Naked Security

Colonial Pipeline facing $1,000,000 fine for poor recovery plans

Naked Security

How good is your cybersecurity? Are you making the same mistakes as lots of other people? Here's some real-life advice. Ransomware Colonial Colonial Pipeline MTR ransomware

He cracked passwords for a living – now he’s serving 4 years in prison

Naked Security

Crooks don't need a password for every user on your network to break in and wreak havoc. One could be enough. Cryptography Law & order bust cracking Cybercrime doj

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Android monthly updates are out – critical bugs found in critical places!

Naked Security

Android May 2022 updates are out - with some critical fixes in some critical places. Learn more. Android Google Vulnerability critical Patch update vulnerability

105
105

World Password Day – the 1960s just called and gave you your passwords back

Naked Security

Yes, passwords are going away. No, it won't happen tomorrow. So it's still worth knowing the basics of picking proper passwords. Privacy #PasswordDay #WorldPasswordDay cybersecurity passwords

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

Phishing goes KISS: Don’t let plain and simple messages catch you out!

Naked Security

Sometimes we receive phishing tricks that we grudgingly have to admit are better than average, just because they're uncomplicated. Phishing password password manager phishing Scam

OpenSSH goes Post-Quantum, switches to qubit-busting crypto by default

Naked Security

Useful quantum computers might not actually be possible. But what if they are? And what if they arrive, say, tomorrow? Cryptography NTRU Prime openssh quantum computing

112
112

Serious Security: DEADBOLT – the ransomware that goes straight for for your backups

Naked Security

Some tips on how to keep your network safe - even (or perhaps especially!) if you think you're safe already. Ransomware Vulnerability backup Deadbolt Exploit NAS QNAP ransomware vulnerability

Serious Security: Darkweb drugs market Hydra taken offline by German police

Naked Security

Why are Tor sites hard to locate and therefore difficult to take down? We explain in plain English. Cryptocurrency Law & order bust cryptocurrency dark web darkweb Hydra takedown

Firefox hits 100*, fixes bugs… but no new zero-days this month

Naked Security

Despite concerns that some websites might break when Chromium and then Firefox reached version 100, the web still seems to be intact. Mozilla Vulnerability browsers Firefox vulnerability

83

Firefox out-of-band update to 100.0.1 – just in time for Pwn2Own?

Naked Security

A new point-release of Firefox. Not unusual, but the timing of this one is interesting, with Pwn2Own coming up in a few days. Firefox Mozilla Pwn2Own Sandbox

68

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

US cryptocurrency coder gets 5 years for North Korea sanctions busting

Naked Security

Cryptocurrency expert didn't take "No" for an answer when the US authorities said he couldn't pursue cryptocoin opps in North Korea. Cryptocurrency Law & order bust doj FBI North Korea

S3 Ep78: Darkweb hydra, Ruby, quantum computing, and a robot revolution [Podcast]

Naked Security

Latest episode - listen now! Cryptocurrency Cryptography Podcast Vulnerability darkweb Hydra iot Naked Security Podcast PQC quantum computing robot takedown

Did we learn nothing from Y2K? Why are some coders still stuck on two digit numbers?

Naked Security

Calling all website coders: Y2K was then. V1H is now! Edge" chrome Chromium Firefox

111
111

Instagram scammers as busy as ever: passwords and 2FA codes at risk

Naked Security

Instagram scams don't seem to be dying out - we're seeing more variety and trickiness than ever. Phishing Instagram phishing Scam

Beware bogus Betas – cryptocoin scammers abuse Apple’s TestFlight system

Naked Security

"Install this moneymaking app" - this one is so special that it isn't available on Google Play or the App Store! Apple Cryptocurrency iOS Malware cryptocoin scam CryptoRom fake app malware scammer TestFlight

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Web vendor CafePress fined $500,000 for giving cybersecurity a low value

Naked Security

Just because you're the victim of a cybercrime doesn't let you off your cybersecurity obligations. GDPR compliance Privacy compliance fine ftc

Apple zero-day drama for Macs, iPhones and iPads – patch now!

Naked Security

Sudden update! Zero-day browser hole! Drive-by malware danger! Patch Apple laptops and phones now. Apple iOS OS X Vulnerability CVE-2022-22620 iPad iPhone macOS vulnerability

S3 Ep80: Ransomware news, phishing woes, NAS bugs, and a giant hole in Java [Podcast]

Naked Security

Latest episode - listen now! Malware Oracle Podcast Privacy Ransomware CIH firewall Java Naked Security Podcast ransomware ZTNA

OpenSSL patches infinite-loop DoS bug in certificate verification

Naked Security

When it comes to writing loops in your code. never sit on the fence! Cryptography Vulnerability CVE-2022-0778 DOS openssl ormandy vulnerability

100
100

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

LAPSUS$ hacks continue despite two hacker suspects in court

Naked Security

Do you know where in your company to report security anomalies? If you receive such reports, do you have an efficient way to process them? Data loss Law & order Privacy bust cyberextortion hacking lapsus ransomware

Alleged Kaseya ransomware attacker arrives in Texas for trial

Naked Security

The US Independence Day weekend of 2021 wasn't much of a holiday for cybersecurity staff. That was when the Kaseya attack unfolded. Cryptocurrency Law & order Ransomware bust Kaseya ransomware

Apple patches zero-day kernel hole and much more – update now!

