Why Gen Z Is Going Passwordless
Two Awards, Ten Breaches, and One Periwinkle Tempest – What a Week in Cybersecurity
This episode is packed with cybersecurity stories, clever phishing scams, and some big questions about security awareness.
We kick things off with a celebration. The Awareness Angle is now an award-winning podcast. We picked up two wins at the European Cybersecurity Blogger Awards: Best Back to Basics Podcast, and Ant was named Contributor of the Year. It was an incredible night full of brilliant people, unexpected selfies, and some very questionable cyber-themed cocktails. Graham Cluley even took our photo, and KnowBe4 handed over Lego fishermen for the kids. Definitely one for the scrapbook.
But it wasn’t all glitter and swag. The retail sector is still under attack, with both The North Face and Cartier reporting recent cyber incidents. Credential stuffing, unauthorised access, and exposed customer data are all part of the story. We also dig into the Marks & Spencer breach, where a class action lawsuit is now underway. Over 350 customers have joined the claim, with compensation being sought for the fallout. It’s a strong reminder that third-party risk and transparency still need serious attention.
We also talk about Microsoft’s big move to delete saved passwords from the Authenticator app starting in August. It’s part of the shift to a passwordless future, but are users ready for it? And are organisations supporting that transition clearly enough?
On the privacy front, Signal has taken a stand by blocking Windows Recall from taking screenshots of private chats. This is one of the first concrete moves we’ve seen against Recall, and it raises important questions about consent, AI tools, and how much visibility users really have over what’s captured on their screens.
We also highlight new research from NordPass showing how shockingly weak password practices are still common in the automotive industry. Passwords like “123456” and “P@ssw0rd” are being used to secure connected vehicle systems, often without any multi-factor authentication in place. It’s a worrying glimpse into a part of the industry that often flies under the radar.
Meanwhile, Australia has introduced new rules requiring large businesses to report ransomware payments within 72 hours. Rather than banning ransom payments outright, they’re pushing for transparency. It’s a bold step, and one that other countries may be watching closely.
We also explore Microsoft and CrowdStrike’s new effort to simplify threat actor naming. Instead of multiple vendors calling the same group by different names, they’re trying to align terms to reduce confusion. Say goodbye to Wizard Spider. Say hello to Periwinkle Tempest.
There’s also a quick heads-up for creative teams. A malicious Blender file disguised as a free 3D chair model has been spotted spreading malware. If your team uses Blender, now is a good time to review auto-run settings and safe file practices.
And finally, we break down a scam that’s making the rounds via WhatsApp and iMessage. It promises thousands of pounds a month for less than an hour a day. It’s clearly a scam, but with the right timing and the wrong circumstances, people are still getting caught out. It’s a reminder that even old tricks still work.
This episode has a bit of everything. Real stories, important lessons, and a few good laughs along the way. Whether you’re deep in the world of cybersecurity or just trying to stay safer online, this one’s worth a listen.
Sign up for The Awareness Angle Newsletter today and get notified every time a new episode is released. Each newsletter contains details of the topics discussed and more from the world of Security Awareness.
You're almost there!
To confirm your subscription, please check your inbox for a confirmation email. Click the link in the email to complete your signup and start receiving our newsletter!
If you don’t see the email within a few minutes, check your spam or junk folder, just in case.
Thank you for subscribing!
🎉 Blogger Awards Win
Watch – https://youtu.be/0w38e9hdtZU?t=129
🧥 The North Face & 💍 Cartier Breaches
Watch – https://youtu.be/0w38e9hdtZU?t=851
Read – https://www.digit.fyi/the-north-face-and-cartier-latest-to-face-cyber-attacks/
📉 M&S Class Action Lawsuit
Watch – https://youtu.be/0w38e9hdtZU?t=983
Read – https://www.itv.com/news/2025-06-03/m-and-s-faces-unprecedented-customer-lawsuit-over-cyberattack-data-breach
🔐 Microsoft Authenticator Password Deletion
Watch – https://youtu.be/0w38e9hdtZU?t=1081
Read – https://www.forbes.com/sites/zakdoffman/2025/05/31/microsoft-confirms-password-deletion-now-just-8-weeks-away/
🚫 Signal Blocks Windows Recall
Watch – https://youtu.be/0w38e9hdtZU?t=1241
Read – https://www.theverge.com/news/672210/signal-desktop-app-microsoft-recall-block-windows-11-ai
🚗 Smart Cars, Dumb Passwords
Watch – https://youtu.be/0w38e9hdtZU?t=1411
Read – https://hackread.com/smart-cars-dumb-passwords-auto-industry-weak-passwords/
🇦🇺 Australia Ransomware Disclosure Law
Watch – https://youtu.be/0w38e9hdtZU?t=1688
Read – https://www.darkreading.com/threat-intelligence/australia-ransomware-payment-disclosure-rules
🧑💻 Gen Z and Passkey Adoption
Watch – https://youtu.be/0w38e9hdtZU?t=1779
Read – https://www.androidauthority.com/google-scams-survey-gen-z-passkey-3563937/
🌪️ Threat Actor Naming – Periwinkle Tempest
Watch – https://youtu.be/0w38e9hdtZU?t=2100
Read – https://www.microsoft.com/en-us/security/blog/2025/06/02/announcing-a-new-strategic-collaboration-to-bring-clarity-to-threat-actor-naming/
🪑 Blender File Malware Warning
Watch – https://youtu.be/0w38e9hdtZU?t=2497
Read – https://www.reddit.com/r/blender/s/FSyggEQlic
💸 WhatsApp £8k Job Scam
Watch – https://youtu.be/0w38e9hdtZU?t=2680
Read – https://www.reddit.com/r/Scams/comments/1koqxhw/uk_unfamiliar_scam/
📱 Meta AI on WhatsApp
Watch – https://youtu.be/0w38e9hdtZU?t=2856
Read – https://www.meta.com/blog/whatsapp/introducing-meta-ai-in-whatsapp/
Missed the episode? Watch it below!
Transcript -
Anthony Davis (00:02.091)
Welcome to the awareness angle where we break down the latest cybersecurity stories and look at what they really mean for awareness, behavior and staying safe. I am Ann Davis and with me as always is my co-host, Luke. How you doing, Luke?
Luke (00:18.136)
Yeah, really well, thanks. How you doing?
Anthony Davis (00:20.673)
I'm I'm good, thank you. This week on the podcast, we talk about InfoSecurity Europe, which I went to yesterday and was pretty awesome. Lots of tales to tell about that. The North Face and Cartier face new cyber attacks. &S have got some more financial troubles. We've got Microsoft, we've got Signal, we've got not so smart cars, and lots of other news stories coming on this week's episode.
And please remember this is an independent podcast. Our views are our own. So if we say something you don't like or don't agree with, blame us, not the people that pay us. Right. I'm going to jump straight into this, cause like a shaken bottle of fizz, it's hard to keep the lid on. We're an award-winning podcast. We went to the European Cybersecurity Blogger Awards.
last night hosted by Kenzie PR and marketing and post conferences. And guess what? We won. We won two. Like it's mad. So you are now listening to the best back to basics podcast. That's the award, the podcast one. And I won for contributor of the year as well, which was shocking.
Luke (01:28.27)
That's crazy.
Luke (01:42.926)
Congratulations again. We joked about it that we would win but it's actually happened.
Anthony Davis (01:44.291)
Thank you, congratulations to you.
