We take an expert look at the latest cybersecurity incidents, how they happened, and why. Tune in weekly to learn what you can do to stop bad things from happening to you!
Got questions/suggestions/stories to share?
Email: [email protected]
Twitter: @NakedSecurity
Instagram: @NakedSecurity
The podcast Naked Security is created by Sophos. The podcast and the artwork on this page are embedded on this page using the public podcast feed (RSS).
Miss Manners confronts copy-and-paste. WinRAR patches bugs. When Airplane mode isn't. How many cryptographers to change a light bulb?
Intro and outro music by Edith Mudge (www.edithmudge.com)
Navajo Code Talkers Day. Beta bogosities. Skimming shenanigans. Hooligan hosting. A cybercrime conundrum.
Intro and outro music by Edith Mudge (www.edithmudge.com)
An amazing Art Deco computer. Yet more performance-versus-security trouble. Is sound alone enough to sniff out your password? A rap song (of sorts) with a cybersecurity connection.
Intro and outro music by Edith Mudge (www.edithmudge.com)
Firefox fixes flaws. The exciting vulnerability that you don't need to be afraid of. Breach reporting rules with lots of leeway.
Intro and outro music by Edith Mudge (www.edithmudge.com)
Apple patches two zero-days, one for a second time. How a 30-year-old cryptosystem got cracked. All your secret are belong to Zenbleed. Remembering those dodgy PC/Mac ads.
Intro and outro music by Edith Mudge (www.edithmudge.com)
Why your Mac's calendar app says it's JUL 17. One patch, one line, one file. Careful with that {axe,file}, Eugene. Storm season for Microsoft. When typos make you sing for joy.
Twitter: @NakedSecurity
Intro and outro music by Edith Mudge (www.edithmudge.com)
Remembering the slide rule. What you need to know about Patch Tuesday. Supercookie surveillance shenanigans. When bugs arrive in pairs. Apple's rapid patch that needed a rapid patch. User-Agent considered harmful.
Twitter: @NakedSecurity
Intro and outro music by Edith Mudge (www.edithmudge.com)
First there was DevOps, then SecOps, then DevSecOps. Or should that be SecDevOps? Paul Ducklin talks to Sophos X-Ops insider Matt Holdcroft about how to get all your corporate "Ops" teams working together, with cybersecurity correctness as a guiding light.
Twitter: @NakedSecurity
Intro and outro music by Edith Mudge (www.edithmudge.com)
PONG for one player. Apple pushes out anti-spyware patch. Beware bad passwords on Linux servers. "Twitter hacker" gets 5 years. When mobile phones and dental hygiene collide.
Twitter: @NakedSecurity
Intro and outro music by Edith Mudge (www.edithmudge.com)
Gee Whizz BASIC (probably). Think you know ransomware? Megaupload, 11 years on. ASUS warns of critical router bugs. MOVEit mayhem Part III.
Twitter: @NakedSecurity
Intro and outro music by Edith Mudge (www.edithmudge.com)
Magnetic core memory. Patch Tuesday and SketchUp shenanigans. More MOVEit mitigations. Mt. Gox back in the news. Gozi malware criminal imprisoned at last. Are password rules like running through rain?
Twitter @NakedSecurity
Intro and outro music by Edith Mudge (www.edithmudge.com)
Calling all modems. KeePass gets an update. MOVEit gets pwned. Chromium zero-day. The backdoor that wasn't really. WPBT explained.
Twitter @NakedSecurity
Intro and outro music by Edith Mudge (www.edithmudge.com)
How to say "GIF". A Blackmailer-in-the-Middle attack. Knitting your own crypto. KeePass master password shenanigans. Binge listening.
Email [email protected]
Twitter @NakedSecurity
Intro and outro music by Edith Mudge (www.edithmudge.com)
Luminiferous aether. A $10m cybercrime reward. Bank scam kingpin gets 13 years. Three Apple 0-days. A Python malware maelstrom.
Email [email protected]
Twitter @NakedSecurity
An Apple product that flopped (and was not the Newton). Two-faced sysadmin jailed for 6 years. The smart plug with the unsmart security hole. Clearview AI again, once more, again.
Intro and outro music by Edith Mudge (https://www.edithmudge.com).
Hit us up on Twitter: @NakedSecurity
The world-changing Visible Calculator. How not to get a job. Private keys - the hint is in the name. Microsoft's complicated bootkit patch. Taming Bluetooth trackers.
Email: [email protected]
Twitter: https://twitter.com/nakedsecurity
Original music by Edith Mudge (www.edithmudge.com)
New England gets BASIC. Google hits back at CryptBot crooks. Apple seals its lips on security. Mac malware-as-a-service. World Password Day. PaperCut: disclose or don't disclose?
Original music by Edith Mudge (https://www.edithmudge.com).
The CIH or SpaceFiller virus revisited. Google's 2FA security shortcut. Server vulns under active attack. Two Chrome zero-days, but was it one attack?
Email: [email protected]
Twitter: @NakedSecurity
Fun with FORTRAN?! An extreme data breach and its consequences. Rogue 2FA apps live in action. Juicejacking revisited.
With Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge.
A common business-oriented language. Patch Tuesday. Secure Boot (without the "Secure" part). Apple zero-days. World-readable garage doors. Motherboard malware threats.
Original music by Edith Mudge (https://www.edithmudge.com)
Email [email protected]
Twitter @NakedSecurity
A supply chain attack that foisted spyware on trusting users. Wi-Fi encryption bypass via left-over data. Surely there should be TWO World Backup Days?
