The Jerich Show Podcast

In this episode, Erich Kron and Javvad Malik chat about the weekly #infosec and #cybersecurity stories, including how Russia is cracking down on carders, infotainment system crashes and more. Stories from the show: Tech bug keeps Mazda radios locked in to NPR https://www.bbc.com/news/technology-60333765 Intuit users warned over tax scam threatening to disable your account – here’s the fake email to look out for https://www.the-sun.com/money/4620318/intuit-scam-phishing-fake-email-tax/ Russia arrests third hacking group, seizes carding forums https://www.bleepingcomputer.com/news/security/russia-arrests-third-hacking-group-seizes-carding-forums/ Lazarus hackers target defense industry with fake Lockheed Martin job offers https://www.bleepingcomputer.com/news/security/lazarus-hackers-target-cryptocurrency-orgs-with-fake-job-offers/ The Lazarus Heist Podcast (an amazing podcast, really. Trust us!): https://podcasts.apple.com/au/podcast/the-lazarus-heist/id1561990291

In this episode, Erich and Javvad welcome Perry Carpenter, author of 'Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors' as we discuss the release of The Inside Man Season 4 and interesting weekly inforsec stories Perry's LinkedIn Profile: https://www.linkedin.com/in/perrycarpenter/ Perry's Twitter Profile: https://twitter.com/PerryCarpenter (@PerryCarpenter) Perry's Own (AWESOME) Podcast - 8th Layer Insights https://thecyberwire.com/podcasts/8th-layer-insights Stories from the show: Facebook says Apple iOS privacy change will result in $10 billion revenue hit this year https://www.cnbc.com/2022/02/02/facebook-says-apple-ios-privacy-change-will-cost-10-billion-this-year.html Zimbra zero-day vulnerability actively exploited to steal emails https://www.bleepingcomputer.com/news/security/zimbra-zero-day-vulnerability-actively-exploited-to-steal-emails/ Researchers use GPU fingerprinting to track users online https://www.bleepingcomputer.com/news/security/researchers-use-gpu-fingerprinting-to-track-users-online/ Cyber-attack strikes German fuel supplies https://www.bbc.com/news/technology-60215252 KP Snacks https://www.bbc.co.uk/news/technology-60230077 Swissport https://www.bleepingcomputer.com/news/security/swissport-ransomware-attack-delays-flights-disrupts-operations/

In this episode, Javvad recovers from COVID, the US adds water supply to important things to protect, QNAP is getting attacked, China hijacks Aussie PM's account and Americans should expect the Ruskies to attack (in the cyberz) All of this and more today. Don't miss this episode! Stories from the show: QNAP warns of new DeadBolt ransomware encrypting NAS devices https://www.bleepingcomputer.com/news/security/qnap-warns-of-new-deadbolt-ransomware-encrypting-nas-devices/ DHS: Americans should be prepared for potential Russian cyberattacks https://www.zdnet.com/article/dhs-warns-critical-infrastructure-orgs-local-governments-of-potential-for-russian-cyberattack/ China accused of hijacking Australia Prime Minister Scott Morrison's WeChat account https://www.zdnet.com/article/china-accused-of-hijacking-australia-prime-minister-scott-morrisons-wechat-account/ Unmasking Poopsenders, The Anonymous Website That Sends People Fake Poop https://www.vice.com/en/article/k7w3dx/unmasking-poopsenders-the-anonymous-website-that-sends-people-fake-poop

In this episode Javvad and Erich are joined by Ethan Smart, Co-Founder and Head of Solutions Architecture at appNovi, as they discuss the #cybersecurity stories of the week and hear more about Ethan's passion for making the lives of practitioners easier. Stories from the show: DHL dethrones Microsoft as most imitated brand in phishing attacks https://www.bleepingcomputer.com/news/security/dhl-dethrones-microsoft-as-most-imitated-brand-in-phishing-attacks/ Nintendo warns of spoofed sites pushing fake Switch discounts https://www.bleepingcomputer.com/news/security/nintendo-warns-of-spoofed-sites-pushing-fake-switch-discounts/ Alexa outage https://www.techradar.com/uk/news/live/amazon-alexa-down-the-smart-assistant-is-struggling-to-find-its-voice NSO Group Spyware Reportedly Used by Israeli Police Force (Pegasus… again) https://www.inforisktoday.com/israeli-officials-deny-claims-improper-spyware-use-a-18352 Scammers are putting QR code stickers on parking meters to trick people into paying them https://www.businessinsider.com/scammers-qr-code-stickers-parking-meters-2022-1

After a long couple of weeks off for the holiday season, we have returned to the scene with more news and insight about the state of #CyberSecurity. This week we discuss CES, Russian attacks on US infrastructure and much more!

In this, the last episode of 2021, Erich and Javvad chat about a propane problem, the Grinch steal payday, the log4j thing and stealing lotto tickets with an interesting end. All this and more Stories frome the show: https://indianexpress.com/article/explained/log4j-vulnerability-cybersecurity-7671367/ https://www.thesun.co.uk/tech/17049490/christmas-payday-cancelled-hackers-ukg-ransomware-who-is-affected/ https://www.govinfosecurity.com/superior-plus-latest-fuel-supplier-hit-by-ransomware-a-18128 https://www.bbc.co.uk/news/uk-england-manchester-59654724

In this special episode Javvad and Erich welcome Jelle Wieringa (@JelleWieringa), Roger Grimes (@rogeragrimes), Anna Collard @AnnaCollard3) and James McQuiggan (@James_McQuiggan) to the show for their 2022 cyber predictions. How bad will things get? Will we have to welcome our new robotic overlords? Will shortages doom the Pumpkin Spice Latte? This and more may be answered in this episode, so be sure to join us.

In this episode @J4vv4d bows out and let’s @James_McQuiggan take over as they discuss the IKEA internal email issue, an attack on Planned Parenthood, a medical breach with unsuspecting victims and @ErichKron’s @InnocentOrg ambassadorship. All this and more, live! Comment, like and share! Stories from the show: IKEA Internal Email Attack: https://threatpost.com/ikea-email-reply-chain-attack/176625/ Cyber-Attack on Planned Parenthood https://www.infosecurity-magazine.com/news/cyberattack-on-planned-parenthood/ Medsurant Health discloses ransomware incident, but not yet notifying patients: https://www.databreaches.net/medsurant-health-discloses-ransomware-incident-but-not-yet-notifying-patients/ Former Ubiquiti engineer arrested for inside threat attack: https://www.techtarget.com/searchsecurity/news/252510411/Former-Ubiquiti-engineer-arrested-for-inside-threat-attack

