006: A romantic ransomware hotel break

A self-proclaimed "super hacker" causes problems in the Magic Kingdom, criminals regret trusting Anom phones, and lawsuits are filed against TikTok.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Anna Brading.Plus don't miss our featured interview with Scott McCrady, the CEO of SolCyber Managed Security Services.Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Episode links:Official Disneyland Instagram Account Hacked This Morning! — The Disney blog.Disneyland social media accounts hacked, offensive messages posted — Hot for Security.We Got the Phone the FBI Secretly Sold to Criminals — Vice.Parents Sue TikTok, Saying Children Died After Viewing ‘Blackout Challenge’ — The New York Times.Lawmakers Want Social Media Companies to Stop Getting Kids Hooked — Wired.How Social Media Tricks Us Into Thinking We Are Paying Attention — Forbes.Facebook could be sued for addicting children under California bill — Ars Technica.Kids Are Using Social Media More Than Ever, Study Finds — New York Times.2021 Facebook leak — Wikipedia.California Parents Could Soon Sue for Social Media Addiction — Gizmodo.Absurd Trolley Problems.Weird or Confusing.Google Quick, Draw!Unfinished London — Jay Foreman on YouTube.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.The Secure Developer – A conversational and insightful podcast, that bridges the gap between dev and sec, from Snyk.SolCyber - SolCyber delivers Fortune 500 level cybersecurity for small and medium-sized enterprises. If the bad guys aren’t being discriminating about who they’re attacking, how can you settle for anything less?Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.Become a Patreon supporter for ad-free episodes and our early-release feed!Follow us:Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes. Privacy & Opt-Out: https://redcircle.com/privacy

13 Juli 202254min

A hacked university might have made a profit after paying a cryptocurrency ransom, China suffers possibly the biggest data breach in history, and Reuters investigates digital mercenaries.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Episode links:Dutch university paid $220,000 ransom to hackers after Christmas attack — Graham Cluley.Remarkable development in investigation into Maastricht University cyberattack — Maastricht University.Dutch University profits from returned ransomware payment — The Register.Favorable exchange rate on a fake cryptoexchange — Kaspersky.Tweet from @cz_binance about mega-leak.Vast Cache of Chinese Police Files Offered for Sale in Alleged Hack — Wall Street Journal.How mercenary hackers sway litigation battles — Reuters.Countering hack-for-hire groups — Google.The business of hackers-for-hire threat actors — TechRepublic.Fransdita Muafidin on Instagram.Giant Cats Disturbing Civilization — Geeks are sexy.Watch Good Luck to You, Leo Grande — Hulu.Good luck to you Leo Grande (Trailer) — YouTube.This is Love podcast.Cain's Jawbone — Wikipedia.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.Become a Patreon supporter for ad-free episodes and our early-release feed!Follow us:Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes. Privacy & Opt-Out: https://redcircle.com/privacy

6 Juli 202245min

A new version of the LockBit ransomware offers a bug bounty, women uninstall period-tracking apps in fear of how their data might be used against them, and Microsoft's facial recognition tech no longer wants to know how you're feeling.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Thom Langford from The Host Unknown podcast.Plus don't miss our featured interview with Bitwarden founder and CTO Kyle Spearrin.Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Episode links:LockBit 3.0 introduces the first ransomware bug bounty program — Bleeping Computer.Fake copyright infringement emails install LockBit ransomware — Bleeping Computer.Why US women are deleting their period tracking apps — The Guardian.Privacy not included — Mozilla Foundation.The #1 Period Tracker on the App Store Will Hand Over Data Without a Warrant — Vice.Microsoft is removing emotion recognition features from its facial recognition tech — NBC News.Top 10 Emotional AI Examples in 2022 & Reasons for Success — AI Multiple.Analysis of Speech Features for Emotion Detection: A Review — IEEE Xplore.Microsoft's framework for building AI systems responsibly — Microsoft.The Swedish chemist shop sketch — As performed by Mel Smith and Rowan Atkinson on Not the Nine O'Clock News.Alley Cat — Wikipedia.Play Alley Cat — Internet Archive.Alley Cat Remeow Edition — Game Jolt.reMarkable.SOLAR podcast.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Kolide - the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.Bitwarden - Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.Snyk - Find, prioritize, and fix security vulnerabilities in your code.Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.Become a Patreon supporter for ad-free episodes and our early-release feed!Follow us:Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes. Privacy & Opt-Out: https://redcircle.com/privacy

