PurFoods, a US food delivery company trading as Mom’s Meals, recently disclosed a cyberintrusion that occurred from January 16 to February 22, 2023. The company reported that the cyberattack involved the encryption of certain files in their network and could not rule out the possibility of data exfiltration. While it remains uncertain how many people…
In this comprehensive article, the Naked Security podcast discusses various tech-related topics, with Doug Aamoth and Paul Ducklin providing their insights and opinions. The article begins with a humorous exchange between Doug and Paul about their representation of an interrogation mark. They then move on to discuss Miss Manners, an advice columnist who addressed the…
Researchers at Apple device management company Jamf have published a paper titled “Fake Airplane Mode: A mobile tampering technique to maintain connectivity.” The paper reveals that attackers can implant rogue software onto iPhones to carry out a “fake airplane” attack, which tricks users into thinking their device is offline when it is not. This technique…
Card skimmers have taken a backseat in recent years as cybercrime stories focus on ransomware, the darkweb, and supply-chain attacks. Ransomware attacks allow criminals to extract payoffs online, using technologies like the darkweb and cryptocoins. Supply-chain attacks target third parties that regularly handle precious data, allowing criminals to bypass their victims’ networks. In contrast, card…
Rewrite: In this episode of the Naked Security podcast, hosts Doug Aamoth and Paul Ducklin cover a range of topics, including crocodilian cryptocrime, the BWAIN streak, and the importance of touch-typing. They kick off the episode with a discussion on Tech History, highlighting IBM’s presentation of the Automatic Sequence Controlled Calculator (Mark I) to Harvard…
Title: The Risks of Audio Recordings: A New Threat to Privacy and Security Introduction: In today’s digital age, audio recordings have become incredibly easy to create, whether intentionally or accidentally. This poses a significant risk to our privacy, as these recordings can capture conversations that were meant to be private or contain sensitive information. Unlike…
DOUG. Firefox updates, another Bug With An Impressive Name, and the SEC demands disclosure. All that, and more, on the Naked Security podcast. [MUSICAL MODEM] Welcome to the podcast, everybody. I am Doug Aamoth; he is Paul Ducklin. Paul, I hope you will be proud of me… I know you are a cycling enthusiast. I rode…
Another week, another BWAIN! For those who are unfamiliar with the term, BWAIN stands for Bug With An Impressive Name. It refers to the practice of giving new cybersecurity attacks catchy names, registering domain names for them, creating custom websites, and designing logos. In the latest discovery, the attack has been named Collide+Power, which includes…
Last week, the US Securities and Exchange Commission (SEC) announced new rules regarding cybersecurity breach disclosures for individuals and companies under its regulatory authority. The SEC was established during the Great Depression in the 1930s to prevent unregulated speculation that led to the infamous Wall Street crash of 1929. Its mission is to protect investors,…
Apple recently released a full update that includes not only the second Rapid Response patch but also a fix for another zero-day vulnerability. The zero-day in WebKit, which was previously addressed in the Rapid Response patch, has now been accompanied by a fix for a kernel-level vulnerability. Interestingly, the zero-day in WebKit was attributed to…