This week we are joined by Harry Maugans from Privacy Bee who sits down to discuss how our digital breadcrumbs, old and new, are coming back to haunt us. Joe and Dave discuss some follow up from listener Phil, who writes in with a question about the safety of IoT and consumer devices. Dave's story follows the ever so popular YouTube, and its implemented measures to prevent users with ad blockers from watching videos. Joe shares a personal story from a friend regarding a scam he had fallen for, w...
Nov 09, 2023•1 hr 2 min•Ep 265•Transcript available on Metacast A qualitative public framework for rating the severity of security vulnerabilities in software. CyberWire Glossary link: https://thecyberwire.com/glossary/common-vulnerability-scoring-system Audio reference link: Peter Silva, 2020. What is Common Vulnerability Scoring System (CVSS) [Video]. YouTube. URL https://www.youtube.com/watch?v=rR63F_lfKf0
Nov 07, 2023•8 min•Ep 161•Transcript available on Metacast James Dyer and Jack Chapman of Egress join to discuss "Cybercriminals don’t take holidays: How bad actors use this two-step phishing campaign to weaponize out-of-office replies." Dave and Joe share some listener follow up from Ron, who has a suggestion about registration specific email accounts. Joe has two stories this week, one where he shares some good news on a scammer who received some justice after taking part in a $66K romance scam. His second story is on social media and how it is a bree...
Nov 02, 2023•52 min•Ep 264•Transcript available on Metacast A word, phrase, or sentence formed from another by rearranging its letters. For example, cracking a columnar transposition cipher by hand involves looking for anagrams.
Oct 31, 2023•4 min•Ep 11•Transcript available on Metacast Thanks for joining us again for a very special and scary episode brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering, scams, and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, desc...
Oct 29, 2023•37 min•Ep 23•Transcript available on Metacast Mallory Sofastaii, a consumer investigative reporter from WMAR TV, is joining Dave and Joe to discuss some recent scams she's seen in her reporting. Dave and Joe share some listener follow up from Kenneth who writes in with a suggestion on creating separate email addresses. Dave's story this week follows fake browser scams and how one has gotten a face lift, and what it looks like now. Joe's story is on a new term WIRED is calling "obituary pirates," people who create YouTube videos themselves c...
Oct 26, 2023•51 min•Ep 263•Transcript available on Metacast A class of software-security-weakness-issues where independent researchers discover a software flaw before the owners of the code discover it. Zero-day, or 0-day in hacker slang, refers to the moment the race starts, on day zero, between network defenders who are trying to fix the flaw before hackers leverage it to cause damage. It is a race because on day zero, there is no known fix to the issue.
Oct 24, 2023•4 min•Ep 2•Transcript available on Metacast Joe Oregon, Chief of Cybersecurity at CISA, sits down to discuss the tabletop exercise that CISA, the NFL, and local partners conducted in preparation for Super Bowl LVIII. Joe and Dave share some listener follow up from Rory who wirtes in to talk tin foil hats. Joe's story shares the interesting finds after conducting a cybersecurity survey at ISI. Dave's story follows the 77 year old woman, Marjorie Bloom, who ended up losing over $600,000, her whole lifes savings by falling for a common tech ...
Oct 19, 2023•55 min•Ep 262•Transcript available on Metacast A unified security incident detection and response platform that connects to multiple tools in the security stack via APIs, collects telemetry from each, and attempts to correlate that telemetry into a coherent threat picture. CyberWire Glossary link: https://thecyberwire.com/glossary/extended-detection-and-response Audio reference link: Film Major. 2022. Enemy of the State (1998) Faraday Cage HD Tony Scott; Will Smith, Gene Hackman Jon Voight [Video]. YouTube. URL https://www.youtube.com/watch?...
Oct 17, 2023•8 min•Ep 160•Transcript available on Metacast Brett Johnson, Chief Criminal Officer at Arkose Labs, sits down with Dave to discuss his history & ways to make fraud efforts less lucrative for bad actors. Dave and Joe share some listener follow up from Graham about one way that helps him stay safe against fake URLs. Dave's story is about bomb email attacks, in which someones email is spammed with hundreds to thousands of emails in hopes of hiding important information contained in one of the thousands of emails, perhaps from a financial insti...
