Shared Security Podcast

In this episode of the Shared Security Podcast, the team debates the Surgeon General’s recent call for social media warning labels and explores the pros and cons. Scott discusses whether passwords should be stored in web browsers, potentially sparking strong opinions. The hosts also provide an update on Microsoft’s delayed release of CoPilot Plus PCs due to security concerns and reflect on the underlying privacy issues. Join Tom, Scott, and Kevin for these engaging discussions and more! ** Links mentioned on the show ** Recall recalled (delayed) https://www.bleepingcomputer.com/news/microsoft/microsoft-delays-windows-recall-amid-privacy-and-security-concerns/ The Surgeon General’s Fear-Mongering, Unconstitutional Effort to Label Social Media https://www.eff.org/deeplinks/2024/06/no-online-speech-should-not-have-warning-labels Should You Store Passwords In Your Browser? https://www.linkedin.com/posts/tonycollette_store-passwords-in-your-browser-robert-activity-7205916756786245632-Hlq4 ** Watch this episode on YouTube ** https://youtu.be/0134mOwouuM ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity Get our new Shared Security Podcast glitter stickers! https://sharedsecurity.net/stickers ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Social Media Warning Labels, Should You Store Passwords in Your Web Browser? appeared first on Shared Security Podcast.

In episode 334, hosts Tom Eston, Scott Wright, and Kevin Johnson discuss two major topics. First, they explore the ongoing legal battle between Citizen Lab and the Israeli spyware company NSO Group. The courts have consistently blocked NSO’s attempts to access Citizen Lab’s documents to protect victim privacy. Second, they discuss Apple’s new AI features announced at their developer conference, prioritizing user privacy through opt-in by default, and its implications. Kevin shares strong opinions on NSO Group, while the hosts also review Citizen Lab’s investigative work and Apple’s approach to AI and privacy. ** Links mentioned on the show ** They Exposed an Israeli Spyware Firm. Now the Company Is Badgering Them in Court. https://theintercept.com/2024/05/06/pegasus-nso-group-israeli-spyware-citizen-lab/ Report: New “Apple Intelligence” AI features will be opt-in by default https://arstechnica.com/gadgets/2024/06/report-new-apple-intelligence-ai-features-will-be-opt-in-by-default/ ** Watch this episode on YouTube ** ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity Get our new Shared Security Podcast glitter stickers! https://sharedsecurity.net/stickers ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Citizen Lab vs. NSO Group, Apple AI and Privacy appeared first on Shared Security Podcast.

In episode 333 of the Shared Security Podcast, Tom and Scott discuss a recent massive data breach at Ticketmaster involving the data of 560 million customers, the blame game between Ticketmaster and third-party provider Snowflake, and the implications for both companies. Additionally, they discuss Live Nation’s ongoing monopoly investigation. In the ‘Aware Much’ segment, the rise of work-from-home job scams is analyzed, highlighting FBI warnings and tips to avoid falling victim to such schemes. The success of a past episode on Microsoft’s new recall feature is also mentioned, emphasizing privacy concerns and spirited audience discussions. ** Links mentioned on the show ** Check out our episode on Microsoft’s Recall feature and why we and others in the cybersecurity industry say this is a bad idea (at least how Microsoft is planning on rolling this out) On Recall, I had a question about me (and Satya, lol) using the phrase "screenshot" where all of the documentation says snapshot, and MSFT people say it's just snapshots. They're screenshots. They're just JPEG files, a constant stream of. On a 1tb PC it allocates enough space… pic.twitter.com/XM72eowRe0 — Kevin Beaumont (@GossiTheDog) June 6, 2024 Ticketmaster Confirms Cloud Breach, Amid Murky Details https://www.darkreading.com/cyberattacks-data-breaches/ticketmaster-confirms-cloud-breach-murky-details https://www.darkreading.com/cloud-security/ticketmaster-breach-showcases-saas-data-security-risks FBI Warns of Rise in Work-From-Home Scams https://www.infosecurity-magazine.com/news/fbi-warns-rise-wfh-scams/ ** Watch this episode on YouTube ** ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity Get our new Shared Security Podcast glitter stickers! https://sharedsecurity.net/stickers ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Ticketmaster Data Breach and Rising Work from Home Scams appeared first on Shared Security Podcast.

In this episode host Tom Eston welcomes Jen VanAntwerp, founder of Sober in Cyber. Jen shares her journey in cybersecurity and marketing, and discusses the motivation behind creating alcohol-free networking events. Sober in Cyber provides much-needed alternatives to typical alcohol-centered industry events, fostering inclusive environments for both sober professionals and those simply seeking a different experience. Tune in to learn about their successful sober events, the growing support for such initiatives, and how they foster authentic professional connections without the influence of alcohol. For more details, visit SoberInCyber.org and join their supportive community on Discord. ** Links mentioned on the show ** Find out more about Sober in Cyber https://www.soberincyber.org/ Join the Sober in Cyber Discord https://discord.gg/cyqmY9CJ ** Watch this episode on YouTube ** ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity Get our new Shared Security Podcast glitter stickers! https://sharedsecurity.net/stickers ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Sober in Cyber: Creating Alcohol-Free Networking in Cybersecurity with Jen VanAntwerp appeared first on Shared Security Podcast.

Episode 331 of the Shared Security Podcast discusses privacy and security concerns related to two major technological developments: the introduction of Windows PC’s new feature ‘Recall,’ part of Microsoft’s Copilot+, which captures desktop screenshots for AI-powered search tools, and Slack’s policy of using user data to train machine learning features with users opted in by default. Tom and Kevin express significant concerns over the implications for privacy, data security, and the potential for misuse of these features. Discussions cover the technical workings, potential vulnerabilities, and broader impacts of these technologies on privacy and security. The episode also mentions anecdotes that illustrate the practical downsides of such technologies and hints at the broader trend of companies training AI models with user data without adequate transparency or consent. ** Links mentioned on the show ** Get our new Shared Security Podcast glitter stickers! https://sharedsecurity.net/stickers ** Watch this episode on YouTube ** Elon Musk Criticizes Microsoft Feature That Gives PCs ‘Photographic Memory’ https://www.pcmag.com/news/elon-musk-criticizes-microsoft-recall-gives-pc-photographic-memory Satya Nadella says Windows PCs will have a photographic memory feature called Recall that will remember and understand everything you do on your computer by taking constant screenshots pic.twitter.com/Gubi4DGHcs — Tsarathustra (@tsarnick) May 20, 2024 Slack Trains Some of Its AI-Powered Features on User Messages, Files https://www.pcmag.com/news/slack-trains-ai-powered-features-on-user-messages-files ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Microsoft’s Copilot+ Recall Feature, Slack’s AI Training Controversy appeared first on Shared Security Podcast.

In episode 330 Tom, Scott, and Kevin discuss the new features for iPhones and Android phones designed to warn users about secret trackers, possibly aiding in identifying stalkers. The hosts discuss Apple and Google’s collaboration on a technology called DOLT (Detecting Unwanted Location Trackers), aiming to improve user privacy by detecting Bluetooth trackers like Tiles and AirTags. They also highlight the findings from the 2024 Verizon Data Breach Investigations Report (DBIR), discussing key statistics on company breaches, the average time to remediate vulnerabilities, the rise in ransomware and extortion cases, third-party risks, and the negligible impact of AI on current threats. Additionally, the segment touches on human-related incidents’ significant role in breaches. The episode concludes with the announcement of new Shared Security Podcast stickers. ** Links mentioned on the show ** iPhones And Androids Can Now Warn You of ‘Secret Trackers’ https://www.msn.com/en-gb/money/other/iphones-and-androids-can-now-warn-you-of-secret-trackers/ar-BB1mqmjg Verizon releases their 2024 Data Breach Investigations Report (DBIR) https://www.verizon.com/business/en-nl/resources/reports/dbir/2024/summary-of-findings/ https://www.scmagazine.com/news/verizons-2024-data-breach-investigations-report-5-key-takeaways ** Watch this episode on YouTube ** ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post New Tracker Warning Features on iPhones & Androids, 2024 Verizon Data Breach Investigations Report appeared first on Shared Security Podcast.

