The Jerich Show Podcast

Today morning Erich and Javvad recount their experiences with the famed hacker and colleague Kevin Mitnick, chat about a Ukrainian takedown netting 150k SIM cards, concernes over the Frenchies plan to use AI to surveil the Paris olympics, Microsoft deciding that allowing access to security logs, without a fee, is good, and much more from the world of #cybersecurity. Stories from the show: Kevin Mitnick passed away at 59 https://www.dignitymemorial.com/obituaries/las-vegas-nv/kevin-mitnick-11371668 French Assembly passes bill allowing police to remotely activate phone cameras and microphones for surveillance https://www.engadget.com/french-assembly-passes-bill-allowing-police-to-remotely-activate-phone-cameras-and-microphones-for-surveillance-210539401.html Paris 2024 Olympics: Concern over French plan for AI surveillance https://www.bbc.co.uk/news/world-europe-66122743 Under CISA pressure, err collaboration, Microsoft makes cloud security logs available for free https://www.theregister.com/2023/07/20/under_cisa_spressures_collaboration_microsoft/ Ukraine takes down massive bot farm, seizes 150,000 SIM cards https://www.bleepingcomputer.com/news/security/ukraine-takes-down-massive-bot-farm-seizes-150-000-sim-cards/

In this episode Erich and Javvad talk about the US government email hack, an ethical hacker gone rogue, Ruskies tempting diplomats with a cheap car, and more #cybersecurity stories from this week. Stories from the show: Fewer Than 100 Scammers Responsible For Global Email Extortion https://www.infosecurity-magazine.com/news/fewer-100-scammers-global-email/ Chinese Hackers Gained Access To Some U.S. Government Emails, Microsoft Says https://www.forbes.com/sites/siladityaray/2023/07/12/chinese-hackers-gained-access-to-some-us-government-emails-microsoft-says/?sh=5f49e30c2a37 Russian hackers lured diplomats in Ukraine with cheap BMW ad https://www.reuters.com/world/europe/russian-hackers-lured-embassy-workers-ukraine-with-an-ad-cheap-bmw-2023-07-12/ Cybersecurity professional accused of stealing $9M in crypto https://techcrunch.com/2023/07/11/cybersecurity-professional-charged-for-stealing-9-million-in-crypto/?guccounter=1 Number of email-based phishing attacks surges 464% https://www.helpnetsecurity.com/2023/07/10/evolving-cyberattack-landscape/ Indian developer fired 90 percent of tech support team, outsourced the job to AI https://www.theregister.com/2023/07/13/dukaan_ai_support_replacement/

In this episode Erich and Javvad discuss the issues with the Anatsa malware being spread on the Google Play store, the issue Siemens Energy has with MOVEit and pilot data being lost in a breach. This and much more! Stories from the show: ‘Anatsa’ malware targets banking users in US, UK and Central Europe https://siliconangle.com/2023/06/27/anatsa-malware-targets-banking-users-us-uk-central-europe/ Siemens Energy confirms data breach after MOVEit data-theftattack https://www.bleepingcomputer.com/news/security/siemens-energy-confirms-data-breach-after-moveit-data-theft-attack/ Pilot data of American Airlines and Southwest stolen in data breach https://www.csoonline.com/article/643352/pilot-data-of-american-airlines-and-southwest-stolen-in-data-breach.html

In this episode we discuss the new Apple 0-day, the Lousiana MVD losing info on millions of licensed drivers in the state, and more #cybersecurity stories! Stories from the show: Zero-Day Alert: Apple Releases Patches for Actively Exploited Flaws in iOS, macOS, and Safari https://thehackernews.com/2023/06/zero-day-alert-apple-releases-patches.html Every Louisiana driver’s license holder exposed in colossal cyber-attack https://www.theguardian.com/us-news/2023/jun/16/louisiana-drivers-license-hack-cyber-attack FTC accuses DNA testing company of lying about dumping samples https://www.theregister.com/2023/06/21/dna_testing_company_ftc_complaint/ US Offers $10m Reward For MOVEit Attackers https://www.infosecurity-magazine.com/news/us-offers-10m-reward-for-moveit/

In this episode, Erich and Javvad cover the top #cybersecurity stories of the week including the settlment over Ring and Alexa, and Andriod app that started spying, a dark web data link with RaidForums member info, and much more! Stories from the show: Amazon Ring, Alexa accused of every nightmare IoT security fail you can imagine https://www.theregister.com/2023/06/01/ftc_alexa_ring_amazon_settlement/ Most CEOs now see cybersecurity as more important than economic performance https://www.techradar.com/news/most-ceos-now-see-cybersecurity-as-more-important-than-economic-performance Check your phone: Popular Android app reportedly started spying on users, making recordings https://www.msn.com/en-us/money/other/check-your-phone-popular-android-app-reportedly-started-spying-on-users-making-recordings/ar-AA1bUISq Dark Web Data Leak Exposes RaidForums Members https://www.infosecurity-magazine.com/news/data-leak-exposes-raidforums/ Government publishes guidelines on cybersecurity https://www.rte.ie/news/business/2023/0601/1386968-government-publishes-guidelines-on-cybersecurity/

In this episode, Erich and Javvad talk about Dish breach, an IT worker that piggybacked on a hackers extortion attempt, Googles new .zip and .mov domains, Met's huge $1.3B fine, and much more #cybersecurity news! Stories from the show: Dish confirms 300,000 peoples data was exposed in February’s attack https://www.theregister.com/2023/05/23/dish_networks/ IT Worker Admits Piggybacking on Hacker's Extortion Attempt https://www.inforisktoday.com/worker-admits-piggybacking-on-hackers-extortion-attempt-a-22142 18-year-old charged with hacking 60,000 DraftKings betting accounts https://www.bleepingcomputer.com/news/security/18-year-old-charged-with-hacking-60-000-draftkings-betting-accounts/ Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool https://www.darkreading.com/endpoint/google-zip-mov-domains-social-engineers-shiny-new-tool Meta Hit With $1.3B Record-Breaking Fine for GDPR Violations https://www.darkreading.com/endpoint/meta-hit-1-3b-record-breaking-fine-gdpr-violations