In this episode, Erich and Javvad chat about the #infosec and #cybersecurity stories of the week. Check them out and chat live with the hosts. Stories from the show: New Memento ransomware switches to WinRar after failing at encryption: https://www.bleepingcomputer.com/news/security/new-memento-ransomware-switches-to-winrar-after-failing-at-encryption/ Security company faces backlash for waiting 12 months to disclose Palo Alto 0-day: https://www.zdnet.com/article/security-company-faces-backlash-for-waiting-12-months-to-disclose-palo-alto-0-day/ FBI system hacked to email 'urgent' warning about fake cyberattacks: https://www.bleepingcomputer.com/news/security/fbi-system-hacked-to-email-urgent-warning-about-fake-cyberattacks/

In this episode, Erich and Javvad discuss issues around a fertility clinic hack, another way big pharma is a hot mess, how Robinhood was swindled with simple social engineering and how North Korea is up to it's old tricks again. Don't forget to Like, Share and Subscribe! Stories from the show: Hack leaves fertility clinic medical data at risk: https://www.bbc.com/news/technology-59156683 EU pharmaceutical giants run old, vulnerable apps and fail to use encryption in login forms: https://www.zdnet.com/article/eu-pharmaceutical-giants-run-old-vulnerable-apps-and-fail-to-use-encryption-in-login-forms/ Robinhood discloses data breach impacting 7 million customers: https://www.bleepingcomputer.com/news/security/robinhood-discloses-data-breach-impacting-7-million-customers/ OTP Bot Call Audio: https://soundcloud.com/user-233140213/otp-bot-call-audio North Korean hackers target the South's think tanks through blog posts: https://www.zdnet.com/article/north-korean-hackers-target-the-souths-think-tanks-through-blog-posts/

In this episode Javvad and Erich discuss Cisco's decision to remover hard-coded credentials and SSH keys... finally, the US ban on Pegasus spyware, a Squid Game themed cryptocoin robbery, and parents being threatened after building a school app. Stories from the show: Cisco fixes hard-coded credentials and default SSH key issues: https://www.bleepingcomputer.com/news/security/cisco-fixes-hard-coded-credentials-and-default-ssh-key-issues/ US Bans Trade With Pegasus Spyware Maker: https://threatpost.com/pegasus-spyware-blacklisted-us/175999/ Squid Game crypto token collapses in apparent scam: https://www.bbc.co.uk/news/business-59129466 These Parents Built a School App. Then the City Called the Cops: https://www.wired.com/story/sweden-stockholm-school-app-open-source/

This week, Erich and Javvad discuss some of the latest cybersecurity stories, including the NRA hack, North Korea is going after security vendors in supply chain attacks, some Iranian gas pumps are taken offline by a cyber attack and the Groove ransomware gang wants revenge on the US for taking down REvil, and is enlisting other gangs to focus their attacks there. All of this and more! Remember to Like, Share and Subscribe! Stories from the show: NRA Hacked: https://www.cbsnews.com/news/nra-hack-ransomware-gang-grief-russia/ North Korea is Hacking Supply Chains: https://thehackernews.com/2021/10/latest-report-uncovers-supply-chain.html Iran... Out of Gas: https://www.bleepingcomputer.com/news/security/iranian-gas-stations-out-of-service-after-distribution-network-hacked/ Groove Wants Revenge: https://www.bleepingcomputer.com/news/security/groove-ransomware-calls-on-all-extortion-gangs-to-attack-us-interests/

In this episode, Erich and Javvad talk about their fails during presentations, Accenture finally admits it's data was breached, telecoms are targeted by China, the UK bans Huawei from the 5Gs bad actors steal cookies from content creators, and a whole lot more! Remember to Like, Subscribe and Share! Stories from the show: Accenture confirms data breach after August ransomware attack: https://www.bleepingcomputer.com/news/security/accenture-confirms-data-breach-after-august-ransomware-attack/ Huawei ban: UK to impose early end to use of new 5G kit: https://www.bbc.com/news/business-55124236 Potential Chinese hackers targeting telecommunications companies: https://thehill.com/policy/cybersecurity/577440-potential-chinese-hackers-targeting-telecommunications-companies Hackers Stealing Browser Cookies to Hijack High-Profile YouTube Accounts: https://thehackernews.com/2021/10/hackers-stealing-browser-cookies-to.html

In this episode, Erich and Javvad discuss the weekly hot infosec topics, including ransomware without the encryption, angry ex-employees turned insider threat at a flight school, "super" passwords to not use, and whether or not "It was a deepfake" is the new, "The dog ate my homework". All of this and more! Remember to like, subscribe and share! Stories from the show: 30 Mins or Less: Rapid Attacks Extort Orgs Without Ransomware: https://threatpost.com/rapid-attacks-extort-ransomware/175445/ Woman, 26, is arrested 'for hacking into Florida flight training school's system and tampering with airplane information, including clearing some aircraft with maintenance issues for takeoff': Cops say attack was in retaliation after father was fired: https://www.newsbreak.com/news/2400876442542/woman-26-is-arrested-for-hacking-into-florida-flight-training-school-s-system-and-tampering-with-airplane-information-including-clearing-some-aircraft-with-maintenance-issues-for-takeoff-cops-say-attack-was-in-retaliation-after-father-was-fired Superman, Not to Rescue: Passwords With Superhero Names Are Most Hacked: https://www.news18.com/news/buzz/superman-not-to-rescue-passwords-with-superhero-names-are-most-hacked-4317128.html Fraudsters Cloned Company Director’s Voice In $35 Million Bank Heist, Police Find: https://www.forbes.com/sites/thomasbrewster/2021/10/14/huge-bank-fraud-uses-deep-fake-voice-tech-to-steal-millions/?sh=18cc26697559

In this episode, Javvad makes fun of Erich for his current state of mental exhaustion due to National CyberSecurity Awareness Month, the Facebook outage and incident response tips are discussed, the ramifications of the Twitch breach are covered and an interesting, but maybe not so useful, method of pulling data from an air-gapped system is covered. All of this and more! Remember to Like, Share and Subscribe! Stories from the show: Understanding How Facebook Disappeared from the Internet: https://blog.cloudflare.com/october-2021-facebook-outage/ Security experts have given advice following the Twitch data breach: https://www.nme.com/news/gaming-news/security-experts-have-given-advice-following-the-twitch-data-breach-3064855 Twitch source code and creator payouts part of massive leak: https://www.theverge.com/2021/10/6/22712250/twitch-hack-leak-data-streamer-revenue-steam-competitor LANtenna Attacks Exploit Air-Gapped Networks Via Ethernet: https://www.bankinfosecurity.com/lantenna-attacks-exploit-air-gapped-networks-via-ethernet-cables-a-17688

