Smashing Security

A ransomware gang has exploited a security hole in software used by many businesses, and are demanding $70 million for a decryption tool. Plus we take a close look at TikTok, and a website which seems to have entirely ripped-off Twitter.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist and author Chris Stokel-Walker.Visit https://www.smashingsecurity.com/235 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guest: Chris Stokel-Walker.Sponsored By:Privacy.com: Privacy.com lets you buy things online using virtual cards instead of having to use your real ones, protecting your identity and bank information on the internet. Right now, new customers will automatically get $5 to spend on their first purchase. Go to privacy.com/smashing to sign up now.1Password: Did you know that almost two thirds of all IT workers admit to reusing enterprise secrets between different projects, creating a potential gateway for attackers?1Password’s new research report, "Hiding in Plain Sight", reveals the breadth and depth of mismanaged business secrets like code, passwords, credentials, and keys, and that secrets (mis)management is the next big cybersecurity threat.Learn more by reading the full report at 1password.com/resourcesKnowBe4: Did you know that 91% of successful data breaches started with a spear phishing attack?Find out what percentage of your employees are at risk with KnowBe4's free phishing security test.Plus, see how you stack up against your peers with the new phishing industry benchmarks.Find out more at knowbe4.com/freetestSupport Smashing SecurityLinks:REvil ransomware rampages following Kaseya supply-chain attack — Graham Cluley.Swedish Coop supermarkets shut due to US ransomware cyber-attack — BBC News.Kaseya CEO Fred Voccola Addresses Cyberattack and Next Steps for VSA Customers — YouTube.Kaseya Responds Swiftly to Sophisticated Cyberattack, — Press release.Up to 1,500 businesses affected by ransomware attack, U.S. firm's CEO says — Reuters.TikTok's Underlying Tech Is About to Go on Sale — Business Insider.This Is How TikTok Sends User Data to China — Business Insider.TikTok insiders say Chinese parent ByteDance is in control — CNBC.“Happy July 4th!” from Mark Zuckerberg — Instagram.Team Trump quietly launches new social media platform — Politico.Pro-Trump social media app hacked on launch day as half million sign up — Reuters.Pro-Trump social media site Gettr hacked — CNET.The Trump Team’s New Social Media Platform Is Already Flooded With Hentai — Mother Jones.Broken Sword 5: The Serpent's Curse — Revolution Software.This Is a Robbery: The World's Biggest Art Heist — Netflix.Passenger List — Radiotopia.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

7 Jul 202159min

Microsoft warns about a hacking gang that is far from cuddly, algorithms rather than managers are firing people, and our guest receives a surprising email from "Amazon"...And you will NOT want to miss checking out a very special "Pick of the week"!All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by David Bisson.Visit https://www.smashingsecurity.com/234 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guest: David Bisson.Sponsored By:1Password: Did you know that almost two thirds of all IT workers admit to reusing enterprise secrets between different projects, creating a potential gateway for attackers?1Password’s new research report, "Hiding in Plain Sight", reveals the breadth and depth of mismanaged business secrets like code, passwords, credentials, and keys, and that secrets (mis)management is the next big cybersecurity threat.Learn more by reading the full report at 1password.com/resourcesSupport Smashing SecurityLinks:Cozy Bear — Wikipedia.Bears in the Midst: Intrusion Into the Democratic National Committee — Crowdstrike.Coronavirus: Russian cyber spies attempting to steal vaccine research from Britain, US and Canada — Sky News.New Nobelium activity — Microsoft Security Response Center.Smashing Security episode 214: "Lockdown love scams, SolarWinds, and a data deletion bungle."Screenshot of email David received from "Amazon"This $1.3 Million Vibrator Is One Of The World's Most Expensive Sex Toys — Forbes.Amazon Flex.AI at work: Staff 'hired and fired by algorithm' — BBC News.Fired by Bot: Amazon Turns to Machine Managers And Workers Are Losing Out — Bloomberg.Horror stories from Amazon Flex workers — Reddit.Art'n'Doodles from Carole Theriault — Carole.wtf⎌ Nurture ⎌ — Porter Robinson.How John Berger changed our way of seeing art — The Conversation.Ways of Seeing Episode 1, with John Berger — YouTube.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

