We’re sorry. Wait, did a company actually say that?
Stop the press - a company has actually said "sorry" after a data breach, and hotels are helping hackers phish their own guests.In episode 444 of "Smashing Security" we examine a refreshingly honest breach response (and why legacy systems are still going to ruin your week), dig into a nasty hotel-booking malware campaign that abuses trust in apps and CAPTCHAs, and chat about autonomous pen testing, AI-turbocharged cybercrime, and what CISOs should really be asking on Monday morning.And lost Doctor Who is brought back to life by one very dedicated animator, and we take a look at Eddie Murphy’s career.All this and more is discussed in episode 444 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Tricia Howard.Plus - don't miss our featured interview with Snehal Antani from Horizon3.ai!EPISODE LINKS:A Simple WhatsApp Security Flaw Exposed 3.5 Billion Phone Numbers - Wired.British hacker must repay £4m after hijacking celebrity Twitter accounts - BBC News.Cloudflare experiences a massive outage - LifeHacker.Protecting our Merchants: Standing up to Extortion - Checkout.A miracle: A company says sorry after a cyber attack - and donates the ransom to cybersecurity research - Hot for Security.Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware - The Hacker News.Unmasking a Sophisticated Phishing Campaign That Targets Hotel Guests - Akamai.Doctor Who Animation: Daleks' Master Plan - The Nightmare Begins. Part 1 - YouTube.Doctor Who Animation: Daleks' Master Plan - The Nightmare Begins. Part 2 - YouTube.Being Eddie - Netflix.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Horizon3.ai - Get an autonomous pentest demo and see your network the way attackers do. Visit Horizon3.ai.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.ENJOYED THE SHOW?Make sure to check out our sister podcast, "The AI Fix".Privacy & Opt-Out: https://redcircle.com/privacy
--------
55:22
--------
55:22
Tinder’s camera roll and the Buffett deepfake
Tinder has got a plan to rummage through your camera roll, and Warren Buffett keeps popping up in convincing deepfakes dishing "number one investment tips."Meanwhile, will agentic AI replace your co-hosts before you can say "EDR for robots"? and why you should still read books.All this, plus Lily Allen's new album and Claude Code come up for discussion in episode 443 of the "Smashing Security" podcast, with special guest Ron Eddings.EPISODE LINKS:‘Landfall’ spyware abused zero-day to hack Samsung Galaxy phones - TechCrunch.Cyber insurers paid out over twice as much for UK ransomware attacks last year - The Register.Lost iPhone? Don’t fall for phishing texts saying it was found - Bleeping Computer.Tinder to use AI to get to know users, tap into their Camera Roll photos - TechCrunch.Facebook’s AI can now suggest edits to the photos still on your phone - TechCrunch.Berkshire warns of AI deepfakes impersonating Warren Buffett - Reuters.West End Girl - Wikipedia.West End Girl - Spotify.Claude Code.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:Action1 - Keep your systems safe (and your sanity intact) with the patch management platform that just works. The best part? Your first 200 endpoints are free, forever, with no functional limits.Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Trelica by 1Password - Access Governance for every SaaS app. Discover, manage, and optimize access for any of your SaaS apps - whether managed or unmanaged.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.ENJOYED THE SHOW?Make sure to check out our sister podcast, "The AI Fix".Privacy & Opt-Out: https://redcircle.com/privacy
--------
38:21
--------
38:21
The hack that messed with time, and rogue ransomware negotiators
Time itself comes under attack as a state-backed hacking gang spends two years tunnelling toward a nation’s master clock — with chaos potentially only a tick away.Plus when ransomware negotiators turn to the dark side, what could possibly go wrong?All this and more is discussed in episode 442 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Dave Bittner.EPISODE LINKS:Alleged Meduza Stealer malware admins arrested after hacking Russian org - Bleeping Computer.Tap-and-Steal: The Rise of NFC Relay Malware on Mobile Devices - Zimperium.Postcode Lottery's lucky dip turns into data slip as players draw each other's info - The Register.Chinese Ministry of State Security MSS WeChat post - WeChat.China blames US for cyber break-in, claims America is world's biggest bit burglar - The Register.Chicago firm that resolves ransomware attacks had rogue workers carrying out their own hacks, FBI says - Chicago Sun Times.MicroMacro: Crime City.Star Wars 3.5 foot animated LED R2-D2 - Home Depot.TrackaLacker.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Material - Email security that covers the full threat landscape – stopping new flavors of phishing and pretexting attacks in their tracks, while also protecting accounts and data from exploit or exposure.Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.ENJOYED THE SHOW?Make sure to check out our sister podcast, "The AI Fix".Privacy & Opt-Out: https://redcircle.com/privacy
