by Paul Ducklin In this episode, we dig into research that figured out a way to steal data from iPhones wirelessly; we tell the fascinating story of how environmentalist divers in Germany came across an old Enigma cipher machine at the bottom of the Baltic sea; and we give you advice on how to talk

A Kosovan hacker, imprisoned in the United States for stealing personal data belonging to US military and government personnel and sending it to the Islamic State of Iraq and the Levant (ISIL), has been granted compassionate release. Ardit Ferizi was sentenced to 20 years in prison in September 2016 after he confessed to providing material support to

by Paul Ducklin Subway customers in the UK and Ireland were swamped with scam emails yesterday in a phishing campaign that aimed to trick recipients into downloading malware. We received a sample that looked like this (note spelling mistake anather): Subject: YYYY, WE'VE_RECEIVED_YOUR_ORDER! Thanks for shopping with us! You'll find a summary of your recent

An unnamed individual in the United States has pleaded guilty to creating a botnet and using it to launch a series of cyber-attacks against the gaming community before reaching their 18th birthday. The Distributed Denial of Service (DDoS) attacks, carried out in October 2016, caused what the United States Department of Justice described as “massive disruption to

by Paul Ducklin If you’ve been following the news today, you’ve probably seen headlines announcing a breach at the European Medicines Agency (EMA). The EMA, based in Amsterdam in The Netherlands, is responsible for the evaluation and approval of medicines in the European Union – a role reflected in its former name, the European Agency

A man from Texas, charged in January with cyber-stalking realtors across the United States, has been indicted for capital murder in the deaths of two women. Andy Castillo was arrested on January 6 for allegedly cyber-stalking as many as 100 realtors in up to 22 different states.  The 57-year-old Lubbock resident was accused of sending sexually explicit

by Paul Ducklin Environmental group WWF operates a tragically necessary maritime cleanup operation to find and remove so-called “ghost nets” from the sea. A ghost net is any rogue fishing device (often a gill net, dragged behind fishing vessels to snare fish by the gills in large numbers) that has got loose and carries on

A British judge has ruled against extraditing to the United States a man accused of hacking into hundreds of webcams all over the world to spy on victims without their consent. Christopher Taylor allegedly duped 772 victims in 39 countries into downloading computer software called Cammy between August 2012 and July 2015.  By installing the software, victims

by Paul Ducklin Phone scams, where a person or a computer calls you up and tries to trick you into saying, buying or doing something you later regret, are still a prevalent sort of cybercrime. We’ve certainly had our fair share of them recently, sometimes clocking up several fake calls a day. (We can’t tell

A new report on the cybersecurity of the education sector has found that nearly half of the schools in the United States did not implement new training or tools to protect staff and students during the pandemic. The CTNT report “Lessons learned: How education coped in the shift to distance learning” from Malwarebytes details data from 500 students and

by Paul Ducklin Did you know you can join us for a live cybersecurity lecture every Friday? Just keep an eye on the @NakedSecurity Twitter feed or check our Facebook page on Fridays to find out the time we’ll be on air – it’s usually somewhere between 18:00 and 19:00 UK time, which is late

The former chief executive officer of a technology startup based in Virginia has admitted conning investors out of millions of dollars.  Danny Boice pleaded guilty yesterday to one count of securities fraud and one count of wire fraud before senior United States district judge T.S. Ellis III of the Eastern District of Virginia.     Alexandria resident Boice held

A cybersecurity company has urged the rising number of smart sex toy owners to think about protection. Sales of internet-connected sex toys, also known as teledildonics, have increased since lockdown measures were introduced to slow the spread of COVID-19.  In March alone, sex toy revenue in France, Italy, and Spain, where lockdown measures were particularly stringent, exceeded

A trio of companies is launching a new research institute whose intended purpose is to strengthen privacy and trust for decentralized artificial intelligence (AI).  The Private AI Collaborative Research Institute, originally established by Intel‘s University Research & Collaboration Office (URC), is launching as a joint project involving digital security and privacy products vendor Avast and AI software-defined secure computing

Universities and colleges around the world are being targeted by a new phishing campaign, according to fresh research published by RiskIQ. Among the educational establishments to be hit by the Shadow Academy campaign are Louisiana State University (LSU) in the United States and Oxford, Brighton, and Wolverhampton Universities in the United Kingdom. RiskIQ researchers got wind

by Paul Ducklin In this episode: we look at a network intrusion where the crooks tried to take over dozens of different online accounts from every user, we discuss the potential dangers of digital doorbells, and we give you some handy hints for improving your wireless security at home. With Kimberly Truong, Doug Aamoth and

