Timely topics, poorly presented, this time via a podcast. In this podcast the cyber security professionals Javvad Malik and Erich Kron discuss timely tech topics in a casual and easy to understand format. the video version of this is available on YouTube
Episodes
Friday Feb 24, 2023
Friday Feb 24, 2023
In this episode, Erich and Javvad discuss the hack of NameCheap's email, which was used to send phishing emails, how Godaddy has been breached for years, accidental WhatsApp account takeovers and more.
Stories from the show:
NameCheap's email hacked to send Metamask, DHL phishing emails
https://www.bleepingcomputer.com/news/security/namecheaps-email-hacked-to-send-metamask-dhl-phishing-emails/
How a women’s ‘disdain for email guff’ stopped a Putin hack six years on
https://www.independent.co.uk/news/uk/home-news/russia-ukraine-email-putin-hack-b2280580.html
GoDaddy: Hackers stole source code, installed malware in multi-year breach
https://www.bleepingcomputer.com/news/security/godaddy-hackers-stole-source-code-installed-malware-in-multi-year-breach/
Accidental WhatsApp account takeovers? It's a thing
https://www.theregister.com/2023/02/21/accidental_whatsapp_account_takeover/
European Commission bans TikTok on staff devices
https://www.bbc.co.uk/news/technology-64743991
Friday Feb 10, 2023
Friday Feb 10, 2023
In this episode, Erich and Javvad discuss the weeks top cybersecurity issues and stories, including the Reddit hack, a top US cybersecurity diplomat's persona Twitter getting pwned, talk about a VMware 0-day and Weee! dealing witha not-so-fun breach.
All of this and more live on Linkedin, Facebook, Twitch and YouTube!
Don't forget to like and subscribe
Stories from the show:
The Top U.S. Cybersecurity Diplomat's Personal Twitter Account Was Hacked
https://www.forbes.com/sites/petersuciu/2023/02/06/the-top-us-cybersecurity-diplomats-personal-twitter-account-was-hacked/?sh=3918883d4d7e
VMware Finds No Evidence of 0-Day in Ongoing ESXiArgs Ransomware Spree
https://thehackernews.com/2023/02/vmware-finds-no-evidence-of-0-day-flaw.html
Weee! grocery service confirms data breach, 1.1 million affected
https://www.bleepingcomputer.com/news/security/weee-grocery-service-confirms-data-breach-11-million-affected/
Reddit: We had a security incident. Here’s what we know.
https://www.reddit.com/r/reddit/comments/10y427y/we_had_a_security_incident_heres_what_we_know/
Friday Feb 03, 2023
Friday Feb 03, 2023
In this episode, Erich and Javvad discuss fraud in the UK, the 'Pooping Perpertrator' gets flushed out, a new Russian wiper is spotted and much, much more!
Join us on LinkedIn to comment live!
Stories from the show:
Over £3.9 BILLION has been lost to fraud and cybercrimes in the last 13 months across the UK
https://ifamagazine.com/article/over-3-9-billion-has-been-lost-to-fraud-and-cybercrimes-in-the-last-13-months-across-the-uk/
Florida Authorities Arrest ‘The Pooping Perpetrator’ for Burglary After Suspect Jumped Naked into River and was Rescued by Police
https://lawandcrime.com/crime/florida-authorities-arrest-the-pooping-perpetrator-for-burglary-after-suspect-jumped-naked-into-river-and-was-rescued-by-police/?ICID=ref_fark
Hackers use new SwiftSlicer wiper to destroy Windows domains
https://www.bleepingcomputer.com/news/security/hackers-use-new-swiftslicer-wiper-to-destroy-windows-domains/
Insider attacks becoming more frequent, more difficult to detect
https://www.helpnetsecurity.com/2023/01/30/detect-insider-attacks/
Anker finally comes clean about its Eufy security cameras
https://www.theverge.com/23573362/anker-eufy-security-camera-answers-encryption
Friday Jan 27, 2023
Friday Jan 27, 2023
In this episode, Erich and Javvad discuss the Hive ransomware group takedown, some refund scams, RMM tool attacks and more.
Stories from the show:
DOJ disrupts major ransomware group
https://www.nbcnews.com/tech/security/doj-disrupts-major-ransomware-group-rcna67627
CISA says federal agencies attacked in refund scam through remote management software
https://therecord.media/cisa-says-federal-agencies-attacked-in-refund-scam-through-remote-management-software/
GoTo says hackers stole encrypted backups during November cyberattack
https://therecord.media/goto-says-hackers-stole-encrypted-backups-during-november-cyberattack/
Friday Jan 20, 2023
Friday Jan 20, 2023
In this episode we discuss the PayPal issue, Nissan's vendor leaking data an org that gets defaced after ignoring vulnerability warnings, and more!
