Guest Inon Shkedy, security researcher at Traceable and API project leader at OWASP Foundation, talks with Dave about the risks various types of insider threats pose to APIs, we have some follow-up from a listener closing on their home, Dave's story is about a new wave of scams saying they are from the Social Security Administration, Joe's got Deepfakes of Tom Cruise (thanks to Rachel Tobac for this one), and our Catch of the Day is from a listener named John's son and a job interview scam he ex...
Mar 11, 2021•38 min•Season 3Ep. 138
A best practice for framing cyber intelligence critical information requirements that recommends collecting and consolidating data from three specific sources: endpoint, network and log.
Mar 09, 2021•5 min•Season 1Ep. 37
Guest Brittany Allen of Sift joins Dave to talk about a new fraud ring on Telegram where bad actors leverage the app to steal from on-demand food delivery services, Joe's story involves two of the five parts of URLs in phishing attacks, Dave's got a story about a malvertising group called "ScamClub," and our Catch of the Day is from a listener named John about a letter he received in the mail from "TD Trust Bank" about an inheritance opportunity. Links to stories: New Phishing Attack Identified:...
Mar 04, 2021•42 min•Season 3Ep. 137
Also known as a third-party attack or a value-chain attack, advisory groups gain access to a targeted victims network by first infiltrating a business partner's network that has access to the victim's systems or data.
Mar 02, 2021•5 min•Season 1Ep. 36
Guest Professor Lior Fink from Ben Gurion University shares insights from their study on "How We Can Be Manipulated Into Sharing Private Information Online," Dave's story is some good news about a Nigerian man sentenced for phishing the US heavy equipment company Caterpillar, Joe has a story with bad news about a sextortion email scam with a fake Zoom zero day component, and our Catch of the Day is a compelling phishing email a listener named Michael recently received. Links to stories: Nigerian...
Feb 25, 2021•33 min•Season 3Ep. 136
The process of software engineers checking the flow of user input in application code to determine if unanticipated input can affect program execution in malicious ways.
Feb 23, 2021•4 min•Season 1Ep. 35
Guest Sara Teare who is known as 1Password's Minister of Magic talks with Dave about things that people don't consider like custody of the digital keys to your stuff online, Dave and Joe share some listener feedback from Jonathan about replacing outdated equipment (aka an old phone), Joe's story is about ongoing campaign targeting security researchers working on vulnerability research and development at different companies and organizations, Dave's story has a holiday theme: emails pretending to...
Feb 18, 2021•41 min•Season 3Ep. 135
The process of stealing ATM customer credentials by means of physically and covertly installing one or more devices onto a public ATM machine.
Feb 16, 2021•5 min•Season 1Ep. 34
Carole Theriault returns with a discussion on disinformation with guest, BBC host, podcaster and author Tim Harford, Dave's got a story about Covid vaccine phishing campaigns, Joe's story talks about data breaches that have increased 50% year over year since 2018, and our Catch of the Day is from a listener named John his wife saw on Facebook who translated it from Lithuanian. Links to stories: Count Yourself in For a Vaccine Phish Deep Analysis of More than 60,000 Breach Reports Over Three Year...
Feb 11, 2021•37 min•Season 3Ep. 134
A nation-state hacking group’s practice of funding its town activities through cybercrime or cyber mercenary work.
Feb 09, 2021•5 min•Season 1Ep. 33
Guest Nico Popp of Forcepoint joins Dave to discuss why understanding human behavior is a major key to security, Dave & Joe discuss some listener follow-up about a Craigslist posting, Joe's story is about a scam website that is promising refunds to consumers all over the world, Dave shares a story about scam calls coming from call centers in India, and our Catch of the Day is from a listener about an email from former first lady Melania Trump. Links to stories: FTC warns of scam website that...
Feb 04, 2021•40 min•Season 3Ep. 133
A device connected to a network that accepts communications from other endpoints like laptops, mobile devices, IoT equipment, routers, switches, and any tool on the security stack.
Feb 02, 2021•6 min•Season 1Ep. 32
Guest Eric Solis of MOVO Cash talks with Dave about the increase of fraud attacks on consumers and businesses by not having a body of regulations for digital payments, Dave's story is about his recent pillow purchase prompting him to do online reviews for an extra bonus, Joe shares some details from Verizon's Cyber-Espionage report, and our Catch of the Day is a letter from a listener named Jim who had a bad eBay transaction. Links to stories: Amazon is trying to crack down on fraudulent reviews...
Jan 28, 2021•41 min•Season 3Ep. 132
An extension of the traditional Basic Input/Output System or BIOS that, during the boot process, facilitates the communication between the computer’s firmware and the computer’s operating system.
