Timely topics, poorly presented, this time via a podcast. In this podcast the cyber security professionals Javvad Malik and Erich Kron discuss timely tech topics in a casual and easy to understand format. the video version of this is available on YouTube
Episodes
Friday Jul 02, 2021
Friday Jul 02, 2021
In this episode, Charl van der Walt jions Erich and Javvad as they talk about the news stories related to the new CISA 'Bad Practices' guidance, My Book Live devices being remotely wiped, Windows print spoolers being weaponized and data movement by pigeons.
Charl then talks about what it's like being a CEO, what he looks for in potential employees, the state of security organizations in South Africa, the value of certifications and more.
Remember to hit the 'Like' button, then subscribe and share for more great weekly episoded.
About Charl:
Twitter: @charlvdwalt
LinkedIn: https://www.linkedin.com/in/charl-van-der-walt/
Orange Cyberdefense: https://www.linkedin.com/company/orange-cyberdefense/
Stories from the show:
CVE-2021-1675: Proof-of-Concept Leaked for Critical Windows Print Spooler Vulnerability:
https://www.tenable.com/blog/cve-2021-1675-proof-of-concept-leaked-for-critical-windows-print-spooler-vulnerability
Hackers use zero-day to mass-wipe My Book Live devices:
https://www.bleepingcomputer.com/news/security/hackers-use-zero-day-to-mass-wipe-my-book-live-devices/
Bad Practices:
https://www.cisa.gov/BadPractices
BONUS STORY:
In Africa, A Pigeon Transfers Data Faster Than The Internet:
https://www.wired.com/2009/09/in-africa-a-pigeon-transfers-data-faster-than-the-internet/
IP over Avian Carriers with Quality of Service:
https://datatracker.ietf.org/doc/html/rfc2549
Friday Jun 25, 2021
Friday Jun 25, 2021
In this episode Javvad and Erich discuss the death of John McAfee, a story where 2 brothers in South Africa disappear under mysterious circumstances (and along with $2.2 billion in BTC) and, Facebook calls out Apple by funding an attempt at an academic-ish paper, as they strive to protect you from the evils of monopolistic behavior (or maybe just to protect their own profits). All this and more in this episode!
Be sure to like, subscribe and share!
Javvad's Interview with John McAfee:
https://www.youtube.com/watch?v=xHuVW63ceSQ
Stories from the show:
John McAfee found dead in Spanish prison after his extradition to the US was approved:
https://www.cnn.com/2021/06/23/tech/john-mcafee-death/index.html
South African Brothers Disappear, Along With $2.2 Billion Worth Of Bitcoin:
https://www.forbes.com/sites/emilymason/2021/06/23/south-african-brothers-disappear-along-with-22-billion-worth-of-bitcoin/?sh=4dbd6a3a1a60
Facebook vs. Apple: Here's what you need to know about their privacy feud:
https://www.cnet.com/news/facebook-vs-apple-heres-what-you-need-to-know-about-their-privacy-feud/
The paper that was published:
Harming Competition and Consumers under the Guise of Protecting Privacy: An Analysis of Apple’s iOS 14 Policy Updates:
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3852744
Friday Jun 18, 2021
Friday Jun 18, 2021
In this episode, Javvad and Erich are joined by Magda de Jager (aka Mags) to discuss this weeks news stories, including the Peloton bike vulnerability (or is it?), the takedown of the Clot ransomware gang and credential stuffing attacks targeting the travel and retail industries. Mags also discusses her journey to working in infosec and much, much more!
Please like, share and subscribe
About Mags:
Twitter: @magsdj
LinkedIn: https://www.linkedin.com/in/magdadejager/
Stories from the show:
Ukrainian police partner with US, South Korea for raid on Clop ransomware members:
https://www.zdnet.com/article/ukranian-police-partner-with-us-south-korea-for-raid-on-clop-ransomware-members/
Peloton Bike+ Was Vulnerable to Remote Hacking, Researchers Find:
https://gizmodo.com/peloton-bike-was-vulnerable-to-remote-hacking-researc-1847105097
Travel and retail industries facing wave of credential stuffing attacks:
https://www.zdnet.com/article/travel-and-retail-industries-facing-wave-of-credential-stuffing-attacks/
Scottish word of the day:
Miss PunnyPennie - @Lenniesaurus
https://twitter.com/Lenniesaurus
Friday Jun 11, 2021
Friday Jun 11, 2021
In this episode Javvad and Erich welcome Mo Amin, -------- at ------- as we discuss the Fastly outage, some vulnerabilities in some MQTT handlers, what might be the biggest password dump of all times and we have some serious discussion about company security culture and what that means to an organization.
