Sophos Naked Security


News, opinion, advice and research on computer security threats from Sophos
Aktualizace: 30 min 14 sek zpět
WooCommerce Payments plugin for WordPress has an admin-level hole – patch now!
Admin-level holes in websites are always a bad thing... and for "bad", read "worse" if it's an e-commerce site.
Kategorie: Hacking & Security, Viry a Červi
S3 Ep127: When you chop someone out of a photo, but there they are anyway…
Listen now - latest episode. Full transcript inside.
Kategorie: Hacking & Security, Viry a Červi
Windows 11 also vulnerable to “aCropalypse” image data leakage
Turns out that the Windows 11 Snipping Tool has the same "aCropalypse" data leakage bug as Pixel phones. Here's how to work around the problem...
Kategorie: Hacking & Security, Viry a Červi
Google Pixel phones had a serious data leakage bug – here’s what to do!
What if the "safe" images you shared after carefully cropping them... had some or all of the "unsafe" pixels left behind anyway?
Kategorie: Hacking & Security, Viry a Červi
Bitcoin ATM customers hacked by video upload that was actually an app
As the misquote goes, "Once is misfortune..." This is the second time, and you know what Lady Bracknell had to say about that...
Kategorie: Hacking & Security, Viry a Červi
Dangerous Android phone 0-day bugs revealed – patch or work around them now!
Despite its usually inflexible 0-day disclosure policy, Google is keeping four mobile modem bugs semi-secret due to likely ease of exploitation.
Kategorie: Hacking & Security, Viry a Červi
S3 Ep 126: The price of fast fashion (and feature creep) [Audio + Text]
Worried about rogue apps? Unsure about the new Outlook zero-day? Clear advice in plain English... just like old times, with Duck and Chet!
Kategorie: Hacking & Security, Viry a Červi
Microsoft fixes two 0-days on Patch Tuesday – update now!
An email you haven't even looked at yet could be used to trick Outlook into helping crooks to logon as you.
Kategorie: Hacking & Security, Viry a Červi
Firefox 111 patches 11 holes, but not 1 zero-day among them…
In the game of cricket, 111 is an inauspicious number, but for Firefox, there doesn't seem to be much to worry about this month.
Kategorie: Hacking & Security, Viry a Červi
Linux gets double-quick double-update to fix kernel Oops!
Linux doesn't BSoD. It has oopses and panics instead. (We show you how to make a kernel module to explore further.)
Kategorie: Hacking & Security, Viry a Červi
SHEIN shopping app goes rogue, grabs price and URL data from your clipboard
It's not exactly data theft, but it's worryingly close to "unintentional treachery" - apparently because it's great for marketing purposes
Kategorie: Hacking & Security, Viry a Červi
S3 Ep125: When security hardware has security holes [Audio + Text]
Lastest episode - listen now! (Full transcript inside.)
Kategorie: Hacking & Security, Viry a Červi
Serious Security: TPM 2.0 vulns – is your super-secure data at risk?
Security bugs in the very code you've been told you must have to improve the security of your computer...
Kategorie: Hacking & Security, Viry a Červi
DoppelPaymer ransomware supsects arrested in Germany and Ukraine
Devices seized, suspects interrogated and arrested, allegedly connected to devastating cyberattack on University Hospital in Düsseldorf.
Kategorie: Hacking & Security, Viry a Červi
Feds warn about right Royal ransomware rampage that runs the gamut of TTPs
Wondering which cybercrime tools, techniques and procedures to focus on? How about any and all of them?
Kategorie: Hacking & Security, Viry a Červi
S3 Ep124: When so-called security apps go rogue [Audio + Text]
Rogue software packages. Rogue "sysadmins". Rogue keyloggers. Rogue authenticators. Rogue ROGUES!
Kategorie: Hacking & Security, Viry a Červi
LastPass: Keylogger on home PC led to cracked corporate password vault
Seems the crooks implanted a keylogger via a vulnerable media app (LastPass politely didn't say which one!) on a developer's home computer.
Kategorie: Hacking & Security, Viry a Červi
Beware rogue 2FA apps in App Store and Google Play – don’t get hacked!
Even in Apple's and Google's "walled gardens", there are plenty of 2FA apps that are either dangerously incompetent, or unrepentantly malicious. (Or perhaps both.)
Kategorie: Hacking & Security, Viry a Červi
Dutch police arrest three cyberextortion suspects who allegedly earned millions
Ever paid hush money to crooks who broke into your network? Wondered how much you can trust them?
Kategorie: Hacking & Security, Viry a Červi