Naked Security - Archive

Miss Manners confronts copy-and-paste. WinRAR patches bugs. When Airplane mode isn't. How many cryptographers to change a light bulb? Intro and outro music by Edith Mudge (www.edithmudge.com)

Navajo Code Talkers Day. Beta bogosities. Skimming shenanigans. Hooligan hosting. A cybercrime conundrum. Intro and outro music by Edith Mudge (www.edithmudge.com)

An amazing Art Deco computer. Yet more performance-versus-security trouble. Is sound alone enough to sniff out your password? A rap song (of sorts) with a cybersecurity connection. Intro and outro music by Edith Mudge (www.edithmudge.com)

Firefox fixes flaws. The exciting vulnerability that you don't need to be afraid of. Breach reporting rules with lots of leeway. Intro and outro music by Edith Mudge (www.edithmudge.com)

Apple patches two zero-days, one for a second time. How a 30-year-old cryptosystem got cracked. All your secret are belong to Zenbleed. Remembering those dodgy PC/Mac ads. Intro and outro music by Edith Mudge (www.edithmudge.com)

Why your Mac's calendar app says it's JUL 17. One patch, one line, one file. Careful with that {axe,file}, Eugene. Storm season for Microsoft. When typos make you sing for joy. Twitter: @NakedSecurity Intro and outro music by Edith Mudge (www.edithmudge.com)

Remembering the slide rule. What you need to know about Patch Tuesday. Supercookie surveillance shenanigans. When bugs arrive in pairs. Apple's rapid patch that needed a rapid patch. User-Agent considered harmful. Twitter: @NakedSecurity Intro and outro music by Edith Mudge (www.edithmudge.com)

First there was DevOps, then SecOps, then DevSecOps. Or should that be SecDevOps? Paul Ducklin talks to Sophos X-Ops insider Matt Holdcroft about how to get all your corporate "Ops" teams working together, with cybersecurity correctness as a guiding light. Twitter: @NakedSecurity Intro and outro music by Edith Mudge (www.edithmudge.com)

PONG for one player. Apple pushes out anti-spyware patch. Beware bad passwords on Linux servers. "Twitter hacker" gets 5 years. When mobile phones and dental hygiene collide. Twitter: @NakedSecurity Intro and outro music by Edith Mudge (www.edithmudge.com)

Gee Whizz BASIC (probably). Think you know ransomware? Megaupload, 11 years on. ASUS warns of critical router bugs. MOVEit mayhem Part III. Twitter: @NakedSecurity Intro and outro music by Edith Mudge (www.edithmudge.com)

Magnetic core memory. Patch Tuesday and SketchUp shenanigans. More MOVEit mitigations. Mt. Gox back in the news. Gozi malware criminal imprisoned at last. Are password rules like running through rain? Twitter @NakedSecurity Intro and outro music by Edith Mudge (www.edithmudge.com)

Calling all modems. KeePass gets an update. MOVEit gets pwned. Chromium zero-day. The backdoor that wasn't really. WPBT explained. Twitter @NakedSecurity Intro and outro music by Edith Mudge (www.edithmudge.com)

How to say "GIF". A Blackmailer-in-the-Middle attack. Knitting your own crypto. KeePass master password shenanigans. Binge listening. Email tips@sophos.com Twitter @NakedSecurity Intro and outro music by Edith Mudge (www.edithmudge.com)

Luminiferous aether. A $10m cybercrime reward. Bank scam kingpin gets 13 years. Three Apple 0-days. A Python malware maelstrom. Email tips@sophos.com Twitter @NakedSecurity

An Apple product that flopped (and was not the Newton). Two-faced sysadmin jailed for 6 years. The smart plug with the unsmart security hole. Clearview AI again, once more, again. Intro and outro music by Edith Mudge (https://www.edithmudge.com). Hit us up on Twitter: @NakedSecurity

The world-changing Visible Calculator. How not to get a job. Private keys - the hint is in the name. Microsoft's complicated bootkit patch. Taming Bluetooth trackers. Email: tips@sophos.com Twitter: https://twitter.com/nakedsecurity Original music by Edith Mudge (www.edithmudge.com)

New England gets BASIC. Google hits back at CryptBot crooks. Apple seals its lips on security. Mac malware-as-a-service. World Password Day. PaperCut: disclose or don't disclose? Original music by Edith Mudge (https://www.edithmudge.com).

