Timely topics, poorly presented, this time via a podcast. In this podcast the cyber security professionals Javvad Malik and Erich Kron discuss timely tech topics in a casual and easy to understand format. the video version of this is available on YouTube
Episodes
Friday Dec 09, 2022
Friday Dec 09, 2022
In this episode, Javvad gives hjs report on BlackHat Europe and tells of his upcoming trip to BSides London, a story about scammers scamming each other out of millions of dollars, and an interesting andriod malware that parasites on legit apps. All this and more!
Friday Dec 02, 2022
Friday Dec 02, 2022
In this episode, Erich and Javvad discuss the jargon issue in #cybersecurity, the overwhelming issue of garbage email, the continued trend for crap passwords and more.
Stories from the show:
Cybersecurity jargon impacting communication between C-suite and specialists
https://www.information-age.com/cybersecurity-jargon-impacting-communication-between-c-suite-specialists-123500747/
Unwanted emails steadily creeping into inboxes
https://www.helpnetsecurity.com/2022/11/14/email-security-threats/
Mass Email Extortion Campaign Claims Server Hack
https://www.infosecurity-magazine.com/news/mass-email-extortion-claims-server/
Guess the most common password. Hint: We just told you
https://www.theregister.com/2022/11/25/infosec_roundup/
Friday Nov 04, 2022
Friday Nov 04, 2022
In This episode, Erich and Javvad discuss the hack of Liz Truss' phone, the offering of $4M worth of initial network access, the FTC crack down on a repeat offender and more!
Stories from the show
Hackers selling access to 576 corporate networks for $4 million
FTC Cracks Down on Homework App Provider Chegg for 4 Past Data Breaches
https://www.pcmag.com/news/ftc-cracks-down-on-homework-app-provider-chegg-for-4-past-data-breaches
Liz Truss' phone was 'clearly hacked', says minister
https://news.stv.tv/world/liz-truss-phone-was-clearly-hacked-says-minister
People are pretending to be laid-off Twitter employees carrying boxes outside of HQ
https://www.theverge.com/2022/10/28/23428775/twitter-fake-employee-layoff-rahul-ligma-elon-musk
Friday Oct 28, 2022
Friday Oct 28, 2022
In this episode, Erich and Javvad discuss the cybersecurity stories of the week, including some significant convictions, bots and LinkedIn battle, CVE PoCs used to spread malware and much more!
Stories from the show:
EFCC touts 1,968 cybercrime-related convictions secured in nine months
https://punchng.com/2669-convictions-secured-in-nine-months-efcc/
Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn
https://krebsonsecurity.com/2022/10/battle-with-bots-prompts-mass-purge-of-amazon-apple-employee-accounts-on-linkedin/
Security experts targeted with malicious CVE PoC exploits on GitHub
https://securityaffairs.co/wordpress/137527/hacking/malicious-github-repositories.html
Google bans 16 popular Android apps! Millions warned to delete them now
https://www.express.co.uk/life-style/science-technology/1687205/Android-warning-delete-Google-Play-Store-apps-now
See Tickets discloses 2.5 years-long credit card theft breach
https://www.bleepingcomputer.com/news/security/see-tickets-discloses-25-years-long-credit-card-theft-breach/
Feds say Ukrainian man running malware service amassed 50M unique credentials
https://arstechnica.com/information-technology/2022/10/feds-say-ukrainian-man-running-malware-service-amassed-50m-unique-credentials/
Friday Oct 21, 2022
Friday Oct 21, 2022
In this episode, Erich and Javvad talk about a woman who was scammed by an 'astronaut' that needed money to get home from the space station, the failure of Microsoft to secure their own product, Chinese police stations around the world, how the Dutch scammed a ransomware gang into giving up decryption keys, and more!
Stories from the show:
An Imposter Claiming to Be an Astronaut Wooed a Japanese Woman Into Paying for a 'Return Ticket to Earth'
https://gizmodo.com/astronaut-iss-instagram-1849638814
Microsoft data breach exposes customers’ contact info, emails
https://www.bleepingcomputer.com/news/security/microsoft-data-breach-exposes-customers-contact-info-emails/
China opens police stations in Nigeria, clamps down on alleged Chinese fraudsters
https://gazettengr.com/china-opens-police-stations-in-nigeria-clamps-down-on-alleged-chinese-fraudsters/
Police tricked a ransomware gang into handing over its decryption keys. Here's how they did it
https://www.zdnet.com/article/police-tricked-a-ransomware-gang-into-handing-over-its-decryption-keys-heres-how-they-did-it/
Friday Oct 14, 2022
Friday Oct 14, 2022
In this episode Javvad and Erich discuss a number of issues with Android phones, including an unofficial WhatsApp app stealing user accounts, how the Always-on VPN is leaking traffic and more.
Stories from the show:
Unofficial WhatsApp Android app caught stealing users’ accounts
https://www.bleepingcomputer.com/news/security/unofficial-whatsapp-android-app-caught-stealing-users-accounts/
Facebook Login Details at Risk as Meta Identifies Over 400 Malicious Apps
https://www.infosecurity-magazine.com/news/facebook-login-details-at-risk/
Android leaks some traffic even when 'Always-on VPN' is enabled
https://www.bleepingcomputer.com/news/google/android-leaks-some-traffic-even-when-always-on-vpn-is-enabled/
Lloyd's of London cuts off network after dodgy activity detected
https://www.theregister.com/2022/10/07/lloyds_london_security_incident/
Friday Oct 07, 2022
Friday Oct 07, 2022
In this episode, Erich and Javvad talking about human trafficking related to cybercrime operations, social media account takeovers and more!