Email [email protected]
Original music by Edith Mudge (https://www.edithmudge.com)
Twitter @NakedSecurity
RIP Gordon Moore, the more in Moore's Law. Photo cropping bugfix. DDoS honeypot. E-commerce patches. Apple 0-day and lots more.
Email [email protected]
Twitter @NakedSecurity
The mobile phone bugs that Google kept quiet, just in case. The mysterious case of ATM video uploads. When redacted data springs back to life.
Email [email protected]
Twitter @NakedSecurity
The price of fast fashion. Firefox fixes. Feature creep fail curtailed in Patch Tuesday updates.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Memories of Michelangelo (the virus, not the artist). Data leakage bugs in TPM 2.0. Ransomware bust, ransomware warning, and anti-ransomware advice.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
How Woz nearly gave away the Apple I. Rogue software packages. Rogue network "administrators". Rogue keyloggers. Rogue authenticators.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
The first search warrant for computer storage. GoDaddy breach. Twitter surprise. Coinbase kerfuffle. The cost of success.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
The birth of ENIAC. A "sophisticated attack" (someone got phished). A cryptographic hack enabled by a security warning. Valentine's Day Patch Tuesday. Apple closes spyware-sized 0-day hole.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Cryptocurrency crimelords. Security patches for VMware, OpenSSH and OpenSSL. Medical breacher busted. Is that a bug or a feature?
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Do we really need a "war against cryptography" - codes and ciphers that the government can easily crack if it thinks there's an emergency - to cement our collective online security?
Hear renowned cybersecurity author Andy Greenberg's thoughtful commentary on this and many other vital issues, including anonymity and privacy, as we talk to him about his tremendous new book, Tracers in the Dark.
Original music by Edith Mudge.
The mighty CPU that wasn't. Hive ransomware takedown. Dutch data crime suspect busted. Samba finally gets rid of MD5. GitHub admits to an intrusion. Storing passwords securely.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
The programming language almost called Oak. GoTo admits to more breach woes. T-Mobile spills 37 million records. Apple patches everything, even iOS 12. And Google mAkES tYpOs for sECurity.
Original music by Edith MudgeGot questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
The HAPPY99 virus reminds us that less is more. Trouble with JSON Web Tokens. Investment scammers busted in Europe. The LifeLock "breach" that wasn't.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Two stories from the underground. Bank scammers busted. The crypto-crack that wasn't. And the end of two Windows eras at the same time.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
The ground-breaking HP-35 digital calculator. Last straw for LastPass? Congress takes on quantum computing. 33 1/3-year-old cybersecurity lessons. Machine learning supply chain attack.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Once more unto the breach, dear friends, once more!
Paul Ducklin talks to Peter Mackenzie, Director of Incident Response at Sophos, in a cybersecurity session that will alarm, amuse and educate you, all in equal measure.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email: [email protected]
Twitter: @NakedSecurity
Join world-renowned Sophos expert Fraser Howard, Director of Research at SophosLabs, for this fascinating episode, recorded during our recent Security SOS Week 2022. When it comes to fighting cybercrime, Fraser truly is a "specialist in everything", and he also has the knack of explaining this tricky and treacherous subject in plain English.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
The irony of the CAN-SPAM law. When genuine kernel drivers go rogue. Apple patches everything. Stealing data via secret radio waves. E-commerce supply chain drama.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
The worm that wasn't a Goner. LastPass suffers a sting in the data breach tail. Apple's secretive update. The Ping o' Death. SIM swapping explained. A Beatles-esque 0-day in Chrome and Edge.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Christmas-themed wormage. Prurient malware. Cryptorom busts. Voice call spoofing.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Security specialist John Shier tells you the "news you can really use" - how to boost your cybersecurity based on real-world advice from the 2023 Sophos Threat Report.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Microsoft's tilt at the MP3 marketplace. Apple's not-a-zero-day emergency. Cracking the lock on Android phones. Browser-in-the-Browser revisited. The Emmenthal cheese attack. Business Email Compromise and how to prevent it.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Radio waves so mysterious they're known only as X-Rays. Were there six 0-days or only four? The cops that found $3 billion in a popcorn tin. Blue badge confusion. When URL scanning goes wrong. Tracking down every last unpatched file. Why even unlikely exploits can earn "high" severity levels.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
The man who put Boole in Boolean. OpenSSL's bated-breath update. Apple's zero-day finally settled. New Chrome zero-day. SHA-3 code gets a patch. Extreme extortion via stolen medical data. Data breach response the nonchalant way.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Windows XP (fondly?!) remembered. Clearview AI courts controversy again. DEADBOLT ransomware crooks get counterhacked. Women cryptologists commemorated in US. How to measure randomness. Deconstructing Apple's latest security bulletins.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Coolest videogame ever. Zoom thinks everyone's a developer. The Patch Tuesday that wasn't. A data breach coverup. Log4Shell all over again. And the Office cryptofail that Microsoft won't fix.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
What goes up... must come down. Ransomware criminal avoids a life sentence. Former CSO convicted over Uber megabreach coverup. WhatsApp fights rip-off rogue apps. The Countess of Computer Science. Could a weird email brick your iPhone?
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Naked Security meets Sophos X-Ops! Duck and Chet dig into OAuth 2.0, a well-known protocol for authorization. Microsoft calls it "Modern Auth", though it's a decade old, and is finally forcing Exchange Online customers to switch to it.
Original music by Edith Mudge
A fridge-sized calculator made with transistors (really). ProxyNotShell situation reviewed. Romance and BEC scammer gets 25 years in the slammer. Is there an answer to nuisance callers? Is the answer voicemail?
