The Jerich Show Podcast

In this great episode, Erich and Javvad welcome Tricia Howard to the show as they discuss the Ziggy ransomware game giving refunds (no, really), the 500 million user LinkedIn profile scrape, getting in to the cybersecurity industry from outside, and more.

Trisha even uses her amazing theatrical skills to do a dramatic reading of a ransomware note. 

Remember to watch, like, and subscribe!

Trisha's information:
Twitter and Instagram: @TriciaKicksSaaS
LinkedIn: https://www.linkedin.com/in/triciakickssaas/ 

Stories from the show:
Ziggy ransomware admin announces refunds for all targeted victims
https://www.teiss.co.uk/ziggy-ransomware-admin-to-refund-victims/

Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof:
https://cybernews.com/news/stolen-data-of-500-million-linkedin-users-being-sold-online-2-million-leaked-as-proof-2/

In the episode, Javvad and Erich welcome Kai Roer to the show to talk about a Twitter account takeover, a big potential data leak, responsibility in a phishing click and of course, about security culture.

About Kai:
Twitter: @kairoer
LinkedIn: https://www.linkedin.com/in/kairoer/

Stories From the Show:

Phish Leads to Breach at Calif. State Controller
https://krebsonsecurity.com/2021/03/phish-leads-to-breach-at-calif-state-controller/

NHS boss's Twitter accounts hacked by PS5 scammers:
https://www.bbc.co.uk/news/technology-56456002

Forex Broker Leaks Billions of Customer Records Online:
https://www.infosecurity-magazine.com/news/forex-leaks-millions-customer/

From security camera feeds being pwned to tracking people through lens scratches and dust and big issues with some Adobe software, cameras and related items are the topic today for Javvad and Erich.

Links from the show: 

FB can track you via dust and scratches:
https://www.tiktok.com/@jengolbeck/video/6936959507356486918

The FB patent for associating cameras with users and objects in a social networking system
https://patents.google.com/patent/US9485423B2/en

Dr. Jen Golbeck:
Twitter: https://twitter.com/jengolbeck

TikTok: https://www.tiktok.com/@jengolbeck?

Security startup Verkada hack exposes 150,000 security cameras in Tesla factories, jails, and more:
https://www.theverge.com/2021/3/9/22322122/verkada-hack-150000-security-cameras-tesla-factory-cloudflare-jails-hospitals

Adobe releases batch of security fixes for Framemaker, Creative Cloud, Connect:
https://www.zdnet.com/article/adobe-releases-batch-of-security-fixes-for-framemaker-creative-cloud-connect/

In this episode, Erich and Javvad are joined by their colleague and friend, James McQuiggan, as they discuss Elder Fraud, phishing attacks targeting AOL users,  Cash App phishing kits and bogus Capital Calls among other things.

James McQuiggans info:
Twitter: @James_McQuiggan
LinkedIn: https://www.linkedin.com/in/jmcquiggan/

His book Pick:
Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors
https://www.amazon.com/Transformational-Security-Awareness-Neuroscientists-Storytellers/dp/1119566347/

Stories from the show:

Elder Fraud:
https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/elder-fraud

Beware: AOL phishing email states your account will be closed:
https://www.bleepingcomputer.com/news/security/beware-aol-phishing-email-states-your-account-will-be-closed/

Cash App phishing kit deployed in the wild, courtesy of 16Shop:
https://www.bleepingcomputer.com/news/security/cash-app-phishing-kit-deployed-in-the-wild-courtesy-of-16shop/

Investors are the next target of large-scale cyberattacks:
https://www.bleepingcomputer.com/news/security/investors-are-the-next-target-of-large-scale-cyberattacks/

Mohammed Aldoub AKA @voulnet is an API and Cloud security expert. While Erich is off nursing a sore neck, Mohammed keeps Javvad quiet and drops some serious API security knowledge.

Links discussed:
Clubhouse https://twitter.com/_DanielSinclair/status/1363738761339826177?s=19 

Hacking Starbucks https://samcurry.net/hacking-starbucks/ 

Cloud pricing specialists https://www.duckbillgroup.com/

API vulnerability https://hackerone.com/reports/810320

Exploiting Drupal8's REST RCE https://www.ambionics.io/blog/drupal8-rce

Stop using JWT for sessions http://cryto.net/~joepie91/blog/2016/06/19/stop-using-jwt-for-sessions-part-2-why-your-solution-doesnt-work/ 

Mohammed's Github (tools, upcoming training schedule) https://github.com/Voulnet 

Follow Mohammed on twitter @voulnet

Javvad's internet is broken, so he is a pixelated mess, but we still talk ransomware and the new Mac M1 virus. 

