Naked Security

Slack admits to leaking hashed passwords for five years

Naked Security

"When those invitations went out. somehow, your password hash went out with them.". Cryptography Data loss brute force crack dictionary attack hashing password salt Slack

7 cybersecurity tips for your summer vacation!

Naked Security

Here you go - seven thoughtful cybersecurity tips to help you travel safely. Privacy holiday spycam surveillance travel vacation Wi-fi

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

How to celebrate SysAdmin Day!

Naked Security

I've just popped in to wish you all/The best SysAdmin Day! Security leadership #SysAdminDay SAAD sysadmin day

95

Facebook 2FA scammers return – this time in just 21 minutes

Naked Security

Last time they arrived 28 minutes after lighting up their fake domain. this time it was just 21 minutes. Facebook Phishing Privacy 2FA Scam

Scams 103

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

Join us as we discuss the various tangents of data and the change management process that will help you make better risk-based business decisions to save time and money for your organization.

S3 Ep95: Slack leak, Github onslaught, and post-quantum crypto [Audio + Text]

Naked Security

Latest episode - listen now! (Or Or read the transcript if you prefer.). Cryptography Data loss Law & order Malware Microsoft Podcast Privacy Cybercrime github hacking malware Naked Security Podcast quantum computing

S3 Ep94: This sort of crypto (graphy), and the other sort of crypto (currency!) [Audio + Text]

Naked Security

Lastest episode - listen now! (Or Or read if that's what you prefer.). Cryptocurrency Cryptography Podcast Vulnerability cryptocurrency cryptogram Cybercrime Naked Security Podcast

Traffic Light Protocol for cybersecurity responders gets a revamp

Naked Security

Traffic lights make a handy global metaphor for denoting the sensitivity of cybersecurity threat data - three colours that everyone knows. Security leadership cybersecurity MDR MTR research TLP

Office macro security: on-again-off-again feature now BACK ON AGAIN!

Naked Security

20 years to turn it on, then 20 weeks to turn it off, then just 2 weeks to turn it back on again. That's progress! Data loss Malware Microsoft Privacy macros Office VBA

S3 Ep91: CodeRed, OpenSSL, Java bugs and Office macros [Podcast + Transcript]

Naked Security

Latest episode - listen now! Great discussion, technical content, solid advice. all covered in plain English. Cryptography Law & order Malware Microsoft Podcast AES Naked Security Podcast ransomware RSA VBA

Post-quantum cryptography – new algorithm “gone in 60 minutes”

Naked Security

And THIS is why you don't knit your own home-made encryption algorithms and hope no one looks at them. Cryptography nist PQC quantum quantum computing SIKE

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

Facebook 2FA phish arrives just 28 minutes after scam domain created

Naked Security

The crooks hit us up with this phishing email less than half an hour after they activated their new scam domain. Data loss Facebook Phishing Privacy 2FA phishing Scam

Scams 93

Beware the Smish! Home delivery scams with a professional feel…

Naked Security

Home delivery scams are getting leaner, and meaner, and more likely to "look about right". Here's an example to show you what we mean

Scams 103

Mysterious “Follina” zero-day hole in Office – what to do?

Naked Security

News has emerged of a "feature" in Office that has been abused as a zero-day bug to run evil code. Turning off macros doesn't help! Microsoft Security threats Vulnerability Follina ms-msdt MSDT Office Zero Day

102
102

GitHub blighted by “researcher” who created thousands of malicious projects

Naked Security

If you spew projects laced with hidden malware into an open source repository, don't waste your time telling us "no harm done" afterwards. Law & order github malware supply chain

Interpol busts 2000 suspects in phone scamming takedown

Naked Security

Friends don't let friends get scammed. Not everyone knows how typical scams unfold, so here are some real-world examples. Law & order Privacy bust Interpol scamming Social Engineering

Scams 93

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

Cryptocoin “token swapper” Nomad loses $200 million in coding blunder

Naked Security

Transactions were only approved, it seems, if they were initiated by. errrrr, by anyone. Cryptocurrency Cryptography Vulnerability cryptocoin cryptocurrency DeFi Nomad

Critical Samba bug could let anyone become Domain Admin – patch now!

Naked Security

It's a serious bug. but there's a fix for it, so you know exactly what to do! Vulnerability CVE-2022-32744 password reset Samba

Poisoned Python and PHP packages purloin passwords for AWS access

Naked Security

More supply chain trouble - this time with clear examples so you can learn how to spot this stuff yourself. Malware Vulnerability exfiltration PHP python secops supply chain XDR

Phishing goes KISS: Don’t let plain and simple messages catch you out!

