Wednesday, November 30, 2022

S3 Ep110: Spotlight on cyberthreats – an expert speaks

Security specialist John Shier tells you the "news you can really use" - how to boost your cybersecurity based on real-world advice from the 2023 Sophos Threat Report. https://sophos.com/threatreport With Paul Ducklin and John Shier. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories...

S3 Ep109: How one leaked email password could drain your business dry

Microsoft's tilt at the MP3 marketplace. Apple's not-a-zero-day emergency. Cracking the lock on Android phones. Browser-in-the-Browser revisited. The Emmenthal cheese attack. Business Email Compromise and how to prevent it. https://nakedsecurity.sophos.com/emergency-code-execution-patch-from-apple https://nakedsecurity.sophos.com/dangerous-sim-swap-lockscreen-bypass https://nakedsecurity.sophos.com/firefox-fixes-fullscreen-fakery-flaw https://nakedsecurity.sophos.com/log4shell-like-code-execution-hole https://nakedsecurity.sophos.com/gucci-master-business-email-scammer With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got...

S3 Ep108: What would YOU do if you found $3 billion in a popcorn tin?

Radio waves so mysterious they're known only as X-Rays. Were there six 0-days or only four? The cops that found $3 billion in a popcorn tin. Blue badge confusion. When URL scanning goes wrong. Tracking down every last unpatched...

S3 Ep107: Eight months to kick out the crooks and you think that's GOOD?

The man who put Boole in Boolean. OpenSSL's bated-breath update. Apple's zero-day finally settled. New Chrome zero-day. SHA-3 code gets a patch. Extreme extortion via stolen medical data. Data breach response the nonchalant way. https://nakedsecurity.sophos.com/openssl-patches-are-out-critical-bug-downgraded-to-high https://nakedsecurity.sophos.com/the-openssl-security-update-story-how-can-you-tell https://nakedsecurity.sophos.com/updates-to-apples-zero-day-update-story-iphone-and-ipad https://nakedsecurity.sophos.com/chrome-issues-urgent-zero-day-fix-update-now https://nakedsecurity.sophos.com/sha-3-code-execution-bug-patched-in-php https://nakedsecurity.sophos.com/psychotherapy-extortion-suspect-arrest-warrant https://nakedsecurity.sophos.com/online-ticketing-company-see-pwned-for-2-5-years With Doug Aamoth and Paul Ducklin Original...

S3 Ep106: Facial recognition without consent: should it be banned?

Windows XP (fondly?!) remembered. Clearview AI courts controversy again. DEADBOLT ransomware crooks get counterhacked. Women cryptologists commemorated in US. How to measure randomness. Deconstructing Apple's latest security bulletins. https://nakedsecurity.sophos.com/clearview-ai-image-scraping-face-recognition-service-hit-with-e20m-fine https://nakedsecurity.sophos.com/when-cops-hack-back-dutch-police-fleece-deadbolt-criminals https://nakedsecurity.sophos.com/women-in-cryptology-usps-celebrates-ww2-codebreakers https://nakedsecurity.sophos.com/serious-security-you-cant-beat-the-house-at-blackjack https://nakedsecurity.sophos.com/apple-megaupdate-ventura-out-ios-and-ipad-kernel-zero-day With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories...

S3 Ep105: WONTFIX! The MS Office cryptofail that “isn't a security flaw”

The coolest videogame ever. Zoom thinks everyone's a developer. The Patch Tuesday that wasn't. A data breach coverup. Log4Shell all over again. And the Office cryptofail that Microsoft won't fix. https://nakedsecurity.sophos.com/zoom-for-mac-patches-sneaky-spy-on-me-bug https://nakedsecurity.sophos.com/patch-tuesday-in-brief-one-0-day-fixed https://nakedsecurity.sophos.com/fashion-brand-shein-fined-1-9m-for-lying https://nakedsecurity.sophos.com/dangerous-hole-in-apache-commons-text https://nakedsecurity.sophos.com/serious-security-microsoft-office-365 With Doug Aamoth and Paul Ducklin Original music by Edith Mudge...

S3 Ep104: Should hospital ransomware attackers be locked up for life?

What goes up... must come down. Ransomware criminal avoids a life sentence. Former CSO convicted over Uber megabreach coverup. WhatsApp fights rip-off rogue apps. The Countess of Computer Science. Could a weird email brick your iPhone? https://nakedsecurity.sophos.com/netwalker-ransomware-affiliate-sentenced https://nakedsecurity.sophos.com/former-uber-cso-convicted https://nakedsecurity.sophos.com/whatsapp-goes-after-chinese-password-scammers https://nakedsecurity.sophos.com/move-over-patch-tuesday-its-ada-lovelace https://nakedsecurity.sophos.com/mystery-iphone-update With Doug Aamoth and...

S3 Ep103.5: OAuth 2 and why Microsoft is forcing you into it

Naked Security meets Sophos X-Ops: Duck and Chet dig into the OAuth 2.0, the industry standard protocol for authorization. Microsoft calls it "Modern Auth", though it's more than a decade old, and is finally forcing Exchange Online customers to...