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Chester Wisniewski gives you actionable advice on how to deal with two actively exploited Exchange zero-days that suddenly burst into the news. Learn who's affected and how, find out what you can do while waiting for Microsoft's patches, and plan your threat hunting in case the worst happens to you.
Original music by Edith Mudge
What's the real deal with LAPSUS$? How did Optus get hacked? Was there really a WhatsApp 0-day? What if "deleted" data comes back from the dead to haunt you?
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Security SOS Week 2022 - check it out! The very first Android. Firefox 105 is out. Uber hacked... by LAPSUS$? LastPass talks about its breach. Are two disks better than one?
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Chester Wisniewski explains what we can learn from Uber's latest cybsecurity crisis: "Just because a big company didn't have the security they should doesn't mean you can't."
Original music by Edith Mudge
Second Cosmic Rocket (not a band!) Microsoft 0-day. Apple 0-days. Good logging habits. Browser-in-the-browser trickery. DEADBOLT ransomware. Again.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
The bug that was a moth. Was there really a TikTok breach? Peter Eckersley: Code In Peace. Chrome and Edge fix a zero-day. Apple updates iOS 12 for the first time in a year. App icons: the difference between sprockets and cogs.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
The Computer Misuse Act, back in 1990. JavaScript supply-chain bug hunting. Jumping airgaps. "The Sanitizer" comes to Chrome. LastPass breach provokes password manager puzzlement.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Start me up. The R&B dance classic that crashed computers. Bitcoin ATM skimming (no malware required). Multiple browser zero-days. Was your iPhone pwned?
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Chester attends DEF CON from afar. Zoom fixes an 0-day. An APIC leak that isn't EPIC. $10m for dobbing in Conti criminals. Cybersecurity in hospitals. Ransomware in triplicate.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Memories of the Blaster worm. Slack leaked password hashes for FIVE YEARS. Github showered with malware. Traffic lights and cybersecurity. Post-quantum cryptography.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Queen Victoria goes online. A nasty bug in Samba. Smiles for SysAdmins. A crypto-as-in-cryptography bug. A crypto-as-in-currency disaster. And is $200 million just chump change these days?
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Geosynchronicity. Office security (on-off-on). A half-billion-dollar data breach cost. And patch that browser!
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Integrated circuits and Nobel prizes. Log4Shell - forever? Cybersecurity tips for summmer. Scams and coincidence.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Memories of the Code Red worm. OpenSSL fixes two tiny but troublesome bugs. More trouble in Java-land. Office macros off and back on again. Potential perils of paying ransomware demands.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Chrome quashes another zero-day browser bug. Two big-time cybercrime stories. A 2FA phishing scam that arrived PDQ. Chester swarmed by bots on Twitter.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Memories of the iPhone 1. Sextortion scams target LGBTQ+ daters. Yet another blockchain blunder. OpenSSL fixes the bug missed in the last bugfix. And what became of Little Bobby Tables?
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Duck gets behind the Ducks. 2000 phone scammers arrested in Interpol action. A three-year-old hacking case ends in conviction. And a Canadian financial company picks up an enormous data breach fine.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Computer Science in the 1800s. Fixing Follina. AirTag stalking. ID theft site seizure. And the Law of Big Numbers versus SMS scams.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
The dawn of the x86 era. The Active Adversary Playbook. A sort-of zero day in Windows. A real-life zero-day in Atlassian Confluence. And the registry settings that could keep you in your job.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Why calling a computer after a famous scientist doesn't always help. The wacky but dangerous 0-day hole in Windows. Supply chain attacks and the crooks who orchestrate them. Smishing revisited. And why saying what you really mean makes you better at cybersecurity.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
How network comms caught a murderer back in in 1845. Why the US government said, "Patch, or else!" How Mozilla got a double code-execution bug fixed in 48 hours. And why controversial face-matching company Clearview AI got fined $10m.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
What does the word "non-commensurate" mean? When is cracking passwords legal? Why did Firefox get patched? Which computer needed dropping onto the desk? Why wasn't this 0-day listed in every Apple update? Did Duck get spammed, or was it actually a troll?
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Where does the word "radio" come from? RubyGems supply chain rip-and-replace bug. A weird, weird, weird, weird, weird GoogleDocs bug. Colonial Pipeline back in the cybersecurity news. What about built-in password managers?
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
World Password Day (we still need it), Github authentication tokens, Firefox hits a ton, and a look back at network worms.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
The biggest mountain in tne solar system. New ransomware statistics. Trouble with phishing. Bugs in NAS boxes. A giant security hole in Java. And how to get an industrial grade firewall at home for free.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Adam Osborne or John Osbourne? Another 0-day in Chrome. How not to choose a cybersecurity holiday destination. The Osbo[u]rne Effect. Cryptododginess that might actually be legal. And the Zilog Z80 versus the Mostech 6502.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Hydra darkweb market decapitated. Ruby module supply chain hole. Quantum computing sidestepped. A robot revolution that could result in ransomware. And the Zuckerberg scam that just won't die.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Hacking 2022-style. Some Apple bugs. Some Android bugs. Some Firefox bugs. The SATAN network scanner. Some VMware Spring bugs. And hacking PDP-11 style.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
The DEADBOLT ransomware. LAPSUS$ members bust - or were they? Zlib patches a 17-year-old bug. Chrome experiences another weird 0-day. And Clippy. Yes, THAT Clippy. No, we're not sure why.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
LAPSUS$ hackers break into Okta. The CryptoRom money-scamming malware is back on phones. OpenSSL gets into an infinite loop. CafePress fined for covering up a data breach.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Two ransomware suspects extradited for trial. Apple patches 87 known security holes. Happy Pi Day. What happens if a whole country exits the global internet?