Oct 12, 2023•52 min•Ep 221•Transcript available on Metacast The art of convincing a person or persons to take an action that may or may not be in their best interests. Social engineering in some form or the other has been around since the beginning of time. The biblical story of Esau and Jacob might be considered one of the earliest written social engineering stories. As applied to cybersecurity, it usually involves hackers obtaining information illegitimately by deceiving or manipulating people who have legitimate access to that information. Common tact...
Oct 10, 2023•4 min•Transcript available on Metacast Dov Lerner, a Security Research Lead from Cybersixgill, sits down with Dave to discuss how inflation hasn't affected the Dark Web, including how the cratering of cryptocurrency may have affected things. Joe and Dave share some follow up from listener Pelle, who writes in about their grandmother who was scammed over the phone for her PIN, among other information, allowing the scammers to get away with much more than money. This week, Joe's story comes from a listener named Kyle, who shared an art...
Oct 05, 2023•52 min•Ep 212•Transcript available on Metacast A cyber information-sharing U.S. Government organization designed to foster the public-private partnership. CyberWire Glossary link: https://thecyberwire.com/glossary/joint-cyber-defense-collaborative Audio reference link: Jen Easterly. 2021. CISA Director Addresses the National Technology Security Coalition [Video]. YouTube. URL https://www.youtube.com/watch?v=ucb1FQXqsao
Oct 03, 2023•7 min•Ep 159•Transcript available on Metacast This week our guest is, Sam Crowther, Kasada CEO, he's sharing his team's findings on "Stolen Auto Accounts: The $2 Price Tag on Your Car’s Identity." Joe and Dave share some listener follow up from Steve who writes in sharing an email he thought to be a scam, but turned out it was real. Listener Derek writes in with a question regarding AI and phishing emails. Joe's story comes from Proofpoint as they share their 2023 State of the Phish report. Dave's story follows an email that was sent out sa...
Sep 28, 2023•59 min•Ep 251•Transcript available on Metacast The process of evaluating the security of a system or network by simulating an attack on it. Sometimes called "ethical hacking" or white hat hacking. The phrase started to appear in U.S. military circles in the mid 1960s as time sharing computers became more necessary for daily operations. Computer security experts from Rand Corporation began describing computer compromises as “penetrations.” By the early 1970s, government leaders formed tiger teams of penetration testers to probe for weaknesses...
Sep 26, 2023•4 min•Ep 4•Transcript available on Metacast Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe...
Sep 24, 2023•28 min•Ep 22•Transcript available on Metacast This week our guest is, John Hammond from Huntress and he sits down to talk about spoofing and evasion techniques used by hackers. Dave and Joe share a bit of follow up, including a question form listener John who writes in asking about a passkey discussion in the last episode. Joe has a story from Reddit this week, where someone posted about a dispute they are having with their wedding caterer, where the company is saying the couple still owes them over $5,000 after the wedding has happened for...
Sep 21, 2023•54 min•Ep 260•Transcript available on Metacast Tools that automate the identification and remediation of cloud misconfigurations. CyberWire Glossary link: https://thecyberwire.com/glossary/cloud-security-posture-management Audio reference link: Josh Whedon. 2005. Serenity [Movie]. IMDb. URL https://www.imdb.com/title/tt0379786/
Sep 19, 2023•7 min•Ep 158•Transcript available on Metacast Andrew Hendel, CEO at Marshmallo, joins to share tips to safeguard your feelings and identity in the online dating world. Dave and Joe share some listener follow up from Gareth, who writes in to discuss strange emails he has been receiving. Dave's story follows a woman who was spared jail time after being manipulated by hackers into money laundering. Joe's story is from listener Doug who wrote in to the show to talk about the site he is in charge of and discusses a website he uses called "Buy me...
Sep 14, 2023•50 min•Ep 259•Transcript available on Metacast An electro-mechanical device used to break Enigma-enciphered messages about enemy military operations during the Second World War. The first bombe–named Victory and designed by Alan Turning and Gordon Welchman– started code-breaking at Bletchley Park on 14 March 1940, a year after WWII began. By the end of the war, five years later, almost 2000, mostly women, sailors and airmen operated 211 bombe machines in the effort. The allies essentially knew what the German forces were going to do before t...
Sep 12, 2023•4 min•Ep 5•Transcript available on Metacast Guest Chris Sherwood, owner of Crosstalk Solutions, joins Dave to talk about passkeys. Joe shares some listener follow-up about "revert" and side-loading applications on Android phones. Joe's story came from a listener named Kyle who sent this as a Catch of the Day (COTD) about a phishing scam email conversation about event sponsorship. Dave discusses something he saw on Mastodon from user Bjorn about some fraudulent bank charges and stopping a scam in process. Our COTD is from listener Alec abo...
