Think your Kindle is harmless? Think again! In this episode, we unpack a Black Hat Europe talk revealing how a boobytrapped audiobook could exploit the Amazon eBook reader – potentially letting an attacker break into your account and seize control of your credit card.
Plus a blast from 2021’s “summer of ransomware” returns to haunt Ireland’s Health Service Executive, as victims are offered €750 each.
And because it’s the last show before the Christmas break, there’s also a Pick of the Week that veers from cosy rom-com comfort to pointy-polygon nostalgia.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast with computer security veteran Graham Cluley, joined this week by special guest Danny Palmer.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
He says you can even buy books from the store with my credit card in a single click. Oh, I've mentioned credit cards.
Oops.
Smashing Security, episode 448, The Kindle That Got Pwned, with Graham Cluley and special guest Danny Palmer. Hello, hello, and welcome to Smashing Security episode 448.
My name's Graham Cluley.
My name's Graham Cluley.
And I'm Danny Palmer.
Danny, welcome back to the show. Always a delight to have you on. You were last on, I think, a couple of months ago. What have you been up to since?
Yeah, great to be back. Thanks for having me, Graham. What have I been up to? Same as always, I suppose.
No, doing my writing and reporting on various cybersecurity issues for various publications, going to events, that sort of thing.
I went to Black Hat Europe last week, which was lots of fun. Really interesting there. Lots of talks going on, good catch-up with lots of people. Yeah, it was a good time.
I hadn't been to Black Hat Europe for a couple of years. It was really good.
No, doing my writing and reporting on various cybersecurity issues for various publications, going to events, that sort of thing.
I went to Black Hat Europe last week, which was lots of fun. Really interesting there. Lots of talks going on, good catch-up with lots of people. Yeah, it was a good time.
I hadn't been to Black Hat Europe for a couple of years. It was really good.
That's in London, isn't it?
The Excel Centre in London, yes. It's not quite a glamorous a venue as the main, in inverted commas, Black Hat in the United States in Las Vegas.
But if you're just there for the talks, it's all the same things really. It's good.
And it's also at the time of year as well, where there's a lot of reflection on what's happened in the last year or so. Lots of interesting keynotes. But yeah, really good.
But if you're just there for the talks, it's all the same things really. It's good.
And it's also at the time of year as well, where there's a lot of reflection on what's happened in the last year or so. Lots of interesting keynotes. But yeah, really good.
Before we kick off, let's thank this week's wonderful sponsors, Vanta and ThreatLocker. We'll be hearing more about them later on the podcast.
This week on Smashing Security, we're not going to be talking about how password manager LastPass has been fined £1.2 million by UK regulators for a data breach that impacted 1.6 million Brits.
You'll hear no discussion of how the Trump administration is reportedly preparing to turn to private businesses to help mount offensive cyberattacks against foreign adversaries.
And we won't even mention how Russians took to the streets for a rare protest that Roblox had been banned. So Danny, what are you going to be talking about this week?
This week on Smashing Security, we're not going to be talking about how password manager LastPass has been fined £1.2 million by UK regulators for a data breach that impacted 1.6 million Brits.
You'll hear no discussion of how the Trump administration is reportedly preparing to turn to private businesses to help mount offensive cyberattacks against foreign adversaries.
And we won't even mention how Russians took to the streets for a rare protest that Roblox had been banned. So Danny, what are you going to be talking about this week?
I'm going to be talking about ransomware, specifically against the Irish healthcare service. This isn't a time-travelling thing, there is new stuff about that to talk about.
And I'm going to be talking about how your Kindle might be a security risk. All this and much more coming up on this episode of Smashing Security.
Okay, before we go any further, I need to share a quick word with you about one of our sponsors today, Vanta. You know how everyone's got an AI assistant these days?
Well, imagine one that doesn't just write haikus about zero-day vulnerabilities, but actually does your audit work for you. That is Vanta.
It connects to all of your tools, gathers evidence, tracks compliance, and quietly helps you prove that yes, you do take security seriously. Vanta automates all of that.
It pulls everything together, keeps an eye on your systems, and basically makes sure you're ready for an audit at any time, which means no last-minute panic for screenshots and policies.
It also plugs into the tools you're already using and flags up issues before they become a right old mess.
So if that sounds like something that might save you from a few sleepless nights, check out vanta.com/smashing. And if you use that link, you'll get $1,000 off.
So don't forget, vanta.com/smashing. And thanks to Vanta for sponsoring this week's episode. On with the show. So Danny, do you have any gadgets? In the bedroom?
Okay, before we go any further, I need to share a quick word with you about one of our sponsors today, Vanta. You know how everyone's got an AI assistant these days?
Well, imagine one that doesn't just write haikus about zero-day vulnerabilities, but actually does your audit work for you. That is Vanta.
It connects to all of your tools, gathers evidence, tracks compliance, and quietly helps you prove that yes, you do take security seriously. Vanta automates all of that.
It pulls everything together, keeps an eye on your systems, and basically makes sure you're ready for an audit at any time, which means no last-minute panic for screenshots and policies.
It also plugs into the tools you're already using and flags up issues before they become a right old mess.
So if that sounds like something that might save you from a few sleepless nights, check out vanta.com/smashing. And if you use that link, you'll get $1,000 off.
So don't forget, vanta.com/smashing. And thanks to Vanta for sponsoring this week's episode. On with the show. So Danny, do you have any gadgets? In the bedroom?
I suppose the nearest thing to get to that is probably my phone. I'm quite old school in that case. When I'm reading, it's usually on a paper-based book.
Thank heavens for that. I was worried what you might answer there, to be honest.
I mean, I know you're a bit of a Doctor Who fan and you may have got your sonic screwdriver out and jumped aboard the time rotor or things like that.
I mean, I know you're a bit of a Doctor Who fan and you may have got your sonic screwdriver out and jumped aboard the time rotor or things like that.
I do have a sonic screwdriver around here somewhere.
Oh, do you?
I'm not sure where exactly, but there's definitely one in this office.
Well, I've got a Kobo. Are you familiar with the Kobo?
I have to admit, I am not particularly familiar. Tell me more.
So a Kobo is an e-book reader, a bit like a Kindle. Absolutely love it.
If I wake up in the middle of the night and can't sleep, I don't know about you, but I don't like to look at my phone too much in the middle of the night because, you know, that's just a way towards misery and just doom-scrolling for hours and hours.
