Informações:
Sinopse
Podcast by SophosLabs
Episódios
-
S3 Ep110: Spotlight on cyberthreats - an expert speaks
24/11/2022 Duração: 22minSecurity specialist John Shier tells you the "news you can really use" - how to boost your cybersecurity based on real-world advice from the 2023 Sophos Threat Report. https://sophos.com/threatreport With Paul Ducklin and John Shier. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: @NakedSecurity (https://twitter.com/nakedsecurity)
-
S3 Ep109: How one leaked email password could drain your business
17/11/2022 Duração: 26minMicrosoft's tilt at the MP3 marketplace. Apple's not-a-zero-day emergency. Cracking the lock on Android phones. Browser-in-the-Browser revisited. The Emmenthal cheese attack. Business Email Compromise and how to prevent it. https://nakedsecurity.sophos.com/emergency-code-execution-patch-from-apple https://nakedsecurity.sophos.com/dangerous-sim-swap-lockscreen-bypass https://nakedsecurity.sophos.com/firefox-fixes-fullscreen-fakery-flaw https://nakedsecurity.sophos.com/log4shell-like-code-execution-hole https://nakedsecurity.sophos.com/gucci-master-business-email-scammer With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: @NakedSecurity (https://twitter.com/nakedsecurity)
-
S3 Ep108: What would YOU do if you found $3 billion in a popcorn tin?
10/11/2022 Duração: 20minRadio waves so mysterious they're known only as X-Rays. Were there six 0-days or only four? The cops that found $3 billion in a popcorn tin. Blue badge confusion. When URL scanning goes wrong. Tracking down every last unpatched file. Why even unlikely exploits can earn "high" severity levels. https://nakedsecurity.sophos.com/exchange-0-days-fixed-at-last-plus-4-brand-new https://nakedsecurity.sophos.com/silk-road-drugs-market-hacker-pleads-guilty https://nakedsecurity.sophos.com/twitter-blue-badge-email-scams- https://nakedsecurity.sophos.com/public-url-scanning-tools-when-security-leads-to-insecurity https://nakedsecurity.sophos.com/the-openssl-security-update-story-how-can-you-tell With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: @NakedSecurity (https://twitter.com/nakedsecurity)
-
S3 Ep107: Eight months to kick out the crooks and you think that's GOOD?
03/11/2022 Duração: 22minThe man who put Boole in Boolean. OpenSSL's bated-breath update. Apple's zero-day finally settled. New Chrome zero-day. SHA-3 code gets a patch. Extreme extortion via stolen medical data. Data breach response the nonchalant way. https://nakedsecurity.sophos.com/openssl-patches-are-out-critical-bug-downgraded-to-high https://nakedsecurity.sophos.com/the-openssl-security-update-story-how-can-you-tell https://nakedsecurity.sophos.com/updates-to-apples-zero-day-update-story-iphone-and-ipad https://nakedsecurity.sophos.com/chrome-issues-urgent-zero-day-fix-update-now https://nakedsecurity.sophos.com/sha-3-code-execution-bug-patched-in-php https://nakedsecurity.sophos.com/psychotherapy-extortion-suspect-arrest-warrant https://nakedsecurity.sophos.com/online-ticketing-company-see-pwned-for-2-5-years With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: @NakedSecurity (https://twitter.com/nakedsecuri
-
S3 Ep106: Facial recognition without consent - should it be banned?
27/10/2022 Duração: 20minWindows XP (fondly?!) remembered. Clearview AI courts controversy again. DEADBOLT ransomware crooks get counterhacked. Women cryptologists commemorated in US. How to measure randomness. Deconstructing Apple's latest security bulletins. https://nakedsecurity.sophos.com/clearview-ai-image-scraping-face-recognition-service-hit-with-e20m-fine https://nakedsecurity.sophos.com/when-cops-hack-back-dutch-police-fleece-deadbolt-criminals https://nakedsecurity.sophos.com/women-in-cryptology-usps-celebrates-ww2-codebreakers https://nakedsecurity.sophos.com/serious-security-you-cant-beat-the-house-at-blackjack https://nakedsecurity.sophos.com/apple-megaupdate-ventura-out-ios-and-ipad-kernel-zero-day With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: @NakedSecurity (https://twitter.com/nakedsecurity)
-
S3 Ep105: WONTFIX! The MS Office cryptofail that "isn't a security flaw"
20/10/2022 Duração: 24minCoolest videogame ever. Zoom thinks everyone's a developer. The Patch Tuesday that wasn't. A data breach coverup. Log4Shell all over again. And the Office cryptofail that Microsoft won't fix. https://nakedsecurity.sophos.com/zoom-for-mac-patches-sneaky-spy-on-me-bug https://nakedsecurity.sophos.com/patch-tuesday-in-brief-one-0-day-fixed https://nakedsecurity.sophos.com/fashion-brand-shein-fined-1-9m-for-lying https://nakedsecurity.sophos.com/dangerous-hole-in-apache-commons-text https://nakedsecurity.sophos.com/serious-security-microsoft-office-365 With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: @NakedSecurity (https://twitter.com/nakedsecurity)
-
S3 Ep104: Should hospital ransomware attackers be locked up for life?
