Is Voice Phishing The Next Big Cyber Threat?
What’s the cost of a retail ransomware attack? For M&S, it’s £300 million.
This episode is full of high-impact cyber stories—from supplier ransomware and spoofed IT calls to fake Chrome extensions and Discord privacy concerns. We also give credit where it's due with a rare win for the UK government, and dive into why your train, hospital, or ATM might still be running Windows XP.
Let’s break it all down...
🛍️ M&S Cyber Attack: £300m and Counting
The attack hit at Easter and recovery is expected to last until July. It came via a third-party supplier, used social engineering (not fancy malware), and took down key services. Just browsing is back online—but you still can’t buy anything.
🥩 Tesco & Sainsbury’s Supplier Held to Ransom
Cold storage logistics firm Peter Green Chilled was forced to stop taking new orders after a ransomware attack, leaving meat pallets at risk of spoiling. Food supply chains are becoming a soft target—and it’s starting to show on shelves.
📞 3AM Ransomware: Fake IT Calls, Real Access
A new campaign mixes email bombing with phone calls spoofed to look like internal IT support. Victims are persuaded to open Quick Assist and hand over control. It's bold, direct, and sadly, very effective.
💸 HSBC CEO: “Cyber Threats Keep Me Awake”
Ian Stuart told MPs that cyber risk is a top concern for banks—and a massive ongoing cost. With financial services under constant attack, the push for stronger authentication (like passkeys and number matching) is gaining momentum.
📍 O2 Bug Leaked Your Location During Calls
A flaw in O2’s VoLTE and WiFi calling systems exposed IMSI, IMEI, and cell tower data for over a year. It’s now fixed, but highlights how verbose network protocols can become a serious privacy risk.
🚗 Goodbye QR Codes in Car Parks?
The UK government is rolling out a National Parking Platform so drivers can use any parking app in any supported location. It’s a big step toward ending QR confusion and fake codes in car parks.
🧩 Chrome Extensions Gone Rogue
More than 100 fake Chrome extensions have been caught stealing credentials, hijacking sessions, and injecting ads. Many posed as known tools or services. Don’t trust what you find in the Chrome Web Store—especially if you got there via an ad.
💬 2 Billion Discord Messages Scraped
Brazilian researchers scraped public Discord messages from over 3,000 servers and released the dataset for academic use. It’s anonymised, but the backlash shows how fragile our expectations of online privacy really are.
🧠 The Awareness Angle – This Week’s Takeaways
Trust Is Still the Weak Link – Ransomware groups aren’t breaking in. They’re being let in, by confused or tricked staff who think it’s IT calling.
Legacy Systems Are Hidden Risks – From O2’s metadata leak to lifts running Windows XP, old tech can cause new problems.
People Remember What’s Relatable – A £300m price tag sticks. So does a fake IT call. Tell the real stories, not just the technical ones.
🎙️ Quick Plugs
We’re up for Best Newcomer and Back to Basics at the European Cybersecurity Blogger Awards. Voting closes on 27th May. You can vote now at riskycreative.com
Don't Forget!
The Awareness Angle interview with Amy Stokes-Waters is out now. Go back one episode and listen. It’s full of personality, honesty, and escape rooms. Don’t miss it.
Sign up for The Awareness Angle Newsletter today and get notified every time a new episode is released. Each newsletter contains details of the topics discussed and more from the world of Security Awareness.
You're almost there!
To confirm your subscription, please check your inbox for a confirmation email. Click the link in the email to complete your signup and start receiving our newsletter!
If you don’t see the email within a few minutes, check your spam or junk folder, just in case.
Thank you for subscribing!
M&S Cyber Attack – £300m Loss and Third-Party Access
Watch – https://youtu.be/yR2iBWZlDVU?t=373
Read – https://www.bbc.co.uk/news/business-69050058
Tesco & Sainsbury’s Supplier Ransomware Attack
Watch – https://youtu.be/yR2iBWZlDVU?t=602
Read – https://www.theregister.com/2025/05/21/peter_green_cyberattack/
3AM Ransomware – Fake IT Calls and Email Bombing
Watch – https://youtu.be/yR2iBWZlDVU?t=779
Read – https://www.bleepingcomputer.com/news/security/3am-ransomware-uses-email-bombing-and-fake-it-calls-to-breach-companies/
HSBC CEO – “Cyber Threats Keep Me Up at Night”
Watch – https://youtu.be/yR2iBWZlDVU?t=937
Read – https://www.bbc.co.uk/news/business-68939456
O2 Mobile Bug – User Location Leaked via Call Metadata
Watch – https://youtu.be/yR2iBWZlDVU?t=1099
Read – https://www.bleepingcomputer.com/news/security/o2-uk-bug-exposed-mobile-users-location-during-voice-calls/
UK Government Unifies Parking Apps to Reduce QR Risks
Watch – https://youtu.be/yR2iBWZlDVU?t=1338
Read – https://www.bbc.co.uk/news/technology-68993852
100+ Fake Chrome Extensions Stealing Data
Watch – https://youtu.be/yR2iBWZlDVU?t=1477
Read – https://www.bleepingcomputer.com/news/security/over-100-malicious-chrome-extensions-used-to-hijack-browsers/
2 Billion Discord Messages Scraped and Published
Watch – https://youtu.be/yR2iBWZlDVU?t=1770
Read – https://www.404media.co/researchers-scrape-and-release-2-billion-discord-messages/
Still Booting – Ancient Windows Systems in Use Today
Watch – https://youtu.be/yR2iBWZlDVU?t=2514
Read – https://www.bbc.com/future/article/20240513-the-people-still-using-ancient-windows-computers
Vishr.ai – Live Demo of AI Vishing Simulator
Watch – https://youtu.be/yR2iBWZlDVU?t=2830
Try – https://vishr.ai
Deepfake Investment Scam Featuring Fake Anthony Bolton
Watch – https://youtu.be/yR2iBWZlDVU?t=3135
Read – https://www.fnlondon.com/articles/fidelitys-anthony-bolton-targeted-by-instagram-deepfake-scam-20240513
Google Veo – AI Video Generation with Audio
Watch – https://youtu.be/yR2iBWZlDVU?t=3424
Read – https://blog.google/technology/ai/google-veo-video-generation-ai-io-2025/
Notebook LM – Turn Transcripts into Podcast Conversations
Watch – https://youtu.be/yR2iBWZlDVU?t=3858
Try – https://notebooklm.google
Missed the episode? Watch it below!
Transcript -
Anthony Davis (00:04.271)
Welcome to the awareness angle where we break down the latest cybersecurity stories and look at what they really mean for awareness, behavior and staying safe. Ladies and gentlemen, welcome to our 30th episode, which feels like an achievement. That puts us in like the top 2 % of podcasts.
Luke (00:21.966)
It's a big milestone.
Yeah. Did you think it was going to make it back when we started?
Anthony Davis (00:28.771)
I'll be honest with you, didn't, hang on, whose voice is that? That would be the voice of my co-host. I haven't even introduced you yet. What are you doing talking? Ladies and gentlemen, Luke is with me as always. How you doing, Luke?
