Transatlantic Cable Podcast

To kick off the 219th edition of the Kaspersky Transatlantic Cable podcast, Ahmed, Dave and I head to Australia.

You see, the app that our friends down under have in place for their Covid Passports is able to be spoofed and the researcher who found it has been ghosted by government officials he reached out to. From there, we jump into the world of gangs and how they are using Instagram for a variety of illicit activities – spoiler many involve guns that would make a Warzone player envious.

After a brief quiz intermission, we get back to the stories and one that involves an interesting mix of crypto and a press release. In this segment, we look at how a press release noting that Walmart would accept Litecoin as a payment method. This news set the price soaring, unfortunately this surge was caused by fake news. Seems that the press release company will need to enlist Mystery Inc as to how it got onto their wires. Our fourth story heads back to Texas for the second week in a row. In this story, it seems that the Texas Right to Life website has inadvertently leaked the resumes of job applicants.

Sticking with the theme of leaking info, we jump into the world of fast food in the UK. You see, McDonald’s seems to have accidentally exposed the password to their VIP winners of the Monopoly contest. Surprisingly, no interns were hurt in their statement on what went wrong. We then close out the podcast debating the toys in Happy Meals

Direct download: KL_Podcast_219.mp3
Category:technology -- posted at: 8:25am EDT

With David on holiday, Ahmed and I are holding down the fort for this week’s Kaspersky <em>Transatlantic Cable</em> podcast.

 

We open the show with a pair of stories about Apple. In the first, the company is holding off on the rollout of its controversial CSAM — for now. Then, we look at the aftermarket for iPhone chargers, which includes the OMG Cable, a charger with a built in hotspot that steals credentials, and Ahmed continues his habit of making me look dumb with his obscure trivia.

 

Getting back to our slate of stories, we discuss a new vulnerability in Confluence that further bolsters our “updates are important” stance. (Despite the patch being available, criminals are exploiting this PoC for those who have yet to update their servers.)

 

From there we head to the infosec drama story of the week, with the ransomware-as-a-service gang. In this story, a former member of the group has leaked the source code for Babuk Locker on a criminal forum. The note attached to the leak is one for the ages, including terminal cancer and the phrase “I will have time to live like a human.”

 

From there, it’s over to Latin America, where El Salvador has become the first country to embrace Bitcoin, including issuing $30 in the cryptocurrency to users who install the government-backed wallet.

 

To close out the podcast, we discuss NFTs and a fraudulent Banksy NFT that sold for more than $330,000. In a happy turn of events, the buyer was refunded most of the money.

Direct download: KL_Podcast_218.mp3
Category:technology -- posted at: 10:28am EDT

If you scroll through the headlines in cybersecurity, you will often see topics that grab the readers’ attention. Correct me if I am wrong, but you’ve probably read a lot about State-sponsored APT attacks, ransomware, bug bounty programs, disclosure of 0Days, zero day usage, what color hat a hacker is. While I could go on with topics, I think that we are on the same page.

One of the things that we often don’t discuss when it comes to this topic is what is and what is NOT ethical. Subscribers to the Kaspersky Transatlantic Cable podcast may remember that this was a topic that David and I tapped into with Ivan Kwiatkowski discussed on a podcast a few weeks ago. Over the past few months, Ivan and I have been discussing this quite regularly and decided to hop into the topic in some more depth.

After crossing all the T’s and dotting the I’s with our internal stakeholders, we were able to pull together a crew to discuss and debate some of the topics that play into this space. Our guests included my usual co-host David Buxton, Aseel Kayal and Runa Sandvik – make sure to follow these folks on the Twitter.
During our near 2-hour conversation, we discuss a wide ranging of topics, including:


• Competetive collaboration between infosec vendors
• Disclosure
• Role of government and private companies for user security
• Attribution
• Does threat intelligence help adversaries?
• Governments hoarding 0days

There is much more in there and will definitely help pique the interest of anyone working within the space.