13/10/2022 Duração: 20minWhat goes up... must come down. Ransomware criminal avoids a life sentence. Former CSO convicted over Uber megabreach coverup. WhatsApp fights rip-off rogue apps. The Countess of Computer Science. Could a weird email brick your iPhone? https://nakedsecurity.sophos.com/netwalker-ransomware-affiliate-sentenced https://nakedsecurity.sophos.com/former-uber-cso-convicted https://nakedsecurity.sophos.com/whatsapp-goes-after-chinese-password-scammers https://nakedsecurity.sophos.com/move-over-patch-tuesday-its-ada-lovelace https://nakedsecurity.sophos.com/mystery-iphone-update With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: @NakedSecurity (https://twitter.com/nakedsecurity)
-
S3 Ep103.5: OAuth 2 and why Microsoft is forcing you into it
09/10/2022 Duração: 16minNaked Security meets Sophos X-Ops! Duck and Chet dig into OAuth 2.0, a well-known protocol for authorization. Microsoft calls it "Modern Auth", though it's a decade old, and is finally forcing Exchange Online customers to switch to it. With Paul Ducklin and Chester Wisniewski. Original music by Edith Mudge (https://www.edithmudge.com) https://nakedsecurity.sophos.com/ https://twitter.com/nakedsecurity https://twitter.com/sophosxops
-
S3 Ep103: Scammers in the Slammer (and other stories)
06/10/2022 Duração: 20minS3 Ep103: Scammers in the Slammer (and other stories) A fridge-sized calculator made with transistors (really). ProxyNotShell situation reviewed. Romance and BEC scammer gets 25 in the slammer. Is there an answer to nuisance callers? Is the answer voicemail? https://nakedsecurity.sophos.com/urgent-microsoft-exchange-double-zero-day https://nakedsecurity.sophos.com/s3-ep102-5-proxynotshell-exchange-bugs https://nakedsecurity.sophos.com/romance-scammer-and-bec-fraudster-sent-to-prison https://nakedsecurity.sophos.com/scammers-and-rogue-callers-can-anything-ever-stop-them With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)
-
S3 Ep102.5: "ProxyNotShell" Exchange bugs - an expert speaks
01/10/2022 Duração: 14minChester Wisniewski gives you actionable advice on how to deal with two actively exploited Exchange zero-days that suddenly burst into the news. Learn who's affected and how, find out what you can do while waiting for Microsoft's patches, and plan your threat hunting in case the worst happens to you. https://nakedsecurity.sophos.com/urgent-microsoft-exchange-double-zero-day https://twitter.com/sophosxops With Paul Ducklin and Chester Wisniewski. Original music by Edith Mudge (https://www.edithmudge.com)
-
S3 Ep102: Cutting through cybersecurity news hype
29/09/2022 Duração: 21minWhat's the real deal with LAPSUS$? How did Optus get hacked? Was there really a WhatsApp 0-day? What if "deleted" data comes back from the dead to haunt you? https://nakedsecurity.sophos.com/uber-and-rockstar-has-a-lapsus-linchpin https://news.sophos.com/uber-rockstar-fall-to-social-engineering-attacks https://nakedsecurity.sophos.com/optus-breach-aussie-telco-told-it-will-have-to-pay https://nakedsecurity.sophos.com/whatsapp-zero-day-exploit-news-scare https://nakedsecurity.sophos.com/morgan-stanley-fined-millions-for-selling-off-devices With Paul Ducklin and Chester Wisniewski Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)
-
S3 Ep101: Uber and LastPass - is 2FA all it's cracked up to be?
