intelligence (noun) [Word Notes]
Enjoy this special encore episode. The process of turning raw information into intelligence products that leaders use to make decisions with.
Episodes
Hacking Humans
Deception, influence, and social engineering in the world of cyber crime.
Episodes
Illusions & ill-intent.
Maria Varmazis, host of N2K's daily space show T-Minus, joins Dave and Joe to share the story of how the ease of registering an LLC in Colorado has led to a surge in fraudulent businesses. She discusses how residents receiving suspicious mail addressed to fake LLCs registered at their homes are overwhelming the state's Secretary of State with thousands of complaints. Joe's story is on how scammers used a seaside hotel and former bank offices on the Isle of Man to defraud victims in China out of ...
RATs in the tunnel: Uncovering the cyber underworld. [OMITB]
Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective:...
SaaS (noun) [Word Notes]
Enjoy this special edition of Word Notes: A cloud-based software distribution method where app infrastructure, performance, and security are maintained by a service provider and accessible to users, typically via subscription, from any device connected to the internet.
Beware of the deceivers.
This week Joe and Dave share some listener follow up from Tim, who writes in to give some more information on a payment apps story in episode 302. Joe's story is on Suzy Enos, whose sister died, only for scammers to impersonate a family member and take over her phone number, leading to fraudulent charges on her accounts. Enos fought back to secure her late sister's assets and raise awareness about protecting accounts after a loved one's death. Dave's story follows how scammers exploit the "Autom...
brute-force attack (noun) [Word Notes]
Enjoy this special encore episode. A cryptographic hack that relies on guessing all possible letter combinations of a targeted password until the correct codeword is discovered.
How scammers weave deception into everyday life.
Maria Varmazis host of the N2K daily space show, T-Minus, joins Dave and Joe to share her story on how AI-generated scams have infiltrated the world of crochet and other crafts, selling fake patterns that often result in impossible or frustrating projects. Dave's story is on the rise of "digital arrest" scams in India, where criminals posing as law enforcement officers coerce victims into making payments to avoid fake charges against their loved ones. Joe's story come's from a listener this week...
decryption (noun) [Word Notes]
Enjoy this special encore of Word Notes. A process of converting encrypted data into something that a human or computer can understand.
Navigating dark waters and deceptive currents.
Maria Varmazis host of the N2K daily space show, T-Minus, joins Dave and Joe to share her story from listener Chloe, who shared a post she found on a social media platformed called "Bluesky," where a company is asking for photos and videos of your children to help AI smarter. Our hosts share some listener follow up on how a scammer impersonated a government official to deceive a woman into converting her assets into gold bars, resulting in the theft of over $789,000. They also share some follow ...
denial-of-service attack (noun) [Word Notes]
Enjoy this encore episode: A cyber attack designed to impair or eliminate access to online services or data.
Phishing for votes.
Maria Varmazis host of the N2K daily space show, T-Minus, joins Dave to share her story on how recent research by security firm Veriti reveals a phishing campaign targeting Trump’s 2024 supporters, soliciting cryptocurrency donations through fake WinRed-branded domains, with limited transactions and some activity traced to China. Dave and Maria share some follow-up from a listener, including suggestions for protecting Dave's father's computer from phishing scams by using LibreWolf browser, UBloc...
AI: The new partner in cybercrime? [OMITB]
Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective:...
cold boot attack (noun) [Word Notes]
Please enjoy this special encore episode of Word Notes. A type of side channel attack in which an attacker with physical access to a computer performs a memory dump of a computer’s Random Access Memory or RAM during the reboot process in order to steal sensitive data.
This is 300!
This week we celebrate 300 episodes! Maria Varmazis host of the N2K daily space show, T-Minus, joins Dave and Joe and shares a PSA on the CrowdStrike outage. Her story focuses on the Olympics, as this was the first week the Olympics started, and she shares about a recent fraud campaign that is targeting iPhone users in India, posing as India Post through smishing attacks. Our hosts discuss some follow up, from listener Brie, who writes in to share how one police force is helping folks stay safe ...
Encore: cloud computing (noun) [Word Notes]
On-demand pay-as-you-go Internet delivered compute, storage, infrastructure, and security services that are partially managed by the cloud provider and partially managed by the customer.
Healthcare hassles and hefty heists.
