The Jerich Show Podcast

In this episode, Javvad and Erich are joined by privacy expert Rowenna Fielding for a fun and informative show discussing privacy issues around the globe. The group discusses changes made by TikTok, the new WhatsApp privacy debacle, the use crowdsourcing by law enforcement after the capitol fiasco, and how to move from and infosec role to a job focused on privacy. 

Rowenna’s recommended books:
• Surveillance capitalism - https://www.amazon.com/Age-Surveillance-Capitalism-Future-Frontier/dp/1541758005/
• Weapons of math destruction - https://www.amazon.com/Weapons-Math-Destruction-Increases-Inequality/dp/0553418831/
• Algorithms of oppression - https://www.amazon.com/Algorithms-Oppression-Search-Engines-Reinforce/dp/1479837245/

Rowenna’s Patreon link:
http://patreon.com/missiggeek

Links from the show:
TikTok: All under-16s' accounts made private - https://www.bbc.com/news/amp/technology-55639920

WhatsApp gives users an ultimatum: Share data with Facebook or stop using the app - https://arstechnica.com/tech-policy/2021/01/whatsapp-users-must-share-their-data-with-facebook-or-stop-using-the-app/

Rowenna’s breakdown of the WhatApp privacy changes - https://missinfogeek.net/whatsapp-privacy-policy-translated/

Capitol riots: Who has the FBI arrested so far? - https://www.bbc.com/news/world-us-canada-55626148

@sawaba plotted video uploads from the GPS coordinates of the capital on 1/6/21 - https://twitter.com/sawaba/status/1349056336202522625

I Cut the 'Big Five' Tech Giants From My Life. It Was Hell - https://gizmodo.com/i-cut-the-big-five-tech-giants-from-my-life-it-was-hel-1831304194

Join Javvad and Erich as they trick the ever funny and good humored Garrett Gross in to joining, them one last time before their end of year break, for a solid 9 minutes of great discussion followed by his dismissal. Once rid of him, the team turns the topic to their own favorite infosec stories of 2020. 

After this episode Erich and Javvad will be taking a break until the new year while they try incantations, burning of incense, interprative dance and any other possible method of ensuring 2021 won't be the dumpster fire that 2020 was. 

This is a great time to catch up on earlier episodes here and on Youtube at: https://www.youtube.com/channel/UCDCt5A9GDeTHWEBE8hHkKeg

Please like and subscribe to be notified of new episodes

Follow Garrett on Twitter at: @breachparty

Links from the show:

A Hacker Nearly Stole $8 Million From An Aussie Hedge Fund Using A Fake Zoom Invite:
https://www.gizmodo.com.au/2020/11/a-hacker-nearly-stole-8-million-from-an-aussie-hedge-fund-using-a-fake-zoom-invite/

Travelex driven into financial straits by ransomware attack:
https://www.scmagazine.com/home/security-news/travelex-driven-into-financial-straits-by-ransomware-attack/

A Hacker Is Threatening to Leak Patients' Therapy Notes:
https://www.wired.com/story/hacker-threaten-release-therapy-notes-patients/

Patients of Hacked US Surgical Company Hit with Ransom Demands:
https://www.infosecurity-magazine.com/news/patients-of-hacked-surgical/

 

In this episode, Javvad and Erich welcome Althe Denis, winner of the Social Engineering Capture the The Flag (SECTF) at DEFCON and one of the most motivated and awesome people we have met. 

They discuss her path to an infosec career, how she keeps things straight and advice for those interested in getting in to the infosec community from other careers. 

They also discuss some interesting news stories related to cyber attacks on homes, the OGUsers forum hack/ransom, Amazon delivery scams and the value of C-Level executive credentials and accounts. 

All this and more! Be sure to like and subscribe to catch the latest episode each week.

