Timely topics, poorly presented, this time via a podcast. In this podcast the cyber security professionals Javvad Malik and Erich Kron discuss timely tech topics in a casual and easy to understand format. the video version of this is available on YouTube
Episodes
Thursday Aug 12, 2021
Thursday Aug 12, 2021
In this episode, Erich reminisces about Blackhat and DEFCON, comparing past years to 2021 and Javvad and him discuss some crazy news stories, including one where a cyber thief actually returns $260 million and a new UK governement software that adds a button to report emails to the 'Ministry of Phishy Things', or some such government entity.
Don't forget to Like, Subscribe and Share for more fun looks at very serious topics.
Stories from the show:
Cryptocurrency heist hacker returns $260m in funds:
https://www.bbc.com/news/business-58180692
New one-click button will flag dodgy emails directly to cyber experts:
https://news.sky.com/story/new-one-click-button-will-flag-dodgy-emails-directly-to-cyber-experts-12379104
Flight attendant interview video:
https://www.youtube.com/watch?v=XFoXmnBuLw0
Show Contents:
00:00 - 1:00 Intro
01:00 - 13:30 Blackhat and DEFCON recap
13:30 - 18:27 Cryptocurrency heist hacker returns $260m in funds
18:27 - 28:49 New one-click button will flag dodgy emails directly to cyber experts
28:49 - 30:39 Smelling like regret (https://www.youtube.com/watch?v=XFoXmnBuLw0)
30:39 - 31:04 Outro
Friday Aug 06, 2021
Friday Aug 06, 2021
In this quick daily recap, Erich and Javvad talk about the closing day of Black Hat and the start of DEFCON, conference speaking and much more.
Thursday Aug 05, 2021
Thursday Aug 05, 2021
In this episode, Javvad and Erich discuss the first day at Black Hat 2021. They discuss the low attendance at Black Hat, the topics and big vendors at the show and other observations from the show.
In addition they discuss a ransomware attack on a school, a huge amount of data leaked by a mystery company, security issues with a hotel capsule, and more.
Look out for more updates from Vegas this year!
Like, share and subscribe!
Stories from the show:
Report: Over 63 Million US Citizens Exposed in Massive Data Leak:
https://www.vpnmentor.com/blog/report-onemorelead-leak/
Isle of Wight schools hit by ransomware attack:
https://www.bbc.com//uk-england-hampshire-58078670
Black Hat: Security Bugs Allow Takeover of Capsule Hotel Rooms:
https://threatpost.com/security-bugs-takeover-capsule-hotel/168376/
Friday Jul 30, 2021
Friday Jul 30, 2021
This week Anna Collard, founder of Popcorn Training and an all around brillant person, talks through the stories of the week and shares her experience taking a doodle, and turining it into a great company. You don't want to miss it!
Like, subscribe and share!
About Anna:
LinkedIn: https://www.linkedin.com/in/anna-collard-606817/
Twitter: @AnnaCollard3
Stories from the show:
Majority of employees take cybersecurity shortcuts, despite knowing risks:
https://www.securitymagazine.com/articles/95722-majority-of-employees-take-cybersecurity-shortcuts-despite-knowing-risks
Scam-baiting YouTube channel Tech Support Scams taken offline by tech support scam:
https://www.theregister.com/2021/07/27/youtube_channel_tech_scam/
ICO ends its involvement in dispute between NatWest Bank and data breach whistleblower:
https://www.computerweekly.com/news/252504531/ICO-ends-its-involvement-in-dispute-between-NatWest-Bank-and-data-breach-whistleblower
South Africa port operations halted and workers reportedly put on leave after major cyberattack:
https://www.cnbc.com/2021/07/27/transnet-halts-port-operations-in-south-africa-after-major-cyberattack.html
Show Content:
00:00 - Intro
02:52 - Majority of employees take cybersecurity shortcuts, despite knowing risks
10:16 - Scam-baiting YouTube channel Tech Support Scams taken offline by tech support scam
18:35 - ICO ends its involvement in dispute between NatWest Bank and data breach whistleblower
26:02 - South Africa port operations halted and workers reportedly put on leave after major cyberattack
33:50 - Anna talks about starting Popcorn Training
43:07 - Tech sector and the value of professional relationships in South Africa
48:53 - What people can do better to communicate
54:18 - What is next for Anna
56:34 - Outro
Sunday Jul 25, 2021
Sunday Jul 25, 2021
This week Javvad and Erich discuss some of the hottest stories of the past week, including the sentancing of a swatter, the release of a Kaseya universal ransomware decryptor, a $50m demand (possibly being delivered by bicycle), MosaicLoader punishes pirates, the (ISC)2 learning portal for CISSP's and other members and an insurtech startup that joins the 'unsecured S3 bucket' club.