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
What do ransomware blackmailers ask for when they don't want money? Why did Firefox get two updates in three days? How did Adafruit get hoist by the petard of shadow IT? And what's with those dirty Linux pipes?
REGISTER FOR OUR CYBERINSURANCE EVENT: https://events.sophos.com/cyberinsurance
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
How good is Apple's AirTag stalker detection? Why are web coders still making Y2K-like blunders? And how many Instagram scams can you get in one weekend?
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
VM escapes could put your host servers at risk. PHP fixes an input validation bug in input validation code. A WordPress plugin maker shows you how to write a decent security report. And French scammers remind us that sextortion is sadly still a thing.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Alleged Bitcoin fraudsters busted, power company in trillion-dollar payout blunder, how a blizzard led to a telecomms revolution, and 0-day after 0-day after 0-day.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Problems with plugins. A Wormhole wormhole. Can machines think? Microsoft has a change of heart. And then another one. Why screen cleaning cloths are cool.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Stealing root on Linux. Snooping on RAM with a video driver bug. Apple patches a zero-day hole. SMS scams promise home PCR machines. German court freaks out over fonts. How to be private. And a paint robot that went wild.
https://nakedsecurity.sophos.com/pwnkit-security-bug-gets-you-root
https://nakedsecurity.sophos.com/linux-kernel-patches-performance-can-be-harmful-bug
https://nakedsecurity.sophos.com/apple-patches-safari-data-leak
https://nakedsecurity.sophos.com/coronavirus-sms-scam-offers-home-pcr
https://nakedsecurity.sophos.com/website-operator-fined-for-using-google-fonts
https://nakedsecurity.sophos.com/happy-data-privacy-day
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Watch out for tax scams. Crooks with the motto "In Fraud We Trust". How not to write a data breach notification. Where to find the "10" key on your telephone.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Russia busts Revil. Romance scammer sent to prison. Wormable Windows hole patched. Memories of the HAPPY99 virus. Linux disk encryption trouble. Apple browsers leak personal data. And how (not) to paint a computer.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
A JavaScript coder sabotages his own projects. Routers with critical holes. Honda cars party like it's 2002. The FTC warns everyone to patch. And a Log4Shell-like bug in another Java library.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Log4Shell - the gift that keeps on taking. Scammers threatening your social media accounts. Apple Home has a pecuu[...]uuliar bug. And why 2FA is easier than you think.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Understanding Log4Shell. Fixing Log4Shell. What criminals are up to with Log4Shell. Apple's latest security fixes. And what (not to) do when your mouse gets stuck.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Mozilla's "BigSig" buffer overflow hole. UK to put IoT vendors on notice. The Mother of All Demos. Cryptocurrency company catastrophe. Firefox gets an extra sandbox. And an access point from outer space (OK, from home).
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Call scammers and cryptocoin treachery. Cloud insecurity and yet more cryptocoin treachery. Facial recognition creepiness. And the wannabe wizard that went to school with a trainee Sith.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Cybersecurity tips for the holiday season and beyond. Exchange at risk from public exploit. GoDaddy loses passwords for 1.2m users. Longest-lived Windows version ever. Don't make your cookies public. And the day that umbrellas became an anti-DDoS tool.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
The infamous Emotet malware makes a comeback. Crooks smirk at the world with a fake FBI warning. Why tubes are also valves. Samba fixes an intriguing bug. The suitcase that needs no handle. And a virtual-versus-real monitor mixup.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
We enjoy the Sophos 2022 Threat Report. The world's {oldest, coolest} continously maintained browser. Facebook folds up its Face Recognition feature. Crooks combine a new social engineering scam with a new way of packaging malware. Kaseya ransomware suspect busted in Poland. Oh! No! How to block radio communications in a land with no hills.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Norbert (huzzah for Norbert!) does tech support. Europol digs into the ransomware scene. Microsoft finds a wacky bug in Apple's shell. The Morris worm turns 33. Edge on Linux phans the phlames. Ola! Gibberish peculiarity textual solvage.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Bliss is a hill in wine country. Lessons from a cryptotrading hamster. Ransomware gang hacked back. Docusign phishers go after 2FA codes. Sleep mode considered harmful.
Original music by Edith Mudge
Got something to share? Email [email protected]
Special minisode! Michelle Farenci knows her stuff, because she's a cybersecurity practitioner inside a cybersecurity company. Learn why thinking like an attacker makes you a better defender.
Full transcript: https://nakedsecurity.sophos.com/listen-up-4-cybersecurity-first-purple-teaming
Special minisode! Dr Jason Nurse, Associate Professor in Cybersecurity at the University of Kent, takes on the controversial topic of cyberinsurance.
Full transcript: https://nakedsecurity.sophos.com/becybersmart-2021-cyberinsurance
Special minisode! Chester Wisniewski, Principal Research Scientist at Sophos, gives you useful and actionable advice to reduce the risk of supply chain attacks.
Full transcript: https://nakedsecurity.sophos.com/becybersmart-2021-supply-chain-attacks
Special Minisode for #Cybermonth! Fraser Howard, Director of Threat Research at Sophos, talks about malware and how to fight it. Fraser's breadth and depth of knowledge in the threat-fighting field is second to none.
Full transcript: https://nakedsecurity.sophos.com/becybersmart-2021-week4
Hook up with our forthcoming Live Malware Demo presentation. Why we think you should celebrate Global Encryption Day. A whole new twist on bogus online "friendships". How to stop your network cables giving you away. And why superglue is NOT a cybersecurity tool!