Alethe's Contact info:
Twitter - @AletheDenis
Website - Alethedenis.com

 

Links from the story:

Hackers attack homes on average 104 times a month, says new Comcast report
https://www.gearbrain.com/are-smart-home-devices-secure-2649035325.html

Stolen credentials forum OGUsers hacked again with user data stolen
https://siliconangle.com/2020/12/02/stolen-credentials-forum-ogusers-hacked-user-data-stolen/

Beware - that email about your Amazon delivery alert could be an online scam
https://www.techradar.com/news/that-amazon-delivery-alert-email-could-be-a-phishing-scam

A hacker is selling access to the email accounts of hundreds of C-level executives
https://www.zdnet.com/article/a-hacker-is-selling-access-to-the-email-accounts-of-hundreds-of-c-level-executives/

 

Alethe's book recommendations:

The Code of Trust
https://www.amazon.com/Code-Trust-American-Counterintelligence-Experts/dp/1250093465/

Swing Away
https://www.amazon.com/Swing-Away-Conquering-Impostor-Syndrome/dp/B086MKGHVG/

Operator Handbook
https://www.amazon.com/Operator-Handbook-Team-OSINT-Reference/dp/B085RR67H5/

Pentester Blueprint:
https://www.amazon.com/Pentester-BluePrint-Your-Guide-Being/dp/1119684307/

Hacking Multifactor Authentication
https://www.amazon.com/Hacking-Multifactor-Authentication-Roger-Grimes/dp/1119650798/

In this special Thanksgiving episode, Erich and Javvad talk about privacy issues related to both the government and in the private sector. Should your employer judge your performance on based on an Office 360 report? Should the government restrict singing in your own home? 

These questions and more will be answered in this episode.

Don't forget to like and subscribe!

Links from the show:

CDC Guidance:
https://www.cdc.gov/coronavirus/2019-ncov/global-covid-19/shielding-approach-humanitarian.html

California Guidance:
https://www.cdph.ca.gov/Programs/CID/DCDC/Pages/COVID-19/Guidance-for-the-Prevention-of-COVID-19-Transmission-for-Gatherings-November-2020.aspx

Amazon and Employees:
https://www.vice.com/en/article/5dp3yn/amazon-leaked-reports-expose-spying-warehouse-workers-labor-union-environmental-groups-social-movements

Wolfie Christl and O365:
https://twitter.com/WolfieChristl/status/1331221942850949121?s=20

In this show, Javvad and Erich welcome the incredibly entertaining guest, Mark Shawa. Mark discusses ways to improve security culture, why it's so important, and gives sugeestions for reading materials and people to follow in the industry. 

Erich and Javvad also discuss how stress is impacting employees, the spike in phishing as we get close to Black Friday and a really interesting and scary new attack using browser notifications.

Join us and subscribe for the latest in cybersecurity news delivered every week and check out the podcast version at https://thejerichshow.podbean.com/.

Links from the show:

Mark Shawa - https://markshawa.com/

Stressed Employees:
https://www.securitymagazine.com/articles/93921-stressed-employees-behind-4-in-10-data-breaches

Browser Notification Attacks:
https://krebsonsecurity.com/2020/11/be-very-sparing-in-allowing-site-notifications/

Phishing and Black Friday:
https://www.itpro.co.uk/security/357796/sharp-spike-in-phishing-attacks-in-the-weeks-ahead-of-black-friday

Books Mark Recommended:
Animal Farm - George Orwell: https://www.amazon.com/Animal-Farm-George-Orwell/dp/0451526341/

Start With Why - Simon Sinek: https://www.amazon.com/Start-Why-Leaders-Inspire-Everyone/dp/1591846447/

The Art of Deception - Kevin Mitnick: https://www.amazon.com/Art-Deception-Controlling-Element-Security/dp/076454280X/

The Subtle Art of Not Giving a F*ck - Mark Manson: https://www.amazon.com/Subtle-Art-Not-Giving-Counterintuitive/dp/0062457713/

Transformational Security Awareness - Perry Carpenter : https://www.amazon.com/Transformational-Security-Awareness-Neuroscientists-Storytellers/dp/1119566347/

Mark's Notable Thought Leaders :
Theo Baloyi - CEO of Bathu Shoes: https://www.linkedin.com/in/theo-baloyi-07b6891a3/