So it's not a recipe for a good night's sleep, but I'm very happy slipping some earphones in, listening to a podcast.
By the way, if you're listening to Smashing Security and you want to help us out, please do listen to our back archive of 447 episodes.
Actually, you don't have to listen to them at all. Just play them while you sleep. It really helps out. But anyway, yeah, you can listen to podcasts while you sleep.
I'm also happy to reach for my Kobo e-book reader to read an e-book, because that won't disturb my wife. It's not like I have to turn the light on.
And it's guaranteed to have me nodding off in no time at all.
If I wake up in the middle of the night and can't sleep, I don't know about you, but I don't like to look at my phone too much in the middle of the night because, you know, that's just a way towards misery and just doom-scrolling for hours and hours.
So it's not a recipe for a good night's sleep, but I'm very happy slipping some earphones in, listening to a podcast.
By the way, if you're listening to Smashing Security and you want to help us out, please do listen to our back archive of 447 episodes.
Actually, you don't have to listen to them at all. Just play them while you sleep. It really helps out. But anyway, yeah, you can listen to podcasts while you sleep.
I'm also happy to reach for my Kobo e-book reader to read an e-book, because that won't disturb my wife. It's not like I have to turn the light on.
And it's guaranteed to have me nodding off in no time at all.
That's the thing with e-books, you don't need the light on. Traditional books don't come with their own backlights.
Right, they don't. And of course, on an e-book reader, you can have hundreds and hundreds of different books. So whatever takes your fancy, you can take a look at it.
Now, of course, Kindles are the most famous and probably the most successful e-book readers.
And I prefer a Kobo though, because I just don't want to be locked into Amazon and I don't fancy giving Geoff Bezos any more money.
Now, of course, Kindles are the most famous and probably the most successful e-book readers.
And I prefer a Kobo though, because I just don't want to be locked into Amazon and I don't fancy giving Geoff Bezos any more money.
I think he has quite a bit of money as well, from what I heard.
He does have quite a lot. But lots of people do have Kindles, of course, and they're amazing little gadgets, aren't they?
They sit on your bedside table, they're connected to the internet, their battery life on these e-book readers, it lasts for weeks and weeks because of the e-ink display, so it's not sapping lots of energy that way.
Just one touch on the screen, you can practically download any book that's ever been written and be reading it within seconds.
I mean, it's amazing the technology and how that works in that way. So these are computing devices. They're in our homes. They are part of the Internet of Things.
They sit on your bedside table, they're connected to the internet, their battery life on these e-book readers, it lasts for weeks and weeks because of the e-ink display, so it's not sapping lots of energy that way.
Just one touch on the screen, you can practically download any book that's ever been written and be reading it within seconds.
I mean, it's amazing the technology and how that works in that way. So these are computing devices. They're in our homes. They are part of the Internet of Things.
Uh-oh.
Yeah. Funny, isn't it? Whenever we say Internet of Things, when you work in cybersecurity, you go, "Rrrrk, rrrrk, danger, danger, Will Robinson." Something's going to go badly wrong.
But I think most people tend to forget about them as a potential threat because you're too distracted by your computers, your laptops, your smartphones, and all those sort of things.
You might be extending your concern to your internet-enabled doorbell or your routers and other things which you may have inside your home.
But for many people, I think they forget about things like e-book readers and that may be a big mistake because a security researcher with the incredibly glamorous and exciting name of Valentino Ricotta has just revealed to the world how your Amazon Kindle e-reader could be a threat.
He is a reverse engineer at Thales, which is the French defense giant.
But I think most people tend to forget about them as a potential threat because you're too distracted by your computers, your laptops, your smartphones, and all those sort of things.
You might be extending your concern to your internet-enabled doorbell or your routers and other things which you may have inside your home.
But for many people, I think they forget about things like e-book readers and that may be a big mistake because a security researcher with the incredibly glamorous and exciting name of Valentino Ricotta has just revealed to the world how your Amazon Kindle e-reader could be a threat.
He is a reverse engineer at Thales, which is the French defense giant.
Yes.
And he was at, like yourself, Danny, at Black Hat Europe in London last week, he gave a talk. I don't know if you saw it. It had the title, Don't Judge an Audiobook by Its Cover.
Did you see it?
Did you see it?
I didn't see this one, but it definitely has a good name.
That's half the battle at these conferences is having an interesting name, preferably of a pun, to get people coming to see it.
That's half the battle at these conferences is having an interesting name, preferably of a pun, to get people coming to see it.
Well, there is an analogy there with books as well, isn't there? You need a cool name for your book. You need a cool cover for your book.
Once people have bought it though, based upon the name and the cover, they're kind of a captive audience.
And similarly with security talks, the number of security talks which I've been lured to with the, oh, that sounds juicy.
And then you get there and you go, oh my goodness, you know, you're putting a fork in your eyeball trying to keep yourself awake as they're reading off a screen.
Once people have bought it though, based upon the name and the cover, they're kind of a captive audience.
And similarly with security talks, the number of security talks which I've been lured to with the, oh, that sounds juicy.
And then you get there and you go, oh my goodness, you know, you're putting a fork in your eyeball trying to keep yourself awake as they're reading off a screen.
I sometimes have the almost opposite thing where every time I go to Black Hat or these events, I mean, I don't have a technical background at all.
There's always a talk I go to, it's like I can tell there's something really interesting going on here, but it's super, super technical because I don't know some obscure type of how to code.
It just goes over my head. Well, there's a story in here, but yeah, can't figure out what it is.
There's always a talk I go to, it's like I can tell there's something really interesting going on here, but it's super, super technical because I don't know some obscure type of how to code.
It just goes over my head. Well, there's a story in here, but yeah, can't figure out what it is.
Don't worry, Danny. I think that's true for many of us that we find ourselves in that situation.
I think it's incumbent upon the security researchers to not just be really, really clever at the technical stuff. They have to be good communicators as well.
If you really understand a subject, I feel that you should be able to explain it to your auntie or to a 14-year-old.
I think it's incumbent upon the security researchers to not just be really, really clever at the technical stuff. They have to be good communicators as well.
If you really understand a subject, I feel that you should be able to explain it to your auntie or to a 14-year-old.
Yes, the exact thing.
