Apple fixes zero-day spyware implant bug – patch now!

Everyone update now! Except for those who don't need to! Or who need to but will only get updates later on, though Apple isn't saying yet!

Serious Security: GnuTLS follows OpenSSL, fixes timing attack bug

Conditional code considered cryptographically counterproductive.

Reddit admits it was hacked and data stolen, says “Don’t panic”

Reddit is suggesting three tips as a follow-up to this breach. We agree with two of them but not with the third...

S3 Ep121: Can you get hacked and then prosecuted for it? [Audio + Text]

Latest epsiode. Listen now!

OpenSSL fixes High Severity data-stealing bug – patch now!

7 memory mismanagements and a timing attack. We explain all the jargon bug terminology in plain English...

VMWare user? Worried about “ESXi ransomware”? Check your patches now!

To borrow from HHGttG, please DON'T PANIC. But if you are two years out of date with patches, please do ACT NOW!

Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto

Hear renowned cybersecurity author Andy Greenberg's thoughtful commentary about the "war on crypto" as we talk to him about his new book...

Finnish psychotherapy extortion suspect arrested in France

Company transcribed ultra-personal conversations, didn't secure them. Criminal stole them, then extorted thousands of vulnerable patients.

OpenSSH fixes double-free memory bug that’s pokable over the network

It's a bug fix for a bug fix. A memory leak was turned into a double-free that has now been turned into correct code...

S3 Ep120: When dud crypto simply won’t let go [Audio + Text]

Latest episode - listen now!

Password-stealing “vulnerability” reported in KeePass – bug or feature?

Is it a vulnerability if someone with control over your account can mess with files that your account is allowed to access anyway?

GitHub code-signing certificates stolen (but will be revoked this week)

There was a breach, so the bad news isn't great, but the good news isn't too bad...

Serious Security: The Samba logon bug caused by outdated crypto

Enjoy our Serious Security deep dive into this real-world example of why cryptographic agility is important!

Hive ransomware servers shut down at last, says FBI

Unfortunately, you've probably already heard the cliche that "cybercrime abhors a vacuum"...

Dutch suspect locked up for alleged personal data megathefts

Undercover Austrian "controlled data buy" leads to Amsterdam arrest and ongoing investigation. Suspect is said to steal and sell all sorts of data, including medical records.

S3 Ep119: Breaches, patches, leaks and tweaks! [Audio + Text]

Lastest episode - listen now! (Or read the transcript.)

GoTo admits: Customer cloud backups stolen together with decryption key

We were going to write, "Once more unto the breach, dear friends, once more"... but it seems to go without saying these days.

Apple patches are out – old iPhones get an old zero-day fix at last!

Don't delay, especially if you're still running an iOS 12 device... please do it today!

Serious Security: How dEliBeRaTe tYpOs might imProVe DNS security

It's a really cool and super-simple trick. The question is, "Will it help?"

T-Mobile admits to 37,000,000 customer records stolen by “bad actor”

Once more, it's time for Shakespeare's words: Once more unto the breach...

S3 Ep118: Guess your password? No need if it’s stolen already! [Audio + Text]

As always: entertaining, informative and educational... and not bogged down with jargon! Listen (or read) now...

Serious Security: Unravelling the LifeLock “hacked passwords” story

Four straight-talking tips to improve your online security, whether you're a LifeLock customer or not.

Multi-million investment scammers busted in four-country Europol raid

216 questioned, 15 arrested, 4 fake call centres searched, millions seized...

S3 Ep117: The crypto crisis that wasn’t (and farewell forever to Win 7) [Audio + Text]

Tell us in the comments... What's the REAL reason there was no Windows 9? (No theory too far-fetched!)

Microsoft Patch Tuesday: One 0-day; Win 7 and 8.1 get last-ever patches

Get 'em while they're hot. And get 'em for the very last time, if you still have Windows 7 or 8.1...

Popular JWT cloud security library patches “remote” code execution hole

It's remotely triggerable, but attackers would already have pretty deep network access if they could "prime" your server for compromise.

CircleCI – code-building service suffers total credential compromise

They're saying "rotate secrets"... in plain English, they mean "change your credentials". The company has a tool to help you find them all.

RSA crypto cracked? Or perhaps not!

Stand down from blue alert, it seems... but why not plan your cryptographic agility anyway?

S3 Ep116: Last straw for LastPass? Is crypto doomed? [Audio + Text]

Lots of big issues this week: breaches, encryption, supply chains and patching problems. Listen now! (Full transcript inside.)

Serious Security: How to improve cryptography, resist supply chain attacks, and handle data breaches

Lessons for us all: improve cryptography, fight cybercrime, own your supply chain... and don't steal my data and then pretend you're sorry.