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Apple (you guessed it!) fixes yet another iPhone 0-day. Apache patches an embarrassing bug and then has to patch the patch. It's Fight The Phish week. The user who got punched right in the nose by a recalcitrant computer.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Apple Pay gets hacked (sort of). DOJ busts four gift card scamming suspects. We give you our top tips for #Cybermonth. Ukrainian Cyberpolice take on ransomware crooks. Oh! No! The user that volunteered to RTFM!?
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Let's Encrypt brings HTTPS to everyone. Researchers rediscover an Outlook data leakage issue. VMware keeps it real. And when the mouse is away, the cat will play.
With Paul Ducklin and Doug Aamoth.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
A scarily exploitable hole in Microsoft open source code. A simpler take on delivery scams. A Face ID bypass hack, patched for the initial release of iOS 15. And how not to get locked in a cabling closet.
Coder? Use Sophos Intelix yourself for free: https://sophos.com/intelix
With Paul Ducklin and Doug Aamoth.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Apple patches two zero-day bugs. Microsoft patches one zero-day bug. A security researcher finds a fast-food bug (non-insect sort). And a touchpad user turns right into left, and vice versa.
(See also: Big Office bug squashed for September 2021 Patch Tuesday)
With Paul Ducklin and Doug Aamoth.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Overlooked security flaw leaves web code vulnerable. A home alarm system that almost anyone can turn off. Some fascinating Firefox bugs fixed. And when you grab your laptop... but it's not yours.
With Paul Ducklin and Doug Aamoth.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Security code flushes out security bugs. Recursion: see recursion. Phishing (and lots of it). And the Windows desktop that got so big it imploded.
With Paul Ducklin and Doug Aamoth.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
More money troubles in cryptotown. Trouble with plastic spaghetti. The mouse that conquered Windows. And the embarrassment when you report one of your very own emails as a phish.
With Paul Ducklin and Doug Aamoth.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Copyright infringement scams that beg you to call. An IoT bug that could be exploited for video snooping and more. A hacker steals $600m and then makes a song and dance out of giving it back. And how Doug's PS5 issues could be solved at last.
With Paul Ducklin and Chester Wisniewski.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Home and small business routers under attack. A hacking tool favoured by crooks gets hacked. The Navajo Nation's selfless cryptographic contribution to America. A cybercrook gets aggrieved at being ripped off by cybercrooks.
With Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
The latent 0-day that didn't get reported until it was too late. Retro computing: reliving the TRS-80. Crooks that help you install their malware. And a 5-minute billionaire (who ended up with $400).
With Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Apple's emergency 0-day fix. Two sorts of Windows nightmare, neither involving printers. Twitter hacker busted. And our very own Doug ruins a brand new TV.
With Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Learning from computer virus history. The PrintNightmare saga continues. Apple puts out a patch, but doesn't say why. Snitch on a crook and earn $10 million. Scammers do grammar. And the Business Email Compromise that wasn't.
With Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
We explain how a format string bug could lock your iPhone out of your own network. We revisit the PrintNightmare saga, which is sort-of fixed but not really. We look back at the 20-year-old Code Red virus. We look at what cybercriminals spend money on (hint: more cybercrime). And in this week's "Oh! No!", we learn how farm animals can disrupt your network.
With Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
The "Independence Day Weekend" ransomware drama. The PrintNightmare nightmare continues. An email hacker gets his conviction overturned. In this week's Oh! No! story, a server room fills with toxic fumes...
With Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
In this special splintersode, Kimberly Truong talks to Eva Galperin, Director of Security at the Electronic Frontier Foundation.
Eva's TED talk mentioned in the podcast: What you need to know about Stalkerware.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
When you spend tens of pounds but get billed thousands because the system mistook the date for the amount. Our tips to make #SocialMediaDay your safest day on social media yet. And a clip from a great new privacy splintersode we'll be airing next week.
With Kimberly Truong, Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Ukrainian cops bring out the BFG (Big Fearsome Grinder) and cut open some doors. A repeated request for destructive Linux code enters its 15th year. Peloton exercise bicycles found to be rootable.
With Kimberly Truong, Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Will quantum cryptography mean the end of encryption? How was the FBI able to get bitcoins back in the Colonial Pipeline ransomware case? What is the ALPACA attack, and does it make your browsing less secure?
With Kimberly Truong, Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Alleged malware coder from the Trickbot gang arrested. 5500 passwords cracked and salaries stolen by "credential stuffing" crook. And we answer a listener's question about just how tough to be when judging a company that's had a breach.
With Kimberly Truong, Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
The fascinating tale of a bug that's baked into Apple's latest chip. Why the Aussie data breach warning site HIBP is partnering with the FBI. And a coronavirus tracking toolkit that fell foul of privacy rules.
With Kimberly Truong, Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Apple patches a raft of serious security holes. Police arrest eight suspects in an online scamming ring. We explain how WhatsApp messages from hacked accounts are helping cybercrooks bypass 2FA.
With Kimberly Truong, Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
We look into an unnerving case of mixed-up video feeds. We warn you against "going rogue" when you can't get the download you want from the regular place. We explain how Apple's new AirTag product got hacked (again).
With Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Apple's brand new AirTag product got hacked already. Things you can learn from Colonial Pipeline's ransomware misfortune. Why Dell patched a bunch of driver bugs going back more than a decade. And the "Is it you in the video?" scam just keeps on coming back.
Additional links you will find useful:
https://news.sophos.com/en-us/using-sophos-edr-to-identify-endpoints-impacted-by-dell
https://nakedsecurity.sophos.com/ransomware-dont-expect-a-full-recovery
https://www.sophos.com/ransomware
With Kimberly Truong, Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
We look into Apple's recent emergency updates that closed off four in-the-wild browser bugs. We explain how the infamous "Flubot" home delivery scam works and how to stop it. We investigate a recent security bug that threatened the PHP ecosystem.
