Google Virus Total leaks list of spooky email addresses

By: Paul Ducklin — July 18^th 2023 at 23:16

Careful with that file, Eugene!

Naked Security

S3 Ep138: I like to MOVEit, MOVEit

By: Paul Ducklin — June 8^th 2023 at 16:56

Backdoors, exploits, and Little Bobby Tables. Listen now! (Full transcript available...)

s3-ep138-1200

Naked Security

Chrome and Edge zero-day: “This exploit is in the wild”, so check your versions now

By: Paul Ducklin — June 6^th 2023 at 18:28

Chrome and Edge 0-days patched.

Naked Security

Tracked by hidden tags? Apple and Google unite to propose safety and security standards…

By: Paul Ducklin — May 3^rd 2023 at 19:58

To bleat, or not to bleat, that is the question.

Naked Security

Mac malware-for-hire steals passwords and cryptocoins, sends “crime logs” via Telegram

By: Paul Ducklin — April 30^th 2023 at 01:23

These malware peddlers are specifically going after Mac users. The hint's in the name: "Atomic macOS Stealer", or AMOS for short.

Naked Security

Google wins court order to force ISPs to filter botnet traffic

By: Naked Security writer — April 28^th 2023 at 19:59

CryptBot criminals are alleged to have plundered browser passwords, illicitly-snapped screenshots, cryptocurrency account data, and more.

Naked Security

S3 Ep132: Proof-of-concept lets anyone hack at will

By: Paul Ducklin — April 27^th 2023 at 16:55

When Doug says, "Happy Remote Code Execution Day, Duck"... it's irony. For the avoidance of all doubt :-)

Naked Security

Google leaking 2FA secrets – researchers advise against new “account sync” feature for now

By: Paul Ducklin — April 26^th 2023 at 17:59

You waited 13 years for this feature in Google Authenticator. Now researchers are advising you to wait a while longer, just in case...

Naked Security

Double zero-day in Chrome and Edge – check your versions now!

By: Paul Ducklin — April 24^th 2023 at 16:59

Wouldn't it be handy if there were a single version number to check for in every Chromium-based browser, on every supported platform?

Naked Security

S3 Ep131: Can you really have fun with FORTRAN?

By: Paul Ducklin — April 20^th 2023 at 17:55

Loop-the-loop in this week's episode. Entertaining, educational and all in plain English. Transcript inside.

Naked Security

FBI and FCC warn about “Juicejacking” – but just how useful is their advice?

By: Paul Ducklin — April 17^th 2023 at 14:17

USB charging stations - can you trust them? What are the real risks, and how can you keep your data safe on the road?

Naked Security

S3 Ep128: So you want to be a cybercriminal? [Audio + Text]

By: Paul Ducklin — March 30^th 2023 at 14:43

Latest episode - listen now!

Naked Security

S3 Ep127: When you chop someone out of a photo, but there they are anyway…

By: Paul Ducklin — March 23^rd 2023 at 17:59

Listen now - latest episode. Full transcript inside.

Naked Security

Google Pixel phones had a serious data leakage bug – here’s what to do!

By: Paul Ducklin — March 21^st 2023 at 17:58

What if the "safe" images you shared after carefully cropping them... had some or all of the "unsafe" pixels left behind anyway?

Naked Security

Dangerous Android phone 0-day bugs revealed – patch or work around them now!

By: Paul Ducklin — March 17^th 2023 at 17:56

Despite its usually inflexible 0-day disclosure policy, Google is keeping four mobile modem bugs semi-secret due to likely ease of exploitation.

Naked Security

S3 Ep 126: The price of fast fashion (and feature creep) [Audio + Text]

By: Paul Ducklin — March 16^th 2023 at 17:56

Worried about rogue apps? Unsure about the new Outlook zero-day? Clear advice in plain English... just like old times, with Duck and Chet!

Naked Security

S3 Ep124: When so-called security apps go rogue [Audio + Text]

By: Paul Ducklin — March 2^nd 2023 at 15:40

Rogue software packages. Rogue "sysadmins". Rogue keyloggers. Rogue authenticators. Rogue ROGUES!

s3-ep124-auth--1200

Naked Security

S3 Ep119: Breaches, patches, leaks and tweaks! [Audio + Text]

By: Paul Ducklin — January 26^th 2023 at 15:57

Lastest episode - listen now! (Or read the transcript.)

Naked Security

S3 Ep112: Data breaches can haunt you more than once! [Audio + Text]

By: Paul Ducklin — December 9^th 2022 at 16:46

Breaches, exploits, busts, buffer overflows and bug hunting - entertaining and educational in equal measure.

Naked Security

Number Nine! Chrome fixes another 2022 zero-day, Edge patched too

By: Paul Ducklin — December 5^th 2022 at 00:58

Ninth more unto the breach, dear friends, ninth more.

Naked Security

Chrome fixes 8th zero-day of 2022 – check your version now (Edge too!)