In this first-ever in-person recording of Shared Security, Tom and Kevin, along with special guest Matt Johansen from Reddit, discuss their experience at the RSA conference in San Francisco, including their walk-through of ‘enhanced security’ and the humorous misunderstanding that ensued. The conversation moves to the ubiquity of AI and machine learning buzzwords at the conference, questioning the genuine impact versus hype, and the saturation of AI claims among vendors. They explore the real-world applications of AI, how it’s currently being utilized in cybersecurity, and its potential to assist smaller security teams and raise the ‘cybersecurity poverty line.’ The discussion also touches on the false positives in AI-driven security tools and the nuanced benefits of AI in improving English proficiency globally, which could indirectly assist cybercriminals. ** Links mentioned on the show ** Subscribe to Matt’s newsletter “Vulnerable U” https://mattjay.com/newsletter/ Follow Matt on Twitter https://twitter.com/mattjay Follow Matt on LinkedIn https://www.linkedin.com/in/matthewjohansen/ ** Watch this episode on YouTube ** ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Live at RSA: AI Hype, Enhanced Security, and the Future of Cybersecurity Tools appeared first on Shared Security Podcast.

In episode 328, Tom and Kevin discuss two major cybersecurity and privacy news stories. The first topic covers the FCC issuing fines to major US wireless carriers for sharing users’ real-time location data, totaling nearly $200 million. They express surprise and skepticism over the carriers’ actions and deliberate on whether the fines would be impactful or merely seen as the cost of doing business. The second topic revolves around Google’s announcement that it prevented 2.28 million malicious apps from reaching the Play Store in 2023, marking a significant effort towards enhancing platform security. The discussion includes insights on the effectiveness of Google’s policies, the potential need for more transparency, and the broader implications of policy enforcement in the tech industry. ** Links mentioned on the show ** FCC fines carriers $200 million for illegally sharing user location https://www.bleepingcomputer.com/news/technology/fcc-fines-carriers-200-million-for-illegally-sharing-user-location/ Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023 https://thehackernews.com/2024/04/google-prevented-228-million-malicious.html ** Watch this episode on YouTube ** https://youtu.be/1Cw-2vQX6EA ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post FCC Fines Wireless Carriers $200 million, Google’s Fight Against Malicious Apps appeared first on Shared Security Podcast.

In episode 327 Tom, Scott, and Kevin discuss the findings from Mandiant’s M-Trends 2024 report, highlighting a significant rise in traditional vulnerability exploitation by attackers while observing a decline in phishing. Despite phishing’s decreased prevalence, it remains the second most popular method for gaining initial network access. Discussions include the impact of high-profile vulnerabilities and the potential reasons behind the shift in cyberattack tactics. The episode also explores the challenges of maintaining online privacy within relationships, especially when one partner prioritizes privacy more than the other. Tips on fostering understanding and cooperation on privacy and security practices within a relationship are also covered. ** Links mentioned on the show * Vulnerability Exploitation on the Rise as Attackers Ditch Phishing https://www.infosecurity-magazine.com/news/vulnerability-exploitation-rise/ Are you privacy-oriented in a relationship with a partner who isn’t? https://www.reddit.com/r/privacy/comments/1carxda/are_you_privacyoriented_in_a_relationship_with_a/ ** Watch this episode on YouTube ** https://youtu.be/CTE3q4ZFrps ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Privacy Challenges in Relationships, Phishing Down but Vulnerabilities Up? appeared first on Shared Security Podcast.

In this episode Erin Gallagher, cybersecurity awareness lead at Fastly, discusses her journey into the field of security awareness and her unique approach to enhancing cybersecurity within tech companies. Erin shares her unconventional path from a communication major to leading security awareness programs at IBM and a large insurance company, before joining Fastly. She highlights the challenges and strategies of tailoring security training to diverse roles within tech companies, emphasizing the importance of role-based training over traditional methods like phishing simulations. Erin also tackles the critical role of communication skills in security awareness, the need for empathetic engagement with employees, and the importance of demonstrating the value of security awareness programs, especially in uncertain economic times. The episode also touches on Erin’s success in engaging with all levels of staff, including executives, and her thoughts on the future of security awareness in the tech industry. ** Links mentioned on the show * Follow Erin on LinkedIn https://www.linkedin.com/in/erin-gallagher-368063135/ Tom and Erin on Scott’s recent Cybersecurity Awareness Forum ** Watch this episode on YouTube ** https://youtu.be/8pmC98EFF08 ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Navigating Security Awareness in the Tech Industry with Erin Gallagher appeared first on Shared Security Podcast.

In episode 325, Tom and Kevin discuss a significant backdoor threat that nearly compromised Linux systems globally, stemming from an infiltration into an open-source project called XZ Utils by attackers who gained commit access and inserted a backdoor. The episode further delves into a cybersecurity incident where hackers stole 340,000 social security numbers from a government consulting firm, emphasizing the implications and broader concerns related to data security in government contractors and the inefficacy of response mechanisms. Additionally, the hosts explore the negative influences of marketing in the cybersecurity industry, particularly following significant security breaches. ** Links mentioned on the show * This backdoor almost infected Linux everywhere: The XZ Utils close call https://www.zdnet.com/article/this-backdoor-almost-infected-linux-everywhere-the-xz-utils-close-call/ Hackers stole 340,000 Social Security numbers from government consulting firm https://techcrunch.com/2024/04/08/hackers-stole-340000-social-security-numbers-from-government-consulting-firm/ ** Watch this episode on YouTube ** ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Linux Backdoor Infection Scare, Massive Social Security Number Heist appeared first on Shared Security Podcast.

Episode 324 features discussions on a significant AT&T data breach affecting 73 million customers and a sophisticated thread jacking attack targeting a journalist. Co-host Scott Wright joins the discussion, highlighting how millions of AT&T customer account passcodes, along with personal information, were compromised due to a leak discovered by a security researcher and reported by TechCrunch. The episode also details the thread jacking phishing attack, emphasizing the importance of recognizing unexpected email threads and the potential dangers of malicious attachments. The episode concludes with a brief discussion on the upcoming solar eclipse, stressing the importance of using ISO-certified glasses for viewing. ** Links mentioned on the show * AT&T confirms data for 73 million customers leaked on hacker forum https://techcrunch.com/2024/03/30/att-reset-account-passcodes-customer-data/ https://www.bleepingcomputer.com/news/security/atandt-confirms-data-for-73-million-customers-leaked-on-hacker-forum/ Thread Hijacking: Phishes That Prey on Your Curiosity https://krebsonsecurity.com/2024/03/thread-hijacking-phishes-that-prey-on-your-curiosity/ What value do Red Team exercises provide to security awareness programs? ** Watch this episode on YouTube ** https://youtu.be/NYFxs-sueEg ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Massive AT&T Data Leak, The Danger of Thread Hijacking appeared first on Shared Security Podcast.

In episode 323, the hosts discuss two prominent topics. The first segment discusses a significant vulnerability discovered in hotel locks, branded as ‘Unsaflok,’ affecting 3 million doors across 131 countries. The vulnerability allows attackers to create master keys from a regular key, granted access to all doors in a hotel. The co-hosts also discuss the vulnerability’s relation to legacy systems and the implications for hotel security. The second segment shifts focus to Glassdoor, revealing that the popular company review site can no longer guarantee anonymity due to changes following its acquisition of Fishbowl, raising concerns about privacy and the potential misuse of personal data. Additionally, the hosts cover the importance of maintaining security in physical and information security systems and the challenges businesses face when upgrading these systems. ** Links mentioned on the show * Unsaflok flaw can let hackers unlock millions of hotel doors https://www.bleepingcomputer.com/news/security/unsaflok-flaw-can-let-hackers-unlock-millions-of-hotel-doors/ Glassdoor Wants to Know Your Real Name https://www.wired.com/story/glassdoor-wants-to-know-your-real-name/ ** Watch this episode on YouTube ** https://youtu.be/cPiCt9V0onM ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post New Hotel Lock Vulnerabilities, Glassdoor Anonymity Issues appeared first on Shared Security Podcast.