In this episode Erich and Javvad discuss the weekly stories in #cybersecurity, including the Tik Tok ban in Montana, insured organizations are more likely to be ransomware victims, OpenAI CEO calls for slowing and more! Stories from the show: TikTok: Montana to become first US state to ban app on personal devices https://www.bbc.com/news/business-65630201 Insured companies more likely to be ransomware victims, sometimes more than once https://www.csoonline.com/article/3696350/insured-companies-more-likely-to-be-ransomware-victims-sometimes-more-than-once.html UK Pension Scheme: Members Should Assume Capita Data Theft https://www.infosecurity-magazine.com/news/pension-scheme-members-capita-data/ Sam Altman: CEO of OpenAI calls for US to regulate artificial intelligence https://www.bbc.com/news/world-us-canada-65616866 Upstart encryption app walks back privacy claims, pulls from stores after probe https://www.theregister.com/2023/05/17/converso_e2ee_app/

In this episode, Javvad and Erich recover from a crazy April and early May, but are back live to chat about some top cyber stories. Stories from the show: Deconstructing a Cybersecurity Event https://www.dragos.com/blog/deconstructing-a-cybersecurity-event/ European Parliament points to Morocco as ‘possibly’ responsible for Pegasus spying https://thediplomatinspain.com/en/2023/05/european-parliament-points-to-morocco-as-possibly-responsible-for-pegasus-spying/ India to send official whassup to WhatsApp after massive spamstorm https://www.theregister.com/2023/05/12/india_whatsapp_spam_privacy_demands/ HP Firmware update blocks 3rd party ink https://twitter.com/dcuthbert/status/1656926678096986112?s=20 NCSC and ICO Dispel Incident Reporting Myths https://www.infosecurity-magazine.com/news/ncsc-ico-dispel-incident-reporting/ Bad Bots Now Account For 30% of All Internet Traffic https://www.infosecurity-magazine.com/news/bad-bots-now-comprise-30-of-all/ Ransomware payments nearly double in one year https://www.theguardian.com/technology/2023/may/10/ransomware-payments-nearly-double-in-one-year Millions of mobile phones come pre-infected with malware, say researchers https://www.theregister.com/2023/05/11/bh_asia_mobile_phones/

In this episode, Erich and Javvad talk about the Ruskies hacking Ukrainian coffe shop cameras, FTX's 'cybersecurity' (quotes are on purpose), Latitude Financial's decision not to pay and the FUD around juice jacking. All of this and more #cybersecurity news and information. Stories from the show: Russian hackers ‘target security cameras inside Ukraine coffee shops’ https://www.theguardian.com/world/2023/apr/11/russian-hackers-target-security-cameras-inside-ukraine-coffee-shops PSA: Public Phone Charging Ports Are Malware Magnets https://www.pcmag.com/news/psa-public-phone-charging-ports-are-malware-magnets FTX's Cybersecurity Was Hilariously Bad https://gizmodo.com/ftx-sam-bankman-fried-cybersecurity-hacking-crypto-1850321150 Latitude Financial Refuses to Pay Ransom https://www.infosecurity-magazine.com/news/latitude-financial-refuses-to-pay/

In thie episode, Erich and Javvad chat about the latest news in #cybersecurity, including another data breach thanks to Uber, IT folks being pressured into silence, UK drops the ball on crime records, and Telegram is replacing (or augmenting) marketplaces. All of this and more #infosec news! Don't forget to like and subscribe Stories from the show: IT and security pros pressured to keep quiet about data breaches https://www.helpnetsecurity.com/2023/04/06/pressure-keeping-breaches-confidential/ Uber suffers another data breach after law firm’s servers attacked https://www.siliconrepublic.com/enterprise/uuber-data-breach-driver-info-stolen-law-firm-genova-burns Travel visa delays after UK’s crime records office hit by cyber ‘incident’ https://www.standard.co.uk/news/uk/travel-visa-delays-nz-australia-us-acro-cybersecurity-police-certificates-data-breach-b1072351.html Telegram now the go-to place for selling phishing tools and services https://www.bleepingcomputer.com/news/security/telegram-now-the-go-to-place-for-selling-phishing-tools-and-services/ Takedown of notorious hacker marketplace selling your identity to criminals https://www.europol.europa.eu/media-press/newsroom/news/takedown-of-notorious-hacker-marketplace-selling-your-identity-to-criminals

In this episode, Erich and Javvad discuss how ChatGPT is being used to commit crimes, a phishing gang bust by Ukrainian cops and some rather staggering (and suspicious) ransomware stats. All this and more live at 10am Eastern. Stories from the show: Belgian intelligence puts Huawei on its watchlist https://www.politico.eu/article/belgian-intelligence-huawei-watchlist-espionage-china-eu-nato/ Cybercrime, fraud using ChatGPT on the rise, says Europol https://www.scmagazine.com/brief/cybercrime/cybercrime-fraud-using-chatgpt-on-the-rise-says-europol Survey finds that almost three quarters of organizations were hit by a successful ransomware attack in 2022 https://www.continuitycentral.com/index.php/news/technology/8361-survey-finds-that-almost-three-quarters-of-organizations-were-hit-by-a-successful-ransomware-attack-in-2022 Ukrainian Police Bust Multimillion-Dollar Phishing Gang https://www.infosecurity-magazine.com/news/ukrainian-police-bust-phishing/ Fake ChatGPT Chrome Browser Extension Caught Hijacking Facebook Accounts https://thehackernews.com/2023/03/fake-chatgpt-chrome-browser-extension.html

