Please enjoy this encore of Word Notes. A software development philosophy that emphasizes incremental delivery, team collaboration, continual planning, and continual learning CyberWire Glossary link: https://thecyberwire.com/glossary/agile-software-development Audio reference link: " Velocity 09: John Allspaw and Paul Hammond, "10+ Deploys Pe, " John Allspaw and Paul Hammond, 2009 Velocity Conference, YouTube, 25 June 2009....
Aug 19, 2025•8 min•Season 2Ep. 96
This week, our hosts Dave Bittner , Joe Carrigan , and Maria Varmazis (also host of the T-Minus Space Daily show) are back sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Joe's story is on WhatsApp rolling out new anti-scam tools, disrupting over 6.8 million scam-linked accounts, and partnering with experts to share tips on s...
Aug 14, 2025•45 min•Season 8Ep. 350
Please enjoy this encore of Word Notes. The flagship product of the controversial Israeli spyware vendor, the NSO Group, use for remotely hacking mobile devices, most notably iPhones, via zero-click exploits. CyberWire Glossary link: https://thecyberwire.com/glossary/pegasus Audio reference link: “Cybersecurity beyond the Headlines: A Conversation with Journalist Nicole Perlroth ,” Kristen Eichensehr, and Nicole Perlroth, University of Virginia School of Law, YouTube, 14 February 2022...
Aug 12, 2025•9 min•Season 2Ep. 95
This week, our hosts Dave Bittner , Joe Carrigan , and Maria Varmazis (also host of the T-Minus Space Daily show) are back sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow-up on an Arizona woman sentenced to over eight years in prison for running a “laptop farm” that helped North Korean IT workers pose as U.S. ...
Aug 07, 2025•50 min•Season 8Ep. 349
Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson , Proofpoint intelligence analyst and host of their podcast DISCARDED . Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by her co-hosts N2K Networks Dave Bittner and Keith Mularski , former FBI cybercrime investigator and now Chief Global Am...
Aug 05, 2025•32 min•Season 1Ep. 14
Please enjoy this encore of Word Notes. An open source email authentication protocol designed to prevent emails, spoofing in phishing, business email compromise or BEC, and other email-based attacks. CyberWire Glossary link: https://thecyberwire.com/glossary/pegasus Audio reference link:" Global Cyber Alliance's Phil Reitinger talks DMARC adoption " “Global Cyber Alliance’s Phil Reitinger Talks DMARC Adoption.” YouTube Video. YouTube, April 27, 2018...
Aug 05, 2025•8 min•Season 2Ep. 94
In this special episode of Hacking Humans , while Joe and Maria take a well-earned summer break, we’re joined by a special guest host: Rob Allen , Chief Product Officer at ThreatLocker . Rob dives into the tactics and profile of the cybercriminal group known as Scattered Spider—a crew that’s gained notoriety for its cunning use of social engineering over traditional hacking techniques. Known for being young, agile, and highly manipulative, Scattered Spider has successfully bypassed security meas...
Jul 31, 2025•30 min•Season 8Ep. 348
Please enjoy this encore of Word Notes. A condition announced by the US Cybersecurity and Infrastructure Security Agency (CISA) to draw attention to a temporary period of high alert, associated with expectation of a connected wave of cyberattacks prompted by either a widespread vulnerability or an unusually active and capable threat actor. CyberWire Glossary link: https://thecyberwire.com/glossary/shields-up Audio reference link: “ Star Trek II Wrath of Khan - Reliant vs Enterprise; First ...
Jul 29, 2025•8 min•Season 2Ep. 93
This week, our hosts Dave Bittner , Joe Carrigan , and Maria Varmazis (also host of the T-Minus Space Daily show) are back sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We've got some follow-up from listener Kajetan, who recalled a run-in with a scammer in Paris posing as a mute fundraiser—and says he performed a "miracle" by crossing out his ...
Jul 24, 2025•52 min•Season 8Ep. 347
Please enjoy this encore of Word Notes. A prescriptive open source software security maturity model designed to guide strategies tailored to an organization’s specific risks. Audio reference link: " OWASPMSP - Pravir Chandra: Software Assurance Maturity Model (OpenSAMM) ." by Pravir Chandra, OWASP MSP, 2009.
Jul 22, 2025•6 min•Season 2Ep. 92
This week, our hosts Dave Bittner , Joe Carrigan , and Maria Varmazis (also host of the T-Minus Space Daily show) are back sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Our hosts share some follow-up, including a Rick Roll after the last episode. They also highlight a listener note from Evaldas in Lithuania, who explains that companies often use alterna...
Jul 17, 2025•47 min•Season 8Ep. 346
Please enjoy this encore of Word Notes. An open standard for hardware authentication tokens that use the universal serial bus, or USB, near-field communications, or NFCs, or Bluetooth to communicate one factor in a two-factor authentication exchange. Cyberwire Glossary link: https://thecyberwire.com/glossary/u2f Audio reference link: “ Rise of the Machines: A Cybernetic History ,” by Thomas Rid, Published by W. W. Norton Company, 21 November 2017....
Jul 15, 2025•7 min•Season 2Ep. 91
This week, our hosts Dave Bittner , Joe Carrigan , and Maria Varmazis (also host of the T-Minus Space Daily show) are back sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with a ton of follow-up—from a sextortion scam that triggered a bot frenzy on Facebook, to sandboxed scam-baiting with fake credit cards, to a surprise magazine subscription that may or m...
