Sveriges 100 mest populära podcasts

Hacking Humans

Hacking Humans

Deception, influence, and social engineering in the world of cyber crime.

Prenumerera

iTunes / Overcast / RSS

Webbplats

thecyberwire.com/podcasts/hacking-humans

Avsnitt

New laws and the effect on small businesses.

Kurtis Minder, CEO of GroupSense joins Dave to discuss how ransomware new laws leave small business behind. Dave and Joe share some follow up on Elon Musk after his big purchase and the changes that now follow. Joe's story follows Kalamazoo County residents and a new scam that is popping up, where they are being targeted by scammers through Facebook messenger video calls. Dave shares a story that hits home for him about an email that his father received from Best Buy claiming that he will be charged $500 for Geek Squad services. Our catch of the day comes from an anonymous listener who writes in to share an email they received from a Mrs. Phong Dung, who wants to send 1 million to the person who received the email. The receiver knows this email is a fake and writes into the show to ask Joe and Dave if these emails ever actually work on anyone. Links to stories: Kalamazoo County residents targeted in Facebook messenger video call scam Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.
2022-11-10
Länk till avsnitt

Domain spoofing (noun) [Word Notes]

A social engineering tactic in which hackers build a malicious domain to mimic a legitimate one. CyberWire Glossary link: https://thecyberwire.com/glossary/domain-spoofing Audio reference link: ?Mission Impossible Fallout - Hospital Scene.? YouTube, YouTube, 8 Oct. 2018,
2022-11-08
Länk till avsnitt

What's Your Problem trailer.

We?re sharing a preview of a podcast we enjoy called ?What?s Your Problem??  Every week on What?s Your Problem, entrepreneurs talk about the future they?re trying to build and the problems they have to solve to get there. How do you build cars that can actually drive themselves? How do you use technology to bring down the cost of airfares? And how do you teach a computer to understand sports?  Hosted by former Planet Money host Jacob Goldstein, What?s Your Problem? helps listeners understand the problems really smart people are trying to solve right now.  Listen to What?s Your Problem? at https://podcasts.pushkin.fm/wyphumans
2022-11-03
Länk till avsnitt

Protecting your identity.

Jameeka Green Aaron, CISO, Customer Identity at Okta, sits down with Dave to speak about their State of Secure Identity report. Dave and Joe share some listener follow up from Richard, who writes in to share his thoughts on the discussion of the phishing kit targeting WordPress sites in a previous episode, and also writes in about last episode?s discussion on how companies were turning on employees who are overworked with two remote jobs and shares how Equifax was one of these companies. Dave's story follows typosquatting, which is when a scammer registers a website that is very similar to the real one, but will have a typo in it (ex: amozon, homdepot, gougle) and how a large typosquatting campaign is delivering tech support scams. Joe's story follows a South Bay man who had the misfortune of accepting hundreds of open house offers, but the houses weren't for sale. Our catch of the day comes from listener Chris who writes in that he's never gotten a phishing email on his work email or personal email, but that he received his first phish from PayPal, which seemed to me a notification at first glance rather than a message telling him there is fraudulent activity happening in his account. Links to stories: Large typosquatting campaign delivers tech support scams A South Bay man accepted hundreds of offers from open houses. But the homes weren?t for sale Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.
2022-11-03
Länk till avsnitt

Secure Web Gateway (noun) [Word Notes]

A layer seven firewall that sits in line at the boundary between the internet and an organization's network perimeter that allows security policy enforcement and can perform certain prevention and detection tasks. CyberWire Glossary link: https://thecyberwire.com/glossary/secure-web-gateway Audio reference link: ?Vintage Computer Federation (2015). VCF East 9.1 - Ches? Computer Security Adventures - Bill Cheswick. YouTube. Available at: https://www.youtube.com/watch?v=trR1cuBtcPs.
2022-11-01
Länk till avsnitt

The Malware Mash! [Bonus]

Enjoy this CyberWire classic. They did the Mash...the did the Malware Mash...
2022-10-28
Länk till avsnitt

Setting tech limits with a new tool.

