Sophos Podcasts

How a bug hunter snuck into the internal networks of 35 megacorporations. Why romance scams are going stronger than ever (and how to avoid them). What to do about those tempting but treacherous "tax refund" messages. And a listener tells us how he got a bit carried away while he was gardening... https://nakedsecurity.sophos.com/how-one-man-silently-infiltrated https://nakedsecurity.sophos.com/romance-scams-at-all-time https://nakedsecurity.sophos.com/sms-tax-scam-unmasked With Kimberly Truong, Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

In this special mini-episode, Paul Ducklin talks to Sophos cybersecurity expert Chester Wisniewski about bug bounty hunting. How does bug bounty hunting work? What should you do if you get a bug report that doesn't follow established protocol? Chester tells you how to deal with so-called "beg bounties", where self-styled "experts" beg you for money or even threaten you with ill-defined "problems" they claim to have found. https://news.sophos.com/have-a-domain-name-beg-bounty-hunters-may-be-on-their-way https://nakedsecurity.sophos.com/beware-of-technical-experts-bombarding-you-with-bug-reports Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

We delve into Google's tight-lipped Chrome bugfix, explain how a Belgian researcher awarded himself 111,848 cups of coffee, and discuss the audacious but thankfully temporary theft of the Perl.com domain. https://nakedsecurity.sophos.com/chrome-zero-day-browser-bug https://nakedsecurity.sophos.com/free-coffee-dutch-researcher https://nakedsecurity.sophos.com/perl-com-gets-its-domain-back With Kimberly Truong, Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

Apple pushed out an iOS update in a hurry to shut down a serious 0-day bug. The GnuPG team scrambled to fix an ironic vulnerability that could be exploited during the very process of checking if the data you just received could be trusted. And Europol reported on a successful takedown operation against the notorious Emotet malware. https://nakedsecurity.sophos.com/apple-critical-patches-fix-in-the-wild-iphone-exploits https://nakedsecurity.sophos.com/gnupg-crypto-library-can-be-pwned-during-decryption https://nakedsecurity.sophos.com/emotet-takedown-europol-attacks-worlds-most-dangerous-malware With Kimberly Truong, Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

What's the connection between coronavirus facemasks and fingerprint biometrics? Who would have expected funky job ads on the White House website? And what would you do if you spotted a deceased former colleague hanging out on your network? https://nakedsecurity.sophos.com/has-the-coronavirus-pandemic-affected-apples-hardware https://nakedsecurity.sophos.com/us-administration-adds-subliminal-ad https://nakedsecurity.sophos.com/ghost-hack-criminals-use-deceased-employees-account With Kimberly Truong, Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

Anonymous and private, yet busted! We explain how darkweb sites sometimes keep your secrets... and sometimes don't. We help you improve your cybersecurity at home. And we tell you the tale of a company with the coolest name but allegedly with the creepiest habits coded into its browser extensions. https://nakedsecurity.sophos.com/europol-announces-bust-of-worlds-biggest-dark-web-market https://nakedsecurity.sophos.com/home-schooling-how-to-stay-secure With Kimberly Truong, Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

Thanks to coronavirus lockdown rules in the UK, and the temporary closure of all schools, Sally Adam suddenly found herself responsible for cybersecurity where it mattered more than ever: on a home network that jointly served for home, work and school. Paul Ducklin talks to Sally about how she did it, and how to keep your own family’s digital life safe. https://nakedsecurity.sophos.com/home-schooling-how-to-stay-secure https://nakedsecurity.sophos.com/home-wi-fi-security-tips Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

We explain how two French researchers hacked the Google Titan security key product (but why you don't need to panic), and dig into the Mimecast certificate compromise story to see what we can all learn from it. https://nakedsecurity.sophos.com/google-titan-security-keys-hacked With Kimberly Truong, Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

We advise you how to react when a friend suddenly asks for money, explain why Chromium is finally aiming for HTTPS by default, and warn you why you should never, ever hardcode passwords into your software. https://nakedsecurity.sophos.com/does-a-friend-need-money-urgently https://nakedsecurity.sophos.com/chrome-browser-has-a-new-years-resolution https://nakedsecurity.sophos.com/zyxel-hardcoded-admin-password With Kimberly Truong, Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

How did the movie "Hackers" inspire a girl to grow up to become a hacker herself? Find out from security analyst, friendly hacker and TED Talk speaker Keren Elazari. Hear about Keren’s incredible journey, why hackers should be welcomed with open arms, and the inspiration that guided her career. With Kimberly Truong and special guest Keren Elazari (@k3r3n3 on Twitter), cybersecurity analyst and researcher. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

How do you go from neuroscientist to DEFCON Social Engineering Capture the Flag champ? Find out from hacker and social engineering expert Rachel Tobac. Join us for a fascinating interview with Rachel about her journey, why you should always be “politely paranoid”, and the people who inspired her along the way. With Kimberly Truong and special guest Rachel Tobac (@RachelTobac on Twitter), hacker and CEO of SocialProof Security. Book mentioned by Rachel: "The 6 principles of persuasion" by Robert Cialdini. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

