Sophos Podcasts

Security specialist John Shier tells you the "news you can really use" - how to boost your cybersecurity based on real-world advice from the 2023 Sophos Threat Report. https://sophos.com/threatreport With Paul Ducklin and John Shier. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: @NakedSecurity (https://twitter.com/nakedsecurity)

Microsoft's tilt at the MP3 marketplace. Apple's not-a-zero-day emergency. Cracking the lock on Android phones. Browser-in-the-Browser revisited. The Emmenthal cheese attack. Business Email Compromise and how to prevent it. https://nakedsecurity.sophos.com/emergency-code-execution-patch-from-apple https://nakedsecurity.sophos.com/dangerous-sim-swap-lockscreen-bypass https://nakedsecurity.sophos.com/firefox-fixes-fullscreen-fakery-flaw https://nakedsecurity.sophos.com/log4shell-like-code-execution-hole https://nakedsecurity.sophos.com/gucci-master-business-email-scammer With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: @NakedSecurity (https://twitter.com/nakedsecurity)

Radio waves so mysterious they're known only as X-Rays. Were there six 0-days or only four? The cops that found $3 billion in a popcorn tin. Blue badge confusion. When URL scanning goes wrong. Tracking down every last unpatched file. Why even unlikely exploits can earn "high" severity levels. https://nakedsecurity.sophos.com/exchange-0-days-fixed-at-last-plus-4-brand-new https://nakedsecurity.sophos.com/silk-road-drugs-market-hacker-pleads-guilty https://nakedsecurity.sophos.com/twitter-blue-badge-email-scams- https://nakedsecurity.sophos.com/public-url-scanning-tools-when-security-leads-to-insecurity https://nakedsecurity.sophos.com/the-openssl-security-update-story-how-can-you-tell With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: @NakedSecurity (https://twitter.com/nakedsecurity)

The man who put Boole in Boolean. OpenSSL's bated-breath update. Apple's zero-day finally settled. New Chrome zero-day. SHA-3 code gets a patch. Extreme extortion via stolen medical data. Data breach response the nonchalant way. https://nakedsecurity.sophos.com/openssl-patches-are-out-critical-bug-downgraded-to-high https://nakedsecurity.sophos.com/the-openssl-security-update-story-how-can-you-tell https://nakedsecurity.sophos.com/updates-to-apples-zero-day-update-story-iphone-and-ipad https://nakedsecurity.sophos.com/chrome-issues-urgent-zero-day-fix-update-now https://nakedsecurity.sophos.com/sha-3-code-execution-bug-patched-in-php https://nakedsecurity.sophos.com/psychotherapy-extortion-suspect-arrest-warrant https://nakedsecurity.sophos.com/online-ticketing-company-see-pwned-for-2-5-years With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: @NakedSecurity (https://twitter.com/nakedsecuri

Windows XP (fondly?!) remembered. Clearview AI courts controversy again. DEADBOLT ransomware crooks get counterhacked. Women cryptologists commemorated in US. How to measure randomness. Deconstructing Apple's latest security bulletins. https://nakedsecurity.sophos.com/clearview-ai-image-scraping-face-recognition-service-hit-with-e20m-fine https://nakedsecurity.sophos.com/when-cops-hack-back-dutch-police-fleece-deadbolt-criminals https://nakedsecurity.sophos.com/women-in-cryptology-usps-celebrates-ww2-codebreakers https://nakedsecurity.sophos.com/serious-security-you-cant-beat-the-house-at-blackjack https://nakedsecurity.sophos.com/apple-megaupdate-ventura-out-ios-and-ipad-kernel-zero-day With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: @NakedSecurity (https://twitter.com/nakedsecurity)

Coolest videogame ever. Zoom thinks everyone's a developer. The Patch Tuesday that wasn't. A data breach coverup. Log4Shell all over again. And the Office cryptofail that Microsoft won't fix. https://nakedsecurity.sophos.com/zoom-for-mac-patches-sneaky-spy-on-me-bug https://nakedsecurity.sophos.com/patch-tuesday-in-brief-one-0-day-fixed https://nakedsecurity.sophos.com/fashion-brand-shein-fined-1-9m-for-lying https://nakedsecurity.sophos.com/dangerous-hole-in-apache-commons-text https://nakedsecurity.sophos.com/serious-security-microsoft-office-365 With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: @NakedSecurity (https://twitter.com/nakedsecurity)