I tell you, I was there. Okay, I've got some pictures and some stories to tell, but essentially we were there and it's quite strange. let me dive straight in, okay, hang on one second. So I was there and I had Graham Cluley come up to me. I was like, Anne! And I'm like, what? You know who I am? I was like, wow.
And he's like, yeah, let me take your picture. And I'm like, no way. So yeah, there is me with Graham and Mark from the AI fix podcast, which was amazing. This was pre awards and then, and then the awards. Hang on. Who else did I mean? I also met this guy. So if you're watching, there's a picture of me and Javed Malik. We'd never actually met before. We'd been in the same room before, but we'd never actually met before.
What a lovely guy he is. So that was awesome. And then they announced the awards and the first award, which was the best newcomer award, Mark and Graham won for their podcast, the AI fix. I was like, ah, you know, that's kind of, that was the one I thought we stood the best chance in, if I'm honest. That was the one I was edging my bets on. So it was like, oh, okay, well done. Yeah. Nice one guys.
Love a bit of that. And then it came around to Back to Basics Award and we were up against like NCSC and people like that on that one. And we won and I'm absolutely speechless. Like, my God, couldn't believe it. And there's actually a picture of me here. Have I got it here? There's a picture of me on the stage with my jaw on the floor. Just like the biggest beaming smile. And then when it came around to contributor of the year up against
Luke (03:28.494)
Okay.
Luke (03:39.854)
Thank
Anthony Davis (03:46.487)
Graham and Javid and Dan and loads of other people, like really well established names that have been doing this for years. Absolutely shocked that it was me. yeah, it's amazing. yeah, just absolutely shocking. Didn't really expect it to happen at all. So if you are watching on YouTube, there's a picture of me with a big beaming smile with both awards.
Luke (04:00.078)
like you didn't pass out. Feint from the excitement.
Luke (04:13.902)
.
Anthony Davis (04:15.139)
which was absolutely insane. So thank you to everybody that voted for us and for me. Yeah. Yeah. What are we, what is this episode 33? you know, yeah. And the amount of people that, that we saw. So let me just go on. I've got a couple more selfies. I've got to say, give this guy a shout. Hayden, Hayden there.
Luke (04:20.866)
Yeah, thanks. It's amazing.
Anthony Davis (04:43.235)
walking past the Nova 4 stand. And it was like, ah, and I just heard someone calling my voice. And there is Hayden. So, lovely, lovely to meet Hayden, which was always good. And had a great old chat with him and he came along to the awards as well. was like, oh my God, thank you for coming. That was lovely. So Hayden Taylor at Nova 4. If you're interested in looking at Nova 4 products, reach out to Hayden because he's a guy at Nova 4. Thank you, Hayden.
And Hayden also gave us a couple of little know before Lego fishermen. He gave for the kids as well. So sorry, Luke, they're not for us, they're for my kids. So yeah, so thank you, know before. Thank you, Hayden for all your support and coming along and being there at the awards. That was amazing.
Luke (05:21.464)
That's right.
Anthony Davis (05:35.041)
Who else did I say? I spent ages just to give him a worthy shout out. Spent ages with Simeon from Vivida. So there is Simeon at Vivida. Big, big fan of what Simeon's doing and Simeon was there and kept me company for a long, long period. Yes, obviously you couldn't make it Luke, which is, you know, it's a long way for you. get it. So yeah, Simeon kept me company, which was awesome. So thank you to Simeon as well. Who else did we see there?
so many people, Oz and the cyber safe team, always good to see them. Andrew Rose from so safe. And we're to get him on the podcast. in a few months when we start recording more interview episodes. So that'd be interesting. Andrew's got a really interesting background as well. Simeon is going to come on as well. and Lucy, Tim and Phil, the red flags thing, cyber sort of them haven't seen Lucy in ages. So was amazing.
Luke (06:18.264)
Yeah, that's cool.
Anthony Davis (06:32.119)
catch up with her, Dan Rayward, who I think we've covered some of his articles. You know, he writes for SC Media and writes all about cyber. And I'm sure we've talked about some of the stuff he's reported on. Do remember Visha that we looked at a couple of episodes ago? So I Enrico from Visha and Matt, who's founder, co-founder of Cdata, who are building Visha. So was great to meet them.
Hazel and Gemma from the Flubble Gobble. we've talked, Gemma came up to me and we're like, we need to do a pod off. So it's like, okay, let's see what comes with that. So we met the ladies from the Flubble Gobble, Vodcast. And then you might have noticed if you're watching our video, you might have noticed what I'm wearing, a B Unboring T-shirt. So this was actually sent to me before the show, but Kelly and Sarah and Eleanor from Unboring.
Luke (07:08.11)
Thank
Anthony Davis (07:28.917)
sent this to me, which is awesome. So I had a good old catch up and chat with those as well. They're obviously, you know, trying to change cyber marketing. And our episode, our interview episode with Sarah is out this week. Came out, it's the previous episode to this in the episode feed. So go listen to that. And it was always good to catch up.
Luke (07:46.766)
Yeah.
Sounds like you a lot of
Anthony Davis (07:53.027)
It was, yeah, yeah, it was good fun. Let me just run through. I did get some swag. So smashing security stickers, Graham managed to give those to me. He's like, I'll have some stickers. I was like, oh, I don't have any awareness angle stickers, but I do have awareness angle business cards. So gave him one of the business cards we've got. He was like, ooh, rounded corners. like, yeah, so it was, we kind of swapped. We're gonna have to get some stickers done, Luke. We'll have to get some stickers.
Luke (08:21.496)
Yeah, for the next event.
Anthony Davis (08:22.919)
I got a bunch of stickers from the day before. Stickers are quite nice. Don't feed the fish. I got these. Do you know what the bad thing about these stickers are? These are awesome stickers. Hackers hate me in a kind of retro wave one. Threat level midnight. They've got no company names on. We've spoken about this before. You make merch. I've got no idea what stand I stole them from. So your merch isn't really working. What else have I got? These, these were, these got talked about.
Luke (08:41.336)
Ryan.
Anthony Davis (08:52.757)
Cybersafe have, Cybersafe have tote bags that say send nudes, but it's actually nudges. Apparently that originated from a genuine mistake, a genuine misspelling. yeah, send nudges is cool. I got some Cybersafe socks as well that say full of BS on that's like, love it. Really quickly NordPass, NordPass, if you'd like to sponsor our podcast, you'd be a really good sponsor for our podcast.
Luke (08:55.381)
Thank
Luke (09:00.686)
Yeah.
Anthony Davis (09:22.365)
And I use NordPass as my personal password manager. So I recommend it personally, but I got a lovely bottle thing there. I'm going to make sure I share this clip on LinkedIn and see if I tagged them. They want to have conversation about sponsoring the podcast.
