Saturday, June 25, 2022

S3 Ep88: Phone scammers, hacking bust, and data breach fines

Duck gets behind the Ducks. 2000 phone scammers arrested in Interpol action. A three-year-old hacking case ends in conviction. And a Canadian financial company picks up an enormous data breach fine. https://nakedsecurity.sophos.com/interpol-busts-2000-suspects https://nakedsecurity.sophos.com/capital-one-identity-theft-hacker With Paul Ducklin and Chester Wisniewski Original music by Edith...

S3 Ep87: Follina, AirTags, ID theft and the Law of Big Numbers

Computer Science in the 1800s. Fixing Follina. AirTag stalking. ID theft site seizure. And the Law of Big Numbers versus SMS scams. https://nakedsecurity.sophos.com/youre-invited-join-us-for-a-live-walkthrough https://nakedsecurity.sophos.com/murder-suspect-admits-she-tracked-cheating-partner https://nakedsecurity.sophos.com/ssndob-market-servers-seized https://nakedsecurity.sophos.com/beware-the-smish-home-delivery-scams With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity...

S3 Ep86: The crooks were in our network for HOW long?!

The dawn of the x86 era. The Active Adversary Playbook. A sort-of zero day in Windows. A real-life zero-day in Atlassian Confluence. And the registry settings that could keep you in your job. https://nakedsecurity.sophos.com/know-your-enemy-learn-how-cybercrime-adversaries-get-in https://nakedsecurity.sophos.com/yet-another-zero-day-sort-of-in-windows https://nakedsecurity.sophos.com/atlassian-announces-0-day-hole-in-confluence With Doug Aamoth and Paul Ducklin. Original music...

S3 Ep85: Now THAT'S what I call a Microsoft Office exploit!

Why calling a computer after a famous scientist doesn't always help. The wacky but dangerous 0-day hole in Windows. Supply chain attacks and the crooks who orchestrate them. Smishing revisited. And why being explicit about what you mean helps...

S3 Ep84: Government demand, Mozilla velocity, and Clearview fine

How network comms caught a murderer back in in 1845. Why the US government said, "Patch, or else!" How Mozilla got a double code-execution bug fixed in 48 hours. And why controversial face-matching company Clearview AI got fined $10m. https://nakedsecurity.sophos.com/us-government-says-patch-vmware-right-now https://nakedsecurity.sophos.com/mozilla-patches-wednesdays-pwn2own-double-exploit https://nakedsecurity.sophos.com/clearview-ai-face-matching-service-fined With...

S3 Ep83: Cracking passwords, patching Firefox, and Apple vulns

What does the word "non-commensurate" mean? When is cracking passwords legal? Why did Firefox get patched? Which computer needed dropping onto the desk? Why wasn't this 0-day listed in every Apple update? Did Duck get spammed, or was it...

S3 Ep82: Bugs, bugs, bugs (and Colonial Pipeline again)

Where does the word "radio" come from? RubyGems supply chain rip-and-replace bug. A weird, weird, weird, weird, weird GoogleDocs bug. Colonial Pipeline back in the cybersecurity news. What about built-in password managers? https://nakedsecurity.sophos.com/rubygems-supply-chain-rip-and-replace-bug https://nakedsecurity.sophos.com/you-didnt-leave-enough-space https://nakedsecurity.sophos.com/colonial-pipeline-facing-1000000-fine https://www.sophos.com/en-us/products/managed-threat-response https://www.sophos.com/en-us/products/managed-threat-response/rapid-response With Doug Aamoth and Paul Ducklin. Original music by...

S3 Ep81: Passwords (still with us!), Github, Firefox at 100, and network worms

S3 Ep81: Passwords (still with us!), Github, Firefox at 100, and network worms World Password Day (we still need it), Github authentication tokens, Firefox hits a ton, and a look back at network worms. https://nakedsecurity.sophos.com/world-password-day-2022 https://nakedsecurity.sophos.com/firefox-hits-100 https://nakedsecurity.sophos.com/github-issues-final-report With Doug Aamoth and Paul Ducklin. Original music...

S3 Ep80: Ransomware news, phishing woes, NAS bugs, and a giant hole in Java

The biggest mountain in tne solar system. New ransomware statistics. Trouble with phishing. Bugs in NAS boxes. A giant security hole in Java. And how to get an industrial grade firewall at home for free. https://mars.nasa.gov/gallery/atlas/olympus-mons.html https://nakedsecurity.sophos.com/ransomware-survey-2022 https://nakedsecurity.sophos.com/phishing-goes-kiss https://nakedsecurity.sophos.com/qnap-warns-of-new-bugs https://nakedsecurity.sophos.com/critical-cryptographic-java-security-blunder https://www.sophos.com/en-us/products/free-tools/sophos-xg-firewall-home-edition.aspx With Doug Aamoth and Paul...

