Serious Security: Ransomware you’ll never find – and how to stop it
2019-04-18 13:03:49What if you got hit by ransomware - but the malware program itself was on the other side of the world where you'd never find it?Facebook user data used as bargaining chip, according to leaked docs
2019-04-18 11:56:12Leaked internal docs used to claim "privacy was an afterthought" at FacebookGoogle plays Whack-A-Mole with naughty Android developers
2019-04-18 11:34:58Android developers without a track record are going to be submitted to more checks in order to stamp out those of “bad faith.”Chrome flaw on iOS leads to 500 million unwanted pop-up ads
2019-04-18 11:11:18If you own an iOS device and use the Chrome browser, you may have encountered some strange-looking pop-up ads in the past week.Oracle issues nearly 300 patches in quarterly update
2019-04-18 10:52:24Oracle's latest security update covers 297 vulnerabilities, many of which come with a "patch now" warning.Ep. 028 – SPEWS, Android security and scary Facebook messages [PODCAST]
2019-04-17 14:55:25Here's the latest Naked Security podcast - enjoy!Mozilla to Apple: Protect user privacy with rotating phone IDs
2019-04-17 11:03:40Mozilla has criticized Apple for its latest privacy marketing campaign,Ad blocker firms rush to fix security bug
2019-04-17 10:59:56If you’re using an ad blocker to filter out online commercials, then beware:Internet Explorer browser flaw threatens all Windows users
2019-04-17 10:52:26Nearly four years after it was replaced by Edge as Microsoft’s preferred Windows browser,Microsoft confirms Outlook.com and Hotmail accounts were breached
2019-04-17 10:45:49Between 1 January and 28 March this year hackers were able to access a “limited number” of consumer Outlook.com, Hotmail and MSN Mail email accounts,Watch out! Don’t fall for the Instagram ‘Nasty List’ phishing attack
2019-04-16 10:23:37Instagram users have been receiving odd messages from followers expressing shock that their accounts have somehow ended up on something called the “Nasty List.”Google’s location history data shared routinely with police
2019-04-16 10:22:28Law enforcement officials in the US have been routinely mining Google’s location history data for criminal investigations.US feds’ names, home and email addresses hacked and posted online
2019-04-16 10:00:27A group of hackers that doxxed thousands of federal law enforcement employees last week has struck again.Security weakness in popular VPN clients
2019-04-16 09:20:12Numerous enterprise VPN clients could be vulnerable to a potentially serious security weakness that could be used to spoof access.Flood of exploits targetting ancient WinRAR flaw continues
2019-04-15 12:50:02An ancient WinRAR vulnerability made public in February is now well on its way to becoming one of the most widely and rapidly-exploited security flaws of recent times.Microsoft’s Edge browser reborn after Chromium makeover
2019-04-15 12:46:39After three years of embarrassing rejection, might Microsoft’s newly-Chromed Edge browser be on the up?Is there a link between videogaming and cybercrime? Police think so
2019-04-15 12:42:27UK police are planning to issue online warnings to young gamers hoping to deter them from a life of cybercrime, they revealed last week.Dragonblood: Data-leaking flaw in WPA3 Wi-Fi authentication
2019-04-15 12:06:38Researchers have discovered several holes in a new security protocol for wireless networks.Monday review – the hot 24 stories of the week
2019-04-15 09:22:23From hidden cameras in Airbnb rentals to iPads locked for 48 years - here's everything we wrote last week.Facebook admits “supply chain data leak” in new Oculus headsets
2019-04-14 23:49:55One week out from Easter, and Facebook's Oculus subsidiary has admitted a "hidden message Easter Egg" gone wrong. Coincidence? Or...Can you detect hidden cameras in hotel rooms? [VIDEO]
2019-04-14 14:37:18Naked Security Live investigates how to sniff out snoopy spycams. We explain what works, and what doesn't, when it comes to hidden cameras.Assange arrested, faces extradition for hacking
2019-04-12 12:45:10The Ecuadorean embassy finally decided it wasn't willing to shelter Julian Assange any more, so it let in UK police to arrest him.Feds say Russian 2016 election meddling spanned all US states
2019-04-12 11:33:16A multi-agency report has strengthened claims that Russia meddled with election systems in all 50 US states during the last presidential race.Flickr tackling online image theft with new AI service
2019-04-12 11:15:56Photo sharing website Flickr is trying to combat copyright infringement with a service that spots copies of its users' images online.Android phones transformed into anti-phishing security tokens