The CIH or SpaceFiller virus revisited. Google's 2FA security shortcut. Server vulns under active attack. Two Chrome zero-days, but was it one attack? Email: tips@sophos.com Twitter: @NakedSecurity

Fun with FORTRAN?! An extreme data breach and its consequences. Rogue 2FA apps live in action. Juicejacking revisited. With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge.

A common business-oriented language. Patch Tuesday. Secure Boot (without the "Secure" part). Apple zero-days. World-readable garage doors. Motherboard malware threats. Original music by Edith Mudge (https://www.edithmudge.com) Email tips@sophos.com Twitter @NakedSecurity

A supply chain attack that foisted spyware on trusting users. Wi-Fi encryption bypass via left-over data. Surely there should be TWO World Backup Days? Email tips@sophos.com Original music by Edith Mudge (https://www.edithmudge.com) Twitter @NakedSecurity

RIP Gordon Moore, the more in Moore's Law. Photo cropping bugfix. DDoS honeypot. E-commerce patches. Apple 0-day and lots more. Email tips@sophos.com Twitter @NakedSecurity

The mobile phone bugs that Google kept quiet, just in case. The mysterious case of ATM video uploads. When redacted data springs back to life. Email tips@sophos.com Twitter @NakedSecurity

The price of fast fashion. Firefox fixes. Feature creep fail curtailed in Patch Tuesday updates. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity

Memories of Michelangelo (the virus, not the artist). Data leakage bugs in TPM 2.0. Ransomware bust, ransomware warning, and anti-ransomware advice. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity

How Woz nearly gave away the Apple I. Rogue software packages. Rogue network "administrators". Rogue keyloggers. Rogue authenticators. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity

The first search warrant for computer storage. GoDaddy breach. Twitter surprise. Coinbase kerfuffle. The cost of success. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity

The birth of ENIAC. A "sophisticated attack" (someone got phished). A cryptographic hack enabled by a security warning. Valentine's Day Patch Tuesday. Apple closes spyware-sized 0-day hole. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity

Cryptocurrency crimelords. Security patches for VMware, OpenSSH and OpenSSL. Medical breacher busted. Is that a bug or a feature? Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity

Do we really need a "war against cryptography" - codes and ciphers that the government can easily crack if it thinks there's an emergency - to cement our collective online security? Hear renowned cybersecurity author Andy Greenberg's thoughtful commentary on this and many other vital issues, including anonymity and privacy, as we talk to him about his tremendous new book, Tracers in the Dark. Original music by Edith Mudge.

The mighty CPU that wasn't. Hive ransomware takedown. Dutch data crime suspect busted. Samba finally gets rid of MD5. GitHub admits to an intrusion. Storing passwords securely. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity

The programming language almost called Oak. GoTo admits to more breach woes. T-Mobile spills 37 million records. Apple patches everything, even iOS 12. And Google mAkES tYpOs for sECurity.Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity

The HAPPY99 virus reminds us that less is more. Trouble with JSON Web Tokens. Investment scammers busted in Europe. The LifeLock "breach" that wasn't. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity

Two stories from the underground. Bank scammers busted. The crypto-crack that wasn't. And the end of two Windows eras at the same time. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity

The ground-breaking HP-35 digital calculator. Last straw for LastPass? Congress takes on quantum computing. 33 1/3-year-old cybersecurity lessons. Machine learning supply chain attack. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity

Once more unto the breach, dear friends, once more!  Paul Ducklin talks to Peter Mackenzie, Director of Incident Response at Sophos, in a cybersecurity session that will alarm, amuse and educate you, all in equal measure.  Original music by Edith Mudge Got questions/suggestions/stories to share?  Email: tips@sophos.com  Twitter: @NakedSecurity 

Join world-renowned Sophos expert Fraser Howard, Director of Research at SophosLabs, for this fascinating episode, recorded during our recent Security SOS Week 2022. When it comes to fighting cybercrime, Fraser truly is a "specialist in everything", and he also has the knack of explaining this tricky and treacherous subject in plain English. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity

The irony of the CAN-SPAM law. When genuine kernel drivers go rogue. Apple patches everything. Stealing data via secret radio waves. E-commerce supply chain drama. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity

