This week, our hosts Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of the T-Minus Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start off with some more chicken follow up, this week, delving into malware-related chicken names. Dave’s got the story of Brevard-based Health First Health Plans teaming up with the FBI to warn consumers about a nationwide medical...
Jun 12, 2025•43 min•Season 8Ep. 342
Please enjoy this encore of Word Notes. Code and data repositories that don't protect against unauthorized changes.
Jun 10, 2025•8 min•Season 2Ep. 87
This week, our hosts Joe Carrigan, and Maria Varmazis (also host of the T-Minus Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow-up from a listener on class action settlements: they’re a class action attorney and shared that the best way to verify a notice is to contact the law firm listed in the court documents—plus, unclaimed funds don’t go to the attorne...
Jun 05, 2025•47 min•Season 8Ep. 341
Please enjoy this encore of Word Notes. An attack technique that leverages an unprotected web server as a proxy for attackers to send commands through to other computers.
Jun 03, 2025•8 min•Season 2Ep. 86
Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by her co-hosts N2K Networks Dave Bittner and Keith Mularski, former FBI cybercrime investigator and now Chief Global Ambassador at Qi...
Jun 03, 2025•36 min•Season 1Ep. 13
This week, our three hosts Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of the T-Minus Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with a bit of follow up, one from listener Aaron, who shares some safety tips for chickens, and from listener Shannon, who writes in with a new fashion statement. Maria’s got the story on how Trump’s sweeping new tariffs are creat...
May 29, 2025•42 min•Season 8Ep. 340
Please enjoy this encore of Word Notes. The absence of telemetry that could help network defenders detect and respond to hostile attempts to compromise a system.
May 27, 2025•6 min•Season 2Ep. 85
This week, our three hosts Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of the T-Minus Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Listener Jim notes that money launderers and couriers mentioned in recent episodes are often scam victims themselves, unknowingly processing fraudulent payments or delivering items, sometimes with tragic consequences like an innocent Uber driver b...
May 22, 2025•58 min•Season 8Ep. 339
Please enjoy this encore of Word Notes. Ineffectual confirmation of a user's identity or authentication in session management. CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-identification-and-authentication-failure Audio reference link: “Mr. Robot Hack - Password Cracking - Episode 1.” YouTube Video. YouTube, September 21, 2016.
May 20, 2025•6 min•Season 2Ep. 84
And....we're back! This week, our three hosts Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of the T-Minus Space Daily show) are all back to share the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. The team shares three bits of follow-up and then breaks into their stories. Joe starts off sharing some stories about influencer fakery on fake private jet sets and a scam taking advantage of the RealID requirements coming into effect...
May 15, 2025•44 min•Season 8Ep. 338
Please enjoy this encore of Word Notes. An open source Java-based software tool available from the Apache Software Foundation designed to log security and performance information. CyberWire Glossary link: https://thecyberwire.com/glossary/log4j Audio reference link: “CISA Director: The LOG4J Security Flaw Is the ‘Most Serious’ She’s Seen in Her Career,” by Eamon Javers (CNBC) and Jen Easterly (Cybersecurity and Infrastructure Security Director) YouTube, 20 December 20 2021.
May 13, 2025•9 min•Season 2Ep. 83
As Dave Bittner is at the RSA Conference this week, our hosts Maria Varmazis and Joe Carrigan, are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow-up from José on episode 335, sharing how UK banking features like Faster Payments and the “Check Payee” function might have helped prevent a scam involving fake banking apps—and he even tells a wild tale of someone using a fake app to reverse-scam a bike...
May 08, 2025•46 min•Season 8Ep. 337
Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and our newest co-host, Keith Mularski, former FBI cybercrime investigator and now Chief Global Ambassador at Quintel....
May 06, 2025•42 min•Season 1Ep. 12
Please enjoy this encore of Word Notes. Software users are allowed access to data or functionality contrary to the defined zero trust policy by bypassing or manipulating the installed security controls.
May 06, 2025•8 min•Season 2Ep. 82
As Maria is on vacation this week, our hosts Dave Bittner and Joe Carrigan, are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Joe and Dave are joined by guest Rob Allen from ThreatLocker who shares a story on how a spoofed call to the help desk unraveled into a full-blown cyber siege on MGM Resorts. Joe’s story is on a new FBI warning: scammers are impersonating the Internet Crime Complaint Center (IC3), the very site where...
May 01, 2025•29 min•Season 7Ep. 336
Please enjoy this encore of Word Notes. The state of a web application when it's vulnerable to attack due to an insecure configuration. CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-security-misconfiguration Audio reference link: “What Is the Elvish Word for Friend?” Quora, 2021.