30 Jun 202156min

We take a look at why Peloton is being accused of ransomware-like behaviour, how one man lost $250,000 in a romance scam, and how a chap called Weiner has found himself in a political pickle.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown's Andrew Agnês.Plus we have a featured interview with KnowBe4 expert Roger Grimes. Don't miss it!Visit https://www.smashingsecurity.com/233 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guests: Andrew Agnês and Roger A Grimes.Sponsored By:1Password: Around 80% of business data breaches result from weak or reused passwords. Using 1Password can close the gaps in your company’s security, combat shadow IT, and help your employees stay both productive and secure, wherever they are.1Password makes the secure thing to do the easiest thing to do. Instant control, effortless management. Quickly deploy 1Password to a single team, multiple teams, or your entire enterprise. Provision employees using trusted systems, respond quickly to domain breach reports, and offer every business user a free 1Password Families account for work-from-home security.Find out more and try 1Password free for 14 days at 1Password.comJumpCloud: JumpCloud’s Directory Platform makes it easier to solve today's IT challenges by unifying device and user management through a single pane of glass.With JumpCloud securely managing your users and their devices, doing common things like onboarding and offboarding remote workers is easy.Try JumpCloud for free today at smashingsecurity.com/jumpcloud and help your organization move to a modern, secure hybrid work model.KnowBe4: Did you know that 91% of successful data breaches started with a spear phishing attack?Find out what percentage of your employees are at risk with KnowBe4's free phishing security test.Plus, see how you stack up against your peers with the new phishing industry benchmarks.Find out more at knowbe4.com/freetestSupport Smashing SecurityLinks:CPSC Warns Consumers: Stop Using the Peloton Tread+ — CPSCPeloton Tread+ Treadmill Safety Incident — YouTube.Peloton Recalls Tread+ Treadmills After One Child Died and More than 70 Incidents Reported — CPSC.Peloton Recalls Tread Treadmills Due to Risk of Injury — CPSC.Tread Lock — Peloton support.Peloton Tread owners now forced into monthly subscription after recall — Bleeping Computer.Is Your Peloton Spinning Up Malware? — McAfee.A fake wedding, and a $250,000 scam — BBC News.Romance fraud advice — Action Fraud.OnlyFans, Twitter ban users for leaking politician's BDSM video — Bleeping Computer.Statement by Zack Weiner — Twitter.Anthony Weiner documentary trailer — YouTube.Blue — Joni Mitchell.Timekettle Voice Language Translator.Finders Keepers trailer — YouTube.Finders Keepers (2015 film) — Wikipedia.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

23 Jun 20211h 22min

Video gaming giant Electronic Arts suffers a hack following slack security, the Japanese Olympics are proving unpopular with everyone apart from cybercriminals, and le coq est mort.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.Visit https://www.smashingsecurity.com/232 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guest: Maria Varmazis.Sponsored By:1Password: Around 80% of business data breaches result from weak or reused passwords. Using 1Password can close the gaps in your company’s security, combat shadow IT, and help your employees stay both productive and secure, wherever they are.1Password makes the secure thing to do the easiest thing to do. Instant control, effortless management. Quickly deploy 1Password to a single team, multiple teams, or your entire enterprise. Provision employees using trusted systems, respond quickly to domain breach reports, and offer every business user a free 1Password Families account for work-from-home security.Find out more and try 1Password free for 14 days at 1Password.comDeep Secure: Deep Secure Threat Removal takes incoming poisoned Word documents, boobytrapped PowerPoint slides and the like, and creates brand new files with just the good stuff (and none of the bad). It is a great way of handling brand new threats coming into organisations via the web, email or file sharing and can run alongside your existing anti-virus. Threat Removal gives you the good stuff by delivering files that are 100% threat-free, fully functional and fully revisable. Visit deep-secure.com/smashingsecurity for more information, and set up your free trial today.JumpCloud: JumpCloud’s Directory Platform makes it easier to solve today's IT challenges by unifying device and user management through a single pane of glass.With JumpCloud securely managing your users and their devices, doing common things like onboarding and offboarding remote workers is easy.Try JumpCloud for free today at smashingsecurity.com/jumpcloud and help your organization move to a modern, secure hybrid work model.Support Smashing SecurityLinks:Coq on GitHub.Alternative names for Coq.Realizing this is getting out of hand, Coq mulls new name for programming language — The Register.Terminology: it's not black and white — NCSC.Hackers Steal Wealth of Data from Game Giant EA — Vice.Japan - COVID-19 Overview — Johns Hopkins.Olympics 2021: When Tokyo Games start and what restrictions will be in place — Irish Mirror.Tokyo Olympic Games: When are they and will they go ahead despite Covid? — BBC News.Tokyo Olympics organizers' data swept up in Fujitsu hack: report — CyberScoop.Tokyo Games organizers hit by data breach and info leak — The Japan Times.XPOL-2-5G antenna — Poynting.Mondo Mascots — Twitter.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

