Timely topics, poorly presented, this time via a podcast. In this podcast the cyber security professionals Javvad Malik and Erich Kron discuss timely tech topics in a casual and easy to understand format. the video version of this is available on YouTube
Episodes
Friday Jul 21, 2023
Friday Jul 21, 2023
Today morning Erich and Javvad recount their experiences with the famed hacker and colleague Kevin Mitnick, chat about a Ukrainian takedown netting 150k SIM cards, concernes over the Frenchies plan to use AI to surveil the Paris olympics, Microsoft deciding that allowing access to security logs, without a fee, is good, and much more from the world of #cybersecurity.
Stories from the show:
Kevin Mitnick passed away at 59
https://www.dignitymemorial.com/obituaries/las-vegas-nv/kevin-mitnick-11371668
French Assembly passes bill allowing police to remotely activate phone cameras and microphones for surveillance
https://www.engadget.com/french-assembly-passes-bill-allowing-police-to-remotely-activate-phone-cameras-and-microphones-for-surveillance-210539401.html
Paris 2024 Olympics: Concern over French plan for AI surveillance
https://www.bbc.co.uk/news/world-europe-66122743
Under CISA pressure, err collaboration, Microsoft makes cloud security logs available for free
https://www.theregister.com/2023/07/20/under_cisa_spressures_collaboration_microsoft/
Ukraine takes down massive bot farm, seizes 150,000 SIM cards
https://www.bleepingcomputer.com/news/security/ukraine-takes-down-massive-bot-farm-seizes-150-000-sim-cards/
Friday Jul 14, 2023
Friday Jul 14, 2023
In this episode Erich and Javvad talk about the US government email hack, an ethical hacker gone rogue, Ruskies tempting diplomats with a cheap car, and more #cybersecurity stories from this week.
Stories from the show:
Fewer Than 100 Scammers Responsible For Global Email Extortion
https://www.infosecurity-magazine.com/news/fewer-100-scammers-global-email/
Chinese Hackers Gained Access To Some U.S. Government Emails, Microsoft Says
https://www.forbes.com/sites/siladityaray/2023/07/12/chinese-hackers-gained-access-to-some-us-government-emails-microsoft-says/?sh=5f49e30c2a37
Russian hackers lured diplomats in Ukraine with cheap BMW ad
https://www.reuters.com/world/europe/russian-hackers-lured-embassy-workers-ukraine-with-an-ad-cheap-bmw-2023-07-12/
Cybersecurity professional accused of stealing $9M in crypto
https://techcrunch.com/2023/07/11/cybersecurity-professional-charged-for-stealing-9-million-in-crypto/?guccounter=1
Number of email-based phishing attacks surges 464%
https://www.helpnetsecurity.com/2023/07/10/evolving-cyberattack-landscape/
Indian developer fired 90 percent of tech support team, outsourced the job to AI
https://www.theregister.com/2023/07/13/dukaan_ai_support_replacement/
Friday Jun 30, 2023
Friday Jun 30, 2023
In this episode Erich and Javvad discuss the issues with the Anatsa malware being spread on the Google Play store, the issue Siemens Energy has with MOVEit and pilot data being lost in a breach. This and much more!
Stories from the show:
‘Anatsa’ malware targets banking users in US, UK and Central Europe
https://siliconangle.com/2023/06/27/anatsa-malware-targets-banking-users-us-uk-central-europe/
Siemens Energy confirms data breach after MOVEit data-theftattack
https://www.bleepingcomputer.com/news/security/siemens-energy-confirms-data-breach-after-moveit-data-theft-attack/
Pilot data of American Airlines and Southwest stolen in data breach
https://www.csoonline.com/article/643352/pilot-data-of-american-airlines-and-southwest-stolen-in-data-breach.html
Friday Jun 23, 2023
Friday Jun 23, 2023
In this episode we discuss the new Apple 0-day, the Lousiana MVD losing info on millions of licensed drivers in the state, and more #cybersecurity stories!
Stories from the show:
Zero-Day Alert: Apple Releases Patches for Actively Exploited Flaws in iOS, macOS, and Safari
https://thehackernews.com/2023/06/zero-day-alert-apple-releases-patches.html
Every Louisiana driver’s license holder exposed in colossal cyber-attack
https://www.theguardian.com/us-news/2023/jun/16/louisiana-drivers-license-hack-cyber-attack
FTC accuses DNA testing company of lying about dumping samples
https://www.theregister.com/2023/06/21/dna_testing_company_ftc_complaint/
US Offers $10m Reward For MOVEit Attackers
https://www.infosecurity-magazine.com/news/us-offers-10m-reward-for-moveit/
Friday Jun 02, 2023
Friday Jun 02, 2023
In this episode, Erich and Javvad cover the top #cybersecurity stories of the week including the settlment over Ring and Alexa, and Andriod app that started spying, a dark web data link with RaidForums member info, and much more!
Stories from the show:
Amazon Ring, Alexa accused of every nightmare IoT security fail you can imagine
https://www.theregister.com/2023/06/01/ftc_alexa_ring_amazon_settlement/
Most CEOs now see cybersecurity as more important than economic performance
Check your phone: Popular Android app reportedly started spying on users, making recordings
Dark Web Data Leak Exposes RaidForums Members
https://www.infosecurity-magazine.com/news/data-leak-exposes-raidforums/
Government publishes guidelines on cybersecurity
https://www.rte.ie/news/business/2023/0601/1386968-government-publishes-guidelines-on-cybersecurity/
Friday May 26, 2023
Friday May 26, 2023
In this episode, Erich and Javvad talk about Dish breach, an IT worker that piggybacked on a hackers extortion attempt, Googles new .zip and .mov domains, Met's huge $1.3B fine, and much more #cybersecurity news!