A long time ago when I was in journalism school, yeah, we were told with a story, how do you explain this story to your mates down the pub, basically, which is a— they basically informed a lot of my reporting over the years.
Pubs in one way or another as well.
A long time ago when I was in journalism school, yeah, we were told with a story, how do you explain this story to your mates down the pub, basically, which is a— they basically informed a lot of my reporting over the years.
Pubs in one way or another as well.
So this Ricotta chap, he's been staring at his Kindle for years. There it has been sitting innocently on his bedside cabinet. And he's been thinking about it.
He's thinking about the amazing things it can do. He says, you can even buy books from the store with my credit card in a single click. Oh, I've mentioned credit cards.
He's thinking about the amazing things it can do. He says, you can even buy books from the store with my credit card in a single click. Oh, I've mentioned credit cards.
Oops.
Internet of Things, credit cards. Now already, ooh, the little spider sense is going off there. Danger, danger.
And of course, if you compromise the device, you've pretty much got control over someone's wallet if you manage to gain access to their credit card details.
So what fascinated Ricotta was how the Kindle would actually work in the background, what its gubbins were doing behind the scenes.
And whenever a book or an audiobook appears on an Amazon Kindle, there is a process, a system process, which is running in the background, automatically scans the file to extract the metadata like the title of the book or audiobook.
And of course, if you compromise the device, you've pretty much got control over someone's wallet if you manage to gain access to their credit card details.
So what fascinated Ricotta was how the Kindle would actually work in the background, what its gubbins were doing behind the scenes.
And whenever a book or an audiobook appears on an Amazon Kindle, there is a process, a system process, which is running in the background, automatically scans the file to extract the metadata like the title of the book or audiobook.
That's another red flag there.
Metadata.
Yeah, something could possibly go very wrong here.
Yes. It's funny, isn't it? Metadata like author, cover image, that sort of thing.
I find it quite amusing that Facebook renamed themselves Meta, of course, because they've been collecting metadata about billions of people around the planet for years and years and haven't all done that good a job at securing it or not exploiting it in various fashions.
Again, you know, the clue is there right in the name, isn't it? Anyway, the Kindle supports lots of formats.
It supports ebooks, it supports PDFs, it supports images, it supports Audible audiobooks.
And it was in the audiobook format where Ricotta found a problem in the way in which the Kindle parsed that data.
I find it quite amusing that Facebook renamed themselves Meta, of course, because they've been collecting metadata about billions of people around the planet for years and years and haven't all done that good a job at securing it or not exploiting it in various fashions.
Again, you know, the clue is there right in the name, isn't it? Anyway, the Kindle supports lots of formats.
It supports ebooks, it supports PDFs, it supports images, it supports Audible audiobooks.
And it was in the audiobook format where Ricotta found a problem in the way in which the Kindle parsed that data.
Oh, that's interesting. Sounds like that sort of thing where people may not necessarily think about that as a place to look for issues.
Right. And if you think about it, there are many, many Kindles out there which don't actually have speakers. And so they may not actually ever be used for playing audiobooks.
That's a good point. Yeah.
My ebook reader, it's not a Kindle. My particular one doesn't have a headphone socket and doesn't have speakers. And so you can't play audiobooks on it.
But the code running on the ebook reader is the same. It's all there and it's analyzing these files.
So even those Kindles which can't play audiobooks, they still scan audiobook files to extract the metadata.
And the Audible audiobook file format is kind of a complex multimedia format.
It's sort of a bit like an MP4 video, although there's not a video component, there is an audio component. And there's this metadata as well.
And as this chap, Ricotta, explained, that makes it a wonderfully rich target for security researchers because Kindle's extractor burrows quite deeply into that data and parsing that data in order to try and work out what is what.
And when he took a look at Amazon's custom code for parsing Audible audiobooks, he found what he described as an obvious textbook heap overflow.
But the code running on the ebook reader is the same. It's all there and it's analyzing these files.
So even those Kindles which can't play audiobooks, they still scan audiobook files to extract the metadata.
And the Audible audiobook file format is kind of a complex multimedia format.
It's sort of a bit like an MP4 video, although there's not a video component, there is an audio component. And there's this metadata as well.
And as this chap, Ricotta, explained, that makes it a wonderfully rich target for security researchers because Kindle's extractor burrows quite deeply into that data and parsing that data in order to try and work out what is what.
And when he took a look at Amazon's custom code for parsing Audible audiobooks, he found what he described as an obvious textbook heap overflow.
Now, that doesn't sound good.
It doesn't sound good. And I know it can also sound pretty technical and scary to many people, you know, like a heap overflow. What on earth does that mean?
Well, what it means is that Amazon's code miscalculated how much memory it would require to handle the audiobook data.
And so if someone were to carefully craft values inside a booby-trapped audiobook data file, the Kindle can be tricked into reading the data, shoving it into memory, but it hasn't got enough room for it all.
And so it overwrites other code running on the Kindle device itself.
And that kind of flaw can be used for code execution, meaning an attacker could make your Kindle run somebody else's code.
Well, what it means is that Amazon's code miscalculated how much memory it would require to handle the audiobook data.
And so if someone were to carefully craft values inside a booby-trapped audiobook data file, the Kindle can be tricked into reading the data, shoving it into memory, but it hasn't got enough room for it all.
And so it overwrites other code running on the Kindle device itself.
And that kind of flaw can be used for code execution, meaning an attacker could make your Kindle run somebody else's code.
So it basically means that baddies could make essentially malware go onto your device, which could then do all sorts of nasty things you don't wish for.
It's the same kind of thing which we've seen time and time again with PDF files, for instance, same kind of thing that we've seen with images.
Sometimes there've been so many over the years exploits of images which have been sent via messaging services to smartphones where the image handler on your iPhone or on your Android device screws up in its handling of that data file, overwrites some memory.
May have a buffer overflow or something like that, and then code will execute on the device and potentially be nasty. So not a good thing.
Now, this particular exploit, which Valentino Ricotta discovered, it wasn't perfectly reliable, but he said, well, it didn't actually matter very much because if the Kindle actually crashed sometimes, the way in which the Kindle is made is if it crashes, it just automatically restarts itself.
Sometimes there've been so many over the years exploits of images which have been sent via messaging services to smartphones where the image handler on your iPhone or on your Android device screws up in its handling of that data file, overwrites some memory.