All of this and more. Please like, subscribe and share. Story links and chapter listing is below.
Serial Swatter Who Caused Death Gets Five Years in Prison
https://krebsonsecurity.com/2021/07/serial-swatter-who-caused-death-gets-five-years-in-prison/
Kaseya obtains universal decryptor for REvil ransomware victims
https://www.bleepingcomputer.com/news/security/kaseya-obtains-universal-decryptor-for-revil-ransomware-victims/
Hackers reportedly demand $50m from Saudi Aramco over data leak
https://www.bbc.com/news/business-57924355
New MosaicLoader malware targets software pirates via online ads
https://www.bleepingcomputer.com/news/security/new-mosaicloader-malware-targets-software-pirates-via-online-ads/
An insurtech startup exposed thousands of sensitive insurance applications
https://techcrunch.com/2021/07/16/backnine-insurance-applications-exposed/
Other mentions:
Dark Patterns
https://www.darkpatterns.org/
(ISC)2 Learning Portal
https://learn.isc2.org
Contents of this video:
00:00 - Javvad's Minecraft-esque Intro
02:22 - Black Hat Conference and COVID Thoughts
06:00 - Serial Swatter Who Caused Death Gets Five Years in Prison
10:32 - Kaseya obtains universal decryptor for REvil ransomware victims
14:54 - Hackers reportedly demand $50m from Saudi Aramco over data leak
20:05 - New MosaicLoader malware targets software pirates via online ads
25:54 - The (ISC)2 Learning Portal and What They Are Doing Right
30:38 - An insurtech startup exposed thousands of sensitive insurance applications
34:53 - Closing and Profound Insight from Erich
Friday Jul 16, 2021
Friday Jul 16, 2021
In this episode, Erich and Javvad discuss some data breaches, issues with outdated and End-of-Life (EOL) hardware and software and issues with government collection of zero-day vulnerabilities and issues related to mandatory reporting with too little time to understand the issue.
Like, subscribe and share!
Fashion retailer Guess discloses data breach after ransomware attack:
https://www.bleepingcomputer.com/news/security/fashion-retailer-guess-discloses-data-breach-after-ransomware-attack/
SonicWall warns of 'critical' ransomware risk to EOL SMA 100 VPN appliances:
https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-critical-ransomware-risk-to-eol-sma-100-vpn-appliances/
22% of exploits for sale in underground forums are more than three years old:
https://www.helpnetsecurity.com/2021/07/15/exploits-for-sale/
So nice of China to put all of its network zero-day vulns in one giant database no one will think to break into:
https://www.theregister.com/2021/07/15/china_vulnerability_law/
Friday Jul 02, 2021
Friday Jul 02, 2021
In this episode, Charl van der Walt jions Erich and Javvad as they talk about the news stories related to the new CISA 'Bad Practices' guidance, My Book Live devices being remotely wiped, Windows print spoolers being weaponized and data movement by pigeons.
Charl then talks about what it's like being a CEO, what he looks for in potential employees, the state of security organizations in South Africa, the value of certifications and more.
Remember to hit the 'Like' button, then subscribe and share for more great weekly episoded.