The worm that wasn't a Goner. LastPass suffers a sting in the data breach tail. Apple's secretive update. The Ping o' Death. SIM swapping explained. A Beatles-esque 0-day in Chrome and Edge. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity

Christmas-themed wormage. Prurient malware. Cryptorom busts. Voice call spoofing. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity

Security specialist John Shier tells you the "news you can really use" - how to boost your cybersecurity based on real-world advice from the 2023 Sophos Threat Report. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity

Microsoft's tilt at the MP3 marketplace. Apple's not-a-zero-day emergency. Cracking the lock on Android phones. Browser-in-the-Browser revisited. The Emmenthal cheese attack. Business Email Compromise and how to prevent it. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity

Radio waves so mysterious they're known only as X-Rays. Were there six 0-days or only four? The cops that found $3 billion in a popcorn tin. Blue badge confusion. When URL scanning goes wrong. Tracking down every last unpatched file. Why even unlikely exploits can earn "high" severity levels. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity

The man who put Boole in Boolean. OpenSSL's bated-breath update. Apple's zero-day finally settled. New Chrome zero-day. SHA-3 code gets a patch. Extreme extortion via stolen medical data. Data breach response the nonchalant way. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity

Windows XP (fondly?!) remembered. Clearview AI courts controversy again. DEADBOLT ransomware crooks get counterhacked. Women cryptologists commemorated in US. How to measure randomness. Deconstructing Apple's latest security bulletins. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity

Coolest videogame ever. Zoom thinks everyone's a developer. The Patch Tuesday that wasn't. A data breach coverup. Log4Shell all over again. And the Office cryptofail that Microsoft won't fix. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity

What goes up... must come down. Ransomware criminal avoids a life sentence. Former CSO convicted over Uber megabreach coverup. WhatsApp fights rip-off rogue apps. The Countess of Computer Science. Could a weird email brick your iPhone? Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity

Naked Security meets Sophos X-Ops! Duck and Chet dig into OAuth 2.0, a well-known protocol for authorization. Microsoft calls it "Modern Auth", though it's a decade old, and is finally forcing Exchange Online customers to switch to it. Original music by Edith Mudge

A fridge-sized calculator made with transistors (really). ProxyNotShell situation reviewed. Romance and BEC scammer gets 25 years in the slammer. Is there an answer to nuisance callers? Is the answer voicemail? Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity

Chester Wisniewski gives you actionable advice on how to deal with two actively exploited Exchange zero-days that suddenly burst into the news. Learn who's affected and how, find out what you can do while waiting for Microsoft's patches, and plan your threat hunting in case the worst happens to you. Original music by Edith Mudge

What's the real deal with LAPSUS$? How did Optus get hacked? Was there really a WhatsApp 0-day? What if "deleted" data comes back from the dead to haunt you? Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity

Security SOS Week 2022 - check it out! The very first Android. Firefox 105 is out. Uber hacked... by LAPSUS$? LastPass talks about its breach. Are two disks better than one? Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

Chester Wisniewski explains what we can learn from Uber's latest cybsecurity crisis: "Just because a big company didn't have the security they should doesn't mean you can't." Original music by Edith Mudge

Second Cosmic Rocket (not a band!) Microsoft 0-day. Apple 0-days. Good logging habits. Browser-in-the-browser trickery. DEADBOLT ransomware. Again. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity

The bug that was a moth. Was there really a TikTok breach? Peter Eckersley: Code In Peace. Chrome and Edge fix a zero-day. Apple updates iOS 12 for the first time in a year. App icons: the difference between sprockets and cogs. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

The Computer Misuse Act, back in 1990. JavaScript supply-chain bug hunting. Jumping airgaps. "The Sanitizer" comes to Chrome. LastPass breach provokes password manager puzzlement. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

Start me up. The R&B dance classic that crashed computers. Bitcoin ATM skimming (no malware required). Multiple browser zero-days. Was your iPhone pwned? Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

Chester attends DEF CON from afar. Zoom fixes an 0-day. An APIC leak that isn't EPIC. $10m for dobbing in Conti criminals. Cybersecurity in hospitals. Ransomware in triplicate. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

Memories of the Blaster worm. Slack leaked password hashes for FIVE YEARS. Github showered with malware. Traffic lights and cybersecurity. Post-quantum cryptography. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