In this episode Erich and Javvad Microsoft cracking windows, what it costs when you cover up a ransomware attack, medical info being shared with social media giants, and much more! Check us out at 10am Eastern Time Stories from the show: What happens if you 'cover up' a ransomware infection? For Blackbaud, a $3m charge https://www.theregister.com/2023/03/10/sec_blackbaud_3m_penalty/ Microsoft support 'cracks' Windows for customer after activation fails https://www.bleepingcomputer.com/news/security/microsoft-support-cracks-windows-for-customer-after-activation-fails/ Cerebral admits to sharing patient data with Meta, TikTok, and Google https://www.theverge.com/2023/3/11/23635518/cerebral-patient-data-meta-tiktok-google-pixel Humans Still More Effective Than ChatGPT at Phishing https://www.infosecurity-magazine.com/news/humans-more-effective-chatgpt/ Dole doesn’t expect to recover full costs of ransomware attack https://www.cybersecuritydive.com/news/dole-recovery-ransomware-attack/644445/ Cyber attack affecting Gloucester museum's system one year on https://www.bbc.com/news/uk-england-gloucestershire-64917275

In this episode Erich and Javvad disucss the Acer hack, a story where a Russian cybercrime gang dumped naked pics of cancer patients when a hospital wouldn't pay the ransom, and how an old version of Plex lead to the latest LastPass hack. All this and more Show Notes: 'THE' Video: A Facebook message that sparked hope https://www.youtube.com/watch?v=-OH99CFzhFM Acer confirms server intrusion after miscreant offers 160GB cache of stolen files https://www.theregister.com/2023/03/08/acer_confirms_server_breach/ LastPass Hack: Engineer's Failure to Update Plex Software Led to Massive Data Breach https://thehackernews.com/2023/03/lastpass-hack-engineers-failure-to.html Russian hackers post NAKED photos of Pennsylvania cancer patients receiving treatment to dark web https://www.dailymail.co.uk/news/article-11833591/Russian-hackers-post-NAKED-photos-Pennsylvania-cancer-patients-hospital-refused-ransom.html

In this episode Erich Javvad discuss important #cybersecurity stories including... Lastpass... again, the U.S. Marshals get pwned by #ransomware, and much more. Stories from the show: U.S. Marshals Service suffers 'major' security breach https://www.nbcnews.com/politics/politics-news/major-us-marshals-service-hack-compromises-sensitive-info-rcna72581 LastPass says employee’s home computer was hacked and corporate vault taken https://arstechnica.com/information-technology/2023/02/lastpass-hackers-infected-employees-home-computer-and-stole-corporate-vault/ Salesforce to sweat assets https://www.theregister.com/2023/03/02/salesforce_q4_fy_2023/ Hacker leaks alleged Activision employee data on cybercrime forum https://www.bleepingcomputer.com/news/security/hacker-leaks-alleged-activision-employee-data-on-cybercrime-forum/

In this episode, Erich and Javvad discuss the hack of NameCheap's email, which was used to send phishing emails, how Godaddy has been breached for years, accidental WhatsApp account takeovers and more. Stories from the show: NameCheap's email hacked to send Metamask, DHL phishing emails https://www.bleepingcomputer.com/news/security/namecheaps-email-hacked-to-send-metamask-dhl-phishing-emails/ How a women’s ‘disdain for email guff’ stopped a Putin hack six years on https://www.independent.co.uk/news/uk/home-news/russia-ukraine-email-putin-hack-b2280580.html GoDaddy: Hackers stole source code, installed malware in multi-year breach https://www.bleepingcomputer.com/news/security/godaddy-hackers-stole-source-code-installed-malware-in-multi-year-breach/ Accidental WhatsApp account takeovers? It's a thing https://www.theregister.com/2023/02/21/accidental_whatsapp_account_takeover/ European Commission bans TikTok on staff devices https://www.bbc.co.uk/news/technology-64743991

In this episode, Erich and Javvad discuss the weeks top cybersecurity issues and stories, including the Reddit hack, a top US cybersecurity diplomat's persona Twitter getting pwned, talk about a VMware 0-day and Weee! dealing witha not-so-fun breach. All of this and more live on Linkedin, Facebook, Twitch and YouTube! Don't forget to like and subscribe Stories from the show: The Top U.S. Cybersecurity Diplomat's Personal Twitter Account Was Hacked https://www.forbes.com/sites/petersuciu/2023/02/06/the-top-us-cybersecurity-diplomats-personal-twitter-account-was-hacked/?sh=3918883d4d7e VMware Finds No Evidence of 0-Day in Ongoing ESXiArgs Ransomware Spree https://thehackernews.com/2023/02/vmware-finds-no-evidence-of-0-day-flaw.html Weee! grocery service confirms data breach, 1.1 million affected https://www.bleepingcomputer.com/news/security/weee-grocery-service-confirms-data-breach-11-million-affected/ Reddit: We had a security incident. Here’s what we know. https://www.reddit.com/r/reddit/comments/10y427y/we_had_a_security_incident_heres_what_we_know/

