006: A romantic ransomware hotel break

The UK Government takes aim at IoT devices shipping with weak or default passwords, a man spends two years incarcerated after being mistaken for the person who stole his identity, and are you au fait with the latest scams?All this and much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Paul Ducklin.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:New laws to protect consumers from cyber criminals come into force in the UK - UK Government.Mirai - Wikipedia.Identity theft victim wrongly locked up for 2 years is exonerated at last - Paul Ducklin.Amount of fraud in UK more than doubled to £2.3bn in 2023, report finds - The Guardian.5 scams you need to know about in 2024 - Which? News.How fraudsters are getting fake articles onto Facebook - BBC News.Five Scams To Beware In 2024 - Forbes Advisor UK.Eerie ‘breathing’ mistake to listen out for exposes costly AI ‘audio deepfake' scam calls that take just seconds to make - The Sun.How to spot fraud - UK Government.Etymology Monday: David Crystal on the word ‘gaggle’ - Literary Minded.Moon - Wikipedia.Baby Reindeer - Netflix.Why row over Baby Reindeer sleuths will change real-life drama for ever - The Guardian.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Sonrai’s Cloud Permissions Firewall – A one-click solution to least privilege without disrupting DevOps. Start a 14 day free trial now!Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.

1 Touko 202454min

Leicester City Council suffers a crippling ransomware attack, and a massive data breach, but is it out of the dark yet? And as election fever hits India we take a close eye at deepfakery.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:When a breach goes from 25 documents to 1.3 terabytes… - Graham Cluley.Leicester street lights stuck on all day due to cyber attack - Leicester Mercury.Top AI researchers race to detect ‘deepfake’ videos: ‘We are outgunned - Washington Post.AI deepfakes threaten to upend global elections. No one can stop them - Washington Post.Models, dead netas, campaigning from jail: How AI is shaping Lok Sabha polls - India Today.Why Elections Take So Long in India - The New York Times.How A.I. Tools Could Change India’s Elections - The New York Times.Bollywood deepfakes fuel AI election meddling fears in India - GG2.World Explained: How India's politicians are using AI to reach voters in the world’s most populous country - The Scotsman.12 Angry Men - Wikipedia.VIA Rail.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Sonrai's Cloud Permissions Firewall - A one-click solution to least privilege without disrupting DevOps. Start a 14 day free trial now!Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.

24 Huhti 202442min

Take That's Gary Barlow chats up a pizza-slinging granny from Essex via Facebook, or does he? And a scam takes a sinister turn - for both the person being scammed and an innocent participant - in Ohio.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Animal Crossing with Garry Kasparov - Smashing Security.Gary Barlow - Wikipedia.I was catfished by a fake Gary Barlow on Facebook - Daily Mail.Video shows Clark County man charged with murder confront Uber driver - Springfield News.Uber driver, 61, shot dead by Ohio man, 81, who was being targeted by scammers - Daily Mail.Boxfit classes - Better.Waschii - PocketSized SolarHeated Washjing Machine - Indiegogo.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Kiteworks – Step into the future of secure managed file transfer with Kiteworks.Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.

17 Huhti 202437min

MPs aren't just getting excited about an upcoming election, but also the fruity WhatsApp messages they're receiving, can we trust AI with our health, and who on earth is pretending to be a producer for the Drew Barrymore TV show?All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by John Hawes.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Naked photos sent in WhatsApp ‘phishing’ attacks on UK MPs and staff - Politico.How I was targeted in the Westminster honeytrap - BBC News.The Westminster honeytrap plotter tried to catch me too - The Times.How Westminster WhatsApp ‘honey trapper’ targeted party conference season - Politico.William Wragg quits Commons roles over Westminster honeytrap - BBC News.A new prescription - The Economist.Change Healthcare faces second ransomware dilemma weeks after ALPHV attack - The Register.‘The Drew Barrymore Show’ Targeted by Fraudsters in Celebrity Scamming Effort - Yahoo! News.‘Drew Barrymore Show' Targeted in Hacking, ID Fraud Scam by Imposter Who Posed as Producer and More - Variety.Guy Fieri Calls Drew Barrymore “Gangster” For Talking With Her “Mouth Full Of Food” On ‘The Drew Barrymore Show’ - Decider. Beware The Fake Drew Barrymore Le Creuset Cookware Giveaway Scam - Malware Tips.Carmen - Royal Opera House.Mandy - BBC iPlayer.Anita de Monte Laughs Last - Bloomsbury.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Kiteworks – Step into the future of secure managed file transfer with Kiteworks.Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.

