Transatlantic Cable Podcast

Welcome to the 230th episode of the Transatlantic Cable podcast. Due to travel commitments, Ahmed and Jeff are unable to attend this week’s episode. Filling in is the ever dependable Jag.

To start, we look at an interesting story look at the Australian government’s impending policy, which will force social media companies to ‘unmask’ online trolls. From there, we look at a story around facial recognition for goats in China (yes, really.)

After that, rather unique story, David sits down with David Emm to talk about the recent Kaspersky GReAT APT review. After that, we look at two stories from the BBC, the first around a crypto currency called JRR Token (no relation to JRR Tolkien, according to the creators) and the final story around a proposed government legislation in the U.K which will ban default passwords on smart devices. Smart thinking.

Direct download: KL_Podcast_230.mp3
Category:technology -- posted at: 6:20am EST

Welcome to the 229th episode of the Kaspersky Transatlantic Cable podcast. Ahmed, Dave and I start by looking into the world of NFTs.

In this tale, it seems that a pirate site will allow users to download any NFT that has been bought and sold. Please tell me again, how a NFT site can be fooled by CTL-Right Click? From there, we dive into the Metaverse, where Facebook is rolling out their clone of the Oasis.

Now, while they say that the haptic gloves will help make digital handshakes and eliminate business travel, we all know what they are really about… data. For our third story, we discuss how a glitch at Tesla locked some folks out of their autos.

After the Tesla snafu, we jump to an odd story in the US. While there is a lot of weird in the US going on at any given day, this story takes a look at a woman who tried to buy a hitman to kill her ex-husband. Fortunately for him, and unfortunately for her, she used a fake site that then shared her info with the authorities. Now, for a PSA, please check out the site, it is quite comical and anyone who would think that it is legitimate, you have to wonder a bit. We close out the pod looking at a warning from the FBI on potential ransomware attacks tied to the US-Thanksgiving holiday as well as some tips to stay safe online shopping.

Direct download: KL_Podcast_229.mp3
Category:technology -- posted at: 6:54am EST

Episode 228 of the Transatlantic Cable take a look at some more serious stories this week, including news of REvil arrests.

To begin with, Dave, Jeff and Ahmed jump on news that Twitter “vigilantes” are trying to be good cop, by hunting down crypto-scammers in the DeFi (decentralized finance) world, but not all is as it appears.  From there discussion moves onto how, briefly, a scammer was able to hit number one spot in Google for ‘OpenSea’ – which is a legitimate site for the trading of NFTs – be wary of clicking without checking as ever!

Finally, to wrap up the team look at two stories around ransomware, the first around the return of Emotet and the second looking at the recent arrest of an affiliate related to the REvil ransomware gang.

Direct download: KL_Podcast_228.mp3
Category:technology -- posted at: 6:16am EST

In this week’s jam-packed episode of the Transatlantic Cable podcast, Jeff, Ahmed, and I tackle some prickly topics. To begin, we look at how the FBI is making some serious noise about DarkSide, offering $10 million for the capture of gang members.

From there we have a look at Facebook shutting down its controversial facial recognition system.

After that, it’s two stories about crypto: the first a scam having to do with Squid Games cryptocurrency and the second looking at how the mayor-elect of New York, Eric Adams, has requested his first three paychecks be payable in Bitcoin.

Direct download: KL_Podcast_227_1.mp3
Category:technology -- posted at: 11:09am EST

To open episode 226, we hit the road running, discussing a $10 billion hit on social media channels, caused by Apple. In this story, we take a look at the business impact Apple’s app-tracking policy has had on major social networks including Facebook, Snapchat, and more. From there, we discuss Facebook’s change to Meta.

Our third story takes us back to school, with a trip to Harvard, where there is a bit of tomfoolery and black hat SEO going on with the university’s self-publishing system.

After that, we talk about German authorities’ exposing one of the REvil group’s major players. To close out the podcast, we have a weird story involving an Instagram hacker using hostage-style videos for scams.

