(get it in RSS or Atom)

Ransom-taking iPhone hackers busted by Russian authorities


The mystery of the ransom messages from "Oleg Pliss," and the iDevice locking attack that popped up in Australia and the US last month, appears to have been solved.

Phish or legit - Can you tell the difference?

Phish or legit - Can you tell the difference?

If a legitimate email looks like a phishing email, then how are you supposed to spot what is genuine and what isn't? John Shier takes a look.

AOL Mail accounts breached, users advised to change passwords

AOL Mail accounts breached, users advised to change passwords

AOL users, change your passwords. AOL said it is investigating a large-scale breach of AOL Mail accounts in which user passwords, security questions, mail addresses, and contact lists were compromised.

Phishing boom in China bucks global trends

Fish. Image courtesy of Shutterstock.

There's been a sharp upturn in the numbers of phishing pages observed, with the majority of them hosted in China and targeting Chinese victims and sites, according to analysis of world phishing trends from the Anti-Phishing Working Group (APWG).

SSCC 139 - PWN2OWN, browser updates, Target alerts, PCI DSS and phishing [PODCAST]


Is a browser less secure if more people like to hack it? Is it OK to ignore alerts simply because you get too many? Do you back yourself to spot every single phish? And just how smart is the Google Play Store?

Chester and Duck dissect these issues with their usual style in this week's Chet Chat podcast...

Browsers pwned, Korean megabreach, hackers phoiled, and Chet Chat turns 4! [VIDEO]


Which browser plugin withstood PWN2OWN? How big was the latest South Korean megabreach? What happens when hackers attack phishers?

Find out in 60 Second Security...

Our brains work hard to spot phishing scams, but still often fail

Our brains work hard to spot phishing scams, but still fail

Scientists have found a significant increase in brain activity related to problem-solving and decision-making when spotting fake sites. But despite the extra brain-power, it seems we're still pretty bad at it, averaging just a 60% accuracy rate.

"Followup phish" targets possible victims of last month's JP Morgan Chase card breach


Here's a brief reminder of how cybercriminals use real security disasters to cause follow-up disasters of their own.

This time, it's a "followup phish" aimed at JP Morgan Chase customers...

Skype's Twitter account compromised by Syrian Electronic Army

Microsoft's reading Skype messages

Microsoft's Skype brand had its Twitter, Facebook and WordPress accounts hacked by a someone claiming to be the Syrian Electronic Army. The real question is, where was the two-factor?

Jail for phishing gang member who stole £393k from students

Jail for man who phished £393k from UK students

Olajide Onikoyi was one of many criminals who tricked students via a phishing campaign. Victims received emails prompting them to visit a fake student loans website.

Online bank thieves arrested with £80k and a grenade

Online bank thieves arrested in UK with £80k and grenade

Specialist explosives officers in the UK removed what they suspected might have been a live hand grenade in a Tuesday morning raid on what detectives believe is an organized ring of cyber-criminals.

Festive season security myth: "If there are no links in an email, it can't be a phish."


The festive season is a good time to make sure your friends and family haven't fallen in with falsehoods when it comes to computer security.

Paul Ducklin examines an email with no clickable links that was nevertheless a classic phish...

Dutch banks set common rules for online banking. But have they gone far enough?

Dutch banks set common rules for online banking

Dutch banks have agreed on a common framework of rules for their online banking customers, which they will require people to follow if they are to qualify for refunds of money stolen through phishing, carding or other forms of online fraud.

Making phishing more complex - on purpose


A threat that doesn't just attack, but asks you to put in a password first?

Sounds weird, but the trick worked for malware in the past, and is now being used in phishing

Fraser Howard of SophosLabs explains...

Microsoft "failed update" phish might well sound believable - watch out!


Occasionally we find an attempt at phishing that we grudgingly have to admit shows a resourceful sense of occasion.

Here's an example: an email supposedly from Microsoft to sort out the after-effects of recent failed updates...

8 tips for safer online banking

8 tips for safer online banking

Most of us use online banking. But are you making sure you're doing it as safely as possible? Check to make sure you're doing all of these 8 things!

Cybersecurity Awareness Month: 10th anniversary, 10 topical tales


October 2013 marks the 10th anniversary of the USA's annual Cybersecurity Awareness Month (CSAM).

So we thought we'd come up with 10 topics, in vaguely chronological order, that have burst into our collective security concerns at various times in the last decade.

Defending against web-based malware: Spot the smoke, don't wait for fire


Malware rarely gets into your network without some sort of tell-tale signs beforehand.

Learning to spot the metaphorical smoke that precedes the fire of a malware infection is a handy metaphor for keeping your network safe.

SSCC 116 - Google Authenticator, Apple bugs, Facebook data probes, WordPress phishing [PODCAST]


Here you are! Episode #116 of the Sophos Security Chet Chat.

News, opinion, advice and research: Chet and Duck bring you their unique and entertaining combination of all four in their regular podcast.