With Kimberly Truong, Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
We investigate whether AirDrop is really as dangerous as researchers claimed. We discuss the pestiferous problem of fake Linux bugs submitted as an academic exercise. We review the latest Sophos Ransomware Report and uncover uncomfortable truths about paying up.
With Kimberly Truong, Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
How Firefox showed the hand to a widely abused online tracking trick. Why reading from one part of your computer's memory can paradoxically (and sneakily) let you write to another part. And yet more IoT bugs, this time a whole slew of them that go by the moniker "name:wreck".
With Kimberly Truong, Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Sophos cybersecurity expert Chester Wisniewski provides excellent, topical and timely commentary on the FBI’s recent use of a malware-like method to forcibly clean up hundreds of servers still infected in the Hafnium aftermath.
With Paul Ducklin and Chester Wisniewski
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
We look at the big-money hacks from the 2021 Pwn2Own competition. We investigate the difficulties of hiring an assassin via the dark web. We wrestle with some of the privacy issues relating to COVID-19 infection tracking apps.
With Kimberly Truong, Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
How scammers copied a government website almost to perfection. What to do about those fake "bug" hunters who ask for payment for finding "vulnerabilities" that aren't. Why the Dutch data protection authority fined Booking.com for not sending in a data breach disclosure fast enough.
Useful podcasts and videos mentioned in this episode:
https://nakedsecurity.sophos.com/s3-ep12-a-chat-with-social-engineering-hacker-rachel-tobac
https://nakedsecurity.sophos.com/s3-ep8-a-conversation-with-katie-moussouris
https://nakedsecurity.sophos.com/what-should-you-say-if-you-have-a-data-breach
With Kimberly Truong, Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Why Apple had to rush out a security update for iDevices. Two cryptographic security holes patched in OpenSSL. How PHP nearly got backdoored by crooks.
With Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
How a social engineer ripped off a victim lured in by one of those "small outstanding fee to pay" home delivery scams. The ransomware crooks targeting networks that still haven’t done their Hafnium patches. And the Linux kernel security holes that lay there undiscovered for 15 years.
Related articles that we refer to in the show:
https://nakedsecurity.sophos.com/beware-the-dhl-delivery-message
https://nakedsecurity.sophos.com/watch-out-scummy-scammers
https://nakedsecurity.sophos.com/s3-ep12-a-chat-with-social-engineering-hacker-rachel-tobac
https://nakedsecurity.sophos.com/blackkingdom-ransomware
https://nakedsecurity.sophos.com/serious-security-webshells-explained
https://nakedsecurity.sophos.com/naked-security-live-hafnium-explained
https://nakedsecurity.sophos.com/serious-security-the-linux-kernel-bugs
With Kimberly Truong, Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
We discuss an iPhone app that allowed anyone to snoop on anyone's calls - but not in the way you might expect. We investigate a data breach where 150,000 surveillance cameras protecting hundreds or thousands of customers were apparently "secured" by a single password... that got leaked onto the internet. And we urge you as keenly as we can: "Don't spread hoaxes, folkses."
With Kimberly Truong, Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
John Noble was Director of Incident Management at the UK's National Cyber Security Centre (NCSC) until his retirement in 2018. During his 40 years of Government service, John specialised in operational delivery and strategic business change. For his work in creating effective partnerships in the run up to the London Olympics, he was made a Commander of the British Empire (CBE) in 2012.
John helped to establish the NCSC and led the response to nearly 800 significant cyberincidents. This work has given him unrivalled experience in dealing with and understanding the causes of cyberattacks.
John is currently a non-executive director at NHS Digital, where he chairs the Information Assurance and Cyber Security Committee. NHS Digital is the national information and technology partner to the health and social care system in England.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Getting to grips with the HAFNIUM gang/vulnerabilities/exploits/webshells/attacks. Why it's important to think before you share those home-based selfies. What you need to know about social engineering. How (not!) to prove a point when you're a programmer.
With Kimberly Truong and Paul Ducklin
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
How to stop security-conscious apps from allowing unencrypted data to escape, and how scammers put social network users under pressure in order to steal their passwords.
With Doug Aamoth and Paul Ducklin
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
The graphics card that wants you to stick to playing games, the man that didn't weigh 100 tons after all, and the marketing gang that used a browser bug to bombard iPhone users with scammy online surveys.
With Kimberly Truong, Doug Aamoth and Paul Ducklin
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
How a bug hunter snuck into the internal networks of 35 megacorporations. Why romance scams are going stronger than ever (and how to avoid them). What to do about those tempting but treacherous "tax refund" messages. And a listener tells us how he got a bit carried away while he was gardening...
With Kimberly Truong, Doug Aamoth and Paul Ducklin
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
In this special mini-episode, Paul Ducklin talks to Sophos cybersecurity expert Chester Wisniewski about bug bounty hunting.
How does bug bounty hunting work? What should you do if you get a bug report that doesn't follow established protocol? Chester tells you how to deal with so-called "beg bounties", where self-styled "experts" beg you for money or even threaten you with ill-defined "problems" they claim to have found.
https://news.sophos.com/en-us/have-a-domain-name-beg-bounty-hunters-may-be-on-their-way
https://nakedsecurity.sophos.com/beware-of-technical-experts-bombarding-you-with-bug-reports
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
We delve into Google's tight-lipped Chrome bugfix, explain how a Belgian researcher awarded himself 111,848 cups of coffee, and discuss the audacious but thankfully temporary theft of the Perl.com domain.