Luke (00:33.208)
Yeah.
Luke (00:38.286)
You
Everyone, yeah, and, see you
Anthony Davis (00:43.567)
Good, yeah, I'm good, I'm good. I honestly didn't think we would get to 30. I thought we'd probably do three, four, maybe a bit more than that. And then time would get in the way. But no, we're still going. This is amazing.
Luke (01:01.102)
Yeah, see if we can get to 50. Yeah, okay.
Anthony Davis (01:04.659)
300 Let's put a naught on the end of this one. Yeah, I only take us like what? Five and a half years. It's We'll do it So yes this week on the awareness angle Lots of stories to get through as always. It's you know cyber isn't slowing down Marks and Spencer's our weekly update Their costly attack will be over by July everyone. So just in time for some holidays and Tesco's and Sainsbury's
have been impacted, haven't had a cyber attack, but a supplier of theirs has. We also dig into a sneaky ransomware group that's using fake IT calls to breach networks. Sounds a lot like scattered spider, but it isn't. O2 has patched a location leak in Bug and the UK government's new single app for parking payments. No more scanning QR codes in car parks. Woo hoo.
Plus we've got some fake Chrome extensions that steal all your data and the fallout from billions of Discord messages that have been scraped and published.
Anthony Davis (02:13.199)
read to think what they contain. Look, we're gonna break it all down for you. No jargon, no drama, maybe a little bit of drama, but just what you need to know. So if you're an awareness professional or cyber professional or just someone that likes information security, this is the place to be. But please remember, it's an independent podcast. Our views are our own. So if we say something that you don't like, blame us, not the people that pay us.
So, lastly, before we get into our whole grand scheme of things, you listen to our, Luke, if you listen to our interview series.
Luke (02:48.64)
I have listened to a few.
Anthony Davis (02:50.039)
Yeah, a few, you should listen to all of them. There's not that many yet. Looks like our first listener on the interview series, because he makes them look good and sound good. This week, last week, I released, we released our episode with Amy Stokes Waters from the Cyber Escape Room Co. And it's a really, really good episode. We were both meant to go to a conference. She went.
Luke (02:53.186)
Well, I edit them, right? So I listen to most of them.
Anthony Davis (03:19.915)
an exhibition she went and it wasn't very good and I asked then is it worth going she said no someone else told me no so me and Amy decided to get on a call and had a chat and it's really really good it's she's convinced me that cyber escape rooms are probably a good idea and we cover authenticity and there's some really good it's a funny funny episode if you know Amy she's a character she's wonderful so have a listen to that it's in the same
It's like the episode before this one. if you're listening to this one, when you get to the end, go back one and listen to the conversation between me and Amy. And lastly, before we get onto the news, have you voted yet? Luke, have you voted?
Luke (04:06.894)
I Not gonna say it. Not gonna say it full.
Anthony Davis (04:08.527)
Good, I thought you were gonna say haven't then. Okay, okay. Guys, we've been nominated in the European Cybersecurity Blogger Awards 2025, still doesn't seem real. Thank you to everyone that's voted for us so far. And I've also been recognized. So the podcast has been nominated for best newcomer, which is amazing. And we've also been nominated in the back to basics category.
which fits us perfectly. know, if that's what we're trying to do here, isn't it? Simplify the security and keep it simple and basic. So back to basic sounds right. And then I've been nominated as well, which is shocking. So I'm the contributor of the year with some very illustrious and very experienced names that I've looked up to for a long time. if you want to vote, go vote for the podcast.
That's the real one. Go vote for the podcast. Go to riskycreative.com and there's a link right at the top of the page. Click the link and you can get to the voting page. And thanks to everyone at Skenzy PR and everyone else involved. Like the events sponsored by Keeper as well, which is really cool. Keeper, the password manager.
Lastly, before we get onto the news, we need to cut this bit down. We have the newsletter, if you haven't subscribed to the newsletter, it comes out every Monday. You can get it on LinkedIn. You can get it in your inbox by going to riskycreative.com. Search LinkedIn for the awareness angle. We have over 600 subscribers now. Every week, 600 people get our newsletter, which is amazing. yeah, largely on LinkedIn, but we...
we can land in your inbox as well. So we'd really love it if you go and everything we cover in the podcast is featured in the newsletter and you can quickly get to the individual topics and watch them on YouTube, which is cool. Right, should we get on with the news? Brilliant. Right, this weekly news update for &S. &S have stated that the disruption will last until July.
Luke (06:13.432)
Yeah, go for it.
Anthony Davis (06:26.383)
We're recording this towards the end of May. They got compromised at Easter. Just think about how that would impact your business. Like a cyber attack and the recovery takes what, three months, four months? Yeah, mad. And they've also said the cost is gonna be 300 million pounds. Now there's news reports coming out about this now and there's documentary on the BBC. It's available on iPlayer.
Joe Tidy from the BBC has done some diving. There's lots of cyber people in our circle. There's a couple of them that have been interviewed for it as well, which is great. &S have been what feels and I'm going to go out on a limb here and voice an opinion, which is unlike me. They've been praised constantly for clear, transparent communication. And I don't agree, but finally,
They've come out and given some details. They expect the online disruption to continue through June and into July. As of today, the website is back open for browsing. So you can look at what you could buy, but you can't actually buy anything. They estimate the cyber attack will hit their profits this year by around 300 million pounds. And they do reckon that some of that will be covered by insurance.
I would imagine there'd be a concern that the insurance might not pay out, but that depends on the controls they had in place. They've said they'd spotted suspicious activity and they'd run a cyber attack simulation last year. So we're ready. They knew what to do. And they said they responded quickly and took the right actions immediately. They knew who to call and how to put the business continuity plan into action.
And they've also said that the hackers use social engineering techniques, meaning they relied on human error or misjudgment rather than pure technology. And they gained access via a third party, which is a company working alongside the retailer rather than accessing systems directly. An interesting one, just to dissect that slightly. They haven't, they've said they accessed MNS systems via a third party. That doesn't say third party software. So.
Anthony Davis (08:49.293)
They've said the whole story all along has been scattered spider, social engineer, the password reset. If they're IT supports done by a third party, that's the third party that was, know, it's, I don't, it's, yeah. They said they took their own systems down to protect the website and customers. And interestingly, in a media call on Wednesday, Mr. Matching did not respond to a question.
Luke (09:01.066)
Yeah, it's a of a confusing one.
Anthony Davis (09:19.607)
on whether the company had paid a ransom as part of the process.
Luke (09:27.468)
know.
Anthony Davis (09:29.977)
You'll probably never know. There'll probably be an NDA unless the attackers want to come out and say, yeah, they paid us. Yeah, it's an interesting one. Let's not dwell on &S because everybody else is talking about it. So we don't need to talk about it much. If you want to find out more about &S and what's going on there, go to the BBC and look at the documentary and iPlayer or just look at your LinkedIn newsfeed. Because if it's anything like mine, everybody's voice in their opinion on LinkedIn.
