Naked Security podcast

Join Naked Security’s Editor-in-Chief Anna Brading and a selection of other Sophos experts as we discuss the top cybersecurity news stories on the Naked Security podcast.

We share our technical knowledge and advice in plain English without stripping out the interesting bits, with lots of laughs along the way.

Our guests are a mix of programmers, researchers and digital specialists with a range of interests and expertise, so there’s something for techies and non-techies alike!

The Naked Security podcast is available on all good podcast apps, or you can listen below. New episode every Wednesday!

S2 Ep33: Ransomware on sale, dark web disaster, dead drops and pillow forts

This week we bring you the podcast from our makeshift home studios (pillow forts). We discuss Dharma ransomware, the tour guide who turned out to be a Chinese spy, and why thousands of dark web sites suddenly vanished.

S2 Ep32: ZoomBombing, Android malware and the WhatsApp Martinelli hoax

Greg explains why the WhatsApp Martinelli hoax has come back in a big way, Duck decompiles some coronavirus-themed Android malware, and Anna tells you what ZoomBombing is and why you really, really need to get the security settings right on your Zoom meetings.

S2 Ep31: Remote working, malwareless ransomware and EARN IT

How to keep your company safe while working remotely, malwareless ransomware attacks, and the latest in the EARN IT saga.

S2 Ep30: Let’s Encrypt, ULTRASOUND attacks, backups for ransom

Why Let’s Encrypt might have to celebrate its billionth certificate twice, wonder if James Bond could hack Siri with ultrasound, and make backups surprisingly interesting.

IWD: biometrics, machine learning, privacy and being a woman in tech

To celebrate International Women’s Day we invite you to this all-female splinter episode. We discuss privacy, biometrics, machine learning, social media, getting into cybersecurity and, of course, what it’s like to be a woman in tech. Host Anna Brading is joined by Hillary Sanders, Michelle Farenci and Alice Duckett.

S2 Ep29: Facial recognition, malware madness and smart speakers

The latest in the Clearview AI debacle, get more tales from the ransomware swamp and discover how often our smart speakers are listening to us.

S2 Ep28: Stalkerware, when cybercrooks return, and phishing gone wild

The stalkerware app that spilled bucketloads of ultrapersonal data, a double-whammy ransomware attack on a homeless charity, and an Amazon Prime-themed phishing attack with a skull-and-crossbones twist.

S2 Ep27: Bluetooth holes, dodgy Chrome extensions and forgotten passwords

Why Google abruptly pulled more than 500 Chrome extensions from its Web Store, the case of a man held in custody for refusing to decrypt two hard drives, and research detailing a number of security holes in Bluetooth chipsets.

S2 Ep26: RobbinHood ransomware, Twitter parodies and SMS 2FA

Peter discusses RobbinHood – the ransomware that brings its own bug. Greg explains how a student’s Twitter account was handed over to their college and Duck talks about SMS 2FA.

S2 Ep25: You’ve seen WHAT on public Trello boards?

Over the past couple of years, Sophos’ Director of Security Craig Jones has discovered a worrying amount of personal data on public Trello boards. Mark says companies shouldn’t microchip their employees and Duck discusses a bug that could have blown a hole in OpenSMTPD.

S2 Ep24: Tinder, angry customers and weleakinfo takedown

This week we discuss 70,000 images being stolen from Tinder, the weleakinfo.com FBI bust and how Sonos annoyed its longstanding customers.

S2 Ep23: Snake ransomware, VPN vulnerabilities and is your phone listening to you?

This week we cover the Snake ransomware, VPN vulnerabilities and decide whether our phones are spying on us. Mark also revisits his growing list of pet peeves and Anna tests whether getting deep fake feet to your phone via SMS is real.

S2 Ep22: Word doc stops fraud, bye bye Python 2, latest from the ransomware swamp

This week we discuss the IT exec who scammed his employer out of $6m with fake invoices and the death of Python 2. Peter also shares two of his latest investigations from the ransomware swamp.

S2 Ep21: Plundervolt, domain name gunfight and Facebook snubs Congress

In this episode, Paul Ducklin explains the Plundervolt attack, Mark Stockley looks into a gunfight over a domain name, and Greg Iddon explores the encryption drama that’s unfolding between Facebook and Congress.

S2 Ep20: Why don’t they send ransomware on floppies anymore?

This week we talk about open-source supply chain madness, the Snatch ransomware gang and tracking concerns with the new iPhone 11.

S2 Ep19: One of us just prevented a ransomware attack

This week Peter Mackenzie shares a happy ransomware story where he saved a casino from attack. We also discuss the children’s smartwatch that leaks sensitive location data and HPE’s warning of impending SSD disk doom.

S2 Ep18: Missing cryptoqueen, festive phishing and can the web be saved?

This week we discuss the large scale crypto-scam which tricked people into investing $400m, Tim Berners-Lee’s proposed principles to save the web from a ‘digital dystopia’, and how to stay safe online during the festive season.

S2 Ep17: Fake AirBnBs, lying ISPs and a glance at the cyberfuture

A huge Airbnb scam ends with promises to verify every host and listing, Mozilla says ISPs are lying to Congress about encrypted DNS and we discuss the SophosLabs 2020 Threat Report.