Direct download: KL_Podcast_226.mp3
Category:technology -- posted at: 8:57am EST

Welcome back to the Community Podcasts, a mini-series on the Kaspersky Transatlantic Cable podcast. Joining me again as our co-host for this series is Anastasiya Kazakova, a Senior Public Affairs Manager who coordinates global cyber diplomacy projects at Kaspersky.

As a reminder, the Community Podcasts is a short series of podcasts featuring frank cyber diplomacy conversations with cyber-heroes who unite people despite everything – growing fragmentation, confrontation, and cyber threats – there are people who build communities and unite people to work together for the common good. Why are they doing this? And are their efforts working?

For our 4th episode, by Allison Pytlak, the Program Manager for Reaching Critical Will. Reaching Critical Will is the disarmament program of the Women’s International League for Peace and Freedom (WILPF), the oldest women’s peace organization in the world. Reaching Critical Will works for disarmament and arms control of many different weapon systems, the reduction of global military spending and militarism, and the investigation of gendered aspects of the impact of weapons. Allison contributes to the organization’s monitoring and analysis of disarmament processes and its research and other publications, as well as liaises with UN, government, and civil society colleagues.

Over the course of our conversation, we discuss the importance of gender in the international cybersecurity landscape, working with the UN, what the future holds for her and WILPF and more.

Direct download: KL_Mini_4___2021-09-15.mp3
Category:technology -- posted at: 8:43am EST

With Dave on vacation, our APAC head of social media joins Ahmed and me for this week’s edition of the Kaspersky <em>Transatlantic Cable</em> podcast. A warm welcome to Jag Sharma.

To kick off the conversation, we revisit the topic of REvil — again. This week, we look at the FBI’s infiltration of the ransomware gang and how the new approach differs from the usual. Although of course we discuss the news, we also debate the merits of the live-blogging the gang has been doing as well. From there, Jag gets his indoctrination by fire in one of Ahmed’s famous quizzes.

Moving along, we discuss the need to secure space’s infrastructure. If everyone’s heading that way anyway, best to make it safe. Our third story takes a look at the Squid Game phenomenon and the rise of Joker-infested unofficial apps on the Play Store.

The podcast closes with a story of how AI and a T-shirt led to a man getting a ticket for his automobile. No, you didn’t read that wrong – the AI really thought a woman’s T-shirt was a license plate. But hey, AI is the future, right?

If you liked what you heard, please consider subscribing and sharing with your friends. For more information on the stories we covered, see the links below:

Direct download: KL_Podcast_225.mp3
Category:technology -- posted at: 8:50am EST

To open the 224th episode of the Kaspersky Transatlantic Cable podcast, Ahmed, Dave, and Jeff discuss the targeting of researchers by some state-backed hackers.

We first mentioned this story a few months back, but this week we’re rekindling the debate on researchers being targeted after Twitter banned some phishing accounts. From there, we head into our first quiz — spoiler alert, Dave and I fall victim to Ahmed’s trickery.

We then welcome Maria Namestnikova, head of GReAT Russia, to discuss how parents can educate their kids on using social media securely.

From there, we move on to some REvil weirdness. The gang has seen the keys for its Tor sites stolen and some signs of instability. It’s since gone offline — again!

For our third story, we stay with ransomware, for which US financial institutions report having paid about $600 million in the first six months of 2020.

Then, it’s on to another quiz. We just can’t get enough.

The next item on the docket is a teaser to a podcast coming this weekend with Allison Pytlak of the Women’s International League for Peace and Freedom (WILPF) to discuss the need for more gender diversity in infosec. To close out our podcast, we discuss a Wales school system that is enabling facial recognition for kids buying lunch.

Direct download: KL_Podcast_224.mp3
Category:technology -- posted at: 6:08am EST

We kick off the Transatlantic Cable podcast this week with the recent Twitch data breach. Details are still scarce, but the topic is on the collective lips of the infosec community.

From there, Jeff, Ahmed, and Dave move on to Facebook’s decision to crack down on its marketplace sales of Amazonian rainforest plots. How that will work in practice remains to be seen. Moving on, we talk about Google’s recent decision to send out authenticator keys to more than 10,000 people it identified as hacking risks. Our final story involves the FBI, submarine plans, and cryptocurrency.