Naked Security

You'll find fixes for numerous kernel-level code execution holes, including an 0-day vulnerability in many (though not all) versions. Apple iOS OS X Vulnerability 0 day Patch vulnerability Zero Day

58

Apple AirTag anti-stalking protection bypassed by researchers

Naked Security

Problems with Apple's Tracker Detect system, which warns you of likely stalking attempts using hidden AirTags. Apple Privacy AirTag cyberstalking Find My stalking

105
105

Critical cryptographic Java security blunder patched – update now!

Naked Security

Either know the private key and use it scrupulously in your digital signature calculation. or just send a bunch of zeros instead. Cryptography Java Oracle Vulnerability CVE-2022-21449 digital signature vulnerability

83

Power company pays out $3 trillion compensation to astonished customer

Naked Security

More money than the UK's economy produces in a year! numeric overflow overpayment vulnerability

105
105

Five critical bugs fixed in hospital robot control system

Naked Security

Fortunately, we're not talking about a robot revolution, or about hospital AI run amuck. But these bugs could lead to ransomware, or worse. Vulnerability healthcare hospital JekyllBot robot TUG vulnerability

Serious Security: Apple Safari leaks private data via database API – what you need to know

Naked Security

There's a tiny data leakage bug in the WebKit browser engine. but it could act as a "supercookie" identifier for your browsing. Apple Data loss Privacy data leakage Safari webkit

QNAP warns of new bugs in its Network Attached Storage devices

Naked Security

Here's what you need to know - plus some sensible advice for all the devices on your home or small biz network! IoT Vulnerability Apache httpd NAS QNAP vulnerability

IoT 82

S3 Ep75: Okta hack, CryptoRom, OpenSSL, and CafePress [Podcast]

Naked Security

Latest episode - listen now! Cryptography Data loss Malware Podcast Vulnerability CafePress data breach ftc lapsus Naked Security Podcast

Romance scammer who targeted 670 women gets 28 months in jail

Naked Security

Found love online? Sending them money? Friends and family warning you it could be a scam? Don't be too quick to dismiss their concerns. Law & order Spam NCA romance scam

Scams 109

S3 Ep74: Cybercrime busts, Apple patches, Pi Day, and disconnect effects [Podcast]

Naked Security

Latest episode - listen now! Apple Law & order Podcast Vulnerability "vulnerability" #PiDay Cybercrime Naked Security Podcast Pi

Yet another Chrome zero-day emergency update – patch now!

Naked Security

The third emergency Chrome 0-day in three months - the first one was exploited by North Korea, so you might as well get this one ASAP. Google Google Chrome Microsoft Edge Vulnerability "Edge" browser chrome CVE-2022-1364 type confusion vulnerability

83

Instagram copyright infringment scams – don’t get sucked in!

Naked Security

We deconstructed a copyright phish so you don't have to. Be warned: the crooks are getting better at these scams. Instagram Phishing phishing Scam

Scams 112

GitHub issues final report on supply-chain source code intrusions

Naked Security

Learn how to find out which apps you've given access rights to, and how to revoke those rights immediately in an emergency. Data loss Microsoft github oauth supply chain zero trust

75

Coronavirus SMS scam offers home PCR testing devices – don’t fall for it!

Naked Security

Free home PCR devices would be technological marvels, and really useful, too. But there aren't any. Phishing Security threats coronavirus COVID-19 NHS Scam SMS

Scams 104

Beanstalk cryptocurrency heist: scammer votes himself all the money

Naked Security

Voting safeguards based on commuity collateral don't work if one person can use a momentary loan to "become" 75% of the community. Cryptocurrency Vulnerability Blockchain cryptocoin cryptocurrency vulnerability

Cryptocoin broker Crypto.com says 2FA bypass led to $35m theft

Naked Security

The company has put out a brief security report that summarises the 'what', but not yet the 'how' or 'why'. Cryptocurrency Vulnerability 2FA Crypto.com cryptocurrency

Apple pushes out two emergency 0-day updates – get ’em now!

Naked Security

More Apple zero-days - mobile devices, laptops and desktops affected. Update now! Apple Vulnerability iPad iPhone mac vulnerability Zero Day

REvil ransomware crew allegedly busted in Russia, says FSB

Naked Security

The Russian Federal Security Bureau has just published a report about the investigation and arrest of the infamous "REvil" ransomware crew. Ransomware FSB ransomware revil russia