Luke (09:26.933)
Thank
Luke (09:40.672)
never know reward waiting out so
Anthony Davis (09:43.203)
Award-winning podcast. I went afterwards. I went to cyber house party. This is a cool t-shirt. You had to pay to get in, which is an award winner. I thought was not great, but it was fine. I had to pay to get in, but the drinks were free and they had, this is a really good awareness tip, okay. They had free cocktails and there was encryption on the beach.
which was a sex on the beach, tells you the ingredients, tropical encryption, no back doors allowed. And then there was Zero Trust Mojito, nice that, Zero Trust, full refreshment, no exceptions. And then there was Peanut Exploiter, which was a peanut collada. If you like lateral movement and getting caught in the rain, caught in the clouds, sorry, if you like.
if you like lateral movement and get caught in the cloud. So that was clever. Those socktails were served by RiverSafe three steps ahead. that was nice. Stand of the day, I have to admit the stand of the day was TORQ. They had an amazing video wall and it was all dark and lots of bright vibrant colors. So TORQ saw is dead. TORQ was awesome. So that was nice.
one company, that I might get on the podcast in a future episode was a company called date ambit, that were in the startups section. So they're building a built for image, audio and video deep fake detection. So it's really interesting to see how that works. They're doing some stuff with them, the government as well, home office. so they've, they've achieved city of London corporation AI innovation challenge.
Luke (11:32.75)
Sounds interesting.
Anthony Davis (11:41.539)
Home Office Deepfake challenge. So it looked really, really interesting. How it all clues together. That's what I'm interested to see. So we'll have a chat with them. Yeah. So talk, thank you. This was good. It says here, if I post a picture of this on LinkedIn, I can get a talk cap. So let's see if I can get a talk cap. That's cool. Yes. So that was it. As far as.
Luke (12:02.968)
Yeah.
Anthony Davis (12:10.667)
Infosec Europe goes, it was way better than last year. And I've chatted to a couple of people, they were like, yeah, this is really good this year. if you were on the fence, cause last year just felt a bit, I don't know. There was still some notable absences. Maybe a couple of companies that are too big, they don't need to advertise or whatever, like CrowdStrike weren't there this year. They weren't there last year, but were there. They used to turn up with F1 cars.
Luke (12:38.658)
Yeah.
Anthony Davis (12:39.395)
I won't really missed there was lots of them lots of really good companies and really busy every my badge only got scanned twice, which was amazing as well. Like normally, people are just trying to scan you before they're even talking to you. So was really nice. People were more interested in the conversation than you know, scanning your badge. So yeah. Yeah, yeah, it was. Yeah. So thanks to I just
Luke (12:53.582)
you
Luke (13:00.334)
Yeah, that sounds really good.
Anthony Davis (13:08.087)
Just it's probably worth saying thanks to Eskenzi for sorting out the awards and for arranging those. was really, really good. Clive from Pulse Conferences, what a character, what a guy. I've not met him before, but he was awesome. Yeah. And if I've missed anyone, I'm really, really sorry. Jenny Manley from the security company. We bumped into each other. Yeah.
Loads of people. the rest of the Favida crew as well I met, which was awesome. So big shout out to them. Yeah. That's it. Right. Infosec Europe 2025 done. We've walked out with two awards.
If you're watching on YouTube, there's the two awards, two awards, two awards. Yeah.
Luke (13:57.71)
Yeah, they all real.
Anthony Davis (14:01.889)
Right, shall we, if you're listening for news, shall we get on with the news? We're 40 minutes in, Yep, okay, right, let's do the news.
Luke (14:07.374)
Yeah, the speed for going through this.
Anthony Davis (14:14.539)
Okay, shall I do the first one? Okay, so this week, the latest names to be impacted by cyber attacks, the North Face and Cartier have become the latest retailers to fall victim to cyber attacks. In April, the North Face experienced a credential stuffing attack. That's where hackers use previously exploited
Luke (14:17.302)
Yeah, go for it.
Anthony Davis (14:44.803)
credentials that are available from previous breaches. And they basically stuff them into websites. And they did that on the North Face to access 3000 customer accounts. The compromised data includes names, emails, shipping addresses, purchase histories, and in some cases, dates of birth and phone numbers. No financial information was breached, but the company has disabled the affected
passwords and has advised customers to create new unique ones. If you're thinking, how does someone sit there and type in 3000 usernames and passwords? No, it's all automated happens very quickly. It's one of the really old technique that everyone suffers from all that all retailers have the all websites, know, credential stuffing is quite straightforward, I think for an attacker to do. Cartier.
Luke (15:38.616)
Yeah.
Anthony Davis (15:43.501)
They reported that an unauthorized party temporarily accessed its systems. They got popped, someone was on their network, obtaining limited client information such as names, email addresses, and countries of residence. They say that no passwords or financial data were compromised and they've since enhanced their system protections and notified the authorities. So that's them.
These are obviously all connected to all of the retail attacks that seem to be happening at the moment, which leads us nicely onto the next story. Do you wanna take that one?
Luke (16:23.266)
Yeah, so again in the news, &S, Marks & ITV News reporting this unprecedented customer lawsuit over the recent cyber attack and data consequential data breach of it. Yes, it says here how a Scottish law firm, Thompson Solicitors, has opened up a glass action lawsuit all because of the personal data that's been breached.
and guess a suspected failing of &S protecting that data. So yeah, it's even more cost for them, unfortunately. And I still don't think they're back on up and running fully yet, are they?
Anthony Davis (17:10.113)
No, so July apparently is when we expect that to happen. That's what this statement said. But it just goes to show it, doesn't it? your loss of earnings, a potential fine from the ICO, depending on what happens with that. And now a law firm's class action lawsuit.
Luke (17:14.894)
Yes.
Luke (17:32.536)
Yeah, it's never ending for them at moment. Yeah, it says about how more than 350 people have joined it. And yeah, guess they put here it was the responsibility of &S to protect the information and they failed completely to do so. Which, yeah, I don't know. We'll see how well this goes, I guess.
Anthony Davis (17:52.813)
Yeah, yeah.
Anthony Davis (17:57.375)
It's a worrying trend. These class action lawsuits, you know, didn't we, did we talk about one a couple of weeks ago where users were going to hit like 70 pounds each or something like that for these happen with different things. I think it was. Yeah. Yeah.
Luke (18:10.614)
yeah that's a lot and every jumps on it I guess get some money out of it but yeah it's interesting says here as well that &S haven't received any claims so I don't know what's going on really I'm sure we'll know more
Anthony Davis (18:16.193)
Yeah, yeah.
Anthony Davis (18:28.099)
No. Yeah. I mean, that story, it's definitely a genuine story. comes from ITV news, is probably reported in more places. So it's probably a trusted source as well. So, yeah.
Luke (18:36.558)
Mm.
Luke (18:43.97)
Yeah.
Anthony Davis (18:46.179)
Yeah. Right. I'll move on to the next one. Microsoft have announced that starting in August this year, I think they announced this a little while ago, but it kind of passed me by. Microsoft have announced that starting in August, all saved and generated passwords stored in the Microsoft Authenticator app will be deleted. So this is Microsoft's transition towards a passwordless future, which they should be applauded for.
but they're encouraging users to adopt pass keys and other secure authentication methods. So users who rely on authenticators auto-fill feature should back up their credentials promptly to avoid losing their accounts. Now this is interesting and I noticed this because I use Microsoft authenticator and when I opened it up, it comes up with a message saying, auto-fill via authenticator ends in July, 2024.
This says, so that's different. Now it's interesting because I use, it doesn't make it clear.
Luke (19:46.51)
All
Anthony Davis (19:58.987)
I use it as an authenticator, but there is, it is a password vault as well. And I think it's just the password bar that's going. I don't think it's the authenticator, it does make.
Luke (20:04.323)
Yeah.
Luke (20:11.032)
yes seems to be the password surprise because not every site i don't think support passkeys i guess you just telling you to export your passwords and i guess find a new password manager
Anthony Davis (20:13.695)
Yeah, so
Anthony Davis (20:20.643)
No.