2019-04-12 10:39:47A new security feature allows users of Android 7 and later to use their smartphones to authenticate themselves to their Google accounts.Serious Security: How web forms can steal your bandwidth and harm your brand
2019-04-11 14:50:00Got a mailing list? Ever signed up for one? Ever stopped to think how a crook could abuse the security-related confirmation process?Ban the use of ‘dark patterns’ by tech companies, say US lawmakers
2019-04-11 11:06:31Congressional leaders in the US unveiled a new law this week to ban the use of ‘dark patterns’ by large online players.App could have let attackers locate and take control of users’ cars
2019-04-11 10:58:44A smartphone app used to control vehicles across North America left them wide open to attackers, it was revealed this week.Toddler locks father out of iPad for 25.5 MILLION minutes, or until 2067
2019-04-11 10:45:04A father thought he’d been permanently locked out of his Apple iPad after his young son repeatedly entered an incorrect passcode.Ep. 027 – Honeypots, GPS rollover and the MySpace data vortex
2019-04-10 14:30:45Guess how long it takes crooks to find a new device when you plug it in? All this and more in the latest Naked Security podcast- enjoy!Mar-a-Lago intruder had instant-malware-inflicting thumb drive
2019-04-10 14:05:19Ms. Zhang's infected USB drive instantly went to work on a Secret Service agent's PC. He shut it down immediately "to halt the corruption."Update now! Here’s the April Patch Tuesday roundup
2019-04-10 13:32:59Microsoft and Adobe Patch Tuesday updates are here. Find out more about the most serious bugs and how to patch them.Check your Verizon FiOS Quantum Gateway G1100 router now
2019-04-10 10:24:32Owners of Verizon’s FiOS Quantum Gateway (G1100) routers should check the firmware has been updated after a security company made public three significant security flaws.Two robocallers fined $3m for Google listings scam
2019-04-10 10:20:45The robocall scammers were defrauding small businesses who were scared of seeing their Google search listings drop off.Two teens charged with jamming school Wi-Fi to get out of exams
2019-04-10 09:56:42They're facing charges of computer criminal activity after allegedly disrupting the network at the request of their friends.Knock and don’t run: the tale of the relentless hackerbots
2019-04-09 13:14:47If you have an IoT device in your home, you could be receiving an average of 13 login attempts to these devices per minute,Chrome, Safari and Opera criticised for removing privacy setting
2019-04-09 11:03:53Forthcoming versions of the Chrome,Airbnb says sorry after man detects hidden camera with network scan
2019-04-09 11:03:01His family of 7 was one network scan away from potentially being livestreamed by their host.Hacker unlocks Samsung S10 with 3D-printed fingerprint
2019-04-09 10:48:51According to a video posted on the Imgur site Friday,Fired sysadmin pleads guilty to doxxing five senators on Wikipedia
2019-04-09 10:45:56Cosko, 27, pleaded guilty to five counts including making public restricted personal information, computer fraud,Bootstrap supply chain attack is another attempt to poison the barrel
2019-04-08 11:53:13Somebody smuggled something bad into the vast third-party, open-source supply chain we all depend upon.Microsoft lets Windows users off the update leash
2019-04-08 11:01:19Microsoft has announced some big changes that will finally give Windows users more control over updates and releases.Firefox draws battle lines against push notification spam
2019-04-08 10:53:48Mozilla doesn’t yet know how to solve the problem of website push notification spam in the Firefox browser, but it’s working on it.Myspace songs come back from the dead
2019-04-08 10:44:33It's fewer than 1% of the 50 million songs and videos Myspace lost, but hey, it's better than nothing!Monday review – the hot 25 stories of the week
2019-04-08 08:27:12From a Russian GPS spoofing campaign to the Facebook apps leaking millions of records - it's weekly roundup time.Serious Security: GPS week rollover and the other sort of “zero day”
2019-04-05 14:59:41Tomorrow night, the GPS "earth clock" has a Y2K event - but here's why you should be OK.Patch now! Magento e-commerce sites targeted by SQLi attacks
2019-04-05 13:35:35If you're a Magento admin, stop what you’re doing and patch now.Hoax! Nope, hackers aren’t posting invisible sexual videos on your wall
2019-04-05 11:47:55A Facebook hoax from 2011 is doing the rounds again. Don't fall for it, do something useful instead.Nvidia patches severe bugs in edge computing modules
2019-04-05 11:01:32Nvidia has released 13 patches targeting two low-end embedded computing boards.New law will punish social media companies for users’ violent content
2019-04-05 10:46:21Australian law makers have responded very quickly to the Christchurch shootings.Facebook apps expose millions of users’ Facebook data
