Please enjoy this encore of Word Notes. The absence of telemetry that could help network defenders detect and respond to hostile attempts to compromise a system.
This week, our three hosts Dave Bittner , Joe Carrigan , and Maria Varmazis (also host of the T-Minus Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Listener Jim notes that money launderers and couriers mentioned in recent episodes are often scam victims themselves, unknowingly processing fraudulent payments or delivering items, sometimes with tragic consequences like an innocent Uber driver...
Please enjoy this encore of Word Notes. Ineffectual confirmation of a user's identity or authentication in session management. CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-identification-and-authentication-failure Audio reference link: “ Mr. Robot Hack - Password Cracking - Episode 1 .” YouTube Video. YouTube, September 21, 2016....
And....we're back! This week, our three hosts Dave Bittner , Joe Carrigan , and Maria Varmazis (also host of the T-Minus Space Daily show) are all back to share the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. The team shares three bits of follow-up and then breaks into their stories. Joe starts off sharing some stories about influencer fakery on fake private jet sets and a scam taking advantage of the RealID requirements coming into effe...
Please enjoy this encore of Word Notes. An open source Java-based software tool available from the Apache Software Foundation designed to log security and performance information. CyberWire Glossary link: https://thecyberwire.com/glossary/log4j Audio reference link: “ CISA Director: The LOG4J Security Flaw Is the ‘Most Serious’ She’s Seen in Her Career ,” by Eamon Javers (CNBC) and Jen Easterly (Cybersecurity and Infrastructure Security Director) YouTube, 20 December 20 2021....
As Dave Bittner is at the RSA Conference this week, our hosts Maria Varmazis and Joe Carrigan , are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow-up from José on episode 335, sharing how UK banking features like Faster Payments and the “Check Payee” function might have helped prevent a scam involving fake banking apps—and he even tells a wild tale of someone using a fake app to reverse-scam a bi...
Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson , Proofpoint intelligence analyst and host of their podcast DISCARDED . Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and our newest co-host, Keith Mularski , former FBI cybercrime investigator and now Chief Global Ambassador at Quint...
Please enjoy this encore of Word Notes. Software users are allowed access to data or functionality contrary to the defined zero trust policy by bypassing or manipulating the installed security controls.
As Maria is on vacation this week, our hosts Dave Bittner and Joe Carrigan , are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Joe and Dave are joined by guest Rob Allen from ThreatLocker who shares a story on how a spoofed call to the help desk unraveled into a full-blown cyber siege on MGM Resorts. Joe’s story is on a new FBI warning: scammers are impersonating the Internet Crime Complaint Center (IC3), the very site wher...
Please enjoy this encore of Word Notes. The state of a web application when it's vulnerable to attack due to an insecure configuration. CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-security-misconfiguration Audio reference link: “What Is the Elvish Word for Friend?” Quora, 2021.
This week, our hosts Dave Bittner , Joe Carrigan , and Maria Varmazis (also host of the T-Minus Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. This week Joe's got some follow up about his chickens. Joe's story is on LLM-powered coding tools, and how they are increasingly hallucinating fake software package names, opening the door for attackers to upload malicious lookalike packages—a practice dubbed "slopsq...
Please enjoy this encore episode of Word Notes. A broad OWASP Top 10 software development category representing missing, ineffective, or unforeseen security measures. CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-insecure-design Audio reference link: “ Oceans Eleven Problem Constraints Assumptions .” by Steve Jones, YouTube, 4 November 2015....
This week, our hosts Dave Bittner and Joe Carrigan , are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines, while our other host, Maria Varmazis is at a conference. We begin with some follow-up, as Joe reflects on the density of gold. Then, Dave shares some heartfelt and moving words about the recent passing of his father. Dave's story follows how confusion sparked by Trump's erratic tariff policies is fueling a global surge in cybe...
Please enjoy this encore of Word Notes. A broad class of attack vectors, where an attacker supplies input to an applications command interpreter that results in unanticipated functionality. CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-injection Audio reference link: “ APPSEC Cali 2018 - Taking on the King: Killing Injection Vulnerabilities ” YouTube Video. YouTube, March 19, 2018....
This week, while Dave Bittner is out, Joe Carrigan , and Maria Varmazis (also host of N2K's daily space podcast, T-Minus ), are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start off with a lot of follow up on listener feedback this week! Justin shares a thought about how to track gold deliveries with a simple sting operation involving an AirTag. Xray Specs offers a fun response to a theory about scanning plates and running...
