FBI warns about scams that lure you in as a mobile beta-tester

By: Paul Ducklin — August 16^th 2023 at 18:57

Apps on your iPhone must come from the App Store. Except when they don't... we explain what to look out for.

Naked Security

“Grab hold and give it a wiggle” – ATM card skimming is still a thing

By: Paul Ducklin — August 14^th 2023 at 23:18

The rise of tap-to-pay and chip-and-PIN hasn't rid the world of ATM card skimming criminals...

Naked Security

Crimeware server used by NetWalker ransomware seized and shut down

By: Paul Ducklin — August 14^th 2023 at 14:06

The site was running from 2014 and allegedly raked in more than $20m, which the DOJ is seeking to claw back...

Naked Security

S3 Ep147: What if you type in your password during a meeting?

By: Paul Ducklin — August 10^th 2023 at 13:34

Latest episode - listen now! (Full transcript inside.)

Naked Security

“Crocodile of Wall Street” and her husband plead guilty to giant-sized cryptocrimes

By: Paul Ducklin — August 4^th 2023 at 16:52

Sentences still to be decided, but she could get up to 10 years and he could get as many as 20.

Naked Security

S3 Ep141: What was Steve Jobs’s first job?

By: Paul Ducklin — June 29^th 2023 at 16:58

Latest episode - listen now! (Full transcript inside.)

Naked Security

Interested in $10,000,000? Ready to turn in the Clop ransomware crew?

By: Naked Security writer — June 28^th 2023 at 16:59

Technically, it's "up to $10 million", but it's potentially a LOT of money, nevertheless...

Naked Security

UK hacker busted in Spain gets 5 years over Twitter hack and more

By: Naked Security writer — June 26^th 2023 at 15:35

Not just that infamous Twitter hack, but SIM-swapping, stalking and swatting too...

Naked Security

S3 Ep140: So you think you know ransomware?

By: Paul Ducklin — June 22^nd 2023 at 16:48

Lots to learn this week - listen now! (Full transcript inside.)

Naked Security

Megaupload duo will go to prison at last, but Kim Dotcom fights on…

By: Paul Ducklin — June 19^th 2023 at 16:59

One, sadly, has died, and two are heading to prison, but for Kim Dotcom, the saga goes on...

Naked Security

S3 Ep139: Are password rules like running through rain?

By: Paul Ducklin — June 15^th 2023 at 16:43

Latest episode - listen now! (Full transcript inside.)

Naked Security

Gozi banking malware “IT chief” finally jailed after more than 10 years

By: Paul Ducklin — June 13^th 2023 at 16:43

Gozi threesome from way back in the late 2000s and early 2010s now all charged, convicted and sentenced. The DOJ got there in the end...

Naked Security

History revisited: US DOJ unseals Mt. Gox cybercrime charges

By: Naked Security writer — June 12^th 2023 at 16:58

Though the mills of the Law grind slowly/Yet they grind exceeding small/Though with patience they stand waiting/With exactness grind they all...

Naked Security

S3 Ep137: 16th century crypto skullduggery

By: Paul Ducklin — June 1^st 2023 at 16:45

Lots to learn, clearly explained in plain English... listen now! (Full transcript inside.)

s3-ep137-feat-1200

Naked Security

S3 Ep136: Navigating a manic malware maelstrom

By: Paul Ducklin — May 25^th 2023 at 16:50

Latest episode - listen now. Full transcript inside...

Naked Security

Phone scamming kingpin gets 13 years for running “iSpoof” service

By: Naked Security writer — May 22^nd 2023 at 16:58

Site marketing video promised total anonymity, but that was a lie. 170 arrested already. Potentially 1000s more to follow.

ispoof-1200

Naked Security

US offers $10m bounty for Russian ransomware suspect outed in indictment

By: Naked Security writer — May 17^th 2023 at 16:40

"Up to $10 million for information that leads to the arrest and/or conviction of this defendant."

Naked Security

Whodunnit? Cybercrook gets 6 years for ransoming his own employer

By: Naked Security writer — May 12^th 2023 at 16:15

Not just an active adversary, but a two-faced one, too.

Naked Security

Google wins court order to force ISPs to filter botnet traffic

By: Naked Security writer — April 28^th 2023 at 19:59

CryptBot criminals are alleged to have plundered browser passwords, illicitly-snapped screenshots, cryptocurrency account data, and more.

Naked Security

S3 Ep131: Can you really have fun with FORTRAN?

By: Paul Ducklin — April 20^th 2023 at 17:55

Loop-the-loop in this week's episode. Entertaining, educational and all in plain English. Transcript inside.

Naked Security

Ex-CEO of breached pyschotherapy clinic gets prison sentence for bad data security

By: Paul Ducklin — April 18^th 2023 at 16:56

Did the sentence fit the crime? Read the backstory, and then have your say in our comments! (You may post anonymously.)