2019-04-04 13:08:41Once more unto the breach, dear Facebook Friends of Friends...Why ‘PWNED!’ is appearing on some GPS smartwatches
2019-04-04 13:01:24Over 20 models of smartwatches, some bought for kids, allow for creeps to eavesdrop and track users, in spite of a ban.Android banking and finance apps’ security found wanting
2019-04-04 12:36:37A new report claims that mobile finance apps are littered with security bugs.Facebook won’t ask for your email password any more
2019-04-04 12:17:06What's that you say - Facebook was asking for the password to your email account? Yes, sometimes it was.Apache needs a patchy! Carpe Diem, update now
2019-04-04 11:06:04A flaw in the world’s most popular web server could give an attacker a way to gain full control of Unix-based systems.Ep. 026 – Android bloatware, hackable routers and website attacks [PODCAST]
2019-04-03 23:27:57Here's our latest podcast - enjoy!Researchers trick Tesla’s Autopilot into driving into oncoming traffic
2019-04-03 10:55:24They placed unobtrusive stickers that drivers wouldn't see but would fool autopilot into thinking the lane was veering off to the left.Is your hard drive exposed online?
2019-04-03 10:45:00Over 13,500 internet-connected storage devices have been exposed online by users who didn't set passwords for them.2m credit cards ripped off from restaurant chain, sold on the dark web
2019-04-03 10:18:34PoS malware affected some Buca di Beppo, Earl of Sandwich, Planet Hollywood, Chicken Guy!, Mixology and Tequila Taqueria locations.Patch Android now! April updates fixes three critical flaws
2019-04-03 09:49:06Android’s April update includes two critical CVE-level patches among a total of 11 affecting handsets running versions 7, 8, and 9.Government spyware hidden in Google Play store apps
2019-04-02 13:58:33The malware, dubbed Exodus, records and steals all manner of data and leaves phones vulnerable to further hacking and data tampering.TP-Link router zero-day that offers your network up to hackers
2019-04-02 11:48:55Downgrade attack lets any user take over - just ask for old-style access to the debugging port and you won't need a passwordAre there viable alternatives to Facebook and Twitter?
2019-04-02 11:29:03There's growing interest in social networks that prioritize user control. Two of the popular ones are Mastodon and Diaspora.VMware patches critical vulnerabilities
2019-04-02 11:21:10VMware has released patches for several critical security vulnerabilities, days after two were unveiled at Pwn2Own.Possible Toyota data breach affecting 3.1 million customers
2019-04-02 10:50:37Several Toyota companies have announced that they might have suffered data breach attempts, with one affecting 3.1 million customers.Wrecked Teslas hang onto your (unencrypted) data
2019-04-02 10:14:48Sold at salvage and auctions, they contain info from drivers' paired mobile devices, plus highly personal pre-crash video.Russia accused of massive GPS spoofing campaign
2019-04-01 11:45:25Russia has been hijacking signals sent by Global Navigation Satellite Systems (GNSS) systems such as GPS, researchers claim.Microsoft slaps down 99 APT35/Charming Kitten domains
2019-04-01 11:29:32Court order in hand, Microsoft seized control of the hacker group's (which it calls Phosphorous) phishing sites.Top-secret defense document hoarder Harold Martin pleads guilty
2019-04-01 10:55:46Martin admitted that for more than 20 years, he stole and a vast quantity of highly classified information, stashing it in his home and car.Politicians mistakenly vote the wrong way in controversial internet law
2019-04-01 10:35:24Members of the European Parliament appear to have materially affected the future of the internet by mistakenly voting the wrong way.Monday review – the hot 21 stories of the week
2019-04-01 10:03:23From the Android bloatware selling your data to the hoards of security keys on GitHub, and everything in between. It's the weekly roundup.As drones fill the skies, cybercriminals won’t be far behind
2019-03-29 13:57:04Putting these toys back in the box after a decade of hype isn’t going to be easy, but these researchers are exploring the options.Grindr up for sale amid US fears for Chinese-owned data
2019-03-29 12:26:31A US national security panel told Kunlun, that its ownership of Grindr constitutes a national security risk.FTC slams the phone down on quartet of robocallers
2019-03-29 11:41:51Wrist slaps and paltry fines may not be what most of us were hoping for in retribution for billions of robocalls and countless scams.Companies will stop storing data in Australia, Microsoft warns
2019-03-29 11:16:54Australia's controversial anti-encryption laws came under independent scrutiny this week as tech leaders criticized the proposed rules.“Twitter 2007 multicolor” hoax – debunk it, don’t spread it!
