FBI warns about scams that lure you in as a mobile beta-tester

By: Paul Ducklin — August 16^th 2023 at 18:57

Apps on your iPhone must come from the App Store. Except when they don't... we explain what to look out for.

Naked Security

SEC demands four-day disclosure limit for cybersecurity breaches

By: Paul Ducklin — July 31^st 2023 at 16:57

When is a ransomware attack a reportable matter? And how long have you got to decide?

Naked Security

Apple silently pulls its latest zero-day update – what now?

By: Paul Ducklin — July 11^th 2023 at 15:21

Previously, we said "do it today", but now we're forced back on: "Do not delay; do it as soon as Apple and your device will let you."

Naked Security

Ghostscript bug could allow rogue documents to run system commands

By: Paul Ducklin — July 4^th 2023 at 17:57

Even if you've never heard of the venerable Ghostscript project, you may have it installed without knowing.

Naked Security

Serious Security: That KeePass “master password crack”, and what we can learn from it

By: Paul Ducklin — May 31^st 2023 at 17:39

Here, in an admittedly discursive nutshell, is the fascinating story of CVE-2023-32784. (Short version: Don't panic.)

Naked Security

S3 Ep136: Navigating a manic malware maelstrom

By: Paul Ducklin — May 25^th 2023 at 16:50

Latest episode - listen now. Full transcript inside...

Naked Security

PyPI open-source code repository deals with manic malware maelstrom

By: Paul Ducklin — May 23^rd 2023 at 16:45

Controlled outage used to keep malware marauders from gumming up the works. Learn what you can do to help in future...

Naked Security

Apple delivers first-ever Rapid Security Response “cyberattack” patch – leaves some users confused

By: Paul Ducklin — May 1^st 2023 at 20:46

Just when we'd got used to three-numbered versions, such as "13.3.1", here comes an update suffix, bringing you "13.3.1 (a)"...

Naked Security

Researchers claim they can bypass Wi-Fi encryption (briefly, at least)

By: Paul Ducklin — April 3^rd 2023 at 16:59

They can't read much of your data, but even a few stray network packets could tell them something they're not supposed to know.

Naked Security

Windows 11 also vulnerable to “aCropalypse” image data leakage

By: Paul Ducklin — March 22^nd 2023 at 17:59

Turns out that the Windows 11 Snipping Tool has the same "aCropalypse" data leakage bug as Pixel phones. Here's how to work around the problem...

Naked Security

Google Pixel phones had a serious data leakage bug – here’s what to do!

By: Paul Ducklin — March 21^st 2023 at 17:58

What if the "safe" images you shared after carefully cropping them... had some or all of the "unsafe" pixels left behind anyway?

Naked Security

Credit card skimming – the long and winding road of supply chain failure

By: Paul Ducklin — December 8^th 2022 at 17:58

Don't keep calling home to a JavaScript server that closed its doors eight years ago!

Naked Security

Ping of death! FreeBSD fixes crashtastic bug in network tool

By: Paul Ducklin — December 5^th 2022 at 17:59

It's a venerable program, and this version had a venerable bug in it.

Naked Security

“Gucci Master” business email scammer Hushpuppi gets 11 years

By: Naked Security writer — November 14^th 2022 at 16:24

Learn how to protect yourself from big-money tricksters like the Hushpuppis of the world...

puppi-car-1200

Naked Security

Public URL scanning tools – when security leads to insecurity

By: Paul Ducklin — November 7^th 2022 at 17:59

Never make your users cry/By how you use an API

Naked Security

Zoom for Mac patches sneaky “spy-on-me” bug – update now!

By: Paul Ducklin — October 18^th 2022 at 15:58

Hey! That back door isn't supposed to be there at all, let alone propped open...

Naked Security

S3 Ep96: Zoom 0-day, AEPIC leak, Conti reward, healthcare security [Audio + Text]

By: Paul Ducklin — August 18^th 2022 at 14:38

Latest episode - listen now (or read if you prefer!)

Naked Security

APIC/EPIC! Intel chips leak secrets even the kernel shouldn’t see…

By: Paul Ducklin — August 10^th 2022 at 16:59

If you've ever written code that left stuff lying around in memory when you didn't need it any more... we bet you've regretted it!

Naked Security

Capital One identity theft hacker finally gets convicted

By: Paul Ducklin — June 21^st 2022 at 15:24

It took three years, but the Capital One cracker was convicted in the end. Don't get caught out in a data breach of your own!

Naked Security

Colonial Pipeline facing $1,000,000 fine for poor recovery plans

By: Paul Ducklin — May 10^th 2022 at 16:59

How good is your cybersecurity? Are you making the same mistakes as lots of other people? Here's some real-life advice...

Naked Security

Hospital robot system gets five critical security holes patched

By: Paul Ducklin — April 12^th 2022 at 18:58

Fortunately, we're not talking about a robot revolution, or about hospital AI run amuck. But these bugs could lead to ransomware, or worse...

Naked Security

S3 Ep74: Cybercrime busts, Apple patches, Pi Day, and disconnect effects [Podcast]

By: Paul Ducklin — March 17^th 2022 at 13:32

Latest episode - listen now!

Naked Security

S3 Ep73: Ransomware with a difference, dirty Linux pipes, and much more [Podcast + Transcript]

By: Paul Ducklin — March 10^th 2022 at 19:37

Latest episode - listen now!

Naked Security

The cool retro phone with a REAL DIAL… plus plenty of IoT problems

By: Paul Ducklin — December 23^rd 2021 at 17:58

You know you want one, because this retro phone is NOT A TOY... except when it comes to cybersecurity.

Naked Security

Apple’s Mail Privacy Protection feature – watch out if you have a Watch!

By: Paul Ducklin — November 17^th 2021 at 19:55

Apple's "Protect Mail Activity" is a handy privacy enhancement for your messaging habits. As long as you know its limitations...