Naked Security Sophos

How Firefox showed the hand to a widely abused online tracking trick. Why reading from one part of your computer's memory can paradoxically (and sneakily) let you write to another part. And yet more IoT bugs, this time a whole slew of them that go by the moniker "name:wreck".



With Kimberly Truong, Doug Aamoth and Paul Ducklin.



Original music by Edith Mudge



Got questions/suggestions/stories to share?

Email tips@sophos.com

Twitter @NakedSecurity

Instagram @NakedSecurity

Sophos cybersecurity expert Chester Wisniewski provides excellent, topical and timely commentary on the FBI’s recent use of a malware-like method to forcibly clean up hundreds of servers still infected in the Hafnium aftermath.



With Paul Ducklin and Chester Wisniewski



Original music by Edith Mudge



Got questions/suggestions/stories to share?

Email tips@sophos.com

Twitter @NakedSecurity

Instagram @NakedSecurity

We look at the big-money hacks from the 2021 Pwn2Own competition. We investigate the difficulties of hiring an assassin via the dark web. We wrestle with some of the privacy issues relating to COVID-19 infection tracking apps.



With Kimberly Truong, Doug Aamoth and Paul Ducklin.



Original music by Edith Mudge



Got questions/suggestions/stories to share?

Email tips@sophos.com

Twitter @NakedSecurity

Instagram @NakedSecurity

How scammers copied a government website almost to perfection. What to do about those fake "bug" hunters who ask for payment for finding "vulnerabilities" that aren't. Why the Dutch data protection authority fined Booking.com for not sending in a data breach disclosure fast enough.



Useful podcasts and videos mentioned in this episode:

https://nakedsecurity.sophos.com/s3-ep12-a-chat-with-social-engineering-hacker-rachel-tobac

https://nakedsecurity.sophos.com/s3-ep8-a-conversation-with-katie-moussouris

https://nakedsecurity.sophos.com/what-should-you-say-if-you-have-a-data-breach



With Kimberly Truong, Doug Aamoth and Paul Ducklin.



Original music by Edith Mudge



Got questions/suggestions/stories to share?

Email tips@sophos.com

Twitter @NakedSecurity

Instagram @NakedSecurity

Why Apple had to rush out a security update for iDevices. Two cryptographic security holes patched in OpenSSL. How PHP nearly got backdoored by crooks.



With Doug Aamoth and Paul Ducklin.



Original music by Edith Mudge



Got questions/suggestions/stories to share?

Email tips@sophos.com

Twitter @NakedSecurity

Instagram @NakedSecurity

How a social engineer ripped off a victim lured in by one of those "small outstanding fee to pay" home delivery scams. The ransomware crooks targeting networks that still haven’t done their Hafnium patches. And the Linux kernel security holes that lay there undiscovered for 15 years.

Related articles that we refer to in the show:
https://nakedsecurity.sophos.com/beware-the-dhl-delivery-message
https://nakedsecurity.sophos.com/watch-out-scummy-scammers
https://nakedsecurity.sophos.com/s3-ep12-a-chat-with-social-engineering-hacker-rachel-tobac
https://nakedsecurity.sophos.com/blackkingdom-ransomware
https://nakedsecurity.sophos.com/serious-security-webshells-explained
https://nakedsecurity.sophos.com/naked-security-live-hafnium-explained
https://nakedsecurity.sophos.com/serious-security-the-linux-kernel-bugs



With Kimberly Truong, Doug Aamoth and Paul Ducklin.



Original music by Edith Mudge



Got questions/suggestions/stories to share?

Email tips@sophos.com

Twitter @NakedSecurity

Instagram @NakedSecurity