In this episode, special guest Alyssa Miller joins the hosts for an insightful and entertaining conversation covering a broad range of topics from social engineering anecdotes involving Kevin Johnson to Alyssa’s journey in aviation and being a pilot. They discuss the challenges within the cybersecurity industry, including the transition to cloud computing and the neglect of on-prem data centers. Alyssa also shares a personal story about encountering workplace discrimination, offering advice based on her experiences. Additionally, the discussion touches on upcoming conference talks Alyssa is giving, which link her passion for aviation with lessons for the cybersecurity field. The episode touches on critical InfoSec challenges for 2024, humorously dismissing the hype around generative AI and quantum computing as the main issues. ** Links mentioned on the show * Follow and Connect with Alyssa Miller https://www.youtube.com/@AlyssaM_InfoSec https://twitter.com/AlyssaM_InfoSec/ https://www.linkedin.com/in/alyssam-infosec/ ** Watch this episode on YouTube ** https://youtu.be/aaLnXzfVkl4 ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Alyssa Miller: Charting the Course Through InfoSec and Aviation appeared first on Shared Security Podcast.

In episode 321, the hosts discuss how connected cars are sharing driving data with insurance companies, potentially leading to increased rates for drivers. They also talk about the anti-TikTok bill passed by the House, which could force ByteDance to sell TikTok or face a ban in app stores. The episode also covers a significant update to Signal, allowing users to use usernames instead of phone numbers, enhancing privacy. Insights into privacy policies, the importance of understanding consent, and the broader implications of data collection and sharing among different entities are also discussed. ** Links mentioned on the show * Driving fast or braking hard? Your connected car may be telling your insurance company https://www.zdnet.com/article/driving-fast-or-braking-hard-your-connected-car-may-be-telling-your-insurance-company/ Check out Vehicle Privacy Report to see what data your car collects! https://vehicleprivacyreport.com/ Why Signal ‘turned our architecture inside out’ for its latest privacy feature https://news.yahoo.com/why-signal-turned-architecture-inside-202555708.html https://ssd.eff.org/module/how-to-use-signal ** Watch this episode on YouTube ** https://youtu.be/bJJ42u69g0M ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post The TikTok Ban Bill, Your Car is Spying on You, Signal’s Username Update appeared first on Shared Security Podcast.

In episode 320, Tom and Scott discuss the contentious issue of who is accountable when Facebook or Instagram accounts are hacked, discussing potential failings on both the user’s and Meta’s part. They explore the possibility of inadequate security measures on these platforms and the implications of Meta potentially profiting from fraudulent ads. The episode also covers a Wired article regarding 41 state attorney generals in the U.S. urging Meta to enhance their security to manage the rising complaints of account theft. Furthermore, the ‘Aware Much’ segment highlights a new threat involving spoofed Zoom, Google, and Skype meeting requests that spread remote access Trojans (RATs), discussing the sophistication of these phishing attacks and malware’s ability to compromise systems. The conversation touches on the effectiveness of two-factor authentication (2FA), the challenge of identifying malicious URLs, and the role of government in pressuring companies like Meta to improve security practices. ** Links mentioned on the show * Meta Abandons Hacking Victims, Draining Law Enforcement Resources, Officials Say https://www.wired.com/story/meta-hacked-users-draining-resources/ Spoofed Zoom, Google & Skype Meetings Spread Corporate RATs https://www.darkreading.com/cyberattacks-data-breaches/spoofed-zoom-google-skype-meetings-spread-corporate-rats ** Watch this episode on YouTube ** https://youtu.be/x3x8uiSH2zs ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Who’s to Blame for Hacked Social Media Accounts, Spoofed Online Meeting Requests and Malware appeared first on Shared Security Podcast.

In Episode 319, Tom and Kevin discuss the potential data privacy risks associated with having an AI ‘girlfriend’ or ‘boyfriend’ and why one should refrain from sharing their personal data with such AIs. They engage in a humorous conversation about the unusual advertisements these AI companions attract, while expressing concerns over their deceptive and sensitive data gathering. The episode also explores the controversial issue of the U.S. government collecting vast amounts of consumer data. Allegedly, the government acquires data from various sources including cell phones, social media, and internet ad exchanges, potentially for surveillance purposes. Tom and Kevin argue that such practice is an abuse of the system, potentially bypassing laws meant to protect the innocent, and opens up a possibility for misuse by government employees. ** Links mentioned on the show * ‘AI Girlfriends’ Are a Privacy Nightmare https://www.wired.com/story/ai-girlfriends-privacy-nightmare/ The Government Really Is Spying On You — And It’s Legal https://www.politico.com/news/magazine/2024/02/28/government-buying-your-data-00143742 ** Watch this episode on YouTube ** ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Don’t Trust Your AI Girlfriend or Boyfriend, Exposing US Government Data Collection appeared first on Shared Security Podcast.

In episode 318, we discuss the trending ‘get to know me’ posts on social media platforms like Instagram and the potential risks of sharing personal information publicly, particularly in light of potential misuse for password resetting. We recount a similar trend observed years ago when social media was in its infancy. The second topic covers Ring’s decision to discontinue its ‘Request for assistance’ feature on its Neighbors app which initially allowed police to publicly request doorbell footage without a warrant. We explore various viewpoints on this topic, including the need for warrants, privacy concerns, and the potential misuse of information, while also highlighting different methods of ensuring online security. ** Links mentioned on the show * The latest ‘Get to Know Me’ trend on Instagram might seem like harmless fun, but think twice. https://www.linkedin.com/posts/flaviusplesu_the-latest-get-to-know-me-trend-on-instagram-activity-7155491475215040512-Sugs/ Ring steps back from sharing video with police — mostly https://www.theverge.com/2024/1/24/24049165/ring-police-neighbors-app-clips-search-warrant ** Watch this episode on YouTube ** ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post ‘Get to Know Me’ Privacy Risks, Pros and Cons of Publicly Sharing Ring Doorbell Footage appeared first on Shared Security Podcast.

In episode 317, Tom and Kevin discuss a reported deepfake scam that allegedly led to the theft of 25.6 million from a multinational company and Canada’s attempt to ban the Flipper Zero device, believing it plays a role in auto thefts. They critique the Canadian government’s understanding of the device and its capabilities, questioning whether the move is political posturing rather than a measure to enhance public safety. The hosts also speak about the ‘human password’ concept, which prompts a broader discussion about the importance of out-of-band confirmation for financial transactions. ** Links mentioned on the show * Scammers use deepfakes to steal $25.6 million from a multinational firm https://www.engadget.com/scammers-use-deepfakes-to-steal-256-million-from-a-multinational-firm-034033977.html Canada Moves to Ban the Flipper Zero Over Car Hacking Fears https://gizmodo.com/canada-moves-to-ban-the-flipper-zero-over-car-hacking-f-1851242790 https://arstechnica.com/security/2024/02/canada-vows-to-ban-flipper-zero-device-in-crackdown-on-car-theft/ ** Watch this episode on YouTube ** ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post 25.6 Million Dollar Deepfake Scam, Exploring Canada’s Flipper Zero Ban appeared first on Shared Security Podcast.

In episode 316, we have the pleasure to chat with Jason Haddix, a prominent influencer in the cybersecurity community. With an intriguing career path, from being a ‘computer kid’, venturing into the nascent dark web, to becoming a respected figure in the Bug Bounty space, his journey is nothing short of inspiration. We dive into the evolution and the current state of Bug Bounty, the emergence of consultancy within the Bug Bounty companies, the unique live hacking events, and the impact of open-source tooling coming from this ecosystem. Towards the end, Jason introduces his new venture, Arcanum Information Security. Tune in and update yourself with exciting insights from a veterans’ perspective. For our Patreon supporters don’t miss a special bonus episode where Jason shares his biggest career accomplishment and failure! Join our patreon and support the podcast here: https://patreon.com/sharedsecurity ** Links mentioned on the show * Arcanum Information Security https://arcanum-sec.com/ https://twitter.com/arcanuminfosec Follow and connect with Jason https://twitter.com/Jhaddix https://www.linkedin.com/in/jhaddix/ ** Watch this episode on YouTube ** ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Jason Haddix on Bug Bounties and Cybersecurity Career Growth appeared first on Shared Security Podcast.