Kim Allman from NortonLifeLock, and Carrie Neill from the National PTA, sit down with Dave to discuss the Smart Talk 2.0 tool. Joe and Dave share some follow up on an exciting new position Joe has accepted as the Director of Cyber Science at a company called Harbor Labs. This week, Joe's story comes from listener Beau, who writes in about an ATM scam he fell victim to, sharing how the scammers were spamming his phone with texts, emails, and calls before he figured out what was going on. Dave's story follows the growing new trend of overworking, or having two remote jobs at once and working at both. One company's CEO calls it a form of theft and deception. Our catch of the day comes from listener Rodney who writes in, sharing about his son's girlfriend who is looking for work and received an email pointing her in the direction of a new prospect. Sadly, Rodney had to share the news that the email seemed to be a scam. Links to stories: Tech CEO calls overemployment trend a 'new form of theft and deception' after firing 2 engineers secretly working multiple full-time jobs at once Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.
2022-10-27
Länk till avsnitt

Indicators of Compromise (noun) [Word Notes]

Digital evidence that a system or network has been breached. CyberWire Glossary link: https://thecyberwire.com/glossary/indicator-of-compromise Audio reference link: ??Suicide or Murder? | The Blind Banker | Sherlock,? uploaded by Sherlock, 18 October 2015
2022-10-25
Länk till avsnitt

The difference between shallow fakes vs. deep fakes.

Martin Rehak CEO & Founder from Resistant AI sits down with Dave to discuss how organizations should be worried about shallow fakes vs. deep fakes. Listener Joe writes in with some follow up on Joe's statement about not using legacy OSes, and how it is unfortunately not an option for many. Both Joe and Dave share two stories this week. Dave's first story follows how the Maryland Attorney General, Brian Frosh, is warning residents about purchasing flood-damaged cars. Dave's second story is about how a Japanese woman was fooled by an astronaut imposter who wooed her into buying a "return ticket to earth." Joe's first story is about a potential scam brewing in Springfield, as people are collecting money on the side of the street for a teenagers funeral, police are warning residents stating they have heard of this scam in neighboring cities. Joe's second story follows a new horrifying scam after a woman fell victim to a phone scam where the scammer claimed to have the victims daughter and they would kill her if she did not do what they asked. Our catch of the day comes from listener Richard who writes in sharing his experience with an email that may or may not be a phish. Links to stories: Consumer Alert: Attorney General Frosh Warns Consumers about Purchasing Flood-Damaged Cars An Imposter Claiming to Be an Astronaut Wooed a Japanese Woman Into Paying for a 'Return Ticket to Earth' Springfield police warns drivers of ?potential? funeral scam Greenfield Police warns about "terrifying" kidnapping scam Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.
2022-10-20
Länk till avsnitt

Intrusion Detection System (noun) [Word Notes]

A system that monitors for malicious or unwanted activity, and either raises alerts when such activity is detected or blocks the traffic from passing to the target. CyberWire Glossary link: https://thecyberwire.com/glossary/intrusion-detection-system Audio reference link: ?Network Intrusion Detection and Prevention - CompTIA Security+ SY0-501 - 2.1,? Professor Messer, uploaded 16 November, 2017
2022-10-18
Länk till avsnitt

The long con and the flim flam. [Hacking Humans Goes to the Movies]

Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn and join us for some fantastic scams and frauds. Links to this episode's clips if you'd like to watch along: Rick's clip from Hustle: S1 Ep1 The Con is On Dave's clip from Cheers: S6 Harry the Hat
2022-10-16
Länk till avsnitt

Falling for a phishing kit scam.

Larry Cashdollar from Akamai sits down with Dave to discuss their research, "The Kit That Wants It All: Scam Mimics PayPal?s Known Security Measures." Joe shares an incredible story regarding impersonation and man sharing his first hand experience with impostors impersonating him to get a job, luckily a good samaritan shared this information before the damage could be done. Dave's story follows raids happening in Cambodia with connection to alleged cyberscam compounds. We have two catches of the day this week, one is from listener Eric who sends in a romance scam email asking for love from one desperate scammer. The next one comes from Uberfacts on Twitter and is an instagram DM from someone pretending to be Queen Elizabeth II. Links to stories: Someone is pretending to be me. Authorities Raid Alleged Cyberscam Compounds in Cambodia Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.
2022-10-13
Länk till avsnitt

MFA prompt bombing (noun) [Word Notes]

Hackers bypass, multifactor authentication schemes by sending a blizzard of spamming login attempts until the accounts owner accepts the MFA prompt out of desperation to make the spamming stop.  CyberWire Glossary link: https://thecyberwire.com/glossary/mfa-prompt-bombing Audio reference link: movieclips. ?Sneakers (2/9) Movie Clip - Defeating the Keypad (1992) HD.? YouTube, YouTube, 29 May 2011, https://www.youtube.com/watch?v=oG5vsPJ5Tos. 
2022-10-11
Länk till avsnitt

What is cyber quantum computing?

