Sophos Podcasts

Special minisode! Chester Wisniewski, Principal Research Scientist at Sophos, gives you useful and actionable advice to reduce the risk of supply chain attacks. Full transcript: https://nakedsecurity.sophos.com/becybersmart-2021-supply-chain-attacks

Special Minisode! Fraser Howard, Director of Threat Research at Sophos, talks about malware and how to fight it. Fraser's breadth and depth of knowledge in the threat-fighting field is second to none. Full transcript: https://nakedsecurity.sophos.com/becybersmart-2021-week4

Hook up with our forthcoming Live Malware Demo presentation. Why we think you should celebrate Global Encryption Day. A whole new twist on bogus online "friendships". How to stop your network cables giving you away. And why superglue is NOT a cybersecurity tool! Register for the Live Malware Demo: https://jaarbeurs.swoogo.com/tbx2021/registersocially?ref=Sophos Further reading: https://nakedsecurity.sophos.com/becybersmart-2021-week3 https://nakedsecurity.sophos.com/romance-scams-with-a-cryptocurrency-twist https://nakedsecurity.sophos.com/lantenna-hack-spies-on-your-data With Paul Ducklin and Doug Aamoth. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

Apple (you guessed it!) fixes yet another iPhone 0-day. Apache patches an embarrassing bug and then has to patch the patch. It's Fight The Phish week. And the user who got punched right in the nose by a recalcitrant computer. https://nakedsecurity.sophos.com/apple-quietly-patches-yet-another-iphone-0-day https://nakedsecurity.sophos.com/apache-patch-proves-patchy https://nakedsecurity.sophos.com/becybersmart-2021-week2 With Paul Ducklin and Doug Aamoth. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

Apple Pay gets hacked (sort of). DOJ busts four gift card scamming suspects. We give you our top tips for #Cybermonth. Ukrainian Cyberpolice take on ransomware crooks. And, believe it or not, the user that volunteered to RTFM!? https://nakedsecurity.sophos.com/how-to-steal-money-via-apple-pay https://nakedsecurity.sophos.com/gift-card-fraud-four-suspects-hit https://nakedsecurity.sophos.com/gift-card-hack-exposed https://nakedsecurity.sophos.com/becybersmart-2021-week1 https://nakedsecurity.sophos.com/europol-announces-two-more-ransomware-busts With Paul Ducklin and Doug Aamoth. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

Let's Encrypt brings HTTPS to everyone. Researchers rediscover an Outlook data leakage issue. VMware keeps it real. And when the mouse is away, the cat will play. https://nakedsecurity.sophos.com/serious-security-lets-encrypt-gets-ready-to-go-it-alone https://nakedsecurity.sophos.com/how-outlook-autodiscover-could-leak-your-passwords https://nakedsecurity.sophos.com/vmware-patch-bulletin-warns-this-needs-your-immediate-attention With Paul Ducklin and Doug Aamoth. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

A scarily exploitable hole in Microsoft open source code. A simpler take on delivery scams. A Face ID bypass hack, patched for the initial release of iOS 15. And how not to get locked in a cabling closet. https://nakedsecurity.sophos.com/omigod-an-exploitable-hole https://sophos.com/intelix https://nakedsecurity.sophos.com/back-to-basics-as-courier-scammers-skip-fake-fees https://nakedsecurity.sophos.com/ios-15-includes-face-id-fix With Paul Ducklin and Doug Aamoth. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

Apple patches two zero-day bugs. Microsoft patches one zero-day bug. A security researcher finds a fast-food bug (non-insect sort). And a touchpad user turns right into left, and vice versa. https://nakedsecurity.sophos.com/apple-products-vulnerable-to-forcedentry https://nakedsecurity.sophos.com/windows-zero-day-mshtml-attack https://news.sophos.com/big-office-bug-squashed-for-september-2021 https://nakedsecurity.sophos.com/serious-security-how-to-make-sure-you-dont-miss-bug-reports With Paul Ducklin and Doug Aamoth. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

Overlooked security flaw leaves web code vulnerable. A home alarm system that almost anyone can turn off. Some fascinating Firefox bugs fixed. And when you grab your laptop... but it's not yours. https://events.sophos.com/sosweek2021 https://nakedsecurity.sophos.com/poisoned-proxy-pacs https://nakedsecurity.sophos.com/pwned-the-home-security-system With Paul Ducklin and Doug Aamoth. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

Security code flushes out security bugs. Recursion: see recursion. Phishing (and lots of it). And the Windows desktop that got so big it imploded. https://nakedsecurity.sophos.com/big-bad-decryption-bug-in-openssl https://nakedsecurity.sophos.com/skimming-the-cream-recursive-withdrawals https://news.sophos.com/phishing-insights-2021 With Paul Ducklin and Doug Aamoth. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