What goes up... must come down. Ransomware criminal avoids a life sentence. Former CSO convicted over Uber megabreach coverup. WhatsApp fights rip-off rogue apps. The Countess of Computer Science. Could a weird email brick your iPhone? https://nakedsecurity.sophos.com/netwalker-ransomware-affiliate-sentenced https://nakedsecurity.sophos.com/former-uber-cso-convicted https://nakedsecurity.sophos.com/whatsapp-goes-after-chinese-password-scammers https://nakedsecurity.sophos.com/move-over-patch-tuesday-its-ada-lovelace https://nakedsecurity.sophos.com/mystery-iphone-update With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: @NakedSecurity (https://twitter.com/nakedsecurity)

Naked Security meets Sophos X-Ops! Duck and Chet dig into OAuth 2.0, a well-known protocol for authorization. Microsoft calls it "Modern Auth", though it's a decade old, and is finally forcing Exchange Online customers to switch to it. With Paul Ducklin and Chester Wisniewski. Original music by Edith Mudge (https://www.edithmudge.com) https://nakedsecurity.sophos.com/ https://twitter.com/nakedsecurity https://twitter.com/sophosxops

S3 Ep103: Scammers in the Slammer (and other stories) A fridge-sized calculator made with transistors (really). ProxyNotShell situation reviewed. Romance and BEC scammer gets 25 in the slammer. Is there an answer to nuisance callers? Is the answer voicemail? https://nakedsecurity.sophos.com/urgent-microsoft-exchange-double-zero-day https://nakedsecurity.sophos.com/s3-ep102-5-proxynotshell-exchange-bugs https://nakedsecurity.sophos.com/romance-scammer-and-bec-fraudster-sent-to-prison https://nakedsecurity.sophos.com/scammers-and-rogue-callers-can-anything-ever-stop-them With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

Chester Wisniewski gives you actionable advice on how to deal with two actively exploited Exchange zero-days that suddenly burst into the news. Learn who's affected and how, find out what you can do while waiting for Microsoft's patches, and plan your threat hunting in case the worst happens to you. https://nakedsecurity.sophos.com/urgent-microsoft-exchange-double-zero-day https://twitter.com/sophosxops With Paul Ducklin and Chester Wisniewski. Original music by Edith Mudge (https://www.edithmudge.com)

What's the real deal with LAPSUS$? How did Optus get hacked? Was there really a WhatsApp 0-day? What if "deleted" data comes back from the dead to haunt you? https://nakedsecurity.sophos.com/uber-and-rockstar-has-a-lapsus-linchpin https://news.sophos.com/uber-rockstar-fall-to-social-engineering-attacks https://nakedsecurity.sophos.com/optus-breach-aussie-telco-told-it-will-have-to-pay https://nakedsecurity.sophos.com/whatsapp-zero-day-exploit-news-scare https://nakedsecurity.sophos.com/morgan-stanley-fined-millions-for-selling-off-devices With Paul Ducklin and Chester Wisniewski Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

Security SOS Week 2022 - check it out! The very first Android. Firefox 105 is out. Uber hacked... by LAPSUS$? LastPass talks about its breach. Are two disks better than one? https://nakedsecurity.sophos.com/interested-in-cybersecurity-join-us-for-security-sos-week https://nakedsecurity.sophos.com/s3-ep100-5-uber-breach-an-expert-speaks https://nakedsecurity.sophos.com/uber-has-been-hacked-boasts-hacker https://nakedsecurity.sophos.com/lastpass-source-code-breach-incident-response With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