Pete Ford from QuSecure sits down with Dave to discuss what exactly cyber quantum computing is, what it means for the country, and how other countries are using quantum. Dave and Joe share follow up on 2 stories, one Bleeping Computer reports, discussing the teen that hacked Uber and Rockstar Games has been arrested. Second, we share some listener follow up from last episode about medical documents being shared and how easy it would be to falsify your identity to obtain children's documents. Dustin, a Registered Health Information Management Technician, shares his thoughts on the matter. Dave's story follows the FCC?s new plan to require phone companies to block spam texts from bogus numbers. Joe has the story on how two Abbotsford residents lose approximately forty six thousand dollars in a bank scam. Our catch of the day comes from listener Joseph who shares a strange email he received from a scammer claiming to be PayPal, which could have seemed real if it weren't for a few mistakes Joseph found to be peculiar. Links to stories: FCC advances plan to require blocking of spam texts from bogus numbers Two Abbotsford residents lose $46K in bank scam UK Police arrests teen believed to be behind Uber, Rockstar hacks Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.
2022-10-06
Länk till avsnitt

Apple Lockdown Mode (noun) [Word Notes]

An optional security mode for macOS and iOS that reduces the attack surface of the operating system by disabling certain commonly attacked features.  Audio reference link: ?How NSO Group?s Pegasus Spyware Was Found on Jamal Khashoggi?s Fiancée?s Phone,? FRONTLINE, YouTube, 18 July 2021.
2022-10-04
Länk till avsnitt

A cryptoqueen on the run and the cons she got away with.

This week Carole Theriault sits down to interview author Jamie Bartlett on his book, "The Missing Cryptoqueen - The Billion Dollar Cryptocurrency Con and the Woman Who Got Away with It." Dave and Joe share some follow up from listener Dustin who shares an interesting experience he had involving his child's medical documents and how easy it was to obtain them, making scams even easier. Joe's story follows a young teen hacker and how they allegedly were able to hack Uber and Rockstar Games. Dave has got the story on Queen Elizabeth II and how giving condolences could lead you right into a scam. Our catch of the day comes from us here at the CyberWire. We received an email from one Vladomir Petrova, a citizen of Ukraine, which gets more suspicious the longer the email reads. Links to stories: Social Engineering: How A Teen Hacker Allegedly Managed To Breach Both Uber And Rockstar Games PHISHING ALERT: GIVING YOUR CONDOLENCES FOR QUEEN ELIZABETH II CAN LEAVE YOUR DATA IN THE HANDS OF CYBERCRIMINALS Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.
2022-09-29
Länk till avsnitt

Simulated Phishing (noun) [Word Notes]

A security awareness training technique in which authorized, but fake phishing emails are sent to employees in order to measure and improve their resistance to real phishing attacks.  CyberWire Glossary link: https://thecyberwire.com/glossary/simulated-phishing Audio reference link: ?Blackhat (2014) - Hacking the NSA Scene (4/10) | Movieclips.? YouTube, YouTube, 19 Apr. 2017.
2022-09-27
Länk till avsnitt

The rise in fraudulent online content.

Guest Jane Lee, Trust and Safety Architect from Sift joins Dave to discuss the rise of fraudulent online content and fake crypto platforms. Dave and Joe share some listener follow up regarding the debate over "mum" versus "mom" and who speaks which pronunciation more. Dave has two stories this week, one story follows a Twitter thread about a man who shared his story about selling a desk on Facebook and the dangers that come with that. His second story is about how hackers are using a clever new phishing technique to create email threads with multiple responses to trick potential victims into thinking bogus messages are legitimate. Joe shares the story of hackers new way to get information positioning themselves in the middle of your browser between the server and your computer. Our catch of the day has a little bit of everything from Peter who writes in about an email he received pulling out all the stops to get him to give over his information. Links to stories: Twitter thread https://www.cyberscoop.com/phishing-scheme-targeting-mideast-researchers/ Serious Security: Browser-in-the-browser attacks ? watch out for windows that aren?t! Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.
2022-09-22
Länk till avsnitt

Sideloading (noun) [Word Notes]

The process of installing applications on a device without the use of official software distribution channels. CyberWire Glossary link: https://thecyberwire.com/glossary/sideloading
2022-09-20
Länk till avsnitt

