Kelly Shortridge, a Senior Principal from Fastly, joins Dave to discuss her talk at RSAC on why behavioral science and behavioral economics matters for InfoSec. Joe's story shares an old scam with a new twist, it's about packages being delivered to you that you never ordered. Dave's story is on how a large scale phishing campaign compromised one million Facebook credentials. Our catch of the day comes from listener Will who was reached out to by someone claiming to be the "Head IMF/EUROPEAN UNIO...
Jul 14, 2022•48 min•Season 5Ep. 204
A set of solutions for ensuring that the right users can only access the appropriate resources. CyberWire Glossary link: https://thecyberwire.com/glossary/identity-and-access-management Audio reference link: “ The Wrath of Khan (1982) ‘Kirk’s Response ,’” by Russell, YouTube, 16 May 2017.
Jul 12, 2022•12 min•Season 2Ep. 106
Josh Yavor, CISO at Tessian, joins Dave to discuss a new report they released on cyber mistakes and why employees make them. Joe and Dave share a listener follow-up from Jon, who writes in about mental illness, a serious epidemic taking over the nation. Jon shares interesting tidbits on social media linking to mental illness and the impact it's creating. Dave's story is on hackers trying an old trick with new mechanics: impersonating well known companies. This time, hackers are posing as Quickbo...
Jul 07, 2022•50 min•Season 5Ep. 203
A process of hiding the complexity of a system by providing an interface that eases its manipulation. CyberWire Glossary link: https://thecyberwire.com/glossary/abstraction-layer Audio reference link: “ What Is Abstraction in Computer Science, ” by CodeExpanse, YouTube, 29 October 2018.
Jul 05, 2022•6 min•Season 2Ep. 104
Omer Dembinsky, a Data Research Manager from Check Point Research, joins Dave to discuss their Brand Phishing Report for Q1 2022 and how DHL, Maersk, and AliExpress were all in the top 10 list. Joe and Dave have some listener follow up from the 200th episode discussing how many redirects are too many. Joe has two stories this week, the first on how Instagram (Meta Platforms) was hit with multiple lawsuits from the Beasley Allen Law Firm over exploiting young people for money. The second story is...
Jun 30, 2022•44 min•Season 5Ep. 202
A set of services for managing identity and access management, or IAM across all of an organization's data islands. CyberWire Glossary link: https://thecyberwire.com/glossary/identity-fabric Audio reference link: “ Leadership Compass Identity Fabrics - Analyst Chat 126 ,” by KuppingerCole, YouTube, 30 May 2022.
Jun 28, 2022•7 min•Season 2Ep. 103
Carole Theriault interviews author and journalist Geoff White on his upcoming book, "The Lazarus Heist: From Hollywood to High Finance: Inside North Korea's Global Cyber War." Joe and Dave share some listener follow up from listener John, regarding a T-mobile breach and how he was notified through a third-party monitoring service and not T-Mobile. Joe's story shares how hackers are also keeping an eye on the upcoming holidays and describes how a Father's Day beer contest from Heineken was a scam...
Jun 23, 2022•38 min•Season 5Ep. 201
A cybersecurity first principle strategy focused on disrupting known adversary activity at one of several phases of an attack sequence. CyberWire Glossary link: https://thecyberwire.com/glossary/intrusion-kill-chain Audio reference link: " Cybersecurity Days: A Network Defender's Future ," by Rick Howard, Integrated Cyber Conference, Integrated Adaptive Cyber Defense (IACD), YouTube, 26 October 2018....
Jun 21, 2022•8 min•Season 2Ep. 102
Abhik Mitra, Head of Portfolio Strategy at Code42, shares the findings on Code 42's 2022 Data Exposure Report (DER). Joe breaks down a story that follows a couple in Westlake, where the woman was called about a supposed warrant out for her arrest, and how she was told that she needs to provide thousands of dollars in order for the police to not come and arrest her. The story describes how her fast-thinking husband was able to figure out the scam and get in touch with real authorities. Dave's sto...