With Kimberly Truong, Doug Aamoth and Paul Ducklin
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Apple pushed out an iOS update in a hurry to shut down a serious 0-day bug. The GnuPG team scrambled to fix an ironic vulnerability that could be exploited during the very process of checking if the data you just received could be trusted. And Europol reported on a successful takedown operation against the notorious Emotet malware.
With Kimberly Truong, Doug Aamoth and Paul Ducklin
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
What's the connection between coronavirus facemasks and fingerprint biometrics? Who would have expected funky job ads on the White House website? And what would you do if you ran into a deceased former colleague on your network?
With Kimberly Truong, Doug Aamoth and Paul Ducklin
Original music by Edith Mudge
***
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Anonymous and private, yet busted! We explain how darkweb sites sometimes keep your secrets... and sometimes don't. We help you improve your cybersecurity at home. And we tell you the tale of a company with the coolest name but allegedly with the creepiest habits coded into its browser extensions.
With Kimberly Truong, Doug Aamoth and Paul Ducklin
Original music by Edith Mudge
***
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Thanks to coronavirus lockdown rules in the UK, and the temporary closure of all schools, Sally Adam suddenly found herself responsible for cybersecurity where it mattered more than ever: on a home network that jointly served for home, work and school.
Paul Ducklin talks to Sally about how she did it, and how to keep your own family’s digital life safe.
https://nakedsecurity.sophos.com/home-schooling-how-to-stay-secure
https://nakedsecurity.sophos.com/home-wi-fi-security-tips
Original music by Edith Mudge
***
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
We explain how two French researchers hacked a Google Titan security key (but why you don't need to panic), and dig into the Mimecast certificate compromise story to see what we can all learn from it.
With Kimberly Truong, Doug Aamoth and Paul Ducklin
Original music by Edith Mudge
***
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
We advise you how to react when a friend suddenly asks for money, explain why Chromium is finally aiming for HTTPS by default, and warn you why you should never, ever hardcode passwords into your software.
With Kimberly Truong, Doug Aamoth and Paul Ducklin.
Original music by Edith Mudge
***
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
How did the movie "Hackers" inspire a girl to grow up to become a hacker herself? Find out from security analyst, friendly hacker and TED Talk speaker Keren Elazari. Hear about Keren’s incredible journey, why hackers should be welcomed with open arms, and the inspiration that guided her career.
With Kimberly Truong and special guest Keren Elazari (@k3r3n3 on Twitter), cybersecurity analyst and researcher.
Original music by Edith Mudge
***
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
How do you go from neuroscientist to DEFCON Social Engineering Capture the Flag champ? Find out from hacker and social engineering expert Rachel Tobac. Join us for a fascinating interview with Rachel about her journey, why you should always be “politely paranoid”, and the people who inspired her along the way.
With Kimberly Truong and special guest Rachel Tobac (@RachelTobac on Twitter), hacker and CEO of SocialProof Security.
Book mentioned by Rachel: The 6 principles of persuasion by Robert Cialdini.
Original music by Edith Mudge
***
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
We look at phishing tricks that really work, investigate a bizarre scam involving Subway sandwiches, and ask whether cybercriminals have lost their interest in the rest of us now they have coronavirus-related targets to go after.
With Kimberly Truong, Doug Aamoth and Paul Ducklin.
https://nakedsecurity.sophos.com/phishing-tricks-that-really-work
https://nakedsecurity.sophos.com/subway-sandwich-scam-mystifies
https://nakedsecurity.sophos.com/was-there-a-covid-19-vaccine-hack
Original music by Edith Mudge
***
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Naked Security's Paul Ducklin interviews Sophos expert John Shier about his recently published paper, "20 years of cyberthreats that shaped information security."
Join John on a dizzying journey all the way from legendary viruses such as ILOVEYOU and Code Red, which flooded the internet in 2000, to present-day ransomware gangs like Ryuk and REvil, who are extorting millions of dollars in blackmail money per attack.
https://news.sophos.com/20-years-of-cyberthreats
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
We dig into research that figured out a way to steal data from iPhones wirelessly, we tell the fascinating story of how environmentalist divers in Germany came across an old Enigma cipher machine at the bottom of the Baltic sea, and we give you advice on how to talk to phone scammers.
With Kimberly Truong, Doug Aamoth and Paul Ducklin.
https://nakedsecurity.sophos.com/how-to-steal-photos-off-someones-iphone
https://nakedsecurity.sophos.com/german-divers-find-enigma-crypto-machine
https://nakedsecurity.sophos.com/vishing-criminals-let-rip-with-two-scams
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
We look at a network intrusion where the crooks tried to take over dozens of different online accounts from every user, we discuss the potential dangers of digital doorbells, and we give you some handy hints for improving your wireless security at home.
With Kimberly Truong, Doug Aamoth and Paul Ducklin.
https://nakedsecurity.sophos.com/gift-card-hack-exposed-you-pay-they-play
https://nakedsecurity.sophos.com/bzzzzzzt-how-safe-is-that-keenly-priced-digital-doorbell
https://nakedsecurity.sophos.com/home-wi-fi-security-tips-5-things-to-check
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
How do you go from pentester to creator of Microsoft’s bug bounty program? Find out from hacker and vulnerability disclosure pioneer, Katie Moussouris. Join us for a fascinating interview with Katie about her journey, the bugs in bug bounty programs, and the people who inspired her along the way.
With Kimberly Truong and special guest Katie Moussouris (@k8em0 on Twitter), Founder and CEO of Luta Security.
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
In this episode: we say thanks to companies that refuse to pay ransomware hush money, dig into the new Sophos 2021 Threat Report, and take a quick look inside a malicious Linux kernel driver. Also, a sneak preview of our upcoming podcast interview with bug bounty pioneer Katie Moussouris.
