Shared Security Podcast

Twitter suffers a data breach of phone numbers and email addresses belonging to 5.4 million accounts, new research shows that attackers are finding and exploiting zero-day vulnerabilities in 15 minutes, and details on how a resilient trait in videos and images could aid in deepfake detection. ** Links mentioned on the show ** Hacker selling Twitter account data of 5.4 million users for $30k https://www.bleepingcomputer.com/news/security/hacker-selling-twitter-account-data-of-54-million-users-for-30k/ Race against time: Hackers start hunting for victims just 15 minutes after a bug is disclosed https://www.zdnet.com/article/race-against-time-hackers-start-hunting-for-victims-just-15-minutes-after-a-bug-is-disclosed/ Researchers Identify a Resilient Trait of Deepfakes That Could Aid Long-Term Detection https://www.unite.ai/researchers-identify-a-resilient-trait-of-deepfakes-that-could-aid-long-term-detection/ ** Watch this episode on YouTube ** https://youtu.be/JBuz_jKP1xE ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Twitter Data Breach, 15 Minutes to Exploit Zero-Day Vulnerabilities, Resilient Deepfake Traits appeared first on Shared Security Podcast.

In this episode learn all about the world of corporate spying from someone who was a corporate spy and actually wrote a book on it! Robert Kerbeck author of “RUSE: Lying the American Dream from Hollywood to Wall Street” joins us to discuss his fascinating career as a corporate spy, life as a struggling actor, his many celebrity encounters (including his performance in the infamous OJ Simpson exercise video), and how the corporate spying game is still big business. This is one interview you don’t want to miss! ** Links mentioned on the show ** Purchase Robert’s book: “RUSE: Lying the American Dream from Hollywood to Wall Street” https://www.robertkerbeck.com/ Corporate spy reveals how he got secret info from big American companies https://nypost.com/2022/03/09/ex-corporate-spy-robert-kerbeck-on-how-he-got-companies-info/ Robert Kerbeck’s Film Bio https://www.imdb.com/name/nm0449200/ https://memory-alpha.fandom.com/wiki/Robert_Kerbeck Follow Robert on Twitter https://twitter.com/robertkerbeck ** Watch this episode on YouTube ** https://youtu.be/K8mxD7a4z_Y ** Thank you to our sponsors! ** Teleport Teleport is the easiest, most secure way to access all your infrastructure. The open-source Teleport Access Plane consolidates connectivity, authentication, authorization, and audit into a single platform. Click here to learn why the most visionary businesses in the world choose Teleport! SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Robert Kerbeck Author of RUSE: Lying the American Dream from Hollywood to Wall Street appeared first on Shared Security Podcast.

Apple previews Lockdown Mode which is designed for high risk individuals such as human rights workers, lawyers, politicians and journalists, hotel chain Marriott confirms another data breach, and new details on the development of smart contact lenses and what these could mean for your privacy. ** Links mentioned on the show ** Apple previews Lockdown Mode to protect users from targeted spyware https://www.cnet.com/tech/mobile/apples-lockdown-mode-why-theres-new-level-of-security-for-your-iphone/ https://www.helpnetsecurity.com/2022/07/07/apple-lockdown-mode-video/ Hotel giant Marriott confirms yet another data breach https://techcrunch.com/2022/07/06/marriott-breach-again/ Mojo Vision CEO successfully wore a smart contact lens in his eye https://skarredghost.com/2022/06/28/mojo-vision-contact-tested-eye/ ** Watch this episode on YouTube ** https://youtu.be/4mZAw_NGPDI ** Thank you to our sponsors! ** Teleport Teleport is the easiest, most secure way to access all your infrastructure. The open-source Teleport Access Plane consolidates connectivity, authentication, authorization, and audit into a single platform. Click here to learn why the most visionary businesses in the world choose Teleport! SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Apple Previews Lockdown Mode, Another Marriott Data Breach, Smart Contact Lenses appeared first on Shared Security Podcast.

The commissioner of the FCC (Federal Communications Commission), asked the CEOs of Apple and Google to remove TikTok from their app stores, bug bounty platform HackerOne disclosed that a former employee improperly accessed security reports and submitted them for personal gain, and new details on the California gun owner data breach which had exposed the personal information of hundreds of thousands of gun owners. ** Links mentioned on the show ** TikTok is “unacceptable security risk” and should be removed from app stores, says FCC https://blog.malwarebytes.com/privacy-2/2022/07/tiktok-is-unacceptable-security-risk-and-should-be-removed-from-app-stores-says-fcc HackerOne Employee Caught Stealing Vulnerability Reports for Personal Gains https://thehackernews.com/2022/07/hackerone-employee-caught-stealing.html https://hackerone.com/reports/1622449 Leak of California gun owners’ private data far wider than originally reported https://www.theguardian.com/us-news/2022/jun/30/california-gun-owners-data-breach ** Watch this episode on YouTube ** https://youtu.be/aoUvfGtcI6E ** Thank you to our sponsors! ** Teleport Teleport is the easiest, most secure way to access all your infrastructure. The open-source Teleport Access Plane consolidates connectivity, authentication, authorization, and audit into a single platform. Click here to learn why the most visionary businesses in the world choose Teleport! SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Could TikTok Be Removed From App Stores, HackerOne Employee Caught Stealing Vulnerability Reports, California Gun Owner Data Breach appeared first on Shared Security Podcast.

Period tracker apps are causing privacy concerns because they could potentially be used against women in states that ban abortion, new research shows that vendors are being impersonated more than employees in Business Email Compromise (BEC) attacks, and details on the first ever bug bounty program from the creators of the LockBit ransomware operation. ** Links mentioned on the show ** How period tracking apps and data privacy fit into a post-Roe v. Wade climate https://www.npr.org/2022/05/10/1097482967/roe-v-wade-supreme-court-abortion-period-apps https://www.msn.com/en-us/news/technology/which-period-tracking-apps-are-secure-to-use-data-privacy-questioned-post-roe-v-wade/ar-AAYXF9C https://source.colostate.edu/period-tracker-apps-privacy-roe-wade/ New Trend in Business Email Compromise Emerges as Vendor Impersonation Overtakes CEO Fraud https://www.galvnews.com/news_ap/business/article_cab81f33-b5f9-5206-bd84-8ce5fb696d6b.html LockBit 3.0 introduces the first ransomware bug bounty program https://www.bleepingcomputer.com/news/security/lockbit-30-introduces-the-first-ransomware-bug-bounty-program/ ** Watch this episode on YouTube ** https://youtu.be/1Ficem_wYIc ** Thank you to our sponsors! ** Teleport Teleport is the easiest, most secure way to access all your infrastructure. The open-source Teleport Access Plane consolidates connectivity, authentication, authorization, and audit into a single platform. Click here to learn why the most visionary businesses in the world choose Teleport! SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Period Tracking Apps and Your Privacy, Vendor Impersonation Attacks, LockBit Ransomware Bug Bounty Program appeared first on Shared Security Podcast.

The Tim Hortons mobile app created a “a mass invasion of Canadians’ privacy” by conducting continuous location tracking without user consent even when the app was closed, what is a social engineering kill-chain and how can this help understand and prevent attacks, and new research shows 33 out of the top 100 hospitals in America are sending sensitive heath information to Facebook via the Meta Pixel ad tracking tool. ** Links mentioned on the show ** ‘A Mass Invasion of Privacy’ but No Penalties for Tim Hortons https://financialpost.com/news/retail-marketing/tim-hortons-app-violated-privacy-laws-says-canadian-regulator https://www.priv.gc.ca/en/opc-actions-and-decisions/investigations/investigations-into-businesses/2022/pipeda-2022-001/ Social Engineering Kill–Chain: Predicting, Minimizing & Disrupting Attack Verticals https://ahead.feedly.com/posts/social-engineering-kill-chain-predicting-minimizing-and-disrupting-attack-verticals Facebook Is Receiving Sensitive Medical Information from Hospital Websites https://themarkup.org/pixel-hunt/2022/06/16/facebook-is-receiving-sensitive-medical-information-from-hospital-websites ** Watch this episode on YouTube ** https://youtu.be/x_GJxDCt71k ** Thank you to our sponsors! ** Teleport Teleport is the easiest, most secure way to access all your infrastructure. The open-source Teleport Access Plane consolidates connectivity, authentication, authorization, and audit into a single platform. Click here to learn why the most visionary businesses in the world choose Teleport! SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Tim Hortons Privacy Investigation, Social Engineering Kill-Chain, Hospitals Sending Facebook Your Data appeared first on Shared Security Podcast.