In this episode of the Shared Security Podcast, we discuss the concerning issue of victim-blaming in cybersecurity with special guest, Andra Zaharia, host of the Cyber Empathy and We Think We Know podcasts. Key topics include the societal issues within cybersecurity, the role of empathy in business and cybersecurity, leadership’s role in empathy and the recent 23andMe data breach. We discuss how companies can enhance empathy after a data breach while touching on the undeniable influence employees, especially those in security teams, play in promoting empathy within their organizations. ** Links mentioned on the show * Cyber Empathy Podcast https://cyberempathy.org/ We Think We Know Podcast https://pentest-tools.com/blog/categories/podcast 23andMe tells victims it’s their fault that their data was breached https://techcrunch.com/2024/01/03/23andme-tells-victims-its-their-fault-that-their-data-was-breached/ ** Watch this episode on YouTube ** https://youtu.be/oRHBGq1ks5I ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post The Problem of Victim Blaming in Cybersecurity: Empathy, Responsibility & Ethical Practices appeared first on Shared Security Podcast.

In this episode, host Tom Eston provides a detailed explanation of the ‘Stolen Device Protection’ for iPhones – a new security feature by Apple. This feature triggers enhanced security factors such as Face ID, Touch ID, and an hour-long security delay for critical actions when the phone is away from familiar locations. Tom also provides guidance on how to enable and disable this feature on iOS 17.3. Lastly, he advises viewers to disable the feature, and erase and reset the iPhone when they decide to sell, give away, or trade their device. ** Links mentioned on the show * Turn on “Stolen Device Protection” on your iPhone! https://support.apple.com/guide/iphone/use-stolen-device-protection-iph17105538b/ios About Stolen Device Protection for iPhone https://support.apple.com/en-us/HT212510 ** Watch this episode on YouTube ** https://youtu.be/MOzunwHR9uM ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Secure Your iPhone: Exploring Stolen Device Protection appeared first on Shared Security Podcast.

In Episode 313, hosts Tom and Scott discuss the world of scambaiting, discussing what it is, the tactics used, and its effectiveness in stopping scammers. They talk about popular channels like Scammer Payback and Kitboga that show these scams in progress. Then they switch to the best practices to prevent social media account takeovers, highlighting a guide written by Rachel Tobac. Lastly, they share fascinating news about a network connected wrench, the Bosch Rexroth Handheld Nutrunner, could be used in a ransomware attack, hinting how even everyday objects are now internet-connected. Join hosts, Tom and Scott, in this engaging conversation revolving around critical cybersecurity topics! ** Links mentioned on the show * Introduction to the World of Scambaiting https://www.scams.info/blog/player-protection/world-of-scambaiting/ Scammer Payback https://www.youtube.com/@ScammerPayback Kitboga https://www.youtube.com/channel/UCm22FAXZMw1BaWeFszZxUKw A Hacker’s Perspective: Social Media Account Takeover Prevention Guide https://www.linkedin.com/pulse/hackers-perspective-social-media-account-takeover-prevention-tobac-sblvc https://www.msn.com/en-us/news/us/fbi-is-investigating-the-sec-hack-after-its-fake-bitcoin-post/ar-AA1mLImm Hackers can infect network-connected wrenches to install ransomware https://arstechnica.com/security/2024/01/network-connected-wrenches-used-in-factories-can-be-hacked-for-sabotage-or-ransomware/ ** Watch this episode on YouTube ** https://youtu.be/pDQY2ta35hA ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post The World of Scambaiting, Preventing Social Media Account Takeovers, Network Wrenches Hacked appeared first on Shared Security Podcast.

In episode 312, Tom and Scott discuss the implications of a new law in Ohio that may require parental consent for children under 16 using social media, including the pros and cons of this legislation. They also discuss Meta’s new link history feature and the repercussions it might have on ad targeting on Facebook and Instagram. The episode concludes with a discussion on a court case in Ottawa, where a judge ruled that three smartphones from an alleged pedophile must be returned after 175 million unsuccessful passcode guesses. Plus, don’t miss the discussion about some refined AI-generated security awareness manager images shared by a Patron! ** Links mentioned on the show * New law in Ohio cracks down on social media use among kids: What to know https://www.msn.com/en-us/news/other/new-law-in-ohio-cracks-down-on-social-media-use-among-kids-what-to-know/ar-AA1madO2 https://www.msn.com/en-us/news/other/social-media-giants-meta-x-and-google-sue-ohio-over-law-requiring-parents-consent-to-open-account/ar-AA1mHtJk Opting into ‘link history’ on Facebook and Instagram means agreeing to (more) ad targeting https://news.yahoo.com/opting-into-link-history-on-facebook-and-instagram-means-agreeing-to-more-ad-targeting-003746719.html Police must return phones after 175 million passcode guesses, judge says https://ottawacitizen.com/news/local-news/police-must-return-phones-after-175-million-passcode-guesses-judge-says Podcast patron Robert McCurdy is offering free workshops on Android testing with JAMBOREE and seeking experts in encrypted payloads to advance his open-source project. Connect with Robert: https://rmccurdy.com/ ** Watch this episode on YouTube ** https://youtu.be/dNTLTCVK8fU ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Ohio’s New Social Media Law, Meta’s Link History Feature, 175 Million Passcode Guesses appeared first on Shared Security Podcast.

In this episode, we discuss the most sophisticated iPhone exploit ever, Google’s agreement to settle a $5 billion lawsuit about tracking users in ‘incognito’ mode, and a new iOS app, Journal. The iPhone exploit, known as Operation Triangulation, has complex chains of events that lead to compromised iPhone security. Meanwhile, the lawsuit against Google claims that the company’s technology was still tracking users’ site visits even in ‘incognito’ mode. The newly added Journal app on iOS has raised questions and discussions on its security and privacy features as it encourages users to put their life updates on the app. ** Links mentioned on the show * iPhone Spyware Exploits Obscure Chip Feature, Targets Researchers https://www.hackread.com/iphone-spyware-exploits-obscure-chip-feature/ https://usa.kaspersky.com/blog/triangulation-attack-on-ios/28444/ Google settles $5 billion privacy lawsuit over tracking people using ‘incognito mode’ https://www.npr.org/2023/12/30/1222268415/google-settles-5-billion-privacy-lawsuit Apple launches Journal, a new app to reflect on everyday moments and life’s special events https://www.apple.com/newsroom/2023/12/apple-launches-journal-app-a-new-app-for-reflecting-on-everyday-moments/ ** Watch this episode on YouTube ** ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Most Advanced iPhone Exploit Ever, Google’s $5 Billion Settlement, Apple’s Journal App appeared first on Shared Security Podcast.

In this episode, host Tom Eston shares the three key lessons he’s learned over his 18-year career in cybersecurity: effective communication, continuous learning, and empathy. He talks about the importance of understanding and reaching both technical and non-technical audiences, the necessity of continuous learning despite your role, and the power of empathy in contributing to success. ** Links mentioned on the show * Cyber Empathy Podcast by Andra Zaharia https://cyberempathy.org/ Follow Tib3rius and Jason Haddix https://twitter.com/0xTib3rius https://twitter.com/Jhaddix ** Watch this episode on YouTube ** ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post The Three Keys to Success in Cybersecurity appeared first on Shared Security Podcast.

In our last episode of the year, we replay our predictions for 2023 reviewing what we got right and what we didn’t. We cover various topics, such as Twitter’s influence, the future of Mastodon, the ban of TikTok in certain states, and the rising issue of ransomware. In addition, we give credit to Scott for accurately predicting multiple cybersecurity events during the year! We also share our expectations for 2024 — predicting increased AI adoption, many more cybersecurity layoffs, more consolidation in InfoSec, and implementation of flawed legislation targeting symptoms instead of causes. ** Links mentioned on the show * The Year in Review and 2023 Predictions https://sharedsecurity.net/2022/12/26/the-year-in-review-and-2023-predictions/ Federal judge blocks Montana’s TikTok ban before it takes effect https://www.npr.org/2023/11/30/1205735647/montana-tiktok-ban-blocked-state ** Watch this episode on YouTube ** https://youtu.be/JQeES1cz12w ** Become a Shared Security Supporter ** For only $5 per month get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post The Year in Review and 2024 Predictions appeared first on Shared Security Podcast.