Anthony Davis (10:02.191)
Interestingly, I'll come to that later. It's fine. I'll come to that later. I have one more bit on M &S, but I will come to that in the comments section. As we mentioned at the opening of the show, Tesco's and Sainsbury's supplier, Peter Green Chilled, has been hit by a ransomware attack. And they are a cold storage and logistics firm, which also work with Audi. And they've been held to ransom and halted new orders.
which they say has left products like meat palates sitting idle in fulfillment centers. So yeah, it's worrying, isn't it? I do have a query as to whether, have you heard of the Bader-Meinhof phenomenon?
or so, essentially, it's also known as cognitive bias. And I am reading this straight from Google, but I there was a name for it. So, you know, if you're driving along and you see a yellow car and you're like, I've never seen a yellow car. And then all of a sudden you see lots of yellow cars. It's because you're then looking for it. So I thought this whereas we're all saying the high street is under attack. But is it really? Or is it just a coincidence that two names have been attacked and or maybe
Luke (11:02.584)
you.
Anthony Davis (11:17.967)
You know, I don't think that Marks and Spencer's were done and then someone went, now let's go and try co-op because the time to get in and cause damage normally isn't that quick. So I do wonder if we're seeing a bit of cognitive bias and you know, if you take a step back and look at the businesses that being compromised before now, whether it isn't an epidemic.
Luke (11:43.31)
yeah, it may sort of quiet down little bit, but you never know.
Anthony Davis (11:50.381)
I did read somewhere that they reckon that they were now pivoting to the US, which is why it might not be making the news here.
Anthony Davis (11:59.534)
Yeah. But yes, Peter Green Shield, they're based in Somerset. It's transport operations are continuing as normal, but they didn't process any new orders and only shipments prepared prior to the attack were sent out. So this is, I don't know what the state of play is now at the time of recording. It's a couple of days old by then. As with any news articles now, it goes on to talk more about
Marks and Spencer's and co-op then what's happening because it just refers back to the big names. So that's the kind of I mean, that's the damage limitation like Is M &S always going to be talked about, you know, every time a retailer is compromised now, is it going to be in 2025 Marks and Spencer's blah blah? That's them We'll see
Luke (12:49.588)
It's one of the biggest ones recently, I guess.
Anthony Davis (12:52.717)
That's the reputational damage that you potentially face, isn't it?
Anthony Davis (12:59.055)
Moving on to the next story, again, ransomware and very similar sounding, but bleeping computer yesterday released an article about a 3 a.m. ransomware affiliate that is conducting highly targeted attacks using email bombing and spoofed IT support calls to socially engineer employees, into queuing credentials for remote access. Sound familiar? It's a very scattered spider.
Sophos reports see at least 55 attacks leveraging this technique between November and January linked to two distinct threat clusters. yeah, email bombing and quick assist, which we talked about in previous episodes. So the 3AM ransomware attack targeted a Sophos client and it occurred in the first quarter of 2025.
And it used a similar approach to that Quick Assist one where they did it via Teams, but this time they did it via a real phone call. So they spoofed the IT department, they spoofed the phone number to make it look like they were actually calling from that company. And they sent 24 unsolicited emails in three minutes. So they overwhelmed the mailbox. And then they convinced the employee to open Microsoft Quick Assist and grant remote access to their device.
as a response to supposed malicious activity. And then they go on to download some, they go to a malicious domain and download an archive and they download an emulator and it just, the pattern then comes along and they deposit some ransomware. So you really, really, really need to, the awareness angle on this, you very much need to communicate with your people clearly.
what the IT support experience looks like. And if it deviates from that at all, it doesn't matter what business you're in. Like we're not talking food retail now, we're talking any business. This is how your IT support team will contact you. If it's anything else, escalate it to a manager or someone.
Luke (15:01.07)
Thank
Luke (15:17.134)
Yeah, definitely.
Anthony Davis (15:18.947)
These people are so, they're so bold and brazen. know, it's gone are the days where people are lurking in the shadows at night with a hoodie. You know, it's like, it's not like that anymore. These people are actually calling you up and pretending to be, you know, your help desk or something like that. They don't care.
Luke (15:32.546)
Yeah.
Anthony Davis (15:37.2)
Another report in the news, this is the next story, BBC reported this week, which is completely, this is all like related, it's all on a theme. Ian Stewart, who's the CEO of HSBC UK, he said that cybersecurity is top of the agenda and that dealing with vulnerabilities is an enormous expense.
for the sector as a whole. think it's enormous expense for anyone, not just the banking sector. And he says it does worry him we can be attacked and we are being attacked all the time. So it's, yeah, it's worrying. everybody, this has been, I think Marks and Spencer and Culp have been a massive wake up call for most people. know, it's, I think it's lit a fire under those tasks that maybe you were putting off doing because they were inconvenient.
or the users might not really wanna receive it. Think about, I think a lot of companies have changed the way SMS authentications, like getting kicked out, long before, it should have been gone a long time ago. The companies shouldn't still be using SMS authentication. But I think what we've seen is a lot of people are rapidly getting rid of it, skipping things like push notifications and going straight to number matching or pass keys.
Luke (17:04.63)
Yeah, definitely recently.
Anthony Davis (17:06.403)
Yeah. Passcase have probably come at a very good time.
Luke (17:11.598)
Well now it's the time that they finally get the limelight of people wanting to use them. Because beforehand not many people were talking about them and now they're everywhere.
Anthony Davis (17:23.407)
Mm.
I know I've been in many a conversation with software engineers that have wanted to use YubiKey's or queried why a business doesn't use YubiKey's. And it's like cost, implementation, who would own it, who would manage it, all those questions. And actually, you know, now it's like, okay, they're issues, but they shouldn't be reasons why we don't deploy it.
Luke (17:37.806)
All
Anthony Davis (17:56.336)
Like we can solve those problems. We just need to dedicate some time to it, but it's not, it's always been important, but it's never been top of funnel. If you know what I mean, there's always been something bigger or more sexy that they want to do. But now these slightly nasty tasks are probably important.
Luke (18:11.726)
That was, yeah.
Anthony Davis (18:19.023)
I'll move on to the next story whizzing through the news this week. I like this whizzing through the news The next story tonight 02 and ollie ollie inkley send me this Thank you ollie. Don't forget if you see a story in the wild and you think we'd be interested in it Hello at risky creative.com or just send it to me and luke on linkedin And we'll feature you give you a shout out give you mention Yeah on on the podcast
we saw, O2 UK, so the mobile phone network, Virgin media O2. I think they also, O2 are also the backbone for Tesco's mobile, think. they've patched a bug that leaks a mobile user location from core metadata, which sounds like terrifying. It kind of sounds like the Angry Birds one we had last week where the login of the IMEI. Yeah.
Luke (19:16.792)
Yeah, very similar.
