Security

Cyber Security Reviews – Security will bring to our readers whats happening on the Security scene around the world.

0 Comments
by Paul Ducklin [01’08”] Apple’s emergency 0-day fix. [08’51”] A new sort of Windows nightmare, this one not involving printers. [20’39”] Another new sort of Windows nightmare, also with no printers. [27’37”] Twitter hacker busted. [34’50”] Oh! No! Our very own Doug ruins a brand new TV. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge.
0 Comments
by Paul Ducklin You might be forgiven for thinking that July 2021 was Microsoft’s month for cybersecurity vulnerabilities. First there was PrintNightmare in several guises, followed by HiveNightmare (an entirely unrelated bug that nevertheless attracted the “Nightmare” moniker), followed by PetitPotam (which went down the cute aquatic mammal naming path). Now, however, it’s Apple’s turn
0 Comments
by Paul Ducklin [00’38”] Learning from computer virus history.  [02’26”] The PrintNightmare saga continues.  [05’27”] Apple puts out a patch, but doesn’t say why.  [08’12”] Snitch on a crook and earn $10 million.  [17’50”] Scammars do grammer and speeling correctly.  [25’12”] And the Business Email Compromise that wasn’t. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. LISTEN NOW Click-and-drag on the
0 Comments
by Paul Ducklin As if one Windows Nightmare dogging all our printers were not enough… …here’s another bug, disclosed by Microsoft on 2021-07-20, that could expose critical secrets from the Windows registry. Denoted CVE-2021-36934, this one has variously been nicknamed HiveNightmare and SeriousSAM. The moniker HiveNightmare comes from the fact that Windows stores its registry
0 Comments
by Paul Ducklin [01’32”] We explain how a format string bug could lock your iPhone out of your own network.  [08’53”] We revisit the PrintNightmare saga, which is sort-of fixed but not really.  [12’50”] We look back at the 20-year-old Code Red virus.  [18’30”] We look at what cybercriminals spend money on (hint: more cybercrime).  [29’10”] And in this week’s “Oh! No!”, we learn
0 Comments
by Paul Ducklin Just over a week ago, we wrote about the REvil ransomware gang’s latest braggadoccio. As you probably know, ransomware operators like REvil, Clop and others don’t generally work on the front line themselves by conducting the actual network intrusions that deliver the final ransomware warhead. Instead, they recruit teams of “attack affiliates”
0 Comments
by Paul Ducklin “It never rains but that it pours,” as the old weather adage goes. That’s certainly how Microsoft must be seeing things right now, following the official announcement of yet another unpatched vulnerability in the Windows Print Spooler service. Dubbed CVE-2021-34481, this one isn’t quite as bad as the previous PrintNightmare problems, because
0 Comments
by Paul Ducklin About a month ago, a security researcher revealed what turned out to be zero-day bug in Apple’s Wi-Fi software, apparently without meaning to: After joining my personal WiFi with the SSID “%p%s%s%s%s%n”, my iPhone permanently disabled it’s WiFi functionality. Neither rebooting nor changing SSID fixes it :~) pic.twitter.com/2eue90JFu3 — Carl Schou (@vm_call)
0 Comments
by Paul Ducklin Here on Naked Security, we’ve regularly asked the question, or at least implied it: “Where do you think all those cybercrime payments go?” When a ransomware victim hands over a largely anonymous, mostly untraceable quantity of Bitcoin, for example, to pay off a multi-million dollar blackmail demand in the hope of recovering
0 Comments
by Paul Ducklin [00’21”] The “Independence Day Weekend” ransomware drama.  [15’55”] The PrintNightmare nightmare continues.  [24’16”] An email hacker gets his conviction overturned.  [30’35”] In this week’s Oh! No! story, a server room fills with toxic fumes… With Doug Aamoth and Paul Ducklin. Download the IBM 3270 retrofont that Duck admired in the podcast. Intro and outro music by Edith Mudge. LISTEN
0 Comments
The White House has issued another strongly worded warning to the Putin administration: the US will take action against cyber-criminals living in Russia if the Kremlin doesn’t. Press secretary Jen Psaki explained that the two countries are continuing “expert-level” talks in the wake of the meeting between Presidents Biden and Putin last month. Another talk focused
0 Comments
The group behind the crippling supply chain ransomware attack on a US software company has reportedly demanded $70 million in return for a ‘universal’ decryption key, as researchers claim there could be thousands of global victims. It’s believed that the REvil strain was used to compromise Kaseya’s VSA IT management software, although which ransomware affiliate is unknown.
0 Comments
A new Automated Clearing House (ACH) data security rule to protect electronically stored sensitive financial information has come into force in the United States. As of June 30, the ACH Security Framework now requires large, non-financial-institution (Non-Fi) originators, third-party service providers (TPSPs) and third-party senders (TPSs) to protect deposit account information by rendering it unreadable when
0 Comments
by Paul Ducklin [05’32”] When you spend tens of pounds but get billed thousands because the system mistook the date for the amount.  [14’17”] Our tips to make #SocialMediaDay your safest day on social media yet.  [28’06”] A clip from a great new privacy splintersode we’ll be airing next week.  [33’46”] Oh! No! of the week With Kimberly Truong, Doug Aamoth and