S3 Ep79: Chrome hole, a bad-choice holiday, and cryptododginess

Adam Osborne or John Osbourne? Another 0-day in Chrome. How not to choose a cybersecurity holiday destination. The Osborne Effect. Cryptododginess that might actually be legal. And the Zilog Z80 versus the Mostek 6502. https://nakedsecurity.sophos.com/yet-another-chrome-zero-day-emergency https://nakedsecurity.sophos.com/us-cryptocurrency-coder-gets-5-years https://nakedsecurity.sophos.com/beanstalk-cryptocurrency-heist With Doug Aamoth and Paul Ducklin. Original...

S3 Ep78: Darkweb hydra, Ruby, quantum computing, and a robot revolution

Hydra darkweb market decapitated. Ruby module supply chain hole. Quantum computing sidestepped. A robot revolution that could result in ransomware. And the Zuckerberg scam that just won't die. https://nakedsecurity.sophos.com/serious-security-darkweb-drugs-market-hydra https://nakedsecurity.sophos.com/popular-ruby-asciidoc-toolkit-patched https://nakedsecurity.sophos.com/openssh-goes-post-quantum https://nakedsecurity.sophos.com/five-critical-bugs-fixed-in-automatic-hospital-robot With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories...

S3 Ep77: Bugs, busts and old-school PDP-11 hacking

Hacking 2022-style. Some Apple bugs. Some Android bugs. Some Firefox bugs. The SATAN network scanner. Some VMware Spring bugs. And hacking PDP-11 style. https://nakedsecurity.sophos.com/lapsus-hacks-continue-despite-two-uk-hacker-suspects https://nakedsecurity.sophos.com/apple-pushes-out-two-emergency-0-day-updates https://nakedsecurity.sophos.com/googles-monthly-android-updates-patch-numerous-get-root-holes https://nakedsecurity.sophos.com/firefox-99-is-out-no-major-bugs-but-update-anyway https://nakedsecurity.sophos.com/two-different-vmware-spring-bugs-at-large With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram:...

S3 Ep76: Deadbolt, LAPSUS$, Zlib and a Chrome 0-day

The DEADBOLT ransomware. LAPSUS$ members bust - or were they? Zlib patches a 17-year-old bug. Chrome experiences another weird 0-day. And Clippy. Yes, THAT Clippy. No, we're not sure why. https://nakedsecurity.sophos.com/serious-security-deadbolt-the-ransomware https://nakedsecurity.sophos.com/uk-police-arrest-7-hacking-suspects https://nakedsecurity.sophos.com/zlib-data-compressor-fixes-17-year-old-security-bug https://nakedsecurity.sophos.com/google-chrome-patches-mysterious-new-zero-day With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge...

S3 Ep75: Okta, CryptoRom, OpenSSL and CafePress

South American hackers LAPSUS$ break into Okta. The CryptoRom money-scamming malware is back on phones. OpenSSL gets into an infinite loop. CafePress fined for covering up a data breach. https://nakedsecurity.sophos.com/beware-bogus-betas-cryptocoin-scammers https://nakedsecurity.sophos.com/openssl-patches-infinite-loop-dos-bug https://nakedsecurity.sophos.com/web-vendor-cafepress-fined-500000 https://nakedsecurity.sophos.com/serious-security-how-to-store-your-users-passwords With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got...

S3 Ep74: Cybercrime busts, Apple patches, Pi Day, and disconnect effects

Two ransomware suspects extradited for trial. Apple patches 87 known security holes. Happy Pi Day. What happens if a whole country exits the global internet? https://nakedsecurity.sophos.com/alleged-kaseya-ransomware-attacker-arrives-in-texas https://nakedsecurity.sophos.com/apple-patches-87-security-holes https://nakedsecurity.sophos.com/happy-piday-even-if-you-arent-in-north-america https://news.sophos.com/en-us/will-russias-war-on-ukraine-result-in-less-online-crime With Paul Ducklin and Chester Wisniewski. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter:...
Security Affairs

Multiple malicious packages in PyPI repository found stealing AWS secrets

Researchers discovered multiple malicious Python packages in the official PyPI repository stealing AWS credentials and other info. Sonatype researchers discovered multiple Python packages in the official PyPI repository that have been developed to steal secrets (i.e. AWS credentials and environment...

The Post-Roe Privacy Nightmare Has Arrived

Plus: Microsoft details Russia’s Ukraine hacking campaign, Meta’s election integrity efforts dwindle, and more.

How to Move Your WhatsApp Chats Across Devices and Apps

It's never been easier to switch between iPhone and Android—and to get your messages out of the Meta ecosystem entirely.
The Register

We’re now truly in the era of ransomware as pure extortion without the encryption

Why screw around with cryptography and keys when just stealing the info is good enough Feature  US and European cops, prosecutors, and NGOs recently convened a two-day workshop in the Hague to discuss how to respond to the growing...
The Hacker News

Learn NIST Inside Out With 21 Hours of Training @ 86% OFF

In cybersecurity, many of the best jobs involve working on government projects. To get a security clearance, you need to prove that you meet NIST standards. Cybersecurity firms are particularly interested in people who understand the RMF, or Risk Management...