In this episode, Javvad really messes up the intro, but finally finds his grove as they discuss the stroy about the Group-IB CEO being charged with Treason by Russia, The DDoS attack on Bandwidth, A very specific vulnerability with iPhones and Visa cards and how YouTube is going to remove all vaccine misinformation from the platform. All of this and more! Like, share and subscribe! Stories from the show: Top Russian Cybersecurity CEO Charged with Treason: https://www.govinfosecurity.com/top-russian-cybersecurity-ceo-charged-treason-a-17644 Bandwidth Hit with DDoS Attack, Dealing with Service Disruptions: https://www.channelfutures.com/security/bandwidth-hit-with-ddos-attack-dealing-with-service-disruptions Security experts urge iPhone users to remove Visa as a transport card via Apple Pay: https://uk.news.yahoo.com/security-experts-urge-iphone-users-234037124.html YouTube to remove all anti-vaccine misinformation: https://www.bbc.com/news/technology-58743252 Show Contents: 00:00 - 02:04 Javvad ruins the Intro 02:04 - 06:56 Treason or just business? 06:56 - 12:52 DDoS and the Bandwidth attack 12:52 - 22:49 Transporting with Visa 22:49 - 22:17 YouTube removing anti-vaxx misinformation 22:17 - 27:30 Outro

In this episode, Erich channels his deep inner anger about some government follies that have impacted individuals and organizations alike. Javvad mostly nods along for effect. Remember to Like, Share and Subscribe! Stories from the show: FBI Withholding Kaseya Ransomware Decryption Key Had ‘No Bearing’ on REvil: https://www.channelfutures.com/security/fbi-withholding-kaseya-ransomware-decryption-key-had-no-bearing-on-revil Four months on from a sophisticated cyberattack, Alaska's health department is still recovering: https://www.zdnet.com/article/four-months-on-from-sophisticated-cyber-attack-alaskas-health-services-is-still-recovering/ Investigation launched after MoD email blunder: https://www.computerweekly.com/news/252506972/Investigation-launched-after-MoD-email-blunder

Erich Kron is out this week so the award-winning Host Unknown stepping in and took matters into their own hands. Follow host unknown on hostunknown.tv @hostunknowntv Listen to the host unknown podcast on your favourite podcast player Stories from the show: ‘Significant threat’: cyber attacks increasingly targeting Australia’s critical infrastructure https://www.theguardian.com/technology/2021/sep/15/significant-threat-cyber-attacks-increasingly-targeting-australias-critical-infrastructure Microsoft: Windows 10 2004 reaches end of service in December https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-10-2004-reaches-end-of-service-in-december/ HP patches severe OMEN driver privilege escalation vulnerability https://www.zdnet.com/article/hp-patches-omen-driver-privilege-escalation-vulnerability/ Apple Issues Emergency Fix for NSO Zero-Click Zero Day https://threatpost.com/apple-emergency-fix-nso-zero-click-zero-day/169416/ Over 60 million wearable, fitness tracking records exposed via unsecured database https://www.zdnet.com/article/over-60-million-records-exposed-in-wearable-fitness-tracking-data-breach-via-unsecured-database/ Follow host unknown on hostunknown.tv Listen to the host unknown podcast on your favourite podcast player

In this episode, Javvad messes up by starting the recording early, then hem and Erich discuss a new threat from a ransomware gang about dumping data if the victim calls the cops, the REvil servers mysteriously being resurrected from the dead, claiming a ransomware payment as a tax deduction and a whole bunch of VPN passwords being stolen. All of this and more, in this episode of The Jerich Show (complete with a reworked logo) Remember to Like, Share and Subscribe! Stories From the Show: Ransomware gang threatens to leak data if victim contacts FBI, police: https://www.bleepingcomputer.com/news/security/ransomware-gang-threatens-to-leak-data-if-victim-contacts-fbi-police/ Hit by a ransomware attack? Your payment may be deductible: https://www.independent.co.uk/news/hit-by-a-ransomware-attack-your-payment-may-be-deductible-irs-fbi-pms-washington-ransomware-b1868907.html REvil ransomware's servers mysteriously come back online: https://www.bleepingcomputer.com/news/security/revil-ransomwares-servers-mysteriously-come-back-online/ Hackers Leak VPN Account Passwords From 87,000 Fortinet FortiGate Devices: https://thehackernews.com/2021/09/hackers-leak-vpn-account-passwords-from.html Show Contents: 00:00 - 01:42 Javvad Messes Up the Intro 01:42 - 07:17 Ragnar Locker Threats if the Victim Calls the Cops or Negotiators 07:17 - 09:02 Is Your Ransom Payment a Tax Deduction? 09:02 - 15:32 REvil Servers Raise Their Ugly Heads Again 15:32 - 20:42 VPN Accounts Leaked From Fortigate Devices 20:42 - 20:50 Outro

It's been a couple of weeks, but Javvad and Erich are back from a little break and far more grumpy than you might assume. That's OK, because, as evidenced by the stories, they are grumpy because nobody fixed the internet while they were gone. Check out what they are so grumpy about and don't forget to Like, Share and Subscribe! Stories from the show: Attackers Can Remotely Disable Fortress Wi-Fi Home Security Alarms: https://thehackernews.com/2021/08/attackers-can-remotely-disable-fortress.html Scam artists are recruiting English speakers for business email campaigns: https://www.zdnet.com/article/scam-artists-are-recruiting-english-speakers-for-business-email-campaigns LockBit gang leaks Bangkok Airways data, hits Accenture customers: https://www.bleepingcomputer.com/news/security/lockbit-gang-leaks-bangkok-airways-data-hits-accenture-customers/ Twitter creates 'Safety Mode' to temporarily block accounts caught insulting users: https://www.zdnet.com/article/twitter-creates-safety-mode-to-temporarily-block-accounts-caught-insulting-users/

In this episode, Erich reminisces about Blackhat and DEFCON, comparing past years to 2021 and Javvad and him discuss some crazy news stories, including one where a cyber thief actually returns $260 million and a new UK governement software that adds a button to report emails to the 'Ministry of Phishy Things', or some such government entity. Don't forget to Like, Subscribe and Share for more fun looks at very serious topics. Stories from the show: Cryptocurrency heist hacker returns $260m in funds: https://www.bbc.com/news/business-58180692 New one-click button will flag dodgy emails directly to cyber experts: https://news.sky.com/story/new-one-click-button-will-flag-dodgy-emails-directly-to-cyber-experts-12379104 Flight attendant interview video: https://www.youtube.com/watch?v=XFoXmnBuLw0 Show Contents: 00:00 - 1:00 Intro 01:00 - 13:30 Blackhat and DEFCON recap 13:30 - 18:27 Cryptocurrency heist hacker returns $260m in funds 18:27 - 28:49 New one-click button will flag dodgy emails directly to cyber experts 28:49 - 30:39 Smelling like regret (https://www.youtube.com/watch?v=XFoXmnBuLw0) 30:39 - 31:04 Outro

In this quick daily recap, Erich and Javvad talk about the closing day of Black Hat and the start of DEFCON, conference speaking and much more.