A new bipartisan privacy bill, the American Data Privacy and Protection Act, “could” be the first privacy legislation in the US not doomed to fail, a story about why you should delete your location and private data in your car’s navigation system before selling it, and details on Firefox’s new privacy feature called “Total Cookie Protection”. ** Links mentioned on the show ** Legislators Introduce Bipartisan Digital-Privacy Bill That May Not Be Doomed https://www.pcmag.com/news/legislators-introduce-bipartisan-digital-privacy-bill-that-may-not-be-doomed LPT: If your vehicle has a built-in GPS and you plan to trade it in; make sure you clear your home address or any other personal info from it. Many dealers forget to do this. https://www.reddit.com/r/SharedSecurityShow/comments/us0cna/lpt_if_your_vehicle_has_a_builtin_gps_and_you/ Firefox rolls out Total Cookie Protection by default to all users worldwide https://blog.mozilla.org/en/products/firefox/firefox-rolls-out-total-cookie-protection-by-default-to-all-users-worldwide/ ** Watch this episode on YouTube ** https://youtu.be/3ZCu9F64MLY ** Thank you to our sponsors! ** Teleport Teleport is the easiest, most secure way to access all your infrastructure. The open-source Teleport Access Plane consolidates connectivity, authentication, authorization, and audit into a single platform. Click here to learn why the most visionary businesses in the world choose Teleport! SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Bipartisan Digital-Privacy Bill, Delete Your Data Before Selling Your Car, Firefox Total Cookie Protection appeared first on Shared Security Podcast.

This week we discuss hacking ham radio with special guests Caitlin Johanson, Rick Osgood, and Larry Pesce. In this episode you’ll learn what ham radio is, why its still relevant, why would attackers want to hack ham radio, all about packet radio and APRS (Automatic Packet Reporting System), and what equipment and licensing you need to get started in ham radio. ** Links mentioned on the show ** Hacking Ham Radio: WinAPRS – Part 1 https://www.coalfire.com/the-coalfire-blog/hacking-ham-radio-winaprs-part1 Hacking Ham Radio: WinAPRS – Part 2 https://www.coalfire.com/the-coalfire-blog/hacking-ham-radio-winaprs-part-2 Hacking Ham Radio: WinAPRS – Part 3 https://www.coalfire.com/the-coalfire-blog/hacking-ham-radio-winaprs-part-3 Hacking Ham Radio: WinAPRS – Part 4 https://www.coalfire.com/the-coalfire-blog/hacking-ham-radio-winaprs-part-4 The 5 Best Ham Radios of 2022 https://www.lifewire.com/best-ham-radios-4176137 ** Watch this episode on YouTube ** ** Thank you to our sponsors! ** Teleport Teleport is the easiest, most secure way to access all your infrastructure. The open-source Teleport Access Plane consolidates connectivity, authentication, authorization, and audit into a single platform. Click here to learn why the most visionary businesses in the world choose Teleport! SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Hacking Ham Radio: Why It’s Still Relevant and How to Get Started appeared first on Shared Security Podcast.

The DuckDuckGo mobile browser allows Microsoft trackers due to an agreement in their syndicated search content contract, a database of contact details for hundreds of Verizon employees was compromised after an employee was social engineered to give the attacker remote access to their corporate computer, and details about new research that shows that even when an iPhone running iOS 15 is turned off, its really not off and certain wireless features allow the phone to be located and possibly attacked. ** Links mentioned on the show ** DuckDuckGo caught giving Microsoft permission for trackers despite strong privacy reputation https://9to5mac.com/2022/05/25/duckduckgo-privacy-microsoft-permission-tracking/ https://www.bleepingcomputer.com/news/security/duckduckgo-browser-allows-microsoft-trackers-due-to-search-agreement/ Hacker steals Verizon employee database after tricking worker into granting remote access https://www.bitdefender.com/blog/hotforsecurity/hacker-steals-verizon-employee-database-after-tricking-worker-into-granting-remote-access/ The Research is in, Your Phone can be Attacked When it’s “Off.” https://slnt.com/blogs/news/the-research-is-in-your-phone-can-be-attacked-when-its-off https://www.vice.com/en/article/g5q4vj/malware-can-be-loaded-even-onto-phones-that-are-turned-off-researchers-show ** Watch this episode on YouTube ** https://youtu.be/Bdag8jAKex0 ** Thank you to our sponsors! ** Teleport Teleport is the easiest, most secure way to access all your infrastructure. The open-source Teleport Access Plane consolidates connectivity, authentication, authorization, and audit into a single platform. Click here to learn why the most visionary businesses in the world choose Teleport! SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post DuckDuckGo Browser Allows Microsoft Trackers, Stolen Verizon Employee Database, Attacking Powered Off iPhones appeared first on Shared Security Podcast.

Tanya Janca, founder of the We Hack Purple Academy, Director of Developer Relations and Community at Bright, and author of “Alice & Bob Learn Application Security” joins us to discuss the current state and future of Application Security. In this episode we discuss what Tanya’s been up to, what’s changed in AppSec over the last several years, have organizations actually moved to DevSecOps, and what the next big thing in AppSec might be. ** Links mentioned on the show ** Pick up Tanya’s book: “Alice & Bob Learn Application Security” on Amazon! https://www.amazon.com/Alice-Bob-Learn-Application-Security/dp/1119687357 Check out the We Hack Purple Academy and Community https://www.wehackpurple.com Connect with Tanya https://twitter.com/shehackspurple https://www.linkedin.com/in/tanya-janca/ https://shehackspurple.ca/ Previous episodes with Tanya https://sharedsecurity.net/2021/01/28/tanya-janca-ceo-and-founder-we-hack-purple/ https://sharedsecurity.net/2018/11/30/special-guest-tanya-janca-devops-and-appsec-women-in-cybersecurity-82/ ** Watch this episode on YouTube ** https://youtu.be/LJ5RkD-qLjQ ** Thank you to our sponsors! ** Keeper Security Sign up for a free trial of Keeper Password Management for your organization today, and get a free 3-year personal plan. Get started by visiting Keepersecurity.com/sharedsecurity SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post The State of Application Security with Tanya Janca appeared first on Shared Security Podcast.

What is Apple Mail Privacy Protection and how does it hide your IP address, so senders can’t link it to your online activity or determine your location, government authorities such as the FBI and NSA have released a list of top attack vectors used to gain initial access by attackers, and how more companies are deploying privacy invasive surveillance software to monitor their employees at work. ** Links mentioned on the show ** Shout out to Josh Summers of All Things Secured channel on YouTube! Check out and subscribe to his channel! Apple Mail Now Blocks Email Tracking. Here’s What It Means for You https://www.wired.com/story/apple-mail-blocks-email-tracking-heres-what-it-means/ https://postmarkapp.com/blog/how-apples-mail-privacy-changes-affect-email-open-tracking FBI and NSA say: Stop doing these 10 things that let the hackers in https://www.zdnet.com/article/fbi-and-nsa-say-stop-doing-these-10-things-that-let-the-hackers-in/ https://www.bleepingcomputer.com/news/security/cybersecurity-agencies-reveal-top-initial-access-attack-vectors/ Welcome to the era of the hyper-surveilled office https://www.economist.com/business/welcome-to-the-era-of-the-hyper-surveilled-office/21809219 Please leave us a rating and review! https://ratethispodcast.com/sharedsecurity ** Watch this episode on YouTube ** https://youtu.be/qQ3Mslg3cJM ** Thank you to our sponsors! ** Keeper Security Sign up for a free trial of Keeper Password Management for your organization today, and get a free 3-year personal plan. Get started by visiting Keepersecurity.com/sharedsecurity SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Apple Mail Privacy Protection, Government Agencies Reveal Top Attack Vectors, Is Big Brother Watching You at Work? appeared first on Shared Security Podcast.

