• When security firms get hacked, and your new North Korean remote worker
    Oct 23 2024

    The SolarWinds have returned to haunt four cybersecurity companies who tried to hide their breaches and ended up with their trousers around their ankles, and North Korea succeeds in getting one of its IT workers hired... but what's their plan?

    All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

    Warning: This podcast may contain nuts, adult themes, and rude language.

    Episode links:

    • SolarWinds Sunburst supply chain attack - Wikipedia.
    • Rep. Katie Porter slams SolarWinds for its poor passwords - Twitter.
    • SEC Charges Four Companies With Misleading Cyber Disclosures - SEC.
    • Western firm hacked by North Korean cybercriminal hired as remote IT worker - Computing.
    • Engaging with a Remote Workforce: Statistics and Strategies for Success - Government Events.
    • 67% Of U.S. Employers To Lose Employees To Remote Work In 2024 - Forbes.
    • A company's remote-working hire turns out to be in North Korea. He tried to hold it to ransom - Business Insider.
    • US company accidentally hires North Korean for remote work, gets blackmailed when they try to fire him - IBTimes.
    • Watch “Undercover: Exposing the Far Right” - Channel 4.
    • Undercover film exposing UK far-right activists pulled from London festival - The Guardian.
    • Kermode and Mayo’s Take - YouTube.
    • The Fear of God: 25 Years of the Exorcist – BBC iPlayer.
    • Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

    Sponsored by:

    • 1Password Extended Access Management – Secure every sign-in for every app on every device.
    • Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000...
    Show More Show Less
    31 mins
  • WordPress vs WP Engine, and the Internet Archive is down
    Oct 16 2024
    WordPress's emperor, Matt Mullenweg, demands a hefty tribute from WP Engine, and a battle erupts, leaving millions of websites hanging in the balance. Meanwhile, the Internet Archive, a digital library preserving our online history, is under siege from hackers.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:WP Engine is not WordPress - WordPress.Secure Custom Fields - ​​WordPress.Tweet from Advanced Custom Fields.Advisory: Advanced Custom Fields changes - Tim Nash.WordPress saga escalates as WP Engine plugin forcibly forked and legal letters fly - The Register.Internet Archive hacked, data breach impacts 31 million users - Bleeping Computer.The Internet Archive is still down but will return in ‘days, not weeks’ - The Verge.Dimsdale podcasts - OTR radio drama comedy and more.Jeff Goldblum’s furiously fun Greek gods drama is a masterpiece - The Guardian.KAOS - Netflix.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:1Password Extended Access Management – Secure every sign-in for every app on every device.Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Flashpoint - Access the industry’s best threat data and intelligence.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on
    Show More Show Less
    38 mins
  • Vacuum cleaner voyeur, and pepperoni pact blocks payout
    Oct 9 2024

    Join us as we delve into the world of unexpected security breaches and legal loopholes, where your robot vacuum cleaner might be spying on you, and ordering a pizza could cost you your right to sue.

    All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

    Warning: This podcast may contain nuts, adult themes, and rude language.

    Episode links:

    • We hacked a robot vacuum — and could watch live through its camera - ABC News.
    • Their Uber Driver Crashed. A Pizza Order Unraveled Their Injury Lawsuit - NY Times.
    • A court blocks a couple from suing Uber over a crash, citing terms and conditions - NPR.
    • Taken for a Ride: Parents Can't Sue Uber Over Crash After Daughter's Uber Eats Order - Law.inc
    • New Jersey Court Bars Uber Crash Victims from Lawsuit, Citing App Agreement - The Legal Journal.
    • Couple Seriously Injured in Uber Crash Blocked From Court by Uber Eats Terms - The Insurance Journal.
    • Disney axes bid to stop wrongful death lawsuit over Disney+ terms - BBC.
    • Sherwood - BBC iPlayer.
    • Chocolate Guinness Cake - Nigella.
    • The Best Banana Cake I've Ever Had - Sally's Baking Addiction.
    • My Favorite Carrot Cake Recipe - Sally's Baking Addiction.
    • Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

    Sponsored by:

    • SentinelOne - secure and protect every aspect of your cloud in real-time.
    • 1Password Extended Access Management – Secure every sign-in for every app on every device.
    • Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!