In episode 308, we discuss the often overlooked topic of password management for the elderly. Addressing the commonly held belief that writing down passwords is a bad idea, we discuss the nuances and context of this practice. Elderly individuals who may struggle with technology can benefit from recording passwords, but we discuss the importance of putting suitable controls around this. We also touch on usability issues associated with technology changes and the consequences of not planning for what happens to a person’s digital presence after they pass away. Do you have your own tips or stories of your experiences with passwords and the elderly? We would love to hear your comments on our YouTube video, on X, or on the episode post on sharedsecurity.net! ** Links mentioned on the show * Cybersecurity for Seniors https://www.digicert.com/blog/cybersecurity-for-seniors-in-7-steps Apple iOS – Request access to a deceased friend or family member’s account https://digital-legacy.apple.com/ ** Watch this episode on YouTube ** https://youtu.be/8bW9gTCgz68 ** Become a Shared Security Supporter ** For only $5 per month get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Password Security for the Elderly: Tips and Best Practices appeared first on Shared Security Podcast.

In episode 307, Tom and Scott debunk misinformation circulating about the iOS 17 NameDrop feature by law enforcement and others on social media. Next, they discuss the potential risks of QR code scams, detailing a real-life incident where a woman lost a significant amount of money due to a QR code scam. Finally, the episode concludes with a discussion on a ransomware attack on a large US healthcare provider, examining potential repercussions and stressing the need for increased security for critical infrastructure. Co-host Scott Wright also presents an overview of the Click Armor platform, an innovative gamified security awareness training platform. ** Links mentioned on the show * The Truth About The iPhone iOS 17 NameDrop Feature https://www.forbes.com/sites/daveywinder/2023/11/27/law-enforcement-issues-ios-17-security-warning-over-namedrop-feature/?sh=69b860ca4182 https://support.apple.com/guide/iphone/namedrop-iphone-share-contact-info-iph1b6c664b7/ios?ftag=MSFd61514f Thornaby: Woman targeted in £13k railway station QR code scam https://www.bbc.com/news/uk-england-tees-67335952 Ransomware attack prompts multistate hospital chain to divert some emergency room patients elsewhere https://www.msn.com/en-us/health/other/ransomware-attack-prompts-multistate-hospital-chain-to-divert-some-emergency-room-patients-elsewhere/ar-AA1kFQVx ** Watch this episode on YouTube ** https://youtu.be/ggs0KMn–zE ** Become a Shared Security Supporter ** For only $5 per month get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post iOS 17 NameDrop Debunking, Real World QR Code Attacks, Impact of Ransomware on Hospitals appeared first on Shared Security Podcast.

In this episode, noteworthy guest Tanya Janca returns to discuss her recent ventures and her vision for the future of Application Security. She reflects on the significant changes she has observed since her career at Microsoft, before discussing her new role at Semgrep that recently acquired WeHackPurple. Tanya sheds light on her decision to partner with Semgrep, a company that aligns with her vision of providing free resources in the Application Security community. Despite facing a failed acquisition process the previous year, WeHackPurple received multiple acquisition offers, leading to a bidding war. In addition, Tanya shares her optimism about the maturity of AppSec programs, presents her concerns about consolidation in the industry, and highlights the importance of role-based, tailored training. She also reveals her ongoing work on the sequel to her book titled ‘Alice and Bob Learn Secure Coding’ and hints at the launch of the Semgrep Academy. For our Patreon supporters, don’t miss our bonus episode where Tanya shares her biggest career accomplishment and failure, offering invaluable lessons for all! ** Links mentioned on the show * Tanya’s previous guest appearances on the podcast https://sharedsecurity.net/2018/11/30/special-guest-tanya-janca-devops-and-appsec-women-in-cybersecurity-82/ https://sharedsecurity.net/2021/01/28/tanya-janca-ceo-and-founder-we-hack-purple/ https://sharedsecurity.net/2022/05/30/the-state-of-application-security-with-tanya-janca/ Connect with Tanya https://shehackspurple.ca/ https://www.linkedin.com/in/tanya-janca/ https://twitter.com/shehackspurple ** Watch this episode on YouTube ** https://youtu.be/wUrcs1-p8XQ ** Become a Shared Security Supporter ** For only $5 per month get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Application Security Trends & Challenges with Tanya Janca appeared first on Shared Security Podcast.

In this episode, Tom shows off AI generated images of a “Lonely and Sad Security Awareness Manager in a Dog Pound” and the humorous outcomes. The conversation shifts to Apple’s upcoming support for Rich Communication Services (RCS) and the potential security implications. Lastly, Tom and Kevin reflect on reports of AI-powered voice cloning scams targeting elderly Americans, and argue that the true issue lies with social engineering rather than the involvement of AI. ** Links mentioned on the show * Apple to Adopt RCS Messaging Standard for Better Interoperability With Android Devices (yet, the green “bubble” is not going away) https://www.macrumors.com/2023/11/16/apple-to-adopt-rcs-messaging-standard/ Elderly Americans Lose $1.1 Billion to AI-Powered Scams in 2022 https://www.msn.com/en-us/money/markets/elderly-americans-lose-11-billion-to-ai-powered-scams-in-2022/ar-AA1kbqDb https://www.msn.com/en-us/money/other/that-may-not-be-your-daughter-crying-on-the-phone-here-s-what-to-know-about-ai-powered-scams/ar-AA1kia4s ** Watch this episode on YouTube ** ** Become a Shared Security Supporter ** For only $5 per month get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Apple Finally Adopts RCS, AI Powered Scams Targeting the Elderly appeared first on Shared Security Podcast.

In this week’s episode of the Shared Security Podcast, hosts Tom Eston, Scott Wright and Kevin Johnson tackle a number of topics related to AI, privacy and security. They begin with an amusing discussion about their respective roles on the podcast, before shifting to big tech’s use of user data and whether subscribers should pay to not have their data used. The focus then turns to a recent move by Meta to charge European users who wish to use Instagram and Facebook without ads. Next, they touch on new research from NordVPN about the burdensome length and complexity of privacy policies on popular websites, and offer alternatives for consumers to navigate them. Lastly, the hosts discuss a new executive order by the Biden administration directed towards AI companies, calling for a watermark system to alert consumers when they interact with an AI-enabled product. They express concerns about businesses benefiting from the new AI rules while potentially stifling competition and highlight the need for stronger, enforceable laws to truly protect users’ data and privacy. ** Links mentioned on the show * Should we pay big tech NOT to use our data? (aka: Pay-or-Ads or Pay for Privacy) https://www.wired.com/story/how-to-get-ad-free-facebook-instagram-meta-privacy/ https://www.bitdefender.com/blog/hotforsecurity/meta-wants-you-to-pay-to-stop-seeing-ads-on-facebook-and-instagram-what-the-pay-or-ok-model-means-for-your-digital-privacy/ https://www.reddit.com/r/privacy/comments/17ttkrn/eli5_on_why_pay_or_surveillance_ads_should_not_be/ NordVPN study shows: Nine hours to read the privacy policies of the 20 most visited websites in the US https://nordvpn.com/blog/privacy-policy-study-us/ Biden executive order imposes new rules for AI. Here’s what they are. https://abcnews.go.com/Business/biden-executive-order-imposes-new-rules-ai/story?id=104472977 ** Watch this episode on YouTube ** ** Become a Shared Security Supporter ** For only $5 per month get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Paying Big Tech for Privacy, New Privacy Policy Study, Biden’s Executive Order on AI appeared first on Shared Security Podcast.

