An optional security mode for macOS and iOS that reduces the attack surface of the operating system by disabling certain commonly attacked features. Audio reference link: “How NSO Group’s Pegasus Spyware Was Found on Jamal Khashoggi’s Fiancée’s Phone,” FRONTLINE, YouTube, 18 July 2021.
This week Carole Theriault sits down to interview author Jamie Bartlett on his book, "The Missing Cryptoqueen - The Billion Dollar Cryptocurrency Con and the Woman Who Got Away with It." Dave and Joe share some follow up from listener Dustin who shares an interesting experience he had involving his child's medical documents and how easy it was to obtain them, making scams even easier. Joe's story follows a young teen hacker and how they allegedly were able to hack Uber and Rockstar Games. Dave h...
A security awareness training technique in which authorized, but fake phishing emails are sent to employees in order to measure and improve their resistance to real phishing attacks. CyberWire Glossary link: https://thecyberwire.com/glossary/simulated-phishing Audio reference link: “Blackhat (2014) - Hacking the NSA Scene (4/10) | Movieclips.” YouTube, YouTube, 19 Apr. 2017.
Guest Jane Lee, Trust and Safety Architect from Sift joins Dave to discuss the rise of fraudulent online content and fake crypto platforms. Dave and Joe share some listener follow up regarding the debate over "mum" versus "mom" and who speaks which pronunciation more. Dave has two stories this week, one story follows a Twitter thread about a man who shared his story about selling a desk on Facebook and the dangers that come with that. His second story is about how hackers are using a clever new ...
The process of installing applications on a device without the use of official software distribution channels. CyberWire Glossary link: https://thecyberwire.com/glossary/sideloading
Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Co-hosts Dave Bittner and Joe Carrigan are joined by Rick Howard in this series where they view clips from their favorite movies with examples of the social engineering scams and schemes you hear about on Hacking Humans. In this episode, Dave and Joe are joined on this episode by guest Tracy Maleeff from Krebs Stamos Group – you may know her on ...
Dov Lerner, a Security Research Lead from Cybersixgill, sits down with Dave to discuss how inflation hasn't affected the Dark Web, including how the cratering of cryptocurrency may have affected things. Joe and Dave share some follow up from listener Pelle, who writes in about their grandmother who was scammed over the phone for her PIN, among other information, allowing the scammers to get away with much more than money. This week, Joe's story comes from a listener named Kyle, who shared an art...
A zero trust security technique that isolates application workloads from each other, allowing each one to be protected individually. CyberWire Glossary link: https://thecyberwire.com/glossary/microsegmentation Audio reference link: “Micro-Segmentation Masterpieces,” PJ Kirner, Illumio CTO and Co-Founder, Tech Field Day, YouTube, 13 December 2020.
Greg Otto from Intel 471 joins Dave to discuss the findings of their work on "Cybercriminals preying on a travel surge with a host of different scams." Dave and Joe share some interesting listener follow up from Kevin, who writes in about the deepfakes episode and shares his comments on how scary the topic can be, especially with politicians. Dave shares a story about Charles Egunjobi, an auditor with the D.C. government, and how he fell victim to an online love scam costing elderly U.S. citizen...
The use of similar-looking characters in a phishing URL to spoof a legitimate site. CyberWire Glossary link: Audio reference link: “Mission Impossible III 2006 Masking 01,” uploaded by DISGUISE MASK, 28 July 2018.
This week Carole Theriault interviews Chuck Everette from Deep Instinct on public and private partnerships. Dave and Joe share some listener follow up from Rodney who writes in about flexible spending cards and chips inside them as well as sharing technology that helps keep the scammers away. Joe's story follows the trend of fake invoicing, specifically through PayPal and the newest string of scammers getting people to call in about a pending charge. Dave shares a story where people are getting ...
The deployment of rules to the security stack across all data islands, cloud, SaaS applications, data centers, and mobile devices designed to manifest an organization's cybersecurity first principle strategies of zero trust, intrusion kill chain prevention, resilience, and risk forecasting. CyberWire Glossary link: https://thecyberwire.com/glossary/policy-orchestration Audio reference link: “The Value of Using Security Policy Orchestration and Automation,” by David Monahan, uploaded by EMAResear...
Guest Etay Maor of Cato Networks joins Dave Bittner to discuss the impact that deepfakes will have on our society, we share some fun feedback on the Lightning Rod story edit, Dave's story talks about how some of the most successful and lucrative online scams employ a “low-and-slow” approach, Joe's story is about 2 Arkansas farmer that scammed investors out of money for wind turbines, but used it for houses, cars and Disney World, and our Catch of the Day is from an unnamed listener with a suppos...
Software designed to prevent cheating in video games. CyberWire Glossary link: https://thecyberwire.com/glossary/anti-cheat-software Audio reference link: “The BIG Problem with Anti-Cheat,” by Techquickie, YouTube, 5 June 2020
Mallory Sofastaii from Baltimore's WMAR 2 News sits down with Joe to talk about some recent stories on scams she's covered on Matter for Mallory. Dave and Joe share some listener follow up from Robert who writes in about the technical means to protect phones from robocalls. He shares some insight on how carriers up in the north are able to protect phones. Dave shares a twitter thread from Brian Jay Jones, who is an author of biographies of Jim Henson, George Lucas and Dr. Seuss, who shares how h...