29 Juni 202259min

Internet-connected jacuzzis find themselves in hot water, and a Google engineer claims that their AI has developed feelings.All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Episode links:Hot Tub Time Machine trailer — YouTube.Hacking into the worldwide Jacuzzi SmartTub network — Eaton Works.SmartTub — Apple iOS App Store.SmartTub — Google Play store.Hot tub hack reveals washed-up security protection — BBC News.Google engineer Blake Lemoine thinks its LaMDA AI has come to life — The Washington Post.Google engineer put on leave after saying AI chatbot has become sentient — The Guardian.AI's most convincing conversations are not what they seem — The Register.Blake Lemoine's blog.Van Gogh Bristol Exhibition: The Immersive Experience.Van Gogh: The Immersive Experience — YouTube.The Inquiry — BBC World Service.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Kolide - the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.Bitwarden - Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.Drata - Put Security and Compliance on Autopilot. Build trust with your customers and scale securely with Drata, the smartest way to achieve continuous SOC 2, ISO 27001 & HIPAA compliance.Support the show:You can help the podcast by telling your friends and colleagues about "Smashing Security", and leaving us a review on Apple Podcasts or Podchaser.Become a Patreon supporter for ad-free episodes and our early-release feed!Follow us:Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes. Privacy & Opt-Out: https://redcircle.com/privacy

22 Juni 202240min

How did a saxophonist sneak sensitive information in and out of the Soviet Union? How might an Apple AirTag have led to murder? And isn't the world of cryptocurrency and blockchain doing just great?All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.Visit https://www.smashingsecurity.com/279 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Sponsored By:Kolide: Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security.You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days. Bitwarden: A password manager is an important tool for generating and saving secure credentials for every online account. Bitwarden makes it easy to stay secure and for businesses to share logins with team members and departments. Open source with published 3rd party security audits, Bitwarden is transparent and secure, utilizing end-to-end and zero knowledge encryption with source code that can be scrutinized by all.Learn how Bitwarden can help you do business faster and more securely at bitwarden.com/smashing and start a free business plan trial today.Drata: Is your organization finding it difficult to achieve compliance and scale its security posture? As G2’s highest rated cloud compliance software, Drata streamlines your SOC 2, ISO 27001, PCI DSS, GDPR & HIPAA compliance and provides 24-hour continuous control monitoring so you focus on scaling securely. Drata is also the only compliance automation platform with a private tenant database. That’s like having your cake and securing it tooCountless security professionals from companies including Notion, FullStory, & BambooHR have shared how crucial it has been to have Drata as a trusted partner in the compliance process. Listeners of Smashing Security can get 10% off Drata and waived implementation fees at smashingsecurity.com/drataSupport Smashing SecurityLinks:Welsh James Bond Timothy Dalton's cello escape in "The Living Daylights" — YouTube.How a Saxophonist Tricked the KGB by Encrypting Secrets in Music — Wired.Woman accused of killing boyfriend using AirTag tracking — The Register.Andre Smith fatally struck by car outside Tilly's Pub, woman charged — Indy Star.Indianapolis woman Gaylyn Morris accused of tracking boyfriend with Apple AirTag, killing him with car, police say — The Washington Post.An update on AirTag and unwanted tracking — Apple.Apple Updates iPhone with 'Safety Check' for Domestic Victims — Gizmodo.Web3 is going just great.Audm - Listen to feature stories from The Atlantic, WIRED, and more.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

15 Juni 202236min

Trouble brews with the Tim Hortons app, Mandiant gets in a tussle with a Russian ransomware gang, and should good faith security researchers be at risk of prosecution?All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Lazarus Heist's Geoff White.Visit https://www.smashingsecurity.com/278 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guest: Geoff White.Sponsored By:Snyk: Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.Get started right now, with a free forever account, at snyk.co/smashingKolide: Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security.You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days. Bitwarden: A password manager is an important tool for generating and saving secure credentials for every online account. Bitwarden makes it easy to stay secure and for businesses to share logins with team members and departments. Open source with published 3rd party security audits, Bitwarden is transparent and secure, utilizing end-to-end and zero knowledge encryption with source code that can be scrutinized by all.Learn how Bitwarden can help you do business faster and more securely at bitwarden.com/smashing and start a free business plan trial today.Support Smashing SecurityLinks:Double-double tracking: How Tim Hortons knows where you sleep, work and vacation — Financial Post.Report: Tim Hortons collected location data without consent — The Register.Joint investigation into location tracking by the Tim Hortons App — Office of the Privacy Commissioner of Canada.Mandiant: “No evidence” we were hacked by LockBit ransomware — Bleeping Computer.Department of Justice Announces New Policy for Charging Cases under the Computer Fraud and Abuse Act — Dept of Justice.DOJ: Congress looked into CFAA updates but effort was stalled by extortion concerns — The Record.The (still) unanswered questions around the CFAA and ‘good faith’ security research — SC Magazine.Sex Education — Netflix.Forest fr1ends — Twitter.Inch Calculator.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