Don’t forget to like, share and subscribe for more great weekly content!
About Mo:
Twitter: @infosecmo
LinkedIn: https://www.linkedin.com/in/moamin1/
Stories form the show
One Fastly customer triggered internet meltdown:
https://www.bbc.com/news/technology-57413224
DoS vulns in 3 open-source MQTT message brokers could leave users literally locked out of their homes or offices:
https://www.theregister.com/2021/06/08/mqtt_dos_vulnerabilities/
Largest List of Passwords Ever Has Been Released Online:
https://news.softpedia.com/news/largest-list-of-passwords-ever-has-been-released-online-533160.shtml
Friday Jun 04, 2021
Friday Jun 04, 2021
In this episode, Jim Zuffoletti, CEO & Co-Founder of SafeGuard Cyber, joins the show as we discuss several ransomware attacks from the week, talk about how security has evolved to bring about some signficant challenges securing human and cloud architectures and the data involved, and much, much more.
Jim's info:
SafeGuard Cyber: https://www.safeguardcyber.com/
SafeGuard Cyber's Twitter: @SafeGuard_Cyber
LinkedIn: https://www.linkedin.com/in/jimzuffoletti/
Stories from the show:
REvil, A Notorious Ransomware Gang, Was Behind JBS Cyberattack, The FBI Says
https://www.npr.org/2021/06/03/1002819883/revil-a-notorious-ransomware-gang-was-behind-jbs-cyberattack-the-fbi-says
FUJIFILM shuts down network after suspected ransomware attack
https://www.bleepingcomputer.com/news/security/fujifilm-shuts-down-network-after-suspected-ransomware-attack/
NYC’s Subway Operator and Martha’s Vineyard Ferry Latest to Report Cyberattacks
https://www-wsj-com.cdn.ampproject.org/c/s/www.wsj.com/amp/articles/ransomware-scourge-continues-as-essential-services-are-hit-11622672685
Biden will confront Vladimir Putin about ransomware as cyberattacks increase in US
https://www.usatoday.com/story/news/politics/2021/06/02/joe-biden-discuss-ransomware-putin-amid-rising-cyberattacks/7508957002/
Effectuation.org
https://www.effectuation.org/
Friday May 28, 2021
Friday May 28, 2021
In this episode, Erich is recovering from a minor spinal surgery an hour before recording and Javvad makes him discuss topics ranging from the FBI notice about Conti attacking hospitals and first responders, the governement attempting to get control of data breaches, a huge illegal Russian dark web market and recent Japan hacks
Don't forget to like, share and subscribe!
Links from the show:
The most important link in the list - 恋のセキュリティホール〜HACK SONG〜:
https://www.youtube.com/watch?v=ZQlvY5UfjeE
FBI Flaaaaaash:
https://www.documentcloud.org/documents/20785301-conti-ransomware-attacks-impact-healthcare-and-first-responder-networks-bc-5-20-21
Senators roll out bipartisan data privacy bill:
https://www.theverge.com/2021/5/20/22444515/amy-klobuchar-data-privacy-protection-facebook-state-laws
Illegal Drug Trade Fuels $1.37B in Crypto Transactions at Russian Dark Site:
https://www.ecommercetimes.com/story/87146.html
Japanese government agencies suffer data breaches after Fujitsu hack:
https://www.bleepingcomputer.com/news/security/japanese-government-agencies-suffer-data-breaches-after-fujitsu-hack/
Japan predicts hacker attack on Tokyo Summer Olympics by Russian hackers:
https://www.ehackingnews.com/2021/05/japan-predicts-hacker-attack-on-tokyo.html
Friday May 21, 2021
Friday May 21, 2021
In this episode, Javvad and Erich welcome Andra Zaharia to the show as they talk about an issue with an update to servers behind some cloud cameras that allowed people to view other feeds, how a Russian keyboard can stop malware and about infosec marketing, both externally to customers and internally to your leadership.
Stories: Bug Exposes Eufy Camera Private Feeds to Random Users
https://threatpost.com/eufy-cam-private-feeds/166288/
Russian keyboards can stop ransomware?