Anthony Davis (19:19.823)
Um, so there's a flaw. There was a flaw in 02 UK's implementation of V O L T E and wifi calling technologies that could allow anyone to expose the general location of a person and other identifiers by the, calling the target. So this was discovered by security research called Daniel Williams, and they reckon the flaw likely existed on the network since February, 2023. So two years.
and was resolved this week. So yes, they O2 UK, which is owned by Virgin Media O2 has 23 million mobile customers. And in March, 2017, the firm launched IP multimedia subsystem service branded as 4G calling. However, as Williams discovered while analyzing the traffic during such a call.
the signaling messages the SIP had as exchange between the parties were far too verbose and revealing and included IMSI, IMEI and cell location data. So he says that the responses he got were extremely detailed and long and that unlike anything he'd seen before on other networks, it kind of makes me, this kind of feels like,
It kind of feels like it was done for testing and then was never turned off. I'm assuming this is a complete assumption, but that's the kind of thing you can imagine. This is like there for when you're implementing it, you're testing it and then like, right, we must turn that off when we go to production. But it didn't. Yeah. But, um, Williams says that he contacted Oak to UK multiple times on March the 26th and 27th. So over two days.
Luke (21:04.172)
Yeah, it's been forgotten about.
Anthony Davis (21:18.105)
to report his findings but got no answer. Finally, he got direct confirmation earlier on the day this was written, which was earlier this week, that the issue had been fixed and then he confirmed that. So yeah, no action required from customers. So there is nothing you need to worry about as a user, but it's worth, if you own tech, like that scenario I've just explained, which was completely assumptive, but if you are,
testing stuff and then it's rolling up to production, go back and look at it and just make sure it's clean. It's as it should be, I think.
Luke (21:57.528)
Yeah, lot of things happen with misconfiguration and yeah, things getting forgotten about.
Anthony Davis (22:04.569)
Yeah, yeah, I'll deal with that later. it's the, you know, build it quickly, build it quickly, meet your timeline. I will mop that up later, you know, Will. Yeah, yeah.
Luke (22:12.302)
Something's missed or... yeah.
Anthony Davis (22:18.605)
And the last news story from me this week, and I think this is a really positive news story. So we often talk about QR codes on this very show. Previously, we've spoken about car park QR codes and the risk of fake QR codes. Well, the government has announced that they're going for a one app fits all approach to parking to end what they call the scramble to download multiple payment platforms.
So now you can, or very, very soon, you'll be able to use any of the large parking apps to pay rather than having to download whichever one is associated with that car park. So there's a new, in the UK, there's a new national parking platform, which has been in a trial phase, but it's being handed over to an industry body to be expanded across the UK. Though only to car parks and app providers which opt to sign up.
Anthony Davis (23:17.291)
It needs to be, that needs to be adopted wider, but this is really positive and really, really good. Yeah. Yeah. It's a great start. So it's, it's really good that, there's no, know, you don't feel pressured to scan a QR code or download an app. I went to Carpart the other day and I'm like, which app is this? And then I have to find out if I've got it and I have to sign into it. And it's one I haven't used in ages. So I had to add the different car and it's like,
Luke (23:21.166)
Yeah, I guess.
Luke (23:39.726)
They have a
Anthony Davis (23:46.894)
Yes, it's ridiculous. I don't on my iPhone I had literally a folder that had like four or five parking apps in if you've got an electric car It's the same for electric car charging as well. You end up with like if I don't charge publicly But if you do for like the two weeks, I've had to public charge. I got like three or four apps Every every different charger No, no, which just leads to you. You're spreading your data out thinner and some of these will come some of these will go and you'll never know. Yeah
Luke (23:48.044)
of real pain.
Luke (24:03.726)
Yeah, there's no standards being enforced.
Anthony Davis (24:16.951)
So well done UK government. That's a really, really positive thing. I think you need to enforce it now or like make it really cheap or you need to give them give it a benefit to happening. Yeah. That's the last of my new stories, but you've got a couple.
Luke (24:30.988)
Yeah, definitely.
Luke (24:37.838)
Yeah, I have two for this week. back again, Chrome extensions are in the news. 100 plus fake Chrome extensions have been found. Yeah, these are fake extensions imitating legitimate ones. And these are hijacking everything from credentials and cookie fests, session hijacking.
Anthony Davis (24:47.951)
100 plus, wow.
Luke (25:07.094)
ad injection, redirecting, traffic manipulation and phishing via DOM manipulation. Which, I didn't know what DOM was, but it's a thing in web development, using JavaScript to interact and modify a webpage. it seems to be like a part of a JavaScript kind of thing of dynamically changing HTML and stuff. they'll, yeah, they must be injecting their own dodgy.
dodgy web code and sending people to fake websites and whatnot there so again yeah something to look out for these are posing as known services like one of them was deep seek 40 VPN and these are they say that they say that they're being promoted through ads sort of like we saw before the last episode with the Facebook ad of a fake AI tool
Anthony Davis (25:37.795)
Yeah.
Anthony Davis (26:00.609)
Yep.
Luke (26:06.678)
and yeah these are similar to what we've seen before really. This is that Google's removed identified extensions but users need to be cautious of what they have installed and goes back to your standard things of checking the developers credibility but as we mentioned in previous episodes these extensions get sold off and bought by people and turned into something malicious.
Anthony Davis (26:34.499)
Yeah, these are like, that's the problem, isn't it? You should, you cannot trust Google's Chrome extension store because you cannot trust that everything there is legit, can you? That's the problem.
Luke (26:51.788)
I guess you... there's probably verified developers, like the really well known companies, but yeah, a lot of these tools are made by smaller developers or individual people.
Anthony Davis (27:03.863)
just looking at some there's a list that's available in a github page and there are some of these do look like they could be legit there's like you youtube-vision.world
There's deepseek-ai.link.
There is, like you said, 40 VPN, which looks, 40 VPN is like a proper legitimate service, but this is obviously a spoof. There's calendlydocker.com, calendlydaily.world, know, there, Calendly is obviously a proper legitimate service. So yeah, it's mannisai.sbs. So Manus is another approved, you know, that's another legitimate AI tool. So yeah, what can you do?
Luke (27:47.15)
idea.
Anthony Davis (27:58.232)
It's you have to be really, really careful.
Luke (27:58.67)
Yeah.
No, it's not the... A lot of issues with extensions for browsers. Imagine Firefox and other browsers are still vulnerable to these, but these are primarily seem to be around Chrome extensions at least for this new story, but...
Anthony Davis (28:18.415)
And that'll be where they put most of their effort in because Chrome is the largest browser. Just like back in the day, there wasn't, oh, you don't need antivirus on a Mac, but that's because no one used a Mac, you know, 20, 15 years ago. Now, many people use a Mac, so you do need, well, you don't need AV on it. It's gone around in circles, hasn't it? Because it's all built in now, but yeah.
Luke (28:21.568)
Yeah, that as well.
Luke (28:38.488)
Yeah, so yeah, this seems to be, again, dodgy ads, whether they're from a website or Facebook. But it's more of a, I guess in that respect, it can happen at work. People browsing on Google for something and they find an ad, an extension that's advertised and click on it and install it without really checking, especially if they're allowed to install extensions.
Anthony Davis (28:53.219)
Hmm.
Luke (29:06.68)
But yeah, I'm sure we'll hear more extensions as always. Always something to news.
