Episodes
Friday Oct 07, 2022
Human trafficking in cybercrime, social media identity theft and more
Friday Oct 07, 2022
Friday Oct 07, 2022
In this episode, Erich and Javvad talking about human trafficking related to cybercrime operations, social media account takeovers and more!
Stories from the show:
Guilty verdict in the Uber breach case makes personal liability real for CISOs
https://www.csoonline.com/article/3676148/guilty-verdict-in-the-uber-breach-case-makes-personal-liability-real-for-cisos.html
Jury Finds Former Uber CSO Joe Sullivan Guilty of Cover-Up
https://www.govinfosecurity.com/jury-finds-former-uber-cso-joe-sullivan-guilty-cover-up-a-20187
Twitter post by Whitney Merrill - @wbm312
https://twitter.com/wbm312/status/1577827226196013056
SUPERSEDING INDICTMENT
https://dd80b675424c132b90b3-e48385e382d2e5d17821a5e1d8e4c86b.ssl.cf1.rackcdn.com/external/sullivansupersedingindictment-dec222021.pdf
Twitter whistleblower tells Senate of ‘egregious’ security failings by company
https://www.theguardian.com/technology/2022/sep/13/twitter-whistleblower-testimony-congress-peiter-zatko
Hundreds of Indians Reportedly Trafficked to Myanmar by Cybercrime Operations
https://www.irrawaddy.com/news/burma/hundreds-of-indians-reportedly-trafficked-to-myanmar-by-cybercrime-operations.html/amp
Police arrest teen for using leaked Optus data to extort victims
https://www.bleepingcomputer.com/news/security/police-arrest-teen-for-using-leaked-optus-data-to-extort-victims/
An identity scam that has grown in the past 12 months by more than 1,000% - social media account takeover
https://www.idtheftcenter.org/wp-content/uploads/2022/09/2022-Consumer-Impact-Report_V3.4_Final_Linked.pdf
Friday Sep 16, 2022
An Uber incident, WeTransfer used to spread malware and much more!
Friday Sep 16, 2022
Friday Sep 16, 2022
In this episode, Erich and Javvad speak about the Uber breach, using WeTransfer to spread malware, UK folks fear that their kids will turn to cybercrime due to the rising cost-of-living, and more.
Stories from the show:
Uber investigating 'cybersecurity incident' after report of breach
https://www.reuters.com/business/autos-transportation/uber-investigating-computer-network-breach-nyt-2022-09-16/
Cybercrime Fears for Children as Cost-of-Living Bites
https://www.infosecurity-magazine.com/news/cybercrime-fears-children/
Hackers are using WeTransfer links to spread malware
https://www.msn.com/en-us/news/technology/hackers-are-using-wetransfer-links-to-spread-malware/ar-AA11MEiM
Hackers now use ‘sock puppets’ for more realistic phishing attacks
https://www.bleepingcomputer.com/news/security/hackers-now-use-sock-puppets-for-more-realistic-phishing-attacks/
Hong Kong consumers want right to choose when firms use AI
https://www.zdnet.com/article/hong-kong-consumers-want-right-to-choose-when-firms-use-ai/
Friday Sep 09, 2022
Log4j Still a Problem, Credential Stuffing Yeilds 200k Accounts and more!
Friday Sep 09, 2022
Friday Sep 09, 2022
This week, Javvad and Erich discuss the campaign the Lazarus group is using against US energy companies, surveillance camera access for sale, and how credential stuffing compromised almost 200k accounts at North Face. All this and more!
Stories from the show:
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
https://threatpost.com/cybercriminals-are-selling-access-to-chinese-surveillance-cameras/180478/
200,000 North Face accounts hacked in credential stuffing attack
https://www.bleepingcomputer.com/news/security/200-000-north-face-accounts-hacked-in-credential-stuffing-attack/
North Korea’s Lazarus hackers are exploiting Log4j flaw to hack US energy companies
https://techcrunch.com/2022/09/08/north-korea-lazarus-united-states-energy/
How the ‘man in black’ was exposed by the Russian women he terrorised
https://www.bbc.com/news/world-europe-62799246
Friday Sep 02, 2022
Stealthy Coinminers, Ransomware Victims List Over Doubles and More!
