iPhone holes and Android malware – how to keep your phone safe
2019-08-16 14:13:44Watch the latest Naked Security Live video for our non-technical tips to improve your online safety, whichever type of phone you prefer.Google removes option to disable Nest cams’ status light
2019-08-16 10:37:48It's more of a “post-purchase middle finger” to customers than a privacy plus, say some outraged users who use the cams to catch crooks.Police site DDoSer/bomb hoaxer caught after jeering on social media
2019-08-16 10:33:04He called in hoaxes days after the Manchester Arena bombing, DDoSed police sites when they investigated him, then taunted them on Twitter.Microsoft won’t shift on AI recordings policy
2019-08-16 10:27:57Microsoft may have been caught red-handed letting contractors listen to sensitive conversations with its AI,Firefox fixes “master password” security bypass bug
2019-08-15 16:11:46The bug's in Firefox, but our advice is worth reading whether you use Firefox or not.S2 Ep4: iPhone holes, Android malware and romance scams – Naked Security Podcast
2019-08-15 13:12:59Episode 4 of the Naked Security Podcast is now live - listen now!Serious flaws in six printer brands discovered, fixed
2019-08-15 13:03:19There are many ways to compromise company data, but IT teams often overlook one of the most serious: the humble printer.‘NULL’ license plate gets security researcher $12K in tickets
2019-08-15 10:58:55The vanity plate sounded good in theory: maybe it would make his plate invisible to ALPR systems?!Hacking forum spills rival’s 321,000 member database
2019-08-15 10:41:09When users of hacking forums turn on each other, expect things to get messy quickly.Facebook got humans to listen in on some Messenger voice chats
2019-08-15 10:15:55Facebook says it's paused the practice of collecting voice clips and sending them to employees to transcribe and analyze.Patch time! Microsoft warns of new worm-ready RDP bugs
2019-08-14 13:27:37Microsoft's Patch Tuesday brought some bad news yesterday: more wormable RDP vulnerabilities, this time affecting Windows 10 users.Fortnite World Cup champion and family swatted while live streaming
2019-08-14 11:20:15"They come in with guns, bro. They literally pulled up, holy sh*t."Coinbase explains background to June zero-day Firefox attack
2019-08-14 10:52:43A recent, highly targeted attack on cryptocurrency exchange Coinbase offers a glimpse into how sophisticated phishing attacks can be.4 ‘despicables’ jailed for running hidden worldwide child abuse forums
2019-08-14 10:18:51So much for trusting the Tor network to hide their tracks.Fake news doesn’t (always) fool mice
2019-08-13 14:05:34Mice can interpret speech phonemes correctly up to 80% of the time without falling for semantic hoodwinks like humans do.Hacked devices can be turned into acoustic weapons
2019-08-13 13:54:10Security researcher Matt Wixey found that many gadgets aren't protected from being turned into hearing-damaging weapons. Or melting.Chrome Incognito mode detection fix busted by researchers
2019-08-13 13:43:07Remember that Chrome update that stopped websites from detecting Incognito mode? Well, researchers claim to have found a way around it.Android users menaced by pre-installed malware
2019-08-13 09:16:09Google Project Zero researcher Maddie Stone has found a new and concerning route for malware to find its way on to Android devices - malicious apps that have been factory pre-installed.Hacking 4G hotspots – when did you last update?
