Sophos Podcasts

A supply chain attack that foisted spyware on trusting users. Wi-Fi encryption bypass via left-over data. Surely there should be TWO World Backup Days? https://nakedsecurity.sophos.com/supply-chain-blunder-puts-3cx-telephone-app-users-at-risk https://nakedsecurity.sophos.com/researchers-claim-they-can-bypass-wi-fi-encryption https://nakedsecurity.sophos.com/world-backup-day-is-here-again-5-tips With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

RIP Gordon Moore, the more in Moore's Law. Photo cropping bugfix. DDoS honeypot. E-commerce patches. Apple 0-day and lots more. https://nakedsecurity.sophos.com/in-memoriam-gordon-moore https://nakedsecurity.sophos.com/microsoft-assigns-cve-to-snipping-tool-bug https://nakedsecurity.sophos.com/cops-use-fake-ddos-services https://nakedsecurity.sophos.com/woocommerce-payments-plugin https://nakedsecurity.sophos.com/apple-patches-everything-including-a-zero-day With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

The mobile phone bugs that Google kept quiet, just in case. The mysterious case of ATM video uploads. When redacted data springs back to life. https://nakedsecurity.sophos.com/dangerous-android-phone-0-day-bugs-revealed https://nakedsecurity.sophos.com/bitcoin-atm-customers-hacked-by-video-upload https://nakedsecurity.sophos.com/google-pixel-phones-had-a-serious-data-leakage-bug https://nakedsecurity.sophos.com/windows-11-also-vulnerable-to-acropalypse With Paul Ducklin and Chester Wisniewski Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

The price of fast fashion. Firefox fixes. Feature creep fail curtailed in Patch Tuesday updates. https://nakedsecurity.sophos.com/shein-shopping-app-goes-rogue https://nakedsecurity.sophos.com/firefox-111-patches-11-holes https://nakedsecurity.sophos.com/microsoft-fixes-two-0-days With Paul Ducklin and Chester Wisniewski Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

Memories of Michelangelo (the virus, not the artist). Data leakage bugs in TPM 2.0. Ransomware bust, ransomware warning, and anti-ransomware advice. https://nakedsecurity.sophos.com/serious-security-tpm-2-0-vulns https://nakedsecurity.sophos.com/doppelpaymer-ransomware-supsects-arrested https://nakedsecurity.sophos.com/feds-warn-about-right-royal-ransomware With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

How Woz nearly gave away the Apple I. Rogue software packages. Rogue network "administrators". Rogue keyloggers. Rogue authenticators. https://nakedsecurity.sophos.com/npm-javascript-packages-abused-to-create-scambait https://nakedsecurity.sophos.com/dutch-police-arrest-three-cyberextortion-suspects https://nakedsecurity.sophos.com/lastpass-the-crooks-used-a-keylogger https://nakedsecurity.sophos.com/beware-rogue-2fa-apps-in-app-store-and-google-play With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

The first search warrant for computer storage. GoDaddy breach. Twitter surprise. Coinbase kerfuffle. The hidden cost of success. https://nakedsecurity.sophos.com/godaddy-admits-crooks-hit-us-with-malware https://nakedsecurity.sophos.com/twitter-tells-users-pay-up https://nakedsecurity.sophos.com/coinbase-breached-by-social-engineers With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

The birth of ENIAC. A "sophisticated attack" (someone got phished). A cryptographic hack enabled by a security warning. Valentine's Day Patch Tuesday. Apple closes spyware-sized 0-day hole. https://nakedsecurity.sophos.com/reddit-admits-it-was-hacked- https://nakedsecurity.sophos.com/serious-security-gnutls-follows-openssl https://nakedsecurity.sophos.com/microsoft-patch-tuesday-36-rce-bugs https://nakedsecurity.sophos.com/apple-fixes-zero-day-spyware-implant-bug With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

Cryptocurrency crimelords. Security patches for VMware, OpenSSH and OpenSSL. Medical breacher busted. Is that a bug or a feature? https://nakedsecurity.sophos.com/tracers-in-the-dark https://nakedsecurity.sophos.com/using-vmware-worried-about-esxi-ransomware https://nakedsecurity.sophos.com/openssh-fixes-double-free-memory-bug https://nakedsecurity.sophos.com/openssl-fixes-high-severity-data-stealing-bug https://nakedsecurity.sophos.com/finnish-psychotherapy-extortion-suspect-arrested https://nakedsecurity.sophos.com/password-stealing-vulnerability-reported-in-keypass With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

Do we really need a "war against cryptography" - codes and ciphers that the government can easily crack if it thinks there's an emergency - to cement our collective online security? Hear renowned cybersecurity author Andy Greenberg's thoughtful commentary on this and many other vital issues, including anonymity and privacy, as we talk to him about his tremendous new book, Tracers in the Dark. https://andygreenberg.net https://nakedsecurity.sophos.com https://sophos.com/nobackdoors Original music by Edith Mudge (https://www.edithmudge.com)

