A hacker bursts the bubble of inflatable fetish fans, Hollywood celebrities unwittingly record videos in a Kremlin plot, and there's a particularly devious WordPress-related malware campaign.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Paul Ducklin.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• Fuzzy Duck - Wikipedia.
• Cybercrime author Geoff White demonstrates his NSFW balloon trick at the "Smashing Security" podcast Christmas party - Reddit.
• Rule 34 - Wikipedia.
• We are (temporarily) offline - InflateVids on Patreon.
• Fast Company’s Apple News access hijacked to send an obscene push notification - The Verge.
• Fast Company Hacker on Rogue Apple News Notification: ‘Anyone Could Have Done It’ - Vice.
• The WordPress backdoor with its own backdoor! (And fake CVE numbers, too) - Paul Ducklin.
• Russian influence and cyber operations adapt for long haul and exploit war fatigue  - Microsoft.
• How Zelensky became Hollywood man of the hour - The Guardian.
• Nigel Farage wishes Hugh Janus a happy birthday - YouTube.
• Don Johnson - Cameo.
• Hollywood plays unwitting Cameo in Kremlin plot to discredit Zelensky - The Register.
• Winning hearts and minds - Military Wiki.
• AdGuard Home - GitHub.
• Garmin Edge 130 Plus - Garmin.
• Garmin Connect IQ - Garmin.
• The Thermapen.
• Flat Whisk Stainless Steel Egg Beater Mixer Kitchen Tool - Amazon.
• Small Silicone Spatulas - Amazon.
• 3 Pcs Rubber Jar Gripper Pads - Amazon.
• Marble Dough Roller - Amazon.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

• Push Security – Monitor and secure your entire identity attack surface, including non-SSO identities. Get notified in real-time to vulnerabilities across all your internet-facing identities, and have your staff guided to fix simple issues.
• Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
• Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

This podcast uses the following third-party services for analysis:

OP3 - https://op3.dev/privacy