May have a buffer overflow or something like that, and then code will execute on the device and potentially be nasty. So not a good thing.
Now, this particular exploit, which Valentino Ricotta discovered, it wasn't perfectly reliable, but he said, well, it didn't actually matter very much because if the Kindle actually crashed sometimes, the way in which the Kindle is made is if it crashes, it just automatically restarts itself.
Okay.
And tries again, opening the files which it had opened before. Oh. So it has another go. And he said the exploit runs silently in the background without the victim ever noticing.
And he says that because Kindles often stay powered on for days or weeks at a time, it can be a problem.
So he did a live demo at Black Hat Europe in London, and he managed to log into a victim's Amazon account from his own browser without knowing the password because he was able to use this technique to steal their Amazon session cookies, which are the tokens that keep you logged into a site, so you don't have to perpetually keep on re-logging back in.
It remembers you are allowed to be there. And that's what he needed to do. And then through a second vulnerability, he was able to ultimately gain complete control of the device.
Now, fortunately, Ricotta is not a bad egg. Mm. He's actually a good cheese. Sorry. He reported the problem to Amazon, which took it seriously enough, they coughed up $20,000 bounty.
Very nice work, I have to say. How lovely is that?
And he says that because Kindles often stay powered on for days or weeks at a time, it can be a problem.
So he did a live demo at Black Hat Europe in London, and he managed to log into a victim's Amazon account from his own browser without knowing the password because he was able to use this technique to steal their Amazon session cookies, which are the tokens that keep you logged into a site, so you don't have to perpetually keep on re-logging back in.
It remembers you are allowed to be there. And that's what he needed to do. And then through a second vulnerability, he was able to ultimately gain complete control of the device.
Now, fortunately, Ricotta is not a bad egg. Mm. He's actually a good cheese. Sorry. He reported the problem to Amazon, which took it seriously enough, they coughed up $20,000 bounty.
Very nice work, I have to say. How lovely is that?
That's not a bad pay packet for a bit of research, no.
It's not a bad pay packet at all. Of course, there are other people who are doing a little bit of work for Amazon who get paid a bit more than that, don't they?
Geoff Bezos, for instance.
Geoff Bezos, for instance.
Yes, I believe his salary is slightly higher. Yeah.
But I think it's very, very generous of Amazon to award basically 5.38 seconds' worth of the amount of money that Geoff Bezos earns to Mr.
Ricotta for his hard work finding this vulnerability. But there's some other interesting sides to this.
One is that, of course, how would a malicious attacker, a hacker, get this attack onto your Kindle?
Are they gonna creep in like a ninja in the dead of night and install it onto your Kindle? No, they're not. But what they could do is, of course, they could publish an audiobook.
And Amazon allows self-publishing. So anybody can publish something up on Amazon. You gotta jump through a few hoops and upload a PDF for a book or something like that.
You know, similar process, I imagine, for an audiobook as well. And Ricotta points out that a malicious book could theoretically be delivered through that entirely normal channel.
So if I were to release, I don't know, an audiobook of Smashing Security, top of cybersecurity gifts to give someone this Yuletide, which I'm sure would be a big seller.
Ricotta for his hard work finding this vulnerability. But there's some other interesting sides to this.
One is that, of course, how would a malicious attacker, a hacker, get this attack onto your Kindle?
Are they gonna creep in like a ninja in the dead of night and install it onto your Kindle? No, they're not. But what they could do is, of course, they could publish an audiobook.
And Amazon allows self-publishing. So anybody can publish something up on Amazon. You gotta jump through a few hoops and upload a PDF for a book or something like that.
You know, similar process, I imagine, for an audiobook as well. And Ricotta points out that a malicious book could theoretically be delivered through that entirely normal channel.
So if I were to release, I don't know, an audiobook of Smashing Security, top of cybersecurity gifts to give someone this Yuletide, which I'm sure would be a big seller.
Massive hit.
Then in theory, it could be used to attack people.
Yeah.
And the victim isn't going to have to click on a link on an instant message or inside an email or open an attachment or anything like that.
They're just downloading something to their Kindle, which looks entirely legitimate through the official Amazon store.
They're just downloading something to their Kindle, which looks entirely legitimate through the official Amazon store.
I'm not sure how this applies to audiobooks, but there's a lot of AI-generated books that go into these stores as well.
I think there was something a while back about a book about how to cook wild mushrooms and this AI-generated book.
I think there was something a while back about a book about how to cook wild mushrooms and this AI-generated book.
Yes.
Basically, if you followed that book's instructions, you'd probably be dead from eating poisonous mushrooms. So unideal.
There have been other vulnerabilities in the past with Kindles. Perhaps it's not surprising Kindle runs on a version of Linux as its operating system.
It's connected to the internet, has access to sensitive information, has access obviously to your payment details.
And yet, as I said, something I think many people have just thought of it as a gadget rather than potentially a security threat as well.
It's connected to the internet, has access to sensitive information, has access obviously to your payment details.
And yet, as I said, something I think many people have just thought of it as a gadget rather than potentially a security threat as well.
Even though it is an IoT device, they're not really thinking about it as an IoT device. It's sort of just like a library. I choose the books, they come in.
People aren't really considering how you are still accessing the entire internet through that little device in the palm of your hand.
People aren't really considering how you are still accessing the entire internet through that little device in the palm of your hand.
Before we go any further, I want to say a few words about one of our sponsors this week, ThreatLocker. Most cyberattacks don't start with some genius hacker writing custom malware.
They start with something much simpler, like a misconfigured setting, an exposed service, or a security policy that quickly drifted out of line.
And in large, complex IT environments, those misconfigurations are everywhere and almost impossible to track manually.
And that's why ThreatLocker built Defense Against Configurations, or DAC. ThreatLocker DAC gives you a real-time view of configuration weaknesses across your entire environment.
It runs deep checks across every endpoint, not just your ThreatLocker policies, but your operating systems and application settings too.
All of it appears in one clean dashboard showing what's misconfigured, how risky it is, and exactly how to fix it. So no more discovering problems after the attackers do.
With DAC, you see configuration drift as it happens. You can also check alignment with major security frameworks and see which endpoints don't make the grade.
If you want to stop firefighting, harden your environment, and catch hidden risks before they turn into breaches, you need DAC.
Try it for free for 30 days at ThreatLocker.com and find out what's misconfigured before it costs you. Danny, what are you going to talk to us about this week?
