Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe...
Aug 05, 2023•29 min•Ep 21•Transcript available on Metacast Raj Ananthanpillai from Trua joins Dave to discuss privacy concerns and what you shouldn't share with ChatGPT. Dave and Joe share some listener follow up from Clayton who shares some comments on a previous episode where Dave discusses bomb threats to retail stores for ransom. Dave's story follows Google rapidly trying to correct bogus airline phone numbers that were discovered this week. Joe's story is on an Android app called "Spyhide" which is a phone surveillance app, that has been collecting...
Aug 03, 2023•45 min•Ep 253•Transcript available on Metacast A cloud based sensitive information management system that allows users access across multiple devices. CyberWire Glossary link: https://thecyberwire.com/glossary/icloud-keychain Audio reference link: Ellen’s Tips For iOS, 2022. How To Master iCloud Keychain to Keep Your Passwords Safe and Secure [Video]. YouTube. https://www.youtube.com/watch?v=Tl3E29iUvgE
Aug 01, 2023•6 min•Ep 155•Transcript available on Metacast Perry Carpenter joins Dave to discuss his book "The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer." Joe and Dave share some listener follow up on messing with scammers, and how dangerous that actually can be. Joe's story follows hackers trying to steal your secrets using infected USB drives. Dave's story is on a tech executive and how they fell victim to a dating site scam, where the perpetrator was able to gain $450,000 from someone who j...
Jul 27, 2023•57 min•Ep 252•Transcript available on Metacast A subset of the internet where communications between two parties or client-server transactions are obscured from search engines and surveillance systems by layers of encryption. The U.S. Navy designed the original Darknet by developing The Onion Router network, or TOR, back in the 1990s. Roger Dingledine and Nick Mathewson deployed the first alpha implementation in 2002 with some initial funding by the Electronic Frontier Foundation (EFF.) The TOR Project became a non-profit in 2006 and is fund...
Jul 25, 2023•5 min•Ep 3•Transcript available on Metacast Mallory Sofastaii, consumer investigative reporter from WMAR TV, is discussing animal rescue organizations on Facebook pages being taken over by hackers. Listener George writes in to share how his bank is not doing enough to protect against fraud going on. Dave's story follows scammers using new tricks, across the nation, to receive bitcoin and gift cards after threatening stores with bomb scares. Joe has the story on Chinese hackers that have targeted the Commerce Secretary Gina Raimondo and ot...
Jul 20, 2023•55 min•Ep 251•Transcript available on Metacast 1. A wireless access point installed by employees in an office or data center environment as a convenience to connectivity without the consent or the knowledge of the network manager. 2. A wireless access point, sometimes called an Evil Twin, installed by a cyber adversary in or near an office or data center environment designed to bypass security controls, gain access, and/or surveil the network traffic of the victim’s network. Both kinds, the employee installed and the adversary installed rogu...
Jul 18, 2023•4 min•Ep 10•Transcript available on Metacast Guest Jane Lee, Trust and Safety Architect from Sift joins Dave to discuss the rise of fraudulent online content and fake crypto platforms. Dave and Joe share some listener follow up regarding the debate over "mum" versus "mom" and who speaks which pronunciation more. Dave has two stories this week, one story follows a Twitter thread about a man who shared his story about selling a desk on Facebook and the dangers that come with that. His second story is about how hackers are using a clever new ...
Jul 13, 2023•51 min•Ep 213•Transcript available on Metacast A network mapping tool that pings IP addresses looking for a response and can discover host names, open communications ports, operating system names and versions. Written and maintained by Gordon Lyon, a.k.a. Fyodor, it is a free and open source software application used by both system admins and hackers alike and has been a staple in the security community for well over two decades. CyberWire Glossary link: https://thecyberwire.com/glossary/nmap
Jul 11, 2023•4 min•Ep 1•Transcript available on Metacast Our UK correspondent Carole Theriault is talking with London insurance market CISO Thom Langford about insider threats. Joe and Dave share some listener follow up from Waldo who writes in to share a video explaining how bad guys are able to hack users. Joe shares a report from Verizon, one of the industries leading phone companies, about social engineering. Dave's story follows a gentleman who was able to steal one million dollars from at least 700 DoorDash drivers, and now police are warning ag...
Jul 06, 2023•40 min•Ep 250•Transcript available on Metacast A cyber threat intelligence analysis model that defines relationship pairs between four core components in the shape of a diamond of adversary playbook activity across the intrusion kill chain: the adversary, their capability, the infrastructure used or attacked, and the victim. CyberWire Glossary link: https://thecyberwire.com/glossary/diamond-model Audio reference link: “Diamond Presentation v2 0: Diamond Model for Intrusion Analysis – Applied to Star Wars’ Battles,” Andy Pendergrast and Wade ...
Jul 04, 2023•8 min•Ep 100•Transcript available on Metacast Guest Sean Gallagher, Principal Researcher with Sophos Xops team, joins us to discuss "'FleeceGPT' mobile apps target AI-curious to rake in cash. Joe shares some listener feedback from Jon about "No Stupid Questions" podcast. Dave's story is from Reddit about a free piano scam. Joe's got a story on a woman pleading with her bank to stop a fake wire transfer, but they were too busy. Our Catch of the Day comes from Rob about a fake student loan help ticket. Links to stories: “FleeceGPT” mobile app...
Jun 29, 2023•49 min•Ep 249•Transcript available on Metacast A US Department of Homeland Security agency tasked with supporting cyber and physical security for US critical infrastructure. CyberWire Glossary link: https://thecyberwire.com/glossary/cybersecurity-and-infrastructure-security-agency Audio reference link: CISA, 2021. CISA Director Jen Easterly’s Keynote at Black Hat USA 2021 [Video]. YouTube. URL https://www.youtube.com/watch?v=q7bu-L-m4K4.
Jun 27, 2023•7 min•Ep 153•Transcript available on Metacast Unsolicited, unwanted, and sometimes malicious electronic messages indiscriminately transmitted to a large number of people. CyberWire Glossary link: https://thecyberwire.com/glossary/spam Audio reference link: zumpzump, 2007. Monty Python - Spam [Video]. YouTube. URL https://www.youtube.com/watch?v=anwy2MPT5RE.
Jun 27, 2023•8 min•Ep 154•Transcript available on Metacast Toby Pischl, Head of Information & Email Security at Broadcom, sits down with Dave to discuss how Slack and Microsoft Teams phishing is an open door into businesses. Joe and Dave share some follow up regarding a case of a woman claiming to have cancer to receive over $37,000 from donors on GoFundMe. Joe has the terrible story out of Michigan where a high schooler committed suicide after a sextortion scam. Dave has a story on job seekers around the country and how likely they are to fall for a jo...
Jun 22, 2023•52 min•Ep 248•Transcript available on Metacast A US Department of Homeland Security agency tasked with supporting cyber and physical security for US critical infrastructure. CyberWire Glossary link: https://thecyberwire.com/glossary/cybersecurity-and-infrastructure-security-agency Audio reference link: CISA, 2021. CISA Director Jen Easterly’s Keynote at Black Hat USA 2021 [Video]. YouTube. URL https://www.youtube.com/watch?v=q7bu-L-m4K4.
Jun 20, 2023•7 min•Ep 153•Transcript available on Metacast This week, Jeremy Fuchs from Avanan joins Dave to discuss how hackers are using replier attacks. Replier attacks are attacks in which hackers change the reply-to address to send emails from what appears to be a reputable company, when in reality it's a spoofed account. Joe and Dave share some follow up from listeners Wayne who writes in with some comments on episode 245, and listener Michael, who writes about his first ChatGPT experience. Dave's story follows the alarming new trend happening, wh...
Jun 15, 2023•53 min•Ep 247•Transcript available on Metacast The act of searching through an organization's trash for discarded sensitive material. CyberWire Glossary link: https://thecyberwire.com/glossary/dumpster-diving Audio reference link: “Better Call Saul jimmy digs in the Sandpiper trash scene,” uploaded by Robert Bowersock, 18 September 2022.
Jun 13, 2023•7 min•Ep 152•Transcript available on Metacast Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe...
Jun 11, 2023•31 min•Ep 20•Transcript available on Metacast This week, our CyberWire UK Correspondent Carole Theriault is talking with Paul Ducklin from Sophos about where ChatGPT could be going in the future. Joe and Dave share quite a bit of follow up from listeners, discussing several people writing in about dating apps and the men who use them, along with a question from listener Bryan who asks about an email scheme an intern working for his company received. Joe's story hones in on AI, discussing in particular how artificial intelligence is changing...
Jun 08, 2023•53 min•Ep 246•Transcript available on Metacast The manipulation of search engine optimization, SEO, to promote malicious sites in search engine results. CyberWire Glossary link: https://thecyberwire.com/glossary/search-engine-optimization-poisoning Audio reference link: Brown, B.E., 2021. The Ending Of The Waldo Moment Explained [Video]. YouTube. URL https://www.youtube.com/watch?v=HsWja44-EMg.
Jun 06, 2023•6 min•Ep 151•Transcript available on Metacast Bala Kumar of Jumio joins to discuss how travel companies can combat the exponential rise in fraud and ensure their traveler is who they say they are. Dave and Joe share some listener follow up, with the first from Matt, who writes in with a strange Dick's Sporting Goods story about gift cards and credit cards. Our second follow up comes from listener King, who writes in regarding the QR discussion in episode 243. Dave's story follows how almost every US state has sued a telecom company after be...
Jun 01, 2023•49 min•Ep 245•Transcript available on Metacast A passwordless authentication protocol based on the FIDO2 standard. CyberWire Glossary link: https://thecyberwire.com/glossary/passkey Audio reference link: Summers, J., 2023. Google Passkeys Have Arrived (here’s how to use them) [All Things Secured Channel]. YouTube. URL https://www.youtube.com/watch?v=oFO7JgUx-bU.
May 30, 2023•7 min•Ep 149•Transcript available on Metacast The practice of crafting a fake online persona for malicious purposes. CyberWire Glossary link: https://thecyberwire.com/glossary/catfish Audio reference link: netbunny, 2013. Catfish - The Movie - Ending Scene [Movie Scene]. YouTube. URL https://www.youtube.com/watch?v=qR_NIN6zy0U
May 30, 2023•7 min•Ep 150•Transcript available on Metacast Nick Percoco from Kraken sits down to discuss the human factor of crypto scams, including going over common red flags and what to do when a third party is exerting pressure that taps into a human emotions. Listener Sean writes in with some follow up to discuss the increase in AI scams and if people would be more likely to talk about falling for these scams as AI becomes better and better. An anonymous listener also reached out with some follow up regarding there experience with corporate ID thef...
May 25, 2023•1 hr 6 min•Ep 244•Transcript available on Metacast A type of phishing attack that uses QR codes as the lure. CyberWire Glossary link: https://thecyberwire.com/glossary/qr-code-phishing Audio reference link: KNR, 2018. Batman The Dark Knight Joker bomb blast by phone calls scene [Video]. YouTube. URL https://www.youtube.com/watch?v=qB_fXfzB4z0.
May 23, 2023•8 min•Ep 148•Transcript available on Metacast Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe...
May 21, 2023•22 min•Ep 19•Transcript available on Metacast Our guest, Mark Kapczynski from OneRep, joins Dave to discuss what consumers should know about data privacy. Listener Jon writes in to the show with some follow-up with some thoughts on tap interface. Another anonymous listener wrote into the show discussing ethical hacking. Dave's story is on fake QR codes and how people are getting scammed out of money after receiving a fake QR code parking ticket survey. Joe's story follows an attempted attack at Dragos and what they didn't get. Our catch of ...
May 18, 2023•1 hr 5 min•Ep 243•Transcript available on Metacast Definition one: The recognition of a set of repeatable attack patterns across the intrusion kill chain. Definition two: Determining the responsibility for offensive cyber operations. CyberWire Glossary link: https://thecyberwire.com/glossary/attribution Audio reference link: Nunnikhoven, M., 2018. Cybersecurity Basics #9 - Attack Attribution [Video]. YouTube. URL www.youtube.com/watch?v=rlyMz5jN_Vs
May 16, 2023•9 min•Ep 147•Transcript available on Metacast Our guest, CW Walker, Director of Security Product Strategy at SpyCloud, joins to discuss post-infection remediation and ransomware defense. Joe compliments one of his least favorite big tech companies. Joe and Dave share quite a bit of follow-up; one from listener Clayton who writes in about “fast idiots” from a previous episode. The other is from listener Robert, who writes in about the wallet versus smart phone debate, and which is safer. Joe shares a few stories this week, all regarding ATM ...
May 11, 2023•57 min•Ep 242•Transcript available on Metacast 