It pays to do your research. [Hacking Humans Goes to the Movies}

Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Co-hosts Dave Bittner and Joe Carrigan are joined by Rick Howard in this series where they view clips from their favorite movies with examples of the social engineering scams and schemes you hear about on Hacking Humans. In this episode, Dave and Joe are joined on this episode by guest Tracy Maleeff from Krebs Stamos Group ? you may know her on Twitter as @Infosecsherpa. Dave,Joe and Tracy watch and discuss Tracy;s and Joe's clips on this episode. They watch each of the selected scenes, describe the on-screen action for you, and then the team deconstructs what they saw. Grab your bowl of popcorn and join us for some Hollywood scams and frauds. Links to this episode's clips if you'd like to watch along: Tracy's clips from "Working Girl" Elevator scene Tess and Jack gatecrash a wedding scene Joe's clip from "Oceans 8"
2022-09-18
Länk till avsnitt

Is inflation affecting the Dark Web?

Dov Lerner, a Security Research Lead from Cybersixgill, sits down with Dave to discuss how inflation hasn't affected the Dark Web, including how the cratering of cryptocurrency may have affected things. Joe and Dave share some follow up from listener Pelle, who writes in about their grandmother who was scammed over the phone for her PIN, among other information, allowing the scammers to get away with much more than money. This week, Joe's story comes from a listener named Kyle, who shared an article about protecting against AiTM (adversary-in-the-middle) phishing techniques that bypass multi-factor authentication. Dave's story is about a new video being released that shares the most common WhatsApp scams and how to avoid them. Our catch of the day comes from listener Vlad, who shares his story regarding an email he received stating he is owed 1 million dollars, and how he's not falling for the scammer?s latest attempt. Links to stories: Protect against AiTM/ MFA phishing attacks using Microsoft technology How to avoid the most common WhatsApp Scams 2022 WhatsApp Scams in 2022: What to Look out for Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.
2022-09-15
Länk till avsnitt

Microsegmentation (noun) [Word Notes]

A zero trust security technique that isolates application workloads from each other, allowing each one to be protected individually. CyberWire Glossary link: https://thecyberwire.com/glossary/microsegmentation Audio reference link: ?Micro-Segmentation Masterpieces,? PJ Kirner, Illumio CTO and Co-Founder, Tech Field Day, YouTube, 13 December 2020.
2022-09-13
Länk till avsnitt

A travel surge and a host of different scams.

Greg Otto from Intel 471 joins Dave to discuss the findings of their work on "Cybercriminals preying on a travel surge with a host of different scams." Dave and Joe share some interesting listener follow up from Kevin, who writes in about the deepfakes episode and shares his comments on how scary the topic can be, especially with politicians. Dave shares a story about Charles Egunjobi, an auditor with the D.C. government, and how he fell victim to an online love scam costing elderly U.S. citizens $1.9 million. Joe touches on two stories, one being how a woman down in Texas is able to scam men out of some expensive items with a romance scam, and the other being a story that is warning Pennsylvania residents on a quick moving scam artist moving from state to state. Our catch of the day comes from Jon in California who writes in about about an email scam concerning a local job sent to him and how he needs to apply right away. Links to stories: D.C. government auditor involved in romance scheme, prosecutors say Texas woman cons men out of Rolex watches and fancy cars through ?romance scam? Pennsylvania State Troopers warn of ?quick moving? city-to-city scam artists Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.
2022-09-08
Länk till avsnitt

Homograph phishing (noun) [Word Notes]

The use of similar-looking characters in a phishing URL to spoof a legitimate site. CyberWire Glossary link: Audio reference link: ?Mission Impossible III 2006 Masking 01,? uploaded by DISGUISE MASK, 28 July 2018.
2022-09-06
Länk till avsnitt

Is there a growing number of public and private partnerships forming?