They start with something much simpler, like a misconfigured setting, an exposed service, or a security policy that quickly drifted out of line.
And in large, complex IT environments, those misconfigurations are everywhere and almost impossible to track manually.
And that's why ThreatLocker built Defense Against Configurations, or DAC. ThreatLocker DAC gives you a real-time view of configuration weaknesses across your entire environment.
It runs deep checks across every endpoint, not just your ThreatLocker policies, but your operating systems and application settings too.
All of it appears in one clean dashboard showing what's misconfigured, how risky it is, and exactly how to fix it. So no more discovering problems after the attackers do.
With DAC, you see configuration drift as it happens. You can also check alignment with major security frameworks and see which endpoints don't make the grade.
If you want to stop firefighting, harden your environment, and catch hidden risks before they turn into breaches, you need DAC.
Try it for free for 30 days at ThreatLocker.com and find out what's misconfigured before it costs you. Danny, what are you going to talk to us about this week?
Well, I'm sure you remember this, Graham. Do you remember the ransomware attack on the Irish Healthcare Executive back in 2021?
Oh yes, HSE. Yes.
Yes, it was quite a big deal at the time. Received a lot of coverage. I covered it a lot back when I was working at ZDNet. That was the summer we had the Colonial Pipeline attack.
We had the big attack on the American meat processor. So it was sort of the first, for want of a better phrase, big summer of ransomware.
But to sum up, in May 2021, the Irish healthcare service was hit by the Conti ransomware gang and the attack caused significant disruption, which lasted 4 weeks.
And to reiterate, this is against a national healthcare service of Ireland. So it's used by a population of, I think it's 4 million people, the Irish population.
So it's not an insignificant organization. It's obviously a state-backed entity as well, so it's part of the national infrastructure.
We had the big attack on the American meat processor. So it was sort of the first, for want of a better phrase, big summer of ransomware.
But to sum up, in May 2021, the Irish healthcare service was hit by the Conti ransomware gang and the attack caused significant disruption, which lasted 4 weeks.
And to reiterate, this is against a national healthcare service of Ireland. So it's used by a population of, I think it's 4 million people, the Irish population.
So it's not an insignificant organization. It's obviously a state-backed entity as well, so it's part of the national infrastructure.
Yeah, it's absolutely critical, isn't it? The health service of a country is obviously important.
You don't want it getting hit by a ransomware gang and the disruption and the very real impact that can have on people's lives.
You don't want it getting hit by a ransomware gang and the disruption and the very real impact that can have on people's lives.
Yeah, and we've seen it so many times before. Going back even further, look at WannaCry.
That caused a massive issue almost 10 years ago now, and it's a good thing we've all learned how to deal with ransomware since then.
Anyway, so it was reported at the time that the ransomware gang initially asked for $20 million, the amount of money a state-backed service has just lying around, obviously.
It doesn't. But it seemed once they realized they hit a national healthcare service, the attackers had a change of heart and provided the decryption key for free.
What good sports, I suppose.
That caused a massive issue almost 10 years ago now, and it's a good thing we've all learned how to deal with ransomware since then.
Anyway, so it was reported at the time that the ransomware gang initially asked for $20 million, the amount of money a state-backed service has just lying around, obviously.
It doesn't. But it seemed once they realized they hit a national healthcare service, the attackers had a change of heart and provided the decryption key for free.
What good sports, I suppose.
Yes, yes.
There is some morals in crime, I suppose.
So they were still asking for money to prevent the release of data.
Yes.
But they were saying, but you can decrypt the files which we have scrambled. Here's our decryption tool.
Yes.
So hopefully you can get back up and running quickly. It was their angle.
Well, you say quickly. It didn't go that quickly because it was reported at the time the decryption software was not of the best quality.
Are you daring to suggest, Danny, that this cybercriminal gang weren't very good at coding their decryption tool, and that their tool didn't work that well?
It might be the case. They might have just been thinking of the payday rather than the actual products, which would never happen in a legitimate tech firm, of course.
But anyway, despite all this, it didn't work properly, and hospitals and doctor surgeries across Ireland suffered ongoing issues for weeks, even months at the time.
Now, I was reporting on this, and I kept going back every few weeks to check in on how it was going on.
Appointments were canceled, services like blood tests and diagnostics were suffering from delays.
And this being the spring and summer of 2021, this is when the vaccine programs for COVID-19 were in full force.
But anyway, despite all this, it didn't work properly, and hospitals and doctor surgeries across Ireland suffered ongoing issues for weeks, even months at the time.
Now, I was reporting on this, and I kept going back every few weeks to check in on how it was going on.
Appointments were canceled, services like blood tests and diagnostics were suffering from delays.
And this being the spring and summer of 2021, this is when the vaccine programs for COVID-19 were in full force.
Oh yes.
Those services apparently weren't hit by this sort of thing, which is good, I suppose. Maybe that's why the attackers might have had a change of heart.
Attacking a hospital's services during a global pandemic may have been seen as a step too far in this case. But yeah, it was a long-term issue.
Services weren't fully restored until much later in the year.
And then in the next year, 2022, it was reported that the total cost of the incident amounted to over $100 million just because of the restoration and the things that happened, systems being replaced.
Yeah.
And in all of this as well, over 90,000 people had their data accessed as part of the attack, which we're all very sensitive about our personal data, but obviously some of our healthcare data might be our most sensitive data you don't want being accessed and potentially shoved out there on the dark or open web.
So four and a half years on though from this attack, that data breach is still seemingly costing the Irish Healthcare Service money because this week it was reported that the Irish healthcare executive has offered victims who had their personal data stolen in this attack €750 each.
And while that doesn't sound like loads of money, times that by a few thousand, even if it's just a few thousand take this up, that can add up and get expensive.
Attacking a hospital's services during a global pandemic may have been seen as a step too far in this case. But yeah, it was a long-term issue.
Services weren't fully restored until much later in the year.
And then in the next year, 2022, it was reported that the total cost of the incident amounted to over $100 million just because of the restoration and the things that happened, systems being replaced.
Yeah.
And in all of this as well, over 90,000 people had their data accessed as part of the attack, which we're all very sensitive about our personal data, but obviously some of our healthcare data might be our most sensitive data you don't want being accessed and potentially shoved out there on the dark or open web.
