S3 Ep136: Navigating a manic malware maelstrom

By: Paul Ducklin

Latest episode - listen now. Full transcript inside...

Naked Security
PyPI open-source code repository deals with manic malware maelstrom
May 23^rd 2023 at 16:45

PyPI open-source code repository deals with manic malware maelstrom

By: Paul Ducklin

Controlled outage used to keep malware marauders from gumming up the works. Learn what you can do to help in future...

🏷️ My labels
- ❌
Article tags
May 23^rd 2023 at 16:45

Naked Security
PHP Packagist supply chain poisoned by hacker “looking for a job”
May 5^th 2023 at 16:59

PHP Packagist supply chain poisoned by hacker “looking for a job”

By: Paul Ducklin

I pwned you! Gizza job! You know it makes sense!

Naked Security
Attention gamers! Motherboard maker MSI admits to breach, issues “rogue firmware” alert
April 11^th 2023 at 16:58

Attention gamers! Motherboard maker MSI admits to breach, issues “rogue firmware” alert

By: Paul Ducklin

Stealing private keys is like getting hold of a medieval monarch's personal signet ring... you get to put an official seal on treasonous material.

Naked Security
S3 Ep129: When spyware arrives from someone you trust
April 6^th 2023 at 14:57

S3 Ep129: When spyware arrives from someone you trust

By: Paul Ducklin

Scanning tools, supply-chain malware, Wi-Fi hacking, and why there should be TWO World Backup Days... listen now!

Naked Security
S3 Ep113: Pwning the Windows kernel – the crooks who hoodwinked Microsoft [Audio + Text]
December 15^th 2022 at 17:10

S3 Ep113: Pwning the Windows kernel – the crooks who hoodwinked Microsoft [Audio + Text]

By: Paul Ducklin

Return o' the rookit, super-sneaky wireless spyware, credit card skimming, and patches galore. Listen and learn!

Naked Security
TikTok “Invisible Challenge” porn malware puts us all at risk
November 29^th 2022 at 17:58

TikTok “Invisible Challenge” porn malware puts us all at risk

By: Paul Ducklin

An injury to one is an injury to all. Especially if the other people are part of your social network.

Naked Security
GitHub blighted by “researcher” who created thousands of malicious projects
August 3^rd 2022 at 23:06

GitHub blighted by “researcher” who created thousands of malicious projects

By: Paul Ducklin

If you spew projects laced with hidden malware into an open source repository, don't waste your time telling us "no harm done" afterwards.

🏷️ My labels
- ❌
Article tags
August 3^rd 2022 at 23:06

Naked Security
Poisoned Python and PHP packages purloin passwords for AWS access
May 24^th 2022 at 23:04

Poisoned Python and PHP packages purloin passwords for AWS access

By: Paul Ducklin

More supply chain trouble - this time with clear examples so you can learn how to spot this stuff yourself.

Naked Security
GitHub issues final report on supply-chain source code intrusions
April 29^th 2022 at 16:15

GitHub issues final report on supply-chain source code intrusions

By: Paul Ducklin

Learn how to find out which apps you've given access rights to, and how to revoke those rights immediately in an emergency.

Naked Security
S3 Ep65: Supply chain conniption, NetUSB hole, Honda flashback, FTC muscle [Podcast + Transcript]
January 13^th 2022 at 15:26

S3 Ep65: Supply chain conniption, NetUSB hole, Honda flashback, FTC muscle [Podcast + Transcript]

By: Paul Ducklin

Latest episode -listen to it or read it now!

Naked Security
JavaScript developer destroys own projects in supply chain “lesson”
January 11^th 2022 at 00:54

JavaScript developer destroys own projects in supply chain “lesson”

By: Paul Ducklin

Two popular open source JavaScript packages recently got "hacked" in a symbolic gesture by the original project creator.

🏷️ My labels
- ❌
Article tags
January 11^th 2022 at 00:54