Wednesday, April 24, 2019

Ep. 028 – SPEWS, Android security and scary Facebook messages

The Naked Security podcast tells you how to make your web signup forms safer, explains how Android phones can be used as security tokens, and looks into a Facebook "hidden message" that escaped into the wild.. With Anna Brading. Paul...

Ep. 027 – Honeypots, GPS rollover and the MySpace data vortex

The Naked Security podcast reveals how long you can expect to go unnoticed online before crooks first come knocking on your door, explains why we still have applications where bandwidth is in such tight supply that every bit matters,...

Ep. 026 – Android bloatware, hackable routers and website attacks

The Naked Security podcast looks into the annoying problem of bloatware on Android phones, explains a zero-day bug in a TP-Link router and how it turned into bad PR, and gives you advice on how to keep crooks out...

Ep. 025 – Business Email Compromise and IoT surprises

The Naked Security podcast explains how to avoid losing money to the cybercrime known as BEC, or Business Email Compromise, and gives you tips on what to look out for when you plug new devices into your network. With Paul...

Ep. 024 – Sextortion, malicious adverts and randomness explained

In this Naked Security podcast, we explain how to handle sextortion, look at techniques for getting rid of malvertising, and discuss the things that make randomness hard. With Anna Brading, Paul Ducklin, Mark Stockley and Matthew Boddy. This week's stories: https://nakedsecurity.sophos.com/final-warning-email https://nakedsecurity.sophos.com/cia-bribery-scam https://nakedsecurity.sophos.com/sextortion-whats-new https://nakedsecurity.sophos.com/chrome-will-soon-block-drive-by https://nakedsecurity.sophos.com/serious-security-when-randomness-isnt How to...

Ep. 023 – Facebook promises and Google Chrome patches

This week, the Naked Security Podcast tries to figure out where Mark Zuckerberg's new "Facebook Privacy Promise" is going, and digs into both the technical and community aspects of a recent Chrome zero-day bug. With Anna Brading, Mark Stockley and...

Ep. 022 – Plaintext passwords, cryptocoin criminality and the Momo monstrosity

The Naked Security podcast explains why storing plaintext passwords is an unnecessary evil, investigates a cryptocurrency spat between a software maker and a disgruntled user, and tells you some earnest but unpopular truths about how to keep your children...

Ep. 021 – Leaked calls, a virus on the loose and passwords on display

The Naked Security podcast investigates a massive medical data blunder, tells you how NOT to do vulnerability disclosure, and asked whether password managers do more harm than good. With Anna Brading, Paul Ducklin, Mark Stockley and Matt Boddy. This week's stories: https://nakedsecurity.sophos.com/milions-of-private-medical-calls-exposed https://nakedsecurity.sophos.com/2019/02/20/virus-attack-hackers-unleash https://nakedsecurity.sophos.com/2019/02/21/password-managers-leaking-data Music...

Ep. 020 – Leaky containers, careless coders and risky USB cables

The Naked Security podcast explains the recent security hole in Linux products such as Docker and Kubernetes, ponders whether Apple's insistence on 2FA for developers will bring rogue apps under control, and tells you whether to worry about booby-trapped...

Ep. 019 – Android holes, iOS screengrabbing and USB poo

The Naked Security podcast pokes a stick into the latest critical security bugs in Android, investigates the dubious art of iOS screenshots you didn't take yourself, and marvels at the USB drive that survived a seal's digestive tract. With Anna...

Ep. 018 – Home invasions, snoopy apps and Android versus iOS

The Naked Security podcast looks at who was at fault in a network home invasion, investigates how both Google and Facebook fell foul of Apple's developer rules, and answers the vital question, "Which is better, Android or iPhone?" With Anna...

Ep. 017 – DNS hijacking, a weird breach and a cybersecurity confession

The Naked Security Podcast digs into a US Emergency Directive to stop government sites getting hijacked, examines a data breach with a difference, and hears a cybersecurity expert's confession of how his Instagram got hacked. With Anna Brading, Paul Ducklin,...

Ep. 016 – Email fraud, Android insecurity, Collection #1 and the 10 Year Challenge

The Naked Security podcast looks at high-value email crime, Google's latest attempt to clean up the Play Store, how you can buy a billion email addresses for just $45, and the conspiracy theories that say the "10 year challenge"...

Ep. 015 – USB anti-hacking, bypassing 2FA and government insecurity

Naked Security looks at whether the latest USB hardware proposals will be used for security or for anti-piracy, investigates an open-source toolkit for bypassing 2FA, and explains how the US government shutdown is affecting online security. With Anna Brading,...

Ep. 014 – Rickrolls, Acrobat and zombie hands

The Naked Security Podcast investigates the ethics of remote rickrolling, whether Acrobat is the new Flash, and how to fool biometrics with a zombie hand. With Anna Brading. Paul Ducklin, Mark Stockley and Matthew Boddy. https://nakedsecurity.sophos.com/dont-fall-victim-to-the-chromecast https://nakedsecurity.sophos.com/update-now-adobe-acrobat https://nakedsecurity.sophos.com/vein-authentication-beaten

Stuxnet Family Tree Grows

What a newly discovered missing link to Stuxnet and the now-revived Flame cyber espionage malware add to the narrative of the epic cyber-physical attack.
ZDNet

Another dark web marketplace bites the dust –Wall Street Market

Two major dark web marketplaces for buying illegal products shut down in the span of a month.

Google File Cabinet Plays Host to Malware Payloads

Researchers detect a new drive-by download attack in which Google Sites' file cabinet template is a delivery vehicle for malware.

Demonstration Showcase Brings DevOps to Interop19

Attendees will learn how orchestration and automation can be a part of network operations and security, even at smaller companies.
isBuzz

What Home Buying Can Teach Us About Continuous Monitoring

Companies have been brainwashed to solely rely on hiring major auditing companies to help monitor and audit their vendors’ security. Assessments from these traditional auditors are typically an annual point-in-time affair. With technology advancing much more frequently, this outdated...