Anthony Davis (29:12.919)
Yep, just be really careful. It's timely reminder to remind your people when installing extensions, make sure you really, really need it. And if you run Manage Chrome, if you don't run Manage Chrome, why don't you run Manage Chrome? Maybe it's time to start thinking about, can you run Manage
Luke (29:30.126)
Yeah. Yeah, the next story I had then was one about Discord. Researchers have scraped 2 billion Discord messages and have published them online. It's a team of, yeah, it's a team of Brazilian researchers. It accounts for roughly 10 % of all public Discord's platform-based servers. It spans from 2015 to 2024.
Anthony Davis (29:45.188)
billion.
Luke (30:00.278)
and it's using the Discord's public API to get this data apparently. It's collected from 3167 servers. They say it's been anonymized. I don't know how well that can work, it's 118 gigabyte download as well. But they seem to have done it for sort of research purposes, for academic use, studies and all sorts of things.
mean, Discord's used for everything these days, not just gaming, there's probably a lot of interesting data in there. Potentially some stuff that people don't really want to get out.
Anthony Davis (30:39.555)
Yeah.
Anthony Davis (30:44.323)
We had a Discord briefly and we talked about spinning that up for a community-based thing and that's one use for it. There's also, my 11-year-old wants Discord to chat with his mates because his mates at school have all got Discord. That's how they chat to each other.
Luke (30:51.022)
Hmm.
Luke (31:00.408)
yeah it's become quite a well known well used tool I think even some smaller businesses use it because it's obviously free with optional sort of paid features but
Anthony Davis (31:06.169)
Yeah.
Anthony Davis (31:10.307)
Yes.
Anthony Davis (31:15.073)
one of those that you might find your business uses without you realizing as well. I know that's it's I know a couple of organizations where it's crept in at some point and then it's like no kind of
Luke (31:19.31)
Mm.
Luke (31:27.148)
Yeah, but yeah, I think it's just something to think about with public discourse especially. This sort of information is available.
Anthony Davis (31:41.71)
It's an important reminder that anything you put online, don't, yeah, like don't say anything online that you wouldn't say in person, that kind of thing. Like you never know when it will come back and haunt you. And the same could be said at work as well, know, it's anyone can do a subject access request, you know, all that kind of thing. And then the data, be careful what you put in writing.
Luke (31:45.816)
be scraped right?
Luke (32:04.654)
Yeah. Yeah, I mentioned how like the average Discord user is not going to expect their conversations to be used in an academic data set. But it's been anonymized, so you're OK.
Anthony Davis (32:17.323)
No. No.
Anthony Davis (32:23.161)
That's good. That's good. I can sleep. I don't use Discord.
Luke (32:26.542)
Yeah.
Luke (32:30.2)
Yeah, that's my stories.
Anthony Davis (32:30.487)
Right. Excellent. Excellent. Well, let's get onto some awareness awareness. So it's coming up quick, but on the 12th of June, I am taking part in the future of cybersecurity virtual conference. The headline speaker is not me yet one day, maybe, but the headline speaker at this event is someone who's been far more important and far more significant to the internet than I have.
Marcus Hutchins, which is the man who saved the internet basically. He stopped WannaCry. And if you don't know what WannaCry was, it was bad. And Google it, look on YouTube, WannaCry was really bad. Marcus Hutchins, through his clever thinking, he managed to save the internet. So he's the headline speaker. We've also got Holly Foxcroft, Lee Morton.
And then obviously me and I've got an interesting, it's an interesting talk I've got. I'm going to talk to you about a occasion when my environment was breached and I'll talk you through the incident through recovery and detection and stuff like that. And what you can learn from an awareness perspective on that. So that's a good one. 12th of June links in the show notes, links on my LinkedIn link is in the newsletter.
Luke (33:47.854)
Cool, sounds good.
Anthony Davis (33:55.471)
which you can get by going to riskycreative.com and signing up.
we also, and by the time this episode gets released, this could be closed, but.
The SANS 2025 Security Awareness Report Survey is open. It's been open for a little while now. We kind of missed denouncing it on here. This Security Awareness and Culture Survey, this report is really, really important because this is used by many awareness professionals to measure what good looks like, to argue for more resource. I've used this before in an awareness role to benchmark our
team and structure and it's used to salaries and job titles and all sorts. So it's, the only thing really, it's the best thing that covers the awareness industry. So go along, you can search for Lance Spitzner on LinkedIn. We'll put a link in the show notes and on newsletter. If it's still open and I say if because we can't actually find the date that the survey closes.
we've looked and we've looked on LinkedIn posts and we've looked on the survey page itself. Sans, you haven't told us when it closes. I don't know whether that was intentional. I see this happen all the time where people post stuff and they don't put the date or they don't put the time and it's like, tell us how long we've got. you can enter for a $500 Amazon gift card. If you...
Anthony Davis (35:37.456)
contribute to this. You also get access to early results and an early copy of the report. And this is a new survey format that's been developed by 12 person advisory board, which they say is great for developing your own security culture. So take the survey is really, really good. All the awareness professionals I know and that we know complete this and look at it and it's a great benchmark for us. So yes, go do that.
Right, should we move on to comments? I've got so many comments this week. Okay, so this week has been a massive week for us on the socials. So I post our content on TikTok, I post our content on Instagram, and also to post it on YouTube, break it down into short and share it. Well, over the last week or so, we've had nearly half a million views.
Luke (36:10.572)
Yes, that's people have to say.
Anthony Davis (36:36.943)
We've had around 200,000 on TikTok and around 200,000 on Instagram, which is amazing. We've gone viral-ish and we've got lots of followers there now. So if you do want to follow us, risky creative on Instagram, TikTok is me, so look for infosecant on TikTok. But we have a couple of posts that really blew up. A few weeks ago, we talked about
OneDrive and the new feature on OneDrive with personal sync. So if you've got a OneDrive business device and OneDrive file sync in your business environment, if someone signed into a personal account on that device, and I think even just in the browser, for example, then Windows goes, would you like to sync your personal files as well? So there's an opportunity for data leakage there. We had 170 comments on this video, over 200,000 views on TikTok.
So the comments, let's look at some of the comments on this.
If I can work TikTok, hang on. This is where I'm showing my age.
Anthony Davis (37:50.608)
So this is just one of three videos that we had that got some real traction lots of people moaning about you know OneDrive and this shouldn't be on This shouldn't be an option. Why do people let this happen? I should have started talking about one of the other ones first because I'll come to that in a second I'm tired of policing Microsoft malware out of our infrastructure the whole time updates and malware cloud is spyware and sync is DLP
Someone said source of the information. So I clearly didn't believe me, but that's fine. It would be really bad if someone fired would use that feature when fired from a company of one of the tech oligarchs, or if many people would, what a bummer.
yeah, so there's,
What do we have? OS should develop its OS. There are so many systems specifically for sharing documents safely. Not sure about anyone else, but I've had enough of so-called new outlook, which kind of wasn't what we were talking about. But the other video we shared last week was about the NHS staff video that someone shared, the angry NHS staff, the internal meeting that someone shared publicly.