In this episode, Erich and Javvad discuss fraud in the UK, the 'Pooping Perpertrator' gets flushed out, a new Russian wiper is spotted and much, much more! Join us on LinkedIn to comment live! Stories from the show: Over £3.9 BILLION has been lost to fraud and cybercrimes in the last 13 months across the UK https://ifamagazine.com/article/over-3-9-billion-has-been-lost-to-fraud-and-cybercrimes-in-the-last-13-months-across-the-uk/ Florida Authorities Arrest ‘The Pooping Perpetrator’ for Burglary After Suspect Jumped Naked into River and was Rescued by Police https://lawandcrime.com/crime/florida-authorities-arrest-the-pooping-perpetrator-for-burglary-after-suspect-jumped-naked-into-river-and-was-rescued-by-police/?ICID=ref_fark Hackers use new SwiftSlicer wiper to destroy Windows domains https://www.bleepingcomputer.com/news/security/hackers-use-new-swiftslicer-wiper-to-destroy-windows-domains/ Insider attacks becoming more frequent, more difficult to detect https://www.helpnetsecurity.com/2023/01/30/detect-insider-attacks/ Anker finally comes clean about its Eufy security cameras https://www.theverge.com/23573362/anker-eufy-security-camera-answers-encryption

In this episode, Erich and Javvad discuss the Hive ransomware group takedown, some refund scams, RMM tool attacks and more. Stories from the show: DOJ disrupts major ransomware group https://www.nbcnews.com/tech/security/doj-disrupts-major-ransomware-group-rcna67627 CISA says federal agencies attacked in refund scam through remote management software https://therecord.media/cisa-says-federal-agencies-attacked-in-refund-scam-through-remote-management-software/ GoTo says hackers stole encrypted backups during November cyberattack https://therecord.media/goto-says-hackers-stole-encrypted-backups-during-november-cyberattack/

In this episode we discuss the PayPal issue, Nissan's vendor leaking data an org that gets defaced after ignoring vulnerability warnings, and more! Stories from the show: Social Security Numbers Stolen in PayPal Cyberattack https://www.cnet.com/tech/services-and-software/social-security-numbers-stolen-in-paypal-cyber-attack/ Nissan North America data breach caused by vendor-exposed database https://www.bleepingcomputer.com/news/security/nissan-north-america-data-breach-caused-by-vendor-exposed-database/ ODIN Intelligence website is defaced as hackers claim breach https://techcrunch.com/2023/01/15/odin-intelligence-website-defaced-sweepwizard/ MailChimp second breach in a year https://www.theregister.com/2023/01/19/mailchimp_fesses_up_to_2nd/ Solaris taken over by kraken https://www.bleepingcomputer.com/news/security/illegal-solaris-darknet-market-hijacked-by-competitor-kraken/

In this episode we welcome in the new year, chat about the future in 2023, recap Erich's trip to CES, talk about the big news of the last couple of weeks, and more. Stories from the show: 'No Evidence' of Cyberattack Related to FAA Outage, White House Says https://www.securityweek.com/no-evidence-cyberattack-related-faa-outage-white-house-says Guardian Tells Workers Their Data Was Compromised in Ransomware Hack https://www.bloomberg.com/news/articles/2023-01-11/guardian-tells-staff-their-data-was-accessed-in-ransomware-hack Royal Mail ransomware attackers threaten to publish stolen data https://www.theguardian.com/business/2023/jan/12/royal-mail-ransomware-attackers-threaten-to-publish-stolen-data Caught on Camera: Group of thieves accidentally break into Alhambra diaper business https://www.cbsnews.com/losangeles/news/caught-on-camera-group-of-thieves-accidentally-break-into-alhambra-diaper-business/ Don’t answer another online quiz question until you read this https://consumer.ftc.gov/consumer-alerts/2023/01/dont-answer-another-online-quiz-question-until-you-read

In this episode, Javvad gives hjs report on BlackHat Europe and tells of his upcoming trip to BSides London, a story about scammers scamming each other out of millions of dollars, and an interesting andriod malware that parasites on legit apps. All this and more!

In this episode, Erich and Javvad discuss the jargon issue in #cybersecurity, the overwhelming issue of garbage email, the continued trend for crap passwords and more. Stories from the show: Cybersecurity jargon impacting communication between C-suite and specialists https://www.information-age.com/cybersecurity-jargon-impacting-communication-between-c-suite-specialists-123500747/ Unwanted emails steadily creeping into inboxes https://www.helpnetsecurity.com/2022/11/14/email-security-threats/ Mass Email Extortion Campaign Claims Server Hack https://www.infosecurity-magazine.com/news/mass-email-extortion-claims-server/ Guess the most common password. Hint: We just told you https://www.theregister.com/2022/11/25/infosec_roundup/

In This episode, Erich and Javvad discuss the hack of Liz Truss' phone, the offering of $4M worth of initial network access, the FTC crack down on a repeat offender and more! Stories from the show Hackers selling access to 576 corporate networks for $4 million https://www.bleepingcomputer.com/news/security/hackers-selling-access-to-576-corporate-networks-for-4-million/ FTC Cracks Down on Homework App Provider Chegg for 4 Past Data Breaches https://www.pcmag.com/news/ftc-cracks-down-on-homework-app-provider-chegg-for-4-past-data-breaches Liz Truss' phone was 'clearly hacked', says minister https://news.stv.tv/world/liz-truss-phone-was-clearly-hacked-says-minister People are pretending to be laid-off Twitter employees carrying boxes outside of HQ https://www.theverge.com/2022/10/28/23428775/twitter-fake-employee-layoff-rahul-ligma-elon-musk