2019-08-12 15:04:22Your 4G hotspot might seem very basic and low risk compared to your phone, but you need to keep it patched just as carefully!Apple will hand out unlocked iPhones to vetted researchers
2019-08-12 11:44:22It formalizes the reality: "pre-jailbroken" iPhones were already on the black market.Facebook facial recognition: class action suit gets court’s go ahead
2019-08-12 11:34:30The court said facial recognition could well harm privacy rights, given its “detailed, encyclopedic,GDPR privacy can be defeated using right of access requests
2019-08-12 11:07:10A British researcher has uncovered an ironic,Monday review – the hot 23 stories of the week
2019-08-12 09:26:07This week: hijacked home routers, SMS spam and time to update your iPhone.Blackmailed for Bitcoin – exchange rebuffs $3.5m ransom demand
2019-08-09 14:53:14Here's a story of super-sized digital blackmail aimed at one of the biggest cryptocoin exchanges out there.Instagram boots ad partner for location tracking and scraping stories
2019-08-09 13:07:06A “preferred Facebook Marketing Partner” is alleged to have tracked millions of Instagram users' locations and stories.Parents, it’s time to delete Pet Chat from your child’s LeapPad
2019-08-09 12:54:02LeapFrog has done lots to fix the security of the LeapPad. Now all that's left is for parents to scrape Pet Chat off of older tablets.Your Skype Translator calls may be heard by humans
2019-08-09 12:26:32A Skype Translator insider claims it's good because humans are listening in and helping to train its artificial intelligence.Update your iPhone – remote control holes revealed by researchers
2019-08-08 14:01:41You might not think your phone is as exposed as an internet server - but it's handling plenty of untrusted data from unknown sources!Twitter may have shared your data with its ad partners without your permission
2019-08-08 12:48:11Some user data, such as country and device type, was exposed to some advertisers for over a year.Cisco 220 Series Smart Switch owners told to apply urgent patch
2019-08-08 12:45:34Businesses running any of Cisco’s 220 Series Smart Switches have some urgent patching work on their hands.More than 2m AT&T phones illegally unlocked by bribed insiders
2019-08-08 12:28:54The alleged, now indicted ringleader paid more than $1m in bribes to insiders who planted malware and hardware for remote unlocking.S2 Ep3: Ransomware, surveillance and data theft – Naked Security Podcast
2019-08-08 12:13:26Episode 3 of the podcast is now live. This week, host Anna Brading is joined by Paul Ducklin, Mark Stockley and Ben Jones.Microsoft puts another nail in VBScript coffin
2019-08-08 09:52:39Listen up, VBScript fans: your favourite scripting language's days are numbered.Don’t let the crooks ‘borrow’ your home router as a hacking server
2019-08-07 14:18:42Crooks don't have to break *into* your network to benefit - they can bounce *off* it so you take the blame and look like a hacker yourself.Scammers recruiting money mules on dating sites is on the rise, says FBI
2019-08-07 12:04:51It's not longer enough to be wary of flash-in-the-pan "lovers" who ask you to send money; now they're asking you to open accounts for them.Don’t fall for fake Equifax settlement sites, warns FTC
2019-08-07 11:34:15Equifictitious sites popped up within days of Equifax agreeing to pay up to $700m to settle claims over the 2017 data breach.Banking PINs exposed in Monzo secure storage slip-up
2019-08-07 10:57:59When is a secure PIN not a secure PIN? When you accidentally store it in your log files.Latest Android patches fix critical ‘QualPwn’ Wi-Fi flaws
2019-08-07 10:51:31The August 2019 security bulletin is out - and two of the critical flaws could allow an attacker to compromise the Android system kernel.Baldr malware unpicked with a little help from crooks’ bad opsec
2019-08-06 13:00:47New research from Sophos takes an exhaustive look at the Baldr password stealer.NVIDIA patches high-severity bugs in Windows GPUs and SHIELD
2019-08-06 12:25:21NVIDIA has patched five bugs in its Windows GPU display driver, three of which could allow an attacker to execute code on the system.Fake Dell support rep admits to talking US colleges out of $874,000
2019-08-06 12:23:23His victims: UCSD and a Pennsylvania university. He hid out in Kenya for nearly 8 months before being nabbed.GitHub ‘encourages’ hacking, says lawsuit following Capital One breach
2019-08-06 12:17:54The class action charges Capital One and GitHub, charging it with being "friendly" (at least) toward hacking and for the hackers' posts.Attackers ransom bookseller’s exposed MongoDB database
2019-08-06 12:07:42Another database has fallen to extortion hackers, this time containing 2.1 million records belonging to Mexican bookseller, Librería Porrúa.Google and Apple suspend contractor access to voice recordings
2019-08-05 14:20:21Apple and Google have announced that they will limit the way audio recorded by their voice assistants, Siri and Google Assistant,Hackers exploit SMS gateways to text millions of US numbers
2019-08-05 14:18:49Receive any strange SMS text messages recently? If you live in the US, there’s a small chance you might have received an SMS with the following text in the last few days from someone called ‘j3ws3r on Twitter’:FileZilla fixes show how far we’ve come since Heartbleed
