Naked Security Podcast

Miss Manners confronts copy-and-paste. WinRAR patches bugs. When Airplane mode isn't. How many cryptographers to change a light bulb? https://nakedsecurity.sophos.com/using-winrar-be-sure-to-patch https://nakedsecurity.sophos.com/snakes-in-airplane-mode https://nakedsecurity.sophos.com/smart-light-bulbs-could-give-away-your-password With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Email questions and suggestions to: [email protected]

Navajo Code Talkers Day. Beta bogosities. Skimming shenanigans. Hooligan hosting. A cybercrime conundrum. https://nakedsecurity.sophos.com/fbi-warns-about-scams-that-lure-you-in-as-a-mobile-beta-tester https://nakedsecurity.sophos.com/grab-hold-and-give-it-a-wiggle-atm-card-skimming https://nakedsecurity.sophos.com/crimeware-server-used-by-netwalker-ransomware-seized With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Email questions and suggestions to: [email protected]

An amazing Art Deco computer. Yet more performance-versus-security trouble. Is sound alone enough to sniff out your password? A rap song (of sorts) with a cybersecurity connection. https://nakedsecurity.sophos.com/2023/08/08/serious-security-why-learning-to-touch-type-could-protect-you-from-audio-snooping/ https://nakedsecurity.sophos.com/2023/08/04/crocodile-of-wall-street-and-her-husband-plead-guilty-to-giant-sized-cryptocrimes/ With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Email questions and suggestions to: [email protected]

Firefox fixes flaws. The exciting vulnerability that you don't need to be afraid of. Breach reporting rules with lots of leeway. https://nakedsecurity.sophos.com/firefox-fixes-a-flurry-of-flaws https://nakedsecurity.sophos.com/performance-and-security-clash-yet-again https://nakedsecurity.sophos.com/sec-demands-four-day-disclosure-limit With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Email questions and suggestions to: [email protected]

Apple patches two zero-days, one for a second time. How a 30-year-old cryptosystem got cracked. All your secret are belong to Zenbleed. Remembering those dodgy PC/Mac ads. https://nakedsecurity.sophos.com/apple-ships-that-recent-rapid-response https://nakedsecurity.sophos.com/hacking-police-radios-30-year-old-crypto-flaws https://nakedsecurity.sophos.com/zenbleed-how-the-quest-for-cpu-performance With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Email questions and suggestions to: [email protected]

Why your Mac's calendar app says it's JUL 17. One patch, one line, one file. Careful with that {axe,file}, Eugene. Storm season for Microsoft. When typos make you sing for joy. https://nakedsecurity.sophos.com/zimbra-collaboration-suite-warning https://nakedsecurity.sophos.com/google-virus-total-leaks-list https://nakedsecurity.sophos.com/microsoft-hit-by-storm-season With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

Remembering the slide rule. What you need to know about Patch Tuesday. Supercookie surveillance shenanigans. When bugs arrive in pairs. Apple's rapid patch that needed a rapid patch. User-Agent considered harmful. https://nakedsecurity.sophos.com/microsoft-patches-four-zero-days-finally-takes-action https://nakedsecurity.sophos.com/serious-security-rowhammer-returns https://nakedsecurity.sophos.com/ghostscript-bug-could-allow-rogue-documents-to-run-system https://nakedsecurity.sophos.com/urgent-apple-fixes-critical-zero-day-hole https://nakedsecurity.sophos.com/apple-silently-pulls-its-latest-zero-day-update With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

First there was DevOps, then SecOps, then DevSecOps. Or should that be SecDevOps? Paul Ducklin talks to Sophos X-Ops insider Matt Holdcroft about how to get all your corporate Ops teams working together, with cybersecurity correctness as a guiding light. With Paul Ducklin and Matt Holdcroft. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