Naked Security

FBI and FCC warn about “Juicejacking” – but just how useful is their advice?

By: Paul Ducklin — April 17^th 2023 at 14:17

USB charging stations - can you trust them? What are the real risks, and how can you keep your data safe on the road?

Naked Security

S3 Ep128: So you want to be a cybercriminal? [Audio + Text]

By: Paul Ducklin — March 30^th 2023 at 14:43

Latest episode - listen now!

Naked Security

Cops use fake DDoS services to take aim at wannabe cybercriminals

By: Naked Security writer — March 28^th 2023 at 16:58

Thinking of trying a bit of DDoSsing to get a feel for life at the fringes of the Dark Side? Don't do it!

Naked Security

S3 Ep125: When security hardware has security holes [Audio + Text]

By: Paul Ducklin — March 9^th 2023 at 18:58

Lastest episode - listen now! (Full transcript inside.)

Naked Security

DoppelPaymer ransomware supsects arrested in Germany and Ukraine

By: Naked Security writer — March 6^th 2023 at 16:16

Devices seized, suspects interrogated and arrested, allegedly connected to devastating cyberattack on University Hospital in Düsseldorf.

Naked Security

S3 Ep124: When so-called security apps go rogue [Audio + Text]

By: Paul Ducklin — March 2^nd 2023 at 15:40

Rogue software packages. Rogue "sysadmins". Rogue keyloggers. Rogue authenticators. Rogue ROGUES!

s3-ep124-auth--1200

Naked Security

Dutch police arrest three cyberextortion suspects who allegedly earned millions

By: Naked Security writer — February 27^th 2023 at 17:33

Ever paid hush money to crooks who broke into your network? Wondered how much you can trust them?

Naked Security

S3 Ep121: Can you get hacked and then prosecuted for it? [Audio + Text]

By: Paul Ducklin — February 9^th 2023 at 19:41

Latest epsiode. Listen now!

Naked Security

Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto

By: Paul Ducklin — February 6^th 2023 at 17:53

Hear renowned cybersecurity author Andy Greenberg's thoughtful commentary about the "war on crypto" as we talk to him about his new book...

Naked Security

Finnish psychotherapy extortion suspect arrested in France

By: Naked Security writer — February 6^th 2023 at 16:13

Company transcribed ultra-personal conversations, didn't secure them. Criminal stole them, then extorted thousands of vulnerable patients.

Naked Security

S3 Ep120: When dud crypto simply won’t let go [Audio + Text]

By: Paul Ducklin — February 2^nd 2023 at 17:50

Latest episode - listen now!

Naked Security

Hive ransomware servers shut down at last, says FBI

By: Naked Security writer — January 27^th 2023 at 17:58

Unfortunately, you've probably already heard the cliche that "cybercrime abhors a vacuum"...

Naked Security

Dutch suspect locked up for alleged personal data megathefts

By: Paul Ducklin — January 26^th 2023 at 22:02

Undercover Austrian "controlled data buy" leads to Amsterdam arrest and ongoing investigation. Suspect is said to steal and sell all sorts of data, including medical records.

Naked Security

Multi-million investment scammers busted in four-country Europol raid

By: Paul Ducklin — January 16^th 2023 at 16:10

216 questioned, 15 arrested, 4 fake call centres searched, millions seized...

Naked Security

S3 Ep117: The crypto crisis that wasn’t (and farewell forever to Win 7) [Audio + Text]

By: Paul Ducklin — January 12^th 2023 at 17:59

Tell us in the comments... What's the REAL reason there was no Windows 9? (No theory too far-fetched!)

Naked Security

Inside a scammers’ lair: Ukraine busts 40 in fake bank call-centre raid

By: Naked Security writer — January 3^rd 2023 at 17:03

When someone calls you up to warn you that your bank account is under attack - it's true, because THAT VERY PERSON is the one attacking you!

Naked Security

OneCoin scammer Sebastian Greenwood pleads guilty, “Cryptoqueen” still missing

By: Paul Ducklin — December 19^th 2022 at 17:50

The Cryptoqueen herself is still missing, but her co-conspirator, who is said to have pocketed over $20m a month, has been convicted.

Naked Security

S3 Ep112: Data breaches can haunt you more than once! [Audio + Text]

By: Paul Ducklin — December 9^th 2022 at 16:46

Breaches, exploits, busts, buffer overflows and bug hunting - entertaining and educational in equal measure.

Naked Security

SIM swapper sent to prison for 2FA cryptocurrency heist of over $20m

By: Naked Security writer — December 6^th 2022 at 17:56

Guilty party got 18 months, also has to pay back $20m he probably hasn't got, which could land him in more hot water.