2019-03-28 15:58:42Hoaxers are saying you can unlock colorful new "features" in Twitter, but you'll probably lock yourself out instead.Is your e-commerce site being used to test stolen card data?
2019-03-28 15:28:24If you're running Magento you should be on the look out for hackers testing stolen card data - it could get your PayPal account suspended.Spyware app exposes private photos, hosting provider steps in
2019-03-28 13:16:27A hosting company has taken down a database owned by a mobile spying app after it was found displaying phone owners' intimate images online.Broadband providers told to explain how they handle consumer data
2019-03-28 11:42:41The FTC launched a broad inquiry to find out what data they collect, why, who they share it with, and how consumers can change or delete it.Firefox brings Lockbox password manager to Android’s autofill
2019-03-28 11:12:55All your saved Firefox passwords, now happily inserting themselves into your Android-verse!Ep. 025 – Business Email Compromise and IoT surprises [PODCAST]
2019-03-27 15:07:33Here's our latest podcast - listen now!Facebook’s Whitehat Settings lets bug-hunters dial back app security
2019-03-27 14:17:33The "Whitehat" settings will help researchers to analyze network traffic from its mobile apps by dialling back security settings.Preinstalled Android apps are harvesting and sharing your data
2019-03-27 12:25:49New research reveals that the bloatware preinstalled on many new Android phones could do far more than simply chew up your storage.DragonEx exchange hacked, smoking ashes being raked over
2019-03-27 11:14:42“Part” of its assets have been retrieved, and they've got an address for a suddenly much plumper Bittrex wallet.Apple patches 51 security flaws
2019-03-26 14:45:41Apple's update for iOS and macOS patches 51 holes, the more serious of which include bugs in Safari, Keychain and FaceTime.FEMA exposes sensitive data of 2.5 million disaster survivors
2019-03-26 12:04:06The agency said it exposed 2.3m people's details in a “major privacy incident” involving a contractor that set up temporary housing.Tech giants back bill that privacy advocates claim is toothless
2019-03-26 11:13:38The main disagreement: if consumers will be able to delete their data or whether the law would give companies ways to wiggle out.Family tracking app spilled pics, names and real-time location data
2019-03-26 10:37:58A journalist/researcher team got a sensitive database taken down after the vendor responsible failed to acknowledge a problem.Medtronic cardiac implants can be hacked, FDA issues alert
2019-03-25 17:39:43Two serious flaws in the telemetry protocol could allow a hacker to control vulnerable Implantable Cardioverter Defibrillators (ICDs).Thousands of API and cryptographic keys leaking on GitHub every day
2019-03-25 11:04:57Researchers have found that one of the most popular source code repositories in the world is still housing thousands of publicly accessible user credentials.Update now! WordPress hackers target Easy WP SMTP plugin
2019-03-25 10:45:13Two hacking groups have been spotted targeting websites running unpatched versions of the WordPress plugin Easy WP SMTP.New ratings point to keyless cars that can stand up to relay attacks
2019-03-25 10:31:39Researchers rated six of the 11 newly launched cars as being easy to open up and drive off with a cheap relay device anyone can buy online.Monday review – the hot 29 stories of the week
2019-03-25 10:11:50From an ex-employee from IT hell to Window 7's upcoming patchocalypse, and everything in between. It's weekly roundup time!Facebook password crisis – what to do? [VIDEO]
2019-03-23 01:15:46Watch this special edition of Naked Security Live - we answer the questions people have been asking us, like "Should I stay or should I go?"Sacked IT guy annihilates 23 of his ex-employer’s AWS servers
2019-03-22 16:18:51He was fired after four weeks, ripped off the credentials of former colleague "Speedy",BitLocker hacked? Disk encryption – and why you still need it [VIDEO]
2019-03-22 13:29:15Is BitLocker cracked? Is disk encryption still worth it? The answers are "No" and "Yes", and here's why.Microsoft Windows 7 patch warns of coming patchocalypse
2019-03-22 12:59:19Microsoft has issued a patch to remind Windows 7 users that they’ll soon have no patches.Spycam sex videos of 1,600 motel guests sold to paying subscribers
2019-03-22 11:57:211,600 guests were filmed with hidden webcams that livestreamed the action. The site also sold videos.Scammer pleads guilty to fleecing Facebook and Google of $121m
2019-03-22 11:20:12Large, worldly tech companies would never fall for a wire transfer invoice scam, would they?Change your Facebook password now!
