Performance and security clash yet again in “Collide+Power” attack

By: Paul Ducklin — August 2^nd 2023 at 23:36

It's a real vulnerability, but the data leakage rate can be as low as... let's just say that an IMAX-quality copy of the new "Oppenheimer" movie could take you 4 billion years to exfiltrate.

Naked Security

Apple silently pulls its latest zero-day update – what now?

By: Paul Ducklin — July 11^th 2023 at 15:21

Previously, we said "do it today", but now we're forced back on: "Do not delay; do it as soon as Apple and your device will let you."

Naked Security

Apple delivers first-ever Rapid Security Response “cyberattack” patch – leaves some users confused

By: Paul Ducklin — May 1^st 2023 at 20:46

Just when we'd got used to three-numbered versions, such as "13.3.1", here comes an update suffix, bringing you "13.3.1 (a)"...

Naked Security

FBI and FCC warn about “Juicejacking” – but just how useful is their advice?

By: Paul Ducklin — April 17^th 2023 at 14:17

USB charging stations - can you trust them? What are the real risks, and how can you keep your data safe on the road?

Naked Security

Google Pixel phones had a serious data leakage bug – here’s what to do!

By: Paul Ducklin — March 21^st 2023 at 17:58

What if the "safe" images you shared after carefully cropping them... had some or all of the "unsafe" pixels left behind anyway?

Naked Security

Dangerous Android phone 0-day bugs revealed – patch or work around them now!

By: Paul Ducklin — March 17^th 2023 at 17:56

Despite its usually inflexible 0-day disclosure policy, Google is keeping four mobile modem bugs semi-secret due to likely ease of exploitation.

Naked Security

Inside a scammers’ lair: Ukraine busts 40 in fake bank call-centre raid

By: Naked Security writer — January 3^rd 2023 at 17:03

When someone calls you up to warn you that your bank account is under attack - it's true, because THAT VERY PERSON is the one attacking you!

Naked Security

S3 Ep109: How one leaked email password could drain your business [Audio + Transcript]

By: Paul Ducklin — November 17^th 2022 at 17:52

Latest episode - listen now! Cybersecurity news plus loads of great advice...

Naked Security

Black Friday and retail season – watch out for PayPal “money request” scams

By: Paul Ducklin — November 17^th 2022 at 12:45

Don't let a keen eye for bargains lead you into risky online behaviour...

Naked Security

Dangerous SIM-swap lockscreen bypass – update Android now!

By: Paul Ducklin — November 11^th 2022 at 17:59

A bit like leaving the front door keys under the doormat...

Naked Security

WhatsApp goes after Chinese password scammers via US court

By: Paul Ducklin — October 7^th 2022 at 16:14

If you can't beat 'em, sue 'em!

Naked Security

LastPass source code breach – incident response report released

By: Paul Ducklin — September 19^th 2022 at 16:59

Wondering how you'd handle a data breach report if the worst happened to you? Here's a useful example.

Naked Security

7 cybersecurity tips for your summer vacation!

By: Paul Ducklin — July 15^th 2022 at 16:23

Here you go - seven thoughtful cybersecurity tips to help you travel safely...

Naked Security

SSNDOB Market domains seized, identity theft “brokerage” shut down

By: Paul Ducklin — June 8^th 2022 at 14:53

The online identity "brokerage" SSNDOB Market didn't want people to be in any doubt what it was selling.

Naked Security

Android monthly updates are out – critical bugs found in critical places!

By: Paul Ducklin — May 4^th 2022 at 15:54

Android May 2022 updates are out - with some critical fixes in some critical places. Learn more...

Naked Security

S3 Ep77: Bugs, busts and old-school PDP-11 hacking [Podcast]

By: Paul Ducklin — April 7^th 2022 at 12:24

Latest episode - listen now! Cybersecurity news and advice in plain English.

Naked Security

Google’s monthly Android updates patch numerous “get root” holes

By: Paul Ducklin — April 5^th 2022 at 14:44

Get the update now... if it's available for your phone. Here's how to check.

android-1200

Naked Security

S3 Ep74: Cybercrime busts, Apple patches, Pi Day, and disconnect effects [Podcast]

By: Paul Ducklin — March 17^th 2022 at 13:32

Latest episode - listen now!

Naked Security

S3 Ep73: Ransomware with a difference, dirty Linux pipes, and much more [Podcast + Transcript]

By: Paul Ducklin — March 10^th 2022 at 19:37

Latest episode - listen now!

Naked Security

“Dirty Pipe” Linux kernel bug lets anyone write to any file

By: Paul Ducklin — March 8^th 2022 at 17:37

Even read-only files can be written to, leading to a dangerously general purpose elevation-of-privilege attack.

pipe-1200

Naked Security

Ransomware with a difference: “Derestrict your software, or else!”

By: Paul Ducklin — March 2^nd 2022 at 16:33

"Change your code to improve cryptomining"... or we'll dump 1TB of stolen secrets.

Naked Security

Coronavirus SMS scam offers home PCR testing devices – don’t fall for it!

By: Paul Ducklin — January 28^th 2022 at 23:58

Free home PCR devices would be technological marvels, and really useful, too. But there aren't any...

Naked Security

SFW! The Top N Cybersecurity Stories of 2021 (for small positive integer values of N)

By: Paul Ducklin — December 24^th 2021 at 17:44

Happy Holidays! Our Top N stories, all totally SFW!

Naked Security

Log4Shell: The Movie… a short, safe visual tour for work and home

By: Paul Ducklin — December 20^th 2021 at 13:20

Be happy that your sysadmins are taking one (three, actually!) for the team right now... here's why!

Naked Security

US government securities watchdog spoofed by investment scammers – don’t fall for it!

By: Paul Ducklin — November 24^th 2021 at 17:57

Those numbers that show up on your phone to tell you who's calling? Treat them as SUGGESTIONS, never as PROOF.

Naked Security

Black Friday and Cyber Monday – here’s what you REALLY need to do!

By: Paul Ducklin — November 22^nd 2021 at 12:52

The world fills up with cybersecurity tips every year when Black Friday comes round. But what about the rest of the year?