Sophos Podcasts

Geosynchronicity. Office security (on-off-on). A half-billion-dollar data breach cost. And patch that browser! https://nakedsecurity.sophos.com/office-macro-security-on-again-off-again https://nakedsecurity.sophos.com/t-mobile-to-cough-up-500-million https://nakedsecurity.sophos.com/apple-patches-0-day-browser-bug https://nakedsecurity.sophos.com/mild-monthly-security-update-from-firefox With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

Integrated circuits and Nobel prizes. Log4Shell - forever? Cybersecurity tips for summmer. Scams and coincidence. https://nakedsecurity.sophos.com/8-months-on-us-says-log4shell-will-be-around-for-a-decade https://nakedsecurity.sophos.com/serious-security-how-to-make-sure-you-dont-miss-bug-reports https://nakedsecurity.sophos.com/7-cybersecurity-tips-for-your-summer-vacation https://nakedsecurity.sophos.com/facebook-2fa-scammers-return-this-time-in-just-21-minutes With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

Memories of the Code Red worm. OpenSSL fixes two tiny but troublesome bugs. More trouble in Java-land. Office macros off and back on again. Potential perils of paying ransomware demands. https://nakedsecurity.sophos.com/openssl-fixes-two-one-liner-crypto-bugs https://nakedsecurity.sophos.com/apache-commons-configuration-toolkit-patches https://nakedsecurity.sophos.com/that-didnt-last-microsoft-turns-off-the-office-security https://nakedsecurity.sophos.com/paying-ransomware-crooks-wont-reduce-your-legal-risk With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

Chrome quashes another zero-day browser bug. Two big-time cybercrime stories. A 2FA phishing scam that arrived PDQ. Chester swarmed by bots on Twitter. https://nakedsecurity.sophos.com/google-patches-in-the-wild-chrome-zero-day https://nakedsecurity.sophos.com/missing-cryptoqueen-hits-the-fbis-ten-most-wanted https://nakedsecurity.sophos.com/canadian-cybercriminal-pleads-guilty https://nakedsecurity.sophos.com/facebook-2fa-phish-arrives-just-28-minutes With Paul Ducklin and Chester Wisniewski Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

Memories of the iPhone 1. Sextortion scams target LGBTQ+ daters. Yet another blockchain blunder. OpenSSL fixes the bug missed in the last bugfix. And what became of Little Bobby Tables? https://nakedsecurity.sophos.com/ftc-warns-of-lgbtq-extortion-scams https://nakedsecurity.sophos.com/harmony-blockchain-loses-nearly-100m https://nakedsecurity.sophos.com/openssl-issues-a-bugfix-for-the-previous-bugfix https://xkcd.com/327/ With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

Duck gets behind the Ducks. 2000 phone scammers arrested in Interpol action. A three-year-old hacking case ends in conviction. And a Canadian financial company picks up an enormous data breach fine. https://nakedsecurity.sophos.com/interpol-busts-2000-suspects https://nakedsecurity.sophos.com/capital-one-identity-theft-hacker With Paul Ducklin and Chester Wisniewski Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

Computer Science in the 1800s. Fixing Follina. AirTag stalking. ID theft site seizure. And the Law of Big Numbers versus SMS scams. https://nakedsecurity.sophos.com/youre-invited-join-us-for-a-live-walkthrough https://nakedsecurity.sophos.com/murder-suspect-admits-she-tracked-cheating-partner https://nakedsecurity.sophos.com/ssndob-market-servers-seized https://nakedsecurity.sophos.com/beware-the-smish-home-delivery-scams With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

The dawn of the x86 era. The Active Adversary Playbook. A sort-of zero day in Windows. A real-life zero-day in Atlassian Confluence. And the registry settings that could keep you in your job. https://nakedsecurity.sophos.com/know-your-enemy-learn-how-cybercrime-adversaries-get-in https://nakedsecurity.sophos.com/yet-another-zero-day-sort-of-in-windows https://nakedsecurity.sophos.com/atlassian-announces-0-day-hole-in-confluence With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

Why calling a computer after a famous scientist doesn't always help. The wacky but dangerous 0-day hole in Windows. Supply chain attacks and the crooks who orchestrate them. Smishing revisited. And why saying what you really mean makes you better at cybersecurity. https://nakedsecurity.sophos.com/mysterious-follina-zero-day-hole https://nakedsecurity.sophos.com/poisoned-python-and-php-packages https://nakedsecurity.sophos.com/beware-the-smish-home-delivery-scams https://nakedsecurity.sophos.com/whos-watching-your-webcam With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

How network comms caught a murderer back in in 1845. Why the US government said, "Patch, or else!" How Mozilla got a double code-execution bug fixed in 48 hours. And why controversial face-matching company Clearview AI got fined $10m. https://nakedsecurity.sophos.com/us-government-says-patch-vmware-right-now https://nakedsecurity.sophos.com/mozilla-patches-wednesdays-pwn2own-double-exploit https://nakedsecurity.sophos.com/clearview-ai-face-matching-service-fined With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

