The Jerich Show Podcast

In this show, Javvad and Erich welcome the incredibly entertaining guest, Mark Shawa. Mark discusses ways to improve security culture, why it's so important, and gives sugeestions for reading materials and people to follow in the industry. 

Erich and Javvad also discuss how stress is impacting employees, the spike in phishing as we get close to Black Friday and a really interesting and scary new attack using browser notifications.

Join us and subscribe for the latest in cybersecurity news delivered every week and check out the podcast version at https://thejerichshow.podbean.com/.

Links from the show:

Mark Shawa - https://markshawa.com/

Stressed Employees:
https://www.securitymagazine.com/articles/93921-stressed-employees-behind-4-in-10-data-breaches

Browser Notification Attacks:
https://krebsonsecurity.com/2020/11/be-very-sparing-in-allowing-site-notifications/

Phishing and Black Friday:
https://www.itpro.co.uk/security/357796/sharp-spike-in-phishing-attacks-in-the-weeks-ahead-of-black-friday

Books Mark Recommended:
Animal Farm - George Orwell: https://www.amazon.com/Animal-Farm-George-Orwell/dp/0451526341/

Start With Why - Simon Sinek: https://www.amazon.com/Start-Why-Leaders-Inspire-Everyone/dp/1591846447/

The Art of Deception - Kevin Mitnick: https://www.amazon.com/Art-Deception-Controlling-Element-Security/dp/076454280X/

The Subtle Art of Not Giving a F*ck - Mark Manson: https://www.amazon.com/Subtle-Art-Not-Giving-Counterintuitive/dp/0062457713/

Transformational Security Awareness - Perry Carpenter : https://www.amazon.com/Transformational-Security-Awareness-Neuroscientists-Storytellers/dp/1119566347/

Mark's Notable Thought Leaders :
Theo Baloyi - CEO of Bathu Shoes: https://www.linkedin.com/in/theo-baloyi-07b6891a3/

Sylvester Chauke - Founder of DNA Brand Architects: https://www.linkedin.com/in/sylvester-chauke-385a3216/

David and Madeline McQueen - Founder of Madeline McQueen & Founder of David McQueen: https://www.madelinemcqueen.com/ and https://www.davidmcqueen.co.uk/

Anna Collard - KnowBe4 SVP - Founder of Popcorn Training: https://www.linkedin.com/in/anna-collard-606817/

Lisa Ventura - Founder UK Cyber Security Association: https://lisaventura.co.uk/

After a week off after a traffic accident, Erich and Javvad discuss another data breach around a kids game and discuss the Microsoft advisory to move away from SMS Multi-Factor Authentication

Links from the show:

Hacking Multifactor Authentication:
https://amzn.to/2K2RMba

Hackers Steal 46 Million Records from Kids’ Game Developer:
https://www.infosecurity-magazine.com/news/hackers-steal-46-million-records/\

The Animal Jam data breach notification:
https://www.animaljam.com/en/2020databreach

The difference between two-factor and two-step authentication:
https://paul.reviews/the-difference-between-two-factor-and-two-step-authentication/

Microsoft urges users to stop using phone-based multi-factor authentication:
https://www.zdnet.com/article/microsoft-urges-users-to-stop-using-phone-based-multi-factor-authentication/

In this episode Javvad and Erich take a look at the new low that the Ryuk ransomware gang is sinking to, that is targeting hospitals and medical clinics. 

They also discuss the incredible amount of money being made in the ransomware game, with one group claiming to have made over $100 million. On the other side of that coin, a ransomware gang donated $10k to charity. Why? Who really knows? Maybe guilt, maybe a PR move, maybe just a way to get mentioned on the show. 

Finally, to wrap up their ransom demanding trend today, they discuss a group that breached a Finnish psychotherapy clinic and then blackmailed the patients.

All of this and more in this week's show.