PONG for one player. Apple pushes out anti-spyware patch. Beware bad passwords on Linux servers. "Twitter hacker" gets 5 years. When mobile phones and dental hygiene collide. https://nakedsecurity.sophos.com/apple-patch-fixes-zero-day-kernel-hole https://nakedsecurity.sophos.com/beware-bad-passwords-as-attackers-co-opt-linux-servers https://nakedsecurity.sophos.com/uk-hacker-busted-in-spain-gets-5-years https://nakedsecurity.sophos.com/aussie-pm-says-shut-down-your-phone-every-24-hours With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

Gee Whizz BASIC (probably). Think you know ransomware? Megaupload, 11 years on. ASUS warns of critical router bugs. MOVEit mayhem Part III. https://nakedsecurity.sophos.com/the-ransomware-documentary-brand-new-video-series https://nakedsecurity.sophos.com/megaupload-duo-will-go-to-prison https://nakedsecurity.sophos.com/asus-warns-router-customers-patch-now https://nakedsecurity.sophos.com/moveit-mayhem-3 With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

Magnetic core memory. Patch Tuesday and SketchUp shenanigans. More MOVEit mitigations. Mt. Gox back in the news. Gozi malware criminal imprisoned at last. Are password rules like running through rain? https://nakedsecurity.sophos.com/patch-tuesday-fixes-4-critical-rce-bugs https://nakedsecurity.sophos.com/more-moveit-mitigations-new-patches https://nakedsecurity.sophos.com/history-revisited-us-doj-unseals-mt-gox-cybercrime-charges https://nakedsecurity.sophos.com/gozi-banking-malware-it-chief-finally-jailed https://nakedsecurity.sophos.com/thoughts-on-scheduled-password-changes With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

Calling all modems. KeePass gets an update. MOVEit gets pwned. Chromium zero-day. The backdoor that wasn't really. WPBT explained. https://nakedsecurity.sophos.com/serious-security-that-keepass-master-password-crack https://nakedsecurity.sophos.com/moveit-zero-day-exploit-used-by-data-breach-gangs https://nakedsecurity.sophos.com/chrome-zero-day-this-exploit-is-in-the-wild https://nakedsecurity.sophos.com/researchers-claim-windows-backdoor With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

How to say "GIF". A Blackmailer-in-the-Middle attack. Knitting your own crypto. KeePass master password shenanigans. Binge listening. https://nakedsecurity.sophos.com/ransomware-tales-the-mitm-attack https://nakedsecurity.sophos.com/serious-security-verification-is-vital https://nakedsecurity.sophos.com/serious-security-that-keepass-master-password-crack With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

Luminiferous aether. A $10m cybercrime reward. Bank scam kingpin gets 13 years. Three Apple 0-days. A Python malware maelstrom. https://nakedsecurity.sophos.com/us-offers-10m-bounty-for-russian-ransomware-suspect https://nakedsecurity.sophos.com/phone-scamming-kingpin-gets-13-years https://nakedsecurity.sophos.com/apples-secret-is-out-3-zero-days-fixed https://nakedsecurity.sophos.com/pypi-open-source-code-repository-deals-with-manic-malware-maelstrom With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

An Apple product that flopped (and was not the Newton). Two-faced sysadmin jailed for 6 years. The smart plug with the unsmart security hole. Clearview AI again, once more, again. https://nakedsecurity.sophos.com/whodunnit-cybercrook-gets-6-years https://nakedsecurity.sophos.com/belkin-wemo-smart-plug-v2-the-buffer-overflow https://nakedsecurity.sophos.com/zut-alors-raclage-crapuleux-clearview-ai With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

The world-changing Visible Calculator. How not to get a job. Private keys - the hint is in the name. Microsoft's complicated bootkit patch. Taming Bluetooth trackers. https://nakedsecurity.sophos.com/php-packagist-supply-chain-poisoned-by-hacker https://nakedsecurity.sophos.com/low-level-motherboard-security-keys-leaked https://nakedsecurity.sophos.com/bootkit-zero-day-fix-is-this-microsofts-most-cautious https://nakedsecurity.sophos.com/tracked-by-hidden-tags-apple-and-google-unite With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