22/09/2022 Duração: 19minSecurity SOS Week 2022 - check it out! The very first Android. Firefox 105 is out. Uber hacked... by LAPSUS$? LastPass talks about its breach. Are two disks better than one? https://nakedsecurity.sophos.com/interested-in-cybersecurity-join-us-for-security-sos-week https://nakedsecurity.sophos.com/s3-ep100-5-uber-breach-an-expert-speaks https://nakedsecurity.sophos.com/uber-has-been-hacked-boasts-hacker https://nakedsecurity.sophos.com/lastpass-source-code-breach-incident-response With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)
-
S3 Ep100.5: Uber breach - an expert speaks
17/09/2022 Duração: 13minS3 Ep100.5: Uber breach - an expert speaks Chester Wisniewski explains what we can learn from Uber's latest cybsecurity crisis: "Just because a big company didn't have the security they should doesn't mean you can't." https://nakedsecurity.sophos.com/uber-has-been-hacked-boasts-hacker With Paul Ducklin and Chester Wisniewski. Original music by Edith Mudge (https://www.edithmudge.com)
-
S3 Ep100: Browser-in-the-Browser hacking – how to spot an attack
14/09/2022 Duração: 26minSecond Cosmic Rocket (not a band!) Microsoft 0-day. Apple 0-days. Good logging habits. Browser-in-the-browser trickery. DEADBOLT ransomware. Again. https://news.sophos.com/en-us/2022/09/13/a-lighter-patch-tuesday https://nakedsecurity.sophos.com/2022/09/12/apple-patches-a-zero-day https://nakedsecurity.sophos.com/hoe-to-deal-with-dates-and-times https://nakedsecurity.sophos.com/serious-security-browser-in-the-browser-attacks https://nakedsecurity.sophos.com/deadbolt-ransomware-rears-its-head-again With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)
-
S3 Ep99: TikTok "attack" - was there a data breach, or not?
08/09/2022 Duração: 19minThe bug that was a moth. Was there really a TikTok breach? Peter Eckersley: Code In Peace. Chrome and Edge fix a zero-day. Apple updates iOS 12 for the first time in a year. App icons: the difference between sprockets and cogs. https://nakedsecurity.sophos.com/peter-eckersley-co-creator-of-lets-encrypt-dies https://nakedsecurity.sophos.com/chrome-fixes-zero-day-security-hole https://nakedsecurity.sophos.com/urgent-apple-quietly-slips-out-zero-day-update With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)
-
S3 Ep98: The LastPass saga - should we stop using password managers?
01/09/2022 Duração: 22minThe Computer Misuse Act, back in 1990. JavaScript supply-chain bug hunting. Jumping airgaps. "The Sanitizer" comes to Chrome. LastPass breach provokes password manager puzzlement. https://nakedsecurity.sophos.com/javascript-bugs-aplenty-in-node-js-ecosystem https://nakedsecurity.sophos.com/breaching-airgap-security-using-your-phone https://nakedsecurity.sophos.com/chrome-patches-24-security-holes https://nakedsecurity.sophos.com/lastpass-source-code-breach With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)
-
S3 Ep97: A musical crash, ATM skimming, and was your iPhone pwned?
25/08/2022 Duração: 23minStart me up. The R&B dance classic that crashed computers. Bitcoin ATM skimming (no malware required). Multiple browser zero-days. Was your iPhone pwned? https://nakedsecurity.sophos.com/laptop-denial-of-service-via-music https://nakedsecurity.sophos.com/bitcoin-atms-leeched-by-attackers https://nakedsecurity.sophos.com/chrome-browser-gets-11-security-fixes https://nakedsecurity.sophos.com/apple-patches-double-zero-day With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)
-
S3 Ep96: Zoom 0-day, AEPIC leak, Conti reward, heathcare security
18/08/2022 Duração: 28minChester attends DEF CON from afar. Zoom fixes an 0-day. An APIC leak that isn't EPIC. $10m for dobbing in Conti criminals. Cybersecurity in hospitals. Ransomware in triplicate. https://nakedsecurity.sophos.com/zoom-for-mac-patches-get-root-bug https://nakedsecurity.sophos.com/apic-epic-intel-chips-leak-secrets https://nakedsecurity.sophos.com/us-offers-reward-up-to-10-million https://pubmed.ncbi.nlm.nih.gov/31506956/ https://news.sophos.com/en-us/multiple-attackers-increase-pressure With Paul Ducklin and Chester Wisniewski Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)
-
S3 Ep95: Slack leak, Github onslaught, and post-quantum crypto
10/08/2022 Duração: 23minMemories of the Blaster worm. Slack leaked password hashes for FIVE YEARS. Github showered with malware. Traffic lights and cybersecurity. Post-quantum cryptography. https://nakedsecurity.sophos.com/slack-admits-to-leaking-hashed-passwords https://nakedsecurity.sophos.com/github-blighted-by-researcher https://nakedsecurity.sophos.com/traffic-light-protocol-for-cybersecurity https://nakedsecurity.sophos.com/post-quantum-cryptography-new-algorithm-gone With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)
-
S3 Ep94: This sort of crypto (grahpy), and the other sort of crypto (currency!)
04/08/2022 Duração: 23minQueen Victoria goes online. A nasty bug in Samba. Smiles for SysAdmins. A crypto-as-in-cryptography bug. A crypto-as-in-currency disaster. And is $200 million just chump change these days? https://nakedsecurity.sophos.com/critical-samba-bug https://nakedsecurity.sophos.com/how-to-celebrate-sysadmin-day https://nakedsecurity.sophos.com/gnutls-patches-memory-mismanagement https://nakedsecurity.sophos.com/cryptocoin-token-swapper-nomad With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)