The FBI searched emails, texts and other electronic communications of 3.4 million U.S. residents without a warrant, Apple, Google, and Microsoft have announced they will support a new passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium, and details about how some websites are keylogging your data as you type it into a web form, before you hit submit. ** Links mentioned on the show ** CircleCityCon 9.0: Saturday Morning Cartoons – Indianapolis, IN Friday, July 1 – Sunday, July 3 2022 New to cybersecurity? Never been to a conference? Contact us for a chance to win a free ticket! https://circlecitycon.org/ FBI Searched Data of Millions of Americans Without Warrants https://www.bloomberg.com/news/articles/2022-04-29/fbi-searched-the-data-of-millions-of-americans-without-warrants Apple, Google and Microsoft Commit to Expanded Support for FIDO Standard to Accelerate Availability of Passwordless Sign-Ins https://fidoalliance.org/apple-google-and-microsoft-commit-to-expanded-support-for-fido-standard-to-accelerate-availability-of-passwordless-sign-ins/ https://krebsonsecurity.com/2022/05/your-phone-may-soon-replace-many-of-your-passwords/ The End of Passwords as We Know It Interview with Andrew Shikiar from the FIDO Alliance https://sharedsecurity.net/2020/04/27/the-end-of-passwords-as-we-know-it/ Thousands of Popular Websites See What You Type—Before You Hit Submit https://www.wired.com/story/leaky-forms-keyloggers-meta-tiktok-pixel-study/ https://homes.esat.kuleuven.be/~asenol/leaky-forms/ ** Watch this episode on YouTube ** https://youtu.be/kyLp0bgTzuU ** Thank you to our sponsors! ** Keeper Security Sign up for a free trial of Keeper Password Management for your organization today, and get a free 3-year personal plan. Get started by visiting Keepersecurity.com/sharedsecurity SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post FBI Warrantless Searches, Passwordless Sign-Ins, Keylogging Web Forms appeared first on Shared Security Podcast.

Josh Feinblum is the co-founder of Stavvy, a Boston-based fully integrated digital mortgage platform, where he leads product, engineering, people, and finance. He also serves as a venture partner at F-Prime Capital, where he evaluates and advises startups of all stages across multiple verticals. Josh talks to us about his journey through cybersecurity including his experience as a CISO at Rapid7 and DigitalOcean, and then leaving cybersecurity to start a totally new business. We discuss how his cybersecurity and privacy experience helped build a successful startup and what he’s learned along the way. If you’re interested in either joining a startup or building your own startup this is one episode you don’t want to miss! ** Links mentioned on the show ** Follow Josh on Twitter and LinkedIn https://twitter.com/jfeinblum https://www.linkedin.com/in/jfeinblum/ Finside Chats Podcast w/Josh Feinblum https://www.stavvy.com/podcast Learn more about Stavvy https://www.stavvy.com/ https://twitter.com/stavvyhq ** Watch this episode on YouTube ** https://youtu.be/OJehHoND3vU ** Thank you to our sponsors! ** Keeper Security Sign up for a free trial of Keeper Password Management for your organization today, and get a free 3-year personal plan. Get started by visiting Keepersecurity.com/sharedsecurity SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Cybersecurity for Startups with Josh Feinblum from Stavvy appeared first on Shared Security Podcast.

Elon Musk buys Twitter for $44 billion so what does this mean for the privacy and cybersecurity of the platform? More than 100 different Lenovo laptop computers contain firmware-level vulnerabilities which is a great reminder about making sure you update the BIOS on your computer. Plus, details about researchers who have created a t-shirt that renders the wearer undetectable to facial recognition technology. ** Links mentioned on the show ** It’s not rocket science, why Elon Musk’s Twitter takeover could be bad for privacy https://techcrunch.com/2022/04/26/elon-musk-twitter-privacy/ Millions of Lenovo Laptops Contain Firmware-Level Vulnerabilities https://www.darkreading.com/threat-intelligence/millions-of-lenovo-laptops-contain-firmware-level-vulnerabilities This ugly t-shirt makes you invisible to facial recognition tech https://www.wired.co.uk/article/facial-recognition-t-shirt-block ** Watch this episode on YouTube ** ** Thank you to our sponsors! ** Keeper Security Sign up for a free trial of Keeper Password Management for your organization today, and get a free 3-year personal plan. Get started by visiting Keepersecurity.com/sharedsecurity SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Elon Musk Buys Twitter, Forgotten BIOS Updates, T-Shirt Outwits Facial Recognition appeared first on Shared Security Podcast.

Award-winning security transformation manager and digital anthropologist Lianne Potter joins us to discuss the fascinating topic of digital anthropology and how we can rehumanize cybersecurity. In this episode Lianne discusses how she became a digital anthropologist, how this field applies to cybersecurity, and the one thing organizations need to do to bring the human back into their cybersecurity programs. ** Links mentioned on the show ** Why The Cyber Security Industry Needs to Hire More Anthropologists https://response-ability.tech/lianne-potter/ Follow Lianne on Social Media https://twitter.com/Tech_Soapbox https://www.linkedin.com/in/liannep/ ** Watch this episode on YouTube ** https://youtu.be/cDydoWCIIdI ** Thank you to our sponsors! ** Keeper Security Sign up for a free trial of Keeper Password Management for your organization today, and get a free 3-year personal plan. Get started by visiting Keepersecurity.com/sharedsecurity SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Contact us: https://sharedsecurity.net/contact The post Rehumanizing Cybersecurity with Lianne Potter appeared first on Shared Security Podcast.

More young people seem to be choosing dumbphones over smartphones, but is it because of privacy concerns or because its trendy? John Oliver, host of the ‘Last Week Tonight’ show, used data brokers to obtain lawmakers’ digital footprints and promised to not release the data as long as Congress passes privacy legislation. Plus details about the Cicada state sponsored Chinese hacking group which hid inside their victims’ networks for nine months. ** Links mentioned on the show ** Dumbphone Sales Are Soaring As People Revolt Against “Overwhelming” Smartphones https://www.activistpost.com/2022/03/dumbphone-sales-are-soaring-as-people-revolt-against-overwhelming-smartphones.html https://www.bbc.com/news/business-60763168?_hsenc=p2ANqtz–brM50u-TKJL3hsmOF1uEkSYZ-ZiWY2RuV7Gv_R46XTl5e4CMk7yQ7kf2bup635k-x1JHo https://www.reddit.com/r/privacy/comments/u106ob/why_have_we_decided_carrying_around/ John Oliver Blackmails Congress With Their Own Digital Data https://www.rollingstone.com/tv/tv-news/last-week-tonight-john-oliver-recap-season-9-episode-7-congress-data-1335598/ https://www.vice.com/amp/en/article/ne9b3z/how-to-get-off-data-broker-and-people-search-sites-pipl-spokeo https://en.wikipedia.org/wiki/Video_Privacy_Protection_Act Here’s a Long List of Data Broker Sites and How to Opt-Out of Them https://www.vice.com/amp/en/article/ne9b3z/how-to-get-off-data-broker-and-people-search-sites-pipl-spokeo Big Ass Data Broker Opt-Out List https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List Full Video – Data Brokers: Last Week Tonight with John Oliver (HBO) https://youtu.be/wqn3gR1WTcA?t=1300 These sneaky hackers hid inside their victims’ networks for nine months https://www.zdnet.com/article/these-sneaky-hackers-hid-inside-their-victims-networks-for-nine-months/ Cicada: Chinese APT Group Widens Targeting in Recent Espionage Activity https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-china-ngo-government-attacks ** Watch this episode on YouTube ** ** Thank you to our sponsors! ** Keeper Security Sign up for a free trial of Keeper Password Management for your organization today, and get a free 3-year personal plan. Get started by visiting Keepersecurity.com/sharedsecurity SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Contact us: https://sharedsecurity.net/contact The post Dumbphone Sales are Soaring, John Oliver Blackmails Congress, Cicada Chinese APT Group appeared first on Shared Security Podcast.