In this episode, Javvad and Erich discuss the first day at Black Hat 2021. They discuss the low attendance at Black Hat, the topics and big vendors at the show and other observations from the show. In addition they discuss a ransomware attack on a school, a huge amount of data leaked by a mystery company, security issues with a hotel capsule, and more. Look out for more updates from Vegas this year! Like, share and subscribe! Stories from the show: Report: Over 63 Million US Citizens Exposed in Massive Data Leak: https://www.vpnmentor.com/blog/report-onemorelead-leak/ Isle of Wight schools hit by ransomware attack: https://www.bbc.com//uk-england-hampshire-58078670 Black Hat: Security Bugs Allow Takeover of Capsule Hotel Rooms: https://threatpost.com/security-bugs-takeover-capsule-hotel/168376/

This week Anna Collard, founder of Popcorn Training and an all around brillant person, talks through the stories of the week and shares her experience taking a doodle, and turining it into a great company. You don't want to miss it! Like, subscribe and share! About Anna: LinkedIn: https://www.linkedin.com/in/anna-collard-606817/ Twitter: @AnnaCollard3 Stories from the show: Majority of employees take cybersecurity shortcuts, despite knowing risks: https://www.securitymagazine.com/articles/95722-majority-of-employees-take-cybersecurity-shortcuts-despite-knowing-risks Scam-baiting YouTube channel Tech Support Scams taken offline by tech support scam: https://www.theregister.com/2021/07/27/youtube_channel_tech_scam/ ICO ends its involvement in dispute between NatWest Bank and data breach whistleblower: https://www.computerweekly.com/news/252504531/ICO-ends-its-involvement-in-dispute-between-NatWest-Bank-and-data-breach-whistleblower South Africa port operations halted and workers reportedly put on leave after major cyberattack: https://www.cnbc.com/2021/07/27/transnet-halts-port-operations-in-south-africa-after-major-cyberattack.html Show Content: 00:00 - Intro 02:52 - Majority of employees take cybersecurity shortcuts, despite knowing risks 10:16 - Scam-baiting YouTube channel Tech Support Scams taken offline by tech support scam 18:35 - ICO ends its involvement in dispute between NatWest Bank and data breach whistleblower 26:02 - South Africa port operations halted and workers reportedly put on leave after major cyberattack 33:50 - Anna talks about starting Popcorn Training 43:07 - Tech sector and the value of professional relationships in South Africa 48:53 - What people can do better to communicate 54:18 - What is next for Anna 56:34 - Outro

This week Javvad and Erich discuss some of the hottest stories of the past week, including the sentancing of a swatter, the release of a Kaseya universal ransomware decryptor, a $50m demand (possibly being delivered by bicycle), MosaicLoader punishes pirates, the (ISC)2 learning portal for CISSP's and other members and an insurtech startup that joins the 'unsecured S3 bucket' club. All of this and more. Please like, subscribe and share. Story links and chapter listing is below. Serial Swatter Who Caused Death Gets Five Years in Prison https://krebsonsecurity.com/2021/07/serial-swatter-who-caused-death-gets-five-years-in-prison/ Kaseya obtains universal decryptor for REvil ransomware victims https://www.bleepingcomputer.com/news/security/kaseya-obtains-universal-decryptor-for-revil-ransomware-victims/ Hackers reportedly demand $50m from Saudi Aramco over data leak https://www.bbc.com/news/business-57924355 New MosaicLoader malware targets software pirates via online ads https://www.bleepingcomputer.com/news/security/new-mosaicloader-malware-targets-software-pirates-via-online-ads/ An insurtech startup exposed thousands of sensitive insurance applications https://techcrunch.com/2021/07/16/backnine-insurance-applications-exposed/ Other mentions: Dark Patterns https://www.darkpatterns.org/ (ISC)2 Learning Portal https://learn.isc2.org Contents of this video: 00:00 - Javvad's Minecraft-esque Intro 02:22 - Black Hat Conference and COVID Thoughts 06:00 - Serial Swatter Who Caused Death Gets Five Years in Prison 10:32 - Kaseya obtains universal decryptor for REvil ransomware victims 14:54 - Hackers reportedly demand $50m from Saudi Aramco over data leak 20:05 - New MosaicLoader malware targets software pirates via online ads 25:54 - The (ISC)2 Learning Portal and What They Are Doing Right 30:38 - An insurtech startup exposed thousands of sensitive insurance applications 34:53 - Closing and Profound Insight from Erich

In this episode, Erich and Javvad discuss some data breaches, issues with outdated and End-of-Life (EOL) hardware and software and issues with government collection of zero-day vulnerabilities and issues related to mandatory reporting with too little time to understand the issue. Like, subscribe and share! Fashion retailer Guess discloses data breach after ransomware attack: https://www.bleepingcomputer.com/news/security/fashion-retailer-guess-discloses-data-breach-after-ransomware-attack/ SonicWall warns of 'critical' ransomware risk to EOL SMA 100 VPN appliances: https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-critical-ransomware-risk-to-eol-sma-100-vpn-appliances/ 22% of exploits for sale in underground forums are more than three years old: https://www.helpnetsecurity.com/2021/07/15/exploits-for-sale/ So nice of China to put all of its network zero-day vulns in one giant database no one will think to break into: https://www.theregister.com/2021/07/15/china_vulnerability_law/

In this episode, Charl van der Walt jions Erich and Javvad as they talk about the news stories related to the new CISA 'Bad Practices' guidance, My Book Live devices being remotely wiped, Windows print spoolers being weaponized and data movement by pigeons. Charl then talks about what it's like being a CEO, what he looks for in potential employees, the state of security organizations in South Africa, the value of certifications and more. Remember to hit the 'Like' button, then subscribe and share for more great weekly episoded. About Charl: Twitter: @charlvdwalt LinkedIn: https://www.linkedin.com/in/charl-van-der-walt/ Orange Cyberdefense: https://www.linkedin.com/company/orange-cyberdefense/ Stories from the show: CVE-2021-1675: Proof-of-Concept Leaked for Critical Windows Print Spooler Vulnerability: https://www.tenable.com/blog/cve-2021-1675-proof-of-concept-leaked-for-critical-windows-print-spooler-vulnerability Hackers use zero-day to mass-wipe My Book Live devices: https://www.bleepingcomputer.com/news/security/hackers-use-zero-day-to-mass-wipe-my-book-live-devices/ Bad Practices: https://www.cisa.gov/BadPractices BONUS STORY: In Africa, A Pigeon Transfers Data Faster Than The Internet: https://www.wired.com/2009/09/in-africa-a-pigeon-transfers-data-faster-than-the-internet/ IP over Avian Carriers with Quality of Service: https://datatracker.ietf.org/doc/html/rfc2549

