Poorly secured SSH servers targeted by Chalubo botnet

SophosLabs has detected a new DDoS botnet targeting poorly secured SSH servers - called Chalubo, it is named in honour of its use of the ChaCha stream cipher.

Former high school teacher pleads guilty to hacking celebrities

A fifth man has pleaded guilty to federal charges of phishing celebrities' and non-celebrities logins and raiding their iCloud accounts for nude photos.

Are you Cyber Aware? How about your friends and family?

A Cyber Aware survey found 30% of Britons still have just one password for all their accounts - so let's help that 30% change their lives!

Patch now! Multiple serious flaws found in Drupal

Drupal website owners have some important patching homework to do.

Phishing is still the most commonly used attack on organizations, survey says

The survey found that the majority of cyberattacks - 75% - came from outsiders, while 25% were due to insiders.

Adult websites shuttered after 1.2 million user details exposed

It's not even close to the number of users affected by the massive Ashley Madison breach, but the results could be just as devastating to those who are affected.

Why is Elon Musk promoting this Bitcoin scam? (He’s not)

While scrolling through my Twitter feed I saw a Bitcoin scam so unabashed that it got me thinking.... do such scams really work?

Pirates! Don’t blame your illegal file sharing on family members

Stop blaming your piracy on your mum. You can no longer avoid liability by saying that a family member had access to your connection.

Popular website plugin harboured a serious 0-day for years

The flaw in the popular file uploader allows an attacker to upload files and run their own command line shell on any affected server.

Alleged robber busted after Facebook-friending victim to apologize

He told her to put down the pizza delivery and all her money on top of it. 26 days later, he found her on Facebook and reached out.

Up to 9.5 million net neutrality comments were fake

New York has expanded its probe to subpoena 14 industry groups and lobbyists, saying that fake comments "distort[ed] public opinion."

Maker of LuminosityLink RAT gets 30 months in the clink

Prosecutors said that the 21-year-old LuminosityLink author had no respect for the law and showed contempt for moral rules and social norms.

Monday review – the hot 20 stories of the week

From a serious libssh bug to the sextortionists that spoof your email address, and all the stories in between. Catch up with everything we've written in the last seven days - it's weekly roundup time.

“We know you watch porn” (and here’s fake proof…) [PODCAST]

Here's Episode 6 of the Naked Security podcast... enjoy!

Serious D-Link router security flaws may never be patched

Six routers with serious security flaws are considered end of life (EOL) and may never be updated.

Apple privacy portal lets you see everything it knows about you

The Apple website's privacy and data area lets you download and correct your data.

The libssh “login with no password” bug – what you need to know [VIDEO]

Here's a video that explains the libssh "no password needed" bug - jargon-free and in plain English. Enjoy...

Is Google’s Android app unbundling good for security?

If you live in the EU, turning on a new Android device after 29 October 2018 could look quite different...

You don’t have to sequence your DNA to be identifiable by your DNA

If you have European ancestry, there's a 60% chance that somebody vaguely related to you can be used to find out who you are.

Apple's New Privacy Pages: Your Reading Assignment!

Twitter publishes data on Iranian and Russian troll farms

Over 1m tweets show that we're suckers for funny/sarcastic/edgy, not so much for blah-blah-blah “news” spreaders.