By: Paul Ducklin — November 28^th 2022 at 19:42

There isn't a rhyme to remind you which months have browser zero-days... you just have to keep your eyes and ears open!

Naked Security

Dangerous SIM-swap lockscreen bypass – update Android now!

By: Paul Ducklin — November 11^th 2022 at 17:59

A bit like leaving the front door keys under the doormat...

Naked Security

S3 Ep107: Eight months to kick out the crooks and you think that’s GOOD? [Audio + Text]

By: Paul Ducklin — November 3^rd 2022 at 17:51

Listen now - latest episode - audio plus full transcript

Naked Security

Chrome issues urgent zero-day fix – update now!

By: Paul Ducklin — October 29^th 2022 at 15:08

We've said it before/And we'll say it again/It's not *if* you should patch/It's a matter of *when*. (Hint: now!)

Naked Security

WhatsApp goes after Chinese password scammers via US court

By: Paul Ducklin — October 7^th 2022 at 16:14

If you can't beat 'em, sue 'em!

Naked Security

Chrome and Edge fix zero-day security hole – update now!

By: Paul Ducklin — September 5^th 2022 at 15:12

This time, the crooks got there first - only 1 security hole patched, but it's a zero-day.

Naked Security

Chrome patches 24 security holes, enables “Sanitizer” safety system

By: Paul Ducklin — August 31^st 2022 at 11:48

24 existing bugs fixed. And, we hope, numerous potential future bugs prevented.

Naked Security

S3 Ep97: Did your iPhone get pwned? How would you know? [Audio + Text]

By: Paul Ducklin — August 25^th 2022 at 15:37

Latest episode - listen now! (Or read the transcript if you prefer the text version.)

Naked Security

Chrome browser gets 11 security fixes with 1 zero-day – update now!

By: Paul Ducklin — August 17^th 2022 at 13:16

Don't delay - patch today.

Naked Security

S3 Ep90: Chrome 0-day again, True Cybercrime, and a 2FA bypass [Podcast + Transcript]

By: Paul Ducklin — July 7^th 2022 at 14:46

Listen now! Or read if you prefer...

Naked Security

Google patches “in-the-wild” Chrome zero-day – update now!

By: Paul Ducklin — July 5^th 2022 at 15:55

Running Chrome? Do the "Help-About-Update" dance move right now, just to be sure...

Naked Security

You didn’t leave enough space between ROSE and AND, and AND and CROWN

By: Paul Ducklin — May 6^th 2022 at 16:59

What weird Google Docs bug connects the words THEREFORE, AND, SECONDLY, WHY, BUT and BESIDES?

Naked Security

Android monthly updates are out – critical bugs found in critical places!

By: Paul Ducklin — May 4^th 2022 at 15:54

Android May 2022 updates are out - with some critical fixes in some critical places. Learn more...

Naked Security

Yet another Chrome zero-day emergency update – patch now!

By: Paul Ducklin — April 16^th 2022 at 00:33

The third emergency Chrome 0-day in three months - the first one was exploited by North Korea, so you might as well get this one ASAP.

Naked Security

S3 Ep77: Bugs, busts and old-school PDP-11 hacking [Podcast]

By: Paul Ducklin — April 7^th 2022 at 12:24

Latest episode - listen now! Cybersecurity news and advice in plain English.

Naked Security

Google’s monthly Android updates patch numerous “get root” holes

By: Paul Ducklin — April 5^th 2022 at 14:44

Get the update now... if it's available for your phone. Here's how to check.

android-1200

Naked Security

S3 Ep76: Deadbolt, LAPSUS$, Zlib, and a Chrome 0-day [Podcast]

By: Paul Ducklin — March 31^st 2022 at 13:38

Latest episode - listen now!

Naked Security

Google Chrome patches mysterious new zero-day bug – update now

By: Paul Ducklin — March 28^th 2022 at 14:18

CVE-2022-1096 - another mystery in-the-wild 0-day in Chrome... check your version now!

Naked Security

“Dirty Pipe” Linux kernel bug lets anyone write to any file

By: Paul Ducklin — March 8^th 2022 at 17:37

Even read-only files can be written to, leading to a dangerously general purpose elevation-of-privilege attack.

pipe-1200

Naked Security

S3 Ep70: Bitcoin, billing blunders, and 0-day after 0-day after 0-day [Podcast + Transcript]

By: Paul Ducklin — February 17^th 2022 at 17:12

Latest episode - listen and learn!

Naked Security

Google announces zero-day in Chrome browser – update now!

By: Paul Ducklin — February 15^th 2022 at 19:17

Zero-day buses: none for a while, then three at once. Here's Google joining Apple and Adobe in "zero-day week"

Naked Security

Cloud Security: Don’t wait until your next bill to find out about an attack!

By: Paul Ducklin — November 26^th 2021 at 17:58

Cloud security is the best sort of altruism: you need to do it to protect yourself, but you help to protect everyone else at the same time.