In this episode, Erich and Javvad discuss the cybersecurity stories of the week, including some significant convictions, bots and LinkedIn battle, CVE PoCs used to spread malware and much more! Stories from the show: EFCC touts 1,968 cybercrime-related convictions secured in nine months https://punchng.com/2669-convictions-secured-in-nine-months-efcc/ Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn https://krebsonsecurity.com/2022/10/battle-with-bots-prompts-mass-purge-of-amazon-apple-employee-accounts-on-linkedin/ Security experts targeted with malicious CVE PoC exploits on GitHub https://securityaffairs.co/wordpress/137527/hacking/malicious-github-repositories.html Google bans 16 popular Android apps! Millions warned to delete them now https://www.express.co.uk/life-style/science-technology/1687205/Android-warning-delete-Google-Play-Store-apps-now See Tickets discloses 2.5 years-long credit card theft breach https://www.bleepingcomputer.com/news/security/see-tickets-discloses-25-years-long-credit-card-theft-breach/ Feds say Ukrainian man running malware service amassed 50M unique credentials https://arstechnica.com/information-technology/2022/10/feds-say-ukrainian-man-running-malware-service-amassed-50m-unique-credentials/

In this episode, Erich and Javvad talk about a woman who was scammed by an 'astronaut' that needed money to get home from the space station, the failure of Microsoft to secure their own product, Chinese police stations around the world, how the Dutch scammed a ransomware gang into giving up decryption keys, and more! Stories from the show: An Imposter Claiming to Be an Astronaut Wooed a Japanese Woman Into Paying for a 'Return Ticket to Earth' https://gizmodo.com/astronaut-iss-instagram-1849638814 Microsoft data breach exposes customers’ contact info, emails https://www.bleepingcomputer.com/news/security/microsoft-data-breach-exposes-customers-contact-info-emails/ China opens police stations in Nigeria, clamps down on alleged Chinese fraudsters https://gazettengr.com/china-opens-police-stations-in-nigeria-clamps-down-on-alleged-chinese-fraudsters/ Police tricked a ransomware gang into handing over its decryption keys. Here's how they did it https://www.zdnet.com/article/police-tricked-a-ransomware-gang-into-handing-over-its-decryption-keys-heres-how-they-did-it/

In this episode Javvad and Erich discuss a number of issues with Android phones, including an unofficial WhatsApp app stealing user accounts, how the Always-on VPN is leaking traffic and more. Stories from the show: Unofficial WhatsApp Android app caught stealing users’ accounts https://www.bleepingcomputer.com/news/security/unofficial-whatsapp-android-app-caught-stealing-users-accounts/ Facebook Login Details at Risk as Meta Identifies Over 400 Malicious Apps https://www.infosecurity-magazine.com/news/facebook-login-details-at-risk/ Android leaks some traffic even when 'Always-on VPN' is enabled https://www.bleepingcomputer.com/news/google/android-leaks-some-traffic-even-when-always-on-vpn-is-enabled/ Lloyd's of London cuts off network after dodgy activity detected https://www.theregister.com/2022/10/07/lloyds_london_security_incident/

In this episode, Erich and Javvad talking about human trafficking related to cybercrime operations, social media account takeovers and more! Stories from the show: Guilty verdict in the Uber breach case makes personal liability real for CISOs https://www.csoonline.com/article/3676148/guilty-verdict-in-the-uber-breach-case-makes-personal-liability-real-for-cisos.html Jury Finds Former Uber CSO Joe Sullivan Guilty of Cover-Up https://www.govinfosecurity.com/jury-finds-former-uber-cso-joe-sullivan-guilty-cover-up-a-20187 Twitter post by Whitney Merrill - @wbm312 https://twitter.com/wbm312/status/1577827226196013056 SUPERSEDING INDICTMENT https://dd80b675424c132b90b3-e48385e382d2e5d17821a5e1d8e4c86b.ssl.cf1.rackcdn.com/external/sullivansupersedingindictment-dec222021.pdf Twitter whistleblower tells Senate of ‘egregious’ security failings by company https://www.theguardian.com/technology/2022/sep/13/twitter-whistleblower-testimony-congress-peiter-zatko Hundreds of Indians Reportedly Trafficked to Myanmar by Cybercrime Operations https://www.irrawaddy.com/news/burma/hundreds-of-indians-reportedly-trafficked-to-myanmar-by-cybercrime-operations.html/amp Police arrest teen for using leaked Optus data to extort victims https://www.bleepingcomputer.com/news/security/police-arrest-teen-for-using-leaked-optus-data-to-extort-victims/ An identity scam that has grown in the past 12 months by more than 1,000% - social media account takeover https://www.idtheftcenter.org/wp-content/uploads/2022/09/2022-Consumer-Impact-Report_V3.4_Final_Linked.pdf

In this episode, Erich and Javvad speak about the Uber breach, using WeTransfer to spread malware, UK folks fear that their kids will turn to cybercrime due to the rising cost-of-living, and more. Stories from the show: Uber investigating 'cybersecurity incident' after report of breach https://www.reuters.com/business/autos-transportation/uber-investigating-computer-network-breach-nyt-2022-09-16/ Cybercrime Fears for Children as Cost-of-Living Bites https://www.infosecurity-magazine.com/news/cybercrime-fears-children/ Hackers are using WeTransfer links to spread malware https://www.msn.com/en-us/news/technology/hackers-are-using-wetransfer-links-to-spread-malware/ar-AA11MEiM Hackers now use ‘sock puppets’ for more realistic phishing attacks https://www.bleepingcomputer.com/news/security/hackers-now-use-sock-puppets-for-more-realistic-phishing-attacks/ Hong Kong consumers want right to choose when firms use AI https://www.zdnet.com/article/hong-kong-consumers-want-right-to-choose-when-firms-use-ai/