In this episode Javvad and Erich discuss the death of John McAfee, a story where 2 brothers in South Africa disappear under mysterious circumstances (and along with $2.2 billion in BTC) and, Facebook calls out Apple by funding an attempt at an academic-ish paper, as they strive to protect you from the evils of monopolistic behavior (or maybe just to protect their own profits). All this and more in this episode! Be sure to like, subscribe and share! Javvad's Interview with John McAfee: https://www.youtube.com/watch?v=xHuVW63ceSQ Stories from the show: John McAfee found dead in Spanish prison after his extradition to the US was approved: https://www.cnn.com/2021/06/23/tech/john-mcafee-death/index.html South African Brothers Disappear, Along With $2.2 Billion Worth Of Bitcoin: https://www.forbes.com/sites/emilymason/2021/06/23/south-african-brothers-disappear-along-with-22-billion-worth-of-bitcoin/?sh=4dbd6a3a1a60 Facebook vs. Apple: Here's what you need to know about their privacy feud: https://www.cnet.com/news/facebook-vs-apple-heres-what-you-need-to-know-about-their-privacy-feud/ The paper that was published: Harming Competition and Consumers under the Guise of Protecting Privacy: An Analysis of Apple’s iOS 14 Policy Updates: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3852744

In this episode, Javvad and Erich are joined by Magda de Jager (aka Mags) to discuss this weeks news stories, including the Peloton bike vulnerability (or is it?), the takedown of the Clot ransomware gang and credential stuffing attacks targeting the travel and retail industries. Mags also discusses her journey to working in infosec and much, much more! Please like, share and subscribe About Mags: Twitter: @magsdj LinkedIn: https://www.linkedin.com/in/magdadejager/ Stories from the show: Ukrainian police partner with US, South Korea for raid on Clop ransomware members: https://www.zdnet.com/article/ukranian-police-partner-with-us-south-korea-for-raid-on-clop-ransomware-members/ Peloton Bike+ Was Vulnerable to Remote Hacking, Researchers Find: https://gizmodo.com/peloton-bike-was-vulnerable-to-remote-hacking-researc-1847105097 Travel and retail industries facing wave of credential stuffing attacks: https://www.zdnet.com/article/travel-and-retail-industries-facing-wave-of-credential-stuffing-attacks/ Scottish word of the day: Miss PunnyPennie - @Lenniesaurus https://twitter.com/Lenniesaurus

In this episode Javvad and Erich welcome Mo Amin, -------- at ------- as we discuss the Fastly outage, some vulnerabilities in some MQTT handlers, what might be the biggest password dump of all times and we have some serious discussion about company security culture and what that means to an organization. Don’t forget to like, share and subscribe for more great weekly content! About Mo: Twitter: @infosecmo LinkedIn: https://www.linkedin.com/in/moamin1/ Stories form the show One Fastly customer triggered internet meltdown: https://www.bbc.com/news/technology-57413224 DoS vulns in 3 open-source MQTT message brokers could leave users literally locked out of their homes or offices: https://www.theregister.com/2021/06/08/mqtt_dos_vulnerabilities/ Largest List of Passwords Ever Has Been Released Online: https://news.softpedia.com/news/largest-list-of-passwords-ever-has-been-released-online-533160.shtml

In this episode, Jim Zuffoletti, CEO & Co-Founder of SafeGuard Cyber, joins the show as we discuss several ransomware attacks from the week, talk about how security has evolved to bring about some signficant challenges securing human and cloud architectures and the data involved, and much, much more. Jim's info: SafeGuard Cyber: https://www.safeguardcyber.com/ SafeGuard Cyber's Twitter: @SafeGuard_Cyber LinkedIn: https://www.linkedin.com/in/jimzuffoletti/ Stories from the show: REvil, A Notorious Ransomware Gang, Was Behind JBS Cyberattack, The FBI Says https://www.npr.org/2021/06/03/1002819883/revil-a-notorious-ransomware-gang-was-behind-jbs-cyberattack-the-fbi-says FUJIFILM shuts down network after suspected ransomware attack https://www.bleepingcomputer.com/news/security/fujifilm-shuts-down-network-after-suspected-ransomware-attack/ NYC’s Subway Operator and Martha’s Vineyard Ferry Latest to Report Cyberattacks https://www-wsj-com.cdn.ampproject.org/c/s/www.wsj.com/amp/articles/ransomware-scourge-continues-as-essential-services-are-hit-11622672685 Biden will confront Vladimir Putin about ransomware as cyberattacks increase in US https://www.usatoday.com/story/news/politics/2021/06/02/joe-biden-discuss-ransomware-putin-amid-rising-cyberattacks/7508957002/ Effectuation.org https://www.effectuation.org/

In this episode, Erich is recovering from a minor spinal surgery an hour before recording and Javvad makes him discuss topics ranging from the FBI notice about Conti attacking hospitals and first responders, the governement attempting to get control of data breaches, a huge illegal Russian dark web market and recent Japan hacks Don't forget to like, share and subscribe! Links from the show: The most important link in the list - 恋のセキュリティホール〜HACK SONG〜: https://www.youtube.com/watch?v=ZQlvY5UfjeE FBI Flaaaaaash: https://www.documentcloud.org/documents/20785301-conti-ransomware-attacks-impact-healthcare-and-first-responder-networks-bc-5-20-21 Senators roll out bipartisan data privacy bill: https://www.theverge.com/2021/5/20/22444515/amy-klobuchar-data-privacy-protection-facebook-state-laws Illegal Drug Trade Fuels $1.37B in Crypto Transactions at Russian Dark Site: https://www.ecommercetimes.com/story/87146.html Japanese government agencies suffer data breaches after Fujitsu hack: https://www.bleepingcomputer.com/news/security/japanese-government-agencies-suffer-data-breaches-after-fujitsu-hack/ Japan predicts hacker attack on Tokyo Summer Olympics by Russian hackers: https://www.ehackingnews.com/2021/05/japan-predicts-hacker-attack-on-tokyo.html