Queen Victoria goes online. A nasty bug in Samba. Smiles for SysAdmins. A crypto-as-in-cryptography bug. A crypto-as-in-currency disaster. And is $200 million just chump change these days? Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

Geosynchronicity. Office security (on-off-on). A half-billion-dollar data breach cost. And patch that browser! Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

Integrated circuits and Nobel prizes. Log4Shell - forever? Cybersecurity tips for summmer. Scams and coincidence. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

Memories of the Code Red worm. OpenSSL fixes two tiny but troublesome bugs. More trouble in Java-land. Office macros off and back on again. Potential perils of paying ransomware demands. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

Chrome quashes another zero-day browser bug. Two big-time cybercrime stories. A 2FA phishing scam that arrived PDQ. Chester swarmed by bots on Twitter. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

Memories of the iPhone 1. Sextortion scams target LGBTQ+ daters. Yet another blockchain blunder. OpenSSL fixes the bug missed in the last bugfix. And what became of Little Bobby Tables? Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

Duck gets behind the Ducks. 2000 phone scammers arrested in Interpol action. A three-year-old hacking case ends in conviction. And a Canadian financial company picks up an enormous data breach fine. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

Computer Science in the 1800s. Fixing Follina. AirTag stalking. ID theft site seizure. And the Law of Big Numbers versus SMS scams. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

The dawn of the x86 era. The Active Adversary Playbook. A sort-of zero day in Windows. A real-life zero-day in Atlassian Confluence. And the registry settings that could keep you in your job. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

Why calling a computer after a famous scientist doesn't always help. The wacky but dangerous 0-day hole in Windows. Supply chain attacks and the crooks who orchestrate them. Smishing revisited. And why saying what you really mean makes you better at cybersecurity. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

How network comms caught a murderer back in in 1845. Why the US government said, "Patch, or else!" How Mozilla got a double code-execution bug fixed in 48 hours. And why controversial face-matching company Clearview AI got fined $10m. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

What does the word "non-commensurate" mean? When is cracking passwords legal? Why did Firefox get patched? Which computer needed dropping onto the desk? Why wasn't this 0-day listed in every Apple update? Did Duck get spammed, or was it actually a troll? Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

Where does the word "radio" come from? RubyGems supply chain rip-and-replace bug. A weird, weird, weird, weird, weird GoogleDocs bug. Colonial Pipeline back in the cybersecurity news. What about built-in password managers? Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

World Password Day (we still need it), Github authentication tokens, Firefox hits a ton, and a look back at network worms. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

The biggest mountain in tne solar system. New ransomware statistics. Trouble with phishing. Bugs in NAS boxes. A giant security hole in Java. And how to get an industrial grade firewall at home for free. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

Adam Osborne or John Osbourne? Another 0-day in Chrome. How not to choose a cybersecurity holiday destination. The Osbo[u]rne Effect. Cryptododginess that might actually be legal. And the Zilog Z80 versus the Mostech 6502. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

Hydra darkweb market decapitated. Ruby module supply chain hole. Quantum computing sidestepped. A robot revolution that could result in ransomware. And the Zuckerberg scam that just won't die. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

Hacking 2022-style. Some Apple bugs. Some Android bugs. Some Firefox bugs. The SATAN network scanner. Some VMware Spring bugs. And hacking PDP-11 style. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

The DEADBOLT ransomware. LAPSUS$ members bust - or were they? Zlib patches a 17-year-old bug. Chrome experiences another weird 0-day. And Clippy. Yes, THAT Clippy. No, we're not sure why. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

LAPSUS$ hackers break into Okta. The CryptoRom money-scamming malware is back on phones. OpenSSL gets into an infinite loop. CafePress fined for covering up a data breach. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

Two ransomware suspects extradited for trial. Apple patches 87 known security holes. Happy Pi Day. What happens if a whole country exits the global internet? Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

What do ransomware blackmailers ask for when they don't want money? Why did Firefox get two updates in three days? How did Adafruit get hoist by the petard of shadow IT? And what's with those dirty Linux pipes? REGISTER FOR OUR CYBERINSURANCE EVENT: https://events.sophos.com/cyberinsurance Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

How good is Apple's AirTag stalker detection? Why are web coders still making Y2K-like blunders? And how many Instagram scams can you get in one weekend? Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