Inside a scammers’ lair: Ukraine busts 40 in fake bank call-centre raid

When someone calls you up to warn you that your bank account is under attack - it's true, because THAT VERY PERSON is the one attacking you!

PyTorch: Machine Learning toolkit pwned from Christmas to New Year

The bad news: the crooks have your SSH private keys. The good news: only users of the "nightly" build were affected.

Naked Security 33 1/3 – Cybersecurity predictions for 2023 and beyond

The problem with anniversaries is that there's an almost infinite number of them every day...

The horror! The horror! NOTEPAD gets tabbed editing (very briefly)

Is there a special meaning of "don't" that means "go right ahead"?

US passes the Quantum Computing Cybersecurity Preparedness Act – and why not?

Cryptographic agility: the ability and the willingness to change quickly when needed.

S3 Ep115: True crime stories – A day in the life of a cybercrime fighter [Audio + Text]

Listen now - you'll be alarmed, amused and educated, all in equal measure. (Full transcript in article.)

Twitter data of “+400 million unique users” up for sale – what to do?

If the crooks have connected up your phone number and your Twitter handle... what could go wrong?

Critical “10-out-of-10” Linux kernel SMB hole – should you worry?

It's serious, it's critical, and you could call it severe... but in HHGttG terminology, it's probably "mostly harmless".

LastPass finally admits: Those crooks who got in? They did steal your password vaults, after all…

The crooks now know who you are, where you live, which computers are yours, where you go online... and they got those password vaults, too.

S3 Ep114: Preventing cyberthreats – stop them before they stop you! [Audio + Text]

Join world-renowned expert Fraser Howard, Director of Research at SophosLabs, for this fascinating episode on how to fight cybercrime.

“Suspicious login” scammers up their game – take care at Christmas

A picture is worth 1024 words - we clicked through so you don't have to.

Microsoft dishes the dirt on Apple’s “Achilles heel” shortly after fixing similar Windows bug

It happens to the best of us: Microsoft highlights a security bypass bug on Macs that is curiously similar to a recent Windows 0-day.

OneCoin scammer Sebastian Greenwood pleads guilty, “Cryptoqueen” still missing

The Cryptoqueen herself is still missing, but her co-conspirator, who is said to have pocketed over $20m a month, has been convicted.

S3 Ep113: Pwning the Windows kernel – the crooks who hoodwinked Microsoft [Audio + Text]

Return o' the rookit, super-sneaky wireless spyware, credit card skimming, and patches galore. Listen and learn!

Apple patches everything, finally reveals mystery of iOS 16.1.2

There's an update for everything this time, not just for iOS.

Patch Tuesday: 0-days, RCE bugs, and a curious tale of signed malware

Tales of derring-do in the cyberunderground! (And some zero-days.)

COVID-bit: the wireless spyware trick with an unfortunate name

It's not the switching that's the problem, it's the switching of the switching!

Pwn2Own Toronto: 54 hacks, 63 new bugs, $1 million in bounties

That's a mean average of $15,710 per bug... and 63 fewer bugs out there for crooks and rogues to find.

S3 Ep112: Data breaches can haunt you more than once! [Audio + Text]

Breaches, exploits, busts, buffer overflows and bug hunting - entertaining and educational in equal measure.

Credit card skimming – the long and winding road of supply chain failure

Don't keep calling home to a JavaScript server that closed its doors eight years ago!

SIM swapper sent to prison for 2FA cryptocurrency heist of over $20m

Guilty party got 18 months, also has to pay back $20m he probably hasn't got, which could land him in more hot water.

Ping of death! FreeBSD fixes crashtastic bug in network tool

It's a venerable program, and this version had a venerable bug in it.

Number Nine! Chrome fixes another 2022 zero-day, Edge patched too

Ninth more unto the breach, dear friends, ninth more.

Apple pushes out iOS security update that’s more tight-lipped than ever

We grabbed the update, based on no information at all, just in case we came across a reason to advise you not to. So far, so good...

LastPass admits to customer data breach caused by previous breach

Seems that the developer account that the crooks breached last time gave indirect access to customer data this time round.

S3 Ep111: The business risk of a sleazy “nudity unfilter” [Audio + Text]

Latest episode - listen now (or read if you prefer)...

The CHRISTMA EXEC network worm – 35 years and counting!

"Uh-oh, this viruses-and-worms scene could turn out quite troublesome." If only we'd been wrong...

Serious Security: MD5 considered harmful – to the tune of $600,000

It's not just the hashing, by the way. It's the salting and the stretching, too!

TikTok “Invisible Challenge” porn malware puts us all at risk

An injury to one is an injury to all. Especially if the other people are part of your social network.

Chrome fixes 8th zero-day of 2022 – check your version now (Edge too!)

There isn't a rhyme to remind you which months have browser zero-days... you just have to keep your eyes and ears open!