We look at phishing tricks that really work, investigate a bizarre scam involving Subway sandwiches, and ask whether cybercriminals have lost their interest in the rest of us now they have coronavirus-related targets to go after. With Kimberly Truong, Doug Aamoth and Paul Ducklin. https://nakedsecurity.sophos.com/phishing-tricks-that-really-work https://nakedsecurity.sophos.com/subway-sandwich-scam-mystifies https://nakedsecurity.sophos.com/was-there-a-covid-19-vaccine-hack Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

Naked Security's Paul Ducklin interviews Sophos expert John Shier about his recently published paper, "20 years of cyberthreats that shaped information security." Join John on a dizzying journey all the way from legendary viruses such as ILOVEYOU and Code Red, which flooded the internet in 2000, to present-day ransomware gangs like Ryuk and REvil, who are extorting millions of dollars in blackmail money per attack. https://news.sophos.com/20-years-of-cyberthreats Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

We dig into research that figured out a way to steal data from iPhones wirelessly, we tell the fascinating story of how environmentalist divers in Germany came across an old Enigma cipher machine at the bottom of the Baltic sea, and we give you advice on how to talk to phone scammers. With Kimberly Truong, Doug Aamoth and Paul Ducklin. https://nakedsecurity.sophos.com/how-to-steal-photos-off-someones-iphone https://nakedsecurity.sophos.com/german-divers-find-enigma-crypto-machine https://nakedsecurity.sophos.com/vishing-criminals-let-rip-with-two-scams Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

We look at a network intrusion where the crooks tried to take over dozens of different online accounts from every user, we discuss the potential dangers of digital doorbells, and we give you some handy hints for improving your wireless security at home. With Kimberly Truong, Doug Aamoth and Paul Ducklin. https://nakedsecurity.sophos.com/gift-card-hack-exposed-you-pay-they-play https://nakedsecurity.sophos.com/bzzzzzzt-how-safe-is-that-keenly-priced-digital-doorbell https://nakedsecurity.sophos.com/home-wi-fi-security-tips-5-things-to-check Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

How do you go from pentester to creator of Microsoft’s bug bounty program? Find out from hacker and vulnerability disclosure pioneer, Katie Moussouris. Join us for a fascinating interview with Katie about her journey, the bugs in bug bounty programs, and the people who inspired her along the way. With Kimberly Truong and special guest Katie Moussouris (https://twitter.com/k8em0), Founder and CEO of Luta Security (https://www.lutasecurity.com). Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

In this episode: we say thanks to companies that refuse to pay ransomware hush money, dig into the new Sophos 2021 Threat Report, and take a quick look inside a malicious Linux kernel driver. Also, a sneak preview of our upcoming podcast interview with bug bounty pioneer Katie Moussouris. With Kimberly Truong, Doug Aamoth and Paul Ducklin. https://nakedsecurity.sophos.com/cult-videogame-company-capcom-pays-a-big-round-0 https://nakedsecurity.sophos.com/sophos-threat-report-2021 https://nakedsecurity.sophos.com/the-cloud-snooper-malware Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

In this episode: When payments go astray, why "just in case" cybersecurity warnings do more harm than good, how to shop safely on Black Friday and beyond, and (oh no!) what to do when all your emails disappear. With Kimberly Truong, Doug Aamoth and Paul Ducklin. https://nakedsecurity.sophos.com/smishing-attack-tells-you-mobile-payment-problem https://nakedsecurity.sophos.com/instant-bank-fraud-hoax-is-back-dont-spread-fake-news https://nakedsecurity.sophos.com/black-friday-stay-safe-before-during-and-after To register for the Sophos Evolve event: https://sophos.com/evolve Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

In this episode: a zero-day bug in Chrome for Android, the imminent death of Adobe Flash, the evolution of "malware-as-a-service", and the malware risks from image search. Also (oh! no!), why you should take care before you pair. With Kimberly Truong, Doug Aamoth and Paul Ducklin. https://nakedsecurity.sophos.com/another-chrome-zero-day-this-time-on-android https://nakedsecurity.sophos.com/adobe-flash-its-the-end-of-the-end-of-the-end https://nakedsecurity.sophos.com/buer-loader-malware-as-a-service-joins-emotet Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

On Wednesday, the FBI, CISA and HHS released an unprecedented warning against "an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers." In this quick mini-sode, Chester Wisniewski (Principal Research Scientist at Sophos) discusses what the threat is, what this advisory means, and why this warning is a warning for everyone. With Kimberly Truong and special guest, Chester Wisniewski, Principal Research Scientist at Sophos @chetwisniewski RESOURCES: Read the article from Naked Security https://nakedsecurity.sophos.com/2020/10/29/fbi-ransomware-warning-for-healthcare-is-a-warning-for-everyone/ Get tools and guidance to protect your organization https://www.sophos.com/en-us/content/healthcare-targeted-ransomware.aspx *** Original music by Edith Mudge www.edithmudge.com Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity twitter.com/nakedsecurity Instagram: NakedSecurity instagram.com/nakedsecurity