Security News

Hi, everyone - for S3 Ep8, we've gone live a day early to take into account the US Thanksgiving holiday on Thursday. This week, we talk to hacker and vulnerability disclosure pioneer, Katie Moussouris.

In this episode: we say thanks to companies that refuse to pay ransomware hush money, dig into the new Sophos 2021 Threat Report, and take a quick look inside a malicious Linux kernel driver. A sneak preview of our upcoming podcast interview with bug bounty pioneer Katie Moussouris.

In this episode: When payments go astray, why "Just in case" cybersecurity warnings do more harm than good, how to shop safely on Black Friday and beyond, and what to do when all your emails disappear. WHERE TO FIND THE PODCAST ONLINE. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher, Overcast and anywhere that good podcasts are found.

In this episode: a zero-day bug in Chrome for Android, the imminent death of Adobe Flash, the evolution of "Malware-as-a-service", and the malware risks from image search. WHERE TO FIND THE PODCAST ONLINE. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher, Overcast and anywhere that good podcasts are found.

This week: Facebook scammers trick you with fake copyright notices, voice scammers automate their attacks on the vulnerable, how to tune up your mobile privacy, and the best/worst IT helpdesk call ever. WHERE TO FIND THE PODCAST ONLINE. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher, Overcast and anywhere that good podcasts are found.

This week: the DOJ's attempt to reignite the Battle to Break Encryption; the story of the Russian hackers behind the Sandworm Team; a zero-day bug just patched in Chrome; and why your vocabulary needs the word "Restore" even more than it needs "Backup". WHERE TO FIND THE PODCAST ONLINE. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher, Overcast and anywhere that good podcasts are found.

In this episode, we investigate a smartwatch for kids with a creepy set of functions, discuss Microsoft's short-lived takedown of Trickbot, explain how to avoid the Windows "Ping of Death" bug, and find the source of mysterious beeping from every computer in the office. WHERE TO FIND THE PODCAST ONLINE. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher, Overcast and anywhere that good podcasts are found.

Review: Practical Vulnerability Management: A Strategic Approach to Managing Cyber RiskAndrew Magnusson started his information security career 20 years ago and he decided to offer the knowledge he accumulated through this book, to help the reader eliminate security weaknesses and threats within their system. AWS adds new S3 security and access control featuresAmazon Web Services has made available three new S3 security and access control features.

Join us for the first episode in the brand new Series 3 of our Naked Security Podcast. This week we wonder whether Cybersecurity Awareness Month is a waste of time, explain the concept of "Linkless phishing", ask if it's ever OK to pay a ransomware demand, and advise what to do when the CEO won't stop looking at naughty sites.

Object Ownership is a permission that can be set when creating a new object within an S3 bucket, to enforce the transfer of new object ownership onto the bucket owner. "With the proper permissions in place, S3 already allows multiple AWS accounts to upload objects to the same bucket, with each account retaining ownership and control over the objects. This many-to-one upload model can be handy when using a bucket as a data lake or another type of data repository. Internal teams or external partners can all contribute to the creation of large-scale centralized resources," explained Jeff Barr, Chief Evangelist for AWS. But with this set up, the bucket owner doesn't have full control over the objects in the bucket and therefore cannot use bucket policies to share and manage objects.