Jun 16, 2022•52 min•Season 5Ep. 200
A subset of security orchestration, the management of identities across an organization's set of digital islands. CyberWire Glossary link: https://thecyberwire.com/glossary/identity-orchestration
Jun 14, 2022•6 min•Season 2Ep. 101
Andrew Morris, founder and CEO of GreyNoise Intelligence, joins Dave to discuss the explosive increase in opportunistic scan-and-exploit cyber attacks, and what security analysts can do to combat it. Joe and Dave share some follow up from listener Mark, whose son got scammed out of 150 million dollars in a game he plays. Dave's story is on ChromeLoader, which is a pervasive and persistent browser hijacker that modifies your settings and redirects you to more advertisement websites. Joe has two s...
Jun 09, 2022•47 min•Season 5Ep. 199
A cyber threat intelligence analysis model that defines relationship pairs between four core components in the shape of a diamond of adversary playbook activity across the intrusion kill chain: the adversary, their capability, the infrastructure used or attacked, and the victim. CyberWire Glossary link: https://thecyberwire.com/glossary/diamond-model Audio reference link: “ Diamond Presentation v2 0: Diamond Model for Intrusion Analysis – Applied to Star Wars’ Battles ,” Andy Pendergrast and Wad...
Jun 07, 2022•8 min•Season 2Ep. 100
Ryan Kovar, distinguished security strategist at Splunk and leader of SURGe, discusses the speed of ransomware, as well as the first-of-its-kind research the SURGe team is releasing on how quickly the top ransomware families can encrypt 100,000 files. Joe and Dave share some listener follow up from listener Josh. Joe's story follows the baby food shortage and warns about the dangers of sellers scamming people through online purchases of formula. Dave's story is on how IT members can identify the...
Jun 02, 2022•49 min•Season 5Ep. 198
A knowledge base of adversary tactics, techniques, and procedures established and maintained by the MITRE Corporation. CyberWire Glossary link: https://thecyberwire.com/glossary/mitre-attck Audio reference link: “ Attack Frameworks - SY0-601 CompTIA Security+ : 4.2 ,” Professor Messer, YouTube, 29 April 2021.
May 31, 2022•8 min•Season 2Ep. 99
Ann Johnson, Security Executive at Microsoft and host of the afternoon cyber tea podcast, joins Dave to discuss social engineering and ways to help prevent it, as well as the different types of social engineering she's seen from her experience, Dave and Joe share some listener follow up about macros in Office documents, Joe has two stories this week, one is on how Seth Green lost over 300K in NFTs, and the other is on a new scam with Chatbots on phishing emails, Dave's story is on how a Californ...
May 26, 2022•48 min•Season 5Ep. 197
The set of people, process, technology, and cultural norms that integrates software development and IT operations into a system-of-systems. CyberWire Glossary link: Audio reference link: " 10+ Deploys Per Day: Dev and Ops Cooperation at Flickr ," by John Allspaw and Paul Hammond, Velocity 09, 25 July 2009.
May 24, 2022•8 min•Season 2Ep. 98
Mark Horne, Chief Marketing Officer at Pindrop, joins Dave to discuss voice authentication, Dave and Joe have some follow up about business phishing (BECs) from listeners Nick and Michael, Joe's story has a romance scam where criminals pretend to be celebrities, and Dave's story is about the increase in phishing downloads due to cyber criminals using SEO to leverage their lures, and we've got 2 catches of the day for you from listener Peter on free Dyson vacuums and one from Joe with a plea from...
May 19, 2022•48 min•Season 5Ep. 196
A knowledge base of adversary tactics, techniques, and procedures established and maintained by the MITRE Corporation. CyberWire Glossary link: https://thecyberwire.com/glossary/mitre-attck Audio reference link: “ Attack Frameworks - SY0-601 CompTIA Security+ : 4.2 ,” Professor Messer, YouTube, 29 April 2021.
May 17, 2022•8 min•Season 2Ep. 99
Matthew Connor, Founder of Conscious Security, discusses a study he conducted while working with F-Secure, the study targeted 82,402 individuals with one of four phishing emails, he goes into the findings of the study and certain insight this study has brought, Joe's story is on the popular app Zelle and how users are loosing thousands of dollars due to scams, and Dave's story is on three big tech giants announcing plans to expand support for a common passwordless sign-in standard created by the...
May 12, 2022•48 min•Season 5Ep. 195
A software development model that relies on a series of sequential steps that flow into each other, like a series of waterfalls. CyberWire Glossary link: https://thecyberwire.com/glossary/waterfall-software-development Audio reference link: “ Creating Video Games - Agile Software Development, ” by Sara Verrilli, MIT OpenCourseWare, YouTube, 10 December 2015...