What does the word "non-commensurate" mean? When is cracking passwords legal? Why did Firefox get patched? Which computer needed dropping onto the desk? Why wasn't this 0-day listed in every Apple update? Did Duck get spammed, or was it actually a troll? https://nakedsecurity.sophos.com/he-cracked-passwords-for-a-living https://nakedsecurity.sophos.com/firefox-out-of-band-update-to-100-0-1 https://nakedsecurity.sophos.com/apple-patches-zero-day-kernel-hole With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

Where does the word "radio" come from? RubyGems supply chain rip-and-replace bug. A weird, weird, weird, weird, weird GoogleDocs bug. Colonial Pipeline back in the cybersecurity news. What about built-in password managers? https://nakedsecurity.sophos.com/rubygems-supply-chain-rip-and-replace-bug https://nakedsecurity.sophos.com/you-didnt-leave-enough-space https://nakedsecurity.sophos.com/colonial-pipeline-facing-1000000-fine https://www.sophos.com/en-us/products/managed-threat-response https://www.sophos.com/en-us/products/managed-threat-response/rapid-response With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

S3 Ep81: Passwords (still with us!), Github, Firefox at 100, and network worms World Password Day (we still need it), Github authentication tokens, Firefox hits a ton, and a look back at network worms. https://nakedsecurity.sophos.com/world-password-day-2022 https://nakedsecurity.sophos.com/firefox-hits-100 https://nakedsecurity.sophos.com/github-issues-final-report With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

The biggest mountain in tne solar system. New ransomware statistics. Trouble with phishing. Bugs in NAS boxes. A giant security hole in Java. And how to get an industrial grade firewall at home for free. https://mars.nasa.gov/gallery/atlas/olympus-mons.html https://nakedsecurity.sophos.com/ransomware-survey-2022 https://nakedsecurity.sophos.com/phishing-goes-kiss https://nakedsecurity.sophos.com/qnap-warns-of-new-bugs https://nakedsecurity.sophos.com/critical-cryptographic-java-security-blunder https://www.sophos.com/en-us/products/free-tools/sophos-xg-firewall-home-edition.aspx With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

Adam Osborne or John Osbourne? Another 0-day in Chrome. How not to choose a cybersecurity holiday destination. The Osbo[u]rne Effect. Cryptododginess that might actually be legal. And the Zilog Z80 versus the Mostech 6502. https://nakedsecurity.sophos.com/yet-another-chrome-zero-day-emergency https://nakedsecurity.sophos.com/us-cryptocurrency-coder-gets-5-years https://nakedsecurity.sophos.com/beanstalk-cryptocurrency-heist With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

Hydra darkweb market decapitated. Ruby module supply chain hole. Quantum computing sidestepped. A robot revolution that could result in ransomware. And the Zuckerberg scam that just won't die. https://nakedsecurity.sophos.com/serious-security-darkweb-drugs-market-hydra https://nakedsecurity.sophos.com/popular-ruby-asciidoc-toolkit-patched https://nakedsecurity.sophos.com/openssh-goes-post-quantum https://nakedsecurity.sophos.com/five-critical-bugs-fixed-in-automatic-hospital-robot With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

Hacking 2022-style. Some Apple bugs. Some Android bugs. Some Firefox bugs. The SATAN network scanner. Some VMware Spring bugs. And hacking PDP-11 style. https://nakedsecurity.sophos.com/lapsus-hacks-continue-despite-two-uk-hacker-suspects https://nakedsecurity.sophos.com/apple-pushes-out-two-emergency-0-day-updates https://nakedsecurity.sophos.com/googles-monthly-android-updates-patch-numerous-get-root-holes https://nakedsecurity.sophos.com/firefox-99-is-out-no-major-bugs-but-update-anyway https://nakedsecurity.sophos.com/two-different-vmware-spring-bugs-at-large With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

The DEADBOLT ransomware. LAPSUS$ members bust - or were they? Zlib patches a 17-year-old bug. Chrome experiences another weird 0-day. And Clippy. Yes, THAT Clippy. No, we're not sure why. https://nakedsecurity.sophos.com/serious-security-deadbolt-the-ransomware https://nakedsecurity.sophos.com/uk-police-arrest-7-hacking-suspects https://nakedsecurity.sophos.com/zlib-data-compressor-fixes-17-year-old-security-bug https://nakedsecurity.sophos.com/google-chrome-patches-mysterious-new-zero-day With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

LAPSUS$ hackers break into Okta. The CryptoRom money-scamming malware is back on phones. OpenSSL gets into an infinite loop. CafePress fined for covering up a data breach. https://nakedsecurity.sophos.com/beware-bogus-betas-cryptocoin-scammers https://nakedsecurity.sophos.com/openssl-patches-infinite-loop-dos-bug https://nakedsecurity.sophos.com/web-vendor-cafepress-fined-500000 https://nakedsecurity.sophos.com/serious-security-how-to-store-your-users-passwords With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

Two ransomware suspects extradited for trial. Apple patches 87 known security holes. Happy Pi Day. What happens if a whole country exits the global internet? https://nakedsecurity.sophos.com/alleged-kaseya-ransomware-attacker-arrives-in-texas https://nakedsecurity.sophos.com/apple-patches-87-security-holes https://nakedsecurity.sophos.com/happy-piday-even-if-you-arent-in-north-america https://news.sophos.com/en-us/will-russias-war-on-ukraine-result-in-less-online-crime With Paul Ducklin and Chester Wisniewski. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)