Timely topics, poorly presented, this time via a podcast. In this podcast the cyber security professionals Javvad Malik and Erich Kron discuss timely tech topics in a casual and easy to understand format. the video version of this is available on YouTube
Episodes
Friday Apr 23, 2021
Friday Apr 23, 2021
In this episode, Erich and Javvad discuss a 50-year-old male Japanese motorcycler that tricked his fans in to believing he was a 20-something-year-old female with digital face swap trickery, How McDonalds $18k ice cream machines have a dirty little secret, and maybe a fix for that with a Raspberry Pi, and free or cheap alternatives to some popular graphics design programs.
All this and more. Don't forget to watch, like and subscribe below
Stories from the show:
Face editing: Japanese biker tricks internet into thinking he is a young woman
https://www.bbc.com/news/world-asia-56447357
They Hacked McDonald’s Ice Cream Machines—and Started a Cold War
https://www.wired.com/story/they-hacked-mcdonalds-ice-cream-makers-started-cold-war/
Farmers Are Having to Hack Their Own Tractors Just to Make Repairs
https://www.thedrive.com/news/39158/farmers-are-having-to-hack-their-own-tractors-just-to-make-repairs
Sonos explains why it bricks old devices with ‘Recycle Mode’
https://www.theverge.com/2019/12/30/21042871/sonos-recycle-mode-trade-up-program-controversy
Adobe Early Cancellation Fee Stirs Up Controversy On Twitter; Leaves Users Enraged
https://www.republicworld.com/technology-news/apps/adobe-early-cancellation-fee-stirs-up-controversy-on-twitter-leaves-users-enraged.html
Adobe Alternatives
https://www.patreon.com/posts/26834357
Friday Apr 16, 2021
Friday Apr 16, 2021
Have you ever wanted to start an infosec conference of your very own? This week Erich and Javvad talk with Derrick Thomas, a co-founder of BSides Tampa, about what it's like to start and grow a conference, some pitfalls and reaching for stars.
They will also discuss the FBI fixing Exchange servers via search warrants, Derrick will be distracted by a clickbait ad about twerking, and realtors showing PII in a virtual tour will be discussed.
Don't forget to like and subscribe to the podcast and video versions.
About Derrick:
Twitter: @BSidesTampa
LinkedIn: https://www.linkedin.com/in/ddthomas-tampa/
Stories from the show:
FBI blasts away web shells on US servers in wake of Exchange vulnerabilities
https://www.zdnet.com/article/fbi-blasts-away-web-shells-on-us-servers-in-wake-of-exchange-vulnerabilities/
Estate agent's hi-tech house tour exposes personal data
https://www.bbc.co.uk/news/technology-56718046
Why Australia is in hysterics over a 'navy twerking' dance
https://www.bbc.co.uk/news/world-australia-56754868
Fyre Festival
https://en.wikipedia.org/wiki/Fyre_Festival
Friday Apr 09, 2021
Friday Apr 09, 2021
In this great episode, Erich and Javvad welcome Tricia Howard to the show as they discuss the Ziggy ransomware game giving refunds (no, really), the 500 million user LinkedIn profile scrape, getting in to the cybersecurity industry from outside, and more.
Trisha even uses her amazing theatrical skills to do a dramatic reading of a ransomware note.
Remember to watch, like, and subscribe!
Trisha's information:
Twitter and Instagram: @TriciaKicksSaaS
LinkedIn: https://www.linkedin.com/in/triciakickssaas/
Stories from the show:
Ziggy ransomware admin announces refunds for all targeted victims
https://www.teiss.co.uk/ziggy-ransomware-admin-to-refund-victims/
Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof:
https://cybernews.com/news/stolen-data-of-500-million-linkedin-users-being-sold-online-2-million-leaked-as-proof-2/
Friday Mar 26, 2021
Friday Mar 26, 2021
In the episode, Javvad and Erich welcome Kai Roer to the show to talk about a Twitter account takeover, a big potential data leak, responsibility in a phishing click and of course, about security culture.
About Kai:
Twitter: @kairoer
LinkedIn: https://www.linkedin.com/in/kairoer/
Stories From the Show:
Phish Leads to Breach at Calif. State Controller
https://krebsonsecurity.com/2021/03/phish-leads-to-breach-at-calif-state-controller/
NHS boss's Twitter accounts hacked by PS5 scammers:
https://www.bbc.co.uk/news/technology-56456002
Forex Broker Leaks Billions of Customer Records Online:
https://www.infosecurity-magazine.com/news/forex-leaks-millions-customer/
Friday Mar 12, 2021
Friday Mar 12, 2021
From security camera feeds being pwned to tracking people through lens scratches and dust and big issues with some Adobe software, cameras and related items are the topic today for Javvad and Erich.
Links from the show:
FB can track you via dust and scratches:
https://www.tiktok.com/@jengolbeck/video/6936959507356486918
The FB patent for associating cameras with users and objects in a social networking system
https://patents.google.com/patent/US9485423B2/en
Dr. Jen Golbeck:
Twitter: https://twitter.com/jengolbeck
TikTok: https://www.tiktok.com/@jengolbeck?
