Firewalls Don't Stop Dragons Podcast

Firewalls Don't Stop Dragons Podcast


Data Privacy Week 2023

January 30, 2023

Every January, we celebrate privacy with Data Privacy Week. It has rightly expanded from Data Privacy Day. And of course every day should be data privacy day.


In the news: The FBI shuts down a major ransomware group; new Windows malware steals passwords and other data; new Android malware can completely take over your device; a dangerous “malvertising” campaign mimics popular software to steal info; the previously-secret “no fly” list was leaked online; tens of thousands of PayPal accounts hacked via credential stuffing; T-Mobile admits to over 37M customer records stolen; and Twitter GodMode is back (or rather never really went away). I’ll answer a Dear Carey question about Plain, the service that allows financial tech aggregators to access your account information and my Tip of the Week will explain Apple’s new Advanced Data Protection feature.


Article Links
  1. [NPR] FBI says it ‘hacked the hackers’ to shut down major ransomware group https://www.npr.org/2023/01/26/1151696092/fbi-says-it-hacked-the-hackers-to-shut-down-major-ransomware-group
  2. [Tom’s Guide] This Windows malware is stealing passwords and other data — how to stay safe https://www.tomsguide.com/news/this-windows-malware-is-stealing-passwords-and-other-data-how-to-stay-safe
  3. [TechSpot] New malware dubbed “Hook” allows hijacking and real-time spying on Android devices https://www.techspot.com/news/97356-new-malware-dubbed-hook-allows-hijacking-real-time.html
  4. [TechRadar] This dangerous malvertising campaign mimicks popular software to steal victim info https://www.techradar.com/news/this-dangerous-malvertising-campaign-mimicks-popular-software-to-steal-victim-info
  5. [BleepingComputer] Secret terrorist watchlist with 2 million records exposed online https://www.bleepingcomputer.com/news/security/secret-terrorist-watchlist-with-2-million-records-exposed-online/
  6. [BleepingComputer] PayPal accounts breached in large-scale credential stuffing attack https://www.bleepingcomputer.com/news/security/paypal-accounts-breached-in-large-scale-credential-stuffing-attack/
  7. [Naked Security] T-Mobile admits to 37,000,000 customer records stolen by “bad actor” https://nakedsecurity.sophos.com/2023/01/20/t-mobile-admits-to-37000000-customer-records-stolen-by-bad-actor/
  8. [9to5mac.com] Twitter GodMode still available to all engineers, following hack of Apple and other accounts https://9to5mac.com/2023/01/24/twitter-godmode/
  9. Dear Carey: Is Plaid Safe? https://www.allthingssecured.com/reviews/security/is-plaid-safe-to-use/ 
  10. Apple’s Advanced Data Protection: https://support.apple.com/guide/security/advanced-data-protection-for-icloud-sec973254c5f/web 
  11. Apple recovery contact: https://support.apple.com/en-us/HT212513 

Further Info

Table of Contents

Use these timestamps to jump to a particular section of the show.


  • 0:02:04: News rundown
  • 0:03:19: FBI shuts down Hive ransomware group
  • 0:07:34: New Windows malware steals data
  • 0:12:07: New Android malware that completely takes over device
  • 0:15:43: Malvertising campaign mimicks popular software apps
  • 0:19:44: Secret “no fly list” leaked online
  • 0:24:26: PayPal accounts accessed via credential stuffing attack
  • 0:28:06: T-Mobile admits 37M customer records stolen
  • 0:31:31: Twitter’s GodMode tool is still available to engineers
  • 0:34:59: Dear Carey: Is Plaid safe?
  • 0:45:41: Tip of the Week: Apple’s Advanced Data Protection
  • 0:53:54: 5th edition update and cool resources
  • 0:56:56: How you can help