This week Carole Theriault interviews Chuck Everette from Deep Instinct on public and private partnerships. Dave and Joe share some listener follow up from Rodney who writes in about flexible spending cards and chips inside them as well as sharing technology that helps keep the scammers away. Joe's story follows the trend of fake invoicing, specifically through PayPal and the newest string of scammers getting people to call in about a pending charge. Dave shares a story where people are getting sent fake Microsoft products in hopes to steal information after they plug these products into their computers. Our catch of the day comes from listener William who writes in about getting an increasing amount of emails from fake accounts saying they have charged his card and there is a pending transaction. William shares how the scammers are trying to get him to call in to dispute the charges. Links to stories: PayPal Phishing Scam Uses Invoices Sent Via PayPal Criminals posting counterfeit Microsoft products to get access to victims' computers Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.
2022-09-01
Länk till avsnitt

Policy Orchestration (noun) [Word Notes]

The deployment of rules to the security stack across all data islands, cloud, SaaS applications, data centers, and mobile devices designed to manifest an organization's cybersecurity first principle strategies of zero trust, intrusion kill chain prevention, resilience, and risk forecasting.  CyberWire Glossary link: https://thecyberwire.com/glossary/policy-orchestration Audio reference link: ?The Value of Using Security Policy Orchestration and Automation,? by David Monahan, uploaded by EMAResearch, 3 April, 2018
2022-08-30
Länk till avsnitt

Encore: Sometimes, deepfake victims don't want to be convinced it is fake.

Guest Etay Maor of Cato Networks joins Dave Bittner to discuss the impact that deepfakes will have on our society, we share some fun feedback on the Lightning Rod story edit, Dave's story talks about how some of the most successful and lucrative online scams employ a ?low-and-slow? approach, Joe's story is about 2 Arkansas farmer that scammed investors out of money for wind turbines, but used it for houses, cars and Disney World, and our Catch of the Day is from an unnamed listener with a supposed iPhone invoice. Links to stories: Gift Card Gang Extracts Cash From 100k Inboxes Daily Arkansas wind farmers claimed their technology was more efficient than turbines ? then spent investors? money on houses, cars and at Disney World Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.
2022-08-25
Länk till avsnitt

Anti-cheat software (noun) [Word Notes]

Software designed to prevent cheating in video games.  CyberWire Glossary link: https://thecyberwire.com/glossary/anti-cheat-software Audio reference link: ?The BIG Problem with Anti-Cheat,? by Techquickie, YouTube, 5 June 2020
2022-08-23
Länk till avsnitt

Scams in the media.

Mallory Sofastaii from Baltimore's WMAR 2 News sits down with Joe to talk about some recent stories on scams she's covered on Matter for Mallory. Dave and Joe share some listener follow up from Robert who writes in about the technical means to protect phones from robocalls. He shares some insight on how carriers up in the north are able to protect phones. Dave shares a twitter thread from Brian Jay Jones, who is an author of biographies of Jim Henson, George Lucas and Dr. Seuss, who shares how he would have almost had his Twitter account hijacked if it weren't for 2-step verification. Joe's story is on a gentleman pleading guilty in PAC scams, raising almost 3.5 million by making false and misleading representations in the 2016 election. This week we have a string of catch of the days from different listeners sharing different SMS scams. Links to stories: Associate of scam PAC operator pleads guilty Twitter thread of Brian Jay Jones Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter
2022-08-18
Länk till avsnitt

Pseudoransomware (noun) [Word Notes]

Malware, in the guise of ransomware, that destroys data rather than encrypts. CyberWire Glossary link: https://thecyberwire.com/glossary/pseudoransomware Audio reference link: ?Some Men Just Want to Watch the World Burn | the Dark Knight,? by YouTube, 2 November 2019.
2022-08-16
Länk till avsnitt

Staying away from Medicare scams.

Ari Parker, Lead Advisor from Chapter, discussing "Tips for Avoiding Medicare Scams." Joe and Dave share some follow up from several listeners, who write in about various scams they have encountered. Joe's story is on Facebook messenger and how more and more victims are being claimed to scams and cons through the popular social media app. Dave's story shares disturbing information regarding LinkedIn scams, explaining how North Koreans are stealing resumes off the job site in a new crypto job search scam. Our catch of the day comes from listener Jon who writes in about him receiving $10,500,000.00 and how he needs to claim this offer before the end of 2021. Sadly he missed the deadline and wanted to share. Links to stories: Understand and Avoid Medicare Scams Facebook Messenger scam snags 10 million victims, more conned every day North Koreans Steal LinkedIn Resumes in Crypto Job Search Scam Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter
2022-08-11
Länk till avsnitt

Trusted Platform Module (TPM) (noun) [Word Notes]

A browser configuration control that prevents accessing resources within a private network. CyberWire Glossary link: Audio reference link: ?TPM (Trusted Platform Module) - Computerphile,? Computerphile, 23 July 2021
2022-08-09
Länk till avsnitt

Making the world a safer online place.

