The Jerich Show Podcast

In this episode, Erich channels his deep inner anger about some government follies that have impacted individuals and organizations alike. Javvad mostly nods along for effect. 

Remember to Like, Share and Subscribe! 

Stories from the show:

FBI Withholding Kaseya Ransomware Decryption Key Had ‘No Bearing’ on REvil:
https://www.channelfutures.com/security/fbi-withholding-kaseya-ransomware-decryption-key-had-no-bearing-on-revil

Four months on from a sophisticated cyberattack, Alaska's health department is still recovering:
https://www.zdnet.com/article/four-months-on-from-sophisticated-cyber-attack-alaskas-health-services-is-still-recovering/

Investigation launched after MoD email blunder:
https://www.computerweekly.com/news/252506972/Investigation-launched-after-MoD-email-blunder

Erich Kron is out this week so the award-winning Host Unknown stepping in and took matters into their own hands. 

Follow host unknown on hostunknown.tv @hostunknowntv
Listen to the host unknown podcast on your favourite podcast player

Stories from the show: 
‘Significant threat’: cyber attacks increasingly targeting Australia’s critical infrastructure
https://www.theguardian.com/technology/2021/sep/15/significant-threat-cyber-attacks-increasingly-targeting-australias-critical-infrastructure

Microsoft: Windows 10 2004 reaches end of service in December
https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-10-2004-reaches-end-of-service-in-december/

HP patches severe OMEN driver privilege escalation vulnerability
https://www.zdnet.com/article/hp-patches-omen-driver-privilege-escalation-vulnerability/

Apple Issues Emergency Fix for NSO Zero-Click Zero Day
https://threatpost.com/apple-emergency-fix-nso-zero-click-zero-day/169416/

Over 60 million wearable, fitness tracking records exposed via unsecured database
https://www.zdnet.com/article/over-60-million-records-exposed-in-wearable-fitness-tracking-data-breach-via-unsecured-database/

Follow host unknown on hostunknown.tv
Listen to the host unknown podcast on your favourite podcast player

In this episode, Javvad messes up by starting the recording early, then hem and Erich discuss a new threat from a ransomware gang about dumping data if the victim calls the cops, the REvil servers mysteriously being resurrected from the dead, claiming a ransomware payment as a tax deduction and a whole bunch of VPN passwords being stolen.

All of this and more, in this episode of The Jerich Show (complete with a reworked logo)

Remember to Like, Share and Subscribe!

Stories From the Show:

Ransomware gang threatens to leak data if victim contacts FBI, police:
https://www.bleepingcomputer.com/news/security/ransomware-gang-threatens-to-leak-data-if-victim-contacts-fbi-police/

Hit by a ransomware attack? Your payment may be deductible:
https://www.independent.co.uk/news/hit-by-a-ransomware-attack-your-payment-may-be-deductible-irs-fbi-pms-washington-ransomware-b1868907.html

REvil ransomware's servers mysteriously come back online:
https://www.bleepingcomputer.com/news/security/revil-ransomwares-servers-mysteriously-come-back-online/

Hackers Leak VPN Account Passwords From 87,000 Fortinet FortiGate Devices:
https://thehackernews.com/2021/09/hackers-leak-vpn-account-passwords-from.html

Show Contents:
00:00 - 01:42  Javvad Messes Up the Intro
01:42 - 07:17 Ragnar Locker Threats if the Victim Calls the Cops or Negotiators
07:17 - 09:02 Is Your Ransom Payment a Tax Deduction?
09:02 - 15:32 REvil Servers Raise Their Ugly Heads Again
15:32 - 20:42 VPN Accounts Leaked From Fortigate Devices
20:42 - 20:50 Outro

It's been a couple of weeks, but Javvad and Erich are back from a little break and far more grumpy than you might assume. That's OK, because, as evidenced by the stories, they are grumpy because nobody fixed the internet while they were gone. 

Check out what they are so grumpy about and don't forget to Like, Share and Subscribe!

Stories from the show:

Attackers Can Remotely Disable Fortress Wi-Fi Home Security Alarms:
https://thehackernews.com/2021/08/attackers-can-remotely-disable-fortress.html

Scam artists are recruiting English speakers for business email campaigns:

https://www.zdnet.com/article/scam-artists-are-recruiting-english-speakers-for-business-email-campaigns

LockBit gang leaks Bangkok Airways data, hits Accenture customers:
https://www.bleepingcomputer.com/news/security/lockbit-gang-leaks-bangkok-airways-data-hits-accenture-customers/

Twitter creates 'Safety Mode' to temporarily block accounts caught insulting users:
https://www.zdnet.com/article/twitter-creates-safety-mode-to-temporarily-block-accounts-caught-insulting-users/

In this episode, Erich reminisces about Blackhat and DEFCON, comparing past years to 2021 and Javvad and him discuss some crazy news stories, including one where a cyber thief actually returns $260 million and a new UK governement software that adds a button to report emails to the 'Ministry of Phishy Things', or some such government entity. 

Don't forget to Like, Subscribe and Share for more fun looks at very serious topics.

Stories from the show:

Cryptocurrency heist hacker returns $260m in funds:
https://www.bbc.com/news/business-58180692

New one-click button will flag dodgy emails directly to cyber experts:
https://news.sky.com/story/new-one-click-button-will-flag-dodgy-emails-directly-to-cyber-experts-12379104

Flight attendant interview video:
https://www.youtube.com/watch?v=XFoXmnBuLw0

Show Contents:
00:00 - 1:00 Intro
01:00 - 13:30 Blackhat and DEFCON recap
13:30 -  18:27 Cryptocurrency heist hacker returns $260m in funds
18:27 - 28:49 New one-click button will flag dodgy emails directly to cyber experts
28:49 - 30:39 Smelling like regret (https://www.youtube.com/watch?v=XFoXmnBuLw0)
30:39 - 31:04 Outro

In this quick daily recap, Erich and Javvad talk about the closing day of Black Hat and the start of DEFCON, conference speaking and much more.