--------
38:43
--------
38:43
Inside the mob's million-dollar poker hack, and a Formula 1 fumble
Basketball stars have allegedly joined forces with the mafia to fleece high-rollers in a poker scam involving hacked shufflers, covert cameras, and an X-ray card table.Meanwhile, researchers have found they could poke around an FIA driver portal to pull up the personal details of Formula 1 megastars.Plus: Graham’s “Pick of the Week” turns CAPTCHA hell into a delightfully deranged browser game that will make you question vegetables, geometry, and your life choices, while Danny takes a trip to ancient Africa...All this and more is discussed in episode 441 of "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Danny Palmer.EPISODE LINKS:Baohuo, the gray eminence. Android backdoor hijacks Telegram accounts, gaining complete control over them - Dr Web.Cyberattack on Russia’s food safety agency reportedly disrupts product shipments - The Record.Dissecting YouTube's malware distribution network - Check Point.31 Defendants, Including Members and Associates of Organized Crime Families and National Basketball Association Coach Chauncey Billups, Charged in Schemes to Rig Illegal Poker Games - US Department of Justice.How Hacked Card Shufflers Allegedly Enabled a Mob-Fueled Poker Scam That Rocked the NBA - Wired.Every Formula 1 driver on the grid just had their passport and license details leaked - but it could have been so much worse - TechRadar.I’m not a robot - Neal.fun.Can I Beat The CAPTCHA Game? - YouTube.An African History of Africa by Zeinab Badawi - Penguin.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:Action1 - Keep your systems safe (and your sanity intact) with the patch management platform that just works. The best part? Your first 200 endpoints are free, forever, with no functional limits.SecAlerts - SecAlerts makes your job easier by matching vulnerabilities to your software, using information as soon as it’s released. Use code SMASHING for 50% off a year subscription.Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.ENJOYED THE SHOW?Make sure to check out our sister podcast, "The AI Fix".Privacy & Opt-Out: https://redcircle.com/privacy
--------
40:54
--------
40:54
How to hack a prison, and the hidden threat of online checkouts
A literal insider threat: we head to a Romanian prison where “self-service” web kiosks allowed inmates to run wild. Then we head to the checkout aisle to ask why JavaScript on payment pages went feral, and how new PCI DSS rules are finally muzzling Magecart-style skimmers.Plus: Graham reveals his new-found superpower with Keyboard Maestro, and Scott describes a slick new way to whip up beautiful how-to videos with Screen Studio.All this and more is discussed in episode 440 of "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Scott Helme.EPISODE LINKS:What caused the AWS outage - and why did it make the internet fall apart? - BBC News.China blames US for cyber break-in, claims America is world's biggest bit burglar - The Register.Nintendo allegedly hacked by Crimson Collective hacking group - screenshot shows leaked folders, production assets, developer files, and backups - Tom’s Hardware.Romanian inmate hacks into prison IT system, modifies sentences for others - Romania Insider.New Version of PCI DSS Designed to Tackle Emerging Payment Threats - Infosecurity Magazine.What is Magecart? How this hacker group steals payment card data - CSO.Keyboard Maestro.Screen Studio.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:ANON - Find, monitor and remove data about yourself online. Manage your digital footprint with ease. Use code SMASHING for a 25% discount.Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Trelica by 1Password - Access Governance for every SaaS app. Discover, manage, and optimize access for any of your SaaS apps - whether managed or unmanaged.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.ENJOYED THE SHOW?Make sure to check out our sister podcast, "The AI Fix".Privacy & Opt-Out: https://redcircle.com/privacy
Stories from the world of hacking, ransomware, cybersecurity, and rogue AI.Smashing Security isn’t your typical tech podcast. Hosted by cybersecurity veteran Graham Cluley, it serves up weekly tales of cybercrime, hacking horror stories, privacy blunders, and tech mishaps - all with sharp insight, a sense of humour, and zero tolerance for tech waffle.Winner of the best and most entertaining cybersecurity podcast awards in 2018, 2019, 2022, 2023, and 2024, Smashing Security has had over ten million downloads. Past guests include Garry Kasparov, Mikko Hyppönen, and Jack Rhysider.Follow the podcast on Bluesky at @smashingsecurity.com, and subscribe for free in your favourite podcast app.New episodes released at 7pm EST every Wednesday (midnight UK).
México