New England gets BASIC. Google hits back at CryptBot crooks. Apple seals its lips on security. Mac malware-as-a-service. World Password Day. PaperCut: disclose or don't disclose? https://nakedsecurity.sophos.com/google-wins-court-order-to-force-isps-to-filter https://nakedsecurity.sophos.com/apple-delivers-first-ever-rapid-security-response https://nakedsecurity.sophos.com/mac-malware-for-hire-steals-passwords-and-cryptocoins https://nakedsecurity.sophos.com/world-password-day-2-2-4 https://nakedsecurity.sophos.com/papercut-security-vulnerabilities-under-active-attack With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

The CIH or SpaceFiller virus revisited. Google's 2FA security shortcut. Server vulns under active attack. Two Chrome zero-days, but was it one attack? https://nakedsecurity.sophos.com/20-years-ago-today-what-we-can-learn-from-the-cih-virus https://nakedsecurity.sophos.com/google-leaking-2fa-secrets https://nakedsecurity.sophos.com/papercut-security-vulnerabilities-under-active-attack https://nakedsecurity.sophos.com/double-zero-day-in-chrome-and-edge-check-your-versions With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

Fun with FORTRAN?! An extreme data breach and its consequences. Rogue 2FA apps live in action. Juicejacking revisited. https://nakedsecurity.sophos.com/ex-ceo-of-breached-pyschotherapy-clinic-gets-prison-sentence https://nakedsecurity.sophos.com/beware-rogue-2fa-apps-in-app-store-and-google-play https://nakedsecurity.sophos.com/fbi-and-fcc-warn-about-juicejacking With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

A common business-oriented language. Patch Tuesday. Secure Boot (without the "Secure" part). Apple zero-days. World-readable garage doors. Motherboard malware threats. https://nakedsecurity.sophos.com/microsoft-fixes-a-zero-day-and-two-curious-bugs https://nakedsecurity.sophos.com/apple-issues-emergency-patches-for-spyware https://nakedsecurity.sophos.com/apple-zero-day-spyware-patches-extended https://nakedsecurity.sophos.com/us-government-warning-what-if-anyone-could-open https://nakedsecurity.sophos.com/attention-gamers-motherboard-maker-msi-admits-to-breach With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

A supply chain attack that foisted spyware on trusting users. Wi-Fi encryption bypass via left-over data. Surely there should be TWO World Backup Days? https://nakedsecurity.sophos.com/supply-chain-blunder-puts-3cx-telephone-app-users-at-risk https://nakedsecurity.sophos.com/researchers-claim-they-can-bypass-wi-fi-encryption https://nakedsecurity.sophos.com/world-backup-day-is-here-again-5-tips With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

RIP Gordon Moore, the more in Moore's Law. Photo cropping bugfix. DDoS honeypot. E-commerce patches. Apple 0-day and lots more. https://nakedsecurity.sophos.com/in-memoriam-gordon-moore https://nakedsecurity.sophos.com/microsoft-assigns-cve-to-snipping-tool-bug https://nakedsecurity.sophos.com/cops-use-fake-ddos-services https://nakedsecurity.sophos.com/woocommerce-payments-plugin https://nakedsecurity.sophos.com/apple-patches-everything-including-a-zero-day With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

The mobile phone bugs that Google kept quiet, just in case. The mysterious case of ATM video uploads. When redacted data springs back to life. https://nakedsecurity.sophos.com/dangerous-android-phone-0-day-bugs-revealed https://nakedsecurity.sophos.com/bitcoin-atm-customers-hacked-by-video-upload https://nakedsecurity.sophos.com/google-pixel-phones-had-a-serious-data-leakage-bug https://nakedsecurity.sophos.com/windows-11-also-vulnerable-to-acropalypse With Paul Ducklin and Chester Wisniewski Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

