South Korea's National Tax Service (NTS) has found itself in the middle of a deeply embarrassing - and costly - blunder after accidentally handing thieves the master key to a seized cryptocurrency wallet. Read more in my article on the Hot for Security blog.
A new report claims that the cost of insider security incidents has surged 20% in two years, reaching an average of US $19.5 million per organization annually, with no sign that the alarming figure is flattening. Read more in my article on the Fortra blog.
There is a certain poetic justice in a cybersecurity-related story that has emerged from Moscow this week: A man has been accused of trying to extort money... from a notorious Russian ransomware gang. Read more in my article on the Hot for Security blog.
When the mysterious operator of an internet archiving-service decided to silence a curious Finnish blogger, they didn’t just send a stroppy email - they allegedly weaponised their own CAPTCHA page to launch a DDoS attack, threatened to invent an entirely new genre of AI porn, and tampered with parts of their own archive to smear the blogger's name. In this episode, we unravel how a website designed to preserve history may have trashed its own credibility - and how Wikipedia responded when trust went out the window. Plus a ransomware gang shoots itself in the foot with a classic case of buffoonery, accidentally corrupting the very keys victims would need to decrypt their data. When even the criminals can’t unlock your files, what happens next? All this, a surprisingly zen Pick of the Week, and a gloriously splenetic rant against web forms, on episode 456 of the award-winning "Smashing Security" podcast, with cybersecurity veteran Graham Cluley and special guest Paul Ducklin.
Amid a privacy backlash, a US $10,000 reward has been offered for anyone who can find a way to run Ring doorbell cameras locally, cutting off the flow of video data to Amazon's servers. Read more in my article on the Hot for Security blog.
Spain's police force has announced that it has arrested a 20-year-old man who they claim managed to book luxury hotel rooms worth up to €1,000 a night for just one euro cent. Read more in my article on the Hot for Security blog.
Could America turn off Europe's internet? That’s one of the questions that Graham and special guest James Ball will be exploring as they discuss tech sovereignty. Could Gmail, cloud services, and critical infrastructure really become geopolitical leverage? And is anyone actually building a Plan B? Plus we explore if Meta is quietly plotting to turn its smart glasses into face-recognising surveillance specs? With reports of internal memos suggesting they plan to launch controversial features while everyone’s distracted by political chaos, we ask: is this innovation really wanted by the public... or something far creepier? All of this, and much more, in episode 455 of the award-winning "Smashing Security" podcast with cybersecurity veteran Graham Cluley, joined this week by journalist and author James Ball.
Police in The Netherlands say they have arrested a 40-year-old man on suspicion of hacking... after police officers accidentally sent him a link granting him access to their own confidential documents Read more in my article on the Hot for Security blog.
To consolidate all of our security intelligence and news in one location, we have migrated Naked Security to the Sophos News platform. Categories: Naked Security
It took six months for notifications to start, and we still don't know exactly what went down... but here's our advice on what to do. Categories: Naked Security Tags: data breach, MDR, Mom's Meals, PurFoods, ransomre, Ransomware
Latest episode - listen now! Full transcript inside... Categories: Naked Security Tags: cybercrime, hacking, IoT, TP-LINK, WinRAR
Imagine if you clicked on a harmless-looking image, but an unknown application fired up instead... Categories: Naked Security
Cryptography isn't just about secrecy. You need to take care of authenticity (no imposters!) and integrity (no tampering!) as well. Categories: Naked Security Tags: cryptography, Tapo, TP-LINK
WYSIWYG is short for "what you see is what you get". Except when it isn't... Categories: Naked Security Tags: Airplane Mode, data leakage, iPhone, WYSIWYG
Celebrating the true crypto bros. Listen now (full transcript available). Categories: Naked Security Tags: cybercrime, hacking, scams
Apps on your iPhone must come from the App Store. Except when they don't... we explain what to look out for. Categories: Naked Security Tags: FBI, MDM, pig butchering, romance scam, SCAM, TestFlight
The rise of tap-to-pay and chip-and-PIN hasn't rid the world of ATM card skimming criminals... Categories: Naked Security Tags: atm, cybercrime, skimming
The site was running from 2014 and allegedly raked in more than $20m, which the DOJ is seeking to claw back... Categories: Naked Security Tags: bust, doj, Netwalker, Phishing, Ransomware
Latest episode - listen now! (Full transcript inside.) Categories: Naked Security Tags: bust, cryptocurrency, cybercrime, data leakage, hacking, surveillance
74 CVEs, and two "Exploitation Detected" advisories, which are nearly but not quite the same as 0-days. Also, two potential Teams treacheries that you really want to fix. Categories: Naked Security Tags: Patch Tuesday, vulnerability, Zero-day