I ended up getting lots of comments from people working in the NHS on that. people asking where are the, where is the video? People basically saying about the state of the NHS eye opening. someone said, lots of, lots of complaints about technology in the NHS. So nothing really constructive on that, but obviously.
Anthony Davis (39:43.044)
got a lot of sentiment. The interesting one is we spoke and I'd seen a comment on Reddit last week about &S ransomware where someone had said, has anyone noticed an increase in spam calls and spam emails? Do you remember that? Yeah. Well, and I mentioned earlier about Bader-Meinhof phenomenon and about cognitive bias. And I think it's this, But so many people have said,
Luke (39:58.616)
Yeah, maybe soon.
Anthony Davis (40:12.643)
They agree like yes constant spam calls the past two weeks. Absolutely. I rarely get spam calls, but over the past few weeks I'm getting loads. Yes. I've never had these calls before. my gosh me. I've had loads of spam calls in the last few weeks. Someone said, yep. Had a bunch of new scam emails, mostly from scammers pretending to be and S and other shops like it's such as Lidl. I don't know why they assume.
them not getting a password means we're in the clear scammers are having a field day. Someone else said I used to get the occasional spam email. Now it's literally 20 per day. So many random numbers calling me all of a sudden as well. I don't answer any. Definitely noticed an increase like there's a pattern here right lots of people I personally, I think this is bait of mine off I think people are like aware of
Luke (41:03.041)
the end.
Anthony Davis (41:10.913)
Cyber security and scams and all of a sudden like I've said it they've seen that tick tock and they're like, my god me too but It's interesting it just goes to show like the data might be used in many many different ways different ways one person mesmerized 74 on tick tock one day ago said No more spam calls or emails than usual people just jumping on the bandwagon Could be that could be that so yeah
Luke (41:16.13)
Yeah.
Anthony Davis (41:41.775)
Follow us on TikTok, follow us on Insta and obviously on YouTube as well. We post our shorts and some other clips from the show.
Anthony Davis (41:54.156)
Right. I had two or three things I wanted to show you this week. The first one was an article that was published this week on the BBC, but it wasn't a news article. was BBC Future. And the article is called Still Booting After All These Years, The People Stuck Using Ancient Windows Computers.
Luke (42:00.731)
yeah.
Anthony Davis (42:21.859)
So essentially this article goes through and it says earlier this year, I was on my way to a checkup at the doctor's office in New York city. And as I rode up to the 14th floor, my eyes were drawn to a screen built into the side of the lift. Staring back was a glimpse into the history of computing. There in a gleaming hospital full of state of the art machines was an error message from an operating system released almost a quarter of a century ago.
elevator was running Windows XP.
Luke (42:55.948)
Well.
Anthony Davis (42:56.941)
Yeah. Yeah. So, yeah, it's funny. It's, so the article goes on and basically gives a bit of a history of Microsoft. and then, in a way windows is the ultimate infrastructure. It's why we built, it's why Bill Gates is so rich says Lee Vintel, who's a professor at Virginia tech. their systems are built into everything around us. And the fact that we all have.
These ancient examples around is the story of the company's overall success. That's what's kind of amazing about Microsoft. For a long time, Windows was just how you got things done. And then it says, even if you're a diehard Apple user, you're probably interacting with Windows systems on a regular basis. When you're pulling out cash, for example, the chances are that you're using a computer that's downright geriatric by technology standards. Microsoft declined to comment.
Luke (43:52.654)
You
Anthony Davis (43:56.25)
for this article. So Elvis Monteiro, who's an ATM field technician based in Newark, New Jersey in the States, many ATM still operate on legacy Windows systems, including Windows XP and even Windows NT, which was launched in 1993. Yeah. Windows was at the center of a controversy across the German internet.
Luke (44:17.422)
I
Anthony Davis (44:25.295)
in 2024 because there was a job listing for Deutsche Bahn, the country's railway service. The role being recruited was an IT administrator who would maintain the driver's cab display system on high speed and regional trains. But the qualifications listed in the advert were expected to have an ex, people were expected to have an expertise of Windows 3.11 and MS DOS. Windows 3.11 was released 32 years ago.
was my first version of Windows and MS-DOS was released 44 years ago.
Luke (45:00.587)
yeah, that's crazy.
Anthony Davis (45:01.867)
It's mad, isn't it? It's mad. The trains in San Francisco's Mooney Metro light railway, for example, won't start up in the morning until someone pops in a floppy disk that loads up the DOS software on the rails and automatic train control system. Last year, San Francisco Municipal Transport Authority announced its plans to retire this system over the coming decade. But for today, the floppy disks live on.
Luke (45:17.431)
You
Anthony Davis (45:31.663)
Isn't it? Yeah.
Luke (45:33.262)
and lot of these things you don't really know about or think about. How old some of these systems are. Except for everything in the world.
Anthony Davis (45:40.078)
Yes.
Yeah, yeah. And some people would argue that, you know, they're air gapped, they're isolated, they're safe, right? But not all of these are. And I think I found, I haven't got the link to it now, but I'm pretty sure that I found this article originally on Reddit. And there was a massive discussion in the comments section about, you know, what ports were open on some of these things and people going, oh no, these are isolated. And it's like, no, they're not. I used to work on them and they're not isolated. You can get into them using tell now.
you know, and stuff like that. like, yeah. I mean, you've worked with some old tech, but not recently. When was the last time you interacted with a Windows XP device? Five years ago?
Luke (46:20.408)
Yeah.
Luke (46:26.626)
Yeah, Just over five probably, more like seven, eight years I reckon.
Anthony Davis (46:30.457)
Yeah. Yeah. And it was, I mean, out of support long before then, but yeah.
Luke (46:36.63)
Yeah, yeah.
Anthony Davis (46:40.173)
Yeah, so yes, I thought that was interesting. We'll put a link to that in the show notes and in the newsletter.
I don't know what, what's the oldest?
I remember the first, I mean, let's not get into the history of computing, because I was using like Commodore 64s and stuff. Like not, not the, BBC Micro. My uncle had a BBC Micro that had the five and a quarter inch floppies that you used to be able to play Chuckie Egg on. And yeah. Right. Moving on, I want to show you something. This is not an advert. This is not paid listing. I have not used these people, but I just want to give you an example.
of something I've seen this week. I think they reached out to me on LinkedIn actually. And I'm going to show you the homepage just because I think it's interesting and it's really relevant. So with &S and co-op, voice phishing is obviously something that is going to be on trend going forward. Everybody's going to start having a solution for this, I think. Because obviously the help desks were socially engineered. And this is an interesting example I saw.
and it's a company called visher.ai. If you're thinking of a voice phishing solution, get your domains quick, because they'll all be gone. There are not many left. So this, like I said, we're not affiliated, haven't paid us. I just saw it and thought it was interesting, okay? Because they've got a trial that you can do. So I'm gonna try doing this right now, okay? So.
Luke (48:02.382)
Thank
Anthony Davis (48:18.927)
Let me just give it permission.
Anthony Davis (48:31.535)
Can you hear that Luke? Yeah.