Memories of Michelangelo (the virus, not the artist). Data leakage bugs in TPM 2.0. Ransomware bust, ransomware warning, and anti-ransomware advice. https://nakedsecurity.sophos.com/serious-security-tpm-2-0-vulns https://nakedsecurity.sophos.com/doppelpaymer-ransomware-supsects-arrested https://nakedsecurity.sophos.com/feds-warn-about-right-royal-ransomware With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

How Woz nearly gave away the Apple I. Rogue software packages. Rogue network "administrators". Rogue keyloggers. Rogue authenticators. https://nakedsecurity.sophos.com/npm-javascript-packages-abused-to-create-scambait https://nakedsecurity.sophos.com/dutch-police-arrest-three-cyberextortion-suspects https://nakedsecurity.sophos.com/lastpass-the-crooks-used-a-keylogger https://nakedsecurity.sophos.com/beware-rogue-2fa-apps-in-app-store-and-google-play With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

The first search warrant for computer storage. GoDaddy breach. Twitter surprise. Coinbase kerfuffle. The hidden cost of success. https://nakedsecurity.sophos.com/godaddy-admits-crooks-hit-us-with-malware https://nakedsecurity.sophos.com/twitter-tells-users-pay-up https://nakedsecurity.sophos.com/coinbase-breached-by-social-engineers With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

The birth of ENIAC. A "sophisticated attack" (someone got phished). A cryptographic hack enabled by a security warning. Valentine's Day Patch Tuesday. Apple closes spyware-sized 0-day hole. https://nakedsecurity.sophos.com/reddit-admits-it-was-hacked- https://nakedsecurity.sophos.com/serious-security-gnutls-follows-openssl https://nakedsecurity.sophos.com/microsoft-patch-tuesday-36-rce-bugs https://nakedsecurity.sophos.com/apple-fixes-zero-day-spyware-implant-bug With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

Cryptocurrency crimelords. Security patches for VMware, OpenSSH and OpenSSL. Medical breacher busted. Is that a bug or a feature? https://nakedsecurity.sophos.com/tracers-in-the-dark https://nakedsecurity.sophos.com/using-vmware-worried-about-esxi-ransomware https://nakedsecurity.sophos.com/openssh-fixes-double-free-memory-bug https://nakedsecurity.sophos.com/openssl-fixes-high-severity-data-stealing-bug https://nakedsecurity.sophos.com/finnish-psychotherapy-extortion-suspect-arrested https://nakedsecurity.sophos.com/password-stealing-vulnerability-reported-in-keypass With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

Do we really need a "war against cryptography" - codes and ciphers that the government can easily crack if it thinks there's an emergency - to cement our collective online security? Hear renowned cybersecurity author Andy Greenberg's thoughtful commentary on this and many other vital issues, including anonymity and privacy, as we talk to him about his tremendous new book, Tracers in the Dark. https://andygreenberg.net https://nakedsecurity.sophos.com https://sophos.com/nobackdoors Original music by Edith Mudge (https://www.edithmudge.com)

The mighty CPU that wasn't. Hive ransomware takedown. Dutch data crime suspect busted. Samba finally gets rid of MD5. GitHub admits to an intrusion. Storing passwords securely. https://nakedsecurity.sophos.com/hive-ransomware-servers-shut-down https://nakedsecurity.sophos.com/dutch-suspect-locked-up https://nakedsecurity.sophos.com/serious-security-the-samba-logon-bug https://nakedsecurity.sophos.com/github-code-signing-certificates-stolen With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

The programming language almost called Oak. GoTo admits to more breach woes. T-Mobile spills 37 million records. Apple patches everything, even iOS 12. And Google mAkES tYpOs for sECurity. https://nakedsecurity.sophos.com/goto-admits-customer-cloud-backups-stolen https://nakedsecurity.sophos.com/t-mobile-admits-to-37000000-customer-records-stolen https://nakedsecurity.sophos.com/apple-patches-are-out-old-iphones https://nakedsecurity.sophos.com/serious-security-how-deliberate-typos-might-improve-dns With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