Security startup Verkada hack exposes 150,000 security cameras in Tesla factories, jails, and more:
https://www.theverge.com/2021/3/9/22322122/verkada-hack-150000-security-cameras-tesla-factory-cloudflare-jails-hospitals
Adobe releases batch of security fixes for Framemaker, Creative Cloud, Connect:
https://www.zdnet.com/article/adobe-releases-batch-of-security-fixes-for-framemaker-creative-cloud-connect/
Friday Mar 05, 2021
Friday Mar 05, 2021
In this episode, Erich and Javvad are joined by their colleague and friend, James McQuiggan, as they discuss Elder Fraud, phishing attacks targeting AOL users, Cash App phishing kits and bogus Capital Calls among other things.
James McQuiggans info:
Twitter: @James_McQuiggan
LinkedIn: https://www.linkedin.com/in/jmcquiggan/
His book Pick:
Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors
https://www.amazon.com/Transformational-Security-Awareness-Neuroscientists-Storytellers/dp/1119566347/
Stories from the show:
Elder Fraud:
https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/elder-fraud
Beware: AOL phishing email states your account will be closed:
https://www.bleepingcomputer.com/news/security/beware-aol-phishing-email-states-your-account-will-be-closed/
Cash App phishing kit deployed in the wild, courtesy of 16Shop:
https://www.bleepingcomputer.com/news/security/cash-app-phishing-kit-deployed-in-the-wild-courtesy-of-16shop/
Investors are the next target of large-scale cyberattacks:
https://www.bleepingcomputer.com/news/security/investors-are-the-next-target-of-large-scale-cyberattacks/
Friday Feb 26, 2021
Friday Feb 26, 2021
Mohammed Aldoub AKA @voulnet is an API and Cloud security expert. While Erich is off nursing a sore neck, Mohammed keeps Javvad quiet and drops some serious API security knowledge.
Links discussed:
Clubhouse https://twitter.com/_DanielSinclair/status/1363738761339826177?s=19
Hacking Starbucks https://samcurry.net/hacking-starbucks/
Cloud pricing specialists https://www.duckbillgroup.com/
API vulnerability https://hackerone.com/reports/810320
Exploiting Drupal8's REST RCE https://www.ambionics.io/blog/drupal8-rce
Stop using JWT for sessions http://cryto.net/~joepie91/blog/2016/06/19/stop-using-jwt-for-sessions-part-2-why-your-solution-doesnt-work/
Mohammed's Github (tools, upcoming training schedule) https://github.com/Voulnet
Follow Mohammed on twitter @voulnet
Friday Feb 19, 2021
Friday Feb 19, 2021
Javvad's internet is broken, so he is a pixelated mess, but we still talk ransomware and the new Mac M1 virus.
Stories from the show:
Kia Motors Hit With $20M Ransomware Attack – Report (with a cameo ad for Erich's upcoming ThreatPost panel)
https://threatpost.com/kia-motors-ransomware-attack/164085/
When Cyber Gangs Disregard Ransomware Payments, Victims Can Be Hit Twice
https://securityintelligence.com/news/when-cyber-gangs-disregard-ransomware-payments/
First Malware Running Natively on M1 Chip Discovered
https://www.macrumors.com/2021/02/17/first-m1-chip-malware/
Friday Feb 12, 2021
Friday Feb 12, 2021
In this episode, Erich and Javvad welcome Kylee Lockwood, a pro in the field of compliance, to the show as they discuss issues with ICS, the impact of cat filters on professional people and another loss of source code.
Kylee's contact information:
LinkedIn - https://www.linkedin.com/in/kyleemarie/
Twitter - @kyleemariel
Links from the show:
Hackers steal StormShield firewall source code in data breach
https://www.bleepingcomputer.com/news/security/hackers-steal-stormshield-firewall-source-code-in-data-breach/
ICS Challenges
https://www.zdnet.com/article/hacker-modified-drinking-water-chemical-levels-in-a-us-city/
Lawyer is NOT a cat:
https://www.entrepreneur.com/article/365148
Cat filter accidentally used in Pakistani minister’s live press conference:
https://www.bbc.com/news/world-asia-48663289
Friday Feb 05, 2021
Friday Feb 05, 2021
In this episode Erich and Javvad discuss stories related to ransomware, vulnerabilites in some WiFi chipsets and issues related to the Greek police officers being issued hardware allowing for facial recognition and fingerprint identification.
Stories in this episode:
Critical Bugs Found in Popular Realtek Wi-Fi Module for Embedded Devices:
https://thehackernews.com/2021/02/critical-bugs-found-in-popular-realtek.html
Ransomware attacks increasingly destroy victims’ data by mistake:
https://www.bleepingcomputer.com/news/security/rise-in-ransomware-attacks-mistakenly-causing-data-destruction/
Ransomware: A company paid millions to get their data back, but forgot to do one thing. So the hackers came back again:
https://www.zdnet.com/article/ransomware-this-is-the-first-thing-you-should-think-about-if-you-fall-victim-to-an-attack/
Greek Police to Introduce Live Facial Recognition:
https://www.infosecurity-magazine.com/news/greek-police-to-introduce-live