Hacking Humans - podcast cover

Hacking Humans

N2K Networksthecyberwire.com
News
Tech News
Technology
Deception, influence, and social engineering in the world of cyber crime.
Last refreshed:
Follow on
Apple Podcasts
Spotify
RSS
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Podcasts are better in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episodes

Answering a job ad from a ransomware gang.

Guest Mantas Sasnauskas from CyberNews joins Dave to talk about how he and his colleagues applied for a job with a ransomware gang, Joe and Dave reply to a listener named Christopher about certifications, Dave's story is about credential stuffing with payroll companies for $800,000,Joe shares a story about lewd phishing lures sent to people's email accounts, and our Catch of the Day is from from a listener named Stof who says, he “received this call just now, never heard one this convincing, nea...

Jun 17, 202137 minSeason 4Ep. 152

non-fungible tokens (NFT) (noun) [Word Notes]

Digital assets that are cryptographically protected on a blockchain and contain unique identification codes and metadata that makes them one of a kind.

Jun 15, 20216 minSeason 1Ep. 51

Pandemic taxes: later due dates afford more time for scams.

Guest Robert Capps of NuData Security joins Dave to discuss what businesses can do to bolster their protection against tax fraud, Joe and Dave have some follow-up from 2 episodes ago when they discussed a BazarLoader scam: Wired has a recent article with a twist about a totally fake streaming site called BravoMovies, Joe shares a story from a listener Jason about a friend of his who was targeted by a scammer on Facebook Marketplace, Dave's story is about scammers demanding ransom from families w...

Jun 10, 202139 minSeason 4Ep. 151

The fight in the dog.

Guests Jan Kallberg and Col Stephen Hamilton of Army Cyber Institute at West Point join Dave to talk about cognitive force protection, Joe and Dave have some follow-up from a listener named Obada about Apple only allowing 2FA through SMS, Dave shares a story about Google's plan to require MFA for all users, Joe's story is about a couple who had their Fidelity retirement account defrauded to the tune of $40,000, and our Catch of the Day is from a listener named Doal about becoming named the benef...

Jun 03, 202139 minSeason 4Ep. 150

machine learning (noun) [Word Notes]

A programming technique where the developer doesn't specify each step of the algorithm in code, but instead teaches the algorithm to learn from the experience.

Jun 01, 20216 minSeason 1Ep. 49

Hacking people vs. hacking technologies to get into companies.

Guest Tim Sadler from Tessian on how oversharing on social media and in OOO messages can open the door for hackers, Joe shares a story about vishing emails from "Amazon" that had spam confidence levels of 1, Dave's story is about an elaborate BazarLoader campaign counting on a lot of human interaction, and our Catch of the Day is from a listener named Scott about a phishing fax, that's right, we said fax. Links to stories: Hello, Is It Me You’re Phishing For: Amazon Vishing Attacks BazarCall Met...

May 27, 202139 minSeason 4Ep. 149

intelligence (noun) [Word Notes]

The process of turning raw information into intelligence products that leaders use to make decisions with.

May 25, 20216 minSeason 1Ep. 48

Whaling attacks are more targeted than phishing or spearphishing.

Guest Kev Breen from Immersive Labs joins Dave to talk about how to address whaling attacks, Dave shares a discussion he had with. a colleague about password managers and elderly parents and Joe weighs in, Dave's story is about a smishing Trojan impersonating a Chrome app, Joe has a story about URL redirection making more effective phishing attacks, and our Catch of the Day is from a listener named Vaughn about a snail mail fraud scheme that references a website. Links to stories: Beware of this...

May 20, 202134 minSeason 4Ep. 148

Introducing 8th Layer Insights [Trailer]

Coming May 25, 2021 . Get ready for a deep dive into what cybersecurity professionals often refer to as the "8th Layer" of security: HUMANS. This podcast is a multidisciplinary exploration into how the complexities of human nature affect security, risk, and life. Author, security researcher, and behavior science enthusiast Perry Carpenter taps experts for their insights and illumination. Topics include cybersecurity, psychology, behavior science, communication, leadership, and more....

May 19, 20215 min

SaaS (noun) [Word Notes]

A cloud-based software distribution method where app infrastructure, performance, and security are maintained by a service provider and accessible to users, typically via subscription, from any device connected to the internet.

May 18, 20216 minSeason 1Ep. 47

How to best fight fake news.

Guest Helen Lee Bouygues of the Reboot Foundation joins Dave to talk about social media’s effect within the misinformation ecosystem and how users can best fight fake news, Dave and Joe share some follow-up from listener Jonathan on two-factor authentication, Joe's story is about an employee in Scotland sued for making payments based on phishing emails, Dave has a story about fake order confirmation phishing messages prompting us to call rather than click, our Catch of the Day comes from a liste...

May 13, 202139 minSeason 4Ep. 147

decryption (noun) [Word Notes]

A process of converting encrypted data into something that a human or computer can understand.

May 11, 20217 minSeason 1Ep. 45

Digital identities are at the core of recent breaches.

Our UK correspondent Carole Theriault returns to share her interview with Julie Smith from the Security Alliance and Kelvin Coleman from National Cyber Security Alliance about Identity Management Day, Dave's story is about how Pixar uses colors to hack our moods and minds to see colors we've never seen before, Joe has a story about ways malicious actors can break into accounts with multi-factor authentication enabled, our Catch of the Day comes from a listener named Brett who works in a PC repai...