Direct download: KL_Podcast_Mini_series_3.mp3
Category:technology -- posted at: 8:48am EDT

This week on the Kaspersky Transatlantic Cable podcast, Ahmed, Dave, and I start out in the Far East with a look at South Korea’s investigation of the fees Google and Apple charge vendors for in-app purchases.

The article spurs some debate; we three have pretty distinct opinions about the platform-versus-developer situation.

From there, we head to California, where a man has been arrested for hacking into iCloud accounts for profit.

Our third story takes us to the United Kingdom, where David’s people are looking to remove themselves from the GDPR. Is that a good thing?

A pair of stories with a similar theme — adult entertainment — closes out the podcast. The first story examines TikTok users battling a Texas “whistleblowing” website where people can anonymously report abortion patients and anyone who helps them. Users who object to the site have been flooding the submission system with videos, including some, ahem, questionable Shrek content. The second considers OnlyFans’ course corrections on allowable content.

Direct download: KL_Podcast_217.mp3
Category:technology -- posted at: 5:30am EDT

This week on the Kaspersky Transatlantic Cable podcast, Ahmed, Dave, and I discuss a number of topics that really run the gamut — from spy ships to the robot apocalypse, Bitcoin, and more.

Kicking things off is a story from Tom Spring on Threatpost about how Microsoft Power App configurations have led to the leak of more than 38 million sensitive records. We also debate why private is not the default option and actually invites user error.

From there, we jump into some cell-phone-battery myth-busting. (For the record, we all get angry at one time or another.)

Then, a Russian spy ship is hovering around the transatlantic cables. Comrades, we are flattered, but you can download the podcast on your favorite platforms, no need to launch a ship — it is 2021, after all.

Following that tongue-in-cheek story, we head to the UK for a look at PayPal and its new embrace of cryptocurrencies.

To close things out, we discuss the new robots Elon Musk and Tesla are pondering.

Direct download: KL_Podcast_216.mp3
Category:technology -- posted at: 8:42am EDT

This week on the Kaspersky Transatlantic Cable podcast, Ahmed, Dave, and I discuss John Oliver’s recent monologue on ransomware and why it’s a good PSA to share with friends and family.

We then take a look at the world of malicious social media influencers — in this case from the United Kingdom, where an investigative reporter identified an “influencer” who was selling phishing texts through his social networking accounts.

From there, we jump into the world of crypto and a hacker stealing a boat-ton of coins … and then giving most of them back. The individual says it was to help with security. We debate the level of BS in that statement.

Next, it’s back to the United Kingdom, where a commission has said people should not have to give up all of their personal data just to buy a beer at a pub. Ahmed and I had some trouble grasping that issue, so Dave filled us in on this UK peculiarity.

In our next story, T-Mobile investigates an alleged data breach affecting more than 100 million users.

Finally, we discuss a city in Louisiana that is using garbage trucks and Raspberry Pi units to help determine which areas are current dark spots for high-speed Internet connectivity.

Direct download: KL_Podcast_215.mp3
Category:technology -- posted at: 7:40am EDT

Welcome back to the Community Podcasts, a mini-series on the Kaspersky Transatlantic Cable podcast. Joining me again as our co-host for this series is Anastasiya Kazakova, a Senior Public Affairs Manager who coordinates global cyber diplomacy projects at Kaspersky.

As a reminder, the Community Podcasts is a short series of podcasts featuring frank cyber diplomacy conversations with cyber-heroes who unite people despite everything – growing fragmentation, confrontation, and cyber threats – there are people who build communities and unite people to work together for the common good. Why are they doing this? And are their efforts working?

For our second episode, we are joined by Serge Droz, Member of the FIRST Board and a senior security engineer at Pronton Technologies. FIRST is a global Forum of Incident Response and Security Teams, the premier organization and recognized global leader in incident response.