Raj Sarkar, CMO from 1Password and Julien Benichou, Senior Director of Partnership, Strategy, and Execution from Gen.G, join Dave to discuss making the online world a safer place and talk about helping reduce the risk of gamers being the target of hackers. Joe and Dave share some followup from listener Ryan who writes in about the catch of the day from last week's episode, and what struck him most with the scam. Dave's story is on how the government was able to seize millions in stolen cryptocurrency. Joe's story is on a scam involving diamonds and how one scammer was caught, now sentenced to 12 years in prison. Our catch of the day comes from listener Jeremy who writes in about a suspicious email he received from one of his mothers friends. She wrote him asking if he could buy her gift cards and she would pay him back. He shares how he dealt with the scammer and informed his mom, one of her friends emails may have been compromised. Links to stories: How governments seize millions in stolen cryptocurrency Jeweler who sold Trump-Maples ring sentenced to 12 years in multimillion-dollar ?Yellow Rose? diamond scam Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter
2022-08-04
Länk till avsnitt

Private Network Access (PNA) (noun) [Word Notes]

A browser configuration control that prevents accessing resources within a private network. CyberWire Glossary link: Audio reference link: ?Chrome Limits Access to Private Networks,? by Daniel Lowrie, ITProTV, YouTube, 19 January 2022.
2022-08-02
Länk till avsnitt

A return to office means a return to email scams.

Romain Basset, Director of Customer Service, at Vade joins Dave to discuss the threat of initial contact spearphishing emails now that many employees are returning to the office. Dave and Joe share some listener follow up from listener Will who writes in about a troubling debate over if it should be "Joe and Dave" or "Dave and Joe." Will shares a website about ablaut reduplication, sharing his thoughts on the matter. Joe shares some good news following a story of a homeless man being robbed of $400,000 after a GoFundMe scam. Joe's story is on a woman who loses almost $150,000 over the phone with someone claiming to be a DEA agent. Dave's story is on a woman who gets scam calls up to 20 times a day. She was diagnosed with cancer in 2021, and can't afford to miss any calls from potential doctors or possible nurses trying to schedule appointments. Our catch of the day comes from listener Alex who writes in sharing how his Apple ID was hacked and locked, although the scammers got one crucial detail wrong, his email. Links to stories: Lincoln woman loses $149,000 in DEA phone scam GoFundMe scam: Kate McClure sentenced to 1 year in federal prison The nonstop scam economy is costing us more than just money Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter
2022-07-28
Länk till avsnitt

Extortion scams and the LGBTQ+ community.

This week, Carole Theriault sits down to talk with Paul Ducklin from Sophos on extortion scams targeting LGBTQ+ communities. Joe and Dave share multiple pieces of listener follow up, the first from Matt and Kevin, who write in to share a Wikipedia link regarding N.B. (Nota Bene, or note well) and an ad from 1801. The second one is a write in from someone who is referred to as "P," who shares more information on the Facebook link shortener discussion. Finally, Joe and Dave get a great piece of listener feedback from listener and friend of the show Jonathan, who writes in about resist fingerprinting and how Firefox doesn't block fingerprinting. Dave's story is on trafficking victims being forced to scam people. Joe's story is on a credit union being targeted for phone scams. Our catch of the day comes from listener Ian, who shares how his son was trying to get college housing accommodations and went through Facebook, only to find out that not everyone is as trustworthy as they seem. Links to stories: From Industrial-Scale Scam Centers, Trafficking Victims Are Being Forced to Steal Billions Don?t fall for a scam targeting Ent Credit Union customers Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter
2022-07-21
Länk till avsnitt

Web 3.0 (noun)

The potential next evolution of the worldwide web that decentralizes interaction between users and content away from the big silicon valley social media platforms like Twitter, Facebook, and YouTube, and towards peer-to-peer interaction using blockchain as the underlying technology.  CyberWire Glossary link: https://thecyberwire.com/glossary/web-30 Audio reference link: ?What Elon Musk Just Said about Metaverse, Web3 and Neuralink,? By Clayton Morris, Crypto News Daily, YouTube. 2 December 2021.
2022-07-19
Länk till avsnitt

Behavioral science in the world of InfoSec.

