Sophos Naked Security

Syndikovat obsah Naked Security
News, opinion, advice and research on computer security threats from Sophos
Aktualizace: 30 min 14 sek zpět

WooCommerce Payments plugin for WordPress has an admin-level hole – patch now!

24 Březen, 2023 - 19:48
Admin-level holes in websites are always a bad thing... and for "bad", read "worse" if it's an e-commerce site.

S3 Ep127: When you chop someone out of a photo, but there they are anyway…

23 Březen, 2023 - 21:59
Listen now - latest episode. Full transcript inside.

Windows 11 also vulnerable to “aCropalypse” image data leakage

22 Březen, 2023 - 21:59
Turns out that the Windows 11 Snipping Tool has the same "aCropalypse" data leakage bug as Pixel phones. Here's how to work around the problem...

Google Pixel phones had a serious data leakage bug – here’s what to do!

21 Březen, 2023 - 21:58
What if the "safe" images you shared after carefully cropping them... had some or all of the "unsafe" pixels left behind anyway?

Bitcoin ATM customers hacked by video upload that was actually an app

20 Březen, 2023 - 21:50
As the misquote goes, "Once is misfortune..." This is the second time, and you know what Lady Bracknell had to say about that...

Dangerous Android phone 0-day bugs revealed – patch or work around them now!

17 Březen, 2023 - 21:56
Despite its usually inflexible 0-day disclosure policy, Google is keeping four mobile modem bugs semi-secret due to likely ease of exploitation.

S3 Ep 126: The price of fast fashion (and feature creep) [Audio + Text]

16 Březen, 2023 - 21:56
Worried about rogue apps? Unsure about the new Outlook zero-day? Clear advice in plain English... just like old times, with Duck and Chet!

Microsoft fixes two 0-days on Patch Tuesday – update now!

15 Březen, 2023 - 21:06
An email you haven't even looked at yet could be used to trick Outlook into helping crooks to logon as you.

Firefox 111 patches 11 holes, but not 1 zero-day among them…

14 Březen, 2023 - 21:16
In the game of cricket, 111 is an inauspicious number, but for Firefox, there doesn't seem to be much to worry about this month.

Linux gets double-quick double-update to fix kernel Oops!

13 Březen, 2023 - 21:59
Linux doesn't BSoD. It has oopses and panics instead. (We show you how to make a kernel module to explore further.)

SHEIN shopping app goes rogue, grabs price and URL data from your clipboard

10 Březen, 2023 - 21:58
It's not exactly data theft, but it's worryingly close to "unintentional treachery" - apparently because it's great for marketing purposes

S3 Ep125: When security hardware has security holes [Audio + Text]

9 Březen, 2023 - 22:58
Lastest episode - listen now! (Full transcript inside.)

Serious Security: TPM 2.0 vulns – is your super-secure data at risk?

7 Březen, 2023 - 21:59
Security bugs in the very code you've been told you must have to improve the security of your computer...

DoppelPaymer ransomware supsects arrested in Germany and Ukraine

6 Březen, 2023 - 21:16
Devices seized, suspects interrogated and arrested, allegedly connected to devastating cyberattack on University Hospital in Düsseldorf.

Feds warn about right Royal ransomware rampage that runs the gamut of TTPs

3 Březen, 2023 - 21:56
Wondering which cybercrime tools, techniques and procedures to focus on? How about any and all of them?

S3 Ep124: When so-called security apps go rogue [Audio + Text]

2 Březen, 2023 - 21:40
Rogue software packages. Rogue "sysadmins". Rogue keyloggers. Rogue authenticators. Rogue ROGUES!

LastPass: Keylogger on home PC led to cracked corporate password vault

28 Únor, 2023 - 21:23
Seems the crooks implanted a keylogger via a vulnerable media app (LastPass politely didn't say which one!) on a developer's home computer.

Beware rogue 2FA apps in App Store and Google Play – don’t get hacked!

27 Únor, 2023 - 22:37
Even in Apple's and Google's "walled gardens", there are plenty of 2FA apps that are either dangerously incompetent, or unrepentantly malicious. (Or perhaps both.)

Dutch police arrest three cyberextortion suspects who allegedly earned millions

27 Únor, 2023 - 21:33
Ever paid hush money to crooks who broke into your network? Wondered how much you can trust them?