During our extended conversation, we discuss a wide array of topics from the need for collaboration between the public/private sector, what working with governments has been like, what the future holds for FIRST and incident respondent in general, how to make sure that they remain neutral in cyber ‘firefighting’, and more.

Direct download: KL_Podcast_2021-07-28_Mini.mp3
Category:technology -- posted at: 10:47am EDT

This week on the Kaspersky Transatlantic Cable podcast, Ahmed, Dave, and I confirm once more how bad I am at trivia and then also cover a handful of some serious security related stuff.

To kick off the podcast, we discuss Apple’s new photo scanning practice meant to battle child pornography with AI. We stay in the realm of photography to look at Instagram shutting down a like farm.

For our third story, we discuss the dark market for COVID-19 vaccination cards. We have some strong feelings on the topic, so this story gets a bit heated.

Moving along, our fourth story takes a dive into the criminal world for some good ol’ crook-on-crook crime. In this story, a shortchanged affiliate of the Conti ransomware-for-hire syndicate retaliates by leaking the group’s playbook. We then take a break to offer a teaser to the second episode of our Community Conversations podcasts with Serge Droz of FIRST. The full episode will run over the weekend. We close out the podcast throwing some mud at the Internet of Things.

Direct download: KL_Podcast_214.mp3
Category:technology -- posted at: 8:22am EDT

In this week’s episode of the Transatlantic Cable podcast Jeff, Ahmed, and I look at some of the more interesting stories to come out of the cybersecurity space this week.

We start on a sombre note, with a story of a woman who found a video of herself on Pornhub. After getting the content taken down, she began working with a team to create an app that uses AI to help women find content that includes their faces. Following that, we discuss some recent news about Instagram, which is defaulting all teen accounts to private, and an upcoming Android update that privacy advocates should appreciate.

From there, we have two additional stories: the first about an Instagram influencer convicted of money laundering and BEC (business e-mail compromise) scams, and finally, what an art teacher did with a dead cat (yes, really).

Direct download: KL_Podcast_213.mp3
Category:technology -- posted at: 8:04am EDT

On this week’s edition of the Kaspersky Transatlantic Cable podcast, Ahmed, Dave, and I discuss a variety of topics. We kick off the program with a story from the EU and a new look at making Bitcoin and other cryptocurrencies more trackable.

The proposed changes in the EU could take up to two years to enact, and we have a lot of questions.

From there, we jump to a story about a ransomware hit on ransomware group Babuk. After that, it’s Dave’s interview about the dangers of image-based sexual abuse and how we can stop it.

Then, it’s off to a round of our recurring quiz, where I continue to suck. Then, following a break for our second interview —a look at a new children’s book featuring Midori Kuma — it’s the latest in REvil-v-Kaseya saga. In this latest wrinkle, Kaseya obtained a universal decryptor.

Finally, it’s back to the UK, where a leak of gun forum users has gun owners on edge, and a brief discussion of Amazon shutting down NSO activity on its servers.

Direct download: KL_212.mp3
Category:technology -- posted at: 10:09am EDT

Earlier in the week, we teased a miniseries called the Community Podcasts, which you’ll find right alongside the Transatlantic Cable podcast. I will remain your faithful host, and Anastasiya Kazakova of our Government Affairs office will join me.

This series of podcasts features frank conversations with cyberheroes who unite people despite everything — growing fragmentation, confrontation, and ever-changing cyberthreats — people are still building communities and uniting folks to work together for the common good. Why are they doing that? And is it working?

For our first episode, we focus on the Geneva Dialogue, launched in 2018 by the Swiss Federal Department of Foreign Affairs (FDFA) in cooperation with the Geneva Internet Platform (GIP), the UN Institute for Disarmament Research (UNIDIR), ETH Zurich, and the University of Lausanne. The flourishing initiative is uniting even more stakeholders across the globe; however, its initial goals seemed much broader than today’s, and the list of organizers has changed.