In this episode, Javvad and Erich welcome Andra Zaharia to the show as they talk about an issue with an update to servers behind some cloud cameras that allowed people to view other feeds, how a Russian keyboard can stop malware and about infosec marketing, both externally to customers and internally to your leadership. Stories: Bug Exposes Eufy Camera Private Feeds to Random Users https://threatpost.com/eufy-cam-private-feeds/166288/ Russian keyboards can stop ransomware? https://www.newstalk.com/news/russian-keyboard-could-protect-you-from-potential-cyber-hack-expert-says-1197842 About Andra: Twitter: @AndraZaharia LinkedIn: https://www.linkedin.com/in/andrazaharia/ Website: https://andrazaharia.com/ Resources she recommended: Impersonation example: https://twitter.com/kat_boogaard/status/1361769043267645440 Thanks for the Feedback: The Science and Art of Receiving Feedback Well by Douglas Stone, Sheila Heen - https://www.goodreads.com/book/show/18114120-thanks-for-the-feedback?ac=1&from_search=true&qid=BNKechN2EP&rank=1 Nonviolent Communication: A Language of Life by Marshall B. Rosenberg - https://www.goodreads.com/book/show/71730.Nonviolent_Communication?ac=1&from_search=true&qid=o3Ar8B4VcH&rank=1 The Mom Test: How to talk to customers & learn if your business is a good idea when everyone is lying to you by Rob Fitzpatrick - https://www.goodreads.com/book/show/52283963-the-mom-test?ac=1&from_search=true&qid=7KBV7NvPN8&rank=1 What To Do When It's Your Turn (and it's always your turn) by Seth Godin - https://www.goodreads.com/book/show/23665356-what-to-do-when-it-s-your-turn?ac=1&from_search=true&qid=njWuQP6RrB&rank=1 Her list of people to follow who will instantly make your timeline a source of good convos - https://twitter.com/i/lists/967424242961801217/members

This week Erich and Javvad talk about the issues of law enforcement making changes to private companies servers, the spotting of some CIA malware, another government data breach and an awesome bug bounty story. Listen, like and subscribe! Links from the show: This software update is deleting botnet malware from infected PCs around the world https://www.msn.com/en-us/news/technology/this-police-update-is-now-deleting-botnet-malware-from-infected-pcs-around-the-world/ar-BB1g3Prr?ocid=BingNews Security firm Kaspersky believes it found new CIA malware https://therecord.media/security-firm-kaspersky-believes-it-found-new-cia-malware/ Wyo Health Department Data Breach Exposes Info From 165K Wyomingites https://cowboystatedaily.com/2021/04/27/wyoming-department-of-health-sees-data-breach-of-165k-wyomingites/ Researchers Secure Bug Bounty Payout to Help Raise Funds for Infant’s Surgery https://www.vice.com/en/article/m7eaqv/researchers-secure-bug-bounty-payout-to-help-raise-funds-for-infants-surgery

In this episode, Erich and Javvad discuss a 50-year-old male Japanese motorcycler that tricked his fans in to believing he was a 20-something-year-old female with digital face swap trickery, How McDonalds $18k ice cream machines have a dirty little secret, and maybe a fix for that with a Raspberry Pi, and free or cheap alternatives to some popular graphics design programs. All this and more. Don't forget to watch, like and subscribe below Stories from the show: Face editing: Japanese biker tricks internet into thinking he is a young woman https://www.bbc.com/news/world-asia-56447357 They Hacked McDonald’s Ice Cream Machines—and Started a Cold War https://www.wired.com/story/they-hacked-mcdonalds-ice-cream-makers-started-cold-war/ Farmers Are Having to Hack Their Own Tractors Just to Make Repairs https://www.thedrive.com/news/39158/farmers-are-having-to-hack-their-own-tractors-just-to-make-repairs Sonos explains why it bricks old devices with ‘Recycle Mode’ https://www.theverge.com/2019/12/30/21042871/sonos-recycle-mode-trade-up-program-controversy Adobe Early Cancellation Fee Stirs Up Controversy On Twitter; Leaves Users Enraged https://www.republicworld.com/technology-news/apps/adobe-early-cancellation-fee-stirs-up-controversy-on-twitter-leaves-users-enraged.html Adobe Alternatives https://www.patreon.com/posts/26834357

Have you ever wanted to start an infosec conference of your very own? This week Erich and Javvad talk with Derrick Thomas, a co-founder of BSides Tampa, about what it's like to start and grow a conference, some pitfalls and reaching for stars. They will also discuss the FBI fixing Exchange servers via search warrants, Derrick will be distracted by a clickbait ad about twerking, and realtors showing PII in a virtual tour will be discussed. Don't forget to like and subscribe to the podcast and video versions. About Derrick: Twitter: @BSidesTampa LinkedIn: https://www.linkedin.com/in/ddthomas-tampa/ Stories from the show: FBI blasts away web shells on US servers in wake of Exchange vulnerabilities https://www.zdnet.com/article/fbi-blasts-away-web-shells-on-us-servers-in-wake-of-exchange-vulnerabilities/ Estate agent's hi-tech house tour exposes personal data https://www.bbc.co.uk/news/technology-56718046 Why Australia is in hysterics over a 'navy twerking' dance https://www.bbc.co.uk/news/world-australia-56754868 Fyre Festival https://en.wikipedia.org/wiki/Fyre_Festival

In this great episode, Erich and Javvad welcome Tricia Howard to the show as they discuss the Ziggy ransomware game giving refunds (no, really), the 500 million user LinkedIn profile scrape, getting in to the cybersecurity industry from outside, and more. Trisha even uses her amazing theatrical skills to do a dramatic reading of a ransomware note. Remember to watch, like, and subscribe! Trisha's information: Twitter and Instagram: @TriciaKicksSaaS LinkedIn: https://www.linkedin.com/in/triciakickssaas/ Stories from the show: Ziggy ransomware admin announces refunds for all targeted victims https://www.teiss.co.uk/ziggy-ransomware-admin-to-refund-victims/ Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof: https://cybernews.com/news/stolen-data-of-500-million-linkedin-users-being-sold-online-2-million-leaked-as-proof-2/

In the episode, Javvad and Erich welcome Kai Roer to the show to talk about a Twitter account takeover, a big potential data leak, responsibility in a phishing click and of course, about security culture. About Kai: Twitter: @kairoer LinkedIn: https://www.linkedin.com/in/kairoer/ Stories From the Show: Phish Leads to Breach at Calif. State Controller https://krebsonsecurity.com/2021/03/phish-leads-to-breach-at-calif-state-controller/ NHS boss's Twitter accounts hacked by PS5 scammers: https://www.bbc.co.uk/news/technology-56456002 Forex Broker Leaks Billions of Customer Records Online: https://www.infosecurity-magazine.com/news/forex-leaks-millions-customer/

From security camera feeds being pwned to tracking people through lens scratches and dust and big issues with some Adobe software, cameras and related items are the topic today for Javvad and Erich. Links from the show: FB can track you via dust and scratches: https://www.tiktok.com/@jengolbeck/video/6936959507356486918 The FB patent for associating cameras with users and objects in a social networking system https://patents.google.com/patent/US9485423B2/en Dr. Jen Golbeck: Twitter: https://twitter.com/jengolbeck TikTok: https://www.tiktok.com/@jengolbeck? Security startup Verkada hack exposes 150,000 security cameras in Tesla factories, jails, and more: https://www.theverge.com/2021/3/9/22322122/verkada-hack-150000-security-cameras-tesla-factory-cloudflare-jails-hospitals Adobe releases batch of security fixes for Framemaker, Creative Cloud, Connect: https://www.zdnet.com/article/adobe-releases-batch-of-security-fixes-for-framemaker-creative-cloud-connect/

