Guest Sean Gallagher, Principal Researcher with Sophos Xops team, joins us to discuss "'FleeceGPT' mobile apps target AI-curious to rake in cash. Joe shares some listener feedback from Jon about "No Stupid Questions" podcast. Dave's story is from Reddit about a free piano scam. Joe's got a story on a woman pleading with her bank to stop a fake wire transfer, but they were too busy. Our Catch of the Day comes from Rob about a fake student loan help ticket. Links to stories: “FleeceGPT” mobile app...
Jun 29, 2023•49 min•Season 6Ep. 249
A US Department of Homeland Security agency tasked with supporting cyber and physical security for US critical infrastructure. CyberWire Glossary link: https://thecyberwire.com/glossary/cybersecurity-and-infrastructure-security-agency Audio reference link: CISA, 2021. CISA Director Jen Easterly’s Keynote at Black Hat USA 2021 [Video]. YouTube. URL https://www.youtube.com/watch?v=q7bu-L-m4K4.
Jun 27, 2023•7 min•Season 3Ep. 153
Unsolicited, unwanted, and sometimes malicious electronic messages indiscriminately transmitted to a large number of people. CyberWire Glossary link: https://thecyberwire.com/glossary/spam Audio reference link: zumpzump, 2007. Monty Python - Spam [Video]. YouTube. URL https://www.youtube.com/watch?v=anwy2MPT5RE.
Jun 27, 2023•8 min•Season 3Ep. 154
Toby Pischl, Head of Information & Email Security at Broadcom, sits down with Dave to discuss how Slack and Microsoft Teams phishing is an open door into businesses. Joe and Dave share some follow up regarding a case of a woman claiming to have cancer to receive over $37,000 from donors on GoFundMe. Joe has the terrible story out of Michigan where a high schooler committed suicide after a sextortion scam. Dave has a story on job seekers around the country and how likely they are to fall for a jo...
Jun 22, 2023•52 min•Season 6Ep. 248
A US Department of Homeland Security agency tasked with supporting cyber and physical security for US critical infrastructure. CyberWire Glossary link: https://thecyberwire.com/glossary/cybersecurity-and-infrastructure-security-agency Audio reference link: CISA, 2021. CISA Director Jen Easterly’s Keynote at Black Hat USA 2021 [Video]. YouTube. URL https://www.youtube.com/watch?v=q7bu-L-m4K4.
Jun 20, 2023•7 min•Season 3Ep. 153
This week, Jeremy Fuchs from Avanan joins Dave to discuss how hackers are using replier attacks. Replier attacks are attacks in which hackers change the reply-to address to send emails from what appears to be a reputable company, when in reality it's a spoofed account. Joe and Dave share some follow up from listeners Wayne who writes in with some comments on episode 245, and listener Michael, who writes about his first ChatGPT experience. Dave's story follows the alarming new trend happening, wh...
Jun 15, 2023•53 min•Season 6Ep. 247
The act of searching through an organization's trash for discarded sensitive material. CyberWire Glossary link: https://thecyberwire.com/glossary/dumpster-diving Audio reference link: “Better Call Saul jimmy digs in the Sandpiper trash scene,” uploaded by Robert Bowersock, 18 September 2022.
Jun 13, 2023•7 min•Season 3Ep. 152
Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe...
Jun 11, 2023•31 min•Season 3Ep. 20
This week, our CyberWire UK Correspondent Carole Theriault is talking with Paul Ducklin from Sophos about where ChatGPT could be going in the future. Joe and Dave share quite a bit of follow up from listeners, discussing several people writing in about dating apps and the men who use them, along with a question from listener Bryan who asks about an email scheme an intern working for his company received. Joe's story hones in on AI, discussing in particular how artificial intelligence is changing...
Jun 08, 2023•53 min•Season 6Ep. 246
The manipulation of search engine optimization, SEO, to promote malicious sites in search engine results. CyberWire Glossary link: https://thecyberwire.com/glossary/search-engine-optimization-poisoning Audio reference link: Brown, B.E., 2021. The Ending Of The Waldo Moment Explained [Video]. YouTube. URL https://www.youtube.com/watch?v=HsWja44-EMg.