The mighty CPU that wasn't. Hive ransomware takedown. Dutch data crime suspect busted. Samba finally gets rid of MD5. GitHub admits to an intrusion. Storing passwords securely. https://nakedsecurity.sophos.com/hive-ransomware-servers-shut-down https://nakedsecurity.sophos.com/dutch-suspect-locked-up https://nakedsecurity.sophos.com/serious-security-the-samba-logon-bug https://nakedsecurity.sophos.com/github-code-signing-certificates-stolen With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

The programming language almost called Oak. GoTo admits to more breach woes. T-Mobile spills 37 million records. Apple patches everything, even iOS 12. And Google mAkES tYpOs for sECurity. https://nakedsecurity.sophos.com/goto-admits-customer-cloud-backups-stolen https://nakedsecurity.sophos.com/t-mobile-admits-to-37000000-customer-records-stolen https://nakedsecurity.sophos.com/apple-patches-are-out-old-iphones https://nakedsecurity.sophos.com/serious-security-how-deliberate-typos-might-improve-dns With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

The HAPPY99 virus reminds us that less is more. Trouble with JSON Web Tokens. Investment scammers busted in Europe. The LifeLock "breach" that wasn't. https://nakedsecurity.sophos.com/popular-jwt-cloud-security-library-patches https://nakedsecurity.sophos.com/multi-million-investment-scammers-busted https://nakedsecurity.sophos.com/serious-security-unravelling-the-nortonlifelock-hack With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: @NakedSecurity (https://twitter.com/nakedsecurity)

Two stories from the underground. Bank scammers busted. The crypto-crack that wasn't. And the end of two Windows eras at the same time. https://nakedsecurity.sophos.com/inside-a-scammers-lair-ukraine-busts-40 https://nakedsecurity.sophos.com/rsa-crypto-cracked-or-perhaps-not https://nakedsecurity.sophos.com/microsoft-patch-tuesday-one-0-day With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: @NakedSecurity (https://twitter.com/nakedsecurity)

The ground-breaking HP-35 digital calculator. Last straw for LastPass? Congress takes on quantum computing. 33 1/3-year-old cybersecurity lessons. Machine learning supply chain attack. https://www.hpmuseum.org/hp35.htm https://nakedsecurity.sophos.com/lastpass-finally-admits-they-did-steal-your-password-vaults https://nakedsecurity.sophos.com/us-passes-the-quantum-computing-cybersecurity-preparedness-act https://nakedsecurity.sophos.com/naked-security-33-1-3-cybersecurity-predictions-for-2023 https://nakedsecurity.sophos.com/pytorch-machine-learning-toolkit-pwned With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: @NakedSecurity (https://twitter.com/nakedsecurity)

Once more unto the breach, dear friends, once more! Paul Ducklin talks to Peter Mackenzie, Director of Incident Response at Sophos, in a cybersecurity session that will alarm, amuse and educate you, all in equal measure. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: @NakedSecurity (https://twitter.com/nakedsecurity)

Join world-renowned Sophos expert Fraser Howard, Director of Research at SophosLabs, for this fascinating episode, recorded during our recent Security SOS Week 2022. When it comes to fighting cybercrime, Fraser truly is a "specialist in everything", and he also has the knack of explaining this tricky and treacherous subject in plain English. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: @NakedSecurity (https://twitter.com/nakedsecurity)

The irony of the CAN-SPAM law. When genuine kernel drivers go rogue. Apple patches everything. Stealing data via secret radio waves. E-commerce supply chain drama. https://nakedsecurity.sophos.com/patch-tuesday-0-days-rce-bugs-and-a-curious-tale https://nakedsecurity.sophos.com/apple-patches-everything-finally-reveals-mystery https://nakedsecurity.sophos.com/covid-bit-the-wireless-spyware-trick- https://nakedsecurity.sophos.com/credit-card-skimming-the-long-and-winding-road With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: @NakedSecurity (https://twitter.com/nakedsecurity)

The worm that wasn't a Goner. LastPass suffers a sting in the data breach tail. Apple's secretive update. Ping o' Death. SIM swapping explained. A Beatles-esque 0-day in Chrome and Edge. https://nakedsecurity.sophos.com/lastpass-admits-to-customer-data-breach https://nakedsecurity.sophos.com/apple-pushes-out-ios-security-update https://nakedsecurity.sophos.com/ping-of-death-freebsd-fixes-crashtastic-bug https://nakedsecurity.sophos.com/sim-swapper-sent-to-prison-for-2fa-cryptocurrency-heist https://nakedsecurity.sophos.com/number-nine-chrome-fixes-another-2022-zero-day With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: @NakedSecurity (https://twitter.com/nakedsecurity)

Christmas wormage. Prurient malware. Cryptorom busts. Voice call spoofing. https://nakedsecurity.sophos.com/cryptorom-pig-butchering-scam-sites-seized https://nakedsecurity.sophos.com/tiktok-invisible-challenge-porn-malware https://nakedsecurity.sophos.com/voice-scamming-site-ispoof-seized-100s-arrested With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: @NakedSecurity (https://twitter.com/nakedsecurity)