So four and a half years on though from this attack, that data breach is still seemingly costing the Irish Healthcare Service money because this week it was reported that the Irish healthcare executive has offered victims who had their personal data stolen in this attack €750 each.
And while that doesn't sound like loads of money, times that by a few thousand, even if it's just a few thousand take this up, that can add up and get expensive.
Yeah, I'm actually quite impressed. €750 feels like quite a lot compared to the average.
You know, there have been a couple of times when I've found that I'm on a list or something, but there have been a couple of times when I have ended up ultimately getting an email or something saying, "We would like to compensate you." And I say, "Oh, yes, please." And it turns out that you're being given about £1.70.
You know, there have been a couple of times when I've found that I'm on a list or something, but there have been a couple of times when I have ended up ultimately getting an email or something saying, "We would like to compensate you." And I say, "Oh, yes, please." And it turns out that you're being given about £1.70.
Yeah, it's 50p, all right. Yeah, thank you.
Yes. I mean, that is the norm, isn't it? It will be a very small amount, whereas €750 is actually quite generous.
It doesn't really make up for having your personal information breached, obviously.
And all the potential for inconvenience and the harm which could have been caused by that, or indeed identity theft and other problems like that.
And certainly I would consider those kinds of things to be worth more than €750. But I have to say, it feels better than the average.
It doesn't really make up for having your personal information breached, obviously.
And all the potential for inconvenience and the harm which could have been caused by that, or indeed identity theft and other problems like that.
And certainly I would consider those kinds of things to be worth more than €750. But I have to say, it feels better than the average.
Yeah, I know what you mean. I'd probably rather have your data not exposed on the internet.
You don't want some random cybercriminal with a picture of an X-ray of your ribs or that sort of thing. I did some research earlier this year about exactly this sort of thing.
Cybercriminals, you know, stealing medical data.
Who knows what they really wanted to do with it, but you know, they're sitting there with brain scans and X-rays and that sort of thing.
And I suppose there's the blackmail element, I suppose, in some cases. But as we know in this day and age, if it's data, it's valuable to someone in some way.
And that's the thing with breaches. Once the data is out there, it's out there permanently.
You can't sort of put that genie back in the bottle, which is a big shame, especially when breaches seem to keep happening.
You don't want some random cybercriminal with a picture of an X-ray of your ribs or that sort of thing. I did some research earlier this year about exactly this sort of thing.
Cybercriminals, you know, stealing medical data.
Who knows what they really wanted to do with it, but you know, they're sitting there with brain scans and X-rays and that sort of thing.
And I suppose there's the blackmail element, I suppose, in some cases. But as we know in this day and age, if it's data, it's valuable to someone in some way.
And that's the thing with breaches. Once the data is out there, it's out there permanently.
You can't sort of put that genie back in the bottle, which is a big shame, especially when breaches seem to keep happening.
But my understanding is that the people who've been offered this €750, they are people who appear to have already contacted solicitors. Yes.
So they've already started some kind of legal process or some sort of demand already for compensation.
So it isn't necessarily going to be the case that across the board everyone is going to get €750.
So they've already started some kind of legal process or some sort of demand already for compensation.
So it isn't necessarily going to be the case that across the board everyone is going to get €750.
That is the case. Obviously, it's not going out to 90,000 people at the moment. Right. I think it's probably a few thousand of that maybe sort of gone for this thing.
But now the other people have heard about this.
But now the other people know. Yeah. Now it's out. But no, it just showcases how ransomware attacks can have such an ongoing impact.
The Conti ransomware group has not existed for several years now, at least not in the current incarnation.
As we know, ransomware gangs, they're quite fluid and they all sort of flow into being one and the other.
The Conti ransomware group has not existed for several years now, at least not in the current incarnation.
As we know, ransomware gangs, they're quite fluid and they all sort of flow into being one and the other.
Yes.
They don't fully disappear. They just disperse into other new operations.
Unfortunately, this isn't even the end of this tale because according to recent media reports in Ireland, the HSE was hit by another ransomware attack earlier this year.
Unfortunately, this isn't even the end of this tale because according to recent media reports in Ireland, the HSE was hit by another ransomware attack earlier this year.
Oh, so they've been hit again?
Yes, they were hit again, but it seems this one had much, much, much less impact. There doesn't seem to be any sort of stories about data coming out.
This was also due to an attack against a third-party supplier rather than the sort of network itself.
It didn't have the massive impact on appointments and delays of things that last one happened. But it just goes to show that ransomware is still such a huge impactful threat.
And we look at all the things that happened this year, even here in the UK, M&S, Co-op, Jaguar Land Rover, which that latter one has had an impact on the UK economy.
This was also due to an attack against a third-party supplier rather than the sort of network itself.
It didn't have the massive impact on appointments and delays of things that last one happened. But it just goes to show that ransomware is still such a huge impactful threat.
And we look at all the things that happened this year, even here in the UK, M&S, Co-op, Jaguar Land Rover, which that latter one has had an impact on the UK economy.
Astonishing, isn't it?
Yeah. Yeah. And it just keeps happening. I touched upon it earlier that how, yeah, WannaCry, that had a big impact 10 years ago. And 10 years on, ransomware is still a massive issue.
I remember when I first started back at ZDNet in 2016, one of my first stories I reported on was a ransomware attack against a local council in the north of England.
Now, I called them up to ask them what was going on.
They graciously actually told me what was going on, which is actually very rare when you're trying to call up an organization hit by ransomware.
But I remember, I think it was something Locky ransomware, sort of an old school one that. And they wanted the grand total ransom demand of £500.
I remember when I first started back at ZDNet in 2016, one of my first stories I reported on was a ransomware attack against a local council in the north of England.
Now, I called them up to ask them what was going on.
They graciously actually told me what was going on, which is actually very rare when you're trying to call up an organization hit by ransomware.
But I remember, I think it was something Locky ransomware, sort of an old school one that. And they wanted the grand total ransom demand of £500.
£500?
Yeah, £500 whole pounds. Yeah, you'd be lucky nowadays if the demand is £5 million. And I guess the key point here is ransomware is still a huge issue.
And there's going to be plenty more of it next year, I expect.
Yeah, I don't imagine that cybercrime is just retiring at the end of this year, unfortunately.
And welcome back. And you join us for our favorite part of the show, the part of the show that we like to call Pick of the Week.