Scott and Tom explain why privacy isn’t dead, why everyone should care about their privacy, and how you should respond to someone that says “I don’t care about privacy, I have nothing to hide!”. Plus, details on a new attack using fake shopping apps and how a new malware toolkit called “Borat RAT” is no laughing matter. ** Links mentioned on the show ** The truths and myths of privacy (Scott’s blog post) https://clickarmor.ca/2022/04/the-truths-and-myths-of-privacy/ https://www.reddit.com/r/privacy/comments/tctcxy/how_to_explain_importance_of_privacy_to_common/ https://www.reddit.com/r/privacy/wiki/index/ Three types of online attack (Mikko Hypponen’s TED talk) https://www.ted.com/talks/mikko_hypponen_three_types_of_online_attack Hackers Distributing Fake Shopping Apps to Steal Banking Data of Malaysian Users https://thehackernews.com/2022/04/hackers-distributing-fake-shopping-apps.html Borat RAT malware: A ‘unique’ triple threat that is far from funny https://www.zdnet.com/google-amp/article/borat-rat-malware-a-unique-triple-threat-that-is-far-from-funny/ ** Watch this episode on YouTube ** https://youtu.be/MPk1yBiQq7c ** Thank you to our sponsors! ** Keeper Security Sign up for a free trial of Keeper Password Management for your organization today, and get a free 3-year personal plan. Get started by visiting Keepersecurity.com/sharedsecurity SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Contact us: https://sharedsecurity.net/contact The post Truths and Myths of Privacy, Fake Shopping Apps, Borat RAT Malware appeared first on Shared Security Podcast.

This week we battle it out between the two mobile tech giants, Google Android vs Apple iOS, and discuss which one is better for your privacy and cybersecurity. Topics include: app stores and OS updates, ad tracking, and native text messaging. All this plus how Apple and Facebook fell for a massive email scam. ** Links mentioned on the show ** Apple and Facebook reportedly provided personal user data to hackers posing as law enforcement https://9to5mac.com/2022/03/30/apple-and-facebook-reportedly-provided-personal-user-data-to-hackers-posing-as-law-enforcement/ https://nypost.com/2022/03/30/apple-facebook-fell-for-scam-and-gave-user-data-away-report/ Android vs iOS: Which Platform is More Secure in 2021 https://appinventiv.com/blog/android-vs-ios-which-platform-is-more-secure-in-2021/ Open Source and Privacy Focused Android Operating Systems: GrapheneOS https://grapheneos.org/ CalyxOS https://calyxos.org/ LineageOS https://lineageos.org/ Signal – Secure End-to-End Encrypted Messenger App https://signal.org/#signal ** Watch this episode on YouTube ** ** Thank you to our sponsors! ** Keeper Security Sign up for a free trial of Keeper Password Management for your organization today, and get a free 3-year personal plan. Get started by visiting Keepersecurity.com/sharedsecurity SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast The post Google Android vs Apple iOS: Which is Better for Privacy and Cybersecurity? appeared first on Shared Security Podcast.

The LAPSUS$ hacking group has claimed to have hacked both Microsoft and Okta, details about a novel phishing technique called a browser-in-the-browser (BitB) attack, and how a popular software package that has 1.1 million weekly downloads released a new tampered version to condemn Russia’s invasion of Ukraine by wiping arbitrary file contents. ** Links mentioned on the show ** LAPSUS$ Hackers Claim to Have Breached Microsoft and Authentication Firm Okta https://thehackernews.com/2022/03/lapsus-hackers-claim-to-have-breached.html https://blog.cloudflare.com/cloudflare-investigation-of-the-january-2022-okta-compromise/ https://www.okta.com/blog/2022/03/updated-okta-statement-on-lapsus/ New Browser-in-the Browser (BITB) Attack Makes Phishing Nearly Undetectable https://thehackernews.com/2022/03/new-browser-in-browser-bitb-attack.html https://mrd0x.com/browser-in-the-browser-phishing-attack/ Popular NPM Package Updated to Wipe Russia, Belarus Systems to Protest Ukraine Invasion https://thehackernews.com/2022/03/popular-npm-package-updated-to-wipe.html ** Watch this episode on YouTube ** ** Thank you to our sponsors! ** Keeper Security Sign up for a free trial of Keeper Password Management for your organization today, and get a free 3-year personal plan. Get started by visiting Keepersecurity.com/sharedsecurity SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast The post LAPSUS$ Hacks Okta, Browser-in-the Browser Phishing Attack, Popular Software Package Updated to Wipe Russian Systems appeared first on Shared Security Podcast.

This week we discuss the top 3 location tracking apps in the Apple App Store and Google Play and which ones sell your data. Plus, details about recent fake Chick-fil-A and Olive Garden vouchers on Facebook. ** Links mentioned on the show ** #1 Phone Tracker by Number https://play.google.com/store/apps/details?id=mg.locations.track5 https://onelocator.com/ – Android https://www.locatorprivacy.com/ – iOS #2 Life360 https://play.google.com/store/apps/details?id=com.life360.android.safetymapd https://support.life360.com/hc/en-us/articles/360043228154 #3 Glympse – Android https://glympse.com/privacy/ https://play.google.com/store/apps/details?id=com.glympse.android.glympse #3 My Family: Find Friends Phone – iOS https://friendzy.tech/myfamilyprivacypolicy/ Scam Alert: Chick-fil-A and Olive Garden Facebook Vouchers https://www.snopes.com/fact-check/olive-garden-chickfila-voucher/ ** Watch this episode on YouTube ** ** Thank you to our sponsors! ** Keeper Security Sign up for a free trial of Keeper Password Management for your organization today, and get a free 3-year personal plan. Get started by visiting Keepersecurity.com/sharedsecurity SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast The post Top 3 Location Tracking Apps: Do They Sell Your Data? appeared first on Shared Security Podcast.

A new attack uses Alexa’s functionality to force Amazon Echo devices to make self-issued commands, payment app Zelle has become popular with fraudsters and banks don’t seem to care, and details about hackers who have stolen source code for Samsung Galaxy devices. ** Links mentioned on the show ** Preorder Your Professionally Evil Aloha Shirt for Charity! (proceeds go to St. Jude’s Children’s Hospital) https://www.secureideas.com/proevil-hawaiian-shirt Help Support Ukraine with ClearVPN https://macpaw.com/help-ukraine https://macpaw.com/news/macpaw-amidst-aggression Attackers can force Amazon Echos to hack themselves with self-issued commands https://arstechnica.com/information-technology/2022/03/attackers-can-force-amazon-echos-to-hack-themselves-with-self-issued-commands/ https://www.ava-attack.org/ Fraud Is Flourishing on Zelle. The Banks Say It’s Not Their Problem https://www.nytimes.com/2022/03/06/business/payments-fraud-zelle-banks.html https://sharedsecurity.net/2019/11/18/googles-health-record-storage-controversy-us-border-search-ruling-zelle-scams/ Samsung confirms hackers stole Galaxy source code https://www.theverge.com/2022/3/7/22965220/samsung-hack-lapsus-galaxy-source-code-confirmed-nvidia ** Watch this episode on YouTube ** https://youtu.be/MlYw7BBAhhM ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast The post Amazon Echos Hack Themselves, Fraud Is Flourishing on Zelle, Samsung Galaxy Source Code Stolen appeared first on Shared Security Podcast.

This week we discuss some of the more interesting hacks of Russian assets, technology, and more. Scott discusses recent credential stuffing attacks on Microsoft 365 accounts, and a fascinating story about ice cream machine “hackers” that are suing McDonald’s for $900 million dollars in damages. ** Links mentioned on the show ** Round up of interesting Russian hacking incidents https://www.vice.com/en/article/akvya5/russian-electric-vehicle-chargers-hacked-tell-users-putin-is-a-dickhead https://www.mirror.co.uk/news/world-news/hackers-rename-putins-73million-superyacht-26355609 https://www.thesun.co.uk/tech/17818843/anonymous-russia-space-agency-roscosmos/ Attackers use Microsoft Teams as launchpad for malware https://www.helpnetsecurity.com/2022/02/17/microsoft-teams-malware/ Ice Cream Machine Hackers Sue McDonald’s for $900 Million https://www.wired.com/story/kytch-ice-cream-machine-hackers-sue-mcdonalds-900-million/ The REAL Reason McDonalds Ice Cream Machines Are Always Broken https://www.youtube.com/watch?v=SrDEtSlqJC41 Realtime map of all broken McDonalds Ice Cream Machines https://mcbroken.com/ ** Watch this episode on YouTube ** https://youtu.be/8xFZ9WZoz8k ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast The post Russia Gets Hacked, Microsoft 365 Credential Stuffing, McDonald’s Ice Cream Machine Hackers appeared first on Shared Security Podcast.

