The Jerich Show Podcast

After a long couple of weeks off for the holiday season, we have returned to the scene with more news and insight about the state of #CyberSecurity. This week we discuss CES, Russian attacks on US infrastructure and much more!

In this, the last episode of 2021, Erich and Javvad chat about a propane problem, the Grinch steal payday, the log4j thing and stealing lotto tickets with an interesting end. 

All this and more

Stories frome the show:

https://indianexpress.com/article/explained/log4j-vulnerability-cybersecurity-7671367/

https://www.thesun.co.uk/tech/17049490/christmas-payday-cancelled-hackers-ukg-ransomware-who-is-affected/

https://www.govinfosecurity.com/superior-plus-latest-fuel-supplier-hit-by-ransomware-a-18128

https://www.bbc.co.uk/news/uk-england-manchester-59654724

In this special episode Javvad and Erich welcome Jelle Wieringa (@JelleWieringa), Roger Grimes (@rogeragrimes), Anna Collard @AnnaCollard3) and James McQuiggan (@James_McQuiggan) to the show for their 2022 cyber predictions. 

How bad will things get? Will we have to welcome our new robotic overlords? Will shortages doom the Pumpkin Spice Latte? This and more may be answered in this episode, so be sure to join us.

In this episode @J4vv4d bows out and let’s @James_McQuiggan take over as they discuss the IKEA internal email issue, an attack on Planned Parenthood, a medical breach with unsuspecting victims and @ErichKron’s @InnocentOrg ambassadorship. All this and more, live!

Comment, like and share! 

Stories from the show:
IKEA Internal Email Attack:
https://threatpost.com/ikea-email-reply-chain-attack/176625/

Cyber-Attack on Planned Parenthood
https://www.infosecurity-magazine.com/news/cyberattack-on-planned-parenthood/

Medsurant Health discloses ransomware incident, but not yet notifying patients:
https://www.databreaches.net/medsurant-health-discloses-ransomware-incident-but-not-yet-notifying-patients/

Former Ubiquiti engineer arrested for inside threat attack:
https://www.techtarget.com/searchsecurity/news/252510411/Former-Ubiquiti-engineer-arrested-for-inside-threat-attack

In this episode, Erich and Javvad chat about the #infosec and #cybersecurity stories of the week. Check them out and chat live with the hosts.

Stories from the show:

New Memento ransomware switches to WinRar after failing at encryption:
https://www.bleepingcomputer.com/news/security/new-memento-ransomware-switches-to-winrar-after-failing-at-encryption/

Security company faces backlash for waiting 12 months to disclose Palo Alto 0-day:
https://www.zdnet.com/article/security-company-faces-backlash-for-waiting-12-months-to-disclose-palo-alto-0-day/

FBI system hacked to email 'urgent' warning about fake cyberattacks:
https://www.bleepingcomputer.com/news/security/fbi-system-hacked-to-email-urgent-warning-about-fake-cyberattacks/

In this episode, Erich and Javvad discuss issues around a fertility clinic hack, another way big pharma is a hot mess, how Robinhood was swindled with simple social engineering and how North Korea is up to it's old tricks again.

Don't forget to Like, Share and Subscribe!

Stories from the show:

Hack leaves fertility clinic medical data at risk:
https://www.bbc.com/news/technology-59156683

EU pharmaceutical giants run old, vulnerable apps and fail to use encryption in login forms:
https://www.zdnet.com/article/eu-pharmaceutical-giants-run-old-vulnerable-apps-and-fail-to-use-encryption-in-login-forms/

Robinhood discloses data breach impacting 7 million customers:
https://www.bleepingcomputer.com/news/security/robinhood-discloses-data-breach-impacting-7-million-customers/

OTP Bot Call Audio:
https://soundcloud.com/user-233140213/otp-bot-call-audio

North Korean hackers target the South's think tanks through blog posts:
https://www.zdnet.com/article/north-korean-hackers-target-the-souths-think-tanks-through-blog-posts/

In this episode Javvad and Erich discuss Cisco's decision to remover hard-coded credentials and SSH keys... finally, the US ban on Pegasus spyware, a Squid Game themed cryptocoin robbery, and parents being threatened after building a school app. 