Today’s guests:

• Jonas Grätz, political affairs officer for cyberdiplomacy at the Federal Department of Foreign Affairs, International Security Division;
• Vladimir Radunovic, director of cybersecurity and e-diplomacy programs at DiploFoundation.

Direct download: kl_podcast_212.mp3
Category:technology -- posted at: 4:15am EDT

With Ahmed on vacation, the Kaspersky Transatlantic Cable podcast returns this week to its original lineup.

Dave and I kick off this week’s episode with a look at the latest from REvil and its victims. (Spoiler alert: Despite the quiet, things are not great.) From there, we head to Southeast Asia, where LuminousMoth has been targeting government organizations. Instead of giving you our hot takes and thoughts on the APT action, we discuss the research and actor with senior Kaspersky security researcher Mark Lechtik.

Following that, we discuss Amazon’s potential Alexa tracking device for kids.

That calls for a change of topic, to a sneak peek of our new miniseries, Community Conversations. We will be interviewing members of organizations in the infosec community that are collaborating across borders to make a positive impact in the space. We will launch the series over the coming weekend.

Following the preview, we discuss Twitter’s curious account verification practices: specifically, the case of a verified cat. Next, facial recognition in retail stores may be more prevalent than you think.

To close out the episode, Dave and I discuss the pros and cons of buying a Cold War bunker — just ~$700K.

Direct download: KL_Podcast_211.mp3
Category:technology -- posted at: 5:53am EDT

In this week’s episode of the Kaspersky Transatlantic Cable podcast, Ahmed, Jeff and I are back around the virtual round table to talk all things cyber.

We kick this week’s episode off with the news that Interpol are urging countries to unite against the ransomware pandemic. From there, we look at how a hacker going by the alias ‘integra’ is offering 26.99 bitcoins (nearly $1 million USD at the time of writing) for zero-days and undetectable RATs (remote access Trojans).

From there, we look at a recently patched SolarWinds vulnerability and news that Tencent (a Chinese gaming behemoth) is looking to use facial recognition software to stop children playing past a certain time. To close, we discuss the recent news around the Right to Repair movement in America and Europe.

Direct download: KL_Podcast_210.mp3
Category:technology -- posted at: 7:19am EDT

This week on the podcast, Jeff’s on vacation, so Ahmed and I tackle some thorny cybersec issues on our own.

We start with news that EA’s billion dollar franchise, Apex Legends, faced hacking concerns from gamers about the state of TitanFall, Respawn’s first foray into the FPS genre. From there, we move on to news that Google has taken the ban-hammer to some developers who placed Trojans inside their apps to scrape Facebook credentials.

Other stories this week include discussion about APT28, aka Fancy Bear, targeting governments around the world, plus an exclusive chat with Kaspersky security researcher David Emm about the recent REvil attacks.

Direct download: KL_Podcast_209.mp3
Category:technology -- posted at: 5:31am EDT

 

For the 208th episode of the Kaspersky Transatlantic Cable podcast, Dave’s gone missing, and Ahmed and I debate whether it is leisure or if something more nefarious is going on. We don’t quite get to the bottom of it, but we do cover a wide array of topics, from a political sex tape leaked on OnlyFans to PS3 leaks and ransomware in US schools.

 

We start with the electoral scene in New York state, where a user on Onlyfans and Twitter leaked a BDSM video of politician Zack Weiner and a partner. Both platforms took down the video and banned the user, but the reply from Weiner is what caught our attention as a standup response to a truly personal doxing.

 

From there, we have to mention Ahmed’s complete quiz game dominance. Sadly, I am not able to overtake David’s massive lead, and we move on to a story of PS3 hacking for online gaming.

 

In the next segment, I sit down with Kurt Baumgartner to discuss the latest on school ransomware in the United States, the government reclaiming funds from ransomware crooks, and more. We continue with news of a potentially new scraping of data from 700 million LinkedIn users before closing out with a new government joining Have I Been Pwned.  