Pick of the Week.
Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they wish.
It doesn't have to be security related necessarily. Well, my pick this week is not security related.
Earlier this week, we saw the horrific news break that legendary film director Rob Reiner had been killed alongside his wife at his home in Los Angeles, and it's utterly ghastly news.
The director of some fantastic movies like The Princess Bride and Stand By Me and A Few Good Men and Misery.
I know that Reiner's movies meant a lot to many people, and the news of his death will have shaken some people a fair bit.
And so I wanted to, especially as this is our last episode before the Christmas break— don't worry, folks, we will be back in the new year— I wanted to leave you with something beautiful as a Pick of the Week.
So my Pick of the Week this week is a movie from 1989 that Rob Reiner directed. It's clever. It's still genuinely funny decades later.
And on the surface, it's a rom-com about two people who keep bumping into each other over the years.
But under the surface, it's a really rather lovely study of friendship and the many ways humans manage to overthink each other.
It is, of course, When Harry Met Sally, but maybe you haven't seen it for a while, and maybe it's one to watch this Christmas. Danny, have you ever watched When Harry Met Sally?
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they wish.
It doesn't have to be security related necessarily. Well, my pick this week is not security related.
Earlier this week, we saw the horrific news break that legendary film director Rob Reiner had been killed alongside his wife at his home in Los Angeles, and it's utterly ghastly news.
The director of some fantastic movies like The Princess Bride and Stand By Me and A Few Good Men and Misery.
I know that Reiner's movies meant a lot to many people, and the news of his death will have shaken some people a fair bit.
And so I wanted to, especially as this is our last episode before the Christmas break— don't worry, folks, we will be back in the new year— I wanted to leave you with something beautiful as a Pick of the Week.
So my Pick of the Week this week is a movie from 1989 that Rob Reiner directed. It's clever. It's still genuinely funny decades later.
And on the surface, it's a rom-com about two people who keep bumping into each other over the years.
But under the surface, it's a really rather lovely study of friendship and the many ways humans manage to overthink each other.
It is, of course, When Harry Met Sally, but maybe you haven't seen it for a while, and maybe it's one to watch this Christmas. Danny, have you ever watched When Harry Met Sally?
You know what? I believe it's one of those films that I've not seen. I guess maybe— Danny!
In my defense, I was 5 years old when it came out, so it probably wasn't part of the audience.
In my defense, I was 5 years old when it came out, so it probably wasn't part of the audience.
Just a child.
Now, I have seen Spinal Tap on numerous occasions. That's a very enjoyable movie, but yeah, there's so many classic well-loved movies. So yes, that's sad news.
There was a sequel to Spinal Tap, which was out really recently, wasn't there? Which I think he directed as well.
This year, yeah.
Well, if you haven't seen When Harry Met Sally, it's Billy Crystal and Meg Ryan. They absolutely sparkle their way through an exquisite script written by Nora Ephron.
And it's a romantic movie, but it doesn't get covered in schmaltz. So it's the right kind of romance. It's warm, it's witty, it's smart. And that's what Rob Reiner was too.
So that is my pick of the week. Go on, go and give it a watch. Danny, what's your pick of the week?
And it's a romantic movie, but it doesn't get covered in schmaltz. So it's the right kind of romance. It's warm, it's witty, it's smart. And that's what Rob Reiner was too.
So that is my pick of the week. Go on, go and give it a watch. Danny, what's your pick of the week?
Well, I've been thinking about this. I was thinking, what have I been doing recently?
And I've been playing a video game that came out technically last year, technically 30 years ago.
I've been playing the remaster of Tomb Raider, the original Tomb Raider from the 1990s.
Now, it's a massive nostalgia fix for me because when I saved up my pocket money to get a PlayStation, it would have been 2 or 3 years after it came out.
So this would have been some point in the late '90s. The original Tomb Raider was already an old, in inverted commas, game then.
And yeah, it was obviously just the introduction to 3D gaming, I suppose. Before that, it had been sort of Sega Mega Drive, Master System, 2D platformers, that sort of thing.
And it's just been really interesting and fun going back.
And also, the thing as well, where I never finished it back in the day because there was some sort of issue with, I think, my disc or the game itself, where there was a bit where you went between two levels and it just faded to black.
And it turned out this wasn't part of the game. This was some sort of issue with it. Yeah, it's been really interesting.
And I've been playing a video game that came out technically last year, technically 30 years ago.
I've been playing the remaster of Tomb Raider, the original Tomb Raider from the 1990s.
Now, it's a massive nostalgia fix for me because when I saved up my pocket money to get a PlayStation, it would have been 2 or 3 years after it came out.
So this would have been some point in the late '90s. The original Tomb Raider was already an old, in inverted commas, game then.
And yeah, it was obviously just the introduction to 3D gaming, I suppose. Before that, it had been sort of Sega Mega Drive, Master System, 2D platformers, that sort of thing.
And it's just been really interesting and fun going back.
And also, the thing as well, where I never finished it back in the day because there was some sort of issue with, I think, my disc or the game itself, where there was a bit where you went between two levels and it just faded to black.
And it turned out this wasn't part of the game. This was some sort of issue with it. Yeah, it's been really interesting.
It was famous for its graphics when it first came out, as I remember, Danny, at least for teenage boys. Many people will remember it.
So they've updated these infamous graphics, have they?
So they've updated these infamous graphics, have they?
Everything looks a lot better. Just seem like the backgrounds are good, the character models are polygonal and pointy.
You look at the lions and stuff you fight, and they're basically triangles with legs and that sort of thing.
But what's the cool bit about it as well is that you can push a button on the controller and just switch between the modern graphics and the old graphics.
You look at the lions and stuff you fight, and they're basically triangles with legs and that sort of thing.
But what's the cool bit about it as well is that you can push a button on the controller and just switch between the modern graphics and the old graphics.
Oh, that's wonderful.
Which is interesting.
I found sometimes it's easier to do things with the old graphics because the new graphics, the lighting's a bit more realistic, so sometimes it's too dark to see things.
I found sometimes it's easier to do things with the old graphics because the new graphics, the lighting's a bit more realistic, so sometimes it's too dark to see things.
Yes.
Modern games now give you a bit of help, you know, if you're trying to make a jump, it'll sort of, you know, assume you're going there and it'll sort of put you on your way there.