Links from the show:
https://www.zdnet.com/article/ransomware-gang-donates-part-of-ransom-demands-to-charity-organizations/

https://krebsonsecurity.com/2020/10/fbi-dhs-hhs-warn-of-imminent-credible-ransomware-threat-against-u-s-hospitals/

https://www.bleepingcomputer.com/news/security/revil-ransomware-gang-claims-over-100-million-profit-in-a-year/

https://www.theregister.com/2020/10/26/finland_psychotherapy_clinic_ransom_attack/

In this episode Erich and Javvad discuss the threatening emails sent to some US voters that are registered Democrats, apparently from none other than Iran. Do they help a certain party or are they just designed to create division? 

In addition, there is a new 0-day vulnerability for Chrome that is being exploited in the wild. Javvad and Erich discuss the issues related to patching and when 0-days are important, and when they aren't.

All this, plus Javvad gets confused while trying to accomplish the simple task of announcing the podcast version of The Jerich Show and the new Twitter account. This is what happens when he mutes Erich.

Emailed Threats to Voters:
https://www.npr.org/2020/10/21/926445682/u-s-blames-iran-for-threatening-election-emails-says-russia-may-interfere-too

The Chrome 0-Day:
https://thehackernews.com/2020/10/chrome-zeroday-attacks.html

The new Jerich Show Podcast:
On Apple: https://podcasts.apple.com/us/podcast/the-jerich-show-podcast/id1536420750
On Podbean: https://thejerichshow.podbean.com/#

The Jerich Show Twitter handle:
@TheJerichShow

In this episode Javvad and Erich discuss pandemic burnout, the Barnes & Noble breach and the trouble with advertising and accidental outrage.

If you like this episode, subscribe for more weekly insights

In this episode, Erich and Javvad are joined by Thom Langford from (TL)2 Security, who somehow got us to refer to him as a sponsor. I think Javvad is taking bribes now.

The important and valuable parts of this episode are our chats about National CyberSecurity Awareness Month (NCSAM) and ways to make your programs work well and about MFA. Thom and Erich offer great advice while Javvad just nods his head.

In this episode our heroes discuss a simulated phishing attack that went a little too far and the dangers involved, plus they discuss how on unsuspecting person took out the internet in their village every morning at 7am... for a year and a half.

Stories:
Tribune Publishing apologizes for fake bonus offer in phishing-simulation email
https://blog.knowbe4.com/tribune-publishing-apologizes-for-fake-bonus-offer-in-phishing-simulation-email

Old TV caused village broadband outages for 18 months
https://www.bbc.com/news/uk-wales-54239180

On a side note, the Jerich Show is now auditioning for additional sponsors. We don't need a lot, perhaps a small personal jet and a modest facility on Miami Beach from which to record and live. If you know someone willing to provide these, let us know, otherwise you can help just by hitting Subscribe below

In this episode Erich and Javvad chat about the TikTok and Oracle merger/buyout/whatever thing that is happening, a case where ransomware kills and finally we discuss how people are being leveraged to help find endangered children or help hunt down child predators. 

Links from this episode:

Oracle and TikTok:
https://techcrunch.com/2020/09/13/oracle-wins-bid-to-buy-tiktok/

A Ransomware Attack Turns Deadly:
https://www.theverge.com/2020/9/17/21443851/death-ransomware-attack-hospital-germany-cybersecurity

Europol's Stop Child Abuse – Trace An Object:
https://www.europol.europa.eu/stopchildabuse

Innocent Lives Foundation:
https://www.innocentlivesfoundation.org/get-involved/

In this episode Javvad and Erich chat about some recent ransomware attacks that hit a school district here in the US and a power provider in Pakistan. We discuss the timing of the tactics being used by attackers and other somewhat interesting points.

This week Javvad and Erich were joined by Quentyn Taylor, where we discussed SIM swapping attacks and how Ring doorbells could ruin the suprise the police have planned for you. 

Check out Quentyn on Twitter at @QuentynBlog

Links to our stories: 
The SIM swapping attacks against phone carriers
https://www.vice.com/en_us/article/5dmbjx/how-hackers-are-breaking-into-att-tmobile-sprint-to-sim-swap-yeh

FBI worried that Ring doorbells are spying on police
https://www.bbc.com/news/technology-53985418

The Ring neighborhood app Erich mentioned
https://www.nytimes.com/wirecutter/blog/ring-neighbors-app-review/