Anthony Davis (20:29.185)
If you're in a business that uses Microsoft Authentic, it's probably worth properly looking into this and finding out what's happening.
Luke (20:35.116)
Yeah, definitely.
Anthony Davis (20:41.091)
Okay, move on to the next one. Do you wanna take it out?
Luke (20:44.344)
Yeah, Windows Recall again in this one. So Signal, the messaging app, have basically come out and said that they're blocking the ability for Recall to capture private chats with their own platform. I'm surprised this might be the only company that's probably going to start doing this.
Anthony Davis (20:49.047)
Windows recall. Hello friend.
Anthony Davis (21:14.019)
was just gonna say and so it begins.
Luke (21:16.48)
Yeah, so obviously it recalls the Copilot AI power tool that captures your screen and helps you, supposedly helps you search all your history with I guess some visuals and yeah, they're blocking it.
Anthony Davis (21:34.935)
This was flagged, wasn't it? When we talked about Windows recall previously, the fact that if you delete WhatsApp messages from WhatsApp, that they don't get deleted from recall. So it kind of, even if you delete stuff, it stays in recall. So that's probably why Signal have done this. Yeah.
Luke (21:47.224)
Yeah.
Luke (21:56.142)
Yeah, this is about how... Well, essentially, potentially using DRM, which is... Or something similar, which I guess is like, on Netflix and other platforms where you just get a black screen when you're trying to screenshot. It says it may affect accessibility features like screen readers, which is interesting. Yeah. I mean, it's a good move, I think, at least having...
it on by default personally and maybe tell people that it's on but yeah I mean just ton of recall to be honest
Anthony Davis (22:36.371)
Yeah, it's a good move from a privacy perspective, definitely. Wearing a privacy hat 100 % is a good move. So yeah, well done, Signal, for being the first to pitch your tent in that field.
Luke (22:48.278)
Yeah, think a lot of people won't.
Luke (22:54.326)
yeah imagine a lot of garvid users wouldn't think about the apps that recall will be capturing
Anthony Davis (23:02.369)
A lot of the average users won't even think about recall. Like it will just be there as a feature. And that's why it's really important we tell people about these things because they'll just over the next couple of years, buy a new PC and it will have it on it. And you know, they won't know how to turn it off because it won't be obvious or may not even be really, really easy to turn it off. And they will just become a thing that we accept as being okay when sometimes it isn't okay, people should get the choice.
Luke (23:05.675)
Yeah.
Luke (23:29.166)
Yeah.
Anthony Davis (23:31.704)
Yeah.
Right, we'll jump on to the next one, which is smart cars, dumb passwords. So a recent study by NordPass, hello NordPass, sponsor is NordPass, that'd be nice. A recent study by NordPass and NordStella reveals that the automotive industry is plagued by weak reused and common passwords. Do you wanna guess one?
Luke (24:00.96)
1234 0000 password
Anthony Davis (24:01.239)
Have a guess.
Anthony Davis (24:05.155)
one, two, three, four, five, six. You were there first time. Passwords like one, two, three, four, five, six and capital P at sign SSW zero RD. passwords like this leave cars and critical systems vulnerable to cyber attacks. So the analysis by NordPass and NordStella reviewed 2.5 terabytes of data.
Luke (24:18.318)
you
Anthony Davis (24:34.723)
2.5 terabyte database of credentials from sources, including the dark web. And it highlights how manufacturers, suppliers and dealerships often use passwords like that, which puts valuable data and the whole infrastructure at risk. There's also complete lack of MFA. So yeah, the key points on this password hygiene. When you get a new car, why not like what?
I've got like a newish car. Why, when I get it, am I not asked to set a password? Like I cannot drive my car without getting rid of the terms and conditions screen. Why, when I get it, do I not have to set a password that meets a certain criteria? And then we'll go, when you sell it, if you don't pass the password over, then have a way to completely reset everything. But when you reset it, it wipes everything. Like it should be possible. MFA is another one. Like people typically drive with
Luke (25:26.616)
Yeah.
Anthony Davis (25:34.179)
the phone, CarPlay, Android Auto, that could be something that you could do, a passkey, do you wanna sign into your car, tap on your car, like phone. Yeah, it's just another example and it's not just EVs. We posted a video a few weeks ago, I posted a video on TikTok a few weeks ago and it was a clip where we were talking about cars being hackable. And they were like, it's not just EVs, it's, you know, even,
Luke (25:59.704)
Yeah.
Anthony Davis (26:03.775)
normal petrol diesel cars now have all the tech in that still has it. They're all connected, know, only if you're buying like the, you, if you're buying at the lower end of the market is your vehicle not connected and even then it's probably connected in some way. So yeah, really consider your car. I got a lone car, my car had to go in and have some warranty work and I got a lone car.
Luke (26:08.672)
and they're very sophisticated now they have computers on board
Anthony Davis (26:34.115)
and the car they gave me, I went to connect the carplay and it said there's already five, there's already six devices connected, maximum of six devices are in the car radio. So I deleted one and connected mine, but what I did before I dropped it off was made sure I removed mine. But there was five other devices in there, a list of addresses all in the sat nav. And it was like, wow, this is, you so if you hire a car, get a lone car.
Luke (26:41.038)
You
Luke (26:50.391)
Yeah.
Luke (26:59.95)
All the hire car companies That's crazy
Anthony Davis (27:05.548)
There was a story and I'm digressed a little now, but I saw a story about a guy who had his car stolen. I don't know if I mentioned this in a previous podcast. A guy had his car stolen. was like a unit. I think it was a Honda Civic Type R or something. And he loved his car and he had it stolen. a few weeks he was looking for insurance paid out and he wanted the same car again, because he loved it so much. And he saw one that looked identical.
He was like, yeah, that'd be amazing. Different reg number. I'm sure it different. It must've been a different reg number. And he bought it. And apparently when he was driving it home, he noticed a 10 peg in the door pocket and he's had a 10 peg in the door pocket. And then he went to type his address in the sat nav and he's like, all these addresses were in the sat nav. He bought the same car back from a dealer and the dealer was unaware, but like somehow it had churned around and he bought his old car back.
Luke (27:47.214)
Yeah, I saw this.
Anthony Davis (28:03.587)
It was like what the mad he bought his stolen car back without even realizing. Anyway. Yeah. Next story.
Luke (28:08.174)
That's crazy.
Luke (28:12.214)
Yeah, next slide we've got is Australia begins new ransomware payment disclosure rules. They've enacted the cyber security rules 2025 and they're mandating that businesses move a certain threshold of turnover, which is 3 million Australian dollars. I'll support any ransomware payments to the Australian Signals Directorate.
directory within 72 hours. And yeah, this report must detail the instance impacts, type of ransomware variant used, what vulnerabilities were exploited, and any communications with the attackers. Sounds like a lot that you may not be aware of in the first 72 hours, yeah, so it aims to improve national cyber security resilience and transparency.
Anthony Davis (29:10.659)
It's interesting, isn't it? Because I know they're talking about potentially making, in the UK, they're talking about making the payment of ransom illegal. And this this transparency is almost a different way of doing it. Like, no, you can pay it. You just have to tell us, make it public. I don't know how I feel about this. It's interesting though. And I gather any company, I gather any company, any...
Luke (29:20.045)
Yeah.