    SUPPORT THE SHOW:

    Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or

    Show More Show Less
    40 mins
  • Breaches in your genes, and Kaspersky switcheroo raises a red flag
    Oct 2 2024

    From family tree to jail cell? A hacker is alleged to have exploited information on genealogy websites to steal millions from public companies. Meanwhile, Kaspersky's US customers are wondering - what on earth is UltraAV?

    All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

    Warning: This podcast may contain nuts, adult themes, and rude language.

    Episode links:

    • U.K. National Charged with Multimillion-Dollar Hack-to-Trade Fraud Scheme - US Department of Justice.
    • Sophos punts anti-virus for Klingons - The Register.
    • Designating Kaspersky Lab Leadership in Response to Continued Cybersecurity Risks - US Department of Treasury.
    • Kaspersky says Uncle Sam snubbed its verification proposal - The Register.
    • Use Kaspersky Antivirus Software? You'll Be Migrated to Pango's UltraAV - PC Mag.
    • Kaspersky software replaced by 'UltraAV' on some US PCs - The Register.
    • Need Instructions on Refunds for those who bought multi-year subscriptions - Kaspersky.
    • US bans Kaspersky antivirus software for alleged Russian links - BBC News.
    • Who gave you permission to put UltraAV on my computer? - Kaspersky Total Security.
    • MusicBrainz Picard - Cross-platform music tagger powered by the MusicBrainz database.
    • 100 Chefs Will Slice Through the Competition in Culinary Class Wars - Netflix.
    • Smashing Security merchandise (t-shirts, mugs, stickers and stuff)


    Sponsored by:

    • SentinelOne - secure and protect every aspect of your cloud in real-time.
    • 1Password Extended Access Management – Secure every sign-in for every app on every device.
    • Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!


    SUPPORT THE SHOW:

    Tell your friends and colleagues about “Smashing

    Show More Show Less
    33 mins
  • The $230 million crypto handbag heist, and misinformation on social media
    Sep 25 2024

    Two men are accused of stealing almost a quarter of a billion dollars from one person's cryptocurrency wallet, but why on earth would they be handing out handbags to strangers? And social media comes under the spotlight once more, as we ask if you are delving into misinformation in your most private moments...

    All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

    Warning: This podcast may contain nuts, adult themes, and rude language.

    Episode links:

    • ZachXBT’s thread on Twitter.
    • Indictment Charges Two in $230 Million Cryptocurrency Scam - Department of Justice.
    • Two men arrested one month after $230 million of cryptocurrency stolen from a single victim - Bitdefender.
    • Skylar Harrison tells her handbag story - TikTok.
    • Social media’s role in fueling extremism and misinformation in a divided political climate - PBS News.
    • Misinformation on social media - statistics & facts - Pew Research.
    • Social Media and News Fact Sheet, 2024 - Pew Research Center.
    • "Hyperactive" by Lasse Gjertsen - YouTube.
    • Cribbage JD - Play Online - Cardsjd.
    • Paddlers Cribbage - L.L. Bean.
    • Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

    Sponsored by:

    • SentinelOne - secure and protect every aspect of your cloud in real-time.
    • 1Password Extended Access Management – Secure every sign-in for every app on every device.
    • Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!


    SUPPORT THE SHOW:

    Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

    Become a supporter via Patreon or

    Show More Show Less
    36 mins
  • TFL security derailed, and is Trump the king of crypto?
    Sep 18 2024

    Transport for London (TfL) suffers a cybersecurity incident and tells its 30,000 staff they will all have to their identities verified... in-person. Who might have been behind the attack and why? Meanwhile, Donald Trump's curious relationship with cryptocurrency is explored.

    All this and Demi Moore is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

    Warning: This podcast may contain nuts, adult themes, and rude language.