The HAPPY99 virus reminds us that less is more. Trouble with JSON Web Tokens. Investment scammers busted in Europe. The LifeLock "breach" that wasn't. https://nakedsecurity.sophos.com/popular-jwt-cloud-security-library-patches https://nakedsecurity.sophos.com/multi-million-investment-scammers-busted https://nakedsecurity.sophos.com/serious-security-unravelling-the-nortonlifelock-hack With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: @NakedSecurity (https://twitter.com/nakedsecurity)

Two stories from the underground. Bank scammers busted. The crypto-crack that wasn't. And the end of two Windows eras at the same time. https://nakedsecurity.sophos.com/inside-a-scammers-lair-ukraine-busts-40 https://nakedsecurity.sophos.com/rsa-crypto-cracked-or-perhaps-not https://nakedsecurity.sophos.com/microsoft-patch-tuesday-one-0-day With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: @NakedSecurity (https://twitter.com/nakedsecurity)

The ground-breaking HP-35 digital calculator. Last straw for LastPass? Congress takes on quantum computing. 33 1/3-year-old cybersecurity lessons. Machine learning supply chain attack. https://www.hpmuseum.org/hp35.htm https://nakedsecurity.sophos.com/lastpass-finally-admits-they-did-steal-your-password-vaults https://nakedsecurity.sophos.com/us-passes-the-quantum-computing-cybersecurity-preparedness-act https://nakedsecurity.sophos.com/naked-security-33-1-3-cybersecurity-predictions-for-2023 https://nakedsecurity.sophos.com/pytorch-machine-learning-toolkit-pwned With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: @NakedSecurity (https://twitter.com/nakedsecurity)

Once more unto the breach, dear friends, once more! Paul Ducklin talks to Peter Mackenzie, Director of Incident Response at Sophos, in a cybersecurity session that will alarm, amuse and educate you, all in equal measure. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: @NakedSecurity (https://twitter.com/nakedsecurity)

Join world-renowned Sophos expert Fraser Howard, Director of Research at SophosLabs, for this fascinating episode, recorded during our recent Security SOS Week 2022. When it comes to fighting cybercrime, Fraser truly is a "specialist in everything", and he also has the knack of explaining this tricky and treacherous subject in plain English. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: @NakedSecurity (https://twitter.com/nakedsecurity)

The irony of the CAN-SPAM law. When genuine kernel drivers go rogue. Apple patches everything. Stealing data via secret radio waves. E-commerce supply chain drama. https://nakedsecurity.sophos.com/patch-tuesday-0-days-rce-bugs-and-a-curious-tale https://nakedsecurity.sophos.com/apple-patches-everything-finally-reveals-mystery https://nakedsecurity.sophos.com/covid-bit-the-wireless-spyware-trick- https://nakedsecurity.sophos.com/credit-card-skimming-the-long-and-winding-road With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: @NakedSecurity (https://twitter.com/nakedsecurity)

The worm that wasn't a Goner. LastPass suffers a sting in the data breach tail. Apple's secretive update. Ping o' Death. SIM swapping explained. A Beatles-esque 0-day in Chrome and Edge. https://nakedsecurity.sophos.com/lastpass-admits-to-customer-data-breach https://nakedsecurity.sophos.com/apple-pushes-out-ios-security-update https://nakedsecurity.sophos.com/ping-of-death-freebsd-fixes-crashtastic-bug https://nakedsecurity.sophos.com/sim-swapper-sent-to-prison-for-2fa-cryptocurrency-heist https://nakedsecurity.sophos.com/number-nine-chrome-fixes-another-2022-zero-day With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: @NakedSecurity (https://twitter.com/nakedsecurity)