Please enjoy this encore of Word Notes. Code that fails to protect sensitive information. CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-cryptographic-failure Audio reference link: Vandana Verma. “ OWASP Spotlight - Project 10 - Top10 .” YouTube Video. YouTube, January 4, 2021.
This week our hosts, Dave Bittner , Joe Carrigan , and Maria Varmazis (also host of N2K's daily space podcast, T-Minus ), are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. First, we start off with some more follow-up on EZ passes, along with the newest iteration, as Kailey Cornick shares that scammers target phone numbers rather than actual toll users, sending her SUN pass scam texts tied to her old Florida number. Dave shares ...
Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson , Proofpoint intelligence analyst and host of their podcast DISCARDED . Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner —and our newest totally unbiased co-host, Archy, a highly sophisticated AI robot who swears they have no ulterior motives (but...
Enjoy this encore of Word Notes. The prevention of the first part of an intrusion kill chain model exploitation technique, where the hacker steals valid logging credentials from a targeted victim. CyberWire Glossary link: https://thecyberwire.com/glossary/account-takeover-prevention
This week our hosts, Dave Bittner , Joe Carrigan , and Maria Varmazis (also host of N2K's daily space podcast, T-Minus ), are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow-up on E-ZPass scams—a listener suggests that scammers may be exploiting exposed license plate reader data, as demonstrated by YouTuber Mike Brown, to link plate numbers with breached phone records and send scam texts in real time. Da...
Please enjoy this encore of Word Notes. The process of proactively searching through networks to detect and isolate security threats, rather than relying on security solutions or services to detect those threats. CyberWire Glossary link: https://thecyberwire.com/glossary/threat-hunting Audio reference link: “ My ‘Aha!" Moment - Methods, Tips, & Lessons Learned in Threat Hunting - sans Thir Summit 2019. ” YouTube , YouTube, 25 Feb. 2020....
On Hacking Humans, this week Dave Bittner is back with Joe Carrigan , and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), and they are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Joe shares a bit of follow up on scam victims sharing their experiences of losing money to various frauds, including investment schemes, romance scams, business email compromises, online shopping fraud, unusual payment requests, tax...
Please enjoy this encore of Word Notes. The continuous practice of identifying classifying, prioritizing, remediating, and mitigating software vulnerabilities within this. CyberWire Glossary link: https://thecyberwire.com/glossary/vulnerability-management Audio reference link: “ Vulnerability Scanning - Comptia Security+ sy0-501 - 1.5 .” YouTube , YouTube, 11 Nov. 2017,...
On Hacking Humans, this week Dave Bittner is on vacation so our two hosts Joe Carrigan , and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Our hosts start out with some follow up on chicken talk from last week. Maria shares the story of scammers impersonating police officers in England to steal cryptocurrency by exploiting leaked personal data, creating fake ...
Please enjoy this encore of Word Notes. A formal record containing the details and supply chain relationships of various components used in building software.
On Hacking Humans, this week Dave Bittner is on vacation so our two hosts Joe Carrigan , and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start off the show with some follow-up from a long-time listener who shared how switching to Publii and Cloudflare Pages saved his wife's psychiatric nurse practice over $120/year in hosting costs after discovering stat...
Please enjoy this encore of Word Notes. A security philosophy that assumes adversaries have already penetrated the digital environment and tries to reduce the potential impact by limiting access by people, devices, and software to only the resources essential to perform their function and nothing more.
Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson , Proofpoint intelligence analyst and host of their podcast DISCARDED . Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner —and our newest totally unbiased co-host, Archy, a highly sophisticated AI robot who swears they have no ulterior motives (but...
In this special live episode of Hacking Humans , recorded at ThreatLocker’s Zero Trust World 2025 conference in Orlando, Florida, Dave Bittner is joined by T-Minus host Maria Varmazis . Together, they explore the latest in social engineering scams, phishing schemes, and cybercriminal exploits making headlines. Their guest, Seamus Lennon , ThreatLocker’s VP of Operations for EMEA, shares insights on Zero Trust security and the evolving threat landscape. Maria's story this week follows the IRS war...
Please enjoy this encore episode of Word Notes. Hardware and software designed to detect and prevent cyber adversary campaigns that target industrial operations.