Jul 10, 2025•51 min•Season 8Ep. 345
Please enjoy this encore of Word Notes. A cyber threat intelligence best practice of assigning arbitrary labels to collections of hacker activity across the intrusion kill chain.
Jul 08, 2025•10 min•Season 2Ep. 90
This week, our hosts Dave Bittner , Joe Carrigan , and Maria Varmazis (also host of the T-Minus Space Daily show) are back sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow up, as Joe shares with us a complaint he has with Vanguard. Maria’s story is on McAfee’s latest research revealing that one in five Americans has fallen for a travel scam—often los...
Jul 03, 2025•44 min•Season 8Ep. 344
Please enjoy this encore of Word Notes. A descriptive model that provides a baseline of observed software security initiatives and activities from a collection of volunteer software development shops. CyberWire Glossary link: https://thecyberwire.com/glossary/bsimm Audio reference link: “ OWASP AppSecUSA 2014 - Keynote: Gary McGraw - BSIMM: A Decade of Software Security .” YouTube Video. YouTube, September 19, 2014....
Jul 01, 2025•6 min•Season 2Ep. 89
Please enjoy this encore of Only Malware in the Building. Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson , Proofpoint intelligence analyst and host of their podcast DISCARDED . Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and our newest co-host, Keith Mularski , forme...
Jul 01, 2025•39 min•Season 1Ep. 12
This week, our hosts Dave Bittner , Joe Carrigan , and Maria Varmazis (also host of the T-Minus Space Daily show) are back sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow-up from listener Abdussobur, who wonders if a pair of suspicious text messages—one sent to his wife and another to him with a nearby address—could be the result of a data breach. Joe's story...
Jun 26, 2025•42 min•Season 8Ep. 343
Please enjoy this encore of Word Notes. Software libraries, frameworks, packages, and other components, and their dependencies (third-party code that each component uses) that have inherent security weaknesses, either through newly discovered vulnerabilities or because newer versions have superseded the deployed version. Audio reference Link: " The Panama Papers: A Closer Look ," Late Night with Seth Meyers, YouTube, 12 April 2016...
Jun 24, 2025•8 min•Season 2Ep. 88
Please enjoy this encore of Hacking Humans. On Hacking Humans, Dave Bittner , Joe Carrigan , and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. First we start off with some follow up, our hosts share some more information on VIN swapping, and a clarification on bank participation in FinCEN...
Jun 19, 2025•46 min•Season 7Ep. 318
This week, our hosts Dave Bittner , Joe Carrigan , and Maria Varmazis (also host of the T-Minus Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start off with some more chicken follow up, this week, delving into malware-related chicken names. Dave’s got the story of Brevard-based Health First Health Plans teaming up with the FBI to warn consumers about a nationwide medi...
Jun 12, 2025•43 min•Season 8Ep. 342
Please enjoy this encore of Word Notes. Code and data repositories that don't protect against unauthorized changes.
Jun 10, 2025•8 min•Season 2Ep. 87
This week, our hosts Joe Carrigan , and Maria Varmazis (also host of the T-Minus Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow-up from a listener on class action settlements: they’re a class action attorney and shared that the best way to verify a notice is to contact the law firm listed in the court documents—plus, unclaimed funds don’t go to the attor...
Jun 05, 2025•47 min•Season 8Ep. 341
Please enjoy this encore of Word Notes. An attack technique that leverages an unprotected web server as a proxy for attackers to send commands through to other computers.
Jun 03, 2025•8 min•Season 2Ep. 86
Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson , Proofpoint intelligence analyst and host of their podcast DISCARDED . Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by her co-hosts N2K Networks Dave Bittner and Keith Mularski , former FBI cybercrime investigator and now Chief Global Ambassador at ...
Jun 03, 2025•35 min•Season 1Ep. 13
This week, our three hosts Dave Bittner , Joe Carrigan , and Maria Varmazis (also host of the T-Minus Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with a bit of follow up, one from listener Aaron, who shares some safety tips for chickens, and from listener Shannon, who writes in with a new fashion statement. Maria’s got the story on how Trump’s sweeping new tariffs are cre...
May 29, 2025•42 min•Season 8Ep. 340
Please enjoy this encore of Word Notes. The absence of telemetry that could help network defenders detect and respond to hostile attempts to compromise a system.
May 27, 2025•6 min•Season 2Ep. 85
This week, our three hosts Dave Bittner , Joe Carrigan , and Maria Varmazis (also host of the T-Minus Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Listener Jim notes that money launderers and couriers mentioned in recent episodes are often scam victims themselves, unknowingly processing fraudulent payments or delivering items, sometimes with tragic consequences like an innocent Uber driver...
May 22, 2025•58 min•Season 8Ep. 339
Please enjoy this encore of Word Notes. Ineffectual confirmation of a user's identity or authentication in session management. CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-identification-and-authentication-failure Audio reference link: “ Mr. Robot Hack - Password Cracking - Episode 1 .” YouTube Video. YouTube, September 21, 2016....
May 20, 2025•6 min•Season 2Ep. 84
And....we're back! This week, our three hosts Dave Bittner , Joe Carrigan , and Maria Varmazis (also host of the T-Minus Space Daily show) are all back to share the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. The team shares three bits of follow-up and then breaks into their stories. Joe starts off sharing some stories about influencer fakery on fake private jet sets and a scam taking advantage of the RealID requirements coming into effe...
May 15, 2025•44 min•Season 8Ep. 338