Sep 07, 2023•47 min•Ep 258•Transcript available on Metacast A session and user authentication Zero Trust tactic that allows a user to access multiple applications with one set of login credentials. CyberWire Glossary link: https://thecyberwire.com/glossary/single-sign-on Audio reference link: English, J., 2020. What is Single Sign-On (SSO)? SSO Benefits and Risks [Video]. YouTube. URL https://www.youtube.com/watch?v=YvHmP2WyBVY
Sep 05, 2023•8 min•Ep 157•Transcript available on Metacast Oren Koren, CPO and Co-Founder of Veriti, is discussing the need for vigilance and caution when navigating the online shopping landscape. Dave and Joe share quite a bit of listener follow up, one listener writes in for some clarification on the "AI versus AI" episode regarding Google giving their source code so they can do business in China, when in fact it was 2 other companies. Listener Miguel brings our next bit of follow up, he writes in to discuss financial crimes and shares a story based o...
Aug 31, 2023•55 min•Ep 257•Transcript available on Metacast From the intrusion kill chain model, a malicious code delivery technique that allows hackers to send code of their choosing to their victim’s browser. XSS takes advantage of the fact that roughly 90% of web developers use the JavaScript scripting language to create dynamic content on their websites. Through various methods, hackers store their own malicious javascript code on unprotected websites. When the victim browses the site, the web server delivers that malicious code to the victim’s compu...
Aug 29, 2023•4 min•Ep 6•Transcript available on Metacast Selena Larson and Tim Utzig discussing research titled "Twitter Scammers Stole $1,000 From My Friend—So I Hunted Them Down." Joe and Dave share a bit of follow up this week, they discuss Hawaii fire scams, and listener Steve writes in regarding some comments about the recent scammer quiz Joe and Dave took, lastly listener John writes in and shares his thoughts on a discussion a couple weeks ago regarding Google Maps. Joe has two stories this week, one is regarding how Joe was close to being scam...
Aug 24, 2023•50 min•Ep 256•Transcript available on Metacast From the intrusion kill chain model, the first part of an exploitation technique where the hacker tricks their victims into revealing their login credentials. In the second part of the technique, hackers legitimately log into the targeted system and gain access to the underlying network with the same permissions as the victim. Hackers use this method 80% of the time compared to other ways to gain access to a system like developing zero day exploits for known software packages. The most common wa...
Aug 22, 2023•4 min•Ep 7•Transcript available on Metacast Blair Cohen from AuthenticID joins Dave to discuss how generative AI and authentication go hand in hand. Joe and Dave share some follow up from listener Robert who discusses an ad for a device that uses ChatGPT to record phone calls on your device. Dave helps his dad out with his computer and shares the tale. Dave also shares a story this week on the FBI warning against scammers who are posing as NFT devs to try and steal your crypto. Joe and Dave test their scammer catching skills while taking ...
Aug 17, 2023•54 min•Ep 255•Transcript available on Metacast An authentication process that requires two different factors before granting access. CyberWire Glossary link: https://thecyberwire.com/glossary/two-factor-authentication
Aug 15, 2023•9 min•Ep 156•Transcript available on Metacast Dave Baggett from INKY joins Dave to dive into the latest phishing trends and discuss a broader view of how AI is being used by both the good guys and the bad guys. Joe's story this week dives into the APT with an entirely too cool name, Midnight Blizzard, that has been conducting targeted social engineering towards the popular Microsoft Teams. Dave's story this week follows a Facebook Market user who dodged one scam, just to fall right back into another one. Our catch of the day comes from list...
Aug 10, 2023•58 min•Ep 254•Transcript available on Metacast From the intrusion kill chain model, the delivery of a “lure” to a potential victim by pretending to be some trustworthy person or organization in order to trick the victim into revealing sensitive information. According to Knowbe4, the word “phishing” first appeared in a Usenet newsgroup called AOHell in 1996 and some of the very first phishing attacks used AOL Instant Messenger to deliver fake messages purportedly from AOL employees in the early 2000s. The word is part of l33tspeak that starte...
Aug 08, 2023•4 min•Ep 8•Transcript available on Metacast 