16 Jun 202150min

Criminals are caught in a encrypted chat trap, should you trust Apple's repair team with your sexy snaps, and do you think the FBI should be able to tell who has been reading the USA Today website?All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.And don't miss our featured interview with Dr Simon Wiseman, the CTO of Deep Secure.Visit https://www.smashingsecurity.com/231 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guests: Dave Bittner and Simon Wiseman.Sponsored By:KnowBe4: Did you know that 91% of successful data breaches started with a spear phishing attack?Find out what percentage of your employees are at risk with KnowBe4's free phishing security test.Plus, see how you stack up against your peers with the new phishing industry benchmarks.Find out more at knowbe4.com/freetestDeep Secure: Deep Secure Threat Removal takes incoming poisoned Word documents, boobytrapped PowerPoint slides and the like, and creates brand new files with just the good stuff (and none of the bad). It is a great way of handling brand new threats coming into organisations via the web, email or file sharing and can run alongside your existing anti-virus. Threat Removal gives you the good stuff by delivering files that are 100% threat-free, fully functional and fully revisable. Visit deep-secure.com/smashingsecurity for more information, and set up your free trial today.1Password: Around 80% of business data breaches result from weak or reused passwords. Using 1Password can close the gaps in your company’s security, combat shadow IT, and help your employees stay both productive and secure, wherever they are.1Password makes the secure thing to do the easiest thing to do. Instant control, effortless management. Quickly deploy 1Password to a single team, multiple teams, or your entire enterprise. Provision employees using trusted systems, respond quickly to domain breach reports, and offer every business user a free 1Password Families account for work-from-home security.Find out more and try 1Password free for 14 days at 1Password.comSupport Smashing SecurityLinks:AFP-led Operation Ironside smashes organised crime — Australian Federal Police.AN0M: Hundreds arrested in massive global crime sting using messaging app — BBC News.Fake encrypted app cooked up over beers by Aussie cops and the FBI leads to global sting — Daily Mail.FBI Effort to Expose 'USA Today' Readers Was Likely Unlawful, Experts Say — Gizmodo.Sunrise, Florida, shooting: 2 FBI agents killed in shootout identified — USA Today.Apple paid woman millions after technicians used her iPhone to post explicit videos — The Guardian.Get your iPhone, iPad, or iPod touch ready for service — Apple Support.The Three Investigators.Mini Motorways.Mini Motorways gameplay video — YouTube.Mini Metro — A strategy simulation game about designing a subway map for a growing city.Love Death & Robots review – prestige TV with added sexbots — The Guardian.Netflix’s Love, Death & Robots Volume 2 Ranked Best to Worst — Vulture.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

9 Jun 20211h 8min

The US military has been caught exposing its nuclear weapons secrets, and we explore the world of nerdy miners.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by "Lola."Visit https://www.smashingsecurity.com/230 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Sponsored By:1Password: Around 80% of business data breaches result from weak or reused passwords. Using 1Password can close the gaps in your company’s security, combat shadow IT, and help your employees stay both productive and secure, wherever they are.1Password makes the secure thing to do the easiest thing to do. Instant control, effortless management. Quickly deploy 1Password to a single team, multiple teams, or your entire enterprise. Provision employees using trusted systems, respond quickly to domain breach reports, and offer every business user a free 1Password Families account for work-from-home security.Find out more and try 1Password free for 14 days at 1Password.comJumpCloud: JumpCloud’s Directory Platform makes it easier to solve today's IT challenges by unifying device and user management through a single pane of glass.With JumpCloud securely managing your users and their devices, doing common things like onboarding and offboarding remote workers is easy.Try JumpCloud for free today at smashingsecurity.com/jumpcloud and help your organization move to a modern, secure hybrid work model.Deep Secure: Deep Secure Threat Removal takes incoming poisoned Word documents, boobytrapped PowerPoint slides and the like, and creates brand new files with just the good stuff (and none of the bad). It is a great way of handling brand new threats coming into organisations via the web, email or file sharing and can run alongside your existing anti-virus. Threat Removal gives you the good stuff by delivering files that are 100% threat-free, fully functional and fully revisable. Visit deep-secure.com/smashingsecurity for more information, and set up your free trial today.Support Smashing SecurityLinks:WarGames (1983 movie starring Matthew Broderick) — Wikipedia.Cram: Create and Share Online Flashcards.Chegg flashcards.US Soldiers Expose Nuclear Weapons Secrets Via Flashcard Apps — Bellingcat.'Three nerds' linked to massive Bitcoin mine found in Sandwell warehouse — Birmingham Mail.Sandwell Bitcoin mine found stealing electricity — BBC News.The Berglas Effect: Magic's Best Card Trick — The New York Times.David Berglas and the Legendary Berglas Effect — YouTube.West Cork podcast — Acast.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