Jan 26, 2021•6 min•Season 1Ep. 31
Guest Arjun Sambamoorthy of Armorblox talks with Dave about five targeted phishing campaigns that weaponize various Google services during their attack flow, Joe's story is about the MegaMillions jackpot that is approaching epic proportions and attracting the attention of scammers, Dave's story comes from a listener over on the Grumpy Old Geeks podcast about a Venmo incident, and our Catch of the Day comes from Joe's son who received an email from the FBI. Links to stories: Advisory: Beware of S...
Jan 21, 2021•34 min•Season 3Ep. 131
An operating system program running in the background designed to perform a specific task when certain conditions or events occur.
Jan 19, 2021•5 min•Season 1Ep. 30
Guest Umesh Sachdev of Uniphore talks with Dave about how call centers are becoming the new fraud vector, Dave's story involves an email that has a Trump scandal .jar file attached that's really a RAT, Joe has a story about hackers spoofing a victim's phone number making emergency calls where the police respond to the victim's home with force, he also talks about credential stuffing for swatting a video doorbell, and our Catch of the Day comes from a listener Christian who received an email with...
Jan 14, 2021•39 min•Season 3Ep. 130
Also known as spyware and adware, it is a software category where developers design the application neither to cause explicit harm nor to accomplish some conventional legitimate purpose, but when run, usually annoys the user and often performs actions that the developer did not disclose, and that the user regards as undesirable.
Jan 12, 2021•5 min•Season 1Ep. 29
Dave switches gears and shares a story from the National Law Review with a social engineering spin to it about a theft exclusion in a title company's errors and omissions policy, Joe shares a story from Facebook taking action against hacking groups, The Catch of the Day comes Joe himself with a connection request he received on LinkedIn, and later in the show, Dave's conversation with Carey O’Connor Kolaja from AU10TIX on fraud in the financial services and payment industry, and how organization...
Jan 07, 2021•36 min•Season 3Ep. 129
A family of multitasking, multi-user computer operating systems that derive from the original Unix system built by Ken Thompson and Dennis Ritchie in the 1960s.
Jan 05, 2021•5 min•Season 1Ep. 27
An automatic software bug and vulnerability discovery technique that input's invalid, unexpected and/or random data or fuzz into a program and then monitors the program's reaction to it.
Jan 05, 2021•5 min•Season 1Ep. 28
Dave has a story of an investment scam featuring celebrities, Joe warns of scams surrounding the Coronavirus, the Catch of the Day features Joe's son-in-law's adventure with thousands of bot infiltrations, and later in the show, Dave's extended interview with magicians and entertainers Penn and Teller at RSAC 2020 in San Francisco. Links to stories: Revealed: fake 'traders' allegedly prey on victims in global investment scam Coronavirus: Scammers follow the headlines Have a Catch of the Day you'...
Dec 31, 2020•39 min
A network monitoring and filtering technique that examines both the header information and the payload of every packet traversing a network access point.
Dec 29, 2020•6 min•Season 1Ep. 26
Dave shares a story of airport penetration testing with high degree of yuck-factor. Joe explores research on protecting passwords from social engineering. The catch-of-the-day comes courtesy of Graham Cluley's email spam box. Dave interviews Wired's Security Staff Writer Lily Hay Newman on her article tracking Nigerian email scammers. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter ....
Dec 24, 2020•30 min
A clandestine set of applications designed to give hackers access and control over a target device.
Dec 22, 2020•7 min•Season 1Ep. 25
A set of behaviors that precisely describes a cyber adversary attack campaign.
Dec 22, 2020•7 min•Season 1Ep. 24
Joe talks about phishing lures with holiday packages, current events, and things he expects to see in your inbox soon, Dave's shares a blog post on how to troll a Nigerian prince, The Catch of the Day comes from a listener named Christian who received an email from an ill churchgoer that tests US knowledge of geography, and later in the show, Carole Theriault returns with a conversation with Rebecca McKeown, an independent Chartered Psychologist, with experience researching and evaluating learni...
Dec 17, 2020•37 min•Season 3Ep. 128
In this case Identity is the set of credentials, usually electronic that vouch for who you are and theft is to steal. The theft of a person's identity for purposes of fraud.
Dec 15, 2020•4 min•Season 1Ep. 22
Joe provides some listener feedback on allowing site notifications, Dave shares good news in his story about taking down money mules, Joe's got not as good news about a phishing campaign targeting the COVID-19 vaccine cold chain, The Catch of the Day comes from a listener named Virginia who received a phishing email impersonating a bank, and later in the show, Dave's conversation with Neal Dennis from Cyware on the cybersecurity concerns and pitfalls customers need to look out for and why ecomme...
Dec 10, 2020•33 min•Season 3Ep. 127
A software, hardware or hybrid encryption layer between two devices on the network that makes the traffic between the sites opaque to the other devices on the same network.
Dec 08, 2020•6 min•Season 1Ep. 20