Christmas wormage. Prurient malware. Cryptorom busts. Voice call spoofing. https://nakedsecurity.sophos.com/cryptorom-pig-butchering-scam-sites-seized https://nakedsecurity.sophos.com/tiktok-invisible-challenge-porn-malware https://nakedsecurity.sophos.com/voice-scamming-site-ispoof-seized-100s-arrested With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: @NakedSecurity (https://twitter.com/nakedsecurity)

Security specialist John Shier tells you the "news you can really use" - how to boost your cybersecurity based on real-world advice from the 2023 Sophos Threat Report. https://sophos.com/threatreport With Paul Ducklin and John Shier. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: @NakedSecurity (https://twitter.com/nakedsecurity)

Microsoft's tilt at the MP3 marketplace. Apple's not-a-zero-day emergency. Cracking the lock on Android phones. Browser-in-the-Browser revisited. The Emmenthal cheese attack. Business Email Compromise and how to prevent it. https://nakedsecurity.sophos.com/emergency-code-execution-patch-from-apple https://nakedsecurity.sophos.com/dangerous-sim-swap-lockscreen-bypass https://nakedsecurity.sophos.com/firefox-fixes-fullscreen-fakery-flaw https://nakedsecurity.sophos.com/log4shell-like-code-execution-hole https://nakedsecurity.sophos.com/gucci-master-business-email-scammer With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: @NakedSecurity (https://twitter.com/nakedsecurity)

Radio waves so mysterious they're known only as X-Rays. Were there six 0-days or only four? The cops that found $3 billion in a popcorn tin. Blue badge confusion. When URL scanning goes wrong. Tracking down every last unpatched file. Why even unlikely exploits can earn "high" severity levels. https://nakedsecurity.sophos.com/exchange-0-days-fixed-at-last-plus-4-brand-new https://nakedsecurity.sophos.com/silk-road-drugs-market-hacker-pleads-guilty https://nakedsecurity.sophos.com/twitter-blue-badge-email-scams- https://nakedsecurity.sophos.com/public-url-scanning-tools-when-security-leads-to-insecurity https://nakedsecurity.sophos.com/the-openssl-security-update-story-how-can-you-tell With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: @NakedSecurity (https://twitter.com/nakedsecurity)

The man who put Boole in Boolean. OpenSSL's bated-breath update. Apple's zero-day finally settled. New Chrome zero-day. SHA-3 code gets a patch. Extreme extortion via stolen medical data. Data breach response the nonchalant way. https://nakedsecurity.sophos.com/openssl-patches-are-out-critical-bug-downgraded-to-high https://nakedsecurity.sophos.com/the-openssl-security-update-story-how-can-you-tell https://nakedsecurity.sophos.com/updates-to-apples-zero-day-update-story-iphone-and-ipad https://nakedsecurity.sophos.com/chrome-issues-urgent-zero-day-fix-update-now https://nakedsecurity.sophos.com/sha-3-code-execution-bug-patched-in-php https://nakedsecurity.sophos.com/psychotherapy-extortion-suspect-arrest-warrant https://nakedsecurity.sophos.com/online-ticketing-company-see-pwned-for-2-5-years With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: @NakedSecurity (https://twitter.com/nakedsecurity)

Windows XP (fondly?!) remembered. Clearview AI courts controversy again. DEADBOLT ransomware crooks get counterhacked. Women cryptologists commemorated in US. How to measure randomness. Deconstructing Apple's latest security bulletins. https://nakedsecurity.sophos.com/clearview-ai-image-scraping-face-recognition-service-hit-with-e20m-fine https://nakedsecurity.sophos.com/when-cops-hack-back-dutch-police-fleece-deadbolt-criminals https://nakedsecurity.sophos.com/women-in-cryptology-usps-celebrates-ww2-codebreakers https://nakedsecurity.sophos.com/serious-security-you-cant-beat-the-house-at-blackjack https://nakedsecurity.sophos.com/apple-megaupdate-ventura-out-ios-and-ipad-kernel-zero-day With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: @NakedSecurity (https://twitter.com/nakedsecurity)