With Kimberly Truong, Doug Aamoth and Paul Ducklin
***
Cult videogame company Capcom pays a big round $0.00 to ransomware crooks https://nakedsecurity.sophos.com/cult-videogame-company-capcom-pays-a-big-round-0
The Sophos Threat Report 2021 https://nakedsecurity.sophos.com/sophos-threat-report-2021
The Cloud Snooper Malware https://nakedsecurity.sophos.com/the-cloud-snooper-malware
***
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
In this episode: When payments go astray, why "just in case" cybersecurity warnings do more harm than good, how to shop safely on Black Friday and beyond, and (oh no!) what to do when all your emails disappear.
With Kimberly Truong, Doug Aamoth and Paul Ducklin
***
To register for the Sophos Evolve event: https://sophos.com/evolve
Smishing attack tells you “mobile payment problem” – don’t fall for it https://nakedsecurity.sophos.com/smishing-attack-tells-you-mobile-payment-problem
“Instant bank fraud” hoax is back – don’t spread fake news https://nakedsecurity.sophos.com/instant-bank-fraud-hoax-is-back-dont-spread-fake-news
Black Friday – stay safe before, during and after peak retail season https://nakedsecurity.sophos.com/black-friday-stay-safe-before-during-and-after
***
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
In this episode: a zero-day bug in Chrome for Android, the imminent death of Adobe Flash, the evolution of "malware-as-a-service", and the malware risks from image search. Also (oh! no!), why you should take care before you pair.
With Kimberly Truong, Doug Aamoth and Paul Ducklin
https://nakedsecurity.sophos.com/another-chrome-zero-day-this-time-on-android
https://nakedsecurity.sophos.com/adobe-flash-its-the-end-of-the-end-of-the-end
https://nakedsecurity.sophos.com/buer-loader-malware-as-a-service-joins-emotet
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
On Wednesday, the FBI, CISA and HHS released an unprecedented warning against "an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers." In this quick mini-sode, Chester Wisniewski (Principal Research Scientist at Sophos) discusses what the threat is, what this advisory means, and why this warning is a warning for everyone.
With Kimberly Truong and special guest, Chester Wisniewski @chetwisniewski
RESOURCES:
Read the article from Naked Security https://nakedsecurity.sophos.com/2020/10/29/fbi-ransomware-warning-for-healthcare-is-a-warning-for-everyone/
Get tools and guidance to protect your organization https://www.sophos.com/en-us/content/healthcare-targeted-ransomware.aspx
***
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
This week: Facebook scammers trick you with fake copyright notices, voice scammers automate their attacks on the vulnerable, how to tune up your mobile privacy, and (oh! no!) the best/worst IT helpdesk call ever.
With Kimberly Truong, Doug Aamoth and Paul Ducklin
***
Facebook “copyright violation” tries to get past 2FA – don’t fall for it https://nakedsecurity.sophos.com/facebook-copyright-violation-tries-to-get-past-2fa
Phone scamming – friends don’t let friends get vished https://nakedsecurity.sophos.com/phone-scamming-friends-dont-let-friends-get-vished
Time for a mobile privacy reset? https://nakedsecurity.sophos.com/time-for-a-mobile-privacy-reset
***
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
This week: the DOJ's attempt to reignite the Battle to Break Encryption; the story of the Russian hackers behind the Sandworm Team; a zero-day bug just patched in Chrome; and (oh no!) why your vocabulary needs the word "restore" even more than it needs "backup".
With Kimberly Truong, Doug Aamoth and Paul Ducklin
***
US Department of Justice reignites the Battle to Break Encryption https://nakedsecurity.sophos.com/us-department-of-justice-reignites
Russian “government hackers” charged with cybercrimes by the US https://nakedsecurity.sophos.com/russian-government-hackers-charged
Chrome zero-day in the wild – patch now! https://nakedsecurity.sophos.com/chrome-zero-day-in-the-wild
***
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
In this episode: we investigate a smartwatch for kids with a creepy set of functions, discuss Microsoft's short-lived takedown of Trickbot, explain how to avoid the Windows "Ping of Death" bug, and (oh no!) find the source of mysterious beeping from every computer in the office.
With Kimberly Truong, Doug Aamoth and Paul Ducklin
***
Creepy covert camera “feature” found in popular smartwatch for kids https://nakedsecurity.sophos.com/creepy-covert-camera-feature-found
Microsoft on the counterattack! Trickbot malware network takes a hit https://nakedsecurity.sophos.com/microsoft-on-the-counterattack-trickbot
Windows' "Ping of Death" bug revealed https://nakedsecurity.sophos.com/windows-ping-of-death-bug
***
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Join us for the first episode in our brand new Series 3! This week we wonder whether Cybersecurity Awareness Month is a waste of time, explain the concept of "linkless phishing", ask if it's ever OK to pay a ransomware demand, and advise what to do when the CEO won't stop looking at naughty sites.
With Paul Ducklin, Kimberly Truong and Doug Aamoth
Tips for National Cybersecurity Awareness Month https://nakedsecurity.sophos.com/if-you-connect-it-protect-it
Phishing without links https://nakedsecurity.sophos.com/serious-security-phishing-without-links
REvil ransomware crew dangles $1M cybercrime carrot https://nakedsecurity.sophos.com/revil-ransomware-crew-dangles-1000000-cybercrime-carrot
Original music by Edith Mudge
Got questions/suggestions/stories to share?
Email [email protected]
Twitter @NakedSecurity
Instagram @NakedSecurity
Get ready. A brand new season arrives Thursday, October 8th.