts-on-scheduled-password-changes
With Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge (https://www.edithmudge.com)
Got questions/suggestions/stories to share?
Email: tips@sophos.com
Twitter: NakedSecurity (https://twitter.com/nakedsecurity)
S3 Ep139: Are password rules like running through rain?
Calling all modems. KeePass gets an update. MOVEit gets pwned. Chromium zero-day. The backdoor that wasn't really. WPBT explained.
https://nakedsecurity.sophos.com/serious-security-that-keepass-master-password-crack
https://nakedsecurity.sophos.com/moveit-zero-day-exploit-used-by-data-breach-gangs
https://nakedsecurity.sophos.com/chrome-zero-day-this-exploit-is-in-the-wild
https://nakedsecurity.sophos.com/researchers-claim-windows-backdoor
With Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge (https://www.edithmudge.com)
Got questions/suggestions/stories to share?
Email: tips@sophos.com
Twitter: NakedSecurity (https://twitter.com/nakedsecurity)
S3 Ep138: I like to MOVEit, MOVEit
How to say "GIF". A Blackmailer-in-the-Middle attack. Knitting your own crypto. KeePass master password shenanigans. Binge listening.
https://nakedsecurity.sophos.com/ransomware-tales-the-mitm-attack
https://nakedsecurity.sophos.com/serious-security-verification-is-vital
https://nakedsecurity.sophos.com/serious-security-that-keepass-master-password-crack
With Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge (https://www.edithmudge.com)
Got questions/suggestions/stories to share?
Email: tips@sophos.com
Twitter: NakedSecurity (https://twitter.com/nakedsecurity)
S3 Ep137: 16th century crypto skullduggery
Luminiferous aether. A $10m cybercrime reward. Bank scam kingpin gets 13 years. Three Apple 0-days. A Python malware maelstrom.
https://nakedsecurity.sophos.com/us-offers-10m-bounty-for-russian-ransomware-suspect
https://nakedsecurity.sophos.com/phone-scamming-kingpin-gets-13-years
https://nakedsecurity.sophos.com/apples-secret-is-out-3-zero-days-fixed
https://nakedsecurity.sophos.com/pypi-open-source-code-repository-deals-with-manic-malware-maelstrom
With Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge (https://www.edithmudge.com)
Got questions/suggestions/stories to share?
Email: tips@sophos.com
Twitter: NakedSecurity (https://twitter.com/nakedsecurity)
S3 Ep136: Navigating a manic malware maelstrom
An Apple product that flopped (and was not the Newton). Two-faced sysadmin jailed for 6 years. The smart plug with the unsmart security hole. Clearview AI again, once more, again.
https://nakedsecurity.sophos.com/whodunnit-cybercrook-gets-6-years
https://nakedsecurity.sophos.com/belkin-wemo-smart-plug-v2-the-buffer-overflow
https://nakedsecurity.sophos.com/zut-alors-raclage-crapuleux-clearview-ai
With Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge (https://www.edithmudge.com)
Got questions/suggestions/stories to share?
Email: tips@sophos.com
Twitter: NakedSecurity (https://twitter.com/nakedsecurity)
S3 Ep135: Sysadmin by day, extortionist by night
The world-changing Visible Calculator. How not to get a job. Private keys - the hint is in the name. Microsoft's complicated bootkit patch. Taming Bluetooth trackers.
https://nakedsecurity.sophos.com/php-packagist-supply-chain-poisoned-by-hacker
https://nakedsecurity.sophos.com/low-level-motherboard-security-keys-leaked
https://nakedsecurity.sophos.com/bootkit-zero-day-fix-is-this-microsofts-most-cautious
https://nakedsecurity.sophos.com/tracked-by-hidden-tags-apple-and-google-unite
With Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge (https://www.edithmudge.com)
Got questions/suggestions/stories to share?
Email: tips@sophos.com
Twitter: NakedSecurity (https://twitter.com/nakedsecurity)
S3 Ep134: It's a PRIVATE key - the hint is in the name!
New England gets BASIC. Google hits back at CryptBot crooks. Apple seals its lips on security. Mac malware-as-a-service. World Password Day. PaperCut: disclose or don't disclose?
https://nakedsecurity.sophos.com/google-wins-court-order-to-force-isps-to-filter
https://nakedsecurity.sophos.com/apple-delivers-first-ever-rapid-security-response
https://nakedsecurity.sophos.com/mac-malware-for-hire-steals-passwords-and-cryptocoins
https://nakedsecurity.sophos.com/world-password-day-2-2-4
https://nakedsecurity.sophos.com/papercut-security-vulnerabilities-under-active-attack
With Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge (https://www.edithmudge.com)
Got questions/suggestions/stories to share?
Email: tips@sophos.com
Twitter: NakedSecurity (https://twitter.com/nakedsecurity)
S3 Ep133: Apple takes "tight-lipped" to a whole new level
The CIH or SpaceFiller virus revisited. Google's 2FA security shortcut. Server vulns under active attack. Two Chrome zero-days, but was it one attack?
https://nakedsecurity.sophos.com/20-years-ago-today-what-we-can-learn-from-the-cih-virus
https://nakedsecurity.sophos.com/google-leaking-2fa-secrets
https://nakedsecurity.sophos.com/papercut-security-vulnerabilities-under-active-attack
https://nakedsecurity.sophos.com/double-zero-day-in-chrome-and-edge-check-your-versions
With Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge (https://www.edithmudge.com)
Got questions/suggestions/stories to share?
Email: tips@sophos.com
Twitter: NakedSecurity (https://twitter.com/nakedsecurity)
S3 Ep132: Proof-of-concept lets anyone hack at will
Fun with FORTRAN?! An extreme data breach and its consequences. Rogue 2FA apps live in action. Juicejacking revisited.
https://nakedsecurity.sophos.com/ex-ceo-of-breached-pyschotherapy-clinic-gets-prison-sentence
https://nakedsecurity.sophos.com/beware-rogue-2fa-apps-in-app-store-and-google-play
https://nakedsecurity.sophos.com/fbi-and-fcc-warn-about-juicejacking
With Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge (https://www.edithmudge.com)
Got questions/suggestions/stories to share?
Email: tips@sophos.com
Twitter: NakedSecurity (https://twitter.com/nakedsecurity)
S3 Ep131: Can you really have fun with FORTRAN?
A common business-oriented language. Patch Tuesday. Secure Boot (without the "Secure" part). Apple zero-days. World-readable garage doors. Motherboard malware threats.
https://nakedsecurity.sophos.com/microsoft-fixes-a-zero-day-and-two-curious-bugs
https://nakedsecurity.sophos.com/apple-issues-emergency-patches-for-spyware
https://nakedsecurity.sophos.com/apple-zero-day-spyware-patches-extended
https://nakedsecurity.sophos.com/us-government-warning-what-if-anyone-could-open
https://nakedsecurity.sophos.com/attention-gamers-motherboard-maker-msi-admits-to-breach
With Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge (https://www.edithmudge.com)
Got questions/suggestions/stories to share?
Email: tips@sophos.com
Twitter: NakedSecurity (https://twitter.com/nakedsecurity)