In this episode, we discuss the SEC’s charges against SolarWinds’ CISO for misleading investors about a major cyberattack. Plus don’t miss our discussion about the shady world of “Classiscam Scam-as-a-Service,” a very popular cyber criminal service that creates fake user accounts, posts fraudulent reviews, and boosts the reputation of dishonest sellers while defrauding e-commerce platforms. ** Links mentioned on the show * Tom’s LinkedIn thread about “Quishing” https://www.linkedin.com/posts/tomeston_lets-talk-about-quishing-do-you-think-activity-7127625977085509632-CjHc?utm_source=share SEC charges SolarWinds CISO with fraud for misleading investors before major cyberattack https://therecord.media/solarwinds-ciso-sec-charged What is Classiscam Scam-as-a-Service? https://www.tripwire.com/state-of-security/what-classiscam-scam-service ** Watch this episode on YouTube ** ** Become a Shared Security Supporter ** For only $5 per month get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post SEC vs. SolarWinds CISO, Classiscam Scam-as-a-Service appeared first on Shared Security Podcast.

In this episode, we explore the recent Okta breach where hackers obtained sensitive customer data via unauthorized access to the Okta support system. Next, we discuss the emerging threat of “quishing,” a combination of voice calls and phishing that preys on unsuspecting victims. Finally, we discuss Google Play Protect’s new feature, “Real-time App Analysis,” which enhances Android device security by helping prevent malware from being installed. ** Links mentioned on the show * Okta says hackers breached its support system and viewed customer files https://arstechnica.com/security/2023/10/okta-says-hackers-breached-its-support-system-and-viewed-customer-files/ https://x.com/mattjay/status/1716870499458822418?s=46&t=S0l2WLszljUYE1vbjB4M9A https://sec.okta.com/harfiles Quishing is the new phishing: What you need to know https://www.zdnet.com/article/quishing-is-the-new-phishing-what-you-need-to-know/ Google Play Protect Introduces Real-Time Code-Level Scanning for Android Malware https://thehackernews.com/2023/10/google-play-protect-introduces-real.html https://developers.google.com/android/play-protect/client-protections ** Watch this episode on YouTube ** https://youtu.be/NBP8XA5lwCY ** Become a Shared Security Supporter ** For only $5 per month get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Okta Hacked Again, Quishing Is The New Phishing, Google Play Protect Real-Time Scanning appeared first on Shared Security Podcast.

Did you know that your mobile phone provider can give data like phone numbers you’ve called and received, the time and date of those calls, and even your location data to their parent companies, affiliates, and agents? In this episode we show you how to opt out so you can stop your data from being being shared! ** Links mentioned on the show * AT&T CPNI Opt Out https://www.att.com/consent/cpni/ https://about.att.com/privacy/full_privacy_policy.html#CPNI Verizon CPNI Opt Out https://www.verizon.com/support/customer-cpni/ Alternatively for Verizon, you can also opt out by calling 1-800-333-9956 and follow the recorded directions. Or, you can call 1800-922-0204 to reach a Customer Service Representative who can process your opt-out for you. T-Mobile Opt Out https://www.t-mobile.com/privacy-center/education/phone-privacy ** Watch this episode on YouTube ** https://youtu.be/uA9tfay4bRU ** Become a Shared Security Supporter ** For only $5 per month get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post How to Opt Out of CPNI Data Sharing appeared first on Shared Security Podcast.

In milestone episode 300, Jayson E. Street (a renowned hacker, helper, and human who has successfully robbed banks, hotels, government facilities, and Biochemical companies on five continents) joins us to share what he’s been up to recently and to talk about his new role at Secure Yeti. Next, we explore the alarming rise of ‘phantom hacker’ scams targeting the elderly. The FBI issues a stern warning about these evolving tech support scams that are draining the savings of unsuspecting seniors. We uncover the extent of the issue, with staggering victim losses and disturbing trends. Finally, we unravel the unsettling revelation that private user data from 23andMe has been scraped and is up for sale, raising concerns about credential stuffing attacks, user privacy, and data security. For our Patreon supporters, check out this week’s bonus episode where Jayson shares his recent gaming adventures in Starfield and No Man’s Sky! If you’re not a supporter yet, head to https://patreon.com/sharedsecurity to discover how you can access this exclusive content. ** Links mentioned on the show * Follow and connect with Jayson Street https://twitter.com/jaysonstreet https://www.linkedin.com/in/jstreet/ https://jaysonestreet.com/ FBI warns of surge in ‘phantom hacker’ scams impacting the elderly https://www.bleepingcomputer.com/news/security/fbi-warns-of-surge-in-phantom-hacker-scams-impacting-elderly/amp/ 23andMe says private user data is up for sale after being scraped https://arstechnica.com/security/2023/10/private-23andme-user-data-is-up-for-sale-after-online-scraping-spree/ https://twitter.com/RachelTobac/status/1711797959086801365 ** Watch this episode on YouTube ** https://youtu.be/JIFSKbvvJ4w ** Become a Shared Security Supporter ** For only $5 per month get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Special Guest Jayson E. Street, Phantom Hacker Scams, 23andMe User Data For Sale appeared first on Shared Security Podcast.

In this episode we explore the remarkable journey of Tib3rius, a web application hacking expert and content creator. In this engaging conversation, we discuss: Tib3rius’ passion for community education and content creation. What fuels his desire to empower the next generation of cybersecurity professionals? His expertise and enthusiasm for web application hacking, and we explore the transformative shifts in Application Security over recent years. If you’re new to the industry and aspire to be a web application pentester, don’t miss the valuable insights Tib3rius has to offer. Get the inside scoop on Tib3rius’ latest move to TCM Security and his courses, with a spotlight on his upcoming web application security pentesting course! For our Patreon supporters, an extraordinary bonus episode awaits, where Tib3rius unveils two of his most astonishing hacks! This is a discussion you won’t want to miss. If you’re not a supporter yet, head to patreon.com/sharedsecurity to discover how you can access this exclusive content. ** Links mentioned on the show * Follow Tib3rius on X https://twitter.com/0xTib3rius Subscribe to his YouTube channel and his live streams on Twitch https://www.youtube.com/@Tib3rius https://www.twitch.tv/0xtib3rius ** Watch this episode on YouTube ** https://youtu.be/o9VmqxnUD04 ** Become a Shared Security Supporter ** For only $5 per month get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Educating the Next Cybersecurity Generation with Tib3rius appeared first on Shared Security Podcast.

In this episode, we discuss the Mozilla Foundation’s alarming report that reveals why cars are the top privacy concern. Modern vehicles, equipped with data-collecting tech, pose significant risks to consumers’ privacy, with data sharing even extending to law enforcement. Listen in to our discussion as we explore the urgent need for transparency and *gasp* regulations in the automotive industry. Next, we explore the best practices around password creation and why password requirements are so different between organizations and applications you use every day. Lastly, Sony has suffered two security breaches in the past four months. In their latest breach, we discuss how a zero-day vulnerability led to unauthorized access and the Clop ransomware gang’s involvement, affecting thousands of individuals. ** Links mentioned on the show * It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy https://foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/ What Data Does My Car Collect About Me and Where Does It Go? https://foundation.mozilla.org/en/privacynotincluded/articles/what-data-does-my-car-collect-about-me-and-where-does-it-go/ What are the rules and best practices for password creation these days? https://www.reddit.com/r/cybersecurity/comments/16y2g47/these_password_rules_for_a_bank_web_site_i_use_why/ https://blog.netwrix.com/2022/11/14/nist-password-guidelines/ Sony confirms data breach impacting thousands in the U.S. https://www.bleepingcomputer.com/news/security/sony-confirms-data-breach-impacting-thousands-in-the-us/ https://www.thewrap.com/sony-hack-attack-timeline/ ** Watch this episode on YouTube ** https://youtu.be/g6zJb9DhTK0 ** Become a Shared Security Supporter ** For only $5 per month get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X (Twitter): https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Your Car is a Privacy Nightmare, Password Creation Best Practices, Sony Hacked Again appeared first on Shared Security Podcast.

