Saturday, June 25, 2022
Smashing Security

280: Hot tub hijinx, and a sentient AI

Internet-connected jacuzzis find themselves in hot water, and a Google engineer claims that their AI has developed feelings. All this and more is discussed in the latest edition of the "Smashing Security"...
Smashing Security

279: Encrypted notes, and a deadly case of AirTag spying

How did a saxophonist sneak sensitive information in and out of the Soviet Union? How might an Apple AirTag have led to murder? And isn't the world of cryptocurrency...
Smashing Security

278: Tim Hortons, avoiding sanctions, and good faith security research

Trouble brews with the Tim Hortons app, Mandiant gets in a tussle with a Russian ransomware gang, and should good faith security researchers be at risk of prosecution? All this and much...
Smashing Security

277: Bad bots, cheeky ransoms, and good deepfakes

Ransom acts of kindness are top of our mind, as we also explore how bad bots are hogging more and more of the internet's activity, and look at how deepfakes could...
Smashing Security

276: Webcam extortion, Michael Fish, and food foul-ups

A browser extension bug let malicious websites spy on webcams, hackers threaten the global food supply chain, and Michael Fish (not that one...) hacked into his female classmates' online accounts, hunting...
Smashing Security

275: Jail for Bing, and mental health apps may not be good for you

A man hacks his employer to prove its security sucks, Telegram provides a helping hand to the Eternity Project malware, and what the heck do mental health apps think they're up...
Smashing Security

274: Hands off my biometrics, and a wormhole squirmish

Clearview AI receives something of a slap in the face, and who is wrestling over an internet wormhole? All this and more is discussed in the latest edition of the "Smashing Security"...
Smashing Security

273: Password blips, and who's calling the airport?

We find out why calls to Dublin airport's noise complaints line have soared, and Carole quizzes Graham to celebrate World Password Day. All this and more is discussed in the latest edition...
Smashing Security

272: Going ape over the Kardashians, and the face of romance scams

Members of The Bored Ape Yacht Club get that sinking feeling, unwittingly launches hundreds of romance scams, and is an as-yet unseen Kim Kardashian sex tape a load of old Roblox? All...
Smashing Security

271: Crypto break-in, Google blurring, and mics not muting

A man loses $650,000 from his cryptocurrency wallet after his Apple iCloud account is hacked, video conferencing apps may not be muting your mic quite the way you imagined, and Google...
Smashing Security

270: Bearded Barbie, EDR scams, and hobbyist crime detectives

Pulchritudinous women with glossy long hair are targeting Israeli officials via Facebook - but why? Scammers have found a new way to gain access to your most sensitive information - but...
Smashing Security

269: Trezor Deep Throat, a CCTV stalker, and Amazon's list of banned words

There's monkey business involving cryptocurrency thieves and MailChimp, a stalker exploits his ex-partner's CCTV cameras, and what are the naughty words Amazon doesn't want its staff using? All this and much much...
Smashing Security

268: LinkedIn deepfakes, doxxing Russian spies, and a false alarm

Strange goings-on on LinkedIn, Ukraine publishes a list of alleged Russian FSB agents, and police in Pittsburgh investigate an odd report of an active shooter. All this and much much more is...
Smashing Security

267: Virtual kidnapping, two helipads, and a naughty Apple employee

A Russian bank tells its customers to stop installing security updates, an Apple employee ends up in hot water, and learn our tips to avoid being virtually kidnapped. All this and much...
Smashing Security

266: Dick pics, secret spies, and Kaspersky

Germany tells consumers to stop using Kaspersky anti-virus products, OSINT reveals a secret government department (with help from an Apple AirTag), and the UK says it's taking a hard line on...
Security Affairs

Multiple malicious packages in PyPI repository found stealing AWS secrets

Researchers discovered multiple malicious Python packages in the official PyPI repository stealing AWS credentials and other info. Sonatype researchers discovered multiple Python packages in the official PyPI repository that have been developed to steal secrets (i.e. AWS credentials and environment...

The Post-Roe Privacy Nightmare Has Arrived

Plus: Microsoft details Russia’s Ukraine hacking campaign, Meta’s election integrity efforts dwindle, and more.

How to Move Your WhatsApp Chats Across Devices and Apps

It's never been easier to switch between iPhone and Android—and to get your messages out of the Meta ecosystem entirely.
The Register

We’re now truly in the era of ransomware as pure extortion without the encryption

Why screw around with cryptography and keys when just stealing the info is good enough Feature  US and European cops, prosecutors, and NGOs recently convened a two-day workshop in the Hague to discuss how to respond to the growing...
The Hacker News

Learn NIST Inside Out With 21 Hours of Training @ 86% OFF

In cybersecurity, many of the best jobs involve working on government projects. To get a security clearance, you need to prove that you meet NIST standards. Cybersecurity firms are particularly interested in people who understand the RMF, or Risk Management...