Luke (29:29.55)
Yeah.
Anthony Davis (29:38.687)
like a UK company operating in Australia would probably have to comply by that rule.
Luke (29:46.286)
possibly. Yeah, it's an interesting one. I don't know what other countries have in that sort of similar space, I don't know.
Anthony Davis (29:47.107)
Yeah.
Anthony Davis (29:52.331)
Yeah.
Anthony Davis (29:58.419)
No, it's a different way of doing it. Like rather than just saying you're not allowed to pay a ransom. people I've spoken to about that, there are mixed feelings around how effective that would be. Like I know some people have been like, some people feel that it will lead to more briefcases full of cash behind, know, like in the back alleys at night and that kind of thing. It will lead to more kind of dark trading of ransom.
Luke (30:03.95)
you.
Luke (30:26.926)
Yeah.
Anthony Davis (30:27.989)
Yeah, no, no, you can pay it. But have to tell us. And if you don't tell us, I imagine you'll be fined lots of money. So yeah, interesting.
Luke (30:36.654)
Yeah.
Anthony Davis (30:43.139)
Right, the next article, I think is a strange one. Google's latest survey shows that Gen Z is leading the charge towards a passwordless future. So older generations still prefer passwords over pass keys or social sign-ins, which is interesting. So Google's been pushing the switch from passwords and 2FA to pass keys for a while.
but their latest survey reveals that a vast majority of users still rely on older signing methods to log into their online accounts. Me included. I'm still multifracture authentication approving the signing of another device. Maybe I'm the older generation now, which makes me sad. so most older US users, including Gen X baby boomers and millennials. Can we please say what decade they're born in rather than
Luke (31:32.174)
you
Anthony Davis (31:41.983)
using those phrases because I'm none of those technically continued. So most older us users continue to use passwords and two FAA only about 30 % of genetics and baby boomers use social sign ins daily. I social signing quite a lot.
Luke (32:01.166)
Yeah.
Anthony Davis (32:02.599)
but they reckon Gen Z and millennials are more using more advanced authentication tools like pass keys or social sign-ins. Now it's interesting because we've spoken about Gen Z and millennials before, about how they're typically on how they're now seeing to be the most vulnerable to phishing and maybe the least careless about their data.
Luke (32:28.419)
Yeah.
Anthony Davis (32:29.921)
And that's why I reckon they're adopting this because they're not, I don't think they're thinking about it. So I think when they're served it, they're going, yeah,
Luke (32:38.904)
Yeah, for his convenience.
Anthony Davis (32:42.839)
Or because it's like, because it's the user flow is so towards passwordless. They're going through that user flow without even thinking of this would be quicker and easier shoved under their noses and their click happy maybe. Whereas your older generations are a little bit more suspicious of anything new. So they're like, I don't understand it.
And we've spoken about this before. This is probably where the awareness around pass keys and what they actually mean and the communication around pass keys has been a bit rubbish. Really? Like, tell me how it all sticks together. How does it work?
Luke (33:26.273)
I think the only reason they've really started pushing it. But yeah, it doesn't particularly explain it too well when you are prompted to make on it to kind of ask you to create a task instead.
Anthony Davis (33:39.543)
Yeah, yeah. I know on the, on the Google screen when it offers it. So when you go to sign in, it comes in with a big screen that says sign in faster. And then it says with pass keys, your device will simply ask you for your windows pin or biometric and let Google know it's really you. Only create a pass key if this is your device, not now in just plain text or continue in a big blue button. So it's, it's really shoving it under their nose. And I reckon
You know, it's not that this generation is more secure or more security savvy. I reckon it's actually the UX is good and they're just click happy. Yeah. Yeah. What it highlights is we need to do, everybody needs to, cyber security month in October, everybody should be talking about pass keys.
Luke (34:18.488)
Yeah, just clicking for it,
Luke (34:33.196)
Yeah, I'm sure people will.
Anthony Davis (34:35.319)
Yeah, I think that's, that's the topic for October.
Luke (34:37.326)
they aren't already. Well, you've probably got to convince a lot of people to still move over.
Anthony Davis (34:44.653)
Yeah, yeah.
Right, that is this week's news. So, next tonight, did you wanna take this one, Luke? Do you want me to take this one?
Luke (35:00.618)
I can start it. Yeah, so it means it's more of a threat-related type thing of this new strategic collaboration between Microsoft and CrowdStrike of aligning threat actor naming. Because obviously up until now it's all been X, Y and Z and you never know really who's who because there's no consistent aligned naming scheme across these vendors.
Anthony Davis (35:02.339)
Go on.
Anthony Davis (35:25.379)
It's kind of felt like the world map hundreds of years ago when the first person to discover the island can name it after them. Like, I've discovered you. I'm going to call you Ant Island. You know, it's like, yeah.
Luke (35:34.638)
Hmm. Yeah.
Luke (35:40.686)
But yeah, so they say that this is making it and slower for the defenders to and your aims to reduce confusion by publishing this joint aligned sort of alias map because obviously there's yeah different vendors where you have different names for these threat actors and they say that the goal isn't to create a universal standard but just to help security teams understand and correlate and
respond to these threats faster and it says about how other vendors like Google and Palo Alto Networks are expected to join in as well. There's obviously all these fractors and hacking groups out there but they're known as various different names so yeah it'd be interesting to see what their final product of this sort of looks like. They've got like a web page for it but it's not the um like the first version is not the most consumable.
version.
Anthony Davis (36:40.323)
I was gonna say this is crying out for a sexy website and it's not there yet. It's like buried in a Microsoft defender unified SecOps platform web. But I like what they're doing with this.
Luke (36:46.456)
there.
Luke (36:57.624)
Yeah, so it's, you can see here, know, aligning it with the theme of weather.
Anthony Davis (37:03.255)
Yeah, let's zoom in on that. So we can see Blizzard Typhoon, Blizzard Russia, Typhoon China, Sandstorm Iran, Sleet North Korea. And then if we go down, there is flood influence operations, storm groups in development, Tempest financially motivated, tsunami, private sector offensive actor, Lightning,
Luke (37:06.508)
different countries.
Anthony Davis (37:32.291)
Palestinian Authority, Tornado USA. So they've got some examples down here.
Amethyst rain from Lebanon, other names volcanic timber and volatile cedar. Antique Typhoon China, other names Stormo 558. So we can see like some of these if we look at Brocade Typhoon also known as Boron Gothic Panda UPS, APT3, Old Carp, like this is why it's needed, right? They're known by like seven different names.
Luke (38:09.422)
Yeah.
Anthony Davis (38:13.217)
So, some of the names are interesting. Caramel tsunami sounds like something you get on a dessert menu. Can I, can I have one caramel tsunami please? yeah. And a cinnamon tempest.
It sounds like a Heston Blumenthal menu, but it's good that we're standardizing it, right? And it would be, it would be CrowdStrike that's working on this because they love their, they love their names. can see if you're watching on the camera, you probably can't see it because you crop this, don't Yeah. That said goodbye, Wizard Spider, because Wizard Spider won't be anymore.
Luke (38:32.59)
Yeah.
Luke (38:52.512)
No, yeah, they'll be known as periwinkle tempest is what it says
Anthony Davis (38:53.356)
No.
Anthony Davis (38:59.619)
Is that actually what it is? wow.
Luke (39:02.444)
Yeah.