S3 Ep103: Scammers in the Slammer (and other stories)

S3 Ep103: Scammers in the Slammer (and other stories) A fridge-sized calculator made with transistors (really). ProxyNotShell situation reviewed. Romance and BEC scammer gets 25 in the slammer. Is there an answer to nuisance callers? Is the answer voicemail? https://nakedsecurity.sophos.com/urgent-microsoft-exchange-double-zero-day https://nakedsecurity.sophos.com/s3-ep102-5-proxynotshell-exchange-bugs https://nakedsecurity.sophos.com/romance-scammer-and-bec-fraudster-sent-to-prison https://nakedsecurity.sophos.com/scammers-and-rogue-callers-can-anything-ever-stop-them With Doug...

S3 Ep102.5: “ProxyNotShell” Exchange bugs – an expert speaks

Chester Wisniewski gives you actionable advice on how to deal with two actively exploited Exchange zero-days that suddenly burst into the news. Learn who's affected and how, find out what you can do while waiting for Microsoft's patches, and...

S3 Ep102: Seeing the truth through all the cybersecurity news hype

What's the real deal with LAPSUS$? How did Optus get hacked? Was there really a WhatsApp 0-day? What if "deleted" data comes back from the dead to haunt you? https://nakedsecurity.sophos.com/uber-and-rockstar-has-a-lapsus-linchpin https://nakedsecurity.sophos.com/optus-breach-aussie-telco-told-it-will-have-to-pay https://nakedsecurity.sophos.com/whatsapp-zero-day-exploit-news-scare https://nakedsecurity.sophos.com/morgan-stanley-fined-millions-for-selling-off-devices With Paul Ducklin and Chester Wisniewski Original music by Edith Mudge (https://www.edithmudge.com) Got...

S3 Ep101: Uber and LastPass – is 2FA all it's cracked up to be?

Security SOS Week 2022 - check it out! The very first Android. Firefox 105 is out. Uber hacked... by LAPSUS$? LastPass talks about its breach. Are two disks better than one? https://nakedsecurity.sophos.com/interested-in-cybersecurity-join-us-for-security-sos-week https://nakedsecurity.sophos.com/s3-ep100-5-uber-breach-an-expert-speaks https://nakedsecurity.sophos.com/uber-has-been-hacked-boasts-hacker https://nakedsecurity.sophos.com/lastpass-source-code-breach-incident-response With Doug Aamoth and Paul Ducklin Original music by Edith...

S3 Ep100.5: Uber breach – an expert speaks

S3 Ep100.5: Uber breach - an expert speaks Chester Wisniewski explains what we can learn from Uber's latest cybsecurity crisis: "Just because a big company didn't have the security they should doesn't mean you can't." https://nakedsecurity.sophos.com/uber-has-been-hacked-boasts-hacker With Paul Ducklin and Chester Wisniewski. Original...

S3 Ep100: Imagine you went to the moon – how would you prove it?

Second Cosmic Rocket (not a band!) Microsoft 0-day. Apple 0-days. Good logging habits. Browser-in-the-browser trickery. DEADBOLT ransomware. Again. https://news.sophos.com/en-us/2022/09/13/a-lighter-patch-tuesday https://nakedsecurity.sophos.com/2022/09/12/apple-patches-a-zero-day https://nakedsecurity.sophos.com/hoe-to-deal-with-dates-and-times https://nakedsecurity.sophos.com/serious-security-browser-in-the-browser-attacks https://nakedsecurity.sophos.com/deadbolt-ransomware-rears-its-head-again With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

S3 Ep99: TikTok “attack” – was there a data breach, or not?

The bug that was a moth. Was there really a TikTok breach? Peter Eckersley: Code In Peace. Chrome and Edge fix a zero-day. Apple updates iOS 12 for the first time in a year. App icons: the difference between...
TechRepublic

What is Account Takeover and How to Prevent It in 2022

An account takeover (ATO), in which criminals impersonate legitimate account owners to take control of an account, are on the rise in Asia and across the world. Fraudsters are swindling money and digital assets from consumers across industries, with...
TechRepublic

The OWASP Top 10 – How Akamai Helps

OWASP publishes a list of the 10 most common vulnerabilities in web applications. This white paper details how Akamai can help mitigate these threat vectors. The post The OWASP Top 10 – How Akamai Helps appeared first on TechRepublic.
TechRepublic

Gartner: How to Respond to the 2022 Cyberthreat Landscape

A new Gartner® report, How to Respond to the 2022 Cyberthreat Landscape, focuses on the new threats organizations will face as they prepare for the future of work and accelerate digital transformations. Gartner’s advice will help security and risk...
TechRepublic

Gartner MQ WAAP 2022

Research shows that web applications and API attacks continued to explode in the first half of 2022. Does your organization have the best defense today? Akamai recommends deploying a holistic web application and API protection (WAAP) solution. The right...
TechRepublic

How Akamai Helps to Mitigate the OWASP API Security Top 10 Vulnerabilities

Experts warn that API attacks will soon become the most common type of web application attack. As a result, organizations and their security vendors need to align across people, processes, and technologies to institute the right protections. The Open...