About Andra:
Twitter: @AndraZaharia
LinkedIn: https://www.linkedin.com/in/andrazaharia/
Website: https://andrazaharia.com/
Resources she recommended:
Impersonation example: https://twitter.com/kat_boogaard/status/1361769043267645440
Thanks for the Feedback: The Science and Art of Receiving Feedback Well by Douglas Stone, Sheila Heen - https://www.goodreads.com/book/show/18114120-thanks-for-the-feedback?ac=1&from_search=true&qid=BNKechN2EP&rank=1
Nonviolent Communication: A Language of Life by Marshall B. Rosenberg - https://www.goodreads.com/book/show/71730.Nonviolent_Communication?ac=1&from_search=true&qid=o3Ar8B4VcH&rank=1
The Mom Test: How to talk to customers & learn if your business is a good idea when everyone is lying to you by Rob Fitzpatrick - https://www.goodreads.com/book/show/52283963-the-mom-test?ac=1&from_search=true&qid=7KBV7NvPN8&rank=1
What To Do When It's Your Turn (and it's always your turn) by Seth Godin - https://www.goodreads.com/book/show/23665356-what-to-do-when-it-s-your-turn?ac=1&from_search=true&qid=njWuQP6RrB&rank=1
Her list of people to follow who will instantly make your timeline a source of good convos - https://twitter.com/i/lists/967424242961801217/members
Friday Apr 30, 2021
Friday Apr 30, 2021
This week Erich and Javvad talk about the issues of law enforcement making changes to private companies servers, the spotting of some CIA malware, another government data breach and an awesome bug bounty story.
Listen, like and subscribe!
Links from the show:
This software update is deleting botnet malware from infected PCs around the world
Security firm Kaspersky believes it found new CIA malware
https://therecord.media/security-firm-kaspersky-believes-it-found-new-cia-malware/
Wyo Health Department Data Breach Exposes Info From 165K Wyomingites
Researchers Secure Bug Bounty Payout to Help Raise Funds for Infant’s Surgery
Friday Apr 23, 2021
Friday Apr 23, 2021
In this episode, Erich and Javvad discuss a 50-year-old male Japanese motorcycler that tricked his fans in to believing he was a 20-something-year-old female with digital face swap trickery, How McDonalds $18k ice cream machines have a dirty little secret, and maybe a fix for that with a Raspberry Pi, and free or cheap alternatives to some popular graphics design programs.
All this and more. Don't forget to watch, like and subscribe below
Stories from the show:
Face editing: Japanese biker tricks internet into thinking he is a young woman
https://www.bbc.com/news/world-asia-56447357
They Hacked McDonald’s Ice Cream Machines—and Started a Cold War
https://www.wired.com/story/they-hacked-mcdonalds-ice-cream-makers-started-cold-war/
Farmers Are Having to Hack Their Own Tractors Just to Make Repairs
https://www.thedrive.com/news/39158/farmers-are-having-to-hack-their-own-tractors-just-to-make-repairs
Sonos explains why it bricks old devices with ‘Recycle Mode’
https://www.theverge.com/2019/12/30/21042871/sonos-recycle-mode-trade-up-program-controversy
Adobe Early Cancellation Fee Stirs Up Controversy On Twitter; Leaves Users Enraged
https://www.republicworld.com/technology-news/apps/adobe-early-cancellation-fee-stirs-up-controversy-on-twitter-leaves-users-enraged.html
Adobe Alternatives
https://www.patreon.com/posts/26834357
Friday Apr 16, 2021
Friday Apr 16, 2021
Have you ever wanted to start an infosec conference of your very own? This week Erich and Javvad talk with Derrick Thomas, a co-founder of BSides Tampa, about what it's like to start and grow a conference, some pitfalls and reaching for stars.
They will also discuss the FBI fixing Exchange servers via search warrants, Derrick will be distracted by a clickbait ad about twerking, and realtors showing PII in a virtual tour will be discussed.
Don't forget to like and subscribe to the podcast and video versions.
About Derrick:
Twitter: @BSidesTampa
LinkedIn: https://www.linkedin.com/in/ddthomas-tampa/
Stories from the show:
FBI blasts away web shells on US servers in wake of Exchange vulnerabilities
https://www.zdnet.com/article/fbi-blasts-away-web-shells-on-us-servers-in-wake-of-exchange-vulnerabilities/
Estate agent's hi-tech house tour exposes personal data
https://www.bbc.co.uk/news/technology-56718046
Why Australia is in hysterics over a 'navy twerking' dance
https://www.bbc.co.uk/news/world-australia-56754868
Fyre Festival
https://en.wikipedia.org/wiki/Fyre_Festival