Luke (39:07.01)
might have set some of these groups of their names.
Anthony Davis (39:10.374)
I don't want to be Perry Winkle. Who are you calling Perry Winkle Tempest? That's amazing. It is Perry Winkle Tempest. I wonder what the action figure chat GPT design me a bad guy called Perry Winkle Tempest. I'm going to ask that actually and we'll come back to that in a minute when it's generated that picture. Generate a image of a cyber criminal with the name.
Periwinkle. Tempest.
Luke (39:45.254)
a couple of things from this is something to think about is it should help tools from different companies work together having this shared database of different names and you want to share with your infosec teams
Anthony Davis (39:58.371)
Hmm.
Anthony Davis (40:03.299)
There was even some confusion around scad spider wasn't there and dragon force and stuff like that.
Luke (40:08.682)
in the news stories, especially. It sort of got blurred into the same people.
Anthony Davis (40:11.415)
Yeah.
I think this is as well, when you've got, when something gets so big and maybe you've got non-cyber people reporting on it, that's where the confusion comes. When you've got like people like Dan Raywood and Joe Tidy and people like that that are immersed in this space, they know the names and know who the threat actors are. But when you've got someone that would normally report on,
retail statistics, all of a sudden talking about cyber attacks, maybe that's where the challenge is coming.
Luke (40:45.368)
Yeah.
But yeah, it's interesting. got the first versions out available. Let's have a look at.
Anthony Davis (40:56.237)
We'll put link to that and everything else we've talked about in the show in this week's newsletter. Have I told you about the newsletter? The newsletter is available on LinkedIn and in your inbox and essentially contains details of everything we talk about on the show, links to all the articles and links to the conversation as well. So if you just want to find one part of the conversation, you could do that to get the newsletter.
You can go to LinkedIn and search for the awareness angle or me or Luke and you'll find it. Or you can go to riskycreative.com and there you can sign in and sign up for the newsletter. ChatGPTs let me down. It's come up with a man in a hoodie for Periwinkle Tempest. So.
Luke (41:48.878)
Oh no. Just... you stare at it and it will go back up.
Anthony Davis (41:52.888)
stereotypical Aga. Imagine that person as a superhero.
Anthony Davis (42:02.221)
Villain, superhero, villain, evil creature. Come on, you can do better than that. Right. Moving on, awareness, awareness. Next week, when does this episode come out? This episode comes out, so this week, if you're listening to this, when it comes out on the 9th, this week on the 12th, I am on the Future of Cybersecurity Virtual Conference.
It's a cracking lineup. Marcus Hutchins, the man that saved the internet. He is on there. He is the man that stopped WannaCry from spreading and killing the internet. Holly Foxcroft, Lee Morton is there as well. And me doing a bit of a talk about a time when my environment got breached and storytelling. So that's it.
going to be a good session. It's free. It's online. It's virtual. You can do it from the comfort of your own home. So yes, sign up links are in the newsletter and in the show notes.
Luke (43:12.686)
we have to have a watch of
Anthony Davis (43:16.439)
Yeah.
Right, shall we move on to the comments section? Got a few comments this week. So StealthZi7465 commented on last week's episode and where we talked about Windows Update rolling other software into Windows Update. So Windows Update will update all.
most of your software on your desktop. They pointed out, said, yeah, the problem with auto windows updates is when drivers cause issues, it's gonna be a nightmare. Microsoft really need to stop putting people, really need to stop people putting in run commands or at least a warning. I think that was a separate comment, maybe.
Luke (44:08.768)
Yeah, it's included. same.
Anthony Davis (44:09.739)
Yeah, yeah, so yes, Windows updates when they break and they do break, that's gonna be a nightmare. So it does increase the chances of them breaking. And then the other one was talking about the win plus our shortcuts that, you we talked about fake captures and other phishing campaigns. Microsoft need to stop people putting in run commands or at least a warning like,
Luke (44:16.536)
Mm-hmm.
Luke (44:24.514)
When I am.
Luke (44:38.626)
yes president
Anthony Davis (44:40.599)
We did talk when we were discussing that we suggested that maybe it could run like it has a sandbox, right? So maybe it could tell you what it's going to do just to give you some transparency. Like this command is going to change the integrity of your device. Are you sure you wish to run it?
Luke (44:58.124)
yeah remember when user account control sort of first became a thing on windows the annoying prompt for admins but yeah that sort of thing where it's about like are you sure you want this app to or this software to make a change on your computer i'm it doesn't do that
Anthony Davis (45:18.935)
Yeah. The only time I ever see that now is when I'm installing something new. Maybe like if I'm installing a new program, it asks me. That's the only time I really see it. used to be really, really noisy, but
Luke (45:19.086)
Yeah.
Luke (45:30.144)
Yeah, it might be a thing that you've off a bit, yeah.
Anthony Davis (45:40.397)
We talked about chat GPT solving the terms and conditions problem. I shared that on TikTok, had a whole bunch of views. And someone's come back and said, the problem is that you have to be careful to use clever prompts to avoid hallucinations. It's quite funny. There's been times when I've asked it to review, to give me some info on a cyber news story or something. And then it's given me a response, which I know.
contains inaccuracies. So I'm like, I just say, are you sure? Or can you verify that? Or are you sure that's what's happened? And quite often it will go, no, sorry, I dropped the ball there. Here's what actually happened. And it will tell me the truth. it's, it's yeah, if you ask it to verify, then quite often it will check its own homework and realize it's
Luke (46:11.565)
Yeah.
Luke (46:26.446)
Be careful
Luke (46:33.792)
Yeah, maybe that's the trick.
Anthony Davis (46:39.779)
Got some more comments on TikTok. We got something wrong, which I haven't addressed until now. We talked about Windows 10 not going out of support. It is still going out of support apparently, but they're extending the support of M365 apps. It's really weird the way they're doing it. I'll look a bit more into that and bring that back next week. It still wouldn't surprise me if they extended Windows 10.
Luke (47:09.902)
Yeah.
Anthony Davis (47:10.657)
Yeah, with regard to chat GPT, three headed monkey on TikTok says I recently uploaded a business company's house end of year taxes word doc and asked it to tell me how the business is doing. I was considering a job there, but chat GPT informed me they were on the verge of closing.
Luke (47:31.15)
Well.
Anthony Davis (47:32.067)
Okay.
I just asked chat GPT to scan the top 100 websites globally and search for loopholes or questionable pitfalls. Very interesting indeed. Someone else says in this like, just, just, just think about this for a second. I've used chat GPT to check my employment contracts to ensure they are meeting the law, et cetera. It's far easier and cheaper than a solicitor. So as long as they're your.
the contracts of your employment, that's probably okay. think about the data possession, I think is one thing I would say.
Luke (48:14.114)
Yeah, there's smaller businesses out there just using the free version.
Anthony Davis (48:17.495)
Yeah. Here's a really cool one. I used AI on holiday. I asked it to summarize a certain restaurant's Google reviews. It saves time trawling through hundreds of comments.
It's not bad idea.
Anthony Davis (48:43.233)
Yeah, yeah.
Yeah. Someone else did say, when we said, you know, use it for terms and conditions and stuff. Someone said, this is the best use of AI.
and that's had 74 likes. So, well done us. That's cool, that's cool. Right, that is the comments section. We mentioned it at the top of the show, but don't forget the episode before this in your podcast feed or YouTube playlist is our interview with Sarah Carty from, boring. There's the t-shirt. It's not a boring t-shirt. The pink's quite.
fetching as well. I quite like the pink got pink light behind me tonight as well. It's a really good conversation with Sarah, they're on a mission to make cybersecurity unboring.