In this episode, we explore the growing trend of AI surveillance in corporations, where cutting-edge technology is used to monitor employees, optimize productivity, and raise ethical concerns. Next, we uncover a disturbing Instagram scam that lures unsuspecting victims into a trap, highlighting the deceptive tactics employed by cyber criminals on social media. Finally, discover the startling vulnerabilities in Kia and Hyundai vehicles that make them easy targets for car thieves. We discuss the security flaws, the scale of affected vehicles, and practical steps owners can take to protect their cars. Find out how manufacturers are addressing this issue and what it means for your vehicle’s security. ** Links mentioned on the show * Your Boss’s Spyware Could Train AI to Replace You https://www.wired.com/story/corporate-surveillance-train-ai/ Instagram Scam: I Want to Use Your Photos for Mural or Painting and Steal Your Money https://geekmamas.com/2022/09/25/instagram-scam-i-want-to-use-your-photos-for-mural-or-painting-and-steal-your-money/ Car-stealing TikTok trend launches Kia and Hyundai into top 10 most stolen cars https://www.msn.com/en-us/autos/news/car-stealing-tiktok-trend-launches-kia-and-hyundai-into-top-10-most-stolen-cars/ar-AA1gp1rL#image=1 https://www.marketwatch.com/guides/insurance-services/insuring-your-kia-or-hyundai/ https://www.vox.com/technology/2023/6/1/23742757/kia-hyundai-challenge-tiktok-instagram-youtube ** Watch this episode on YouTube ** ** Become a Shared Security Supporter ** For only $5 per month get exclusive access to ad-free episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X (Twitter): https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Is My Boss Spying on Me, Instagram Painting Scam, Kia and Hyundai TikTok Challenge appeared first on Shared Security Podcast.

In this episode Matt Johansen, Security Architect at Reddit and Vulnerable U newsletter and YouTube content creator, joins host Tom Eston to discuss Matt’s background as one of the original “Security Twits”, his career journey, his passion for mental health advocacy, the significance of the recent MGM ransomware attack, and a discussion on the pros and cons of paying ransoms. ** Links mentioned on the show * Follow Matt on X aka: Twitter https://twitter.com/mattjay Follow Matt on LinkedIn https://www.linkedin.com/in/matthewjohansen/ Vulnerable U Newsletter and YouTube Channel https://mattjay.com/newsletter/ https://youtube.com/@VulnerableU?si=MAyCiCJ6fDbL0uHs Threat Modeling Depression https://www.mattjay.com/blog/threat-model-depression Threat Modeling Depression: Part Two – Attack Tree https://www.mattjay.com/blog/attack-tree-depression Hackers Shut Down MGM in a 10-Min Phone Call https://bluoceancyber.com/hackers-shut-down-mgm-in-a-10-min-phone-call/ https://x.com/BushidoToken/status/1702423413904867406?s=20 Caesars Entertainment confirms ransom payment, customer data theft https://www.bleepingcomputer.com/news/security/caesars-entertainment-confirms-ransom-payment-customer-data-theft/ ** Watch this episode on YouTube ** https://youtu.be/vvJjdy8K73g ** Become a Shared Security Supporter ** For only $5 per month get exclusive access to ad-free episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X (Twitter): https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Content Creation, Mental Health in Cyber, The MGM Ransomware Attack appeared first on Shared Security Podcast.

In this episode Ryan Davis, Chief Information Security Officer at NS1, speaks with host Tom Eston about the changing role of the CISO, acquisitions, what the biggest challenges are, and Ryan’s advice for those considering a career as a CISO. This is one episode you don’t want to miss if you’re curious what a CISO does, thinking about becoming one, or currently a CISO yourself. ** Links mentioned on the show * Connect with Ryan on LinkedIn https://www.linkedin.com/in/ryancdavis/ ** Watch this episode on YouTube ** https://youtu.be/nI114nSZgjI ** Become a Shared Security Supporter ** For only $5 per month get exclusive access to ad-free episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on Twitter: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post The Changing Role of the CISO with Ryan Davis, Chief Information Security Officer at NS1 appeared first on Shared Security Podcast.

In this episode we discuss the FBI’s remarkable takedown of the Qakbot botnet, a saga involving ransomware, cryptocurrency, and the FBI pushing an uninstaller to thousands of victim PCs. Next, we explore how a major U.S. energy organization fell victim to a QR code phishing attack, highlighting the ever-evolving tactics used by attackers. Finally, we discuss the alarming world of personal data exploitation through credit header information and a TransUnion subsidiary, where attackers can dox anyone in America for only $15. ** Links mentioned on the show * NOTACON 8: Pen Testing – Moving from Art to Science (Matt Neely) https://www.youtube.com/watch?v=n71RE6Pk9NI Qakbot botnet dismantled after infecting over 700,000 computers https://www.bleepingcomputer.com/news/security/qakbot-botnet-dismantled-after-infecting-over-700-000-computers/ Major U.S. energy org targeted in QR code phishing attack https://www.bleepingcomputer.com/news/security/major-us-energy-org-targeted-in-qr-code-phishing-attack/ The Secret Weapon Hackers Can Use to Dox Nearly Anyone in America for $15 https://www.404media.co/the-secret-weapon-hackers-can-use-to-dox-nearly-anyone-in-america-for-15-tlo-usinfosearch-transunion/ ** Watch this episode on YouTube ** https://youtu.be/BdtSnT1si3s ** Become a Shared Security Supporter ** For only $5 per month get exclusive access to ad-free episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on Twitter: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post The FBI’s Qakbot Takedown, QR Code Phishing Attacks, Dox Anyone in America for $15 appeared first on Shared Security Podcast.

In this episode Luke Jennings VP of Research & Development from Push Security joins us to discuss SaaS attacks and how its possible to compromise an organization without touching a single endpoint or network. Luke talks about his recent SaaS attack research, why SaaS based attacks are different than traditional network based attacks, the SaaS attack matrix which can be used by both red and blue teams, and why its important that this research is shared and talked about in the cybersecurity community. ** Links mentioned on the show * Let’s talk about SaaS attack techniques https://pushsecurity.com/blog/saas-attack-techniques/ SAMLjacking a poisoned tenant https://pushsecurity.com/blog/samljacking-a-poisoned-tenant/ Push Security SaaS Attacks GitHub https://github.com/pushsecurity/saas-attacks Follow Luke and Push Security https://www.linkedin.com/in/luke-jennings-042b5619b/ https://twitter.com/jukelennings https://twitter.com/PushSecurity https://pushsecurity.com/ ** Watch this episode on YouTube ** https://youtu.be/Rj0t5Lw12Ic ** Become a Shared Security Supporter ** For only $5 per month get exclusive access to ad-free episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on Twitter: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post SaaS Attacks: Compromising an Organization without Touching the Network appeared first on Shared Security Podcast.

In this episode, we discuss essential cybersecurity tips for students and educational institutions as they gear up for the school season. From software updates to strong passwords and cybersecurity education, we explore how students and schools can fortify their digital defenses. Next, we navigate the treacherous waters of phishing and related scams, unveiling strategies to outwit malicious links. Hovering over links, cautious email scrutiny, and verification tactics all play a role. Finally, we discuss the surprising policy change by X (formerly Twitter), where blocking faces a major overhaul. Tune in as we discuss the privacy and safety ramifications of this change. ** Links mentioned on the show * Back-To-School Cybersecurity Tips https://www.eschoolnews.com/it-leadership/2023/08/15/4-back-to-school-cybersecurity-tips/ https://convergetp.com/2023/08/03/checklist-cybersecurity-program-k-12-schools/ https://www.10news.com/news/back-to-school/back-to-school-a-closer-look-at-data-breaches-in-school-districts https://www.cisa.gov/protecting-our-future-cybersecurity-k-12 4 ways to avoid clicking malicious links that everyone online should know https://www.zdnet.com/article/4-ways-to-avoid-clicking-on-malicious-links-and-the-phishing-and-scams-behind-them/ Elon Musk says users on X, formerly Twitter, will lose ability to block unwanted followers, eliminating key safety feature https://www.cnbc.com/2023/08/18/elon-musk-says-x-users-will-be-losing-the-ability-to-block-content-.html Join OWASP so you can vote for Kevin who is running for the board of directors! https://owasp.org/membership/ ** Watch this episode on YouTube ** ** Become a Shared Security Supporter ** For only $5 per month get exclusive access to ad-free episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on Twitter: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Back to School Cybersecurity, Phishing Pitfalls and Strategies, X’s (Twitter) Blocking Overhaul appeared first on Shared Security Podcast.