Jun 06, 2023•6 min•Season 3Ep. 151
Bala Kumar of Jumio joins to discuss how travel companies can combat the exponential rise in fraud and ensure their traveler is who they say they are. Dave and Joe share some listener follow up, with the first from Matt, who writes in with a strange Dick's Sporting Goods story about gift cards and credit cards. Our second follow up comes from listener King, who writes in regarding the QR discussion in episode 243. Dave's story follows how almost every US state has sued a telecom company after be...
Jun 01, 2023•49 min•Season 6Ep. 245
A passwordless authentication protocol based on the FIDO2 standard. CyberWire Glossary link: https://thecyberwire.com/glossary/passkey Audio reference link: Summers, J., 2023. Google Passkeys Have Arrived (here’s how to use them) [All Things Secured Channel]. YouTube. URL https://www.youtube.com/watch?v=oFO7JgUx-bU.
May 30, 2023•7 min•Season 3Ep. 149
The practice of crafting a fake online persona for malicious purposes. CyberWire Glossary link: https://thecyberwire.com/glossary/catfish Audio reference link: netbunny, 2013. Catfish - The Movie - Ending Scene [Movie Scene]. YouTube. URL https://www.youtube.com/watch?v=qR_NIN6zy0U
May 30, 2023•7 min•Season 3Ep. 150
Nick Percoco from Kraken sits down to discuss the human factor of crypto scams, including going over common red flags and what to do when a third party is exerting pressure that taps into a human emotions. Listener Sean writes in with some follow up to discuss the increase in AI scams and if people would be more likely to talk about falling for these scams as AI becomes better and better. An anonymous listener also reached out with some follow up regarding there experience with corporate ID thef...
May 25, 2023•1 hr 6 min•Season 6Ep. 244
A type of phishing attack that uses QR codes as the lure. CyberWire Glossary link: https://thecyberwire.com/glossary/qr-code-phishing Audio reference link: KNR, 2018. Batman The Dark Knight Joker bomb blast by phone calls scene [Video]. YouTube. URL https://www.youtube.com/watch?v=qB_fXfzB4z0.
May 23, 2023•8 min•Season 3Ep. 148
Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe...
May 21, 2023•22 min•Season 3Ep. 19
Our guest, Mark Kapczynski from OneRep, joins Dave to discuss what consumers should know about data privacy. Listener Jon writes in to the show with some follow-up with some thoughts on tap interface. Another anonymous listener wrote into the show discussing ethical hacking. Dave's story is on fake QR codes and how people are getting scammed out of money after receiving a fake QR code parking ticket survey. Joe's story follows an attempted attack at Dragos and what they didn't get. Our catch of ...
May 18, 2023•1 hr 5 min•Season 6Ep. 243
Definition one: The recognition of a set of repeatable attack patterns across the intrusion kill chain. Definition two: Determining the responsibility for offensive cyber operations. CyberWire Glossary link: https://thecyberwire.com/glossary/attribution Audio reference link: Nunnikhoven, M., 2018. Cybersecurity Basics #9 - Attack Attribution [Video]. YouTube. URL www.youtube.com/watch?v=rlyMz5jN_Vs
May 16, 2023•9 min•Season 3Ep. 147
Our guest, CW Walker, Director of Security Product Strategy at SpyCloud, joins to discuss post-infection remediation and ransomware defense. Joe compliments one of his least favorite big tech companies. Joe and Dave share quite a bit of follow-up; one from listener Clayton who writes in about “fast idiots” from a previous episode. The other is from listener Robert, who writes in about the wallet versus smart phone debate, and which is safer. Joe shares a few stories this week, all regarding ATM ...
May 11, 2023•57 min•Season 6Ep. 242
A type of cyber attack where an attacker sends a targeted and personalized email or other form of communication to a specific individual or a small group of individuals with the intention of tricking them into divulging sensitive information, such as a password, or convincing them to click a malicious link that will enable the attacker to take control of the victim's machine. CyberWire Glossary link: https://thecyberwire.com/glossary/spearphishing Audio reference link: Richardson, T., 2014. What...