In this episode, Erich and Javvad are joined by their colleague and friend, James McQuiggan, as they discuss Elder Fraud, phishing attacks targeting AOL users, Cash App phishing kits and bogus Capital Calls among other things. James McQuiggans info: Twitter: @James_McQuiggan LinkedIn: https://www.linkedin.com/in/jmcquiggan/ His book Pick: Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors https://www.amazon.com/Transformational-Security-Awareness-Neuroscientists-Storytellers/dp/1119566347/ Stories from the show: Elder Fraud: https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/elder-fraud Beware: AOL phishing email states your account will be closed: https://www.bleepingcomputer.com/news/security/beware-aol-phishing-email-states-your-account-will-be-closed/ Cash App phishing kit deployed in the wild, courtesy of 16Shop: https://www.bleepingcomputer.com/news/security/cash-app-phishing-kit-deployed-in-the-wild-courtesy-of-16shop/ Investors are the next target of large-scale cyberattacks: https://www.bleepingcomputer.com/news/security/investors-are-the-next-target-of-large-scale-cyberattacks/

Mohammed Aldoub AKA @voulnet is an API and Cloud security expert. While Erich is off nursing a sore neck, Mohammed keeps Javvad quiet and drops some serious API security knowledge. Links discussed: Clubhouse https://twitter.com/_DanielSinclair/status/1363738761339826177?s=19 Hacking Starbucks https://samcurry.net/hacking-starbucks/ Cloud pricing specialists https://www.duckbillgroup.com/ API vulnerability https://hackerone.com/reports/810320 Exploiting Drupal8's REST RCE https://www.ambionics.io/blog/drupal8-rce Stop using JWT for sessions http://cryto.net/~joepie91/blog/2016/06/19/stop-using-jwt-for-sessions-part-2-why-your-solution-doesnt-work/ Mohammed's Github (tools, upcoming training schedule) https://github.com/Voulnet Follow Mohammed on twitter @voulnet

Javvad's internet is broken, so he is a pixelated mess, but we still talk ransomware and the new Mac M1 virus. Stories from the show: Kia Motors Hit With $20M Ransomware Attack – Report (with a cameo ad for Erich's upcoming ThreatPost panel) https://threatpost.com/kia-motors-ransomware-attack/164085/ When Cyber Gangs Disregard Ransomware Payments, Victims Can Be Hit Twice https://securityintelligence.com/news/when-cyber-gangs-disregard-ransomware-payments/ First Malware Running Natively on M1 Chip Discovered https://www.macrumors.com/2021/02/17/first-m1-chip-malware/

In this episode, Erich and Javvad welcome Kylee Lockwood, a pro in the field of compliance, to the show as they discuss issues with ICS, the impact of cat filters on professional people and another loss of source code. Kylee's contact information: LinkedIn - https://www.linkedin.com/in/kyleemarie/ Twitter - @kyleemariel Links from the show: Hackers steal StormShield firewall source code in data breach https://www.bleepingcomputer.com/news/security/hackers-steal-stormshield-firewall-source-code-in-data-breach/ ICS Challenges https://www.zdnet.com/article/hacker-modified-drinking-water-chemical-levels-in-a-us-city/ Lawyer is NOT a cat: https://www.entrepreneur.com/article/365148 Cat filter accidentally used in Pakistani minister’s live press conference: https://www.bbc.com/news/world-asia-48663289

In this episode Erich and Javvad discuss stories related to ransomware, vulnerabilites in some WiFi chipsets and issues related to the Greek police officers being issued hardware allowing for facial recognition and fingerprint identification. Stories in this episode: Critical Bugs Found in Popular Realtek Wi-Fi Module for Embedded Devices: https://thehackernews.com/2021/02/critical-bugs-found-in-popular-realtek.html Ransomware attacks increasingly destroy victims’ data by mistake: https://www.bleepingcomputer.com/news/security/rise-in-ransomware-attacks-mistakenly-causing-data-destruction/ Ransomware: A company paid millions to get their data back, but forgot to do one thing. So the hackers came back again: https://www.zdnet.com/article/ransomware-this-is-the-first-thing-you-should-think-about-if-you-fall-victim-to-an-attack/ Greek Police to Introduce Live Facial Recognition: https://www.infosecurity-magazine.com/news/greek-police-to-introduce-live

This week Javvad and Erich welcome a long time friend and former colleague of Javvad's, Adrian Sanabria to the show as they discuss news around the takedown of the the Emotet group, a new phishing toolkit that dynamically changes brands and other news from they cybersecurity world. Adrian also discusses his new job and how it will change the future of infosec tool product reviews. Don't forget to like and subscribe for more great weekly content! Adrian's Social Media: Twitter: @sawaba LinkedIn: https://www.linkedin.com/in/adrian-sanabria/ OnlyFans: TBD Stories from the show: Emotet Takedown: https://www.bbc.com/news/technology-55826258 New Phishing Toolkit: https://www.zdnet.com/article/new-cybercrime-tool-can-build-phishing-pages-in-real-time/ Krebs on Solarwinds: https://krebsonsecurity.com/2021/01/solarwinds-what-hit-us-could-hit-others/ The Sonicwall Problem: https://threatpost.com/sonicwall-breach-zero-days-in-remote-access/163290/ The Security Products We Deserve: https://youtu.be/GHuQC1qLnJ4

Knowing that Erich was going in for doctor visit that morning, Javvad decided rather than a traditional show, to help take his mind off things, he would put Erich on the spot to comment to stories he had no idea were coming. Welcome to Headline Roulette, a speed response to the following stories with no time to actually read these articles: Privacy-focused search engine DuckDuckGo grew by 62% in 2020 https://www.bleepingcomputer.com/news/technology/privacy-focused-search-engine-duckduckgo-grew-by-62-percent-in-2020/ FBI: Disinformation Campaigns Seek to Exploit Capitol Siege https://www.bankinfosecurity.com/fbi-disinformation-campaigns-seek-to-exploit-capitol-siege-a-15782 FBI warns of vishing attacks stealing corporate accounts https://www.bleepingcomputer.com/news/security/fbi-warns-of-vishing-attacks-stealing-corporate-accounts/ A Chinese hacking group is stealing airline passenger details https://www.zdnet.com/article/a-chinese-hacking-group-is-stealing-airline-passenger-details/ 70% of UK finance industry hit with cyber-attacks in 2020 https://uk.finance.yahoo.com/news/70-percent-uk-finance-industry-hit-with-cyberattacks-in-2020-000851797.html Hacker posts 1.9 million Pixlr user records for free on forum https://www.bleepingcomputer.com/news/security/hacker-posts-19-million-pixlr-user-records-for-free-on-forum/ Coin-Mining Malware Volumes Soar 53% in Q4 2020 https://www.infosecurity-magazine.com/news/coinmining-malware-volumes-soar-53/ When you browse Instagram and find former Australian Prime Minister Tony Abbott's passport number https://mango.pdf.zone/finding-former-australian-prime-minister-tony-abbotts-passport-number-on-instagram X-rated social media app Fleek exposed explicit photos of users https://www.hackread.com/social-media-app-fleek-explicit-photos-leak/ DON'T FORGET TO LIKE AND SUBSCRIBE

