Tuesday, August 3, 2021

S3 Ep43: Apple 0-day, Windows bugs x2, and hacker bust

Apple's emergency 0-day fix. Two sorts of Windows nightmare, neither involving printers. Twitter hacker busted. And our very own Doug ruins a brand new TV. https://nakedsecurity.sophos.com/apple-emergency-zero-day-fix https://nakedsecurity.sophos.com/windows-petitpotam-network-attack https://nakedsecurity.sophos.com/windows-hivenightmare-bug https://nakedsecurity.sophos.com/us-court-gets-uk-twitter-hack-suspect-arrested https://nakedsecurity.sophos.com/porn-blast-disrupts-bail-hearing https://nakedsecurity.sophos.com/s3-ep12-a-chat-with-social-engineering-hacker With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter:...

S3 Ep42: Viruses, Nightmares, patches, rewards and scammers

Learning from computer virus history. The PrintNightmare saga continues. Apple puts out a patch, but doesn't say why. Snitch on a crook and win $10 million. Scammers do grammar. And the Business Email Compromise that wasn't. https://nakedsecurity.sophos.com/the-code-red-worm-20-years-on https://nakedsecurity.sophos.com/more-printnightmare https://nakedsecurity.sophos.com/apple-iphone-patches-are-out-no-news https://nakedsecurity.sophos.com/want-to-earn-10-million-snitch https://nakedsecurity.sophos.com/home-delivery-scams-get-smarter With Doug Aamoth and...

S3 Ep41: Crashing iPhones, PrintNightmares, and Code Red memories

We explain how a format string bug could lock your iPhone out of your own network. We revisit the PrintNightmare saga, which is sort-of fixed but not really. We look at what cybercriminals spend money on (hint: more cybercrime)....

S3 Ep40: Kaseya breach, PrintNighmare 0-day, and hacking versus the law

The "Independence Day Weekend" ransomware drama. The PrintNightmare nightmare continues. An email hacker gets his conviction overturned. In in this week's Oh! No! story, a server room fills with toxic fumes... This week's articles: https://nakedsecurity.sophos.com/kaseya-ransomware-attackers-say-pay-70-m https://nakedsecurity.sophos.com/printnightmare-the-zero-day-hole https://nakedsecurity.sophos.com/printnightmare-official-patch-is-out https://nakedsecurity.sophos.com/us-email-hacker-gets-his-computer-trespass The IBM 3270 "retrofont" that Duck loves: https://github.com/rbanffy/3270font With...

S3 Ep 39.5: A conversation with Eva Galperin

In this special splintersode, Kimberly Truong talks to Eva Galperin, Director of Security at the Electronic Frontier Foundation. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

S3 Ep39: Paying the date, #SocialMediaDay tips, and a special splintersode

When you spend tens of pounds but get billed thousands because the system mistook the date for the amount. Our tips to make #SocialMediaDay your safest day on social media yet. And a clip from a great new privacy...

S3 Ep38: Clop busts, destructive Linux hacking, and rooted bicycles

S3 Ep38: Clop busts, destructive Linux hacking, and rooted bicycles Ukrainian cops bring out the BFG (Big Fearsome Grinder) and cut open some doors. A repeated request for destructive Linux code enters its 15th year. Peloton exercise bicycles found to...

S3 Ep37: Quantum crypto, refunding Bitcoins, and Alpaca problems

S3 Ep37: Quantum crypto, refunding Bitcoins, and Alpaca problems Will quantum cryptography mean the end of encryption? How was the FBI able to get bitcoins back in the Colonial Pipeline ransomware case? What is the ALPACA attack, and does it...

S3 Ep36: Trickbot coder busted, passwords cracked, and breaches judged

S3 Ep36: Trickbot coder busted, passwords cracked, and breaches judged Alleged malware coder from the Trickbot gang arrested. 5500 passwords cracked and salaries stolen by "credential stuffing" crook. And we answer a listener's question about just how tough to be...

S3 Ep35: Apple chip flaw, Have I Been Pwned, and Covid tracker trouble

S3 Ep35: Apple chip flaw, Have I Been Pwned, and Covid tracker trouble Apple again, for yet another week: this time, it's a fascinating tale of a bug that's baked into its latest chip. Why the Aussie data breach warning...

S3 Ep34: Apple bugs, scammers busted, and how crooks bypass 2FA

Apple patches a raft of serious security holes. Police arrest eight suspects in an online scamming ring. We explain how WhatsApp messages from hacked accounts are helping cybercrooks bypass 2FA. https://nakedsecurity.sophos.com/apple-patches-dangerous-security-holes-one-in-active-use-update-now https://nakedsecurity.sophos.com/eight-suspects-busted-in-raid-on-home-delivery-scamming-operation https://nakedsecurity.sophos.com/s3-ep12-a-chat-with-social-engineering-hacker-rachel-tobac-podcast And if you are after the product recommended by our...

S3 Ep33: Eufy camera leak, Afterburner crisis, and AirTags (again)

We look into an unnerving case of mixed-up video feeds. We warn you against "going rogue" when you can't get the download you want from the regular place. We explain how Apple's new AirTag product got hacked (again). Stories discussed: https://nakedsecurity.sophos.com/apple-airtags-hacked-again-free-internet https://nakedsecurity.sophos.com/gamers-beware-crooks-take-advantage https://nakedsecurity.sophos.com/those-arent-my-kids-eufy-camera-owners Related...

S3 Ep32: AirTag jailbreak, Dell vulns, and the never-ending scam

Apple's brand new AirTag product got hacked already. Things you can learn from Colonial Pipeline's ransomware misfortune. Why Dell patched a bunch of driver bugs going back more than a decade. And the "Is it you in the video?"...

S3 Ep31: Apple zero-days, Flubot scammers and PHP supply chain bug

We look into Apple's recent emergency updates that closed off four in-the-wild browser bugs. We explain how the infamous "Flubot" home delivery scam works and how to stop it. We investigate a recent security bug that threatened the PHP...

S3 Ep30: AirDrop worries, Linux pests and ransomware truths

We investigate whether AirDrop is really as dangerous as researchers claimed. We discuss the pestiferous problem of fake Linux bugs submitted as an academic exercise. We review the latest Sophos Ransomware Report and uncover uncomfortable truths about paying up. https://nakedsecurity.sophos.com/apple-airdrop-has-significant-privacy-leak https://nakedsecurity.sophos.com/linux-team-in-public-bust-up-over-fake-patches https://nakedsecurity.sophos.com/ransomware-dont-expect-a-full-recovery ...
Google

Linux Kernel Security Done Right

Posted by Kees Cook, Software Engineer, Google Open Source Security TeamTo borrow from an excellent analogy between the modern computer ecosystem and the US automotive industry of the 1960s, the Linux kernel runs well: when driving down the highway,...

Raccoon Stealer Bundles Malware, Propagates Via Google SEO

An update to the stealer-as-a-service platform hides in pirated software, pilfers crypto-coins and installs a software dropper for downloads of more malware.
SecurityWeek

SAP Customer Survey Reveals False Sense of Security

Many SAP customers have a false sense of security, according to a new report from risk management consultancy Turnkey Consulting and business-critical application security firm Onapsis. The SAP Security Survey Report 2021 is based on information from over 100 SAP...

BazarCaller – the malware gang that talks you into infecting yourself

Calling someone back feels safer than clicking an unknown link... but it isn't! Remind your friends and family.

‘DeadRinger’ Targeted Exchange Servers Long Before Discovery

Cyberespionage campaigns linked to China attacked telecoms via ProxyLogon bugs, stealing call records and maintaining persistence, as far back as 2017.