May 09, 2023•7 min•Season 3Ep. 146
Josh Yavor, CISO at Tessian, joins Dave to discuss a new report they released on cyber mistakes and why employees make them. Joe and Dave share a listener follow-up from Jon, who writes in about mental illness, a serious epidemic taking over the nation. Jon shares interesting tidbits on social media linking to mental illness and the impact it's creating. Dave's story is on hackers trying an old trick with new mechanics: impersonating well known companies. This time, hackers are posing as Quickbo...
May 04, 2023•50 min•Season 5Ep. 203
The ability to continuously deliver the intended outcome despite adverse cyber events. CyberWire Glossary link: https://thecyberwire.com/glossary/resiliency Audio reference link: Cameron, J., 1984. The Terminator [Movie]. IMDb. URL www.imdb.com/title/tt0088247/. Clip Nation, 2012. The Arnold Schwarzenegger “I’ll Be Back” Supercut [Video]. YouTube. URL www.youtube.com/watch?v=-YEG9DgRHhA. Coops, C., 2013. Terminator 2 Theme [Video]. YouTube. URL www.youtube.com/watch?v=pVZ2NShfCE8.
May 02, 2023•7 min•Season 3Ep. 145
This week, Carole Theriault, CW UK correspondent, sits down with Cisco Talos' Vanja Svacjer discussing if the security industry is ready for AI. Joe and Dave share some follow up regarding a new term, "yahoo boy" after reading it in an article. Joe's follows a story about a scam where five mastermind business men were able to scam ordinary investors out of a billion dollars. Dave's story is on a basic iPhone feature that is helping criminals steal your entire digital life. Our catch of the day c...
Apr 27, 2023•42 min•Season 5Ep. 241
A centralized facility or team responsible for monitoring, detecting, analyzing, and responding to cybersecurity incidents within an organization. CyberWire Glossary link: https://thecyberwire.com/glossary/security-operations-center Audio reference link: AT&T Tech Channel, 2012. A tour of AT&T’s Network Operations Center (1979) [Video]. YouTube. URL www.youtube.com/watch?v=cigc3hvMyWw.
Apr 25, 2023•8 min•Season 3Ep. 144
This week, our guests are Jean Lee and Geoff White from BBC and the Lazarus Heist talking about what is coming up in Season 2 of their show and how the Lazarus Group is evolving. Joe briefly discusses Generative AI before going into his stories for this week. Joe's first story comes from Lauren Jackson from WBRC who writes in with a disturbing tire scam causing businesses to lose thousands. Joe's second story is from David Sentendrey from KDFW, who shares a story about a woman who fell victim to...
Apr 20, 2023•49 min•Season 5Ep. 240
Defensive cyber operations carried out by U.S. Cyber Command's Cyber National Mission Force, CNMF at the request of allied nations. CyberWire Glossary link: https://thecyberwire.com/glossary/hunt-forward-operation Audio reference link: Paul Nakasone, G., 2022. Vanderbilt Summit Keynote [Video]. YouTube. URL www.youtube.com/watch?v=Axg4s9l9wi0.
Apr 18, 2023•6 min•Season 3Ep. 143
Paul Dant, Illumio's Senior Director for Cybersecurity Strategy and Research, is sharing how his history as a child hacker informed his thinking today. Joe and Dave share some listener follow up from Anthony, who writes in about a scam from the app Nextdoor, regarding scammers trying to upgrade Xfinity customers using their computers rather than the usual method, which throws up red flags. Dave's story this week follows a principal from a Florida science and technology charter school who mistake...
Apr 13, 2023•46 min•Season 5Ep. 239
The invisible force that governs the movement of data across networks. Audio reference link: “Things to Come 1936 - HG Wells.” YouTube, YouTube, 28 Sept. 2011, https://www.youtube.com/watch?v=atwfWEKz00U.
Apr 11, 2023•8 min•Season 3Ep. 142
Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe...
Apr 09, 2023•30 min•Season 3Ep. 18
Keith Houston, Chief prosecutor in financial cybercrimes at Harris County District Attorney's Office in Houston, TX, shares some scams that have come through his office and advice on how to protect yourself. Dave and Joe share some follow up from listener Nevile, who writes in about a news story he came across regarding pendrive bombs, wondering what do you do if you're a reporter and someone sends you a scoop in a pendrive? Joe has two stories regarding AI, and how scammers were able to use AI ...
Apr 06, 2023•46 min•Season 5Ep. 238