In this episode, Javvad and Erich discuss the first day at Black Hat 2021. They discuss the low attendance at Black Hat, the topics and big vendors at the show and other observations from the show.

In addition they discuss a ransomware attack on a school, a huge amount of data leaked by a mystery company, security issues with a hotel capsule, and more. 

Look out for more updates from Vegas this year!

Like, share and subscribe! 

Stories from the show:

Report: Over 63 Million US Citizens Exposed in Massive Data Leak:
https://www.vpnmentor.com/blog/report-onemorelead-leak/

Isle of Wight schools hit by ransomware attack:
https://www.bbc.com//uk-england-hampshire-58078670

Black Hat: Security Bugs Allow Takeover of Capsule Hotel Rooms:
https://threatpost.com/security-bugs-takeover-capsule-hotel/168376/

This week Anna Collard, founder of Popcorn Training and an all around brillant person, talks through the stories of the week and shares her experience taking a doodle, and turining it into a great company. You don't want to miss it!

Like, subscribe and share!

About Anna:
LinkedIn: https://www.linkedin.com/in/anna-collard-606817/
Twitter: @AnnaCollard3

Stories from the show:

Majority of employees take cybersecurity shortcuts, despite knowing risks:
https://www.securitymagazine.com/articles/95722-majority-of-employees-take-cybersecurity-shortcuts-despite-knowing-risks

Scam-baiting YouTube channel Tech Support Scams taken offline by tech support scam:
https://www.theregister.com/2021/07/27/youtube_channel_tech_scam/

ICO ends its involvement in dispute between NatWest Bank and data breach whistleblower:
https://www.computerweekly.com/news/252504531/ICO-ends-its-involvement-in-dispute-between-NatWest-Bank-and-data-breach-whistleblower

South Africa port operations halted and workers reportedly put on leave after major cyberattack:
https://www.cnbc.com/2021/07/27/transnet-halts-port-operations-in-south-africa-after-major-cyberattack.html

Show Content:
00:00 - Intro
02:52 - Majority of employees take cybersecurity shortcuts, despite knowing risks
10:16 - Scam-baiting YouTube channel Tech Support Scams taken offline by tech support scam
18:35 - ICO ends its involvement in dispute between NatWest Bank and data breach whistleblower
26:02 - South Africa port operations halted and workers reportedly put on leave after major cyberattack
33:50 - Anna talks about starting Popcorn Training
43:07 - Tech sector and the value of professional relationships in South Africa
48:53 - What people can do better to communicate
54:18 - What is next for Anna
56:34 - Outro

This week Javvad and Erich discuss some of the hottest stories of the past week, including the sentancing of a swatter, the release of a Kaseya universal ransomware decryptor, a $50m demand (possibly being delivered by bicycle), MosaicLoader punishes pirates, the (ISC)2 learning portal for CISSP's and other members and an insurtech startup that joins the 'unsecured S3 bucket' club.

All of this and more. Please like, subscribe and share. Story links and chapter listing is below.

Serial Swatter Who Caused Death Gets Five Years in Prison
https://krebsonsecurity.com/2021/07/serial-swatter-who-caused-death-gets-five-years-in-prison/

Kaseya obtains universal decryptor for REvil ransomware victims
https://www.bleepingcomputer.com/news/security/kaseya-obtains-universal-decryptor-for-revil-ransomware-victims/

Hackers reportedly demand $50m from Saudi Aramco over data leak
https://www.bbc.com/news/business-57924355

New MosaicLoader malware targets software pirates via online ads
https://www.bleepingcomputer.com/news/security/new-mosaicloader-malware-targets-software-pirates-via-online-ads/

An insurtech startup exposed thousands of sensitive insurance applications
https://techcrunch.com/2021/07/16/backnine-insurance-applications-exposed/

Other mentions:

Dark Patterns
https://www.darkpatterns.org/

(ISC)2 Learning Portal
https://learn.isc2.org

Contents of this video:
00:00 - Javvad's Minecraft-esque Intro
02:22 - Black Hat Conference and COVID Thoughts
06:00 - Serial Swatter Who Caused Death Gets Five Years in Prison
10:32 - Kaseya obtains universal decryptor for REvil ransomware victims
14:54 - Hackers reportedly demand $50m from Saudi Aramco over data leak
20:05 - New MosaicLoader malware targets software pirates via online ads
25:54 - The (ISC)2 Learning Portal and What They Are Doing Right
30:38 - An insurtech startup exposed thousands of sensitive insurance applications
34:53 - Closing and Profound Insight from Erich

In this episode, Erich and Javvad discuss some data breaches, issues with outdated and End-of-Life (EOL) hardware and software and issues with government collection of zero-day vulnerabilities and issues related to mandatory reporting with too little time to understand the issue. 

Like, subscribe and share!

Fashion retailer Guess discloses data breach after ransomware attack:
https://www.bleepingcomputer.com/news/security/fashion-retailer-guess-discloses-data-breach-after-ransomware-attack/

SonicWall warns of 'critical' ransomware risk to EOL SMA 100 VPN appliances:
https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-critical-ransomware-risk-to-eol-sma-100-vpn-appliances/

22% of exploits for sale in underground forums are more than three years old:
https://www.helpnetsecurity.com/2021/07/15/exploits-for-sale/

So nice of China to put all of its network zero-day vulns in one giant database no one will think to break into:
https://www.theregister.com/2021/07/15/china_vulnerability_law/