Código HTML do Conteúdo
Post: Smashing Security podcast #436: The €600,000 gold heist, powered by ransomware
<div>
<div id="content">
<div id="primary">
<main id="main" role="main"></p>
<article id="post-17348750">
<div>
<p>Ransomware doesn’t just freeze computers – it can silence alarms too. And when the Natural History Museum in Paris went dark, thieves helped themselves to €600,000 worth of gold in a daring late-night heist. Meanwhile, developers have a new headache: a worm dubbed “Shai Hulud” has wriggled its way through more than 180 npm packages, quietly stealing secrets.</p>
<p>But it’s not all doom and gloom – unless you count your kitchen appliances turning into ad billboards.</p>
<p>All this and more is discussed in episode 436 of the award-winning “Smashing Security” podcast with cybersecurity veteran Graham Cluley, and his special guest Zoë Rose.</p>
<p>[Episode not found in RSS feed.]</p>
<h3>Host:</h3>
<p>Graham Cluley:</p>
<h3>Guest:</h3>
<p>Zoë Rose:</p>
<h3>Episode links:</h3>
<ul>
<li><a href="https://www.bbc.co.uk/news/articles/cqjeej85452o" rel="nofollow" target="_blank">EU cyber agency says airport software held to ransom by criminals</a> – BBC News.</li>
<li><a href="https://news.sky.com/story/teenagers-charged-over-cyber-attack-on-tfl-costing-millions-of-pounds-13433299" rel="nofollow" target="_blank">Teenagers charged over cyber attack on TfL costing millions of pounds</a> – Sky News.</li>
<li><a href="https://www.sfgate.com/travel/article/teen-arrested-vegas-strip-cyber-attack-21059929.php" rel="nofollow" target="_blank">Teen arrested on suspicion of Vegas Strip attack that cost $100M</a> – SF Gate.</li>
<li><a href="https://www.sortiraparis.com/en/news/in-paris/articles/332360-paris-natural-history-museum-hit-by-cyberattack-cancels-exhibition" rel="nofollow" target="_blank">Paris: cyber-attack hits Natural History Museum, cancels exhibition</a> – Sortira Paris.</li>
<li><a href="https://www.leparisien.fr/high-tech/cybersecurite-le-grand-palais-et-plusieurs-musees-dont-le-louvre-victimes-dune-attaque-par-rancongiciel-05-08-2024-LYA4YVRAW5CQHPVRHSC3LAGPHM.php" rel="nofollow" target="_blank">Cybersécurité : le Grand Palais et plusieurs musées dont le Louvre victimes d’une attaque par rançongiciel</a> – Le Parisien.</li>
<li><a href="https://www.bfmtv.com/paris/des-pieces-de-collection-nationale-le-directeur-du-museum-d-histoire-naturelle-de-paris-indique-que-les-pepites-d-or-volees-ont-une-valeur-inestimable_AV-202509170489.html" rel="nofollow" target="_blank">“Des pièces de collection nationale”: le directeur du Muséum d’histoire naturelle de Paris indique que les pépites d’or volées ont “une valeur inestimable”</a> – BFMTV.</li>
<li><a href="https://www.securityweek.com/shai-hulud-supply-chain-attack-worm-used-to-steal-secrets-180-npm-packages-hit/" rel="nofollow" target="_blank">Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit</a> – Security Week.</li>
<li><a href="https://www.wiz.io/blog/shai-hulud-npm-supply-chain-attack" rel="nofollow" target="_blank">Shai-Hulud: Ongoing Package Supply Chain Worm Delivering Data-Stealing Malware</a> – Wiz.</li>
<li><a href="https://www.ox.security/blog/npm-2-0-hack-40-npm-packages-hit-in-major-supply-chain-attack/" rel="nofollow" target="_blank">180+ NPM Packages Hit in Major Supply Chain Attack</a> – Ox.</li>
<li><a href="https://www.unilad.com/technology/news/samsung-confirms-ads-fridges-commercials-634570-20250919" rel="nofollow" target="_blank">Samsung confirms ads will now be shown on its $1,800+ fridges</a> – UniLad.</li>
<li><a href="https://www.bosch-diy.com/gb/en/p/advancedmulti-18-0603104000" rel="nofollow" target="_blank">Bosch Cordless Multifunction Tool</a> – Bosch.</li>
<li><a href="https://www.smashingsecurity.com/store/" rel="nofollow" target="_blank">Smashing Security merchandise (t-shirts, mugs, stickers and stuff)</a></li>
<li><a href="https://www.patreon.com/smashingsecurity" rel="nofollow" target="_blank">Support us on Patreon!</a></li>
</ul>
<h3>Sponsored by:</h3>
<ul>
<li><a href="https://www.vanta.com/smashing" rel="nofollow" target="_blank">Vanta</a> – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!</li>
<li><a href="https://www.1password.com/smashing" rel="nofollow" target="_blank">Trelica by 1Password</a> – Access Governance for every SaaS app. Discover, manage, and optimize access for any of your SaaS apps – whether managed or unmanaged.</li>
</ul>
<h3>Support the show:</h3>
<p>You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on <a href="https://www.smashingsecurity.com/applepodcasts" target="_blank">Apple Podcasts</a> or <a href="https://www.podchaser.com/podcasts/smashing-security-244729" target="_blank">Podchaser</a>.</p>
<p>Become a <a href="https://www.patreon.com/smashingsecurity" target="_blank">Patreon supporter</a> for ad-free episodes and our early-release feed!</p>
<h3>Follow us:</h3>
<p>Follow the show on <a href="https://bsky.app/profile/smashingsecurity.com" target="_blank">Bluesky</a>, or join us on the <a href="https://www.reddit.com/r/smashingsecurity" target="_blank">Smashing Security subreddit</a>, or <a href="https://www.smashingsecurity.com/" target="_blank">visit our website</a> for more episodes.</p>
<h3>Thanks:</h3>
<p>Theme tune: “Vinyl Memories” by Mikael Manvelyan.<br />
Assorted sound effects: AudioBlocks.</p>
<hr>
</div>
</article>
<p></main>
</div>
</div></div>