This week, Javvad and Erich discuss the campaign the Lazarus group is using against US energy companies, surveillance camera access for sale, and how credential stuffing compromised almost 200k accounts at North Face. All this and more! Stories from the show: Cybercriminals Are Selling Access to Chinese Surveillance Cameras https://threatpost.com/cybercriminals-are-selling-access-to-chinese-surveillance-cameras/180478/ 200,000 North Face accounts hacked in credential stuffing attack https://www.bleepingcomputer.com/news/security/200-000-north-face-accounts-hacked-in-credential-stuffing-attack/ North Korea’s Lazarus hackers are exploiting Log4j flaw to hack US energy companies https://techcrunch.com/2022/09/08/north-korea-lazarus-united-states-energy/ How the ‘man in black’ was exposed by the Russian women he terrorised https://www.bbc.com/news/world-europe-62799246

In this episode, Javvad and Erich discussa crafty coinminer malware that lays dormant for a while, Okta credential thefts, a huge increase in potential victims of a ransomware attack, and a possible device that allows bad actors to simulate swipes and taps on phones from under a table. All this and more! Accepted the Risk Video: https://www.youtube.com/watch?v=9IG3zqvUqJY Stories from the show: Twilio Hackers Scarf 10K Okta Credentials in Sprawling Supply-Chain Attack https://www.darkreading.com/remote-workforce/twilio-hackers-okta-credentials-sprawling-supply-chain-attack Windows malware delays coinminer install by a month to evade detection https://www.bleepingcomputer.com/news/security/windows-malware-delays-coinminer-install-by-a-month-to-evade-detection/ Individuals affected by vendor ransomware attack reaches 2.7M https://www.beckershospitalreview.com/cybersecurity/vendor-ransomware-attack-affects-2-7m-healthcare-organizations.html Hacking device can secretly swipe and tap your smartphone screen https://www.newscientist.com/article/2335970-hacking-device-can-secretly-swipe-and-tap-your-smartphone-screen/

In this episode, Erich is on the road in Dallas for the Podcast Movement conference, but him and Javvad still take the time out to discuss some major stories on cybersecurity this week. Stories from the show: LastPass developer systems hacked to steal source code https://www.bleepingcomputer.com/news/security/lastpass-developer-systems-hacked-to-steal-source-code/ Twitter whistleblower alleges ‘egregious deficiencies’ in security measures https://www.theguardian.com/technology/2022/aug/23/twitter-whistleblower-peiter-zatko-mudge-security Cyber attackers disrupt services at French hospital, demand $10 million ransom https://www.france24.com/en/europe/20220823-cyber-attackers-disrupt-services-at-french-hospital-demand-10-million-ransom Researchers Find Counterfeit Phones with Backdoor to Hack WhatsApp Accounts https://thehackernews.com/2022/08/researchers-find-counterfeit-phones.html

In this episode, Javvad and Erich talk about the Cisco hack and wrap up the 2022 Black Hat experience. Stories from the show: Las Vegas slammed with more flash floods as iconic strip, casinos under water again https://nypost.com/2022/08/12/las-vegas-slammed-with-more-flash-floods-as-iconic-strip-casinos-under-water-again/ Smishing Attack Led to Major Twilio Breach https://www.infosecurity-magazine.com/news/smishing-attack-led-to-major/ Cloudflare: Someone tried to pull the Twilio phishing tactic on us too https://www.theregister.com/2022/08/10/cloudflare_twilio_phishing/ Cisco Talos shares insights related to recent cyber attack on Cisco https://blog.talosintelligence.com/2022/08/recent-cyber-attack.html

Erich and Javvad discuss a crypto currency theft of around $190mil, FEMA warns about patching emergency alerts systems and macros have become a top way to spread ransomware, plus more stories of the week. Join us live and chat with us on LinkedIn Stories from the show: Hack of US cryptocurrency firm Nomad leads to $190 million loss in bridge attack https://www.scmagazine.com/analysis/breach/hack-of-us-cryptocurrency-firm-nomad-leads-to-190-million-loss-in-bridge-attack 87% of the ransomware found on the dark web has been delivered via malicious macros https://www.helpnetsecurity.com/2022/08/03/ransomware-malicious-macros/ FEMA warns emergency alert systems could be hacked to transmit fake messages unless software is updated https://www.cnn.com/2022/08/03/politics/fema-emergency-alert-software-warning/index.html Ex-T-Mobile US store owner phished staff, raked in $25m from unlocking phones https://www.theregister.com/2022/08/03/tmobile_unlock_prison_phone/

In this episode Erich and Javvad discuss cyber attacks on the Port of Los Angeles, the value T-Mobile places on your data and much more! T-Mobile Pitches $4-Per-Customer Settlement for Data Leak Impacting 80M People https://www.darkreading.com/application-security/t-mobile-pitches-4-per-customer-settlement-for-data-leak Cyber-attacks on Port of Los Angeles have doubled since pandemic https://www.bbc.com/news/business-62260272

In this episode, Javvad and Erich discuss a Florida man charged with selling fake Cisco gear, a phish designed to get around MFA, ransomware gangs allow searching of dumped data and Google updates their password manager. Stories from the show: Florida man charged with selling fake Cisco equipment in $1 billion scheme https://www.reuters.com/world/us/florida-man-charged-with-selling-fake-cisco-equipment-1-bln-scheme-2022-07-08/ This big phish can swim around MFA, says Microsoft Security https://www.theregister.com/2022/07/13/aitm-phishing-microsoft/ Ransomware gang now lets you search their stolen data https://www.bleepingcomputer.com/news/security/ransomware-gang-now-lets-you-search-their-stolen-data/ Google Updates Password Manager With New Security, Management Tools https://uk.pcmag.com/password-managers/141268/google-updates-password-manager-with-new-security-management-tools India: How a fake 'IPL' cricket league ran for Russian punters https://www.bbc.com/news/world-asia-india-62123966