In this episode, Javvad and Erich are joined by privacy expert Rowenna Fielding for a fun and informative show discussing privacy issues around the globe. The group discusses changes made by TikTok, the new WhatsApp privacy debacle, the use crowdsourcing by law enforcement after the capitol fiasco, and how to move from and infosec role to a job focused on privacy. Rowenna’s recommended books: • Surveillance capitalism - https://www.amazon.com/Age-Surveillance-Capitalism-Future-Frontier/dp/1541758005/ • Weapons of math destruction - https://www.amazon.com/Weapons-Math-Destruction-Increases-Inequality/dp/0553418831/ • Algorithms of oppression - https://www.amazon.com/Algorithms-Oppression-Search-Engines-Reinforce/dp/1479837245/ Rowenna’s Patreon link: http://patreon.com/missiggeek Links from the show: TikTok: All under-16s' accounts made private - https://www.bbc.com/news/amp/technology-55639920 WhatsApp gives users an ultimatum: Share data with Facebook or stop using the app - https://arstechnica.com/tech-policy/2021/01/whatsapp-users-must-share-their-data-with-facebook-or-stop-using-the-app/ Rowenna’s breakdown of the WhatApp privacy changes - https://missinfogeek.net/whatsapp-privacy-policy-translated/ Capitol riots: Who has the FBI arrested so far? - https://www.bbc.com/news/world-us-canada-55626148 @sawaba plotted video uploads from the GPS coordinates of the capital on 1/6/21 - https://twitter.com/sawaba/status/1349056336202522625 I Cut the 'Big Five' Tech Giants From My Life. It Was Hell - https://gizmodo.com/i-cut-the-big-five-tech-giants-from-my-life-it-was-hel-1831304194

Join Javvad and Erich as they trick the ever funny and good humored Garrett Gross in to joining, them one last time before their end of year break, for a solid 9 minutes of great discussion followed by his dismissal. Once rid of him, the team turns the topic to their own favorite infosec stories of 2020. After this episode Erich and Javvad will be taking a break until the new year while they try incantations, burning of incense, interprative dance and any other possible method of ensuring 2021 won't be the dumpster fire that 2020 was. This is a great time to catch up on earlier episodes here and on Youtube at: https://www.youtube.com/channel/UCDCt5A9GDeTHWEBE8hHkKeg Please like and subscribe to be notified of new episodes Follow Garrett on Twitter at: @breachparty Links from the show: A Hacker Nearly Stole $8 Million From An Aussie Hedge Fund Using A Fake Zoom Invite: https://www.gizmodo.com.au/2020/11/a-hacker-nearly-stole-8-million-from-an-aussie-hedge-fund-using-a-fake-zoom-invite/ Travelex driven into financial straits by ransomware attack: https://www.scmagazine.com/home/security-news/travelex-driven-into-financial-straits-by-ransomware-attack/ A Hacker Is Threatening to Leak Patients' Therapy Notes: https://www.wired.com/story/hacker-threaten-release-therapy-notes-patients/ Patients of Hacked US Surgical Company Hit with Ransom Demands: https://www.infosecurity-magazine.com/news/patients-of-hacked-surgical/

In this episode, Javvad and Erich welcome Althe Denis, winner of the Social Engineering Capture the The Flag (SECTF) at DEFCON and one of the most motivated and awesome people we have met. They discuss her path to an infosec career, how she keeps things straight and advice for those interested in getting in to the infosec community from other careers. They also discuss some interesting news stories related to cyber attacks on homes, the OGUsers forum hack/ransom, Amazon delivery scams and the value of C-Level executive credentials and accounts. All this and more! Be sure to like and subscribe to catch the latest episode each week. Alethe's Contact info: Twitter - @AletheDenis Website - Alethedenis.com Links from the story: Hackers attack homes on average 104 times a month, says new Comcast report https://www.gearbrain.com/are-smart-home-devices-secure-2649035325.html Stolen credentials forum OGUsers hacked again with user data stolen https://siliconangle.com/2020/12/02/stolen-credentials-forum-ogusers-hacked-user-data-stolen/ Beware - that email about your Amazon delivery alert could be an online scam https://www.techradar.com/news/that-amazon-delivery-alert-email-could-be-a-phishing-scam A hacker is selling access to the email accounts of hundreds of C-level executives https://www.zdnet.com/article/a-hacker-is-selling-access-to-the-email-accounts-of-hundreds-of-c-level-executives/ Alethe's book recommendations: The Code of Trust https://www.amazon.com/Code-Trust-American-Counterintelligence-Experts/dp/1250093465/ Swing Away https://www.amazon.com/Swing-Away-Conquering-Impostor-Syndrome/dp/B086MKGHVG/ Operator Handbook https://www.amazon.com/Operator-Handbook-Team-OSINT-Reference/dp/B085RR67H5/ Pentester Blueprint: https://www.amazon.com/Pentester-BluePrint-Your-Guide-Being/dp/1119684307/ Hacking Multifactor Authentication https://www.amazon.com/Hacking-Multifactor-Authentication-Roger-Grimes/dp/1119650798/

In this special Thanksgiving episode, Erich and Javvad talk about privacy issues related to both the government and in the private sector. Should your employer judge your performance on based on an Office 360 report? Should the government restrict singing in your own home? These questions and more will be answered in this episode. Don't forget to like and subscribe! Links from the show: CDC Guidance: https://www.cdc.gov/coronavirus/2019-ncov/global-covid-19/shielding-approach-humanitarian.html California Guidance: https://www.cdph.ca.gov/Programs/CID/DCDC/Pages/COVID-19/Guidance-for-the-Prevention-of-COVID-19-Transmission-for-Gatherings-November-2020.aspx Amazon and Employees: https://www.vice.com/en/article/5dp3yn/amazon-leaked-reports-expose-spying-warehouse-workers-labor-union-environmental-groups-social-movements Wolfie Christl and O365: https://twitter.com/WolfieChristl/status/1331221942850949121?s=20