Direct download: KL_Podcast_223.mp3
Category:technology -- posted at: 7:34am EST

We kick off episode 222 of the Transatlantic Cable podcast with a discussion of the recent Facebook outage, including possible causes. Sticking with Facebook, we delve into the whistle-blower story and details being leaked about the social media behemoth.

From there, we move on to concerning news about a recent CoinBase hack involving some 6,000 accounts. Details are scarce, but if you use CoinBase for your crypto, it might be wise to check your account.

Following that, we look at a story about leveraging iCloud to spy on Britney Spears, and a troubling one about hackers hitting a hospital with ransomware and the death of a baby.

Direct download: KL_Podcast_222.mp3
Category:technology -- posted at: 8:00am EST

Welcome back to the Community Podcasts, a mini-series on the Kaspersky Transatlantic Cable podcast. As always, my co-host for this series is Anastasiya Kazakova, a Senior Public Affairs Manager who coordinates global cyber diplomacy projects at Kaspersky.

As a reminder, the Community Podcasts is a short series of podcasts featuring frank cyber diplomacy conversations with cyber-heroes who unite people despite everything – growing fragmentation, confrontation, and cyber threats – there are people who build communities and unite people to work together for the common good. Why are they doing this? And are their efforts working?

Our third episode includes a chat with Kate Stewart - co-chair of one of the working groups within of National Telecommunications and Information Administration’s cyber-security multi-stakeholder process for Software Component Transparency.

NTIA has years of experience in conducting open, multi-stakeholder processes to help make progress on issues such as finding common ground on cyber-security vulnerability disclosure, developing clear policy guidance on the secure update of IoT devices, and providing more transparency about data collected by mobile apps. But today we will focus on this multi-stakeholder process for Software Bill of Materials (SBOM) or software component transparency.

During our extended conversation, we discuss a wide array of topics from the need for collaboration between the public/private sector, what working with governments has been like, what the future holds for FIRST and incident respondent in general, how to make sure that they remain neutral in cyber ‘firefighting’, and more.

Direct download: KL_Podcast_Mini_2021-08-13_mini_2.mp3
Category:technology -- posted at: 9:08am EST

This week on podcast, Jeff, Ahmed and I start off by looking at how Facebook have apparently shelved the idea of an Instagram for children, after mounting pressure from privacy advocates.

From there we look at a bizarre story about involving a hamster and crypto-currency, quickly followed by news from China that crypto is effectively banned in the country.

Moving from there we take a look at two stories from the Washington Post, the first talking, quite concerning story about office workers being put under increased surveillance on their work laptops due to the pandemic, and the second takes a look at why the FBI held back a decryptor key to the recent REvil ransomware attacks.

Also included in this week’s episode is two interviews with GReAT, the first looking at the Story of a Modern Day Rootkit with the research team Mark Lechtik, Aseel Kayal, Paul Rascagneres, Vasily Berdnikov and the second about a possible connection between DarkHalo APT and Kazuar.

Direct download: KL_Podcast_221.mp3
Category:technology -- posted at: 7:44am EST

This week on the Kaspersky Transatlantic Cable podcast, Ahmed, Dave, and I kick things off with some ransomware. No, it is not another company getting hit, but rather some good news.

In this post from Graham Cluely, victims of REvil ransomware attacks may find some relief — in the form of a universal decryptor for the ransomware. Some victims can breathe a sigh of relief. From there, we jump to a tale involving unlocking AT&T cellular phones. It might seem like a weird news item, but this isn’t a story about unlocking a phone for use on any network; it’s about defrauding a company of more than $200 million.

After a brief quiz that leaves Dave and me stumped, we jump into a conversation about Amazon and the controversial AI in its delivery vehicles.

To close things out, we revisit our discussion of El Salvador’s move to roll out Bitcoin as an official currency. Sadly, a lot of our trollish predictions did come true.