May 10, 2022•6 min•Season 2Ep. 97
Guest Andrew Rubin, CEO and co-founder of Illumio, joins Dave to discuss Zero Trust, Dave and Joe share some follow-up from several listeners including one with a variation on prison pen pals we discussed some time ago and some advice on Dave's Google Authenticator issue he mentioned last week, Dave's story is about non-delivery scams, Joe's got a story on Imperial Kitten doing some catphishing, and our Catch of the Day comes from listener Timothy about with a sextortion campaign. Links to stori...
May 05, 2022•45 min•Season 4Ep. 160
A software development philosophy that emphasizes incremental delivery, team collaboration, continual planning, and continual learning Audio reference link: https://thecyberwire.com/glossary/agile-software-development " Velocity 09: John Allspaw and Paul Hammond, "10+ Deploys Pe " John Allspaw and Paul Hammond, 2009 Velocity Conference, YouTube, 25 June 2009....
May 03, 2022•8 min•Season 2Ep. 96
John Wilson, Senior Fellow Threat Research at Agari by HelpSystems, discusses business email compromise attacks, Joe shares three stories on different types of scams, the first being a mystery shopper scam, where the scammer tries to get you to buy gift cards at a grocery store, the second one is on, scammers posing as DTE Energy representatives, seeking bill payments, and the final one is about someone showing up to a victims door and demanding money to collect “Money owed” for a family member,...
Apr 28, 2022•45 min•Season 4Ep. 194
The flagship product of the controversial Israeli spyware vendor, the NSO Group, use for remotely hacking mobile devices, most notably iPhones, via zero-click exploits. CyberWire Glossary link: https://thecyberwire.com/glossary/pegasus Audio reference link: “Cybersecurity beyond the Headlines: A Conversation with Journalist Nicole Perlroth ,” Kristen Eichensehr, and Nicole Perlroth, University of Virginia School of Law, YouTube, 14 February 2022...
Apr 26, 2022•9 min•Season 2Ep. 95
Thanks for joining us for the latest episode of our fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Co-hosts Dave Bittner and Joe Carrigan are joined by Rick Howard in this series where they view clips from their favorite movies with examples of the social engineering scams and schemes you hear about on Hacking Humans. In this episode, Dave and Joe are joined on this episode by Perry Carpenter, host of 8th Layer Insights podcast and chief eva...
Apr 24, 2022•21 min•Season 1Ep. 9
Pete Barker, director of Fraud and Identity at SpyCloud offers critical insights on the alarming evolution of fraud and how consumers and enterprises can protect themselves, Joe and Dave share some listener follow up from listener Micah on a catch of the day from last week, Joe's story is on a woman who was scammed out of $15,000 and shares her experience on how the hackers were able to gather so much info and money from her, Dave's story is on an android malware scheme that allows cybercriminal...
Apr 21, 2022•44 min•Season 4Ep. 193
An open source email authentication protocol designed to prevent emails, spoofing in phishing, business email compromise or BEC, and other email-based attacks.
Apr 19, 2022•8 min•Season 2Ep. 94
Brian Brushwood a former magician, joins Perry Carpenter, host of 8th Layer Insights, to talk about his new podcast, The Worlds Greatest Con, and how magic led him to discussing cons and scams on a podcast, Dave shares a personal story on login frustration, Joe's story is on a Cash App breach being confirmed after an employee was able to access a US customers data, and Dave's story is on inauthentic LinkedIn profiles and how fake accounts are requesting to connect when in fact the accounts are f...
Apr 14, 2022•51 min•Season 4Ep. 192
A condition announced by the US Cybersecurity and Infrastructure Security Agency (CISA) to draw attention to a temporary period of high alert, associated with expectation of a connected wave of cyberattacks prompted by either a widespread vulnerability or an unusually active and capable threat actor.
Apr 12, 2022•8 min•Season 2Ep. 93
Laura Hoffner from Concentric, joins Dave to discuss online dangers and how they can very easily turn into real world dangers, Laura explains about the popular social media platform TikTok and how users are being stalked and shares one story in particular, Joe and Dave share some listener follow up, Joe's story is centered around cryptocurrency scams and how they are on the rise, and Dave's story is on the malware BABYSHARK and the internal process of investigation as well as lessons learned, ou...
Apr 07, 2022•46 min•Season 4Ep. 191