How TikTok can circumvent privacy protections and performs device tracking that gives TikTok full access to user data, the US government warns about ransomware attacks after Biden’s new sanctions against Russia, and details about the latest beta for iOS 15.4 which includes new features designed to prevent Apple AirTags from being used to stalk people. ** Links mentioned on the show ** TikTok Can Circumvent Apple and Google Privacy Protections and Access Full User Data, 2 Studies Say (Exclusive) https://www.yahoo.com/entertainment/tiktok-circumvent-apple-google-privacy-140000271.html US officials tell businesses to watch for potential ransomware attacks after Biden announces Russia sanctions https://www.msn.com/en-us/news/world/us-officials-tell-businesses-to-watch-for-potential-ransomware-attacks-after-biden-announces-russia-sanctions/ar-AAUbrCn New AirTags anti-stalking measures appear in iOS 15.4 beta https://www.theverge.com/2022/2/23/22947063/airtags-anti-stalking-ios-15-4-beta-4-privacy-notice ** Watch this episode on YouTube ** https://youtu.be/t3-lTYQwPoc ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast The post TikTok Circumvents Privacy Protections, Russian Sanction Attacks, Apple AirTag Anti-Stalking Measures appeared first on Shared Security Podcast.

MoviePass will use facial recognition and eye tracking to make sure you’re watching ads, new types of shipment-delivery scams are being used to spread malware, and details on the arrests of a SIM swapping gang and how you can protect yourself against a SIM swapping attack. ** Links mentioned on the show ** 4-week SLNT Cybersecurity and Privacy Challenge – Created by Co-Host Tom Eston https://slnt.com/pages/cybersecurity-and-privacy-guide MoviePass 2.0 Wants to Track Your Eyeballs to Make Sure You Watch Ads https://www.vice.com/en/article/akvnba/moviepass-20-wants-to-track-your-eyeballs-to-make-sure-you-watch-ads Facebook asking me to send them a full video of my entire face https://www.reddit.com/r/SharedSecurityShow/comments/sqhgd1/facebook_asking_me_to_send_them_a_full_video_of/ Shipment-Delivery Scams Become the Favored Way to Spread Malware https://threatpost.com/shipment-delivery-scams-a-fav-way-to-spread-malware/178050/ Ready for more brand impersonations, missed deliveries and document macros? https://clickarmor.ca/2022/02/ready-brand-impersonation-shipping-macros-phishing/ Spanish Police Arrest SIM Swappers Who Stole Money from Victims Bank Accounts https://thehackernews.com/2022/02/spanish-police-arrest-sim-swappers-who.html ** Watch this episode on YouTube ** https://youtu.be/guu_TXMr_Sc ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast The post MoviePass Tracking Your Eyeballs, Shipment Delivery Scams, SIM Swappers Arrested appeared first on Shared Security Podcast.

The EARN IT Act is back for a second time which would pave the way for a new massive government surveillance system in the US, romance scams are on the rise so don’t fall for love in all the wrong places, and details about a new ransomware attack that wants you to like and subscribe, or else! ** Links mentioned on the show ** It’s Back: Senators Want EARN IT Bill to Scan All Online Messages https://www.eff.org/deeplinks/2022/02/its-back-senators-want-earn-it-bill-scan-all-online-messages Our previous episode from June 2020 on EARN IT https://sharedsecurity.net/2020/06/30/earn-it-act-facial-recognition-fail-can-i-be-phished/ Don’t Let These Romance Scams Taint Your Valentine’s Day, FBI Warns https://finance.yahoo.com/news/don-t-let-romance-scams-153008730.html https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/romance-scams Trafficked with Mariana van Zeller – Romance Scams https://www.nationalgeographic.com/tv/shows/trafficked-with-mariana-van-zeller/episode-guide/season-02/episode-02-romance-scams/vdka25543244 Ransomware Wants You to Like and Subscribe, Or Else https://www.vice.com/en/article/epx5ne/ransomware-wants-you-to-like-and-subscribe-or-else ** Watch this episode on YouTube ** https://youtu.be/3ByCba13o5o ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Shared Security Merch: https://store.sharedsecurity.net The post EARN IT Act is Back, Romance Scams, Like and Subscribe Ransomware appeared first on Shared Security Podcast.

Researchers have discovered a new web tracking technique using your graphics card, scammers are exploiting security weaknesses on job recruitment websites to post fraudulent job postings, and how a hacker single-handedly took down North Korea’s Internet. ** Links mentioned on the show ** Your graphics card could be used to track you across the web regardless of cookie consent https://www.pcgamer.com/drawn-apart-gpu-web-tracking/ FBI warning: Scammers are posting fake job ads on networking sites to steal your money and identity https://www.zdnet.com/article/fbi-warning-scammers-are-posting-fake-job-ads-on-networking-sites-to-steal-your-money-and-identity/ North Korea Hacked Him. So He Took Down Its Internet https://www.wired.com/story/north-korea-hacker-internet-outage/ https://www.nknews.org/2022/02/new-cyberattack-hits-north-korea-after-hacker-claims-responsibility-for-outages/ ** Watch this episode on YouTube ** https://youtu.be/mOtJe4Wo1tM ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Shared Security Merch: https://store.sharedsecurity.net The post Graphics Card Web Tracking, Fake Job Ad Scams, Hacker Takes Down North Korea’s Internet appeared first on Shared Security Podcast.

Hacktivists have hacked a Belarus rail system in an attempt to stop Russian military buildup, someone disclosed a slew of vulnerabilities in the popular Insta360 ONE X2 camera, and Google gets accused of “deceptive” location tracking in multiple lawsuits. ** Links mentioned on the show ** Hacktivists say they hacked Belarus rail system to stop Russian military buildup https://arstechnica.com/information-technology/2022/01/hactivists-say-they-hacked-belarus-rail-system-to-stop-russian-military-buildup/ Really cool Insta360 One X2 hidden feature! https://www.reddit.com/r/Insta360/comments/scsue6/really_cool_insta360_one_x2_hidden_feature/ https://www.insta360.com/product/insta360-onex2 Google accused of ‘deceptive’ location tracking in fresh round of lawsuits https://www.theguardian.com/technology/2022/jan/24/google-sued-privacy-texas-district-of-columbia ** Watch this episode on YouTube ** https://youtu.be/SDXmcrd6CiE ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Shared Security Merch: https://store.sharedsecurity.net The post Ukraine Invasion Hacktivists, Insta360 ONE X2 Vulnerabilities, Google Location Tracking Lawsuits appeared first on Shared Security Podcast.

Canada’s federal government admitted to surveilling its population’s movements during the COVID-19 lock-down by tracking 33 million phones, the FBI warned that a hacker group has been sending malware-laden USB sticks to companies, and details on a new law in the United States which will install kill switches in new cars. ** Links mentioned on the show ** Canada secretly tracked 33 million phones during COVID-19 lockdown (misleading title) https://nypost.com/2021/12/25/canada-secretly-tracked-33-million-phones-during-lockdown/ https://www.reddit.com/r/privacy/comments/s7mb6l/canada_secretly_tracked_33_million_phones_during/ Hackers Have Been Sending Malware-Filled USB Sticks to U.S. Companies Disguised as Present https://gizmodo.com/hackers-have-been-sending-malware-filled-usb-sticks-to-1848323578 New Law Will Install Kill Switches In All New Cars https://www.motorious.com/articles/features-3/kill-switches-new-cars/ Join the Shared Security Community on Reddit https://www.reddit.com/r/SharedSecurityShow/ ** Watch this episode on YouTube ** https://youtu.be/0ONxRgWQvw4 ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Shared Security Merch: https://store.sharedsecurity.net The post Pandemic Surveillance in Canada, Malware-Filled USB Sticks are Back, Kill Switches in New Cars appeared first on Shared Security Podcast.

