What your Oura ring won't tell you

CISA, the US government agency whose entire job is keeping America's critical infrastructure safe from hackers, has had a contractor publish dozens of plain-text credentials to a public GitHub profile.

Meanwhile, your Oura ring is quietly transmitting some of its data unencrypted - and when one journalist asked the company how often it hands user data to law enforcement, the answer was quite telling.

Plus don't miss our featured interview with OPSWAT's Benny Czarny about his new book "Cybersecurity Upside Down."

All this and more in episode 469 of the "Smashing Security" podcast with cybersecurity expert and keynote speaker Graham Cluley, and special guest Lesley Carhart.

EPISODE LINKS:

• Canadian man arrested by international authorities, charged with administrating KimWolf DDoS botnet - US Dept of Justice.
• 700+ education and tech websites hijacked in huge ClickFix malware campaign - Malwarebytes.
• Leaked Documents Reveal Russian ‘Cognitive Strikes’ Against the West - Including Islamophobic ‘Pig Head’ Attacks in Paris - OCCRP.
• Lawmakers Demand Answers as CISA Tries to Contain Data Leak - Krebs On Security.
• US cybersecurity agency CISA reportedly in dire shape amid Trump cuts and layoffs - TechCrunch.
• Oura says it gets government demands for user data. Will it share how many? - This Week In Security.
• Privacy and transparency of fitness tracking devices - Whyli.
• Upfest - Europe’s largest street-art festival.
• Magnets Are Bad For Hardware Again - Hackaday.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

SPONSORS:

• Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
• XBOW - The autonomous offensive security platform that helps security teams scale. Start a pentest today.
• OPSWAT - Read Benny Czarny's book, "Cybersecurity Upside Down", to rethink how you protect your organization from file-based threats, including those powered by AI.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

FOLLOW THE SHOW:

Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy