This week, our hosts Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of the T-Minus Space Daily show) are back sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow up, as Joe shares with us a complaint he has with Vanguard. Maria’s story is on McAfee’s latest research revealing that one in five Americans has fallen for a travel scam—often losing...
Jul 03, 2025•44 min•Season 8Ep. 344
Please enjoy this encore of Word Notes. A descriptive model that provides a baseline of observed software security initiatives and activities from a collection of volunteer software development shops. CyberWire Glossary link: https://thecyberwire.com/glossary/bsimm Audio reference link: “OWASP AppSecUSA 2014 - Keynote: Gary McGraw - BSIMM: A Decade of Software Security.” YouTube Video. YouTube, September 19, 2014.
Jul 01, 2025•6 min•Season 2Ep. 89
Please enjoy this encore of Only Malware in the Building. Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and our newest co-host, Keith Mularski, former F...
Jul 01, 2025•41 min•Season 1Ep. 12
This week, our hosts Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of the T-Minus Space Daily show) are back sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow-up from listener Abdussobur, who wonders if a pair of suspicious text messages—one sent to his wife and another to him with a nearby address—could be the result of a data breach. Joe's story is...
Jun 26, 2025•42 min•Season 8Ep. 343
Please enjoy this encore of Word Notes. Software libraries, frameworks, packages, and other components, and their dependencies (third-party code that each component uses) that have inherent security weaknesses, either through newly discovered vulnerabilities or because newer versions have superseded the deployed version. Audio reference Link: "The Panama Papers: A Closer Look," Late Night with Seth Meyers, YouTube, 12 April 2016
Jun 24, 2025•8 min•Season 2Ep. 88
Please enjoy this encore of Hacking Humans. On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. First we start off with some follow up, our hosts share some more information on VIN swapping, and a clarification on bank participation in FinCEN. ...
Jun 19, 2025•46 min•Season 7Ep. 318
This week, our hosts Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of the T-Minus Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start off with some more chicken follow up, this week, delving into malware-related chicken names. Dave’s got the story of Brevard-based Health First Health Plans teaming up with the FBI to warn consumers about a nationwide medical...
Jun 12, 2025•43 min•Season 8Ep. 342
Please enjoy this encore of Word Notes. Code and data repositories that don't protect against unauthorized changes.
Jun 10, 2025•8 min•Season 2Ep. 87
This week, our hosts Joe Carrigan, and Maria Varmazis (also host of the T-Minus Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow-up from a listener on class action settlements: they’re a class action attorney and shared that the best way to verify a notice is to contact the law firm listed in the court documents—plus, unclaimed funds don’t go to the attorne...
Jun 05, 2025•47 min•Season 8Ep. 341
Please enjoy this encore of Word Notes. An attack technique that leverages an unprotected web server as a proxy for attackers to send commands through to other computers.
Jun 03, 2025•8 min•Season 2Ep. 86
Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by her co-hosts N2K Networks Dave Bittner and Keith Mularski, former FBI cybercrime investigator and now Chief Global Ambassador at Qi...
Jun 03, 2025•36 min•Season 1Ep. 13
This week, our three hosts Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of the T-Minus Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with a bit of follow up, one from listener Aaron, who shares some safety tips for chickens, and from listener Shannon, who writes in with a new fashion statement. Maria’s got the story on how Trump’s sweeping new tariffs are creat...
May 29, 2025•42 min•Season 8Ep. 340
Please enjoy this encore of Word Notes. The absence of telemetry that could help network defenders detect and respond to hostile attempts to compromise a system.
May 27, 2025•6 min•Season 2Ep. 85
This week, our three hosts Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of the T-Minus Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Listener Jim notes that money launderers and couriers mentioned in recent episodes are often scam victims themselves, unknowingly processing fraudulent payments or delivering items, sometimes with tragic consequences like an innocent Uber driver b...
May 22, 2025•58 min•Season 8Ep. 339
Please enjoy this encore of Word Notes. Ineffectual confirmation of a user's identity or authentication in session management. CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-identification-and-authentication-failure Audio reference link: “Mr. Robot Hack - Password Cracking - Episode 1.” YouTube Video. YouTube, September 21, 2016.
May 20, 2025•6 min•Season 2Ep. 84
And....we're back! This week, our three hosts Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of the T-Minus Space Daily show) are all back to share the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. The team shares three bits of follow-up and then breaks into their stories. Joe starts off sharing some stories about influencer fakery on fake private jet sets and a scam taking advantage of the RealID requirements coming into effect...