Stories from the show:

Kia Motors Hit With $20M Ransomware Attack – Report  (with a cameo ad for Erich's upcoming ThreatPost panel)
https://threatpost.com/kia-motors-ransomware-attack/164085/

When Cyber Gangs Disregard Ransomware Payments, Victims Can Be Hit Twice
https://securityintelligence.com/news/when-cyber-gangs-disregard-ransomware-payments/

First Malware Running Natively on M1 Chip Discovered
https://www.macrumors.com/2021/02/17/first-m1-chip-malware/

In this episode, Erich and Javvad welcome Kylee Lockwood, a pro in the field of compliance, to the show as they discuss issues with ICS, the impact of cat filters on professional people and another loss of source code.

Kylee's contact information:
LinkedIn - https://www.linkedin.com/in/kyleemarie/
Twitter - @kyleemariel

Links from the show:

Hackers steal StormShield firewall source code in data breach
https://www.bleepingcomputer.com/news/security/hackers-steal-stormshield-firewall-source-code-in-data-breach/

ICS Challenges 
https://www.zdnet.com/article/hacker-modified-drinking-water-chemical-levels-in-a-us-city/

Lawyer is NOT a cat:
https://www.entrepreneur.com/article/365148

Cat filter accidentally used in Pakistani minister’s live press conference:
https://www.bbc.com/news/world-asia-48663289

In this episode Erich and Javvad discuss stories related to ransomware, vulnerabilites in some WiFi chipsets and issues related to the Greek police officers being issued hardware allowing for facial recognition and fingerprint identification.

Stories in this episode:

Critical Bugs Found in Popular Realtek Wi-Fi Module for Embedded Devices:
https://thehackernews.com/2021/02/critical-bugs-found-in-popular-realtek.html

Ransomware attacks increasingly destroy victims’ data by mistake:
https://www.bleepingcomputer.com/news/security/rise-in-ransomware-attacks-mistakenly-causing-data-destruction/

Ransomware: A company paid millions to get their data back, but forgot to do one thing. So the hackers came back again:
https://www.zdnet.com/article/ransomware-this-is-the-first-thing-you-should-think-about-if-you-fall-victim-to-an-attack/

Greek Police to Introduce Live Facial Recognition:
https://www.infosecurity-magazine.com/news/greek-police-to-introduce-live

This week Javvad and Erich welcome a long time friend and former colleague of Javvad's, Adrian Sanabria to the show as they discuss news around the takedown of the the Emotet group, a new phishing toolkit that dynamically changes brands and other news from they cybersecurity world. Adrian also discusses his new job and how it will change the future of infosec tool product reviews.

Don't forget to like and subscribe for more great weekly content! 

Adrian's Social Media:
Twitter: @sawaba
LinkedIn: https://www.linkedin.com/in/adrian-sanabria/
OnlyFans: TBD

Stories from the show:

Emotet Takedown:
https://www.bbc.com/news/technology-55826258

New Phishing Toolkit:
https://www.zdnet.com/article/new-cybercrime-tool-can-build-phishing-pages-in-real-time/

Krebs on Solarwinds:
https://krebsonsecurity.com/2021/01/solarwinds-what-hit-us-could-hit-others/

The Sonicwall Problem:
https://threatpost.com/sonicwall-breach-zero-days-in-remote-access/163290/

The Security Products We Deserve:
https://youtu.be/GHuQC1qLnJ4

Knowing that Erich was going in for doctor visit that morning, Javvad decided rather than a traditional show, to help take his mind off things, he would put Erich on the spot to comment to stories he had no idea were coming. 

Welcome to Headline Roulette, a speed response to the following stories with no time to actually read these articles: 

Privacy-focused search engine DuckDuckGo grew by 62% in 2020
https://www.bleepingcomputer.com/news/technology/privacy-focused-search-engine-duckduckgo-grew-by-62-percent-in-2020/

FBI: Disinformation Campaigns Seek to Exploit Capitol Siege
https://www.bankinfosecurity.com/fbi-disinformation-campaigns-seek-to-exploit-capitol-siege-a-15782

FBI warns of vishing attacks stealing corporate accounts
https://www.bleepingcomputer.com/news/security/fbi-warns-of-vishing-attacks-stealing-corporate-accounts/

A Chinese hacking group is stealing airline passenger details
https://www.zdnet.com/article/a-chinese-hacking-group-is-stealing-airline-passenger-details/

70% of UK finance industry hit with cyber-attacks in 2020
https://uk.finance.yahoo.com/news/70-percent-uk-finance-industry-hit-with-cyberattacks-in-2020-000851797.html

Hacker posts 1.9 million Pixlr user records for free on forum
https://www.bleepingcomputer.com/news/security/hacker-posts-19-million-pixlr-user-records-for-free-on-forum/

Coin-Mining Malware Volumes Soar 53% in Q4 2020
https://www.infosecurity-magazine.com/news/coinmining-malware-volumes-soar-53/

When you browse Instagram and find former Australian Prime Minister Tony Abbott's passport number
https://mango.pdf.zone/finding-former-australian-prime-minister-tony-abbotts-passport-number-on-instagram

X-rated social media app Fleek exposed explicit photos of users
https://www.hackread.com/social-media-app-fleek-explicit-photos-leak/

DON'T FORGET TO LIKE AND SUBSCRIBE