Transatlantic Cable Podcast

This week on podcast, Jeff, Ahmed and I start off by looking at how Facebook have apparently shelved the idea of an Instagram for children, after mounting pressure from privacy advocates.

From there we look at a bizarre story about involving a hamster and crypto-currency, quickly followed by news from China that crypto is effectively banned in the country.

Moving from there we take a look at two stories from the Washington Post, the first talking, quite concerning story about office workers being put under increased surveillance on their work laptops due to the pandemic, and the second takes a look at why the FBI held back a decryptor key to the recent REvil ransomware attacks.

Also included in this week’s episode is two interviews with GReAT, the first looking at the Story of a Modern Day Rootkit with the research team Mark Lechtik, Aseel Kayal, Paul Rascagneres, Vasily Berdnikov and the second about a possible connection between DarkHalo APT and Kazuar.

Direct download: KL_Podcast_221.mp3
Category:technology -- posted at: 7:44am EDT

This week on the Kaspersky Transatlantic Cable podcast, Ahmed, Dave, and I kick things off with some ransomware. No, it is not another company getting hit, but rather some good news.

In this post from Graham Cluely, victims of REvil ransomware attacks may find some relief — in the form of a universal decryptor for the ransomware. Some victims can breathe a sigh of relief. From there, we jump to a tale involving unlocking AT&T cellular phones. It might seem like a weird news item, but this isn’t a story about unlocking a phone for use on any network; it’s about defrauding a company of more than $200 million.

After a brief quiz that leaves Dave and me stumped, we jump into a conversation about Amazon and the controversial AI in its delivery vehicles.

To close things out, we revisit our discussion of El Salvador’s move to roll out Bitcoin as an official currency. Sadly, a lot of our trollish predictions did come true.

Direct download: KL_Podcast_220.mp3
Category:technology -- posted at: 5:59am EDT

To kick off the 219th edition of the Kaspersky Transatlantic Cable podcast, Ahmed, Dave and I head to Australia.

You see, the app that our friends down under have in place for their Covid Passports is able to be spoofed and the researcher who found it has been ghosted by government officials he reached out to. From there, we jump into the world of gangs and how they are using Instagram for a variety of illicit activities – spoiler many involve guns that would make a Warzone player envious.

After a brief quiz intermission, we get back to the stories and one that involves an interesting mix of crypto and a press release. In this segment, we look at how a press release noting that Walmart would accept Litecoin as a payment method. This news set the price soaring, unfortunately this surge was caused by fake news. Seems that the press release company will need to enlist Mystery Inc as to how it got onto their wires. Our fourth story heads back to Texas for the second week in a row. In this story, it seems that the Texas Right to Life website has inadvertently leaked the resumes of job applicants.

Sticking with the theme of leaking info, we jump into the world of fast food in the UK. You see, McDonald’s seems to have accidentally exposed the password to their VIP winners of the Monopoly contest. Surprisingly, no interns were hurt in their statement on what went wrong. We then close out the podcast debating the toys in Happy Meals

Direct download: KL_Podcast_219.mp3
Category:technology -- posted at: 8:25am EDT

With David on holiday, Ahmed and I are holding down the fort for this week’s Kaspersky <em>Transatlantic Cable</em> podcast.

 

We open the show with a pair of stories about Apple. In the first, the company is holding off on the rollout of its controversial CSAM — for now. Then, we look at the aftermarket for iPhone chargers, which includes the OMG Cable, a charger with a built in hotspot that steals credentials, and Ahmed continues his habit of making me look dumb with his obscure trivia.

 

Getting back to our slate of stories, we discuss a new vulnerability in Confluence that further bolsters our “updates are important” stance. (Despite the patch being available, criminals are exploiting this PoC for those who have yet to update their servers.)

 

From there we head to the infosec drama story of the week, with the ransomware-as-a-service gang. In this story, a former member of the group has leaked the source code for Babuk Locker on a criminal forum. The note attached to the leak is one for the ages, including terminal cancer and the phrase “I will have time to live like a human.”

 

From there, it’s over to Latin America, where El Salvador has become the first country to embrace Bitcoin, including issuing $30 in the cryptocurrency to users who install the government-backed wallet.

 

To close out the podcast, we discuss NFTs and a fraudulent Banksy NFT that sold for more than $330,000. In a happy turn of events, the buyer was refunded most of the money.

Direct download: KL_Podcast_218.mp3
Category:technology -- posted at: 10:28am EDT

If you scroll through the headlines in cybersecurity, you will often see topics that grab the readers’ attention. Correct me if I am wrong, but you’ve probably read a lot about State-sponsored APT attacks, ransomware, bug bounty programs, disclosure of 0Days, zero day usage, what color hat a hacker is. While I could go on with topics, I think that we are on the same page.

One of the things that we often don’t discuss when it comes to this topic is what is and what is NOT ethical. Subscribers to the Kaspersky Transatlantic Cable podcast may remember that this was a topic that David and I tapped into with Ivan Kwiatkowski discussed on a podcast a few weeks ago. Over the past few months, Ivan and I have been discussing this quite regularly and decided to hop into the topic in some more depth.

After crossing all the T’s and dotting the I’s with our internal stakeholders, we were able to pull together a crew to discuss and debate some of the topics that play into this space. Our guests included my usual co-host David Buxton, Aseel Kayal and Runa Sandvik – make sure to follow these folks on the Twitter.
During our near 2-hour conversation, we discuss a wide ranging of topics, including:


• Competetive collaboration between infosec vendors
• Disclosure
• Role of government and private companies for user security
• Attribution
• Does threat intelligence help adversaries?
• Governments hoarding 0days

There is much more in there and will definitely help pique the interest of anyone working within the space.

Direct download: KL_Podcast_Mini_series_3.mp3
Category:technology -- posted at: 8:48am EDT

This week on the Kaspersky Transatlantic Cable podcast, Ahmed, Dave, and I start out in the Far East with a look at South Korea’s investigation of the fees Google and Apple charge vendors for in-app purchases.

The article spurs some debate; we three have pretty distinct opinions about the platform-versus-developer situation.

From there, we head to California, where a man has been arrested for hacking into iCloud accounts for profit.

Our third story takes us to the United Kingdom, where David’s people are looking to remove themselves from the GDPR. Is that a good thing?

A pair of stories with a similar theme — adult entertainment — closes out the podcast. The first story examines TikTok users battling a Texas “whistleblowing” website where people can anonymously report abortion patients and anyone who helps them. Users who object to the site have been flooding the submission system with videos, including some, ahem, questionable Shrek content. The second considers OnlyFans’ course corrections on allowable content.

Direct download: KL_Podcast_217.mp3
Category:technology -- posted at: 5:30am EDT

1