Sophos Naked Security

Admin-level holes in websites are always a bad thing... and for "bad", read "worse" if it's an e-commerce site.

Listen now - latest episode. Full transcript inside.

Turns out that the Windows 11 Snipping Tool has the same "aCropalypse" data leakage bug as Pixel phones. Here's how to work around the problem...

What if the "safe" images you shared after carefully cropping them... had some or all of the "unsafe" pixels left behind anyway?

As the misquote goes, "Once is misfortune..." This is the second time, and you know what Lady Bracknell had to say about that...

Despite its usually inflexible 0-day disclosure policy, Google is keeping four mobile modem bugs semi-secret due to likely ease of exploitation.

Worried about rogue apps? Unsure about the new Outlook zero-day? Clear advice in plain English... just like old times, with Duck and Chet!

An email you haven't even looked at yet could be used to trick Outlook into helping crooks to logon as you.

In the game of cricket, 111 is an inauspicious number, but for Firefox, there doesn't seem to be much to worry about this month.

Linux doesn't BSoD. It has oopses and panics instead. (We show you how to make a kernel module to explore further.)

It's not exactly data theft, but it's worryingly close to "unintentional treachery" - apparently because it's great for marketing purposes

Lastest episode - listen now! (Full transcript inside.)

Security bugs in the very code you've been told you must have to improve the security of your computer...

Devices seized, suspects interrogated and arrested, allegedly connected to devastating cyberattack on University Hospital in Düsseldorf.

Wondering which cybercrime tools, techniques and procedures to focus on? How about any and all of them?

Rogue software packages. Rogue "sysadmins". Rogue keyloggers. Rogue authenticators. Rogue ROGUES!

Seems the crooks implanted a keylogger via a vulnerable media app (LastPass politely didn't say which one!) on a developer's home computer.

Even in Apple's and Google's "walled gardens", there are plenty of 2FA apps that are either dangerously incompetent, or unrepentantly malicious. (Or perhaps both.)

Ever paid hush money to crooks who broke into your network? Wondered how much you can trust them?