How not to steal $46 million from the US government

A Wikipedia security engineer accidentally wakes a dormant JavaScript worm that hadn't stirred since 2024 - and within minutes, giant woodpecker images are plastered across the internet's favourite encyclopaedia.

Meanwhile, a crypto contractor hired to help the US Marshals manage seized digital assets allegedly decides to help himself to $46 million of it - and then brags about it on a recorded Telegram call.

Plus: Graham champions Asterix, Trisha discovers the fantasy novels of Robin Hobb, and someone called "Lick" ends up in the nick.

All this, and much more, in episode 458 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Tricia Howard.

EPISODE LINKS:

Major data leak forum dismantled in global action against cybercrime forum - Europol.
Ericsson blames vendor vishing slip-up for breach exposing thousands of records - The Register.
How hackers bypassed MFA with a $120 phishing kit – until law enforcement shut them down - Hot for Security.
Wikipedia hit by self-propagating JavaScript worm that vandalized pages - Bleeping Computer.
FBI arrests crypto thief accused of stealing $46 million from seized government wallet - Tom’s Hardware.
Twitter thread by ZachXBT about John Daghita’s arrest - Twitter.
Asterix - Wikipedia.
Robin Hobb.
The Complete Farseer trilogy - Harper Collins.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

SPONSORS:

Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
ThreatLocker - Start your free trial and book a demo of ThreatLocker today to see how you can implement Zero Trust in your environment.
Meter - Network infrastructure for the enterprise. Get a free personalised demo.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

FOLLOW THE SHOW:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Oppdag Premium

Prøv 14 dager gratis

Kjøp Premium

Episoder(465)

A breach, a burnout, and a bit of Fleetwood Mac

A critical infrastructure hack hits the headlines - involving default passwords, boasts on Telegram, and a finale that will make a few cyber-crooks wish the ground would swallow them whole. Meanwhile ...

15 Okt 202545min

When your mouse turns snitch, and hackers grow a conscience

Your computer's mouse might not be as innocent as it looks - and one ransomware crew has a crisis of conscience that nobody saw coming.We talk about how something as ordinary as a web page could turn ...

8 Okt 202542min

Salesforce's trusted domain of doom

Researchers uncovered a security flaw in Salesforce’s shiny new Agentforce. The vulnerability, dubbed "ForcedLeak", let them smuggle AI-read instructions in via humble Web-to-Lead form... and ended up...

1 Okt 202543min

The €600,000 gold heist, powered by ransomware

Ransomware doesn’t just freeze computers - it can silence alarms too. And when the Natural History Museum in Paris went dark, thieves helped themselves to €600,000 worth of gold in a daring late-night...

24 Sep 202539min

Lights! Camera! Hacktion!

When "bad actors" stop being hackers and start being... actual actors.This week, Graham and special guest Jenny Radcliffe play “Hacker or Ham?” (yes, Steven Seagal, we’re looking at you), before divin...

17 Sep 202542min

Whopper Hackers, and AI Whoppers

Ever wondered what would happen if Burger King left the keys to the kingdom lying around for anyone to use? Ethical hackers did - and uncovered drive-thru recordings, hard-coded passwords, and even th...

10 Sep 202544min

How hackers turned AI into their new henchman

Your AI reads the small print, and that's a problem. This week in episode 433 of "Smashing Security" we dig into LegalPwn - malicious instructions tucked into code comments and disclaimers that sweet-...

3 Sep 202545min

Oops! I auto-filled my password into a cookie banner

We unpack how some password managers can be tricked into coughing up your secrets, with a clickjacking sleight-of-hand, what website owners can do to prevent it, and how to lock down your personal pas...

27 Aug 202534min

Reklamefrie Premium-podkaster

Hør populære podkaster som Storefri med Mikkel og Herman, Ida med hjertet i hånden, Krimpodden og mye mye mer

Skap din egen podkastboble

I appen skaper du ditt eget bibliotek med favoritter, og vi gir deg også anbefalinger til podkaster du ikke kan gå glipp av.

Prøv 14 dager gratis

Dersom du er ny Podme-bruker får du 14 dager gratis prøveperiode når du oppretter abonnement

Premium

99 kr/ måned

Tilgang til alle våre Premium-podkaster
Alle podkaster fra VG, Aftenposten, BT og SA
Reklamefritt Premium-innhold
Ingen bindingstid. Avslutt når du ønsker

Prøv 14 dager gratis

Premium

129 kr/ måned

Tilgang til alle Premium-podkaster
Alle podkaster fra VG, Aftenposten, BT og SA
Reklamefritt Premium-innhold
Ingen bindingstid. Avslutt når du ønsker
En Ekstra bruker

Prøv 14 dager gratis

Populært innen Politikk og nyheter

rss-utenrikskomiteen-med-bogen-og-grasvik

Historiene og stemmene du vil høre

Ubegrenset tilgang til alle dine favorittpodkaster og lydbøker

Les mer