Direct download: KL_Podcast_220.mp3
Category:technology -- posted at: 5:59am EST

To kick off the 219th edition of the Kaspersky Transatlantic Cable podcast, Ahmed, Dave and I head to Australia.

You see, the app that our friends down under have in place for their Covid Passports is able to be spoofed and the researcher who found it has been ghosted by government officials he reached out to. From there, we jump into the world of gangs and how they are using Instagram for a variety of illicit activities – spoiler many involve guns that would make a Warzone player envious.

After a brief quiz intermission, we get back to the stories and one that involves an interesting mix of crypto and a press release. In this segment, we look at how a press release noting that Walmart would accept Litecoin as a payment method. This news set the price soaring, unfortunately this surge was caused by fake news. Seems that the press release company will need to enlist Mystery Inc as to how it got onto their wires. Our fourth story heads back to Texas for the second week in a row. In this story, it seems that the Texas Right to Life website has inadvertently leaked the resumes of job applicants.

Sticking with the theme of leaking info, we jump into the world of fast food in the UK. You see, McDonald’s seems to have accidentally exposed the password to their VIP winners of the Monopoly contest. Surprisingly, no interns were hurt in their statement on what went wrong. We then close out the podcast debating the toys in Happy Meals

Direct download: KL_Podcast_219.mp3
Category:technology -- posted at: 8:25am EST

With David on holiday, Ahmed and I are holding down the fort for this week’s Kaspersky <em>Transatlantic Cable</em> podcast.

 

We open the show with a pair of stories about Apple. In the first, the company is holding off on the rollout of its controversial CSAM — for now. Then, we look at the aftermarket for iPhone chargers, which includes the OMG Cable, a charger with a built in hotspot that steals credentials, and Ahmed continues his habit of making me look dumb with his obscure trivia.

 

Getting back to our slate of stories, we discuss a new vulnerability in Confluence that further bolsters our “updates are important” stance. (Despite the patch being available, criminals are exploiting this PoC for those who have yet to update their servers.)

 

From there we head to the infosec drama story of the week, with the ransomware-as-a-service gang. In this story, a former member of the group has leaked the source code for Babuk Locker on a criminal forum. The note attached to the leak is one for the ages, including terminal cancer and the phrase “I will have time to live like a human.”

 

From there, it’s over to Latin America, where El Salvador has become the first country to embrace Bitcoin, including issuing $30 in the cryptocurrency to users who install the government-backed wallet.

 

To close out the podcast, we discuss NFTs and a fraudulent Banksy NFT that sold for more than $330,000. In a happy turn of events, the buyer was refunded most of the money.

Direct download: KL_Podcast_218.mp3
Category:technology -- posted at: 10:28am EST

If you scroll through the headlines in cybersecurity, you will often see topics that grab the readers’ attention. Correct me if I am wrong, but you’ve probably read a lot about State-sponsored APT attacks, ransomware, bug bounty programs, disclosure of 0Days, zero day usage, what color hat a hacker is. While I could go on with topics, I think that we are on the same page.

One of the things that we often don’t discuss when it comes to this topic is what is and what is NOT ethical. Subscribers to the Kaspersky Transatlantic Cable podcast may remember that this was a topic that David and I tapped into with Ivan Kwiatkowski discussed on a podcast a few weeks ago. Over the past few months, Ivan and I have been discussing this quite regularly and decided to hop into the topic in some more depth.

After crossing all the T’s and dotting the I’s with our internal stakeholders, we were able to pull together a crew to discuss and debate some of the topics that play into this space. Our guests included my usual co-host David Buxton, Aseel Kayal and Runa Sandvik – make sure to follow these folks on the Twitter.
During our near 2-hour conversation, we discuss a wide ranging of topics, including:


• Competetive collaboration between infosec vendors
• Disclosure
• Role of government and private companies for user security
• Attribution
• Does threat intelligence help adversaries?
• Governments hoarding 0days

There is much more in there and will definitely help pique the interest of anyone working within the space.