In this best of episode from December 2021, we revisit Business Email Compromise (BEC) scams. What are they, how to identify them, and why BEC scams have resulted in well over $3 billion in losses since 2016, more than any other type of fraud in the U.S. We also share our tips on how to protect yourself and your business from these scams. ** Links mentioned on the show * Business Email Compromise – Tips from the FBI https://www.fbi.gov/how-we-can-help-you/safety-resources/scams-and-safety/common-scams-and-crimes/business-email-compromise Business Scams 101: Common Schemes and How to Avoid Them https://www.business.com/security/business-scam-guide/ ** Watch this episode on YouTube ** https://youtu.be/ZROQGOCZvyo ** Become a Shared Security Supporter ** For only $5 per month get exclusive access to ad-free episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on Twitter: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Business Email Compromise Scams Revisited appeared first on Shared Security Podcast.

In this episode, host Tom Eston speaks with Andy Yen, founder and CEO of Proton, to discuss the current and future state of email security. We also discuss Andy’s unique background as a scientist, the importance of using email aliases, an overview of Proton’s new password manager (Proton Pass), how AI may impact email security in the future, and how to find out more about how Proton takes a different approach to email security. ** Links mentioned on the show * Follow Andy Yen on X (Twitter) https://twitter.com/andyyen Get Proton Mail! Find out more about Proton and sign up for an exclusive deal for Proton Mail just for listeners of this podcast! ** Watch this episode on YouTube ** https://youtu.be/3w61OJsldD8 ** Become a Shared Security Supporter ** For only $5 per month get exclusive access to ad-free episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on Twitter: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post The Current and Future State of Email Security with Andy Yen, CEO of Proton appeared first on Shared Security Podcast.

In this episode, we discuss our common sense tips to stay safe and secure while attending “Hacker Summer Camp”: BSides, Black Hat, and DEF CON hacking conferences in Las Vegas. Next, we discuss the vulnerabilities and potential adversarial attacks on large language models like ChatGPT and other AI chat bots. Finally, we discuss the Flipper Zero, a versatile hacking device. We discuss its features, the potential use to cause havoc with TVs, garage doors, other wireless devices, and its role in penetration testing. ** Links mentioned on the show * Don’t be afraid to attend “Hacker Summer Camp / DEFCON” What do you really need to prep for? https://www.cnet.com/news/privacy/how-to-prepare-for-the-worlds-largest-hacker-fest/ A New Attack Impacts Major AI Chatbots—and No One Knows How to Stop It https://www.wired.com/story/ai-adversarial-attacks/ Flipper Zero: Geeky toy or serious security tool? https://www.zdnet.com/article/flipper-zero-geeky-toy-or-serious-security-tool/ https://www.zdnet.com/article/flipper-zero-gets-an-app-store/ https://shop.flipperzero.one/ ** Watch this episode on YouTube ** https://youtu.be/5g65GuH2jK4 ** Become a Shared Security Supporter ** For only $5 per month get exclusive access to ad-free episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on Twitter: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Common Sense Advice for Hacker Summer Camp, AI Chatbot Attacks, What’s a Flipper Zero? appeared first on Shared Security Podcast.

In this episode, we explore the implications and ethical dilemmas of immortality in the digital world. Listen to our discussion about this cutting-edge technology and its potential impact on our privacy. Next, we discuss the growing trend of Apple and Google becoming custodians of our digital lives. Have these tech companies gone too far? Join the conversation as we discuss the trends and challenges of digital sovereignty. Lastly, satellites form the backbone of our interconnected world, but they might be more vulnerable than we realize. We discuss recent research that uncovers basic security flaws that pose potential risks to our communication systems. ** Links mentioned on the show * InfoSec Twitter is Dead https://www.cyentia.com/the-death-of-infosec-twitter/ Digital ‘immortality’ is coming and we’re not ready for it https://www.engadget.com/digital-immortality-is-coming-and-were-not-ready-for-it-133022423.html The trend for Google and Apple becoming the “gatekeepers” to personal life service https://www.reddit.com/r/privacy/comments/157amow/the_trend_for_google_and_apple_becoming_the/ Satellites Are Rife With Basic Security Flaws https://www.wired.com/story/satellites-basic-security-flaws/ Satellite Vulnerabilities 101 Presentation at BSides Las Vegas 2019 by Elizabeth Wilson https://www.youtube.com/watch?v=Xc8LiCJif8I ** Watch this episode on YouTube ** ** Become a Shared Security Supporter ** For only $5 per month get exclusive access to ad-free episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on Twitter: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Your Digital Immortality is Coming, Apple and Google Are Data Gatekeepers, Satellite Security Risks Revealed appeared first on Shared Security Podcast.

In this episode, we discuss the recent Microsoft security breach where China-backed hackers gained access to numerous email inboxes, including those of several federal government agencies, using a stolen Microsoft signing key to forge authentication tokens. A TikTok influencer used a voice cloning app to expose a cheating boyfriend. But wait, there’s more to this story than meets the eye! We discuss the serious implications of voice cloning and how its being used for new types of phone scams. Lastly, we discuss the recent announcement by the Biden-Harris administration about their new cybersecurity labeling program for smart devices. Will this program help or hinder the security of smart devices? ** Links mentioned on the show * Microsoft lost its keys, and the government got hacked https://techcrunch.com/2023/07/17/microsoft-lost-keys-government-hacked/ https://www.bleepingcomputer.com/news/microsoft/microsoft-still-unsure-how-hackers-stole-azure-ad-signing-key/ Woman Reveals How a Voice-Cloning App Can Expose a Cheating Boyfriend https://www.msn.com/en-us/news/technology/woman-reveals-how-a-voice-cloning-app-can-expose-a-cheating-boyfriend/ar-AA1dVMBh Biden-⁠Harris Administration Announces Cybersecurity Labeling Program for Smart Devices to Protect American Consumers https://www.whitehouse.gov/briefing-room/statements-releases/2023/07/18/biden-harris-administration-announces-cybersecurity-labeling-program-for-smart-devices-to-protect-american-consumers/ ** Watch this episode on YouTube ** https://youtu.be/MZSqmKP1YV8 ** Become a Shared Security Supporter ** For only $5 per month get exclusive access to ad-free episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on Twitter: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Microsoft Lost Its Keys, Voice Cloning Scams, The Biden-Harris Cybersecurity Labeling Program appeared first on Shared Security Podcast.

In this episode we discuss how Massachusetts lawmakers are pushing a groundbreaking bill to ban the buying and selling of location data from mobile devices. This legislation raises vital questions about consumer privacy, digital stalking, and national security threats. Next, we discuss the pros and cons of prohibiting external password managers within organizations. Join the conversation as we weigh the benefits, downsides, and best practices surrounding this hotly debated topic. Finally, we discuss the rise of Real-Time Crime Centers (RTCCs) and the concerns they raise regarding mass surveillance, privacy rights, and data misuse. ** Links mentioned on the show * Kevin’s rant about the recent ISC(2) board-approved candidates for the board! https://twitter.com/secureideas/status/1679491540144766977 https://twitter.com/SecBarbie/status/1679194823511638025 Selling Your Cellphone Location Data Might Soon Be Banned in U.S. for First Time https://www.wsj.com/articles/first-u-s-ban-on-sale-of-cellphone-location-data-might-be-coming-fbe47e53 Pros and Cons of Prohibiting Usage of External Password Managers in an Organization https://www.reddit.com/r/cybersecurity/comments/14xs57k/pros_and_cons_of_prohibiting_usage_of_external/ The Quiet Rise of Real-Time Crime Centers https://www.wired.com/story/real-time-crime-centers-rtcc-us-police/ https://twitter.com/billybinion/status/1678934250299506692 ** Watch this episode on YouTube ** https://youtu.be/lP1UQKDqezE ** Become a Shared Security Supporter ** For only $5 per month get exclusive access to ad-free episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on Twitter: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post First Ban on Selling Location Data, Prohibiting Password Managers, Real-Time Crime Center Concerns appeared first on Shared Security Podcast.