Stories from the show:
Guilty verdict in the Uber breach case makes personal liability real for CISOs
https://www.csoonline.com/article/3676148/guilty-verdict-in-the-uber-breach-case-makes-personal-liability-real-for-cisos.html
Jury Finds Former Uber CSO Joe Sullivan Guilty of Cover-Up
https://www.govinfosecurity.com/jury-finds-former-uber-cso-joe-sullivan-guilty-cover-up-a-20187
Twitter post by Whitney Merrill - @wbm312
https://twitter.com/wbm312/status/1577827226196013056
SUPERSEDING INDICTMENT
https://dd80b675424c132b90b3-e48385e382d2e5d17821a5e1d8e4c86b.ssl.cf1.rackcdn.com/external/sullivansupersedingindictment-dec222021.pdf
Twitter whistleblower tells Senate of ‘egregious’ security failings by company
https://www.theguardian.com/technology/2022/sep/13/twitter-whistleblower-testimony-congress-peiter-zatko
Hundreds of Indians Reportedly Trafficked to Myanmar by Cybercrime Operations
https://www.irrawaddy.com/news/burma/hundreds-of-indians-reportedly-trafficked-to-myanmar-by-cybercrime-operations.html/amp
Police arrest teen for using leaked Optus data to extort victims
https://www.bleepingcomputer.com/news/security/police-arrest-teen-for-using-leaked-optus-data-to-extort-victims/
An identity scam that has grown in the past 12 months by more than 1,000% - social media account takeover
https://www.idtheftcenter.org/wp-content/uploads/2022/09/2022-Consumer-Impact-Report_V3.4_Final_Linked.pdf
Friday Sep 16, 2022
Friday Sep 16, 2022
In this episode, Erich and Javvad speak about the Uber breach, using WeTransfer to spread malware, UK folks fear that their kids will turn to cybercrime due to the rising cost-of-living, and more.
Stories from the show:
Uber investigating 'cybersecurity incident' after report of breach
https://www.reuters.com/business/autos-transportation/uber-investigating-computer-network-breach-nyt-2022-09-16/
Cybercrime Fears for Children as Cost-of-Living Bites
https://www.infosecurity-magazine.com/news/cybercrime-fears-children/
Hackers are using WeTransfer links to spread malware
https://www.msn.com/en-us/news/technology/hackers-are-using-wetransfer-links-to-spread-malware/ar-AA11MEiM
Hackers now use ‘sock puppets’ for more realistic phishing attacks
https://www.bleepingcomputer.com/news/security/hackers-now-use-sock-puppets-for-more-realistic-phishing-attacks/
Hong Kong consumers want right to choose when firms use AI
https://www.zdnet.com/article/hong-kong-consumers-want-right-to-choose-when-firms-use-ai/
Friday Sep 09, 2022
Friday Sep 09, 2022
This week, Javvad and Erich discuss the campaign the Lazarus group is using against US energy companies, surveillance camera access for sale, and how credential stuffing compromised almost 200k accounts at North Face. All this and more!
Stories from the show:
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
https://threatpost.com/cybercriminals-are-selling-access-to-chinese-surveillance-cameras/180478/
200,000 North Face accounts hacked in credential stuffing attack
https://www.bleepingcomputer.com/news/security/200-000-north-face-accounts-hacked-in-credential-stuffing-attack/
North Korea’s Lazarus hackers are exploiting Log4j flaw to hack US energy companies
https://techcrunch.com/2022/09/08/north-korea-lazarus-united-states-energy/
How the ‘man in black’ was exposed by the Russian women he terrorised
https://www.bbc.com/news/world-europe-62799246
Friday Sep 02, 2022
Friday Sep 02, 2022
In this episode, Javvad and Erich discussa crafty coinminer malware that lays dormant for a while, Okta credential thefts, a huge increase in potential victims of a ransomware attack, and a possible device that allows bad actors to simulate swipes and taps on phones from under a table.
All this and more!
Accepted the Risk Video:
https://www.youtube.com/watch?v=9IG3zqvUqJY
Stories from the show:
Twilio Hackers Scarf 10K Okta Credentials in Sprawling Supply-Chain Attack
https://www.darkreading.com/remote-workforce/twilio-hackers-okta-credentials-sprawling-supply-chain-attack
Windows malware delays coinminer install by a month to evade detection
https://www.bleepingcomputer.com/news/security/windows-malware-delays-coinminer-install-by-a-month-to-evade-detection/
Individuals affected by vendor ransomware attack reaches 2.7M
https://www.beckershospitalreview.com/cybersecurity/vendor-ransomware-attack-affects-2-7m-healthcare-organizations.html
Hacking device can secretly swipe and tap your smartphone screen
https://www.newscientist.com/article/2335970-hacking-device-can-secretly-swipe-and-tap-your-smartphone-screen/