VM escapes could put your host servers at risk. PHP fixes an input validation bug in input validation code. A WordPress plugin maker shows you how to write a decent security report. And French scammers remind us that sextortion is sadly still a thing. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

Alleged Bitcoin fraudsters busted, power company in trillion-dollar payout blunder, how a blizzard led to a telecomms revolution, and 0-day after 0-day after 0-day. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

Problems with plugins. A Wormhole wormhole. Can machines think? Microsoft has a change of heart. And then another one. Why screen cleaning cloths are cool. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

Stealing root on Linux. Snooping on RAM with a video driver bug. Apple patches a zero-day hole. SMS scams promise home PCR machines. German court freaks out over fonts. How to be private. And a paint robot that went wild. https://nakedsecurity.sophos.com/pwnkit-security-bug-gets-you-root https://nakedsecurity.sophos.com/linux-kernel-patches-performance-can-be-harmful-bug https://nakedsecurity.sophos.com/apple-patches-safari-data-leak https://nakedsecurity.sophos.com/coronavirus-sms-scam-offers-home-pcr https://nakedsecurity.sophos.com/website-operator-fined-for-using-google-fonts https://nakedsecurity.sophos.com/happy-data-privacy-day Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

Watch out for tax scams. Crooks with the motto "In Fraud We Trust". How not to write a data breach notification. Where to find the "10" key on your telephone. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

Russia busts Revil. Romance scammer sent to prison. Wormable Windows hole patched. Memories of the HAPPY99 virus. Linux disk encryption trouble. Apple browsers leak personal data. And how (not) to paint a computer. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

A JavaScript coder sabotages his own projects. Routers with critical holes. Honda cars party like it's 2002. The FTC warns everyone to patch. And a Log4Shell-like bug in another Java library. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

Log4Shell - the gift that keeps on taking. Scammers threatening your social media accounts. Apple Home has a pecuu[...]uuliar bug. And why 2FA is easier than you think. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

Understanding Log4Shell. Fixing Log4Shell. What criminals are up to with Log4Shell. Apple's latest security fixes. And what (not to) do when your mouse gets stuck. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

Mozilla's "BigSig" buffer overflow hole. UK to put IoT vendors on notice. The Mother of All Demos. Cryptocurrency company catastrophe. Firefox gets an extra sandbox. And an access point from outer space (OK, from home). Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

Call scammers and cryptocoin treachery. Cloud insecurity and yet more cryptocoin treachery. Facial recognition creepiness. And the wannabe wizard that went to school with a trainee Sith. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

Cybersecurity tips for the holiday season and beyond. Exchange at risk from public exploit. GoDaddy loses passwords for 1.2m users. Longest-lived Windows version ever. Don't make your cookies public. And the day that umbrellas became an anti-DDoS tool. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

The infamous Emotet malware makes a comeback. Crooks smirk at the world with a fake FBI warning. Why tubes are also valves. Samba fixes an intriguing bug. The suitcase that needs no handle. And a virtual-versus-real monitor mixup. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

We enjoy the Sophos 2022 Threat Report. The world's {oldest, coolest} continously maintained browser. Facebook folds up its Face Recognition feature. Crooks combine a new social engineering scam with a new way of packaging malware. Kaseya ransomware suspect busted in Poland. Oh! No! How to block radio communications in a land with no hills. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

Norbert (huzzah for Norbert!) does tech support. Europol digs into the ransomware scene. Microsoft finds a wacky bug in Apple's shell. The Morris worm turns 33. Edge on Linux phans the phlames. Ola! Gibberish peculiarity textual solvage. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

Bliss is a hill in wine country. Lessons from a cryptotrading hamster. Ransomware gang hacked back. Docusign phishers go after 2FA codes. Sleep mode considered harmful. Original music by Edith Mudge Got something to share? Email tips@sophos.com

Special minisode! Michelle Farenci knows her stuff, because she's a cybersecurity practitioner inside a cybersecurity company. Learn why thinking like an attacker makes you a better defender. Full transcript: https://nakedsecurity.sophos.com/listen-up-4-cybersecurity-first-purple-teaming

Special minisode! Dr Jason Nurse, Associate Professor in Cybersecurity at the University of Kent, takes on the controversial topic of cyberinsurance. Full transcript: https://nakedsecurity.sophos.com/becybersmart-2021-cyberinsurance