Luke (48:32.919)
second here
Anthony Davis (48:51.509)
I'm fine thanks, haven't noticed any problems.
Anthony Davis (49:10.723)
I don't want to.
Anthony Davis (49:30.147)
Who's Enrico?
Anthony Davis (49:41.999)
I'll stop that there. It's clever, isn't it? I'm sure this is one of many, but I thought this was really, really interesting. And it's amazing that you can just try it there and then. Do you reckon people would fall for that?
Luke (49:43.374)
Yeah
Luke (50:00.43)
potentially maybe if it's on a if you're hearing on a phone rather than your computer but yeah but that is quite a new sort of way of doing things i guess being able to actually interact with an ai of a voice and yeah see if it can trick you
Anthony Davis (50:04.751)
Hmm, not in high fidelity.
Anthony Davis (50:23.375)
Yeah, yeah. I don't know much about the business, so use them at your own risk. But just to let you know, there's stuff out there, there's stuff around. They have a manifesto on their website and they say the evidence is clear and this isn't theoretical. Crowd strikes saw these AI driven voice attacks explode, jumping over 440 % in just a second half of 2024 compared to the first.
So that's kind of how the technology has come on, hasn't it? It's, and they say, you know, build deep fake immunity, spar with an AI that thinks and precision insights, zero hassle. And it says there, it's part of 11 Lab Grants, which is supported by 11 Lab Grants. And 11 Lab are obviously we've used them for AI voices and stuff like that.
Luke (51:17.302)
yeah i'm into this must be other other voices are being generated and it is still the actual full platform looks like of the status of the school is going to be close to them friend is on the bringing out something if they don't already have it
Anthony Davis (51:39.855)
right. I'll move on the next thing. Last week we, Hayden from know before, sent me a video that he'd seen on Instagram and it was of who was it of.
I can't remember who it was, it was, I can't remember the exact individual, but it was a deep fake of someone from an investment bank telling you that they had a WhatsApp scheme and to invest. Well, I got one on WhatsApp. I got one on Instagram this week, a different one. And again, not really familiar with who the person is, but this just popped up on my Instagram feed.
Anthony Davis (52:51.065)
So Anthony Bolton is a famous investor. This is video of Anthony Bolton, but this is deepfaked video of Anthony Bolton. This isn't actually Anthony Bolton. And there's some real big giveaways in this. Like the fidelity is too low to like, and maybe this is on purpose, right? The fidelity of the video. So for those listening, sorry, I should have explained. It's a screenshot of Instagram and you've got a gentleman sat.
at a desk in what looks like quite a nice office or house. And it says stocks to watch in 2025 every day at nine o'clock in my WhatsApp group. And then there's a learn more button. The video glitches and it doesn't glitch. There's some really janky cuts in it, but his voice doesn't cut. you watching it might have thought it was glitching on the stream, but
Anthony Davis (53:51.705)
Did you see that jump? Like his whole body shifted in a frame just in an instant. And there's another one.
Luke (53:52.366)
Yeah, did a couple of times there.
Anthony Davis (54:06.115)
The head just snapped and it's like the voice doesn't stop. So very, I don't know whether the video's spliced or they've cut out overlay. I don't know where the source is. I didn't really look for it on this one. When you do, if you do click the learn more button, it says community learning groups, join the community to receive a rising stock symbol. We offer personalized professional consultations.
Luke (54:07.138)
Mm-hmm.
No.
Anthony Davis (54:35.855)
and then it starts asking you for personal information. Please fill in your real age and then we'll provide you with personal investment advice based on your situation. This isn't Anthony Bolton. I'm pretty 99 % sure that this isn't Anthony Bolton. I'm pretty sure that Anthony, actually it isn't Anthony Bolton because I have just found, I've just found in the financial news a news article.
Luke (54:49.283)
Mm-hmm.
Luke (54:52.718)
I
Luke (55:04.686)
Thanks for listening.
Anthony Davis (55:06.691)
And this is like, okay, let's pivot this slightly. This news article is from the 13th of May. We're recording this nine days after that date.
And this will air probably three days, four days after that. If this has been public knowledge and in the news for nine days, why hasn't Meta got rid of this yet? It's Meta doesn't care. And this is part of the problem.
Luke (55:29.794)
Yeah.
I mean, they're probably making ad money from it.
Anthony Davis (55:38.179)
Yeah, Bolton retired from Fidelity International in 2014. So yeah, in the deepfake video, he asks investors to join the WhatsApp group.
Anthony Davis (55:51.728)
Yeah, to be clear, these accounts and groups have no legitimate connection to Anthony Bolton or Fidelity International. Fidelity International does not use social media to offer unsolicited investment opportunities. So like, just run away. If you see this, look for those errors in the video. No one worth any huge amount of money is gonna be peddling a scam like that, it's snake oil.
Luke (56:02.798)
Thank
Anthony Davis (56:20.867)
You know, Elon Musk isn't gonna give you like investment tips. Anthony Bolton is probably worth too much money to be giving you investment tips on WhatsApp. unless he's hit really hard times, but then I'm pretty sure we'd know. And the video would probably be better quality than that. So yes, keep an eye out for your investment scans. If you see something online, on Facebook, on Instagram, in the mail, on Reddit, and you think we should talk about it.
Luke (56:30.061)
Yeah.
Anthony Davis (56:49.419)
Email us hello at riskycreative.com and we'll give you a shout out. We'll give you credit and we'll talk about it in one of our episodes.
Luke (56:58.968)
yeah that because
Anthony Davis (57:02.413)
Right, you've got one.
Luke (57:04.824)
yeah just quicker think this and don't i guess show much of the scene this in the news the new google a i video generation v via and call it fear free
to bring up on screen.
Anthony Davis (57:28.023)
Is this the one... Is this the... I haven't... I don't know if I've seen this. Wow.
I haven't seen this, but there's a good first impression.
Luke (57:39.566)
All right.
Luke (57:43.95)
Yeah, so it's a new model that they've got which includes a high resolution output, real world physics and now audio. So you can generate someone talking now as well. And it's really quite impressive. A few examples.
Anthony Davis (58:14.127)
That's incredible.
The, so for those of you listening, I have to forget at times that this is also an audio podcast rather than video. It's really realistic imagery now of a older gentleman with a pipe and state traditional sailors outfit and a beanie hat and a beard. It looks like captain. It looks like a fisherman, traditional fisherman.
Luke (58:25.39)
Yeah.
Luke (58:41.688)
Yeah, I got the prompt as well there. Sorry, the prompt as well is very simple prompt with... and asking it to say those words and that's obviously what it says.
Anthony Davis (58:49.709)
even see that.
Anthony Davis (58:54.895)
A medium shot frames an old sailor, his knitted blue sailor hat casting a shadow over his eyes, a thick grey beard obscuring his chin. He holds his pipe in one hand, gesturing with it towards the churning grey sea beyond the ship's railing. This ocean, it's a force, a wild untamed might, and she commands your awe with every breaking light.
Anthony Davis (59:26.605)
So the command hasn't stated anything about an accent or sound or audio. And it's given it what I think is probably quite a fitting voice and it's added C and a C goal. That's incredible.