We talked about everything from drama school, cyber espionage, cyber espionage. Yeah. And how awareness and marketing are fighting the same battle basically to get people to engage and people to care. We talked about, we talked about how there's too much blue, padlocks are everywhere, hoodies should be left in the past. And
Anthony Davis (50:07.011)
how everything's AI powered. And it was funny yesterday, I was chatting with the ladies from Unboring. And we were talking about some of the stands we'd seen and some of the, some of the exhibition displays from different vendors. I'm not going to name any vendors, but there was a number of vendors we discussed and they all went like, they almost got there. Like it wouldn't have been a lot for them to be really unboring and stand out.
The only one that stood out, like honestly, the stand that stood out the most was Torqs, free cap, please. Think Cyber, Red Flags, their stand was amazing because it was made of cardboard. And I reckon you saw that, you? Yeah. It didn't look like it was made of cardboard. And maybe it would have, I was chatting with the ladies and maybe it would have been better if it in part.
Luke (50:51.256)
Yeah, I swore I nicked it.
Yeah.
Anthony Davis (51:05.505)
was even clearer, it looked like cardboard. Like I suggested, like there was a big tear down the centers of exposed cardboard and like the niceness. But it looked really good. And I'll tell you what, it's eco. So their whole thing was red flags go green, which was cool. It's a nice take on it. Cause those things must cost lots of money. And I was chatting with the guys and they reckon that they'll get at least another exhibition out of it. So it's not wasted money. It's good.
Well done. Think cyber. Yes. Okay. I have something I wanted to talk to you about. Let me find the image. I've got the image here. This was sent to me by Hayden Taylor from night before. Hayden is such a good source of stuff. If you're on the internet or you're just existing in life and you see something that tickles your security awareness button, you're like,
I should let them know, let us know. LinkedIn, get in touch. Hello, at riskycreative.com, get in touch. We'd love to hear from you. We'll talk about it. Yeah, get in touch. Hayden received this.
It's an iMessage from thergvgvgvgv
completely free of charge. We can work around your own schedule with as little as 60 minutes of commitment per day. Daily earnings range from 300 pounds to 800 pounds. And we guarantee a monthly income of no less than 8,000 pounds with payments made on a daily basis. If you're interested in this opportunity, please feel free to contact me via WhatsApp. 8,000 pounds a month. Luke, I'm quitting the podcast and I'm going to work for Druby.
Luke (53:17.432)
Mm-hmm.
Luke (53:23.052)
Yeah, I saw something. Maybe it's been the same thing on TikTok or someone shared that they got scammed by something sort of like this. seemed.
Anthony Davis (53:35.779)
Do know what? I've just Googled Kirby and someone posted this very same thing 19 days ago on r slash scams on Reddit. And it says two identical texts today with this and it's exactly the same text. And it says, if you're interested in this opportunity.
please feel free to contact me via WhatsApp. As much as I would love this to be true, I'm looking for work right now. And that's almost just waving my unemployment in my face. Like there's the, like this person's desperate for work. my God, there's a job. And of course the responses say clear scam, red flags, including an unsolicited text, no indication of who they're talking to or why they're interested in your CV. This is most likely a task scam for the offered payment range.
And then the auto moderator, this is really nice on Reddit scams because someone's gone exclamation mark task. The auto mod now comes in and says, hi, auto moderator has been summoned to explain the task scam. Task scams involve websites or mobile apps that claim you can earn money by completing easy tasks such as watching a video, liking a post or creating an order. Very common characteristic, but not exclusive.
is that you have to complete a set of 40 tasks. And it'll tell you that you can earn money for each task. But the catch is you can only do a limited number of tasks without upgrading your account. So you have to pay a fee to upgrade your account. And this makes it a variant of the advanced fee scan. So yes, it's, it's a scan. So
Luke (55:17.528)
Yeah.
Luke (55:22.318)
Yeah, it's the same one I saw of this lady, um... Yeah, fell into this trap. Um... And yeah, had to pay X amount to get the money out that she'd earned and then it just snowballed into like, I think it was like a thousand pounds or something she got scammed out of. Um... I think they were asking for even more at one point and then she realised this isn't... I mean, she must have realised as soon as that thousand pound went but... Yeah, it seems to be going around. Um...
Anthony Davis (55:51.202)
Yeah.
Luke (55:52.216)
people reaching out from HR recruitment teams on like Indeed and LinkedIn is probably another source I'm sure.
Anthony Davis (56:00.855)
Yeah. I had one a weeks ago, didn't I? That was booking.com asking me to leave surveys, leave reviews on booking.com. Like this can't be legit. I'm not making bookings. You're just asking me to leave reviews. And it was silly money for not a lot of work. If it sounds too good to be true.
Luke (56:12.142)
Hmm.
Yeah.
Anthony Davis (56:20.803)
Probably is. Someone on the Reddit, Fred said, 208,000 pounds a year offered to random people they don't even know the names of. Just like think about it, do the math. Who's gonna pay you 208,000 pound a year? Like I don't even think I could get a job that would pay 200,000 pound, not like, but doing an unknown person to do an unknown task for that kind of money. It's too much.
Luke (56:35.31)
Yeah.
Luke (56:51.65)
Yeah.
Anthony Davis (56:52.873)
sounds too good to be true, it probably is too good to be true.
Luke (56:56.012)
Yeah, goes back to the basics. Pretty standard thing that, yeah, probably should talk about a bit more because it's still out there. All these obvious sort of scams.
Anthony Davis (57:00.117)
Yep. Yep.
Luke (57:14.446)
not obvious everybody but
Anthony Davis (57:17.601)
Maybe we'll cover some of the basics in a future special episode. Who knows? We've got a special episode coming up. We don't quite know what yet, but it might be that. I wanted to mention just one last thing really quickly. WhatsApp a few weeks ago launched Meta AI. So in your WhatsApp on your phone, there was a little blue thing that appeared in bottom right-hand corner. And it panicked my mum.
Luke (57:21.858)
Yeah.
Anthony Davis (57:46.327)
when it landed this little blue and purple circle, Meta AI. And it panicked my mum when she got it right, because she didn't know what it was. And straight away she was what she stopped using WhatsApp. She was like, it's AI. What if it can like read all my messages and it knows what I'm doing and then something else happened. And my mum's senses are high up because of what I do, but she checks. But this just caught her completely. It blew it like she was like, I'm not using WhatsApp.
Luke (57:56.376)
Yeah.
Luke (58:10.519)
Yeah.
Anthony Davis (58:16.733)
I'm like, no, no, no, it's fine. It's like, it's not, it's just there. You can ask it stuff if you want to, it's there to help you. It's just another way, Meta are trying to get into your thing. WhatsApp have released an ad campaign this week. And I noticed it, I've seen it on, I think Reddit. I saw something on TikTok, I think. They're like plastering everywhere and it's a privacy campaign around how they can't read your messages. They can't hear your phone.
So clearly I think this has been triggered by they might have seen either a drop in usage or some feedback that people are starting to question if they can trust it. it's, yeah, it's an interesting one.
Luke (58:59.214)
yeah, I saw that on various platforms
Anthony Davis (59:07.319)
Yeah. So, yes, well done Meta for some transparency, but yeah, it's an interesting one. Right. You've got a couple of things to mention.