Stories from the show:
Dish confirms 300,000 peoples data was exposed in February’s attack
https://www.theregister.com/2023/05/23/dish_networks/
IT Worker Admits Piggybacking on Hacker's Extortion Attempt
https://www.inforisktoday.com/worker-admits-piggybacking-on-hackers-extortion-attempt-a-22142
18-year-old charged with hacking 60,000 DraftKings betting accounts
https://www.bleepingcomputer.com/news/security/18-year-old-charged-with-hacking-60-000-draftkings-betting-accounts/
Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool
https://www.darkreading.com/endpoint/google-zip-mov-domains-social-engineers-shiny-new-tool
Meta Hit With $1.3B Record-Breaking Fine for GDPR Violations
https://www.darkreading.com/endpoint/meta-hit-1-3b-record-breaking-fine-gdpr-violations
Friday May 19, 2023
Friday May 19, 2023
In this episode Erich and Javvad discuss the weekly stories in #cybersecurity, including the Tik Tok ban in Montana, insured organizations are more likely to be ransomware victims, OpenAI CEO calls for slowing and more!
Stories from the show:
TikTok: Montana to become first US state to ban app on personal devices
https://www.bbc.com/news/business-65630201
Insured companies more likely to be ransomware victims, sometimes more than once
UK Pension Scheme: Members Should Assume Capita Data Theft
https://www.infosecurity-magazine.com/news/pension-scheme-members-capita-data/
Sam Altman: CEO of OpenAI calls for US to regulate artificial intelligence
https://www.bbc.com/news/world-us-canada-65616866
Upstart encryption app walks back privacy claims, pulls from stores after probe
Friday May 12, 2023
Friday May 12, 2023
In this episode, Javvad and Erich recover from a crazy April and early May, but are back live to chat about some top cyber stories.
Stories from the show:
Deconstructing a Cybersecurity Event
https://www.dragos.com/blog/deconstructing-a-cybersecurity-event/
European Parliament points to Morocco as ‘possibly’ responsible for Pegasus spying
https://thediplomatinspain.com/en/2023/05/european-parliament-points-to-morocco-as-possibly-responsible-for-pegasus-spying/
India to send official whassup to WhatsApp after massive spamstorm
https://www.theregister.com/2023/05/12/india_whatsapp_spam_privacy_demands/
HP Firmware update blocks 3rd party ink
https://twitter.com/dcuthbert/status/1656926678096986112?s=20
NCSC and ICO Dispel Incident Reporting Myths
https://www.infosecurity-magazine.com/news/ncsc-ico-dispel-incident-reporting/
Bad Bots Now Account For 30% of All Internet Traffic
https://www.infosecurity-magazine.com/news/bad-bots-now-comprise-30-of-all/
Ransomware payments nearly double in one year
https://www.theguardian.com/technology/2023/may/10/ransomware-payments-nearly-double-in-one-year
Millions of mobile phones come pre-infected with malware, say researchers
https://www.theregister.com/2023/05/11/bh_asia_mobile_phones/
Friday Apr 14, 2023
Friday Apr 14, 2023
In this episode, Erich and Javvad talk about the Ruskies hacking Ukrainian coffe shop cameras, FTX's 'cybersecurity' (quotes are on purpose), Latitude Financial's decision not to pay and the FUD around juice jacking. All of this and more #cybersecurity news and information.
Stories from the show:
Russian hackers ‘target security cameras inside Ukraine coffee shops’
https://www.theguardian.com/world/2023/apr/11/russian-hackers-target-security-cameras-inside-ukraine-coffee-shops
PSA: Public Phone Charging Ports Are Malware Magnets
https://www.pcmag.com/news/psa-public-phone-charging-ports-are-malware-magnets
FTX's Cybersecurity Was Hilariously Bad
https://gizmodo.com/ftx-sam-bankman-fried-cybersecurity-hacking-crypto-1850321150
Latitude Financial Refuses to Pay Ransom
https://www.infosecurity-magazine.com/news/latitude-financial-refuses-to-pay/
Friday Apr 07, 2023
Friday Apr 07, 2023
In thie episode, Erich and Javvad chat about the latest news in #cybersecurity, including another data breach thanks to Uber, IT folks being pressured into silence, UK drops the ball on crime records, and Telegram is replacing (or augmenting) marketplaces. All of this and more #infosec news!
Don't forget to like and subscribe
Stories from the show:
IT and security pros pressured to keep quiet about data breaches
https://www.helpnetsecurity.com/2023/04/06/pressure-keeping-breaches-confidential/
Uber suffers another data breach after law firm’s servers attacked
https://www.siliconrepublic.com/enterprise/uuber-data-breach-driver-info-stolen-law-firm-genova-burns
Travel visa delays after UK’s crime records office hit by cyber ‘incident’
https://www.standard.co.uk/news/uk/travel-visa-delays-nz-australia-us-acro-cybersecurity-police-certificates-data-breach-b1072351.html
Telegram now the go-to place for selling phishing tools and services
https://www.bleepingcomputer.com/news/security/telegram-now-the-go-to-place-for-selling-phishing-tools-and-services/
Takedown of notorious hacker marketplace selling your identity to criminals
https://www.europol.europa.eu/media-press/newsroom/news/takedown-of-notorious-hacker-marketplace-selling-your-identity-to-criminals