S2 Ep16: BlueKeep, ransomware and sextortion

Mass ransomware hit Spain earlier this week, BlueKeep’s back and there’s yet another twist in the sextortion saga – we discuss all this and more in the latest episode of our podcast.

S2 Ep15: City under attack! VPN hacked, floppies nixed

We discuss the cyberattack with a difference on the city of Johannesburg, how a hacker accessed company web servers via NordVPN and why the US nuclear weapons command finally ditched 8-inch floppies.

S2 Ep14: Samsung fingerprint fail, mystery black boxes and invisible Android apps

We discuss a screen protector that bypasses fingerprint readers on Samsung’s flagship smartphones, icon-hiding Android adware and a mystery black box.

S2 Ep13.5: All about social media: Growing up online, parent advice and social shaming

In this special splinter episode, host Anna Brading asks guests to offer their personal perspective on social media.

S2 Ep13: Weird Android zero day and other tech fails

We discuss Twitter’s two-factor authentication faux pas [10’51”], the risks of copy and pasting code from Stack Overflow [22’20”] and an Android zero-day with a difference [35’50’].

S2 Ep12: Dark Web, O.MG Cable spying and securing new laptops

We discuss a malicious lightning cable that’s about to hit the mass market [5’50”], the bust of darknet hosting provider CyberBunker[14’33], and in honour of National Cybersecurity Awareness month Anna shares how to secure your new laptop [26’10”].

S2 Ep11: Fleeceware, Chrome bug and the sextortion scam that won’t die

We discuss the realities of user education in honour of National Cybersecurity Awareness Month [1’04”], Greg shares SophosLabs’ latest research into ‘Fleeceware’ [9’27”], Mark explains how Chrome brought Hollywood to a standstill [18’54] and Anna discusses why sextortion emails just won’t die [33’54].

S2 Ep10: Emotet’s back, mutant WannaCry and Insta scam

Ben explains why Emotet is back [2’54”], Peter discusses his latest research into WannaCry [18’37”] and Mark shares the latest Instagram phish [33’36”].

S2 Ep9: DDoSes, privacy and network hacks

Greg discusses the most disruptive DDoS attack in recent memory affecting Wikipedia [5’17”], Mark shares another privacy boost for Firefox users [15’39]” and Duck explains why SSH-stealing NetCAT is not really a problem [29’30”].

S2 Ep8: Facebook leak, $5m ransoms, DNS angst

Peter fights complex and advanced malware here at Sophos and joined us to share the latest ransomware trends [0’37”]. Ben discusses a recent leak of Facebook data that led to the exposure of more than 100 million phone numbers [15’50”] and Duck explains why not everyone is happy about Mozilla’s move towards DNS over HTTPS [31’36”].

S2 Ep7: iPhone attack, Twitter hack and Android bots

Host Anna Brading is joined by Mark Stockley, Paul Ducklin and Matt Boddy. Anna revisits her childhood limerick horror [1’06”], Duck talks iPhone zero days [3’49”], Matt discusses Android botnets [18’25”], and Mark finds out how the founder and CEO of Twitter had his account hijacked [31’07”].

S2 Ep6: Instagram phishing, jailbreaking and social media hoaxes

Host Anna Brading is joined by Mark Stockley and Paul Ducklin to discuss jailbreaking iPhones [2’50”], the latest social media hoax [14’02”] and a sneaky Instagram phishing campaign [28’23”].

S2 Ep5: Phishing, eavesdropping voice assistants and quick fire questions

Host Anna Brading is joined by Ben Jones and Matt Boddy to discuss whether big tech companies like Apple, Google and Facebook are spying on you [1’43”], and to dig into the murky world of phishing [15’57”]. This week there’s also a longer Q&A section [31’04”] to answer your burning cybersecurity questions.

S2 Ep4: iPhone holes, Android malware and romance scams

Host Anna Brading is joined by Paul Ducklin and Matt Boddy. They discuss how iPhone vulnerabilities have changed Apple’s attitude towards cybersecurity researchers [3’50”], the latest twist in romance scams where crooks are recruiting money mules via dating sites [12’43”], and malware in preinstalled apps on Android [26’09”].

S2 Ep3: EvilGnome, leaky browser add-ons and BlueKeep

In this episode: Duck gives a short cybersecurity-flavoured eulogy for his father, who died last week [1’10”]; we lament the woeful state of stock imagery in the cybersecurity industry [3’27”]; Ben tells you how to keep the crooks out of your home network [8’21”]; we discuss whether the government should be able to read our private messages or not [18’10”]; and Mark shares the latest research from Sophos about the Baldr malware and the cybercrooks behind it [29’15”].

S2 Ep2: EvilGnome, leaky browser add ons and the latest on BlueKeep

We discuss EvilGnome Linux malware [5’07”], the latest developments in the BlueKeep saga [15’53”] and whether your browser extensions are spying on you [28’08”].

S2 Ep1: FaceApp, logic bombs and stranger danger

We investigate whether FaceApp is as dangerous as they say [12’57”], how to keep logic bombs out of your software [24’14”], and how to help youngsters stay safe online [35’06”].

Season 2 launch: RDP exposed

Host Anna Brading talks to Matt Boddy, Ben Jones and Mark Stockley about their latest research into RDP attacks and just how quickly crooks can (and will) find you online.