Luke (59:37.485)
Yeah.
Luke (59:43.47)
and there's loads of examples here I've seen a lot of people using it playing around with it asking it to create like fake trade shows and stuff people interviewing people and stuff and it's done a really quite a good job at these different things and you don't really need to give it a lot of things to go off and I imagine
if you did it could probably generate something quite usable
kind of scary at the same time though, with how good it is.
Anthony Davis (01:00:18.543)
That was.
do wonder if there was a trade show a few weeks ago. I think probably the one that I was meant to go to that Amy told me not to bother. it was, I wonder if you could use a tool like this to make it look busy when it's not actually busy. And then like, we had a hectic day one, now day two, where are you? Something like that.
Luke (01:00:40.398)
Mm-hmm.
Luke (01:00:46.604)
Yeah, yeah, sure people start using these things for those bad purposes
Anthony Davis (01:00:53.657)
think this, I'm gonna show you another video now. And this was one I saw. So I didn't realize, but this is the model and it was on the chat GPT subreddit.
just share this. So this says WTF AI videos can have sound now, all from one model. And this is a, so this video just shows it's lots of different scenes with two per each scene has two people.
Anthony Davis (01:01:47.344)
So just to flag some of these, if you're listening to this, it's worth, go to the newsletter, we'll put a link directly to this section of the podcast in the newsletter. The detail in some of these videos, so you've got, take this one for example. So this one, there's a couple on a train dressed like it's the 50s. He's wearing a trilby, she's wearing a little.
Luke (01:01:49.39)
You
Anthony Davis (01:02:17.167)
I'd call it a beret, but it's probably got a different name. They're talking very properly, but look in the background.
Luke (01:02:23.022)
you
Anthony Davis (01:02:30.927)
There's literally someone moving like behind a curtain in the background. Like the detail is brilliant. This guy, black and white shot, old music hall. He's there with a lovely suit on and a white bow tie and a tash, holding a really old fashioned microphone. And there's like smoke coming off his head.
Luke (01:02:34.317)
you
Anthony Davis (01:02:52.715)
It's, thought, I didn't realize what I was watching, but now I know that this is exactly what you've brought to the table. it's mad, isn't it? The quality is incredible. Not just of the video as well. Like a lot of the tell, this video I'm showing is quite a low res video, but the fact that it can provide not just voice, but ambience and the right kind of like.
Luke (01:03:01.027)
Yeah.
Luke (01:03:15.128)
It's very convincing, some of these.
Anthony Davis (01:03:23.011)
The voice can have echo or, know, resonance from the room, room sound. It's not dry, which is brilliant.
Luke (01:03:27.96)
Yeah, it's all reacting and...
Luke (01:03:33.934)
yeah I on the website as well it shows like some other examples of yeah what you can use like a reference character and consistent characters and your own backgrounds and your own sort of styles and stuff so it's getting to a point where it's scarily good now creating these things you can even do camera controls and stuff so I guess at some point once it's a little bit better and a little bit
affordable even. It's a good option for potentially smaller people, smaller teams like us to be able to create some videos that you could never have imagined. Well, you could only have imagined it. Now you could actually bring it to life.
Anthony Davis (01:04:18.703)
Can I show you something else on the topic of this? This isn't an AI podcast, but this is something else that's interesting, right? Last week when we talked about, I think it was last week, we talked about the OneDrive sync risk. I took an edit of that and we're gonna share that on YouTube as a separate kind of four minute video. But Notebook LM, which is a Google tool, I heard this talked about on another
Luke (01:04:34.051)
Yeah.
Anthony Davis (01:04:48.047)
podcast this week. And I gave it a copy of the transcript and then I gave it a copy of the audio recording. And then over here, they've got a thing called audio overview. Now this is free. I haven't paid for this. Okay. This is all free. The recording that I gave it and the transcript that I gave it is three and a half minutes long. Okay. And what it's done is
Anthony Davis (01:05:26.019)
Now I've listened to this nearly all the way through and this is a full blown two way back to back conversation about the three minute audio I gave and it's added an extra three minutes of chatter and conversation and it's, it was really engaging.
Luke (01:05:40.323)
Yeah.
Luke (01:05:44.755)
Yeah, I've used it before recently.
Anthony Davis (01:05:59.6)
I was like, and in the podcasting community, there is such a beef around AI podcasts. And then something like this comes along and you're like, God, if there is, notebook LM is designed for schools, classrooms and study work, because everything here is like, you know, you have your study guide and your briefing doc and stuff. If you could put like paper into that or a scientific.
study and then you can just listen to a discussion about
Luke (01:06:34.136)
Yeah.
Anthony Davis (01:06:35.727)
It's pretty impressive. I don't know what some of these other things do, like interactive.
Luke (01:06:39.49)
you can talk to ask a question
Anthony Davis (01:06:52.079)
What is the topic of, oh, hang on. What is the topic of this conversation?
Anthony Davis (01:07:05.295)
It's... It's... Yeah. It's mad, isn't it? Yeah. Where it's all going. Right.
Luke (01:07:06.158)
you
Yeah.
I'm getting too powerful.
Anthony Davis (01:07:14.489)
going to take over. We still need someone to operate it though. We've been here before. Horses to cars, computers. You know, this is just the next stage of the revolution.
Luke (01:07:18.926)
Yeah.
Anthony Davis (01:07:29.623)
Right, I think that's it for this week then.
Luke (01:07:32.846)
Yeah, I think so.
Anthony Davis (01:07:34.733)
Magical magical every episode ends up around the same time. It's crazy
Yep, so this week more on &S, lots on ransomware this week. &S, 3 a.m. ransomware, Tesco's and Sainsbury's suppliers, O2's crazy location bug that's been fixed. UK government does an amazing thing with Car Park QR codes, watch your Chrome extensions and your Discord messages. The 12th of June, future of cybersecurity virtual conference. If you're still listening to this, you must really love us.
to go vote for us. Go to RISCcreative.com there's a big button at the top of the screen. There's not long left. Go to the top of the screen, vote for us please. Back to basics, best newcomer. We want to win something. I'm just going out there and saying it. No one probably listens an hour and eight minutes into a podcast, but I want to win. I want the podcast to win.
Luke (01:08:11.63)
Yeah.
Luke (01:08:24.728)
Yeah, I think it's the day after this. No, the day after this gets published. I think that's the closing date, isn't it? 27.
Anthony Davis (01:08:35.705)
27th, Wednesday closing date.
Luke (01:08:37.537)
Was that the closing date?
Anthony Davis (01:08:39.181)
Yeah, it was. well, if you listen to this after a past Tuesday, it's too late. So.
Luke (01:08:40.942)
to day after this.
Anthony Davis (01:08:48.301)
Right, don't forget if you see anything you think we'd like, hello, at riskycreative.com. It'd be really good to get your stuff on the podcast. Go listen to Conversation with Amy. Luke, I will talk to you again next week.
Luke (01:09:02.704)
yeah, see you all next week. See ya.
Anthony Davis (01:09:04.367)
See you later, bye.