The CEO and co-founder of a billion-dollar cybersecurity company has moved its headquarters out of San Francisco because it’s “not the city it was.” Forty-year-old Orion Hindawi helped to build up two successful companies in the San Francisco Bay Area where he was born. Now he is relocating the head office of Tanium—the endpoint security

by Paul Ducklin Well-known Google Project Zero researcher Ian Beer has just published a blog post that is attracting a lot of media attention. The article itself has a perfectly accurate and interesting title, namely: An iOS zero-click radio proximity exploit odyssey. But it’s headlines like the one we’ve used above that capture the practical

An American hacker has been sent to prison for carrying out a series of cyber and swatting attacks, including sending bogus threats of shootings and bombings to schools in the United Kingdom and the United States. North Carolina resident Timothy Dalton Vaughn also called in a false report of an airplane hijacking involving a jetliner

by Florentino Sanchez Every day is a computer security day, but November 30th is officially Computer Security Day, intended to raise awareness of online security issues and to promote cybersecurity best practices. Days like these are a handy nudge to do a few extra security checks. With that in mind, here are some tips from the

Denmark’s largest news agency has refused to pay a ransom to cyber-criminals who attacked its computer system with ransomware.  Wire service Ritzau was knocked offline following an attack that occurred early last week. The incident infected roughly a quarter of the agency’s 100 servers with malware, causing editorial systems to be shut down. Copenhagen-based Ritzau, which has

by Paul Ducklin Did you know you can join us for a live cybersecurity lecture every Friday? Just keep an eye on the @NakedSecurity Twitter feed or check our Facebook page on Fridays to find out the time we’ll be on air – it’s usually somewhere between 18:00 and 19:00 UK time, which is late

The National Cyber Security Centre (NCSC) is assisting Manchester United in dealing with the cyber-attack which struck the English football club last week. Last Friday, the Premier League side confirmed in a statement that an incident had taken place,  following which affected systems were shut down to “contain the damage and protect data.” One week

There needs to be better steps taken by politicians and social media platforms to deal with fake news, especially as the COVID-19 vaccine is created. Speaking during the Westminster Forum Conference on tackling fake news and online misinformation, event chair Khalid Mahmood MP, shadow defense minister for procurement, said, as we have seen throughout the pandemic,

Steps can be taken to reduce the threat of fake news infiltrating online advertising. Speaking during the Westminster Forum Conference about tackling fake news and online misinformation, Konrad Shek, deputy director, policy and regulation at the Advertising Association, said the advent of disinformation has had an “enormous impact on trust in the media and politics.” He said

The ways in which CISOs should go about transforming the cybersecurity capabilities of an entire organization was discussed during the DTX Cyber Security Mini Summit by Michael Jenkins MBE, CISO at Brunel University. Jenkins previously spent a long career in the military including positions in counter-intelligence, and also played a major role in planning security

by Paul Ducklin It’s the fourth Thursday in November, so it’s not just a day for saying “Happy Thanksgiving” to our US readers… …but also a day for thinking about the cool new gadgets you have in mind for your Black Friday shopping spree tomorrow. (Is it just us, or has Cyber Monday disappeared as

Phishing and social media/email hacks are the most frequently reported cybercrimes in the United States and the United Kingdom, respectively, according to new research by cybersecurity company Clario and British cross-party think-tank Demos. The finding was included in “The Great Cyber Surrender” report, created from the results of a survey of 2,000 people in the UK and the

by Paul Ducklin Hi, everyone – for S3 Ep8, we’ve gone live a day early to take into account the US Thanksgiving holiday on Thursday. (Followed, of course, by Black Friday, so if you’re splashing out online, please take care out there!) This week, we talk to hacker and vulnerability disclosure pioneer, Katie Moussouris. Katie

America’s Cybersecurity and Infrastructure Security Agency (CISA) could soon be on the receiving end of a sizable cash injection to help clear a backlog in state and local vulnerability assessments. A Senate panel is moving to give the Department of Homeland Security’s agency $58m to support the continued reduction of its sizable assessment caseload. According to