Sylvester Chauke - Founder of DNA Brand Architects: https://www.linkedin.com/in/sylvester-chauke-385a3216/

David and Madeline McQueen - Founder of Madeline McQueen & Founder of David McQueen: https://www.madelinemcqueen.com/ and https://www.davidmcqueen.co.uk/

Anna Collard - KnowBe4 SVP - Founder of Popcorn Training: https://www.linkedin.com/in/anna-collard-606817/

Lisa Ventura - Founder UK Cyber Security Association: https://lisaventura.co.uk/

 

After a week off after a traffic accident, Erich and Javvad discuss another data breach around a kids game and discuss the Microsoft advisory to move away from SMS Multi-Factor Authentication

Links from the show:

Hacking Multifactor Authentication:
https://amzn.to/2K2RMba

Hackers Steal 46 Million Records from Kids’ Game Developer:
https://www.infosecurity-magazine.com/news/hackers-steal-46-million-records/\

The Animal Jam data breach notification:
https://www.animaljam.com/en/2020databreach

The difference between two-factor and two-step authentication:
https://paul.reviews/the-difference-between-two-factor-and-two-step-authentication/

Microsoft urges users to stop using phone-based multi-factor authentication:
https://www.zdnet.com/article/microsoft-urges-users-to-stop-using-phone-based-multi-factor-authentication/

In this episode Javvad and Erich take a look at the new low that the Ryuk ransomware gang is sinking to, that is targeting hospitals and medical clinics. 

They also discuss the incredible amount of money being made in the ransomware game, with one group claiming to have made over $100 million. On the other side of that coin, a ransomware gang donated $10k to charity. Why? Who really knows? Maybe guilt, maybe a PR move, maybe just a way to get mentioned on the show. 

Finally, to wrap up their ransom demanding trend today, they discuss a group that breached a Finnish psychotherapy clinic and then blackmailed the patients.

All of this and more in this week's show.

Links from the show:
https://www.zdnet.com/article/ransomware-gang-donates-part-of-ransom-demands-to-charity-organizations/

https://krebsonsecurity.com/2020/10/fbi-dhs-hhs-warn-of-imminent-credible-ransomware-threat-against-u-s-hospitals/

https://www.bleepingcomputer.com/news/security/revil-ransomware-gang-claims-over-100-million-profit-in-a-year/

https://www.theregister.com/2020/10/26/finland_psychotherapy_clinic_ransom_attack/

In this episode Erich and Javvad discuss the threatening emails sent to some US voters that are registered Democrats, apparently from none other than Iran. Do they help a certain party or are they just designed to create division? 

In addition, there is a new 0-day vulnerability for Chrome that is being exploited in the wild. Javvad and Erich discuss the issues related to patching and when 0-days are important, and when they aren't.

All this, plus Javvad gets confused while trying to accomplish the simple task of announcing the podcast version of The Jerich Show and the new Twitter account. This is what happens when he mutes Erich.

 

Emailed Threats to Voters:
https://www.npr.org/2020/10/21/926445682/u-s-blames-iran-for-threatening-election-emails-says-russia-may-interfere-too

The Chrome 0-Day:
https://thehackernews.com/2020/10/chrome-zeroday-attacks.html

The new Jerich Show Podcast:
On Apple: https://podcasts.apple.com/us/podcast/the-jerich-show-podcast/id1536420750
On Podbean: https://thejerichshow.podbean.com/#

The Jerich Show Twitter handle:
@TheJerichShow

In this episode Javvad and Erich discuss pandemic burnout, the Barnes & Noble breach and the trouble with advertising and accidental outrage.

If you like this episode, subscribe for more weekly insights

In this episode, Erich and Javvad are joined by Thom Langford from (TL)2 Security, who somehow got us to refer to him as a sponsor. I think Javvad is taking bribes now.

The important and valuable parts of this episode are our chats about National CyberSecurity Awareness Month (NCSAM) and ways to make your programs work well and about MFA. Thom and Erich offer great advice while Javvad just nods his head.