Kelly Shortridge, a Senior Principal from Fastly, joins Dave to discuss her talk at RSAC on why behavioral science and behavioral economics matters for InfoSec. Joe's story shares an old scam with a new twist, it's about packages being delivered to you that you never ordered. Dave's story is on how a large scale phishing campaign compromised one million Facebook credentials. Our catch of the day comes from listener Will who was reached out to by someone claiming to be the "Head IMF/EUROPEAN UNION coordinator," who claimed to want to give Will one million dollars in compensation. Links to stories: Package scam delivers unordered items, victims billed hundreds of dollars One Million Facebook Credentials Compromised in Four Months by Ongoing Phishing Campaign Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter
2022-07-14
Länk till avsnitt

Identity access management (IAM) (noun) [Word Notes]

A set of solutions for ensuring that the right users can only access the appropriate resources. CyberWire Glossary link: https://thecyberwire.com/glossary/identity-and-access-management Audio reference link: ?The Wrath of Khan (1982) ?Kirk?s Response,?? by Russell, YouTube, 16 May 2017.
2022-07-12
Länk till avsnitt

Human errors and why they're made.

Josh Yavor, CISO at Tessian, joins Dave to discuss a new report they released on cyber mistakes and why employees make them. Joe and Dave share a listener follow-up from Jon, who writes in about mental illness, a serious epidemic taking over the nation. Jon shares interesting tidbits on social media linking to mental illness and the impact it's creating. Dave's story is on hackers trying an old trick with new mechanics: impersonating well known companies. This time, hackers are posing as Quickbooks. Joe's story describes how LinkedIn users are being targeted yet again. These fraudsters are now creating significant threats to users, according to the FBI. Finally, our catch of the day comes from listener Jennifer, who writes in and shares her story of a scammer using SMS to tell her that her Venmo account was hacked, even though she does not have one. Links to stories: Sending Phishing Emails from QuickBooks FBI says fraud on LinkedIn a ?significant threat? to platform and consumers Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter
2022-07-07
Länk till avsnitt

Abstraction layer (noun) [Word Notes]

A process of hiding the complexity of a system by providing an interface that eases its manipulation. CyberWire Glossary link: https://thecyberwire.com/glossary/abstraction-layer Audio reference link: ?What Is Abstraction in Computer Science,? by CodeExpanse, YouTube, 29 October 2018.
2022-07-05
Länk till avsnitt

The top 10 brand names most likely used in a phishing scheme.

Omer Dembinsky, a Data Research Manager from Check Point Research, joins Dave to discuss their Brand Phishing Report for Q1 2022 and how DHL, Maersk, and AliExpress were all in the top 10 list. Joe and Dave have some listener follow up from the 200th episode discussing how many redirects are too many. Joe has two stories this week, the first on how Instagram (Meta Platforms) was hit with multiple lawsuits from the Beasley Allen Law Firm over exploiting young people for money. The second story is about social media addiction, and how companies are making the platforms deliberately addictive. Dave's story is on your internet fingerprint that you leave behind, and how easy it is for websites to know everything about you and your computer settings. Our catch of the day comes from listener Pablo, who shares about a scammer contacting him through text trying to receive money for coronavirus insurance. Links to stories: Meta, Instagram hit with 8 lawsuits for ?exploiting young people for profit? Social media apps are 'deliberately' addictive to users The Fingerprint You Leave Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter
2022-06-30
Länk till avsnitt

Identity Fabric (noun) [Word Notes]

A set of services for managing identity and access management, or IAM across all of an organization's data islands. CyberWire Glossary link: https://thecyberwire.com/glossary/identity-fabric Audio reference link: ?Leadership Compass Identity Fabrics - Analyst Chat 126,? by KuppingerCole, YouTube, 30 May 2022.
2022-06-28
Länk till avsnitt

North Korea and a global cyber war.

Carole Theriault interviews author and journalist Geoff White on his upcoming book, "The Lazarus Heist: From Hollywood to High Finance: Inside North Korea's Global Cyber War." Joe and Dave share some listener follow up from listener John, regarding a T-mobile breach and how he was notified through a third-party monitoring service and not T-Mobile. Joe's story shares how hackers are also keeping an eye on the upcoming holidays and describes how a Father's Day beer contest from Heineken was a scam. Dave's story is on police warning against a rise in voice phishing as they have made 2000 arrests since the crackdown on social engineering and business email scams started. Our catch of the day comes all the way from the Netherlands, listener Joram shares a scam he discovered in his spam folder. The sender notified him that she is frail and will be dying soon, to which her millions of dollars will be lost since she has no next of kin. The sender goes on to tell him that he is receiving this money just out of the goodness of her heart. Links to stories: Heineken says Father's Day beer contest is a scam 2,000 arrests in crackdown on social engineering and business email scams Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter
2022-06-23
Länk till avsnitt