8 Juni 202240min

Ransom acts of kindness are top of our mind, as we also explore how bad bots are hogging more and more of the internet's activity, and look at how deepfakes could be a good thing after all.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Ray [REDACTED].Visit https://www.smashingsecurity.com/277 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guest: Ray [REDACTED].Sponsored By:Bitwarden: A password manager is an important tool for generating and saving secure credentials for every online account. Bitwarden makes it easy to stay secure and for businesses to share logins with team members and departments. Open source with published 3rd party security audits, Bitwarden is transparent and secure, utilizing end-to-end and zero knowledge encryption with source code that can be scrutinized by all.Learn how Bitwarden can help you do business faster and more securely at bitwarden.com/smashing and start a free business plan trial today.Kolide: Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security.You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days. Support Smashing SecurityLinks:Popcorn Time ransomware invites you to get ‘nasty’ to recover your files — Graham Cluley.Rensenware — Wikipedia.GoodWill ransomware forces victims to donate to the poor and provides financial assistance to patients in need — CloudSEK.Bad Bot Report — Imperva.Bad Bot Traffic Report: Almost Half of All 2021 Internet Traffic Was Not Human — CPO Magazine.Automated Threats - web applications — OWASP.Home Stallone [Deepfake] — YouTube.The Emergence of Deepfake Technology: A Review — ResearchGate.Positive Use Cases of Synthetic Media (aka Deepfakes) — Towards Data Science.Deepfake pornography could become an 'epidemic', expert warns — BBC News.Europol report finds deepfake technology could become staple tool for organised crime — Europol.Google quietly bans deepfake training projects on Colab — Bleeping Computer.Japanese man spends £12,500 on ultra-realistic dog costume so he can live like an animal — Daily Mail.Google Colab FAQ.Talky.The Relationship Between Valence and Chills in Music: A Corpus Analysis.Frisson: This playlist is scientifically verified to give you chills — Big Think.A Spotify playlist with 715 songs known to give people chills — Quartz.Songs to give you chills — Spotify playlist.Zen Motoring — BBC iPlayer.Ogmios School of Zen Motoring Ep 1 — YouTube.Zen School of Motoring: TV that will cleanse your spirit like meditation — The Guardian.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

1 Juni 202251min

A browser extension bug let malicious websites spy on webcams, hackers threaten the global food supply chain, and Michael Fish (not that one...) hacked into his female classmates' online accounts, hunting for nude photos and videos.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.Visit https://www.smashingsecurity.com/276 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guest: Mark Stockley.Sponsored By:GoodAccess: GoodAccess - Free Business Cloud VPN for up to 100 Users.Get a cloud VPN with strong network encryption and unprecedented online threat protection. No hardware. 100% free. Just create your team and enjoy GoodAccess forever.Kolide: At Kolide, we believe the supposedly Average Person is the key to unlocking a new class of security detection, compliance, and threat remediation. So do the hundreds of organizations that send important security notifications to employees from Kolide’s Slack app. Collectively, we know that organizations can dramatically lower the actual risks they will likely face with a structured, message-based approach. More importantly, they’ll be able to engage end-users to fix nuanced problems that can’t be automated.Try Kolide Free for 14 Days; no credit card required.Rumble: Rumble, made by the creator of Metasploit, finds many devices connected to your network that other solutions miss, including orphaned machines running outdated operating systems. It can even tell you which machines are missing endpoint protection, from your local network to the cloud. Sign up for a free trial and build your asset inventory in minutes. Get your trial at rumble.runSupport Smashing SecurityLinks:Vote for your favourite cybersecurity podcast in the European Security Blogger Awards!Michael Fish (the weatherman) — Wikipedia."I wish I wish Michael Fish" by Rachel & Nicki — YouTube."John Kettley (Is A Weatherman)" by The Tribe of Toffs — YouTube.Albany Man Sentenced to 111 Months for Stealing Nude Photos of Numerous Victims and Possessing Child Pornography — Department of Justice.Hijacking webcams with Screencastify — Almost Secure.Cyber security: Global food supply chain at risk from malicious hackers — BBC News.4 Predictions for Food and Agriculture in 2022 — Food LogisticsRisks of using AI to grow our food are substantial and must not be ignored, warn researchers — University of Cambridge.With food prices continuing to climb, UN warns of crippling global shortages — NPR.OutHorse Your Email.Solitary Bee Nesting Equipment — Mason Bees.Limelight — BBC Radio 4.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

25 Maj 202254min