Naked Security

Sometimes we receive phishing tricks that we grudgingly have to admit are better than average, just because they're uncomplicated. Phishing password password manager phishing Scam

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

S3 Ep89: Sextortion, blockchain blunder, and an OpenSSL bugfix [Podcast + Transcript]

Naked Security

Latest episode - listen and read now! Use our advice to advise your own friends and family. let's all do our bit to stand up to scammers! Cryptocurrency Cryptography Law & order Podcast Vulnerability crypto cryptocurrency extortion Naked Security Podcast openssl scammers

Harmony blockchain loses nearly $100M due to hacked private keys

Naked Security

The crooks needed at least two private keys, each stored in two parts. but they got them anyway. Cryptocurrency Data loss crypto ether hack Harmony

T-Mobile to cough up $500 million over 2021 data breach

Naked Security

Technically, it's not a fine, and the lawyers will get a big chunk of it. But it still adds up to a half-billion-dollar data breach. Data loss Law & order Privacy data breach T-Mobile

S3 Ep87: Follina, AirTags, ID theft and the Law of Big Numbers [Podcast]

Naked Security

Lastest epsiode - listen now! Apple Microsoft Phishing Podcast Vulnerability CVE-2022-30190 Exploit Follina phishing SMS vishing vulnerability

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Paying ransomware crooks won’t reduce your legal risk, warns regulator

Naked Security

"We paid the crooks to keep things under control and make a bad thing better". isn't a valid excuse. Who knew? GDPR compliance Law & order Ransomware Uncategorized cyberextortion GCHQ ico NCSC ransomware

Google patches “in-the-wild” Chrome zero-day – update now!

Naked Security

Running Chrome? Do the "Help-About-Update" dance move right now, just to be sure. Google Google Chrome Vulnerability 0 day chrome CVE-2022-2294 vulnerability zer-day Zero Day

81

OpenSSL issues a bugfix for the previous bugfix

Naked Security

Fortunately, it's not a major bugfix, which means it's easy to patch and can teach us all some useful lessons. Cryptography Vulnerability command injection crypto openssl

84

Atlassian announces 0-day hole in Confluence Server – update soon!

Naked Security

Zero-day announced - here's what you need to know. Vulnerability atlassian CVE-2022-26134 Zero Day

90

Who’s watching your webcam? The Screencastify Chrome extension story…

Naked Security

When you really need to make exceptions in cybersecurity, specify them as explicitly as you can. Privacy Chrome store need-to-know Screencastify webcam

Serious Security: DEADBOLT – the ransomware that goes straight for for your backups

Naked Security

Some tips on how to keep your network safe - even (or perhaps especially!) if you think you're safe already. Ransomware Vulnerability backup Deadbolt Exploit NAS QNAP ransomware vulnerability

S3 Ep92: Log4Shell4Ever, travel tips, and scamminess [Audio + Text]

Naked Security

Latest episode - listen, read or both! Podcast Facebook Naked Security Podcast tips

72

Capital One identity theft hacker finally gets convicted

Naked Security

It took three years, but the Capital One cracker was convicted in the end. Don't get caught out in a data breach of your own! Data loss Law & order Malware capital one cryptojacking data breach doj SSN

Canadian cybercriminal pleads guilty to “NetWalker” attacks in US

Naked Security

Bust in Canada, now bust in the USA as well. Cryptocurrency Law & order Ransomware bitcoin bust Netwalker ransomware revil

Colonial Pipeline facing $1,000,000 fine for poor recovery plans

Naked Security

How good is your cybersecurity? Are you making the same mistakes as lots of other people? Here's some real-life advice. Ransomware Colonial Colonial Pipeline MTR ransomware

FTC warns of LGBTQ+ extortion scams – be aware before you share!

Naked Security

It's a simple jingle and it's solid advice: "If in doubt, don't give it out!". Law & order Privacy cyberextortion extortion RTC Scam

Scams 79

Microsoft patches the Patch Tuesday patch that broke authentication

Naked Security

Remember the good old days when security patches rarely needed patches? Because security patches themlelves were rare enough anyway? Microsoft Vulnerability Windows authentication out-of-band patch-to-patch Woindows

GnuTLS patches memory mismanagement bug – update now!

Naked Security

GnuTLS may well be the most widespread cryptographic toolkit you've never heard of. Learn more. Cryptography Vulnerability CVE-2022-2509 double-free gnutls heartbleed

63

Android monthly updates are out – critical bugs found in critical places!

Naked Security

Android May 2022 updates are out - with some critical fixes in some critical places. Learn more. Android Google Vulnerability critical Patch update vulnerability

92

Serious Security: Apple Safari leaks private data via database API – what you need to know

Naked Security

There's a tiny data leakage bug in the WebKit browser engine. but it could act as a "supercookie" identifier for your browsing. Apple Data loss Privacy data leakage Safari webkit