Intrusion Kill Chain (noun) [Word Notes]

A cybersecurity first principle strategy focused on disrupting known adversary activity at one of several phases of an attack sequence. CyberWire Glossary link: https://thecyberwire.com/glossary/intrusion-kill-chain Audio reference link: "Cybersecurity Days: A Network Defender's Future," by Rick Howard, Integrated Cyber Conference, Integrated Adaptive Cyber Defense (IACD), YouTube, 26 October 2018.
2022-06-21
Länk till avsnitt

The great resignation and data exposure challenges.

Abhik Mitra, Head of Portfolio Strategy at Code42, shares the findings on Code 42's 2022 Data Exposure Report (DER). Joe breaks down a story that follows a couple in Westlake, where the woman was called about a supposed warrant out for her arrest, and how she was told that she needs to provide thousands of dollars in order for the police to not come and arrest her. The story describes how her fast-thinking husband was able to figure out the scam and get in touch with real authorities. Dave's story delves into Facebook and a phishing scam that ended in a threat actor stealing 1M credentials in 4 months. Our catch of the day comes from listener William who received an email about a new laptop that he supposedly bought through PayPal. He shares why he knew it was a scheme right away, and hopes to make this information known so others know what to look out for. Links to stories: Westlake doctor and lawyer avoid telephone scam; police warn residents to be alert Phishing tactics: how a threat actor stole 1M credentials in 4 months Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitte
2022-06-16
Länk till avsnitt

Identity Orchestration (noun) [Word Notes]

A subset of security orchestration, the management of identities across an organization's set of digital islands.  CyberWire Glossary link: https://thecyberwire.com/glossary/identity-orchestration
2022-06-14
Länk till avsnitt

What to look out for with scan-and-exploit cyber attacks.

Andrew Morris, founder and CEO of GreyNoise Intelligence, joins Dave to discuss the explosive increase in opportunistic scan-and-exploit cyber attacks, and what security analysts can do to combat it. Joe and Dave share some follow up from listener Mark, whose son got scammed out of 150 million dollars in a game he plays. Dave's story is on ChromeLoader, which is a pervasive and persistent browser hijacker that modifies your settings and redirects you to more advertisement websites. Joe has two stories: one on a family of con artists found to be scamming gas station patrons that attacked an individual after being confronted, and the second is on fake Facebook ads and how shoppers are being scammed. Our catch of the day comes from listener Jon, who was contacted via email being requested to pay customs fees of $750 for packages in his name. Links to stories: ChromeLoader: a pushy malvertiser Michigan State Police Looking For Con Artists in Emmet County Gas Station Scam Shoppers scammed by fake ads on Facebook Marketplace Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.
2022-06-09
Länk till avsnitt

Diamond Model (noun) [Word Notes]

A cyber threat intelligence analysis model that defines relationship pairs between four core components in the shape of a diamond of adversary playbook activity across the intrusion kill chain: the adversary, their capability, the infrastructure used or attacked, and the victim. CyberWire Glossary link: https://thecyberwire.com/glossary/diamond-model Audio reference link: ?Diamond Presentation v2 0: Diamond Model for Intrusion Analysis ? Applied to Star Wars? Battles,? Andy Pendergrast and Wade Baker, ThreatConnect, YouTube, 4 February 2020.
2022-06-07
Länk till avsnitt

Is ransomware getting too fast?

Ryan Kovar, distinguished security strategist at Splunk and leader of SURGe, discusses the speed of ransomware, as well as the first-of-its-kind research the SURGe team is releasing on how quickly the top ransomware families can encrypt 100,000 files. Joe and Dave share some listener follow up from listener Josh. Joe's story follows the baby food shortage and warns about the dangers of sellers scamming people through online purchases of formula. Dave's story is on how IT members can identify the three most dangerous types of internal users and what businesses need to look out for. Our catch of the day comes from listener Josh, who shares about a friend of his who possibly got hacked and the check the scammers claimed was real. Links to stories: Kansas City-area experts warn of online baby formula scams The three most dangerous types of internal users to be aware of Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.
2022-06-02
Länk till avsnitt
Hur lyssnar man på podcast?

En liten tjänst av I'm With Friends. Finns även på engelska.
Uppdateras med hjälp från iTunes.