Unfortunately, seen Lara fall to her death multiple times. I'm not sure how I did this when I was 12 years old, because it's really hard.
Unfortunately, seen Lara fall to her death multiple times. I'm not sure how I did this when I was 12 years old, because it's really hard.
Kids today don't know that they're born, do they?
No. I've almost finished Tomb Raider 1 in this. I'll probably go on to play Tomb Raider 2 in this and maybe Tomb Raider 3 again. But no, it's been really quite fun nostalgia trip.
And also, yeah, try not to think too hard about how I'm playing a game I first played 30 years ago. But you know, it is what it is.
And also, yeah, try not to think too hard about how I'm playing a game I first played 30 years ago. But you know, it is what it is.
It's a great pick of the week. So that is Tomb Raider Remastered. Well, that just about wraps up the show for this week and for Smashing Security this year. Do not fear, folks.
We will be back in January. So remain subscribed and we'll have plenty of fun episodes during 2026. And thank you, Danny, for joining us today.
I'm sure lots of our listeners would love to find out what you're up to and follow you online. What's the best way for them to do that?
We will be back in January. So remain subscribed and we'll have plenty of fun episodes during 2026. And thank you, Danny, for joining us today.
I'm sure lots of our listeners would love to find out what you're up to and follow you online. What's the best way for them to do that?
The best way is probably on my LinkedIn. It's where I post most of my stuff. For less professional postings, there is my Bluesky account. Just search my name, you'll find me.
But there's also my website as well, which I now realise I haven't actually updated for a little while. So probably, that's probably a task for me over Christmas.
But there's also my website as well, which I now realise I haven't actually updated for a little while. So probably, that's probably a task for me over Christmas.
And of course, Smashing Security is on social media as well. You can find me, Graham Cluley, on LinkedIn or follow Smashing Security on BlueSky or Reddit.
And don't forget to ensure you never miss another episode. Follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Pocket Casts.
For episode show notes, sponsorship info, guest lists, and the entire back catalog of 448 episodes, check out smashingsecurity.com. So until next year, cheerio, bye-bye, goodbye.
You've been listening to Smashing Security with me, Graham Cluley.
Thanks so much to Danny Palmer for joining us this week, and of course to this week's sponsors ThreatLocker and Vanta, and to all of those chums out there who've signed up for Smashing Security Plus.
They include John Morris, Jack Underfurth, Roy Tate, Dan H, Marvin71, Alexander Huguhuis, David Ellefson, Ars Leo, Elbow, Mark Luxton, Richard Van Liesum, Jason B, Alvin, Robert Martin, John W, Steve Lupton, and Bravo Whiskey, amongst others.
Now, do you ever listen to this little bit at the end and think, oh, I wish my name were up there? Well, all you have to do is join Smashing Security Plus.
For the cost of a cup of coffee once a month, you can become part of our merry little troupe and get early access to episodes without the annoying ads.
Just head over to smashingsecurity.com/plus for all of the details.
Now, I realize it's Christmas, money might be tight, and you've probably got better things to spend your money on, to be perfectly frank.
In which case, don't worry about becoming a member of Smashing Security Plus.
Instead, you can do me another favor which is you could leave a lovely review up on Apple Podcasts or somewhere like that, or you could just tell some of your friends about Smashing Security.
We will be back in the new year with more episodes and more fabulous guests. I hope you will tune in. Have a lovely Christmas. Enjoy your new year. Look after yourself and each other.
Stay safe. Wrap up warm unless you're somewhere that's already hot, in which case open the fridge door. And enjoy the cool. Whatever it is, let's hope that 2026 is a good one.
All right, cheerio then. Bye-bye.
And don't forget to ensure you never miss another episode. Follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Pocket Casts.
For episode show notes, sponsorship info, guest lists, and the entire back catalog of 448 episodes, check out smashingsecurity.com. So until next year, cheerio, bye-bye, goodbye.
You've been listening to Smashing Security with me, Graham Cluley.
Thanks so much to Danny Palmer for joining us this week, and of course to this week's sponsors ThreatLocker and Vanta, and to all of those chums out there who've signed up for Smashing Security Plus.
They include John Morris, Jack Underfurth, Roy Tate, Dan H, Marvin71, Alexander Huguhuis, David Ellefson, Ars Leo, Elbow, Mark Luxton, Richard Van Liesum, Jason B, Alvin, Robert Martin, John W, Steve Lupton, and Bravo Whiskey, amongst others.
Now, do you ever listen to this little bit at the end and think, oh, I wish my name were up there? Well, all you have to do is join Smashing Security Plus.
For the cost of a cup of coffee once a month, you can become part of our merry little troupe and get early access to episodes without the annoying ads.
Just head over to smashingsecurity.com/plus for all of the details.
Now, I realize it's Christmas, money might be tight, and you've probably got better things to spend your money on, to be perfectly frank.
In which case, don't worry about becoming a member of Smashing Security Plus.
Instead, you can do me another favor which is you could leave a lovely review up on Apple Podcasts or somewhere like that, or you could just tell some of your friends about Smashing Security.
We will be back in the new year with more episodes and more fabulous guests. I hope you will tune in. Have a lovely Christmas. Enjoy your new year. Look after yourself and each other.
Stay safe. Wrap up warm unless you're somewhere that's already hot, in which case open the fridge door. And enjoy the cool. Whatever it is, let's hope that 2026 is a good one.
All right, cheerio then. Bye-bye.
Host:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Guest:
Danny Palmer:
/ dannypalmerwriter
Episode links:
- Password manager provider fined £1.2m by ICO for data breach affecting up to 1.6 million people in the UK – ICO.
- Trump Administration Turning to Private Firms in Cyber Offensive – Bloomberg.
- Russian ban on Roblox gaming platform sparks rare protest – Reuters.
- Once upon an exploit: how fake audiobook led to Kindle takeover – Cybernews.
- Four years later, Irish health service offers €750 to victims of ransomware attack – Bitdefender.
- When Harry Met Sally – Wikipedia.
- When Harry Met Sally trailer – YouTube.
- Tomb Raider 1-3 Remastered review – you were never going to smooth these games out – Eurogamer.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsors:
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
- ThreatLocker – Start your free trial and book a demo of ThreatLocker today to see how you can implement Zero Trust in your environment.
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Join Smashing Security PLUS for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