Direct download: KL_Podcast_Mini_series_3.mp3
Category:technology -- posted at: 8:48am EST

This week on the Kaspersky Transatlantic Cable podcast, Ahmed, Dave, and I start out in the Far East with a look at South Korea’s investigation of the fees Google and Apple charge vendors for in-app purchases.

The article spurs some debate; we three have pretty distinct opinions about the platform-versus-developer situation.

From there, we head to California, where a man has been arrested for hacking into iCloud accounts for profit.

Our third story takes us to the United Kingdom, where David’s people are looking to remove themselves from the GDPR. Is that a good thing?

A pair of stories with a similar theme — adult entertainment — closes out the podcast. The first story examines TikTok users battling a Texas “whistleblowing” website where people can anonymously report abortion patients and anyone who helps them. Users who object to the site have been flooding the submission system with videos, including some, ahem, questionable Shrek content. The second considers OnlyFans’ course corrections on allowable content.

Direct download: KL_Podcast_217.mp3
Category:technology -- posted at: 5:30am EST

This week on the Kaspersky Transatlantic Cable podcast, Ahmed, Dave, and I discuss a number of topics that really run the gamut — from spy ships to the robot apocalypse, Bitcoin, and more.

Kicking things off is a story from Tom Spring on Threatpost about how Microsoft Power App configurations have led to the leak of more than 38 million sensitive records. We also debate why private is not the default option and actually invites user error.

From there, we jump into some cell-phone-battery myth-busting. (For the record, we all get angry at one time or another.)

Then, a Russian spy ship is hovering around the transatlantic cables. Comrades, we are flattered, but you can download the podcast on your favorite platforms, no need to launch a ship — it is 2021, after all.

Following that tongue-in-cheek story, we head to the UK for a look at PayPal and its new embrace of cryptocurrencies.

To close things out, we discuss the new robots Elon Musk and Tesla are pondering.

Direct download: KL_Podcast_216.mp3
Category:technology -- posted at: 8:42am EST

This week on the Kaspersky Transatlantic Cable podcast, Ahmed, Dave, and I discuss John Oliver’s recent monologue on ransomware and why it’s a good PSA to share with friends and family.

We then take a look at the world of malicious social media influencers — in this case from the United Kingdom, where an investigative reporter identified an “influencer” who was selling phishing texts through his social networking accounts.

From there, we jump into the world of crypto and a hacker stealing a boat-ton of coins … and then giving most of them back. The individual says it was to help with security. We debate the level of BS in that statement.

Next, it’s back to the United Kingdom, where a commission has said people should not have to give up all of their personal data just to buy a beer at a pub. Ahmed and I had some trouble grasping that issue, so Dave filled us in on this UK peculiarity.

In our next story, T-Mobile investigates an alleged data breach affecting more than 100 million users.

Finally, we discuss a city in Louisiana that is using garbage trucks and Raspberry Pi units to help determine which areas are current dark spots for high-speed Internet connectivity.

Direct download: KL_Podcast_215.mp3
Category:technology -- posted at: 7:40am EST

Welcome back to the Community Podcasts, a mini-series on the Kaspersky Transatlantic Cable podcast. Joining me again as our co-host for this series is Anastasiya Kazakova, a Senior Public Affairs Manager who coordinates global cyber diplomacy projects at Kaspersky.

As a reminder, the Community Podcasts is a short series of podcasts featuring frank cyber diplomacy conversations with cyber-heroes who unite people despite everything – growing fragmentation, confrontation, and cyber threats – there are people who build communities and unite people to work together for the common good. Why are they doing this? And are their efforts working?

For our second episode, we are joined by Serge Droz, Member of the FIRST Board and a senior security engineer at Pronton Technologies. FIRST is a global Forum of Incident Response and Security Teams, the premier organization and recognized global leader in incident response.

During our extended conversation, we discuss a wide array of topics from the need for collaboration between the public/private sector, what working with governments has been like, what the future holds for FIRST and incident respondent in general, how to make sure that they remain neutral in cyber ‘firefighting’, and more.

Direct download: KL_Podcast_2021-07-28_Mini.mp3
Category:technology -- posted at: 10:47am EST