The arrest of Stephen Arthuro Solis-Reyes, who is alleged to have grabbed 900 Social Insurance Numbers from the Canadian tax authorities over a period of six hours, marks the first time that authorities have apprehended someone in relation to the "heartbleed" bug in OpenSSL.
SSCC 143 - Heartbleed revisited, cybercrooks busted, failed malware cleanup censured by FTC [PODCAST]
From the latest Heartbleed revelations to various successes by law enforcement, Sophos experts Chester Wisniewski and Paul Ducklin take you through the big computer security stories of the week.
Be entertained as you learn from the news, all in our regular quarter-hour podcast format.
The major hardware maker has admitted to a nearly year-long credit card breach - just the latest in a string of companies that have suffered Adobe ColdFusion vulnerabilities-related exploits.
Cyber crooks may have broken into Harley Medical Group, a cosmetic surgery firm with 21 clinics in the UK, to filch the intimate details of about 480,000 potential patients and then try to extort money from the company.
Two high-profile organisations, the UK parenting site Mumsnet and the Canada Revenue Agency, are the first known victims of the Heartbleed OpenSSL vulnerability to experience data breaches.
How hard is Heartbleed recovery? How hard does Google Play try to keep the garbage out? And how hard are you trying to get over XP?
60 Second Security has the answers in a short, fun security video.
Because of the global password reset pandemic caused by Heartbleed, lots of Naked Security readers have asked, "Wouldn't 2FA have helped?"
Paul Ducklin takes a look...
Chet and Duck explain what you can do about the big ticket security news items of the past week.
The epic "Heartbleed" bug in OpenSSL, the last patches ever for XP and Office 2003, and Apple's attitude to updates and support all come under the microscope.
Fallout from the epic Target data breach continues, as state lawmakers seek to hold retailers liable for financial damages caused by breaches spawned by their businesses, rather than financial institutions who issue credit and payment cards.
There is one important reason why you might not want to rush out and change all your passwords on all your services right this minute, and it's a sort-of Catch-22.
Paul Ducklin explains...
"Authorized users" were added to customers' bank accounts, allowing the alleged fraudsters to request new cards in their names to make purchases and withdraw cash. As with other recent cases, the weak link was supposedly working for AT&T in an outsourced job function.
How long did Apple leave holes in Safari? What punishment can a convicted support call scammer expect? And what happens when a liquor store springs a leak?
Find out in 60 Second Security. the security news video that only takes a minute...
"Pfft! What's all the fuss about site hijacking? Just send a few emails and get it fixed!" Well, that's what Jordan Reid thought before her domain got held for ransom. She's since changed her tune, after her own site got whisked away and put on the auction block. Here's how she got it back.
A war of words that started out as a fairly stinging criticism of Amazon has mellowed out into praise for the cloud services behemoth.
It seems that Amazon is checking mobile apps for security risks, and heaping advice on developers who have wandered off the straight and narrow...
Google's asking the high court to rule on the legality of its past snorting of unencrypted WiFi traffic in neighborhoods around the US.
US consumers are spending CRAZY money to replace stolen phones and to insure the pocket-sized thief magnets, says a new report from Creighton University.