 

 

If you liked what you heard, please consider subscribing and sharing with your friends.

Direct download: KL_Podcast_208.mp3
Category:technology -- posted at: 10:45am EDT

Welcome to the 207th edition of the Kaspersky Transatlantic Cable podcast! This week, Dave, Ahmed, and I chat about a number of topics — and we also have some changes to our big board of quiz points.

We kick things off with a pair of stories about AI and surveillance. The first is from the UK, where AI can now tell authorities if people were adhering to social distancing guidelines. The next is about a Chinese company using smile recognition for employees entering the office. Smile for the camera.

After a short break for a tip from Ahmed, we’re on to the first round of the week’s quiz game. I won’t spoil it here, but let’s just say there is a bit of a shocker. Following the fun, we get back to business, discussing recent APT activity from the Persian-speaking Ferocious Kitten group with researchers Mark Lechtik and Aseel Kayal.

After the interview, we look at the insecurity of America’s water facilities before wrapping up with a discussion of consent and the COVID-19 app in Massachusetts.

Direct download: KL_Podcast_207.mp3
Category:technology -- posted at: 6:29am EDT

This week, Jeff, Ahmed, and I kick off episode 206 of the Transatlantic Cable podcast with a discussion about Ireland’s change in stop and search law, including a new law allowing police to force people to unlock digital devices such as phones and tablets.

From there, we move on to further discussion of ransomware and the recent G7 talks, with US President Biden seeking tougher stances on ransomware gangs. We also touch on the JBS meat processing company’s recent decision to pay ransom to REvil.

To wrap up, we talk about the recent EA hack and Facebook’s singing about WhatsApp privacy cred in a new advertisement.

Direct download: KL_Podcast_206_320.mp3
Category:technology -- posted at: 5:36am EDT

This week on the Transatlantic Cable podcast, Jeff, Ahmed, and I look at how the DarkSide gang was able to use an old VPN account to breach the Colonial pipeline network. Moving on, we also chat about two related stories, including one in which lawmakers try to force companies to disclose attacks and one about the FBI reclaiming some of the $4.4 million ransom DarkSide has collected.

We also discuss a story about Apple AirTags, which the company is planning to update based on fears that stalkers could use them to track victims. Finally, we have an interesting discussion about daters adding COVID vaccine stickers to their dating app profiles.

Direct download: KL_Podcast-205_128.mp3
Category:technology -- posted at: 6:58am EDT

We open the show with a hidden gem of a crime. British authorities thought they were pursuing a cannabis operation only to find a mining operation. The next story is a look at the FBI integration with Have I Been Pwned and some new site features worth looking into.

After that, I sit down with Rainer Bock of our team at Tomorrow Unlocked to learn about their latest — some cool videos are on the way, including an interactive one on Carbanak. Unfortunately, we also have to discuss the latest from SolarWinds and why the problem may not be going away as soon as we’d all like.

Direct download: KL_Podcast-204-128.mp3
Category:technology -- posted at: 10:59am EDT

Dave and I cover a lot of ground this week on the Transatlantic Cable podcast, from how obscure movies are holding up to surviving COVID-19, plus SolarWinds and more.

We kick off the show with the latest on SolarWinds — not media speculation but straight from the horse’s mouth. In this article, our old colleague Dennis Fisher recaps a talk given by Sudhakhar Ramakrishna, SolarWinds CEO, on the attack and what they have learned. Then, heading across the pond, we reflect on three years of GDPR and the biggest fines levied to date.

For our third story, we take a look at Conti ransomware’s recent attacks on first responder and healthcare institutions. After that, Robby Cataldo, the managing director of Kaspersky North America, joins us to discuss RSA 2021, Cataldo’s bout with COVID-19, and how businesses have had to adapt to the pandemic. To close things out, we look at the fallout from a breach at Air India.

Direct download: KL_Podcast_203_20210526.mp3
Category:technology -- posted at: 5:50am EDT