2019-08-05 13:59:03What have seven security fixes in FileZilla got to do with 2014's Heartbleed bug?Monday review – the hot 20 stories of the week
2019-08-05 09:14:29From NAS targeted by brute force ransomware attacks to the humans who hear your Siri recordings,S2 Ep2: EvilGnome, leaky browser add-ons and BlueKeep – Naked Security Podcast
2019-08-02 15:16:21Listen to the latest episode now!Space agency uses Raspberry Pi to solve satellite encryption puzzle
2019-08-02 11:57:38The European Space Agency thinks it's found a much cheaper way to control a small module - and it's built around a tiny Raspberry Pi Zero board.Club Penguin Rewritten breach caused by rogue admin backdoor
2019-08-02 11:57:08The hugely popular gaming site Club Penguin Rewritten suffered a data breach that exposed 4m user accounts.Anime filter glitches, exposing face of one extremely smart vlogger
2019-08-02 11:39:26Pretending to be a hot young thing brought in beaucoup bucks. Last laugh department: "world's best granny" now has more followers than ever.Facebook is working on mind-reading
2019-08-02 11:39:03The completely non-evil-genius goal: a wearable, noninvasive device that could translate thoughts into text, for the speech impaired or VR.Researchers hack camera in fake video attack
2019-08-01 12:03:13Tampering with surveillance cameras is a common activity for Hollywood heroes and criminals alike. Now,North Carolina county falls for BEC scam, to the tune of $1,728,083
2019-08-01 11:00:50The county could only claw back some of the $2,504,601 it paid to a scammer posing as a contractor working on building a new high school.Five Eyes nations demand access to encrypted messaging
2019-08-01 10:39:54The alliance wants tech companies to build backdoor access to users’ encrypted data, by force if necessary.‘Urgent/11’ flaws affect 200 million devices – from routers to elevators
2019-07-31 16:43:19There are 11 security flaws affecting VxWorks: “the most widely used operating system you may never have heard about”.Complying with Hong Kong's Online Alcohol Sale Regulations
2019-07-31 13:55:23Changes to Hong Kong's alcohol sales law came into effect on 30 November 2018 and the Tobacco and Alcohol Control Office (TACO) of the Department of Health has been contacting the owners of websites selling alcohol to advise them to complyiMessage bug could have allowed attackers to read data from any iPhone
2019-07-31 13:44:07Google's Project Zero has unveiled details of a bug in Apple's iMessage that lets attackers read data from an iPhone without any user interaction.Georgia hit with malware yet again
2019-07-31 13:11:11The Department of Public Safety says it won't pay, but given the umpteen times the state's agencies have been hit, somebody's not listening.Cyberattacks on connected cars could gridlock entire cities
2019-07-31 10:40:34It would require taking over and stranding 20% of a city's cars to freeze traffic, and only 10% to impede ambulances, physicists calculate.Capital One breach – 100 million users’ data stolen
2019-07-30 15:46:16Global financial services company Capital One has just announced a massive data breach.Hackers target Telegram accounts through voicemail backdoor
2019-07-30 13:39:06As politicians should know by now, secure messaging apps such as Telegram can quickly become a double-edged sword.Listening in: Humans hear the private info Siri accidentally records
2019-07-30 13:28:24Apple Watch and HomePod have the highest rate of inadvertent recordings, a whistleblower says.US chases fraudulent bitcoin exchange BTC-e for $100m
2019-07-30 13:19:26Two years ago, the US government fined an international cybercriminal and his fraudulent bitcoin exchange over $100m. Now,Post-Equifax settlement, NY updates data breach notification laws
2019-07-30 13:16:25Equifax is fined $675 million, while New York data breach notification law now covers biometrics, passwords, and more.NAS vendors hit by brute force ransomware attacks
2019-07-29 13:25:57Cybercriminals are targeting numerous Network Attached Storage vendors with a new wave of ransomware.Three quarters of gamers suffer hate and harassment online
2019-07-29 12:08:07Trolling, stalking, sexual harassment, and humiliation have become so bad that one in ten respondents had depressive or suicidal thoughts.Russia targeted all 50 states in 2016 election, Senate report says
2019-07-29 09:57:11The Senate Intelligence Committee doesn't know what Moscow's intentions are, but Robert Mueller says they're still at it.Monday review – the hot 21 stories of the week
2019-07-29 09:13:54From iOS 13's password hole to logic bombs courtesy of the programmer from hell - and everything in between. It's weekly roundup time.Ransomware hits Louisiana schools; state of emergency declared
2019-07-28 22:01:01The Louisiana Governor declared a state of emergency after three public school districts were seized by ransomware.WannaCry hero gets off lightly, avoids prison – was justice done?
2019-07-27 23:38:26Wrote malware for money, went straight, got busted, didn't go to prison. Has US cybercrime enforcement gone soft?S2 Ep1: FaceApp, logic bombs and stranger danger – Naked Security Podcast
2019-07-26 14:52:09We’re finally back with Series 2 of the Naked Security Podcast. Listen now!Sysadmins need to know – how DO you pronounce “sudo”?