Stories from the show:

Cisco fixes hard-coded credentials and default SSH key issues:
https://www.bleepingcomputer.com/news/security/cisco-fixes-hard-coded-credentials-and-default-ssh-key-issues/

US Bans Trade With Pegasus Spyware Maker:
https://threatpost.com/pegasus-spyware-blacklisted-us/175999/

Squid Game crypto token collapses in apparent scam:
https://www.bbc.co.uk/news/business-59129466

These Parents Built a School App. Then the City Called the Cops:
https://www.wired.com/story/sweden-stockholm-school-app-open-source/

This week, Erich and Javvad discuss some of the latest cybersecurity stories, including the NRA hack, North Korea is going after security vendors in supply chain attacks, some Iranian gas pumps are taken offline by a cyber attack and the Groove ransomware gang wants revenge on the US for taking down REvil, and is enlisting other gangs to focus their attacks there.

All of this and more! 

Remember to Like, Share and Subscribe!

Stories from the show:

NRA Hacked:
https://www.cbsnews.com/news/nra-hack-ransomware-gang-grief-russia/

North Korea is Hacking Supply Chains:
https://thehackernews.com/2021/10/latest-report-uncovers-supply-chain.html

Iran... Out of Gas:
https://www.bleepingcomputer.com/news/security/iranian-gas-stations-out-of-service-after-distribution-network-hacked/

Groove Wants Revenge:
https://www.bleepingcomputer.com/news/security/groove-ransomware-calls-on-all-extortion-gangs-to-attack-us-interests/

In this episode, Erich and Javvad talk about their fails during presentations, Accenture finally admits it's data was breached, telecoms are targeted by China, the UK bans Huawei from the 5Gs bad actors steal cookies from content creators, and a whole lot more!

Remember to Like, Subscribe and Share!

Stories from the show:

Accenture confirms data breach after August ransomware attack:
https://www.bleepingcomputer.com/news/security/accenture-confirms-data-breach-after-august-ransomware-attack/

Huawei ban: UK to impose early end to use of new 5G kit:
https://www.bbc.com/news/business-55124236

Potential Chinese hackers targeting telecommunications companies:
https://thehill.com/policy/cybersecurity/577440-potential-chinese-hackers-targeting-telecommunications-companies

Hackers Stealing Browser Cookies to Hijack High-Profile YouTube Accounts:
https://thehackernews.com/2021/10/hackers-stealing-browser-cookies-to.html

In this episode, Erich and Javvad discuss the weekly hot infosec topics, including ransomware without the encryption, angry ex-employees turned insider threat at a flight school, "super" passwords to not use, and whether or not "It was a deepfake" is the new, "The dog ate my homework". 

All of this and more!

Remember to like, subscribe and share!

Stories from the show:

30 Mins or Less: Rapid Attacks Extort Orgs Without Ransomware:
https://threatpost.com/rapid-attacks-extort-ransomware/175445/

Woman, 26, is arrested 'for hacking into Florida flight training school's system and tampering with airplane information, including clearing some aircraft with maintenance issues for takeoff': Cops say attack was in retaliation after father was fired:
https://www.newsbreak.com/news/2400876442542/woman-26-is-arrested-for-hacking-into-florida-flight-training-school-s-system-and-tampering-with-airplane-information-including-clearing-some-aircraft-with-maintenance-issues-for-takeoff-cops-say-attack-was-in-retaliation-after-father-was-fired

Superman, Not to Rescue: Passwords With Superhero Names Are Most Hacked:
https://www.news18.com/news/buzz/superman-not-to-rescue-passwords-with-superhero-names-are-most-hacked-4317128.html

Fraudsters Cloned Company Director’s Voice In $35 Million Bank Heist, Police Find:
https://www.forbes.com/sites/thomasbrewster/2021/10/14/huge-bank-fraud-uses-deep-fake-voice-tech-to-steal-millions/?sh=18cc26697559