    (This episode was recorded before the former US President survived a second assassination attempt)

    Episode links:

    • TFL cybersecurity incident announcement.
    • TFL Employee Hub.
    • DICK'S shuts down email, locks employee accounts after cyberattack - Bleeping Computer.
    • MGM Resorts shuts down IT systems and slot machines go quiet following "cybersecurity incident" - Hot for Security.
    • Teenage suspect in MGM Resorts hack arrested in Britain - The Record.
    • Arrest made in NCA investigation into Transport for London cyber attack - NCA.
    • Donald Trump Prepares to Unveil World Liberty Financial, a Cryptocurrency Business - The New York Times.
    • Behind the Trump Crypto Project Is a Self-Described ‘Dirtbag of the Internet’ - Bloomberg.
    • Cryptocurrency price on July 22: Bitcoin hits $68,000 level, Dogecoin, Avalanche surge up to 11% - The Economic Times.
    • Trump vows to make US ‘world capital of crypto,’ taps Musk for new task force - CoinTelegraph.
    • What bankers need to know about Trump's World Liberty Financial - Yahoo! Finance.
    • Bitcoin soars to two-week high after Trump attack - Reuters.
    • Trump pitches himself as 'crypto president' at San Francisco tech fundraiser - Reuters.
    • Aave fork on...
    Show More Show Less
    38 mins
  • A room with a view, AI music shenanigans, and a cocaine bear
    Sep 11 2024
    It's a case of algorithm and blues as we look into an AI music scam, Ukraine believes it has caught a spy high in the sky, and a cocaine-fuelled bear goes on the rampage.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Ukrainian detained for allegedly installing CCTV cameras to aid Russian attacks - The Record.Russia calls for restrictions on surveillance cameras, dating apps in cities under attack from Ukraine - The Record.Christo and Jeanne-Claude art projects.North Carolina Musician Charged With Music Streaming Fraud Aided By Artificial Intelligence - United States Department of Justice.Man Arrested for Creating Fake Bands With AI, Then Making $10 Million by Listening to Their Songs With Bots - The Futurist.Kobo Clara BW ereader - Kobo.Cocaine Bear: Why? - The Atlantic.Cocaine Bear Official trailer - YouTube.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:1Password Extended Access Management – Secure every sign-in for every app on every device.Sysdig - Secure your cloud in real time. Detect, investigate, and respond to threats at cloud speed.Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Twitter at @SmashinSecurity, or
    Show More Show Less
    34 mins
  • The Godfather club, and AirTags to the rescue
    Sep 4 2024

    There's a whole new dating scam that could mean you end up out of pocket (or beaten up) after a first date with a glamorous admirer, and a woman in Los Alamos uses an Air Tag to entrap a thief.

    Plus - don't miss our featured interview with Maya Levine of Sysdig.

    All this, and a very bad Cockney accent, in the latest edition of the "Smashing Security" podcast by industry veterans Graham Cluley and Carole Theriault.

    Warning: This podcast may contain nuts, adult themes, and rude language.

    Episode links:

    • Mail Theft Suspect Apprehended Using AirTag - Santa Barbara County Sheriff’s Office.
    • Google and Apple deliver support for unwanted tracking alerts in Android and iOS - Google Security blog.
    • Apple and Google deliver support for unwanted tracking alerts in iOS and Android - Apple.
    • Barclays Scams Bulletin: Men more likely to fall victim to romance scams, while women lose more money - Barclays.
    • 3 men trapped by same woman: Journalist on modus operandi of dating app scams - India Today.
    • Mumbai club under fire for 'dating scam' after man gets Rs 61,000 bill - India News.
    • Romance scams in 2024 + online dating statistics - Norton.
    • Tips for romance scams - Better Business Bureau.
    • What to know about romance scams - Consumer Advice.
    • The Godfather club dating app scam in Mumbai - YouTube.
    • What accent does Butcher have in ‘The Boys’? - NME.
    • Shokz bone conduction headphones - Shokz.
    • Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

    Sponsored by:

    • 1Password Extended Access Management - Secure every sign-in for every app on every device.
    • Sysdig - Secure your cloud in real time. Detect, investigate, and respond to threats at cloud speed.
    • Material Security – email security that covers the full threat landscape –
    Show More Show Less
    54 mins