Kelly Finnerty, Director of Brand at Startpage, joins co-host Tom Eston to discuss the very important topic of digital wellbeing. In this episode you’ll learn about the mental, financial, and societal impacts of constant tracking. Plus, what are some holistic approaches and tactics that we can use to help our own digital wellbeing. Kelly also shares details about Startpage’s new web browser extension “Startpage Privacy Protection”. ** Links mentioned on the show ** Startpage Privacy Protection Browser Extension https://add.startpage.com/protection/ ThinkPrivacy https://thinkprivacy.ch/ Privacy Mindset: Europe vs. United States (with Kelly Finnerty) https://sharedsecurity.net/2020/11/09/privacy-mindset-europe-vs-united-states/ StartPage.com – The World’s Most Private Search Engine https://sharedsecurity.net/2020/09/21/startpage-com-the-worlds-most-private-search-engine/ Use StartPage as your default search engine https://www.startpage.com/ StartPage’s Privacy Please Blog https://www.startpage.com/privacy-please/ Follow StartPage Search on Social Media https://twitter.com/startpage Follow Kelly on Twitter https://twitter.com/Kelly_Startpage Connect with Kelly on LinkedIn https://www.linkedin.com/in/kelly-finnerty-5267648/ ** Watch this episode on YouTube ** https://youtu.be/jXgatSeWWIk ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Shared Security Merch: https://store.sharedsecurity.net The post Digital Wellbeing with Kelly Finnerty from Startpage appeared first on Shared Security Podcast.

Norton 360, a popular antivirus product, has installed a cryptocurrency mining program on its customers’ computers, some cities in Texas have been hit with a phishing scam designed to get users to pay through fraudulent QR code stickers on public parking meters, and how Facebook is still collecting data about you even if you deactivate your Facebook account. All this plus the launch of the Shared Security Community on Reddit! (https://www.reddit.com/r/SharedSecurityShow/) ** Links mentioned on the show ** Join the Shared Security Community on Reddit! https://www.reddit.com/r/SharedSecurityShow/ Norton 360 Now Comes With a Cryptominer https://krebsonsecurity.com/2022/01/norton-360-now-comes-with-a-cryptominer/ https://krebsonsecurity.com/2022/01/500m-avira-antivirus-users-introduced-to-cryptomining/ https://www.theverge.com/2022/1/7/22869528/norton-crypto-miner-security-software-reaction Texas parking meters with bogus QR codes for payments https://gcn.com/cybersecurity/2022/01/cities-texas-hit-qr-code-phishing-scam/360554/ Why Facebook keeps collecting people’s data and building their profiles even when their accounts are deactivated https://digiday.com/media/why-facebook-keeps-collecting-peoples-data-and-building-their-profiles-even-when-their-accounts-are-deactivated/ ** Watch this episode on YouTube ** ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community: https://www.reddit.com/r/SharedSecurityShow/ Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Shared Security Merch: https://store.sharedsecurity.net The post Norton 360 Cryptominer, Fake QR Codes on Parking Meters, Facebook Account Deactivation appeared first on Shared Security Podcast.

A phone scam targeting psychologists reveals that even professionals can become victims, stolen multi-million-dollar NFT’s results in a “all my apes gone” plea for help, and details on a skimmer supply chain attack on more than 100 real estate websites. ** Links mentioned on the show ** The Phone Scam That Targets Psychologists https://www.psychologytoday.com/ca/blog/the-fraud-crisis/202110/the-phone-scam-targets-psychologists Thieves Steal Gallery Owner’s Multimillion-Dollar NFT Collection: ‘All My Apes Gone’ https://www.artnews.com/art-news/news/todd-kramer-nft-theft-1234614874/ What is a Crypto Wallet? https://www.ledger.com/academy/what-is-a-crypto-wallet 3 Ways to Keep Your Cryptocurrency Safe https://sharedsecurity.net/2021/05/01/3-ways-to-keep-your-cryptocurrency-safe/ Hackers Target Real Estate Websites with Skimmer in Latest Supply Chain Attack https://thehackernews.com/2022/01/hackers-target-real-estate-websites.html ** Watch this episode on YouTube ** https://youtu.be/pTnAuEtUgIU ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Shared Security Merch: https://store.sharedsecurity.net The post Phone Scam Targets Psychologists, All My Apes Gone, Supply Chain Skimmer Attack appeared first on Shared Security Podcast.

LastPass users received emails about their master passwords being compromised, details about the privacy policies of new cars, and a story about an Amazon Echo that proposed a lethal challenge to a ten-year-old girl. ** Links mentioned on the show ** Log4j 2.17.1 out now, fixes new remote code execution bug https://www.bleepingcomputer.com/news/security/log4j-2171-out-now-fixes-new-remote-code-execution-bug/ If any person or organization is suggesting you get spun up about CVE-2021-44832, you should really take a good look at what their motivations may be. pic.twitter.com/RgkvCu3sv2 — Will Dormann (@wdormann) December 28, 2021 From Reddit: We all knew that newer cars are terrible for privacy, but to what extent? Being the owner of a 2018 Honda, I decided to look further into their privacy practices We all knew that newer cars are terrible for privacy, but to what extent? Being the owner of a 2018 Honda, I decided to look further into their privacy practices from privacy LastPass users warned their master passwords are compromised https://www.bleepingcomputer.com/news/security/lastpass-users-warned-their-master-passwords-are-compromised/ Amazon Alexa slammed for giving lethal challenge to 10-year-old girl https://www.bleepingcomputer.com/news/technology/amazon-alexa-slammed-for-giving-lethal-challenge-to-10-year-old-girl/ ** Watch this episode on YouTube ** https://youtu.be/C23QQF3VMnw ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity Shared Security Merch: https://store.sharedsecurity.net The post LastPass Master Passwords, New Cars and Your Privacy, Amazon Alexa Lethal Challenge appeared first on Shared Security Podcast.

In our last monthly show of the year we discuss Web3. What is it and what will it mean to have a decentralized Internet. If you’ve wanted to know what Web3, DeFI, NFTs, and cryptocurrency means for cybersecurity and privacy this is one episode you don’t want to miss! ** Links mentioned on the show ** What is Web3? https://www.freecodecamp.org/news/what-is-web3/ ** Watch this episode on YouTube ** https://youtu.be/FInulAah450 ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity Shared Security Merch: https://store.sharedsecurity.net The post Web3 and the Decentralized Internet appeared first on Shared Security Podcast.

In our last weekly episode of the year, we discuss the top cybersecurity and privacy news from 2021, a recap of our previous “predictions”, and what we think we’ll see next year. Happy New Year! ** Links mentioned on the show ** Sign up for the Shared Security Show Newsletter http://eepurl.com/dwcc8D ** Watch this episode on YouTube ** https://youtu.be/nl7JYqGV-5o ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity Shared Security Merch: https://store.sharedsecurity.net The post The Year in Review and 2022 Predictions appeared first on Shared Security Podcast.

This week we discuss the Apache Log4j vulnerability and the impact it will have on organizations now and into the future, details on how Apple AirTags are being used by thieves to steal cars, and a FBI training document describes what data can be obtained by encrypted messaging apps. ** Links mentioned on the show ** Apache Log4j Vulnerability — Log4Shell — Widely Under Active Attack https://thehackernews.com/2021/12/apache-log4j-vulnerability-log4shell.html https://www.linkedin.com/pulse/understanding-recent-java-security-bug-thats-causing-stir-wilson/ https://bishopfox.com/blog/log4j-zero-day-cve-2021-44228 https://thehackernews.com/2021/12/hackers-begin-exploiting-second-log4j.html Apple AirTags Are Being Used by Car Thieves to Track High-End Vehicles https://www.newsweek.com/apple-airtags-are-being-used-car-thieves-track-high-end-vehicles-1656848 FBI document shows what data can be obtained from encrypted messaging apps https://therecord.media/fbi-document-shows-what-data-can-be-obtained-from-encrypted-messaging-apps/ Shared Security Show Interview: End-to-End Encryption with Max Krohn from Keybase.io https://sharedsecurity.net/2019/09/16/end-to-end-encryption-with-max-krohn-from-keybase-io/ ** Watch this episode on YouTube ** https://youtu.be/J9xOUkDf9-A ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity Shared Security Merch: https://store.sharedsecurity.net The post Log4j Vulnerability, Apple AirTags Used by Thieves, FBI’s Encrypted Messaging App Document appeared first on Shared Security Podcast.