Naked Security

S3 Ep111: The business risk of a sleazy “nudity unfilter” [Audio + Text]

By: Paul Ducklin — December 1^st 2022 at 17:58

Latest episode - listen now (or read if you prefer)...

Naked Security

Serious Security: MD5 considered harmful – to the tune of $600,000

By: Paul Ducklin — November 30^th 2022 at 17:58

It's not just the hashing, by the way. It's the salting and the stretching, too!

Naked Security

Voice-scamming site “iSpoof” seized, 100s arrested in massive crackdown

By: Naked Security writer — November 25^th 2022 at 17:17

Those numbers or names that pop up when a call comes up? They're OK as a hint of who's calling, but THEY PROVE NOTHING

Naked Security

S3 Ep110: Spotlight on cyberthreats – an expert speaks [Audio + Text]

By: Paul Ducklin — November 24^th 2022 at 16:52

Latest episode - security expert John Shier explains what the real-life cybercrime stories in the Sophos Threat Report can teach us

Naked Security

Multimillion dollar CryptoRom scam sites seized, suspects arrested in US

By: Paul Ducklin — November 23^rd 2022 at 19:58

Five tips to keep yourself, and your friends and family, out of the clutches of "chopping block" scammers...

cryptorom-1200

Naked Security

S3 Ep109: How one leaked email password could drain your business [Audio + Transcript]

By: Paul Ducklin — November 17^th 2022 at 17:52

Latest episode - listen now! Cybersecurity news plus loads of great advice...

Naked Security

“Gucci Master” business email scammer Hushpuppi gets 11 years

By: Naked Security writer — November 14^th 2022 at 16:24

Learn how to protect yourself from big-money tricksters like the Hushpuppis of the world...

puppi-car-1200

Naked Security

S3 Ep108: You hid THREE BILLION dollars in a popcorn tin?

By: Paul Ducklin — November 10^th 2022 at 17:26

Patches, busts, leaks and why even low-likelihood exploits can be high-severity risks - listen now!

Naked Security

Silk Road drugs market hacker pleads guilty, faces 20 years inside

By: Paul Ducklin — November 8^th 2022 at 17:58

Jurisprudence isn't like arithmetic... two negatives never make a positive!

Naked Security

S3 Ep107: Eight months to kick out the crooks and you think that’s GOOD? [Audio + Text]

By: Paul Ducklin — November 3^rd 2022 at 17:51

Listen now - latest episode - audio plus full transcript

Naked Security

Psychotherapy extortion suspect: arrest warrant issued

By: Paul Ducklin — October 31^st 2022 at 17:59

Wanted! Not only the extortionist who abused the data, but also the CEO who let it happen.

Naked Security

S3 Ep106: Facial recognition without consent – should it be banned?

By: Paul Ducklin — October 27^th 2022 at 16:59

Latest episode - listen (or read) now. Teachable moments for X-Ops professionals!

Naked Security

Clearview AI image-scraping face recognition service hit with €20m fine in France

By: Paul Ducklin — October 26^th 2022 at 00:50

"We told you to stop but you ignored us," said the French regulator, "so now we're coming after you again."

Naked Security

When cops hack back: Dutch police fleece DEADBOLT criminals (legally!)

By: Paul Ducklin — October 21^st 2022 at 16:25

Crooks: Show us the money! Cops: How about you show us the decryption keys first?

Naked Security

S3 Ep103: Scammers in the Slammer (and other stories) [Audio + Text]

By: Paul Ducklin — October 6^th 2022 at 14:43

Latest episode - listen and learn now (or read and revise, if the written word is your thing)...

Naked Security

NetWalker ransomware affiliate sentenced to 20 years by Florida court

By: Naked Security writer — October 5^th 2022 at 16:55

Judge tells the accused that if he hadn't pleaded guilty, "I would have given you life."

Naked Security

BEC fraudster and romance scammer sent to prison for 25 years

By: Paul Ducklin — October 4^th 2022 at 19:12

Two years of scamming + $10 million leeched = 25 years in prison. Just in time for #Cybermonth.

rs-1200

Naked Security

Scammers and rogue callers – can anything ever stop them?

By: Paul Ducklin — October 4^th 2022 at 00:06

Some thoughts for Cybersecurity Awareness Month: Is is worth reporting nuisance calls? Is it even worth reporting outright scams?

Naked Security

Uber and Rockstar – has a LAPSUS$ linchpin just been busted (again)?

By: Paul Ducklin — September 24^th 2022 at 22:57

Is this the same suspect as before? Is he part of LAPSUS$? Is this the man who hacked Uber and Rockstar? And, if so, who else?

Naked Security

S3 Ep96: Zoom 0-day, AEPIC leak, Conti reward, healthcare security [Audio + Text]

By: Paul Ducklin — August 18^th 2022 at 14:38

Latest episode - listen now (or read if you prefer!)