More money troubles in cryptotown. Trouble with plastic spaghetti. The mouse that conquered Windows. And the embarrassment when you report one of your very own emails as a phish. https://nakedsecurity.sophos.com/japanese-cryptocoin-exchange-robbed https://nakedsecurity.sophos.com/whats-that-on-my-3d-printer-cloud-bug https://nakedsecurity.sophos.com/how-a-gaming-mouse-can-get-you-windows-superpowers With Paul Ducklin and Doug Aamoth. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

Copyright infringement scams that beg you to call. An IoT bug that could be exploited for video snooping and more. A hacker steals $600m and then makes a song and dance out of giving it back. And how Doug's PS5 issues could be solved at last. https://nakedsecurity.sophos.com/copyright-scammers-turn-to-phone https://nakedsecurity.sophos.com/video-surveillance-network-hacked https://nakedsecurity.sophos.com/hacker-grabs-600m-in-cryptocash With Paul Ducklin and Chester Wisniewski. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

Home and small business routers under attack. A hacking tool favoured by crooks gets hacked. The Navajo Nation's selfless cryptographic contribution to America. A cybercrook gets aggrieved at being ripped off by cybercrooks. https://nakedsecurity.sophos.com/home-and-small-business-routers-under-attack https://nakedsecurity.sophos.com/cobalt-strike-network-attack-tool-patches https://www.reaganlibrary.gov/archives/speech/proclamation-4954-national-navaho-code-talkers-day https://nakedsecurity.sophos.com/conti-ransomware-affiliate-goes-rogue With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

The latent 0-day that didn't get reported until it was too late. Retro computing: reliving the TRS-80. Crooks that help you install their malware. And a 5-minute billionaire (who ended up with $400). https://nakedsecurity.sophos.com/microsoft-researcher-found-apple-0-day https://nakedsecurity.sophos.com/bazarcaller-the-malware-gang With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

Apple's emergency 0-day fix. Two sorts of Windows nightmare, neither involving printers. Twitter hacker busted. And our very own Doug ruins a brand new TV. https://nakedsecurity.sophos.com/apple-emergency-zero-day-fix https://nakedsecurity.sophos.com/windows-petitpotam-network-attack https://nakedsecurity.sophos.com/windows-hivenightmare-bug https://nakedsecurity.sophos.com/us-court-gets-uk-twitter-hack-suspect-arrested https://nakedsecurity.sophos.com/porn-blast-disrupts-bail-hearing https://nakedsecurity.sophos.com/s3-ep12-a-chat-with-social-engineering-hacker With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

Learning from computer virus history. The PrintNightmare saga continues. Apple puts out a patch, but doesn't say why. Snitch on a crook and earn $10 million. Scammers do grammar. And the Business Email Compromise that wasn't. https://nakedsecurity.sophos.com/the-code-red-worm-20-years-on https://nakedsecurity.sophos.com/more-printnightmare https://nakedsecurity.sophos.com/apple-iphone-patches-are-out-no-news https://nakedsecurity.sophos.com/want-to-earn-10-million-snitch https://nakedsecurity.sophos.com/home-delivery-scams-get-smarter With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

We explain how a format string bug could lock your iPhone out of your own network. We revisit the PrintNightmare saga, which is sort-of fixed but not really. We look back at the 20-year-old Code Red virus. We look at what cybercriminals spend money on (hint: more cybercrime). And in this week's "Oh! No!", we learn how farm animals can disrupt your network. https://nakedsecurity.sophos.com/take-care-dont-get-tricked https://nakedsecurity.sophos.com/printnightmare-official-patch-is-out https://nakedsecurity.sophos.com/where-do-all-those-cybercrime-payments-go With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

The "Independence Day Weekend" ransomware drama. The PrintNightmare nightmare continues. An email hacker gets his conviction overturned. In this week's Oh! No! story, a server room fills with toxic fumes... This week's articles: https://nakedsecurity.sophos.com/kaseya-ransomware-attackers-say-pay-70-m https://nakedsecurity.sophos.com/printnightmare-the-zero-day-hole https://nakedsecurity.sophos.com/printnightmare-official-patch-is-out https://nakedsecurity.sophos.com/us-email-hacker-gets-his-computer-trespass The IBM 3270 "retrofont" that Duck loves: https://github.com/rbanffy/3270font With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

In this special splintersode, Kimberly Truong talks to Eva Galperin, Director of Security at the Electronic Frontier Foundation. Follow Eva on Twitter: https://twitter.com/evacide TED talk mentioned in podcast: https://www.ted.com/talks/eva_galperin_what_you_need_to_know_about_stalkerware Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

When you spend tens of pounds but get billed thousands because the system mistook the date for the amount. Our tips to make #SocialMediaDay your safest day on social media yet. And a clip from a great new privacy splintersode we'll be airing next week. https://nakedsecurity.sophos.com/british-tourists-charged-1000s https://nakedsecurity.sophos.com/police-warn-of-whatsapp-scams With Kimberly Truong, Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)