In this episode, Erich and Javvad talk about fake copyright infringement emails, Carnival cruise line is fined $5 for not having MFA, A Dutch univeristy makes money off a paid ransom, unemployment payments taken offline by ransomware and more. Stories from the show: Fake copyright infringement emails install LockBit ransomware https://www.bleepingcomputer.com/news/security/fake-copyright-infringement-emails-install-lockbit-ransomware/ Cruise line operator Carnival hit with $5m fine for failing to implement multi-factor authentication and failing to conduct cyber security training for its staff. https://www.itpro.co.uk/security/cyber-security/368362/carnival-hit-with-5-million-fine-over-cyber-security-violations Dutch University retrieves Bitcoin ransomware payment and makes a profit https://www.theregister.com/2022/07/05/maastricht_university_ransom_return/ Cyberattack shuts down unemployment, labor websites across the US https://www.theregister.com/2022/07/01/gsi-cyberattack-state-unemployment/ Supermarket chain Wegmans settles with New York over data breach https://www.reuters.com/business/retail-consumer/supermarket-chain-wegmans-settles-with-new-york-over-data-breach-2022-06-30/ Google Updates Password Manager With New Security, Management Tools https://uk.pcmag.com/password-managers/141268/google-updates-password-manager-with-new-security-management-tools Microsoft rolls back decision to block Office macros by default https://www.bleepingcomputer.com/news/microsoft/microsoft-rolls-back-decision-to-block-office-macros-by-default/

In this episode, Javvad and Erich chat about Alexa bringing voices from the dead, CISA getting serious about Log4Shell, AI being alive and much, much more. Stories from the show: CISA: Log4Shell exploits still being used to hack VMware servers https://www.bleepingcomputer.com/news/security/cisa-log4shell-exploits-still-being-used-to-hack-vmware-servers/ Conti ransomware hacking spree breaches over 40 orgs in a month https://www.bleepingcomputer.com/news/security/conti-ransomware-hacking-spree-breaches-over-40-orgs-in-a-month/ Google engineer put on leave after saying AI chatbot has become sentient https://www.theguardian.com/technology/2022/jun/12/google-engineer-ai-bot-sentient-blake-lemoine Alexa could soon speak in a dead relative's voice https://www.npr.org/2022/06/23/1107079194/amazon-alexa-dead-relatives-voice

Today James McQuiggan (who is in for Javvad) discuss burnout in security folks, reliance on endpoint protection, and how an Elasticsearch server with no password or encryption lost 1 million records. All this and more on today's show Stories from the show: New research reveals overreliance on endpoint protection could be putting organizations at higher risk of exposure to ransomware https://www.securityinfowatch.com/cybersecurity/information-security/breach-detection/press-release/21271323/gigamon-new-research-reveals-overreliance-on-endpoint-protection-could-be-putting-organizations-at-higher-risk-of-exposure-to-ransomware Elasticsearch server with no password or encryption leaks a million records https://www.theregister.com/2022/06/16/storehub_data_leak/ The unrelenting threat of ransomware is pushing cybersecurity workers to quit https://www.zdnet.com/article/the-unrelenting-threat-of-ransomware-is-driving-cybersecurity-workers-to-quit/ 45% of cybersecurity pros are considering quitting the industry due to stress https://www.helpnetsecurity.com/2022/06/13/cybersecurity-professionals-stress-levels/

In this episode, Erich and Javvad discuss ransomware demanding payment through ROBLOX, a cybercriminal that stole over 1 million Facebook accounts in 4 months, a data breach exposes 2 million people's info, and they offer no help. Stories from the show: Bizarre ransomware sells decryptor on Roblox Game Pass store https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ A cybercriminal stole 1 million Facebook account credentials over 4 months https://www.techrepublic.com/article/a-cybercriminal-stole-1-million-facebook-account-credentials-over-4-months/ Emotet malware detections surge 27-fold in first quarter https://siliconangle.com/2022/06/09/emotet-malware-detections-surge-first-quarter/ Data breach at health care organization may affect 2 million https://abcnews.go.com/Health/wireStory/data-breach-health-care-organization-affect-million-85262287

In this episode, Erich and Javvad talk about the arrest of a phishing kingpin, in Nigeria surprisingly, the $150m fine Twitter just got, and a study showing that CFO's aren’t being included in ransomware talks. All this and more in this episode. Stories from the show: FTC fines Twitter $150M for using 2FA info for targeted advertising: https://www.bleepingcomputer.com/news/technology/ftc-fines-twitter-150m-for-using-2fa-info-for-targeted-advertising/ Multi-Continental Operation Leads to Arrest of Cybercrime Gang Leader: https://www.infosecurity-magazine.com/news/operation-arrest-cybercrime-gange/ Most CFOs being left out of ransomware conversations: https://www.computerweekly.com/news/252520714/Most-CFOs-being-left-out-of-ransomware-conversations New virus forces people to donate to the poor if they want their data recovered: https://metro.co.uk/2022/05/24/new-ransomware-demands-victims-donate-to-the-poor-to-unlock-their-data-16698304/ NCSC Report Reveals Phishing Lures Increasingly Disguised as Vaccine Appointments: https://www.infosecurity-magazine.com/news/phishing-lures-disguised-as/

In this episode Erich and Javvad talk about the Coke hack that may not have happened, the UK Army recruiting portal debacle, and Gloucester's choice not to have cyber insurance. All of this and more in this episode of the Jerich Show Stories from the show: Coca-Cola investigates hackers' claims of breach and data theft https://www.bleepingcomputer.com/news/security/coca-cola-investigates-hackers-claims-of-breach-and-data-theft/ Gloucester council reveals more about why it was not insured against cyber attacks https://www.gloucestershirelive.co.uk/news/gloucester-news/gloucester-council-reveals-more-not-6935231 Data Breach Disrupts UK Army Recruitment https://www.infosecurity-magazine.com/news/data-breach-disrupts-uk-army/ North Korean hackers targeting journalists with novel malware https://www.bleepingcomputer.com/news/security/north-korean-hackers-targeting-journalists-with-novel-malware/