Life360, a popular family safety app used by 33 million people worldwide, is selling location data to a dozen data brokers, phones of 11 U.S. State Department employees were hacked with spyware from the infamous NSO Group, and details on a bizarre story about a mother and daughter that face 16 years in prison for hacking into a school computer system to rig a homecoming queen election. ** Links mentioned on the show ** Life360 selling location data https://themarkup.org/privacy/2021/12/06/the-popular-family-safety-app-life360-is-selling-precise-location-data-on-its-tens-of-millions-of-user AP Source: NSO Group spyware used to hack State employees https://apnews.com/article/technology-business-middle-east-israel-hacking-290f990cc1b6aa8fd870ecd540e12664 Florida teen and her mother accused of hacking homecoming queen election refuse plea deal, claiming they have been framed https://www.databreaches.net/florida-teen-and-her-mother-accused-of-hacking-homecoming-queen-election-refuse-plea-deal-claiming-they-have-been-framed/ https://www.thedailybeast.com/florida-teen-emily-grover-was-accused-of-hacking-a-homecoming-queen-contest-and-faces-16-years-in-prison ** Watch this episode on YouTube ** https://youtu.be/xq_cb-7EXXU ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity Shared Security Merch: https://store.sharedsecurity.net The post Life360 Selling Location Data, NSO Group Spyware Hacks Government Employees, Homecoming Queen Contest Hacked appeared first on Shared Security Podcast.

This month we discuss Business Email Compromise (BEC) scams. What are they, how to identify them, and why BEC scams have created over $1.8 billion worth of losses to businesses last year alone. ** Links mentioned on the show ** What is Business Email Compromise? https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/business-email-compromise 64 times worse than ransomware? FBI statistics underline the horrific cost of business email compromise https://www.tripwire.com/state-of-security/featured/fbi-statistics-underline-orrific-cost-of-business-email-compromise/ ** Watch this episode on YouTube ** https://youtu.be/Sc4tFdfYEqg ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity Shared Security Merch: https://store.sharedsecurity.net The post Business Email Compromise Scams appeared first on Shared Security Podcast.

Is the TikTok app listening to you and playing videos based on your conversations? Apple takes the unique step of warning certain activists that their phones may be targeted by attackers, and details on how a UK government website was serving porn to its visitors. ** Links mentioned on the show ** Is TikTok listening to me? https://www.reddit.com/r/privacy/comments/r38jrn/tik_tok_listening_to_me/ https://tosdr.org/en/service/1448 https://www.tiktok.com/legal/privacy-policy-eea?lang=en Terms of Service Didn’t Read https://tosdr.org/en/frontpage Apple Warns Activists They Are Being Watched by Spyware https://www.vice.com/en/article/4awvk3/apple-activists-pegasus-spyware UK government transport website caught showing porn https://www.bleepingcomputer.com/news/security/uk-government-transport-website-caught-showing-porn/ ** Watch this episode on YouTube ** https://youtu.be/9Z63tFnkeMk ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity Shared Security Merch: https://store.sharedsecurity.net The post Is TikTok Listening to You, Apple Warns Activists, UK Government Website Shows Porn appeared first on Shared Security Podcast.

Co-host Scott Wright joins Tom Eston for part three in our series on how to break into a cybersecurity career. Scott shares his career journey and gives us some insight into his career path going from consulting into starting his own company. If you’re a college student or thinking about getting into cybersecurity, this is one episode you don’t want to miss! ** Links mentioned on the show ** Connect with Scott Wright https://www.linkedin.com/in/scottwright/ https://twitter.com/streetsec So, you want to work in security? https://medium.freecodecamp.org/so-you-want-to-work-in-security-bc6c10157d23 Entering the InfoSec Biz https://defensivesecurity.org/entering-information-security-industry/ How to Build a Cybersecurity Career https://danielmiessler.com/blog/build-successful-infosec-career/ Start in Infosec (Really great list of career/just starting out advice) https://malicious.link/start/ ** Watch this episode on YouTube ** https://youtu.be/n1ZlByXUNaI ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, new and updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity Shared Security Merch: https://store.sharedsecurity.net The post How to Break Into a Cybersecurity Career – Part 3 with Scott Wright appeared first on Shared Security Podcast.

In milestone episode 200: The Federal Bureau of Investigation’s external email system was compromised sending spam emails with a fake warning of a cyber-attack, new research released about ransomware negotiation and some helpful negotiation tips, and details on Mozilla’s naughty list of privacy-crushing gifts. ** Links mentioned on the show ** FBI email system compromised by hackers who sent fake cyberattack alert https://www.msn.com/en-us/news/us/fbi-email-system-compromised-by-hackers-who-sent-fake-cyberattack-alert/ar-AAQGp3Z How to Negotiate With Ransomware Attackers https://www.darkreading.com/attacks-breaches/how-to-negotiate-with-ransomware-attackers Bad Santa: Amazon, Facebook top Mozilla’s naughty list of privacy-crushing gifts https://www.zdnet.com/article/bad-santa-amazon-facebook-top-mozillas-naughty-list-of-privacy-crushing-gifts ** Watch this episode on YouTube ** https://youtu.be/BzgqqxPqFEg ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, new and updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity Shared Security Merch: https://store.sharedsecurity.net The post FBI Email System Compromised, Ransomware Negotiation, Privacy Crushing Gifts appeared first on Shared Security Podcast.

Details on the Robinhood data breach (apparently caused by a social engineering attack) affecting approximately 7 million customers, and a discussion about surveillance and privacy concerns from a 600-hour leak of Dallas Police Department helicopter footage. ** Links mentioned on the show ** Robinhood Trading App Suffers Data Breach Exposing 7 Million Users’ Information https://thehackernews.com/2021/11/robinhood-trading-app-suffers-data.html https://blog.robinhood.com/news/2021/11/8/data-security-incident Activists leak 600 hours of mostly Dallas police helicopter footage after city’s 22 terabyte loss of criminal case data https://www.courthousenews.com/activists-leak-600-hours-of-mostly-dallas-police-helicopter-footage-after-citys-22-terabyte-loss-of-criminal-case-data/ https://ddosecrets.com/wiki/Aerial_Surveillance_Footage Shared Security Show Merch https://store.sharedsecurity.net ** Watch this episode on YouTube ** https://youtu.be/J3gHVb5qYYg ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, new and updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity Shared Security Merch: https://store.sharedsecurity.net The post Robinhood Data Breach, 600 Hours of Dallas Police Helicopter Footage Leaked appeared first on Shared Security Podcast.

Facebook shuts down their face recognition system and deletes more than a billion facial recognition templates, how phone bots are being used to trick victims into giving up their multi-factor authentication codes, and the US blacklists the NSO Group and 3 other companies for malicious cyber activities. ** Links mentioned on the show ** Face Recognition Is So Toxic, Facebook Is Dumping It https://www.eff.org/deeplinks/2021/11/face-recognition-so-toxic-facebook-dumping-it https://about.fb.com/news/2021/11/update-on-use-of-face-recognition/ Hackers Are Outsourcing Social Engineering to Bots https://podcasts.apple.com/us/podcast/hackers-are-outsourcing-social-engineering-to-bots/id1441708044?i=1000540546679 https://www.vice.com/en/article/y3vz5k/booming-underground-market-bots-2fa-otp-paypal-amazon-bank-apple-venmo US Sanctions Pegasus-maker NSO Group and 3 Others For Selling Spyware https://thehackernews.com/2021/11/us-sanctions-pegasus-maker-nso-group.html https://www.schneier.com/blog/archives/2021/11/us-blacklists-nso-group.html Webinar with Tom Eston on November 10: What Bad Could Happen? Managing Application Risk with Threat Modeling https://bishopfox.com/resources/manage-application-risk-with-threat-modeling-webcast Getting the most value from phishing assessments with the Phishing Assessment Optimizer http://clickarmor.ca/opimizer ** Watch this episode on YouTube ** ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, new and updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity The post Facebook Dumps Face Recognition, Social Engineering Bots, US Sanctions NSO Group appeared first on Shared Security Podcast.