May 06, 202139 minSeason 4Ep. 146

brute-force attack (noun) [Word Notes]

A cryptographic hack that relies on guessing all possible letter combinations of a targeted password until the correct codeword is discovered.

May 04, 20217 minSeason 1Ep. 46

Anyone can be a target of romance scams.

Guest Stacey Nash, Head of Fraud and Central Operations at USAA, joins Dave to discuss romance or sweetheart scams, Joe and Dave share some listener follow-up, Joe's got a story about emails sent to British awards organizers asking them to transfer prize money to a PayPal account, Dave's story is about a Rolling Stones tribute band targeted in a bogus check racket, and our Catch of the Day comes from a listener named Konstantin about a fake tax refund. Links to stories: $40,000 Swindle Puts Spot...

Apr 29, 202136 minSeason 3Ep. 145

Make systems to mitigate the mistakes.

Guest Margaret Cunningham from Forcepoint talks with Dave about cognitive biases that lead to reasoning errors in cybersecurity, Joe shares some follow-up from a listener named Alex about the Alexa phone call Joe mentioned a few episodes back, Dave shares a note from listener Brandon about finding similar DNS names (check out https://dnstwister.report/), Dave's story is about dark patterns to get you to do something on a website, Joe shares a story phishing emails and defenses against them, and ...

Apr 22, 202142 minSeason 3Ep. 144

cold boot attack (noun) [Word Notes]

A type of side channel attack in which an attacker with physical access to a computer performs a memory dump of a computer’s Random Access Memory or RAM during the reboot process in order to steal sensitive data.

Apr 20, 20217 minSeason 1Ep. 43

Being aware can go a long way to prevent attacks.

Guest Herb Stapleton, the FBI’s cyber division sector chief, joins Dave to talk about the FBI's Internet Crime Complaint Center (IC3) annual report and its findings, Joe's story is about an ongoing IRS impersonation scam targeting educational organizations, Dave shares a story from the BBC about people using their pets names as passwords (tell us that hasn't crossed your mind or your keyboard before), and our Catch of the Day comes from the Land Down Under via Gareth and Kingsley. COTD note: Jus...

Apr 15, 202136 minSeason 3Ep. 143

cloud computing (noun) [Word Notes]

On-demand pay-as-you-go Internet delivered compute, storage, infrastructure, and security services that are partially managed by the cloud provider and partially managed by the customer.

Apr 13, 20216 minSeason 1Ep. 42

Finding targets of opportunity.

Guest Peter Warmka, founder of the Counterintelligence Institute, joins Dave to talk about how insider targets are chosen and assessed, Joe shares a weird phone call he received, Dave's story from a Twitter use named Jake on flower shop scams, Joe has a story about student loan forgiveness scams, and our Catch of the Day comes from a listener named Andrew about a pricey software subscription renewal scam. Links to stories: Twitter thread with flower shop scams from Australia 3 Ways to Spot Stude...

Apr 08, 202140 minSeason 3Ep. 142

APT (noun) [Word Notes]

An acronym for Advanced Persistent Threat to describe hacker groups or campaigns normally, but not always, associated with nation state cyber espionage and continuous low-level cyber conflict operations.

Apr 06, 20217 minSeason 1Ep. 41

The pandemic is slowing, time to travel?

Guest Fleming Shi of Barracuda joins Dave to talk about about travel-related phishing attacks now that vaccines are more readily available, Dave and Joe share listener advice about preventative email blocking, Joe shares a story about romance scams by someone that includes fake W2s and other documents in the process, Dave's got a story about a phone scammer posing as McDonald's CEO, and our Catch of the Day is from a listener named Tarik with an email about his reported death. Tarik awards this ...

Apr 01, 202135 minSeason 3Ep. 141

backdoor (noun) [Word Notes]

An undocumented or publicly unknown method to access a computer system undetected or to break a cypher used to encode messages.

Mar 30, 20216 minSeason 1Ep. 40

Technology is not designed for older users.

Guest Ming Yang of Orchard joins Dave to talk about ways to help your parents with technology (aka providing tech support for our parents). Dave shares the FBI's advisory warning of an expected increase in the use of deepfakes for social engineering attacks, Joe's got a story about phantom debts, and our Catch of the Day is from a listener named Anthony about an email from federalcrimeofinvestigation@gmail.com. Hmmm...seems legit. Links to stories: Malicious Actors Almost Certainly Will Leverage...

Mar 25, 202137 minSeason 3Ep. 140

watering hole attack (noun) {Word Notes]

From the intrusion kill chain model, a technique where the hacker compromises sites commonly visited by members of a targeted community in order to deliver a malicious payload to the intended victim.

Mar 23, 20216 minSeason 1Ep. 39

Ideally, look for someone open to deception.

Guest professional magician Brandon Williams talks with Joe about the art of deception. we have some follow-up on a watering hole attack we discussed a few episodes back, Joe's story is about the Attorney General of Vermont's top scams of 2020 report (no surprise #1 was SSN phishing), Dave's got a story about the level of sophistication of cybercriminals (hint: not all are that sophisticated), and our Catch of the Day is from a listener named Jo about a well-written request for donation. Links t...

Mar 18, 202139 minSeason 3Ep. 139

network telescope (noun) [Word Notes]

Network observation systems designed to monitor globally unreachable but unused Internet address space or the Deep Web in order to study a wide range of interesting Internet phenomena.

Mar 16, 20215 minSeason 1Ep. 38
← PrevNext →
For the best experience, listen in Metacast app for iOS or Android