Sophos Naked Security

Tales from the honeypot: this time a MySQL-based attack. Old tricks still work, because we're still making old mistakes - here's what to do.

Can you ever call malware art? That question is now up for debate as a Chinese internet artist puts a laptop full of viruses up for auction.

Apple thinks it has come up with a way for advertisers to track how well their ads are doing without compromising user privacy.

Competition regulators investigated Apple due to concerns that people were needlessly repairing or replacing slow phones.

It was triggered by a complaint filed by Dr. Johnny Ryan, CPO of privacy-focused Brave browser, which is fighting Google's search domination.

Nobody got at the subset of G Suite passwords, Google said, apologizing and saying that it's working to ensure this is an isolated incident.

After nine months of alpha testing, a stable release of the Tor browser for Android can now be downloaded from Google’s Play store or direct from the Project’s website.

Mozilla rolled out version 67 of its Firefox browser this week, fixing some security bugs and introducing a host of privacy features.

The mayor said no—for now—to paying 13 Bitcoins to (purportedly) unlock all seized systems. Manual rebuilding could take months.

A security researcher has discovered a massive cache of data on millions of Instagram influencers, publicly accessible for everyone to see.

Sometimes you get a list of ambulance companies, sometimes a blog post on when it's OK to call an ambulance.

Sometimes it's best not to tinker under the hood - especially when it comes to security IDs.

Google & UC San Diego researchers found that only 5 of 27 hacker-for-hire services actually launched attacks against their targets.

Europe’s biggest ISPs and mobile operators are accused of undermining net neutrality rules and user privacy with their use of DPI.

Amnesty International, which was sent the Pegasus spyware via a WhatsApp message, is seeking to stop NSO Group’s "web of surveillance."

The OGUsers forum, which trades in hijacked social accounts, has been hacked, its hard drives wiped, and its user database published online.

Researchers have uncovered another serious bug in WP Live Chat that could lead to the mass compromise of websites.

A company accused of fraudulently obtaining 757,000 IPv4 addresses has been ordered to hand them back.

Privacy-focused browser Brave has criticised an industry proposal it says would make browser fingerprinting easier.

It's not clear who paid Archimedes Group for its reality-warping campaigns, but it's clear disinformation is now a global scourge.