May 15, 2025•44 min•Season 8Ep. 338
Please enjoy this encore of Word Notes. An open source Java-based software tool available from the Apache Software Foundation designed to log security and performance information. CyberWire Glossary link: https://thecyberwire.com/glossary/log4j Audio reference link: “CISA Director: The LOG4J Security Flaw Is the ‘Most Serious’ She’s Seen in Her Career,” by Eamon Javers (CNBC) and Jen Easterly (Cybersecurity and Infrastructure Security Director) YouTube, 20 December 20 2021.
May 13, 2025•9 min•Season 2Ep. 83
As Dave Bittner is at the RSA Conference this week, our hosts Maria Varmazis and Joe Carrigan, are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow-up from José on episode 335, sharing how UK banking features like Faster Payments and the “Check Payee” function might have helped prevent a scam involving fake banking apps—and he even tells a wild tale of someone using a fake app to reverse-scam a bike...
May 08, 2025•46 min•Season 8Ep. 337
Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and our newest co-host, Keith Mularski, former FBI cybercrime investigator and now Chief Global Ambassador at Quintel....
May 06, 2025•42 min•Season 1Ep. 12
Please enjoy this encore of Word Notes. Software users are allowed access to data or functionality contrary to the defined zero trust policy by bypassing or manipulating the installed security controls.
May 06, 2025•8 min•Season 2Ep. 82
As Maria is on vacation this week, our hosts Dave Bittner and Joe Carrigan, are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Joe and Dave are joined by guest Rob Allen from ThreatLocker who shares a story on how a spoofed call to the help desk unraveled into a full-blown cyber siege on MGM Resorts. Joe’s story is on a new FBI warning: scammers are impersonating the Internet Crime Complaint Center (IC3), the very site where...
May 01, 2025•29 min•Season 7Ep. 336
Please enjoy this encore of Word Notes. The state of a web application when it's vulnerable to attack due to an insecure configuration. CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-security-misconfiguration Audio reference link: “What Is the Elvish Word for Friend?” Quora, 2021.
Apr 29, 2025•7 min•Season 2Ep. 81
This week, our hosts Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of the T-Minus Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. This week Joe's got some follow up about his chickens. Joe's story is on LLM-powered coding tools, and how they are increasingly hallucinating fake software package names, opening the door for attackers to upload malicious lookalike packages—a practice dubbed "slopsqua...
Apr 24, 2025•43 min•Season 7Ep. 335
Please enjoy this encore episode of Word Notes. A broad OWASP Top 10 software development category representing missing, ineffective, or unforeseen security measures. CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-insecure-design Audio reference link: “Oceans Eleven Problem Constraints Assumptions.” by Steve Jones, YouTube, 4 November 2015.
Apr 22, 2025•8 min•Season 2Ep. 80
This week, our hosts Dave Bittner and Joe Carrigan, are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines, while our other host, Maria Varmazis is at a conference. We begin with some follow-up, as Joe reflects on the density of gold. Then, Dave shares some heartfelt and moving words about the recent passing of his father. Dave's story follows how confusion sparked by Trump's erratic tariff policies is fueling a global surge in cyber...
Apr 17, 2025•35 min•Season 7Ep. 334
Please enjoy this encore of Word Notes. A broad class of attack vectors, where an attacker supplies input to an applications command interpreter that results in unanticipated functionality. CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-injection Audio reference link: “APPSEC Cali 2018 - Taking on the King: Killing Injection Vulnerabilities” YouTube Video. YouTube, March 19, 2018.
Apr 15, 2025•7 min•Season 2Ep. 79
This week, while Dave Bittner is out, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start off with a lot of follow up on listener feedback this week! Justin shares a thought about how to track gold deliveries with a simple sting operation involving an AirTag. Xray Specs offers a fun response to a theory about scanning plates and running P...
Apr 10, 2025•37 min•Season 7Ep. 333
Please enjoy this encore of Word Notes. Code that fails to protect sensitive information. CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-cryptographic-failure Audio reference link: Vandana Verma. “OWASP Spotlight - Project 10 - Top10.” YouTube Video. YouTube, January 4, 2021.
Apr 08, 2025•7 min•Season 2Ep. 78
This week our hosts, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. First, we start off with some more follow-up on EZ passes, along with the newest iteration, as Kailey Cornick shares that scammers target phone numbers rather than actual toll users, sending her SUN pass scam texts tied to her old Florida number. Dave shares the...
Apr 03, 2025•46 min•Season 7Ep. 332
Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner —and our newest totally unbiased co-host, Archy, a highly sophisticated AI robot who swears they have no ulterior motives (but w...
Apr 01, 2025•38 min•Season 1Ep. 11