Dana Mantilia joins us this month to talk about cybersecurity awareness, her incredible YouTube channel, and the ever changing role of the CISO (Chief Information Security Officer). ** Links mentioned on the show ** Connect with Dana and subscribe to her YouTube Channel https://www.linkedin.com/in/dana-mantilia/ https://www.youtube.com/c/IdentityProtectionPlanningwithDana/videos ** Watch this episode on YouTube ** ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, new and updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity The post Interview with Dana Mantilia and the Role of the CISO appeared first on Shared Security Podcast.

Do we really need a federal data agency to regulate social media companies? Watch out for Squirrelwaffle and Qakbot malspam attacks, and ransomware hits a major candymaker ahead of Halloween (is nothing sacred anymore?!) ** Links mentioned on the show ** Facebook and social media endanger Americans. We need a federal data agency. https://www.nbcnews.com/think/politics-policy/facebook-rcna3704 Hackers Using Squirrelwaffle Loader to Deploy Qakbot and Cobalt Strike https://thehackernews.com/2021/10/hackers-using-squirrelwaffle-loader-to.html Sticky business: Ransomware hits U.S. candymaker ahead of Halloween https://www.nbcnews.com/tech/security/ransomware-hits-us-candymaker-ahead-halloween-rcna3391 ** Watch this episode on YouTube ** https://youtu.be/IrnrRSMU4SI ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, new and updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity The post Federal Data Agency for Social Media, Squirrelwaffle Malspam, Ransomware Hits U.S. Candymaker appeared first on Shared Security Podcast.

Details on the F12 “hacking” incident of the Missouri state education website and the foolish response from the Missouri governor, Over 30 countries (except China and Russia) meet to fight ransomware globally, and the FBI’s warning about fake unemployment benefit websites. ** Links mentioned on the show ** Gov. Parson promises ‘swift justice’ to person he says hacked Mo. Dept. of Education website https://krebsonsecurity.com/2021/10/missouri-governor-vows-to-prosecute-st-louis-post-dispatch-for-reporting-security-vulnerability/ https://twitter.com/GovParsonMO/status/1448697768311132160?s=20 Over 30 Countries Pledge to Fight Ransomware Attacks in US-led Global Meeting https://thehackernews.com/2021/10/over-30-countries-pledge-to-fight.html FBI warns of fake govt sites used to steal financial, personal data https://www.bleepingcomputer.com/news/security/fbi-warns-of-fake-govt-sites-used-to-steal-financial-personal-data/ ** Watch this episode on YouTube ** https://youtu.be/S8ykceaLJes ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, new and updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity The post Missouri Governor and F12 Hacking, Global Ransomware Meeting, Fake Government Websites appeared first on Shared Security Podcast.

Clickbait news about the rise of “killware”, Details on 1Password’s new feature to securely share passwords with others, and a new study by university researchers in the UK shows how Android phones snoop on their users. ** Links mentioned on the show ** The next big cyberthreat isn’t ransomware. It’s killware. And it’s just as bad as it sounds. https://news.yahoo.com/next-big-cyberthreat-isnt-ransomware-090022232.html 1Password’s new feature lets you safely share passwords using just a link https://techcrunch.com/2021/10/12/1passwords-new-feature-lets-you-safely-share-passwords-using-just-a-link Study reveals Android phones constantly snoop on their users https://www.bleepingcomputer.com/news/security/study-reveals-android-phones-constantly-snoop-on-their-users/ Where Kevin ordered his “googly eyes” https://www.digikey.com/en/products/detail/adafruit-industries-llc/4343/10419155 ** Watch this episode on YouTube ** https://youtu.be/bp226DNKiAk ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, new and updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity The post Killware Clickbait, 1Password Password Sharing Feature, Android Phone Snooping appeared first on Shared Security Podcast.

Co-host Scott Wright presents a new framework to help people to become “security champions” in their organization, a discussion about the great Facebook outage of 2021, and details on the Twitch data breach exposing source code and creator payouts. ** Links mentioned on the show ** Scott’s Security Champions Webinar https://youtu.be/WH65jch9DKI What Happened to Facebook, Instagram, & WhatsApp? https://krebsonsecurity.com/2021/10/what-happened-to-facebook-instagram-whatsapp/ Twitch source code, business data, gamer payouts leaked in massive hack https://www.zdnet.com/article/twitch-source-code-business-data-gamer-payouts-leaked-in-massive-hack/ https://thehackernews.com/2021/10/twitch-suffers-massive-125gb-data-and.html ** Watch this episode on YouTube ** https://youtu.be/hotJHONu8jE ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, new and updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity The post Security Champions Framework, The Great Facebook Outage, Twitch Data Breach appeared first on Shared Security Podcast.

Will Apple AirTag’s replace malicious payload USB drops? Details on Private Relay and Hide My Email features included with iCloud+, and a fun discussion about Amazon’s Astro robot and the Ring camera drone! ** Links mentioned on the show ** Apple AirTag Bug Enables ‘Good Samaritan’ Attack https://krebsonsecurity.com/2021/09/apple-airtag-bug-enables-good-samaritan-attack/ What Is Apple iCloud+? https://www.howtogeek.com/732978/what-is-apple-icloud/ Apple’s New iCloud Private Relay Service Leaks Users’ Real IP Addresses https://thehackernews.com/2021/09/apples-new-icloud-private-relay-service.html Amazon is now accepting your applications for its home surveillance drone https://www.theverge.com/2021/9/28/22692048/ring-always-home-cam-drone-amazon-price-release-date-specs ** Watch this episode on YouTube ** https://youtu.be/BMLngk17onQ ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, new and updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity The post Apple AirTag Good Samaritan Attack, iCloud+, Amazon Astro Dog and Ring Camera Drone appeared first on Shared Security Podcast.

October is Cybersecurity Awareness Month so in this episode we discuss multi-factor authentication and the use of authenticator apps. Multi-factor authentication is one of the most important things that you can enable to secure your online accounts but its unfortunately overlooked by most people. Listen to this episode to learn what multi-factor authentication is, all about authenticator apps, and how we can get more people to start using multi-factor authentication. ** Links mentioned on the show ** Professionally Evil CISSP Mentorship Program – Pay What You Can https://www.secureideas.com/cissp Why People Won’t Do the One Simple Thing that Protects Them Online https://podcasts.apple.com/us/podcast/why-people-wont-do-the-one-simple-thing-that-protects/id1441708044?i=1000534799217 What Is Two-Factor Authentication (2FA)? https://authy.com/what-is-2fa/ The Best Authenticator Apps for Protecting Your Accounts https://gizmodo.com/the-best-authenticator-apps-for-protecting-your-account-1840711013 ** Watch this episode on YouTube ** ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, new and updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity The post Multi-Factor Authentication and Authenticator Apps appeared first on Shared Security Podcast.

Microsoft will now allow you to login to your accounts without a password, Facebook releases its Ray-Ban Stories smart glasses, and a conversation about the security.txt “Internet standard” and if this will help or hinder a organization’s vulnerability disclosure process. ** Links mentioned on the show ** You Can Now Sign-in to Your Microsoft Accounts Without a Password https://thehackernews.com/2021/09/you-can-now-sign-in-to-you-microsoft.html Facebook already has your memories, smart glasses will get it more https://www.msn.com/en-us/news/technology/facebook-already-has-your-memories-smart-glasses-will-get-it-more/ar-AAOkt6u Does Your Organization Have a Security.txt File? https://krebsonsecurity.com/2021/09/does-your-organization-have-a-security-txt-file/ RFC 5965 – An Extensible Format for Email Feedback Reports https://datatracker.ietf.org/doc/html/rfc5965 ** Watch this episode on YouTube ** https://youtu.be/GGIv2NS3Hkc ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, new and updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity The post No Password Microsoft Accounts, Facebook Smart Glasses, Security.txt Internet Standard appeared first on Shared Security Podcast.