This week, Maria Varmazis host of the N2K daily space show, T-Minus, joins Dave and Joe, as they celebrate Maria joining the Hacking Humans podcast every week! Maria's story is from a listener this week who writes in with a story on an IT company that is a third party for a healthcare company, and the dangers that can come from that. Dave and Joe share some listener follow up from Michael, who shares some thoughts on AI. Dave's story follows how a recent study found that 40% of elderly adults in...
Encore: APT (noun) [Word Notes]
An acronym for Advanced Persistent Threat to describe hacker groups or campaigns normally, but not always, associated with nation state cyber espionage and continuous low-level cyber conflict operations.
Welcome to a new age in digital deception.
This week, Maria Varmazis host of the N2K daily space show, T-Minus, joins Dave and Joe, as they celebrate Maria joining the Hacking Humans podcast every week! Maria's story is on supplement scams, as there has been a significant surge in health-related supplement scams on social media platforms, utilizing advanced technologies like AI-generated images and deepfake videos to promote fake products endorsed by celebrities and medical professionals. Joe's story follows Airplane WiFi, now essential ...
Encore: backdoor (noun) [Word Notes]
An undocumented or publicly unknown method to access a computer system undetected or to break a cypher used to encode messages.
The costly consequences of communication scams.
This week Dave shares a story on Business email compromise (BEC) scams, and how they are a major threat, costing $26 billion annually. The story shares how it's crucial for employees to verify suspicious emails through a secondary channel and for companies to foster transparent communication to mitigate such risks. Joe shares two stories with us this week. The first is from a listener named Jay, who received a story from a relative. In this story, someone claiming to be a constable calls to warn...
Encore: watering hole attack (noun) [Word Notes]
From the intrusion kill chain model, a technique where the hacker compromises sites commonly visited by members of a targeted community in order to deliver a malicious payload to the intended victim.
Encore: AI versus AI.
Blair Cohen from AuthenticID joins Dave to discuss how generative AI and authentication go hand in hand. Joe and Dave share some follow up from listener Robert who discusses an ad for a device that uses ChatGPT to record phone calls on your device. Dave helps his dad out with his computer and shares the tale. Dave also shares a story this week on the FBI warning against scammers who are posing as NFT devs to try and steal your crypto. Joe and Dave test their scammer catching skills while taking ...
Operation Endgame: The ultimate troll patrol. [Only Malware in the Building]
Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective:...
Encore: network telescope (noun) [Word Notes]
Network observation systems designed to monitor globally unreachable but unused Internet address space or the Deep Web in order to study a wide range of interesting Internet phenomena.
Public pianos and private scams.
This week Joe and Dave share some interesting follow up from a few episodes ago where Dave shared his love for baby grand pianos and how scammers we're using that to lure people into traps. Listener George wrote in to share about a show on UK Channel 4, called "The Piano," it's a music competition where visitors play a public piano in a train station, judged by hidden famous pianists, with winners performing at the UK Royal Festival Hall. Joe's story is a warning to travel goers using booking.co...
Encore: SOC Triad (noun) [Word Notes]
A best practice for framing cyber intelligence critical information requirements that recommends collecting and consolidating data from three specific sources: endpoint, network and log.
From dark shadows to main stage.
Brandon Kovacs, a Senior Red Team Consultant at Bishop Fox, is talking about how Artificial Intelligence is shaping the future of social engineering. Listener Adina wrote in to share their thoughts on an earlier episode on Google. Dave share's listener Tony's write in for his story this week. Joe and Dave discuss some questions Tony shared about preparing for an overseas trip when his bank account was locked due to security measures triggered by setting up a backup phone and using a VPN. Joe has...
Encore: supply chain attacks (noun) [Word Notes]
Also known as a third-party attack or a value-chain attack, advisory groups gain access to a targeted victims network by first infiltrating a business partner's network that has access to the victim's systems or data.
False flags and fake voices.
This week we are joined by Maria Varmazis, host of the N2K daily space show, T-Minus. Maria's story covers the escalating efforts of pro-Russian propagandists to tarnish the Paris Summer Olympics and erode Western support for Ukraine, employing bold tactics like using AI to mimic Tom Cruise's voice. Joe and Dave share quite a bit of listener follow up, the first on is regarding the AirBnB story from a few weeks ago, the second one is from listener Lawrence who wrote in to verify dave’s comments ...
Encore: taint analysis (noun) [Word Notes]
The process of software engineers checking the flow of user input in application code to determine if unanticipated input can affect program execution in malicious ways.