Friday Sep 02, 2022
Friday Sep 02, 2022
In this episode, Javvad and Erich discussa crafty coinminer malware that lays dormant for a while, Okta credential thefts, a huge increase in potential victims of a ransomware attack, and a possible device that allows bad actors to simulate swipes and taps on phones from under a table.
All this and more!
Accepted the Risk Video:
https://www.youtube.com/watch?v=9IG3zqvUqJY
Stories from the show:
Twilio Hackers Scarf 10K Okta Credentials in Sprawling Supply-Chain Attack
https://www.darkreading.com/remote-workforce/twilio-hackers-okta-credentials-sprawling-supply-chain-attack
Windows malware delays coinminer install by a month to evade detection
https://www.bleepingcomputer.com/news/security/windows-malware-delays-coinminer-install-by-a-month-to-evade-detection/
Individuals affected by vendor ransomware attack reaches 2.7M
https://www.beckershospitalreview.com/cybersecurity/vendor-ransomware-attack-affects-2-7m-healthcare-organizations.html
Hacking device can secretly swipe and tap your smartphone screen
https://www.newscientist.com/article/2335970-hacking-device-can-secretly-swipe-and-tap-your-smartphone-screen/
Friday Aug 26, 2022
On the Road, Twitter is a Mess, French Hospital Down, and More
Friday Aug 26, 2022
Friday Aug 26, 2022
In this episode, Erich is on the road in Dallas for the Podcast Movement conference, but him and Javvad still take the time out to discuss some major stories on cybersecurity this week.
Stories from the show:
LastPass developer systems hacked to steal source code
https://www.bleepingcomputer.com/news/security/lastpass-developer-systems-hacked-to-steal-source-code/
Twitter whistleblower alleges ‘egregious deficiencies’ in security measures
https://www.theguardian.com/technology/2022/aug/23/twitter-whistleblower-peiter-zatko-mudge-security
Cyber attackers disrupt services at French hospital, demand $10 million ransom
https://www.france24.com/en/europe/20220823-cyber-attackers-disrupt-services-at-french-hospital-demand-10-million-ransom
Researchers Find Counterfeit Phones with Backdoor to Hack WhatsApp Accounts
https://thehackernews.com/2022/08/researchers-find-counterfeit-phones.html
Friday Aug 12, 2022
Cisco Hacked, and Black Hat 2022 Wrap Up
Friday Aug 12, 2022
Friday Aug 12, 2022
In this episode, Javvad and Erich talk about the Cisco hack and wrap up the 2022 Black Hat experience.
Stories from the show:
Las Vegas slammed with more flash floods as iconic strip, casinos under water again
https://nypost.com/2022/08/12/las-vegas-slammed-with-more-flash-floods-as-iconic-strip-casinos-under-water-again/
Smishing Attack Led to Major Twilio Breach
https://www.infosecurity-magazine.com/news/smishing-attack-led-to-major/
Cloudflare: Someone tried to pull the Twilio phishing tactic on us too
https://www.theregister.com/2022/08/10/cloudflare_twilio_phishing/
Cisco Talos shares insights related to recent cyber attack on Cisco
https://blog.talosintelligence.com/2022/08/recent-cyber-attack.html
Friday Aug 05, 2022
Friday Aug 05, 2022
Erich and Javvad discuss a crypto currency theft of around $190mil, FEMA warns about patching emergency alerts systems and macros have become a top way to spread ransomware, plus more stories of the week.