About Charl:
Twitter: @charlvdwalt
LinkedIn: https://www.linkedin.com/in/charl-van-der-walt/
Orange Cyberdefense: https://www.linkedin.com/company/orange-cyberdefense/
Stories from the show:
CVE-2021-1675: Proof-of-Concept Leaked for Critical Windows Print Spooler Vulnerability:
https://www.tenable.com/blog/cve-2021-1675-proof-of-concept-leaked-for-critical-windows-print-spooler-vulnerability
Hackers use zero-day to mass-wipe My Book Live devices:
https://www.bleepingcomputer.com/news/security/hackers-use-zero-day-to-mass-wipe-my-book-live-devices/
Bad Practices:
https://www.cisa.gov/BadPractices
BONUS STORY:
In Africa, A Pigeon Transfers Data Faster Than The Internet:
https://www.wired.com/2009/09/in-africa-a-pigeon-transfers-data-faster-than-the-internet/
IP over Avian Carriers with Quality of Service:
https://datatracker.ietf.org/doc/html/rfc2549
Friday Jun 25, 2021
Friday Jun 25, 2021
In this episode Javvad and Erich discuss the death of John McAfee, a story where 2 brothers in South Africa disappear under mysterious circumstances (and along with $2.2 billion in BTC) and, Facebook calls out Apple by funding an attempt at an academic-ish paper, as they strive to protect you from the evils of monopolistic behavior (or maybe just to protect their own profits). All this and more in this episode!
Be sure to like, subscribe and share!
Javvad's Interview with John McAfee:
https://www.youtube.com/watch?v=xHuVW63ceSQ
Stories from the show:
John McAfee found dead in Spanish prison after his extradition to the US was approved:
https://www.cnn.com/2021/06/23/tech/john-mcafee-death/index.html
South African Brothers Disappear, Along With $2.2 Billion Worth Of Bitcoin:
https://www.forbes.com/sites/emilymason/2021/06/23/south-african-brothers-disappear-along-with-22-billion-worth-of-bitcoin/?sh=4dbd6a3a1a60
Facebook vs. Apple: Here's what you need to know about their privacy feud:
https://www.cnet.com/news/facebook-vs-apple-heres-what-you-need-to-know-about-their-privacy-feud/
The paper that was published:
Harming Competition and Consumers under the Guise of Protecting Privacy: An Analysis of Apple’s iOS 14 Policy Updates:
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3852744
Friday Jun 18, 2021
Friday Jun 18, 2021
In this episode, Javvad and Erich are joined by Magda de Jager (aka Mags) to discuss this weeks news stories, including the Peloton bike vulnerability (or is it?), the takedown of the Clot ransomware gang and credential stuffing attacks targeting the travel and retail industries. Mags also discusses her journey to working in infosec and much, much more!
Please like, share and subscribe
About Mags:
Twitter: @magsdj
LinkedIn: https://www.linkedin.com/in/magdadejager/
Stories from the show:
Ukrainian police partner with US, South Korea for raid on Clop ransomware members:
https://www.zdnet.com/article/ukranian-police-partner-with-us-south-korea-for-raid-on-clop-ransomware-members/
Peloton Bike+ Was Vulnerable to Remote Hacking, Researchers Find:
https://gizmodo.com/peloton-bike-was-vulnerable-to-remote-hacking-researc-1847105097
Travel and retail industries facing wave of credential stuffing attacks:
https://www.zdnet.com/article/travel-and-retail-industries-facing-wave-of-credential-stuffing-attacks/
Scottish word of the day:
Miss PunnyPennie - @Lenniesaurus
https://twitter.com/Lenniesaurus
Friday Jun 11, 2021
Friday Jun 11, 2021
In this episode Javvad and Erich welcome Mo Amin, -------- at ------- as we discuss the Fastly outage, some vulnerabilities in some MQTT handlers, what might be the biggest password dump of all times and we have some serious discussion about company security culture and what that means to an organization.
Don’t forget to like, share and subscribe for more great weekly content!
About Mo:
Twitter: @infosecmo
LinkedIn: https://www.linkedin.com/in/moamin1/
Stories form the show
One Fastly customer triggered internet meltdown:
https://www.bbc.com/news/technology-57413224
DoS vulns in 3 open-source MQTT message brokers could leave users literally locked out of their homes or offices:
https://www.theregister.com/2021/06/08/mqtt_dos_vulnerabilities/
Largest List of Passwords Ever Has Been Released Online:
https://news.softpedia.com/news/largest-list-of-passwords-ever-has-been-released-online-533160.shtml