2019-03-21 18:39:26Facebook has done an audit and shocked even itself by finding plaintext passwords in logfiles back to 2012. Change your password now!Researcher finds new way to sniff Windows BitLocker encryption keys
2019-03-21 12:09:13A researcher has published a new and relatively simple way that Windows BitLocker encryption keys can be sniffed in less secure configurations as they travel from Trusted Platform Modules (TPMs) during boot.Flaw in popular PDF creation library enabled remote code execution
2019-03-21 12:02:39A researcher has discovered a high-severity bug in a popular PHP library used for creating PDFs.Opera brings back free VPN service to its Android browser
2019-03-21 11:41:27Opera lost its Android browser's VPN after it was sold to a Chinese consortium, but now it's back.FBI crackdown on DDoS-for-hire sites led to 85% slash in attack sizes
2019-03-21 10:42:30According to a new report, average and maximum DDoS attack sizes decreased by 85.36% and 23.91%.Ep. 024 – Sextortion, malicious adverts and randomness [PODCAST]
2019-03-20 14:30:54Here's the latest Naked Security podcast - listen now!Google researcher discovers new type of Windows security weakness
2019-03-20 12:30:56Microsoft will patch a new Windows security bug discovered by Google Project Zero - despite finding no evidence that it poses a threat.Researchers fret over Netflix interactive TV traffic snooping
2019-03-20 12:23:39No sooner has Netflix made an interactive TV show than people are already pulling apart its privacy implications.Hacked tornado warning systems leave Texans in the dark
2019-03-20 12:10:04Add this latest public warning system sabotage to a growing list of fear-and-panic-spreading hacking incidents.Firefox 66 now blocks autoplaying audio by default
2019-03-20 12:00:24From Firefox 66 for desktop and Android, due in March, media autoplay of video or audio will be blocked by default.Elsevier exposes users’ emails and passwords online
2019-03-20 11:40:41The science publisher is blaming a misconfigured server that exposed a constant stream of its users’ credentials.New scam accuses you of child abuse, offers to remove evidence
2019-03-19 18:06:34This scam is both intimidating and disturbing - the crooks are presenting themselves as corrupt CIA officials who will take a bribe.Microsoft won’t patch Windows registry warning problem
2019-03-19 14:52:37A security researcher has found a way to tinker with Windows’ core settings while persuading users to accept the changes.Gargantuan Gnosticplayers breach swells to 863 million records
2019-03-19 14:40:59Another 26m records stolen from another six online companies brings this hacker's total number of records to 863m from 38 websites.Court: Embarrassing leaks of internal Facebook emails are fishy
2019-03-19 11:50:10The leaks point to a plot, a Calif. court said, ordering pikini app maker Six4Three to hand over its lawyers' chats with the ICO.Epic in hot water over Steam-scraping code
2019-03-19 11:39:18Players noticed that Epic Games was gathering and storing data from Steam accounts without their permission.MySpace loses 50 million songs in server migration
2019-03-19 11:26:57Everything uploaded prior to 2015 is gone for good, the cobwebby social network finally admitted.Child-friendly search engines: How safe is Kiddle?
2019-03-19 10:35:04Kiddle and Kidrex are meant to deliver age-appropriate search results, filtering out internet nastiness. But how do they really stack up?