Malware, in the guise of ransomware, that destroys data rather than encrypts. CyberWire Glossary link: https://thecyberwire.com/glossary/pseudoransomware Audio reference link: “Some Men Just Want to Watch the World Burn | the Dark Knight,” by YouTube, 2 November 2019.
Ari Parker, Lead Advisor from Chapter, discussing "Tips for Avoiding Medicare Scams." Joe and Dave share some follow up from several listeners, who write in about various scams they have encountered. Joe's story is on Facebook messenger and how more and more victims are being claimed to scams and cons through the popular social media app. Dave's story shares disturbing information regarding LinkedIn scams, explaining how North Koreans are stealing resumes off the job site in a new crypto job sea...
A browser configuration control that prevents accessing resources within a private network. CyberWire Glossary link: Audio reference link: “TPM (Trusted Platform Module) - Computerphile,” Computerphile, 23 July 2021
Raj Sarkar, CMO from 1Password and Julien Benichou, Senior Director of Partnership, Strategy, and Execution from Gen.G, join Dave to discuss making the online world a safer place and talk about helping reduce the risk of gamers being the target of hackers. Joe and Dave share some followup from listener Ryan who writes in about the catch of the day from last week's episode, and what struck him most with the scam. Dave's story is on how the government was able to seize millions in stolen cryptocur...
A browser configuration control that prevents accessing resources within a private network. CyberWire Glossary link: Audio reference link: “Chrome Limits Access to Private Networks,” by Daniel Lowrie, ITProTV, YouTube, 19 January 2022.
Romain Basset, Director of Customer Service, at Vade joins Dave to discuss the threat of initial contact spearphishing emails now that many employees are returning to the office. Dave and Joe share some listener follow up from listener Will who writes in about a troubling debate over if it should be "Joe and Dave" or "Dave and Joe." Will shares a website about ablaut reduplication, sharing his thoughts on the matter. Joe shares some good news following a story of a homeless man being robbed of $...
This week, Carole Theriault sits down to talk with Paul Ducklin from Sophos on extortion scams targeting LGBTQ+ communities. Joe and Dave share multiple pieces of listener follow up, the first from Matt and Kevin, who write in to share a Wikipedia link regarding N.B. (Nota Bene, or note well) and an ad from 1801. The second one is a write in from someone who is referred to as "P," who shares more information on the Facebook link shortener discussion. Finally, Joe and Dave get a great piece of li...
The potential next evolution of the worldwide web that decentralizes interaction between users and content away from the big silicon valley social media platforms like Twitter, Facebook, and YouTube, and towards peer-to-peer interaction using blockchain as the underlying technology. CyberWire Glossary link: https://thecyberwire.com/glossary/web-30 Audio reference link: “What Elon Musk Just Said about Metaverse, Web3 and Neuralink,” By Clayton Morris, Crypto News Daily, YouTube. 2 December 2021.
Kelly Shortridge, a Senior Principal from Fastly, joins Dave to discuss her talk at RSAC on why behavioral science and behavioral economics matters for InfoSec. Joe's story shares an old scam with a new twist, it's about packages being delivered to you that you never ordered. Dave's story is on how a large scale phishing campaign compromised one million Facebook credentials. Our catch of the day comes from listener Will who was reached out to by someone claiming to be the "Head IMF/EUROPEAN UNIO...
A set of solutions for ensuring that the right users can only access the appropriate resources. CyberWire Glossary link: https://thecyberwire.com/glossary/identity-and-access-management Audio reference link: “The Wrath of Khan (1982) ‘Kirk’s Response,’” by Russell, YouTube, 16 May 2017.
Josh Yavor, CISO at Tessian, joins Dave to discuss a new report they released on cyber mistakes and why employees make them. Joe and Dave share a listener follow-up from Jon, who writes in about mental illness, a serious epidemic taking over the nation. Jon shares interesting tidbits on social media linking to mental illness and the impact it's creating. Dave's story is on hackers trying an old trick with new mechanics: impersonating well known companies. This time, hackers are posing as Quickbo...
A process of hiding the complexity of a system by providing an interface that eases its manipulation. CyberWire Glossary link: https://thecyberwire.com/glossary/abstraction-layer Audio reference link: “What Is Abstraction in Computer Science,” by CodeExpanse, YouTube, 29 October 2018.
Omer Dembinsky, a Data Research Manager from Check Point Research, joins Dave to discuss their Brand Phishing Report for Q1 2022 and how DHL, Maersk, and AliExpress were all in the top 10 list. Joe and Dave have some listener follow up from the 200th episode discussing how many redirects are too many. Joe has two stories this week, the first on how Instagram (Meta Platforms) was hit with multiple lawsuits from the Beasley Allen Law Firm over exploiting young people for money. The second story is...
A set of services for managing identity and access management, or IAM across all of an organization's data islands. CyberWire Glossary link: https://thecyberwire.com/glossary/identity-fabric Audio reference link: “Leadership Compass Identity Fabrics - Analyst Chat 126,” by KuppingerCole, YouTube, 30 May 2022.
Carole Theriault interviews author and journalist Geoff White on his upcoming book, "The Lazarus Heist: From Hollywood to High Finance: Inside North Korea's Global Cyber War." Joe and Dave share some listener follow up from listener John, regarding a T-mobile breach and how he was notified through a third-party monitoring service and not T-Mobile. Joe's story shares how hackers are also keeping an eye on the upcoming holidays and describes how a Father's Day beer contest from Heineken was a scam...