2 Jun 202141min

A big cheese ends up in jail, a Japanese dating site spills the dirt after a hack, and we learn all about the right to repair.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Paul Roberts from The Security Ledger.Plus don't miss our featured interview with Javvad Malik from KnowBe4.Visit https://www.smashingsecurity.com/229 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guests: Javvad Malik and Paul F Roberts.Sponsored By:KnowBe4: Did you know that 91% of successful data breaches started with a spear phishing attack? Find out what percentage of your employees are at risk with KnowBe4's free phishing security test. Plus, see how you stack up against your peers with the new phishing industry benchmarks. Find out more at knowbe4.com/freetestOneLogin: According to the OneLogin IAMokay Mental Health Survey, more than 77% of technology leaders have said that their work-related stress increased due to the COVID-19 pandemic. As a result, CISOs and IT executives have been under ever-increasing pressure - leading to deteriorating mental health, addiction issues, and even suicidal thoughts and tendencies. OneLogin's message? You're not alone. Attend their live event on Weds May 26, "Keeping the Mind Clear and the Company Secure" at smashingsecurity.com/oneloginiamokay1Password: With 1Password you only ever need to memorize one password. All your other passwords and important information are protected by your Master Password, which only you know. Take the 14 day free trial now.Support Smashing SecurityLinks:Cheese Is Addictive As Drug: Dairy Product Triggers Brain Region Linked To Addiction — Tech Times.How Police Secretly Took Over a Global Phone Network for Organized Crime — Motherboard.Liverpool man latest to be jailed as part of national Operation Venetic — Merseyside Police.Hard cheese: Stilton snap shared via EncroChat leads to drug dealer's downfall — The Register.Automakers Hype Hacking Threat To Sink Pro-Repair Measure — Forbes.FTC Report Slams OEM Restrictions on Repair — Fight to Repair.securepairs.org – IT pros fight for a fixable future.Apology for dating breach (Japanese).Coronavirus: Why dating feels so different now — BBC Worklife.How Covid-19 has upended dating for singles — Vox.Japan's biggest dating app hit by major cyberattack — TechRadar.Omiai(お見合い)The Pursuit of Love — BBC.Adapting The Pursuit of Love for BBC One — BBC Writers Room.The Colonial pipeline ransomware hackers had a secret weapon: self-promoting cybersecurity firms — MIT Technology Review.Obscura.Fstoppers Reviews Obscura 2: A Superb iOS Photo App that Rethinks the 'Interface' — Fstoppers.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

26 Mai 20211h 11min

The Colonial Pipeline attack has shone light on the activities of the Darkside ransomware gang, we take a skeptical look at cryptocurrencies and the blockchain, and Eufy security cameras suffer an embarrassing security failure.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by BBC technology correspondent Rory Cellan-Jones.Plus don't miss our featured interview with Vanessa Pegueros of OneLogin.Visit https://www.smashingsecurity.com/228 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guests: Rory Cellan-Jones and Vanessa Pegueros.Sponsored By:1Password: With 1Password you only ever need to memorize one password. All your other passwords and important information are protected by your Master Password, which only you know. Take the 14 day free trial now.Skiff: We store more personal information on our devices than we do in our homes. Where do you go online when you want to write or share something privately?Skiff is the first collaboration platform built for privacy from the ground up. Every document, note, and idea you write is end-to-end encrypted and completely private. Only you and your trusted collaborators - no one else, not even Skiff - can see what you've created.Skiff is offering listeners of Smashing Security early access. Sign up now: skiff.org/smashingOneLogin: According to the OneLogin IAMokay Mental Health Survey, more than 77% of technology leaders have said that their work-related stress increased due to the COVID-19 pandemic.As a result, CISOs and IT executives have been under ever-increasing pressure - leading to deteriorating mental health, addiction issues, and even suicidal thoughts and tendencies. OneLogin's message? You're not alone. Attend their live event on Weds May 26, "Keeping the Mind Clear and the Company Secure" at smashingsecurity.com/oneloginiamokaySupport Smashing SecurityLinks:Major US oil pipeline shut down after ransomware attack — Graham Cluley.Abrdn: Standard Life Aberdeen vowel-less rebrand mocked — BBC News.DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized — Brian Krebs.Colonial Pipeline did pay ransom to hackers, sources now say — CNN.Darkside Retreats to the Dark — Kim Zetter on Substack.Elliptic Follows the Bitcoin Ransoms Paid by Colonial Pipeline and Other DarkSide Ransomware Victims — Elliptic."Always On: Hope and Fear in the Social Smartphone Era" by Rory Cellan-Jones — Bloomsbury.Eufy privacy breach leaks both live and recorded cam feeds — 9to5 Mac.WARNING Disconnect any Eufy Security products you own immediately — Reddit.Server glitch allowed Eufy owners to see through other homes’ cameras — The Verge.Crown Court (TV series) — Wikipedia.Fulchester Crown Court — Fan website.Crown Court - The Jawbone of an Ass (1978) — YouTube.Crown Court - Treason — YouTube.BBC Weather app for Android — Google Play Store.‎BBC Weather app for iOS — iOS App Store.The Hyacinth Disaster - A Sci Fi Audio Drama.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

19 Mai 20211h 12min