Luke (59:09.454)
But it's an optional feature.
Luke (59:21.934)
yes as i saw uh... on reddit and in the blender subreddit so the blenders are free open source free these modeling animation tool even a tool these days that has won an oscar with the flow movie so yeah it's getting more popular and gaining traction and yeah this is a new sort of thing that they've seen
Anthony Davis (59:42.199)
Yes.
Luke (59:49.826)
somewhere where malware is being distributed through the .blend file format. So yeah, it's basically a new sort of thing that is being disguised as a 3D chair model. And yeah, it's being spread through platforms like Discord, Fiverr, that's probably being uploaded to some free 3D resource platform as well.
Blender can run Python scripts for add-ons and stuff and as part of this file it can run automatically if you have it set to auto run Python scripts or it will ask you to execute this. I know if it tells you too much more but it just deploys malware, infos dealers on your machine.
be careful if you're a user of blender and you're opening up files and that asks you to run something called you should probably disable the auto running of Python scripts going forward
Anthony Davis (01:01:01.091)
Hmm.
This is the problem, like people shouldn't, you wouldn't expect to see it in a .blend file. We've used Blender in the past. You, you're, I think you're a Blender wizard. You're like, you probably haven't, it's not at all, you probably use every day, but some of the stuff you've done for us in Blender was incredible. And you just don't expect malware to appear in a .blend file. Like you just wouldn't, until today, you probably wouldn't have even considered the file integrity.
Luke (01:01:23.66)
No.
Luke (01:01:32.577)
No.
Anthony Davis (01:01:33.611)
Other than like the standard thing you wouldn't have ever really gone. I better check that. Like if it was an exe, you'd think differently, yeah.
Luke (01:01:43.758)
Yeah, there's like the recent episode we talked about that Word template. You wouldn't think that would be a source for running macros and getting malware, but yeah, it's just crazy. Yeah, there's all these different delivery platforms.
Anthony Davis (01:01:49.283)
Hmm.
Anthony Davis (01:01:54.454)
No.
Anthony Davis (01:02:03.811)
This is one, you know, we talk about role-based training. We talk about marketing teams being, you know, something that people don't consider a risk. Here's one for your creative teams. Yeah, if you've got a creative team out there, this is a great way in to have a conversation with them about the tools they use and the security they have. Because not everyone uses Blender. Like it's no Photoshop, it's not.
Luke (01:02:16.194)
Yeah, creative team,
Anthony Davis (01:02:33.859)
Canva already think, you know, it is more niche, but people do use it occasionally because it is free as well, isn't it? Like it doesn't cost anything. So people will have a dabble. Yeah. No, that's a good one. That's a good one.
Luke (01:02:40.888)
Yeah.
Luke (01:02:50.798)
And yeah, something I saw in Reddit post itself, people were talking about the file hash and metadata for the file and people getting...
the running it like uploading certain things to VirusTotal and stuff and there was this website, triage, but it said tria.ge as a recorded future platform, for free malware sandbox. might be useful for people to maybe not to play around in your business, but it be a platform for home use.
I that was really a thing. they're paid for sort of platforms aren't they? But I guess if you're just like an average user at home, you can use like virus total to potentially check files, but this is another way to sort of analyze a file if you're not sure.
Yeah, it's a free tool. I don't know what the limitations are.
Anthony Davis (01:04:03.715)
Yeah, I saw something just the other day about a similar tool being closed down because it was used by the bad guys to test stuff. But I can't see it now.
Anthony Davis (01:04:26.187)
Yeah, no, can't see it now. I can't see it. So it doesn't matter. But yeah, it's it's the tools like this are really, really, really, really handy. Like technical teams, it is free. Right. So that's always nice. Everyone loves a bit of free recorded future, probably using this to learn from. So it's probably training their tools. So I love the domain name as well. Treeage. T R I A dot G E.
Well done recorded feature. Again, that's a, that's an awesome domain name to snag. It's got me thinking now. And he's there at dot le. Can we get awareness and got dot le. I'm to look at that before this goes to publication, just in case. Right. Was that all? That's, that's all we have this week.
Luke (01:05:09.454)
Thank
Luke (01:05:20.034)
Yeah.
Anthony Davis (01:05:22.243)
Cool. that, yeah, is that everything? Amazing. Right. So watch your .blend files, talk to your creatives. If you're a Microsoft Authenticate user or your companies, you wanna look into that. And if you work in any kind of retail, Godspeed, good luck.
Luke (01:05:24.492)
Yes, that's all,
Anthony Davis (01:05:52.205)
Hold strong. Yeah. One thing, I think one takeaway, if anyone is still listening, is if you work in retail, keep the communication clear, transparent and honest with your teams. We are still safe. Here's what we'd like you to do. Just keep honest, frequent conversation with them. I think that's really important.
Luke (01:05:53.474)
Yeah.
Luke (01:06:18.157)
Yeah.
Anthony Davis (01:06:19.267)
before we sign off, I just wanted to say today, Thursday, the 5th of June. I, we sign up, we're in more countries than we've ever been right now. So just to give you an idea, we have a number one tech news podcast in Latvia, with a number nine news podcast in Latvia. And we're the 84th podcast in Latvia. So.
Whoever's listening to us in Latvia, they're loving us right now. So thank you. Hello in Latvia. Malaysia, we've been like trending. We were number one in tech news in Malaysia for a few days this week. We're currently number three. Number 18 in the UK tech news, which is amazing. Today we are, we're in South Africa, Norway, Ireland, Denmark, Australia, Germany, United States, Belgium, Finland, Netherlands.
Luke (01:06:52.974)
Yeah, I know.
Anthony Davis (01:07:16.565)
United Arab Emirates, Sweden and Austria. So wherever you are in the world, thank you for listening. Do let us know where you are. Get in touch, give us a shout and we'll give you a shout out on the show. We'd love to hear from more of you. You know, we love hearing from Hayden. Always time for Hayden. Ollie gets in touch occasionally. Anyone else out there listening, get in touch. Just even if it's just to say hello.
Luke (01:07:35.694)
you
Luke (01:07:41.346)
yeah, we've to hear some yeah, some real stories from people like it's going on in their country
Anthony Davis (01:07:50.147)
Let us know what you're doing in your world, what awareness you're doing. That'd be amazing. And we'll tell everyone, we'll give you a shout out loud and proud. So that'd be really, really good.
Right, future cybersecurity virtual 12th. Come along, links in the show notes. Come listen to me. If not, that's it. That's the end of this episode from the award-winning podcast. We didn't mention it too many times, but there we go.
Luke (01:08:16.43)
It's gonna be the go-to intro
Anthony Davis (01:08:22.381)
I've already updated my LinkedIn profile. my LinkedIn bio now says on board Winnie. And Luke's got an awesome new LinkedIn profile, which I noticed this week. that's all.
Luke (01:08:27.97)
Yeah.
Luke (01:08:33.566)
I update, we go. I'll update my profile now.
Anthony Davis (01:08:35.691)
Right, update it. NordPass, hi NordPass. Yeah, I bet they do referral codes rather than sponsorship, which is fine. Yeah. NordPass, get in touch. Right, I will speak to you next week.
Luke (01:08:54.926)
going to expect three
Anthony Davis (01:08:56.525)
See you later. Goodbye.