Apr 29, 2025•7 min•Season 2Ep. 81
This week, our hosts Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of the T-Minus Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. This week Joe's got some follow up about his chickens. Joe's story is on LLM-powered coding tools, and how they are increasingly hallucinating fake software package names, opening the door for attackers to upload malicious lookalike packages—a practice dubbed "slopsqua...
Apr 24, 2025•43 min•Season 7Ep. 335
Please enjoy this encore episode of Word Notes. A broad OWASP Top 10 software development category representing missing, ineffective, or unforeseen security measures. CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-insecure-design Audio reference link: “Oceans Eleven Problem Constraints Assumptions.” by Steve Jones, YouTube, 4 November 2015.
Apr 22, 2025•8 min•Season 2Ep. 80
This week, our hosts Dave Bittner and Joe Carrigan, are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines, while our other host, Maria Varmazis is at a conference. We begin with some follow-up, as Joe reflects on the density of gold. Then, Dave shares some heartfelt and moving words about the recent passing of his father. Dave's story follows how confusion sparked by Trump's erratic tariff policies is fueling a global surge in cyber...
Apr 17, 2025•35 min•Season 7Ep. 334
Please enjoy this encore of Word Notes. A broad class of attack vectors, where an attacker supplies input to an applications command interpreter that results in unanticipated functionality. CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-injection Audio reference link: “APPSEC Cali 2018 - Taking on the King: Killing Injection Vulnerabilities” YouTube Video. YouTube, March 19, 2018.
Apr 15, 2025•7 min•Season 2Ep. 79
This week, while Dave Bittner is out, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start off with a lot of follow up on listener feedback this week! Justin shares a thought about how to track gold deliveries with a simple sting operation involving an AirTag. Xray Specs offers a fun response to a theory about scanning plates and running P...
Apr 10, 2025•37 min•Season 7Ep. 333
Please enjoy this encore of Word Notes. Code that fails to protect sensitive information. CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-cryptographic-failure Audio reference link: Vandana Verma. “OWASP Spotlight - Project 10 - Top10.” YouTube Video. YouTube, January 4, 2021.
Apr 08, 2025•7 min•Season 2Ep. 78
This week our hosts, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. First, we start off with some more follow-up on EZ passes, along with the newest iteration, as Kailey Cornick shares that scammers target phone numbers rather than actual toll users, sending her SUN pass scam texts tied to her old Florida number. Dave shares the...
Apr 03, 2025•46 min•Season 7Ep. 332
Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner —and our newest totally unbiased co-host, Archy, a highly sophisticated AI robot who swears they have no ulterior motives (but w...
Apr 01, 2025•38 min•Season 1Ep. 11
Enjoy this encore of Word Notes. The prevention of the first part of an intrusion kill chain model exploitation technique, where the hacker steals valid logging credentials from a targeted victim. CyberWire Glossary link: https://thecyberwire.com/glossary/account-takeover-prevention
Apr 01, 2025•6 min•Season 2Ep. 77
This week our hosts, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow-up on E-ZPass scams—a listener suggests that scammers may be exploiting exposed license plate reader data, as demonstrated by YouTuber Mike Brown, to link plate numbers with breached phone records and send scam texts in real time. Dave'...
Mar 27, 2025•49 min•Season 7Ep. 331
Please enjoy this encore of Word Notes. The process of proactively searching through networks to detect and isolate security threats, rather than relying on security solutions or services to detect those threats. CyberWire Glossary link: https://thecyberwire.com/glossary/threat-hunting Audio reference link: “My ‘Aha!" Moment - Methods, Tips, & Lessons Learned in Threat Hunting - sans Thir Summit 2019.” YouTube, YouTube, 25 Feb. 2020.
Mar 25, 2025•7 min•Season 2Ep. 76
On Hacking Humans, this week Dave Bittner is back with Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), and they are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Joe shares a bit of follow up on scam victims sharing their experiences of losing money to various frauds, including investment schemes, romance scams, business email compromises, online shopping fraud, unusual payment requests, tax ...
Mar 20, 2025•36 min•Season 7Ep. 330
Please enjoy this encore of Word Notes. The continuous practice of identifying classifying, prioritizing, remediating, and mitigating software vulnerabilities within this. CyberWire Glossary link: https://thecyberwire.com/glossary/vulnerability-management Audio reference link: “Vulnerability Scanning - Comptia Security+ sy0-501 - 1.5.” YouTube, YouTube, 11 Nov. 2017,
Mar 18, 2025•8 min•Season 2Ep. 75
On Hacking Humans, this week Dave Bittner is on vacation so our two hosts Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Our hosts start out with some follow up on chicken talk from last week. Maria shares the story of scammers impersonating police officers in England to steal cryptocurrency by exploiting leaked personal data, creating fake f...
Mar 13, 2025•42 min•Season 7Ep. 329