Coolest videogame ever. Zoom thinks everyone's a developer. The Patch Tuesday that wasn't. A data breach coverup. Log4Shell all over again. And the Office cryptofail that Microsoft won't fix. https://nakedsecurity.sophos.com/zoom-for-mac-patches-sneaky-spy-on-me-bug https://nakedsecurity.sophos.com/patch-tuesday-in-brief-one-0-day-fixed https://nakedsecurity.sophos.com/fashion-brand-shein-fined-1-9m-for-lying https://nakedsecurity.sophos.com/dangerous-hole-in-apache-commons-text https://nakedsecurity.sophos.com/serious-security-microsoft-office-365 With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: @NakedSecurity (https://twitter.com/nakedsecurity)

What goes up... must come down. Ransomware criminal avoids a life sentence. Former CSO convicted over Uber megabreach coverup. WhatsApp fights rip-off rogue apps. The Countess of Computer Science. Could a weird email brick your iPhone? https://nakedsecurity.sophos.com/netwalker-ransomware-affiliate-sentenced https://nakedsecurity.sophos.com/former-uber-cso-convicted https://nakedsecurity.sophos.com/whatsapp-goes-after-chinese-password-scammers https://nakedsecurity.sophos.com/move-over-patch-tuesday-its-ada-lovelace https://nakedsecurity.sophos.com/mystery-iphone-update With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: @NakedSecurity (https://twitter.com/nakedsecurity)

Naked Security meets Sophos X-Ops! Duck and Chet dig into OAuth 2.0, a well-known protocol for authorization. Microsoft calls it "Modern Auth", though it's a decade old, and is finally forcing Exchange Online customers to switch to it. With Paul Ducklin and Chester Wisniewski. Original music by Edith Mudge (https://www.edithmudge.com) https://nakedsecurity.sophos.com/ https://twitter.com/nakedsecurity https://twitter.com/sophosxops

S3 Ep103: Scammers in the Slammer (and other stories) A fridge-sized calculator made with transistors (really). ProxyNotShell situation reviewed. Romance and BEC scammer gets 25 in the slammer. Is there an answer to nuisance callers? Is the answer voicemail? https://nakedsecurity.sophos.com/urgent-microsoft-exchange-double-zero-day https://nakedsecurity.sophos.com/s3-ep102-5-proxynotshell-exchange-bugs https://nakedsecurity.sophos.com/romance-scammer-and-bec-fraudster-sent-to-prison https://nakedsecurity.sophos.com/scammers-and-rogue-callers-can-anything-ever-stop-them With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

Chester Wisniewski gives you actionable advice on how to deal with two actively exploited Exchange zero-days that suddenly burst into the news. Learn who's affected and how, find out what you can do while waiting for Microsoft's patches, and plan your threat hunting in case the worst happens to you. https://nakedsecurity.sophos.com/urgent-microsoft-exchange-double-zero-day https://twitter.com/sophosxops With Paul Ducklin and Chester Wisniewski. Original music by Edith Mudge (https://www.edithmudge.com)

What's the real deal with LAPSUS$? How did Optus get hacked? Was there really a WhatsApp 0-day? What if "deleted" data comes back from the dead to haunt you? https://nakedsecurity.sophos.com/uber-and-rockstar-has-a-lapsus-linchpin https://news.sophos.com/uber-rockstar-fall-to-social-engineering-attacks https://nakedsecurity.sophos.com/optus-breach-aussie-telco-told-it-will-have-to-pay https://nakedsecurity.sophos.com/whatsapp-zero-day-exploit-news-scare https://nakedsecurity.sophos.com/morgan-stanley-fined-millions-for-selling-off-devices With Paul Ducklin and Chester Wisniewski Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: [email protected] Twitter: NakedSecurity (https://twitter.com/nakedsecurity)