Stories from the show:
Social Security Numbers Stolen in PayPal Cyberattack
https://www.cnet.com/tech/services-and-software/social-security-numbers-stolen-in-paypal-cyber-attack/
Nissan North America data breach caused by vendor-exposed database
https://www.bleepingcomputer.com/news/security/nissan-north-america-data-breach-caused-by-vendor-exposed-database/
ODIN Intelligence website is defaced as hackers claim breach
https://techcrunch.com/2023/01/15/odin-intelligence-website-defaced-sweepwizard/
MailChimp second breach in a year
https://www.theregister.com/2023/01/19/mailchimp_fesses_up_to_2nd/
Solaris taken over by kraken
https://www.bleepingcomputer.com/news/security/illegal-solaris-darknet-market-hijacked-by-competitor-kraken/
Friday Jan 13, 2023
Friday Jan 13, 2023
In this episode we welcome in the new year, chat about the future in 2023, recap Erich's trip to CES, talk about the big news of the last couple of weeks, and more.
Stories from the show:
'No Evidence' of Cyberattack Related to FAA Outage, White House Says
https://www.securityweek.com/no-evidence-cyberattack-related-faa-outage-white-house-says
Guardian Tells Workers Their Data Was Compromised in Ransomware Hack
https://www.bloomberg.com/news/articles/2023-01-11/guardian-tells-staff-their-data-was-accessed-in-ransomware-hack
Royal Mail ransomware attackers threaten to publish stolen data
https://www.theguardian.com/business/2023/jan/12/royal-mail-ransomware-attackers-threaten-to-publish-stolen-data
Caught on Camera: Group of thieves accidentally break into Alhambra diaper business
https://www.cbsnews.com/losangeles/news/caught-on-camera-group-of-thieves-accidentally-break-into-alhambra-diaper-business/
Don’t answer another online quiz question until you read this
https://consumer.ftc.gov/consumer-alerts/2023/01/dont-answer-another-online-quiz-question-until-you-read
Friday Dec 09, 2022
Friday Dec 09, 2022
In this episode, Javvad gives hjs report on BlackHat Europe and tells of his upcoming trip to BSides London, a story about scammers scamming each other out of millions of dollars, and an interesting andriod malware that parasites on legit apps. All this and more!
Friday Dec 02, 2022
Friday Dec 02, 2022
In this episode, Erich and Javvad discuss the jargon issue in #cybersecurity, the overwhelming issue of garbage email, the continued trend for crap passwords and more.
Stories from the show:
Cybersecurity jargon impacting communication between C-suite and specialists
https://www.information-age.com/cybersecurity-jargon-impacting-communication-between-c-suite-specialists-123500747/
Unwanted emails steadily creeping into inboxes
https://www.helpnetsecurity.com/2022/11/14/email-security-threats/
Mass Email Extortion Campaign Claims Server Hack
https://www.infosecurity-magazine.com/news/mass-email-extortion-claims-server/
Guess the most common password. Hint: We just told you
https://www.theregister.com/2022/11/25/infosec_roundup/
Friday Nov 04, 2022
Friday Nov 04, 2022
In This episode, Erich and Javvad discuss the hack of Liz Truss' phone, the offering of $4M worth of initial network access, the FTC crack down on a repeat offender and more!
Stories from the show
Hackers selling access to 576 corporate networks for $4 million
FTC Cracks Down on Homework App Provider Chegg for 4 Past Data Breaches
https://www.pcmag.com/news/ftc-cracks-down-on-homework-app-provider-chegg-for-4-past-data-breaches
Liz Truss' phone was 'clearly hacked', says minister
https://news.stv.tv/world/liz-truss-phone-was-clearly-hacked-says-minister
People are pretending to be laid-off Twitter employees carrying boxes outside of HQ
https://www.theverge.com/2022/10/28/23428775/twitter-fake-employee-layoff-rahul-ligma-elon-musk
Friday Oct 28, 2022
Friday Oct 28, 2022
In this episode, Erich and Javvad discuss the cybersecurity stories of the week, including some significant convictions, bots and LinkedIn battle, CVE PoCs used to spread malware and much more!
Stories from the show:
EFCC touts 1,968 cybercrime-related convictions secured in nine months
https://punchng.com/2669-convictions-secured-in-nine-months-efcc/
Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn
https://krebsonsecurity.com/2022/10/battle-with-bots-prompts-mass-purge-of-amazon-apple-employee-accounts-on-linkedin/
Security experts targeted with malicious CVE PoC exploits on GitHub
https://securityaffairs.co/wordpress/137527/hacking/malicious-github-repositories.html
Google bans 16 popular Android apps! Millions warned to delete them now
https://www.express.co.uk/life-style/science-technology/1687205/Android-warning-delete-Google-Play-Store-apps-now
See Tickets discloses 2.5 years-long credit card theft breach
https://www.bleepingcomputer.com/news/security/see-tickets-discloses-25-years-long-credit-card-theft-breach/
Feds say Ukrainian man running malware service amassed 50M unique credentials
https://arstechnica.com/information-technology/2022/10/feds-say-ukrainian-man-running-malware-service-amassed-50m-unique-credentials/