Join us live and chat with us on LinkedIn
Stories from the show:
Hack of US cryptocurrency firm Nomad leads to $190 million loss in bridge attack
https://www.scmagazine.com/analysis/breach/hack-of-us-cryptocurrency-firm-nomad-leads-to-190-million-loss-in-bridge-attack
87% of the ransomware found on the dark web has been delivered via malicious macros
https://www.helpnetsecurity.com/2022/08/03/ransomware-malicious-macros/
FEMA warns emergency alert systems could be hacked to transmit fake messages unless software is updated
https://www.cnn.com/2022/08/03/politics/fema-emergency-alert-software-warning/index.html
Ex-T-Mobile US store owner phished staff, raked in $25m from unlocking phones
https://www.theregister.com/2022/08/03/tmobile_unlock_prison_phone/
Friday Jul 29, 2022
What is your data worth, cyber attacks on shipping and much more!
Friday Jul 29, 2022
Friday Jul 29, 2022
In this episode Erich and Javvad discuss cyber attacks on the Port of Los Angeles, the value T-Mobile places on your data and much more!
T-Mobile Pitches $4-Per-Customer Settlement for Data Leak Impacting 80M People
https://www.darkreading.com/application-security/t-mobile-pitches-4-per-customer-settlement-for-data-leak
Cyber-attacks on Port of Los Angeles have doubled since pandemic
https://www.bbc.com/news/business-62260272
Friday Jul 15, 2022
Fake Cisco gear, Microsoft warns about MFA resistant phish, and more!
Friday Jul 15, 2022
Friday Jul 15, 2022
In this episode, Javvad and Erich discuss a Florida man charged with selling fake Cisco gear, a phish designed to get around MFA, ransomware gangs allow searching of dumped data and Google updates their password manager.
Stories from the show:
Florida man charged with selling fake Cisco equipment in $1 billion scheme
https://www.reuters.com/world/us/florida-man-charged-with-selling-fake-cisco-equipment-1-bln-scheme-2022-07-08/
This big phish can swim around MFA, says Microsoft Security
https://www.theregister.com/2022/07/13/aitm-phishing-microsoft/
Ransomware gang now lets you search their stolen data
https://www.bleepingcomputer.com/news/security/ransomware-gang-now-lets-you-search-their-stolen-data/
Google Updates Password Manager With New Security, Management Tools
https://uk.pcmag.com/password-managers/141268/google-updates-password-manager-with-new-security-management-tools
India: How a fake 'IPL' cricket league ran for Russian punters
https://www.bbc.com/news/world-asia-india-62123966
Friday Jul 08, 2022
Carnival gets a $5mil fine, Microsoft changes mind on macros, and more!
Friday Jul 08, 2022
Friday Jul 08, 2022
In this episode, Erich and Javvad talk about fake copyright infringement emails, Carnival cruise line is fined $5 for not having MFA, A Dutch univeristy makes money off a paid ransom, unemployment payments taken offline by ransomware and more.
Stories from the show:
Fake copyright infringement emails install LockBit ransomware
https://www.bleepingcomputer.com/news/security/fake-copyright-infringement-emails-install-lockbit-ransomware/
Cruise line operator Carnival hit with $5m fine for failing to implement multi-factor authentication and failing to conduct cyber security training for its staff.
https://www.itpro.co.uk/security/cyber-security/368362/carnival-hit-with-5-million-fine-over-cyber-security-violations
Dutch University retrieves Bitcoin ransomware payment and makes a profit
https://www.theregister.com/2022/07/05/maastricht_university_ransom_return/
Cyberattack shuts down unemployment, labor websites across the US
https://www.theregister.com/2022/07/01/gsi-cyberattack-state-unemployment/
Supermarket chain Wegmans settles with New York over data breach
https://www.reuters.com/business/retail-consumer/supermarket-chain-wegmans-settles-with-new-york-over-data-breach-2022-06-30/
Google Updates Password Manager With New Security, Management Tools
https://uk.pcmag.com/password-managers/141268/google-updates-password-manager-with-new-security-management-tools
Microsoft rolls back decision to block Office macros by default
https://www.bleepingcomputer.com/news/microsoft/microsoft-rolls-back-decision-to-block-office-macros-by-default/