Monthly Archives: February 2013

And The Best Corporate Security Blog is...

sba-main-250

Fellow Naked Security writer and industry stalwart Graham Cluley just emailed from San Francisco to tell us that we won the Best Corporate Security Blog in the 2013 Security Bloggers' Awards!

Way to go, team! (And thanks to all our readers who nominated us in the first place.)

Google patches bug that allows attackers to slip past two-factor authentication

google-2-step_thumb

Attackers could - until Google issued a fix last Thursday, that is - bypass Google accounts' two-step login verification, reset a user's master password, and gain full profile control, just by capturing a user's application-specific password.

Rihanna sex video event scam spreads on Facebook

Rihanna sex video event scam spreads on Facebook

Be on your guard if you see any of your Facebook friends post a message about an alleged Rihanna sex video.

Lessons to learn from the UGNazi hacking attacks against Mat Honan and Cloudflare

"You do have to worry about your computer security, but you also need to worry about everybody else's"

Technology journalist Mat Honan and Cloudflare CEO Matthew Prince have something in common - they've both been hacked by the UGNazi hacktivist group.

And what they told the RSA Conference spells bad news for those of us who love to use the internet and embrace cloud-based technologies in our personal and work lives.

Illegal music file sharing drops significantly since 2011

headphones_thumb

The number of people using peer-to-peer (P2P) services to download music fell by 17% last year, compared to 2011, according to a report released yesterday.

Second iPhone passcode hack vulnerability discovered

Vulnerability_thumb

You too can get into somebody's locked iPhone, particularly if you have a prehensile tail and don't mind (almost) placing a phony emergency call. Which you a) probably don't and b) hopefully do.

Targeted malware attack piggybacks on Nvidia digital signature

Nvidia_thumb

Gabor Szappanos from SophosLabs takes a detailed examination of a targeted attack involving multiple stages and an innocent signed application - from the social engineering in the initial lure, to the technical capabilities of the malware it delivers.

Adobe tells users to update Flash Player for the third time this month

Adobe tells users to update Flash Player for the third time this month

Adobe tells computer users to protect themselves against "targeted attacks" that are being "exploited in the wild".

And that means patching Adobe Flash. Again.

Technical paper: Exploring the history and technology of ransomware

whitepaper

A new technical paper from SophosLabs explores the history and technology of ransomware. From payment by SMS to public key encryption, ransomware has certainly evolved.

100,000+ Americans demand legal right to unlock phone

mobilephonelocked

On January 26, US citizens lost the right to unlock their mobile phones. On Thursday, a requisite number of disgruntled people had demanded that the administration examine the issue of giving them back that right.

Traveling to a conference? 8 security tips to keep top of mind

conference250

Conference season 2013 is on. While events like these can be great for networking and mindsharing, there can be computer security dangers lurking about. We've pulled together 8 IT security tips to help you stay ahead of the game.

China blamed for EADS and ThyssenKrupp hack attacks

China blamed for EADS and ThyssenKrupp hack attacks

EADS, maker of the Eurofighter, says that Chinese hackers attacked its computer network last year.

Is your company prepared reducing the likelihood of a successful targeted attack?

Talking Angela iPhone app scare spreads on Facebook

Talking Angela iPhone app scare spreads on Facebook

A warning spreads on Facebook about "Talking Angela", an app that gives your children some animated cat chat.

Malheureusement, it's all too simple for people to share warnings - rather than check if the facts are true.

Researchers claim to have found more zero-day vulnerabilities in Java

Researchers claim to have found more zero-day vulnerabilities in Java

A security research team that has alerted Oracle to a series of security flaws in Java in the past, says that it has uncovered new zero-day vulnerabilities in the software.

No, Iran didn't really hack and down a foreign military spy drone

No, Iran didn't really hack and down a foreign military spy drone

A report by the Islamic Republic News Agency has raised eyebrows, as it appeared to claim that Iranˈs Revolutionary Guard Corps had managed to hack and down a foreign spy drone.

But did it really happen?

Monday review - the hot 22 stories of the week

dow-250

Catch up with anything you might have missed last week – it’s weekly roundup time.

SSCC 103 - Mandiant report, iOS coders owned, Twitter accounts hacked, and more...

chet-chat-feat

Have your joined thousands of others, and become a loyal listener to the "Chet Chat" yet?

Here's the latest Naked Security podcast, Sophos Security Chet Chat 103, discussing a range of recent and newsworthy topics from the world of computer security.

Microsoft admits it was also hit by hackers, malware infects their Mac business unit

Microsoft. Image from Shutterstock

Microsoft joins Facebook and Apple in the list of big companies who have suffered at the hands of malware-bearing hackers.

Facebook turns a deaf ear to users aged over 99

Elderly Facebook user

The social media behemoth apparently never assumed that a person with three digits worth of living to their credit would sign up to use its service.

Tumblr, Twitter and Pinterest users warned after Zendesk support site hack

Tumblr, Twitter and Pinterest users warned after Zendesk support site hack

Hackers have broken into Zendesk's systems, and accessed the email addresses of Tumblr, Twitter and Pinterest customers who had attempted to get support.