S3 Ep100.5: Uber breach - an expert speaks Chester Wisniewski explains what we can learn from Uber's latest cybsecurity crisis: "Just because a big company didn't have the security they should doesn't mean you can't." https://nakedsecurity.sophos.com/uber-has-been-hacked-boasts-hacker With Paul Ducklin and Chester Wisniewski. Original music by Edith Mudge (https://www.edithmudge.com)

Second Cosmic Rocket (not a band!) Microsoft 0-day. Apple 0-days. Good logging habits. Browser-in-the-browser trickery. DEADBOLT ransomware. Again. https://news.sophos.com/en-us/2022/09/13/a-lighter-patch-tuesday https://nakedsecurity.sophos.com/2022/09/12/apple-patches-a-zero-day https://nakedsecurity.sophos.com/hoe-to-deal-with-dates-and-times https://nakedsecurity.sophos.com/serious-security-browser-in-the-browser-attacks https://nakedsecurity.sophos.com/deadbolt-ransomware-rears-its-head-again With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

The bug that was a moth. Was there really a TikTok breach? Peter Eckersley: Code In Peace. Chrome and Edge fix a zero-day. Apple updates iOS 12 for the first time in a year. App icons: the difference between sprockets and cogs. https://nakedsecurity.sophos.com/peter-eckersley-co-creator-of-lets-encrypt-dies https://nakedsecurity.sophos.com/chrome-fixes-zero-day-security-hole https://nakedsecurity.sophos.com/urgent-apple-quietly-slips-out-zero-day-update With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

The Computer Misuse Act, back in 1990. JavaScript supply-chain bug hunting. Jumping airgaps. "The Sanitizer" comes to Chrome. LastPass breach provokes password manager puzzlement. https://nakedsecurity.sophos.com/javascript-bugs-aplenty-in-node-js-ecosystem https://nakedsecurity.sophos.com/breaching-airgap-security-using-your-phone https://nakedsecurity.sophos.com/chrome-patches-24-security-holes https://nakedsecurity.sophos.com/lastpass-source-code-breach With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

Start me up. The R&B dance classic that crashed computers. Bitcoin ATM skimming (no malware required). Multiple browser zero-days. Was your iPhone pwned? https://nakedsecurity.sophos.com/laptop-denial-of-service-via-music https://nakedsecurity.sophos.com/bitcoin-atms-leeched-by-attackers https://nakedsecurity.sophos.com/chrome-browser-gets-11-security-fixes https://nakedsecurity.sophos.com/apple-patches-double-zero-day With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

Chester attends DEF CON from afar. Zoom fixes an 0-day. An APIC leak that isn't EPIC. $10m for dobbing in Conti criminals. Cybersecurity in hospitals. Ransomware in triplicate. https://nakedsecurity.sophos.com/zoom-for-mac-patches-get-root-bug https://nakedsecurity.sophos.com/apic-epic-intel-chips-leak-secrets https://nakedsecurity.sophos.com/us-offers-reward-up-to-10-million https://pubmed.ncbi.nlm.nih.gov/31506956/ https://news.sophos.com/en-us/multiple-attackers-increase-pressure With Paul Ducklin and Chester Wisniewski Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

Memories of the Blaster worm. Slack leaked password hashes for FIVE YEARS. Github showered with malware. Traffic lights and cybersecurity. Post-quantum cryptography. https://nakedsecurity.sophos.com/slack-admits-to-leaking-hashed-passwords https://nakedsecurity.sophos.com/github-blighted-by-researcher https://nakedsecurity.sophos.com/traffic-light-protocol-for-cybersecurity https://nakedsecurity.sophos.com/post-quantum-cryptography-new-algorithm-gone With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

Queen Victoria goes online. A nasty bug in Samba. Smiles for SysAdmins. A crypto-as-in-cryptography bug. A crypto-as-in-currency disaster. And is $200 million just chump change these days? https://nakedsecurity.sophos.com/critical-samba-bug https://nakedsecurity.sophos.com/how-to-celebrate-sysadmin-day https://nakedsecurity.sophos.com/gnutls-patches-memory-mismanagement https://nakedsecurity.sophos.com/cryptocoin-token-swapper-nomad With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)