In this episode, Erich and Javvad cover stories about data breach emails being used to target crypto wallets, some arrests and charges filed against cyber criminals, WhatsApp voice message phishing emails, and much more! Stories From the Show: Fake Trezor data breach emails used to steal cryptocurrency wallets https://www.bleepingcomputer.com/news/security/fake-trezor-data-breach-emails-used-to-steal-cryptocurrency-wallets/ UK charges two teenagers linked to the Lapsus$ hacking group https://www.bleepingcomputer.com/news/security/uk-charges-two-teenagers-linked-to-the-lapsus-hacking-group/ GitHub can now auto-block commits containing API keys, auth tokens https://www.bleepingcomputer.com/news/security/github-can-now-auto-block-commits-containing-api-keys-auth-tokens/ WhatsApp voice message phishing emails push info-stealing malware https://www.bleepingcomputer.com/news/security/whatsapp-voice-message-phishing-emails-push-info-stealing-malware/ Hacking forum RaidForums shut down and founder arrested in global police operation https://www.zdnet.com/article/hacking-forum-raidforums-shut-down-and-founder-arrested-in-global-police-operation/ Feds Uncover a ‘Swiss Army Knife’ for Hacking Industrial Control Systems https://www.wired.com/story/pipedream-ics-malware/

In this episode, Erich joins Javvad from the airport in Nashville, Tennessee to discuss some of the top cybersecurity stories of the week.

In this Episode, Erich and Javvad cover the weekly hot stories related to the Lapsus$ group, ISACA says we need more staff, London voter info leaked and more. Stories from the show: ISACA: Two-Thirds of Cybersecurity Teams Are Understaffed https://www.infosecurity-magazine.com/news/isaca-cybersecurity-understaffed/ Anonymous claims it has hacked the Central Bank of Russia https://www.computerweekly.com/news/252515064/Anonymous-claims-it-has-hacked-the-Central-Bank-of-Russia Over 40,000 London Voters Have Data Leaked to Strangers https://www.infosecurity-magazine.com/news/over-40000-london-voters-data/ Microsoft confirms they were hacked by Lapsus$ extortion group https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-they-were-hacked-by-lapsus-extortion-group/ Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal https://www.bbc.com/news/technology-60864283?fbclid=IwAR3NCh_dI68zqoFiqgC1oGxCLGHqBtM14pCmwa6p4J7YDxKBOVP6ckqXnnI

In this episode, Javvad and Erich talk about the German Governement warning about using Russian anitivirus, Meta gets a fine and the CISSP gets a testing revamp. All this and more! Stories from the show: German Government Warns Against Using Russia's Kaspersky Antivirus Software https://thehackernews.com/2022/03/german-government-warns-against-using.html Facebook Hit With $18.6 Million GDPR Fine Over 12 Data Breaches in 2018 https://thehackernews.com/2022/03/facebook-hit-with-186-million-gdpr-fine.html Cyber security certification overhaul brings new questions and longer exams https://www.itpro.co.uk/security/cyber-security/366966/cyber-security-certification-overhaul-longer-exam-questions

In this episode, Javvad and Erich chat about the Lapsus$ ransomware group and the attacks on NVIDIA and Samsung, Android malware and more! Stories from the show: Chinese phishing actors consistently targeting EU diplomats https://www.bleepingcomputer.com/news/security/chinese-phishing-actors-consistently-targeting-eu-diplomats/ Samsung Confirms Lapsus$ Ransomware Hit, Source Code Leak https://threatpost.com/samsung-lapsus-ransomware-source-code/178791/ That Android antivirus could actually be malware https://www.techradar.com/news/that-android-antivirus-could-actually-be-malware 'Dirty Pipe' Linux vulnerability discovered https://www.zdnet.com/article/dirty-pipe-linux-vulnerability-discovered-fixed/ A Risk Question https://twitter.com/jwgoerlich/status/1501941528628891648?s=20&t=IpRD0oVurIpM4x3zoR1Pdw

In this episode, Javvad and Erich chat about the cybersecurity issues related to the Ukraine invasion, the Conti ransomware group has a lot of data dumped, and the folks that hit Nvidia, get hit back. All of this and more! Stories from the show: 83% of employees continue accessing old employer’s accounts https://www.helpnetsecurity.com/2022/02/21/employees-maintaining-accounts-access/ Conti Ransomware Decryptor, TrickBot Source Code Leaked https://threatpost.com/conti-ransomware-decryptor-trickbot-source-code-leaked/178727/ Ransomware group claiming responsibility for Nvidia attack is hacked in turn https://www.pcgamer.com/ransomware-group-claiming-responsibility-for-nvidia-attack-is-hacked-in-turn/

Javvad is away this week, so Erich is joined by James McQuiggan as they speak about the top #cybersecurity stories from the week. Stories from the show: Baltimore Conned Out of $375k https://www.infosecurity-magazine.com/news/baltimore-conned-out-of-375k/ 74% of ransomware revenue goes to Russia-linked hackers https://www.bbc.com/news/technology-60378009 Venmo and other financial app users to get $58 million in settlement https://www.consumeraffairs.com/news/venmo-and-other-financial-app-users-to-get-58-million-in-settlement-012422.html US DOJ Announces Leader for New FBI Crypto Unit https://blockchain.news/news/us-doj-announces-leader-for-new-fbi-crypto-unit Super Bowl Ad Sparks QR Code Controversy https://www.secureworld.io/industry-news/qr-code-controversy-super-bowl