10 Huhti 202452min

Google says it is deleting your Google Chrome Incognito private-browsing data that it should never have collected anyway. Can a zero-risk millionaire-making bot be trusted? And what countries are banned from buying your sensitive data?All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown's Thom Langford.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Scammer Convinced Investors to Send Him $1.5 Million to Build Magic Money Making Bot - 404.Biden Bans Rival Nations From Buying Sensitive US Data - Good Luck - Wired.6 practical reasons to use Incognito mode in your browser - USA Today.Brown v. Google LLC Settlement Agreement - DocumentCloud.Google agrees to settle $5bn lawsuit claiming it secretly tracked users - The Guardian.Chrome updates Incognito warning to admit Google tracks users in “private” mode - Ars Technica.Google changes wording for Incognito browsing in Chrome - Malwarebytes.The Incognito Mode Myth Has Fully Unraveled - Wired.Google Agrees to Delete ‘Incognito’ Browsing Data to Settle Class-Action Lawsuit - TIME.Amazon refuses to refund me £700 for iPhone 15 it didn’t deliver - Graham Cluley.Concorde - Lego.Cover song: samsung dryer no. 2 - YouTube.Play Drums on Samsung Washing Machine Song - YouTube.With samsung washing machine violinist - YouTube.Samsung Washing Machine Song with Piano [Franz Schubert's "Die Forelle"] - YouTube.Duet for harp and dryer - YouTube.The Washing Machine Song - YouTube.SAMSUNG Washing Machine collaboration - YouTube.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Kiteworks – Step into the future of secure managed file transfer with Kiteworks.Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.

3 Huhti 202451min

Security researchers find a way to unlock millions of hotel rooms, the UK introduces cyberflashing laws, and Google's AI search pushes malware and scams.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by T-Minus's Maria Varmazis.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Unsaflok - Security vulnerabilities in Saflok hotel locks.3 million doors open to uninvited guests in keycard exploit - The Register.Hackers Found a Way to Open Any of 3 Million Hotel Keycard Locks in Seconds - Wired.Google's new AI search results promotes sites pushing malware, scams - Bleeping Computer.Man who sent nude picture to teenage girl is jailed under new cyberflashing laws - The Independent.Cyber-flashing convict is first to be jailed under new law - BBC News.What to do if you’re a victim of cyber flashing and how to report it - Metro.The first cyberflasher has been convicted: meet the woman who made it happen - Yahoo!What is cyber flashing? 'Banter' – or a sinister breach of consent - UK News.Love Island star sent unsolicited pictures online calls for tougher cyber laws - Bristol Live.Secret Agent Shenanigans: 13 Weird Spy Weapons And Gadgets - Stay Weird.Baldur’s Gate 3.Merlin Bird ID - Conell Labs.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Kiteworks – Step into the future of secure managed file transfer with Kiteworks.Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.

27 Maalis 202453min

There's a Bing ding dong, after Microsoft (over?) enthusiastically encourages Chrome users to stop using Google, and silence hits the British Library as it shares its story of a ransomware attack. All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Plus: Don't miss our featured interview with Kolide founder Jason Meller about his firm's acquisition by 1Password.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Search engine market share - Oberlo.A compilation of Bing ads - YouTube.With Edge, Microsoft’s forced Windows updates just sank to a new low - The Verge.Microsoft fixes Edge browser bug that was stealing Chrome tabs and data - The Verge.Is this Microsoft Bing Popup Malware? - Reddit.Microsoft confirms Bing pop-up ads in Chrome on Windows 11 & Windows 10 - Windows Latest.‘A 22-carat disaster’: what next for British Library staff and users after data theft? - The Guardian.LEARNING LESSONS FROM THE CYBER-ATTACK British Library cyber incident review - British Library.The Disturbing Impact of the Cyberattack at the British Library - The New Yorker.Thanks to a shadowy hacker group, the British Library is still on its knees. Is there any way to stop them? - The Guardian.Have we literally broken the English language? - The Guardian.According to the dictionary, "literally" now also means "figuratively" - Salon.Good Morning, Monster: A Therapist Shares Five Heroic Stories of Emotional Recovery - Amazon.Good Morning, Monster - Apple Podcasts.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Kiteworks – Step into the future of secure managed file transfer with Kiteworks.Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.

20 Maalis 202451min

Roku users are revolting after their TVs are bricked by the company, we learn how to make money through conspiracy videos on TikTok, and just how much is your car snooping on your driving?All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Dave Bittner from "The Cyberwire" podcast.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Smashing Security episode 317 - Includes a discussion of which came first - Battle Bots or Robot Wars?“Disgraceful”: Messy ToS update allegedly locks Roku devices until users give in - Ars Technica.Dispute resolution terms - Roku.Enshittification - Wikipedia.Craig Shergold - Wikipedia.“Why TikTok Is Becoming A Conspiracy Playground” - YouTube.Dave Bittner’s AI-generated image of Graham Cluley - Twitter.Graham’s AI-generated video about pig butchering - Twitter.Automakers Are Sharing Consumers’ Driving Behavior With Insurance Companies - New York Times.Drivers concerned as automakers share driving data with insurance companies - NewsByte.Carmakers are sharing driving habits with insurance companies, unbeknownst to owners - TechSpot.Google Arts & Culture.WELI - Kangaroo Time (Club Edit) (From Dance Your PhD 2024 - OVERALL WINNER) - YouTube.Dance Your Ph.D. - Wikipedia.Animal DNA Run - CrazyGames.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Kiteworks – Step into the future of secure managed file transfer with Kiteworks.Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.

13 Maalis 202451min