2019-07-26 14:52:07We take on one of #SysAdminDay's thorny issues.Happy SysAdminDay 2019!
2019-07-26 13:34:30Hey sysadmin, nice tee.BlueKeep guides make imminent public exploit more likely
2019-07-26 11:40:12A public exploit for Microsoft's BlueKeep vulnerability is just days away. In fact, for those with deep pockets, it's already here.Browser plug-ins peddled personal data from over 4m browsers
2019-07-26 11:02:52Nacho Analytics gathered data like passwords, tax and prescription data from browser add-ons - and those who bought it can keep it.Facebook gets its wrist slapped $5b for fumbling our data, confirms FTC
2019-07-25 16:30:35The FTC initially wanted a fine worth tens of billions, plus potential jail time for execs.EvilGnome – Linux malware aimed at your laptop, not your servers
2019-07-25 14:59:41EvilGnome was written to target the comparatively small but committed community who use Linux on their laptops.New York City moves to protect citizens’ location data
2019-07-25 12:13:19New York City is considering a law that could stop cellphone carriers and smartphone app vendors from selling their location data.You can probably be identified from your anonymized data
2019-07-25 11:59:13The idea of de-identifying data has been around for a while. However,Apple’s July patchfest fixes bugs in multiple products
2019-07-24 10:33:27Apple released fixes for various products this week, including one for a bug that has been public with proof-of-concept code for two months.Facebook admits to Messenger Kids security hole
2019-07-24 10:32:46A hole in the supposed closed-loop messaging system allowed children to join group chats with people their parents hadn’t approved.SharePoint Online scam – sadly, phishing’s not dead
2019-07-23 17:02:51Not all phishes contain easily spotted errors or obviously dodgy web links - here's how to stay safe...Programmer from hell plants logic bombs to guarantee future work
2019-07-23 13:10:13At some dark moment, have you ever wondered: what if the programmers are adding the bugs deliberately?Big password hole in iOS 13 beta spotted by testers
2019-07-23 10:18:52A security clanger has been spotted in the current beta version of iOS 13 which allows anyone to access a user’s stored web and app passwords without having to authenticate.Your Android’s accelerometer could be used to eavesdrop on your calls
2019-07-23 10:13:08Researchers have created an attack called Spearphone that uses the motion sensors in Android phones to listen to phone calls, interactions with your voice assistant,FSB hackers drop files online
2019-07-23 09:48:59A hacking group that distributed files stolen from a Russian contractor to the media last week has published some of the documents online.Chrome 76 blocks websites from detecting incognito mode
2019-07-22 13:24:56Ever bypassed a website paywall using a browser’s privacy mode? It was once a simple hack, however, it no longer works for most websites.Hacked Bulgarian database reaches online forums
2019-07-22 12:21:30Data on millions of people stolen from the Bulgarian government has already popped up on hacker trading forums.Stop facial recognition trials now, warns UK committee
2019-07-22 10:26:39The UK government should suspend trials of automatic facial recognition systems until it can meet regulators’ concerns about the technology,Monday review – the hot 22 stories of the week
2019-07-22 09:11:58From the RDP exploit already at your door to Chrome's XSS Auditor - and everything in between. It's weekly roundup time.Firefox to pile on more native privacy features
2019-07-19 11:28:43Mozilla is integrating its Lockwise password manager directly into the browser and expanding its support for the Have I Been Pwned website.Shapeshifting Morpheus chip aims to baffle hackers
2019-07-19 10:34:16Morpheus aims to make hacking so difficult at microprocessor level that attackers will give up long before they can do any damage.FaceApp privacy panic sets internet alight
2019-07-19 10:26:38You grant FaceApp a perpetual, irrevocable license to use, reproduce, modify and adapt your image. Sounds scary.Series 2 launch episode – RDP exposed [PODCAST]
2019-07-18 13:40:33The Naked Security Podcast is back. Listen now, and let us know what you think!Hacked Bluetooth hair straighteners are too hot to handle
2019-07-18 12:09:52The Glamoriser Smart Bluetooth straightener offers up yet another example of how not to add a risky product to the Internet of Things (IoT).Google Chrome is ditching its XSS detection tool
2019-07-18 11:52:08Google's throwing in the towel on XSS Auditor and putting its trust in Trusted Types instead.Still not using HTTPS? Firefox is about to shame you
2019-07-18 11:32:12Two years after promising to report all HTTP-based web pages as insecure, Mozilla is about to deliver.
